Add a script that measures DAD behavior (Dictionary Attack Defense)

Change-Id: I303bb68c366c382caff20c1ee8dbfb97ed5e1c2d

BUG=none
TEST=ran the script

Review URL: http://codereview.chromium.org/3492011

1 files changed, 47 insertions, 0 deletions

diff --git a/utility/tpm-dad-lock b/utility/tpm-dad-lock
new file mode 100644
index 00000000..95fa0856
--- /dev/null
+++ b/utility/tpm-dad-lock
@@ -0,0 +1,47 @@
+#!/bin/bash -e
+#
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Attempt to trigger the TPM Dictionary Attack Defense Lock and measure its
+# behavior.
+
+owned=$(cat /sys/class/misc/tpm0/device/owned)
+if [ "$owned" = "" ]; then
+  echo "TPM is not functional"
+  exit 1
+fi
+if [ "$owned" = "0" ]; then
+  echo "please use random, non-empty passwords"
+  tpm_takeownership || exit 1
+fi
+
+attempts=0
+max=1
+e=/tmp/x$$
+
+while true; do
+  attempts=$(( $attempts + 1 ))
+  before=$(date +%s)
+  defending=1
+  while [ $defending -eq 1 ]; do
+    if tpm_getpubek -z 2> $e; then
+      echo "unexpected success of tpm_getpubek"
+      exit 1
+    fi
+    if grep -q communication $e; then
+      echo "communication failure"
+      exit 1
+    fi
+    if ! grep -q dictionary $e; then
+      defending=0
+    fi
+  done
+  after=$(date +%s)
+  elapsed=$(( $after - $before ))
+  if [ $elapsed -gt $max ]; then
+    echo delay of $elapsed seconds after $attempts attempts
+    max=$elapsed
+  fi
+done