[swtpm.git] / tests / test_tpm2_ibmtss2

#!/usr/bin/env bash

if [ ${SWTPM_TEST_EXPENSIVE:-0} -eq 0 ]; then
	exit 77
fi

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
ABSTESTDIR=$(cd ${TESTDIR} &>/dev/null;echo ${PWD})

PATCHESDIR=${ABSTESTDIR}/patches

SWTPM_SERVER_PORT=65426
SWTPM_SERVER_NAME=127.0.0.1
SWTPM_CTRL_PORT=65427
SWTPM_INTERFACE=socket+socket

function cleanup() {
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
		kill_quiet -9 $pid
	fi
	if [ -n ${WORKDIR} ]; then
		rm -rf ${WORKDIR}
	fi
}

trap "cleanup" EXIT

source ${TESTDIR}/common
skip_test_no_tpm20 "${SWTPM_EXE}"

WORKDIR="$(mktemp -d)" || exit 1

REGLOG=${WORKDIR}/reglog

SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm ${SWTPM_INTERFACE} \
	--tpm2 \
	--tpmstate dir=${WORKDIR} \
	--flags not-need-init

pushd ${WORKDIR} &>/dev/null

git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

pushd ibmtpm20tss-tss &>/dev/null

git checkout tags/v1.6.0
if [ $? -ne 0 ]; then
	echo "'Git checkout' failed."
	exit 1
fi

# To be able to apply the patches we need to to set some variables
# for user that don't have this set up properly
git config --local user.name test
git config --local user.email test@test.test

# A v1.6.0 bug work-around:
# We cannot run the EK certificate tests since rootcerts.txt points to
# files we do not have
git am < ${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch

# Implement 'powerup' for swtpm
git am < ${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch

# set CRYPTOLIBRARY=openssl
git am < ${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch

# Store and restore volatile state at every step
git am < ${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch

# Disable 'Events' test
git am < ${PATCHESDIR}/0005-Disable-tests-related-to-events.patch

rsa3072=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 4 |
          sed -n 's/.*"RSAKeySizes":\[\([0-9,]*\)\].*/\1/p' |
          grep 3072)
if [ -z "$rsa3072" ]; then
	echo "Modifying test cases related to RSA 3072 keys."
	git am < ${PATCHESDIR}/0006-Disable-testing-with-RSA-3072.patch
else
	echo "swtpm/libtpms support RSA 3072 bit keys"
fi

# Adjust test suite to TPM 2.0 revision libtpms is implementing
revision=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 1 |
           sed 's/.*,"revision":\([^\}]*\).*/\1/')
echo "Libtpms implements TPM 2.0 revision ${revision}."
if [ $revision -lt 155 ]; then
	echo "Removing revision 155 and later test cases."
	git am < ${PATCHESDIR}/0007-Disable-rev155-test-cases.patch
	git am < ${PATCHESDIR}/0008-Disable-x509-test-cases.patch
	git am < ${PATCHESDIR}/0009-Disable-getcapability-TPM_CAP_ACT.patch
fi

autoreconf --force --install
unset CFLAGS LDFLAGS LIBS
./configure --disable-tpm-1.2
make -j4

pushd utils

export TPM_SERVER_NAME=127.0.0.1
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

export SWTPM_IOCTL

./startup
if [ $? -ne 0 ]; then
	echo "Startup of TPM2 failed"
	exit 1
fi

./reg.sh -a 2>&1 | tee ${REGLOG}

ret=0

if [ -n "$(grep -E "^ ERROR:" ${REGLOG})" ]; then
	echo "There were test failures running the IBM TSS 2 tests"
	grep -E "^ ERROR:" ${REGLOG} -B2 -A2
	ret=1
fi

# Shut down
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	ret=1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	ret=1
fi

popd &>/dev/null
popd &>/dev/null
popd &>/dev/null

[ $ret -eq 0 ] && echo "OK"

exit $ret
Commit	Line	Data
03c7fe45 SB	1	#!/usr/bin/env bash
	2
	3	if [ ${SWTPM_TEST_EXPENSIVE:-0} -eq 0 ]; then
	4	exit 77
	5	fi
	6
	7	ROOT=${abs_top_builddir:-$(pwd)/..}
	8	TESTDIR=${abs_top_testdir:-$(dirname "$0")}
605e823f	9	ABSTESTDIR=$(cd ${TESTDIR} &>/dev/null;echo ${PWD})
03c7fe45	10
e78c9db2 SB	11	PATCHESDIR=${ABSTESTDIR}/patches
e78c9db2 SB	12
03c7fe45	13	SWTPM_SERVER_PORT=65426
3e7555c4	14	SWTPM_SERVER_NAME=127.0.0.1
03c7fe45 SB	15	SWTPM_CTRL_PORT=65427
	16	SWTPM_INTERFACE=socket+socket
	17
	18	function cleanup() {
	19	pid=${SWTPM_PID}
	20	if [ -n "$pid" ]; then
	21	kill_quiet -9 $pid
	22	fi
	23	if [ -n ${WORKDIR} ]; then
	24	rm -rf ${WORKDIR}
	25	fi
	26	}
	27
	28	trap "cleanup" EXIT
	29
	30	source ${TESTDIR}/common
c48dd1e2 MAL	31	skip_test_no_tpm20 "${SWTPM_EXE}"
c48dd1e2 MAL	32
cce7503c	33	WORKDIR="$(mktemp -d)" \|\| exit 1
03c7fe45 SB	34
	35	REGLOG=${WORKDIR}/reglog
	36
	37	SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm ${SWTPM_INTERFACE} \
	38	--tpm2 \
	39	--tpmstate dir=${WORKDIR} \
	40	--flags not-need-init
	41
	42	pushd ${WORKDIR} &>/dev/null
	43
	44	git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss
	45
4ba6012c	46	pushd ibmtpm20tss-tss &>/dev/null
03c7fe45	47
4d4d24fb	48	git checkout tags/v1.6.0
03c7fe45 SB	49	if [ $? -ne 0 ]; then
	50	echo "'Git checkout' failed."
	51	exit 1
	52	fi
	53
b91575e7 SB	54	# To be able to apply the patches we need to to set some variables
	55	# for user that don't have this set up properly
	56	git config --local user.name test
	57	git config --local user.email test@test.test
	58
4d4d24fb	59	# A v1.6.0 bug work-around:
8415d39d SB	60	# We cannot run the EK certificate tests since rootcerts.txt points to
8415d39d SB	61	# files we do not have
e78c9db2	62	git am < ${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch
8415d39d	63
e78c9db2 SB	64	# Implement 'powerup' for swtpm
e78c9db2 SB	65	git am < ${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch
4ba6012c	66
e78c9db2 SB	67	# set CRYPTOLIBRARY=openssl
	68	git am < ${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch
	69
be6ba388 SB	70	# Store and restore volatile state at every step
be6ba388 SB	71	git am < ${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch
e78c9db2 SB	72
	73	# Disable 'Events' test
	74	git am < ${PATCHESDIR}/0005-Disable-tests-related-to-events.patch
8dc2415d	75
605e823f SB	76	rsa3072=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 4 \|
	77	sed -n 's/."RSAKeySizes":\[\([0-9,]\)\].*/\1/p' \|
	78	grep 3072)
	79	if [ -z "$rsa3072" ]; then
	80	echo "Modifying test cases related to RSA 3072 keys."
e78c9db2	81	git am < ${PATCHESDIR}/0006-Disable-testing-with-RSA-3072.patch
605e823f	82	else
468f7e61	83	echo "swtpm/libtpms support RSA 3072 bit keys"
605e823f SB	84	fi
605e823f SB	85
8dc2415d SB	86	# Adjust test suite to TPM 2.0 revision libtpms is implementing
	87	revision=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 1 \|
	88	sed 's/.,"revision":\([^\}]\).*/\1/')
	89	echo "Libtpms implements TPM 2.0 revision ${revision}."
	90	if [ $revision -lt 155 ]; then
e78c9db2 SB	91	echo "Removing revision 155 and later test cases."
	92	git am < ${PATCHESDIR}/0007-Disable-rev155-test-cases.patch
	93	git am < ${PATCHESDIR}/0008-Disable-x509-test-cases.patch
	94	git am < ${PATCHESDIR}/0009-Disable-getcapability-TPM_CAP_ACT.patch
8dc2415d SB	95	fi
8dc2415d SB	96
e78c9db2 SB	97	autoreconf --force --install
	98	unset CFLAGS LDFLAGS LIBS
	99	./configure --disable-tpm-1.2
	100	make -j4
	101
	102	pushd utils
	103
3e7555c4	104	export TPM_SERVER_NAME=127.0.0.1
a1c9aedd	105	export TPM_INTERFACE_TYPE=socsim
03c7fe45 SB	106	export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
	107	export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}
	108
	109	export SWTPM_IOCTL
	110
03c7fe45 SB	111	./startup
	112	if [ $? -ne 0 ]; then
	113	echo "Startup of TPM2 failed"
	114	exit 1
	115	fi
	116
	117	./reg.sh -a 2>&1 \| tee ${REGLOG}
	118
	119	ret=0
	120
	121	if [ -n "$(grep -E "^ ERROR:" ${REGLOG})" ]; then
	122	echo "There were test failures running the IBM TSS 2 tests"
	123	grep -E "^ ERROR:" ${REGLOG} -B2 -A2
	124	ret=1
	125	fi
	126
	127	# Shut down
	128	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	129	if [ $? -ne 0 ]; then
	130	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	131	ret=1
	132	fi
	133
	134	if wait_process_gone ${SWTPM_PID} 4; then
	135	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	136	ret=1
	137	fi
	138
4ba6012c	139	popd &>/dev/null
03c7fe45 SB	140	popd &>/dev/null
	141	popd &>/dev/null
	142
	143	[ $ret -eq 0 ] && echo "OK"
	144
c48dd1e2	145	exit $ret