tests: Use the IBM TSS2 v1.6.0's test suite

[swtpm.git] / tests / test_tpm2_ibmtss2

#!/usr/bin/env bash

if [ ${SWTPM_TEST_EXPENSIVE:-0} -eq 0 ]; then
        exit 77
fi

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
ABSTESTDIR=$(cd ${TESTDIR} &>/dev/null;echo ${PWD})

SWTPM_SERVER_PORT=65426
SWTPM_SERVER_NAME=127.0.0.1
SWTPM_CTRL_PORT=65427
SWTPM_INTERFACE=socket+socket

function cleanup() {
        pid=${SWTPM_PID}
        if [ -n "$pid" ]; then
                kill_quiet -9 $pid
        fi
        if [ -n ${WORKDIR} ]; then
                rm -rf ${WORKDIR}
        fi
}

trap "cleanup" EXIT

source ${TESTDIR}/common
WORKDIR=$(mktemp -d)

REGLOG=${WORKDIR}/reglog

SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm ${SWTPM_INTERFACE} \
        --tpm2 \
        --tpmstate dir=${WORKDIR} \
        --flags not-need-init

pushd ${WORKDIR} &>/dev/null

git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

pushd ibmtpm20tss-tss &>/dev/null

git checkout tags/v1.6.0
if [ $? -ne 0 ]; then
        echo "'Git checkout' failed."
        exit 1
fi

# A v1.6.0 bug work-around:
pushd utils/regtests &>/dev/null
# We cannot run the EK certificate tests since rootcerts.txt points to
# files we do not have
for line in 303 304 305 405 406 407 543 544 545; do
        sed -i "${line}s/./\#\0/" testcredential.sh
done
for line in 727 728;do
        sed -i "${line}s/./\#\0/" testunseal.sh
done
# We do not run the UEFI tests
sed -i '2 i exit 0' testevent.sh
popd &>/dev/null

autoreconf --force --install
unset CFLAGS LDFLAGS LIBS
./configure --disable-tpm-1.2
make -j4

pushd utils

rsa3072=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 4 |
          sed -n 's/.*"RSAKeySizes":\[\([0-9,]*\)\].*/\1/p' |
          grep 3072)
if [ -z "$rsa3072" ]; then
        echo "Modifying test cases related to RSA 3072 keys."

        patch -p2 < "${ABSTESTDIR}/patches/ibmtss2_1.6_rsa2048only.patch"
        if [ $? -ne 0 ]; then
                echo "Patching of testsuite failed"
                exit 1
        fi
else
        echo "swtpm/libtpms support RSA 3072 bit keys"
fi

sed -i 's/export CRYPTOLIBRARY.*/export CRYPTOLIBRARY=openssl/' reg.sh

# Adjust test suite to TPM 2.0 revision libtpms is implementing
revision=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 1 |
           sed 's/.*,"revision":\([^\}]*\).*/\1/')
echo "Libtpms implements TPM 2.0 revision ${revision}."
if [ $revision -lt 155 ]; then
        echo "Removing revision 155 test cases."
        for t in regtests/testattest155.sh regtests/testx509.sh
        do
                rm "${t}"
                touch "${t}"
                chmod 777 "${t}"
        done
        # CAP_ACT was introduced later than 155
        for line in 123 124 125; do
                sed -i "${line}s/./\#\0/" regtests/testgetcap.sh
        done
fi

export TPM_SERVER_NAME=127.0.0.1
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

export SWTPM_IOCTL

cat <<_EOF_ > powerup
#!/usr/bin/env bash
\${SWTPM_IOCTL} -i --tcp \${TPM_SERVER_NAME}:\${TPM_PLATFORM_PORT}
exit \$?
_EOF_
chmod 755 powerup

./startup
if [ $? -ne 0 ]; then
        echo "Startup of TPM2 failed"
        exit 1
fi

./reg.sh -a 2>&1 | tee ${REGLOG}

ret=0

if [ -n "$(grep -E "^ ERROR:" ${REGLOG})" ]; then
        echo "There were test failures running the IBM TSS 2 tests"
        grep -E "^ ERROR:" ${REGLOG} -B2 -A2
        ret=1
fi

# Shut down
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
        echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
        ret=1
fi

if wait_process_gone ${SWTPM_PID} 4; then
        echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
        ret=1
fi

popd &>/dev/null
popd &>/dev/null
popd &>/dev/null

[ $ret -eq 0 ] && echo "OK"

exit $ret