[swtpm.git] / tests / test_tpm2_ibmtss2

#!/usr/bin/env bash

if [ ${SWTPM_TEST_EXPENSIVE:-0} -eq 0 ]; then
        exit 77
fi

if [ -z "$(type openssl)" ]; then
        echo "Openssl command line tool is required."
        exit 1
fi

if [ -n "$(openssl version | grep -E "^OpenSSL 3")" ]; then
        echo "IBMTSS2 v1.6 test suite does not work with OpenSSL 3.0"
        exit 77
fi

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
ABSTESTDIR=$(cd ${TESTDIR} &>/dev/null;echo ${PWD})

PATCHESDIR=${ABSTESTDIR}/patches

SWTPM_SERVER_PORT=65426
SWTPM_SERVER_NAME=127.0.0.1
SWTPM_CTRL_PORT=65427
SWTPM_INTERFACE=socket+socket

function cleanup() {
        pid=${SWTPM_PID}
        if [ -n "$pid" ]; then
                kill_quiet -9 $pid
        fi
        if [ -n ${WORKDIR} ]; then
                rm -rf ${WORKDIR}
        fi
}

trap "cleanup" EXIT

source ${TESTDIR}/common
skip_test_no_tpm20 "${SWTPM_EXE}"

WORKDIR="$(mktemp -d)" || exit 1

REGLOG=${WORKDIR}/reglog

SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm ${SWTPM_INTERFACE} \
        --tpm2 \
        --tpmstate dir=${WORKDIR} \
        --flags not-need-init

pushd ${WORKDIR} &>/dev/null

git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

pushd ibmtpm20tss-tss &>/dev/null

git checkout tags/v1.6.0
if [ $? -ne 0 ]; then
        echo "'Git checkout' failed."
        exit 1
fi

# To be able to apply the patches we need to to set some variables
# for user that don't have this set up properly
git config --local user.name test
git config --local user.email test@test.test

# A v1.6.0 bug work-around:
# We cannot run the EK certificate tests since rootcerts.txt points to
# files we do not have
git am < ${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch

# Implement 'powerup' for swtpm
git am < ${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch

# set CRYPTOLIBRARY=openssl
git am < ${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch

# Store and restore volatile state at every step
git am < ${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch

# Disable 'Events' test
git am < ${PATCHESDIR}/0005-Disable-tests-related-to-events.patch

rsa3072=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 4 |
          sed -n 's/.*"RSAKeySizes":\[\([0-9,]*\)\].*/\1/p' |
          grep 3072)
if [ -z "$rsa3072" ]; then
        echo "Modifying test cases related to RSA 3072 keys."
        git am < ${PATCHESDIR}/0006-Disable-testing-with-RSA-3072.patch
else
        echo "swtpm/libtpms support RSA 3072 bit keys"
fi

# Adjust test suite to TPM 2.0 revision libtpms is implementing
revision=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 1 |
           sed 's/.*,"revision":\([^\}]*\).*/\1/')
echo "Libtpms implements TPM 2.0 revision ${revision}."
if [ $revision -lt 155 ]; then
        echo "Removing revision 155 and later test cases."
        git am < ${PATCHESDIR}/0007-Disable-rev155-test-cases.patch
        git am < ${PATCHESDIR}/0008-Disable-x509-test-cases.patch
        git am < ${PATCHESDIR}/0009-Disable-getcapability-TPM_CAP_ACT.patch
fi

autoreconf --force --install
unset CFLAGS LDFLAGS LIBS
./configure --disable-tpm-1.2
make -j4

pushd utils

export TPM_SERVER_NAME=127.0.0.1
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

export SWTPM_IOCTL

./startup
if [ $? -ne 0 ]; then
        echo "Startup of TPM2 failed"
        exit 1
fi

./reg.sh -a 2>&1 | tee ${REGLOG}

ret=0

if [ -n "$(grep -E "^ ERROR:" ${REGLOG})" ]; then
        echo "There were test failures running the IBM TSS 2 tests"
        grep -E "^ ERROR:" ${REGLOG} -B2 -A2
        ret=1
fi

# Shut down
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
        echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
        ret=1
fi

if wait_process_gone ${SWTPM_PID} 4; then
        echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
        ret=1
fi

popd &>/dev/null
popd &>/dev/null
popd &>/dev/null

[ $ret -eq 0 ] && echo "OK"

exit $ret