tests/test_tpm2_ibmtss2 - third_party/github.com/stefanberger/swtpm - Git at Google

 #!/usr/bin/env bash

 if [ "${SWTPM_TEST_EXPENSIVE:-0}" -eq 0 ]; then
 	echo "SWTPM_TEST_EXPENSIVE must be set to run this test."
 	exit 77
 fi

 if [ -z "$(type openssl)" ]; then
 	echo "Openssl command line tool is required."
 	exit 1
 fi

 ROOT=${abs_top_builddir:-$(pwd)/..}
 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
 ABSTESTDIR=$(cd "${TESTDIR}" &>/dev/null || exit 1;echo "${PWD}")

 PATCHESDIR=${ABSTESTDIR}/patches

 SWTPM_SERVER_PORT=65426
 SWTPM_SERVER_NAME=127.0.0.1
 SWTPM_CTRL_PORT=65427
 SWTPM_INTERFACE=socket+socket

 function cleanup() {
 	pid=${SWTPM_PID}
 	if [ -n "$pid" ]; then
 		kill_quiet -9 "$pid"
 	fi
 	if [ -n "${WORKDIR}" ]; then
 		rm -rf "${WORKDIR}"
 	fi
 }

 trap "cleanup" EXIT

 source "${TESTDIR}/common"
 skip_test_no_tpm20 "${SWTPM_EXE}"

 WORKDIR="$(mktemp -d)" || exit 1

 REGLOG=${WORKDIR}/reglog
 DEFAULT_PROFILE='{"Name":"default-v1"}'

 SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm "${SWTPM_INTERFACE}" \
 	--tpm2 \
 	--tpmstate "dir=${WORKDIR}" \
 	--flags not-need-init \
 	--profile "profile=${SWTPM_TEST_PROFILE:-${DEFAULT_PROFILE}}"

 revision=$(run_swtpm_ioctl "${SWTPM_INTERFACE}" --info 1 |
 			   sed 's/.*,"revision":\([^\}]*\).*/\1/')

 pushd "${WORKDIR}" &>/dev/null || exit 1

 function build_ibmtss2() {
 	git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

 	pushd ibmtpm20tss-tss &>/dev/null || exit 1

 	if ! git checkout tags/v2.5.0; then
 		echo "'Git checkout' failed."
 		exit 1
 	fi

 	# To be able to apply the patches we need to to set some variables
 	# for user that don't have this set up properly
 	git config --local user.name test
 	git config --local user.email test@test.test

 	# Nuvoton commands are not supported
 	git am < "${PATCHESDIR}/0012-Disable-Nuvoton-commands.patch"

 	# A v2.0.1 bug work-around:
 	# We cannot run the EK certificate tests since rootcerts.txt points to
 	# files we do not have
 	git am < "${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch"

 	# Implement 'powerup' for swtpm
 	git am < "${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch"

 	# set CRYPTOLIBRARY=openssl
 	git am < "${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch"

 	# Store and restore volatile state at every step
 	git am < "${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch"

 	# Disable 'Events' test
 	git am < "${PATCHESDIR}/0005-Disable-tests-related-to-events.patch"

 	# FIXME: Seems fixed in OpenSSL 3.2.4; can be removed entirely at some point
 	#if openssl version | grep -q -E "^OpenSSL 3"; then
 	#	git am < "${PATCHESDIR}/0010-Adjust-test-cases-for-OpenSSL-3.patch"
 	#fi

 	autoreconf --force --install
 	unset CFLAGS LDFLAGS LIBS
 	./configure --disable-tpm-1.2
 	make -j4

 	popd &>/dev/null || exit 1
 }

 export TPM_SERVER_NAME=127.0.0.1
 export TPM_INTERFACE_TYPE=socsim
 export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
 export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

 export SWTPM_IOCTL

 if [ -d "$SWTPM_TEST_IBMTSS" ]; then
 	for opt in swtpm without-ecc without-nuvoton without-events; do
 		if ! "$SWTPM_TEST_IBMTSS"/tssreg.sh -h | grep -q "${opt}"; then
 			echo "Cannot run test with installed IBM TSS2 test suite since it does not support the --${opt} option."
 			exit 1
 		fi
 	done

 	# assume tss is installed with the default prefix
 	if ! tssstartup; then
 		echo "Startup of TPM2 failed"
 		exit 1
 	fi

     OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
 	"$SWTPM_TEST_IBMTSS"/tssreg.sh \
 		--swtpm \
 		--without-ecc \
 		--without-nuvoton \
 		--without-events \
 		--rev "$revision" \
 		-a 2>&1 | tee "${REGLOG}"
 else
 	build_ibmtss2
 	pushd ibmtpm20tss-tss/utils || exit 1
 	if ! ./startup; then
 		echo "Startup of TPM2 failed"
 		exit 1
 	fi

 	OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
 	popd &>/dev/null || exit 1
 fi

 ret=0

 if grep -q -E "^ ERROR:" "${REGLOG}"; then
 	echo "There were test failures running the IBM TSS 2 tests"
 	grep -E "^ ERROR:" "${REGLOG}" -B2 -A2
 	ret=1
 fi

 # Shut down
 if ! run_swtpm_ioctl "${SWTPM_INTERFACE}" -s; then
 	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
 	ret=1
 fi

 if wait_process_gone "${SWTPM_PID}" 4; then
 	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
 	ret=1
 fi

 popd &>/dev/null || exit 1

 [ $ret -eq 0 ] && echo "OK"

 exit $ret
	#!/usr/bin/env bash

	if [ "${SWTPM_TEST_EXPENSIVE:-0}" -eq 0 ]; then
	echo "SWTPM_TEST_EXPENSIVE must be set to run this test."
	exit 77
	fi

	if [ -z "$(type openssl)" ]; then
	echo "Openssl command line tool is required."
	exit 1
	fi

	ROOT=${abs_top_builddir:-$(pwd)/..}
	TESTDIR=${abs_top_testdir:-$(dirname "$0")}
	ABSTESTDIR=$(cd "${TESTDIR}" &>/dev/null \|\| exit 1;echo "${PWD}")

	PATCHESDIR=${ABSTESTDIR}/patches

	SWTPM_SERVER_PORT=65426
	SWTPM_SERVER_NAME=127.0.0.1
	SWTPM_CTRL_PORT=65427
	SWTPM_INTERFACE=socket+socket

	function cleanup() {
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
	kill_quiet -9 "$pid"
	fi
	if [ -n "${WORKDIR}" ]; then
	rm -rf "${WORKDIR}"
	fi
	}

	trap "cleanup" EXIT

	source "${TESTDIR}/common"
	skip_test_no_tpm20 "${SWTPM_EXE}"

	WORKDIR="$(mktemp -d)" \|\| exit 1

	REGLOG=${WORKDIR}/reglog
	DEFAULT_PROFILE='{"Name":"default-v1"}'

	SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm "${SWTPM_INTERFACE}" \
	--tpm2 \
	--tpmstate "dir=${WORKDIR}" \
	--flags not-need-init \
	--profile "profile=${SWTPM_TEST_PROFILE:-${DEFAULT_PROFILE}}"

	revision=$(run_swtpm_ioctl "${SWTPM_INTERFACE}" --info 1 \|
	sed 's/.,"revision":\([^\}]\).*/\1/')

	pushd "${WORKDIR}" &>/dev/null \|\| exit 1

	function build_ibmtss2() {
	git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

	pushd ibmtpm20tss-tss &>/dev/null \|\| exit 1

	if ! git checkout tags/v2.5.0; then
	echo "'Git checkout' failed."
	exit 1
	fi

	# To be able to apply the patches we need to to set some variables
	# for user that don't have this set up properly
	git config --local user.name test
	git config --local user.email test@test.test

	# Nuvoton commands are not supported
	git am < "${PATCHESDIR}/0012-Disable-Nuvoton-commands.patch"

	# A v2.0.1 bug work-around:
	# We cannot run the EK certificate tests since rootcerts.txt points to
	# files we do not have
	git am < "${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch"

	# Implement 'powerup' for swtpm
	git am < "${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch"

	# set CRYPTOLIBRARY=openssl
	git am < "${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch"

	# Store and restore volatile state at every step
	git am < "${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch"

	# Disable 'Events' test
	git am < "${PATCHESDIR}/0005-Disable-tests-related-to-events.patch"

	# FIXME: Seems fixed in OpenSSL 3.2.4; can be removed entirely at some point
	#if openssl version \| grep -q -E "^OpenSSL 3"; then
	# git am < "${PATCHESDIR}/0010-Adjust-test-cases-for-OpenSSL-3.patch"
	#fi

	autoreconf --force --install
	unset CFLAGS LDFLAGS LIBS
	./configure --disable-tpm-1.2
	make -j4

	popd &>/dev/null \|\| exit 1
	}

	export TPM_SERVER_NAME=127.0.0.1
	export TPM_INTERFACE_TYPE=socsim
	export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
	export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

	export SWTPM_IOCTL

	if [ -d "$SWTPM_TEST_IBMTSS" ]; then
	for opt in swtpm without-ecc without-nuvoton without-events; do
	if ! "$SWTPM_TEST_IBMTSS"/tssreg.sh -h \| grep -q "${opt}"; then
	echo "Cannot run test with installed IBM TSS2 test suite since it does not support the --${opt} option."
	exit 1
	fi
	done

	# assume tss is installed with the default prefix
	if ! tssstartup; then
	echo "Startup of TPM2 failed"
	exit 1
	fi

	OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 \| tee "${REGLOG}"
	"$SWTPM_TEST_IBMTSS"/tssreg.sh \
	--swtpm \
	--without-ecc \
	--without-nuvoton \
	--without-events \
	--rev "$revision" \
	-a 2>&1 \| tee "${REGLOG}"
	else
	build_ibmtss2
	pushd ibmtpm20tss-tss/utils \|\| exit 1
	if ! ./startup; then
	echo "Startup of TPM2 failed"
	exit 1
	fi

	OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 \| tee "${REGLOG}"
	popd &>/dev/null \|\| exit 1
	fi

	ret=0

	if grep -q -E "^ ERROR:" "${REGLOG}"; then
	echo "There were test failures running the IBM TSS 2 tests"
	grep -E "^ ERROR:" "${REGLOG}" -B2 -A2
	ret=1
	fi

	# Shut down
	if ! run_swtpm_ioctl "${SWTPM_INTERFACE}" -s; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	ret=1
	fi

	if wait_process_gone "${SWTPM_PID}" 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	ret=1
	fi

	popd &>/dev/null \|\| exit 1

	[ $ret -eq 0 ] && echo "OK"

	exit $ret