Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 10:30:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-0.5
swtpm/tests/test_tpm2_ibmtss2
Stefan Berger 605e823f39 tests: Use the IBM TSS2 v1.5.0's test suite 
Upgrade to use the IBM TSS2 tests from v1.5.0.

Add a patch that eliminates all testing of 3072 bit RSA keys in case
libtpms does not support such keys. This test also passes with libtpms
0.6.0 and 0.7.0.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2020-07-13 11:10:56 -04:00

147 lines
3.1 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
if [ ${SWTPM_TEST_EXPENSIVE:-0} -eq 0 ]; then
exit 77
fi
ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
ABSTESTDIR=$(cd ${TESTDIR} &>/dev/null;echo ${PWD})
SWTPM_SERVER_PORT=65426
SWTPM_SERVER_NAME=127.0.0.1
SWTPM_CTRL_PORT=65427
SWTPM_INTERFACE=socket+socket
function cleanup() {
pid=${SWTPM_PID}
if [ -n "$pid" ]; then
kill_quiet -9 $pid
fi
if [ -n ${WORKDIR} ]; then
rm -rf ${WORKDIR}
fi
}
trap "cleanup" EXIT
source ${TESTDIR}/common
WORKDIR=$(mktemp -d)
REGLOG=${WORKDIR}/reglog
SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm ${SWTPM_INTERFACE} \
--tpm2 \
--tpmstate dir=${WORKDIR} \
--flags not-need-init
pushd ${WORKDIR} &>/dev/null
git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss
pushd ibmtpm20tss-tss &>/dev/null
git checkout tags/v1.5.0
if [ $? -ne 0 ]; then
echo "'Git checkout' failed."
exit 1
fi
# A v1.5.0 bug work-around:
pushd utils/regtests &>/dev/null
# We cannot run the EK certificate tests since rootcerts.txt points to
# files we do not have
for line in 305 306 307 407 408 409 545 546 547; do
sed -i "${line}s/./\#\0/" testcredential.sh
done
sed -i 's/pass:rrrr 2048/pass:rrrr ${BITS}/' testrsa.sh
popd &>/dev/null
autoreconf --force --install
unset CFLAGS LDFLAGS LIBS
./configure --disable-tpm-1.2
make -j4
pushd utils
rsa3072=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 4 |
sed -n 's/.*"RSAKeySizes":\[\([0-9,]*\)\].*/\1/p' |
grep 3072)
if [ -z "$rsa3072" ]; then
echo "Modifying test cases related to RSA 3072 keys."
patch -p2 < "${ABSTESTDIR}/patches/ibmtss2_1.5_rsa2048only.patch"
if [ $? -ne 0 ]; then
echo "Patching of testsuite failed"
exit 1
fi
else
echo "swptm/libtpms support RSA 3072 bit keys"
fi
sed -i 's/export CRYPTOLIBRARY.*/export CRYPTOLIBRARY=openssl/' reg.sh
# Adjust test suite to TPM 2.0 revision libtpms is implementing
revision=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 1 |
sed 's/.*,"revision":\([^\}]*\).*/\1/')
echo "Libtpms implements TPM 2.0 revision ${revision}."
if [ $revision -lt 155 ]; then
echo "Removing revision 155 test cases."
for t in regtests/testattest155.sh regtests/testx509.sh
do
rm "${t}"
touch "${t}"
chmod 777 "${t}"
done
fi
export TPM_SERVER_NAME=127.0.0.1
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}
export SWTPM_IOCTL
cat <<_EOF_ > powerup
#!/usr/bin/env bash
\${SWTPM_IOCTL} -i --tcp \${TPM_SERVER_NAME}:\${TPM_PLATFORM_PORT}
exit \$?
_EOF_
chmod 755 powerup
./startup
if [ $? -ne 0 ]; then
echo "Startup of TPM2 failed"
exit 1
fi
./reg.sh -a 2>&1 | tee ${REGLOG}
ret=0
if [ -n "$(grep -E "^ ERROR:" ${REGLOG})" ]; then
echo "There were test failures running the IBM TSS 2 tests"
grep -E "^ ERROR:" ${REGLOG} -B2 -A2
ret=1
fi
# Shut down
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
ret=1
fi
if wait_process_gone ${SWTPM_PID} 4; then
echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
ret=1
fi
popd &>/dev/null
popd &>/dev/null
popd &>/dev/null
[ $ret -eq 0 ] && echo "OK"
exit $ret
Reference in New Issue View Git Blame Copy Permalink