swtpm/tests/test_tpm2_ibmtss2

#!/usr/bin/env bash

if [ "${SWTPM_TEST_EXPENSIVE:-0}" -eq 0 ]; then
	echo "SWTPM_TEST_EXPENSIVE must be set to run this test."
	exit 77
fi

if [ -z "$(type openssl)" ]; then
	echo "Openssl command line tool is required."
	exit 1
fi

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
ABSTESTDIR=$(cd "${TESTDIR}" &>/dev/null || exit 1;echo "${PWD}")

PATCHESDIR=${ABSTESTDIR}/patches

SWTPM_SERVER_PORT=65426
SWTPM_SERVER_NAME=127.0.0.1
SWTPM_CTRL_PORT=65427
SWTPM_INTERFACE=socket+socket

function cleanup() {
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
		kill_quiet -9 "$pid"
	fi
	if [ -n "${WORKDIR}" ]; then
		rm -rf "${WORKDIR}"
	fi
}

trap "cleanup" EXIT

source "${TESTDIR}/common"
skip_test_no_tpm20 "${SWTPM_EXE}"

WORKDIR="$(mktemp -d)" || exit 1

REGLOG=${WORKDIR}/reglog
DEFAULT_PROFILE='{"Name":"default-v1"}'

SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm "${SWTPM_INTERFACE}" \
	--tpm2 \
	--tpmstate "dir=${WORKDIR}" \
	--flags not-need-init \
	--profile "profile=${SWTPM_TEST_PROFILE:-${DEFAULT_PROFILE}}"

revision=$(run_swtpm_ioctl "${SWTPM_INTERFACE}" --info 1 |
			   sed 's/.*,"revision":\([^\}]*\).*/\1/')

pushd "${WORKDIR}" &>/dev/null || exit 1

function build_ibmtss2() {
	git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

	pushd ibmtpm20tss-tss &>/dev/null || exit 1

	if ! git checkout tags/v2.4.0; then
		echo "'Git checkout' failed."
		exit 1
	fi

	# To be able to apply the patches we need to to set some variables
	# for user that don't have this set up properly
	git config --local user.name test
	git config --local user.email test@test.test

	# Nuvoton commands are not supported
	git am < "${PATCHESDIR}/0012-Disable-Nuvoton-commands.patch"

	# A v2.0.1 bug work-around:
	# We cannot run the EK certificate tests since rootcerts.txt points to
	# files we do not have
	git am < "${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch"

	# Implement 'powerup' for swtpm
	git am < "${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch"

	# set CRYPTOLIBRARY=openssl
	git am < "${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch"

	# Store and restore volatile state at every step
	git am < "${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch"

	# Disable 'Events' test
	git am < "${PATCHESDIR}/0005-Disable-tests-related-to-events.patch"

	if openssl version | grep -q -E "^OpenSSL 3"; then
		git am < "${PATCHESDIR}/0010-Adjust-test-cases-for-OpenSSL-3.patch"
	fi

	autoreconf --force --install
	unset CFLAGS LDFLAGS LIBS
	./configure --disable-tpm-1.2
	make -j4

	popd &>/dev/null || exit 1
}

export TPM_SERVER_NAME=127.0.0.1
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

export SWTPM_IOCTL

if [ -d "$SWTPM_TEST_IBMTSS" ]; then
	# assume tss is installed with the default prefix
	if ! tssstartup; then
		echo "Startup of TPM2 failed"
		exit 1
	fi

    OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
	"$SWTPM_TEST_IBMTSS"/tssreg.sh \
		--swtpm \
		--without-ecc \
		--without-nuvoton \
		--without-events \
		--rev "$revision" \
		-a 2>&1 | tee "${REGLOG}"
else
	build_ibmtss2
	pushd ibmtpm20tss-tss/utils || exit 1
	if ! ./startup; then
		echo "Startup of TPM2 failed"
		exit 1
	fi

	OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
	popd &>/dev/null || exit 1
fi

ret=0

if grep -q -E "^ ERROR:" "${REGLOG}"; then
	echo "There were test failures running the IBM TSS 2 tests"
	grep -E "^ ERROR:" "${REGLOG}" -B2 -A2
	ret=1
fi

# Shut down
if ! run_swtpm_ioctl "${SWTPM_INTERFACE}" -s; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	ret=1
fi

if wait_process_gone "${SWTPM_PID}" 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	ret=1
fi

popd &>/dev/null || exit 1

[ $ret -eq 0 ] && echo "OK"

exit $ret