|
Packit |
8681c6 |
#!/bin/bash
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# COPYRIGHT (c) International Business Machines Corp. 2008-2017
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
# version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software
|
|
Packit |
8681c6 |
# constitutes recipient's acceptance of CPL-1.0 terms which can be found
|
|
Packit |
8681c6 |
# in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# NAME
|
|
Packit |
8681c6 |
# ocktests.sh
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# DESCRIPTION
|
|
Packit |
8681c6 |
# Simple Bash script that checks the enviroment in which the ock-tests will run
|
|
Packit |
8681c6 |
# and starts them.
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# ALGORITHM
|
|
Packit |
8681c6 |
# None.
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# USAGE
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# HISTORY
|
|
Packit |
8681c6 |
# Rajiv Andrade <srajiv@linux.vnet.ibm.com>
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# RESTRICTIONS
|
|
Packit |
8681c6 |
# None.
|
|
Packit |
8681c6 |
##
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
LOGGING=0
|
|
Packit |
8681c6 |
TESTDIR=`dirname $0`
|
|
Packit |
8681c6 |
LOGFILE="$TESTDIR/ock-tests.log"
|
|
Packit |
8681c6 |
ERR_SUMMARY="$TESTDIR/ock-tests.err"
|
|
Packit |
8681c6 |
PKCONF="@sysconfdir@/opencryptoki/opencryptoki.conf"
|
|
Packit |
8681c6 |
PKCSCONFBIN="@sbindir@/pkcsconf"
|
|
Packit |
8681c6 |
TESTCONF="$TESTDIR/ock-tests.config"
|
|
Packit |
8681c6 |
TOKTYPE=""
|
|
Packit |
8681c6 |
NONEED_TOKEN_INIT=0
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# This is the list of the tests we'll be running once everything is initialized
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# The order of these tests matters. login/login leaves the token with its USER
|
|
Packit |
8681c6 |
# PIN locked, leaving the token unusable until someone manually deletes
|
|
Packit |
8681c6 |
# $OCKDIR/$TOKEN/*. Manually deleting this dir is pre-req for starting the
|
|
Packit |
8681c6 |
# automated tests anyway, so this is OK.
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# login/login MUST come last if it appears in this list
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
OCK_TESTS="crypto/*tests"
|
|
Packit |
8681c6 |
OCK_TEST=""
|
|
Packit |
8681c6 |
OCK_BENCHS="pkcs11/*bench"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
usage()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
echo -e " usage: ./ock_tests.sh [-s <slot>] [-f <testfile>]" \
|
|
Packit |
8681c6 |
"[-l <logfile>] [-n] [-h]"
|
|
Packit |
8681c6 |
echo -e " -l <logfile> redirect output to logfile" \
|
|
Packit |
8681c6 |
"(default is command line)"
|
|
Packit |
8681c6 |
echo -e " -h display this help"
|
|
Packit |
8681c6 |
echo -e " -q run quietly - display only total number" \
|
|
Packit |
8681c6 |
"of tests passed/failed"
|
|
Packit |
8681c6 |
echo -e " -s <slot> slot against which the testcases will run" \
|
|
Packit |
8681c6 |
"(omit it to test all available tokens)"
|
|
Packit |
8681c6 |
echo -e " -f <testfile> path to test that will be run"
|
|
Packit |
8681c6 |
echo -e " -n don't stop in case one of the testcases fail"
|
|
Packit |
8681c6 |
echo -e " -b also run benchmarks or performance tests"
|
|
Packit |
8681c6 |
exit -1
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
## check_tpmtok() - Check if stuff needed by tpm token are
|
|
Packit |
8681c6 |
## present
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
check_tpmtok()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
# Check for tpmtoken_init
|
|
Packit |
8681c6 |
if ! which tpmtoken_init; then
|
|
Packit |
8681c6 |
echo "Error: tpmtoken_init could not be found on PATH"
|
|
Packit |
8681c6 |
return 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Check if tcsd is running
|
|
Packit |
8681c6 |
if ! pgrep tcsd; then
|
|
Packit |
8681c6 |
echo "Error: TCSD daemon not running"
|
|
Packit |
8681c6 |
return 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
## check_ccatok() - Check if stuff needed by the CCA token
|
|
Packit |
8681c6 |
## are present
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
check_ccatok()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
# Check if catcher.exe is running
|
|
Packit |
8681c6 |
if ! pgrep catcher.exe; then
|
|
Packit |
8681c6 |
echo "Error: catcher.exe daemon not running"
|
|
Packit |
8681c6 |
return 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
## init_slot() - Initialize a specific slot
|
|
Packit |
8681c6 |
## $1 - The slot number to initialize
|
|
Packit |
8681c6 |
##
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
init_slot()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
case $TOKTYPE in
|
|
Packit |
8681c6 |
TPM)
|
|
Packit |
8681c6 |
echo "Initializing TPM token using init_tpmtoken.sh"
|
|
Packit |
8681c6 |
if ! $TESTDIR/init_tpmtoken.sh; then
|
|
Packit |
8681c6 |
echo "Error initializing TPM token"
|
|
Packit |
8681c6 |
return 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
CCA | EP11 | ICA | Software)
|
|
Packit |
8681c6 |
echo "Initializing $TOKTYPE using init_token.sh"
|
|
Packit |
8681c6 |
if ! $TESTDIR/init_token.sh $1; then
|
|
Packit |
8681c6 |
echo "Error initializing $TOKTYPE token"
|
|
Packit |
8681c6 |
return 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
*)
|
|
Packit |
8681c6 |
echo "FATAL: Token type not recognized: $TOKTYPE"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
esac
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
## check_slot() - Checks if we have everything needed to test
|
|
Packit |
8681c6 |
## this specific slot number
|
|
Packit |
8681c6 |
## $1 - The slot number to check
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
check_slot()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
# Check if the Slot exists, and what it actually is
|
|
Packit |
8681c6 |
TOKDESCR=`$PKCSCONFBIN -c $1 -t`
|
|
Packit |
8681c6 |
TOKMODEL=`echo "$TOKDESCR" | grep "Model:"`
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
case $TOKMODEL in
|
|
Packit |
8681c6 |
*TPM*)
|
|
Packit |
8681c6 |
echo "TPM Token type detected"
|
|
Packit |
8681c6 |
check_tpmtok || return
|
|
Packit |
8681c6 |
TOKTYPE="TPM"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
*CCA*)
|
|
Packit |
8681c6 |
echo "CCA Token type detected"
|
|
Packit |
8681c6 |
check_ccatok || return
|
|
Packit |
8681c6 |
TOKTYPE="CCA"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
*ICA*)
|
|
Packit |
8681c6 |
echo "ICA Token type detected"
|
|
Packit |
8681c6 |
TOKTYPE="ICA"
|
|
Packit |
8681c6 |
;;
|
|
Packit Service |
8aa27d |
*Soft*)
|
|
Packit |
8681c6 |
echo "Software Token type detected"
|
|
Packit |
8681c6 |
TOKTYPE="Software"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
*EP11*)
|
|
Packit |
8681c6 |
echo "EP11 Token type detected"
|
|
Packit |
8681c6 |
TOKTYPE="EP11"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
*)
|
|
Packit |
8681c6 |
echo "Error: unsupported or undetermined token type"
|
|
Packit |
8681c6 |
echo " wrong Slot $1?"
|
|
Packit |
8681c6 |
return 1
|
|
Packit |
8681c6 |
esac
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Check if Tokem is initialized and set $NONEED_TOKEN_INIT if so
|
|
Packit |
8681c6 |
NONEED_TOKEN_INIT=`echo "$TOKDESCR" | grep "Flags:" | grep TOKEN_INITIALIZED | wc -l`
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
##
|
|
Packit |
8681c6 |
## check_env() - Check if we have everything we need
|
|
Packit |
8681c6 |
##
|
|
Packit |
8681c6 |
check_env()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
## Check env vars first
|
|
Packit |
8681c6 |
if [ -z $PKCS11_SO_PIN ]; then
|
|
Packit |
8681c6 |
echo "FATAL: Must set PKCS11_SO_PIN"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if [ -z $PKCS11_USER_PIN ]; then
|
|
Packit |
8681c6 |
echo "FATAL: Must set PKCS11_USER_PIN"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if [ -z $PKCSLIB ]; then
|
|
Packit |
8681c6 |
echo "FATAL: Must set PKCSLIB"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if [ ! -f $PKCSLIB ]; then
|
|
Packit |
8681c6 |
echo "FATAL: PKCSLIB=$PKCSLIB is invalid"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if [ ! -f $PKCONF ]; then
|
|
Packit |
8681c6 |
echo "FATAL: Can't find configuration data ($PKCONF)"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# if user is not root
|
|
Packit |
8681c6 |
if [ $EUID -ne 0 ]; then
|
|
Packit |
8681c6 |
## Check if the pkcs11 group 'exists'
|
|
Packit |
8681c6 |
P11GROUP=`getent group pkcs11 | cut -d ":" -f 3`
|
|
Packit |
8681c6 |
if [ -z $P11GROUP ]; then
|
|
Packit |
8681c6 |
echo "FATAL: Can't find pkcs11 group"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
## Check if we're part of it
|
|
Packit |
8681c6 |
if ! id -G | grep $P11GROUP; then
|
|
Packit |
8681c6 |
echo "FATAL: Must be part of the pkcs11 group"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
## Make sure we have the slot daemon running
|
|
Packit |
8681c6 |
if ! pgrep pkcsslotd; then
|
|
Packit |
8681c6 |
echo "FATAL: The slot daemon (pkcsslotd) must be running"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
## We also need pkcsconf
|
|
Packit |
8681c6 |
if [ ! -x $PKCSCONFBIN ]; then
|
|
Packit |
8681c6 |
echo "FATAL: Invalid pkcsconf utility ($PKCSCONFBIN)"
|
|
Packit |
8681c6 |
exit 1
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
## run_tests() - run tests for a specific slot,
|
|
Packit |
8681c6 |
## following $OCK_TEST order
|
|
Packit |
8681c6 |
## $1 - the slot
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
run_tests()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if [ -n "$OCK_TEST" ]; then
|
|
Packit |
8681c6 |
OCK_TESTS="$OCK_TEST"
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
echo "***** Will run the following tests for slot $1: $(ls -U $OCK_TESTS)"
|
|
Packit |
8681c6 |
for j in $( ls -U $OCK_TESTS ); do
|
|
Packit |
8681c6 |
echo "** Now executing '$j'"
|
|
Packit |
8681c6 |
$j -slot $1 $NO_STOP 2>&1
|
|
Packit |
8681c6 |
RES=$?
|
|
Packit |
8681c6 |
if [ $RES -ne 0 ]; then
|
|
Packit |
8681c6 |
echo "ERROR: Testcase $i failed to execute."
|
|
Packit |
8681c6 |
exit $RES
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
done
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
## run_benchs() - run benchmarks for a specific slot,
|
|
Packit |
8681c6 |
## following $OCK_BENCH order
|
|
Packit |
8681c6 |
## $1 - the slot
|
|
Packit |
8681c6 |
###
|
|
Packit |
8681c6 |
run_benchs()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
echo "***** Will run the following benchmarks for slot $1: $(ls -U $OCK_BENCHS)"
|
|
Packit |
8681c6 |
for i in $( ls -U $OCK_BENCHS ); do
|
|
Packit |
8681c6 |
echo "** Now executing '$i"
|
|
Packit |
8681c6 |
$i -slot $1 $NO_STOP 2>&1
|
|
Packit |
8681c6 |
done
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
main_script()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
LOGFILE=0
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# check generic stuff first
|
|
Packit |
8681c6 |
check_env
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# where to run
|
|
Packit |
8681c6 |
if [ -z $SLOT ]; then
|
|
Packit |
8681c6 |
NUMSLOT=$(grep '^slot' $PKCONF | wc -l)
|
|
Packit |
8681c6 |
for ((i=0; i<$NUMSLOT; i++)); do
|
|
Packit |
8681c6 |
SLOT="$SLOT $i"
|
|
Packit |
8681c6 |
LOGFILE=1
|
|
Packit |
8681c6 |
done
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for i in $SLOT; do (
|
|
Packit |
8681c6 |
echo "********** Testing Slot $i **********"
|
|
Packit |
8681c6 |
check_slot $i || { echo "SKIPPING slot $i"; continue; }
|
|
Packit |
8681c6 |
if [ $NONEED_TOKEN_INIT -eq 0 ]; then
|
|
Packit |
8681c6 |
init_slot $i || { echo "SKIPPING slot $i"; continue; }
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
if [ "$LOGFILE" = "1" ]; then
|
|
Packit |
8681c6 |
echo "test output for slot $i stored in log-slot_$i.txt"
|
|
Packit |
8681c6 |
run_tests $i > "log-slot_$i.txt" 2>&1
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
run_tests $i
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
[ -n "$BENCHMARK" ] && run_benchs $i
|
|
Packit |
8681c6 |
echo "********** Finished Testing Slot $i **********"
|
|
Packit |
8681c6 |
) &
|
|
Packit |
8681c6 |
done
|
|
Packit |
8681c6 |
wait
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while getopts s:f:l:hc:n arg; do
|
|
Packit |
8681c6 |
case $arg in
|
|
Packit |
8681c6 |
h)
|
|
Packit |
8681c6 |
usage
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
l)
|
|
Packit |
8681c6 |
LOGGING=1
|
|
Packit |
8681c6 |
if [ -n $OPTARG ]; then
|
|
Packit |
8681c6 |
LOGFILE="$OPTARG"
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
touch $LOGFILE
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
c)
|
|
Packit |
8681c6 |
TESTCONF="$OPTARG"
|
|
Packit |
8681c6 |
touch $TESTCONF
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
n)
|
|
Packit |
8681c6 |
NO_STOP="-nostop"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
s)
|
|
Packit |
8681c6 |
SLOT="$OPTARG"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
f)
|
|
Packit |
8681c6 |
OCK_TEST="$OPTARG"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
b)
|
|
Packit |
8681c6 |
BENCHMARK="yes"
|
|
Packit |
8681c6 |
;;
|
|
Packit |
8681c6 |
esac
|
|
Packit |
8681c6 |
done
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if [ "$LOGGING" = "1" ]; then
|
|
Packit |
8681c6 |
main_script >>$LOGFILE 2>&1
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
main_script
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
exit 0
|