#!/bin/bash
#
# COPYRIGHT (c) International Business Machines Corp. 2008-2017
#
# This program is provided under the terms of the Common Public License,
# version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software
# constitutes recipient's acceptance of CPL-1.0 terms which can be found
# in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php
#
#
# NAME
# ocktests.sh
#
# DESCRIPTION
# Simple Bash script that checks the enviroment in which the ock-tests will run
# and starts them.
#
# ALGORITHM
# None.
#
# USAGE
#
# HISTORY
# Rajiv Andrade <srajiv@linux.vnet.ibm.com>
#
# RESTRICTIONS
# None.
##
LOGGING=0
TESTDIR=`dirname $0`
LOGFILE="$TESTDIR/ock-tests.log"
ERR_SUMMARY="$TESTDIR/ock-tests.err"
PKCONF="@sysconfdir@/opencryptoki/opencryptoki.conf"
PKCSCONFBIN="@sbindir@/pkcsconf"
TESTCONF="$TESTDIR/ock-tests.config"
TOKTYPE=""
NONEED_TOKEN_INIT=0
#
# This is the list of the tests we'll be running once everything is initialized
#
# The order of these tests matters. login/login leaves the token with its USER
# PIN locked, leaving the token unusable until someone manually deletes
# $OCKDIR/$TOKEN/*. Manually deleting this dir is pre-req for starting the
# automated tests anyway, so this is OK.
#
# login/login MUST come last if it appears in this list
#
OCK_TESTS="crypto/*tests"
OCK_TEST=""
OCK_BENCHS="pkcs11/*bench"
usage()
{
echo -e " usage: ./ock_tests.sh [-s <slot>] [-f <testfile>]" \
"[-l <logfile>] [-n] [-h]"
echo -e " -l <logfile> redirect output to logfile" \
"(default is command line)"
echo -e " -h display this help"
echo -e " -q run quietly - display only total number" \
"of tests passed/failed"
echo -e " -s <slot> slot against which the testcases will run" \
"(omit it to test all available tokens)"
echo -e " -f <testfile> path to test that will be run"
echo -e " -n don't stop in case one of the testcases fail"
echo -e " -b also run benchmarks or performance tests"
exit -1
}
###
## check_tpmtok() - Check if stuff needed by tpm token are
## present
###
check_tpmtok()
{
# Check for tpmtoken_init
if ! which tpmtoken_init; then
echo "Error: tpmtoken_init could not be found on PATH"
return 1
fi
# Check if tcsd is running
if ! pgrep tcsd; then
echo "Error: TCSD daemon not running"
return 1
fi
}
###
## check_ccatok() - Check if stuff needed by the CCA token
## are present
###
check_ccatok()
{
# Check if catcher.exe is running
if ! pgrep catcher.exe; then
echo "Error: catcher.exe daemon not running"
return 1
fi
}
###
## init_slot() - Initialize a specific slot
## $1 - The slot number to initialize
##
###
init_slot()
{
case $TOKTYPE in
TPM)
echo "Initializing TPM token using init_tpmtoken.sh"
if ! $TESTDIR/init_tpmtoken.sh; then
echo "Error initializing TPM token"
return 1
fi
;;
CCA | EP11 | ICA | Software)
echo "Initializing $TOKTYPE using init_token.sh"
if ! $TESTDIR/init_token.sh $1; then
echo "Error initializing $TOKTYPE token"
return 1
fi
;;
*)
echo "FATAL: Token type not recognized: $TOKTYPE"
exit 1
esac
}
###
## check_slot() - Checks if we have everything needed to test
## this specific slot number
## $1 - The slot number to check
###
check_slot()
{
# Check if the Slot exists, and what it actually is
TOKDESCR=`$PKCSCONFBIN -c $1 -t`
TOKMODEL=`echo "$TOKDESCR" | grep "Model:"`
case $TOKMODEL in
*TPM*)
echo "TPM Token type detected"
check_tpmtok || return
TOKTYPE="TPM"
;;
*CCA*)
echo "CCA Token type detected"
check_ccatok || return
TOKTYPE="CCA"
;;
*ICA*)
echo "ICA Token type detected"
TOKTYPE="ICA"
;;
*Soft*)
echo "Software Token type detected"
TOKTYPE="Software"
;;
*EP11*)
echo "EP11 Token type detected"
TOKTYPE="EP11"
;;
*)
echo "Error: unsupported or undetermined token type"
echo " wrong Slot $1?"
return 1
esac
# Check if Tokem is initialized and set $NONEED_TOKEN_INIT if so
NONEED_TOKEN_INIT=`echo "$TOKDESCR" | grep "Flags:" | grep TOKEN_INITIALIZED | wc -l`
}
##
## check_env() - Check if we have everything we need
##
check_env()
{
## Check env vars first
if [ -z $PKCS11_SO_PIN ]; then
echo "FATAL: Must set PKCS11_SO_PIN"
exit 1
fi
if [ -z $PKCS11_USER_PIN ]; then
echo "FATAL: Must set PKCS11_USER_PIN"
exit 1
fi
if [ -z $PKCSLIB ]; then
echo "FATAL: Must set PKCSLIB"
exit 1
fi
if [ ! -f $PKCSLIB ]; then
echo "FATAL: PKCSLIB=$PKCSLIB is invalid"
exit 1
fi
if [ ! -f $PKCONF ]; then
echo "FATAL: Can't find configuration data ($PKCONF)"
exit 1
fi
# if user is not root
if [ $EUID -ne 0 ]; then
## Check if the pkcs11 group 'exists'
P11GROUP=`getent group pkcs11 | cut -d ":" -f 3`
if [ -z $P11GROUP ]; then
echo "FATAL: Can't find pkcs11 group"
exit 1
fi
## Check if we're part of it
if ! id -G | grep $P11GROUP; then
echo "FATAL: Must be part of the pkcs11 group"
exit 1
fi
fi
## Make sure we have the slot daemon running
if ! pgrep pkcsslotd; then
echo "FATAL: The slot daemon (pkcsslotd) must be running"
exit 1
fi
## We also need pkcsconf
if [ ! -x $PKCSCONFBIN ]; then
echo "FATAL: Invalid pkcsconf utility ($PKCSCONFBIN)"
exit 1
fi
}
###
## run_tests() - run tests for a specific slot,
## following $OCK_TEST order
## $1 - the slot
###
run_tests()
{
if [ -n "$OCK_TEST" ]; then
OCK_TESTS="$OCK_TEST"
fi
echo "***** Will run the following tests for slot $1: $(ls -U $OCK_TESTS)"
for j in $( ls -U $OCK_TESTS ); do
echo "** Now executing '$j'"
$j -slot $1 $NO_STOP 2>&1
RES=$?
if [ $RES -ne 0 ]; then
echo "ERROR: Testcase $i failed to execute."
exit $RES
fi
done
}
###
## run_benchs() - run benchmarks for a specific slot,
## following $OCK_BENCH order
## $1 - the slot
###
run_benchs()
{
echo "***** Will run the following benchmarks for slot $1: $(ls -U $OCK_BENCHS)"
for i in $( ls -U $OCK_BENCHS ); do
echo "** Now executing '$i"
$i -slot $1 $NO_STOP 2>&1
done
}
main_script()
{
LOGFILE=0
# check generic stuff first
check_env
# where to run
if [ -z $SLOT ]; then
NUMSLOT=$(grep '^slot' $PKCONF | wc -l)
for ((i=0; i<$NUMSLOT; i++)); do
SLOT="$SLOT $i"
LOGFILE=1
done
fi
for i in $SLOT; do (
echo "********** Testing Slot $i **********"
check_slot $i || { echo "SKIPPING slot $i"; continue; }
if [ $NONEED_TOKEN_INIT -eq 0 ]; then
init_slot $i || { echo "SKIPPING slot $i"; continue; }
fi
if [ "$LOGFILE" = "1" ]; then
echo "test output for slot $i stored in log-slot_$i.txt"
run_tests $i > "log-slot_$i.txt" 2>&1
else
run_tests $i
fi
[ -n "$BENCHMARK" ] && run_benchs $i
echo "********** Finished Testing Slot $i **********"
) &
done
wait
}
while getopts s:f:l:hc:n arg; do
case $arg in
h)
usage
;;
l)
LOGGING=1
if [ -n $OPTARG ]; then
LOGFILE="$OPTARG"
fi
touch $LOGFILE
;;
c)
TESTCONF="$OPTARG"
touch $TESTCONF
;;
n)
NO_STOP="-nostop"
;;
s)
SLOT="$OPTARG"
;;
f)
OCK_TEST="$OPTARG"
;;
b)
BENCHMARK="yes"
;;
esac
done
if [ "$LOGGING" = "1" ]; then
main_script >>$LOGFILE 2>&1
else
main_script
fi
exit 0