#!/bin/bash # # COPYRIGHT (c) International Business Machines Corp. 2008-2017 # # This program is provided under the terms of the Common Public License, # version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software # constitutes recipient's acceptance of CPL-1.0 terms which can be found # in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php # # # NAME # ocktests.sh # # DESCRIPTION # Simple Bash script that checks the enviroment in which the ock-tests will run # and starts them. # # ALGORITHM # None. # # USAGE # # HISTORY # Rajiv Andrade # # RESTRICTIONS # None. ## LOGGING=0 TESTDIR=`dirname $0` LOGFILE="$TESTDIR/ock-tests.log" ERR_SUMMARY="$TESTDIR/ock-tests.err" PKCONF="@sysconfdir@/opencryptoki/opencryptoki.conf" PKCSCONFBIN="@sbindir@/pkcsconf" TESTCONF="$TESTDIR/ock-tests.config" TOKTYPE="" NONEED_TOKEN_INIT=0 # # This is the list of the tests we'll be running once everything is initialized # # The order of these tests matters. login/login leaves the token with its USER # PIN locked, leaving the token unusable until someone manually deletes # $OCKDIR/$TOKEN/*. Manually deleting this dir is pre-req for starting the # automated tests anyway, so this is OK. # # login/login MUST come last if it appears in this list # OCK_TESTS="crypto/*tests" OCK_TEST="" OCK_BENCHS="pkcs11/*bench" usage() { echo -e " usage: ./ock_tests.sh [-s ] [-f ]" \ "[-l ] [-n] [-h]" echo -e " -l redirect output to logfile" \ "(default is command line)" echo -e " -h display this help" echo -e " -q run quietly - display only total number" \ "of tests passed/failed" echo -e " -s slot against which the testcases will run" \ "(omit it to test all available tokens)" echo -e " -f path to test that will be run" echo -e " -n don't stop in case one of the testcases fail" echo -e " -b also run benchmarks or performance tests" exit -1 } ### ## check_tpmtok() - Check if stuff needed by tpm token are ## present ### check_tpmtok() { # Check for tpmtoken_init if ! which tpmtoken_init; then echo "Error: tpmtoken_init could not be found on PATH" return 1 fi # Check if tcsd is running if ! pgrep tcsd; then echo "Error: TCSD daemon not running" return 1 fi } ### ## check_ccatok() - Check if stuff needed by the CCA token ## are present ### check_ccatok() { # Check if catcher.exe is running if ! pgrep catcher.exe; then echo "Error: catcher.exe daemon not running" return 1 fi } ### ## init_slot() - Initialize a specific slot ## $1 - The slot number to initialize ## ### init_slot() { case $TOKTYPE in TPM) echo "Initializing TPM token using init_tpmtoken.sh" if ! $TESTDIR/init_tpmtoken.sh; then echo "Error initializing TPM token" return 1 fi ;; CCA | EP11 | ICA | Software) echo "Initializing $TOKTYPE using init_token.sh" if ! $TESTDIR/init_token.sh $1; then echo "Error initializing $TOKTYPE token" return 1 fi ;; *) echo "FATAL: Token type not recognized: $TOKTYPE" exit 1 esac } ### ## check_slot() - Checks if we have everything needed to test ## this specific slot number ## $1 - The slot number to check ### check_slot() { # Check if the Slot exists, and what it actually is TOKDESCR=`$PKCSCONFBIN -c $1 -t` TOKMODEL=`echo "$TOKDESCR" | grep "Model:"` case $TOKMODEL in *TPM*) echo "TPM Token type detected" check_tpmtok || return TOKTYPE="TPM" ;; *CCA*) echo "CCA Token type detected" check_ccatok || return TOKTYPE="CCA" ;; *ICA*) echo "ICA Token type detected" TOKTYPE="ICA" ;; *Soft*) echo "Software Token type detected" TOKTYPE="Software" ;; *EP11*) echo "EP11 Token type detected" TOKTYPE="EP11" ;; *) echo "Error: unsupported or undetermined token type" echo " wrong Slot $1?" return 1 esac # Check if Tokem is initialized and set $NONEED_TOKEN_INIT if so NONEED_TOKEN_INIT=`echo "$TOKDESCR" | grep "Flags:" | grep TOKEN_INITIALIZED | wc -l` } ## ## check_env() - Check if we have everything we need ## check_env() { ## Check env vars first if [ -z $PKCS11_SO_PIN ]; then echo "FATAL: Must set PKCS11_SO_PIN" exit 1 fi if [ -z $PKCS11_USER_PIN ]; then echo "FATAL: Must set PKCS11_USER_PIN" exit 1 fi if [ -z $PKCSLIB ]; then echo "FATAL: Must set PKCSLIB" exit 1 fi if [ ! -f $PKCSLIB ]; then echo "FATAL: PKCSLIB=$PKCSLIB is invalid" exit 1 fi if [ ! -f $PKCONF ]; then echo "FATAL: Can't find configuration data ($PKCONF)" exit 1 fi # if user is not root if [ $EUID -ne 0 ]; then ## Check if the pkcs11 group 'exists' P11GROUP=`getent group pkcs11 | cut -d ":" -f 3` if [ -z $P11GROUP ]; then echo "FATAL: Can't find pkcs11 group" exit 1 fi ## Check if we're part of it if ! id -G | grep $P11GROUP; then echo "FATAL: Must be part of the pkcs11 group" exit 1 fi fi ## Make sure we have the slot daemon running if ! pgrep pkcsslotd; then echo "FATAL: The slot daemon (pkcsslotd) must be running" exit 1 fi ## We also need pkcsconf if [ ! -x $PKCSCONFBIN ]; then echo "FATAL: Invalid pkcsconf utility ($PKCSCONFBIN)" exit 1 fi } ### ## run_tests() - run tests for a specific slot, ## following $OCK_TEST order ## $1 - the slot ### run_tests() { if [ -n "$OCK_TEST" ]; then OCK_TESTS="$OCK_TEST" fi echo "***** Will run the following tests for slot $1: $(ls -U $OCK_TESTS)" for j in $( ls -U $OCK_TESTS ); do echo "** Now executing '$j'" $j -slot $1 $NO_STOP 2>&1 RES=$? if [ $RES -ne 0 ]; then echo "ERROR: Testcase $i failed to execute." exit $RES fi done } ### ## run_benchs() - run benchmarks for a specific slot, ## following $OCK_BENCH order ## $1 - the slot ### run_benchs() { echo "***** Will run the following benchmarks for slot $1: $(ls -U $OCK_BENCHS)" for i in $( ls -U $OCK_BENCHS ); do echo "** Now executing '$i" $i -slot $1 $NO_STOP 2>&1 done } main_script() { LOGFILE=0 # check generic stuff first check_env # where to run if [ -z $SLOT ]; then NUMSLOT=$(grep '^slot' $PKCONF | wc -l) for ((i=0; i<$NUMSLOT; i++)); do SLOT="$SLOT $i" LOGFILE=1 done fi for i in $SLOT; do ( echo "********** Testing Slot $i **********" check_slot $i || { echo "SKIPPING slot $i"; continue; } if [ $NONEED_TOKEN_INIT -eq 0 ]; then init_slot $i || { echo "SKIPPING slot $i"; continue; } fi if [ "$LOGFILE" = "1" ]; then echo "test output for slot $i stored in log-slot_$i.txt" run_tests $i > "log-slot_$i.txt" 2>&1 else run_tests $i fi [ -n "$BENCHMARK" ] && run_benchs $i echo "********** Finished Testing Slot $i **********" ) & done wait } while getopts s:f:l:hc:n arg; do case $arg in h) usage ;; l) LOGGING=1 if [ -n $OPTARG ]; then LOGFILE="$OPTARG" fi touch $LOGFILE ;; c) TESTCONF="$OPTARG" touch $TESTCONF ;; n) NO_STOP="-nostop" ;; s) SLOT="$OPTARG" ;; f) OCK_TEST="$OPTARG" ;; b) BENCHMARK="yes" ;; esac done if [ "$LOGGING" = "1" ]; then main_script >>$LOGFILE 2>&1 else main_script fi exit 0