tests: Apply patches to IBM TSS2 test suite

Apply patches to the IBM TSS2 test suite rather than using sed on its files and other types of file manipulations. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Mar 1, 2021 · e78c9db · e78c9db
1 parent e5bb6f4
commit e78c9db
Show file tree

Hide file tree

Showing 11 changed files with 464 additions and 45 deletions.
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -141,7 +141,15 @@ EXTRA_DIST=$(TESTS) \
 	data/tpm2state5/signature.bin \
 	data/tpm2state5/tpm2-00.permall \
 	load_vtpm_proxy \
-	patches/ibmtss2_1.6_rsa2048only.patch \
+	patches/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch \
+	patches/0002-Implement-powerup-for-swtpm.patch \
+	patches/0003-Set-CRYPTOLIBRARY-to-openssl.patch \
+	patches/0004-Store-volatile-state-at-every-step.patch \
+	patches/0005-Disable-tests-related-to-events.patch \
+	patches/0006-Disable-testing-with-RSA-3072.patch \
+	patches/0007-Disable-rev155-test-cases.patch \
+	patches/0008-Disable-x509-test-cases.patch \
+	patches/0009-Disable-getcapability-TPM_CAP_ACT.patch \
 	patches/libtpm.patch \
 	softhsm_setup \
 	test_clientfds.py \

diff --git a/tests/patches/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch b/tests/patches/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch
@@ -0,0 +1,72 @@
+From 850ce946fc5ba79f03d46e8cb7695dcadb5f397d Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Fri, 26 Feb 2021 18:45:57 -0500
+Subject: [PATCH 1/9] Deactivate test cases accessing rootcerts.txt
+
+rootcerts.txt contains files in a drive we don't have access to
+---
+ utils/regtests/testcredential.sh | 18 +++++++++---------
+ utils/regtests/testunseal.sh     |  4 ++--
+ 2 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/utils/regtests/testcredential.sh b/utils/regtests/testcredential.sh
+index cb9fec0..16fd66a 100755
+--- a/utils/regtests/testcredential.sh
++++ b/utils/regtests/testcredential.sh
+@@ -300,9 +300,9 @@ NVNAME=(
+ 	${PREFIX}createek -high -pwde eee -pwdk kkk ${CALG[i]} -cp -noflush > run.out
+ 	checkSuccess $?
+
+-	echo "Validate the ${CALG[i]} EK certificate against the root"
+-	${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out
+-	checkSuccess $?
++	#echo "Validate the ${CALG[i]} EK certificate against the root"
++	#${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out
++	#checkSuccess $?
+
+ 	echo "Create a signing key under the ${CALG[i]} EK using the password"
+ 	${PREFIX}create -hp 80000001 -si -pwdp kkk > run.out
+@@ -402,9 +402,9 @@ NVNAME=(
+ 	${PREFIX}createek -high -pwde eee -pwdk kkk ${CALG[i]} -cp -noflush > run.out
+ 	checkSuccess $?
+
+-	echo "Validate the ${CALG[i]} EK certificate against the root"
+-	${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out
+-	checkSuccess $?
++	#echo "Validate the ${CALG[i]} EK certificate against the root"
++	#${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out
++	#checkSuccess $?
+
+ 	echo "Create a signing key under the ${CALG[i]} EK using the password"
+ 	${PREFIX}create -hp 80000001 -si -pwdp kkk > run.out
+@@ -540,9 +540,9 @@ NVNAME=(
+ 	${PREFIX}createek ${ALG} -pwde eee -cp -noflush > run.out
+ 	checkSuccess $?
+
+-	echo "Validate the ${ALG} EK certificate against the root"
+-	${PREFIX}createek ${ALG} -root certificates/rootcerts.txt > run.out
+-	checkSuccess $?
++	#echo "Validate the ${ALG} EK certificate against the root"
++	#${PREFIX}createek ${ALG} -root certificates/rootcerts.txt > run.out
++	#checkSuccess $?
+
+ 	echo "Start a policy session"
+ 	${PREFIX}startauthsession -se p > run.out
+diff --git a/utils/regtests/testunseal.sh b/utils/regtests/testunseal.sh
+index aae3d4e..1755740 100755
+--- a/utils/regtests/testunseal.sh
++++ b/utils/regtests/testunseal.sh
+@@ -724,8 +724,8 @@ echo ""
+
+ echo "PROVISION: Create the EK for the salted session 80000000"
+ if   [ ${CRYPTOLIBRARY} == "openssl" ]; then
+-${PREFIX}createek -rsa 2048 -cp -noflush -root certificates/rootcerts.txt > run.out
+-elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then
++#${PREFIX}createek -rsa 2048 -cp -noflush -root certificates/rootcerts.txt > run.out
++#elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then
+ ${PREFIX}createek -rsa 2048 -cp -noflush > run.out
+ fi
+ checkSuccess $?
+-- 
+2.26.2
+
diff --git a/tests/patches/0002-Implement-powerup-for-swtpm.patch b/tests/patches/0002-Implement-powerup-for-swtpm.patch
@@ -0,0 +1,148 @@
+From f0f9aec53193b1c81f2de2cc9cc52a0c82afa523 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Sun, 28 Feb 2021 16:39:51 -0500
+Subject: [PATCH 2/9] Implement powerup for swtpm
+
+---
+ utils/reg.sh                   | 12 ++++++++++++
+ utils/regtests/inittpm.sh      |  4 ++--
+ utils/regtests/testevent.sh    |  2 +-
+ utils/regtests/testnvpin.sh    |  4 ++--
+ utils/regtests/testpcr.sh      |  2 +-
+ utils/regtests/testshutdown.sh |  6 +++---
+ 6 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/utils/reg.sh b/utils/reg.sh
+index 048863b..61f23d9 100755
+--- a/utils/reg.sh
++++ b/utils/reg.sh
+@@ -1,6 +1,12 @@
+ #!/bin/bash
+ #
+
++SWTPM_IOCTL=${SWTPM_IOCTL:-$(type -P swtpm_ioctl)}
++if [ -z "${SWTPM_IOCTL}" ]; then
++	echo "SWTPM_IOCTL not set and could not find swtpm_ioctl in PATH"
++	exit 1
++fi
++
+ #################################################################################
+ #										#
+ #			TPM2 regression test					#
+@@ -244,6 +250,12 @@ initprimary()
+     checkSuccess $?
+ }
+
++powerup()
++{
++    ${SWTPM_IOCTL} -i --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT}
++    return $?
++}
++export -f powerup
+
+ export -f checkSuccess
+ export -f checkWarning
+diff --git a/utils/regtests/inittpm.sh b/utils/regtests/inittpm.sh
+index eaefab4..2c87bb2 100755
+--- a/utils/regtests/inittpm.sh
++++ b/utils/regtests/inittpm.sh
+@@ -46,7 +46,7 @@ echo "Initialize TPM"
+ echo ""
+
+ echo "Power cycle"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup"
+@@ -62,7 +62,7 @@ ${PREFIX}pcrallocate +sha1 +sha256 +sha384 +sha512 > run.out
+ checkSuccess $?
+
+ echo "Power cycle"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup"
+diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh
+index 6336920..6d78ba5 100755
+--- a/utils/regtests/testevent.sh
++++ b/utils/regtests/testevent.sh
+@@ -66,7 +66,7 @@ do
+     do
+
+ 	echo "Power cycle to reset IMA PCR"
+-	${PREFIX}powerup > run.out
++	powerup > run.out
+ 	checkSuccess $?
+
+ 	echo "Startup"
+diff --git a/utils/regtests/testnvpin.sh b/utils/regtests/testnvpin.sh
+index 89d14a7..c045af1 100755
+--- a/utils/regtests/testnvpin.sh
++++ b/utils/regtests/testnvpin.sh
+@@ -240,7 +240,7 @@ ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+ checkFailure $?
+
+ echo "Reboot"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup"
+@@ -448,7 +448,7 @@ ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+ checkFailure $?
+
+ echo "Reboot"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup"
+diff --git a/utils/regtests/testpcr.sh b/utils/regtests/testpcr.sh
+index ef8fa2c..e2ac737 100755
+--- a/utils/regtests/testpcr.sh
++++ b/utils/regtests/testpcr.sh
+@@ -191,7 +191,7 @@ do
+     checkSuccess $?
+
+     echo "powerup"
+-    ${PREFIX}powerup > run.out
++    powerup > run.out
+     checkSuccess $?
+
+     echo "startup"
+diff --git a/utils/regtests/testshutdown.sh b/utils/regtests/testshutdown.sh
+index 566471b..7be9f1c 100755
+--- a/utils/regtests/testshutdown.sh
++++ b/utils/regtests/testshutdown.sh
+@@ -147,7 +147,7 @@ ${PREFIX}shutdown -s > run.out
+ checkSuccess $?
+
+ echo "Power cycle"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup state"
+@@ -255,7 +255,7 @@ ${PREFIX}shutdown -s > run.out
+ checkSuccess $?
+
+ echo "Power cycle"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup clear"
+@@ -331,7 +331,7 @@ ${PREFIX}shutdown -c > run.out
+ checkSuccess $?
+
+ echo "Power cycle"
+-${PREFIX}powerup > run.out
++powerup > run.out
+ checkSuccess $?
+
+ echo "Startup clear"
+-- 
+2.26.2
+
diff --git a/tests/patches/0003-Set-CRYPTOLIBRARY-to-openssl.patch b/tests/patches/0003-Set-CRYPTOLIBRARY-to-openssl.patch
@@ -0,0 +1,25 @@
+From b233462f3fe53d2209a1e2aad7f196979cea00e5 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Sun, 28 Feb 2021 16:35:56 -0500
+Subject: [PATCH 3/9] Set CRYPTOLIBRARY to openssl
+
+---
+ utils/reg.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/reg.sh b/utils/reg.sh
+index 61f23d9..33e3299 100755
+--- a/utils/reg.sh
++++ b/utils/reg.sh
+@@ -264,7 +264,7 @@ export WARN
+ export PREFIX
+ export -f initprimary
+ # hack because the mbedtls port is incomplete
+-export CRYPTOLIBRARY=`${PREFIX}getcryptolibrary`
++export CRYPTOLIBRARY=openssl
+
+ # example for running scripts with encrypted sessions, see TPM_SESSION_ENCKEY=getrandom below
+ export TPM_SESSION_ENCKEY
+-- 
+2.26.2
+
diff --git a/tests/patches/0004-Store-volatile-state-at-every-step.patch b/tests/patches/0004-Store-volatile-state-at-every-step.patch
@@ -0,0 +1,65 @@
+From 223a78820b10fcce8b65d5827d1699dab49e45e1 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Sun, 28 Feb 2021 16:42:11 -0500
+Subject: [PATCH 4/9] Store volatile state at every step
+
+---
+ utils/reg.sh | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/utils/reg.sh b/utils/reg.sh
+index 33e3299..de7e181 100755
+--- a/utils/reg.sh
++++ b/utils/reg.sh
+@@ -124,6 +124,13 @@ printUsage ()
+     echo "-51 Events"
+ }
+
++storeVolatileState()
++{
++    echo ">>> Storing volatile state <<<"
++    ${SWTPM_IOCTL} -v --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT}
++}
++export -f storeVolatileState
++
+ checkSuccess()
+ {
+ if [ $1 -ne 0 ]; then
+@@ -133,7 +140,7 @@ if [ $1 -ne 0 ]; then
+ else
+     echo " INFO:"
+ fi
+-
++storeVolatileState
+ }
+
+ # FIXME should not increment past 254
+@@ -146,6 +153,7 @@ if [ $1 -ne 0 ]; then
+ else
+     echo " INFO:"
+ fi
++storeVolatileState
+ }
+
+ checkFailure()
+@@ -157,6 +165,7 @@ if [ $1 -eq 0 ]; then
+ else
+     echo " INFO:"
+ fi
++storeVolatileState
+ }
+
+ cleanup()
+@@ -252,6 +261,9 @@ initprimary()
+
+ powerup()
+ {
++    ${SWTPM_IOCTL} -i --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT}
++    # Do it a 2nd time now that the previously store volatile state is gone
++    # Now startup must be sent to the TPM again
+     ${SWTPM_IOCTL} -i --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT}
+     return $?
+ }
+-- 
+2.26.2
+
diff --git a/tests/patches/0005-Disable-tests-related-to-events.patch b/tests/patches/0005-Disable-tests-related-to-events.patch
@@ -0,0 +1,23 @@
+From 19ce952c3a7205585bed8cb063dc2b1f23434ba4 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Sun, 28 Feb 2021 16:33:02 -0500
+Subject: [PATCH 5/9] Disable tests related to 'events'
+
+---
+ utils/regtests/testevent.sh | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh
+index 6d78ba5..9252161 100755
+--- a/utils/regtests/testevent.sh
++++ b/utils/regtests/testevent.sh
+@@ -1,5 +1,6 @@
+ #!/bin/bash
+ #
++exit 0
+
+ #################################################################################
+ #										#
+-- 
+2.26.2
+
diff --git a/tests/patches/ibmtss2_1.6_rsa2048only.patch → .../0006-Disable-testing-with-RSA-3072.patch b/tests/patches/ibmtss2_1.6_rsa2048only.patch → .../0006-Disable-testing-with-RSA-3072.patch
@@ -1,8 +1,25 @@
+From ca400b52d26bf4f518964faf2b2353d25a057fce Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Sun, 28 Feb 2021 16:35:02 -0500
+Subject: [PATCH 6/9] Disable testing with RSA 3072
+
+---
+ utils/reg.sh                       |  2 +-
+ utils/regtests/initkeys.sh         |  2 +-
+ utils/regtests/testcreateloaded.sh |  2 +-
+ utils/regtests/testcredential.sh   |  2 +-
+ utils/regtests/testprimary.sh      |  2 +-
+ utils/regtests/testrsa.sh          | 14 +++++++-------
+ utils/regtests/testsalt.sh         |  1 +
+ utils/regtests/testsign.sh         |  6 +++---
+ utils/regtests/testx509.sh         |  2 +-
+ 9 files changed, 17 insertions(+), 16 deletions(-)
+
 diff --git a/utils/reg.sh b/utils/reg.sh
-index 048863b..3aff350 100755
+index de7e181..9de1eaa 100755
 --- a/utils/reg.sh
 +++ b/utils/reg.sh
-@@ -171,7 +171,7 @@ cleanup()
+@@ -186,7 +186,7 @@ cleanup()
  	rm -f khrpub${HALG}.bin
      done
 
@@ -38,7 +55,7 @@ index d3e3eb8..76fb859 100755
 
  	echo "CreateLoaded primary key, parent ${HIER} ${ALG}"
 diff --git a/utils/regtests/testcredential.sh b/utils/regtests/testcredential.sh
-index cb9fec0..ca9d512 100755
+index 16fd66a..a68960d 100755
 --- a/utils/regtests/testcredential.sh
 +++ b/utils/regtests/testcredential.sh
 @@ -287,7 +287,7 @@ NVNAME=(
@@ -179,3 +196,6 @@ index 813085f..f5737a8 100755
      echo "Load the ${SALG[i]} ${SKEY[i]} issuer key 80000001 under the primary key"
      ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}rpriv.bin -ipu sign${SKEY[i]}rpub.bin -pwdp sto > run.out
      checkSuccess $?
+-- 
+2.26.2
+