tss2 *: Enhance Fapi Tools integration tests with ECC profile

The Fapi Tools integration tests now additionally run with the ECC
default profile.

Signed-off-by: Christian Plappert <christian.plappert@sit.fraunhofer.de>

bootstrap

@@ -14,6 +14,18 @@ src_listvar () {
     echo ""
 }
 
+# duplicate fapi tests with ecc
+duplicate () {
+    basedir=$1
+    suffix=$2
+
+    find "${basedir}" \( -iname "${suffix}" ! -iname "*ecc.sh" \) | while read fname; do
+      cp $fname ${fname%.sh}_ecc.sh
+      sed -i -e 's/CRYPTO_PROFILE="RSA"/CRYPTO_PROFILE="ECC"/g' ${fname%.sh}_ecc.sh
+    done
+}
+
+
 VARS_FILE=src_vars.mk
 AUTORECONF=${AUTORECONF:-autoreconf}
 
@@ -26,6 +38,8 @@ echo "Generating file lists: ${VARS_FILE}"
   src_listvar "test/integration/tests" "*.sh" "SYSTEM_TESTS"
   printf "ALL_SYSTEM_TESTS = \$(SYSTEM_TESTS)\n"
 
+  duplicate "test/integration/fapi" "*.sh"
+
   src_listvar "test/integration/fapi" "*.sh" "FAPI_TESTS"
   printf "ALL_FAPI_TESTS = \$(FAPI_TESTS)\n"
 ) > ${VARS_FILE}

test/integration/fapi/fapi-authorize-policy.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/
@@ -41,9 +42,13 @@ tss2 authorizepolicy --keyPath=$POLICY_SIGN_KEY_PATH --policyPath=$POLICY_PCR \
 tss2 createkey --path=$KEY_PATH --type="noDa, sign" \
     --policyPath=$POLICY_AUTHORIZE --authValue=""
 
-tss2 sign --keyPath=$KEY_PATH --padding="RSA_PSS" --digest=$DIGEST_FILE \
-    --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
-
+if [ "$CRYPTO_PROFILE" = "RSA" ]; then
+    tss2 sign --keyPath=$KEY_PATH --padding="RSA_PSS" --digest=$DIGEST_FILE \
+        --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
+else
+    tss2 sign --keyPath=$KEY_PATH --digest=$DIGEST_FILE \
+        --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
+fi
 
 expect <<EOF
 # Try with missing policyPath

test/integration/fapi/fapi-branch-select.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-encrypt-decrypt.sh

@@ -3,10 +3,14 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
-    tss2 delete --path=/
+    # In case the test is skipped no key is created and a
+    # failure is expected here. Therefore, we need to pass a successful
+    # execution in any case
+    tss2 delete --path=/ && true
     shut_down
 }
 
@@ -24,6 +28,11 @@ echo -n "Secret Text!" > $PLAIN_TEXT
 
 set -x
 
+if [ "$CRYPTO_PROFILE" = "ECC" ]; then
+echo ECC currently not supported for encryption. Skipping test.
+exit 077
+fi
+
 tss2 provision
 
 expect <<EOF

test/integration/fapi/fapi-export-key.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-export-policy.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-get-info.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-get-platform-certificates.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 PATH=${BUILDDIR}/tools/fapi:$PATH
 

test/integration/fapi/fapi-get-random.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 PATH=${BUILDDIR}/tools/fapi:$PATH
 

test/integration/fapi/fapi-get-tpm-blobs.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-key-change-auth.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/
@@ -27,6 +28,7 @@ tss2 provision
 echo 0123456789012345678 > $DIGEST_FILE
 tss2 createkey --path=$KEY_PATH --type="noDa, sign" --authValue=$PW1
 
+if [ "$CRYPTO_PROFILE" = "RSA" ]; then
 expect <<EOF
 # Try interactive prompt
 spawn tss2 sign --keyPath=$KEY_PATH --padding=$PADDINGS --digest=$DIGEST_FILE \
@@ -39,6 +41,20 @@ if {[lindex \$ret 2] || [lindex \$ret 3] != 0} {
     exit 1
 }
 EOF
+else
+expect <<EOF
+# Try interactive prompt
+spawn tss2 sign --keyPath=$KEY_PATH --digest=$DIGEST_FILE \
+    --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
+expect "Authorize object: "
+send "$PW1\r"
+set ret [wait]
+if {[lindex \$ret 2] || [lindex \$ret 3] != 0} {
+    send_user "Using interactive prompt has failed\n"
+    exit 1
+}
+EOF
+fi
 
 expect <<EOF
 # Try interactive prompt with 2 different passwords
@@ -76,6 +92,7 @@ if {[lindex \$ret 2] || [lindex \$ret 3] != 0} {
 }
 EOF
 
+if [ "$CRYPTO_PROFILE" = "RSA" ]; then
 expect <<EOF
 # Check if system asks for auth value
 spawn tss2 sign --keyPath=$KEY_PATH --padding=$PADDINGS --digest=$DIGEST_FILE \
@@ -94,5 +111,25 @@ expect {
         exit 1
     }
 EOF
+else
+expect <<EOF
+# Check if system asks for auth value
+spawn tss2 sign --keyPath=$KEY_PATH --digest=$DIGEST_FILE \
+    --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE --force
+expect {
+    "Authorize object: " {
+    } eof {
+        send_user "The system has not asked for password\n"
+        exit 1
+    }
+    }
+    send "$PW2\r"
+    set ret [wait]
+    if {[lindex \$ret 2] || [lindex \$ret 3]} {
+        send_user "Passing password has failed\n"
+        exit 1
+    }
+EOF
+fi
 
 exit 0

test/integration/fapi/fapi-list.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-nv-extend.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-nv-increment.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-nv-set-bits.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-nv-write-authorize.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/
@@ -49,8 +50,13 @@ tss2 createkey --path=$POLICY_SIGN_KEY_PATH --type="noDa, sign" --authValue=""
 tss2 createkey --path=$SIGN_KEY_PATH --type="noDa, sign" \
     --policyPath=$AUTHORIZE_NV_POLICY  --authValue=""
 
+if [ "$CRYPTO_PROFILE" = "RSA" ]; then
 tss2 sign --keyPath=$SIGN_KEY_PATH --padding="RSA_PSS" --digest=$DIGEST_FILE \
     --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
+else
+tss2 sign --keyPath=$SIGN_KEY_PATH --digest=$DIGEST_FILE \
+    --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
+fi
 
 expect <<EOF
 # Try with missing nvPath

test/integration/fapi/fapi-nv-write-read.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-pcr-extend-read.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-provision.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     # Since clean up should already been done during normal run of the test, a

test/integration/fapi/fapi-quote-verify.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-seal-unseal.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-set-get-app-data.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-set-get-certificate.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/

test/integration/fapi/fapi-set-get-description.sh

@@ -4,7 +4,8 @@ source helpers.sh
 
 start_up
 
-setup_fapi
+CRYPTO_PROFILE="RSA"
+setup_fapi $CRYPTO_PROFILE
 
 function cleanup {
     tss2 delete --path=/