test: rework sys/esys tests and int-log-compilers to use tctildr and …

…run standalone Signed-off-by: Johannes Holland <[email protected]>
tpm2-software · Oct 18, 2023 · 761d15a · 761d15a
1 parent 7fccb4e
commit 761d15a
Show file tree

Hide file tree

Showing 31 changed files with 1,136 additions and 1,171 deletions.
diff --git a/Makefile-fuzz.am b/Makefile-fuzz.am
@@ -30,8 +30,7 @@ test_fuzz_libfuzz_utils_la_LDFLAGS = $(TESTS_LDFLAGS)
 test_fuzz_libfuzz_utils_la_LIBADD = $(TESTS_LIBADD)
 test_fuzz_libfuzz_utils_la_CFLAGS = $(AM_CFLAGS) $(FUZZ_CFLAGS)
 test_fuzz_libfuzz_utils_la_SOURCES = \
-    test/integration/sys-context-util.c \
-    test/integration/sys-test-options.c
+    test/integration/test-common.c test/integration/test-common.h
 
 TESTS_LDADD += $(libtss2_utils_fuzzing)
 FUZZLDADD = $(TESTS_LDADD) $(TESTS_LDFLAGS) $(FUZZ_LDFLAGS)

diff --git a/Makefile-test.am b/Makefile-test.am
@@ -15,8 +15,8 @@ check_LTLIBRARIES =
 TEST_EXTENSIONS = .int .fint
 INT_LOG_COMPILER = $(srcdir)/script/int-log-compiler.sh
 FINT_LOG_COMPILER = $(srcdir)/script/fint-log-compiler.sh
-INT_LOG_FLAGS = $(INTEGRATION_TCTI) $(INTEGRATION_ARGS)
-FINT_LOG_FLAGS = $(INTEGRATION_TCTI) $(INTEGRATION_ARGS)
+INT_LOG_FLAGS = $(INTEGRATION_TCTI)
+FINT_LOG_FLAGS = $(INTEGRATION_TCTI)
 EXTRA_DIST += $(srcdir)/script/int-log-compiler.sh \
               $(srcdir)/script/fint-log-compiler.sh \
               $(srcdir)/script/int-log-compiler-common.sh \
@@ -1091,11 +1091,10 @@ test_tpmclient_tpmclient_int_SOURCES  = \
 
 test_integration_libtest_utils_la_CFLAGS = $(AM_CFLAGS) $(TESTS_CFLAGS)
 test_integration_libtest_utils_la_SOURCES = \
-    test/integration/sys-context-util.c test/integration/context-util.h \
     test/integration/sys-util.c    test/integration/sys-util.h \
     test/integration/sys-session-util.c test/integration/session-util.h \
-    test/integration/sys-test-options.c test/integration/test-options.h \
     test/integration/sys-entity-util.c test/integration/test.h \
+    test/integration/test-common.c test/integration/test-common.h \
     src/util/log.c
 
 test_integration_sys_asymmetric_encrypt_decrypt_int_CFLAGS  = $(AM_CFLAGS) $(TESTS_CFLAGS)

diff --git a/configure.ac b/configure.ac
@@ -474,11 +474,9 @@ AS_IF([test "x$enable_integration" = "xyes"],
 
        # choose tcti for testing and look for TPM simulator binary
        integration_tcti="none"
-       integration_args=""
        AS_IF([test "x$with_device_set" = xyes],
              [# use device if --with-device was passed
-              integration_tcti=device
-              integration_args="--device=$with_device"
+              integration_tcti=device:$with_device
               AC_MSG_WARN([Using physical TPM for integration testing])])
        AS_IF([test "x$integration_tcti" = "xnone" && test "x$enable_tcti_swtpm" != xyes && test "x$enable_tcti_mssim" != xyes],
              [AC_MSG_ERROR([No suitable TCTI for testing enabled. Please use option --enable-tcti-swtpm (recommended) or --enable-tcti-mssim (fallback) to enable a suitable TCTI or disable testing with --disable-integration.])])
@@ -499,7 +497,6 @@ AS_IF([test "x$enable_integration" = "xyes"],
        AS_IF([test "x$integration_tcti" = "xnone"],
              [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
        AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
-       AC_SUBST([INTEGRATION_ARGS], [$integration_args])
        AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
 AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
 #

diff --git a/script/fint-log-compiler.sh b/script/fint-log-compiler.sh
@@ -14,39 +14,46 @@
 sanity_test
 
 # start simulator if needed
-if [[ ${INTEGRATION_TCTI} == "mssim" || ${INTEGRATION_TCTI} == "swtpm" ]]; then
+if [[ ${INTEGRATION_TCTI} == *mssim* || ${INTEGRATION_TCTI} == *swtpm* ]]; then
     echo "Trying to start simulator ${INTEGRATION_TCTI}"
     try_simulator_start
-    TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}"
-    TPM20TEST_TCTI="${INTEGRATION_TCTI}:host=${TPM20TEST_SOCKET_ADDRESS},port=${TPM20TEST_SOCKET_PORT}"
-else
-    # Device will be used.
-    TPM20TEST_TCTI="${INTEGRATION_TCTI}:${TPM20TEST_DEVICE_FILE}"
 fi
 
-while true; do
+TPM20TEST_TCTI="${INTEGRATION_TCTI}"
+
+# if $TPM20TEST_TCTI ends with mssim or swtpm (i.e. there is no config), add config:
+TCTI_SIM_CONF="host=127.0.0.1,port=${SIM_PORT_DATA-}"
+TPM20TEST_TCTI=${TPM20TEST_TCTI/%mssim/mssim:$TCTI_SIM_CONF}
+TPM20TEST_TCTI=${TPM20TEST_TCTI/%swtpm/swtpm:$TCTI_SIM_CONF}
+
+# if $TPM20TEST_TCTI ends with libtpms (i.e. there is no config), add config:
+# for FAPI, we need a state file which persists accross different processes
+TCTI_LIBTPMS_CONF="${@: -1}.libtpms"
+TPM20TEST_TCTI=${TPM20TEST_TCTI/%libtpms/libtpms:$TCTI_LIBTPMS_CONF}
+rm -f "${TCTI_LIBTPMS_CONF}"
+
+# Add pcap-tcti as wrapper
+# TPM20TEST_TCTI="pcap:${TPM20TEST_TCTI}"
+TCTI_PCAP_FILE="${@: -1}.pcap"
+# rm -f "$TCTI_PCAP_FILE"
+
 
-# Some debug prints
-echo "TPM20TEST_TCTI_NAME=${TPM20TEST_TCTI_NAME}"
-echo "TPM20TEST_DEVICE_FILE=${TPM20TEST_DEVICE_FILE}"
-echo "TPM20TEST_SOCKET_ADDRESS=${TPM20TEST_SOCKET_ADDRESS}"
-echo "TPM20TEST_SOCKET_PORT=${TPM20TEST_SOCKET_PORT}"
 echo "TPM20TEST_TCTI=${TPM20TEST_TCTI}"
 
-if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
-    env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-        TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-        TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-        TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+while true; do
+
+if [[ ${TPM20TEST_TCTI} != *device* ]]; then
+    env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+        TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_startup
     if [ $? -ne 0 ]; then
         echo "TPM_StartUp failed"
         ret=99
         break
     fi
 else
-    env TPM20TEST_TCTI_NAME=${TPM20TEST_TCTI_NAME} \
-        TPM20TEST_DEVICE_FILE=${TPM20TEST_DEVICE_FILE} \
+    env TPM20TEST_TCTI=${TPM20TEST_TCTI} \
+        TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_transientempty
     if [ $? -ne 0 ]; then
         echo "TPM transient area not empty => skipping"
@@ -56,16 +63,13 @@ else
 fi
 
 # Certificate generation for simulator tests
-if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
+if [[ ${TPM20TEST_TCTI} != *device* ]]; then
     EKPUB_FILE=${TEST_BIN}_ekpub.pem
     EKCERT_FILE=${TEST_BIN}_ekcert.crt
     EKCERT_PEM_FILE=${TEST_BIN}_ekcert.pem
 
-    env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-        TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-        TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-        TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
-        TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
+    env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+        TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_getek ${EKPUB_FILE}
     if [ $? -ne 0 ]; then
         echo "TPM_getek failed"
@@ -77,11 +81,8 @@ if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
     EKECCCERT_FILE=${TEST_BIN}_ekecccert.crt
     EKECCCERT_PEM_FILE=${TEST_BIN}_ekecccert.pem
 
-    env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-        TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-        TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-        TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
-        TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
+    env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+        TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_getek_ecc ${EKECCPUB_FILE}
     if [ $? -ne 0 ]; then
         echo "TPM_getek_ecc failed"
@@ -114,11 +115,8 @@ if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
     export FAPI_TEST_CERTIFICATE_ECC="file:${EKECCCERT_PEM_FILE}"
 
     cat $EKCERT_FILE | \
-        env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-            TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-            TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-            TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
-            TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
+        env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+            TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
             G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C00002
     if [ $? -ne 0 ]; then
         echo "TPM_writeekcert failed"
@@ -127,11 +125,8 @@ if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
     fi
 
     cat $EKECCCERT_FILE | \
-        env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-            TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-            TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-            TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
-            TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
+        env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+            TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
             G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C0000A
     if [ $? -ne 0 ]; then
         echo "TPM_writeekcert failed"
@@ -142,11 +137,8 @@ fi # certificate generation
 TPMSTATE_FILE1=${TEST_BIN}_state1
 TPMSTATE_FILE2=${TEST_BIN}_state2
 
-env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-    TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-    TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-    TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
-    TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
+env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+    TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
     G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>${TPMSTATE_FILE1}
 if [ $? -ne 0 ]; then
     echo "Error during dumpstate"
@@ -155,32 +147,24 @@ if [ $? -ne 0 ]; then
 fi
 
 echo "Execute the test script"
-if [ "${TPM20TEST_TCTI_NAME}" == "device" ]; then
+if [[ ${TPM20TEST_TCTI} == *device* ]]; then
     # No root certificate needed
-    env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-        TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-        TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-        TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
-        TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
+    env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+        TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
         G_MESSAGES_DEBUG=all ${@: -1}
 else
     # Run test with generated certificate.
-    env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-        TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-        TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-        TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+    env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+        TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
         FAPI_TEST_ROOT_CERT=${ROOTCA_FILE}.pem \
-        TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
         G_MESSAGES_DEBUG=all ${@: -1}
 fi
 ret=$?
 echo "Script returned $ret"
 
 #We check the state before a reboot to see if transients and NV were chagned.
-env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
-    TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
-    TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
-    TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+env TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
+    TCTI_PCAP_FILE="${TCTI_PCAP_FILE}" \
     G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>${TPMSTATE_FILE2}
 if [ $? -ne 0 ]; then
     echo "Error during dumpstate"
@@ -203,7 +187,7 @@ fi
 break
 done
 
-if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
+if [[ ${TPM20TEST_TCTI} == *mssim* || ${TPM20TEST_TCTI} == *swtpm* ]]; then
     # This sleep is sadly necessary: If we kill the tabrmd w/o sleeping for a
     # second after the test finishes the simulator will die too. Bug in the
     # simulator?

diff --git a/script/gen_fuzz.py b/script/gen_fuzz.py
@@ -54,8 +54,6 @@
 #include "tss2_tcti.h"
 #include "util/log.h"
 #include "test.h"
-#include "test-options.h"
-#include "context-util.h"
 #include "tss2-sys/sysapi_util.h"
 #include "tcti/tcti-fuzzing.h"
 

diff --git a/script/int-log-compiler-common.sh b/script/int-log-compiler-common.sh
@@ -44,39 +44,7 @@ elif [ "$OS" == "FreeBSD" ]; then
     sock_tool_params="-l4"
 fi
 
-simulator_bin=""
 INTEGRATION_TCTI=$1
-TPM20TEST_DEVICE_FILE=""
-TPM20TEST_TCTI_NAME=""
-TPM20TEST_TCTI=""
-TPM20TEST_SOCKET_PORT=""
-TPM20TEST_SOCKET_ADDRESS=""
-SIM_PORT_DATA=""
-
-case ${INTEGRATION_TCTI} in
- "swtpm")
-   simulator_bin="swtpm"
-   TPM20TEST_TCTI_NAME="swtpm"
-   TPM20TEST_SOCKET_ADDRESS="127.0.0.1"
-   ;;
- "mssim")
-   simulator_bin="tpm_server"
-   TPM20TEST_TCTI_NAME="socket"
-   TPM20TEST_SOCKET_ADDRESS="127.0.0.1"
-
-   ;;
- "device")
-   simulator_bin=""
-   TPM20TEST_TCTI_NAME="device"
-   DEVICE_FILE=$2
-   TPM20TEST_DEVICE_FILE=${DEVICE_FILE:9}
-   TPM20TEST_TCTI="${TPM20TEST_TCTI_NAME}:${TPM20TEST_DEVICE_FILE}"
-   ;;
- *)
-  echo "Wrong INTEGRATION_TCTI exiting.."
-  exit 1;
-  ;;
-esac
 
 # Verify the running shell and OS environment is sufficient to run these tests.
 sanity_test ()
@@ -157,10 +125,10 @@ simulator_start ()
     # simulator port is a random port between 1024 and 65535
 
     cd ${sim_tmp_dir}
-    if [ "${INTEGRATION_TCTI}" == "mssim" ]; then
+    if [[ "${INTEGRATION_TCTI}" == *mssim* ]]; then
         daemon_start "${sim_bin}" "-port ${sim_port}" "${sim_log_file}" \
             "${sim_pid_file}" ""
-    elif [ "${INTEGRATION_TCTI}" == "swtpm" ]; then
+    elif [[ "${INTEGRATION_TCTI}" == *swtpm* ]]; then
         daemon_start "${sim_bin}" "socket --tpm2 -p ${sim_port} --ctrl type=tcp,port=$((${sim_port}+1)) --log fd=1,level=5 --flags not-need-init --tpmstate dir=${sim_tmp_dir} --locality allow-set-locality" \
             "${sim_log_file}" "${sim_pid_file}" ""
     else
@@ -207,6 +175,11 @@ TEST_DIR=$(dirname "${@: -1}")
 TEST_NAME=$(basename "${TEST_BIN}")
 
 # start an instance of the simulator for the test, have it use a random port
+case ${INTEGRATION_TCTI} in
+ *swtpm*) simulator_bin="swtpm" ;;
+ *mssim*) simulator_bin="tpm_server" ;;
+ *) simulator_bin=""; ;;
+esac
 SIM_LOG_FILE=${TEST_BIN}_simulator.log
 SIM_PID_FILE=${TEST_BIN}_simulator.pid
 SIM_TMP_DIR=$(mktemp -d /tmp/tpm_simulator_XXXXXX)