tests: move engine tests to a separate directory

Also move tests to be the last item in the Makefile.am SUBDIRS as recommended by the automake documentation. Eventually this will allow for the addition of provider tests which can be run independently from the engine tests. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-03-17 09:23:20 -0400
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-03-17 12:01:58 -0400
commit: 83798b7a24a3f03737c32595abbe67aa235769dd (patch)
tree: de8e0d1b9b2040681e1d3dbd0f0373eb2bfe4974
parent: 7ec176bfcd7d92aec0e89ab736899da0666f1948 (diff)
download: openssl_tpm2_engine-83798b7a24a3f03737c32595abbe67aa235769dd.tar.gz
10 files changed, 72 insertions, 67 deletions
diff --git a/Makefile.am b/Makefile.am
index 00dd801..131266e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,3 +1,7 @@
 EXTRA_DIST = README openssl.cnf.sample
 
-SUBDIRS = tests doc src/libcommon src/engine src/tools
+SUBDIRS =  doc
+SUBDIRS += src/libcommon
+SUBDIRS += src/engine
+SUBDIRS += src/tools
+SUBDIRS += tests/engine
diff --git a/configure.ac b/configure.ac
index 2144b95..f189e24 100644
--- a/configure.ac
+++ b/configure.ac
@@ -160,7 +160,7 @@ fi
 AC_SUBST(testtpm)
 
 AC_OUTPUT([Makefile
-	   tests/Makefile
+	   tests/engine/Makefile
 	   doc/Makefile
 	   src/libcommon/Makefile
 	   src/engine/Makefile
diff --git a/tests/Makefile.am b/tests/Makefile.am
deleted file mode 100644
index 8666e69..0000000
--- a/tests/Makefile.am
+++ /dev/null
@@ -1,51 +0,0 @@
-TESTS = fail_connect.sh
-TESTS += start_sw_tpm.sh
-if HAVE_IBM_TSS
-TESTS += check_tpm_directory.sh
-endif
-TESTS += check_curves.sh \
-	create_tpm_key.sh \
-	create_tpm_key_auth.sh \
-	check_auth.sh \
-	wrap_tpm_key.sh \
-	check_wrap_auth.sh \
-	check_old_keys.sh \
-	check_der.sh \
-	create_ecc.sh \
-	create_nonopenssl_ecc.sh \
-	wrap_ecc.sh \
-	wrap_generic_ecc.sh \
-	wrap_pkcs12.sh \
-	derive_ecc.sh \
-	create_non_tpm_keys.sh \
-	da_check.sh \
-	test_nv_key.sh \
-	check_enhanced_auth.sh \
-	check_counter_timer.sh \
-	check_importable.sh \
-	check_rsa_oaep_pss.sh \
-	restricted_parent.sh \
-	seal_unseal.sh \
-	check_signed_policies.sh \
-	dynamic_engine.sh \
-	stop_sw_tpm.sh
-
-fail_connect.sh: tpm_server_found
-
-tpm_server_found:
-	@if [ -z "$(testtpm)" ]; then echo "ERROR: Can't run tests, no tpm server is found"; exit 1; fi
-
-AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; export TPM_INTERFACE_TYPE; \
-	srcdir=$(abs_srcdir); export srcdir; \
-	bindir=$(abs_srcdir)/../src/tools; export bindir; \
-	OPENSSL_CONF=$(abs_srcdir)/openssl.cnf; export OPENSSL_CONF; \
-	TPMSERVER=$(TPMSERVER); export TPMSERVER; \
-	TSSTYPE=@TSSTYPE@; export TSSTYPE; \
-	SWTPM=$(SWTPM); export SWTPM; \
-	SWTPM_IOCTL=$(SWTPM_IOCTL); export SWTPM_IOCTL;
-
-TEST_EXTENSIONS = .sh
-
-CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der seal.* fifo tss2.*
-clean-local:
-	rm -fr testdir
diff --git a/tests/check_enhanced_auth.sh b/tests/check_enhanced_auth.sh
index 1118a46..19865c7 100755
--- a/tests/check_enhanced_auth.sh
+++ b/tests/check_enhanced_auth.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+set -x
 
 tss_pcrreset_cmd=tsspcrreset
 tss_pcrextend_cmd=tsspcrextend
@@ -15,7 +15,7 @@ fi
 # check we can use a bogus policy 5 times without clogging up the TPM, so
 # we're properly flushing policy handles
 ##
-${bindir}/create_tpm2_key key.tpm -c policies/policy_bogus.txt
+${bindir}/create_tpm2_key key.tpm -c ${testdir}/policies/policy_bogus.txt
 a=0; while [ $a -lt 5 ]; do
     a=$[$a+1]
     echo "This is a message" | openssl pkeyutl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key.tpm -out tmp.msg && exit 1
@@ -50,7 +50,7 @@ for h in "sha1" "" "sha384"; do
     # 3. encode a message using the TPM key
     # 4. verify the message through the public key
     echo "This is a Message" > plain.txt
-    ${bindir}/create_tpm2_key ${n} -a -k passw0rd key2.tpm -c policies/policy_authvalue.txt && \
+    ${bindir}/create_tpm2_key ${n} -a -k passw0rd key2.tpm -c ${testdir}/policies/policy_authvalue.txt && \
     openssl rsa -engine tpm2 -inform engine -passin pass:passw0rd -in key2.tpm -pubout -out key2.pub && \
     openssl pkeyutl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key2.tpm -passin pass:passw0rd -in plain.txt -out tmp.msg && \
     openssl pkeyutl -verify -in plain.txt -sigfile tmp.msg -inkey key2.pub -pubin || exit 1
@@ -65,7 +65,7 @@ for h in "sha1" "" "sha384"; do
     # 6. verify the message through the public key
     ${tss_pcrreset_cmd} -ha 16
     ${tss_pcrextend_cmd} -ha 16 -ic aaa
-    ${bindir}/create_tpm2_key ${n} key2.tpm -c policies/policy_pcr${h}.txt && \
+    ${bindir}/create_tpm2_key ${n} key2.tpm -c ${testdir}/policies/policy_pcr${h}.txt && \
 	openssl rsa -engine tpm2 -inform engine -in key2.tpm -pubout -out key2.pub && \
 	openssl pkeyutl -sign -in plain.txt -engine tpm2 -engine tpm2 -keyform engine -inkey key2.tpm -out tmp.msg && \
 	openssl pkeyutl -verify -in plain.txt -sigfile tmp.msg -inkey key2.pub -pubin || exit 1
@@ -78,7 +78,7 @@ for h in "sha1" "" "sha384"; do
     # 4. encode a message using the TPM key
     # 5. verify the message through the public key
     ${tss_pcrreset_cmd} -ha 16
-    ${bindir}/create_tpm2_key ${n} key2.tpm -c policies/policy_pcr${h}.txt
+    ${bindir}/create_tpm2_key ${n} key2.tpm -c ${testdir}/policies/policy_pcr${h}.txt
     openssl rsa -engine tpm2 -inform engine -in key2.tpm -pubout -out key2.pub && \
 	openssl pkeyutl -sign -in plain.txt -engine tpm2 -engine tpm2 -keyform engine -inkey key2.tpm -out tmp.msg && \
 	openssl pkeyutl -verify -in plain.txt -sigfile tmp.msg -inkey key2.pub -pubin
@@ -95,7 +95,7 @@ for h in "sha1" "" "sha384"; do
     # 4. get the corresponding public key from the engine
     # 5. encode a message using the TPM key
     # 6. verify the message through the public key
-    cat policies/policy_authvalue.txt policies/policy_pcr${h}.txt > policy_authvalue_pcr.txt
+    cat ${testdir}/policies/policy_authvalue.txt ${testdir}/policies/policy_pcr${h}.txt > policy_authvalue_pcr.txt
     ${tss_pcrreset_cmd} -ha 16
     ${tss_pcrextend_cmd} -ha 16 -ic aaa
     ${bindir}/create_tpm2_key ${n} -a -k passw0rd key2.tpm -c policy_authvalue_pcr.txt && \
@@ -111,7 +111,7 @@ for h in "sha1" "" "sha384"; do
     # 4. get the corresponding public key from the engine
     # 5. encode a message using the TPM key
     # 6. verify the message through the public key
-    cat policies/policy_pcr${h}.txt policies/policy_authvalue.txt > policy_pcr_authvalue.txt
+    cat ${testdir}/policies/policy_pcr${h}.txt ${testdir}/policies/policy_authvalue.txt > policy_pcr_authvalue.txt
     ${tss_pcrreset_cmd} -ha 16
     ${tss_pcrextend_cmd} -ha 16 -ic aaa
     ${bindir}/create_tpm2_key ${n} -a -k passw0rd key2.tpm -c policy_pcr_authvalue.txt && \
diff --git a/tests/check_importable.sh b/tests/check_importable.sh
index 93ac4e4..b2c15ab 100755
--- a/tests/check_importable.sh
+++ b/tests/check_importable.sh
@@ -8,9 +8,9 @@ tssflushcontext -ha ${prim} || exit 1
 for n in sha1 sha256 sha384; do
     echo "Checking Name Hash $n"
     if [ "$n" = "sha256" ]; then
-	POLICYFILE=policies/policy_pcr.txt
+	POLICYFILE=${testdir}/policies/policy_pcr.txt
     else
-	POLICYFILE=policies/policy_pcr${n}.txt
+	POLICYFILE=${testdir}/policies/policy_pcr${n}.txt
     fi
     # check an EC key with a cert and password
     openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1
diff --git a/tests/dynamic_engine.sh b/tests/dynamic_engine.sh
index 002cbed..ee7c5e7 100755
--- a/tests/dynamic_engine.sh
+++ b/tests/dynamic_engine.sh
@@ -5,7 +5,7 @@ set -x
 # to work with the dynamic engine, we unset the openssl.cnf that
 # specifies a built in engine
 unset OPENSSL_CONF
-export OPENSSL_ENGINES=${srcdir}/../src/engine/.libs
+export OPENSSL_ENGINES=${testdir}/../src/engine/.libs
 ln -s libtpm2.so ${OPENSSL_ENGINES}/tpm2.so
 
 testkey() {
diff --git a/tests/engine/Makefile.am b/tests/engine/Makefile.am
new file mode 100644
index 0000000..c0617a5
--- /dev/null
+++ b/tests/engine/Makefile.am
@@ -0,0 +1,52 @@
+TESTS = ../fail_connect.sh
+TESTS += ../start_sw_tpm.sh
+if HAVE_IBM_TSS
+TESTS += ../check_tpm_directory.sh
+endif
+TESTS += ../check_curves.sh \
+	../create_tpm_key.sh \
+	../create_tpm_key_auth.sh \
+	../check_auth.sh \
+	../wrap_tpm_key.sh \
+	../check_wrap_auth.sh \
+	../check_old_keys.sh \
+	../check_der.sh \
+	../create_ecc.sh \
+	../create_nonopenssl_ecc.sh \
+	../wrap_ecc.sh \
+	../wrap_generic_ecc.sh \
+	../wrap_pkcs12.sh \
+	../derive_ecc.sh \
+	../create_non_tpm_keys.sh \
+	../da_check.sh \
+	../test_nv_key.sh \
+	../check_enhanced_auth.sh \
+	../check_counter_timer.sh \
+	../check_importable.sh \
+	../check_rsa_oaep_pss.sh \
+	../restricted_parent.sh \
+	../seal_unseal.sh \
+	../check_signed_policies.sh \
+	../dynamic_engine.sh \
+	../stop_sw_tpm.sh
+
+fail_connect.sh: tpm_server_found
+
+tpm_server_found:
+	@if [ -z "$(testtpm)" ]; then echo "ERROR: Can't run tests, no tpm server is found"; exit 1; fi
+
+AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; export TPM_INTERFACE_TYPE; \
+	srcdir=$(abs_srcdir); export srcdir; \
+	bindir=$(abs_srcdir)/../../src/tools; export bindir; \
+	testdir=$(abs_srcdir)/..; export testdir; \
+	OPENSSL_CONF=$(abs_srcdir)/openssl.cnf; export OPENSSL_CONF; \
+	TPMSERVER=$(TPMSERVER); export TPMSERVER; \
+	TSSTYPE=@TSSTYPE@; export TSSTYPE; \
+	SWTPM=$(SWTPM); export SWTPM; \
+	SWTPM_IOCTL=$(SWTPM_IOCTL); export SWTPM_IOCTL;
+
+TEST_EXTENSIONS = .sh
+
+CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der seal.* fifo tss2.*
+clean-local:
+	rm -fr testdir
diff --git a/tests/openssl.cnf b/tests/engine/openssl.cnf
index 8ac239a..5b1e756 100644
--- a/tests/openssl.cnf
+++ b/tests/engine/openssl.cnf
@@ -18,7 +18,7 @@ engines		= engines_section
 tpm2		= tpm2_section
 
 [tpm2_section]
-dynamic_path	= $ENV::srcdir/../src/engine/.libs/libtpm2.so
+dynamic_path	= $ENV::srcdir/../../src/engine/.libs/libtpm2.so
 init		= 1
 PIN		= $ENV::SRKPIN
 NVPREFIX	= $ENV::NVPREFIX
diff --git a/tests/restricted_parent.sh b/tests/restricted_parent.sh
index 2119ff4..2373d1e 100755
--- a/tests/restricted_parent.sh
+++ b/tests/restricted_parent.sh
@@ -51,7 +51,7 @@ openssl rsautl -verify -in tmp.msg -inkey key.pub -pubin || exit 1
 # 2. check the use of parent auth to load the NV area
 ##
 tssclear -hi p
-${bindir}/create_tpm2_key --restricted -c policies/policy_pcr.txt key2.tpm || exit 1
+${bindir}/create_tpm2_key --restricted -c ${testdir}/policies/policy_pcr.txt key2.tpm || exit 1
 ${bindir}/load_tpm2_key key2.tpm ${NV} && exit 1
 ${bindir}/load_tpm2_key --force key2.tpm ${NV} || exit 1
 
diff --git a/tests/seal_unseal.sh b/tests/seal_unseal.sh
index 22ac1d4..f5a53e2 100755
--- a/tests/seal_unseal.sh
+++ b/tests/seal_unseal.sh
@@ -44,9 +44,9 @@ for n in sha1 sha256 sha384; do
     # 6. update PCR and check unseal failure
     DATA="Some Different DATA $n"
     if [ "$n" = "sha256" ]; then
-	POLICYFILE="policies/policy_pcr.txt"
+	POLICYFILE="${testdir}/policies/policy_pcr.txt"
     else
-	POLICYFILE="policies/policy_pcr${n}.txt"
+	POLICYFILE="${testdir}/policies/policy_pcr${n}.txt"
     fi
     prim=$(tsscreateprimary -hi o -st -ecc nistp256 -opem srk.pub | sed 's/Handle //') || exit 1
     tssflushcontext -ha $prim
author	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-03-17 09:23:20 -0400
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-03-17 12:01:58 -0400
commit	83798b7a24a3f03737c32595abbe67aa235769dd (patch)
tree	de8e0d1b9b2040681e1d3dbd0f0373eb2bfe4974
parent	7ec176bfcd7d92aec0e89ab736899da0666f1948 (diff)
download	openssl_tpm2_engine-83798b7a24a3f03737c32595abbe67aa235769dd.tar.gz