Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / a94cfafd7cfba5e1923791624b0eeb66a7576926 / . / meta-security / meta-parsec / lib / oeqa / runtime / cases / parsec.py
blob: 11e55724756c0377b99dbf7da2dc08241fed4ddd [file] [log] [blame]
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]1# Copyright (C) 2022 Armin Kuster <akuster808@gmail.com>
2# Copyright (C) 2022 Anton Antonov <Anton.Antonov@arm.com>
3#
4import re
5from tempfile import mkstemp
6
7from oeqa.runtime.case import OERuntimeTestCase
8from oeqa.core.decorator.depends import OETestDepends
9from oeqa.runtime.decorator.package import OEHasPackage
10from oeqa.core.decorator.data import skipIfNotFeature
11
12class ParsecTest(OERuntimeTestCase):
13 @classmethod
14 def setUpClass(cls):
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame]15 cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]16 cls.toml_file = '/etc/parsec/config.toml'
17
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame]18 @classmethod
19 def tearDownClass(cls):
20 cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
21
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]22 def setUp(self):
23 super(ParsecTest, self).setUp()
24 if 'systemd' in self.tc.td['DISTRO_FEATURES']:
25 self.parsec_status='systemctl status -l parsec'
26 self.parsec_reload='systemctl restart parsec'
27 else:
28 self.parsec_status='pgrep -l parsec'
29 self.parsec_reload='/etc/init.d/parsec reload'
30
31 def copy_subconfig(self, cfg, provider):
32 """ Copy a provider configuration to target and append it to Parsec config """
33
34 tmp_fd, tmp_path = mkstemp()
35 with os.fdopen(tmp_fd, 'w') as f:
36 f.write('\n'.join(cfg))
37
38 (status, output) = self.target.copyTo(tmp_path, "%s-%s" % (self.toml_file, provider))
39 self.assertEqual(status, 0, msg='File could not be copied.\n%s' % output)
40 status, output = self.target.run('cat %s-%s >>%s' % (self.toml_file, provider, self.toml_file))
41 os.remove(tmp_path)
42
43 def check_parsec_providers(self, provider=None, prov_id=None):
44 """ Get Parsec providers list and check for one if defined """
45
46 status, output = self.target.run(self.parsec_status)
47 self.assertEqual(status, 0, msg='Parsec service is not running.\n%s' % output)
48
49 status, output = self.target.run('parsec-tool list-providers')
50 self.assertEqual(status, 0, msg='Cannot get a list of Parsec providers.\n%s' % output)
51 if provider and prov_id:
52 self.assertIn("ID: 0x0%d (%s provider)" % (prov_id, provider),
53 output, msg='%s provider is not configured.' % provider)
54
55 def run_cli_tests(self, prov_id=None):
56 """ Run Parsec CLI end-to-end tests against one or all providers """
57
58 status, output = self.target.run('parsec-cli-tests.sh %s' % ("-%d" % prov_id if prov_id else ""))
59 self.assertEqual(status, 0, msg='Parsec CLI tests failed.\n %s' % output)
60
61 @OEHasPackage(['parsec-service'])
62 @OETestDepends(['ssh.SSHTest.test_ssh'])
63 def test_all_providers(self):
64 """ Test Parsec service with all pre-defined providers """
65
66 self.check_parsec_providers()
67 self.run_cli_tests()
68
69 def configure_tpm_provider(self):
70 """ Create Parsec TPM provider configuration """
71
72 cfg = [
73 '',
74 '[[provider]]',
75 'name = "tpm-provider"',
76 'provider_type = "Tpm"',
77 'key_info_manager = "sqlite-manager"',
78 'tcti = "swtpm:port=2321"',
79 'owner_hierarchy_auth = ""',
80 ]
81 self.copy_subconfig(cfg, "TPM")
82
83 cmds = [
84 'mkdir /tmp/myvtpm',
85 'swtpm socket -d --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
86 'tpm2_startup -c -T "swtpm:port=2321"',
87 self.parsec_reload,
88 ]
89
90 for cmd in cmds:
91 status, output = self.target.run(cmd)
92 self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
93
94 @OEHasPackage(['parsec-service'])
95 @OEHasPackage(['swtpm'])
96 @skipIfNotFeature('tpm2','Test parsec_tpm_provider requires tpm2 to be in DISTRO_FEATURES')
97 @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
98 def test_tpm_provider(self):
99 """ Configure and test Parsec TPM provider with swtpm as a backend """
100
101 prov_id = 3
102 self.configure_tpm_provider()
103 self.check_parsec_providers("TPM", prov_id)
104 self.run_cli_tests(prov_id)
105
106 def configure_pkcs11_provider(self):
107 """ Create Parsec PKCS11 provider configuration """
108
109 status, output = self.target.run('softhsm2-util --init-token --free --label "Parsec Service" --pin 123456 --so-pin 123456')
110 self.assertEqual(status, 0, msg='Failed to init PKCS11 token.\n%s' % output)
111
112 slot = re.search('The token has been initialized and is reassigned to slot (\d*)', output)
113 if slot is None:
114 self.fail('Failed to get PKCS11 slot serial number.\n%s' % output)
115 self.assertNotEqual(slot.group(1), None, msg='Failed to get PKCS11 slot serial number.\n%s' % output)
116
117 cfg = [
118 '',
119 '[[provider]]',
120 'name = "pkcs11-provider"',
121 'provider_type = "Pkcs11"',
122 'key_info_manager = "sqlite-manager"',
123 'library_path = "/usr/lib/softhsm/libsofthsm2.so"',
124 'slot_number = %s' % slot.group(1),
125 'user_pin = "123456"',
126 'allow_export = true',
127 ]
128 self.copy_subconfig(cfg, "PKCS11")
129
130 status, output = self.target.run('for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done')
131 status, output = self.target.run(self.parsec_reload)
132 self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
133
134 @OEHasPackage(['parsec-service'])
135 @OEHasPackage(['softhsm'])
136 @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
137 def test_pkcs11_provider(self):
138 """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
139
140 prov_id = 2
141 self.configure_pkcs11_provider()
142 self.check_parsec_providers("PKCS #11", prov_id)
143 self.run_cli_tests(prov_id)