From 15f533d7de8ab96a34c9d173a3acb08ed79a99ea Mon Sep 17 00:00:00 2001 From: Trevor Bentley Date: Tue, 24 Oct 2017 15:10:45 +0200 Subject: [PATCH] Move hardware tests to "make hwtest", with one warning for all test suites. - "make check" will mark destructive tests as skipped - "make hwtest" will ask once for user confirmation --- Makefile.am | 4 +++- lib/tests/api.c | 40 ++++++++++++------------------------- tool/tests/basic.sh | 28 +++++--------------------- tools/confirm.sh | 29 +++++++++++++++++++++++++++ ykcs11/tests/ykcs11_tests.c | 14 +++++++++++++ 5 files changed, 64 insertions(+), 51 deletions(-) create mode 100755 tools/confirm.sh diff --git a/Makefile.am b/Makefile.am index dbf0219..68ea000 100644 --- a/Makefile.am +++ b/Makefile.am @@ -33,7 +33,6 @@ EXTRA_DIST = windows.mk mac.mk tool/tests/basic.sh tools/fasc.pl EXTRA_DIST += doc/Attestation.adoc doc/YKCS11_release_notes.adoc doc/YubiKey_PIV_introduction.adoc - if ENABLE_COV cov-reset: rm -fr coverage @@ -68,6 +67,9 @@ doxygen: doxygen lib/Doxyfile endif +hwcheck: + @$(srcdir)/tools/confirm.sh && YKPIV_ENV_HWTESTS_CONFIRMED="1" $(MAKE) check + check-doc-dist: perl -pe "s,^EXTRA_DIST \+= .*,EXTRA_DIST += `cd $(srcdir) && ls doc/*.adoc | xargs echo`," < $(srcdir)/Makefile.am > check-doc-dist.tmp diff -ur $(srcdir)/Makefile.am check-doc-dist.tmp || \ diff --git a/lib/tests/api.c b/lib/tests/api.c index 5a5aea5..d7bf972 100644 --- a/lib/tests/api.c +++ b/lib/tests/api.c @@ -38,7 +38,7 @@ #include -int confirm_destruction(void); +int destruction_confirmed(void); ykpiv_state *g_state; const uint8_t g_cert[] = { @@ -54,7 +54,8 @@ void setup(void) { // Require user confirmation to continue, since this test suite will clear // any data stored on connected keys. - ck_assert(confirm_destruction()); + if (!destruction_confirmed()) + exit(77); // exit code 77 == skipped tests res = ykpiv_init(&g_state, true); ck_assert_int_eq(res, YKPIV_OK); @@ -655,6 +656,7 @@ START_TEST(test_reset) { // Try wrong PIN res = ykpiv_verify(g_state, "AAAAAA", &tries); + ck_assert_int_eq(res, YKPIV_WRONG_PIN); // Verify 2 PIN retries remaining tries = 0; @@ -760,37 +762,21 @@ START_TEST(test_allocator) { } END_TEST -int confirm_destruction(void) { - char verify[16]; - +int destruction_confirmed(void) { + char *confirmed = getenv("YKPIV_ENV_HWTESTS_CONFIRMED"); + if (confirmed && confirmed[0] == '1') + return 1; // Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers. - dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n"); - dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"); - dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"); - dprintf(0, "\n"); - - dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n"); - dprintf(0, "\n"); - dprintf(0, " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS \n"); - dprintf(0, "\n"); - dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n"); - dprintf(0, "\n"); - - dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"); - dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"); - dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n"); - dprintf(0, "\n"); - dprintf(0, "Are you SURE you wish to proceed? If so, type 'CONFIRM': "); - fgets(verify, 32, stdin); - return strncmp(verify, "CONFIRM", 7) == 0; + dprintf(0, "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n"); + return 0; } Suite *test_suite(void) { Suite *s; TCase *tc; - s = suite_create("libykpiv util"); - tc = tcase_create("util"); + s = suite_create("libykpiv api"); + tc = tcase_create("api"); #ifdef HW_TESTS tcase_add_unchecked_fixture(tc, setup, teardown); @@ -800,7 +786,7 @@ Suite *test_suite(void) { // Authenticate after reset. tcase_add_test(tc, test_authenticate); - // Test util functionality + // Test API functionality tcase_add_test(tc, test_change_pin); tcase_add_test(tc, test_change_puk); tcase_add_test(tc, test_devicemodel); diff --git a/tool/tests/basic.sh b/tool/tests/basic.sh index 95a886a..d6e5c1b 100755 --- a/tool/tests/basic.sh +++ b/tool/tests/basic.sh @@ -64,6 +64,11 @@ if [[ $HW_TESTS -eq 0 ]]; then exit 0 fi +# Verify that user has confirmed destructive hw-tests +if [ "x$YKPIV_ENV_HWTESTS_CONFIRMED" != "x1" ]; then + printf "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n" >&0 + exit 77 # exit code 77 == skipped tests +fi # # Run basic import/validation tests on included keys/certs. Test keys generated @@ -73,29 +78,6 @@ fi # $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem # $ openssl req -x509 -key private.pem -out cert.pem -subj "/CN=YubicoTest/OU=YubicoTestUnit/O=yubico.com/" -new # -echo >&0 -echo "Hardware tests enabled!" >&0 -echo >&0 -echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 -echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 -echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 -echo >&0 -echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 -echo >&0 -echo " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS " >&0 -echo >&0 -echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 -echo >&0 -echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 -echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 -echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 -echo >&0 -echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0 - -read CONFIRM -if [[ "x$CONFIRM" != "xCONFIRM" ]]; then - exit 1 -fi # Reset $BIN -averify-pin -P000000 || true diff --git a/tools/confirm.sh b/tools/confirm.sh new file mode 100755 index 0000000..81c10ac --- /dev/null +++ b/tools/confirm.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Output redirected to fd 0 so it can be run from 'make check' scripts. + +echo >&0 +echo "Hardware tests enabled!" >&0 +echo >&0 +echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 +echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 +echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 +echo >&0 +echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 +echo >&0 +echo " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS " >&0 +echo >&0 +echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 +echo >&0 +echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 +echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0 +echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0 +echo >&0 +echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0 + +read CONFIRM +if [[ "x$CONFIRM" != "xCONFIRM" ]]; then + echo "1" + exit 1 +fi +echo "0" diff --git a/ykcs11/tests/ykcs11_tests.c b/ykcs11/tests/ykcs11_tests.c index 385d005..b64c8db 100644 --- a/ykcs11/tests/ykcs11_tests.c +++ b/ykcs11/tests/ykcs11_tests.c @@ -627,6 +627,15 @@ static void test_import_and_sign_all_10_RSA() { } #endif +int destruction_confirmed(void) { + char *confirmed = getenv("YKPIV_ENV_HWTESTS_CONFIRMED"); + if (confirmed && confirmed[0] == '1') + return 1; + // Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers. + dprintf(0, "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n"); + return 0; +} + int main(void) { get_functions(&funcs); @@ -634,6 +643,11 @@ int main(void) { test_lib_info(); #ifdef HW_TESTS + // Require user confirmation to continue, since this test suite will clear + // any data stored on connected keys. + if (!destruction_confirmed()) + exit(77); // exit code 77 == skipped tests + test_initalize(); test_token_info(); test_mechanism_list_and_info();