Move hardware tests to "make hwtest", with one warning for all test suites.

- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
This commit is contained in:
Trevor Bentley
2017-10-24 15:10:45 +02:00
parent 4c9004feeb
commit 15f533d7de
5 changed files with 64 additions and 51 deletions
+3 -1
View File
@@ -33,7 +33,6 @@ EXTRA_DIST = windows.mk mac.mk tool/tests/basic.sh tools/fasc.pl
EXTRA_DIST += doc/Attestation.adoc doc/YKCS11_release_notes.adoc doc/YubiKey_PIV_introduction.adoc EXTRA_DIST += doc/Attestation.adoc doc/YKCS11_release_notes.adoc doc/YubiKey_PIV_introduction.adoc
if ENABLE_COV if ENABLE_COV
cov-reset: cov-reset:
rm -fr coverage rm -fr coverage
@@ -68,6 +67,9 @@ doxygen:
doxygen lib/Doxyfile doxygen lib/Doxyfile
endif endif
hwcheck:
@$(srcdir)/tools/confirm.sh && YKPIV_ENV_HWTESTS_CONFIRMED="1" $(MAKE) check
check-doc-dist: check-doc-dist:
perl -pe "s,^EXTRA_DIST \+= .*,EXTRA_DIST += `cd $(srcdir) && ls doc/*.adoc | xargs echo`," < $(srcdir)/Makefile.am > check-doc-dist.tmp perl -pe "s,^EXTRA_DIST \+= .*,EXTRA_DIST += `cd $(srcdir) && ls doc/*.adoc | xargs echo`," < $(srcdir)/Makefile.am > check-doc-dist.tmp
diff -ur $(srcdir)/Makefile.am check-doc-dist.tmp || \ diff -ur $(srcdir)/Makefile.am check-doc-dist.tmp || \
+13 -27
View File
@@ -38,7 +38,7 @@
#include <check.h> #include <check.h>
int confirm_destruction(void); int destruction_confirmed(void);
ykpiv_state *g_state; ykpiv_state *g_state;
const uint8_t g_cert[] = { const uint8_t g_cert[] = {
@@ -54,7 +54,8 @@ void setup(void) {
// Require user confirmation to continue, since this test suite will clear // Require user confirmation to continue, since this test suite will clear
// any data stored on connected keys. // any data stored on connected keys.
ck_assert(confirm_destruction()); if (!destruction_confirmed())
exit(77); // exit code 77 == skipped tests
res = ykpiv_init(&g_state, true); res = ykpiv_init(&g_state, true);
ck_assert_int_eq(res, YKPIV_OK); ck_assert_int_eq(res, YKPIV_OK);
@@ -655,6 +656,7 @@ START_TEST(test_reset) {
// Try wrong PIN // Try wrong PIN
res = ykpiv_verify(g_state, "AAAAAA", &tries); res = ykpiv_verify(g_state, "AAAAAA", &tries);
ck_assert_int_eq(res, YKPIV_WRONG_PIN);
// Verify 2 PIN retries remaining // Verify 2 PIN retries remaining
tries = 0; tries = 0;
@@ -760,37 +762,21 @@ START_TEST(test_allocator) {
} }
END_TEST END_TEST
int confirm_destruction(void) { int destruction_confirmed(void) {
char verify[16]; char *confirmed = getenv("YKPIV_ENV_HWTESTS_CONFIRMED");
if (confirmed && confirmed[0] == '1')
return 1;
// Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers. // Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers.
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n"); dprintf(0, "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"); return 0;
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "\n");
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "\n");
dprintf(0, " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS \n");
dprintf(0, "\n");
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "\n");
dprintf(0, "Are you SURE you wish to proceed? If so, type 'CONFIRM': ");
fgets(verify, 32, stdin);
return strncmp(verify, "CONFIRM", 7) == 0;
} }
Suite *test_suite(void) { Suite *test_suite(void) {
Suite *s; Suite *s;
TCase *tc; TCase *tc;
s = suite_create("libykpiv util"); s = suite_create("libykpiv api");
tc = tcase_create("util"); tc = tcase_create("api");
#ifdef HW_TESTS #ifdef HW_TESTS
tcase_add_unchecked_fixture(tc, setup, teardown); tcase_add_unchecked_fixture(tc, setup, teardown);
@@ -800,7 +786,7 @@ Suite *test_suite(void) {
// Authenticate after reset. // Authenticate after reset.
tcase_add_test(tc, test_authenticate); tcase_add_test(tc, test_authenticate);
// Test util functionality // Test API functionality
tcase_add_test(tc, test_change_pin); tcase_add_test(tc, test_change_pin);
tcase_add_test(tc, test_change_puk); tcase_add_test(tc, test_change_puk);
tcase_add_test(tc, test_devicemodel); tcase_add_test(tc, test_devicemodel);
+5 -23
View File
@@ -64,6 +64,11 @@ if [[ $HW_TESTS -eq 0 ]]; then
exit 0 exit 0
fi fi
# Verify that user has confirmed destructive hw-tests
if [ "x$YKPIV_ENV_HWTESTS_CONFIRMED" != "x1" ]; then
printf "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n" >&0
exit 77 # exit code 77 == skipped tests
fi
# #
# Run basic import/validation tests on included keys/certs. Test keys generated # Run basic import/validation tests on included keys/certs. Test keys generated
@@ -73,29 +78,6 @@ fi
# $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem # $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
# $ openssl req -x509 -key private.pem -out cert.pem -subj "/CN=YubicoTest/OU=YubicoTestUnit/O=yubico.com/" -new # $ openssl req -x509 -key private.pem -out cert.pem -subj "/CN=YubicoTest/OU=YubicoTestUnit/O=yubico.com/" -new
# #
echo >&0
echo "Hardware tests enabled!" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS " >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0
read CONFIRM
if [[ "x$CONFIRM" != "xCONFIRM" ]]; then
exit 1
fi
# Reset # Reset
$BIN -averify-pin -P000000 || true $BIN -averify-pin -P000000 || true
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
# Output redirected to fd 0 so it can be run from 'make check' scripts.
echo >&0
echo "Hardware tests enabled!" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS " >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0
read CONFIRM
if [[ "x$CONFIRM" != "xCONFIRM" ]]; then
echo "1"
exit 1
fi
echo "0"
+14
View File
@@ -627,6 +627,15 @@ static void test_import_and_sign_all_10_RSA() {
} }
#endif #endif
int destruction_confirmed(void) {
char *confirmed = getenv("YKPIV_ENV_HWTESTS_CONFIRMED");
if (confirmed && confirmed[0] == '1')
return 1;
// Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers.
dprintf(0, "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n");
return 0;
}
int main(void) { int main(void) {
get_functions(&funcs); get_functions(&funcs);
@@ -634,6 +643,11 @@ int main(void) {
test_lib_info(); test_lib_info();
#ifdef HW_TESTS #ifdef HW_TESTS
// Require user confirmation to continue, since this test suite will clear
// any data stored on connected keys.
if (!destruction_confirmed())
exit(77); // exit code 77 == skipped tests
test_initalize(); test_initalize();
test_token_info(); test_token_info();
test_mechanism_list_and_info(); test_mechanism_list_and_info();