-
Notifications
You must be signed in to change notification settings - Fork 103
/
Copy pathruntests.sh
executable file
·203 lines (171 loc) · 6.01 KB
/
runtests.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
#!/bin/sh
set -e
rv=0
provider2openssl() {
echo
echo "Testing oqsprovider->oqs-openssl interop for $1:"
"${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certgen.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-cmssign.sh" "$1" sha3-384 && "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-certverify.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-cmsverify.sh" "$1"
}
openssl2provider() {
echo
echo "Testing oqs-openssl->oqsprovider interop for $1:"
"${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-certgen.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-cmssign.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certverify.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-cmsverify.sh" "$1"
}
localalgtest() {
if ! ( "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certgen.sh" "$1" >> interop.log 2>&1 && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certverify.sh" "$1" >> interop.log 2>&1 && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-cmssign.sh" "$1" >> interop.log 2>&1 && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-ca.sh" "$1" >> interop.log 2>&1 ); then
echo "localalgtest $1 failed. Exiting.".
cat interop.log
exit 1
fi
}
interop() {
echo ".\c"
# check if we want to run this algorithm:
if [ -n "${OQS_SKIP_TESTS}" ]; then
GREPTEST=$(echo "${OQS_SKIP_TESTS}" | sed "s/\,/\\\|/g")
if echo "$1" | grep -q "${GREPTEST}"; then
echo "Not testing $1" >> interop.log
return
fi
fi
# Check whether algorithm is supported at all:
retcode=0
"${OPENSSL_APP}" list -signature-algorithms | grep -q "$1" || retcode=$?
if [ "${retcode}" -ne 1 ]; then
if [ -z "${LOCALTESTONLY}" ]; then
provider2openssl "$1" >> interop.log 2>&1 && openssl2provider "$1" >> interop.log 2>&1
else
localalgtest "$1"
fi
else
echo "Algorithm $1 not enabled. Exit testing."
exit 1
fi
if [ "${retcode}" -ne 0 ]; then
echo "Test for $1 failed. Terminating testing."
cat interop.log
exit 1
fi
}
if [ -z "${OQS_PROVIDER_TESTSCRIPTS}" ]; then
export OQS_PROVIDER_TESTSCRIPTS="$(pwd)/scripts"
fi
if [ -n "${OPENSSL_INSTALL}" ]; then
# trying to set config variables suitably for pre-existing OpenSSL installation
if [ -f "${OPENSSL_INSTALL}/bin/openssl" ]; then
export OPENSSL_APP="${OPENSSL_INSTALL}/bin/openssl"
fi
if [ -z "${LD_LIBRARY_PATH}" ]; then
if [ -d "${OPENSSL_INSTALL}/lib64" ]; then
export LD_LIBRARY_PATH="${OPENSSL_INSTALL}/lib64"
elif [ -d "${OPENSSL_INSTALL}/lib" ]; then
export LD_LIBRARY_PATH="${OPENSSL_INSTALL}/lib"
fi
fi
if [ -f "${OPENSSL_INSTALL}/ssl/openssl.cnf" ]; then
export OPENSSL_CONF="${OPENSSL_INSTALL}/ssl/openssl.cnf"
fi
fi
if [ -z "${OPENSSL_CONF}" ]; then
export OPENSSL_CONF="$(pwd)/scripts/openssl-ca.cnf"
fi
if [ -z "${OPENSSL_APP}" ]; then
if [ -f "$(pwd)/openssl/apps/openssl" ]; then
export OPENSSL_APP="$(pwd)/openssl/apps/openssl"
else # if no local openssl src directory is found, rely on PATH...
export OPENSSL_APP=openssl
fi
fi
if [ -z "${OPENSSL_MODULES}" ]; then
export OPENSSL_MODULES="$(pwd)/_build/lib"
fi
if [ -z "${LD_LIBRARY_PATH}" ]; then
if [ -d "$(pwd)/.local/lib64" ]; then
export LD_LIBRARY_PATH="$(pwd)/.local/lib64"
else
if [ -d "$(pwd)/.local/lib" ]; then
export LD_LIBRARY_PATH="$(pwd)/.local/lib"
fi
fi
fi
if [ -n "${OQS_SKIP_TESTS}" ]; then
echo "Skipping algs ${OQS_SKIP_TESTS}"
fi
# Set OSX DYLD_LIBRARY_PATH if not already externally set
if [ -z "${DYLD_LIBRARY_PATH}" ]; then
export DYLD_LIBRARY_PATH="${LD_LIBRARY_PATH}"
fi
echo "Test setup:"
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
echo "OPENSSL_APP=${OPENSSL_APP}"
echo "OPENSSL_CONF=${OPENSSL_CONF}"
echo "OPENSSL_MODULES=${OPENSSL_MODULES}"
if uname -s | grep -q "^Darwin"; then
echo "DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}"
fi
# check if we can use docker or not:
if ! docker info 2>&1 | grep -q Server; then
echo "No OQS-OpenSSL111 interop test because of absence of docker"
export LOCALTESTONLY="Yes"
fi
# by default, do not run interop tests as per
# https://github.com/open-quantum-safe/oqs-provider/issues/32
# comment the following line if they should be run; be sure to
# have alignment in algorithms supported in that case
export LOCALTESTONLY="Yes"
echo "Version information:"
"${OPENSSL_APP}" version
# Disable testing for version 3.0.1: Buggy as hell:
if "${OPENSSL_APP}" version | grep -q "OpenSSL 3.0.1"; then
echo "Skipping testing of buggy OpenSSL 3.0.1"
exit 0
fi
if ! "${OPENSSL_APP}" list -providers -verbose; then
echo "Baseline openssl invocation failed. Exiting test."
exit 1
fi
# Ensure "oqsprovider" is registered:
if ! "${OPENSSL_APP}" list -providers -verbose | grep -q oqsprovider; then
echo "oqsprovider not registered. Exit test."
exit 1
fi
# Run interop-tests:
# cleanup log from previous runs:
rm -f interop.log
echo "Cert gen/verify, CMS sign/verify, CA tests for all enabled OQS signature algorithms commencing: "
# auto-detect all available signature algorithms:
for alg in $("${OPENSSL_APP}" list -signature-algorithms | grep oqsprovider | sed -e "s/ @ .*//g" | sed -e "s/^ //g")
do
if [ "$1" = "-V" ]; then
echo "Testing $alg"
fi
interop "${alg}"
certsgenerated=1
done
if [ -z "${certsgenerated}" ]; then
echo "No OQS signature algorithms found in provider 'oqsprovider'. No certs generated. Exiting."
exit 1
else
if [ "$1" = "-V" ]; then
echo "Certificates successfully generated in $(pwd)/tmp"
fi
fi
echo
# Run built-in tests:
# Without removing OPENSSL_CONF ctest hangs... ???
unset OPENSSL_CONF
rv=0
if ! ( cd _build && ctest $@ ); then
rv=1
fi
# cleanup: TBC:
# decide for testing strategy when integrating to OpenSSL test harness:
# Keep scripts generating certs (testing more code paths) or use API?
#rm -rf tmp
echo
if [ "${rv}" -ne 0 ]; then
echo "Tests failed."
else
echo "All oqsprovider tests passed."
fi
exit "${rv}"