152 lines
6.1 KiB
Bash
Executable File
152 lines
6.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# runtest.sh of /CoreOS/libgcrypt/smoke-test
|
|
# Description: Test calls upstream test suite.
|
|
# Author: Ondrej Moris <omoris@redhat.com>
|
|
#
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
|
#
|
|
# This copyrighted material is made available to anyone wishing
|
|
# to use, modify, copy, or redistribute it subject to the terms
|
|
# and conditions of the GNU General Public License version 2.
|
|
#
|
|
# This program is distributed in the hope that it will be
|
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
# PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public
|
|
# License along with this program; if not, write to the Free
|
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
# Boston, MA 02110-1301, USA.
|
|
#
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
. /usr/share/beakerlib/beakerlib.sh
|
|
|
|
PACKAGE="libgcrypt"
|
|
|
|
rlJournalStart
|
|
|
|
rlPhaseStartSetup
|
|
rlImport distribution/fips || rlFail "FIPS library needed for some phases"
|
|
TmpDir=`mktemp -d`
|
|
rlAssertRpm $PACKAGE
|
|
rlRun "rlFileBackup --clean /etc/gcrypt/fips_enabled"
|
|
if [[ -r /etc/gcrypt/hwf.deny ]]; then
|
|
rlRun "rlFileBackup /etc/gcrypt/hwf.deny"
|
|
rlRun "rm -f /etc/gcrypt/hwf.deny"
|
|
fi
|
|
rlRun "pushd $TmpDir" 0
|
|
rlRun "rlFetchSrcForInstalled $PACKAGE"
|
|
rlRun "rpm -ihv `ls *.rpm`" 0
|
|
if grep '1' /proc/sys/crypto/fips_enabled; then
|
|
rlRun "echo '1' > /etc/gcrypt/fips_enabled" 0
|
|
fi
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "Package build"
|
|
TOPDIR=`rpm --eval %_topdir`
|
|
rlRun "pushd $TOPDIR" 0
|
|
rlRun "rm -rf BUILD/libgcrypt-*" 0-255
|
|
rlRun "rpmbuild -vv -bc SPECS/libgcrypt.spec" 0
|
|
rlRun "pushd BUILD/libgcrypt-*" 0
|
|
rlRun "fipshmac src/.libs/libgcrypt.so.??" 0
|
|
rlRun "popd"
|
|
rlRun "popd"
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "Upstream testsuite"
|
|
rlRun "pushd $TOPDIR/BUILD/libgcrypt-*" 0
|
|
exp_fails=()
|
|
if [[ $fipsMode = 'enabled' ]]; then
|
|
if rlIsFedora 33; then
|
|
exp_fails+=("basic")
|
|
exp_fails+=("basic-disable-all-hwf")
|
|
exp_fails+=("t-kdf")
|
|
exp_fails+=("t-secmem")
|
|
elif rlIsFedora 34; then
|
|
exp_fails+=("basic")
|
|
exp_fails+=("basic-disable-all-hwf")
|
|
exp_fails+=("t-kdf")
|
|
exp_fails+=("t-secmem")
|
|
exp_fails+=("t-x448")
|
|
elif rlIsFedora 35; then # Fedora-35
|
|
exp_fails+=("curves")
|
|
fi
|
|
fi
|
|
rlRun "echo 'Expecting ${#exp_fails[@]} fails'"
|
|
exp_exitcode=0
|
|
if [[ ${#exp_fails[@]} -gt 0 ]]; then exp_exitcode=2; fi
|
|
rlRun "make check &> $TmpDir/make_check.out" $exp_exitcode
|
|
rlRun "grep ^FAIL: $TmpDir/make_check.out" 0,1 "Print fails"
|
|
if [[ ${#exp_fails[@]} -gt 0 ]]; then
|
|
for f in "${exp_fails[@]}"; do
|
|
rlAssertGrep "^FAIL: $f\$" $TmpDir/make_check.out
|
|
done
|
|
[[ $(grep -c '^FAIL:' $TmpDir/make_check.out) -eq ${#exp_fails[@]} ]] || rlFail "Unexpected fails present"
|
|
else
|
|
rlRun "grep \"All [0-9]\+ tests passed\" $TmpDir/make_check.out" 0 \
|
|
"All tests passed"
|
|
fi
|
|
rlRun "cat $TmpDir/make_check.out"
|
|
rlRun "popd"
|
|
rlPhaseEnd
|
|
|
|
if ! (rlIsRHEL '<=8.4' || ([[ $fipsMode = "enabled" ]] && rlIsFedora '<37')); then
|
|
# (we are ~expecting to fix HW optimization problem around Fedora-37)
|
|
rlPhaseStartTest "Performance with HW optimizations disabled - bz1990059"
|
|
# we are gathering more samples, so that this test is robust in shared environments
|
|
N_SAMPLES=5
|
|
N_MEDIAN=$(echo "$N_SAMPLES/2+1" |bc)
|
|
HWF_DENY_FILE="/etc/gcrypt/hwf.deny"
|
|
# Disabling via cmdline arguments would need either handpicking
|
|
# all the algorithms (variant with ":"), or making "all" work.
|
|
# "--disable-hwf all" does not work: https://dev.gnupg.org/T5636
|
|
#dis_arg="--disable-hwf all"
|
|
dis_arg=""
|
|
|
|
for x in "cipher:aes256:CBC enc" "hash:sha256:SHA256" "mac:hmac_sha256:HMAC_SHA256"; do
|
|
alg_type=$(echo $x |cut -d: -f1)
|
|
algorithm=$(echo $x |cut -d: -f2)
|
|
alg_line=$(echo $x |cut -d: -f3)
|
|
rlRun "rm -f $algorithm.ena $algorithm.dis"
|
|
rlLogInfo "Performance measurements started ..."
|
|
for i in `seq 1 $N_SAMPLES`; do
|
|
# run with HW optimizations ENAbled
|
|
rm -f $HWF_DENY_FILE
|
|
$TOPDIR/BUILD/libgcrypt-*/tests/bench-slope $alg_type $algorithm |grep "$alg_line" >>$algorithm.ena
|
|
|
|
# run with HW optimizations DISabled
|
|
# this looks idiotic, but I wasn't able to make --disable-hwf work
|
|
echo "all" >$HWF_DENY_FILE
|
|
$TOPDIR/BUILD/libgcrypt-*/tests/bench-slope $dis_arg $alg_type $algorithm |grep "$alg_line" >>$algorithm.dis
|
|
done
|
|
rlLogInfo "Performance measurements finished"
|
|
rlRun "cat $algorithm.ena"
|
|
rlRun "cat $algorithm.dis"
|
|
dis=$(cat $algorithm.dis |cut -d'|' -f2 |awk '{ print $1 }' |sort -n |sed -n "$N_MEDIAN p")
|
|
ena=$(cat $algorithm.ena |cut -d'|' -f2 |awk '{ print $1 }' |sort -n |sed -n "$N_MEDIAN p")
|
|
rlRun "echo '$algorithm Time: disabled $dis enabled $ena'"
|
|
if (( $(echo "$dis > $ena" |bc -l) )); then
|
|
rlPass "HW optimizations work for $algorithm"
|
|
else
|
|
rlFail "HW optimizations DO NOT work for $algorithm"
|
|
fi
|
|
done
|
|
rlPhaseEnd
|
|
fi
|
|
|
|
rlPhaseStartCleanup
|
|
rlRun "popd"
|
|
rlRun "rm -r $TmpDir" 0
|
|
rlRun "rlFileRestore"
|
|
rlPhaseEnd
|
|
|
|
rlJournalPrintText
|
|
rlJournalEnd
|