Skip to content

Commit

Permalink
Merge pull request #374 from dgarske/nofilesystem
Browse files Browse the repository at this point in the history
Fix and test for no filesystem
  • Loading branch information
embhorn authored Sep 3, 2024
2 parents 8df0ddc + 1603cfd commit e2ef780
Show file tree
Hide file tree
Showing 5 changed files with 88 additions and 64 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/make-test-swtpm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,20 @@ jobs:
make check
WOLFSSL_PATH=./wolfssl WOLFCRYPT_DEFAULT=1 ./examples/run_examples.sh
# test with no filesystem / threading
- name: wolfssl no filesystem
working-directory: ./wolfssl
run: |
./configure --enable-wolftpm --disable-filesystem --enable-singlethreaded
make
sudo make install
- name: wolftpm no filesystem
run: |
./configure --enable-swtpm
make
make check
WOLFSSL_PATH=./wolfssl NO_FILESYSTEM=1 ./examples/run_examples.sh
# capture logs on failure
- name: Upload failure logs
if: failure()
Expand Down
2 changes: 1 addition & 1 deletion examples/attestation/make_credential.c
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,9 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[])
}
printf("Public key for encryption loaded\n");
handle.hndl = loadExtOut.objectHandle;
XMEMSET(&name, 0, sizeof(name));
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
/* Load AK Name digest */
XMEMSET(&name, 0, sizeof(name));
fp = XFOPEN("ak.name", "rb");
if (fp != XBADFILE) {
size_t nameReadSz = XFREAD((BYTE*)&name, 1, sizeof(name), fp);
Expand Down
2 changes: 2 additions & 0 deletions examples/pkcs7/pkcs7.c
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,8 @@ static int PKCS7_SignVerify(WOLFTPM2_DEV* dev, int tpmDevId,
rc = -1; goto exit;
}
}
#else
(void)outFile;
#endif

/* Test verify with TPM */
Expand Down
133 changes: 70 additions & 63 deletions examples/run_examples.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ fi
if [ -z "$WOLFCRYPT_ENABLE" ]; then
WOLFCRYPT_ENABLE=1
fi
if [ -z "$NO_FILESYSTEM" ]; then
NO_FILESYSTEM=0
fi
if [ -z "$WOLFCRYPT_DEFAULT" ]; then
WOLFCRYPT_DEFAULT=0
fi
Expand Down Expand Up @@ -250,52 +253,54 @@ fi

# NV Tests
echo -e "NV Tests"
if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
./examples/nvram/store -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store param enc xorfailed! $RESULT" && exit 1
./examples/nvram/read -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read param enc xor failed! $RESULT" && exit 1

if [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
./examples/nvram/store -aes >> run.out 2>&1
if [ $NO_FILESYSTEM -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
./examples/nvram/store -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store param enc aes failed! $RESULT" && exit 1
./examples/nvram/read -aes >> run.out 2>&1
[ $RESULT -ne 0 ] && echo -e "nv store param enc xorfailed! $RESULT" && exit 1
./examples/nvram/read -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read param enc aes failed! $RESULT" && exit 1
[ $RESULT -ne 0 ] && echo -e "nv read param enc xor failed! $RESULT" && exit 1

if [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
./examples/nvram/store -aes >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store param enc aes failed! $RESULT" && exit 1
./examples/nvram/read -aes >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read param enc aes failed! $RESULT" && exit 1
fi
fi
fi
./examples/nvram/store -priv >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store priv only failed! $RESULT" && exit 1
./examples/nvram/read -priv >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read priv only failed! $RESULT" && exit 1
if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
./examples/nvram/store -priv -xor >> run.out 2>&1
./examples/nvram/store -priv >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store priv only param enc xor failed! $RESULT" && exit 1
./examples/nvram/read -priv -xor >> run.out 2>&1
[ $RESULT -ne 0 ] && echo -e "nv store priv only failed! $RESULT" && exit 1
./examples/nvram/read -priv >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read priv only param enc xor failed! $RESULT" && exit 1

if [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
./examples/nvram/store -priv -aes >> run.out 2>&1
[ $RESULT -ne 0 ] && echo -e "nv read priv only failed! $RESULT" && exit 1
if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
./examples/nvram/store -priv -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store priv only param enc aes failed! $RESULT" && exit 1
./examples/nvram/read -priv -aes >> run.out 2>&1
[ $RESULT -ne 0 ] && echo -e "nv store priv only param enc xor failed! $RESULT" && exit 1
./examples/nvram/read -priv -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read priv only param enc aes failed! $RESULT" && exit 1
[ $RESULT -ne 0 ] && echo -e "nv read priv only param enc xor failed! $RESULT" && exit 1

if [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
./examples/nvram/store -priv -aes >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store priv only param enc aes failed! $RESULT" && exit 1
./examples/nvram/read -priv -aes >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read priv only param enc aes failed! $RESULT" && exit 1
fi
fi
./examples/nvram/store -pub >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store pub only failed! $RESULT" && exit 1
./examples/nvram/read -pub >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read pub only failed! $RESULT" && exit 1
fi
./examples/nvram/store -pub >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv store pub only failed! $RESULT" && exit 1
./examples/nvram/read -pub >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "nv read pub only failed! $RESULT" && exit 1

./examples/nvram/policy_nv >> run.out 2>&1
RESULT=$?
Expand All @@ -313,7 +318,7 @@ RESULT=$?
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "keygen ecc test for csr failed! $RESULT" && exit 1

if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
./examples/csr/csr -cert >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "cert self-signed failed! $RESULT" && exit 1
Expand All @@ -332,7 +337,7 @@ fi

# PKCS7 Tests
echo -e "PKCS7 tests"
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
./examples/pkcs7/pkcs7 >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "pkcs7 failed! $RESULT" && exit 1
Expand Down Expand Up @@ -387,7 +392,7 @@ run_tpm_tls_server() { # Usage: run_tpm_tls_server [ecc/rsa] [tpmargs] [tlsversi
popd >> run.out 2>&1
}

if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
if [ $WOLFCRYPT_RSA -eq 1 ]; then
# TLS client/server RSA TLS v1.2 and v1.2 Crypto callbacks
run_tpm_tls_client "rsa" "" "3"
Expand Down Expand Up @@ -464,7 +469,7 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
[ $RESULT -ne 0 ] && echo -e "signed_timestamp ecc param enc failed! $RESULT" && exit 1
fi

if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $NO_FILESYSTEM -eq 0 ]; then
./examples/keygen/keygen keyblob.bin -rsa >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "keygen rsa failed! $RESULT" && exit 1
Expand Down Expand Up @@ -550,7 +555,7 @@ fi

# Secure Boot ROT
echo -e "Secure Boot ROT (Root of Trust) test"
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
./examples/boot/secure_rot -nvindex=0x1400200 -authstr=test -write=./certs/example-ecc256-key-pub.der >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "secure rot write ecc256! $RESULT" && exit 1
Expand Down Expand Up @@ -586,37 +591,39 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
fi

# Seal/Unseal (PCR Policy)
echo -e "Seal/Unseal (PCR policy)"
./examples/seal/seal sealedkeyblob.bin mySecretMessage >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "seal failed! $RESULT" && exit 1
./examples/seal/unseal message.raw sealedkeyblob.bin >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "unseal failed! $RESULT" && exit 1
rm -f sealedkeyblob.bin

if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_RSA -eq 1 ]; then
./examples/seal/seal sealedkeyblob.bin mySecretMessage -xor >> run.out 2>&1
if [ $NO_FILESYSTEM -eq 0 ]; then
echo -e "Seal/Unseal (PCR policy)"
./examples/seal/seal sealedkeyblob.bin mySecretMessage >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "seal xor failed! $RESULT" && exit 1
./examples/seal/unseal message.raw sealedkeyblob.bin -xor >> run.out 2>&1
[ $RESULT -ne 0 ] && echo -e "seal failed! $RESULT" && exit 1
./examples/seal/unseal message.raw sealedkeyblob.bin >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "unseal xor failed! $RESULT" && exit 1
[ $RESULT -ne 0 ] && echo -e "unseal failed! $RESULT" && exit 1
rm -f sealedkeyblob.bin

if [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
./examples/seal/seal sealedkeyblob.bin mySecretMessage -aes >> run.out 2>&1
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_RSA -eq 1 ]; then
./examples/seal/seal sealedkeyblob.bin mySecretMessage -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "seal aes failed! $RESULT" && exit 1
./examples/seal/unseal message.raw sealedkeyblob.bin -aes >> run.out 2>&1
[ $RESULT -ne 0 ] && echo -e "seal xor failed! $RESULT" && exit 1
./examples/seal/unseal message.raw sealedkeyblob.bin -xor >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "unseal aes failed! $RESULT" && exit 1
[ $RESULT -ne 0 ] && echo -e "unseal xor failed! $RESULT" && exit 1

if [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
./examples/seal/seal sealedkeyblob.bin mySecretMessage -aes >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "seal aes failed! $RESULT" && exit 1
./examples/seal/unseal message.raw sealedkeyblob.bin -aes >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "unseal aes failed! $RESULT" && exit 1
fi
rm -f sealedkeyblob.bin
fi
rm -f sealedkeyblob.bin
fi

# Seal/Unseal (Policy auth)
echo -e "Seal/Unseal (Policy auth)"
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
# Extend "aaa" to test PCR 16
echo aaa > aaa.bin
./examples/pcr/reset 16 >> run.out 2>&1
Expand Down
1 change: 1 addition & 0 deletions examples/tpm_test_keys.c
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
#else
(void)filename;
(void)key;
rc = NOT_COMPILED_IN;
#endif /* !NO_FILESYSTEM && !NO_WRITE_TEMP_FILES */
return rc;
}
Expand Down

0 comments on commit e2ef780

Please sign in to comment.