From 411c5a69b9657eb53dcdae96def26bd5bb824503 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 6 Nov 2023 14:35:28 -0800 Subject: [PATCH] Additional CI tests. --- .github/workflows/build-workflow.yml | 66 ++++++++++++++++ .github/workflows/unit-test.yml | 111 +++++++++++++++------------ README.md | 4 +- configure.ac | 8 +- src/crypto.c | 15 ++-- src/internal.c | 2 +- src/slot.c | 2 +- src/wolfpkcs11.c | 2 +- tests/pkcs11mtt.c | 2 +- tests/pkcs11str.c | 17 +++- tests/pkcs11test.c | 4 +- tests/testdata.h | 2 +- tests/unit.h | 2 +- wolfpkcs11/internal.h | 9 ++- wolfpkcs11/options.h.in | 2 +- wolfpkcs11/pkcs11.h | 2 +- wolfpkcs11/store.h | 2 +- wolfpkcs11/version.h | 2 +- wolfpkcs11/version.h.in | 2 +- wolfpkcs11/visibility.h | 2 +- 20 files changed, 180 insertions(+), 78 deletions(-) create mode 100644 .github/workflows/build-workflow.yml diff --git a/.github/workflows/build-workflow.yml b/.github/workflows/build-workflow.yml new file mode 100644 index 0000000..077b1b0 --- /dev/null +++ b/.github/workflows/build-workflow.yml @@ -0,0 +1,66 @@ +name: wolfPKCS11 Build Workflow + +on: + + workflow_call: + inputs: + config: + required: false + type: string + +jobs: + build: + + runs-on: ubuntu-latest + + steps: +#pull wolfPKCS11 + - uses: actions/checkout@v3 + with: + submodules: true + +#setup wolfssl + - uses: actions/checkout@v3 + with: + repository: wolfssl/wolfssl + path: wolfssl + - name: wolfssl autogen + working-directory: ./wolfssl + run: ./autogen.sh + - name: wolfssl configure + working-directory: ./wolfssl + run: | + ./configure --enable-cryptonly --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt \ + C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT" + - name: wolfssl make install + working-directory: ./wolfssl + run: make + - name: wolfssl make install + working-directory: ./wolfssl + run: | + sudo make install + sudo ldconfig + +#setup wolfPKCS11 + - name: wolfpkcs11 autogen + run: ./autogen.sh + - name: wolfpkcs11 configure + run: ./configure ${{inputs.config}} + - name: wolfpkcs11 make + run: make + - name: wolfpkcs11 make check + run: make check + - name: wolfpkcs11 make install + run: sudo make install + - name: wolfpkcs11 make dist + run: make dist + +# capture logs on failure + - name: Upload failure logs + if: failure() || cancelled() + uses: actions/upload-artifact@v3 + with: + name: wolfpkcs11-test-logs + path: | + test-suite.log + retention-days: 5 diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 8b04095..8bf687e 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -7,56 +7,67 @@ on: branches: [ '*' ] jobs: - build: - runs-on: ubuntu-latest + defaults_all: + uses: ./.github/workflows/build-workflow.yml - steps: -#pull wolfPKCS11 - - uses: actions/checkout@v3 + no_rsa: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-rsa + no_rsaoaep: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-rsaoaep + no_rsapss: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-rsapss + no_ecc: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-ecc + no_dh: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-dh + no_keygen: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-keygen + no_keystore: + uses: ./.github/workflows/build-workflow.yml + with: + config: CFLAGS="-DWOLFPKCS11_NO_STORE" + no_aesgcm: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-aesgcm + no_sha512: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-sha512 + no_sha384: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-sha384 + no_sha224: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-sha224 + no_sha1: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-sha1 + no_md5: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-md5 + no_hmac: + uses: ./.github/workflows/build-workflow.yml + with: + config: --disable-hmac -#setup wolfssl - - uses: actions/checkout@v3 - with: - repository: wolfssl/wolfssl - path: wolfssl - - name: wolfssl autogen - working-directory: ./wolfssl - run: ./autogen.sh - - name: wolfssl configure - working-directory: ./wolfssl - run: | - ./configure --enable-wolftpm --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt \ - C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT" - - name: wolfssl make install - working-directory: ./wolfssl - run: make - - name: wolfssl make install - working-directory: ./wolfssl - run: | - sudo make install - sudo ldconfig - -#setup wolfPKCS11 - - name: wolfpkcs11 autogen - run: ./autogen.sh - - name: wolfpkcs11 configure - run: ./configure - - name: wolfpkcs11 make - run: make - - name: wolfpkcs11 make check - run: make check - - name: wolfpkcs11 make install - run: sudo make install - - name: wolfpkcs11 make dist - run: make dist - -# capture logs on failure - - name: Upload failure logs - if: failure() - uses: actions/upload-artifact@v3 - with: - name: wolfpkcs11-test-logs - path: | - test-suite.log - retention-days: 5 + #TODO: --disable-aes Enable AES (default: enabled) + #TODO: --disable-aescbc Enable AES-CBC (default: enabled) + #TODO: --disable-sha256 Enable SHA-256 (default: enabled) diff --git a/README.md b/README.md index c615a1d..70dc10a 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ PKCS#11 library that implements cryptographic algorithms using wolfSSL. Build wolfSSL: -``` +```sh git clone https://github.com/wolfSSL/wolfssl.git cd wolfssl ./autogen.sh @@ -24,7 +24,7 @@ autogen.sh requires: automake and libtool: `sudo apt-get install automake libtoo Build wolfPKCS11: -``` +```sh git clone https://github.com/wolfSSL/wolfPKCS11.git cd wolfPKCS11 ./autogen.sh diff --git a/configure.ac b/configure.ac index d468de9..db5fc06 100644 --- a/configure.ac +++ b/configure.ac @@ -1,11 +1,11 @@ # configure.ac # -# Copyright (C) 2018 wolfSSL Inc. +# Copyright (C) 2023 wolfSSL Inc. # All right reserved. # # This file is part of wolfPKCS11. # -AC_COPYRIGHT([Copyright (C) 2014-2018 wolfSSL Inc.]) +AC_COPYRIGHT([Copyright (C) 2014-2023 wolfSSL Inc.]) AC_PREREQ([2.63]) AC_INIT([wolfpkcs11],[1.1.0],[https://github.com/wolfssl/wolfpkcs11/issues],[wolfpkcs11],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -367,7 +367,7 @@ rm -f $OPTION_FILE echo "/* wolfpkcs11 options.h" > $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE -echo " * Copyright (C) 2006-2021 wolfSSL Inc." >> $OPTION_FILE +echo " * Copyright (C) 2006-2023 wolfSSL Inc." >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * * This file is part of wolfPKCS11." >> $OPTION_FILE echo " *" >> $OPTION_FILE @@ -479,7 +479,7 @@ echo " * AES: $ENABLED_AES" echo " * AES-CBC: $ENABLED_AESCBC" echo " * AES-GCM: $ENABLED_AESGCM" echo " * MD5: $ENABLED_MD5" -echo " * SHA: $ENABLED_SHA" +echo " * SHA: $ENABLED_SHA1" echo " * SHA-224: $ENABLED_SHA224" echo " * SHA-256: $ENABLED_SHA256" echo " * SHA-384: $ENABLED_SHA384" diff --git a/src/crypto.c b/src/crypto.c index 536edd2..60a0af8 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -1,6 +1,6 @@ /* crypto.c * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * @@ -488,6 +488,7 @@ static CK_RV AddObject(WP11_Session* session, WP11_Object* object, return CKR_OK; } +#ifndef NO_RSA /** * Create an RSA private key object in the session or on the token associated with the session. * @@ -606,6 +607,7 @@ static CK_RV AddRSAPrivateKeyObject(WP11_Session* session, return rv; } +#endif /** * Create an object in the session or on the token associated with the session. @@ -3853,7 +3855,7 @@ CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, return rv; switch (keyType) { - +#if !defined(NO_RSA) && !defined(WOLFPKCS11_NO_STORE) case CKK_RSA: ret = WP11_Rsa_SerializeKeyPTPKC8(key, NULL, &serialSize); if (ret != 0) @@ -3868,17 +3870,17 @@ CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, rv = CKR_FUNCTION_FAILED; goto err_out; } - break; +#endif default: rv = CKR_KEY_NOT_WRAPPABLE; goto err_out; } switch (pMechanism->mechanism) { +#ifndef NO_AES /* These unwrap mechanisms can be supported with high level C_Encrypt */ case CKM_AES_CBC_PAD: - if (wrapkeyType != CKK_AES) { rv = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; goto err_out; @@ -3893,10 +3895,12 @@ CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, goto err_out; break; +#endif default: rv = CKR_MECHANISM_INVALID; break; } + (void)pWrappedKey; err_out: @@ -4024,11 +4028,12 @@ CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, } switch (keyType) { +#ifndef NO_RSA case CKK_RSA: - rv = AddRSAPrivateKeyObject(session, pTemplate, ulAttributeCount, workBuffer, ulUnwrappedLen, phKey); break; +#endif default: rv = CKR_KEY_NOT_WRAPPABLE; goto err_out; diff --git a/src/internal.c b/src/internal.c index d60b15b..bd64d5b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/src/slot.c b/src/slot.c index 7c16e5d..b189229 100644 --- a/src/slot.c +++ b/src/slot.c @@ -1,6 +1,6 @@ /* slot.c * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/src/wolfpkcs11.c b/src/wolfpkcs11.c index 5dd7e86..4b510b4 100644 --- a/src/wolfpkcs11.c +++ b/src/wolfpkcs11.c @@ -1,6 +1,6 @@ /* wolfpkcs11.c * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/tests/pkcs11mtt.c b/tests/pkcs11mtt.c index 56bfbfa..be864f9 100644 --- a/tests/pkcs11mtt.c +++ b/tests/pkcs11mtt.c @@ -1,6 +1,6 @@ /* pkcs11mtt.c - unit tests * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/tests/pkcs11str.c b/tests/pkcs11str.c index 7ed232a..2b3c9a5 100644 --- a/tests/pkcs11str.c +++ b/tests/pkcs11str.c @@ -1,6 +1,6 @@ /* pkcs11str.c - unit tests * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * @@ -145,8 +145,9 @@ int userPinLen; static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY; #endif static CK_OBJECT_CLASS privKeyClass = CKO_PRIVATE_KEY; +#ifndef NO_AES static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY; - +#endif static CK_BBOOL ckTrue = CK_TRUE; #ifndef NO_RSA @@ -583,6 +584,7 @@ static CK_RV find_dh_pub_key(CK_SESSION_HANDLE session, } #endif +#ifndef NO_AES static CK_RV create_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id, int idLen, CK_OBJECT_HANDLE* key) { @@ -611,7 +613,6 @@ static CK_RV create_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id, return ret; } -#ifndef NO_AES static CK_RV find_aes_key(CK_SESSION_HANDLE session, unsigned char* id, int idLen, CK_OBJECT_HANDLE* key) { @@ -650,20 +651,28 @@ static CK_RV pkcs11_test(int slotId, int setPin, int closeDl) CK_SESSION_HANDLE session = CK_INVALID_HANDLE; CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE; CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE; +#ifndef NO_RSA unsigned char* privId = (unsigned char *)"123rsafixedpriv"; int privIdLen = (int)strlen((char*)privId); unsigned char* pubId = (unsigned char *)"123rsafixedpub"; int pubIdLen = (int)strlen((char*)pubId); +#endif +#ifdef HAVE_ECC unsigned char* eccPrivId = (unsigned char *)"123eccfixedpriv"; int eccPrivIdLen = (int)strlen((char*)eccPrivId); unsigned char* eccPubId = (unsigned char *)"123eccfixedpub"; int eccPubIdLen = (int)strlen((char*)eccPubId); +#endif +#ifndef NO_DH unsigned char* dhPrivId = (unsigned char *)"123dhfixedpriv"; int dhPrivIdLen = (int)strlen((char*)dhPrivId); unsigned char* dhPubId = (unsigned char *)"123dhfixedpub"; int dhPubIdLen = (int)strlen((char*)dhPubId); +#endif +#ifndef NO_AES unsigned char* aesKeyId = (unsigned char *)"123aes128key"; int aesKeyIdLen = (int)strlen((char*)aesKeyId); +#endif /* Set it global. */ slot = slotId; @@ -739,8 +748,10 @@ static CK_RV pkcs11_test(int slotId, int setPin, int closeDl) #endif (void)genericKeyType; #ifndef NO_AES + #ifdef HAVE_AESGCM (void)aes_128_gcm_exp_tag; (void)aes_128_gcm_exp; + #endif (void)aes_128_cbc_pad_exp; (void)aes_128_cbc_exp; if (ret == CKR_OK) { diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c index 0cb57f3..1c22c3c 100644 --- a/tests/pkcs11test.c +++ b/tests/pkcs11test.c @@ -1,6 +1,6 @@ /* pkcs11test.c - unit tests * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * @@ -3031,6 +3031,7 @@ static CK_RV find_rsa_priv_key(CK_SESSION_HANDLE session, return ret; } +#ifdef WOLFSSL_KEY_GEN static CK_RV find_rsa_pub_key_label(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE* pubKey) { @@ -3093,6 +3094,7 @@ static CK_RV find_rsa_priv_key_label(CK_SESSION_HANDLE session, return ret; } +#endif static CK_RV test_attributes_rsa(void* args) { diff --git a/tests/testdata.h b/tests/testdata.h index 0628aeb..48e24c8 100644 --- a/tests/testdata.h +++ b/tests/testdata.h @@ -1,6 +1,6 @@ /* testdata.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/tests/unit.h b/tests/unit.h index c1c7c04..2c719d5 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -1,6 +1,6 @@ /* unit.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/wolfpkcs11/internal.h b/wolfpkcs11/internal.h index 7044108..1e7d8b1 100644 --- a/wolfpkcs11/internal.h +++ b/wolfpkcs11/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * @@ -40,6 +40,13 @@ #include #include +/* store requires AES */ +#ifdef NO_AES + #undef WOLFPKCS11_NO_STORE + #define WOLFPKCS11_NO_STORE +#endif + + #ifdef __cplusplus extern "C" { #endif diff --git a/wolfpkcs11/options.h.in b/wolfpkcs11/options.h.in index 6ec55d8..79b2667 100644 --- a/wolfpkcs11/options.h.in +++ b/wolfpkcs11/options.h.in @@ -1,6 +1,6 @@ /* options.h.in * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/wolfpkcs11/pkcs11.h b/wolfpkcs11/pkcs11.h index 95d978e..f63fc6c 100644 --- a/wolfpkcs11/pkcs11.h +++ b/wolfpkcs11/pkcs11.h @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/wolfpkcs11/store.h b/wolfpkcs11/store.h index 59bdfee..94da857 100644 --- a/wolfpkcs11/store.h +++ b/wolfpkcs11/store.h @@ -1,6 +1,6 @@ /* store.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/wolfpkcs11/version.h b/wolfpkcs11/version.h index 2136618..8748093 100644 --- a/wolfpkcs11/version.h +++ b/wolfpkcs11/version.h @@ -1,6 +1,6 @@ /* wolfpkcs11_version.h.in * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/wolfpkcs11/version.h.in b/wolfpkcs11/version.h.in index 861b075..feb327b 100644 --- a/wolfpkcs11/version.h.in +++ b/wolfpkcs11/version.h.in @@ -1,6 +1,6 @@ /* wolfpkcs11_version.h.in * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. * diff --git a/wolfpkcs11/visibility.h b/wolfpkcs11/visibility.h index 2637687..b2afb1c 100644 --- a/wolfpkcs11/visibility.h +++ b/wolfpkcs11/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfPKCS11. *