Skip to content

Commit

Permalink
Added CI tests for all examples and additional build tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
@dgarske
dgarske committed Aug 30, 2023
1 parent 78cd719 commit 76da900
Show file tree
Hide file tree
Showing 13 changed files with 542 additions and 83 deletions.
60 changes: 52 additions & 8 deletions .github/workflows/make-test-swtpm.yml
View file
Expand Up @@ -14,6 +14,7 @@ jobs:
steps:
#pull wolfTPM
- uses: actions/checkout@master

#setup wolfssl
- uses: actions/checkout@master
with:
Expand All @@ -28,27 +29,70 @@ jobs:
- name: wolfssl make install
working-directory: ./wolfssl
run: sudo make install

#setup ibmswtpm2
- uses: actions/checkout@master
with:
repository: kgoldman/ibmswtpm2
path: ibmswtpm2
- name: ibmswtpm2 make
working-directory: ./ibmswtpm2/src
run: make
#setup wolfTPM
run: |
make
./tpm_server &
#setup and test defaults (with simulator)
- name: autogen
run: ./autogen.sh
- name: configure
run: ./configure --enable-swtpm
- name: make test
run: |
./ibmswtpm2/src/tpm_server &
sleep 2 && make check && ./examples/native/native_test && ./examples/wrap/wrap_test
run: make check

#test wolfTPM without wolfCrypt
#test no wolfcrypt
- name: configure no wolfCrypt
run: ./configure --enable-swtpm --disable-wolfcrypt
- name: make test no wolfCrypt
run: |
make check && ./examples/native/native_test && ./examples/wrap/wrap_test
run: make check

#test no wrapper
- name: configure no wrapper
run: ./configure --enable-swtpm --disable-wrapper
- name: make test no wolfCrypt
run: make check

# test small stack
- name: configure smallstack
run: ./configure --enable-swtpm --enable-smallstack
- name: make test smallstack
run: make check

# test tislock
- name: configure tislock
run: ./configure --enable-tislock
- name: make tislock
run: make

# build debug
- name: configure debug
run: ./configure --enable-debug
- name: make debug
run: make

# build verbose
- name: configure debug verbose
run: ./configure --enable-debug=verbose
- name: make debug verbose
run: make

# build io
- name: configure debug io
run: ./configure --enable-debug=io CFLAGS="-DWOLFTPM_DEBUG_TIMEOUT"
- name: make debug io
run: make

# build advio
- name: configure advio
run: ./configure --enable-advio
- name: make debug io
run: make
12 changes: 6 additions & 6 deletions certs/certreq.sh
View file
Expand Up @@ -6,9 +6,9 @@ echo Run ./examples/csr/csr first to generate the CSR

# Make sure required CA files exist and are populated
rm -f ./certs/index.*
touch ./certs/index.txt
touch ./certs/index.txt
if [ ! -f ./certs/serial ]; then
echo 1000 > ./certs/serial
echo 3650 > ./certs/serial
fi
if [ ! -f ./certs/crlnumber ]; then
echo 2000 > ./certs/crlnumber
Expand All @@ -25,22 +25,22 @@ if [ "$1" == "clean" ]; then

# cleanup the ./examples/csr/csr generated
rm -f ./certs/tpm-*-cert.csr

exit 0
fi


# Generate RSA 2048-bit CA
if [ ! -f ./certs/ca-rsa-key.pem ]; then
openssl req -new -newkey rsa:2048 -keyout ./certs/ca-rsa-key.pem -nodes -out ./certs/ca-rsa-cert.csr -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
openssl x509 -req -in ./certs/ca-rsa-cert.csr -days 1000 -extfile ./certs/ca-rsa.cnf -extensions v3_ca -signkey ./certs/ca-rsa-key.pem -out ./certs/ca-rsa-cert.pem
openssl x509 -req -in ./certs/ca-rsa-cert.csr -days 3650 -extfile ./certs/ca-rsa.cnf -extensions v3_ca -signkey ./certs/ca-rsa-key.pem -out ./certs/ca-rsa-cert.pem
rm ./certs/ca-rsa-cert.csr

openssl x509 -in ./certs/ca-rsa-cert.pem -inform PEM -out ./certs/ca-rsa-cert.der -outform DER
openssl rsa -in ./certs/ca-rsa-key.pem -inform PEM -out ./certs/ca-rsa-key.der -outform DER

# generate CRL
openssl ca -config ./certs/ca-rsa.cnf -gencrl -crldays 1000 -out ./certs/ca-rsa.crl -keyfile ./certs/ca-rsa-key.pem -cert ./certs/ca-rsa-cert.pem
openssl ca -config ./certs/ca-rsa.cnf -gencrl -crldays 3650 -out ./certs/ca-rsa.crl -keyfile ./certs/ca-rsa-key.pem -cert ./certs/ca-rsa-cert.pem
fi

# Sign RSA certificates
Expand All @@ -62,7 +62,7 @@ if [ ! -f ./certs/ca-ecc-key.pem ]; then
openssl ec -in ./certs/ca-ecc-key.pem -inform PEM -out ./certs/ca-ecc-key.der -outform DER

# generate CRL
openssl ca -config ./certs/ca-ecc.cnf -gencrl -crldays 1000 -out ./certs/ca-ecc.crl -keyfile ./certs/ca-ecc-key.pem -cert ./certs/ca-ecc-cert.pem
openssl ca -config ./certs/ca-ecc.cnf -gencrl -crldays 3650 -out ./certs/ca-ecc.crl -keyfile ./certs/ca-ecc-key.pem -cert ./certs/ca-ecc-cert.pem
fi


Expand Down
4 changes: 1 addition & 3 deletions examples/README.md
View file
Expand Up @@ -48,7 +48,7 @@ More information about how to test and use PCR attestation can be found in the i

Demonstrates how to create Remote Attestation challenge using the TPM 2.0 and afterwards prepare a response.

Detailed information about using these examples can be found in [examples/attestation/README.md](./examples/attestation/README.md)
Detailed information about using these examples can be found in [examples/attestation/README.md](/examples/attestation/README.md)

`./examples/attestation/make_credential`
`./examples/attestation/activate_credential`
Expand Down Expand Up @@ -80,8 +80,6 @@ This behavior depends on the `sessionAttributes`:

Either one can be set separately or both can be set in one authorization session. This is up to the user (developer).

`./examples/pcr/quote_paramenc`

## CSR

Generates a Certificate Signing Request for building a certificate based on a TPM key pair.
Expand Down
70 changes: 39 additions & 31 deletions examples/bench/bench.c
View file
Expand Up @@ -122,7 +122,7 @@ static void bench_stats_asym_finish(const char* algo, int strength,
}

static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo,
const byte* in, word32 inSz, byte* digest, word32 digestSz)
const byte* in, word32 inSz, byte* digest, word32 digestSz, double maxDuration)
{
int rc;
int count;
Expand All @@ -139,7 +139,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo,
if (rc != 0) goto exit;
rc = wolfTPM2_HashFinish(dev, &hash, digest, &digestSz);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_sym_finish(desc, count, inSz, start);

exit:
Expand All @@ -148,7 +148,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo,

static int bench_sym_aes(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* storageKey,
const char* desc, int algo, int keyBits, const byte* in, byte* out,
word32 inOutSz, int isDecrypt)
word32 inOutSz, int isDecrypt, double maxDuration)
{
int rc;
int count;
Expand All @@ -173,11 +173,11 @@ static int bench_sym_aes(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* storageKey,
rc = wolfTPM2_EncryptDecrypt(dev, &aesKey, in, out, inOutSz, NULL, 0,
isDecrypt);
if (WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) {
printf("Encrypt/Decrypt unavailble\n");
printf("Encrypt/Decrypt unavailable\n");
break;
}
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_sym_finish(desc, count, inOutSz, start);

exit:
Expand All @@ -191,6 +191,8 @@ static void usage(void)
printf("Expected usage:\n");
printf("./examples/bench/bench [-aes/xor]\n");
printf("* -aes/xor: Use Parameter Encryption\n");
printf("* -maxdur=[ms]: Maximum runtime for each algorithm in milliseconds "
"(default %d)\n", TPM2_BENCH_DURATION_SEC*1000);
}

/******************************************************************************/
Expand All @@ -217,6 +219,8 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
int count;
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
WOLFTPM2_SESSION tpmSession;
double maxDuration = TPM2_BENCH_DURATION_SEC;
double maxKeyGenDurSec = TPM2_BENCH_DURATION_KEYGEN_SEC;

if (argc >= 2) {
if (XSTRCMP(argv[1], "-?") == 0 ||
Expand All @@ -233,6 +237,10 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
else if (XSTRCMP(argv[argc-1], "-xor") == 0) {
paramEncAlg = TPM_ALG_XOR;
}
else if (XSTRNCMP(argv[argc-1], "-maxdur=", XSTRLEN("-maxdur=")) == 0) {
const char* maxStr = argv[argc-1] + XSTRLEN("-maxdur=");
maxKeyGenDurSec = maxDuration = (double)(XATOI(maxStr)) / 1000.0;
}
else {
printf("Warning: Unrecognized option: %s\n", argv[argc-1]);
}
Expand Down Expand Up @@ -275,68 +283,68 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
do {
rc = wolfTPM2_GetRandom(&dev, message.buffer, sizeof(message.buffer));
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_sym_finish("RNG", count, sizeof(message.buffer), start);

/* AES Benchmarks */
/* AES CBC */
rc = bench_sym_aes(&dev, &storageKey, "AES-128-CBC-enc", TPM_ALG_CBC, 128,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-128-CBC-dec", TPM_ALG_CBC, 128,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-256-CBC-enc", TPM_ALG_CBC, 256,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-256-CBC-dec", TPM_ALG_CBC, 256,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;

/* AES CTR */
rc = bench_sym_aes(&dev, &storageKey, "AES-128-CTR-enc", TPM_ALG_CTR, 128,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-128-CTR-dec", TPM_ALG_CTR, 128,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-256-CTR-enc", TPM_ALG_CTR, 256,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-256-CTR-dec", TPM_ALG_CTR, 256,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;

/* AES CFB */
rc = bench_sym_aes(&dev, &storageKey, "AES-128-CFB-enc", TPM_ALG_CFB, 128,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-128-CFB-dec", TPM_ALG_CFB, 128,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-256-CFB-enc", TPM_ALG_CFB, 256,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_ENCRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;
rc = bench_sym_aes(&dev, &storageKey, "AES-256-CFB-dec", TPM_ALG_CFB, 256,
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT);
message.buffer, cipher.buffer, sizeof(message.buffer), WOLFTPM2_DECRYPT, maxDuration);
if (rc != 0 && !WOLFTPM_IS_COMMAND_UNAVAILABLE(rc)) goto exit;

/* Hashing Benchmarks */
/* SHA1 */
rc = bench_sym_hash(&dev, "SHA1", TPM_ALG_SHA1, message.buffer,
sizeof(message.buffer), cipher.buffer, TPM_SHA_DIGEST_SIZE);
sizeof(message.buffer), cipher.buffer, TPM_SHA_DIGEST_SIZE, maxDuration);
if (rc != 0 && (rc & TPM_RC_HASH) != TPM_RC_HASH) goto exit;
/* SHA256 */
rc = bench_sym_hash(&dev, "SHA256", TPM_ALG_SHA256, message.buffer,
sizeof(message.buffer), cipher.buffer, TPM_SHA256_DIGEST_SIZE);
sizeof(message.buffer), cipher.buffer, TPM_SHA256_DIGEST_SIZE, maxDuration);
if (rc != 0 && (rc & TPM_RC_HASH) != TPM_RC_HASH) goto exit;
/* SHA384 */
rc = bench_sym_hash(&dev, "SHA384", TPM_ALG_SHA384, message.buffer,
sizeof(message.buffer), cipher.buffer, TPM_SHA384_DIGEST_SIZE);
sizeof(message.buffer), cipher.buffer, TPM_SHA384_DIGEST_SIZE, maxDuration);
if (rc != 0 && (rc & TPM_RC_HASH) != TPM_RC_HASH) goto exit;
/* SHA512 */
rc = bench_sym_hash(&dev, "SHA512", TPM_ALG_SHA512, message.buffer,
sizeof(message.buffer), cipher.buffer, TPM_SHA512_DIGEST_SIZE);
sizeof(message.buffer), cipher.buffer, TPM_SHA512_DIGEST_SIZE, maxDuration);
if (rc != 0 && (rc & TPM_RC_HASH) != TPM_RC_HASH) goto exit;


Expand All @@ -354,7 +362,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
&publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_KEYGEN_SEC));
} while (bench_stats_check(start, &count, maxKeyGenDurSec));
bench_stats_asym_finish("RSA", 2048, "key gen", count, start);

/* Perform RSA encrypt / decrypt (no pad) */
Expand All @@ -367,7 +375,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_NULL,
message.buffer, message.size, cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("RSA", 2048, "Public", count, start);

bench_stats_start(&count, &start);
Expand All @@ -376,7 +384,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_NULL,
cipher.buffer, cipher.size, plain.buffer, &plain.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("RSA", 2048, "Private", count, start);


Expand All @@ -390,7 +398,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP,
message.buffer, message.size, cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("RSA", 2048, "Pub OAEP", count, start);

bench_stats_start(&count, &start);
Expand All @@ -399,7 +407,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP,
cipher.buffer, cipher.size, plain.buffer, &plain.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("RSA", 2048, "Priv OAEP", count, start);

rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
Expand All @@ -421,7 +429,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
&publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("ECC", 256, "key gen", count, start);

/* Perform sign / verify */
Expand All @@ -434,15 +442,15 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size,
cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("ECDSA", 256, "sign", count, start);

bench_stats_start(&count, &start);
do {
rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size,
message.buffer, message.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("ECDSA", 256, "verify", count, start);

rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
Expand All @@ -466,7 +474,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint,
cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
} while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC));
} while (bench_stats_check(start, &count, maxDuration));
bench_stats_asym_finish("ECDHE", 256, "agree", count, start);

rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
Expand Down

0 comments on commit 76da900

Please sign in to comment.