From 8212cb8a68c4748a62accea1d5b9a89a1e4eb8f9 Mon Sep 17 00:00:00 2001 From: Hugues de Valon Date: Tue, 17 Dec 2019 10:43:00 +0000 Subject: [PATCH] Modify tests directory structure In order to execute the tests under different single providers, under all providers and for cross-compilation, split the tests directory into sub-directories. Each one contains a specific configuration file to run the tests under. Please check issue #69 for details. Signed-off-by: Hugues de Valon --- .github/workflows/ci.yml | 85 +++++---------- build-conf.toml | 2 +- setup_mbed_crypto.sh | 2 +- tests/all_providers/Dockerfile | 49 +++++++++ tests/{all.sh => all_providers/ci.sh} | 63 ++++++----- tests/all_providers/config.toml | 30 +++++ .../mod.rs} | 9 +- tests/{ => cross_compilation}/Dockerfile | 3 +- tests/mod.rs | 16 +++ tests/per_provider/ci.sh | 103 ++++++++++++++++++ tests/{normal.rs => per_provider/mod.rs} | 5 +- .../normal_tests/asym_sign_verify.rs | 0 tests/{ => per_provider}/normal_tests/auth.rs | 0 .../{ => per_provider}/normal_tests/basic.rs | 0 .../normal_tests/create_destroy_key.rs | 0 .../normal_tests/export_public_key.rs | 0 .../normal_tests/import_key.rs | 0 tests/{ => per_provider}/normal_tests/mod.rs | 1 - tests/{ => per_provider}/normal_tests/ping.rs | 0 .../persistent_after.rs} | 0 .../persistent_before.rs} | 0 .../provider_cfg/mbed-crypto/Dockerfile | 16 +++ .../provider_cfg/mbed-crypto/config.toml | 16 +++ .../provider_cfg/pkcs11/Dockerfile | 22 ++++ .../provider_cfg/pkcs11/config.toml | 21 ++++ .../provider_cfg/pkcs11/find_slot_number.sh | 33 ++++++ .../per_provider/provider_cfg/tpm/Dockerfile | 23 ++++ .../per_provider/provider_cfg/tpm/config.toml | 17 +++ tests/{ => per_provider}/stress_test.rs | 0 29 files changed, 414 insertions(+), 102 deletions(-) create mode 100644 tests/all_providers/Dockerfile rename tests/{all.sh => all_providers/ci.sh} (54%) create mode 100644 tests/all_providers/config.toml rename tests/{normal_tests/describe_assets.rs => all_providers/mod.rs} (89%) rename tests/{ => cross_compilation}/Dockerfile (73%) create mode 100644 tests/mod.rs create mode 100755 tests/per_provider/ci.sh rename tests/{normal.rs => per_provider/mod.rs} (88%) rename tests/{ => per_provider}/normal_tests/asym_sign_verify.rs (100%) rename tests/{ => per_provider}/normal_tests/auth.rs (100%) rename tests/{ => per_provider}/normal_tests/basic.rs (100%) rename tests/{ => per_provider}/normal_tests/create_destroy_key.rs (100%) rename tests/{ => per_provider}/normal_tests/export_public_key.rs (100%) rename tests/{ => per_provider}/normal_tests/import_key.rs (100%) rename tests/{ => per_provider}/normal_tests/mod.rs (97%) rename tests/{ => per_provider}/normal_tests/ping.rs (100%) rename tests/{persistent-after.rs => per_provider/persistent_after.rs} (100%) rename tests/{persistent-before.rs => per_provider/persistent_before.rs} (100%) create mode 100644 tests/per_provider/provider_cfg/mbed-crypto/Dockerfile create mode 100644 tests/per_provider/provider_cfg/mbed-crypto/config.toml create mode 100644 tests/per_provider/provider_cfg/pkcs11/Dockerfile create mode 100644 tests/per_provider/provider_cfg/pkcs11/config.toml create mode 100755 tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh create mode 100644 tests/per_provider/provider_cfg/tpm/Dockerfile create mode 100644 tests/per_provider/provider_cfg/tpm/config.toml rename tests/{ => per_provider}/stress_test.rs (100%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1c590360..1977d130 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,82 +3,55 @@ name: Continuous Integration on: [push, pull_request] jobs: - build-and-formatting: - name: Build and check formatting + all-providers: + name: Various tests targeting a Parsec image with all providers included runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - name: Build - run: cargo build --verbose - # rustfmt will check if the code build before checking the formatting. - # Because the build script generated a new module in the code, - # building the code before checking it is needed. - - name: Check formatting - run: cargo fmt --all -- --check + - name: Build the container + run: docker build -t all-providers tests/all_providers + - name: Run the container to execute the test script + run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec all-providers /tmp/parsec/tests/all_providers/ci.sh - linting: - name: Execute clippy + mbed-crypto-provider: + name: Integration tests using Mbed Crypto provider runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - run: cargo clippy + - name: Build the container + run: docker build -t mbed-crypto-provider tests/per_provider/provider_cfg/mbed-crypto + - name: Run the container to execute the test script + run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec mbed-crypto-provider /tmp/parsec/tests/per_provider/ci.sh mbed-crypto - unit-test: - name: Run unit and doc tests + pkcs11-provider: + name: Integration tests using PKCS 11 provider runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - run: cargo test --lib --verbose - - run: cargo test --doc --verbose + - name: Build the container + run: docker build -t pkcs11-provider tests/per_provider/provider_cfg/pkcs11 + - name: Run the container to execute the test script + run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec pkcs11-provider /tmp/parsec/tests/per_provider/ci.sh pkcs11 - integ-test-normal: - name: Normal integration tests + tpm-provider: + name: Integration tests using TPM provider runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - run: cargo build --verbose - - run: | - RUST_BACKTRACE=1 RUST_LOG=info cargo run & - cargo test --test normal + - name: Build the container + run: docker build -t tpm-provider tests/per_provider/provider_cfg/tpm + - name: Run the container to execute the test script + run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec tpm-provider /tmp/parsec/tests/per_provider/ci.sh tpm - integ-test-persistence: - name: Persistence integration tests - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - run: cargo build --verbose - - run: | - RUST_BACKTRACE=1 RUST_LOG=info cargo run & - SERVER_PID=$! - cargo test --test persistent-before - # Create a fake mapping file for the root application, the Mbed Provider and - # a key name of "Test Key". It contains a valid PSA Key ID. - # It is tested in test "should_have_been_deleted". - mkdir -p mappings/cm9vdA==/1 || exit 1 - printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/1/VGVzdCBLZXk\= - kill -s SIGHUP $SERVER_PID - cargo test --test persistent-after - - stress-test: - name: Stress tests - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - run: cargo build --verbose - - run: | - RUST_BACKTRACE=1 RUST_LOG=info cargo run & - cargo test --test stress_test - - cross-testing-arm64-linux: - name: Cross testing for the aarch64-unknown-linux-gnu target + cross-compilation-arm64-linux: + name: Cross compilation for the aarch64-unknown-linux-gnu target runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Install cross run: cargo install cross - name: Build the cross Dockerfile - run: docker build -t parsec-cross tests/ + run: docker build -t parsec-cross tests/cross_compilation - name: Cross-compile with cross - run: cross build --target aarch64-unknown-linux-gnu --verbose - - name: Execute the unit tests with cross - run: cross test --lib --target aarch64-unknown-linux-gnu --verbose + #TODO: compile will all features included by setting up the right Dockerfile + run: cross build --target aarch64-unknown-linux-gnu --verbose --no-default-features diff --git a/build-conf.toml b/build-conf.toml index 4fdfd575..8a24fac3 100644 --- a/build-conf.toml +++ b/build-conf.toml @@ -4,7 +4,7 @@ # Path (either relative or absolute) where the Mbed Crypto source code will be # persisted. # This value default to the OUT_DIR environment variable. - # mbed_path = "/tmp/" + mbed_path = "/tmp/" # When compiling natively [mbed_config.native] diff --git a/setup_mbed_crypto.sh b/setup_mbed_crypto.sh index 7cd1b1d3..d3f8d8e4 100755 --- a/setup_mbed_crypto.sh +++ b/setup_mbed_crypto.sh @@ -65,7 +65,7 @@ else fi # Set up lib -if [[ -n "$HAS_CURRENT_MBED" && -e "library/$MBED_LIB_FILENAME" ]]; then +if [[ -e "library/$MBED_LIB_FILENAME" ]]; then echo "Library is set up." else setup_mbed_library diff --git a/tests/all_providers/Dockerfile b/tests/all_providers/Dockerfile new file mode 100644 index 00000000..83c4de56 --- /dev/null +++ b/tests/all_providers/Dockerfile @@ -0,0 +1,49 @@ +FROM tpm2software/tpm2-tss + +ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig + +RUN apt-get update && \ + apt-get install -y git make gcc python3 python curl wget && \ + apt-get install -y automake autoconf libtool pkg-config libssl-dev && \ + # These libraries are needed for bindgen as it uses libclang.so + apt-get install -y clang libclang-dev libc6-dev-i386 + +WORKDIR /tmp +RUN wget https://github.com/ARMmbed/mbed-crypto/archive/mbedcrypto-2.0.0.tar.gz +RUN tar xf mbedcrypto-2.0.0.tar.gz +RUN cd mbed-crypto-mbedcrypto-2.0.0 \ + && make SHARED=0 + +WORKDIR /tmp +# Download and install TSS 2.0 +RUN git clone https://github.com/tpm2-software/tpm2-tss.git --branch 2.3.1 +RUN cd tpm2-tss \ + && ./bootstrap \ + && ./configure \ + && make -j$(nproc) \ + && make install \ + && ldconfig + +# Download and install TPM2 tools +RUN git clone https://github.com/tpm2-software/tpm2-tools.git --branch 4.1 +RUN cd tpm2-tools \ + && ./bootstrap \ + && ./configure --enable-unit \ + && make install + +WORKDIR /tmp +RUN wget https://github.com/opendnssec/SoftHSMv2/archive/2.5.0.tar.gz +RUN tar xf 2.5.0.tar.gz +RUN cd SoftHSMv2-2.5.0 \ + && sh autogen.sh \ + && ./configure --disable-gost \ + && make \ + && make install + +# Create a new token in a new slot. The slot number assigned will be random +# and is found with the find_slot_number script. +RUN softhsm2-util --init-token --slot 0 --label "Parsec Tests" --pin 123456 --so-pin 123456 + +# Install Rust toolchain +RUN curl https://sh.rustup.rs -sSf | bash -s -- -y +ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/tests/all.sh b/tests/all_providers/ci.sh similarity index 54% rename from tests/all.sh rename to tests/all_providers/ci.sh index 9c2434a8..59f7100d 100755 --- a/tests/all.sh +++ b/tests/all_providers/ci.sh @@ -17,52 +17,51 @@ # limitations under the License. # ------------------------------------------------------------------------------ -# This script executes static checks, unit and integration tests for the PARSEC -# service. +# All providers CI test script # -# Usage: ./tests/all.sh +# This script will execute various tests targeting a platform will all providers included. +# It is meant to be executed inside the container which Dockerfile is in tests/all_providers. +# Usage: ./tests/all_providers/ci.sh + +set -e + +# Select all providers. +FEATURES="--all-features" + +# Start the TPM simulation server if needed +tpm_server & +sleep 5 +tpm2_startup -c -T mssim + +# Find and append the slot number at the end of the configuration file. +tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh \ + tests/all_providers/config.toml ############## # Build test # ############## -cargo build || exit 1 - -############################ -# Unit tests and doc tests # -############################ -cargo test --lib || exit 1 -cargo test --doc || exit 1 +RUST_BACKTRACE=1 cargo build $FEATURES --verbose ################# # Static checks # ################# -cargo fmt --all -- --check || exit 1 -cargo clippy || exit 1 +cargo fmt --all -- --check +cargo clippy + +############################ +# Unit tests and doc tests # +############################ +RUST_BACKTRACE=1 cargo test --lib $FEATURES +RUST_BACKTRACE=1 cargo test --doc $FEATURES ##################### # Integration tests # ##################### -RUST_BACKTRACE=1 RUST_LOG=info cargo run & +RUST_BACKTRACE=1 cargo run $FEATURES \ + -- --config tests/all_providers/config.toml & SERVER_PID=$! -cargo test --test normal || exit 1 - -cargo test --test persistent-before || exit 1 - -# Create a fake mapping file for the root application, the Mbed Provider and a -# key name of "Test Key". It contains a valid PSA Key ID. -# It is tested in test "should_have_been_deleted". -mkdir -p mappings/cm9vdA==/1 || exit 1 -# For Mbed Provider -printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/1/VGVzdCBLZXk\= -# For PKCS 11 Provider -printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/2/VGVzdCBLZXk\= - -# Trigger a configuration reload to load the new mappings. -kill -s SIGHUP $SERVER_PID - -cargo test --test persistent-after || exit 1 - -RUST_LOG=info cargo test --test stress_test || exit 1 +RUST_BACKTRACE=1 cargo test $FEATURES all_providers kill $SERVER_PID +cargo clean diff --git a/tests/all_providers/config.toml b/tests/all_providers/config.toml new file mode 100644 index 00000000..5dfa7c6e --- /dev/null +++ b/tests/all_providers/config.toml @@ -0,0 +1,30 @@ +[core_settings] +log_level = "debug" +# The CI already timestamps the logs +log_timestamp = false + +[listener] +listener_type = "DomainSocket" +timeout = 200 # in milliseconds + +[[key_manager]] +name = "on-disk-manager" +manager_type = "OnDisk" + +[[provider]] +provider_type = "MbedProvider" +key_id_manager = "on-disk-manager" + +[[provider]] +provider_type = "TpmProvider" +key_id_manager = "on-disk-manager" +tcti = "mssim" + +[[provider]] +provider_type = "Pkcs11Provider" +key_id_manager = "on-disk-manager" +library_path = "/usr/local/lib/softhsm/libsofthsm2.so" +user_pin = "123456" +# The slot_number mandatory field is going to be added by the find_slot_number.sh script +# to the last line of this file in the form: +# slot_number = 123456 diff --git a/tests/normal_tests/describe_assets.rs b/tests/all_providers/mod.rs similarity index 89% rename from tests/normal_tests/describe_assets.rs rename to tests/all_providers/mod.rs index 06c8ca56..0cb23295 100644 --- a/tests/normal_tests/describe_assets.rs +++ b/tests/all_providers/mod.rs @@ -19,26 +19,21 @@ mod tests { use parsec_interface::requests::Result; use std::collections::HashSet; - //TODO: put those two first tests in a separate target which is executed with an - //appropriate config file so that all providers are there. - #[test] - #[ignore] fn list_providers() { let mut client = TestClient::new(); let providers = client.list_providers().expect("list providers failed"); - assert_eq!(providers.len(), 3); + assert_eq!(providers.len(), 4); let ids: HashSet = providers.iter().map(|p| p.id).collect(); assert!(ids.contains(&ProviderID::CoreProvider)); assert!(ids.contains(&ProviderID::MbedProvider)); assert!(ids.contains(&ProviderID::Pkcs11Provider)); + assert!(ids.contains(&ProviderID::TpmProvider)); } #[test] - #[ignore] fn list_opcodes() { let mut client = TestClient::new(); - client.set_provider(Some(ProviderID::MbedProvider)); let opcodes = client .list_opcodes(ProviderID::MbedProvider) .expect("list providers failed"); diff --git a/tests/Dockerfile b/tests/cross_compilation/Dockerfile similarity index 73% rename from tests/Dockerfile rename to tests/cross_compilation/Dockerfile index 82e8fe6c..80def4b3 100644 --- a/tests/Dockerfile +++ b/tests/cross_compilation/Dockerfile @@ -1,5 +1,4 @@ -# This Dockerfile is used by cross for cross-compilation and cross-testing of -# PARSEC. +# This Dockerfile is used by cross for cross-compilation of Parsec. FROM rustembedded/cross:aarch64-unknown-linux-gnu-0.1.16 diff --git a/tests/mod.rs b/tests/mod.rs new file mode 100644 index 00000000..fd62e245 --- /dev/null +++ b/tests/mod.rs @@ -0,0 +1,16 @@ +// Copyright (c) 2019, Arm Limited, All Rights Reserved +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +mod all_providers; +mod per_provider; diff --git a/tests/per_provider/ci.sh b/tests/per_provider/ci.sh new file mode 100755 index 00000000..3e479069 --- /dev/null +++ b/tests/per_provider/ci.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash + +# ------------------------------------------------------------------------------ +# Copyright (c) 2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ------------------------------------------------------------------------------ + +# Per provider CI test script +# +# This script will execute integration tests targeting a platform with a single provider included. +# It is meant to be executed inside one of the container which Dockerfiles +# are in tests/per_provider/provider_cfg/*/. +# +# Usage: ./tests/per_provider/ci.sh PROVIDER_NAME +# where PROVIDER_NAME can be one of: +# - mbed-crypto +# - pkcs11 +# - tpm + +set -e + +# Only select one provider. +FEATURES="--no-default-features --features=$1-provider" + +# Check if the PROVIDER_NAME was given. +if [ $# -eq 0 ] +then + echo "A provider name needs to be given as input argument to that script." + exit 1 +fi + +# Start the TPM simulation server if needed +if [[ $1 = "tpm" ]] +then + tpm_server & + sleep 5 + tpm2_startup -c -T mssim +fi + +if [[ $1 = "pkcs11" ]] +then + # Find and append the slot number at the end of the configuration file. + tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh \ + tests/per_provider/provider_cfg/pkcs11/config.toml +fi + +RUST_BACKTRACE=1 cargo build -vv $FEATURES +RUST_BACKTRACE=1 cargo run -vv $FEATURES -- --config tests/per_provider/provider_cfg/$1/config.toml & +SERVER_PID=$! +# Sleep time needed to make sure Parsec is ready before launching the tests. +sleep 5 + +################ +# Normal tests # +################ +RUST_BACKTRACE=1 cargo test -vv $FEATURES normal_tests + +##################### +# Persistence tests # +##################### +RUST_BACKTRACE=1 cargo test -vv $FEATURES persistent-before + +# Create a fake mapping file for the root application, the provider and a +# key name of "Test Key". It contains a valid PSA Key ID. +# It is tested in test "should_have_been_deleted". +# This test does not make sense for the TPM provider. +if [[ $1 = "mbed-crypto" ]] +then + # For Mbed Provider + mkdir -p mappings/cm9vdA==/1 + printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/1/VGVzdCBLZXk\= +fi +if [[ $1 = "pkcs11" ]] +then + # For PKCS 11 Provider + mkdir -p mappings/cm9vdA==/2 + printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/2/VGVzdCBLZXk\= +fi + +# Trigger a configuration reload to load the new mappings. +kill -s SIGHUP $SERVER_PID + +RUST_BACKTRACE=1 cargo test -vv $FEATURES persistent-after + +################ +# Stress tests # +################ +RUST_BACKTRACE=1 cargo test -vv $FEATURES stress_test + +kill $SERVER_PID +cargo clean diff --git a/tests/normal.rs b/tests/per_provider/mod.rs similarity index 88% rename from tests/normal.rs rename to tests/per_provider/mod.rs index 24145eef..7299302d 100644 --- a/tests/normal.rs +++ b/tests/per_provider/mod.rs @@ -12,6 +12,7 @@ // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - -// This module combines all tests that can be run without having to restart the service. mod normal_tests; +mod persistent_after; +mod persistent_before; +mod stress_test; diff --git a/tests/normal_tests/asym_sign_verify.rs b/tests/per_provider/normal_tests/asym_sign_verify.rs similarity index 100% rename from tests/normal_tests/asym_sign_verify.rs rename to tests/per_provider/normal_tests/asym_sign_verify.rs diff --git a/tests/normal_tests/auth.rs b/tests/per_provider/normal_tests/auth.rs similarity index 100% rename from tests/normal_tests/auth.rs rename to tests/per_provider/normal_tests/auth.rs diff --git a/tests/normal_tests/basic.rs b/tests/per_provider/normal_tests/basic.rs similarity index 100% rename from tests/normal_tests/basic.rs rename to tests/per_provider/normal_tests/basic.rs diff --git a/tests/normal_tests/create_destroy_key.rs b/tests/per_provider/normal_tests/create_destroy_key.rs similarity index 100% rename from tests/normal_tests/create_destroy_key.rs rename to tests/per_provider/normal_tests/create_destroy_key.rs diff --git a/tests/normal_tests/export_public_key.rs b/tests/per_provider/normal_tests/export_public_key.rs similarity index 100% rename from tests/normal_tests/export_public_key.rs rename to tests/per_provider/normal_tests/export_public_key.rs diff --git a/tests/normal_tests/import_key.rs b/tests/per_provider/normal_tests/import_key.rs similarity index 100% rename from tests/normal_tests/import_key.rs rename to tests/per_provider/normal_tests/import_key.rs diff --git a/tests/normal_tests/mod.rs b/tests/per_provider/normal_tests/mod.rs similarity index 97% rename from tests/normal_tests/mod.rs rename to tests/per_provider/normal_tests/mod.rs index 73fc3f30..931c9eb4 100644 --- a/tests/normal_tests/mod.rs +++ b/tests/per_provider/normal_tests/mod.rs @@ -16,7 +16,6 @@ mod asym_sign_verify; mod auth; mod basic; mod create_destroy_key; -mod describe_assets; mod export_public_key; mod import_key; mod ping; diff --git a/tests/normal_tests/ping.rs b/tests/per_provider/normal_tests/ping.rs similarity index 100% rename from tests/normal_tests/ping.rs rename to tests/per_provider/normal_tests/ping.rs diff --git a/tests/persistent-after.rs b/tests/per_provider/persistent_after.rs similarity index 100% rename from tests/persistent-after.rs rename to tests/per_provider/persistent_after.rs diff --git a/tests/persistent-before.rs b/tests/per_provider/persistent_before.rs similarity index 100% rename from tests/persistent-before.rs rename to tests/per_provider/persistent_before.rs diff --git a/tests/per_provider/provider_cfg/mbed-crypto/Dockerfile b/tests/per_provider/provider_cfg/mbed-crypto/Dockerfile new file mode 100644 index 00000000..675f3c40 --- /dev/null +++ b/tests/per_provider/provider_cfg/mbed-crypto/Dockerfile @@ -0,0 +1,16 @@ +FROM ubuntu:latest + +RUN apt-get update && \ + apt-get install -y git make gcc python3 python curl wget && \ + # These libraries are needed for bindgen as it uses libclang.so + apt-get install -y clang libclang-dev libc6-dev-i386 + +WORKDIR /tmp +RUN wget https://github.com/ARMmbed/mbed-crypto/archive/mbedcrypto-2.0.0.tar.gz +RUN tar xf mbedcrypto-2.0.0.tar.gz +RUN cd mbed-crypto-mbedcrypto-2.0.0 \ + && make + +# Install Rust toolchain +RUN curl https://sh.rustup.rs -sSf | bash -s -- -y +ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/tests/per_provider/provider_cfg/mbed-crypto/config.toml b/tests/per_provider/provider_cfg/mbed-crypto/config.toml new file mode 100644 index 00000000..e1433c58 --- /dev/null +++ b/tests/per_provider/provider_cfg/mbed-crypto/config.toml @@ -0,0 +1,16 @@ +[core_settings] +log_level = "debug" +# The CI already timestamps the logs +log_timestamp = false + +[listener] +listener_type = "DomainSocket" +timeout = 200 # in milliseconds + +[[key_manager]] +name = "on-disk-manager" +manager_type = "OnDisk" + +[[provider]] +provider_type = "MbedProvider" +key_id_manager = "on-disk-manager" diff --git a/tests/per_provider/provider_cfg/pkcs11/Dockerfile b/tests/per_provider/provider_cfg/pkcs11/Dockerfile new file mode 100644 index 00000000..e830dfb0 --- /dev/null +++ b/tests/per_provider/provider_cfg/pkcs11/Dockerfile @@ -0,0 +1,22 @@ +FROM ubuntu:latest + +RUN apt-get update && \ + apt-get install -y wget automake autoconf libtool pkg-config && \ + apt-get install -y curl libssl-dev + +WORKDIR /tmp +RUN wget https://github.com/opendnssec/SoftHSMv2/archive/2.5.0.tar.gz +RUN tar xf 2.5.0.tar.gz +RUN cd SoftHSMv2-2.5.0 \ + && sh autogen.sh \ + && ./configure --disable-gost \ + && make \ + && make install + +# Install Rust toolchain +RUN curl https://sh.rustup.rs -sSf | bash -s -- -y +ENV PATH="/root/.cargo/bin:${PATH}" + +# Create a new token in a new slot. The slot number assigned will be random +# and is found with the find_slot_number script. +RUN softhsm2-util --init-token --slot 0 --label "Parsec Tests" --pin 123456 --so-pin 123456 diff --git a/tests/per_provider/provider_cfg/pkcs11/config.toml b/tests/per_provider/provider_cfg/pkcs11/config.toml new file mode 100644 index 00000000..ada422ad --- /dev/null +++ b/tests/per_provider/provider_cfg/pkcs11/config.toml @@ -0,0 +1,21 @@ +[core_settings] +log_level = "debug" +# The CI already timestamps the logs +log_timestamp = false + +[listener] +listener_type = "DomainSocket" +timeout = 200 # in milliseconds + +[[key_manager]] +name = "on-disk-manager" +manager_type = "OnDisk" + +[[provider]] +provider_type = "Pkcs11Provider" +key_id_manager = "on-disk-manager" +library_path = "/usr/local/lib/softhsm/libsofthsm2.so" +user_pin = "123456" +# The slot_number mandatory field is going to be added by the find_slot_number.sh script +# to the last line of this file in the form: +# slot_number = 123456 diff --git a/tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh b/tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh new file mode 100755 index 00000000..21ca0551 --- /dev/null +++ b/tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# ------------------------------------------------------------------------------ +# Copyright (c) 2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ------------------------------------------------------------------------------ + +# Because the slot number returned by the softhsm2-util command when creating a new token is +# random, this scripts provides a way to find the slot number that was created by the container +# and append it at the end of the configuration. +# +# Usage: ./tests/per_provider/provider_cfg/pkcs11/find_slot_number.sh CONFIG_FILEPATH + +set -e + +# This command suppose that the slot created by the container will be the first one that appears +# when printing all the available slots. +SLOT_NUMBER=`softhsm2-util --show-slots | head -n2 | tail -n1 | cut -d " " -f 2` + +# Append the slot number to the given config.toml file. +echo "slot_number = $SLOT_NUMBER" >> $1 diff --git a/tests/per_provider/provider_cfg/tpm/Dockerfile b/tests/per_provider/provider_cfg/tpm/Dockerfile new file mode 100644 index 00000000..4b56d1ef --- /dev/null +++ b/tests/per_provider/provider_cfg/tpm/Dockerfile @@ -0,0 +1,23 @@ +FROM tpm2software/tpm2-tss + +ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig + +# Download and install TSS 2.0 +RUN git clone https://github.com/tpm2-software/tpm2-tss.git --branch 2.3.1 +RUN cd tpm2-tss \ + && ./bootstrap \ + && ./configure \ + && make -j$(nproc) \ + && make install \ + && ldconfig + +# Download and install TPM2 tools +RUN git clone https://github.com/tpm2-software/tpm2-tools.git --branch 4.1 +RUN cd tpm2-tools \ + && ./bootstrap \ + && ./configure --enable-unit \ + && make install + +# Install Rust toolchain +RUN curl https://sh.rustup.rs -sSf | bash -s -- -y +ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/tests/per_provider/provider_cfg/tpm/config.toml b/tests/per_provider/provider_cfg/tpm/config.toml new file mode 100644 index 00000000..91a21dea --- /dev/null +++ b/tests/per_provider/provider_cfg/tpm/config.toml @@ -0,0 +1,17 @@ +[core_settings] +log_level = "debug" +# The CI already timestamps the logs +log_timestamp = false + +[listener] +listener_type = "DomainSocket" +timeout = 200 # in milliseconds + +[[key_manager]] +name = "on-disk-manager" +manager_type = "OnDisk" + +[[provider]] +provider_type = "TpmProvider" +key_id_manager = "on-disk-manager" +tcti = "mssim" diff --git a/tests/stress_test.rs b/tests/per_provider/stress_test.rs similarity index 100% rename from tests/stress_test.rs rename to tests/per_provider/stress_test.rs