Skip to content

Commit 529e02b

Browse files
authored
Merge pull request #454 from aidangarske/add-ci-sanitizers
Upgrade wolfTPM CI testing
2 parents 014b6a0 + d6ba381 commit 529e02b

File tree

25 files changed

+262
-25
lines changed

25 files changed

+262
-25
lines changed

.github/workflows/codespell.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
name: Codespell
2+
3+
on:
4+
push:
5+
branches: [ 'master', 'main', 'release/**' ]
6+
pull_request:
7+
branches: [ '*' ]
8+
9+
concurrency:
10+
group: ${{ github.workflow }}-${{ github.ref }}
11+
cancel-in-progress: true
12+
13+
jobs:
14+
codespell:
15+
name: Check spelling
16+
runs-on: ubuntu-latest
17+
timeout-minutes: 5
18+
steps:
19+
- name: Checkout wolfTPM
20+
uses: actions/checkout@v4
21+
22+
- name: Run codespell
23+
uses: codespell-project/actions-codespell@v2
24+
with:
25+
skip: .git,./IDE,./certs,./m4,*.der,*.pem
26+
ignore_words_list: inh,inout,keypair,nd,parm,rcv,ser,loadIn,importIn,certifyIn,bu,fo
Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
name: Multiple Compilers
2+
3+
on:
4+
push:
5+
branches: [ 'master', 'main', 'release/**' ]
6+
pull_request:
7+
branches: [ '*' ]
8+
9+
concurrency:
10+
group: ${{ github.workflow }}-${{ github.ref }}
11+
cancel-in-progress: true
12+
13+
jobs:
14+
build_wolfssl:
15+
name: Build wolfSSL
16+
runs-on: ubuntu-latest
17+
timeout-minutes: 5
18+
steps:
19+
- name: Checkout wolfSSL
20+
uses: actions/checkout@v4
21+
with:
22+
repository: wolfssl/wolfssl
23+
path: wolfssl
24+
25+
- name: Build wolfSSL
26+
working-directory: ./wolfssl
27+
run: |
28+
./autogen.sh
29+
./configure --enable-wolftpm --enable-pkcallbacks
30+
make -j$(nproc)
31+
sudo make install
32+
sudo ldconfig
33+
34+
- name: tar build-dir
35+
run: tar -zcf wolfssl-install.tgz /usr/local/lib/libwolfssl* /usr/local/include/wolfssl
36+
37+
- name: Upload built lib
38+
uses: actions/upload-artifact@v4
39+
with:
40+
name: wolfssl-multi-compiler
41+
path: wolfssl-install.tgz
42+
retention-days: 5
43+
44+
compiler_test:
45+
name: ${{ matrix.cc }}
46+
runs-on: ubuntu-latest
47+
timeout-minutes: 5
48+
needs: build_wolfssl
49+
strategy:
50+
fail-fast: false
51+
matrix:
52+
include:
53+
- cc: gcc-11
54+
cxx: g++-11
55+
- cc: gcc-12
56+
cxx: g++-12
57+
- cc: gcc-13
58+
cxx: g++-13
59+
- cc: clang-14
60+
cxx: clang++-14
61+
- cc: clang-15
62+
cxx: clang++-15
63+
- cc: clang-17
64+
cxx: clang++-17
65+
66+
steps:
67+
- name: Install compiler
68+
run: |
69+
sudo apt-get update
70+
sudo apt-get install -y ${{ matrix.cc }}
71+
72+
- name: Checkout wolfTPM
73+
uses: actions/checkout@v4
74+
75+
- name: Download wolfSSL
76+
uses: actions/download-artifact@v4
77+
with:
78+
name: wolfssl-multi-compiler
79+
80+
- name: Install wolfSSL
81+
run: |
82+
sudo tar -xzf wolfssl-install.tgz -C /
83+
sudo ldconfig
84+
85+
- name: Build wolfTPM with ${{ matrix.cc }}
86+
env:
87+
CC: ${{ matrix.cc }}
88+
CXX: ${{ matrix.cxx }}
89+
run: |
90+
./autogen.sh
91+
./configure CFLAGS="-Wall -Wextra -Wpedantic"
92+
make -j$(nproc)
93+
94+
- name: Make dist
95+
run: make dist
96+
97+
- name: Show log on errors
98+
if: failure()
99+
run: cat config.log

.github/workflows/sanitizer.yml

Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,112 @@
1+
name: Sanitizer Tests
2+
3+
on:
4+
push:
5+
branches: [ 'master', 'main', 'release/**' ]
6+
pull_request:
7+
branches: [ '*' ]
8+
9+
concurrency:
10+
group: ${{ github.workflow }}-${{ github.ref }}
11+
cancel-in-progress: true
12+
13+
jobs:
14+
build_wolfssl:
15+
name: Build wolfSSL
16+
runs-on: ubuntu-latest
17+
timeout-minutes: 5
18+
steps:
19+
- name: Checkout wolfSSL
20+
uses: actions/checkout@v4
21+
with:
22+
repository: wolfssl/wolfssl
23+
path: wolfssl
24+
25+
- name: Build wolfSSL
26+
working-directory: ./wolfssl
27+
run: |
28+
./autogen.sh
29+
./configure --enable-wolftpm --enable-pkcallbacks
30+
make -j$(nproc)
31+
sudo make install
32+
sudo ldconfig
33+
34+
- name: tar build-dir
35+
run: tar -zcf wolfssl-install.tgz /usr/local/lib/libwolfssl* /usr/local/include/wolfssl
36+
37+
- name: Upload built lib
38+
uses: actions/upload-artifact@v4
39+
with:
40+
name: wolfssl-install
41+
path: wolfssl-install.tgz
42+
retention-days: 5
43+
44+
sanitizer_test:
45+
name: ${{ matrix.name }}
46+
runs-on: ubuntu-latest
47+
timeout-minutes: 10
48+
needs: build_wolfssl
49+
strategy:
50+
fail-fast: false
51+
matrix:
52+
include:
53+
- name: "ASan"
54+
cflags: "-fsanitize=address -fno-omit-frame-pointer -g -O1"
55+
ldflags: "-fsanitize=address"
56+
- name: "UBSan"
57+
cflags: "-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -g"
58+
ldflags: "-fsanitize=undefined"
59+
- name: "LeakSan"
60+
cflags: "-fsanitize=leak -fno-omit-frame-pointer -g"
61+
ldflags: "-fsanitize=leak"
62+
63+
steps:
64+
- name: Workaround high-entropy ASLR
65+
run: sudo sysctl vm.mmap_rnd_bits=28
66+
67+
- name: Checkout wolfTPM
68+
uses: actions/checkout@v4
69+
70+
- name: Download wolfSSL
71+
uses: actions/download-artifact@v4
72+
with:
73+
name: wolfssl-install
74+
75+
- name: Install wolfSSL
76+
run: |
77+
sudo tar -xzf wolfssl-install.tgz -C /
78+
sudo ldconfig
79+
80+
- name: Setup ibmswtpm2
81+
uses: actions/checkout@v4
82+
with:
83+
repository: kgoldman/ibmswtpm2
84+
path: ibmswtpm2
85+
86+
- name: Build and start TPM simulator
87+
working-directory: ./ibmswtpm2/src
88+
run: |
89+
make -j$(nproc)
90+
./tpm_server &
91+
sleep 2
92+
93+
- name: Build wolfTPM with ${{ matrix.name }}
94+
run: |
95+
./autogen.sh
96+
./configure --enable-swtpm \
97+
CFLAGS="${{ matrix.cflags }}" LDFLAGS="${{ matrix.ldflags }}"
98+
make -j$(nproc)
99+
100+
- name: Run tests
101+
run: make check
102+
103+
- name: Upload failure logs
104+
if: failure()
105+
uses: actions/upload-artifact@v4
106+
with:
107+
name: wolftpm-${{ matrix.name }}-logs
108+
path: |
109+
run.out
110+
test-suite.log
111+
config.log
112+
retention-days: 5

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -936,7 +936,7 @@ Firmware update: LMS format required
936936

937937
## Device Identity and Attestation Keys
938938

939-
The TCG published a specification for TPM manufacture guidance on setting up keys that can be used for device identiy and attestation.
939+
The TCG published a specification for TPM manufacture guidance on setting up keys that can be used for device identity and attestation.
940940

941941
This feature has been tested with the ST33KTPM and is enabled with `WOLFTPM_MFG_IDENTITY`. The ST33KTPM samples are provisioned with a default master password enabled with `TEST_SAMPLE`. To define your own master password use `TPM2_IAK_SAMPLE_MASTER_PASSWORD`. The master password is hashed along with the device serial number to produce authentication for accessing these keys.
942942

@@ -946,7 +946,7 @@ The default keys are ECDSA SECP384R1 with SHA2-384 and stored in NV Index define
946946
### TPM Endorsement Key Certificates
947947

948948
The TCG EK Credential Profile defines how manufacturers provision endorsement certificates in the TCG NV index range (see TPM_20_TCG_NV_SPACE).
949-
The `get_ek_certs` example shows how to retrieve those EK cerificates, validate them and create a primary EK handle for signing.
949+
The `get_ek_certs` example shows how to retrieve those EK certificates, validate them and create a primary EK handle for signing.
950950
See `./examples/endorsement/get_ek_certs`.
951951

952952

configure.ac

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -555,7 +555,7 @@ for option in $OPTION_FLAGS; do
555555
continue
556556
fi
557557

558-
# allow user to igonore system options
558+
# allow user to ignore system options
559559
ignoresys=no
560560
if [[[ $noequalsign == _* ]]] ;
561561
then

docs/Doxyfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -794,7 +794,7 @@ CITE_BIB_FILES =
794794
# messages are off.
795795
# The default value is: NO.
796796

797-
# TODO set to YES for upsteaming
797+
# TODO set to YES for upstreaming
798798
QUIET = NO
799799

800800
# The WARNINGS tag can be used to turn on/off the warning messages that are

examples/attestation/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ The transfer of the challenge response containing the secret in plain (or used a
104104

105105
The certify example shows how to use the `TPM2_Certify` API to sign the attestation info for another key. This can be used to prove that an object with a specific name is loaded into the TPM. A common example of this is using the restricted IAK to sign the attestation information for the IDevID.
106106

107-
The create_primary example support creating RSA or ECC initial device identity (IDevID) and attestation identity (IAK) keys. These are created under the endorsement hierarchy and follow the "TPM 2.0 Keys for Device Identity and Attestation" TCG specification for setting up the primary key policies. Figures 10 and 11 fom this specification shows the IAK/IDevID policy.
107+
The create_primary example support creating RSA or ECC initial device identity (IDevID) and attestation identity (IAK) keys. These are created under the endorsement hierarchy and follow the "TPM 2.0 Keys for Device Identity and Attestation" TCG specification for setting up the primary key policies. Figures 10 and 11 from this specification shows the IAK/IDevID policy.
108108

109109
![Figure 10: Example IDevID Key Delegation Policy](tpm_idevid_policy.png)
110110

examples/endorsement/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ We have loaded some of the root and intermediate CA's into the trusted_certs.h f
1717
7) The URI for the CA issuer certificate can be obtained in `extAuthInfoCaIssuer`.
1818
8) Import the certificate public key and compare it against the primary EK public unique area.
1919
9) Use the wolfSSL Certificate Manager to validate the EK certificate. Trusted certificates are loaded using `wolfSSL_CertManagerLoadCABuffer` and the EK certificate is validated using `wolfSSL_CertManagerVerifyBuffer`.
20-
10) Optionally covert to PEM and export using `wc_DerToPem`.
20+
10) Optionally convert to PEM and export using `wc_DerToPem`.
2121

2222
## Example certificate chains
2323

examples/firmware/ifx_fw_extract.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636
#include <unistd.h>
3737
#include <stdint.h>
3838

39-
/* Endianess helpers */
39+
/* Endianness helpers */
4040
#if defined(__MACH__) || defined(__APPLE__)
4141
#include <machine/endian.h>
4242
#include <libkern/OSByteOrder.h>

examples/gpio/gpio_config.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -242,7 +242,7 @@ int TPM2_GPIO_Config_Example(void* userCtx, int argc, char *argv[])
242242
rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, nvIndex, nvAttributes,
243243
sizeof(BYTE), (byte*)gNvAuth, sizeof(gNvAuth)-1);
244244
if (rc != 0 && rc != TPM_RC_NV_DEFINED) {
245-
printf("Creating NV Index for GPIO acccess failed\n");
245+
printf("Creating NV Index for GPIO access failed\n");
246246
goto exit;
247247
}
248248
wolfTPM2_SetAuthHandle(&dev, 0, &nv.handle);

0 commit comments

Comments
 (0)