Introduce sm-cipher workflow tests to wolfsm

gojimmypi · gojimmypi · commit 80d8dfe0747a · 2025-09-18T16:43:34.000-07:00
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability, please report it to support@wolfssl.com
+
+ 1. Include a detailed description
+ 2. Include method to reproduce and/or method of discovery
+ 3. We will evaluate the report promptly and respond to you with findings.
+ 4. We will credit you with the report if you would like.
+
+**Please keep the vulnerability private** until a fix has been released.
diff --git a/.github/workflows/sm-cipher.yml b/.github/workflows/sm-cipher.yml
@@ -0,0 +1,194 @@
+name: SM Cipher Test (2 of 2)
+#
+# Test fetches wolfssl-examples/Arduino and uses local, latest github master branch wolfssl
+#
+# These 4 workflows across 3 repos are interdependent for the current $REPO_OWNER:
+#
+# sm-cipher CI Build 1: https://github.com/$REPO_OWNER/wolfssl      #  /.github/workflows/sm-cipher.yml
+#   - Builds SM-enabled library from local clone of wolfssl master branch
+#   - Fetches examples from https://github.com/$REPO_OWNER/wolfsm
+#
+# THIS sm-cipher CI Build 2: https://github.com/$REPO_OWNER/wolfsm  #  /.github/workflows/sm-cipher.yml
+#   - Builds SM-enabled library from fresh clone of wolfssl master branch here
+#
+#                                   ** NOTE TO MAINTAINERS **
+#
+#           Consider using winmerge or similar tool to keep the 2 sm-cipher.yml files in relative sync.
+#           Although there are some specific differences, most of the contents are otherwise identical.
+#
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ '**', 'master', 'main', 'release/**' ]
+    paths:
+      - '.github/workflows/sm-cipher.yml'
+      - './**'
+  pull_request:
+    # Run after merge on protected branches
+    branches: [ "main", "master", "release/**" ]
+    paths:
+      - '.github/workflows/sm-cipher.yml'
+      - './**'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    env:
+      REPO_OWNER: ${{ github.repository_owner }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set job environment variables
+        run: |
+          # Script to assign some common environment variables after everything is installed
+
+          ICON_OK=$(printf "\xE2\x9C\x85")
+          ICON_FAIL=$(printf "\xE2\x9D\x8C")
+
+          # Show predefined summary:
+
+          # For the wolfssl repo, the GITHUB_WORKSPACE is the directory of wolfssl
+          echo "GITHUB_WORKSPACE       = $GITHUB_WORKSPACE"
+
+          # Show assigned build:env values (e.g. "wolfssl", "gojimmpi" or other owners):
+          echo "REPO_OWNER             = $REPO_OWNER"
+
+          # Update environment variables, not available here in this step yet
+          echo "GITHUB_WORK=$(realpath  "$GITHUB_WORKSPACE/../..")"       >> "$GITHUB_ENV"
+          echo "WOLFSM_ROOT=$(realpath  "$GITHUB_WORKSPACE/../wolfsm")"   >> "$GITHUB_ENV"
+          echo "WOLFSSL_ROOT=$(realpath "$GITHUB_WORKSPACE/../wolfssl")"  >> "$GITHUB_ENV"
+
+          echo "GITHUB_ENV=$GITHUB_ENV"
+
+          git status
+
+          echo "contents..."
+          # typically "/home/runner/work/wolfssl/wolfssl" contains wolfssl source
+          pwd
+          ls
+          # ** END ** Set job environment variables
+
+      - name: Get wolfssl
+        run: |
+          # We are in wolfsm repo, fetch wolfssl code
+
+          # Show our custom values:
+          echo "GITHUB_WORK            = $GITHUB_WORK"
+
+          # WOLFSM_ROOT is the repo root for wolfsm clone
+          echo "WOLFSM_ROOT            = $WOLFSM_ROOT"
+
+          echo "Start pwd:"
+          pwd
+          # we're typically in $GITHUB_WORKSPACE=/home/runner/work/wolfssl/wolfssl
+          # goto /home/runner/work to fetch wolfsm
+
+          echo "Current pwd for wolfsm clone fetch: $(pwd)"
+          GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..")
+          echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"
+
+
+          pushd ../
+            echo "Updated pwd for wolfssl clone fetch: $(pwd)"
+
+            echo "clone --depth 1 https://github.com/$REPO_OWNER/wolfssl.git wolfssl"
+
+            git   clone --depth 1 https://github.com/$REPO_OWNER/wolfssl.git wolfssl
+
+            cd ./wolfssl
+            echo "Contents of this path for wolfssl = $(pwd)"
+            ls
+          popd
+
+          # ** END ** Get wolfssl
+
+      - name: Install wolfsm
+        run: |
+          # Run the local install.sh install script to install wolfsm code
+
+          echo "Current pwd for wolfsm clone fetch: $(pwd)"
+          GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..")
+          echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"
+
+          # Typically /home/runner/work
+          echo "GITHUB_WORK=$GITHUB_WORK"
+          pwd
+          echo "pushd $WOLFSM_ROOT"
+          pushd "$WOLFSM_ROOT"
+            pwd
+            ls
+
+            echo "wolfssl check"
+            ls ../wolfssl
+
+            echo "Call wolfsm/install.sh to install wolfsm code into $WOLFSSL_ROOT"
+            ./install.sh "$WOLFSSL_ROOT"
+          popd
+
+          echo "contents..."
+          pwd
+          ls
+
+          # ** END ** Install wolfsm
+
+      - name: Compile wolfssl
+        run: |
+          # Compile fresh wolfSSL with wolfsm code
+
+          cd "$WOLFSSL_ROOT"
+          echo "Current directory:           $PWD"
+
+          ./autogen.sh
+          ./configure --enable-sm3 --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr --enable-sm4-gcm --enable-sm4-ccm --enable-sm2
+          make
+
+          # ** END ** Compile wolfssl
+
+      - name: make check
+        run: |
+          # make check
+
+          cd "$WOLFSSL_ROOT"
+          echo "Current directory:           $PWD"
+
+          make check
+
+          # ** END ** make check
+
+      - name: Unit test
+        run: |
+          # Run unit.test ./tests/test-sm2.conf
+
+          cd "$WOLFSSL_ROOT"
+          echo "Current directory:           $PWD"
+
+          echo "looking for test-sm2.conf"
+          ls ./tests/test-sm2.conf
+
+          echo "Run unit test: ./tests/unit.test ./tests/test-sm2.conf"
+          ./tests/unit.test ./tests/test-sm2.conf
+
+          # ** END ** Unit test
+
+      - name: Run SM benchmark
+        shell: bash
+        run: |
+          # Run benchmark from cloned wolfssl directory
+
+          cd "$WOLFSSL_ROOT"
+          echo "Current directory:           $PWD"
+
+          set -euo pipefail
+
+          ./wolfcrypt/benchmark/benchmark
+
+          # ** END ** un SM benchmark
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,8 @@
+﻿# Visual Studio
+/.vs
+
+# Visual Studio Code Workspace Files
+*.vscode
+
+# Backup files
+*.bak
