rsa key validation test and additions to rsa fromdata test #833
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tpm2-tools Tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| test_tpm2_tools: | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tpm2_tools_ref: [ '5.7' ] | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] | |
| replace_default: [ true ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Install tpm2-tools test dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y git build-essential expect vim dbus vim-common \ | |
| autoconf-archive python3 python3-yaml python3-pip libefivar-dev \ | |
| libcmocka-dev automake libtool pkg-config build-essential pandoc \ | |
| libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev | |
| - name: Download tpm2-tools | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: tpm2-software/tpm2-tools | |
| ref: ${{ matrix.tpm2_tools_ref }} | |
| path: tpm2-tools | |
| fetch-depth: 1 | |
| - name: Build tpm2-tools | |
| working-directory: tpm2-tools | |
| run: | | |
| ./bootstrap | |
| ./configure \ | |
| --prefix="$GITHUB_WORKSPACE/tpm2-tools-install" \ | |
| --enable-unit | |
| make -j$(nproc) | |
| - name: Run tpm2-tools tests | |
| working-directory: tpm2-tools | |
| shell: bash | |
| run: | | |
| set +o pipefail # ignore errors from make check | |
| export ${{ matrix.force_fail }} | |
| # Run only unit tests and integration tests that dont need TPM2 hardware/simulator | |
| make check TESTS="test/unit/test_string_bytes test/unit/test_files \ | |
| test/unit/test_tpm2_header test/unit/test_tpm2_attr_util test/unit/test_tpm2_alg_util \ | |
| test/unit/test_pcr test/unit/test_tpm2_auth_util test/unit/test_tpm2_errata \ | |
| test/unit/test_tpm2_session test/unit/test_tpm2_policy test/unit/test_tpm2_util \ | |
| test/unit/test_options test/unit/test_cc_util test/unit/test_tpm2_eventlog \ | |
| test/unit/test_tpm2_eventlog_yaml test/unit/test_object \ | |
| test/integration/tests/X509certutil test/integration/tests/toggle_options \ | |
| test/integration/tests/rc_decode test/integration/tests/X509certutil" 2>&1 | tee tpm2-tools-test.log | |
| # Capture result - Fails test/unit/test_tpm2_policy and test/unit/test_tpm2_eventlog with WPFF | |
| TEST_RESULT=$(grep -q "# PASS: 20" tpm2-tools-test.log && echo "0" || echo "1") | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tpm2-tools |