diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a3dcb2fa..e76b93b2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build +name: CryptoLib on: push: @@ -6,161 +6,71 @@ on: pull_request: jobs: - debug_libgcrypt_build: - # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. - # You can convert this to a matrix build if you need cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=0 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - libgcrypt_build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=0 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - - sql_libgcrypt_debug_build: + # + # Minimal Build + # + minimal_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + - name: Install Python Libraries + run: sudo pip install pycryptodome + # End Container Setup - sql_libgcrypt_build: + - name: Minimal Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_minimal.sh + + # + # Internal Build + # + internal_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - - sql_libgcrypt_kmc_debug_build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=1 -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - - sql_libgcrypt_kmc_build: + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + - name: Install Python Libraries + run: sudo pip install pycryptodome + # End Container Setup + + - name: Internal Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + + - name: Code-Coverage + working-directory: ${{github.workspace}} + run: make gcov + + - name: Upload + uses: codecov/codecov-action@v1 + with: + files: 'coverage/*.c.gcov' + + # + # KMC Build + # + kmc_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=1 -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + - name: Install Python Libraries + run: sudo pip install pycryptodome + # End Container Setup + + - name: KMC Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_kmc.sh \ No newline at end of file diff --git a/.github/workflows/utest.yml b/.github/workflows/utest.yml deleted file mode 100644 index a90523f3..00000000 --- a/.github/workflows/utest.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Unit Tests - -on: - push: - branches: [ main, dev ] - pull_request: - -env: - # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) - BUILD_TYPE: DEBUG - -jobs: - build: - # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. - # You can convert this to a matrix build if you need cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DTEST=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - - - name: Test-TC_APPLY - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tc_apply - - - name: Test-TC_PROCESS - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tc_process - - - name: Test-TM_APPLY - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tm_apply - - - name: Test-TM_PROCESS - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tm_process - - - name: Test-CRYPTO_CONFIG - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto_config - - - name: Test-CRYPTO - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto - - - name: Test-CRYPTO_AOS - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto_aos - - - name: Test-CRYPTO_MC - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto_mc diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml deleted file mode 100644 index b6ab9d8b..00000000 --- a/.github/workflows/validation.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Validation Tests - -on: - push: - branches: [ main, dev] - pull_request: - -env: - # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) - BUILD_TYPE: DEBUG - -jobs: - build: - # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. - # You can convert this to a matrix build if you need cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev python3 lcov - - - name: Install Python Libraries - run: sudo pip install pycryptodome - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DTEST=1 -DTEST_ENC=1 -DDEBUG=1 -DCODECOV=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: | - ${{github.workspace}}/build/bin/et_dt_validation - ctest -C ${{env.BUILD_TYPE}} - - - name: Code-Coverage - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: make gcov - - - name: Upload - uses: codecov/codecov-action@v1 - with: - #files: ${{github.workspace}}/build/coverage/crypto_aos.c.gcov,${{github.workspace}}/build/coverage/crypto_config.c.gcov,${{github.workspace}}/build/coverage/crypto_mc.c.gcov,${{github.workspace}}/build/coverage/crypto_tc.c.gcov,${{github.workspace}}/build/coverage/crypto_user.c.gcov,${{github.workspace}}/build/coverage/crypto.c.gcov,${{github.workspace}}/build/coverage/crypto_key_mgmt.c.gcov,${{github.workspace}}/build/coverage/crypto_print.c.gcov,${{github.workspace}}/build/coverage/crypto_tm.c.gcov,${{github.workspace}}/build/coverage/sadb_routine_inmemory.template.c.gcov - files: 'coverage/*.c.gcov' diff --git a/.gitignore b/.gitignore index a6683bba..8671517b 100644 --- a/.gitignore +++ b/.gitignore @@ -11,7 +11,7 @@ __pycache__ *.dat *.so -build* +build/ venv vgcore* core.* diff --git a/src/key/kmc/key_interface_kmc.template.c b/src/key/kmc/key_interface_kmc.template.c index cb85dac8..6a3fd525 100644 --- a/src/key/kmc/key_interface_kmc.template.c +++ b/src/key/kmc/key_interface_kmc.template.c @@ -19,7 +19,6 @@ #include "key_interface.h" /* Variables */ -static crypto_key_t ek_ring[NUM_KEYS] = {0}; static KeyInterfaceStruct key_if_struct; /* Prototypes */ @@ -40,7 +39,6 @@ static crypto_key_t* get_key(uint32_t key_id) { /* Avoid set but not used warning */ key_id = key_id; - key_ptr = key_ptr; fprintf(stderr, "Attempting to access key ring with KMC Crypto Service. This shouldn't happen!\n "); diff --git a/support/Dockerfile b/support/Dockerfile new file mode 100644 index 00000000..47c13c38 --- /dev/null +++ b/support/Dockerfile @@ -0,0 +1,30 @@ +# CryptoLib Dockerfile +# +# docker build -t ivvitc/cryptolib:latest . +# docker push ivvitc/cryptolib:latest +# + +FROM ubuntu:20.04 AS cl0 + +# Install required packages +ARG DEBIAN_FRONTEND=noninteractive +RUN apt-get update -y \ + && apt-get install -y \ + autoconf \ + cmake \ + g++-multilib \ + gcc-multilib \ + gettext \ + git \ + gdb \ + lcov \ + libcurl4-openssl-dev \ + libmariadb-dev \ + libmariadb-dev-compat \ + libgcrypt20-dev \ + libtool \ + python3-dev \ + python3-pip \ + && rm -rf /var/lib/apt/lists/* + +RUN pip3 install pycryptodome diff --git a/support/ansible/cryptolib-centos.yml b/support/ansible/cryptolib-centos.yml deleted file mode 100644 index 0a5b53fc..00000000 --- a/support/ansible/cryptolib-centos.yml +++ /dev/null @@ -1,90 +0,0 @@ -# Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. All Foreign Rights are Reserved to the U.S. Government. -# This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, including, but not -# limited to, any warranty that the software will conform to specifications, any implied warranties of merchantability, fitness -# for a particular purpose, and freedom from infringement, and any warranty that the documentation will conform to the program, or -# any warranty that the software will be error free. -# In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or consequential damages, -# arising out of, resulting from, or in any way connected with the software or its documentation, whether or not based upon warranty, -# contract, tort or otherwise, and whether or not loss was sustained from, or arose out of the results of, or use of, the software, -# documentation or services provided hereunder. -# ITC Team -# NASA IV&V -# jstar-development-team@mail.nasa.gov -# -# -# -# sudo ansible-playbook cryptolib-centos.yml -i ./hosts ---- -- name: CryptoLib CentOS 8 Setup - hosts: all - vars: - # Set this to 1 to install visual studio code - # todo: make a command line variable - install_vscode: 0 - - tasks: - - name: install updates - yum: update_cache=yes - - name: install EPEL - dnf: - name: epel-release - state: latest - - name: Install Dependencies - yum: - name: "{{ packages }}" - vars: - packages: - - git - - "@development tools" - - cmake - - libgcrypt-devel - - python3 - - python3-devel - - python3-pip - - kernel-devel - - mysql-devel - # add additional packages here - - - name: Install pycryptodome - pip: - name: pycryptodome - - name: Install vscode Key - rpm_key: - key: https://packages.microsoft.com/keys/microsoft.asc - state: present - when: install_vscode == 1 - - - name: Insert/Update vscode.repository in/etc/yum.repos.d/vscode.repo - blockinfile: - path: /etc/yum.repos.d/vscode.repo - create: yes - block: | - [code] - name=Visual Studio Code - baseurl=https://packages.microsoft.com/yumrepos/vscode - enabled=1 - gpgcheck=1 - gpgkey=https://packages.microsoft.com/keys/microsoft.asc - when: install_vscode == 1 - - - name: install vscode - yum: - name: code - state: latest - when: install_vscode == 1 - - pre_tasks: - - name: check requirements - block: - - name: check supported os - assert: - that: (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] is version('8', '>=')) - fail_msg: "unsupported os: {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }}" - - - name: check architecture - assert: - that: ansible_architecture == "x86_64" - fail_msg: "unsupported architecture: {{ ansible_architecture }}" - tags: - - always - diff --git a/support/ansible/hosts b/support/ansible/hosts deleted file mode 100644 index 2302edae..00000000 --- a/support/ansible/hosts +++ /dev/null @@ -1 +0,0 @@ -localhost ansible_connection=local diff --git a/support/scripts/build_internal.sh b/support/scripts/build_internal.sh new file mode 100644 index 00000000..fbd2dcc8 --- /dev/null +++ b/support/scripts/build_internal.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_internal.sh +# + +SCRIPT_DIR=$(cd `dirname $0` && pwd) +BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh new file mode 100644 index 00000000..6953b62a --- /dev/null +++ b/support/scripts/build_kmc.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_internal.sh +# + +SCRIPT_DIR=$(cd `dirname $0` && pwd) +BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/build_minimal.sh b/support/scripts/build_minimal.sh new file mode 100644 index 00000000..fee7ad49 --- /dev/null +++ b/support/scripts/build_minimal.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_internal.sh +# + +SCRIPT_DIR=$(cd `dirname $0` && pwd) +BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) + +cmake $BASE_DIR && make && make test diff --git a/support/scripts/build_support.sh b/support/scripts/build_support.sh new file mode 100644 index 00000000..a109c9c5 --- /dev/null +++ b/support/scripts/build_support.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_internal.sh +# + +SCRIPT_DIR=$(cd `dirname $0` && pwd) +BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DSUPPORT=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/env.sh b/support/scripts/env.sh new file mode 100644 index 00000000..3e267924 --- /dev/null +++ b/support/scripts/env.sh @@ -0,0 +1,10 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# source ./env.sh +# + +export SCRIPT_DIR=$(cd `dirname $0` && pwd) +export BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) +export DFLAGS="docker run --rm -it" diff --git a/support/scripts/internal_docker_build.sh b/support/scripts/internal_docker_build.sh new file mode 100644 index 00000000..46bb97d2 --- /dev/null +++ b/support/scripts/internal_docker_build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./internal_docker_build.sh +# + +SCRIPT_DIR=$(cd `dirname $0` && pwd) +BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) +DFLAGS="docker run --rm -it" + +# Prepare build directory +mkdir $BASE_DIR/build > /dev/null 2>&1 +rm -r $BASE_DIR/build/internal/* > /dev/null 2>&1 +mkdir $BASE_DIR/build/internal > /dev/null 2>&1 + +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal ivvitc/cryptolib /bin/bash + +echo "Internal build and test..." +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal ivvitc/cryptolib bash -c \ + "../../support/scripts/build_support.sh" +echo "" diff --git a/support/scripts/kmc_docker_build.sh b/support/scripts/kmc_docker_build.sh new file mode 100644 index 00000000..832d6be8 --- /dev/null +++ b/support/scripts/kmc_docker_build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./kmc_docker_build.sh +# + +SCRIPT_DIR=$(cd `dirname $0` && pwd) +BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) +DFLAGS="docker run --rm -it" + +# Prepare build directory +mkdir $BASE_DIR/build > /dev/null 2>&1 +rm -r $BASE_DIR/build/kmc/* > /dev/null 2>&1 +mkdir $BASE_DIR/build/kmc > /dev/null 2>&1 + +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc ivvitc/cryptolib /bin/bash + +echo "KMC build and test..." +# Note that the `KMC_MDB_DB` flag is not in use as docker compose will need configured to enable these tests +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc ivvitc/cryptolib bash -c \ + "../../support/scripts/build_kmc.sh" +echo "" diff --git a/test/kmc/ut_kmc_crypto_with_mtls_sadb.c b/test/kmc/ut_kmc_crypto_with_mtls_sadb.c index a568a952..a82b10d0 100644 --- a/test/kmc/ut_kmc_crypto_with_mtls_sadb.c +++ b/test/kmc/ut_kmc_crypto_with_mtls_sadb.c @@ -143,7 +143,8 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_TLS) UTEST(KMC_CRYPTO, SADB_BAD_USER_NAME) { // Setup & Initialize CryptoLib - (KEY_TYPE_KMC, SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "bad_user_name", NULL); diff --git a/test/kmc/ut_mariadb.c b/test/kmc/ut_mariadb.c index a363f69a..e2b98ad6 100644 --- a/test/kmc/ut_mariadb.c +++ b/test/kmc/ut_mariadb.c @@ -40,18 +40,8 @@ void cleanup_sa(SecurityAssociation_t* test_association) { - if (test_association->iv != NULL) - free(test_association->iv); - if (test_association->abm != NULL) - free(test_association->abm); - if (test_association->arsn != NULL) - free(test_association->arsn); if (test_association->ek_ref != NULL) free(test_association->ek_ref); - if (test_association->ecs != NULL) - free(test_association->ecs); - if (test_association->acs != NULL) - free(test_association->acs); if (test_association->ak_ref != NULL) free(test_association->ak_ref); diff --git a/test/kmc/ut_tc_kmc.c b/test/kmc/ut_tc_kmc.c index ace62a0f..92402ef2 100644 --- a/test/kmc/ut_tc_kmc.c +++ b/test/kmc/ut_tc_kmc.c @@ -398,7 +398,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) { // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_KMC, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); @@ -429,12 +429,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) test_association->ast = 0; test_association->est = 1; test_association->stmacf_len = 0; - *test_association->ecs = CRYPTO_CIPHER_AES256_CBC; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = 0; + test_association->acs = 0; test_association->arsn_len = 0; - test_association->iv = NULL; sadb_routine->sadb_get_sa_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -482,15 +480,13 @@ UTEST(TC_APPLY_SECURITY, ENC_GCM_KMC_NULL_IV) test_association->est = 1; test_association->stmacf_len = 16; test_association->shplf_len = 0; - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = 0; + test_association->acs = 0; test_association->arsn_len = 0; test_association->iv_len = 12; test_association->shivf_len = 12; - test_association->ecs[0] = 0x01; - test_association->iv = NULL; + test_association->ecs = 0x01; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -736,7 +732,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_NULL_IV) { // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_KMC, SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); @@ -951,7 +947,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_16B) UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) { Crypto_Config_CryptoLib(KEY_TYPE_KMC, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); @@ -973,7 +969,6 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); sadb_routine->sadb_get_sa_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; - test_association->iv = NULL; test_association->ast = 0; // Convert input test frame @@ -993,7 +988,7 @@ UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) { // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_KMC, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); @@ -1023,14 +1018,12 @@ UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) test_association->est = 1; test_association->stmacf_len = 16; test_association->shplf_len = 0; - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = 0; + test_association->acs = 0; test_association->arsn_len = 0; test_association->iv_len = 12; test_association->shivf_len = 12; - test_association->iv = NULL; return_val = Crypto_TC_ProcessSecurity(raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1190,7 +1183,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_16B) UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_NULL_IV) { Crypto_Config_CryptoLib(KEY_TYPE_KMC, SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); @@ -1214,7 +1207,6 @@ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_NULL_IV) sadb_routine->sadb_get_sa_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; - test_association->iv = NULL; // Convert input test frame hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len);