Skip to content

Commit

Permalink
Add FIPS mode in CI
Browse files Browse the repository at this point in the history 
Fix the issue: #239

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
  • Loading branch information
@Wenxing-hou @jyao1
Wenxing-hou authored and jyao1 committed Apr 18, 2023
1 parent a56e9ea commit c8ac4ca
Showing 1 changed file with 376 additions and 0 deletions.
376 changes: 376 additions & 0 deletions .github/workflows/build_CI_FIPS.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,376 @@
name: build_CI_FIPS_test

on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]

env:
BUILD_TYPE: Release

jobs:
format_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# If any *.c *.h *.md file(except:libspdm) have Tab, the check will fail.
- name: Check code format
run: |
sudo apt install uncrustify -y
find . -name "*.c" -o -name "*.h" | uncrustify -c .uncrustify.cfg --check -F -
if [ $? -ne 0 ]
then exit 1
fi
gcc_mbedtls_build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: recursive

- name: Build
run: |
mkdir build
cd build
cmake -E env CFLAGS="-DLIBSPDM_FIPS_MODE=1 -DLIBSPDM_FIPS_TEST_AT_LOAD=1" cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Release -DCRYPTO=mbedtls ..
make copy_sample_key
make -j`nproc`
- name: Emu_Test
run: |
cd build/bin
test_port=2323
TCPListeningnum=`netstat -an | grep ":$test_port " | awk '/^tcp.*/ && $NF == "LISTEN" {print $0}' | wc -l`
UDPListeningnum=`netstat -an | grep ":$test_port " | awk '/^udp.*/ && $NF == "0.0.0.0:*" {print $0}' | wc -l`
Listeningnum=$((TCPListeningnum + UDPListeningnum))
if [ $Listeningnum -eq 0 ]; then
echo "port is not used"
else
echo "port is used"
fi
./spdm_responder_emu &
./spdm_requester_emu >requester.log
filename=./requester.log
if [ ! -f "$filename" ];
then
echo "Gen requester.log fail"
exit 1
fi
if grep "Connect Error - 6f" requester.log
then
sleep 100s
echo -e "\n try connect again!!! \n"
./spdm_responder_emu &
./spdm_requester_emu >requester.log
if [ ! -f "$filename" ];
then
echo "Second Gen requester.log fail"
exit 1
fi
fi
minsize=1070000
if [ `stat -c%s "$filename"` -lt $minsize ] ||
! grep "libspdm_stop_session - (nil)" requester.log;
then
echo "requester run fail"
cat -n "$filename"
echo "requester.log size is `stat -c%s "$filename"`"
exit 1
fi
- name: Responder_validator_Test
run: |
cd build/bin
./spdm_responder_emu &
./spdm_device_validator_sample
- name: Test_RECORD_TRANSCRIPT_DATA_consistent
# open LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT flag
# mkdir build1 folder, gen spdm_requester_emu.exe and spdm_responder_emu.exe
# check the log size and end of log to ensure that hashes/signatures over transcripts are consistent
run: |
sed -i '17a add_definitions(-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=1)' CMakeLists.txt
mkdir build1
cd build1
cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Release -DCRYPTO=mbedtls ..
make copy_sample_key
make -j`nproc`
cd bin
echo "requester (DATA_SUPPORT = 0) <=> responder (DATA_SUPPORT = 1)"
./spdm_responder_emu &
./../../build/bin/spdm_requester_emu >requester.log
filename=./../../build/bin/requester.log
if [ ! -f "$filename" ];
then
echo "Gen requester.log fail"
exit 1
fi
if grep "Connect Error - 6f" requester.log
then
sleep 100s
echo -e "\n try connect again!!! \n"
./spdm_responder_emu &
./../../build/bin/spdm_requester_emu >requester.log
if [ ! -f "$filename" ];
then
echo "Second Gen requester.log fail"
exit 1
fi
fi
minsize=1070000
if [ `stat -c%s "$filename"` -lt $minsize ] ||
! grep "libspdm_stop_session - (nil)" requester.log;
then
echo "requester run fail"
cat -n "$filename"
echo "requester.log size is `stat -c%s "$filename"`"
exit 1
fi
sleep 10s
echo "requester (DATA_SUPPORT = 1) <=> responder (DATA_SUPPORT = 0)"
./../../build/bin/spdm_responder_emu &
./spdm_requester_emu >requester.log
filename=./requester.log
if [ ! -f "$filename" ];
then
echo "Gen requester.log fail"
exit 1
fi
if grep "Connect Error - 6f" requester.log
then
sleep 100s
echo -e "\n try connect again!!! \n"
./../../build/bin/spdm_responder_emu &
./spdm_requester_emu >requester.log
if [ ! -f "$filename" ];
then
echo "Second Gen requester.log fail"
exit 1
fi
fi
minsize=1070000
if [ `stat -c%s "$filename"` -lt $minsize ] ||
! grep "libspdm_stop_session - (nil)" requester.log;
then
echo "requester run fail"
cat -n "$filename"
echo "requester.log size is `stat -c%s "$filename"`"
exit 1
fi
gcc_openssl_build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: recursive

- name: Build
run: |
mkdir build
cd build
cmake -E env CFLAGS="-DLIBSPDM_FIPS_MODE=1 -DLIBSPDM_FIPS_TEST_AT_LOAD=0" cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Release -DCRYPTO=openssl ..
make copy_sample_key
make -j`nproc`
- name: Emu_Test
run: |
cd build/bin
test_port=2323
TCPListeningnum=`netstat -an | grep ":$test_port " | awk '/^tcp.*/ && $NF == "LISTEN" {print $0}' | wc -l`
UDPListeningnum=`netstat -an | grep ":$test_port " | awk '/^udp.*/ && $NF == "0.0.0.0:*" {print $0}' | wc -l`
Listeningnum=$((TCPListeningnum + UDPListeningnum))
if [ $Listeningnum -eq 0 ]; then
echo "port is not used"
else
echo "port is used"
fi
./spdm_responder_emu &
./spdm_requester_emu >requester.log
filename=./requester.log
if [ ! -f "$filename" ];
then
echo "Gen requester.log fail"
exit 1
fi
if grep "Connect Error - 6f" requester.log
then
sleep 100s
echo -e "\n try connect again!!! \n"
./spdm_responder_emu &
./spdm_requester_emu >requester.log
if [ ! -f "$filename" ];
then
echo "Second Gen requester.log fail"
exit 1
fi
fi
minsize=1070000
if [ `stat -c%s "$filename"` -lt $minsize ] ||
! grep "libspdm_stop_session - (nil)" requester.log;
then
echo "requester run fail"
cat -n "$filename"
echo "requester.log size is `stat -c%s "$filename"`"
exit 1
fi
- name: Responder_validator_Test
run: |
cd build/bin
./spdm_responder_emu &
./spdm_device_validator_sample
- name: Test_RECORD_TRANSCRIPT_DATA_consistent
# open LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT flag
# mkdir build1 folder, gen spdm_requester_emu.exe and spdm_responder_emu.exe
# check the log size and the end of log to ensure that hashes/signatures over transcripts are consistent
run: |
sed -i '17a add_definitions(-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=1)' CMakeLists.txt
mkdir build1
cd build1
cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Release -DCRYPTO=openssl ..
make copy_sample_key
make -j`nproc`
cd bin
echo "requester (DATA_SUPPORT = 0) <=> responder (DATA_SUPPORT = 1)"
./spdm_responder_emu &
./../../build/bin/spdm_requester_emu >requester.log
filename=./../../build/bin/requester.log
if [ ! -f "$filename" ];
then
echo "Gen requester.log fail"
exit 1
fi
if grep "Connect Error - 6f" requester.log
then
sleep 100s
echo -e "\n try connect again!!! \n"
./spdm_responder_emu &
./../../build/bin/spdm_requester_emu >requester.log
if [ ! -f "$filename" ];
then
echo "Second Gen requester.log fail"
exit 1
fi
fi
minsize=1070000
if [ `stat -c%s "$filename"` -lt $minsize ] ||
! grep "libspdm_stop_session - (nil)" requester.log;
then
echo "requester run fail"
cat -n "$filename"
echo "requester.log size is `stat -c%s "$filename"`"
exit 1
fi
sleep 10s
echo "requester (DATA_SUPPORT = 1) <=> responder (DATA_SUPPORT = 0)"
./../../build/bin/spdm_responder_emu &
./spdm_requester_emu >requester.log
filename=./requester.log
if [ ! -f "$filename" ];
then
echo "Gen requester.log fail"
exit 1
fi
if grep "Connect Error - 6f" requester.log
then
sleep 100s
echo -e "\n try connect again!!! \n"
./../../build/bin/spdm_responder_emu &
./spdm_requester_emu >requester.log
if [ ! -f "$filename" ];
then
echo "Second Gen requester.log fail"
exit 1
fi
fi
minsize=1070000
if [ `stat -c%s "$filename"` -lt $minsize ] ||
! grep "libspdm_stop_session - (nil)" requester.log;
then
echo "requester run fail"
cat -n "$filename"
echo "requester.log size is `stat -c%s "$filename"`"
exit 1
fi
VS2019_mbedtls_build:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
#ilammy/msvc-dev-cmd@v1 is GitHub Action for configuring Developer Command Prompt for Microsoft Visual Studio on Windows.
#This sets up the environment for compiling C/C++ code from command line.
- name: Add msbuild to PATH
uses: ilammy/msvc-dev-cmd@v1
with:
arch: x64

- name: Build
run: |
mkdir build
cd build
cmake -E env CFLAGS="-DLIBSPDM_FIPS_MODE=1 -DLIBSPDM_FIPS_TEST_AT_LOAD=0" cmake -G"NMake Makefiles" -DARCH=x64 -DTOOLCHAIN=VS2019 -DTARGET=Release -DCRYPTO=mbedtls ..
nmake copy_sample_key
nmake
- name: Emu_Test
run: |
cd build/bin
./spdm_responder_emu &
./spdm_requester_emu
- name: Responder_validator_Test
run: |
cd build/bin
./spdm_responder_emu &
./spdm_device_validator_sample
VS2019_openssl_build:
runs-on: windows-latest

steps:
- uses: actions/checkout@v2
with:
submodules: recursive
#ilammy/msvc-dev-cmd@v1 is GitHub Action for configuring Developer Command Prompt for Microsoft Visual Studio on Windows.
#This sets up the environment for compiling C/C++ code from command line.
- name: Add msbuild to PATH
uses: ilammy/msvc-dev-cmd@v1
with:
arch: x64

- name: Build
run: |
mkdir build
cd build
cmake -E env CFLAGS="-DLIBSPDM_FIPS_MODE=1 -DLIBSPDM_FIPS_TEST_AT_LOAD=1" cmake -G"NMake Makefiles" -DARCH=x64 -DTOOLCHAIN=VS2019 -DTARGET=Release -DCRYPTO=openssl ..
nmake copy_sample_key
nmake
- name: Emu_Test
run: |
cd build/bin
./spdm_responder_emu &
./spdm_requester_emu
- name: Responder_validator_Test
run: |
cd build/bin
./spdm_responder_emu &
./spdm_device_validator_sample

0 comments on commit c8ac4ca

Please sign in to comment.