Add secure and crypto regression test. (#218)

.github/workflows/regression_test.yml

@@ -128,6 +128,36 @@ jobs:
       run: |
         cd build
         cmake --build .
+  Secure:
+    permissions:
+      contents: read
+      issues: read
+      checks: write
+      pull-requests: write
+      pages: write
+      id-token: write
+    uses: azure-rtos/threadx/.github/workflows/regression_template.yml@master
+    with:
+      build_script: ./scripts/build_secure.sh
+      test_script: ./scripts/test_secure.sh
+      cmake_path: ./test/cmake/nx_secure
+      result_affix: Secure
+      skip_deploy: true
+  Crypto:
+    permissions:
+      contents: read
+      issues: read
+      checks: write
+      pull-requests: write
+      pages: write
+      id-token: write
+    uses: azure-rtos/threadx/.github/workflows/regression_template.yml@master
+    with:
+      build_script: ./scripts/build_crypto.sh
+      test_script: ./scripts/test_crypto.sh
+      cmake_path: ./test/cmake/crypto
+      result_affix: Crypto
+      skip_deploy: true
   Deploy:
     permissions:
       contents: read
@@ -136,8 +166,8 @@ jobs:
       pull-requests: write
       pages: write
       id-token: write
-    needs: [NetXDuo, Web, MQTT, NetXDuo64, NetXDuo_Fast, Azure_IoT]
+    needs: [NetXDuo, Web, MQTT, NetXDuo64, NetXDuo_Fast, Azure_IoT, Secure, Crypto]
     uses: azure-rtos/threadx/.github/workflows/regression_template.yml@master
     with:
       skip_test: true
-      deploy_list: "NetXDuo Web MQTT NetXDuo64 NetXDuo_Fast Azure_IoT"
+      deploy_list: "NetXDuo Web MQTT NetXDuo64 NetXDuo_Fast Azure_IoT Secure Crypto"

scripts/build_crypto.sh

@@ -0,0 +1,3 @@
+#! /bin/bash
+
+$(dirname `realpath $0`)/../test/cmake/crypto/run.sh build all

scripts/build_secure.sh

@@ -0,0 +1,3 @@
+#! /bin/bash
+
+$(dirname `realpath $0`)/../test/cmake/nx_secure/run.sh build all

scripts/test_crypto.sh

@@ -0,0 +1,3 @@
+#! /bin/bash
+
+CTEST_PARALLEL_LEVEL=4 $(dirname `realpath $0`)/../test/cmake/crypto/run.sh test all

scripts/test_secure.sh

@@ -0,0 +1,3 @@
+#! /bin/bash
+
+CTEST_PARALLEL_LEVEL=4 $(dirname `realpath $0`)/../test/cmake/nx_secure/run.sh test all

test/cmake/crypto/CMakeLists.txt

@@ -0,0 +1,122 @@
+cmake_minimum_required(VERSION 3.13 FATAL_ERROR)
+cmake_policy(SET CMP0054 NEW)
+cmake_policy(SET CMP0057 NEW)
+cmake_policy(SET CMP0077 NEW)
+
+project(crypto_test LANGUAGES C)
+
+set(CPU_ARCH "linux")
+set(COMPILER "gnu")
+
+# Set build configurations
+set(BUILD_CONFIGURATIONS default_build_coverage fips_build_coverage
+                         standalone_build curve25519_448_build)
+set(CMAKE_CONFIGURATION_TYPES
+    ${BUILD_CONFIGURATIONS}
+    CACHE STRING "list of supported configuration types" FORCE)
+set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS
+                                             ${CMAKE_CONFIGURATION_TYPES})
+list(GET CMAKE_CONFIGURATION_TYPES 0 BUILD_TYPE)
+if((NOT CMAKE_BUILD_TYPE) OR (NOT ("${CMAKE_BUILD_TYPE}" IN_LIST
+                                   CMAKE_CONFIGURATION_TYPES)))
+  set(CMAKE_BUILD_TYPE
+      "${BUILD_TYPE}"
+      CACHE STRING "Build Type of the project" FORCE)
+endif()
+
+message(STATUS "Build type: ${CMAKE_BUILD_TYPE}")
+message(STATUS "Using toolchain file: ${CMAKE_TOOLCHAIN_FILE}.")
+
+set(default_build_coverage "")
+set(fips_build_coverage -DNX_CRYPTO_SELF_TEST)
+set(standalone_build -DNX_CRYPTO_STANDALONE_ENABLE -DNX_CRYPTO_SELF_TEST)
+set(curve25519_448_build -DNX_CRYPTO_ENABLE_CURVE25519_448)
+
+add_compile_options(
+  -std=c99
+  -ggdb
+  -g3
+  -gdwarf-2
+  -fdiagnostics-color
+  -Werror
+  ${${CMAKE_BUILD_TYPE}})
+
+if($ENV{ENABLE_64})
+  message(STATUS "Building for 64bit")
+else()
+  add_compile_options(-m32)
+  add_link_options(-m32)
+  message(STATUS "Building for 32bit")
+endif()
+
+enable_testing()
+
+set(NXD_ENABLE_FILE_SERVERS
+    OFF
+    CACHE BOOL
+          "Includes a dependency on FileX to support 'server' protocol handlers"
+          FORCE)
+add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/../../.. netxduo)
+add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/regression regression)
+
+
+# Coverage
+if(CMAKE_BUILD_TYPE MATCHES ".*_coverage")
+  target_compile_options(netxduo PRIVATE -fprofile-arcs -ftest-coverage)
+  target_link_options(netxduo PRIVATE -fprofile-arcs -ftest-coverage)
+endif()
+
+# Build ThreadX library once
+if(NOT ("${CMAKE_BUILD_TYPE}" STREQUAL "standalone_build"))
+  execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/run.sh build_libs)
+  add_custom_target(build_libs ALL COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/run.sh
+                                           build_libs)
+  add_dependencies(netxduo build_libs)
+  target_include_directories(netxduo PUBLIC ${CMAKE_BINARY_DIR}/../libs/inc)
+  add_library(threadx SHARED IMPORTED GLOBAL)
+  add_library("azrtos::threadx" ALIAS threadx)
+  set_target_properties(
+    threadx PROPERTIES IMPORTED_LOCATION
+                       ${CMAKE_BINARY_DIR}/../libs/threadx/libthreadx.so)
+endif()
+
+target_compile_options(
+  netxduo
+  PRIVATE -Werror
+          -Wall
+          -Wextra
+          -pedantic
+          -fmessage-length=0
+          -fsigned-char
+          -ffunction-sections
+          -fdata-sections
+          -Wunused
+          -Wuninitialized
+          -Wmissing-declarations
+          -Wconversion
+          -Wpointer-arith
+          -Wshadow
+          -Wlogical-op
+          -Waggregate-return
+          -Wfloat-equal)
+
+# Leave files from crypto_libraries only
+get_target_property(SOURCES_LIST netxduo SOURCES)
+set(NEW_SOURCES_LIST "")
+foreach(SOURCE ${SOURCES_LIST})
+  if(("${SOURCE}" MATCHES ".*crypto_libraries/.*")
+     AND NOT (("${SOURCE}" MATCHES ".*nx_crypto_module_start.*")
+              OR (("${SOURCE}" MATCHES ".*nx_crypto_generic_ciphersuites.*")
+                  AND ("${CMAKE_BUILD_TYPE}" STREQUAL "standalone_build"))))
+    list(APPEND NEW_SOURCES_LIST ${SOURCE})
+  endif()
+endforeach()
+set_target_properties(netxduo PROPERTIES SOURCES "${NEW_SOURCES_LIST}")
+
+if("${CMAKE_BUILD_TYPE}" STREQUAL "standalone_build")
+  set_target_properties(netxduo PROPERTIES INCLUDE_DIRECTORIES
+        "${CMAKE_CURRENT_SOURCE_DIR}/../../../crypto_libraries/inc")
+  target_include_directories(netxduo PUBLIC  "${CMAKE_CURRENT_SOURCE_DIR}/../../../crypto_libraries/ports/${CPU_ARCH}/${COMPILER}/inc")
+  set_target_properties(netxduo PROPERTIES LINK_LIBRARIES "")
+  set_target_properties(netxduo PROPERTIES INTERFACE_LINK_LIBRARIES "")
+endif()

test/cmake/crypto/coverage.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+
+cd $(dirname $0)
+mkdir -p coverage_report/$1
+gcovr --object-directory=build/$1/netxduo/CMakeFiles/netxduo.dir/crypto_libraries -r ../../../crypto_libraries --xml-pretty --output coverage_report/$1.xml
+gcovr --object-directory=build/$1/netxduo/CMakeFiles/netxduo.dir/crypto_libraries -r ../../../crypto_libraries --html --html-details --output coverage_report/$1/index.html

test/cmake/crypto/libs

@@ -0,0 +1 @@
+../nx_secure/libs

test/cmake/crypto/regression/CMakeLists.txt

@@ -0,0 +1,69 @@
+cmake_minimum_required(VERSION 3.0.0 FATAL_ERROR)
+cmake_policy(SET CMP0057 NEW)
+
+project(regression_test LANGUAGES C)
+
+get_filename_component(SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/../../../regression/nx_secure_test
+                       ABSOLUTE)
+
+set(crypto_test_cases
+    ${SOURCE_DIR}/nx_secure_3des_test.c
+    ${SOURCE_DIR}/nx_secure_3des_error_checking_test.c
+    ${SOURCE_DIR}/nx_secure_sha_additional_test.c
+    ${SOURCE_DIR}/nx_secure_sha256_rfc_test.c
+    ${SOURCE_DIR}/nx_secure_sha256_test.c
+    ${SOURCE_DIR}/nx_secure_sha384_test.c
+    ${SOURCE_DIR}/nx_secure_sha512_test.c
+    ${SOURCE_DIR}/nx_secure_hmac_md5_test.c
+    ${SOURCE_DIR}/nx_secure_hmac_md5_error_checking_test.c
+    ${SOURCE_DIR}/nx_secure_hmac_sha1_test.c
+    ${SOURCE_DIR}/nx_secure_hmac_sha256_test.c
+    ${SOURCE_DIR}/nx_secure_hmac_sha384_test.c
+    ${SOURCE_DIR}/nx_secure_hmac_sha512_test.c
+    ${SOURCE_DIR}/nx_secure_rsa_test.c
+    ${SOURCE_DIR}/nx_secure_rsa_error_checking_test.c
+    ${SOURCE_DIR}/nx_secure_aes_test.c
+    ${SOURCE_DIR}/nx_secure_aes_additional_test.c
+    ${SOURCE_DIR}/nx_secure_aes_ccm_test.c
+    ${SOURCE_DIR}/nx_secure_des_test.c
+    ${SOURCE_DIR}/nx_secure_des_error_checking_test.c
+    ${SOURCE_DIR}/nx_secure_drbg_test.c
+    ${SOURCE_DIR}/nx_secure_ec_test.c
+    ${SOURCE_DIR}/nx_secure_ec_additional_test.c
+    ${SOURCE_DIR}/nx_secure_ecdh_test.c
+    ${SOURCE_DIR}/nx_secure_ecdh_error_checking_test.c
+    ${SOURCE_DIR}/nx_secure_ecdh_self_test.c
+    ${SOURCE_DIR}/nx_secure_ecdsa_test.c
+    ${SOURCE_DIR}/nx_secure_ecdsa_error_checking_test.c
+    ${SOURCE_DIR}/nx_secure_ecjpake_self_test.c
+    ${SOURCE_DIR}/nx_secure_huge_number_test.c
+    ${SOURCE_DIR}/nx_secure_md5_test.c
+    ${SOURCE_DIR}/nx_secure_phash_prf_test.c
+    ${SOURCE_DIR}/nx_secure_pkcs1_v1_5_test.c)
+set(test_utility_files ${SOURCE_DIR}/../crypto_test/cryptotestcontrol.c)
+if(("${CMAKE_BUILD_TYPE}" STREQUAL "standalone_build"))
+    include(${CMAKE_CURRENT_SOURCE_DIR}/crypto_standalone.cmake)
+endif()
+
+if(NOT("${CMAKE_BUILD_TYPE}" STREQUAL "standalone_build"))
+   add_library(test_utility ${test_utility_files})
+   target_link_libraries(test_utility PUBLIC azrtos::netxduo)
+else()
+   add_library(test_utility ${crypto_source_files} ${test_utility_files})
+endif()
+
+target_include_directories(test_utility PUBLIC ${SOURCE_DIR}/test)
+target_compile_definitions(test_utility PUBLIC BATCH_TEST CTEST)
+if(("${CMAKE_BUILD_TYPE}" STREQUAL "fips_build_coverage") OR ("${CMAKE_BUILD_TYPE}" STREQUAL "standalone_build"))
+  target_link_libraries(test_utility PUBLIC crypto)
+endif()
+
+foreach(test_case ${crypto_test_cases})
+  get_filename_component(test_name ${test_case} NAME_WE)
+  add_executable(${test_name} ${test_case})
+  target_link_libraries(${test_name} PRIVATE test_utility)
+  add_test(
+    NAME ${CMAKE_BUILD_TYPE}::${test_name}
+    COMMAND ${test_name}
+    WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/..)
+endforeach()

test/cmake/crypto/regression/crypto_standalone.cmake

@@ -0,0 +1,67 @@
+cmake_minimum_required(VERSION 3.0.0 FATAL_ERROR)
+set(CPU_ARCH "linux")
+set(COMPILER "gnu")
+
+get_filename_component(CRYPTO_DIR ${CMAKE_CURRENT_LIST_DIR}/../../../../crypto_libraries
+                       ABSOLUTE)
+
+set(crypto_source_files 
+    # Network security and crypto components (CRYPTO - STANDALONE)
+    ${CRYPTO_DIR}/src/nx_crypto_3des.c
+    ${CRYPTO_DIR}/src/nx_crypto_aes.c
+    ${CRYPTO_DIR}/src/nx_crypto_cbc.c
+    ${CRYPTO_DIR}/src/nx_crypto_ccm.c
+    ${CRYPTO_DIR}/src/nx_crypto_ctr.c
+    ${CRYPTO_DIR}/src/nx_crypto_des.c
+    ${CRYPTO_DIR}/src/nx_crypto_dh.c
+    ${CRYPTO_DIR}/src/nx_crypto_drbg.c
+    ${CRYPTO_DIR}/src/nx_crypto_ec.c
+    ${CRYPTO_DIR}/src/nx_crypto_ec_secp192r1_fixed_points.c
+    ${CRYPTO_DIR}/src/nx_crypto_ec_secp224r1_fixed_points.c
+    ${CRYPTO_DIR}/src/nx_crypto_ec_secp256r1_fixed_points.c
+    ${CRYPTO_DIR}/src/nx_crypto_ec_secp384r1_fixed_points.c
+    ${CRYPTO_DIR}/src/nx_crypto_ec_secp521r1_fixed_points.c
+    ${CRYPTO_DIR}/src/nx_crypto_ecdh.c
+    ${CRYPTO_DIR}/src/nx_crypto_ecdsa.c
+    ${CRYPTO_DIR}/src/nx_crypto_ecjpake.c
+    ${CRYPTO_DIR}/src/nx_crypto_gcm.c
+    ${CRYPTO_DIR}/src/nx_crypto_hkdf.c
+    ${CRYPTO_DIR}/src/nx_crypto_hmac.c
+    ${CRYPTO_DIR}/src/nx_crypto_hmac_md5.c
+    ${CRYPTO_DIR}/src/nx_crypto_hmac_sha1.c
+    ${CRYPTO_DIR}/src/nx_crypto_hmac_sha2.c
+    ${CRYPTO_DIR}/src/nx_crypto_hmac_sha5.c
+    ${CRYPTO_DIR}/src/nx_crypto_huge_number.c
+    ${CRYPTO_DIR}/src/nx_crypto_huge_number_extended.c
+    ${CRYPTO_DIR}/src/nx_crypto_initialize.c
+    ${CRYPTO_DIR}/src/nx_crypto_md5.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_3des.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_aes.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_des.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_drbg.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_ecdh.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_ecdsa.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_hmac_md5.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_hmac_sha.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_md5.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_pkcs1.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_prf.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_rsa.c
+    ${CRYPTO_DIR}/src/nx_crypto_method_self_test_sha.c
+    ${CRYPTO_DIR}/src/nx_crypto_methods.c
+    ${CRYPTO_DIR}/src/nx_crypto_null_cipher.c
+    ${CRYPTO_DIR}/src/nx_crypto_phash.c
+    ${CRYPTO_DIR}/src/nx_crypto_pkcs1_v1.5.c
+    ${CRYPTO_DIR}/src/nx_crypto_rsa.c
+    ${CRYPTO_DIR}/src/nx_crypto_sha1.c
+    ${CRYPTO_DIR}/src/nx_crypto_sha2.c
+    ${CRYPTO_DIR}/src/nx_crypto_sha5.c
+    ${CRYPTO_DIR}/src/nx_crypto_tls_prf_1.c
+    ${CRYPTO_DIR}/src/nx_crypto_tls_prf_sha256.c
+    ${CRYPTO_DIR}/src/nx_crypto_tls_prf_sha384.c
+    ${CRYPTO_DIR}/src/nx_crypto_tls_prf_sha512.c
+    ${CRYPTO_DIR}/src/nx_crypto_xcbc_mac.c)
+
+include_directories(crypto_source_files PUBLIC ${CRYPTO_DIR}/inc)
+include_directories(crypto_source_files PUBLIC  "${CRYPTO_DIR}/ports/${CPU_ARCH}/${COMPILER}/inc")

test/cmake/crypto/run.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+cd $(dirname $0)
+
+# if threadx repo does not exist, clone it
+[ -d ../threadx ] || git clone https://github.com/azure-rtos/threadx.git ../threadx --depth 1
+[ -f .run.sh ] || ln -sf ../threadx/scripts/cmake_bootstrap.sh .run.sh
+./.run.sh $*