mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 08:50:51 +02:00
Fix SE050 Ed25519 port bugs and add simulator CI workflow
- se050_ed25519_verify_msg: initialize *res = 0 at entry so failures don't leak a stale res = 1 from a prior good verify. - Ed25519 import functions: reset keyIdSet / keyId under WOLFSSL_SE050 in wc_ed25519_import_private_key_ex, wc_ed25519_import_private_only, wc_ed25519_import_public_ex so overwriting host-side key material invalidates any prior SE050 object binding. - New workflow .github/workflows/se050-sim.yml: builds wolfSSL against the NXP Plug&Trust SDK and runs the wolfCrypt tests against the SE050Sim simulator. Patches the upstream Dockerfile to use the PR's wolfSSL source. - ed25519_test SE050 adjustments: - Cap the RFC 8032 loop at 5 iters — iter 5's 1023 B msg exceeds NXP SDK SE05X_TLV_BUF_SIZE_CMD = 900. - rareEd verifies and private-only sign: expect WC_HW_E (SE050 delegates malformed-input rejection to the secure element) instead of BAD_FUNC_ARG / SIG_VERIFY_E. - Skip ed25519ctx_test / ed25519ph_test — SE050 port drops the context/prehash params so RFC 8032 ctx/ph vectors can't byte-match.
This commit is contained in:
committed by
Marco Oliverio
parent
9176185d66
commit
6d2845751b
@@ -0,0 +1,70 @@
|
||||
name: SE050 simulator test
|
||||
|
||||
# START OF COMMON SECTION
|
||||
on:
|
||||
push:
|
||||
branches: [ 'master', 'main', 'release/**' ]
|
||||
pull_request:
|
||||
branches: [ '*' ]
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
# END OF COMMON SECTION
|
||||
|
||||
# Build the SE050 software simulator (https://github.com/LinuxJedi/SE050Sim),
|
||||
# build wolfSSL against its NXP Plug&Trust SDK + simulator bridge, and run the
|
||||
# wolfCrypt SE050 test binary against the simulator TCP server.
|
||||
#
|
||||
# The simulator's own Dockerfile (Dockerfile.wolfcrypt) clones wolfSSL master.
|
||||
# We patch it to COPY the PR checkout instead so CI reflects the PR's source.
|
||||
|
||||
env:
|
||||
# Pin the simulator to a known-good revision. Bump this deliberately after
|
||||
# validating upstream changes in a standalone PR.
|
||||
SE050SIM_REF: main
|
||||
|
||||
jobs:
|
||||
se050_sim:
|
||||
name: wolfCrypt against SE050 simulator
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 30
|
||||
steps:
|
||||
- name: Checkout wolfSSL (PR source)
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: wolfssl-src
|
||||
|
||||
- name: Clone SE050 simulator
|
||||
run: |
|
||||
git clone https://github.com/LinuxJedi/SE050Sim se050sim
|
||||
cd se050sim && git checkout "$SE050SIM_REF"
|
||||
|
||||
- name: Stage PR wolfSSL into simulator build context
|
||||
run: mv wolfssl-src se050sim/wolfssl
|
||||
|
||||
- name: Patch Dockerfile to use PR wolfSSL instead of upstream master
|
||||
working-directory: se050sim
|
||||
run: |
|
||||
sed -i 's|^RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git /app/wolfssl$|COPY wolfssl /app/wolfssl|' Dockerfile.wolfcrypt
|
||||
# Fail fast if the pattern drifted upstream — better a clear error
|
||||
# than a CI run that silently tests master.
|
||||
grep -q '^COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt
|
||||
! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt
|
||||
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Build wolfCrypt-SE050 test image
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: se050sim
|
||||
file: se050sim/Dockerfile.wolfcrypt
|
||||
push: false
|
||||
load: true
|
||||
tags: wolfssl-se050-sim:ci
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Run wolfCrypt tests against simulator
|
||||
run: docker run --rm wolfssl-se050-sim:ci
|
||||
Reference in New Issue
Block a user