Add ATECC608 CI tests

Also fix issues found with ATECC608
This commit is contained in:
Andrew Hutchings
2026-04-29 17:56:50 +01:00
parent d00a137de0
commit 9e7c2d19c7
4 changed files with 102 additions and 11 deletions
+82
View File
@@ -0,0 +1,82 @@
name: ATECC608 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
# Build the ATECC608 software simulator (https://github.com/wolfSSL/simulators,
# ATECC608Sim/ subdirectory), build wolfSSL against cryptoauthlib + the
# simulator's TCP HAL, and run the wolfCrypt ATECC608 test binary against the
# simulator.
#
# The simulator's own Dockerfile.wolfcrypt clones a pinned wolfSSL release.
# We patch it to COPY the PR checkout instead so CI reflects the PR's source.
# We also strip the inline test.c patch RUN block: those guard fixes now live
# upstream in this tree, so re-applying them would fail with "patch target not
# found". The remaining sed-based patches in the Dockerfile (atmel.c XMEMSET
# swap and atmel_set_slot_allocator visibility) are no-ops on pre-patched
# source and their grep validations still pass, so we leave them alone.
env:
SIMULATORS_REF: 773fe70
jobs:
atecc608_sim:
name: wolfCrypt against ATECC608 simulator
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
- name: Checkout wolfSSL (PR source)
uses: actions/checkout@v4
with:
path: wolfssl-src
- name: Clone ATECC608 simulator
run: |
git clone https://github.com/wolfSSL/simulators simulators
cd simulators && git checkout "$SIMULATORS_REF"
- name: Stage PR wolfSSL into simulator build context
run: mv wolfssl-src simulators/ATECC608Sim/wolfssl
- name: Patch Dockerfile to use PR wolfSSL and drop redundant test.c patches
working-directory: simulators/ATECC608Sim
run: |
# Replace the (multi-line) `RUN git clone ... wolfssl.git /app/wolfssl`
# with a COPY of the PR checkout so CI tests the PR's source.
sed -i '/^RUN git clone --branch v5\.9\.1-stable/,/wolfssl\.git \/app\/wolfssl$/c\
COPY wolfssl /app/wolfssl' Dockerfile.wolfcrypt
# Fail fast if the pattern drifted upstream -- better a clear error
# than a CI run that silently tests a stale release.
grep -q '^ *COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt
! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt
# Strip the inline test.c patch RUN block -- those guard fixes now
# live upstream in this tree.
sed -i "/^RUN python3 - <<'PY'$/,/^PY$/d" Dockerfile.wolfcrypt
! grep -q "RUN python3 - <<'PY'" Dockerfile.wolfcrypt
- uses: docker/setup-buildx-action@v3
- name: Build wolfCrypt-ATECC608 test image
uses: docker/build-push-action@v5
with:
context: simulators/ATECC608Sim
file: simulators/ATECC608Sim/Dockerfile.wolfcrypt
push: false
load: true
tags: wolfssl-atecc608-sim:ci
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run wolfCrypt tests against simulator
run: docker run --rm wolfssl-atecc608-sim:ci
+5 -3
View File
@@ -193,8 +193,10 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg)
return -1;
}
/* copy configuration into our local struct */
XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi));
/* Copy whole struct so non-I2C interface unions (e.g. atcacustom function
* pointers when iface_type == ATCA_CUSTOM_IFACE) survive. The field-by-
* field assignments below then refresh the I2C-specific fields. */
XMEMCPY(&cfg_ateccx08a_i2c_pi, cfg, sizeof(cfg_ateccx08a_i2c_pi));
cfg_ateccx08a_i2c_pi.iface_type = cfg->iface_type;
cfg_ateccx08a_i2c_pi.devtype = cfg->devtype;
#ifdef ATCA_ENABLE_DEPRECATED
@@ -232,7 +234,7 @@ int atmel_ecc_translate_err(int status)
}
/* Function to set the slotId allocator and deallocator */
int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
WOLFSSL_API int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
atmel_slot_dealloc_cb dealloc)
{
#ifndef SINGLE_THREADED
+14 -7
View File
@@ -36916,7 +36916,8 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
!defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
ret = ecc_test_key_decode(rng, keySize);
if (ret < 0) {
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
@@ -36929,7 +36930,8 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
}
#endif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
ret = ecc_test_key_gen(rng, keySize);
if (ret < 0) {
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
@@ -37379,7 +37381,8 @@ done:
#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
{
wc_test_ret_t ret;
@@ -37561,8 +37564,10 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
#endif
TEST_SLEEP();
#if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
@@ -37607,13 +37612,15 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
goto done;
}
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
ret = ecc_exp_imp_test(key);
if (ret < 0)
goto done;
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ret = ecc_mulmod_test(key);
if (ret < 0)
goto done;
+1 -1
View File
@@ -100,7 +100,7 @@ void atmel_ecc_free(int slotId);
typedef int (*atmel_slot_alloc_cb)(int);
typedef void (*atmel_slot_dealloc_cb)(int);
int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
WOLFSSL_API int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
atmel_slot_dealloc_cb dealloc);
int atmel_ecc_translate_err(int status);