Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 33 additions & 14 deletions .github/workflows/build-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,30 +35,38 @@ jobs:
fail-fast: false
matrix:
os: ['ubuntu-24.04', 'centos-9']
name: Unit Test (os=${{matrix.os}})
compiler: ['gcc']
name: Unit Test (${{matrix.os}} ${{matrix.compiler}})
runs-on: ${{ matrix.os == 'centos-9' && 'ubuntu-24.04' || matrix.os }}
container: ${{ matrix.os == 'centos-9' && 'quay.io/centos/centos:stream9' || null }}
permissions:
contents: read
actions: write
env:
CC: ${{matrix.compiler=='clang' && 'clang' || 'gcc'}}
CXX: ${{matrix.compiler=='clang' && 'clang++' || 'g++'}}
steps:
- name: Set up OS
if: startsWith(matrix.os, 'ubuntu')
run: |
sudo apt-get update && \
sudo rm /var/lib/man-db/auto-update
sudo apt-get update
sudo apt-get install -y \
cmake ninja-build ruby build-essential \
cmake ninja-build \
ruby pkg-config ccache patch \
${{matrix.compiler=='clang' && 'clang llvm' || 'gcc g++'}} \
libssl-dev \
valgrind gcovr xmlstarlet
- name: Set up OS
if: startsWith(matrix.os, 'centos')
run: |
dnf config-manager --set-enabled crb
dnf install -y epel-release
crb enable
dnf install -y \
git rsync \
cmake ninja-build \
ruby pkg-config gcc gcc-c++ ccache patch \
ruby pkg-config ccache patch \
${{matrix.compiler=='clang' && 'clang llvm' || 'gcc gcc-c++'}} \
openssl-devel \
valgrind xmlstarlet python3-pip
pip3 install gcovr
Expand All @@ -74,39 +82,52 @@ jobs:
- name: Dependencies
run: ./build.sh deps
- name: Prep
run: ./build.sh prep -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_TESTING=ON
run: |
./build.sh prep \
-DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_TESTING=ON
- name: Build
run: ./build.sh
- name: Install
run: ./build.sh install
- name: Check symbols
run: |
./check_symbols.py bsl_front bsl_dynamic --prefix bsl_
./check_symbols.py bsl_crypto --prefix bsl_ bslb_
./check_symbols.py bsl_default_sc --prefix bslx_
./check_symbols.py bsl_sample_pp --prefix bslp_
./check_symbols.py bsl_mock_bpa --prefix MockBPA_ bsl_eidpat_ bsl_mock_ mock_bpa_
- name: Test
run: ./build.sh check
- name: Collect coverage
run: ./build.sh coverage
- name: Archive coverage
uses: actions/upload-artifact@v4
with:
name: ${{github.job}}-${{matrix.os}}-coverage
name: ${{github.job}}-${{matrix.os}}-${{matrix.compiler}}-coverage
path: build/default/coverage*
- name: Report coverage
run: |
SRC_COV_PERC=$(xmlstarlet sel -t -v 'floor(/coverage/packages/package[@name="src"]/@line-rate * 100)' -n build/default/coverage-xml.xml)
echo "Source coverage: ${SRC_COV_PERC}%" >> $GITHUB_STEP_SUMMARY

mock-bpa-test:
name: Mock BPA Test (os=ubunntu-24.04)
name: Mock BPA Test (ubuntu-24.04 gcc)
runs-on: ubuntu-24.04
permissions:
contents: read
actions: write
steps:
- name: Set up OS
run: >
sudo apt-get update && sudo apt-get install -y
cmake ninja-build ruby build-essential
libssl-dev
run: |
sudo rm /var/lib/man-db/auto-update && \
sudo apt-get update && sudo apt-get install -y \
cmake ninja-build ruby gcc g++ ccache patch \
libssl-dev \
valgrind gcovr xmlstarlet
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: ccache
uses: hendrikmuhs/ccache-action@v1.2
Expand All @@ -120,8 +141,6 @@ jobs:
run: ./build.sh
- name: Install
run: ./build.sh install
- name: Check symbols
run: echo ./check_symbols.py bsl #FIXME replace
- name: Test Prep
run: |
sudo apt-get update && sudo apt-get install -y \
Expand Down
15 changes: 6 additions & 9 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -80,23 +80,25 @@ add_compile_options(
-Werror
-Wshadow -Wpointer-arith -Wstrict-prototypes
-Wmissing-prototypes -Wredundant-decls -Wcast-align
-Wformat=2 -Wswitch-enum -Wlogical-op -Wduplicated-branches
-Wformat=2 -Wswitch-enum
-fno-strict-aliasing -Werror=format-security -fno-common
-Wstrict-aliasing=2
# -Wconversion
)
# LEON safe options
add_compile_options(
-ffunction-sections
-fdata-sections
-fno-omit-frame-pointer
$<$<COMPILE_LANGUAGE:CXX>:-fno-exceptions>
$<$<COMPILE_LANGUAGE:CXX>:-fno-enforce-eh-specs>
$<$<COMPILE_LANGUAGE:CXX>:-fnothrow-opt>
)
if(CMAKE_C_COMPILER_ID MATCHES "GNU")
set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -O0")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -O0")
add_compile_options(
-Wlogical-op -Wduplicated-branches
$<$<COMPILE_LANGUAGE:CXX>:-fno-enforce-eh-specs>
$<$<COMPILE_LANGUAGE:CXX>:-fnothrow-opt>
)
elseif(CMAKE_C_COMPILER_ID MATCHES "Clang")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -gdwarf-4")
endif()
Expand All @@ -108,11 +110,6 @@ add_custom_target(clang-tidy
COMMENT "Running clang-tidy..."
)

# Force specific POSIX compatibility version
add_definitions(
"-D_POSIX_C_SOURCE=200809L"
)

if(BUILD_LIB)
find_package(MLIB REQUIRED)
find_package(QCBOR REQUIRED)
Expand Down
1 change: 1 addition & 0 deletions cmake/FindQCBOR.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ set_target_properties(QCBOR::qcbor PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${QCBOR_HEADER}"
IMPORTED_LOCATION "${QCBOR_LIB}"
)
target_link_libraries(QCBOR::qcbor INTERFACE m)
2 changes: 1 addition & 1 deletion src/backend/AbsSecBlock.c
Original file line number Diff line number Diff line change
Expand Up @@ -490,4 +490,4 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c

ASSERT_POSTCONDITION(BSL_AbsSecBlock_IsConsistent(self));
return BSL_SUCCESS;
}
}
2 changes: 1 addition & 1 deletion src/backend/PublicInterfaceImpl.c
Original file line number Diff line number Diff line change
Expand Up @@ -257,4 +257,4 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re

// TODO CHK_POSTCONDITION
return (must_drop) ? BSL_ERR_SECURITY_OPERATION_FAILED : BSL_SUCCESS;
}
}
2 changes: 1 addition & 1 deletion src/backend/SecOperation.h
Original file line number Diff line number Diff line change
Expand Up @@ -60,4 +60,4 @@ struct BSL_SecOper_s
LIST_DEF(BSLB_SecOperList, BSL_SecOper_t, M_POD_OPLIST)
// NOLINTEND

#endif /* BSLB_SECOPERATIONS_H_ */
#endif /* BSLB_SECOPERATIONS_H_ */
2 changes: 1 addition & 1 deletion src/backend/SecOutcome.c
Original file line number Diff line number Diff line change
Expand Up @@ -189,4 +189,4 @@ bool BSL_SecOutcome_IsInAbsSecBlock(const BSL_SecOutcome_t *self, const BSL_AbsS
}
BSL_LOG_DEBUG("Checking results: %lu expected, %lu found", expected_matches, found_matches);
return (expected_matches == found_matches) && (found_matches > 0);
}
}
2 changes: 1 addition & 1 deletion src/backend/SecParam.c
Original file line number Diff line number Diff line change
Expand Up @@ -127,4 +127,4 @@ bool BSL_SecParam_IsParamIDOutput(uint64_t param_id)
// If this index is less than the start index for numbering
// internal param ids, then it's probably a param_id from the spec.
return param_id < BSL_SECPARAM_TYPE_INT_STARTINDEX;
}
}
2 changes: 1 addition & 1 deletion src/backend/SecurityResultSet.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
*/
#include "SecurityResultSet.h"

size_t BSL_SecurityResponseSet_Sizeof()
size_t BSL_SecurityResponseSet_Sizeof(void)
{
return sizeof(BSL_SecurityResponseSet_t);
}
Expand Down
9 changes: 5 additions & 4 deletions src/crypto/CryptoInterface.c
Original file line number Diff line number Diff line change
Expand Up @@ -386,13 +386,14 @@ int BSL_Cipher_FinalizeSeq(BSL_Cipher_t *cipher_ctx, BSL_SeqWriter_t *writer)
// finalize can add 1 cipher block
uint8_t buf[EVP_CIPHER_CTX_block_size(cipher_ctx->libhandle)];

int len = 0;
int res = EVP_CipherFinal_ex(cipher_ctx->libhandle, buf, &len);
int evp_len = 0;
int res = EVP_CipherFinal_ex(cipher_ctx->libhandle, buf, &evp_len);
CHK_PROPERTY(res == 1);

if (len > 0)
if (evp_len > 0)
{
BSL_SeqWriter_Put(writer, buf, (size_t *)&len);
size_t bsl_len = evp_len;
BSL_SeqWriter_Put(writer, buf, &bsl_len);
}

return 0;
Expand Down
2 changes: 1 addition & 1 deletion src/mock_bpa/BPSecLib_MockBPA.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@
#include "bsl_mock_bpa_eidpat.h"
#include "bsl_mock_bpa.h"

#endif //_BSL_MockBPA_BPSECLIB_MockBPA_H_
#endif //_BSL_MockBPA_BPSECLIB_MockBPA_H_
34 changes: 19 additions & 15 deletions src/mock_bpa/bsl_mock_bpa_crc.c
Original file line number Diff line number Diff line change
Expand Up @@ -63,20 +63,24 @@ void mock_bpa_crc_apply(UsefulBuf buf, size_t begin, size_t end, BSL_BundleCRCTy
{
case BSL_BUNDLECRCTYPE_16:
{
uint16_t *crc_enc = (uint16_t *)endptr - 1; // less one crc value
uint8_t *crc_pos = endptr - 2; // less one crc value

const uint16_t crc_val = bp_crc16(blk_enc);

*crc_enc = htons(crc_val);
// Network byte order
crc_pos[0] = (crc_val >> 8) & 0xFF;
crc_pos[1] = crc_val & 0xFF;
break;
}
case BSL_BUNDLECRCTYPE_32:
{
uint32_t *crc_enc = (uint32_t *)endptr - 1; // less one crc value
uint8_t *crc_pos = endptr - 4; // less one crc value

const uint32_t crc_val = bp_crc32(blk_enc);

*crc_enc = htonl(crc_val);
// Network byte order
crc_pos[0] = (crc_val >> 24) & 0xFF;
crc_pos[1] = (crc_val >> 16) & 0xFF;
crc_pos[2] = (crc_val >> 8) & 0xFF;
crc_pos[3] = crc_val & 0xFF;
break;
}
case BSL_BUNDLECRCTYPE_NONE:
Expand Down Expand Up @@ -108,21 +112,21 @@ bool mock_bpa_crc_check(UsefulBufC buf, size_t begin, size_t end, BSL_BundleCRCT
{
case BSL_BUNDLECRCTYPE_16:
{
const uint16_t *crc_enc = (uint16_t *)endptr - 1; // less one crc value
// copy of original for reference
const uint16_t orig_val = ntohs(*crc_enc);
const uint16_t crc_val = bp_crc16(blk_enc);
same = (crc_val == orig_val);
const uint8_t *crc_pos = endptr - 2; // less one crc value

const uint16_t crc_val = bp_crc16(blk_enc);
// Network byte order
same = ((crc_pos[0] == ((crc_val >> 8) & 0xFF)) && (crc_pos[1] == (crc_val & 0xFF)));
break;
}
case BSL_BUNDLECRCTYPE_32:
{
const uint32_t *crc_enc = (uint32_t *)endptr - 1; // less one crc value
// copy of original for reference
const uint32_t orig_val = ntohs(*crc_enc);
const uint8_t *crc_pos = endptr - 4; // less one crc value

const uint16_t crc_val = bp_crc32(blk_enc);
same = (crc_val == orig_val);
// Network byte order
same = ((crc_pos[0] == ((crc_val >> 24) & 0xFF)) && (crc_pos[1] == ((crc_val >> 16) & 0xFF))
&& (crc_pos[2] == ((crc_val >> 8) & 0xFF)) && (crc_pos[3] == (crc_val & 0xFF)));
break;
}
case BSL_BUNDLECRCTYPE_NONE:
Expand Down
16 changes: 8 additions & 8 deletions src/mock_bpa/mock_bpa.c
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@ static struct sockaddr_in6 router_addr = { .sin6_family = 0 };
static int tx_notify_r, tx_notify_w;
static BSL_HostEID_t sec_eid;

static int ingest_netaddr(struct sockaddr_in6 *addr, const char *optarg)
static int ingest_netaddr(struct sockaddr_in6 *addr, const char *arg)
{
const char *node = optarg;
const char *node = arg;
const char *service = "4556";
char *sep = strchr(optarg, ':');
char *sep = strchr(arg, ':');
if (sep)
{
*sep = '\0';
Expand All @@ -91,7 +91,7 @@ static int ingest_netaddr(struct sockaddr_in6 *addr, const char *optarg)
int res = getaddrinfo(node, service, &hints, &result);
if (res)
{
BSL_LOG_ERR("Failed to resolve router address: %s", optarg);
BSL_LOG_ERR("Failed to resolve router address: %s", arg);
return 1;
}
else
Expand Down Expand Up @@ -519,9 +519,9 @@ static void bpa_cleanup(void)
mock_bpa_ctr_t item;

// join RX workers first
// mock_bpa_ctr_init(&item);
mock_bpa_ctr_init(&item);
data_queue_push(under_rx, item);
// mock_bpa_ctr_init(&item);
mock_bpa_ctr_init(&item);
data_queue_push(over_rx, item);
if (pthread_join(thr_under_rx, NULL))
{
Expand All @@ -533,9 +533,9 @@ static void bpa_cleanup(void)
}

// then delivery/forward workers after RX are all flushed
// mock_bpa_ctr_init(&item);
mock_bpa_ctr_init(&item);
data_queue_push(forward, item);
// mock_bpa_ctr_init(&item);
mock_bpa_ctr_init(&item);
data_queue_push(deliver, item);
if (pthread_join(thr_forward, NULL))
{
Expand Down
2 changes: 1 addition & 1 deletion test/test_BackendPolicyProvider.c
Original file line number Diff line number Diff line change
Expand Up @@ -153,4 +153,4 @@ void test_PolicyProvider_Inspect_RFC9173_BIB(void)
BSL_SecurityActionSet_Deinit(&action_set);
}

// TODO - test with also setting sec pararms and other things and test the RFC 9173 things.
// TODO - test with also setting sec pararms and other things and test the RFC 9173 things.
3 changes: 1 addition & 2 deletions test/test_DefaultSecurityContext.c
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,7 @@ void test_RFC9173_AppendixA_Example2_BCB_Source(void)

// Confirm expected vs actual auth tag byte length's match and they are equal
TEST_ASSERT_EQUAL(sizeof(ApxA2_AuthTag), auth_tag_result->_bytelen);
bool is_auth_tag_valid = memcmp(ApxA2_AuthTag, auth_tag_result->_bytes, sizeof(ApxA2_AuthTag)) == 0;
TEST_ASSERT_TRUE(is_auth_tag_valid);
TEST_ASSERT_EQUAL_MEMORY(ApxA2_AuthTag, auth_tag_result->_bytes, sizeof(ApxA2_AuthTag));

BSL_CanonicalBlock_t target_block;
BSL_BundleCtx_GetBlockMetadata(&mock_bpa_ctr->bundle_ref, 1, &target_block);
Expand Down
2 changes: 1 addition & 1 deletion test/test_MockBPA_EID.c
Original file line number Diff line number Diff line change
Expand Up @@ -183,4 +183,4 @@ void test_BSL_HostEIDPattern_IsMatch(const char *pat_text, const char *eid_text,

BSL_HostEID_Deinit(&eid);
BSL_HostEIDPattern_Deinit(&pat);
}
}