wolfProvider/.github/workflows/iperf.yml at 592a3569e47ea92cae9f69d17df809084e0ae808 · wolfSSL/wolfProvider · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: iperf Tests

# START OF COMMON SECTION
on:
  push:
    branches: [ 'master', 'main', 'release/**' ]
  pull_request:
    branches: [ '*' ]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
# END OF COMMON SECTION

jobs:
  build_wolfprovider:
    uses: ./.github/workflows/build-wolfprovider.yml
    with:
      wolfssl_ref: ${{ matrix.wolfssl_ref }}
      openssl_ref: ${{ matrix.openssl_ref }}
      fips_ref: ${{ matrix.fips_ref }}
      replace_default: ${{ matrix.replace_default }}
    strategy:
      matrix:
        wolfssl_ref: [ 'v5.8.4-stable' ]
        openssl_ref: [ 'openssl-3.5.4' ]
        fips_ref: [ 'FIPS', 'non-FIPS' ]
        replace_default: [ true ]

  test_iperf:
    runs-on: ubuntu-22.04
    needs: build_wolfprovider
    container:
      image: debian:bookworm
      env:
        DEBIAN_FRONTEND: noninteractive
    # This should be a safe limit for the tests to run.
    timeout-minutes: 20
    strategy:
      matrix:
        iperf_ref: [ '3.12' ]
        wolfssl_ref: [ 'v5.8.4-stable' ]
        openssl_ref: [ 'openssl-3.5.4' ]
        fips_ref: [ 'FIPS', 'non-FIPS' ]
        force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
        replace_default: [ true ]
    env:
      WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
      OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
      WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
    steps:
      - name: Checkout wolfProvider
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Download packages from build job
        uses: actions/download-artifact@v4
        with:
          name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
          path: /tmp

      - name: Install wolfSSL/OpenSSL/wolfprov packages
        run: |
          apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
            ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb

          apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
            ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
            ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
            ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb

          apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
            ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb

      - name: Verify wolfProvider is properly installed
        run: |
          $GITHUB_WORKSPACE/scripts/verify-install.sh \
            ${{ matrix.replace_default && '--replace-default' || '' }} \
            ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}

      - name: Install dependencies
        run: |
          apt-get update
          apt-get install -y build-essential autoconf libtool pkg-config clang \
            libc++-dev

      - name: Checkout iperf
        uses: actions/checkout@v4
        with:
          repository: esnet/iperf
          ref: ${{ matrix.iperf_ref }}
          path: iperf

      - name: Build iperf
        working-directory: iperf
        run: |
          # Configure with OpenSSL
          ./configure

          # Build iperf
          make -j

      - name: Generate RSA keys
        run: |
          export KEY_DIR=$GITHUB_WORKSPACE/test-keys
          mkdir -p $KEY_DIR
          cd $KEY_DIR
          # Generate RSA keys for iperf tests
          openssl genrsa -out rsa_private_unprotected.pem 2048
          openssl rsa -in rsa_private_unprotected.pem -out rsa_private.pem -aes256 -passout 'pass:password'
          openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem -passin 'pass:password'
          # Create a credentials file for iperf
          # Username: mario, Password: rossi
          echo "mario,bf7a49a846d44b454a5d11e7acfaf13d138bbe0b7483aa3e050879700572709b" > credentials.csv

      - name: Run tests
        working-directory: iperf
        run: |
          export ${{ matrix.force_fail }}

          # Test variables for iperf
          export IPERF3_EXECUTABLE=$GITHUB_WORKSPACE/iperf/src/iperf3
          export IPERF3_LIB=$GITHUB_WORKSPACE/iperf/src/.libs/libiperf.so
          export IPERF3_TEST_INTERVAL=0.1
          export IPERF3_TEST_DURATION=10
          export IPERF3_TEST_LOG=iperf-test.log
          export IPERF3_USER=mario
          export IPERF3_PASSWORD=rossi
          export KEY_DIR=$GITHUB_WORKSPACE/test-keys

          # Launch the iperf server in the background
          $IPERF3_EXECUTABLE -s \
            --rsa-private-key-path $KEY_DIR/rsa_private_unprotected.pem \
            --authorized-users-path $KEY_DIR/credentials.csv &

          # Run the client
          $IPERF3_EXECUTABLE -c localhost -i $IPERF3_TEST_INTERVAL -t $IPERF3_TEST_DURATION \
            --rsa-public-key-path $KEY_DIR/rsa_public.pem \
            --user $IPERF3_USER | tee $IPERF3_TEST_LOG \