diff --git a/.github/scripts/check-workflow-result.sh b/.github/scripts/check-workflow-result.sh index 3d7ddf27..e168b63f 100755 --- a/.github/scripts/check-workflow-result.sh +++ b/.github/scripts/check-workflow-result.sh @@ -255,6 +255,23 @@ if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then fi else echo "Error: liboauth2-test.log not found" + fi + # ----- IPERF ----- + elif [ "$TEST_SUITE" = "iperf" ]; then + IPERF_TEST_LOG="iperf-test.log" + if [ -f $IPERF_TEST_LOG ]; then + read sender_gb receiver_gb < <(awk '/sender/ {s=$4} /receiver/ {r=$4} END{print s, r}' ) + + if [[ -z "$sender_gb" && -z "$receiver_gb" ]]; then + echo "PASS: No data sent or received, as expected with force fail enabled" + exit 0 + else + echo "FAIL: Iperf tests unexpectedly succeeded with data sent or received" + echo " Sent: $sender_gb GB, Received: $receiver_gb GB" + exit 1 + fi + else + echo "Error: $IPERF_TEST_LOG not found" exit 1 fi else diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml new file mode 100644 index 00000000..c85a882b --- /dev/null +++ b/.github/workflows/iperf.yml @@ -0,0 +1,144 @@ +name: iperf Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + uses: ./.github/workflows/build-wolfprovider.yml + with: + wolfssl_ref: ${{ matrix.wolfssl_ref }} + openssl_ref: ${{ matrix.openssl_ref }} + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.8.0-stable' ] + openssl_ref: [ 'openssl-3.5.0' ] + + test_iperf: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.8.0-stable' ] + openssl_ref: [ 'openssl-3.5.0' ] + iperf_ref: [ 'master', '3.12' ] + force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends-${{ matrix.openssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev + + - name: Checkout iperf + uses: actions/checkout@v4 + with: + repository: esnet/iperf + ref: ${{ matrix.iperf_ref }} + path: iperf + + - name: Build iperf + working-directory: iperf + run: | + # Configure with OpenSSL + ./configure --with-openssl=$GITHUB_WORKSPACE/openssl-install + + # Build iperf + make -j + + - name: Generate RSA keys + run: | + export KEY_DIR=$GITHUB_WORKSPACE/test-keys + mkdir -p $KEY_DIR + cd $KEY_DIR + # Generate RSA keys for iperf tests + openssl genrsa -out rsa_private_unprotected.pem 2048 + openssl rsa -in rsa_private_unprotected.pem -out rsa_private.pem -aes256 -passout 'pass:password' + openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem -passin 'pass:password' + # Create a credentials file for iperf + # Username: mario, Password: rossi + echo "mario,bf7a49a846d44b454a5d11e7acfaf13d138bbe0b7483aa3e050879700572709b" > credentials.csv + + - name: Run tests + working-directory: iperf + run: | + # Set up the environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + export ${{ matrix.force_fail }} + export SHELL=/bin/bash + + # Test variables for iperf + export IPERF3_EXECUTABLE=$GITHUB_WORKSPACE/iperf/src/iperf3 + export IPERF3_TEST_INTERVAL=0.1 + export IPERF3_TEST_DURATION=10 + export IPERF3_TEST_LOG=iperf-test.log + export IPERF3_USER=mario + export IPERF3_PASSWORD=rossi + export KEY_DIR=$GITHUB_WORKSPACE/test-keys + + + # Verify IERF3_EXECUTABLE exists + if [ -f "$IPERF3_EXECUTABLE" ]; then + echo "iperf3 executable found: $IPERF3_EXECUTABLE" + else + echo "iperf3 executable not found: $IPERF3_EXECUTABLE" + echo "PWD: $PWD" + tree -L 2 + fi + + # Verify OpenSSL loads wolfProvider to confirm configuration above + # $GITHUB_WORKSPACE/openssl-install/bin/openssl list -providers | grep libwolfprov + + # Verify iperf loads OpenSSL containing wolfProvider + # ldd $IPERF3_EXECUTABLE | grep wolfProvider + + # Launch the iperf server in the background + $IPERF3_EXECUTABLE -s \ + --rsa-private-key-path $KEY_DIR/rsa_private_unprotected.pem \ + --authorized-users-path $KEY_DIR/credentials.csv & + + # Run the client + $IPERF3_EXECUTABLE -c localhost -i $IPERF3_TEST_INTERVAL -t $IPERF3_TEST_DURATION \ + --rsa-public-key-path $KEY_DIR/rsa_public.pem \ + --user $IPERF3_USER | tee $IPERF3_TEST_LOG \ + + diff --git a/src/wp_rsa_asym.c b/src/wp_rsa_asym.c index dd070c3a..3674f49a 100644 --- a/src/wp_rsa_asym.c +++ b/src/wp_rsa_asym.c @@ -312,6 +312,11 @@ static int wp_rsaa_encrypt(wp_RsaAsymCtx* ctx, unsigned char* out, ctx->oaepHashType = WC_HASH_TYPE_SHA; ctx->mgf = WC_MGF1SHA1; } + /* OpenSSL ignores the 'outSize' parameter and allows 0. + * See rsa_encrypt() in providers/implementations/asymciphers/rsa_enc.c. + * Meanwhile, wolfSSL does not allow this. As a workaround, assume + * the 'out' buffer is properly sized for the given RSA key size. */ + outSize = wp_rsa_get_bits(ctx->rsa) / 8; rc = wc_RsaPublicEncrypt_ex(in, (word32)inLen, out, (word32)outSize, wp_rsa_get_key(ctx->rsa), &ctx->rng, WC_RSA_OAEP_PAD, ctx->oaepHashType, ctx->mgf, ctx->label, (word32)ctx->labelLen);