Skip to content

Commit 89522b5

Browse files
committed
Add TROPIC01 simulator
Also fix issues compiling the TROPIC01 support.
1 parent 9f759fa commit 89522b5

2 files changed

Lines changed: 105 additions & 17 deletions

File tree

.github/workflows/tropic01-sim.yml

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
name: TROPIC01 simulator test
2+
3+
# START OF COMMON SECTION
4+
on:
5+
push:
6+
branches: [ 'master', 'main', 'release/**' ]
7+
pull_request:
8+
branches: [ '*' ]
9+
10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
# END OF COMMON SECTION
14+
15+
# Build the TROPIC01 software simulator (https://github.com/wolfSSL/simulators,
16+
# TROPIC01Sim/ subdirectory), build wolfSSL --with-tropic01 against libtropic
17+
# v0.1.0 + the simulator's TCP HAL, and run Tropic Square's wolfssl-test app
18+
# against the simulator TCP server.
19+
#
20+
# The simulator's own Dockerfile.wolfcrypt clones wolfSSL master and applies
21+
# one sed patch to it (s/ForceZero/wc_ForceZero/ in
22+
# wolfcrypt/src/port/tropicsquare/tropic01.c). That patch is now upstreamed
23+
# in wolfSSL itself, so we:
24+
# 1. COPY the PR checkout instead of cloning master.
25+
# 2. Neutralise the now-redundant ForceZero sed RUN block.
26+
# The -DLT_SEPARATE_L3_BUFF=0 CFLAG stays in the Dockerfile -- it's a
27+
# libtropic v0.1.0 compatibility shim, not a wolfSSL concern.
28+
29+
env:
30+
SIMULATORS_REF: bf7b52208d4ace81881f8c838848f3ec03aa40dc
31+
32+
jobs:
33+
tropic01_sim:
34+
name: wolfCrypt against TROPIC01 simulator
35+
if: github.repository_owner == 'wolfssl'
36+
runs-on: ubuntu-24.04
37+
timeout-minutes: 30
38+
steps:
39+
- name: Checkout wolfSSL (PR source)
40+
uses: actions/checkout@v4
41+
with:
42+
path: wolfssl-src
43+
44+
- name: Clone TROPIC01 simulator
45+
run: |
46+
git clone https://github.com/wolfSSL/simulators simulators
47+
cd simulators && git checkout "$SIMULATORS_REF"
48+
49+
- name: Stage PR wolfSSL into simulator build context
50+
run: mv wolfssl-src simulators/TROPIC01Sim/wolfssl
51+
52+
- name: Patch Dockerfile to use PR wolfSSL and drop redundant ForceZero patch
53+
working-directory: simulators/TROPIC01Sim
54+
run: |
55+
# 1. Replace the (two-line) upstream `RUN git clone --branch
56+
# ${WOLFSSL_REF} --depth 1 \ https://.../wolfssl.git /app/wolfssl`
57+
# with a COPY of the PR checkout.
58+
sed -i '/^RUN git clone --branch \${WOLFSSL_REF} --depth 1 \\$/,/wolfssl\.git \/app\/wolfssl$/c\
59+
COPY wolfssl /app/wolfssl' Dockerfile.wolfcrypt
60+
# Fail fast if the pattern drifted upstream -- better a clear error
61+
# than a CI run that silently tests master.
62+
grep -q '^COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt
63+
! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt
64+
65+
# 2. Neutralise the ForceZero sed-patch RUN block: the fix
66+
# (s/ForceZero/wc_ForceZero/ in tropic01.c) is now upstream,
67+
# and rerunning the non-word-boundary-anchored simulator
68+
# substitution on already-fixed source would corrupt it to
69+
# `wc_wc_ForceZero`. Range matches from the ForceZero RUN sed
70+
# line to its tropic01.c continuation line.
71+
sed -i '/^RUN sed -i .*ForceZero/,/tropic01\.c$/c\RUN true' Dockerfile.wolfcrypt
72+
! grep -q 'sed -i .*ForceZero' Dockerfile.wolfcrypt
73+
74+
- uses: docker/setup-buildx-action@v3
75+
76+
- name: Build wolfCrypt-TROPIC01 test image
77+
uses: docker/build-push-action@v5
78+
with:
79+
context: simulators/TROPIC01Sim
80+
file: simulators/TROPIC01Sim/Dockerfile.wolfcrypt
81+
push: false
82+
load: true
83+
tags: wolfssl-tropic01-sim:ci
84+
cache-from: type=gha
85+
cache-to: type=gha,mode=max
86+
87+
- name: Run wolfCrypt tests against simulator
88+
run: docker run --rm wolfssl-tropic01-sim:ci

wolfcrypt/src/port/tropicsquare/tropic01.c

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
244244
WOLFSSL_MSG_EX(
245245
"TROPIC01: CryptoCB: Failed to get ED25519 PRIVkey,ret=%d",
246246
ret);
247-
ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE);
247+
wc_ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE);
248248
return ret;
249249
}
250250
ret = Tropic01_GetKeyECC(
@@ -255,7 +255,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
255255
WOLFSSL_MSG_EX(
256256
"TROPIC01: CryptoCB: Failed to get ED25519 PUBkey,ret=%d",
257257
ret);
258-
ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE);
258+
wc_ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE);
259259
return ret;
260260
}
261261
/* set devId to invalid, so software is used */
@@ -266,7 +266,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
266266
info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
267267
info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
268268
info->pk.ed25519sign.key);
269-
ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE);
269+
wc_ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE);
270270

271271
/* reset devId */
272272
info->pk.ed25519sign.key->devId = devId;
@@ -315,7 +315,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
315315
WOLFSSL_MSG_EX(
316316
"TROPIC01: CryptoCB: Failed to get AES key,ret=%d",
317317
ret);
318-
ForceZero(lt_key, sizeof(lt_key));
318+
wc_ForceZero(lt_key, sizeof(lt_key));
319319
return ret;
320320
}
321321
ret = Tropic01_GetKeyAES(
@@ -326,15 +326,15 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
326326
WOLFSSL_MSG_EX(
327327
"TROPIC01: CryptoCB: Failed to get AES IV, ret=%d",
328328
ret);
329-
ForceZero(lt_key, sizeof(lt_key));
330-
ForceZero(lt_iv, sizeof(lt_iv));
329+
wc_ForceZero(lt_key, sizeof(lt_key));
330+
wc_ForceZero(lt_iv, sizeof(lt_iv));
331331
return ret;
332332
}
333333
if (info->cipher.enc) {
334334
ret = wc_AesSetKey(info->cipher.aesgcm_enc.aes, lt_key,
335335
WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION);
336-
ForceZero(lt_key, sizeof(lt_key));
337-
ForceZero(lt_iv, sizeof(lt_iv));
336+
wc_ForceZero(lt_key, sizeof(lt_key));
337+
wc_ForceZero(lt_iv, sizeof(lt_iv));
338338
if (ret != 0) {
339339
WOLFSSL_MSG_EX(
340340
"TROPIC01: CryptoCB: Failed to set AES key, ret=%d",
@@ -361,8 +361,8 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
361361
else {
362362
ret = wc_AesSetKey(info->cipher.aesgcm_dec.aes, lt_key,
363363
WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION);
364-
ForceZero(lt_key, sizeof(lt_key));
365-
ForceZero(lt_iv, sizeof(lt_iv));
364+
wc_ForceZero(lt_key, sizeof(lt_key));
365+
wc_ForceZero(lt_iv, sizeof(lt_iv));
366366
if (ret != 0) {
367367
WOLFSSL_MSG_EX(
368368
"TROPIC01: CryptoCB: Failed to set AES key, ret=%d",
@@ -397,7 +397,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
397397
if (ret != 0) {
398398
WOLFSSL_MSG_EX(
399399
"TROPIC01: CryptoCB: Failed to get AES key,ret=%d", ret);
400-
ForceZero(lt_key, sizeof(lt_key));
400+
wc_ForceZero(lt_key, sizeof(lt_key));
401401
return ret;
402402
}
403403
ret = Tropic01_GetKeyAES(
@@ -407,15 +407,15 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
407407
if (ret != 0) {
408408
WOLFSSL_MSG_EX(
409409
"TROPIC01: CryptoCB: Failed to get AES IV, ret=%d", ret);
410-
ForceZero(lt_key, sizeof(lt_key));
411-
ForceZero(lt_iv, sizeof(lt_iv));
410+
wc_ForceZero(lt_key, sizeof(lt_key));
411+
wc_ForceZero(lt_iv, sizeof(lt_iv));
412412
return ret;
413413
}
414414
if (info->cipher.enc) {
415415
ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key,
416416
WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION);
417-
ForceZero(lt_key, sizeof(lt_key));
418-
ForceZero(lt_iv, sizeof(lt_iv));
417+
wc_ForceZero(lt_key, sizeof(lt_key));
418+
wc_ForceZero(lt_iv, sizeof(lt_iv));
419419
if (ret != 0) {
420420
WOLFSSL_MSG_EX(
421421
"TROPIC01: CryptoCB: Failed to set AES key, ret=%d",
@@ -437,8 +437,8 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
437437

438438
ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key,
439439
WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION);
440-
ForceZero(lt_key, sizeof(lt_key));
441-
ForceZero(lt_iv, sizeof(lt_iv));
440+
wc_ForceZero(lt_key, sizeof(lt_key));
441+
wc_ForceZero(lt_iv, sizeof(lt_iv));
442442
if (ret != 0) {
443443
WOLFSSL_MSG_EX(
444444
"TROPIC01: CryptoCB: Failed to set AES key, ret=%d",

0 commit comments

Comments
 (0)