Pull in TS code and build on CI

This commit imports the TS code as a submodule and uses it to
build and test the provider on the CI.

Signed-off-by: Ionut Mihalcea <[email protected]>

Author: ionut-arm

.github/workflows/ci.yml

@@ -42,6 +42,16 @@ jobs:
         run: docker build -t tpm-provider e2e_tests/provider_cfg/tpm
       - name: Run the container to execute the test script
         run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec tpm-provider /tmp/parsec/ci.sh tpm
+  
+  trusted-service-provider:
+    name: Integration tests using Cypto Trusted Service provider
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build the container
+        run: docker build -t trusted-service-provider e2e_tests/provider_cfg/trusted-service
+      - name: Run the container to execute the test script
+        run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec trusted-service-provider /tmp/parsec/ci.sh trusted-service
 
   links:
     name: Check links

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "trusted-services-vendor"]
+	path = trusted-services-vendor
+	url = https://git.trustedfirmware.org/TS/trusted-services.git
+	branch = integration

ci.sh

@@ -60,7 +60,7 @@ while [ "$#" -gt 0 ]; do
         --no-stress-test )
             NO_STRESS_TEST="True"
         ;;
-        mbed-crypto | pkcs11 | tpm | all )
+        mbed-crypto | pkcs11 | tpm | trusted-service | all )
             if [ -n "$PROVIDER_NAME" ]; then
                 error_msg "Only one provider name must be given"
             fi
@@ -107,6 +107,10 @@ if [ "$PROVIDER_NAME" = "pkcs11" ] || [ "$PROVIDER_NAME" = "all" ]; then
     popd
 fi
 
+if [ "$PROVIDER_NAME" = "trusted-service" ]; then
+    git submodule update --init
+fi
+
 echo "Build test"
 RUST_BACKTRACE=1 cargo build $FEATURES
 

e2e_tests/Cargo.toml

@@ -34,4 +34,5 @@ mbed-crypto-provider = []
 tpm-provider = []
 pkcs11-provider = []
 cryptoauthlib-provider = []
+trusted-service-provider = []
 all-providers = ["pkcs11-provider","tpm-provider","mbed-crypto-provider","cryptoauthlib-provider"]

e2e_tests/provider_cfg/trusted-service/Dockerfile

@@ -8,14 +8,19 @@ RUN apt-get update && \
 	apt-get install -y clang libclang-dev && \
 	# Needed for Open SSL
 	apt-get install -y pkg-config libssl-dev python3-distutils && \
-	apt-get install -y python3-distutils python3-protobuf nanopb
+	# Needed for Protobuf handling
+	apt-get install -y python3-distutils python3-protobuf nanopb && \
+	# Needed for the Trusted Services implementation
+	apt-get install -y libc++-dev libc++abi-dev 
 
 WORKDIR /tmp
-COPY trusted-services /tmp/trusted-services
-RUN cd trusted-services/deployments/ts-lib/posix-x86/ \
+RUN git clone https://git.trustedfirmware.org/TS/trusted-services.git --branch integration
+RUN cd trusted-services/deployments/libts/linux-pc/ \
 	&& cmake . \
 	&& make \
-	&& cp libts-lib.a nanopb_install/lib/libprotobuf-nanopb.a mbedcrypto_install/lib/libmbedcrypto.a /usr/local/lib/
+	&& cp libts.so nanopb_install/lib/libprotobuf-nanopb.a mbedcrypto_install/lib/libmbedcrypto.a /usr/local/lib/
+
+ENV LD_LIBRARY_PATH="/usr/local/lib"
 
 # Install Rust toolchain
 RUN curl https://sh.rustup.rs -sSf | bash -s -- -y

src/providers/trusted_service/context/mod.rs

@@ -161,7 +161,7 @@ impl Context {
                 &mut status,
             )
         };
-        if service_context == null_mut() {
+        if service_context.is_null() {
             return Err(Error::new(
                 ErrorKind::Other,
                 "Failed to obtain a Trusted Service context",
@@ -181,7 +181,7 @@ impl Context {
         info!("Starting crypto Trusted Service context");
         let mut rpc_caller = null_mut();
         let rpc_session_handle = unsafe { service_context_open(service_context, &mut rpc_caller) };
-        if rpc_caller == null_mut() || rpc_session_handle == null_mut() {
+        if rpc_caller.is_null() || rpc_session_handle.is_null() {
             return Err(
                 Error::new(ErrorKind::Other, "Failed to start Trusted Service context").into(),
             );
@@ -209,10 +209,10 @@ impl Context {
         let mut buf_out = null_mut();
         let call_handle =
             unsafe { rpc_caller_begin(self.rpc_caller, &mut buf_out, req.encoded_len()) };
-        if call_handle == null_mut() {
+        if call_handle.is_null() {
             error!("Call handle was null");
             return Err(PsaError::CommunicationFailure);
-        } else if buf_out == null_mut() {
+        } else if buf_out.is_null() {
             error!("Call buffer was null");
             return Err(PsaError::CommunicationFailure);
         }

src/providers/trusted_service/key_management.rs

@@ -81,7 +81,6 @@ impl Provider {
             Ok(_) => Ok(psa_import_key::Result {}),
             Err(error) => {
                 remove_key_id(&key_triple, &mut *store_handle)?;
-                let error = ResponseStatus::from(error);
                 format_error!("Import key status: ", error);
                 Err(error)
             }
@@ -103,7 +102,6 @@ impl Provider {
                 data: pub_key.into(),
             }),
             Err(error) => {
-                let error = ResponseStatus::from(error);
                 format_error!("Export key status: ", error);
                 Err(error)
             }
@@ -129,7 +127,6 @@ impl Provider {
                 Ok(psa_destroy_key::Result {})
             }
             Err(error) => {
-                let error = ResponseStatus::from(error);
                 format_error!("Destroy key status: ", error);
                 Err(error)
             }