diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0c6a7facb..9af14d4e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -121,6 +121,7 @@ jobs: run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.74.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh - name: Check Clippy lints latest run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh + # Check that it is possible to build the documentation the same way as it is done in Docs.rs docs-rs: name: Check Docs.rs compatibility @@ -132,4 +133,15 @@ jobs: - uses: dtolnay/rust-toolchain@nightly - uses: dtolnay/install@cargo-docs-rs - run: cargo docs-rs -p tss-esapi - - run: cargo docs-rs -p tss-esapi-sys \ No newline at end of file + - run: cargo docs-rs -p tss-esapi-sys + + # Check that examples builds can be executed. + tests-examples: + name: Check examples + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + - name: Build the container + run: docker build -t fedoracontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-fedora + - name: Run the container + run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env USE_FROZEN_LOCKFILE=1 fedoracontainer dbus-run-session -- /tmp/rust-tss-esapi/tss-esapi/tests/examples.sh diff --git a/tss-esapi/examples/symmetric_file_encrypt_decrypt.rs b/tss-esapi/examples/symmetric_file_encrypt_decrypt.rs index ec1340e22..aedb41290 100644 --- a/tss-esapi/examples/symmetric_file_encrypt_decrypt.rs +++ b/tss-esapi/examples/symmetric_file_encrypt_decrypt.rs @@ -1,6 +1,5 @@ use core::str; -use std::convert::TryFrom; -use std::fs; +use std::{convert::TryFrom, fs, path::Path}; use tss_esapi::{ attributes::ObjectAttributesBuilder, interface_types::{ @@ -14,6 +13,9 @@ use tss_esapi::{ Context, TctiNameConf, }; +const DEFAULT_INITIAL_DATA_FILE: &str = + "tss-esapi/examples/symmetric_file_encrypt_decrypt_example.txt"; + fn main() { // Create a new TPM context. This reads from the environment variable `TPM2TOOLS_TCTI` or `TCTI` // @@ -68,12 +70,20 @@ fn main() { // Once the key is created, we have it's parameters in the private and public values. // We now need to load it into the tpm so that it can be used. // - // The enc_private and public values can be serialised and persisted - that way they can + // The enc_private and public values can be serialized and persisted - that way they can // be reloaded for future use. // We load the data from a file system file, it can be somewhat large (like a certificate), larger than MaxBuffer::MAX_SIZE - let initial_data = fs::read("tss-esapi/examples/symmetric_file_encrypt_decrypt_example.txt") - .expect("could not open data file"); + let initial_data_file_str = std::env::var("EXAMPLES_INITIAL_DATA_FILE") + .unwrap_or(DEFAULT_INITIAL_DATA_FILE.to_string()); + let initial_data_file = Path::new(&initial_data_file_str); + if !initial_data_file.is_file() { + panic!( + "The initial data file: {}, does not exist", + initial_data_file.display() + ); + } + let initial_data = fs::read(initial_data_file).expect("could not open data file"); // We create an initialisation vector, since it is needed for decryption, it should be persisted in a real world use case let iv = context diff --git a/tss-esapi/tests/examples.sh b/tss-esapi/tests/examples.sh new file mode 100755 index 000000000..3f709a13e --- /dev/null +++ b/tss-esapi/tests/examples.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +# Copyright 2025 Contributors to the Parsec project. +# SPDX-License-Identifier: Apache-2.0 + +# This script builds and tests the examples. +# It can be run inside the container which Dockerfile +# is in the same folder. + +set -euf -o pipefail + +################################################# +# Change rust toolchain version +################################################# +if [[ ! -z ${RUST_TOOLCHAIN_VERSION:+x} ]]; then + rustup override set ${RUST_TOOLCHAIN_VERSION} + # Use the frozen Cargo lock to prevent any drift from MSRV being upgraded + # underneath our feet. + cp tests/Cargo.lock.frozen ../Cargo.lock +fi + +############################ +# Run the TPM SWTPM server # +############################ +mkdir /tmp/tpmdir +swtpm_setup --tpm2 \ + --tpmstate /tmp/tpmdir \ + --createek --decryption --create-ek-cert \ + --create-platform-cert \ + --pcr-banks sha1,sha256 \ + --display +swtpm socket --tpm2 \ + --tpmstate dir=/tmp/tpmdir \ + --flags startup-clear \ + --ctrl type=tcp,port=2322 \ + --server type=tcp,port=2321 \ + --daemon + +#################### +# Start tpm2-abrmd # +#################### +tpm2-abrmd \ + --logger=stdout \ + --tcti=swtpm: \ + --allow-root \ + --session \ + --flush-all & + +################# +# Clear the TPM # +################# +tpm2_startup -c -T tabrmd:bus_type=session + +######################## +# Declare the examples # +######################## +examples=( + "duplication_secret" + "duplication" + "hmac" + "rsa_oaep" + "sealed_data_object" + "symmetric_file_encrypt_decrypt" +) + +########################################## +# Environment variables used by examples # +########################################## +export EXAMPLES_INITIAL_DATA_FILE="/tmp/rust-tss-esapi/tss-esapi/examples/symmetric_file_encrypt_decrypt_example.txt" + +#################### +# Run the examples # +#################### +for e in ${examples[@]}; do + TEST_TCTI=tabrmd:bus_type=session RUST_BACKTRACE=1 RUST_LOG=info cargo run --example ${e} +done