Disable access TPM in memory interface (#1245)

* Disable access TPM in memory interface (#1059) Remove ability to configure an in memory TPM vs a HW TPM via an environment variable and added tests. This has caused failures when users have tried to use the in memory implementation which is useful only for testing. Essentially environment variable IOTEDGE_USE_TPM_DEVICE will be ignored by libiothsm and by default is built for use with a TPM device. To use the in memory implementation the library must be built using cmake flag USE_TEST_TPM_INTERFACE_IN_MEM. * Revert edge_hsm_sas_auth_int integration test to use public TPM API (#1087) b5f281b changed this test to use the `*tpm_store*` functions. But it fails to link on Windows since the functions are not available to be linked to. Since it's an integration test, it should be using the public libiothsm API anyway. This change reverts the test to use the public libiothsm API again.
Azure · May 23, 2019 · 8a0f5c0 · 8a0f5c0
1 parent f455ae2
commit 8a0f5c0
Show file tree

Hide file tree

Showing 14 changed files with 319 additions and 290 deletions.
diff --git a/builds/checkin/libiothsm.yaml b/builds/checkin/libiothsm.yaml
@@ -22,7 +22,7 @@ jobs:
         displayName: Setup
         inputs:
           cwd: edgelet/hsm-sys/azure-iot-hsm-c/build
-          cmakeArgs: -Drun_valgrind=ON -DBUILD_SHARED=ON -Drun_unittests=ON -Duse_emulator=OFF -Duse_http=OFF -DCMAKE_BUILD_TYPE=Release -DCPACK_DEBIAN_PACKAGE_RELEASE=$(Build.BuildNumber) ..
+          cmakeArgs: -Drun_valgrind=ON -DBUILD_SHARED=ON -Drun_unittests=ON -Duse_emulator=OFF -Duse_http=OFF -DUSE_TEST_TPM_INTERFACE_IN_MEM=ON -DCMAKE_BUILD_TYPE=Release -DCPACK_DEBIAN_PACKAGE_RELEASE=$(Build.BuildNumber) ..
       - script: make package
         displayName: Build
         workingDirectory: edgelet/hsm-sys/azure-iot-hsm-c/build

diff --git a/builds/ci/libiothsm.yaml b/builds/ci/libiothsm.yaml
@@ -26,7 +26,7 @@ jobs:
         displayName: Setup
         inputs:
           cwd: edgelet/hsm-sys/azure-iot-hsm-c/build
-          cmakeArgs: -Drun_valgrind=ON -DBUILD_SHARED=ON -Drun_unittests=ON -Duse_emulator=OFF -Duse_http=OFF -DCMAKE_BUILD_TYPE=Release -DCPACK_DEBIAN_PACKAGE_RELEASE=$(Build.BuildNumber) ..
+          cmakeArgs: -Drun_valgrind=ON -DBUILD_SHARED=ON -Drun_unittests=ON -Duse_emulator=OFF -Duse_http=OFF -DUSE_TEST_TPM_INTERFACE_IN_MEM=ON -DCMAKE_BUILD_TYPE=Release -DCPACK_DEBIAN_PACKAGE_RELEASE=$(Build.BuildNumber) ..
       - script: make package
         displayName: Build
         workingDirectory: edgelet/hsm-sys/azure-iot-hsm-c/build

diff --git a/edgelet/edgelet-hsm/Cargo.toml b/edgelet/edgelet-hsm/Cargo.toml
@@ -15,3 +15,5 @@ hsm = { path = "../hsm-rs"}
 base64 = "0.9"
 hmac = "0.5.0"
 sha2 = "0.7.0"
+
+hsm = { path = "../hsm-rs", features = ["in_memory"] }
diff --git a/edgelet/hsm-rs/Cargo.toml b/edgelet/hsm-rs/Cargo.toml
@@ -7,3 +7,6 @@ authors = ["Azure IoT Edge Devs"]
 chrono = "0.4"
 hsm-sys = { path = "../hsm-sys"}
 failure = "0.1"
+
+[features]
+in_memory = ["hsm-sys/in_memory"]
diff --git a/edgelet/hsm-sys/Cargo.toml b/edgelet/hsm-sys/Cargo.toml
@@ -12,3 +12,6 @@ cmake = "0.1"
 
 [dev-dependencies]
 num_cpus = "1.0"
+
+[features]
+in_memory = []
diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/.gitignore b/edgelet/hsm-sys/azure-iot-hsm-c/.gitignore
@@ -6,7 +6,8 @@
 *.a
 
 cmake*/
-build/
+build*/
+
 
 # Doxygen output
 html/

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/CMakeLists.txt b/edgelet/hsm-sys/azure-iot-hsm-c/CMakeLists.txt
@@ -17,6 +17,10 @@ include_directories(. ./inc)
 find_package(OpenSSL REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
 
+if(USE_TEST_TPM_INTERFACE_IN_MEM)
+    add_definitions(-DTEST_TPM_INTERFACE_IN_MEM)
+endif(USE_TEST_TPM_INTERFACE_IN_MEM)
+
 set(source_c_files
     ./src/certificate_info.c
     ./src/constants.c

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/src/hsm_client_tpm_select.c b/edgelet/hsm-sys/azure-iot-hsm-c/src/hsm_client_tpm_select.c
@@ -1,125 +1,39 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 //
-#include <stdlib.h>
-#include <ctype.h>
-#include <stdbool.h>
-#include "hsm_utils.h"
-#include "hsm_log.h"
+
 #include "hsm_client_tpm_device.h"
 #include "hsm_client_tpm_in_mem.h"
 
-extern const char* const ENV_TPM_SELECT;
-
-static int strcmp_i(const char* lhs, const char* rhs)
-{
-    char lc, rc;
-    int cmp = 0;
-    do
-    {
-        lc = *lhs++;
-        rc = *rhs++;
-        if ((tolower(lc) - tolower(rc)) != 0)
-        {
-            cmp = 1;
-        }
-    } while (lc != 0 && rc != 0);
-
-    return cmp;
-}
-
-// IF ENV_TPM_SELECT is set and not empty, "NO", "OFF" or "FALSE", then user wants to use the
-// TPM device for TPM functionality.
-static int use_tpm_device(bool *use_tpm)
-{
-    static const char * user_says_no[] = { "", "off", "no", "false" };
-    int array_size = sizeof(user_says_no)/sizeof(user_says_no[0]);
-    int result;
-    char * env_use_tpm;
-
-    *use_tpm = false;
-    if (hsm_get_env(ENV_TPM_SELECT, &env_use_tpm) != 0)
-    {
-        LOG_ERROR("Could not lookup env variable %s", ENV_TPM_SELECT);
-        result = __FAILURE__;
-    }
-    else
-    {
-        if (env_use_tpm != NULL)
-        {
-            *use_tpm = true;
-            for(int no = 0; no < array_size; no++)
-            {
-                if (strcmp_i(env_use_tpm, user_says_no[no]) == 0)
-                {
-                    *use_tpm = false;
-                    break;
-                }
-            }
-            free(env_use_tpm);
-        }
-        else
-        {
-            *use_tpm = false;
-        }
-        result = 0;
-    }
-
-    return result;
-}
-
-static bool g_use_tpm_device = false;
-
 int hsm_client_tpm_init(void)
 {
     int result;
-    bool use_tpm_flag = false;
-
-    if (use_tpm_device(&use_tpm_flag) != 0)
-    {
-        result = __FAILURE__;
-    }
-    else
-    {
-        if (use_tpm_flag)
-        {
-            result = hsm_client_tpm_device_init();
-            if (result == 0)
-            {
-                g_use_tpm_device = true;
-            }
-        }
-        else
-        {
-            result = hsm_client_tpm_store_init();
-        }
-    }
+    #ifdef TEST_TPM_INTERFACE_IN_MEM
+        result = hsm_client_tpm_store_init();
+    #else
+        result = hsm_client_tpm_device_init();
+    #endif
 
     return result;
 }
 
 void hsm_client_tpm_deinit(void)
 {
-    if (g_use_tpm_device)
-    {
-        hsm_client_tpm_device_deinit();
-    }
-    else
-    {
+    #ifdef TEST_TPM_INTERFACE_IN_MEM
         hsm_client_tpm_store_deinit();
-    }
+    #else
+        hsm_client_tpm_device_deinit();
+    #endif
 }
 
 const HSM_CLIENT_TPM_INTERFACE* hsm_client_tpm_interface(void)
 {
     const HSM_CLIENT_TPM_INTERFACE* result;
-    if (g_use_tpm_device)
-    {
-        result = hsm_client_tpm_device_interface();
-    }
-    else
-    {
+    #ifdef TEST_TPM_INTERFACE_IN_MEM
         result = hsm_client_tpm_store_interface();
-    }
+    #else
+        result = hsm_client_tpm_device_interface();
+    #endif
+
     return result;
 }
diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/tests/CMakeLists.txt b/edgelet/hsm-sys/azure-iot-hsm-c/tests/CMakeLists.txt
@@ -16,6 +16,7 @@ endif(save_ut)
 set(SHARED_UTIL_REAL_TEST_FOLDER ${SHARED_UTIL_SRC_FOLDER}/../tests/real_test_files CACHE INTERNAL "this is what needs to be included when doing test sources" FORCE)
 
 add_subdirectory(hsm_certificate_props_ut)
+add_subdirectory(hsm_tpm_select_ut)
 add_subdirectory(certificate_info_ut)
 add_subdirectory(edge_hsm_tpm_ut)
 add_subdirectory(edge_hsm_key_intf_sas_ut)

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/tests/hsm_tpm_select_ut/CMakeLists.txt b/edgelet/hsm-sys/azure-iot-hsm-c/tests/hsm_tpm_select_ut/CMakeLists.txt
@@ -1,34 +1,27 @@
 #Copyright (c) Microsoft. All rights reserved.
 #Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-#this is CMakeLists.txt for edge_hsm_tpm_ut
+#this is CMakeLists.txt for hsm_tpm_select_ut
 cmake_minimum_required(VERSION 2.8.11)
 
-compileAsC11()
-
-set(theseTestsName hspm_tpm_select_ut)
-
-include_directories(../../src ../test_utils)
+include_directories(../../src)
 
-add_definitions(-DGB_DEBUG_ALLOC)
+compileAsC11()
+set(theseTestsName hsm_tpm_select_ut)
 
 set(${theseTestsName}_test_files
+    ${theseTestsName}.c
+)
+
+set(${theseTestsName}_c_files
+    ../../src/hsm_client_tpm_select.c
     ../../src/hsm_log.c
-    ../../src/hsm_utils.c
     ../../src/constants.c
-    ../test_utils/test_utils.c
-    ${theseTestsName}.c
 )
 
 set(${theseTestsName}_h_files
+    ../../src/hsm_client_tpm_device.h
+    ../../src/hsm_client_tpm_in_mem.h
 )
 
-build_c_test_artifacts(${theseTestsName} ON "tests/azure_c_shared_utility_tests")
-
-if(WIN32)
-    target_link_libraries(${theseTestsName}_exe iothsm aziotsharedutil $ENV{OPENSSL_ROOT_DIR}/lib/ssleay32.lib $ENV{OPENSSL_ROOT_DIR}/lib/libeay32.lib)
-else()
-     target_link_libraries(${theseTestsName}_exe iothsm aziotsharedutil ${OPENSSL_LIBRARIES})
-endif(WIN32)
-
-copy_iothsm_dll(${theseTestsName}_exe ${CMAKE_CURRENT_BINARY_DIR}/$(Configuration))
+build_c_test_artifacts(${theseTestsName} ON "tests")
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,8 @@ @@
     *.a
     cmake*/
-    build/
+    build*/
     # Doxygen output
     html/
@@ Expand Down @@