Disable access TPM in memory interface (#1059)

Remove ability to configure an in memory TPM vs a HW TPM via an environment variable and added tests. This has caused failures when users have tried to use the in memory implementation which is useful only for testing. Essentially environment variable IOTEDGE_USE_TPM_DEVICE will be ignored by libiothsm and by default is built for use with a TPM device. To use the in memory implementation the library must be built using cmake flag USE_TEST_TPM_INTERFACE_IN_MEM.
Azure · Apr 10, 2019 · b5f281b · b5f281b
1 parent 39378f9
commit b5f281b
Show file tree

Hide file tree

Showing 13 changed files with 324 additions and 294 deletions.
diff --git a/edgelet/edgelet-hsm/Cargo.toml b/edgelet/edgelet-hsm/Cargo.toml
@@ -16,3 +16,5 @@ hsm = { path = "../hsm-rs"}
 base64 = "0.9"
 hmac = "0.5.0"
 sha2 = "0.7.0"
+
+hsm = { path = "../hsm-rs", features = ["in_memory"] }
diff --git a/edgelet/hsm-rs/Cargo.toml b/edgelet/hsm-rs/Cargo.toml
@@ -8,3 +8,6 @@ edition = "2018"
 chrono = "0.4"
 hsm-sys = { path = "../hsm-sys"}
 failure = "0.1"
+
+[features]
+in_memory = ["hsm-sys/in_memory"]
diff --git a/edgelet/hsm-sys/Cargo.toml b/edgelet/hsm-sys/Cargo.toml
@@ -13,3 +13,6 @@ cmake = "0.1"
 
 [dev-dependencies]
 num_cpus = "1.0"
+
+[features]
+in_memory = []
diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/.gitignore b/edgelet/hsm-sys/azure-iot-hsm-c/.gitignore
@@ -6,7 +6,8 @@
 *.a
 
 cmake*/
-build/
+build*/
+
 
 # Doxygen output
 html/

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/CMakeLists.txt b/edgelet/hsm-sys/azure-iot-hsm-c/CMakeLists.txt
@@ -17,6 +17,10 @@ include_directories(. ./inc)
 find_package(OpenSSL REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
 
+if(USE_TEST_TPM_INTERFACE_IN_MEM)
+    add_definitions(-DTEST_TPM_INTERFACE_IN_MEM)
+endif(USE_TEST_TPM_INTERFACE_IN_MEM)
+
 set(source_c_files
     ./src/certificate_info.c
     ./src/constants.c

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/src/hsm_client_tpm_select.c b/edgelet/hsm-sys/azure-iot-hsm-c/src/hsm_client_tpm_select.c
@@ -1,125 +1,39 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 //
-#include <stdlib.h>
-#include <ctype.h>
-#include <stdbool.h>
-#include "hsm_utils.h"
-#include "hsm_log.h"
+
 #include "hsm_client_tpm_device.h"
 #include "hsm_client_tpm_in_mem.h"
 
-extern const char* const ENV_TPM_SELECT;
-
-static int strcmp_i(const char* lhs, const char* rhs)
-{
-    char lc, rc;
-    int cmp = 0;
-    do
-    {
-        lc = *lhs++;
-        rc = *rhs++;
-        if ((tolower(lc) - tolower(rc)) != 0)
-        {
-            cmp = 1;
-        }
-    } while (lc != 0 && rc != 0);
-
-    return cmp;
-}
-
-// IF ENV_TPM_SELECT is set and not empty, "NO", "OFF" or "FALSE", then user wants to use the
-// TPM device for TPM functionality.
-static int use_tpm_device(bool *use_tpm)
-{
-    static const char * user_says_no[] = { "", "off", "no", "false" };
-    int array_size = sizeof(user_says_no)/sizeof(user_says_no[0]);
-    int result;
-    char * env_use_tpm;
-
-    *use_tpm = false;
-    if (hsm_get_env(ENV_TPM_SELECT, &env_use_tpm) != 0)
-    {
-        LOG_ERROR("Could not lookup env variable %s", ENV_TPM_SELECT);
-        result = __FAILURE__;
-    }
-    else
-    {
-        if (env_use_tpm != NULL)
-        {
-            *use_tpm = true;
-            for(int no = 0; no < array_size; no++)
-            {
-                if (strcmp_i(env_use_tpm, user_says_no[no]) == 0)
-                {
-                    *use_tpm = false;
-                    break;
-                }
-            }
-            free(env_use_tpm);
-        }
-        else
-        {
-            *use_tpm = false;
-        }
-        result = 0;
-    }
-
-    return result;
-}
-
-static bool g_use_tpm_device = false;
-
 int hsm_client_tpm_init(void)
 {
     int result;
-    bool use_tpm_flag = false;
-
-    if (use_tpm_device(&use_tpm_flag) != 0)
-    {
-        result = __FAILURE__;
-    }
-    else
-    {
-        if (use_tpm_flag)
-        {
-            result = hsm_client_tpm_device_init();
-            if (result == 0)
-            {
-                g_use_tpm_device = true;
-            }
-        }
-        else
-        {
-            result = hsm_client_tpm_store_init();
-        }
-    }
+    #ifdef TEST_TPM_INTERFACE_IN_MEM
+        result = hsm_client_tpm_store_init();
+    #else
+        result = hsm_client_tpm_device_init();
+    #endif
 
     return result;
 }
 
 void hsm_client_tpm_deinit(void)
 {
-    if (g_use_tpm_device)
-    {
-        hsm_client_tpm_device_deinit();
-    }
-    else
-    {
+    #ifdef TEST_TPM_INTERFACE_IN_MEM
         hsm_client_tpm_store_deinit();
-    }
+    #else
+        hsm_client_tpm_device_deinit();
+    #endif
 }
 
 const HSM_CLIENT_TPM_INTERFACE* hsm_client_tpm_interface(void)
 {
     const HSM_CLIENT_TPM_INTERFACE* result;
-    if (g_use_tpm_device)
-    {
-        result = hsm_client_tpm_device_interface();
-    }
-    else
-    {
+    #ifdef TEST_TPM_INTERFACE_IN_MEM
         result = hsm_client_tpm_store_interface();
-    }
+    #else
+        result = hsm_client_tpm_device_interface();
+    #endif
+
     return result;
 }
diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/tests/CMakeLists.txt b/edgelet/hsm-sys/azure-iot-hsm-c/tests/CMakeLists.txt
@@ -16,6 +16,7 @@ endif(save_ut)
 set(SHARED_UTIL_REAL_TEST_FOLDER ${SHARED_UTIL_SRC_FOLDER}/../tests/real_test_files CACHE INTERNAL "this is what needs to be included when doing test sources" FORCE)
 
 add_subdirectory(hsm_certificate_props_ut)
+add_subdirectory(hsm_tpm_select_ut)
 add_subdirectory(certificate_info_ut)
 add_subdirectory(edge_hsm_tpm_ut)
 add_subdirectory(edge_hsm_key_intf_sas_ut)

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/tests/edge_hsm_sas_auth_int/edge_hsm_sas_auth_int.c b/edgelet/hsm-sys/azure-iot-hsm-c/tests/edge_hsm_sas_auth_int/edge_hsm_sas_auth_int.c
@@ -19,6 +19,7 @@
 #include "azure_c_shared_utility/crt_abstractions.h"
 
 #include "hsm_client_data.h"
+#include "hsm_client_tpm_in_mem.h"
 
 //#############################################################################
 // Test defines and data
@@ -68,9 +69,9 @@ static void test_helper_tear_down_homedir(void)
 static HSM_CLIENT_HANDLE tpm_provision(void)
 {
     int status;
-    status = hsm_client_tpm_init();
+    status = hsm_client_tpm_store_init();
     ASSERT_ARE_EQUAL(int, 0, status, "Line:" TOSTRING(__LINE__));
-    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_interface();
+    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_store_interface();
     HSM_CLIENT_HANDLE result = interface->hsm_client_tpm_create();
     ASSERT_IS_NOT_NULL(result, "Line:" TOSTRING(__LINE__));
     return result;
@@ -83,7 +84,7 @@ static void tpm_activate_key
     size_t key_size
 )
 {
-    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_interface();
+    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_store_interface();
     int status = interface->hsm_client_activate_identity_key(hsm_handle, key, key_size);
     ASSERT_ARE_EQUAL(int, 0, status, "Line:" TOSTRING(__LINE__));
 }
@@ -98,7 +99,7 @@ static int tpm_sign
     BUFFER_HANDLE hash
 )
 {
-    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_interface();
+    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_store_interface();
     unsigned char *digest;
     size_t digest_size;
     int status;
@@ -125,9 +126,9 @@ static int tpm_sign
 
 static void tpm_deprovision(HSM_CLIENT_HANDLE hsm_handle)
 {
-    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_interface();
+    const HSM_CLIENT_TPM_INTERFACE* interface = hsm_client_tpm_store_interface();
     interface->hsm_client_tpm_destroy(hsm_handle);
-    hsm_client_tpm_deinit();
+    hsm_client_tpm_store_deinit();
 }
 
 static BUFFER_HANDLE test_helper_base64_converter(const char* input)

diff --git a/edgelet/hsm-sys/azure-iot-hsm-c/tests/hsm_tpm_select_ut/CMakeLists.txt b/edgelet/hsm-sys/azure-iot-hsm-c/tests/hsm_tpm_select_ut/CMakeLists.txt
@@ -1,34 +1,27 @@
 #Copyright (c) Microsoft. All rights reserved.
 #Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-#this is CMakeLists.txt for edge_hsm_tpm_ut
+#this is CMakeLists.txt for hsm_tpm_select_ut
 cmake_minimum_required(VERSION 2.8.11)
 
-compileAsC11()
-
-set(theseTestsName hspm_tpm_select_ut)
-
-include_directories(../../src ../test_utils)
+include_directories(../../src)
 
-add_definitions(-DGB_DEBUG_ALLOC)
+compileAsC11()
+set(theseTestsName hsm_tpm_select_ut)
 
 set(${theseTestsName}_test_files
+    ${theseTestsName}.c
+)
+
+set(${theseTestsName}_c_files
+    ../../src/hsm_client_tpm_select.c
     ../../src/hsm_log.c
-    ../../src/hsm_utils.c
     ../../src/constants.c
-    ../test_utils/test_utils.c
-    ${theseTestsName}.c
 )
 
 set(${theseTestsName}_h_files
+    ../../src/hsm_client_tpm_device.h
+    ../../src/hsm_client_tpm_in_mem.h
 )
 
-build_c_test_artifacts(${theseTestsName} ON "tests/azure_c_shared_utility_tests")
-
-if(WIN32)
-    target_link_libraries(${theseTestsName}_exe iothsm aziotsharedutil $ENV{OPENSSL_ROOT_DIR}/lib/ssleay32.lib $ENV{OPENSSL_ROOT_DIR}/lib/libeay32.lib)
-else()
-     target_link_libraries(${theseTestsName}_exe iothsm aziotsharedutil ${OPENSSL_LIBRARIES})
-endif(WIN32)
-
-copy_iothsm_dll(${theseTestsName}_exe ${CMAKE_CURRENT_BINARY_DIR}/$(Configuration))
+build_c_test_artifacts(${theseTestsName} ON "tests")
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,8 @@ @@
     *.a
     cmake*/
-    build/
+    build*/
     # Doxygen output
     html/
@@ Expand Down @@