From e697e30c6ceb337ed92362a507a5df93c3424717 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sat, 4 Feb 2023 23:47:49 +0100
Subject: [PATCH] Add virtual smart card emulation for CD/CI.

On each push, the software is built in a container, run as a virtual smartcard and test it.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 .github/workflows/test.yml    |  36 ++++++++++++
 tests/build-in-docker.sh      |   7 +++
 tests/docker/jammy/Dockerfile |  31 ++++++++++
 tests/docker_env.sh           | 106 ++++++++++++++++++++++++++++++++++
 tests/run-test-in-docker.sh   |   6 ++
 tests/start-up-and-test.sh    |   7 +++
 6 files changed, 193 insertions(+)
 create mode 100644 .github/workflows/test.yml
 create mode 100755 tests/build-in-docker.sh
 create mode 100644 tests/docker/jammy/Dockerfile
 create mode 100644 tests/docker_env.sh
 create mode 100755 tests/run-test-in-docker.sh
 create mode 100755 tests/start-up-and-test.sh

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..e4575df
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,36 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "Emulation and test"
+
+on:
+  push:
+    branches: [ "master", "development" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master", "development" ]
+  schedule:
+    - cron: '23 5 * * 4'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository and submodules
+      uses: actions/checkout@v3
+      with:
+        submodules: recursive
+    - name: Build in container
+      run: ./tests/build-in-docker.sh
+    - name: Start emulation and test
+      run: ./tests/run-test-in-docker.sh
diff --git a/tests/build-in-docker.sh b/tests/build-in-docker.sh
new file mode 100755
index 0000000..d0b636e
--- /dev/null
+++ b/tests/build-in-docker.sh
@@ -0,0 +1,7 @@
+#!/bin/bash -eu
+
+source tests/docker_env.sh
+#run_in_docker rm -rf CMakeFiles
+run_in_docker mkdir -p build_in_docker
+run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 ..
+run_in_docker -w "$PWD/build_in_docker" make -j ${NUM_PROC}
diff --git a/tests/docker/jammy/Dockerfile b/tests/docker/jammy/Dockerfile
new file mode 100644
index 0000000..40a1669
--- /dev/null
+++ b/tests/docker/jammy/Dockerfile
@@ -0,0 +1,31 @@
+FROM ubuntu:jammy
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt update && apt upgrade -y
+RUN apt install -y apt-utils
+RUN apt install -y libccid \
+    libpcsclite-dev \
+    git \
+    autoconf \
+    pkg-config \
+    libtool \
+    help2man \
+    automake \
+    gcc \
+    make \
+    build-essential \
+    opensc \
+    python3 \
+    python3-pip \
+    swig \
+    cmake \
+    libgcrypt-dev \
+    && rm -rf /var/lib/apt/lists/*
+RUN pip3 install pytest pycvc cryptography pyscard
+RUN git clone https://github.com/frankmorgner/vsmartcard.git
+WORKDIR /vsmartcard/virtualsmartcard
+RUN autoreconf --verbose --install
+RUN ./configure --sysconfdir=/etc
+RUN make && make install
+WORKDIR /
diff --git a/tests/docker_env.sh b/tests/docker_env.sh
new file mode 100644
index 0000000..c11fcb0
--- /dev/null
+++ b/tests/docker_env.sh
@@ -0,0 +1,106 @@
+#!/bin/bash -eu
+
+# Taken from Mbed-TLS project
+# https://github.com/Mbed-TLS/mbedtls/blob/master/tests/scripts/docker_env.sh
+#
+# docker_env.sh
+#
+# Purpose
+# -------
+#
+# This is a helper script to enable running tests under a Docker container,
+# thus making it easier to get set up as well as isolating test dependencies
+# (which include legacy/insecure configurations of openssl and gnutls).
+#
+# WARNING: the Dockerfile used by this script is no longer maintained! See
+# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
+# for the set of Docker images we use on the CI.
+#
+# Notes for users
+# ---------------
+# This script expects a Linux x86_64 system with a recent version of Docker
+# installed and available for use, as well as http/https access. If a proxy
+# server must be used, invoke this script with the usual environment variables
+# (http_proxy and https_proxy) set appropriately. If an alternate Docker
+# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the
+# host name.
+#
+#
+# Running this script directly will check for Docker availability and set up
+# the Docker image.
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# default values, can be overridden by the environment
+: ${MBEDTLS_DOCKER_GUEST:=jammy}
+
+
+DOCKER_IMAGE_TAG="pico-hsm-test:${MBEDTLS_DOCKER_GUEST}"
+
+# Make sure docker is available
+if ! which docker > /dev/null; then
+    echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started"
+    exit 1
+fi
+
+# Figure out if we need to 'sudo docker'
+if groups | grep docker > /dev/null; then
+    DOCKER="docker"
+else
+    echo "Using sudo to invoke docker since you're not a member of the docker group..."
+    DOCKER="docker"
+fi
+
+# Figure out the number of processors available
+if [ "$(uname)" == "Darwin" ]; then
+    NUM_PROC="$(sysctl -n hw.logicalcpu)"
+else
+    NUM_PROC="$(nproc)"
+fi
+
+# Build the Docker image
+echo "Getting docker image up to date (this may take a few minutes)..."
+${DOCKER} image build \
+    -t ${DOCKER_IMAGE_TAG} \
+    --cache-from=${DOCKER_IMAGE_TAG} \
+    --network host \
+    --build-arg MAKEFLAGS_PARALLEL="-j ${NUM_PROC}" \
+    tests/docker/${MBEDTLS_DOCKER_GUEST}
+
+run_in_docker()
+{
+    ENV_ARGS=""
+    while [ "$1" == "-e" ]; do
+        ENV_ARGS="${ENV_ARGS} $1 $2"
+        shift 2
+    done
+
+    WORKDIR="${PWD}"
+    if [ "$1" == '-w' ]; then
+        WORKDIR="$2"
+        shift 2
+    fi
+
+    ${DOCKER} container run --rm \
+        --cap-add SYS_PTRACE \
+        --volume $PWD:$PWD \
+        --workdir ${WORKDIR} \
+        -e MAKEFLAGS \
+        ${ENV_ARGS} \
+        ${DOCKER_IMAGE_TAG} \
+        $@
+}
diff --git a/tests/run-test-in-docker.sh b/tests/run-test-in-docker.sh
new file mode 100755
index 0000000..b8cbb3d
--- /dev/null
+++ b/tests/run-test-in-docker.sh
@@ -0,0 +1,6 @@
+#!/bin/bash -eu
+
+source tests/docker_env.sh
+run_in_docker rm -f memory.flash
+run_in_docker ./tests/start-up-and-test.sh
+
diff --git a/tests/start-up-and-test.sh b/tests/start-up-and-test.sh
new file mode 100755
index 0000000..f3fb9be
--- /dev/null
+++ b/tests/start-up-and-test.sh
@@ -0,0 +1,7 @@
+#!/bin/bash -eu
+
+/usr/sbin/pcscd &
+sleep 2
+rm -rf memory.flash
+./build_in_docker/pico_openpgp > /dev/null &
+pytest tests -W ignore::DeprecationWarning