Add nat20cli command line tool for nat20device.#104
Open
werwurm wants to merge 6 commits into
Open
Conversation
LCOV of commit
|
werwurm
force-pushed
the
werwurm/linux_example_nat20cli
branch
3 times, most recently
from
54d8a0f to
0612f25
Compare
This reverts commit b159fbb.
…nux_example_nat20cli
There was a problem hiding this comment.
Pull request overview
Adds a new nat20cli Linux userspace command-line tool that drives the nat20 DICE service through /dev/nat200, together with a parallel nat20test integration test suite and CI plumbing to run both in QEMU. The CLI exposes promote/cdi-cert/eca-cert/eca-ee-cert/eca-ee-sign operations and ships with a helper test script that uses OpenSSL to validate the produced chain; the integration test exhaustively verifies all key-type/format permutations across promote levels using libnat20 + OpenSSL primitives in test_helpers.c/h.
Changes:
- New
nat20clitool (option parsing, request construction, response handling, hex helpers) plus shell test script and OpenSSL DICE OID config. - New
nat20testintegration test binary with COSE/X.509/signature verification helpers and a full multi-level promote chain test. - Buildroot packages (
nat20cli,nat20test), defconfig wiring, envsetup additions, and a CI workflow extension that builds the rootfs and runs both suites under QEMU.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| examples/linux/nat20cli/src/main.c | New CLI program implementing all request types and hex parsing. |
| examples/linux/nat20cli/nat20cli_test.sh | E2E test invoking the CLI and OpenSSL chain/signature verification. |
| examples/linux/nat20cli/nat20cli_qemu_init.sh | PID 1 init wrapper to run the CLI test in QEMU. |
| examples/linux/nat20cli/openssl_dice.cnf | Registers DICE OID names for openssl x509 -text. |
| examples/linux/nat20cli/CMakeLists.txt | CMake build for the CLI binary and scripts. |
| examples/linux/nat20test/test/nat20_integration_test.c | Parameterised integration test driving the DICE service. |
| examples/linux/nat20test/test/test_helpers.{c,h} | OpenSSL/COSE/X.509 verification utilities used by the test. |
| examples/linux/nat20test/nat20test.sh / nat20_qemu_init.sh | Test runner and QEMU init wrappers. |
| examples/linux/nat20test/CMakeLists.txt | CMake build for the integration test. |
| examples/linux/br_external/package/nat20cli/{Config.in,nat20cli.mk} | Buildroot package definition for the CLI. |
| examples/linux/br_external/package/nat20test/{Config.in,nat20test.mk} | Buildroot package definition for the integration test. |
| examples/linux/br_external/Config.in / configs/qemu_br_defconfig | Hooks new packages into the build. |
| examples/linux/br_external/utils/envsetup.sh | Adds SRCDIR overrides and a run_cli_test helper. |
| .github/workflows/linux-kmod-build.yml | Builds CLI/test packages and runs both QEMU test suites in CI. |
| .github/license-check/license-config.json | Adds openssl_dice.cnf to exempted-formats list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| int parse_output_format(char const *str) { | ||
| if (strcmp(str, "x509") == 0) return n20_certificate_format_x509_e; | ||
| #ifdef N20_WITH_COSE |
| size_t pos = 0; | ||
| if ((len & 1) != 0) { | ||
| // Odd length, assume leading zero | ||
| *out_pos++ = nibble2bits(hex[0]); |
| " --certificate-format -f <x509|cose>\n" | ||
| " The format of the certificate to be issued.\n" | ||
| "\n" | ||
| "Options (cdi-cert):" |
Comment on lines
+186
to
+190
| if (strcmp(str, "sign") == 0) { | ||
| N20_OPEN_DICE_KEY_USAGE_SET_DIGITAL_SIGNATURE(key_usage); | ||
| } else if (strcmp(str, "cert-sign") == 0) { | ||
| N20_OPEN_DICE_KEY_USAGE_SET_KEY_CERT_SIGN(key_usage); | ||
| } |
| " The output file to write the resulting certificate or " | ||
| "signature to.\n" | ||
| "\n" | ||
| "Options (*-cert commands):\n" |
…nux_example_nat20cli
timhirsh
approved these changes
May 18, 2026
Member
timhirsh
left a comment
timhirsh
left a comment
There was a problem hiding this comment.
Approving GH Actions changes 👍
werwurm
changed the base branch from
werwurm/linux_example_libnat20
to
werwurm/linux_example_integration_test
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…nux_example_nat20cli
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commandline tool provides a primitive interface to communicate with
a nat20 device.