Skip to content

Implement PublicKeyComponents::build_encrypting_key #1111

Implement PublicKeyComponents::build_encrypting_key

Implement PublicKeyComponents::build_encrypting_key #1111

Workflow file for this run

name: tests
on:
push:
branches:
- '*'
- '!generate/aws-lc-*'
pull_request:
branches:
- '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
env:
RUST_BACKTRACE: 1
# We can pin the version if nightly is too unstable.
# Otherwise, we test against the latest version.
RUST_NIGHTLY_TOOLCHAIN: nightly
jobs:
aws-lc-rs-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-13, macos-14-xlarge ]
args:
- --all-targets --features unstable
- --release --all-targets --features unstable
- --no-default-features --features non-fips,unstable
- --no-default-features --features non-fips,ring-io,unstable
- --no-default-features --features non-fips,ring-sig-verify,unstable
- --no-default-features --features non-fips,alloc,unstable
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ matrix.rust }}
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }}
- name: Run extra tests
working-directory: ./aws-lc-rs-testing
run: cargo test --all-targets
aws-lc-rs-1804-gcc:
if: github.repository_owner == 'aws'
name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }}
runs-on: ubuntu-20.04
container:
image: ubuntu:18.04
env:
AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }}
strategy:
fail-fast: false
matrix:
cmake: [ '0', '1' ]
gcc_version: [ '4.8', '5', '6' ]
fips: [ '0', '1' ]
steps:
- run: |
apt-get update
apt-get install -y ca-certificates
apt-get install -y cmake curl sudo
apt-get install -y --no-install-recommends gpg-agent software-properties-common
apt-add-repository --yes ppa:git-core/ppa
add-apt-repository --yes ppa:longsleep/golang-backports
apt-get update
apt-get install -y build-essential git golang-go
curl -L -O -J https://github.com/PowerShell/PowerShell/releases/download/v7.2.23/powershell_7.2.23-1.deb_amd64.deb
dpkg -i powershell_7.2.23-1.deb_amd64.deb
apt-get install -f
rm powershell_7.2.23-1.deb_amd64.deb
- name: Checkout
run: |
git config --global --add safe.directory '*'
git clone --recursive ${{ github.server_url }}/${{ github.repository }}.git .
git fetch origin ${{ github.sha }}
git checkout --recurse-submodules -b ci-job ${{ github.sha }}
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- name: Set up GCC
uses: egor-tensin/setup-gcc@v1.3
with:
version: ${{ matrix.gcc_version }}
platform: x64
- name: Run cargo test (debug)
run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
- name: Run cargo test (release)
run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
aws-lc-rs-2004-gcc:
if: github.repository_owner == 'aws'
name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }}
runs-on: ubuntu-20.04
env:
AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }}
strategy:
fail-fast: false
matrix:
cmake: [ '0', '1' ]
gcc_version: [ '7', '8' ]
fips: [ '0', '1' ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- name: Set up GCC
uses: egor-tensin/setup-gcc@v1.3
with:
version: ${{ matrix.gcc_version }}
platform: x64
- if: matrix.fips == '1'
uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test (debug)
run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
- name: Run cargo test (release)
run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
# The steps below verify that we're successfully using `-ffile-prefix-map`
# to remove build environment paths from the resulting library.
- if: ${{ matrix.gcc_version == '8' }}
name: Verify paths found in debug build
run: |
DEBUG_LIBCRYPTO=$(find ./target/debug -name "libaws_lc_*_crypto.a")
if strings ${DEBUG_LIBCRYPTO} | grep runner; then
exit 0; # SUCCESS
else
exit 1; # FAIL - we expected to find "runner" (i.e., a path)
fi
# TODO: Due to the nature of the FIPS build (e.g., its dynamic generation of
# assembly files and its custom compilation commands within CMake), not all
# source paths are stripped from the resulting binary.
- if: ${{ matrix.gcc_version == '8' && matrix.fips == '0' }}
name: Verify paths not found in release build
run: |
RELEASE_LIBCRYPTO=$(find ./target/release -name "libaws_lc_*_crypto.a")
if strings ${RELEASE_LIBCRYPTO} | grep runner; then
exit 1; # FAIL - we did not expect to find "runner" (i.e., a path)
else
exit 0; # SUCCESS
fi
aws-lc-rs-c-std-test:
if: github.repository_owner == 'aws'
name: C-std ${{ matrix.os }} - ${{ matrix.c_std }} - Force CMake ${{ matrix.cmake }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
c_std: [ "11", "99" ]
cmake: [ '0', '1' ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- run: |
echo 'export AWS_LC_SYS_CMAKE_BUILDER=${{ matrix.cmake }}' >> "$GITHUB_ENV"
- name: Run cargo test
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_PREBUILT_NASM: 1
AWS_LC_SYS_C_STD: ${{ matrix.c_std }}
run: cargo test --all-targets --features unstable
bindgen-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs bindgen-tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-13, macos-14-xlarge ]
args:
- --no-default-features --features aws-lc-sys,bindgen,unstable
- --release --all-targets --features bindgen,unstable
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- if: ${{ startsWith(matrix.os, 'macos-') }}
run: |
brew install llvm
echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"' >> "$GITHUB_ENV"
echo 'export LIBCLANG_PATH=/opt/homebrew/opt/llvm' >> "$GITHUB_ENV"
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ matrix.rust }}
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }}
windows-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs windows-tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ windows-2019, windows-2022 ]
args:
- --all-targets --features unstable
- --all-targets --features bindgen,unstable
- --release --all-targets --features unstable
- --no-default-features --features non-fips,unstable
- --no-default-features --features non-fips,ring-io,unstable
- --no-default-features --features non-fips,ring-sig-verify,unstable
- --no-default-features --features non-fips,alloc,unstable
env:
AWS_LC_SYS_PREBUILT_NASM: 1
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ matrix.rust }}
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }}
aws-lc-rs-coverage:
name: aws-ls-rs coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
lfs: true
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
components: llvm-tools-preview
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Install cargo-llvm-cov
run: cargo install cargo-llvm-cov
- name: Run coverage
run: cargo llvm-cov -p aws-lc-rs --features unstable --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --codecov --output-path ./codecov.json
- name: Run FIPS coverage
run: cargo llvm-cov -p aws-lc-rs --features unstable,fips --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --codecov --output-path ./codecov-fips.json
- name: Upload coverage reports to Codecov
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
uses: codecov/codecov-action@v4
with:
files: ./codecov.json,./codecov-fips.json
verbose: true
fail_ci_if_error: true
aws-lc-rs-asan:
if: github.repository_owner == 'aws'
name: aws-lc-rs asan
strategy:
matrix:
args:
-
- --release
features:
- --features asan
- --no-default-features --features fips,asan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Run address sanitizers
env:
ASAN_OPTIONS: detect_leaks=1
RUSTFLAGS: -Zsanitizer=address
RUSTDOCFLAGS: -Zsanitizer=address
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan
build-env-static-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs build-env-static-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_SYS_STATIC: ${{ matrix.static }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge ]
static: [ 0, 1 ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- name: Run cargo test
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: cargo test -p aws-lc-rs --tests
build-prebuild-nasm-test:
if: github.repository_owner == 'aws'
name: prebuilt-nasm usage
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
target:
- 'x86_64-pc-windows-msvc'
- 'x86_64-pc-windows-gnu'
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- name: Verify NASM not available
shell: bash
run: |
if nasm --version; then
exit 1
else
exit 0;
fi
- name: Run cargo test w/ prebuilt-nasm feature
shell: bash
run: cargo test --tests -p aws-lc-rs --release --no-default-features --features aws-lc-sys,prebuilt-nasm
- name: Run cargo test w/ AWS_LC_SYS_PREBUILT_NASM=1
shell: bash
run: AWS_LC_SYS_PREBUILT_NASM=1 cargo test --tests -p aws-lc-rs --release --no-default-features --features aws-lc-sys
build-env-nasm-test:
if: github.repository_owner == 'aws'
name: prebuilt NASM verification
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
target:
- 'x86_64-pc-windows-msvc'
- 'x86_64-pc-windows-gnu'
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- name: Install NASM
uses: ilammy/setup-nasm@v1
- name: Remove NASM artifacts
shell: bash
run: |
cargo clean
rm ./aws-lc-sys/builder/prebuilt-nasm/*
- name: Run cargo test
shell: bash
run: AWS_LC_SYS_PREBUILT_NASM=0 cargo test --tests -p aws-lc-rs --release --no-default-features --features aws-lc-sys
- name: Collect NASM outputs
shell: bash
run: ./scripts/build/collect_nasm_obj.sh
- name: Flag any NASM changes
shell: bash
run: |
git add .
git diff --cached --exit-code HEAD -- aws-lc-sys/builder/prebuilt-nasm/*.txt
build-env-external-bindgen-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs FIPS - External bindgen test
runs-on: ${{ matrix.os }}
env:
AWS_LC_SYS_EXTERNAL_BINDGEN: 1
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- if: ${{ matrix.os == 'windows-latest' }}
uses: ilammy/setup-nasm@v1
- name: Install bindgen-cli
run: cargo install --locked bindgen-cli
- name: Remove bindings
run: |
rm ./aws-lc-sys/src/x86_64*
rm ./aws-lc-sys/src/aarch64*
- name: Run cargo test
run: cargo test --tests -p aws-lc-rs --no-default-features --features aws-lc-sys
build-env-fips-static-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs build-env-fips-static-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_FIPS_SYS_STATIC: ${{ matrix.static }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge ]
static: [ 0, 1 ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test
if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }}
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: cargo test -p aws-lc-rs --tests --no-default-features --features fips
build-env-no-asm-test:
if: github.repository_owner == 'aws'
name: build-env-no-asm-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_SYS_NO_ASM: 1
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- name: Run cargo test
run: cargo test -p aws-lc-rs
- name: Release build
if: ${{ matrix.os != 'windows-latest' }}
run: |
if cargo build -p aws-lc-rs --release; then
exit 1
else
exit 0
fi
- name: Release build
if: ${{ matrix.os == 'windows-latest' }}
shell: pwsh
run: |
if (cargo build -p aws-lc-rs --release) {
exit 1
} else {
exit 0
}
build-env-fips-no-asm-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs build-env-fips-no-asm-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_FIPS_SYS_NO_ASM: 1
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- uses: seanmiddleditch/gha-setup-ninja@v5
- name: Run cargo test
run: cargo test -p aws-lc-rs --tests --no-default-features --features fips
- name: Release build
if: ${{ matrix.os != 'windows-latest' }}
run: |
if cargo build -p aws-lc-rs --release --no-default-features --features fips; then
exit 1
else
exit 0
fi
- name: Release build
if: ${{ matrix.os == 'windows-latest' }}
shell: pwsh
run: |
if (cargo build -p aws-lc-rs --release --no-default-features --features fips) {
exit 1
} else {
exit 0
}
build-env-fips-external-bindgen-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs FIPS - External bindgen test
runs-on: ${{ matrix.os }}
env:
AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN: 1
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- if: ${{ matrix.os == 'windows-latest' }}
uses: ilammy/setup-nasm@v1
- if: ${{ matrix.os == 'windows-latest' }}
uses: seanmiddleditch/gha-setup-ninja@v5
- uses: dtolnay/rust-toolchain@stable
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Install bindgen-cli
run: cargo install --locked bindgen-cli
- name: Remove bindings
run: |
rm ./aws-lc-fips-sys/src/x86_64*
rm ./aws-lc-fips-sys/src/aarch64*
- name: Run cargo test
run: cargo test --tests -p aws-lc-rs --no-default-features --features fips
careful:
if: github.repository_owner == 'aws'
name: Run carefully
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-13
- macos-14-xlarge
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
lfs: true
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
components: 'rust-src'
- if: ${{ startsWith(matrix.os, 'macos-') }}
run: |
brew install llvm
echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"'
echo 'export LIBCLANG_PATH=/opt/homebrew/opt/llvm' >> "$GITHUB_ENV"
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Install cargo-careful
run: cargo install --locked cargo-careful
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run tests
working-directory: ./aws-lc-rs
run: cargo careful test
- name: Run tests w/ FIPS
working-directory: ./aws-lc-rs
# Rust doc tests dislike dynamic linking
run: cargo careful test --tests --features fips,bindgen
clang-19-bindgen:
if: github.repository_owner == 'aws'
name: Clang 19.1 + bindgen tests
runs-on: macos-14-xlarge
env:
LIBCLANG_PATH: /opt/homebrew/opt/llvm/lib
LLVM_CONFIG_PATH: /opt/homebrew/opt/llvm/llvm-config
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- run: |
brew update
brew uninstall --force llvm
brew install llvm@19
echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"' >> "$GITHUB_ENV"
- name: aws-lc-sys bindgen build
working-directory: ./aws-lc-sys
run: cargo test --features bindgen
- name: aws-lc-fips-sys bindgen build
working-directory: ./aws-lc-fips-sys
run: cargo test --features bindgen