-
Notifications
You must be signed in to change notification settings - Fork 144
353 lines (342 loc) · 13.2 KB
/
test-wasm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
name: WasmThemis
on:
pull_request:
paths:
- '.github/workflows/test-wasm.yaml'
- 'docs/examples/wasm/**'
- 'src/soter/**'
- 'src/themis/**'
- 'src/wrappers/themis/wasm/**'
- 'tests/common/**'
- 'tests/soter/**'
- 'tests/themis/**'
- '!tests/themis/wrappers/android/**'
- 'third_party/boringssl/src/**'
- '**/*.mk'
- 'Makefile'
- '!**/README*'
push:
branches:
- master
- stable
- release/*
schedule:
- cron: '20 6 * * 1' # every Monday at 6:20 UTC
env:
WITH_FATAL_WARNINGS: yes
# RNG tests tend to fail in virtualized environment due to /dev/random
# not behaving properly. Disable them to avoid spurious failures.
NO_NIST_STS: 1
jobs:
build-wasmthemis:
name: Build WasmThemis
runs-on: ubuntu-20.04
steps:
- name: Install system dependencies
run: |
sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment'
sudo apt update
sudo apt install --yes gcc make libssl-dev ninja-build
- name: Check out code
uses: actions/checkout@v2
with:
submodules: true
- name: Install Emscripten
run: |
version=$(cat src/wrappers/themis/wasm/emscripten/VERSION)
# Install Emscripten toolchain as described in documentation:
# https://emscripten.org/docs/getting_started/downloads.html
cd $HOME
git clone https://github.com/emscripten-core/emsdk.git
cd $HOME/emsdk
./emsdk install "$version"
./emsdk activate "$version"
- name: Build WasmThemis
run: |
source "$HOME/emsdk/emsdk_env.sh"
emmake make wasmthemis
- name: Run test suite (Themis Core)
run: |
source "$HOME/emsdk/emsdk_env.sh"
emmake make test
- name: Pack build directory
run: tar cz build src/wrappers/themis/wasm > build.tgz
- name: Upload build directory
uses: actions/upload-artifact@v2
with:
name: build
path: build.tgz
retention-days: 1 # can be dropped after this build is complete
unit-tests:
name: Unit tests
runs-on: ubuntu-20.04
needs: build-wasmthemis
strategy:
matrix:
node-version:
- 12.x # legacy
- 14.x # legacy
- 16.x # legacy
- 18.x # current LTS
- 20.x # current active
fail-fast: false
steps:
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Check out code
uses: actions/checkout@v2
- name: Download build directory
uses: actions/download-artifact@v2
with:
name: build
- name: Unpack build directory
run: |
tar xf build.tgz
# Remove configuration of "build-wasmthemis" job.
# We have a different Node.js here and we're not in Emscripten env.
rm build/configure.mk
- name: Run test suite (WasmThemis)
run: make test_wasm
examples:
name: Code examples
runs-on: ubuntu-20.04
needs: build-wasmthemis
strategy:
matrix:
node-version:
- 12.x # legacy
- 14.x # legacy
- 16.x # legacy
- 18.x # current LTS
- 20.x # current active
fail-fast: false
env:
# WasmThemis uses promises to handle asynchronous WebAssmebly compilation.
# Node.js by default prints a warning if the top-level promise is rejected.
# Make it rethrow the exception failing the tests in this case.
# "--unhandled-rejections" is supported since Node.js v12.0.0, v10.17.0
NODE_OPTIONS: --unhandled-rejections=strict
steps:
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Check out code
uses: actions/checkout@v2
- name: Download build directory
uses: actions/download-artifact@v2
with:
name: build
- name: Unpack build directory
run: tar xf build.tgz
- name: Install WasmThemis
run: |
npm install ./build/wasm-themis.tgz
- name: Test examples (keygen, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test keygen..."
node secure_keygen.js
echo "ok"
- name: Test examples (keygen, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test keygen..."
node secure_keygen.mjs
echo "ok"
- name: Test examples (Secure Cell, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Cell..."
node secure_cell.js
echo "ok"
- name: Test examples (Secure Cell, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Cell..."
node secure_cell.mjs
echo "ok"
- name: Test examples (Secure Message, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Message..."
alice=($(node secure_keygen.js | cut -c 14-))
bob=($(node secure_keygen.js | cut -c 14-))
enc=$(node secure_message.js enc "${alice[0]}" "${bob[1]}" message)
dec=$(node secure_message.js dec "${bob[0]}" "${alice[1]}" "$enc")
test "$dec" = "message"
echo "ok"
- name: Test examples (Secure Message, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Message..."
alice=($(node secure_keygen.mjs | cut -c 14-))
bob=($(node secure_keygen.mjs | cut -c 14-))
enc=$(node secure_message.mjs enc "${alice[0]}" "${bob[1]}" message)
dec=$(node secure_message.mjs dec "${bob[0]}" "${alice[1]}" "$enc")
test "$dec" = "message"
echo "ok"
- name: Test examples (Secure Session, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Session..."
node secure_session_server.js | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_session_client.js | tee client-output.txt
killall node
grep -q 'Hello' server-output.txt
grep -q 'Hello' client-output.txt
echo "ok"
- name: Test examples (Secure Session, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Session..."
node secure_session_server.mjs | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_session_client.mjs | tee client-output.txt
killall node
grep -q 'Hello' server-output.txt
grep -q 'Hello' client-output.txt
echo "ok"
- name: Test examples (Secure Comparator, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Comparator..."
node secure_comparator_server.js | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_comparator_client.js | tee client-output.txt
killall node
grep -q 'compare equal: true' server-output.txt
grep -q 'compare equal: true' client-output.txt
echo "ok"
- name: Test examples (Secure Comparator, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Comparator..."
node secure_comparator_server.mjs | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_comparator_client.mjs | tee client-output.txt
killall node
grep -q 'compare equal: true' server-output.txt
grep -q 'compare equal: true' client-output.txt
echo "ok"
- name: Test tools (keygen, ES5)
if: always()
run: |
echo "Test keygen..."
node ./tools/js/wasm-themis/keygen.js
test -e key
test -e key.pub
rm key key.pub
echo "ok"
- name: Test tools (keygen, ES6)
if: always()
run: |
echo "Test keygen..."
node ./tools/js/wasm-themis/keygen.mjs
test -e key
test -e key.pub
rm key key.pub
echo "ok"
- name: Test tools (Secure Cell, ES5)
if: always()
run: |
echo "Test Secure Cell (Seal)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo.js \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo.js \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Seal + passphrase)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.js \
enc "passphrase" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.js \
dec "passphrase" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Token Protect)..."
enc=$(node ./tools/js/wasm-themis/scell_token_string_echo.js \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_token_string_echo.js \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Context Imprint)..."
enc=$(node ./tools/js/wasm-themis/scell_context_string_echo.js \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_context_string_echo.js \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
- name: Test tools (Secure Cell, ES6)
if: always()
run: |
echo "Test Secure Cell (Seal)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo.mjs \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo.mjs \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Seal + passphrase)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.mjs \
enc "passphrase" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.mjs \
dec "passphrase" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Token Protect)..."
enc=$(node ./tools/js/wasm-themis/scell_token_string_echo.mjs \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_token_string_echo.mjs \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Context Imprint)..."
enc=$(node ./tools/js/wasm-themis/scell_context_string_echo.mjs \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_context_string_echo.mjs \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
- name: Test tools (Secure Message, ES5)
if: always()
run: |
echo "Test Secure Message (encryption)..."
enc=$(node ./tools/js/wasm-themis/smessage_encryption.js \
enc ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"your secure message")
dec=$(node ./tools/js/wasm-themis/smessage_encryption.js \
dec ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"$enc")
test "$dec" = "your secure message"
echo "ok"
- name: Test tools (Secure Message, ES6)
if: always()
run: |
echo "Test Secure Message (encryption)..."
enc=$(node ./tools/js/wasm-themis/smessage_encryption.mjs \
enc ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"your secure message")
dec=$(node ./tools/js/wasm-themis/smessage_encryption.mjs \
dec ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"$enc")
test "$dec" = "your secure message"
echo "ok"