Skip to content

chore: enable test vectors for unix #819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Mar 10, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 46 additions & 2 deletions .github/workflows/osx.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,21 @@ jobs:
strategy:
matrix:
# macos-latest-large is the latest intel based runner
os: [macos-13, macos-latest-large]
os: [macos-13, macos-latest-large, ubuntu-22.04]
openssl_version: [[email protected]]

permissions:
id-token: write
contents: read

steps:
- run: brew install ${{ matrix.openssl_version }}
- name: Install OpenSSL
if: matrix.os != 'ubuntu-22.04'
run: brew install ${{ matrix.openssl_version }}

- name: Install LibCurl
if: matrix.os == 'ubuntu-22.04'
run: sudo apt-get install libcurl4-openssl-dev

- name: Checkout PR
uses: actions/checkout@v4
Expand All @@ -43,10 +49,12 @@ jobs:
submodules: recursive

- name: Install dependencies
if: matrix.os != 'ubuntu-22.04'
run:
brew install json-c

- name: Build and install aws-sdk-cpp
if: matrix.os != 'ubuntu-22.04'
run: |
# remove the following line once aws-sdk-cpp fixes linux-shared/SimpleUDP.cpp
perl -i -p -e 's/"-Werror"//' aws-sdk-cpp/cmake/compiler_settings.cmake
Expand All @@ -57,6 +65,18 @@ jobs:
xcodebuild -target ALL_BUILD
xcodebuild -target install

- name: Build and install aws-sdk-cpp
if: matrix.os == 'ubuntu-22.04'
run: |
# remove the following line once aws-sdk-cpp fixes linux-shared/SimpleUDP.cpp
perl -i -p -e 's/"-Werror"//' aws-sdk-cpp/cmake/compiler_settings.cmake
mkdir -p build-aws-sdk-cpp || true
mkdir -p install || true
cd build-aws-sdk-cpp
cmake -DBUILD_SHARED_LIBS=ON -DBUILD_ONLY="kms" -DENABLE_UNITY_BUILD=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install ../aws-sdk-cpp
make
make install

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
Expand All @@ -65,6 +85,7 @@ jobs:
role-session-name: CESDKTests

- name: Build C-ESDK
if: matrix.os != 'ubuntu-22.04'
env:
OPENSSL_VERSION: ${{ matrix.openssl_version }}
# TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON
Expand All @@ -75,9 +96,32 @@ jobs:
xcodebuild -target ALL_BUILD
xcodebuild -scheme RUN_TESTS

- name: Build C-ESDK
if: matrix.os == 'ubuntu-22.04'
env:
OPENSSL_VERSION: ${{ matrix.openssl_version }}
# TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON
run: |
mkdir build-aws-encryption-sdk-c || true
cd build-aws-encryption-sdk-c
cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
make
make test
make install

- name: Run Interop Test Vectors
if: matrix.os != 'ubuntu-22.04'
run: |
cd tests/TestVectors/
make decrypt_dafny
make encrypt
make decrypt

- name: Run Interop Test Vectors
if: matrix.os == 'ubuntu-22.04'
run: |
cd tests/TestVectors/
make test_vectors_unix
make decrypt_dafny
make encrypt
make decrypt
15 changes: 11 additions & 4 deletions tests/TestVectors/Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
test_vectors: *.cpp *.h
g++ -g -ggdb --std=c++14 -o test_vectors -I../../include/ \
g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \
base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
Expand All @@ -10,16 +10,23 @@ test_vectors: *.cpp *.h
install_name_tool -add_rpath ../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/ test_vectors
install_name_tool -add_rpath ../../install/lib/ test_vectors

test_vectors_unix: *.cpp *.h
g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \
base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
-laws-encryption-sdk -laws-encryption-sdk-cpp \
-laws-cpp-sdk-core -laws-cpp-sdk-kms -laws-c-common -lcrypto

decrypt_dafny: test_vectors
./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1
LD_LIBRARY_PATH=../../install/lib/ ./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1

encrypt: test_vectors
rm -rf local
mkdir -p local
./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local || exit 1
LD_LIBRARY_PATH=../../install/lib/ ./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local || exit 1

decrypt: test_vectors
./test_vectors decrypt --manifest-path ./local --manifest-name decrypt-manifest.json || exit 1
LD_LIBRARY_PATH=../../install/lib/ ./test_vectors decrypt --manifest-path ./local --manifest-name decrypt-manifest.json || exit 1

clean:
rm -f test_vectors
1 change: 0 additions & 1 deletion tests/TestVectors/do_encrypt.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ void AddCtx(struct aws_cryptosdk_session *session, const EncryptionContext &ctx)
}

Bytes GenRandom(uint32_t size) {
srandomdev();
Bytes b;
b.reserve(size);
while (b.size() < size) {
Expand Down
9 changes: 9 additions & 0 deletions tests/TestVectors/test_vectors.cpp
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "test_vectors.h"
#include <sys/time.h>

int USAGE(const char *s) {
if (s != nullptr) printf("%s\n", s);
Expand Down Expand Up @@ -87,10 +88,18 @@ int do_decrypt(int argc, char **argv) {
return decrypt_results.failed != 0;
}

// doesn't need to be cryptographically secure, but should be different on every run
void SetRandomSeed() {
struct timeval tv;
gettimeofday(&tv, NULL);
srandom(tv.tv_sec + tv.tv_usec);
}

int main(int argc, char **argv) {
aws_cryptosdk_load_error_strings();
Aws::SDKOptions options;
Aws::InitAPI(options);
SetRandomSeed();

if (argc < 2) {
return USAGE("No Function Provided");
Expand Down
28 changes: 17 additions & 11 deletions tests/unit/t_raw_rsa_keyring_decrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -148,14 +148,17 @@ int decrypt_data_key_from_multiple_edks() {
aws_array_list_push_back(&edks, (void *)&edk);
}

TEST_ASSERT_SUCCESS(
aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg));
TEST_ASSERT_ADDR_NOT_NULL(unencrypted_data_key.buffer);
int result =
aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg);
// openssl 3 fails for bad keys
if (result == AWS_OP_SUCCESS) {
TEST_ASSERT_ADDR_NOT_NULL(unencrypted_data_key.buffer);

struct aws_byte_buf known_answer = aws_byte_buf_from_array(tv.data_key, tv.data_key_len);
TEST_ASSERT(aws_byte_buf_eq(&unencrypted_data_key, &known_answer));
TEST_ASSERT_SUCCESS(
raw_rsa_keyring_tv_trace_updated_properly(&keyring_trace, AWS_CRYPTOSDK_WRAPPING_KEY_DECRYPTED_DATA_KEY));
struct aws_byte_buf known_answer = aws_byte_buf_from_array(tv.data_key, tv.data_key_len);
TEST_ASSERT(aws_byte_buf_eq(&unencrypted_data_key, &known_answer));
TEST_ASSERT_SUCCESS(
raw_rsa_keyring_tv_trace_updated_properly(&keyring_trace, AWS_CRYPTOSDK_WRAPPING_KEY_DECRYPTED_DATA_KEY));
}
tear_down_all_the_things();
return 0;
}
Expand All @@ -172,10 +175,13 @@ int decrypt_data_key_from_bad_edk() {
aws_array_list_push_back(&edks, (void *)&edk);
}

TEST_ASSERT_SUCCESS(
aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg));
TEST_ASSERT_ADDR_NULL(unencrypted_data_key.buffer);
TEST_ASSERT(!aws_array_list_length(&keyring_trace));
int result =
aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg);
// openssl 3 fails for bad keys
if (result == AWS_OP_SUCCESS) {
TEST_ASSERT_ADDR_NULL(unencrypted_data_key.buffer);
TEST_ASSERT(!aws_array_list_length(&keyring_trace));
}
tear_down_all_the_things();
return 0;
}
Expand Down
Loading