From 3117b0cb97fcc2636be1c74b651d402fb2adad6c Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:15:31 -0800 Subject: [PATCH] chore(test-vectors): Decrypt .NET Retry flag manifests using Rust (#721) --- .github/workflows/library_net_tests.yml | 2 +- .github/workflows/library_rust_tests.yml | 149 ++++++++++++++---- .../dafny/TestVectors/test/RunMain.dfy | 2 +- 3 files changed, 123 insertions(+), 30 deletions(-) diff --git a/.github/workflows/library_net_tests.yml b/.github/workflows/library_net_tests.yml index 49e56e2c8..c50c854e6 100644 --- a/.github/workflows/library_net_tests.yml +++ b/.github/workflows/library_net_tests.yml @@ -165,7 +165,7 @@ jobs: with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 - role-session-name: NetTests + role-session-name: NetTestVectors - name: Setup .NET Core SDK 6 uses: actions/setup-dotnet@v3 diff --git a/.github/workflows/library_rust_tests.yml b/.github/workflows/library_rust_tests.yml index 84b9e08c1..c0ffca8b1 100644 --- a/.github/workflows/library_rust_tests.yml +++ b/.github/workflows/library_rust_tests.yml @@ -19,6 +19,7 @@ jobs: strategy: fail-fast: false matrix: + library: [AwsEncryptionSDK] os: [ windows-latest, ubuntu-latest, @@ -53,11 +54,11 @@ jobs: # TODO - uncomment this after Rust formatter works # - name: Rustfmt Check # uses: actions-rust-lang/rustfmt@v1 - + - name: Setup Dafny uses: dafny-lang/setup-dafny-action@v1.7.0 with: - dafny-version: 4.9.0 + dafny-version: ${{ inputs.dafny }} # TODO: Remove this after the formatting in Rust starts working - name: smithy-dafny Rust hacks @@ -87,59 +88,151 @@ jobs: uses: ./.github/actions/polymorph_codegen with: dafny: ${{ env.DAFNY_VERSION }} - library: AwsEncryptionSDK + library: ${{ matrix.library }} diff-generated-code: false update-and-regenerate-mpl: true # TODO: Remove this after checking in Rust polymorph code + # Also uncomment rust check_polymorph_diff for Rust in .github/actions/polymorph_codegen/action.yml - name: Run make polymorph_rust shell: bash - working-directory: ./AwsEncryptionSDK + working-directory: ${{ matrix.library }} run: | make polymorph_rust - - name: Compile AwsEncryptionSDK implementation + - name: Compile ${{ matrix.library }} implementation shell: bash - working-directory: ./AwsEncryptionSDK + working-directory: ${{ matrix.library }} run: | # This works because `node` is installed by default on GHA runners CORES=$(node -e 'console.log(os.cpus().length)') make transpile_rust CORES=$CORES - # Remove Rust hacks once Dafny fixes this - - name: Update implementation_from_dafny.rs to add deps - shell: bash - working-directory: ./AwsEncryptionSDK/runtimes/rust/src - run: | - if [ "$RUNNER_OS" == "macOS" ]; then - sed -i '' '/pub use types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;/a\ - pub use crate::deps::aws_cryptography_materialProviders;\ - pub use crate::deps::aws_cryptography_keyStore;\ - pub use crate::deps::com_amazonaws_kms; - ' implementation_from_dafny.rs - else - sed -i '/pub use types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;/a\ - pub use crate::deps::aws_cryptography_materialProviders;\ - pub use crate::deps::aws_cryptography_keyStore;\ - pub use crate::deps::com_amazonaws_kms; - ' implementation_from_dafny.rs - fi - - name: Test Linter for Rust examples and implementation_from_dafny.rs - working-directory: ./AwsEncryptionSDK/runtimes/rust + working-directory: ${{ matrix.library }}/runtimes/rust shell: bash run: | cargo clippy cargo clippy --example main - name: Test Rust - working-directory: ./AwsEncryptionSDK + working-directory: ${{ matrix.library }} shell: bash run: | make test_rust - name: Test Examples for Rust - working-directory: ./AwsEncryptionSDK/runtimes/rust + working-directory: ${{ matrix.library }}/runtimes/rust shell: bash run: | cargo test --release --examples + + testVectors: + strategy: + fail-fast: false + matrix: + library: [TestVectors] + os: [ + # Sed script doesn't work properly on windows + # windows-latest, + ubuntu-latest, + macos-13, + ] + runs-on: ${{ matrix.os }} + permissions: + id-token: write + contents: read + steps: + - name: Support longpaths on Git checkout + run: | + git config --global core.longpaths true + - uses: actions/checkout@v3 + - name: Init Submodules + shell: bash + run: | + git submodule update --init libraries + git submodule update --init --recursive mpl + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: RustTestVectors + + - name: Setup Rust Toolchain for GitHub CI + uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + with: + components: rustfmt + # TODO - uncomment this after Rust formatter works + # - name: Rustfmt Check + # uses: actions-rust-lang/rustfmt@v1 + + - name: Setup Dafny + uses: dafny-lang/setup-dafny-action@v1.7.0 + with: + dafny-version: ${{ inputs.dafny }} + + # TODO: Remove this after the formatting in Rust starts working + - name: smithy-dafny Rust hacks + shell: bash + run: | + if [ "$RUNNER_OS" == "macOS" ]; then + sed -i '' 's|rustfmt --edition 2021 runtimes/rust/src/implementation_from_dafny.rs|#&|' mpl/smithy-dafny/SmithyDafnyMakefile.mk + else + sed -i 's|rustfmt --edition 2021 runtimes/rust/src/implementation_from_dafny.rs|#&|' mpl/smithy-dafny/SmithyDafnyMakefile.mk + fi + + - name: Setup Java 17 for codegen + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: "17" + + - name: Setup NASM for Windows (aws-lc-sys) + if: matrix.os == 'windows-latest' + uses: ilammy/setup-nasm@v1 + + - name: Install Smithy-Dafny codegen dependencies + uses: ./.github/actions/install_smithy_dafny_codegen_dependencies + + - name: Regenerate code using smithy-dafny if necessary + if: ${{ inputs.regenerate-code }} + uses: ./.github/actions/polymorph_codegen + with: + dafny: ${{ env.DAFNY_VERSION }} + library: ${{ matrix.library }} + diff-generated-code: false + update-and-regenerate-mpl: true + + # TODO: Remove this after checking in Rust polymorph code + # Also uncomment rust check_polymorph_diff for Rust in .github/actions/polymorph_codegen/action.yml + - name: Run make polymorph_rust + shell: bash + working-directory: ${{ matrix.library }} + run: | + make polymorph_rust + + - name: Compile ${{ matrix.library }} implementation + shell: bash + working-directory: ${{ matrix.library }} + run: | + # This works because `node` is installed by default on GHA runners + CORES=$(node -e 'console.log(os.cpus().length)') + make transpile_rust CORES=$CORES + + - name: Unzip .NET Retry Flag Manifests + shell: bash + working-directory: TestVectors/dafny/TestVectors/test/ + run: | + unzip invalid-Net-4.0.0.zip -d invalid-Net-4.0.0 + unzip v4-Net-4.0.1.zip -d v4-Net-4.0.1 + unzip valid-Net-4.0.0.zip -d valid-Net-4.0.0 + + - name: Test Rust + working-directory: ${{ matrix.library }} + shell: bash + run: | + # Without this, running test vectors fails due to `fatal runtime error: stack overflow` + export RUST_MIN_STACK=104857600 + make test_rust diff --git a/TestVectors/dafny/TestVectors/test/RunMain.dfy b/TestVectors/dafny/TestVectors/test/RunMain.dfy index f04273a30..533d9fd64 100644 --- a/TestVectors/dafny/TestVectors/test/RunMain.dfy +++ b/TestVectors/dafny/TestVectors/test/RunMain.dfy @@ -60,7 +60,7 @@ module {:extern} TestWrappedESDKMain { ) ); print "ONLY WORRY IF THE ABOVE TESTS PASSED!!! THESE TESTS ARE SUPPOSED TO FAIL!\n"; - print "IF THE TESTS FAIL OTHER THAN A AES GCM TAG VALIDATION EXCEPTION, CUT AN ISSUE.\n"; + print "IF THE TESTS FAIL OTHER THAN A `AES GCM TAG VALIDATION EXCEPTION` or `AES Decrypt : gather Unspecified`, CUT AN ISSUE.\n"; print "IF THE TESTS ALL FAIL IT MEANS THE TEST PASSED!"; expect result.Failure?; }