KEM: Key-Encapsulation Mechanisms API Support #1148
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: | |
| - '*' | |
| env: | |
| RUST_BACKTRACE: 1 | |
| # We can pin the version if nightly is too unstable. | |
| # Otherwise, we test against the latest version. | |
| RUST_NIGHTLY_TOOLCHAIN: nightly | |
| # Mirai version tag, updates this whenever a new version | |
| # is released. | |
| MIRAI_TOOLCHAIN: nightly-2023-05-09 | |
| MIRAI_TAG: v1.1.8 | |
| jobs: | |
| rustfmt: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| profile: minimal | |
| override: true | |
| components: rustfmt | |
| - name: Run cargo fmt | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: fmt | |
| args: -- --check --verbose | |
| clippy: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ] | |
| features: | |
| - "--features bindgen" | |
| - "--features bindgen,fips" | |
| exclude: | |
| - crate_dir: aws-lc-sys | |
| features: "--features bindgen,fips" | |
| - crate_dir: aws-lc-fips-sys | |
| features: "--features bindgen,fips" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| profile: minimal | |
| override: true | |
| components: clippy | |
| - name: Run cargo clippy | |
| working-directory: ${{ matrix.crate_dir }} | |
| run: cargo clippy ${{ matrix.features }} --all-targets -- -W clippy::all -W clippy::pedantic -D warnings | |
| apidiff: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ] | |
| diff_target: [ "branch", "published" ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: nightly-2023-08-25 | |
| profile: minimal | |
| override: true | |
| - name: Install cargo-public-api | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: install | |
| args: cargo-public-api | |
| - name: Perform API Diff (Target Branch) | |
| if: matrix.diff_target == 'branch' | |
| working-directory: ${{ matrix.crate_dir }} | |
| run: cargo public-api diff --deny changed --deny removed ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | |
| - name: Perform API Diff (Published) | |
| if: matrix.diff_target == 'published' | |
| working-directory: ${{ matrix.crate_dir }} | |
| shell: bash | |
| run: | | |
| CRATE_NAME="${{ matrix.crate_dir }}" | |
| CRATE_VERSION=$(cargo search --limit 1 ${CRATE_NAME} | head -n 1 | sed -e 's/[^"]*"\([^"]*\)".*/\1/') | |
| cargo public-api diff --deny changed --deny removed "${CRATE_VERSION}" | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout Repository' | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - name: 'Dependency Review' | |
| uses: actions/dependency-review-action@v3 | |
| with: | |
| allow-licenses: Apache-2.0, ISC, MIT, MIT-0 | |
| udeps: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| profile: minimal | |
| override: true | |
| - name: Install cargo-udeps | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: install | |
| args: cargo-udeps | |
| - name: Run cargo udeps | |
| # we only use openssl when the openssl-benchmarks feature is enabled. | |
| # openssl is a dev-dependency so it can't be optional. | |
| run: cargo udeps --workspace --all-targets --features openssl-benchmarks | |
| env: | |
| RUSTC_WRAPPER: "" | |
| aws-lc-rs-cross-test: | |
| name: aws-lc-rs cross tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ 1.72.1 ] # TODO: return to stable | |
| os: [ ubuntu-latest ] | |
| target: | |
| - arm-unknown-linux-gnueabihf | |
| - aarch64-unknown-linux-gnu | |
| - i686-unknown-linux-gnu | |
| - powerpc64le-unknown-linux-gnu | |
| - riscv64gc-unknown-linux-gnu | |
| - arm-linux-androideabi | |
| - armv7-linux-androideabi | |
| - aarch64-linux-android | |
| - powerpc64-unknown-linux-gnu | |
| - powerpc-unknown-linux-gnu | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| target: ${{ matrix.target }} | |
| - name: Install cross | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: install | |
| args: cross --git https://github.com/cross-rs/cross | |
| - name: Cross-compilation | |
| if: ${{ matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'i686-unknown-linux-gnu' }} | |
| working-directory: ./aws-lc-rs | |
| run: cross test --features unstable --target ${{ matrix.target }} | |
| - name: Cross-compilation w/ bindgen | |
| working-directory: ./aws-lc-rs | |
| run: cross test --release --features bindgen,unstable --target ${{ matrix.target }} | |
| aws-lc-rs-platform-build: | |
| name: Cross-platform build | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ macos-13-xlarge ] | |
| target: [ aarch64-apple-ios-sim ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| target: ${{ matrix.target }} | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test --features bindgen,unstable --target ${{ matrix.target }} | |
| env: | |
| DYLD_ROOT_PATH: "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot" | |
| sys-crate-tests: | |
| name: sys crate tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-12 ] | |
| features: [ aws-lc-sys, aws-lc-fips-sys ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Run cargo test | |
| working-directory: ./sys-testing | |
| run: cargo test --features ${{ matrix.features }} --no-default-features | |
| - name: Run cargo run | |
| working-directory: ./sys-testing | |
| run: cargo run --features ${{ matrix.features }} --no-default-features | |
| aws-lc-rs-test: | |
| name: aws-lc-rs tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| args: | |
| - --all-targets --features unstable | |
| - --release --all-targets --features unstable | |
| - --no-default-features --features non-fips,unstable | |
| - --no-default-features --features non-fips,ring-io,unstable | |
| - --no-default-features --features non-fips,ring-sig-verify,unstable | |
| - --no-default-features --features non-fips,alloc,unstable | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} | |
| - name: Run extra tests | |
| working-directory: ./aws-lc-rs-testing | |
| run: cargo test --all-targets | |
| fips-test: | |
| name: aws-lc-rs fips-tests | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| CC: clang | |
| CXX: clang++ | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| args: | |
| - --release --all-targets --features fips,unstable | |
| - --no-default-features --features fips,unstable | |
| - --no-default-features --features fips,ring-io,unstable | |
| - --no-default-features --features fips,ring-sig-verify,unstable | |
| - --no-default-features --features fips,alloc,unstable | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| # Doc-tests fail to link with dynamic build | |
| # See: https://github.com/rust-lang/cargo/issues/8531 | |
| run: cargo test --tests ${{ matrix.args }} | |
| - name: Run cargo test w/ environment | |
| working-directory: ./aws-lc-rs | |
| if: ${{ matrix.envs }} | |
| run: env ${{ matrix.envs }} cargo test --tests ${{ matrix.args }} | |
| bindgen-test: | |
| name: aws-lc-rs bindgen-tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| args: | |
| - --no-default-features --features aws-lc-sys,bindgen,unstable | |
| - --release --all-targets --features bindgen,unstable | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} | |
| windows-test: | |
| name: aws-lc-rs windows-tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ windows-2019 ] | |
| args: | |
| - --all-targets --features unstable | |
| - --all-targets --features bindgen,unstable | |
| - --release --all-targets --features unstable | |
| - --no-default-features --features non-fips,unstable | |
| - --no-default-features --features non-fips,ring-io,unstable | |
| - --no-default-features --features non-fips,ring-sig-verify,unstable | |
| - --no-default-features --features non-fips,alloc,unstable | |
| steps: | |
| - uses: ilammy/setup-nasm@v1 | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} | |
| publish-dry-run: | |
| name: publish dry-run | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ windows-2019, ubuntu-latest, macos-12, macos-13-xlarge ] | |
| args: | |
| - publish --dry-run | |
| steps: | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - run: go version | |
| - if: ${{ matrix.os == 'windows-2019' }} | |
| uses: ilammy/setup-nasm@v1 | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| override: true | |
| - name: aws-lc-sys | |
| working-directory: ./aws-lc-sys | |
| run: cargo ${{ matrix.args }} | |
| - name: aws-lc-fips-sys | |
| if: ${{ matrix.os != 'windows-2019' }} | |
| working-directory: ./aws-lc-fips-sys | |
| run: cargo ${{ matrix.args }} | |
| - name: aws-lc-rs | |
| working-directory: ./aws-lc-rs | |
| run: cargo ${{ matrix.args }} | |
| aws-lc-rs-coverage: | |
| name: aws-ls-rs coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| lfs: true | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| override: true | |
| components: llvm-tools-preview | |
| - name: Install cargo-llvm-cov | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: install | |
| args: cargo-llvm-cov | |
| - name: Run coverage | |
| working-directory: ./aws-lc-rs | |
| run: cargo llvm-cov --workspace --features unstable --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --lcov --output-path ${{ runner.temp }}/lcov.info | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v3 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| file: ${{ runner.temp }}/lcov.info | |
| mirai-analysis: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| lfs: true | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.MIRAI_TOOLCHAIN }} | |
| profile: minimal | |
| components: rust-src, rustc-dev, llvm-tools-preview | |
| - name: Cache Cargo | |
| uses: actions/[email protected] | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-mirai-${{ env.MIRAI_TAG }} | |
| # https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md#installing-mirai-into-cargo | |
| - name: Install MIRAI | |
| run: | | |
| MIRAI_TMP_SRC=$(mktemp -d) | |
| git clone --depth 1 --branch ${{ env.MIRAI_TAG }} https://github.com/facebookexperimental/MIRAI.git ${MIRAI_TMP_SRC} | |
| pushd ${MIRAI_TMP_SRC} | |
| cargo install --force --path ./checker --no-default-features | |
| popd | |
| rm -rf ${MIRAI_TMP_SRC} | |
| - name: Run MIRAI | |
| working-directory: ./aws-lc-rs | |
| run: | | |
| cargo mirai | |
| aws-lc-rs-asan: | |
| name: aws-lc-rs asan | |
| strategy: | |
| matrix: | |
| args: | |
| - | |
| - --release | |
| features: | |
| - --features asan | |
| - --no-default-features --features fips,asan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| override: true | |
| - name: Run address sanitizers | |
| env: | |
| ASAN_OPTIONS: detect_leaks=1 | |
| RUSTFLAGS: -Zsanitizer=address | |
| RUSTDOCFLAGS: -Zsanitizer=address | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan | |
| s2n-quic-integration: | |
| name: s2n-quic-integration | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Run s2n-quic integration | |
| working-directory: ./aws-lc-rs | |
| run: | | |
| ./scripts/run-s2n-quic-integration.sh | |
| rustls-integration: | |
| name: rustls-integration | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Install cargo-download | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: install | |
| args: cargo-download | |
| - name: Run rustls integration | |
| working-directory: ./aws-lc-rs | |
| run: | | |
| ./scripts/run-rustls-integration.sh | |
| semver-checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - name: Check semver (Default Features) | |
| uses: obi1kenobi/cargo-semver-checks-action@v2 | |
| with: | |
| package: aws-lc-rs | |
| feature-group: default-features | |
| - name: Check semver (FIPS) | |
| uses: obi1kenobi/cargo-semver-checks-action@v2 | |
| with: | |
| package: aws-lc-rs | |
| feature-group: only-explicit-features | |
| features: fips | |
| copyright: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Check | |
| run: | | |
| ./scripts/tools/copyright_check.sh | |
| build-env-test: | |
| name: aws-lc-rs build-env-test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| static: [ 0, 1 ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| # Doc-tests fail to link with dynamic build | |
| # See: https://github.com/rust-lang/cargo/issues/8531 | |
| run: AWS_LC_SYS_STATIC=${{ matrix.static }} cargo test --tests | |
| build-env-fips-test: | |
| name: aws-lc-rs build-env-fips-test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
| static: [ 0, 1 ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| override: true | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }} | |
| # Doc-tests fail to link with dynamic build | |
| # See: https://github.com/rust-lang/cargo/issues/8531 | |
| run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips | |
| msrv: | |
| name: Minimum Supported Rust Version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| lfs: true | |
| - name: Install cargo-msrv | |
| uses: actions-rs/[email protected] | |
| with: | |
| command: install | |
| args: cargo-msrv | |
| - name: Verify msrv | |
| working-directory: ./aws-lc-rs | |
| run: cargo msrv verify | |
| minimal-versions: | |
| name: Resolve the dependencies to the minimum SemVer version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: 'recursive' | |
| lfs: true | |
| - uses: actions-rs/[email protected] | |
| id: toolchain | |
| with: | |
| toolchain: nightly | |
| override: true | |
| - name: Setup to use minimal versions | |
| working-directory: ./aws-lc-rs | |
| run: cargo update -Z minimal-versions | |
| - name: Build with minimal versions | |
| working-directory: ./aws-lc-rs | |
| run: cargo --locked check | |