Skip to content

Expose accessors for private/public key on elliptic curve keys #950

Expose accessors for private/public key on elliptic curve keys

Expose accessors for private/public key on elliptic curve keys #950

Workflow file for this run

name: ci
on:
push:
branches: [ main ]
pull_request:
branches:
- '*'
env:
RUST_BACKTRACE: 1
# We can pin the version if nightly is too unstable.
# Otherwise, we test against the latest version.
RUST_NIGHTLY_TOOLCHAIN: nightly
# Mirai version tag, updates this whenever a new version
# is released.
MIRAI_TOOLCHAIN: nightly-2023-05-09
MIRAI_TAG: v1.1.8
jobs:
rustfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
components: rustfmt
- name: Run cargo fmt
uses: actions-rs/cargo@v1.0.3
with:
command: fmt
args: -- --check --verbose
clippy:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ]
features:
- "--features bindgen"
- "--features bindgen,fips"
exclude:
- crate_dir: aws-lc-sys
features: "--features bindgen,fips"
- crate_dir: aws-lc-fips-sys
features: "--features bindgen,fips"
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
components: clippy
- name: Run cargo clippy
working-directory: ${{ matrix.crate_dir }}
run: cargo clippy ${{ matrix.features }} --all-targets -- -W clippy::all -W clippy::pedantic -D warnings
apidiff:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ]
diff_target: [ "branch", "published" ]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: nightly-2023-08-25
profile: minimal
override: true
- name: Install cargo-public-api
uses: actions-rs/cargo@v1.0.3
with:
command: install
args: cargo-public-api
- name: Perform API Diff (Target Branch)
if: matrix.diff_target == 'branch'
working-directory: ${{ matrix.crate_dir }}
run: cargo public-api diff --deny changed --deny removed ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}
- name: Perform API Diff (Published)
if: matrix.diff_target == 'published'
working-directory: ${{ matrix.crate_dir }}
shell: bash
run: |
CRATE_NAME="${{ matrix.crate_dir }}"
CRATE_VERSION=$(cargo search --limit 1 ${CRATE_NAME} | head -n 1 | sed -e 's/[^"]*"\([^"]*\)".*/\1/')
cargo public-api diff --deny changed --deny removed "${CRATE_VERSION}"
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
allow-licenses: Apache-2.0, ISC, MIT, MIT-0
udeps:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
- name: Install cargo-udeps
uses: actions-rs/cargo@v1.0.3
with:
command: install
args: cargo-udeps
- name: Run cargo udeps
# we only use openssl when the openssl-benchmarks feature is enabled.
# openssl is a dev-dependency so it can't be optional.
run: cargo udeps --workspace --all-targets --features openssl-benchmarks
env:
RUSTC_WRAPPER: ""
aws-lc-rs-cross-test:
name: aws-lc-rs cross tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ 1.72.1 ] # TODO: return to stable
os: [ ubuntu-latest ]
target:
- arm-unknown-linux-gnueabihf
- aarch64-unknown-linux-gnu
- i686-unknown-linux-gnu
- powerpc64le-unknown-linux-gnu
- riscv64gc-unknown-linux-gnu
- arm-linux-androideabi
- armv7-linux-androideabi
- aarch64-linux-android
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
target: ${{ matrix.target }}
- name: Install cross
uses: actions-rs/cargo@v1.0.3
with:
command: install
args: cross --git https://github.com/cross-rs/cross
- name: Cross-compilation
if: ${{ matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'i686-unknown-linux-gnu' }}
working-directory: ./aws-lc-rs
run: cross test --target ${{ matrix.target }}
- name: Cross-compilation w/ bindgen
working-directory: ./aws-lc-rs
run: cross test --release --features bindgen --target ${{ matrix.target }}
aws-lc-rs-platform-build:
name: Cross-platform build
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ macos-13-xlarge ]
target: [ aarch64-apple-ios-sim ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
target: ${{ matrix.target }}
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test --features bindgen --target ${{ matrix.target }}
env:
DYLD_ROOT_PATH: "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot"
aws-lc-rs-test:
name: aws-lc-rs tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
args:
- --all-targets
- --release --all-targets
- --no-default-features --features non-fips
- --no-default-features --features non-fips,ring-io
- --no-default-features --features non-fips,ring-sig-verify
- --no-default-features --features non-fips,alloc
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }}
- name: Run extra tests
working-directory: ./aws-lc-rs-testing
run: cargo test --all-targets
fips-test:
name: aws-lc-rs fips-tests
runs-on: ${{ matrix.os }}
env:
CC: clang
CXX: clang++
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
args:
- --release --all-targets --features fips
- --no-default-features --features fips
- --no-default-features --features fips,ring-io
- --no-default-features --features fips,ring-sig-verify
- --no-default-features --features fips,alloc
- --no-default-features --features fips,bindgen
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test
working-directory: ./aws-lc-rs
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: cargo test --tests ${{ matrix.args }}
bindgen-test:
name: aws-lc-rs bindgen-tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
args:
- --no-default-features --features aws-lc-sys,bindgen
- --release --all-targets --features bindgen
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }}
windows-test:
name: aws-lc-rs windows-tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ windows-2019 ]
args:
- --all-targets
- --all-targets --features bindgen
- --release --all-targets
- --no-default-features --features non-fips
- --no-default-features --features non-fips,ring-io
- --no-default-features --features non-fips,ring-sig-verify
- --no-default-features --features non-fips,alloc
steps:
- uses: ilammy/setup-nasm@v1
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
- name: Run cargo test
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }}
publish-dry-run:
name: publish dry-run
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ windows-2019, ubuntu-latest, macos-12, macos-13-xlarge ]
args:
- publish --dry-run
steps:
- if: ${{ matrix.os == 'windows-2019' }}
uses: ilammy/setup-nasm@v1
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
- name: aws-lc-sys
working-directory: ./aws-lc-sys
run: cargo ${{ matrix.args }}
- name: aws-lc-fips-sys
if: ${{ matrix.os != 'windows-2019' }}
working-directory: ./aws-lc-fips-sys
run: cargo ${{ matrix.args }}
- name: aws-lc-rs
working-directory: ./aws-lc-rs
run: cargo ${{ matrix.args }}
aws-lc-rs-coverage:
name: aws-ls-rs coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
lfs: true
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
override: true
components: llvm-tools-preview
- name: Install cargo-llvm-cov
uses: actions-rs/cargo@v1.0.3
with:
command: install
args: cargo-llvm-cov
- name: Run coverage
working-directory: ./aws-lc-rs
run: cargo llvm-cov --workspace --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --lcov --output-path ${{ runner.temp }}/lcov.info
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
file: ${{ runner.temp }}/lcov.info
mirai-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
lfs: true
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ env.MIRAI_TOOLCHAIN }}
profile: minimal
components: rust-src, rustc-dev, llvm-tools-preview
- name: Cache Cargo
uses: actions/cache@v3.0.5
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-mirai-${{ env.MIRAI_TAG }}
# https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md#installing-mirai-into-cargo
- name: Install MIRAI
run: |
MIRAI_TMP_SRC=$(mktemp -d)
git clone --depth 1 --branch ${{ env.MIRAI_TAG }} https://github.com/facebookexperimental/MIRAI.git ${MIRAI_TMP_SRC}
pushd ${MIRAI_TMP_SRC}
cargo install --force --path ./checker --no-default-features
popd
rm -rf ${MIRAI_TMP_SRC}
- name: Run MIRAI
working-directory: ./aws-lc-rs
run: |
cargo mirai
aws-lc-rs-asan:
name: aws-lc-rs asan
strategy:
matrix:
args:
-
- --release
features:
- --features asan
- --no-default-features --features fips,asan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
override: true
- name: Run address sanitizers
env:
ASAN_OPTIONS: detect_leaks=1
RUSTFLAGS: -Zsanitizer=address
RUSTDOCFLAGS: -Zsanitizer=address
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan
s2n-quic-integration:
name: s2n-quic-integration
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: stable
override: true
- name: Run s2n-quic integration
working-directory: ./aws-lc-rs
run: |
./scripts/run-s2n-quic-integration.sh
rustls-integration:
name: rustls-integration
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: stable
override: true
- name: Run rustls integration
working-directory: ./aws-lc-rs
run: |
./scripts/run-rustls-integration.sh
copyright:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check
run: |
./scripts/tools/copyright_check.sh
build-env-test:
name: aws-lc-rs build-env-test
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
static: [ 0, 1 ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: stable
override: true
- name: Run cargo test
working-directory: ./aws-lc-rs
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: AWS_LC_SYS_STATIC=${{ matrix.static }} cargo test --tests
build-env-fips-test:
name: aws-lc-rs build-env-fips-test
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-12, macos-13-xlarge ]
static: [ 0, 1 ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: actions-rs/toolchain@v1.0.7
id: toolchain
with:
toolchain: stable
override: true
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test
working-directory: ./aws-lc-rs
if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }}
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips
msrv:
name: Minimum Supported Rust Version
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
lfs: true
- name: Install cargo-msrv
uses: actions-rs/cargo@v1.0.3
with:
command: install
args: cargo-msrv
- name: Verify msrv
working-directory: ./aws-lc-rs
run: cargo msrv verify