From e7a0e1d2ca8f6691fc0a42469b1dc9a3a78f5235 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 16 Jul 2025 14:46:45 -0400 Subject: [PATCH 1/2] chore: let interop testing launch N tasks instead of N^2 --- .../library_interop_keyring_test_vectors.yml | 162 +++++++++++++++++- .../library_interop_mkp_test_vectors.yml | 126 +++++++++++++- 2 files changed, 284 insertions(+), 4 deletions(-) diff --git a/.github/workflows/library_interop_keyring_test_vectors.yml b/.github/workflows/library_interop_keyring_test_vectors.yml index cc6e28186..a1590c10d 100644 --- a/.github/workflows/library_interop_keyring_test_vectors.yml +++ b/.github/workflows/library_interop_keyring_test_vectors.yml @@ -311,7 +311,6 @@ jobs: # windows-latest, ubuntu-22.04, ] - encrypting_language: [java, net, rust, python, go, c] decrypting_language: [java, net, rust, python, go, c] # https://taskei.amazon.dev/tasks/CrypTool-5284 dotnet-version: ["6.0.x"] @@ -549,10 +548,169 @@ jobs: CORES=$(node -e 'console.log(os.cpus().length)') make transpile_python CORES=$CORES + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 7200 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_java_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language != 'c' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os == 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_unix + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os != 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_mac + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 7200 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_net_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language != 'c' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os == 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_unix + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os != 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_mac + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 7200 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_rust_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language != 'c' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os == 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_unix + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os != 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_mac + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 7200 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_python_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language != 'c' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os == 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_unix + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os != 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_mac + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 7200 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_go_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language != 'c' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os == 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_unix + + - name: Decrypt Encrypt Manifest + if: matrix.decrypting_language == 'c' && matrix.os != 'ubuntu-22.04' + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_c_mac + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 7200 + - name: Download Encrypt Manifest Artifact uses: actions/download-artifact@v4 with: - name: ${{matrix.os}}_vector_artifact_${{matrix.encrypting_language}}_${{github.sha}} + name: ${{matrix.os}}_vector_artifact_c_${{github.sha}} path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} - name: Decrypt Encrypt Manifest diff --git a/.github/workflows/library_interop_mkp_test_vectors.yml b/.github/workflows/library_interop_mkp_test_vectors.yml index 78d4f22ea..52e841d76 100644 --- a/.github/workflows/library_interop_mkp_test_vectors.yml +++ b/.github/workflows/library_interop_mkp_test_vectors.yml @@ -246,7 +246,6 @@ jobs: # windows-latest, ubuntu-22.04, ] - encrypting_language: [java, net, rust, python, python_mkp, java_mkp, go] decrypting_language: [java, net, rust, python, python_mkp, java_mkp, go] # https://taskei.amazon.dev/tasks/CrypTool-5284 dotnet-version: ["6.0.x"] @@ -404,10 +403,133 @@ jobs: CORES=$(node -e 'console.log(os.cpus().length)') make transpile_python CORES=$CORES + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + - name: Download Encrypt Manifest Artifact uses: actions/download-artifact@v4 with: - name: ${{matrix.os}}_vector_artifact_${{matrix.encrypting_language}}_legacy_format_${{github.sha}} + name: ${{matrix.os}}_vector_artifact_java_legacy_format_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_net_legacy_format_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_rust_legacy_format_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_python_legacy_format_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_python_mkp_legacy_format_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_java_mkp_legacy_format_${{github.sha}} + path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} + + - name: Decrypt Encrypt Manifest + working-directory: ./${{ matrix.library }} + run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}} + + # TestVectors will call KMS + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: InterOpTests + role-duration-seconds: 3600 + + - name: Download Encrypt Manifest Artifact + uses: actions/download-artifact@v4 + with: + name: ${{matrix.os}}_vector_artifact_go_legacy_format_${{github.sha}} path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}} - name: Decrypt Encrypt Manifest From c54e9845f4209d233a9ad3657a2a7e09d992bede Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Thu, 17 Jul 2025 10:21:59 -0400 Subject: [PATCH 2/2] m --- TestVectors/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/TestVectors/Makefile b/TestVectors/Makefile index 424561e66..9ceaf6fe0 100644 --- a/TestVectors/Makefile +++ b/TestVectors/Makefile @@ -365,6 +365,7 @@ test_encrypt_vectors_c_mac: c_test_vectors rm -rf local; \ mkdir -p local; \ LD_LIBRARY_PATH=../../install/lib/ ./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local + rm -rf ./runtimes/c/ mkdir -p ./runtimes/c/ cp aws-encryption-sdk-c/tests/TestVectors/local/*.json ./runtimes/c/ mv ./runtimes/c/decrypt-manifest.json ./runtimes/c/manifest.json @@ -376,6 +377,7 @@ test_encrypt_vectors_c_unix: c_test_vectors_unix rm -rf local; \ mkdir -p local; \ LD_LIBRARY_PATH=../../install/lib/ ./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local + rm -rf ./runtimes/c/ mkdir -p ./runtimes/c/ pwd ls -l aws-encryption-sdk-c/tests/TestVectors/ @@ -386,6 +388,7 @@ test_encrypt_vectors_c_unix: c_test_vectors_unix cp -r aws-encryption-sdk-c/tests/TestVectors/local/ciphertexts/ ./runtimes/c/ciphertexts/ test_decrypt_encrypt_vectors_c_mac: c_test_vectors + rm -rf aws-encryption-sdk-c/tests/TestVectors/local/ mkdir -p aws-encryption-sdk-c/tests/TestVectors/local/ cp ./runtimes/c/*.json aws-encryption-sdk-c/tests/TestVectors/local/ cp -r ./runtimes/c/plaintexts/ aws-encryption-sdk-c/tests/TestVectors/local/plaintexts/ @@ -394,6 +397,7 @@ test_decrypt_encrypt_vectors_c_mac: c_test_vectors LD_LIBRARY_PATH=../../install/lib/ ./test_vectors decrypt --manifest-path ./local --manifest-name manifest.json test_decrypt_encrypt_vectors_c_unix: c_test_vectors_unix + rm -rf aws-encryption-sdk-c/tests/TestVectors/local/ mkdir -p aws-encryption-sdk-c/tests/TestVectors/local/ pwd ls -l ./runtimes/c/