aws-crt 0.1.5 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/aws-crt-ffi/CMakeLists.txt +49 -41
- data/aws-crt-ffi/crt/aws-c-auth/CMakeLists.txt +0 -10
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +3 -2
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +4 -4
- data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +1 -14
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +206 -68
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_cached.c +6 -6
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_default_chain.c +16 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_ecs.c +0 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_process.c +0 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_sts_web_identity.c +0 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_x509.c +10 -7
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +35 -26
- data/aws-crt-ffi/crt/aws-c-auth/source/signable_chunk.c +3 -2
- data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -2
- data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_ecs_tests.c +3 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_process_tests.c +65 -16
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_tests.c +125 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +68 -46
- data/aws-crt-ffi/crt/aws-c-cal/CMakeLists.txt +8 -3
- data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/main.c +9 -0
- data/aws-crt-ffi/crt/aws-c-cal/builder.json +11 -3
- data/aws-crt-ffi/crt/aws-c-cal/cmake/aws-c-cal-config.cmake +14 -5
- data/aws-crt-ffi/crt/aws-c-cal/source/darwin/securityframework_ecc.c +6 -6
- data/aws-crt-ffi/crt/aws-c-cal/source/windows/bcrypt_ecc.c +12 -12
- data/aws-crt-ffi/crt/aws-c-cal/tests/test_case_helper.h +14 -14
- data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +21 -1
- data/aws-crt-ffi/crt/aws-c-common/README.md +8 -0
- data/aws-crt-ffi/crt/aws-c-common/cmake/AwsCFlags.cmake +20 -5
- data/aws-crt-ffi/crt/aws-c-common/cmake/AwsFeatureTests.cmake +7 -1
- data/aws-crt-ffi/crt/aws-c-common/format-check.sh +1 -1
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +14 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/config.h.in +1 -0
- data/aws-crt-ffi/crt/{aws-c-auth/include/aws/auth → aws-c-common/include/aws/common}/external/cJSON.h +82 -74
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/json.h +335 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/logging.h +1 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/math.inl +2 -2
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/json_impl.h +22 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +2 -0
- data/aws-crt-ffi/crt/aws-c-common/source/byte_buf.c +36 -0
- data/aws-crt-ffi/crt/aws-c-common/source/common.c +5 -2
- data/aws-crt-ffi/crt/aws-c-common/source/external/cJSON.c +3113 -0
- data/aws-crt-ffi/crt/aws-c-common/source/file.c +9 -0
- data/aws-crt-ffi/crt/aws-c-common/source/json.c +348 -0
- data/aws-crt-ffi/crt/aws-c-common/source/logging.c +7 -2
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +8 -0
- data/aws-crt-ffi/crt/aws-c-common/source/ref_count.c +3 -1
- data/aws-crt-ffi/crt/aws-c-common/source/windows/file.c +47 -0
- data/aws-crt-ffi/crt/aws-c-common/source/windows/system_info.c +2 -1
- data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +5 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/byte_buf_test.c +69 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/json_test.c +134 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/memtrace_test.c +6 -2
- data/aws-crt-ffi/crt/aws-c-event-stream/README.md +18 -35
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/event_stream.h +21 -2
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/event_stream_rpc_client.h +14 -2
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/event_stream_rpc_server.h +13 -0
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/private/event_stream_rpc_priv.h +7 -7
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream.c +257 -141
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream_channel_handler.c +1 -1
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream_rpc_client.c +31 -8
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream_rpc_server.c +63 -10
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/CMakeLists.txt +2 -0
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/event_stream_rpc_client_connection_test.c +157 -106
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/event_stream_rpc_server_connection_test.c +168 -1
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/message_deserializer_test.c +4 -2
- data/aws-crt-ffi/crt/aws-c-http/CMakeLists.txt +1 -0
- data/aws-crt-ffi/crt/aws-c-http/README.md +8 -0
- data/aws-crt-ffi/crt/aws-c-http/bin/elasticurl/main.c +1 -1
- data/aws-crt-ffi/crt/aws-c-http/builder.json +4 -3
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +8 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection_manager.h +45 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http2_stream_manager.h +63 -12
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +2 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/h2_connection.h +20 -2
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/h2_frames.h +1 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/h2_stream.h +42 -13
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/http2_stream_manager_impl.h +17 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/http_impl.h +3 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/random_access_set.h +10 -3
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +3 -17
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +108 -4
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/statistics.h +22 -0
- data/aws-crt-ffi/crt/aws-c-http/source/connection.c +8 -3
- data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -3
- data/aws-crt-ffi/crt/aws-c-http/source/connection_monitor.c +32 -14
- data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +14 -0
- data/aws-crt-ffi/crt/aws-c-http/source/h1_encoder.c +7 -4
- data/aws-crt-ffi/crt/aws-c-http/source/h2_connection.c +161 -45
- data/aws-crt-ffi/crt/aws-c-http/source/h2_decoder.c +37 -8
- data/aws-crt-ffi/crt/aws-c-http/source/h2_frames.c +13 -1
- data/aws-crt-ffi/crt/aws-c-http/source/h2_stream.c +345 -87
- data/aws-crt-ffi/crt/aws-c-http/source/hpack.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http2_stream_manager.c +266 -39
- data/aws-crt-ffi/crt/aws-c-http/source/random_access_set.c +9 -3
- data/aws-crt-ffi/crt/aws-c-http/source/request_response.c +80 -20
- data/aws-crt-ffi/crt/aws-c-http/source/statistics.c +11 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +28 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/fuzz/fuzz_h2_decoder_correct.c +5 -3
- data/aws-crt-ffi/crt/aws-c-http/tests/h2_test_helper.c +133 -29
- data/aws-crt-ffi/crt/aws-c-http/tests/h2_test_helper.h +6 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/py_localhost/README.md +40 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/py_localhost/non_tls_server.py +56 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/py_localhost/server.py +329 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +1 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_monitor.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +47 -34
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_encoder.c +4 -4
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_server.c +15 -12
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h2_client.c +582 -25
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h2_encoder.c +3 -3
- data/aws-crt-ffi/crt/aws-c-http/tests/test_localhost_integ.c +530 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +459 -67
- data/aws-crt-ffi/crt/aws-c-io/CMakeLists.txt +4 -0
- data/aws-crt-ffi/crt/aws-c-io/builder.json +3 -2
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/channel.h +21 -0
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/io.h +3 -0
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/socket.h +6 -0
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/stream.h +35 -5
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/tls_channel_handler.h +211 -15
- data/aws-crt-ffi/crt/aws-c-io/source/channel.c +56 -30
- data/aws-crt-ffi/crt/aws-c-io/source/darwin/secure_transport_tls_channel_handler.c +0 -24
- data/aws-crt-ffi/crt/aws-c-io/source/io.c +9 -0
- data/aws-crt-ffi/crt/aws-c-io/source/{pkcs11.c → pkcs11_lib.c} +162 -22
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_private.h +18 -20
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +221 -0
- data/aws-crt-ffi/crt/aws-c-io/source/posix/socket.c +135 -81
- data/aws-crt-ffi/crt/aws-c-io/source/retry_strategy.c +12 -8
- data/aws-crt-ffi/crt/aws-c-io/source/s2n/s2n_tls_channel_handler.c +252 -215
- data/aws-crt-ffi/crt/aws-c-io/source/stream.c +65 -82
- data/aws-crt-ffi/crt/aws-c-io/source/tls_channel_handler.c +188 -57
- data/aws-crt-ffi/crt/aws-c-io/source/windows/iocp/socket.c +271 -256
- data/aws-crt-ffi/crt/aws-c-io/tests/CMakeLists.txt +21 -12
- data/aws-crt-ffi/crt/aws-c-io/tests/channel_test.c +32 -4
- data/aws-crt-ffi/crt/aws-c-io/tests/io_lib_test.c +37 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/pkcs11_test.c +412 -93
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.crt +15 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.key +5 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.p12 +0 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.p8 +5 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/generateCerts.sh +24 -15
- data/aws-crt-ffi/crt/aws-c-io/tests/socket_test.c +72 -1
- data/aws-crt-ffi/crt/s2n/CMakeLists.txt +6 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/Cargo.toml +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate/src/main.rs +105 -82
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate.sh +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/raw/config.rs +1 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/Cargo.toml +1 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/build.rs +84 -30
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/src/lib.rs +4 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +21 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/certs/cert.pem +14 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/certs/key.pem +8 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/client.rs +45 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/server.rs +60 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/src/lib.rs +150 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/tests/handshake.rs +51 -0
- data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.c +98 -77
- data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.h +10 -7
- data/aws-crt-ffi/crt/s2n/crypto/s2n_openssl.h +2 -0
- data/aws-crt-ffi/crt/s2n/error/s2n_errno.c +1 -1
- data/aws-crt-ffi/crt/s2n/error/s2n_errno.h +1 -0
- data/aws-crt-ffi/crt/s2n/s2n.mk +7 -0
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/repository.py +233 -0
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/setup-proof.py +8 -7
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/setup.py +17 -18
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/util.py +41 -23
- data/aws-crt-ffi/crt/s2n/tests/fuzz/LD_PRELOAD/global_overrides.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/integration/s2n_client_endpoint_handshake_test.py +2 -2
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/Makefile +13 -42
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/README.md +6 -1
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/common.py +118 -53
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/configuration.py +108 -88
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/conftest.py +6 -3
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/constants.py +6 -4
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/fixtures.py +21 -12
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/global_flags.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/processes.py +62 -19
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/providers.py +304 -48
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_client_authentication.py +20 -11
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_cross_compatibility.py +41 -17
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_dynamic_record_sizes.py +6 -3
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_early_data.py +105 -48
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_external_psk.py +160 -76
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_fragmentation.py +59 -26
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_happy_path.py +42 -28
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_hello_retry_requests.py +33 -13
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_key_update.py +29 -11
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_ocsp.py +138 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_pq_handshake.py +103 -36
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_session_resumption.py +52 -25
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_signature_algorithms.py +47 -21
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_sni_match.py +13 -9
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_sslyze.py +88 -17
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +71 -22
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_well_known_endpoints.py +4 -3
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/tox.ini +1 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/utils.py +50 -15
- data/aws-crt-ffi/crt/s2n/tests/litani/CHANGELOG +131 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/CONTRIBUTING.md +16 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/README.md +36 -14
- data/aws-crt-ffi/crt/s2n/tests/litani/THIRD-PARTY +205 -41
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/bin/build-html-doc +7 -7
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/configure +27 -23
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani-add-job.scdoc +7 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani-dump-run.scdoc +7 -5
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani-transform-jobs.scdoc +248 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani.scdoc +2 -2
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/templates/index.jinja.html +4 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/add-root-node/README +12 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/add-root-node/original-run.sh +52 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/add-root-node/run-all.py +71 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/README +13 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-1.sh +34 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-2.sh +35 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-3.sh +34 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-all.py +60 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/README.md +10 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/assumptions.html +42 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/file.dat +7 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/histogram.dat +7 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-1.sh +41 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-2.sh +47 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-3.sh +41 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-all.py +34 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/fib-table.py +40 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/fib.plt +5 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/fib.py +32 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/sin-output.py +40 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/sin.plt +5 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/sin.py +30 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/templates/fib-table.jinja.html +45 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/templates/sin-output.jinja.html +30 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/add_job.py +55 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/graph.py +2 -2
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/litani.py +6 -1
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/litani_report.py +18 -21
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/ninja.py +2 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/run_printer.py +26 -7
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/transform_jobs.py +84 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/litani +28 -33
- data/aws-crt-ffi/crt/s2n/tests/litani/script/release +220 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/templates/dashboard.jinja.html +78 -15
- data/aws-crt-ffi/crt/s2n/tests/litani/templates/pipeline.jinja.html +21 -5
- data/aws-crt-ffi/crt/s2n/tests/litani/test/README +15 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/run +56 -33
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/custom_stages.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/cwd.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/dump_run.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/graph_line_break.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/html_node.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/job_id_env.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/multiproc_dump_run.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_pool_serialize.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_pool_serialize_graph.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_timed_out.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_timed_out_timeout_ignored.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_timed_out_timeout_ok.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/pipeline_order.py +53 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/pool_serialize.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/pool_serialize_graph.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/single_pool.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_subprocess.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_subprocess_multi_shell.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_subprocess_shell.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_timeout_ignored.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_timeout_ok.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/transform_delete_job.py +54 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/transform_modify_job.py +46 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/transform_no_change_job.py +44 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/zero_pool.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/run +82 -12
- data/aws-crt-ffi/crt/s2n/tests/s2n_test.h +58 -33
- data/aws-crt-ffi/crt/s2n/tests/testlib/s2n_key_schedule_testlib.c +18 -6
- data/aws-crt-ffi/crt/s2n/tests/testlib/s2n_pq_kat_test_utils.c +4 -4
- data/aws-crt-ffi/crt/s2n/tests/testlib/s2n_testlib.h +2 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_retry_test.c +66 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_drbg_test.c +34 -14
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_fork_generation_number_test.c +28 -5
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_mem_usage_test.c +6 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_override_openssl_random_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_random_test.c +60 -41
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_broken_pipe_test.c +2 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_handshake_early_data_test.c +3 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_hybrid_shared_secret_test.c +9 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c +31 -130
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_test.c +2 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_pq_handshake_test.c +11 -6
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_secrets_rfc8448_test.c +19 -21
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_secrets_test.c +109 -60
- data/aws-crt-ffi/crt/s2n/tls/s2n_config.c +1 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_config.h +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +29 -24
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.h +5 -5
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_hashes.h +1 -7
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_io.c +2 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_transcript.c +0 -44
- data/aws-crt-ffi/crt/s2n/tls/s2n_internal.h +0 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_key_schedule.c +1 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.c +84 -44
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.h +3 -9
- data/aws-crt-ffi/crt/s2n/utils/s2n_blob.h +15 -8
- data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.c +2 -6
- data/aws-crt-ffi/crt/s2n/utils/s2n_random.c +9 -9
- data/aws-crt-ffi/src/input_stream.c +32 -15
- data/ext/compile.rb +13 -5
- data/lib/aws-crt/platforms.rb +14 -5
- data/lib/aws-crt/string_blob.rb +3 -3
- metadata +61 -7
- data/aws-crt-ffi/crt/aws-c-auth/source/external/cJSON.c +0 -2987
- data/aws-crt-ffi/crt/aws-c-auth/tests/external/cJSON.c +0 -2986
- data/aws-crt-ffi/crt/aws-c-io/tests/error_test.c +0 -20
@@ -4,17 +4,18 @@ import pytest
|
|
4
4
|
from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROVIDERS, PROTOCOLS
|
5
5
|
from common import ProviderOptions, Protocols, data_bytes
|
6
6
|
from fixtures import managed_process
|
7
|
-
from providers import Provider, S2N, OpenSSL, JavaSSL
|
7
|
+
from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS
|
8
8
|
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes
|
9
9
|
|
10
10
|
|
11
11
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
12
12
|
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
|
13
|
-
@pytest.mark.parametrize("provider",
|
13
|
+
@pytest.mark.parametrize("provider", [S2N, OpenSSL, GnuTLS, JavaSSL])
|
14
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
14
15
|
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
|
15
16
|
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
|
16
17
|
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
|
17
|
-
def test_s2n_server_happy_path(managed_process, cipher, provider, curve, protocol, certificate):
|
18
|
+
def test_s2n_server_happy_path(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
18
19
|
port = next(available_ports)
|
19
20
|
|
20
21
|
# s2nd can receive large amounts of data because all the data is
|
@@ -31,7 +32,8 @@ def test_s2n_server_happy_path(managed_process, cipher, provider, curve, protoco
|
|
31
32
|
curve=curve,
|
32
33
|
data_to_send=random_bytes,
|
33
34
|
insecure=True,
|
34
|
-
protocol=protocol
|
35
|
+
protocol=protocol
|
36
|
+
)
|
35
37
|
|
36
38
|
server_options = copy.copy(client_options)
|
37
39
|
server_options.data_to_send = None
|
@@ -47,37 +49,41 @@ def test_s2n_server_happy_path(managed_process, cipher, provider, curve, protoco
|
|
47
49
|
# The client will be one of all supported providers. We
|
48
50
|
# just want to make sure there was no exception and that
|
49
51
|
# the client exited cleanly.
|
50
|
-
for
|
51
|
-
|
52
|
+
for client_results in client.get_results():
|
53
|
+
client_results.assert_success()
|
52
54
|
|
53
55
|
expected_version = get_expected_s2n_version(protocol, provider)
|
54
56
|
|
55
57
|
# The server is always S2N in this test, so we can examine
|
56
58
|
# the stdout reliably.
|
57
|
-
for
|
58
|
-
|
59
|
-
assert to_bytes("Actual protocol version: {}".format(
|
60
|
-
|
59
|
+
for server_results in server.get_results():
|
60
|
+
server_results.assert_success()
|
61
|
+
assert to_bytes("Actual protocol version: {}".format(
|
62
|
+
expected_version)) in server_results.stdout
|
63
|
+
assert random_bytes in server_results.stdout
|
61
64
|
|
62
65
|
if provider is not S2N:
|
63
|
-
assert to_bytes("Cipher negotiated: {}".format(
|
66
|
+
assert to_bytes("Cipher negotiated: {}".format(
|
67
|
+
cipher.name)) in server_results.stdout
|
64
68
|
|
65
69
|
|
66
70
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
67
71
|
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
|
68
|
-
@pytest.mark.parametrize("provider", [S2N, OpenSSL])
|
72
|
+
@pytest.mark.parametrize("provider", [S2N, OpenSSL, GnuTLS])
|
73
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
69
74
|
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
|
70
75
|
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
|
71
76
|
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
|
72
|
-
def test_s2n_client_happy_path(managed_process, cipher, provider, curve, protocol, certificate):
|
77
|
+
def test_s2n_client_happy_path(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
73
78
|
port = next(available_ports)
|
74
79
|
|
75
|
-
# We can only send 4096 bytes here because of the
|
76
|
-
# output (when writing to stdout). If we send
|
77
|
-
# will print some debugging information in
|
78
|
-
# We still want that debugging data in case
|
79
|
-
# send less data, rather than lose debug
|
80
|
-
|
80
|
+
# We can only send 4096 - 1 (\n at the end) bytes here because of the
|
81
|
+
# way some servers chunk output (when writing to stdout). If we send
|
82
|
+
# 8192 bytes, then openssl will print some debugging information in
|
83
|
+
# the middle of our chunk. We still want that debugging data in case
|
84
|
+
# of a failure, so we just send less data, rather than lose debug
|
85
|
+
# information.
|
86
|
+
random_bytes = data_bytes(4095)
|
81
87
|
client_options = ProviderOptions(
|
82
88
|
mode=Provider.ClientMode,
|
83
89
|
port=port,
|
@@ -85,7 +91,8 @@ def test_s2n_client_happy_path(managed_process, cipher, provider, curve, protoco
|
|
85
91
|
curve=curve,
|
86
92
|
data_to_send=random_bytes,
|
87
93
|
insecure=True,
|
88
|
-
protocol=protocol
|
94
|
+
protocol=protocol,
|
95
|
+
)
|
89
96
|
|
90
97
|
server_options = copy.copy(client_options)
|
91
98
|
server_options.data_to_send = None
|
@@ -93,23 +100,30 @@ def test_s2n_client_happy_path(managed_process, cipher, provider, curve, protoco
|
|
93
100
|
server_options.key = certificate.key
|
94
101
|
server_options.cert = certificate.cert
|
95
102
|
|
103
|
+
kill_marker = None
|
104
|
+
if provider == GnuTLS:
|
105
|
+
kill_marker = random_bytes
|
106
|
+
|
96
107
|
# Passing the type of client and server as a parameter will
|
97
108
|
# allow us to use a fixture to enumerate all possibilities.
|
98
|
-
server = managed_process(provider, server_options,
|
109
|
+
server = managed_process(provider, server_options,
|
110
|
+
timeout=5, kill_marker=kill_marker)
|
99
111
|
client = managed_process(S2N, client_options, timeout=5)
|
100
112
|
|
101
113
|
expected_version = get_expected_s2n_version(protocol, provider)
|
102
114
|
|
103
115
|
# The client is always S2N in this test, so we can examine
|
104
116
|
# the stdout reliably.
|
105
|
-
for
|
106
|
-
|
107
|
-
assert to_bytes("Actual protocol version: {}".format(
|
117
|
+
for client_results in client.get_results():
|
118
|
+
client_results.assert_success()
|
119
|
+
assert to_bytes("Actual protocol version: {}".format(
|
120
|
+
expected_version)) in client_results.stdout
|
108
121
|
|
109
122
|
# The server will be one of all supported providers. We
|
110
123
|
# just want to make sure there was no exception and that
|
111
124
|
# the client exited cleanly.
|
112
|
-
for
|
113
|
-
|
114
|
-
# Avoid debugging information that sometimes gets inserted after the first character
|
115
|
-
assert
|
125
|
+
for server_results in server.get_results():
|
126
|
+
server_results.assert_success()
|
127
|
+
# Avoid debugging information that sometimes gets inserted after the first character.
|
128
|
+
assert any(
|
129
|
+
[random_bytes[1:] in stream for stream in server_results.output_streams()])
|
@@ -20,16 +20,27 @@ CURVE_NAMES = {
|
|
20
20
|
"P-521": "secp521r1"
|
21
21
|
}
|
22
22
|
|
23
|
+
|
24
|
+
def test_nothing():
|
25
|
+
"""
|
26
|
+
Sometimes the hello retry test parameters in combination with the s2n libcrypto
|
27
|
+
results in no test cases existing. In this case, pass a nothing test to avoid
|
28
|
+
marking the entire codebuild run as failed.
|
29
|
+
"""
|
30
|
+
assert True
|
31
|
+
|
32
|
+
|
23
33
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
24
34
|
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
|
25
35
|
@pytest.mark.parametrize("provider", [OpenSSL])
|
36
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
26
37
|
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
|
27
38
|
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
|
28
39
|
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
|
29
|
-
def test_hrr_with_s2n_as_client(managed_process, cipher, provider, curve, protocol, certificate):
|
40
|
+
def test_hrr_with_s2n_as_client(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
30
41
|
if curve == S2N_DEFAULT_CURVE:
|
31
42
|
pytest.skip("No retry if server curve matches client curve")
|
32
|
-
|
43
|
+
|
33
44
|
port = next(available_ports)
|
34
45
|
|
35
46
|
random_bytes = data_bytes(64)
|
@@ -57,7 +68,8 @@ def test_hrr_with_s2n_as_client(managed_process, cipher, provider, curve, protoc
|
|
57
68
|
# The client should connect and return without error
|
58
69
|
for results in client.get_results():
|
59
70
|
results.assert_success()
|
60
|
-
assert to_bytes("Curve: {}".format(
|
71
|
+
assert to_bytes("Curve: {}".format(
|
72
|
+
CURVE_NAMES[curve.name])) in results.stdout
|
61
73
|
assert S2N_HRR_MARKER in results.stdout
|
62
74
|
|
63
75
|
marker_part1 = b"cf 21 ad 74 e5"
|
@@ -67,17 +79,19 @@ def test_hrr_with_s2n_as_client(managed_process, cipher, provider, curve, protoc
|
|
67
79
|
results.assert_success()
|
68
80
|
assert marker_part1 in results.stdout and marker_part2 in results.stdout
|
69
81
|
assert b'Supported Elliptic Groups: X25519:P-256:P-384' in results.stdout
|
70
|
-
assert to_bytes("Shared Elliptic groups: {}".format(
|
82
|
+
assert to_bytes("Shared Elliptic groups: {}".format(
|
83
|
+
server_options.curve)) in results.stdout
|
71
84
|
assert random_bytes in results.stdout
|
72
85
|
|
73
86
|
|
74
87
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
75
88
|
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
|
76
89
|
@pytest.mark.parametrize("provider", [OpenSSL])
|
90
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
77
91
|
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
|
78
92
|
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
|
79
93
|
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
|
80
|
-
def test_hrr_with_s2n_as_server(managed_process, cipher, provider, curve, protocol, certificate):
|
94
|
+
def test_hrr_with_s2n_as_server(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
81
95
|
port = next(available_ports)
|
82
96
|
|
83
97
|
random_bytes = data_bytes(64)
|
@@ -88,7 +102,7 @@ def test_hrr_with_s2n_as_server(managed_process, cipher, provider, curve, protoc
|
|
88
102
|
data_to_send=random_bytes,
|
89
103
|
insecure=True,
|
90
104
|
curve=curve,
|
91
|
-
extra_flags
|
105
|
+
extra_flags=['-msg', '-curves', 'X448:'+str(curve)],
|
92
106
|
protocol=protocol)
|
93
107
|
|
94
108
|
server_options = copy.copy(client_options)
|
@@ -107,7 +121,8 @@ def test_hrr_with_s2n_as_server(managed_process, cipher, provider, curve, protoc
|
|
107
121
|
for results in server.get_results():
|
108
122
|
results.assert_success()
|
109
123
|
assert random_bytes in results.stdout
|
110
|
-
assert to_bytes("Curve: {}".format(
|
124
|
+
assert to_bytes("Curve: {}".format(
|
125
|
+
CURVE_NAMES[curve.name])) in results.stdout
|
111
126
|
assert random_bytes in results.stdout
|
112
127
|
assert S2N_HRR_MARKER in results.stdout
|
113
128
|
|
@@ -128,15 +143,19 @@ def test_hrr_with_s2n_as_server(managed_process, cipher, provider, curve, protoc
|
|
128
143
|
assert server_hello_count == 2
|
129
144
|
assert finished_count == 2
|
130
145
|
|
131
|
-
|
132
|
-
|
146
|
+
|
147
|
+
# Default Keyshare for TLS v1.3 is x25519
|
148
|
+
TEST_CURVES = ALL_TEST_CURVES[1:]
|
149
|
+
|
150
|
+
|
133
151
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
134
152
|
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
|
135
153
|
@pytest.mark.parametrize("provider", [OpenSSL])
|
154
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
136
155
|
@pytest.mark.parametrize("curve", TEST_CURVES, ids=get_parameter_name)
|
137
156
|
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
|
138
157
|
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
|
139
|
-
def test_hrr_with_default_keyshare(managed_process, cipher, provider, curve, protocol, certificate):
|
158
|
+
def test_hrr_with_default_keyshare(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
140
159
|
port = next(available_ports)
|
141
160
|
|
142
161
|
random_bytes = data_bytes(64)
|
@@ -164,7 +183,8 @@ def test_hrr_with_default_keyshare(managed_process, cipher, provider, curve, pro
|
|
164
183
|
# The client should connect and return without error
|
165
184
|
for results in client.get_results():
|
166
185
|
results.assert_success()
|
167
|
-
assert to_bytes("Curve: {}".format(
|
186
|
+
assert to_bytes("Curve: {}".format(
|
187
|
+
CURVE_NAMES[curve.name])) in results.stdout
|
168
188
|
assert S2N_HRR_MARKER in results.stdout
|
169
189
|
|
170
190
|
marker_part1 = b"cf 21 ad 74 e5"
|
@@ -174,6 +194,6 @@ def test_hrr_with_default_keyshare(managed_process, cipher, provider, curve, pro
|
|
174
194
|
results.assert_success()
|
175
195
|
assert marker_part1 in results.stdout and marker_part2 in results.stdout
|
176
196
|
assert b'Supported Elliptic Groups: X25519:P-256:P-384' in results.stdout
|
177
|
-
assert to_bytes("Shared Elliptic groups: {}".format(
|
197
|
+
assert to_bytes("Shared Elliptic groups: {}".format(
|
198
|
+
server_options.curve)) in results.stdout
|
178
199
|
assert random_bytes in results.stdout
|
179
|
-
|
@@ -2,15 +2,29 @@ import copy
|
|
2
2
|
import pytest
|
3
3
|
|
4
4
|
from configuration import available_ports, TLS13_CIPHERS
|
5
|
-
from common import ProviderOptions, Protocols, data_bytes
|
5
|
+
from common import ProviderOptions, Protocols, data_bytes, Ciphers
|
6
6
|
from fixtures import managed_process
|
7
7
|
from providers import Provider, S2N, OpenSSL
|
8
8
|
from utils import invalid_test_parameters, get_parameter_name
|
9
|
+
from global_flags import get_flag, S2N_PROVIDER_VERSION
|
9
10
|
|
10
11
|
|
12
|
+
def test_nothing():
|
13
|
+
"""
|
14
|
+
Sometimes the key update test parameters in combination with the s2n libcrypto
|
15
|
+
results in no test cases existing. In this case, pass a nothing test to avoid
|
16
|
+
marking the entire codebuild run as failed.
|
17
|
+
"""
|
18
|
+
assert True
|
19
|
+
|
20
|
+
|
21
|
+
@pytest.mark.flaky(reruns=5)
|
11
22
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
12
23
|
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
|
13
|
-
|
24
|
+
@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
|
25
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
26
|
+
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
|
27
|
+
def test_s2n_server_key_update(managed_process, cipher, provider, other_provider, protocol):
|
14
28
|
host = "localhost"
|
15
29
|
port = next(available_ports)
|
16
30
|
|
@@ -29,7 +43,7 @@ def test_s2n_server_key_update(managed_process, cipher):
|
|
29
43
|
cipher=cipher,
|
30
44
|
data_to_send=[update_requested, client_data],
|
31
45
|
insecure=True,
|
32
|
-
protocol=
|
46
|
+
protocol=protocol,
|
33
47
|
)
|
34
48
|
|
35
49
|
server_options = copy.copy(client_options)
|
@@ -40,14 +54,14 @@ def test_s2n_server_key_update(managed_process, cipher):
|
|
40
54
|
server_options.data_to_send = [server_data]
|
41
55
|
|
42
56
|
server = managed_process(
|
43
|
-
S2N, server_options, send_marker=[str(client_data)], timeout=
|
57
|
+
S2N, server_options, send_marker=[str(client_data)], timeout=30
|
44
58
|
)
|
45
59
|
client = managed_process(
|
46
|
-
|
60
|
+
provider,
|
47
61
|
client_options,
|
48
62
|
send_marker=send_marker_list,
|
49
63
|
close_marker=str(server_data),
|
50
|
-
timeout=
|
64
|
+
timeout=30,
|
51
65
|
)
|
52
66
|
|
53
67
|
for results in client.get_results():
|
@@ -60,9 +74,13 @@ def test_s2n_server_key_update(managed_process, cipher):
|
|
60
74
|
assert client_data in results.stdout
|
61
75
|
|
62
76
|
|
77
|
+
@pytest.mark.flaky(reruns=5)
|
63
78
|
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
64
79
|
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
|
65
|
-
|
80
|
+
@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
|
81
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
82
|
+
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
|
83
|
+
def test_s2n_client_key_update(managed_process, cipher, provider, other_provider, protocol):
|
66
84
|
host = "localhost"
|
67
85
|
port = next(available_ports)
|
68
86
|
|
@@ -83,7 +101,7 @@ def test_s2n_client_key_update(managed_process, cipher):
|
|
83
101
|
cipher=cipher,
|
84
102
|
data_to_send=[client_data],
|
85
103
|
insecure=True,
|
86
|
-
protocol=
|
104
|
+
protocol=protocol,
|
87
105
|
)
|
88
106
|
|
89
107
|
server_options = copy.copy(client_options)
|
@@ -94,18 +112,18 @@ def test_s2n_client_key_update(managed_process, cipher):
|
|
94
112
|
server_options.data_to_send = [update_requested, server_data]
|
95
113
|
|
96
114
|
server = managed_process(
|
97
|
-
|
115
|
+
provider,
|
98
116
|
server_options,
|
99
117
|
send_marker=send_marker_list,
|
100
118
|
close_marker=str(client_data),
|
101
|
-
timeout=
|
119
|
+
timeout=30,
|
102
120
|
)
|
103
121
|
client = managed_process(
|
104
122
|
S2N,
|
105
123
|
client_options,
|
106
124
|
send_marker=[str(server_data)],
|
107
125
|
close_marker=str(server_data),
|
108
|
-
timeout=
|
126
|
+
timeout=30,
|
109
127
|
)
|
110
128
|
|
111
129
|
for results in client.get_results():
|
@@ -0,0 +1,138 @@
|
|
1
|
+
import pytest
|
2
|
+
|
3
|
+
from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, PROTOCOLS
|
4
|
+
from common import ProviderOptions, Protocols, data_bytes, Certificates
|
5
|
+
from fixtures import managed_process
|
6
|
+
from constants import TEST_OCSP_DIRECTORY
|
7
|
+
from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS
|
8
|
+
from utils import invalid_test_parameters, get_parameter_name
|
9
|
+
from global_flags import get_flag, S2N_PROVIDER_VERSION
|
10
|
+
|
11
|
+
|
12
|
+
OCSP_CERTS = [Certificates.OCSP, Certificates.OCSP_ECDSA]
|
13
|
+
|
14
|
+
|
15
|
+
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
16
|
+
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
|
17
|
+
@pytest.mark.parametrize("provider", [S2N, OpenSSL, GnuTLS], ids=get_parameter_name)
|
18
|
+
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
|
19
|
+
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
|
20
|
+
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
|
21
|
+
@pytest.mark.parametrize("certificate", OCSP_CERTS, ids=get_parameter_name)
|
22
|
+
def test_s2n_client_ocsp_response(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
23
|
+
if "boringssl" in get_flag(S2N_PROVIDER_VERSION):
|
24
|
+
pytest.skip("s2n-tls client with boringssl does not support ocsp")
|
25
|
+
|
26
|
+
port = next(available_ports)
|
27
|
+
|
28
|
+
random_bytes = data_bytes(128)
|
29
|
+
client_options = ProviderOptions(
|
30
|
+
mode=Provider.ClientMode,
|
31
|
+
port=port,
|
32
|
+
cipher=cipher,
|
33
|
+
curve=curve,
|
34
|
+
protocol=protocol,
|
35
|
+
insecure=True,
|
36
|
+
data_to_send=random_bytes,
|
37
|
+
enable_client_ocsp=True
|
38
|
+
)
|
39
|
+
|
40
|
+
server_options = ProviderOptions(
|
41
|
+
mode=Provider.ServerMode,
|
42
|
+
port=port,
|
43
|
+
cipher=cipher,
|
44
|
+
curve=curve,
|
45
|
+
protocol=protocol,
|
46
|
+
key=certificate.key,
|
47
|
+
cert=certificate.cert,
|
48
|
+
ocsp_response={
|
49
|
+
"RSA": TEST_OCSP_DIRECTORY + "ocsp_response.der",
|
50
|
+
"EC": TEST_OCSP_DIRECTORY + "ocsp_ecdsa_response.der"
|
51
|
+
}.get(certificate.algorithm),
|
52
|
+
)
|
53
|
+
|
54
|
+
kill_marker = None
|
55
|
+
|
56
|
+
if provider == GnuTLS:
|
57
|
+
kill_marker = random_bytes
|
58
|
+
|
59
|
+
server = managed_process(
|
60
|
+
provider,
|
61
|
+
server_options,
|
62
|
+
timeout=30,
|
63
|
+
kill_marker=kill_marker
|
64
|
+
)
|
65
|
+
client = managed_process(S2N, client_options, timeout=30)
|
66
|
+
|
67
|
+
for client_results in client.get_results():
|
68
|
+
client_results.assert_success()
|
69
|
+
assert b"OCSP response received" in client_results.stdout
|
70
|
+
|
71
|
+
for server_results in server.get_results():
|
72
|
+
server_results.assert_success()
|
73
|
+
# Avoid debugging information that sometimes gets inserted after the first character.
|
74
|
+
assert random_bytes[1:] in server_results.stdout or random_bytes[1:] in server_results.stderr
|
75
|
+
|
76
|
+
|
77
|
+
@pytest.mark.uncollect_if(func=invalid_test_parameters)
|
78
|
+
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
|
79
|
+
@pytest.mark.parametrize("provider", [GnuTLS, OpenSSL], ids=get_parameter_name)
|
80
|
+
@pytest.mark.parametrize("other_provider", [S2N])
|
81
|
+
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
|
82
|
+
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
|
83
|
+
@pytest.mark.parametrize("certificate", OCSP_CERTS, ids=get_parameter_name)
|
84
|
+
def test_s2n_server_ocsp_response(managed_process, cipher, provider, other_provider, curve, protocol, certificate):
|
85
|
+
port = next(available_ports)
|
86
|
+
|
87
|
+
random_bytes = data_bytes(128)
|
88
|
+
client_options = ProviderOptions(
|
89
|
+
mode=Provider.ClientMode,
|
90
|
+
port=port,
|
91
|
+
cipher=cipher,
|
92
|
+
curve=curve,
|
93
|
+
protocol=protocol,
|
94
|
+
insecure=True,
|
95
|
+
data_to_send=random_bytes,
|
96
|
+
enable_client_ocsp=True
|
97
|
+
)
|
98
|
+
|
99
|
+
server_options = ProviderOptions(
|
100
|
+
mode=Provider.ServerMode,
|
101
|
+
port=port,
|
102
|
+
cipher=cipher,
|
103
|
+
curve=curve,
|
104
|
+
protocol=protocol,
|
105
|
+
insecure=True,
|
106
|
+
key=certificate.key,
|
107
|
+
cert=certificate.cert,
|
108
|
+
ocsp_response={
|
109
|
+
"RSA": TEST_OCSP_DIRECTORY + "ocsp_response.der",
|
110
|
+
"EC": TEST_OCSP_DIRECTORY + "ocsp_ecdsa_response.der"
|
111
|
+
}.get(certificate.algorithm),
|
112
|
+
)
|
113
|
+
|
114
|
+
kill_marker = None
|
115
|
+
if provider == GnuTLS:
|
116
|
+
# The GnuTLS client hangs for a while after sending. Speed up the tests by killing
|
117
|
+
# it immediately after sending the message.
|
118
|
+
kill_marker = b"Sent: "
|
119
|
+
|
120
|
+
server = managed_process(S2N, server_options, timeout=2000)
|
121
|
+
client = managed_process(provider, client_options,
|
122
|
+
timeout=2000, kill_marker=kill_marker)
|
123
|
+
|
124
|
+
for client_results in client.get_results():
|
125
|
+
client_results.assert_success()
|
126
|
+
|
127
|
+
assert any([
|
128
|
+
{
|
129
|
+
GnuTLS: b"OCSP Response Information:\n\tResponse Status: Successful",
|
130
|
+
OpenSSL: b"OCSP Response Status: successful"
|
131
|
+
}.get(provider) in stream for stream in client_results.output_streams()
|
132
|
+
])
|
133
|
+
|
134
|
+
for server_results in server.get_results():
|
135
|
+
server_results.assert_success()
|
136
|
+
# Avoid debugging information that sometimes gets inserted after the first character.
|
137
|
+
assert any(
|
138
|
+
[random_bytes[1:] in stream for stream in server_results.output_streams()])
|