aws-crt 0.1.5 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/aws-crt-ffi/CMakeLists.txt +49 -41
- data/aws-crt-ffi/crt/aws-c-auth/CMakeLists.txt +0 -10
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +3 -2
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +4 -4
- data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +1 -14
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +206 -68
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_cached.c +6 -6
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_default_chain.c +16 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_ecs.c +0 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_process.c +0 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_sts_web_identity.c +0 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_x509.c +10 -7
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +35 -26
- data/aws-crt-ffi/crt/aws-c-auth/source/signable_chunk.c +3 -2
- data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -2
- data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_ecs_tests.c +3 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_process_tests.c +65 -16
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_tests.c +125 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +68 -46
- data/aws-crt-ffi/crt/aws-c-cal/CMakeLists.txt +8 -3
- data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/main.c +9 -0
- data/aws-crt-ffi/crt/aws-c-cal/builder.json +11 -3
- data/aws-crt-ffi/crt/aws-c-cal/cmake/aws-c-cal-config.cmake +14 -5
- data/aws-crt-ffi/crt/aws-c-cal/source/darwin/securityframework_ecc.c +6 -6
- data/aws-crt-ffi/crt/aws-c-cal/source/windows/bcrypt_ecc.c +12 -12
- data/aws-crt-ffi/crt/aws-c-cal/tests/test_case_helper.h +14 -14
- data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +21 -1
- data/aws-crt-ffi/crt/aws-c-common/README.md +8 -0
- data/aws-crt-ffi/crt/aws-c-common/cmake/AwsCFlags.cmake +20 -5
- data/aws-crt-ffi/crt/aws-c-common/cmake/AwsFeatureTests.cmake +7 -1
- data/aws-crt-ffi/crt/aws-c-common/format-check.sh +1 -1
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +14 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/config.h.in +1 -0
- data/aws-crt-ffi/crt/{aws-c-auth/include/aws/auth → aws-c-common/include/aws/common}/external/cJSON.h +82 -74
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/json.h +335 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/logging.h +1 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/math.inl +2 -2
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/json_impl.h +22 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +2 -0
- data/aws-crt-ffi/crt/aws-c-common/source/byte_buf.c +36 -0
- data/aws-crt-ffi/crt/aws-c-common/source/common.c +5 -2
- data/aws-crt-ffi/crt/aws-c-common/source/external/cJSON.c +3113 -0
- data/aws-crt-ffi/crt/aws-c-common/source/file.c +9 -0
- data/aws-crt-ffi/crt/aws-c-common/source/json.c +348 -0
- data/aws-crt-ffi/crt/aws-c-common/source/logging.c +7 -2
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +8 -0
- data/aws-crt-ffi/crt/aws-c-common/source/ref_count.c +3 -1
- data/aws-crt-ffi/crt/aws-c-common/source/windows/file.c +47 -0
- data/aws-crt-ffi/crt/aws-c-common/source/windows/system_info.c +2 -1
- data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +5 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/byte_buf_test.c +69 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/json_test.c +134 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/memtrace_test.c +6 -2
- data/aws-crt-ffi/crt/aws-c-event-stream/README.md +18 -35
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/event_stream.h +21 -2
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/event_stream_rpc_client.h +14 -2
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/event_stream_rpc_server.h +13 -0
- data/aws-crt-ffi/crt/aws-c-event-stream/include/aws/event-stream/private/event_stream_rpc_priv.h +7 -7
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream.c +257 -141
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream_channel_handler.c +1 -1
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream_rpc_client.c +31 -8
- data/aws-crt-ffi/crt/aws-c-event-stream/source/event_stream_rpc_server.c +63 -10
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/CMakeLists.txt +2 -0
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/event_stream_rpc_client_connection_test.c +157 -106
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/event_stream_rpc_server_connection_test.c +168 -1
- data/aws-crt-ffi/crt/aws-c-event-stream/tests/message_deserializer_test.c +4 -2
- data/aws-crt-ffi/crt/aws-c-http/CMakeLists.txt +1 -0
- data/aws-crt-ffi/crt/aws-c-http/README.md +8 -0
- data/aws-crt-ffi/crt/aws-c-http/bin/elasticurl/main.c +1 -1
- data/aws-crt-ffi/crt/aws-c-http/builder.json +4 -3
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +8 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection_manager.h +45 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http2_stream_manager.h +63 -12
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +2 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/h2_connection.h +20 -2
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/h2_frames.h +1 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/h2_stream.h +42 -13
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/http2_stream_manager_impl.h +17 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/http_impl.h +3 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/random_access_set.h +10 -3
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +3 -17
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +108 -4
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/statistics.h +22 -0
- data/aws-crt-ffi/crt/aws-c-http/source/connection.c +8 -3
- data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -3
- data/aws-crt-ffi/crt/aws-c-http/source/connection_monitor.c +32 -14
- data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +14 -0
- data/aws-crt-ffi/crt/aws-c-http/source/h1_encoder.c +7 -4
- data/aws-crt-ffi/crt/aws-c-http/source/h2_connection.c +161 -45
- data/aws-crt-ffi/crt/aws-c-http/source/h2_decoder.c +37 -8
- data/aws-crt-ffi/crt/aws-c-http/source/h2_frames.c +13 -1
- data/aws-crt-ffi/crt/aws-c-http/source/h2_stream.c +345 -87
- data/aws-crt-ffi/crt/aws-c-http/source/hpack.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http2_stream_manager.c +266 -39
- data/aws-crt-ffi/crt/aws-c-http/source/random_access_set.c +9 -3
- data/aws-crt-ffi/crt/aws-c-http/source/request_response.c +80 -20
- data/aws-crt-ffi/crt/aws-c-http/source/statistics.c +11 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +28 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/fuzz/fuzz_h2_decoder_correct.c +5 -3
- data/aws-crt-ffi/crt/aws-c-http/tests/h2_test_helper.c +133 -29
- data/aws-crt-ffi/crt/aws-c-http/tests/h2_test_helper.h +6 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/py_localhost/README.md +40 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/py_localhost/non_tls_server.py +56 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/py_localhost/server.py +329 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +1 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_monitor.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +47 -34
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_encoder.c +4 -4
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_server.c +15 -12
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h2_client.c +582 -25
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h2_encoder.c +3 -3
- data/aws-crt-ffi/crt/aws-c-http/tests/test_localhost_integ.c +530 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +459 -67
- data/aws-crt-ffi/crt/aws-c-io/CMakeLists.txt +4 -0
- data/aws-crt-ffi/crt/aws-c-io/builder.json +3 -2
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/channel.h +21 -0
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/io.h +3 -0
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/socket.h +6 -0
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/stream.h +35 -5
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/tls_channel_handler.h +211 -15
- data/aws-crt-ffi/crt/aws-c-io/source/channel.c +56 -30
- data/aws-crt-ffi/crt/aws-c-io/source/darwin/secure_transport_tls_channel_handler.c +0 -24
- data/aws-crt-ffi/crt/aws-c-io/source/io.c +9 -0
- data/aws-crt-ffi/crt/aws-c-io/source/{pkcs11.c → pkcs11_lib.c} +162 -22
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_private.h +18 -20
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +221 -0
- data/aws-crt-ffi/crt/aws-c-io/source/posix/socket.c +135 -81
- data/aws-crt-ffi/crt/aws-c-io/source/retry_strategy.c +12 -8
- data/aws-crt-ffi/crt/aws-c-io/source/s2n/s2n_tls_channel_handler.c +252 -215
- data/aws-crt-ffi/crt/aws-c-io/source/stream.c +65 -82
- data/aws-crt-ffi/crt/aws-c-io/source/tls_channel_handler.c +188 -57
- data/aws-crt-ffi/crt/aws-c-io/source/windows/iocp/socket.c +271 -256
- data/aws-crt-ffi/crt/aws-c-io/tests/CMakeLists.txt +21 -12
- data/aws-crt-ffi/crt/aws-c-io/tests/channel_test.c +32 -4
- data/aws-crt-ffi/crt/aws-c-io/tests/io_lib_test.c +37 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/pkcs11_test.c +412 -93
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.crt +15 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.key +5 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.p12 +0 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/ec_unittests.p8 +5 -0
- data/aws-crt-ffi/crt/aws-c-io/tests/resources/generateCerts.sh +24 -15
- data/aws-crt-ffi/crt/aws-c-io/tests/socket_test.c +72 -1
- data/aws-crt-ffi/crt/s2n/CMakeLists.txt +6 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/Cargo.toml +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate/src/main.rs +105 -82
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate.sh +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/raw/config.rs +1 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/Cargo.toml +1 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/build.rs +84 -30
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/src/lib.rs +4 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +21 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/certs/cert.pem +14 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/certs/key.pem +8 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/client.rs +45 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/examples/server.rs +60 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/src/lib.rs +150 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/tests/handshake.rs +51 -0
- data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.c +98 -77
- data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.h +10 -7
- data/aws-crt-ffi/crt/s2n/crypto/s2n_openssl.h +2 -0
- data/aws-crt-ffi/crt/s2n/error/s2n_errno.c +1 -1
- data/aws-crt-ffi/crt/s2n/error/s2n_errno.h +1 -0
- data/aws-crt-ffi/crt/s2n/s2n.mk +7 -0
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/repository.py +233 -0
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/setup-proof.py +8 -7
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/setup.py +17 -18
- data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/util.py +41 -23
- data/aws-crt-ffi/crt/s2n/tests/fuzz/LD_PRELOAD/global_overrides.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/integration/s2n_client_endpoint_handshake_test.py +2 -2
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/Makefile +13 -42
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/README.md +6 -1
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/common.py +118 -53
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/configuration.py +108 -88
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/conftest.py +6 -3
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/constants.py +6 -4
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/fixtures.py +21 -12
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/global_flags.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/processes.py +62 -19
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/providers.py +304 -48
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_client_authentication.py +20 -11
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_cross_compatibility.py +41 -17
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_dynamic_record_sizes.py +6 -3
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_early_data.py +105 -48
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_external_psk.py +160 -76
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_fragmentation.py +59 -26
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_happy_path.py +42 -28
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_hello_retry_requests.py +33 -13
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_key_update.py +29 -11
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_ocsp.py +138 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_pq_handshake.py +103 -36
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_session_resumption.py +52 -25
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_signature_algorithms.py +47 -21
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_sni_match.py +13 -9
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_sslyze.py +88 -17
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +71 -22
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_well_known_endpoints.py +4 -3
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/tox.ini +1 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/utils.py +50 -15
- data/aws-crt-ffi/crt/s2n/tests/litani/CHANGELOG +131 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/CONTRIBUTING.md +16 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/README.md +36 -14
- data/aws-crt-ffi/crt/s2n/tests/litani/THIRD-PARTY +205 -41
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/bin/build-html-doc +7 -7
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/configure +27 -23
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani-add-job.scdoc +7 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani-dump-run.scdoc +7 -5
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani-transform-jobs.scdoc +248 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/src/man/litani.scdoc +2 -2
- data/aws-crt-ffi/crt/s2n/tests/litani/doc/templates/index.jinja.html +4 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/add-root-node/README +12 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/add-root-node/original-run.sh +52 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/add-root-node/run-all.py +71 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/README +13 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-1.sh +34 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-2.sh +35 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-3.sh +34 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/no-standalone-transform/run-all.py +60 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/README.md +10 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/assumptions.html +42 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/file.dat +7 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/histogram.dat +7 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-1.sh +41 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-2.sh +47 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-3.sh +41 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/run-all.py +34 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/fib-table.py +40 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/fib.plt +5 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/fib.py +32 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/sin-output.py +40 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/sin.plt +5 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/scripts/sin.py +30 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/templates/fib-table.jinja.html +45 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/examples/rich-output/templates/sin-output.jinja.html +30 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/add_job.py +55 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/graph.py +2 -2
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/litani.py +6 -1
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/litani_report.py +18 -21
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/ninja.py +2 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/run_printer.py +26 -7
- data/aws-crt-ffi/crt/s2n/tests/litani/lib/transform_jobs.py +84 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/litani +28 -33
- data/aws-crt-ffi/crt/s2n/tests/litani/script/release +220 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/templates/dashboard.jinja.html +78 -15
- data/aws-crt-ffi/crt/s2n/tests/litani/templates/pipeline.jinja.html +21 -5
- data/aws-crt-ffi/crt/s2n/tests/litani/test/README +15 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/run +56 -33
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/custom_stages.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/cwd.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/dump_run.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/graph_line_break.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/html_node.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/job_id_env.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/multiproc_dump_run.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_pool_serialize.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_pool_serialize_graph.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_timed_out.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_timed_out_timeout_ignored.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/no_timed_out_timeout_ok.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/pipeline_order.py +53 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/pool_serialize.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/pool_serialize_graph.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/single_pool.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_subprocess.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_subprocess_multi_shell.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_subprocess_shell.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_timeout_ignored.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/timed_out_timeout_ok.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/transform_delete_job.py +54 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/transform_modify_job.py +46 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/transform_no_change_job.py +44 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/e2e/tests/zero_pool.py +1 -0
- data/aws-crt-ffi/crt/s2n/tests/litani/test/run +82 -12
- data/aws-crt-ffi/crt/s2n/tests/s2n_test.h +58 -33
- data/aws-crt-ffi/crt/s2n/tests/testlib/s2n_key_schedule_testlib.c +18 -6
- data/aws-crt-ffi/crt/s2n/tests/testlib/s2n_pq_kat_test_utils.c +4 -4
- data/aws-crt-ffi/crt/s2n/tests/testlib/s2n_testlib.h +2 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_retry_test.c +66 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_drbg_test.c +34 -14
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_fork_generation_number_test.c +28 -5
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_mem_usage_test.c +6 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_override_openssl_random_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_random_test.c +60 -41
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_broken_pipe_test.c +2 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_handshake_early_data_test.c +3 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_hybrid_shared_secret_test.c +9 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c +31 -130
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_test.c +2 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_pq_handshake_test.c +11 -6
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_secrets_rfc8448_test.c +19 -21
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_secrets_test.c +109 -60
- data/aws-crt-ffi/crt/s2n/tls/s2n_config.c +1 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_config.h +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +29 -24
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.h +5 -5
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_hashes.h +1 -7
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_io.c +2 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_transcript.c +0 -44
- data/aws-crt-ffi/crt/s2n/tls/s2n_internal.h +0 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_key_schedule.c +1 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.c +84 -44
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.h +3 -9
- data/aws-crt-ffi/crt/s2n/utils/s2n_blob.h +15 -8
- data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.c +2 -6
- data/aws-crt-ffi/crt/s2n/utils/s2n_random.c +9 -9
- data/aws-crt-ffi/src/input_stream.c +32 -15
- data/ext/compile.rb +13 -5
- data/lib/aws-crt/platforms.rb +14 -5
- data/lib/aws-crt/string_blob.rb +3 -3
- metadata +61 -7
- data/aws-crt-ffi/crt/aws-c-auth/source/external/cJSON.c +0 -2987
- data/aws-crt-ffi/crt/aws-c-auth/tests/external/cJSON.c +0 -2986
- data/aws-crt-ffi/crt/aws-c-io/tests/error_test.c +0 -20
@@ -14,6 +14,8 @@
|
|
14
14
|
# permissions and limitations under the License.
|
15
15
|
|
16
16
|
|
17
|
+
import argparse
|
18
|
+
import importlib
|
17
19
|
import logging
|
18
20
|
import os
|
19
21
|
import pathlib
|
@@ -22,6 +24,25 @@ import subprocess
|
|
22
24
|
import sys
|
23
25
|
import uuid
|
24
26
|
|
27
|
+
DESCRIPTION = "Execute e2e and unit tests for Litani"
|
28
|
+
|
29
|
+
|
30
|
+
def get_args():
|
31
|
+
pars = argparse.ArgumentParser(description=DESCRIPTION)
|
32
|
+
for arg in [{
|
33
|
+
"flags": ["--output-dir"],
|
34
|
+
"help": "output dir for test results",
|
35
|
+
"default": pathlib.Path(__file__).resolve().parent / "output",
|
36
|
+
"type": pathlib.Path
|
37
|
+
}, {
|
38
|
+
"flags": ["--fast"],
|
39
|
+
"help": "run fast tests only",
|
40
|
+
"action": "store_true"
|
41
|
+
}]:
|
42
|
+
flags = arg.pop("flags")
|
43
|
+
pars.add_argument(*flags, **arg)
|
44
|
+
return pars.parse_args()
|
45
|
+
|
25
46
|
|
26
47
|
def run_cmd(cmd):
|
27
48
|
try:
|
@@ -32,6 +53,14 @@ def run_cmd(cmd):
|
|
32
53
|
sys.exit(1)
|
33
54
|
|
34
55
|
|
56
|
+
def is_slow_test(module_file):
|
57
|
+
try:
|
58
|
+
return importlib.import_module(str(module_file.stem)).SLOW
|
59
|
+
except AttributeError:
|
60
|
+
logging.error("Variable SLOW is missing from: %s", module_file.name)
|
61
|
+
sys.exit(1)
|
62
|
+
|
63
|
+
|
35
64
|
def litani_add(litani, counter, *args, **kwargs):
|
36
65
|
cmd = [litani, "add-job"]
|
37
66
|
for arg in args:
|
@@ -53,17 +82,28 @@ def collapse(string):
|
|
53
82
|
return re.sub(r"\s+", " ", string)
|
54
83
|
|
55
84
|
|
56
|
-
def add_e2e_tests(litani, test_dir,
|
85
|
+
def add_e2e_tests(litani, test_dir, counter, output_dir, fast):
|
57
86
|
e2e_test_dir = test_dir / "e2e"
|
58
87
|
# 4 jobs per test (init, add-jobs, run-build, check-run)
|
59
88
|
# skip __init__.py and __pycache__
|
60
89
|
counter["total"] += (len(os.listdir(e2e_test_dir / "tests")) - 2) * 4
|
61
|
-
|
90
|
+
sys.path.insert(1, str(e2e_test_dir / "tests"))
|
62
91
|
for test_file in (e2e_test_dir / "tests").iterdir():
|
63
92
|
if test_file.name in ["__init__.py", "__pycache__"]:
|
64
93
|
continue
|
65
94
|
|
66
|
-
|
95
|
+
add_transform_jobs = False
|
96
|
+
with open(test_file) as handle:
|
97
|
+
for line in handle:
|
98
|
+
if line.strip().startswith("def transform_jobs("):
|
99
|
+
add_transform_jobs = True
|
100
|
+
break
|
101
|
+
if fast and is_slow_test(test_file):
|
102
|
+
continue
|
103
|
+
|
104
|
+
run_dir = output_dir / "e2e_outputs" / str(uuid.uuid4())
|
105
|
+
|
106
|
+
timeout=10 if fast else 0
|
67
107
|
|
68
108
|
litani_add(
|
69
109
|
litani, counter,
|
@@ -77,8 +117,10 @@ def add_e2e_tests(litani, test_dir, root_dir, counter):
|
|
77
117
|
ci_stage="test",
|
78
118
|
description=f"{test_file.stem}: init",
|
79
119
|
outputs=run_dir / ".litani_cache_dir",
|
80
|
-
cwd=run_dir
|
120
|
+
cwd=run_dir,
|
121
|
+
timeout=timeout)
|
81
122
|
|
123
|
+
run_build_input = str(uuid.uuid4())
|
82
124
|
litani_add(
|
83
125
|
litani, counter,
|
84
126
|
command=collapse(f"""
|
@@ -91,8 +133,28 @@ def add_e2e_tests(litani, test_dir, root_dir, counter):
|
|
91
133
|
ci_stage="test",
|
92
134
|
description=f"{test_file.stem}: add jobs",
|
93
135
|
inputs=run_dir / ".litani_cache_dir",
|
136
|
+
phony_outputs=run_build_input,
|
94
137
|
outputs=f"{run_dir}/output/jobs",
|
95
|
-
cwd=run_dir
|
138
|
+
cwd=run_dir,
|
139
|
+
timeout=timeout)
|
140
|
+
|
141
|
+
if add_transform_jobs:
|
142
|
+
add_jobs_output = run_build_input
|
143
|
+
run_build_input = str(uuid.uuid4())
|
144
|
+
litani_add(
|
145
|
+
litani, counter,
|
146
|
+
command=collapse(f"""
|
147
|
+
{e2e_test_dir / 'run'}
|
148
|
+
--test-file {test_file}
|
149
|
+
--litani {litani}
|
150
|
+
--run-dir {run_dir}
|
151
|
+
--operation transform-jobs"""),
|
152
|
+
pipeline=f"End-to-end: {test_file.stem}",
|
153
|
+
ci_stage="test",
|
154
|
+
description=f"{test_file.stem}: transform jobs",
|
155
|
+
inputs=add_jobs_output,
|
156
|
+
phony_outputs=run_build_input,
|
157
|
+
cwd=run_dir)
|
96
158
|
|
97
159
|
litani_add(
|
98
160
|
litani, counter,
|
@@ -105,9 +167,10 @@ def add_e2e_tests(litani, test_dir, root_dir, counter):
|
|
105
167
|
pipeline=f"End-to-end: {test_file.stem}",
|
106
168
|
ci_stage="test",
|
107
169
|
description=f"{test_file.stem}: run build",
|
108
|
-
inputs=
|
170
|
+
inputs=run_build_input,
|
109
171
|
outputs=f"{run_dir}/output/run.json",
|
110
|
-
cwd=run_dir
|
172
|
+
cwd=run_dir,
|
173
|
+
timeout=timeout)
|
111
174
|
|
112
175
|
litani_add(
|
113
176
|
litani, counter,
|
@@ -121,7 +184,8 @@ def add_e2e_tests(litani, test_dir, root_dir, counter):
|
|
121
184
|
ci_stage="report",
|
122
185
|
description=f"{test_file.stem}: check run",
|
123
186
|
inputs=f"{run_dir}/output/run.json",
|
124
|
-
cwd=run_dir
|
187
|
+
cwd=run_dir,
|
188
|
+
timeout=timeout)
|
125
189
|
|
126
190
|
|
127
191
|
def add_unit_tests(litani, test_dir, root_dir, counter):
|
@@ -143,16 +207,21 @@ def print_counter(counter):
|
|
143
207
|
|
144
208
|
|
145
209
|
def main():
|
146
|
-
|
210
|
+
args = get_args()
|
211
|
+
logging.basicConfig(format="\nrun-tests: %(message)s")
|
147
212
|
test_dir = pathlib.Path(__file__).resolve().parent
|
148
213
|
root = test_dir.parent
|
149
214
|
litani = root / "litani"
|
150
215
|
|
216
|
+
output_dir = args.output_dir.resolve()
|
217
|
+
output_dir.mkdir(exist_ok=True, parents=True)
|
218
|
+
os.chdir(output_dir)
|
219
|
+
|
151
220
|
run_cmd([
|
152
221
|
litani, "init",
|
153
222
|
"--project", "Litani Test Suite",
|
154
|
-
"--output-prefix",
|
155
|
-
"--output-symlink",
|
223
|
+
"--output-prefix", ".",
|
224
|
+
"--output-symlink", "latest"])
|
156
225
|
|
157
226
|
counter = {
|
158
227
|
"added": 0,
|
@@ -160,7 +229,8 @@ def main():
|
|
160
229
|
}
|
161
230
|
|
162
231
|
add_unit_tests(litani, test_dir, root, counter)
|
163
|
-
add_e2e_tests(
|
232
|
+
add_e2e_tests(
|
233
|
+
litani, test_dir, counter, output_dir, args.fast)
|
164
234
|
print()
|
165
235
|
|
166
236
|
run_cmd([litani, "run-build"])
|
@@ -39,40 +39,65 @@ int test_count;
|
|
39
39
|
|
40
40
|
#define EXPECT_SUCCESS_WITHOUT_COUNT( function_call ) EXPECT_NOT_EQUAL_WITHOUT_COUNT( (function_call) , -1 )
|
41
41
|
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
#define END_TEST_PRINT() \
|
43
|
+
if (isatty(fileno(stdout))) { \
|
44
|
+
if (test_count) { \
|
45
|
+
fprintf(stdout, "\033[32;1mPASSED\033[0m %10d tests\n", test_count ); \
|
46
|
+
} \
|
47
|
+
else { \
|
48
|
+
fprintf(stdout, "\033[33;1mSKIPPED\033[0m ALL tests\n" ); \
|
49
|
+
} \
|
50
|
+
} \
|
51
|
+
else { \
|
52
|
+
if (test_count) { \
|
53
|
+
fprintf(stdout, "PASSED %10d tests\n", test_count ); \
|
54
|
+
} \
|
55
|
+
else { \
|
56
|
+
fprintf(stdout, "SKIPPED ALL tests\n" ); \
|
57
|
+
} \
|
58
|
+
}
|
59
|
+
|
60
|
+
/* Macros similar to BEGIN_TEST() and END_TEST() but for tests where s2n should
|
61
|
+
* not initialise at the start of the test. Useful for tests that e.g spawn a
|
62
|
+
* number of independent childs at the start of a unit test and where you want
|
63
|
+
* each child to have its own independently initialised s2n.
|
64
|
+
*
|
65
|
+
* BEGIN_TEST() prints unit test information to stdout. But this often gets
|
66
|
+
* buffered by the kernel and will then be flushed in each child spawned. The
|
67
|
+
* result is a number of repeated messages being send to stdout and, in turn,
|
68
|
+
* appear in the logs. At the moment, we think this is better than risking not
|
69
|
+
* having any printing at all.
|
45
70
|
*/
|
46
|
-
#define
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
71
|
+
#define BEGIN_TEST_NO_INIT() \
|
72
|
+
do { \
|
73
|
+
test_count = 0; \
|
74
|
+
fprintf(stdout, "Running %-50s ... ", __FILE__); \
|
75
|
+
EXPECT_SUCCESS_WITHOUT_COUNT(s2n_in_unit_test_set(true)); \
|
76
|
+
S2N_TEST_OPTIONALLY_ENABLE_FIPS_MODE(); \
|
77
|
+
} while(0)
|
78
|
+
|
79
|
+
#define END_TEST_NO_INIT() \
|
80
|
+
do { \
|
81
|
+
EXPECT_SUCCESS_WITHOUT_COUNT(s2n_in_unit_test_set(false)); \
|
82
|
+
END_TEST_PRINT() \
|
83
|
+
return 0; \
|
84
|
+
} while(0)
|
85
|
+
|
86
|
+
/* This is a very basic, but functional unit testing framework. All testing
|
87
|
+
* should happen in main() and start with a BEGIN_TEST() and end with an
|
88
|
+
* END_TEST().
|
89
|
+
*/
|
90
|
+
#define BEGIN_TEST() \
|
91
|
+
do { \
|
92
|
+
BEGIN_TEST_NO_INIT(); \
|
93
|
+
EXPECT_SUCCESS_WITHOUT_COUNT(s2n_init()); \
|
94
|
+
} while(0)
|
95
|
+
|
96
|
+
#define END_TEST() \
|
97
|
+
do { \
|
98
|
+
EXPECT_SUCCESS_WITHOUT_COUNT(s2n_cleanup()); \
|
99
|
+
END_TEST_NO_INIT(); \
|
100
|
+
} while(0)
|
76
101
|
|
77
102
|
#define FAIL() FAIL_MSG("")
|
78
103
|
|
@@ -15,14 +15,26 @@
|
|
15
15
|
|
16
16
|
#include "testlib/s2n_testlib.h"
|
17
17
|
|
18
|
+
S2N_RESULT s2n_connection_set_test_transcript_hash(struct s2n_connection *conn,
|
19
|
+
message_type_t message_type, const struct s2n_blob *digest)
|
20
|
+
{
|
21
|
+
conn->handshake.handshake_type = conn->handshake.handshake_type & NEGOTIATED;
|
22
|
+
while(s2n_conn_get_current_message_type(conn) != message_type) {
|
23
|
+
conn->handshake.message_number++;
|
24
|
+
}
|
25
|
+
RESULT_CHECKED_MEMCPY(conn->handshake.hashes->transcript_hash_digest,
|
26
|
+
digest->data, digest->size);
|
27
|
+
return S2N_RESULT_OK;
|
28
|
+
}
|
29
|
+
|
18
30
|
S2N_RESULT s2n_connection_set_test_early_secret(struct s2n_connection *conn,
|
19
31
|
const struct s2n_blob *early_secret)
|
20
32
|
{
|
21
33
|
RESULT_ENSURE_REF(conn);
|
22
34
|
RESULT_ENSURE_REF(early_secret);
|
23
|
-
RESULT_CHECKED_MEMCPY(conn->secrets.tls13.
|
35
|
+
RESULT_CHECKED_MEMCPY(conn->secrets.tls13.extract_secret,
|
24
36
|
early_secret->data, early_secret->size);
|
25
|
-
conn->secrets.tls13.
|
37
|
+
conn->secrets.tls13.extract_secret_type = S2N_EARLY_SECRET;
|
26
38
|
return S2N_RESULT_OK;
|
27
39
|
}
|
28
40
|
|
@@ -31,9 +43,9 @@ S2N_RESULT s2n_connection_set_test_handshake_secret(struct s2n_connection *conn,
|
|
31
43
|
{
|
32
44
|
RESULT_ENSURE_REF(conn);
|
33
45
|
RESULT_ENSURE_REF(handshake_secret);
|
34
|
-
RESULT_CHECKED_MEMCPY(conn->secrets.tls13.
|
46
|
+
RESULT_CHECKED_MEMCPY(conn->secrets.tls13.extract_secret,
|
35
47
|
handshake_secret->data, handshake_secret->size);
|
36
|
-
conn->secrets.tls13.
|
48
|
+
conn->secrets.tls13.extract_secret_type = S2N_HANDSHAKE_SECRET;
|
37
49
|
return S2N_RESULT_OK;
|
38
50
|
}
|
39
51
|
|
@@ -42,8 +54,8 @@ S2N_RESULT s2n_connection_set_test_master_secret(struct s2n_connection *conn,
|
|
42
54
|
{
|
43
55
|
RESULT_ENSURE_REF(conn);
|
44
56
|
RESULT_ENSURE_REF(master_secret);
|
45
|
-
RESULT_CHECKED_MEMCPY(conn->secrets.tls13.
|
57
|
+
RESULT_CHECKED_MEMCPY(conn->secrets.tls13.extract_secret,
|
46
58
|
master_secret->data, master_secret->size);
|
47
|
-
conn->secrets.tls13.
|
59
|
+
conn->secrets.tls13.extract_secret_type = S2N_MASTER_SECRET;
|
48
60
|
return S2N_RESULT_OK;
|
49
61
|
}
|
@@ -69,8 +69,8 @@ static S2N_RESULT s2n_drbg_generate_for_pq_kat_tests(struct s2n_drbg *drbg, stru
|
|
69
69
|
RESULT_ENSURE(blob->size <= S2N_DRBG_GENERATE_LIMIT, S2N_ERR_DRBG_REQUEST_SIZE);
|
70
70
|
|
71
71
|
/* We do NOT mix in additional entropy */
|
72
|
-
|
73
|
-
|
72
|
+
RESULT_GUARD(s2n_drbg_bits(drbg, blob));
|
73
|
+
RESULT_GUARD(s2n_drbg_update(drbg, &zeros));
|
74
74
|
|
75
75
|
return S2N_RESULT_OK;
|
76
76
|
}
|
@@ -145,7 +145,7 @@ static int s2n_test_kem_with_kat(const struct s2n_kem *kem, const char *kat_file
|
|
145
145
|
* we use the custom function s2n_drbg_generate_for_pq_kat_tests() defined above to turn off the
|
146
146
|
* prediction resistance. */
|
147
147
|
POSIX_GUARD(ReadHex(kat_file, kat_entropy_blob.data, SEED_LENGTH, "seed = "));
|
148
|
-
|
148
|
+
POSIX_GUARD_RESULT(s2n_drbg_instantiate(&drbg_for_pq_kats, &personalization_string, S2N_AES_256_CTR_NO_DF_PR));
|
149
149
|
|
150
150
|
/* Generate the public/private key pair */
|
151
151
|
POSIX_GUARD(kem->generate_keypair(pk, sk));
|
@@ -172,7 +172,7 @@ static int s2n_test_kem_with_kat(const struct s2n_kem *kem, const char *kat_file
|
|
172
172
|
POSIX_ENSURE_EQ(memcmp(ss_answer, server_shared_secret, kem->shared_secret_key_length ), 0);
|
173
173
|
|
174
174
|
/* Wipe the DRBG; it will reseed for each KAT test vector. */
|
175
|
-
|
175
|
+
POSIX_GUARD_RESULT(s2n_drbg_wipe(&drbg_for_pq_kats));
|
176
176
|
}
|
177
177
|
fclose(kat_file);
|
178
178
|
free(ct);
|
@@ -74,6 +74,8 @@ S2N_RESULT s2n_append_test_psk_with_early_data(struct s2n_connection *conn, uint
|
|
74
74
|
S2N_RESULT s2n_append_test_chosen_psk_with_early_data(struct s2n_connection *conn, uint32_t max_early_data,
|
75
75
|
const struct s2n_cipher_suite *cipher_suite);
|
76
76
|
|
77
|
+
S2N_RESULT s2n_connection_set_test_transcript_hash(struct s2n_connection *conn,
|
78
|
+
message_type_t message_type, const struct s2n_blob *digest);
|
77
79
|
S2N_RESULT s2n_connection_set_test_early_secret(struct s2n_connection *conn, const struct s2n_blob *early_secret);
|
78
80
|
S2N_RESULT s2n_connection_set_test_handshake_secret(struct s2n_connection *conn, const struct s2n_blob *handshake_secret);
|
79
81
|
S2N_RESULT s2n_connection_set_test_master_secret(struct s2n_connection *conn, const struct s2n_blob *master_secret);
|
@@ -13,12 +13,15 @@
|
|
13
13
|
* permissions and limitations under the License.
|
14
14
|
*/
|
15
15
|
|
16
|
+
#include "s2n.h"
|
16
17
|
#include "s2n_test.h"
|
17
18
|
|
19
|
+
#include "stuffer/s2n_stuffer.h"
|
18
20
|
#include "testlib/s2n_testlib.h"
|
19
21
|
|
20
22
|
#include "tls/extensions/s2n_server_supported_versions.h"
|
21
23
|
|
24
|
+
#include "tls/extensions/s2n_cookie.h"
|
22
25
|
#include "tls/s2n_cipher_suites.h"
|
23
26
|
#include "tls/s2n_security_policies.h"
|
24
27
|
#include "tls/s2n_tls.h"
|
@@ -31,6 +34,7 @@
|
|
31
34
|
#include "tls/s2n_server_hello.c"
|
32
35
|
|
33
36
|
#include "error/s2n_errno.h"
|
37
|
+
#include "utils/s2n_safety.h"
|
34
38
|
|
35
39
|
#define HELLO_RETRY_MSG_NO 1
|
36
40
|
#define SERVER_HELLO_MSG_NO 5
|
@@ -448,6 +452,66 @@ int main(int argc, char **argv)
|
|
448
452
|
EXPECT_SUCCESS(s2n_io_pair_close(&io_pair));
|
449
453
|
}
|
450
454
|
|
455
|
+
/*
|
456
|
+
* Self-talk test: HRR with cookie extension
|
457
|
+
* We also wipe the connection to ensure that the cookie stuffer is handled correctly when connections are reused.
|
458
|
+
*/
|
459
|
+
{
|
460
|
+
DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
|
461
|
+
s2n_connection_ptr_free);
|
462
|
+
DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT),
|
463
|
+
s2n_connection_ptr_free);
|
464
|
+
|
465
|
+
DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(),
|
466
|
+
s2n_config_ptr_free);
|
467
|
+
DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(),
|
468
|
+
s2n_config_ptr_free);
|
469
|
+
DEFER_CLEANUP(struct s2n_cert_chain_and_key *tls13_chain_and_key,
|
470
|
+
s2n_cert_chain_and_key_ptr_free);
|
471
|
+
|
472
|
+
EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&tls13_chain_and_key,
|
473
|
+
S2N_ECDSA_P384_PKCS1_CERT_CHAIN, S2N_ECDSA_P384_PKCS1_KEY));
|
474
|
+
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, tls13_chain_and_key));
|
475
|
+
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, tls13_chain_and_key));
|
476
|
+
EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
|
477
|
+
|
478
|
+
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
|
479
|
+
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
|
480
|
+
|
481
|
+
struct s2n_test_io_pair io_pair;
|
482
|
+
|
483
|
+
/* Call the test in a loop to ensure that s2n_connection_wipe is implemented correctly */
|
484
|
+
for (int i = 0; i < 10; i++) {
|
485
|
+
/* ensure call to s2n_connection_wipe are safe */
|
486
|
+
EXPECT_SUCCESS(s2n_connection_wipe(client_conn));
|
487
|
+
EXPECT_SUCCESS(s2n_connection_wipe(server_conn));
|
488
|
+
|
489
|
+
/* Create nonblocking pipes */
|
490
|
+
EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair));
|
491
|
+
EXPECT_SUCCESS(s2n_connections_set_io_pair(client_conn, server_conn, &io_pair));
|
492
|
+
|
493
|
+
/* include cookie data as part of HRR */
|
494
|
+
EXPECT_SUCCESS(s2n_stuffer_skip_write(&server_conn->cookie_stuffer, 500));
|
495
|
+
EXPECT_TRUE(s2n_server_cookie_extension.should_send(server_conn));
|
496
|
+
|
497
|
+
/* Force the HRR path */
|
498
|
+
client_conn->security_policy_override = &security_policy_test_tls13_retry;
|
499
|
+
|
500
|
+
/* Negotiate handshake */
|
501
|
+
EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn));
|
502
|
+
|
503
|
+
/* Verify that HRR handshake */
|
504
|
+
EXPECT_TRUE(s2n_is_hello_retry_handshake(server_conn));
|
505
|
+
EXPECT_TRUE(s2n_is_hello_retry_handshake(client_conn));
|
506
|
+
|
507
|
+
/* Verify client received cookie data */
|
508
|
+
EXPECT_TRUE(s2n_stuffer_data_available(&client_conn->cookie_stuffer) > 0);
|
509
|
+
|
510
|
+
EXPECT_SUCCESS(s2n_shutdown_test_server_and_client(server_conn, client_conn));
|
511
|
+
EXPECT_SUCCESS(s2n_io_pair_close(&io_pair));
|
512
|
+
}
|
513
|
+
}
|
514
|
+
|
451
515
|
/* Self-Talk test: the client initiates a handshake with an X25519 share.
|
452
516
|
* The server, however does not support x25519 and prefers P-256.
|
453
517
|
* The server then sends a HelloRetryRequest that requires the
|
@@ -605,7 +669,7 @@ int main(int argc, char **argv)
|
|
605
669
|
|
606
670
|
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
|
607
671
|
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
|
608
|
-
|
672
|
+
|
609
673
|
/* A Hello Retry Request has been processed */
|
610
674
|
EXPECT_SUCCESS(s2n_set_hello_retry_required(client_conn));
|
611
675
|
client_conn->secure.cipher_suite = &s2n_tls13_aes_256_gcm_sha384;
|
@@ -631,4 +695,4 @@ int main(int argc, char **argv)
|
|
631
695
|
EXPECT_SUCCESS(s2n_disable_tls13_in_test());
|
632
696
|
|
633
697
|
END_TEST();
|
634
|
-
}
|
698
|
+
}
|
@@ -126,7 +126,7 @@ int main(int argc, char **argv)
|
|
126
126
|
*/
|
127
127
|
{
|
128
128
|
/* Carefully consider any increases to this number. */
|
129
|
-
const uint16_t max_connection_size =
|
129
|
+
const uint16_t max_connection_size = 9050;
|
130
130
|
const uint16_t min_connection_size = max_connection_size * 0.75;
|
131
131
|
|
132
132
|
size_t connection_size = sizeof(struct s2n_connection);
|
@@ -299,7 +299,7 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i
|
|
299
299
|
POSIX_GUARD(s2n_rand_set_callbacks(nist_fake_entropy_init_cleanup, nist_fake_entropy_init_cleanup, generator, generator));
|
300
300
|
|
301
301
|
/* Instantiate the DRBG */
|
302
|
-
|
302
|
+
POSIX_GUARD_RESULT(s2n_drbg_instantiate(&nist_drbg, &personalization_string, mode));
|
303
303
|
|
304
304
|
uint8_t nist_v[16];
|
305
305
|
|
@@ -309,13 +309,13 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i
|
|
309
309
|
/* Generate 512 bits (FIRST CALL) */
|
310
310
|
uint8_t out[64];
|
311
311
|
struct s2n_blob generated = {.data = out, .size = 64 };
|
312
|
-
|
312
|
+
POSIX_GUARD_RESULT(s2n_drbg_generate(&nist_drbg, &generated));
|
313
313
|
|
314
314
|
POSIX_GUARD(s2n_stuffer_read_bytes(&reference_values, nist_v, sizeof(nist_v)));
|
315
315
|
POSIX_ENSURE_EQ(memcmp(nist_v, nist_drbg.v, sizeof(nist_drbg.v)), 0);
|
316
316
|
|
317
317
|
/* Generate another 512 bits (SECOND CALL) */
|
318
|
-
|
318
|
+
POSIX_GUARD_RESULT(s2n_drbg_generate(&nist_drbg, &generated));
|
319
319
|
|
320
320
|
POSIX_GUARD(s2n_stuffer_read_bytes(&reference_values, nist_v, sizeof(nist_v)));
|
321
321
|
POSIX_ENSURE_EQ(memcmp(nist_v, nist_drbg.v, sizeof(nist_drbg.v)), 0);
|
@@ -331,7 +331,7 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i
|
|
331
331
|
POSIX_BAIL(S2N_ERR_DRBG);
|
332
332
|
}
|
333
333
|
|
334
|
-
|
334
|
+
POSIX_GUARD_RESULT(s2n_drbg_wipe(&nist_drbg));
|
335
335
|
}
|
336
336
|
return 0;
|
337
337
|
}
|
@@ -346,21 +346,21 @@ int main(int argc, char **argv)
|
|
346
346
|
struct s2n_drbg aes256_pr_drbg = {0};
|
347
347
|
struct s2n_blob blob = {.data = data, .size = 64 };
|
348
348
|
|
349
|
-
|
350
|
-
|
349
|
+
EXPECT_OK(s2n_drbg_instantiate(&aes128_drbg, &blob, S2N_AES_128_CTR_NO_DF_PR));
|
350
|
+
EXPECT_OK(s2n_drbg_instantiate(&aes256_pr_drbg, &blob, S2N_AES_256_CTR_NO_DF_PR));
|
351
351
|
|
352
352
|
struct s2n_config *config;
|
353
353
|
EXPECT_NOT_NULL(config = s2n_config_new());
|
354
354
|
|
355
355
|
/* Use the AES128 DRBG for 32MB of data */
|
356
356
|
for (int i = 0; i < 500000; i++) {
|
357
|
-
|
357
|
+
EXPECT_OK(s2n_drbg_generate(&aes128_drbg, &blob));
|
358
358
|
}
|
359
359
|
EXPECT_EQUAL(aes128_drbg.mixes, 500000);
|
360
360
|
|
361
361
|
/* Use the AES256 DRBG with prediction resistance for 32MB of data */
|
362
362
|
for (int i = 0; i < 500000; i++) {
|
363
|
-
|
363
|
+
EXPECT_OK(s2n_drbg_generate(&aes256_pr_drbg, &blob));
|
364
364
|
}
|
365
365
|
EXPECT_EQUAL(aes256_pr_drbg.mixes, 500000);
|
366
366
|
|
@@ -368,19 +368,39 @@ int main(int argc, char **argv)
|
|
368
368
|
/* the DRBG state is 128 bytes, test that we can get more than that */
|
369
369
|
blob.size = 129;
|
370
370
|
for (int i = 0; i < 10; i++) {
|
371
|
-
|
372
|
-
|
371
|
+
EXPECT_OK(s2n_drbg_generate(&aes128_drbg, &blob));
|
372
|
+
EXPECT_OK(s2n_drbg_generate(&aes256_pr_drbg, &blob));
|
373
373
|
}
|
374
374
|
EXPECT_EQUAL(aes128_drbg.mixes, 500010);
|
375
375
|
EXPECT_EQUAL(aes256_pr_drbg.mixes, 500010);
|
376
376
|
|
377
|
+
/* Check that ignoring prediction resistance works */
|
378
|
+
EXPECT_OK(s2n_ignore_prediction_resistance_for_testing(true));
|
379
|
+
uint64_t aes128_drbg_mixes_start = aes128_drbg.mixes;
|
380
|
+
uint64_t aes256_pr_drbg_mixes_start = aes256_pr_drbg.mixes;
|
381
|
+
for (int i = 0; i < 10; i++) {
|
382
|
+
EXPECT_OK(s2n_drbg_generate(&aes128_drbg, &blob));
|
383
|
+
EXPECT_OK(s2n_drbg_generate(&aes256_pr_drbg, &blob));
|
384
|
+
}
|
385
|
+
EXPECT_EQUAL(aes128_drbg.mixes, aes128_drbg_mixes_start);
|
386
|
+
EXPECT_EQUAL(aes256_pr_drbg.mixes, aes256_pr_drbg_mixes_start);
|
387
|
+
|
388
|
+
/* Check that we can enable prediction resistance again */
|
389
|
+
EXPECT_OK(s2n_ignore_prediction_resistance_for_testing(false));
|
390
|
+
for (int i = 0; i < 10; i++) {
|
391
|
+
EXPECT_OK(s2n_drbg_generate(&aes128_drbg, &blob));
|
392
|
+
EXPECT_OK(s2n_drbg_generate(&aes256_pr_drbg, &blob));
|
393
|
+
}
|
394
|
+
EXPECT_EQUAL(aes128_drbg.mixes, aes128_drbg_mixes_start + 10);
|
395
|
+
EXPECT_EQUAL(aes256_pr_drbg.mixes, aes256_pr_drbg_mixes_start + 10);
|
396
|
+
|
377
397
|
/* Generate 31 (= 16 + 15) bytes. Since the DRBG generates 16 bytes at a time,
|
378
398
|
* a common error is to incorrectly fill the last (not-aligned) bytes. Sometimes
|
379
399
|
* they are left unchanged and sometimes a single byte is copied in. We ensure
|
380
400
|
* that the last 15 bytes are not all equal to guard against this. */
|
381
401
|
POSIX_CHECKED_MEMSET((void*)data, 0, 31);
|
382
402
|
blob.size = 31;
|
383
|
-
|
403
|
+
EXPECT_OK(s2n_drbg_generate(&aes128_drbg, &blob));
|
384
404
|
bool bytes_are_all_equal = true;
|
385
405
|
for (size_t i = 17; i < 31; i++) {
|
386
406
|
if (data[16] != data[i]) {
|
@@ -392,7 +412,7 @@ int main(int argc, char **argv)
|
|
392
412
|
|
393
413
|
POSIX_CHECKED_MEMSET((void*)data, 0, 31);
|
394
414
|
blob.size = 31;
|
395
|
-
|
415
|
+
EXPECT_OK(s2n_drbg_generate(&aes256_pr_drbg, &blob));
|
396
416
|
bytes_are_all_equal = true;
|
397
417
|
for (size_t i = 17; i < 31; i++) {
|
398
418
|
if (data[16] != data[i]) {
|
@@ -402,8 +422,8 @@ int main(int argc, char **argv)
|
|
402
422
|
}
|
403
423
|
EXPECT_FALSE(bytes_are_all_equal);
|
404
424
|
|
405
|
-
|
406
|
-
|
425
|
+
EXPECT_OK(s2n_drbg_wipe(&aes128_drbg));
|
426
|
+
EXPECT_OK(s2n_drbg_wipe(&aes256_pr_drbg));
|
407
427
|
|
408
428
|
/* Check everything against the NIST AES 128 vectors with prediction resistance */
|
409
429
|
EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_aes128_reference_entropy, nist_aes128_reference_entropy_hex));
|