Merge #72: Add support for AmazonCorrettoCryptoProvider.

NOKEYCHECK=True
PiperOrigin-RevId: 285889021
GitOrigin-RevId: 5c275cb55af7e77e50e40ab4e811965ee2e8d6bb
This commit is contained in:
thaidn
2019-12-16 17:57:45 -08:00
committed by Tink Team
parent be388ef334
commit fb72abc097
8 changed files with 245 additions and 2 deletions
+43
View File
@@ -155,6 +155,49 @@ conscrypt_all_tests(
data = testdata,
)
# Amazon Corretto Crypto Provider tests
load("//tools:build_defs.bzl", "accp_tests", "accp_all_tests")
accp_tests(
size = "enormous",
srcs = ["java/com/google/security/wycheproof/AccpTest.java"] + test_srcs,
test_class = "com.google.security.wycheproof.AccpTest",
deps = common_deps,
data = testdata,
)
java_test(
name = "AccpTestLocal",
size = "enormous",
srcs = ["java/com/google/security/wycheproof/AccpTest.java"] + test_srcs,
# this target requires specifing a shell variable, thus won't work with the wildcard target patterns.
# with tags=["manual"] it'll be excluded from said patterns.
tags = ["manual"],
test_class = "com.google.security.wycheproof.AccpTest",
deps = common_deps + ["@local//:accp_jar"],
data = testdata,
)
accp_all_tests(
size = "enormous",
srcs = ["java/com/google/security/wycheproof/AccpAllTests.java"] + test_srcs,
test_class = "com.google.security.wycheproof.AccpAllTests",
deps = common_deps,
data = testdata,
)
java_test(
name = "AccpAllTestsLocal",
size = "enormous",
srcs = ["java/com/google/security/wycheproof/AccpAllTests.java"] + test_srcs,
# this target requires specifing a shell variable, thus won't work with the wildcard target patterns.
# with tags=["manual"] it'll be excluded from said patterns.
tags = ["manual"],
test_class = "com.google.security.wycheproof.AccpAllTests",
deps = common_deps + ["@local//:accp_jar"],
data = testdata,
)
# OpenJDK tests
java_test(
name = "OpenJDKTest",
+32 -1
View File
@@ -75,7 +75,9 @@ default values to be a significant security flaw. We are converting as many
tests into sets of test vectors to simplify porting the tests to other
languages. We provide ready-to-use test runners for Java Cryptography
Architecture providers such as [Bouncy Castle](http://bouncycastle.org),
[Spongy Castle](https://rtyley.github.io/spongycastle/), and the default
[Spongy Castle](https://rtyley.github.io/spongycastle/), the
[Amazon Corretto Crypto Provider](https://github.com/corretto/amazon-corretto-crypto-provider)
and the default
providers in [OpenJDK](http://openjdk.java.net/).
### Usage
@@ -140,6 +142,35 @@ BouncyCastle with SpongyCastle in your commands, for example
bazel test SpongyCastleAllTests
```
- To test the
[Amazon Corretto Crypto Provider](https://github.com/corretto/amazon-corretto-crypto-provider), replace
BouncyCastle with Accp in your commands, for example
```
bazel test AccpAllTests
```
- To test a local jar for the Amazon Corretto Crypto Provider, set the
`WYCHEPROOF_ACCP_JAR` environment variable:
```shell
$ WYCHEPROOF_ACCP_JAR=/path/to/accp
$ bazel test AccpTestLocal
$ bazel test AccpAllTestsLocal
```
Note: bazel does not currently invalidate the build on environment changes. If
you change the `WYCHEPROOF_ACCP_JAR` environment variable, run `bazel
clean` to force a rebuild:
```shell
$ WYCHEPROOF_ACCP_JAR=/path/to/accp
$ bazel test AccpTestLocal
$ WYCHEPROOF_ACCP_JAR=/path/to/other/jar
$ bazel clean
$ bazel test AccpTestLocal
```
- To test your current installation of
[OpenJDK](http://openjdk.java.net/):
+27
View File
@@ -421,6 +421,33 @@ java_import_external(
],
)
java_import_external(
name = "amazon_corretto_crypto_provider_1_1_0",
licenses = ["notice"], # Apache 2.0
jar_sha256 = "8fab9866f88c05b917184ed2fc977409eab8ab48c2dddbefa80364998b913bd3",
jar_urls = [
"https://repo1.maven.org/maven2/software/amazon/cryptools/AmazonCorrettoCryptoProvider/1.1.0/AmazonCorrettoCryptoProvider-1.1.0-linux-x86_64.jar",
],
)
java_import_external(
name = "amazon_corretto_crypto_provider_1_1_1",
licenses = ["notice"], # Apache 2.0
jar_sha256 = "187c45b54ae8dc968239125aad503543d6cd8963bf35a02a0ae7f30d2101af11",
jar_urls = [
"https://repo1.maven.org/maven2/software/amazon/cryptools/AmazonCorrettoCryptoProvider/1.1.1/AmazonCorrettoCryptoProvider-1.1.1-linux-x86_64.jar",
],
)
java_import_external(
name = "amazon_corretto_crypto_provider_1_2_0",
licenses = ["notice"], # Apache 2.0
jar_sha256 = "dbeece4e113d58d03e9450763032ba8326c0580f6c143a26519ed6b86fb2880e",
jar_urls = [
"https://repo1.maven.org/maven2/software/amazon/cryptools/AmazonCorrettoCryptoProvider/1.2.0/AmazonCorrettoCryptoProvider-1.2.0-linux-x86_64.jar",
],
)
load("//tools:local_repository_defs.bzl", "local_jars")
local_jars(name = "local")
@@ -0,0 +1,54 @@
/**
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* <p>http://www.apache.org/licenses/LICENSE-2.0
*
* <p>Unless required by applicable law or agreed to in writing, software distributed under the
* License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.google.security.wycheproof;
import com.google.security.wycheproof.WycheproofRunner.Provider;
import com.google.security.wycheproof.WycheproofRunner.ProviderType;
import org.junit.BeforeClass;
import org.junit.runner.RunWith;
import org.junit.runners.Suite.SuiteClasses;
/**
* Amazon Corretto Crypto Provider is a Java security provider from Amazon which uses OpenSSL. See
* {@link https://github.com/corretto/amazon-corretto-crypto-provider}.
*
* <p>AccpAllTests runs all tests, except that tests that are explicitly excluded.
*/
@RunWith(WycheproofRunner.class)
@SuiteClasses({
AesGcmTest.class,
BasicTest.class,
CipherInputStreamTest.class,
CipherOutputStreamTest.class,
DhTest.class,
DsaTest.class,
EcKeyTest.class,
EcdhTest.class,
EcdsaTest.class,
JsonAeadTest.class,
JsonCipherTest.class,
JsonEcdhTest.class,
JsonSignatureTest.class,
MessageDigestTest.class,
RsaEncryptionTest.class,
RsaKeyTest.class,
RsaSignatureTest.class
})
@Provider(ProviderType.AMAZON_CORRETTO_CRYPTO_PROVIDER)
public final class AccpAllTests {
@BeforeClass
public static void setUp() throws Exception {
TestUtil.installOnlyOpenJDKProviders();
com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.install();
com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
}
}
@@ -0,0 +1,56 @@
/**
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* <p>http://www.apache.org/licenses/LICENSE-2.0
*
* <p>Unless required by applicable law or agreed to in writing, software distributed under the
* License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.google.security.wycheproof;
import com.google.security.wycheproof.WycheproofRunner.Fast;
import com.google.security.wycheproof.WycheproofRunner.Provider;
import com.google.security.wycheproof.WycheproofRunner.ProviderType;
import org.junit.BeforeClass;
import org.junit.runner.RunWith;
import org.junit.runners.Suite.SuiteClasses;
/**
* Amazon Corretto Crypto Provider is a Java security provider from Amazon which uses OpenSSL. See
* {@link https://github.com/corretto/amazon-corretto-crypto-provider}.
*
* <p>AccpAllTests runs all tests, except that tests that are explicitly excluded.
*/
@RunWith(WycheproofRunner.class)
@SuiteClasses({
AesGcmTest.class,
BasicTest.class,
CipherInputStreamTest.class,
CipherOutputStreamTest.class,
DhTest.class,
DsaTest.class,
EcKeyTest.class,
EcdhTest.class,
EcdsaTest.class,
JsonAeadTest.class,
JsonCipherTest.class,
JsonEcdhTest.class,
JsonSignatureTest.class,
MessageDigestTest.class,
RsaEncryptionTest.class,
RsaKeyTest.class,
RsaSignatureTest.class
})
@Provider(ProviderType.AMAZON_CORRETTO_CRYPTO_PROVIDER)
@Fast
public final class AccpTest {
@BeforeClass
public static void setUp() throws Exception {
TestUtil.installOnlyOpenJDKProviders();
com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.install();
com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
}
}
@@ -50,6 +50,7 @@ public class WycheproofRunner extends Suite {
CONSCRYPT,
OPENJDK,
SPONGY_CASTLE,
AMAZON_CORRETTO_CRYPTO_PROVIDER
}
// Annotations for test runners.
+16
View File
@@ -79,3 +79,19 @@ def conscrypt_tests(srcs, deps, size, test_class, data):
"""Conscrypt version-specific tests."""
add_tests("ConscryptTest", conscrypt_versions, conscrypt_dep, srcs, deps, size, test_class, data)
# Amazon Corretto Crypto Provider targets
accp_versions = ["1_1_0", "1_1_1", "1_2_0"]
accp_dep = "@amazon_corretto_crypto_provider"
# These targets run all tests.
def accp_all_tests(srcs, deps, size, test_class, data):
"""Amazon Corretto Crypto Provider version-specific tests."""
add_tests("AccpAllTests", accp_versions, accp_dep, srcs, deps, size, test_class, data)
# These targets exclue @SlowTest
def accp_tests(srcs, deps, size, test_class, data):
"""Amazon Corretto Crypto Provider version-specific tests."""
add_tests("AccpTest", accp_versions, accp_dep, srcs, deps, size, test_class, data)
+16 -1
View File
@@ -1,4 +1,4 @@
"""Add test targets for Bouncy Castle using a local jar.
"""Add test targets for using a local jar.
"""
@@ -10,6 +10,14 @@ java_import(
)
"""
_accp_jar_rule = """
java_import(
name = "accp_jar",
jars = ["accp.jar"],
visibility = ["//visibility:public"],
)
"""
# TODO(ekasper): implement environment invalidation once supported by bazel,
# see https://bazel.build/designs/2016/10/18/repository-invalidation.html
# Meanwhile, users have to call 'bazel clean' explicitly when the
@@ -23,6 +31,13 @@ def _local_jars_impl(repository_ctx):
)
contents += _bouncycastle_jar_rule
if "WYCHEPROOF_ACCP_JAR" in repository_ctx.os.environ:
repository_ctx.symlink(
repository_ctx.os.environ["WYCHEPROOF_ACCP_JAR"],
"accp.jar",
)
contents += _accp_jar_rule
repository_ctx.file("BUILD", contents)
local_jars = repository_rule(