Add AWS-LC integration test #502
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Constant-time tests | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| jobs: | |
| check-ct-varlat: | |
| # Using the patched Valgrind from the KyberSlash paper to detect divisions | |
| # In case the patch no longer applies after an update, we may want to switch back | |
| # to stock valgrind added in https://github.com/pq-code-package/mlkem-native/pull/687 | |
| name: CT test ${{ matrix.nix-shell }} ${{ matrix.system }} | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 4 | |
| matrix: | |
| system: [ubuntu-latest, pqcp-arm64] | |
| nix-shell: | |
| - ci_valgrind-varlat_clang14 | |
| - ci_valgrind-varlat_clang15 | |
| - ci_valgrind-varlat_clang16 | |
| - ci_valgrind-varlat_clang17 | |
| - ci_valgrind-varlat_clang18 | |
| - ci_valgrind-varlat_clang19 | |
| - ci_valgrind-varlat_gcc48 | |
| - ci_valgrind-varlat_gcc49 | |
| - ci_valgrind-varlat_gcc7 | |
| - ci_valgrind-varlat_gcc11 | |
| - ci_valgrind-varlat_gcc12 | |
| - ci_valgrind-varlat_gcc13 | |
| - ci_valgrind-varlat_gcc14 | |
| runs-on: ${{ matrix.system }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup nix | |
| uses: ./.github/actions/setup-shell | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix-shell: ${{ matrix.nix-shell }} | |
| nix-cache: true | |
| nix-cache-prefix: valgrind-${{ runner.os }}-${{ runner.arch }} | |
| - name: Build and run test (-Oz) | |
| # -Oz got introduced in gcc12 | |
| if: ${{ matrix.nix-shell != 'ci_valgrind-varlat_gcc48' && matrix.nix-shell != 'ci_valgrind-varlat_gcc49' && matrix.nix-shell != 'ci_valgrind-varlat_gcc7' && matrix.nix-shell != 'ci_valgrind-varlat_gcc11'}} | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -Oz | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-Os) | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -Os | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-O3) | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -O3 | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-Ofast) | |
| # -Ofast got deprecated in clang19; -O3 -ffast-math should be used instead | |
| if: ${{ matrix.nix-shell != 'ci_valgrind-varlat_clang19' }} | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -Ofast | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-O3 -ffast-math) | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -O3 -ffast-math | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-O2) | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -O2 | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-O1) | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -O1 | |
| valgrind_flags: --variable-latency-errors=yes | |
| - name: Build and run test (-O0) | |
| uses: ./.github/actions/ct-test | |
| with: | |
| cflags: -O0 | |
| valgrind_flags: --variable-latency-errors=yes |