-
Notifications
You must be signed in to change notification settings - Fork 15
132 lines (128 loc) · 4.63 KB
/
aws_lc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# SPDX-License-Identifier: Apache-2.0
name: AWS-LC
permissions:
contents: read
on:
workflow_dispatch:
push:
branches: ["main"]
pull_request:
branches: ["main"]
types: [ "opened", "synchronize" ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
aws_lc_integration_fips:
strategy:
fail-fast: false
matrix:
system: [ubuntu-latest, pqcp-arm64]
fips: [0,1]
name: AWS-LC FIPS test (${{ matrix.system }}, FIPS=${{ matrix.fips }})
runs-on: ${{ matrix.system }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/setup-os
with:
packages: 'cmake'
- uses: ./.github/actions/setup-aws-lc
with:
repository: 'hanno-becker/aws-lc'
commit: 'mlkem_native'
- name: Run importer
run: |
cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
rm -rf mlkem
GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
- name: Build+Test AWS-LC (FIPS=${{ matrix.fips }})
run: |
cd $AWSLC_DIR
mkdir build
cd build
cmake -DFIPS=${{ matrix.fips }} ..
cd ..
cmake --build ./build --target all
cmake --build ./build --target run_tests
posix:
# This is a parallelization of the run_posix_tests.sh script
strategy:
max-parallel: 8
fail-fast: false
matrix:
system: [ubuntu-latest, pqcp-arm64, macos-latest, macos-13]
test:
- name: Debug mode
flags: -DENABLE_DILITHIUM=ON
- name: Release mode
flags: -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
- name: Dilithium disabled
flags: -DENABLE_DILITHIUM=OFF
- name: Small compilation
flags: -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
- name: LibSSL off.
flags: -DBUILD_LIBSSL=OFF -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
- name: No-ASM
flags: -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
- name: Shared
flags: -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
- name: Pre-Gen ASM
flags: -DDISABLE_PERL=ON -DENABLE_DILITHIUM=ON
- name: DIT
flags: -DENABLE_DATA_INDEPENDENT_TIMING=ON -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
name: Posix test (${{ matrix.test.name }}, ${{ matrix.system }})
runs-on: ${{ matrix.system }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/setup-os
with:
packages: 'cmake golang'
- uses: ./.github/actions/setup-aws-lc
with:
repository: 'hanno-becker/aws-lc'
commit: 'mlkem_native'
- name: Run importer
run: |
cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
- name: Run test
run: |
cd $AWSLC_DIR
source tests/ci/common_posix_setup.sh
build_and_test ${{ matrix.test.flags }}
posix:
# This is a parallelization of the run_posix_tests.sh script
strategy:
max-parallel: 8
fail-fast: false
matrix:
system: [ubuntu-latest, pqcp-arm64, macos-latest, macos-13]
test:
- name: Testing a prefix build of AWS-LC in debug mode.
flags:
- name: Testing a prefix build of AWS-LC in release mode.
flags: -DCMAKE_BUILD_TYPE=Release
- name: Testing a prefix build of AWS-LC small compilation.
flags: -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release
- name: Testing a prefix build of AWS-LC in no asm mode.
flags: -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release
name: Prefix test (${{ matrix.test.name }}, ${{ matrix.system }})
runs-on: ${{ matrix.system }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/setup-os
with:
packages: 'cmake golang'
- uses: ./.github/actions/setup-aws-lc
with:
repository: 'hanno-becker/aws-lc'
commit: 'mlkem_native'
- name: Run importer
run: |
cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
- name: Run test
run: |
cd $AWSLC_DIR
source tests/ci/common_posix_setup.sh
build_prefix_and_test ${{ matrix.flags }}