"Crypto as trait" experiments #264
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and test | |
on: | |
push: | |
branches: [main] | |
tags: 'v*' | |
pull_request: | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
check-style: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Install Rust formatter | |
run: rustup component add rustfmt | |
- name: Check if code is well formatted | |
run: cargo fmt --check | |
unit-tests: # run before build because it is faster | |
needs: check-style | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
edhoc_lib: [hacspec, rust] | |
crypto: [hacspec, psa] | |
ead: [ead-none, ead-zeroconf] | |
exclude: | |
- edhoc_lib: rust | |
crypto: hacspec | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Run unit tests # note that we only add `--package edhoc-hacspec` when testing the hacspec version of the lib | |
run: cargo test --package edhoc-rs --package edhoc-crypto --package edhoc-ead ${{ matrix.edhoc_lib == 'hacspec' && '--package edhoc-hacspec' || '' }} --no-default-features --features="${{ matrix.edhoc_lib }}-${{ matrix.crypto }}, ${{ matrix.ead }}" --no-fail-fast | |
build-edhoc-package: | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
edhoc_lib: [hacspec, rust] | |
crypto: [hacspec, psa, psa-baremetal, cryptocell310] | |
ead: [ead-none, ead-zeroconf] | |
exclude: | |
- edhoc_lib: rust | |
crypto: hacspec | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Install arm targets for Rust | |
run: rustup target add thumbv7m-none-eabi && rustup target add thumbv7em-none-eabihf | |
- name: Install arm gcc | |
run: sudo apt-get -y update && sudo apt-get -y install gcc-arm-none-eabi | |
- name: Build | |
run: cargo build --package edhoc-rs --package edhoc-crypto --package edhoc-ead --no-default-features --features="${{ matrix.edhoc_lib }}-${{ matrix.crypto }}, ${{ matrix.ead }}" --release | |
hacspec-to-fstar: | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout edhoc-rs | |
uses: actions/checkout@v3 | |
- name: Patch edhoc-rs features | |
run: git apply ./hacspec/adjust_features_for_hax.patch | |
- name: Checkout hacspec-v2 | |
uses: actions/checkout@v3 | |
with: | |
repository: 'hacspec/hacspec-v2' | |
path: hacspec-v2-repo | |
- name: Build hacspec-v2 docker image | |
run: docker build -f .docker/Dockerfile . -t hacspec-v2 | |
working-directory: hacspec-v2-repo | |
- name: Generate fstar | |
run: | | |
docker run --rm -v ${{ github.workspace }}:/edhoc-rs hacspec-v2 bash -c "cd edhoc-rs/hacspec && cargo-hax -C -p edhoc-hacspec -p edhoc-crypto -p edhoc-consts -p edhoc-crypto-hacspec \; into fstar" | |
zip -j -r edhoc-rs-fstar.zip $(find . -name *fst) | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: fstar-code | |
path: ./edhoc-rs-fstar.zip | |
build-static-lib-and-headers: | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
edhoc_lib: [rust] | |
crypto: [psa-baremetal, cryptocell310] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Install arm targets for Rust | |
run: rustup target add thumbv7em-none-eabihf | |
- name: Install arm gcc | |
run: sudo apt-get -y update && sudo apt-get -y install gcc-arm-none-eabi | |
- name: Build static library, generate headers, and zip to file | |
run: ./build_for_c.sh "${{ matrix.edhoc_lib }}-${{ matrix.crypto }}" | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: static-lib-and-headers | |
path: ./target/staticlib-*.zip | |
run-example-on-qemu: | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
config: [hacspec-psa, rust-psa] | |
ead: [ead-none, ead-zeroconf] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Install arm targets for Rust | |
run: rustup target add thumbv7m-none-eabi | |
- name: Install arm gcc | |
run: sudo apt-get -y update && sudo apt-get -y install gcc-arm-none-eabi | |
- name: Install QEMU ARM emulator | |
run: sudo apt-get -y install qemu-system-arm | |
- name: Run tests in QEMU | |
run: cd examples/edhoc-rs-no_std && cargo run --target="thumbv7m-none-eabi" --no-default-features --features="${{ matrix.config }}, ${{ matrix.ead }}" --release | |
build-example-for-cortex-m4: | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
edhoc_lib: [hacspec, rust] | |
crypto: [psa, cryptocell310] | |
ead: [ead-none, ead-zeroconf] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Install arm targets for Rust | |
run: rustup target add thumbv7em-none-eabihf | |
- name: Install arm gcc | |
run: sudo apt-get -y update && sudo apt-get -y install gcc-arm-none-eabi | |
- name: Build example | |
run: cd examples/edhoc-rs-no_std && cargo build --target="thumbv7em-none-eabihf" --no-default-features --features="${{ matrix.edhoc_lib }}-${{ matrix.crypto }}, ${{ matrix.ead }}, rtt" --release | |
build-coap-example: | |
needs: unit-tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Build server | |
run: cargo build --bin coapserver | |
- name: Build client | |
run: cargo build --bin coapclient | |
release: | |
runs-on: ubuntu-latest | |
needs: [build-edhoc-package, run-example-on-qemu, build-example-for-cortex-m4, build-coap-example, hacspec-to-fstar, build-static-lib-and-headers] | |
if: >- | |
github.event_name == 'push' && | |
startsWith(github.event.ref, 'refs/tags') | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: fstar-code | |
path: ./release-artifacts | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: static-lib-and-headers | |
path: ./release-artifacts | |
- name: Release | |
uses: ncipollo/release-action@v1 | |
with: | |
generateReleaseNotes: true | |
artifacts: "release-artifacts/*" | |
token: ${{ secrets.RELEASE_TOKEN }} |