Merge #72: Add support for AmazonCorrettoCryptoProvider.

NOKEYCHECK=True PiperOrigin-RevId: 285889021 GitOrigin-RevId: 5c275cb55af7e77e50e40ab4e811965ee2e8d6bb
C2SP · Dec 17, 2019 · fb72abc · fb72abc
1 parent be388ef
commit fb72abc
Show file tree

Hide file tree

Showing 8 changed files with 245 additions and 2 deletions.
diff --git a/BUILD.bazel b/BUILD.bazel
@@ -155,6 +155,49 @@ conscrypt_all_tests(
     data = testdata,
 )
 
+# Amazon Corretto Crypto Provider tests
+load("//tools:build_defs.bzl", "accp_tests", "accp_all_tests")
+
+accp_tests(
+    size = "enormous",
+    srcs = ["java/com/google/security/wycheproof/AccpTest.java"] + test_srcs,
+    test_class = "com.google.security.wycheproof.AccpTest",
+    deps = common_deps,
+    data = testdata,
+)
+
+java_test(
+    name = "AccpTestLocal",
+    size = "enormous",
+    srcs = ["java/com/google/security/wycheproof/AccpTest.java"] + test_srcs,
+    # this target requires specifing a shell variable, thus won't work with the wildcard target patterns.
+    # with tags=["manual"] it'll be excluded from said patterns.
+    tags = ["manual"],
+    test_class = "com.google.security.wycheproof.AccpTest",
+    deps = common_deps + ["@local//:accp_jar"],
+    data = testdata,
+)
+
+accp_all_tests(
+    size = "enormous",
+    srcs = ["java/com/google/security/wycheproof/AccpAllTests.java"] + test_srcs,
+    test_class = "com.google.security.wycheproof.AccpAllTests",
+    deps = common_deps,
+    data = testdata,
+)
+
+java_test(
+    name = "AccpAllTestsLocal",
+    size = "enormous",
+    srcs = ["java/com/google/security/wycheproof/AccpAllTests.java"] + test_srcs,
+    # this target requires specifing a shell variable, thus won't work with the wildcard target patterns.
+    # with tags=["manual"] it'll be excluded from said patterns.
+    tags = ["manual"],
+    test_class = "com.google.security.wycheproof.AccpAllTests",
+    deps = common_deps + ["@local//:accp_jar"],
+    data = testdata,
+)
+
 # OpenJDK tests
 java_test(
     name = "OpenJDKTest",

diff --git a/README.md b/README.md
@@ -75,7 +75,9 @@ default values to be a significant security flaw. We are converting as many
 tests into sets of test vectors to simplify porting the tests to other
 languages. We provide ready-to-use test runners for Java Cryptography
 Architecture providers such as [Bouncy Castle](http://bouncycastle.org),
-[Spongy Castle](https://rtyley.github.io/spongycastle/), and the default
+[Spongy Castle](https://rtyley.github.io/spongycastle/), the
+[Amazon Corretto Crypto Provider](https://github.com/corretto/amazon-corretto-crypto-provider)
+and the default
 providers in [OpenJDK](http://openjdk.java.net/).
 
 ### Usage
@@ -140,6 +142,35 @@ BouncyCastle with SpongyCastle in your commands, for example
 bazel test SpongyCastleAllTests
 ```
 
+- To test the
+[Amazon Corretto Crypto Provider](https://github.com/corretto/amazon-corretto-crypto-provider), replace
+BouncyCastle with Accp in your commands, for example
+
+```
+bazel test AccpAllTests
+```
+
+- To test a local jar for the Amazon Corretto Crypto Provider, set the
+`WYCHEPROOF_ACCP_JAR` environment variable:
+
+```shell
+$ WYCHEPROOF_ACCP_JAR=/path/to/accp
+$ bazel test AccpTestLocal
+$ bazel test AccpAllTestsLocal
+```
+
+Note: bazel does not currently invalidate the build on environment changes. If
+you change the `WYCHEPROOF_ACCP_JAR` environment variable, run `bazel
+clean` to force a rebuild:
+
+```shell
+$ WYCHEPROOF_ACCP_JAR=/path/to/accp
+$ bazel test AccpTestLocal
+$ WYCHEPROOF_ACCP_JAR=/path/to/other/jar
+$ bazel clean
+$ bazel test AccpTestLocal
+```
+
 - To test your current installation of
 [OpenJDK](http://openjdk.java.net/):
 

diff --git a/WORKSPACE b/WORKSPACE
@@ -421,6 +421,33 @@ java_import_external(
     ],
 )
 
+java_import_external(
+    name = "amazon_corretto_crypto_provider_1_1_0",
+    licenses = ["notice"],  # Apache 2.0
+    jar_sha256 = "8fab9866f88c05b917184ed2fc977409eab8ab48c2dddbefa80364998b913bd3",
+    jar_urls = [
+        "https://repo1.maven.org/maven2/software/amazon/cryptools/AmazonCorrettoCryptoProvider/1.1.0/AmazonCorrettoCryptoProvider-1.1.0-linux-x86_64.jar",
+        ],
+)
+
+java_import_external(
+    name = "amazon_corretto_crypto_provider_1_1_1",
+    licenses = ["notice"],  # Apache 2.0
+    jar_sha256 = "187c45b54ae8dc968239125aad503543d6cd8963bf35a02a0ae7f30d2101af11",
+    jar_urls = [
+        "https://repo1.maven.org/maven2/software/amazon/cryptools/AmazonCorrettoCryptoProvider/1.1.1/AmazonCorrettoCryptoProvider-1.1.1-linux-x86_64.jar",
+        ],
+)
+
+java_import_external(
+    name = "amazon_corretto_crypto_provider_1_2_0",
+    licenses = ["notice"],  # Apache 2.0
+    jar_sha256 = "dbeece4e113d58d03e9450763032ba8326c0580f6c143a26519ed6b86fb2880e",
+    jar_urls = [
+        "https://repo1.maven.org/maven2/software/amazon/cryptools/AmazonCorrettoCryptoProvider/1.2.0/AmazonCorrettoCryptoProvider-1.2.0-linux-x86_64.jar",
+        ],
+)
+
 load("//tools:local_repository_defs.bzl", "local_jars")
 
 local_jars(name = "local")
diff --git a/java/com/google/security/wycheproof/AccpAllTests.java b/java/com/google/security/wycheproof/AccpAllTests.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * <p>http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * <p>Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.security.wycheproof;
+
+import com.google.security.wycheproof.WycheproofRunner.Provider;
+import com.google.security.wycheproof.WycheproofRunner.ProviderType;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite.SuiteClasses;
+
+/**
+ * Amazon Corretto Crypto Provider is a Java security provider from Amazon which uses OpenSSL. See
+ * {@link https://github.com/corretto/amazon-corretto-crypto-provider}.
+ *
+ * <p>AccpAllTests runs all tests, except that tests that are explicitly excluded.
+ */
+@RunWith(WycheproofRunner.class)
+@SuiteClasses({
+  AesGcmTest.class,
+  BasicTest.class,
+  CipherInputStreamTest.class,
+  CipherOutputStreamTest.class,
+  DhTest.class,
+  DsaTest.class,
+  EcKeyTest.class,
+  EcdhTest.class,
+  EcdsaTest.class,
+  JsonAeadTest.class,
+  JsonCipherTest.class,
+  JsonEcdhTest.class,
+  JsonSignatureTest.class,
+  MessageDigestTest.class,
+  RsaEncryptionTest.class,
+  RsaKeyTest.class,
+  RsaSignatureTest.class
+})
+@Provider(ProviderType.AMAZON_CORRETTO_CRYPTO_PROVIDER)
+public final class AccpAllTests {
+  @BeforeClass
+  public static void setUp() throws Exception {
+    TestUtil.installOnlyOpenJDKProviders();
+    com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.install();
+    com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
+  }
+}
diff --git a/java/com/google/security/wycheproof/AccpTest.java b/java/com/google/security/wycheproof/AccpTest.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * <p>http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * <p>Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.security.wycheproof;
+
+import com.google.security.wycheproof.WycheproofRunner.Fast;
+import com.google.security.wycheproof.WycheproofRunner.Provider;
+import com.google.security.wycheproof.WycheproofRunner.ProviderType;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite.SuiteClasses;
+
+/**
+ * Amazon Corretto Crypto Provider is a Java security provider from Amazon which uses OpenSSL. See
+ * {@link https://github.com/corretto/amazon-corretto-crypto-provider}.
+ *
+ * <p>AccpAllTests runs all tests, except that tests that are explicitly excluded.
+ */
+@RunWith(WycheproofRunner.class)
+@SuiteClasses({
+  AesGcmTest.class,
+  BasicTest.class,
+  CipherInputStreamTest.class,
+  CipherOutputStreamTest.class,
+  DhTest.class,
+  DsaTest.class,
+  EcKeyTest.class,
+  EcdhTest.class,
+  EcdsaTest.class,
+  JsonAeadTest.class,
+  JsonCipherTest.class,
+  JsonEcdhTest.class,
+  JsonSignatureTest.class,
+  MessageDigestTest.class,
+  RsaEncryptionTest.class,
+  RsaKeyTest.class,
+  RsaSignatureTest.class
+})
+@Provider(ProviderType.AMAZON_CORRETTO_CRYPTO_PROVIDER)
+@Fast
+public final class AccpTest {
+  @BeforeClass
+  public static void setUp() throws Exception {
+    TestUtil.installOnlyOpenJDKProviders();
+    com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.install();
+    com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
+  }
+}
diff --git a/java/com/google/security/wycheproof/WycheproofRunner.java b/java/com/google/security/wycheproof/WycheproofRunner.java
@@ -50,6 +50,7 @@ public enum ProviderType {
     CONSCRYPT,
     OPENJDK,
     SPONGY_CASTLE,
+    AMAZON_CORRETTO_CRYPTO_PROVIDER
   }
 
   // Annotations for test runners.

diff --git a/tools/build_defs.bzl b/tools/build_defs.bzl
@@ -79,3 +79,19 @@ def conscrypt_tests(srcs, deps, size, test_class, data):
     """Conscrypt version-specific tests."""
 
     add_tests("ConscryptTest", conscrypt_versions, conscrypt_dep, srcs, deps, size, test_class, data)
+
+# Amazon Corretto Crypto Provider targets
+accp_versions = ["1_1_0", "1_1_1", "1_2_0"]
+accp_dep = "@amazon_corretto_crypto_provider"
+
+# These targets run all tests.
+def accp_all_tests(srcs, deps, size, test_class, data):
+    """Amazon Corretto Crypto Provider version-specific tests."""
+
+    add_tests("AccpAllTests", accp_versions, accp_dep, srcs, deps, size, test_class, data)
+
+# These targets exclue @SlowTest
+def accp_tests(srcs, deps, size, test_class, data):
+    """Amazon Corretto Crypto Provider version-specific tests."""
+
+    add_tests("AccpTest", accp_versions, accp_dep, srcs, deps, size, test_class, data)
diff --git a/tools/local_repository_defs.bzl b/tools/local_repository_defs.bzl
@@ -1,4 +1,4 @@
-"""Add test targets for Bouncy Castle using a local jar.
+"""Add test targets for using a local jar.
 
 """
 
@@ -10,6 +10,14 @@ java_import(
  )
 """
 
+_accp_jar_rule = """
+java_import(
+    name = "accp_jar",
+    jars = ["accp.jar"],
+    visibility = ["//visibility:public"],
+ )
+"""
+
 # TODO(ekasper): implement environment invalidation once supported by bazel,
 # see https://bazel.build/designs/2016/10/18/repository-invalidation.html
 # Meanwhile, users have to call 'bazel clean' explicitly when the
@@ -23,6 +31,13 @@ def _local_jars_impl(repository_ctx):
         )
         contents += _bouncycastle_jar_rule
 
+    if "WYCHEPROOF_ACCP_JAR" in repository_ctx.os.environ:
+        repository_ctx.symlink(
+            repository_ctx.os.environ["WYCHEPROOF_ACCP_JAR"],
+            "accp.jar",
+        )
+        contents += _accp_jar_rule
+
     repository_ctx.file("BUILD", contents)
 
 local_jars = repository_rule(