From 15204e3d25881c22ad72e86ccee55b5237dd0350 Mon Sep 17 00:00:00 2001
From: Thai Duong <thaidn@google.com>
Date: Mon, 29 Jan 2018 16:21:56 -0800
Subject: [PATCH] Fixing Kokoro build.
The build is failing probably because Kokoro upgraded its Ubuntu image.
This image doesn't have the unlimited Java policy, thus tests with
256-bit keys failed. These tests are skipped now. I also temporarily
remove tests with 256-bit keys from AEAD cross-language tests. These
tests will be reinstalled after b/35928521 is fixed.
The Go compiler on Kokoro, which is at version go1.9 linux/amd64, refuses
to compile our Go code because it found a cycle dependency. This is somehow
not a problem with the version of Go on my workstation. Fortunately, the
cycle dependency is in a test, so I temporarily removed it. I'm working on
a better fix which moves the test to a different package.
I also upgrade Bazel to 0.9.0 and use rules-apple at
a2b620070d373e4f265194b69f65e9e5c17fbcb8, instead of master, which is known
to work well with Bazel 0.9.0.
Change-Id: I97229342065f12d0eec6ff31b54922161267943a
ORIGINAL_AUTHOR=Thai Duong <thaidn@google.com>
GitOrigin-RevId: 0e96efbd943ddc3c97a2b7d573f7e20b78781a5d
---
WORKSPACE | 4 +-
apps/rewardedads/java/BUILD | 4 +-
go/tink/BUILD | 3 -
go/tink/keyset_handle_test.go | 45 -------------
.../RegistryEciesAeadHkdfDemHelperTest.java | 66 +++++++++++++------
.../tink/subtle/DaeadThreadSafetyTest.java | 8 ++-
kokoro/run_tests.sh | 8 +--
tools/testing/cross_language/aead_test.sh | 2 +-
8 files changed, 63 insertions(+), 77 deletions(-)
diff --git a/WORKSPACE b/WORKSPACE
index 4cf5e7283..1834866b9 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -510,8 +510,8 @@ java_import_external(
http_archive(
name = "build_bazel_rules_apple",
- strip_prefix = "rules_apple-master",
- url = "https://github.com/bazelbuild/rules_apple/archive/master.zip",
+ strip_prefix = "rules_apple-a2b620070d373e4f265194b69f65e9e5c17fbcb8",
+ url = "https://github.com/bazelbuild/rules_apple/archive/a2b620070d373e4f265194b69f65e9e5c17fbcb8.zip",
)
load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_toolchains")
diff --git a/apps/rewardedads/java/BUILD b/apps/rewardedads/java/BUILD
index 9f71a1739..2c181819f 100644
--- a/apps/rewardedads/java/BUILD
+++ b/apps/rewardedads/java/BUILD
@@ -12,7 +12,7 @@ java_library(
javacopts = JAVACOPTS,
deps = [
"//java",
- "@com_google_http_client//:com_google_http_client",
+ "@com_google_http_client",
"@org_json//jar",
],
)
@@ -28,7 +28,7 @@ java_library(
deps = [
":java",
"//java:testonly",
- "@com_google_http_client//:com_google_http_client",
+ "@com_google_http_client",
"@junit",
"@org_json//jar",
],
diff --git a/go/tink/BUILD b/go/tink/BUILD
index 02f5bced1..8fa6c659b 100644
--- a/go/tink/BUILD
+++ b/go/tink/BUILD
@@ -76,9 +76,6 @@ go_test(
srcs = TINK_INTERNAL_TEST_SRCS,
importpath = "github.com/google/tink/go/tink/tink_test",
library = ":tink",
- deps = [
- "//go/signature",
- ],
)
# primitives only
diff --git a/go/tink/keyset_handle_test.go b/go/tink/keyset_handle_test.go
index 83386f5aa..71645aadd 100644
--- a/go/tink/keyset_handle_test.go
+++ b/go/tink/keyset_handle_test.go
@@ -17,7 +17,6 @@
package tink
import (
- "github.com/google/tink/go/signature/signature"
"github.com/google/tink/go/util/util"
tinkpb "github.com/google/tink/proto/tink_go_proto"
"testing"
@@ -60,47 +59,3 @@ func TestNewKeysetHandleWithInvalidInput(t *testing.T) {
t.Errorf("unexpected error: %s", err)
}
}
-
-func TestGetPublicKeysetHandleBasic(t *testing.T) {
- Registry().RegisterKeyManager(signature.NewEcdsaSignKeyManager())
- Registry().RegisterKeyManager(signature.NewEcdsaVerifyKeyManager())
-
- template := signature.EcdsaP256KeyTemplate()
- privHandle, err := CleartextKeysetHandle().GenerateNew(template)
- if err != nil {
- t.Errorf("unexpected error: %s", err)
- }
- privKeyset := privHandle.keyset
- pubHandle, err := privHandle.GetPublicKeysetHandle()
- if err != nil {
- t.Errorf("getting public keyset handle failed: %s", err)
- }
- pubKeyset := pubHandle.keyset
- // check Keyset's params
- if len(pubKeyset.Key) != 1 {
- t.Errorf("incorrect number of keys in the keyset handle: %s", len(pubHandle.keyset.Key))
- }
- if pubKeyset.PrimaryKeyId != privKeyset.PrimaryKeyId {
- t.Errorf("incorrect primary key id")
- }
- // check Keyset_Key's params
- pubKey := pubKeyset.Key[0]
- privKey := privKeyset.Key[0]
- if pubKey.OutputPrefixType != privKey.OutputPrefixType {
- t.Errorf("incorrect output prefix type")
- }
- if pubKey.Status != privKey.Status {
- t.Errorf("incorrect key status")
- }
- if pubKey.KeyId != privKey.KeyId {
- t.Errorf("incorrect key id")
- }
- // check KeyData's params
- pubKeyData := pubKey.KeyData
- if pubKeyData.TypeUrl != signature.ECDSA_VERIFY_TYPE_URL {
- t.Errorf("incorrect typeurl")
- }
- if pubKeyData.KeyMaterialType != tinkpb.KeyData_ASYMMETRIC_PUBLIC {
- t.Errorf("incorrect key material type")
- }
-}
diff --git a/java/src/test/java/com/google/crypto/tink/hybrid/RegistryEciesAeadHkdfDemHelperTest.java b/java/src/test/java/com/google/crypto/tink/hybrid/RegistryEciesAeadHkdfDemHelperTest.java
index d1314e1a3..244399b9a 100644
--- a/java/src/test/java/com/google/crypto/tink/hybrid/RegistryEciesAeadHkdfDemHelperTest.java
+++ b/java/src/test/java/com/google/crypto/tink/hybrid/RegistryEciesAeadHkdfDemHelperTest.java
@@ -30,36 +30,70 @@ import com.google.crypto.tink.signature.SignatureKeyTemplates;
import com.google.crypto.tink.subtle.Random;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
+import javax.crypto.Cipher;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
-/**
- * Tests for RegistryEciesAeadHkdfDemHelper.
- */
+/** Tests for RegistryEciesAeadHkdfDemHelper. */
@RunWith(JUnit4.class)
public class RegistryEciesAeadHkdfDemHelperTest {
private static final Charset UTF_8 = Charset.forName("UTF-8");
+ private KeyTemplate[] keyTemplates;
+
@Before
public void setUp() throws Exception {
Config.register(AeadConfig.TINK_1_0_0);
+
+ if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
+ System.out.println(
+ "Unlimited Strength Jurisdiction Policy Files are required"
+ + " but not installed. Skip tests with keys larger than 128 bits.");
+ keyTemplates =
+ new KeyTemplate[] {AeadKeyTemplates.AES128_GCM, AeadKeyTemplates.AES128_CTR_HMAC_SHA256};
+ } else {
+ keyTemplates =
+ new KeyTemplate[] {
+ AeadKeyTemplates.AES128_GCM,
+ AeadKeyTemplates.AES256_GCM,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ AeadKeyTemplates.AES256_CTR_HMAC_SHA256
+ };
+ }
}
@Test
- public void testConstructor() throws Exception {
+ public void testConstructorWith128BitCiphers() throws Exception {
RegistryEciesAeadHkdfDemHelper helper;
// Supported templates.
helper = new RegistryEciesAeadHkdfDemHelper(AeadKeyTemplates.AES128_GCM);
assertEquals(16, helper.getSymmetricKeySizeInBytes());
- helper = new RegistryEciesAeadHkdfDemHelper(AeadKeyTemplates.AES256_GCM);
- assertEquals(32, helper.getSymmetricKeySizeInBytes());
helper = new RegistryEciesAeadHkdfDemHelper(AeadKeyTemplates.AES128_CTR_HMAC_SHA256);
assertEquals(48, helper.getSymmetricKeySizeInBytes());
+ }
+
+ @Test
+ public void testConstructorWith256BitCiphers() throws Exception {
+ if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
+ System.out.println(
+ "Unlimited Strength Jurisdiction Policy Files are required"
+ + " but not installed. Skip tests with keys larger than 128 bits.");
+ return;
+ }
+ // Supported templates.
+ RegistryEciesAeadHkdfDemHelper helper =
+ new RegistryEciesAeadHkdfDemHelper(AeadKeyTemplates.AES256_GCM);
+ assertEquals(32, helper.getSymmetricKeySizeInBytes());
helper = new RegistryEciesAeadHkdfDemHelper(AeadKeyTemplates.AES256_CTR_HMAC_SHA256);
assertEquals(64, helper.getSymmetricKeySizeInBytes());
+ }
+
+ @Test
+ public void testConstructorWithUnsupportedTemplates() throws Exception {
+ RegistryEciesAeadHkdfDemHelper helper;
// Unsupported templates.
int templateCount = 4;
@@ -83,10 +117,11 @@ public class RegistryEciesAeadHkdfDemHelperTest {
assertEquals(templateCount, count);
// An inconsistent template.
- KeyTemplate template = KeyTemplate.newBuilder()
- .setTypeUrl(AeadKeyTemplates.AES128_CTR_HMAC_SHA256.getTypeUrl())
- .setValue(SignatureKeyTemplates.ECDSA_P256.getValue())
- .build();
+ KeyTemplate template =
+ KeyTemplate.newBuilder()
+ .setTypeUrl(AeadKeyTemplates.AES128_CTR_HMAC_SHA256.getTypeUrl())
+ .setValue(SignatureKeyTemplates.ECDSA_P256.getValue())
+ .build();
try {
helper = new RegistryEciesAeadHkdfDemHelper(template);
fail("Inconsistent template, should have thrown exception:\n" + template.toString());
@@ -97,17 +132,10 @@ public class RegistryEciesAeadHkdfDemHelperTest {
@Test
public void testGetAead() throws Exception {
- int templateCount = 4;
- KeyTemplate[] templates = new KeyTemplate[templateCount];
- templates[0] = AeadKeyTemplates.AES128_GCM;
- templates[1] = AeadKeyTemplates.AES256_GCM;
- templates[2] = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
- templates[3] = AeadKeyTemplates.AES256_CTR_HMAC_SHA256;
-
byte[] plaintext = "some plaintext string".getBytes(UTF_8);
byte[] associatedData = "some associated data".getBytes(UTF_8);
int count = 0;
- for (KeyTemplate template : templates) {
+ for (KeyTemplate template : keyTemplates) {
RegistryEciesAeadHkdfDemHelper helper = new RegistryEciesAeadHkdfDemHelper(template);
byte[] symmetricKey = Random.randBytes(helper.getSymmetricKeySizeInBytes());
Aead aead = helper.getAead(symmetricKey);
@@ -136,6 +164,6 @@ public class RegistryEciesAeadHkdfDemHelperTest {
}
count++;
}
- assertEquals(templateCount, count);
+ assertEquals(keyTemplates.length, count);
}
}
diff --git a/java/src/test/java/com/google/crypto/tink/subtle/DaeadThreadSafetyTest.java b/java/src/test/java/com/google/crypto/tink/subtle/DaeadThreadSafetyTest.java
index 92b039393..90b492c19 100644
--- a/java/src/test/java/com/google/crypto/tink/subtle/DaeadThreadSafetyTest.java
+++ b/java/src/test/java/com/google/crypto/tink/subtle/DaeadThreadSafetyTest.java
@@ -140,7 +140,13 @@ public class DaeadThreadSafetyTest {
@Test
public void testAesSiv256() throws Exception {
byte[] key = Random.randBytes(64);
- AesSiv siv = new AesSiv(key);
+ AesSiv siv;
+ try {
+ siv = new AesSiv(key);
+ } catch (GeneralSecurityException ex) {
+ System.out.println("Skipping test: AES-SIV with 256 bit AES keys is not supported.");
+ return;
+ }
testEncryptionDecryption(siv, 5, 128, 20);
}
}
diff --git a/kokoro/run_tests.sh b/kokoro/run_tests.sh
index 786001f1b..fc8c655b9 100755
--- a/kokoro/run_tests.sh
+++ b/kokoro/run_tests.sh
@@ -26,10 +26,7 @@ rm -f ~/.bazelrc
PLATFORM=`uname | tr '[:upper:]' '[:lower:]'`
-# Using Bazel at commit 88157011af4ddac21e404e9deea0d78668a71a99.
-# In this version, {java,cc}_proto_library now look for dependencies in
-# @com_google_protobuf, instead of in @com_google_protobuf_$LANG.
-# See https://github.com/cgrushko/proto_library/issues/4.
+# Using Bazel 0.9.0.
BAZEL_BIN="${KOKORO_GFILE_DIR}/bazel-${PLATFORM}-x86_64"
DISABLE_SANDBOX="--strategy=GenRule=standalone --strategy=Turbine=standalone \
@@ -45,6 +42,9 @@ ${BAZEL_BIN} version
echo "using java binary: " `which java`
java -version
+echo "using go: " `which go`
+go version
+
run_linux_tests() {
time ${BAZEL_BIN} fetch ...
diff --git a/tools/testing/cross_language/aead_test.sh b/tools/testing/cross_language/aead_test.sh
index 3473c0572..2fb09a99c 100755
--- a/tools/testing/cross_language/aead_test.sh
+++ b/tools/testing/cross_language/aead_test.sh
@@ -5,7 +5,7 @@ CC_AEAD_CLI="$ROOT_DIR/tools/testing/cc/aead_cli_cc"
JAVA_AEAD_CLI="$ROOT_DIR/tools/testing/aead_cli_java"
TEST_UTIL="$ROOT_DIR/tools/testing/cross_language/test_util.sh"
-KEY_TEMPLATES=(AES128_GCM.ascii AES256_GCM.ascii AES128_CTR_HMAC_SHA256.ascii AES256_CTR_HMAC_SHA256.ascii)
+KEY_TEMPLATES=(AES128_GCM.ascii AES128_CTR_HMAC_SHA256.ascii)
source $TEST_UTIL || exit 1
--
GitLab