Enable test coverage with aws-lc-rs

ctz · ctz · commit a86cbb1de087 · 2023-09-20T10:32:35.000Z
When run with --feature aws_lc_rs but not --feature ring,
use aws-lc-rs to run the same set of tests.
diff --git a/src/verify_cert.rs b/src/verify_cert.rs
@@ -495,7 +495,7 @@ enum Role {
     EndEntity,
 }
 
-#[cfg(all(test, feature = "alloc", feature = "ring"))]
+#[cfg(all(test, feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
 mod tests {
     use super::*;
     use crate::test_utils::{issuer_params, make_end_entity, make_issuer};
diff --git a/tests/better_tls.rs b/tests/better_tls.rs
@@ -1,4 +1,4 @@
-#![cfg(feature = "ring")]
+#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
 
 use core::time::Duration;
 use std::collections::HashMap;
@@ -9,9 +9,17 @@ use bzip2::read::BzDecoder;
 use pki_types::UnixTime;
 use serde::Deserialize;
 
-use webpki::types::{CertificateDer, TrustAnchor};
+use webpki::types::{CertificateDer, SignatureVerificationAlgorithm, TrustAnchor};
 use webpki::{extract_trust_anchor, KeyUsage, SubjectNameRef};
 
+// All of the BetterTLS testcases use P256 keys.
+static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
+    #[cfg(feature = "ring")]
+    webpki::ring::ECDSA_P256_SHA256,
+    #[cfg(feature = "aws_lc_rs")]
+    webpki::aws_lc_rs::ECDSA_P256_SHA256,
+];
+
 #[ignore] // Runs slower than other unit tests - opt-in with `cargo test -- --ignored`
 #[test]
 fn path_building() {
@@ -69,7 +77,7 @@ fn run_testsuite(suite_name: &str, suite: &BetterTlsSuite, roots: &[TrustAnchor]
 
         let result = ee_cert
             .verify_for_usage(
-                &[webpki::ring::ECDSA_P256_SHA256], // All of the BetterTLS testcases use P256 keys.
+                ALGS,
                 roots,
                 intermediates,
                 now,
diff --git a/tests/client_auth.rs b/tests/client_auth.rs
@@ -12,7 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(all(feature = "alloc", feature = "ring"))]
+#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
 
 use core::time::Duration;
 use pki_types::{CertificateDer, UnixTime};
diff --git a/tests/client_auth_revocation.rs b/tests/client_auth_revocation.rs
@@ -12,16 +12,23 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(feature = "ring")]
+#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
 
 use core::time::Duration;
 
-use pki_types::{CertificateDer, UnixTime};
+use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime};
 use webpki::{
     extract_trust_anchor, KeyUsage, RevocationCheckDepth, RevocationOptions,
     RevocationOptionsBuilder,
 };
 
+static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
+    #[cfg(feature = "ring")]
+    webpki::ring::ECDSA_P256_SHA256,
+    #[cfg(feature = "aws_lc_rs")]
+    webpki::aws_lc_rs::ECDSA_P256_SHA256,
+];
+
 fn check_cert(
     ee: &[u8],
     intermediates: &[&[u8]],
@@ -39,7 +46,7 @@ fn check_cert(
         .collect::<Vec<_>>();
 
     cert.verify_for_usage(
-        &[webpki::ring::ECDSA_P256_SHA256],
+        ALGS,
         anchors,
         &intermediates,
         time,
diff --git a/tests/custom_ekus.rs b/tests/custom_ekus.rs
@@ -1,4 +1,4 @@
-#![cfg(all(feature = "alloc", feature = "ring"))]
+#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
 
 use core::time::Duration;
 
diff --git a/tests/integration.rs b/tests/integration.rs
@@ -12,7 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(feature = "ring")]
+#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
 
 use core::time::Duration;
 
diff --git a/tests/signatures.rs b/tests/signatures.rs
@@ -12,7 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(feature = "ring")]
+#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
 
 use pki_types::{CertificateDer, SignatureVerificationAlgorithm};
 #[cfg(feature = "ring")]
@@ -26,6 +26,14 @@ use webpki::ring::{
     RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
 };
 
+#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
+use webpki::aws_lc_rs::{
+    ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
+    RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
+    RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
+    RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
+};
+
 #[cfg(feature = "alloc")]
 fn check_sig(
     ee: &[u8],
diff --git a/tests/tls_server_certs.rs b/tests/tls_server_certs.rs
@@ -11,7 +11,7 @@
 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-#![cfg(all(feature = "alloc", feature = "ring"))]
+#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
 
 use core::time::Duration;
 

Original file line number	Diff line number	Diff line change
`@@ -495,7 +495,7 @@ enum Role {`
`495`	`495`	`EndEntity,`
`496`	`496`	`}`
`497`	`497`
`498`		`-#[cfg(all(test, feature = "alloc", feature = "ring"))]`
	`498`	`+#[cfg(all(test, feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]`
`499`	`499`	`mod tests {`
`500`	`500`	`use super::*;`
`501`	`501`	`use crate::test_utils::{issuer_params, make_end_entity, make_issuer};`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-#![cfg(all(feature = "alloc", feature = "ring"))]`
	`1`	`+#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]`
`2`	`2`
`3`	`3`	`use core::time::Duration;`
`4`	`4`