test: initial commit of ESDK TestVectors

.github/actions/install_smithy_dafny_codegen_dependencies/action.yml

@@ -12,10 +12,10 @@ runs:
       uses: gradle/gradle-build-action@v2
       with:
         arguments: :codegen-client:pTML :codegen-core:pTML :rust-runtime:pTML
-        build-root-directory: smithy-dafny/smithy-dafny-codegen-modules/smithy-rs
+        build-root-directory: mpl/smithy-dafny/smithy-dafny-codegen-modules/smithy-rs
 
     - name: Install smithy-dafny-codegen Python dependencies locally
       uses: gradle/gradle-build-action@v2
       with:
         arguments: :smithy-python-codegen:pTML
-        build-root-directory: smithy-dafny/codegen/smithy-dafny-codegen-modules/smithy-python/codegen
+        build-root-directory: mpl/smithy-dafny/codegen/smithy-dafny-codegen-modules/smithy-python/codegen

.github/actions/polymorph_codegen/action.yml

@@ -109,6 +109,13 @@ runs:
       run: |
         make polymorph_dotnet ${{ steps.dependencies.outputs.PROJECT_DEPENDENCIES }}
 
+    # TODO: Uncomment when checking in polymorph_rust code
+    # - name: Regenerate Rust code using smithy-dafny
+    #   working-directory: ./${{ inputs.library }}
+    #   shell: bash
+    #   run: |
+    #     make polymorph_rust ${{ steps.dependencies.outputs.PROJECT_DEPENDENCIES }}
+
     - name: Check regenerated code against commited code
       # Composite action inputs seem to not actually support booleans properly for some reason
       if: inputs.diff-generated-code == 'true'

.github/workflows/dafny_interop_test_vector_net.yml

@@ -267,7 +267,6 @@ jobs:
         run: |
           git submodule update --init libraries
           git submodule update --init --recursive mpl
-          git submodule update --init smithy-dafny
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4

.github/workflows/daily_ci.yml

@@ -11,13 +11,13 @@ jobs:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/library_codegen.yml
     with:
-      dafny: '4.8.0'
+      dafny: '4.8.1'
   daily-ci-verification:
     # Don't run the cron builds on forks
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/library_dafny_verification.yml
     with:
-      dafny: '4.8.0'
+      dafny: '4.8.1'
   # daily-ci-java:
   #   if: github.event_name != 'schedule' || github.repository_owner == 'aws'
   #   uses: ./.github/workflows/library_java_tests.yml
@@ -27,10 +27,15 @@ jobs:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/library_net_tests.yml
     with:
-      dafny: '4.8.0'
+      dafny: '4.8.1'
+  daily-ci-rust:
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/library_rust_tests.yml
+    with:
+      dafny: '4.8.1'
 
   daily-ci-interop-tests:
     if: github.event_name != 'schedule' || github.repository_owner == 'aws'
     uses: ./.github/workflows/library_interop_tests.yml
     with:
-      dafny: '4.8.0'
+      dafny: '4.8.1'

.github/workflows/library_codegen.yml

@@ -38,7 +38,6 @@ jobs:
       # it to verify the Dafny code. Instead we manually pull the submodules we DO need.
       - run: git submodule update --init libraries
       - run: git submodule update --init --recursive mpl
-      - run: git submodule update --init --recursive smithy-dafny
 
       # Only used to format generated code
       # and to translate version strings such as "nightly-latest"

.github/workflows/library_dafny_verification.yml

@@ -19,7 +19,8 @@ jobs:
     strategy:
       matrix:
         library: [
-          AwsEncryptionSDK
+          AwsEncryptionSDK,
+          TestVectors
         ]
         os: [ macos-13 ]
     runs-on: ${{ matrix.os }}
@@ -36,7 +37,6 @@ jobs:
         run: |
             git submodule update --init libraries
             git submodule update --init --recursive mpl
-            git submodule update --init smithy-dafny
 
       # dafny-reportgenerator requires next6
       # but only 7.0 is installed on macos-13-large

.github/workflows/library_interop_test_vectors.yml

@@ -0,0 +1,216 @@
+# This workflow performs interoperability tests across the supported runtimes of the ESDK Dafny
+name: Library Interoperability Dafny TestVectors
+
+on:
+  workflow_call:
+    inputs:
+      dafny:
+        description: "The Dafny version to use"
+        required: true
+        type: string
+      regenerate-code:
+        description: "Regenerate code using smithy-dafny"
+        required: false
+        default: false
+        type: boolean
+
+jobs:
+  generateEncryptVectors:
+    strategy:
+      matrix:
+        library: [TestVectors]
+        os: [
+            # https://taskei.amazon.dev/tasks/CrypTool-5283
+            # windows-latest,
+            ubuntu-latest,
+            macos-13,
+          ]
+        language: [java, net]
+        # https://taskei.amazon.dev/tasks/CrypTool-5284
+        dotnet-version: ["6.0.x"]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+        - name: Support longpaths on Git checkout
+          run: |
+            git config --global core.longpaths true
+
+        - uses: actions/checkout@v3
+        #  Not all submodules are needed.
+        # We manually pull the submodule we DO need.
+        - run: git submodule update --init libraries
+        - run: git submodule update --init --recursive mpl
+
+        # Set up runtimes
+        - name: Setup .NET Core SDK ${{ matrix.dotnet-version }}
+          if: matrix.language == 'net'
+          uses: actions/setup-dotnet@v3
+          with:
+            dotnet-version: ${{ matrix.dotnet-version }}
+
+        - name: Setup Java 17
+          if: matrix.language == 'java'
+          uses: actions/setup-java@v3
+          with:
+            distribution: "corretto"
+            java-version: 17
+
+        - name: Setup Dafny
+          uses: dafny-lang/[email protected]
+          with:
+            dafny-version: ${{ inputs.dafny }}
+
+        - name: Regenerate code using smithy-dafny if necessary
+          if: ${{ inputs.regenerate-code }}
+          uses: ./.github/actions/polymorph_codegen
+          with:
+            dafny: ${{ inputs.dafny }}
+            library: ${{ matrix.library }}
+            diff-generated-code: false
+
+        # Build implementation for each runtime
+        - name: Build ${{ matrix.library }} implementation in Java
+          if: matrix.language == 'java'
+          shell: bash
+          working-directory: ./${{ matrix.library }}
+          run: |
+            # This works because `node` is installed by default on GHA runners
+            CORES=$(node -e 'console.log(os.cpus().length)')
+            make build_java CORES=$CORES
+
+        - name: Build ${{ matrix.library }} implementation in .NET
+          if: matrix.language == 'net'
+          shell: bash
+          working-directory: ./${{ matrix.library }}
+          run: |
+            # This works because `node` is installed by default on GHA runners
+            CORES=$(node -e 'console.log(os.cpus().length)')
+            make transpile_net
+
+        - name: Setup gradle
+          if: matrix.language == 'java'
+          uses: gradle/gradle-build-action@v2
+          with:
+            gradle-version: 7.2
+
+        # TestVectors will call KMS
+        - name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v2
+          with:
+            aws-region: us-west-2
+            role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 
+            role-session-name: InterOpTests
+
+        - name: Create Manifests
+          working-directory: ./${{ matrix.library }}
+          run: make test_generate_vectors_${{ matrix.language }}
+
+        - name: Create Encrypt Manifests
+          working-directory: ./${{ matrix.library }}
+          run: make test_encrypt_vectors_${{ matrix.language }}
+
+        - name: Upload Encrypt Manifest and keys.json files
+          uses: actions/upload-artifact@v4
+          with:
+            name: ${{matrix.os}}_vector_artifact_${{matrix.language}}_${{github.sha}}
+            path: |
+              ./${{matrix.library}}/runtimes/${{matrix.language}}/*.json
+              ./${{matrix.library}}/runtimes/${{matrix.language}}/plaintexts
+              ./${{matrix.library}}/runtimes/${{matrix.language}}/ciphertexts
+
+  testInteroperablity:
+    needs: generateEncryptVectors
+    strategy:
+      matrix:
+        library: [TestVectors]
+        os: [
+            # https://taskei.amazon.dev/tasks/CrypTool-5283
+            # windows-latest,
+            ubuntu-latest,
+            macos-13,
+          ]
+        encrypting_language: [java, net]
+        decrypting_language: [java, net]
+        # https://taskei.amazon.dev/tasks/CrypTool-5284
+        dotnet-version: ["6.0.x"]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Support longpaths on Git checkout
+        run: |
+          git config --global core.longpaths true
+      # TestVectors will call KMS
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 
+          role-session-name: InterOpTests
+
+      - uses: actions/checkout@v3
+      #  Not all submodules are needed.
+      # We manually pull the submodule we DO need.
+      - run: git submodule update --init libraries
+      - run: git submodule update --init --recursive mpl
+
+      - name: Setup .NET Core SDK ${{ matrix.dotnet-version }}
+        if: matrix.decrypting_language == 'net'
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: ${{ matrix.dotnet-version }}
+
+      - name: Setup Java 17
+        if: matrix.decrypting_language == 'java'
+        uses: actions/setup-java@v3
+        with:
+          distribution: "corretto"
+          java-version: 17
+
+      - name: Setup Dafny
+        uses: dafny-lang/[email protected]
+        with:
+          dafny-version: ${{ inputs.dafny }}
+
+      - name: Regenerate code using smithy-dafny if necessary
+        if: ${{ inputs.regenerate-code }}
+        uses: ./.github/actions/polymorph_codegen
+        with:
+          dafny: ${{ inputs.dafny }}
+          library: ${{ matrix.library }}
+          diff-generated-code: false
+
+      # Build implementation for each runtime
+      - name: Build ${{ matrix.library }} implementation in Java
+        if: matrix.decrypting_language == 'java'
+        working-directory: ./${{ matrix.library }}
+        shell: bash
+        run: |
+          # This works because `node` is installed by default on GHA runners
+          CORES=$(node -e 'console.log(os.cpus().length)')
+          make build_java CORES=$CORES
+
+      - name: Build ${{ matrix.library }} implementation in .NET
+        if: matrix.decrypting_language == 'net'
+        working-directory: ./${{ matrix.library }}
+        shell: bash
+        run: |
+          # This works because `node` is installed by default on GHA runners
+          CORES=$(node -e 'console.log(os.cpus().length)')
+          make transpile_net
+
+      - name: Download Encrypt Manifest Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{matrix.os}}_vector_artifact_${{matrix.encrypting_language}}_${{github.sha}}
+          path: ./${{matrix.library}}/runtimes/${{matrix.decrypting_language}}
+
+      - name: Decrypt Encrypt Manifest
+        working-directory: ./${{ matrix.library }}
+        run: make test_decrypt_encrypt_vectors_${{matrix.decrypting_language}}
+

.github/workflows/library_interop_tests.yml

@@ -46,7 +46,6 @@ jobs:
         run: |
           git submodule update --init libraries
           git submodule update --init --recursive mpl
-          git submodule update --init smithy-dafny
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -144,7 +143,7 @@ jobs:
         run: |
           git submodule update --init libraries
           git submodule update --init --recursive mpl
-          git submodule update --init smithy-dafny
+
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -246,7 +245,7 @@ jobs:
         run: |
           git submodule update --init libraries
           git submodule update --init --recursive mpl
-          git submodule update --init smithy-dafny
+
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4

.github/workflows/library_java_tests.yml

@@ -41,7 +41,6 @@ jobs:
         run: |
             git submodule update --init libraries
             git submodule update --init --recursive mpl
-            git submodule update --init smithy-dafny
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2

.github/workflows/library_net_tests.yml

@@ -52,7 +52,6 @@ jobs:
         run: |
           git submodule update --init libraries
           git submodule update --init --recursive mpl
-          git submodule update --init smithy-dafny
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2