Skip to content

WasmThemis

WasmThemis #1381

Workflow file for this run

name: WasmThemis
on:
pull_request:
paths:
- '.github/workflows/test-wasm.yaml'
- 'docs/examples/wasm/**'
- 'src/soter/**'
- 'src/themis/**'
- 'src/wrappers/themis/wasm/**'
- 'tests/common/**'
- 'tests/soter/**'
- 'tests/themis/**'
- '!tests/themis/wrappers/android/**'
- 'third_party/boringssl/src/**'
- '**/*.mk'
- 'Makefile'
- '!**/README*'
push:
branches:
- master
- stable
- release/*
schedule:
- cron: '20 6 * * 1' # every Monday at 6:20 UTC
env:
WITH_FATAL_WARNINGS: yes
# RNG tests tend to fail in virtualized environment due to /dev/random
# not behaving properly. Disable them to avoid spurious failures.
NO_NIST_STS: 1
jobs:
build-wasmthemis:
name: Build WasmThemis
runs-on: ubuntu-20.04
steps:
- name: Install system dependencies
run: |
sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment'
sudo apt update
sudo apt install --yes gcc make libssl-dev ninja-build
- name: Check out code
uses: actions/checkout@v2
with:
submodules: true
- name: Install Emscripten
run: |
version=$(cat src/wrappers/themis/wasm/emscripten/VERSION)
# Install Emscripten toolchain as described in documentation:
# https://emscripten.org/docs/getting_started/downloads.html
cd $HOME
git clone https://github.com/emscripten-core/emsdk.git
cd $HOME/emsdk
./emsdk install "$version"
./emsdk activate "$version"
- name: Build WasmThemis
run: |
source "$HOME/emsdk/emsdk_env.sh"
emmake make wasmthemis
- name: Run test suite (Themis Core)
run: |
source "$HOME/emsdk/emsdk_env.sh"
emmake make test
- name: Pack build directory
run: tar cz build src/wrappers/themis/wasm > build.tgz
- name: Upload build directory
uses: actions/upload-artifact@v2
with:
name: build
path: build.tgz
retention-days: 1 # can be dropped after this build is complete
unit-tests:
name: Unit tests
runs-on: ubuntu-20.04
needs: build-wasmthemis
strategy:
matrix:
node-version:
- 12.x # legacy
- 14.x # legacy
- 16.x # legacy
- 18.x # current LTS
- 20.x # current active
fail-fast: false
steps:
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Check out code
uses: actions/checkout@v2
- name: Download build directory
uses: actions/download-artifact@v2
with:
name: build
- name: Unpack build directory
run: |
tar xf build.tgz
# Remove configuration of "build-wasmthemis" job.
# We have a different Node.js here and we're not in Emscripten env.
rm build/configure.mk
- name: Run test suite (WasmThemis)
run: make test_wasm
examples:
name: Code examples
runs-on: ubuntu-20.04
needs: build-wasmthemis
strategy:
matrix:
node-version:
- 12.x # legacy
- 14.x # legacy
- 16.x # legacy
- 18.x # current LTS
- 20.x # current active
fail-fast: false
env:
# WasmThemis uses promises to handle asynchronous WebAssmebly compilation.
# Node.js by default prints a warning if the top-level promise is rejected.
# Make it rethrow the exception failing the tests in this case.
# "--unhandled-rejections" is supported since Node.js v12.0.0, v10.17.0
NODE_OPTIONS: --unhandled-rejections=strict
steps:
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Check out code
uses: actions/checkout@v2
- name: Download build directory
uses: actions/download-artifact@v2
with:
name: build
- name: Unpack build directory
run: tar xf build.tgz
- name: Install WasmThemis
run: |
npm install ./build/wasm-themis.tgz
- name: Test examples (keygen, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test keygen..."
node secure_keygen.js
echo "ok"
- name: Test examples (keygen, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test keygen..."
node secure_keygen.mjs
echo "ok"
- name: Test examples (Secure Cell, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Cell..."
node secure_cell.js
echo "ok"
- name: Test examples (Secure Cell, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Cell..."
node secure_cell.mjs
echo "ok"
- name: Test examples (Secure Message, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Message..."
alice=($(node secure_keygen.js | cut -c 14-))
bob=($(node secure_keygen.js | cut -c 14-))
enc=$(node secure_message.js enc "${alice[0]}" "${bob[1]}" message)
dec=$(node secure_message.js dec "${bob[0]}" "${alice[1]}" "$enc")
test "$dec" = "message"
echo "ok"
- name: Test examples (Secure Message, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Message..."
alice=($(node secure_keygen.mjs | cut -c 14-))
bob=($(node secure_keygen.mjs | cut -c 14-))
enc=$(node secure_message.mjs enc "${alice[0]}" "${bob[1]}" message)
dec=$(node secure_message.mjs dec "${bob[0]}" "${alice[1]}" "$enc")
test "$dec" = "message"
echo "ok"
- name: Test examples (Secure Session, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Session..."
node secure_session_server.js | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_session_client.js | tee client-output.txt
killall node
grep -q 'Hello' server-output.txt
grep -q 'Hello' client-output.txt
echo "ok"
- name: Test examples (Secure Session, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Session..."
node secure_session_server.mjs | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_session_client.mjs | tee client-output.txt
killall node
grep -q 'Hello' server-output.txt
grep -q 'Hello' client-output.txt
echo "ok"
- name: Test examples (Secure Comparator, ES5)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es5
echo "Test Secure Comparator..."
node secure_comparator_server.js | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_comparator_client.js | tee client-output.txt
killall node
grep -q 'compare equal: true' server-output.txt
grep -q 'compare equal: true' client-output.txt
echo "ok"
- name: Test examples (Secure Comparator, ES6)
if: always()
run: |
cd $GITHUB_WORKSPACE/docs/examples/wasm/node.js-es6
echo "Test Secure Comparator..."
node secure_comparator_server.mjs | tee server-output.txt &
sleep 1 # give the server time to launch
node secure_comparator_client.mjs | tee client-output.txt
killall node
grep -q 'compare equal: true' server-output.txt
grep -q 'compare equal: true' client-output.txt
echo "ok"
- name: Test tools (keygen, ES5)
if: always()
run: |
echo "Test keygen..."
node ./tools/js/wasm-themis/keygen.js
test -e key
test -e key.pub
rm key key.pub
echo "ok"
- name: Test tools (keygen, ES6)
if: always()
run: |
echo "Test keygen..."
node ./tools/js/wasm-themis/keygen.mjs
test -e key
test -e key.pub
rm key key.pub
echo "ok"
- name: Test tools (Secure Cell, ES5)
if: always()
run: |
echo "Test Secure Cell (Seal)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo.js \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo.js \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Seal + passphrase)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.js \
enc "passphrase" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.js \
dec "passphrase" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Token Protect)..."
enc=$(node ./tools/js/wasm-themis/scell_token_string_echo.js \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_token_string_echo.js \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Context Imprint)..."
enc=$(node ./tools/js/wasm-themis/scell_context_string_echo.js \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_context_string_echo.js \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
- name: Test tools (Secure Cell, ES6)
if: always()
run: |
echo "Test Secure Cell (Seal)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo.mjs \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo.mjs \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Seal + passphrase)..."
enc=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.mjs \
enc "passphrase" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_seal_string_echo_pw.mjs \
dec "passphrase" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Token Protect)..."
enc=$(node ./tools/js/wasm-themis/scell_token_string_echo.mjs \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_token_string_echo.mjs \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
echo "Test Secure Cell (Context Imprint)..."
enc=$(node ./tools/js/wasm-themis/scell_context_string_echo.mjs \
enc "master-key" "message" "associated context")
dec=$(node ./tools/js/wasm-themis/scell_context_string_echo.mjs \
dec "master-key" "$enc" "associated context")
test "$dec" = "message"
echo "ok"
- name: Test tools (Secure Message, ES5)
if: always()
run: |
echo "Test Secure Message (encryption)..."
enc=$(node ./tools/js/wasm-themis/smessage_encryption.js \
enc ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"your secure message")
dec=$(node ./tools/js/wasm-themis/smessage_encryption.js \
dec ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"$enc")
test "$dec" = "your secure message"
echo "ok"
- name: Test tools (Secure Message, ES6)
if: always()
run: |
echo "Test Secure Message (encryption)..."
enc=$(node ./tools/js/wasm-themis/smessage_encryption.mjs \
enc ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"your secure message")
dec=$(node ./tools/js/wasm-themis/smessage_encryption.mjs \
dec ./tests/_integration/keys/client.priv \
./tests/_integration/keys/server.pub \
"$enc")
test "$dec" = "your secure message"
echo "ok"