chore: add support for new style Dafny test vectors (#817)

* chore: add support for new style Dafny test vectors

Author: ajewellamz

.github/workflows/clang-format.yml

@@ -13,4 +13,4 @@ jobs:
         source: '.'
         exclude: 'docker-images,doxygen,examples,testing-resources'
         extensions: 'h,c,cpp'
-        clangFormatVersion: 9
+        clangFormatVersion: 9

.github/workflows/osx.yml

@@ -15,6 +15,10 @@ jobs:
         os: [macos-13, macos-latest-large]
         openssl_version: [[email protected]]
 
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
       - run: brew install ${{ matrix.openssl_version }}
 
@@ -53,6 +57,13 @@ jobs:
           xcodebuild -target ALL_BUILD
           xcodebuild -target install
 
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2
+          role-session-name: CESDKTests
+
       - name: Build C-ESDK
         env:
           OPENSSL_VERSION: ${{ matrix.openssl_version }}
@@ -63,3 +74,10 @@ jobs:
           cmake -G Xcode -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
           xcodebuild -target ALL_BUILD
           xcodebuild -scheme RUN_TESTS
+
+      - name: Run Interop Test Vectors
+        run: |
+          cd tests/TestVectors/
+          make decrypt_dafny
+          make encrypt
+          make decrypt

CMakeLists.txt

@@ -12,7 +12,7 @@
 # limitations under the License.
 #
 
-cmake_minimum_required (VERSION 3.9)
+cmake_minimum_required (VERSION 3.10)
 project (aws-encryption-sdk LANGUAGES C)
 
 include(GNUInstallDirs)

tests/TestVectors/.clang-format-ignore

@@ -0,0 +1 @@
+json.h

tests/TestVectors/.gitignore

@@ -0,0 +1,2 @@
+local
+test_vectors*

tests/TestVectors/Makefile

@@ -0,0 +1,25 @@
+test_vectors: *.cpp *.h
+	g++ -g -ggdb --std=c++14 -o test_vectors -I../../include/ \
+	base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
+	-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
+	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
+	../../build-aws-encryption-sdk-c/Debug/libaws-encryption-sdk.dylib \
+	../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/libaws-encryption-sdk-cpp.dylib \
+	-laws-cpp-sdk-core -laws-cpp-sdk-kms -laws-c-common -lcrypto
+	install_name_tool -add_rpath ../../build-aws-encryption-sdk-c/Debug/ test_vectors
+	install_name_tool -add_rpath ../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/ test_vectors
+	install_name_tool -add_rpath ../../install/lib/ test_vectors
+
+decrypt_dafny: test_vectors
+	./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1
+
+encrypt: test_vectors
+	rm -rf local
+	mkdir -p local
+	./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local || exit 1
+
+decrypt: test_vectors
+	./test_vectors decrypt --manifest-path ./local --manifest-name decrypt-manifest.json || exit 1
+
+clean:
+	rm -f test_vectors

tests/TestVectors/base64.cpp

@@ -0,0 +1,284 @@
+/*
+   base64.cpp and base64.h
+
+   base64 encoding and decoding with C++.
+   More information at
+     https://renenyffenegger.ch/notes/development/Base64/Encoding-and-decoding-base-64-with-cpp
+
+   Version: 2.rc.09 (release candidate)
+
+   Copyright (C) 2004-2017, 2020-2022 René Nyffenegger
+
+   This source code is provided 'as-is', without any express or implied
+   warranty. In no event will the author be held liable for any damages
+   arising from the use of this software.
+
+   Permission is granted to anyone to use this software for any purpose,
+   including commercial applications, and to alter it and redistribute it
+   freely, subject to the following restrictions:
+
+   1. The origin of this source code must not be misrepresented; you must not
+      claim that you wrote the original source code. If you use this source code
+      in a product, an acknowledgment in the product documentation would be
+      appreciated but is not required.
+
+   2. Altered source versions must be plainly marked as such, and must not be
+      misrepresented as being the original source code.
+
+   3. This notice may not be removed or altered from any source distribution.
+
+   René Nyffenegger [email protected]
+
+*/
+
+#include "base64.h"
+
+#include <algorithm>
+#include <stdexcept>
+
+//
+// Depending on the url parameter in base64_chars, one of
+// two sets of base64 characters needs to be chosen.
+// They differ in their last two characters.
+//
+static const char *base64_chars[2] = {
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "abcdefghijklmnopqrstuvwxyz"
+    "0123456789"
+    "+/",
+
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "abcdefghijklmnopqrstuvwxyz"
+    "0123456789"
+    "-_"
+};
+
+static unsigned int pos_of_char(const unsigned char chr) {
+    //
+    // Return the position of chr within base64_encode()
+    //
+
+    if (chr >= 'A' && chr <= 'Z')
+        return chr - 'A';
+    else if (chr >= 'a' && chr <= 'z')
+        return chr - 'a' + ('Z' - 'A') + 1;
+    else if (chr >= '0' && chr <= '9')
+        return chr - '0' + ('Z' - 'A') + ('z' - 'a') + 2;
+    else if (chr == '+' || chr == '-')
+        return 62;  // Be liberal with input and accept both url ('-') and non-url ('+') base 64 characters (
+    else if (chr == '/' || chr == '_')
+        return 63;  // Ditto for '/' and '_'
+    else
+        //
+        // 2020-10-23: Throw std::exception rather than const char*
+        //(Pablo Martin-Gomez, https://github.com/Bouska)
+        //
+        throw std::runtime_error("Input is not valid base64-encoded data.");
+}
+
+static std::string insert_linebreaks(std::string str, size_t distance) {
+    //
+    // Provided by https://github.com/JomaCorpFX, adapted by me.
+    //
+    if (!str.length()) {
+        return "";
+    }
+
+    size_t pos = distance;
+
+    while (pos < str.size()) {
+        str.insert(pos, "\n");
+        pos += distance + 1;
+    }
+
+    return str;
+}
+
+template <typename String, unsigned int line_length>
+static std::string encode_with_line_breaks(String s) {
+    return insert_linebreaks(base64_encode(s, false), line_length);
+}
+
+template <typename String>
+static std::string encode_pem(String s) {
+    return encode_with_line_breaks<String, 64>(s);
+}
+
+template <typename String>
+static std::string encode_mime(String s) {
+    return encode_with_line_breaks<String, 76>(s);
+}
+
+template <typename String>
+static std::string encode(String s, bool url) {
+    return base64_encode(reinterpret_cast<const unsigned char *>(s.data()), s.length(), url);
+}
+
+std::string base64_encode(unsigned char const *bytes_to_encode, size_t in_len, bool url) {
+    size_t len_encoded = (in_len + 2) / 3 * 4;
+
+    unsigned char trailing_char = url ? '.' : '=';
+
+    //
+    // Choose set of base64 characters. They differ
+    // for the last two positions, depending on the url
+    // parameter.
+    // A bool (as is the parameter url) is guaranteed
+    // to evaluate to either 0 or 1 in C++ therefore,
+    // the correct character set is chosen by subscripting
+    // base64_chars with url.
+    //
+    const char *base64_chars_ = base64_chars[url];
+
+    std::string ret;
+    ret.reserve(len_encoded);
+
+    unsigned int pos = 0;
+
+    while (pos < in_len) {
+        ret.push_back(base64_chars_[(bytes_to_encode[pos + 0] & 0xfc) >> 2]);
+
+        if (pos + 1 < in_len) {
+            ret.push_back(
+                base64_chars_[((bytes_to_encode[pos + 0] & 0x03) << 4) + ((bytes_to_encode[pos + 1] & 0xf0) >> 4)]);
+
+            if (pos + 2 < in_len) {
+                ret.push_back(
+                    base64_chars_[((bytes_to_encode[pos + 1] & 0x0f) << 2) + ((bytes_to_encode[pos + 2] & 0xc0) >> 6)]);
+                ret.push_back(base64_chars_[bytes_to_encode[pos + 2] & 0x3f]);
+            } else {
+                ret.push_back(base64_chars_[(bytes_to_encode[pos + 1] & 0x0f) << 2]);
+                ret.push_back(trailing_char);
+            }
+        } else {
+            ret.push_back(base64_chars_[(bytes_to_encode[pos + 0] & 0x03) << 4]);
+            ret.push_back(trailing_char);
+            ret.push_back(trailing_char);
+        }
+
+        pos += 3;
+    }
+
+    return ret;
+}
+
+template <typename String>
+static std::string decode(String const &encoded_string, bool remove_linebreaks) {
+    //
+    // decode(…) is templated so that it can be used with String = const std::string&
+    // or std::string_view (requires at least C++17)
+    //
+
+    if (encoded_string.empty()) return std::string();
+
+    if (remove_linebreaks) {
+        std::string copy(encoded_string);
+
+        copy.erase(std::remove(copy.begin(), copy.end(), '\n'), copy.end());
+
+        return base64_decode(copy, false);
+    }
+
+    size_t length_of_string = encoded_string.length();
+    size_t pos              = 0;
+
+    //
+    // The approximate length (bytes) of the decoded string might be one or
+    // two bytes smaller, depending on the amount of trailing equal signs
+    // in the encoded string. This approximation is needed to reserve
+    // enough space in the string to be returned.
+    //
+    size_t approx_length_of_decoded_string = length_of_string / 4 * 3;
+    std::string ret;
+    ret.reserve(approx_length_of_decoded_string);
+
+    while (pos < length_of_string) {
+        //
+        // Iterate over encoded input string in chunks. The size of all
+        // chunks except the last one is 4 bytes.
+        //
+        // The last chunk might be padded with equal signs or dots
+        // in order to make it 4 bytes in size as well, but this
+        // is not required as per RFC 2045.
+        //
+        // All chunks except the last one produce three output bytes.
+        //
+        // The last chunk produces at least one and up to three bytes.
+        //
+
+        size_t pos_of_char_1 = pos_of_char(encoded_string.at(pos + 1));
+
+        //
+        // Emit the first output byte that is produced in each chunk:
+        //
+        ret.push_back(static_cast<std::string::value_type>(
+            ((pos_of_char(encoded_string.at(pos + 0))) << 2) + ((pos_of_char_1 & 0x30) >> 4)));
+
+        if ((pos + 2 <
+             length_of_string) &&  // Check for data that is not padded with equal signs (which is allowed by RFC 2045)
+            encoded_string.at(pos + 2) != '=' &&
+            encoded_string.at(pos + 2) != '.'  // accept URL-safe base 64 strings, too, so check for '.' also.
+        ) {
+            //
+            // Emit a chunk's second byte (which might not be produced in the last chunk).
+            //
+            unsigned int pos_of_char_2 = pos_of_char(encoded_string.at(pos + 2));
+            ret.push_back(
+                static_cast<std::string::value_type>(((pos_of_char_1 & 0x0f) << 4) + ((pos_of_char_2 & 0x3c) >> 2)));
+
+            if ((pos + 3 < length_of_string) && encoded_string.at(pos + 3) != '=' &&
+                encoded_string.at(pos + 3) != '.') {
+                //
+                // Emit a chunk's third byte (which might not be produced in the last chunk).
+                //
+                ret.push_back(static_cast<std::string::value_type>(
+                    ((pos_of_char_2 & 0x03) << 6) + pos_of_char(encoded_string.at(pos + 3))));
+            }
+        }
+
+        pos += 4;
+    }
+
+    return ret;
+}
+
+std::string base64_decode(std::string const &s, bool remove_linebreaks) {
+    return decode(s, remove_linebreaks);
+}
+
+std::string base64_encode(std::string const &s, bool url) {
+    return encode(s, url);
+}
+
+std::string base64_encode_pem(std::string const &s) {
+    return encode_pem(s);
+}
+
+std::string base64_encode_mime(std::string const &s) {
+    return encode_mime(s);
+}
+
+#if __cplusplus >= 201703L
+//
+// Interface with std::string_view rather than const std::string&
+// Requires C++17
+// Provided by Yannic Bonenberger (https://github.com/Yannic)
+//
+
+std::string base64_encode(std::string_view s, bool url) {
+    return encode(s, url);
+}
+
+std::string base64_encode_pem(std::string_view s) {
+    return encode_pem(s);
+}
+
+std::string base64_encode_mime(std::string_view s) {
+    return encode_mime(s);
+}
+
+std::string base64_decode(std::string_view s, bool remove_linebreaks) {
+    return decode(s, remove_linebreaks);
+}
+
+#endif  // __cplusplus >= 201703L