Merge pull request #21 from crocs-muni/feat/codecov

Add code coverage measurement.
crocs-muni · Mar 27, 2024 · 14bb8dc · 14bb8dc
2 parents 96f21cc + 88e4809
commit 14bb8dc
Show file tree

Hide file tree

Showing 18 changed files with 515 additions and 83 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,18 +7,92 @@ on:
     branches: [ "master" ]
 
 jobs:
-  build:
-
+  applet:
     runs-on: ubuntu-latest
     permissions:
       contents: read
 
     strategy:
       matrix:
-        java: [ "8", "11", "17", "21" ]
+        java: [ "8", "11", "17"]
     env:
       JAVA_VERSION: ${{ matrix.java }}
-    name: Build Java ${{ matrix.java }}
+    name: Build applet with Java ${{ matrix.java }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: "temurin"
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Build applets
+        run: ./gradlew applet:buildJavaCard
+
+      - name: Test
+        run: ./gradlew applet:test
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: built-applet-${{ matrix.java }}
+          path: |
+            applet/build/javacard/*.cap
+
+  reader:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    strategy:
+      matrix:
+        java: [ "11", "17", "21" ]
+    name: Build reader on Java ${{ matrix.java }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: "temurin"
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Build reader
+        run: ./gradlew reader:uberJar
+
+      - name: Test
+        run: ./gradlew reader:test
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: built-reader-${{ matrix.java }}
+          path: |
+            reader/build/libs/ECTesterReader.jar
+
+  standalone:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    strategy:
+      matrix:
+        java: [ "11", "17", "21" ]
+    env:
+      # ffs: https://github.com/adoptium/adoptium-support/issues/485 !!!
+      LD_LIBRARY_PATH: "/usr/lib/x86_64-linux-gnu/"
+    name: Build standalone on Java ${{ matrix.java }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -40,60 +114,72 @@ jobs:
           echo "BORINGSSL_VERSION=$(git submodule status ext/boringssl | cut -f2 -d' ')" >> $GITHUB_ENV
           echo "LIBRESSL_VERSION=$(git submodule status ext/libressl | cut -f2 -d' ')" >> $GITHUB_ENV
           echo "IPPCP_VERSION=$(git submodule status ext/ipp-crypto | cut -f2 -d' ')" >> $GITHUB_ENV
-
-      - name: Build applets
-        run: if [ $JAVA_VERSION != 21 ]; then ./gradlew applet:buildJavaCard; fi
-
-      - name: Build reader
-        run: ./gradlew reader:uberJar
+          echo "WOLFCRYPT_VERSION=$(git submodule status ext/wolfcrypt-jni | cut -f2 -d' ')" >> $GITHUB_ENV
+          echo "WOLFSSL_VERSION=$(dpkg -s libwolfssl-dev | grep 'Version' | cut -f2 -d' ')" >> $GITHUB_ENV
 
       - name: Cache libs
         uses: actions/cache@v4
         id: cache-libs
         with:
-          key: libs-${{ env.BORINGSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.IPPCP_VERSION }}
+          key: libs-${{ env.BORINGSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.IPPCP_VERSION }}-${{ env.WOLFCRYPT_VERSION }}-${{ env.WOLFSSL_VERSION }}
           path: |
             ext/boringssl/build/crypto/libcrypto.so
             ext/libressl/build/crypto/libcrypto.so
             ext/ipp-crypto/build/.build/RELEASE/lib/libippcp.so
+            ext/wolfcrypt-jni/lib/wolfcrypt-jni.jar
+            ext/wolfcrypt-jni/lib/libwolfcryptjni.so
 
       - name: Build libs
         if: steps.cache-libs.outputs.cache-hit != 'true'
         run: |
+          # ------------ Build BoringSSL ------------
           cd ext/boringssl
           cmake -DBUILD_SHARED_LIBS=1 -Bbuild
           cd build
           make -j4 crypto
           cd ../../..
+          # ------------ Build LibreSSL ------------
           cd ext/libressl
           ./autogen.sh
           cmake -DBUILD_SHARED_LIBS=ON -Bbuild
           cd build
           make -j4 crypto
           cd ../../..
+          # ------------ Build IPP-crypto ------------
           cd ext/ipp-crypto
           CC=clang CXX=clang++ cmake CMakeLists.txt -Bbuild -DARCH=intel64
           cd build
           make -j4
           cd ../../..
+          # ------------ Build wolfcrypt-jni ------------
+          cd ext/wolfcrypt-jni
+          mkdir junit
+          wget -P junit/ https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar 
+          wget -P junit/ https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
+          make -j4 -f makefile.linux
+          env JUNIT_HOME=junit/ ant build-jce-release
+          cd ../../..
 
       - name: Build standalone
         run: |
           ./gradlew standalone:libs || true
           ./gradlew standalone:uberJar
 
-      # ffs: https://github.com/adoptium/adoptium-support/issues/485 !!!
       - name: List libraries
-        run: env LD_LIBRARY_PATH="/usr/lib/x86_64-linux-gnu/" ./gradlew standalone:run --args="list-libs"
+        run: ./gradlew standalone:run --args="list-libs"
 
       - name: Test
-        run: ./gradlew test
+        run: ./gradlew standalone:test
 
       - name: Upload build artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: built-${{ matrix.java }}
+          name: built-standalone-${{ matrix.java }}
           path: |
-            applet/build/javacard/*.cap
-            reader/build/libs/ECTesterReader.jar
-            standalone/build/libs/ECTesterStandalone.jar
+            standalone/build/libs/ECTesterStandalone.jar
+
+      - name: Upload code coverage
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          slug: crocs-muni/ECTester
diff --git a/.gitmodules b/.gitmodules
@@ -16,3 +16,6 @@
 [submodule "ext/ipp-crypto"]
 	path = ext/ipp-crypto
 	url = https://github.com/intel/ipp-crypto
+[submodule "ext/wolfcrypt-jni"]
+	path = ext/wolfcrypt-jni
+	url = https://github.com/wolfSSL/wolfcrypt-jni
diff --git a/README.md b/README.md
@@ -308,7 +308,7 @@ For more information on ECC libraries see [LIBS](docs/LIBS.md).
 ### Setup
 
 ```shell
-./gradlew :standalone:libs                    # To build the native library shims. (Necessary
+./gradlew :standalone:libs                    # To build the native library shims.
 ./gradlew :standalone:uberJar                 # To build the standalone tool (jar) -> "standalone/build/libs/ECTesterStandalone.jar"
 ```
 Simply doing the above should build everything necessary to test libraries via the standalone app,
@@ -356,17 +356,17 @@ g++ -fPIC -shared -O2 -o botan_provider.so -Wl,-rpath,'$ORIGIN/lib' botan.o cpp_
 g++ -fPIC -shared -O2 -o cryptopp_provider.so -Wl,-rpath,'$ORIGIN/lib' cryptopp.o cpp_utils.o -L. -L/usr/local/lib -lcryptopp  -l:lib_timing.so
 ```
 
-BoringSSL, LibreSSL and ipp-crypto are included as git submodules. Make sure you run: `git submodule update --init --recursive` 
+BoringSSL, LibreSSL, ipp-crypto and partially wolfCrypt are included as git submodules. Make sure you run: `git submodule update --init --recursive` 
 after checking out the ECTester repository to initialize them. To build BoringSSL do:
-```
+```shell
 cd ext/boringssl
 cmake -GNinja -Bbuild -DBUILD_SHARED_LIBS=1
 cd build
 ninja
 ```
 
 To build LibreSSL do:
-```
+```shell
 cd ext/libressl
 ./autogen.sh
 cmake -GNinja -Bbuild -DBUILD_SHARED_LIBS=1
@@ -376,13 +376,27 @@ ninja
 
 To build ipp-crypto do:
 (Make sure you have the necessary [build requirements](https://github.com/intel/ipp-crypto/blob/develop/BUILD.md))
-```
+```shell
 cd ext/ipp-crypto
 CC=clang CXX=clang++ cmake CMakeLists.txt -GNinja -Bbuild -DARCH=intel64  # Does not work with GCC 12+
 cd build
 ninja
 ```
 
+To build wolfCrypt-JNI do:
+(You need to have wolfSSL installed and ready for development)
+```shell
+cd ext/wolfcrypt-jni
+mkdir junit
+wget -P junit/ https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar 
+wget -P junit/ https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
+make -f makefile.linux
+env JUNIT_HOME=junit/ ant build-jce-release
+```
+The produced `lib/wolfcrypt-jni.jar` will be automatically included into the standalone JAR when building `standalone:uberJar`.
+However, the produced `lib/libwolfcryptjni.so` native library will not be automatically loaded. You thus need to include it
+on `LD_LIBRARY_PATH`.
+
 
 #### Java
 

diff --git a/applet/build.gradle.kts b/applet/build.gradle.kts
@@ -51,6 +51,10 @@ dependencies {
     runtimeOnly("com.klinec:gradle-javacard:1.8.0")
 }
 
+java {
+    sourceCompatibility = if (JavaVersion.current() == JavaVersion.VERSION_1_8) JavaVersion.VERSION_1_8 else JavaVersion.VERSION_11
+}
+
 tasks.named<Test>("test") {
     useJUnitPlatform()
 }

diff --git a/common/build.gradle.kts b/common/build.gradle.kts
@@ -20,4 +20,8 @@ dependencies {
     api("org.yaml:snakeyaml:2.2")
     // https://mvnrepository.com/artifact/com.klinec/jcardsim
     api("com.klinec:jcardsim:3.0.5.11")
+}
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_11
 }
diff --git a/ext/wolfcrypt-jni b/ext/wolfcrypt-jni
diff --git a/ext/wolfcrypt-jni.jar b/ext/wolfcrypt-jni.jar
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

diff --git a/reader/build.gradle.kts b/reader/build.gradle.kts
@@ -1,5 +1,7 @@
 plugins {
     application
+    jacoco
+    id("com.adarshr.test-logger") version "4.0.0"
 }
 
 repositories {
@@ -13,6 +15,15 @@ repositories {
 dependencies {
     implementation(project(":common"))
     implementation(project(":applet"))
+
+    testImplementation(platform("org.junit:junit-bom:5.10.2"))
+    testImplementation("org.junit.jupiter:junit-jupiter")
+    testImplementation("org.junit-pioneer:junit-pioneer:2.2.0")
+    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+}
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_11
 }
 
 application {
@@ -21,6 +32,23 @@ application {
     version = "0.3.3"
 }
 
+tasks.named<Test>("test") {
+    useJUnitPlatform()
+    // Report is always generated after tests run
+    finalizedBy(tasks.jacocoTestReport)
+}
+
+tasks.jacocoTestReport {
+    reports {
+        xml.required = true
+    }
+}
+
+testlogger {
+    theme = com.adarshr.gradle.testlogger.theme.ThemeType.MOCHA
+    showStandardStreams = true
+}
+
 tasks.register<Jar>("uberJar") {
     archiveFileName = "ECTesterReader.jar"
     duplicatesStrategy = DuplicatesStrategy.WARN

diff --git a/standalone/build.gradle.kts b/standalone/build.gradle.kts
@@ -1,22 +1,33 @@
-
 plugins {
     application
+    jacoco
     id("com.google.osdetector") version "1.7.3"
+    id("com.adarshr.test-logger") version "4.0.0"
 }
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
-    implementation(files("$rootDir/ext/wolfcrypt-jni.jar"))
+    // Fallback to bundled wolfcrypt-jni if the submodule one is not built.
+    if (file("$rootDir/ext/wolfcrypt-jni/lib/wolfcrypt-jni.jar").exists()) {
+        implementation(files("$rootDir/ext/wolfcrypt-jni/lib/wolfcrypt-jni.jar"))
+    } else {
+        implementation(files("$rootDir/ext/wolfcrypt-jni.jar"))
+    }
     implementation(project(":common"))
 
     testImplementation(platform("org.junit:junit-bom:5.10.2"))
     testImplementation("org.junit.jupiter:junit-jupiter")
+    testImplementation("org.junit-pioneer:junit-pioneer:2.2.0")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
 }
 
+java {
+    sourceCompatibility = JavaVersion.VERSION_11
+}
+
 application {
     applicationName = "ECTesterStandalone"
     mainClass = "cz.crcs.ectester.standalone.ECTesterStandalone"
@@ -25,6 +36,23 @@ application {
 
 tasks.named<Test>("test") {
     useJUnitPlatform()
+    // Report is always generated after tests run
+    finalizedBy(tasks.jacocoTestReport)
+    // Add wolfcrypt JNI lib path to LD_LIBRARY_PATH (as our native library loading does not handle it)
+    environment(
+            "LD_LIBRARY_PATH", "$rootDir/ext/wolfcrypt-jni/lib/:" + System.getenv("LD_LIBRARY_PATH")
+    )
+}
+
+tasks.jacocoTestReport {
+    reports {
+        xml.required = true
+    }
+}
+
+testlogger {
+    theme = com.adarshr.gradle.testlogger.theme.ThemeType.MOCHA
+    showStandardStreams = true
 }
 
 tasks.withType<JavaCompile> {
@@ -48,6 +76,7 @@ tasks.register<Exec>("libs") {
 
 tasks.register<Jar>("uberJar") {
     archiveFileName = "ECTesterStandalone.jar"
+    duplicatesStrategy = DuplicatesStrategy.WARN
 
     from(sourceSets.main.get().output)