diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb335ed06..0bd18001d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,8 +15,36 @@ on: - cron: "0 18 * * 1,4,6" # 1800 UTC every Monday, Thursday, Saturday jobs: + get-features: + name: Get features + runs-on: ubuntu-latest + outputs: + rust-native-features: ${{ steps.get-features.outputs.rust-native-features }} + openssl-features: ${{ steps.get-features.outputs.openssl-features }} + wasi-features: ${{ steps.get-features.outputs.wasi-features }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@master + with: + toolchain: stable + + - name: Get all features + id: get-features + run: | + FEATURES=$(cargo metadata --format-version=1 | jq -r '[.packages[] | select(.name=="c2pa" or .name=="c2pa-c") | .features | keys | map(select(. != "default")) | .[]] | unique | join(" ")') + RUST_NATIVE_FEATURES=$(echo $FEATURES | sed 's/openssl//g') + OPENSSL_FEATURES=$(echo $FEATURES | sed 's/rust_native_crypto//g') + WASI_FEATURES=$(echo $RUST_NATIVE_FEATURES | sed 's/json_api//g') + echo "rust-native-features=$RUST_NATIVE_FEATURES" >> "$GITHUB_OUTPUT" + echo "openssl-features=$OPENSSL_FEATURES" >> "$GITHUB_OUTPUT" + echo "wasi-features=$WASI_FEATURES" >> "$GITHUB_OUTPUT" + tests: name: Unit tests + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -48,10 +76,19 @@ jobs: - name: Install cargo-llvm-cov uses: taiki-e/install-action@cargo-llvm-cov - - name: Generate code coverage + - name: Generate code coverage for rust_native_crypto + env: + RUST_BACKTRACE: "1" + FEATURES: ${{needs.get-features.outputs.rust_native_crypto-features}} + run: | + cargo llvm-cov --lib --features "$FEATURES" --lcov --output-path lcov-rust_native_crypto.info + + - name: Generate code coverage for openssl env: RUST_BACKTRACE: "1" - run: cargo llvm-cov --lib --all-features --lcov --output-path lcov.info + FEATURES: ${{needs.get-features.outputs.openssl-features}} + run: | + cargo llvm-cov --lib --features "$FEATURES" --lcov --output-path lcov-openssl.info # Tokens aren't available for PRs originating from forks, # so we don't attempt to upload code coverage in that case. @@ -66,9 +103,11 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true verbose: true + files: ./lcov-openssl.info,./lcov-rust_native_crypto.info tests-cli: name: Unit tests (c2patool) + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -103,7 +142,9 @@ jobs: - name: Generate code coverage env: RUST_BACKTRACE: "1" - run: cargo llvm-cov --bins --all-features --lcov --output-path lcov.info + FEATURES: ${{needs.get-features.outputs.openssl-features}} + run: | + cargo llvm-cov --bins --features "$FEATURES" --lcov --output-path lcov.info # Tokens aren't available for PRs originating from forks, # so we don't attempt to upload code coverage in that case. @@ -118,9 +159,11 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true verbose: true + files: lcov-*.info doc-tests: name: Doc tests (requires nightly Rust) + needs: get-features # TODO: Remove this once cargo-llvm-cov can run doc tests and generate # coverage. (This requires a bug fix that is only available in nightly Rust.) # Watch https://github.com/taiki-e/cargo-llvm-cov/issues/2 @@ -163,13 +206,17 @@ jobs: # doc tests. - name: Run doc tests (COVERAGE DISABLED) - run: - cargo test --workspace --all-features --doc - + env: + FEATURES: ${{needs.get-features.outputs.openssl-features}} + run: | + cargo test --workspace --features "$FEATURES" --doc + # - name: Generate code coverage # env: # RUST_BACKTRACE: "1" - # run: cargo llvm-cov --workspace --all-features --lcov --doctests --output-path lcov.info + # FEATURES: ${{needs.get-features.outputs.openssl-features}} + # run: | + # cargo llvm-cov --workspace --features "$FEATURES" --lcov --doctests --output-path lcov.info # Tokens aren't available for PRs originating from forks, # so we don't attempt to upload code coverage in that case. @@ -208,9 +255,10 @@ jobs: - name: "`cargo check` with default features" run: cargo check - + tests-cross: name: Unit tests + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -247,10 +295,14 @@ jobs: # environment. (A PR to fix this would be welcomed!) - name: Run unit tests (cross build) - run: cross test --all-targets --all-features --target ${{ matrix.target }} + env: + FEATURES: ${{needs.get-features.outputs.openssl-features}} + run: | + cross test --all-targets --features "$FEATURES" --target ${{ matrix.target }} tests-wasm: name: Unit tests (Wasm) + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -271,11 +323,12 @@ jobs: run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh - name: Run Wasm tests - run: wasm-pack test --chrome --headless + run: wasm-pack test --chrome --headless --no-default-features --features rust_native_crypto working-directory: ./sdk tests-wasi: name: Unit tests (WASI) + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -311,7 +364,7 @@ jobs: ARCH="${RUNNER_ARCH}"; fi wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-25/wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz - tar xvf wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz + tar xf wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz mv $(echo wasi-sdk-25.0-${ARCH}-${RUNNER_OS} | tr '[:upper:]' '[:lower:]') /opt/wasi-sdk - name: Add wasm32-wasip2 target @@ -326,10 +379,13 @@ jobs: CC: /opt/wasi-sdk/bin/clang WASI_SDK_PATH: /opt/wasi-sdk RUST_MIN_STACK: 16777216 - run: cargo +nightly-2025-05-14 test --target wasm32-wasip2 -p c2pa -p c2patool --all-features + FEATURES: ${{needs.get-features.outputs.wasi-features}} + run: | + cargo +nightly-2025-05-14 test --target wasm32-wasip2 -p c2pa -p c2patool --features "$FEATURES" --no-default-features test-direct-minimal-versions: name: Unit tests with minimum versions of direct dependencies + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -362,10 +418,14 @@ jobs: uses: Swatinem/rust-cache@v2 - name: Run tests - run: cargo +nightly-2025-01-24 test -Z direct-minimal-versions --all-targets --all-features + env: + FEATURES: ${{needs.get-features.outputs.openssl-features}} + run: | + cargo +nightly-2025-01-24 test -Z direct-minimal-versions --all-targets --features "$FEATURES" clippy_check: name: Clippy + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -388,7 +448,10 @@ jobs: uses: Swatinem/rust-cache@v2 - name: Run Clippy - run: cargo clippy --all-features --all-targets -- -Dwarnings + env: + FEATURES: ${{needs.get-features.outputs.openssl-features}} + run: | + cargo clippy --features "$FEATURES" --all-targets -- -Dwarnings cargo_fmt: name: Enforce Rust code format @@ -415,6 +478,7 @@ jobs: docs_rs: name: Preflight docs.rs build + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -439,8 +503,9 @@ jobs: # environment. The goal is to fail PR validation # if the subsequent release would result in a failed # documentation build on docs.rs. - run: cargo +nightly doc --workspace --all-features --no-deps + run: cargo +nightly doc --workspace --features "$FEATURES" --no-deps env: + FEATURES: ${{needs.get-features.outputs.openssl-features}} RUSTDOCFLAGS: --cfg docsrs DOCS_RS: 1 @@ -476,6 +541,7 @@ jobs: unused_deps: name: Check for unused dependencies + needs: get-features if: | github.event_name != 'pull_request' || github.event.pull_request.author_association == 'COLLABORATOR' || @@ -496,8 +562,10 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: Run cargo-udeps + env: + FEATURES: ${{needs.get-features.outputs.openssl-features}} run: | mv ./.github/temp-bin/cargo-udeps /home/runner/.cargo/bin/cargo-udeps - cargo udeps --all-targets --all-features + cargo udeps --all-targets --features "$FEATURES" # NOTE: Using pre-built binary as a workaround for # https://github.com/aig787/cargo-udeps-action/issues/6. diff --git a/c_api/Cargo.toml b/c_api/Cargo.toml index 8941760be..d3cf5ef8d 100644 --- a/c_api/Cargo.toml +++ b/c_api/Cargo.toml @@ -9,8 +9,10 @@ license = "MIT OR Apache-2.0" crate-type = ["cdylib"] [features] -default = ["json_api",] +default = ["json_api", "openssl"] json_api = ["c2pa/v1_api"] +openssl = ["c2pa/openssl"] +rust_native_crypto = ["c2pa/rust_native_crypto"] [dependencies] tokio = { version = "1.36", features = ["rt-multi-thread","rt"] } @@ -18,8 +20,7 @@ c2pa = { path = "../sdk", version = "0.53.0", features = [ "file_io", "add_thumbnails", "fetch_remote_manifests", - "rust_native_crypto", -] } +], default-features = false } scopeguard = "1.2.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" diff --git a/cli/Cargo.toml b/cli/Cargo.toml index bb3a685f5..f58376ae8 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -15,6 +15,11 @@ edition = "2018" homepage = "https://contentauthenticity.org" repository = "https://github.com/contentauth/c2pa-rs/tree/main/cli" +[features] +default = ["openssl"] +openssl = ["c2pa/openssl"] +rust_native_crypto = ["c2pa/rust_native_crypto"] + [lints.rust] unexpected_cfgs = { level = "warn", check-cfg = ['cfg(test)'] } # Workaround for https://github.com/est31/cargo-udeps/issues/293. @@ -27,7 +32,7 @@ c2pa = { path = "../sdk", version = "0.53.0", features = [ "file_io", "add_thumbnails", "pdf" -] } +], default-features = false } clap = { version = "4.5.10", features = ["derive", "env"] } env_logger = "0.11.7" glob = "0.3.1" diff --git a/export_schema/Cargo.toml b/export_schema/Cargo.toml index 398b35acd..7b1f2a21e 100644 --- a/export_schema/Cargo.toml +++ b/export_schema/Cargo.toml @@ -10,8 +10,13 @@ rust-version = "1.82.0" unexpected_cfgs = { level = "warn", check-cfg = ['cfg(test)'] } # Workaround for https://github.com/est31/cargo-udeps/issues/293. +[features] +default = ["openssl"] +openssl = ["c2pa/openssl"] +rust_native_crypto = ["c2pa/rust_native_crypto"] + [dependencies] anyhow = "1.0.40" -c2pa = { path = "../sdk", default-features = false, features = ["json_schema"] } +c2pa = { path = "../sdk", features = ["json_schema"], default-features = false } schemars = "0.8.21" serde_json = "1.0.117" diff --git a/make_test_images/Cargo.toml b/make_test_images/Cargo.toml index 15fbbe0c5..8159a3edf 100644 --- a/make_test_images/Cargo.toml +++ b/make_test_images/Cargo.toml @@ -16,7 +16,7 @@ required-features = ["default"] [dependencies] anyhow = "1.0.40" -c2pa = { path = "../sdk" } +c2pa = { path = "../sdk", default-features = false } env_logger = "0.11" log = "0.4.8" image = { version = "0.25.2", default-features = false, features = [ @@ -32,4 +32,6 @@ tempfile = "3.15.0" [features] # prevents these features from being always enabled in the workspace -default = ["c2pa/file_io"] +default = ["c2pa/file_io", "openssl"] +openssl = ["c2pa/openssl"] +rust_native_crypto = ["c2pa/rust_native_crypto"] diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index 87af78a1c..89b62f320 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -26,17 +26,23 @@ all-features = true rustdoc-args = ["--cfg", "docsrs"] [features] +default = ["openssl"] add_thumbnails = ["image"] file_io = [] serialize_thumbnails = [] no_interleaved_io = ["file_io"] fetch_remote_manifests = ["dep:wasi"] json_schema = ["dep:schemars"] +openssl = ["dep:openssl"] pdf = ["dep:lopdf"] rust_native_crypto = [ "dep:const-oid", + "dep:ecdsa", "dep:der", "dep:num-bigint-dig", + "dep:p256", + "dep:p384", + "dep:p521", "dep:pkcs1", "dep:rsa", "dep:spki", @@ -97,7 +103,7 @@ conv = "0.3.3" coset = "0.3.8" extfmt = "0.1.1" der = { version = "0.7.9", optional = true } -ecdsa = { version = "0.16.9", features = ["digest", "sha2"] } +ecdsa = { version = "0.16.9", features = ["digest", "sha2"], optional = true } ed25519-dalek = { version = "2.1.1", features = ["alloc", "digest", "pem", "pkcs8", "rand_core"] } getrandom = { version = "0.2.7", features = ["js"] } hex = "0.4.3" @@ -116,9 +122,9 @@ nom = "7.1.3" non-empty-string = { version = "=0.2.4", features = ["serde"] } nonempty-collections = { version = "0.2.9", features = ["serde"] } num-bigint-dig = { version = "0.8.4", optional = true } -p256 = "0.13.2" -p384 = "0.13.0" -p521 = { version = "0.13.3", features = ["pkcs8", "digest", "ecdsa"] } +p256 = { version = "0.13.2", optional = true } +p384 = { version = "0.13.0", optional = true } +p521 = { version = "0.13.3", features = ["pkcs8", "digest", "ecdsa"], optional = true } pem = "3.0.2" pkcs1 = { version = "0.7.5", optional = true } pkcs8 = "0.10.2" @@ -168,7 +174,7 @@ spki = "0.7.3" tempfile = { version = "3.15", features = ["nightly"] } [target.'cfg(not(target_arch = "wasm32"))'.dependencies] -openssl = { version = "0.10.72", features = ["vendored"] } +openssl = { version = "0.10.72", features = ["vendored"], optional = true } ureq = "2.4.0" url = "2.5.3" diff --git a/sdk/src/crypto/cose/certificate_trust_policy.rs b/sdk/src/crypto/cose/certificate_trust_policy.rs index af887a183..54e5edb76 100644 --- a/sdk/src/crypto/cose/certificate_trust_policy.rs +++ b/sdk/src/crypto/cose/certificate_trust_policy.rs @@ -100,7 +100,7 @@ impl CertificateTrustPolicy { return Ok(()); } - #[cfg(any(target_arch = "wasm32", feature = "rust_native_crypto", test))] + #[cfg(feature = "rust_native_crypto")] { return crate::crypto::raw_signature::rust_native::check_certificate_trust::check_certificate_trust( self, @@ -110,7 +110,7 @@ impl CertificateTrustPolicy { ); } - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] { return crate::crypto::raw_signature::openssl::check_certificate_trust::check_certificate_trust( self, @@ -355,14 +355,14 @@ pub enum CertificateTrustError { InternalError(String), } -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] impl From for CertificateTrustError { fn from(err: openssl::error::ErrorStack) -> Self { Self::CryptoLibraryError(err.to_string()) } } -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] impl From for CertificateTrustError { @@ -649,7 +649,7 @@ zGxQnM2hCA== let ps512 = test_signer(SigningAlg::Ps512); let es256 = test_signer(SigningAlg::Es256); let es384 = test_signer(SigningAlg::Es384); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] let es512 = test_signer(SigningAlg::Es512); let ed25519 = test_signer(SigningAlg::Ed25519); @@ -658,7 +658,7 @@ zGxQnM2hCA== let ps512_certs = ps512.cert_chain().unwrap(); let es256_certs = es256.cert_chain().unwrap(); let es384_certs = es384.cert_chain().unwrap(); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] let es512_certs = es512.cert_chain().unwrap(); let ed25519_certs = ed25519.cert_chain().unwrap(); @@ -672,7 +672,7 @@ zGxQnM2hCA== .unwrap(); ctp.check_certificate_trust(&es384_certs[1..], &es384_certs[0], None) .unwrap(); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] ctp.check_certificate_trust(&es512_certs[1..], &es512_certs[0], None) .unwrap(); ctp.check_certificate_trust(&ed25519_certs[1..], &ed25519_certs[0], None) @@ -742,7 +742,7 @@ zGxQnM2hCA== let ps512 = test_signer(SigningAlg::Ps512); let es256 = test_signer(SigningAlg::Es256); let es384 = test_signer(SigningAlg::Es384); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] let es512 = test_signer(SigningAlg::Es512); let ed25519 = test_signer(SigningAlg::Ed25519); @@ -751,7 +751,7 @@ zGxQnM2hCA== let ps512_certs = ps512.cert_chain().unwrap(); let es256_certs = es256.cert_chain().unwrap(); let es384_certs = es384.cert_chain().unwrap(); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] let es512_certs = es512.cert_chain().unwrap(); let ed25519_certs = ed25519.cert_chain().unwrap(); @@ -792,7 +792,7 @@ zGxQnM2hCA== CertificateTrustError::CertificateNotTrusted ); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] assert_eq!( ctp.check_certificate_trust(&es512_certs[2..], &es512_certs[0], None) .unwrap_err(), @@ -933,7 +933,7 @@ zGxQnM2hCA== let ps512 = test_signer(SigningAlg::Ps512); let es256 = test_signer(SigningAlg::Es256); let es384 = test_signer(SigningAlg::Es384); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] let es512 = test_signer(SigningAlg::Es512); let ed25519 = test_signer(SigningAlg::Ed25519); @@ -942,7 +942,7 @@ zGxQnM2hCA== assert_eq!(ps512.alg(), SigningAlg::Ps512); assert_eq!(es256.alg(), SigningAlg::Es256); assert_eq!(es384.alg(), SigningAlg::Es384); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] assert_eq!(es512.alg(), SigningAlg::Es512); assert_eq!(ed25519.alg(), SigningAlg::Ed25519); @@ -951,7 +951,7 @@ zGxQnM2hCA== let ps512_certs = ps512.cert_chain().unwrap(); let es256_certs = es256.cert_chain().unwrap(); let es384_certs = es384.cert_chain().unwrap(); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] let es512_certs = es512.cert_chain().unwrap(); let ed25519_certs = ed25519.cert_chain().unwrap(); @@ -965,7 +965,7 @@ zGxQnM2hCA== .unwrap(); ctp.check_certificate_trust(&es384_certs[1..], &es384_certs[0], None) .unwrap(); - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] ctp.check_certificate_trust(&es512_certs[1..], &es512_certs[0], None) .unwrap(); ctp.check_certificate_trust(&ed25519_certs[1..], &ed25519_certs[0], None) diff --git a/sdk/src/crypto/raw_signature/mod.rs b/sdk/src/crypto/raw_signature/mod.rs index ded81d9d5..d66744965 100644 --- a/sdk/src/crypto/raw_signature/mod.rs +++ b/sdk/src/crypto/raw_signature/mod.rs @@ -15,10 +15,10 @@ pub(crate) mod oids; -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] pub(crate) mod openssl; -#[cfg(any(target_arch = "wasm32", feature = "rust_native_crypto", test))] +#[cfg(feature = "rust_native_crypto")] pub(crate) mod rust_native; pub(crate) mod signer; diff --git a/sdk/src/crypto/raw_signature/rust_native/signers/mod.rs b/sdk/src/crypto/raw_signature/rust_native/signers/mod.rs index 1a07d2bd3..ac9f8b388 100644 --- a/sdk/src/crypto/raw_signature/rust_native/signers/mod.rs +++ b/sdk/src/crypto/raw_signature/rust_native/signers/mod.rs @@ -351,8 +351,7 @@ mod async_signer_tests { validator.validate(&signature, data, pub_key).unwrap(); } - #[cfg_attr(not(target_arch = "wasm32"), actix::test)] - // #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + #[cfg_attr(feature = "openssl", actix::test)] async fn es512() { let cert_chain = include_bytes!("../../../../../tests/fixtures/crypto/raw_signature/es512.pub"); diff --git a/sdk/src/crypto/raw_signature/signer.rs b/sdk/src/crypto/raw_signature/signer.rs index b0b9b363f..2933fbdc0 100644 --- a/sdk/src/crypto/raw_signature/signer.rs +++ b/sdk/src/crypto/raw_signature/signer.rs @@ -157,14 +157,14 @@ impl From for RawSignerError { } } -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] impl From for RawSignerError { fn from(err: openssl::error::ErrorStack) -> Self { Self::CryptoLibraryError(err.to_string()) } } -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] impl From for RawSignerError { fn from(err: crate::crypto::raw_signature::openssl::OpenSslMutexUnavailable) -> Self { Self::InternalError(err.to_string()) @@ -187,7 +187,7 @@ pub fn signer_from_cert_chain_and_private_key( alg: SigningAlg, time_stamp_service_url: Option, ) -> Result, RawSignerError> { - #[cfg(any(target_arch = "wasm32", feature = "rust_native_crypto"))] + #[cfg(feature = "rust_native_crypto")] { match crate::crypto::raw_signature::rust_native::signers::signer_from_cert_chain_and_private_key( cert_chain, @@ -201,7 +201,7 @@ pub fn signer_from_cert_chain_and_private_key( } } - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] { return crate::crypto::raw_signature::openssl::signers::signer_from_cert_chain_and_private_key( cert_chain, diff --git a/sdk/src/crypto/raw_signature/tests/async_signers.rs b/sdk/src/crypto/raw_signature/tests/async_signers.rs index 6697d533b..f2694ee8b 100644 --- a/sdk/src/crypto/raw_signature/tests/async_signers.rs +++ b/sdk/src/crypto/raw_signature/tests/async_signers.rs @@ -21,7 +21,11 @@ use crate::crypto::raw_signature::{ }; #[cfg_attr(not(target_arch = "wasm32"), actix::test)] -// #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] +#[cfg_attr(target_os = "wasi", wstd::test)] async fn es256() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es256.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es256.priv"); @@ -47,7 +51,11 @@ async fn es256() { } #[cfg_attr(not(target_arch = "wasm32"), actix::test)] -// #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] +#[cfg_attr(target_os = "wasi", wstd::test)] async fn es384() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es384.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es384.priv"); @@ -72,8 +80,7 @@ async fn es384() { validator.validate(&signature, data, pub_key).unwrap(); } -#[cfg_attr(not(target_arch = "wasm32"), actix::test)] -// #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] +#[cfg_attr(feature = "openssl", actix::test)] async fn es512() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es512.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es512.priv"); diff --git a/sdk/src/crypto/raw_signature/tests/signers.rs b/sdk/src/crypto/raw_signature/tests/signers.rs index 74d9db66e..e51aa85f3 100644 --- a/sdk/src/crypto/raw_signature/tests/signers.rs +++ b/sdk/src/crypto/raw_signature/tests/signers.rs @@ -19,8 +19,10 @@ use crate::crypto::raw_signature::{ }; #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), wasm_bindgen_test)] -#[cfg(not(target_arch = "wasm32"))] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] fn es256() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es256.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es256.priv"); @@ -42,8 +44,10 @@ fn es256() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), wasm_bindgen_test)] -#[cfg(not(target_arch = "wasm32"))] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] fn es384() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es384.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es384.priv"); @@ -65,8 +69,7 @@ fn es384() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), wasm_bindgen_test)] -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] fn es512() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es512.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es512.priv"); @@ -114,8 +117,10 @@ fn ed25519() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), -// wasm_bindgen_test)] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] fn ps256() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/ps256.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/ps256.priv"); @@ -137,8 +142,10 @@ fn ps256() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), -// wasm_bindgen_test)] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] fn ps384() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/ps384.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/ps384.priv"); @@ -160,8 +167,10 @@ fn ps384() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), -// wasm_bindgen_test)] +#[cfg_attr( + all(target_arch = "wasm32", not(target_os = "wasi")), + wasm_bindgen_test +)] fn ps512() { let cert_chain = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/ps512.pub"); let private_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/ps512.priv"); diff --git a/sdk/src/crypto/raw_signature/tests/validators.rs b/sdk/src/crypto/raw_signature/tests/validators.rs index c2e1cc043..e56f48f87 100644 --- a/sdk/src/crypto/raw_signature/tests/validators.rs +++ b/sdk/src/crypto/raw_signature/tests/validators.rs @@ -97,8 +97,7 @@ fn es384() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), -// wasm_bindgen_test)] // ES512 not implemented +#[cfg(not(target_arch = "wasm32"))] fn es512() { let signature = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es512.raw_sig"); let pub_key = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/es512.pub_key"); @@ -242,7 +241,7 @@ const SHA384_OID: Oid = bcder::Oid(OctetString::from_static(&[96, 134, 72, 1, 10 const SHA512_OID: Oid = bcder::Oid(OctetString::from_static(&[96, 134, 72, 1, 101, 3, 4, 2, 3])); -#[cfg_attr(target_arch = "wasm32", allow(unused))] +#[cfg_attr(feature = "rust_native_crypto", allow(unused))] const SHA1_OID: Oid = bcder::Oid(OctetString::from_static(&[43, 14, 3, 2, 26])); #[test] @@ -341,9 +340,7 @@ fn rs512() { } #[test] -// #[cfg_attr(all(target_arch = "wasm32", not(target_os = "wasi")), wasm_bindgen_test)] // SHA1 not -// implemented -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] fn sha1() { let signature = include_bytes!("../../../../tests/fixtures/crypto/raw_signature/legacy/sha1.raw_sig"); diff --git a/sdk/src/crypto/raw_signature/validator.rs b/sdk/src/crypto/raw_signature/validator.rs index a5a7c9612..2b2e24154 100644 --- a/sdk/src/crypto/raw_signature/validator.rs +++ b/sdk/src/crypto/raw_signature/validator.rs @@ -65,7 +65,7 @@ pub trait AsyncRawSignatureValidator { /// Which validators are available may vary depending on the platform and /// which crate features were enabled. pub fn validator_for_signing_alg(alg: SigningAlg) -> Option> { - #[cfg(any(target_arch = "wasm32", feature = "rust_native_crypto"))] + #[cfg(feature = "rust_native_crypto")] { if let Some(validator) = crate::crypto::raw_signature::rust_native::validators::validator_for_signing_alg(alg) @@ -74,7 +74,7 @@ pub fn validator_for_signing_alg(alg: SigningAlg) -> Option Option> { // TO REVIEW: Do we need any of the RSA-PSS algorithms for this use case? - #[cfg(any(target_arch = "wasm32", feature = "rust_native_crypto"))] + #[cfg(feature = "rust_native_crypto")] { if let Some(validator) = crate::crypto::raw_signature::rust_native::validators::validator_for_sig_and_hash_algs( @@ -106,7 +106,7 @@ pub(crate) fn validator_for_sig_and_hash_algs( } } - #[cfg(not(target_arch = "wasm32"))] + #[cfg(feature = "openssl")] if let Some(validator) = crate::crypto::raw_signature::openssl::validators::validator_for_sig_and_hash_algs( sig_alg, hash_alg, @@ -175,14 +175,14 @@ pub enum RawSignatureValidationError { InternalError(String), } -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] impl From for RawSignatureValidationError { fn from(err: openssl::error::ErrorStack) -> Self { Self::CryptoLibraryError(err.to_string()) } } -#[cfg(not(target_arch = "wasm32"))] +#[cfg(feature = "openssl")] impl From for RawSignatureValidationError { diff --git a/sdk/src/ingredient.rs b/sdk/src/ingredient.rs index e3aa8ef0d..3dad9c0d5 100644 --- a/sdk/src/ingredient.rs +++ b/sdk/src/ingredient.rs @@ -1877,7 +1877,7 @@ mod tests_file_io { } #[test] - #[cfg(feature = "file_io")] + #[cfg(all(feature = "file_io", feature = "add_thumbnails"))] fn test_jpg_prerelease() { let ap = fixture_path(PRERELEASE_JPEG); let ingredient = Ingredient::from_file(ap).expect("from_file"); diff --git a/sdk/src/lib.rs b/sdk/src/lib.rs index dfc891f09..e42453f04 100644 --- a/sdk/src/lib.rs +++ b/sdk/src/lib.rs @@ -184,3 +184,12 @@ pub(crate) mod store; pub(crate) mod utils; pub(crate) use utils::{cbor_types, hash_utils}; + +#[cfg(all(feature = "openssl", feature = "rust_native_crypto"))] +compile_error!("Features 'openssl' and 'rust_native_crypto' cannot be enabled at the same time."); + +#[cfg(not(any(feature = "openssl", feature = "rust_native_crypto")))] +compile_error!("Either 'openssl' or 'rust_native_crypto' feature must be enabled."); + +#[cfg(all(feature = "openssl", target_arch = "wasm32"))] +compile_error!("Feature 'openssl' is not available for wasm32.");