-
Notifications
You must be signed in to change notification settings - Fork 0
146 lines (122 loc) · 4.75 KB
/
Copy pathnist-validation.yml
File metadata and controls
146 lines (122 loc) · 4.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: NIST Scientific Validation
on:
workflow_dispatch: # Only run manually for NIST reference comparison
env:
PROTOC_VERSION: '28.3'
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.25.4'
- name: Cache NIST reference repository and binaries
uses: actions/cache@v4
with:
path: |
build/90b-validation/ref
build/90b-validation/bin
key: nist-validation-${{ runner.os }}-${{ hashFiles('tools/run_90b_validation.sh') }}
restore-keys: |
nist-validation-${{ runner.os }}-
- name: Cache protoc
id: cache-protoc
uses: actions/cache@v4
with:
path: ${{ runner.temp }}/protoc
key: protoc-${{ env.PROTOC_VERSION }}-${{ runner.os }}-${{ runner.arch }}
- name: Install protoc
if: steps.cache-protoc.outputs.cache-hit != 'true'
run: |
wget -q "https://github.com/protocolbuffers/protobuf/releases/download/v${{ env.PROTOC_VERSION }}/protoc-${{ env.PROTOC_VERSION }}-linux-x86_64.zip"
unzip -q protoc-${{ env.PROTOC_VERSION }}-linux-x86_64.zip -d "${{ runner.temp }}/protoc"
- name: Add protoc to PATH
run: echo "${{ runner.temp }}/protoc/bin" >> "$GITHUB_PATH"
- name: Install C++ Dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
g++ \
make \
libbz2-dev \
libdivsufsort-dev \
libjsoncpp-dev \
libmpfr-dev \
libgmp-dev \
libssl-dev
- name: Build NIST C++ Library
run: make build-nist
- name: Download Go dependencies
run: go mod download
- name: Install Go protobuf tools
run: |
go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
- name: Run NIST Validation
id: validation
run: |
set -euo pipefail
ARTIFACT_DIR="${GITHUB_WORKSPACE}/validation-artifacts"
mkdir -p "${ARTIFACT_DIR}"
STATUS="passed"
if ! ./tools/run_90b_validation.sh 2>&1 | tee "${ARTIFACT_DIR}/validation_output.txt"; then
STATUS="failed"
fi
find build/90b-validation -maxdepth 1 -type f \
\( -name 'ref_*.json' -o -name 'go_*.json' \) \
-exec cp {} "${ARTIFACT_DIR}/" \;
echo "validation_status=${STATUS}" >> "${GITHUB_OUTPUT}"
if [ "${STATUS}" != "passed" ]; then
exit 1
fi
- name: Generate Validation Report
if: always()
run: |
ARTIFACT_DIR="${GITHUB_WORKSPACE}/validation-artifacts"
mkdir -p "${ARTIFACT_DIR}"
REPORT="${ARTIFACT_DIR}/validation_report.md"
STATUS="${{ steps.validation.outputs.validation_status }}"
if [ -z "${STATUS}" ]; then
STATUS="failed"
fi
echo "# NIST SP 800-90B Scientific Validation Results" > "${REPORT}"
echo "" >> "${REPORT}"
echo "## Test Status: ${STATUS}" >> "${REPORT}"
echo "" >> "${REPORT}"
if [ "${STATUS}" = "passed" ]; then
echo "### Validation Successful" >> "${REPORT}"
echo "" >> "${REPORT}"
echo "The Go/CGO wrapper produced min-entropy estimates matching the NIST SP 800-90B C++ reference implementation within the configured floating-point tolerance." >> "${REPORT}"
else
echo "### Validation Failed" >> "${REPORT}"
echo "" >> "${REPORT}"
echo "One or more estimator comparisons failed or the validation workflow did not complete successfully." >> "${REPORT}"
fi
echo "" >> "${REPORT}"
echo "### Artifact Contents" >> "${REPORT}"
echo "" >> "${REPORT}"
echo "- \`validation_output.txt\`: complete validation console output" >> "${REPORT}"
echo "- \`ref_*.json\`: outputs generated by the NIST SP 800-90B C++ reference implementation" >> "${REPORT}"
echo "- \`go_*.json\`: outputs generated by the Go/CGO service implementation" >> "${REPORT}"
echo "" >> "${REPORT}"
echo "### Test Details" >> "${REPORT}"
echo "" >> "${REPORT}"
echo '```' >> "${REPORT}"
if [ -f "${ARTIFACT_DIR}/validation_output.txt" ]; then
cat "${ARTIFACT_DIR}/validation_output.txt" >> "${REPORT}"
else
echo "No validation output available" >> "${REPORT}"
fi
echo '```' >> "${REPORT}"
cat "${REPORT}" >> "$GITHUB_STEP_SUMMARY"
- name: Upload Validation Artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: validation-results
path: |
validation-artifacts/**
retention-days: 30
if-no-files-found: warn