From 63a2f6141036555f764a1a1fc19f97d80440cd8d Mon Sep 17 00:00:00 2001
From: Justin Smith <justsmth@amazon.com>
Date: Thu, 19 Dec 2024 08:54:41 -0500
Subject: [PATCH] Allow disable slow tests

---
 Cross.toml                           |  1 +
 aws-lc-rs/Cross.toml                 |  3 +-
 aws-lc-rs/build.rs                   | 12 +++++
 aws-lc-rs/src/agreement/ephemeral.rs |  1 +
 aws-lc-rs/src/rsa/tests/fips.rs      | 16 ++++++-
 aws-lc-rs/tests/aead_test.rs         |  2 +-
 aws-lc-rs/tests/digest_test.rs       |  2 +
 aws-lc-rs/tests/rsa_test.rs          | 71 +++++++++++++++++++++-------
 8 files changed, 88 insertions(+), 20 deletions(-)

diff --git a/Cross.toml b/Cross.toml
index 3cf91df1e62..d15bafa4a3f 100644
--- a/Cross.toml
+++ b/Cross.toml
@@ -23,4 +23,5 @@ passthrough = [
     "AWS_LC_SYS_CC_SRC_COLLECTOR",
     "GOPROXY",
     "AWS_LC_SYS_CFLAGS",
+    "AWS_LC_RS_DISABLE_SLOW_TESTS",
 ]
diff --git a/aws-lc-rs/Cross.toml b/aws-lc-rs/Cross.toml
index b8846c14efb..11424db862c 100644
--- a/aws-lc-rs/Cross.toml
+++ b/aws-lc-rs/Cross.toml
@@ -5,5 +5,6 @@ dockerfile = "../docker/linux-cross/Dockerfile"
 passthrough = [
     "CROSS_CMAKE_SYSTEM_PROCESSOR",
     "RUST_BACKTRACE",
-    "RUST_LOG"
+    "RUST_LOG",
+    "AWS_LC_RS_DISABLE_SLOW_TESTS",
 ]
diff --git a/aws-lc-rs/build.rs b/aws-lc-rs/build.rs
index e34a7a37334..7aeac1f86c4 100644
--- a/aws-lc-rs/build.rs
+++ b/aws-lc-rs/build.rs
@@ -1,6 +1,8 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
+use std::env;
+
 fn main() {
     let has_mutually_exclusive_features = cfg!(feature = "non-fips") && cfg!(feature = "fips");
     assert!(
@@ -8,6 +10,16 @@ fn main() {
         "`fips` and `non-fips` are mutually exclusive crate features."
     );
 
+    println!("cargo:rustc-check-cfg=cfg(disable_slow_tests)");
+    if let Ok(disable) = env::var("AWS_LC_RS_DISABLE_SLOW_TESTS") {
+        if disable == "1" {
+            println!("cargo:warning=### Slow tests will be disabled! ###");
+            println!("cargo:rustc-cfg=disable_slow_tests");
+        } else {
+            println!("cargo:warning=### Slow tests are enabled: {disable}! ###");
+        }
+    }
+
     // This appears asymmetric, but it reflects the `cfg` statements in lib.rs that
     // require `aws-lc-sys` to be present when "fips" is not enabled.
     // if `fips` is enabled, then use that
diff --git a/aws-lc-rs/src/agreement/ephemeral.rs b/aws-lc-rs/src/agreement/ephemeral.rs
index 754757ddca7..5ca94dbe93e 100644
--- a/aws-lc-rs/src/agreement/ephemeral.rs
+++ b/aws-lc-rs/src/agreement/ephemeral.rs
@@ -154,6 +154,7 @@ mod tests {
         // The spec gives a test vector for 1,000,000 iterations but it takes
         // too long to do 1,000,000 iterations by default right now. This
         // 10,000 iteration vector is self-computed.
+        #[cfg(not(disable_slow_tests))]
         expect_iterated_x25519(
             "2c125a20f639d504a7703d2e223c79a79de48c4ee8c23379aa19a62ecd211815",
             1_000..10_000,
diff --git a/aws-lc-rs/src/rsa/tests/fips.rs b/aws-lc-rs/src/rsa/tests/fips.rs
index f5be772478c..a844b71869a 100644
--- a/aws-lc-rs/src/rsa/tests/fips.rs
+++ b/aws-lc-rs/src/rsa/tests/fips.rs
@@ -78,9 +78,14 @@ macro_rules! generate_key {
 }
 
 generate_key!(rsa2048_signing_generate_key, KeyPair, KeySize::Rsa2048);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_key!(rsa3072_signing_generate_key, KeyPair, KeySize::Rsa3072);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_key!(rsa4096_signing_generate_key, KeyPair, KeySize::Rsa4096);
-
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_key!(rsa8192_signing_generate_key, KeyPair, KeySize::Rsa8192);
 
 generate_key!(
@@ -88,16 +93,25 @@ generate_key!(
     PrivateDecryptingKey,
     KeySize::Rsa2048
 );
+
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_key!(
     rsa3072_encryption_generate_key,
     PrivateDecryptingKey,
     KeySize::Rsa3072
 );
+
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_key!(
     rsa4096_encryption_signing_generate_key,
     PrivateDecryptingKey,
     KeySize::Rsa4096
 );
+
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_key!(
     rsa8192_encryption_generate_key,
     PrivateDecryptingKey,
diff --git a/aws-lc-rs/tests/aead_test.rs b/aws-lc-rs/tests/aead_test.rs
index be1ffa80740..8271514c9b1 100644
--- a/aws-lc-rs/tests/aead_test.rs
+++ b/aws-lc-rs/tests/aead_test.rs
@@ -190,7 +190,7 @@ fn test_aead<Seal, Open>(
         // test a smaller subset.
 
         let mut more_comprehensive_in_prefix_lengths = vec![0; 4096].into_boxed_slice();
-        let in_prefix_lengths = if cfg!(debug_assertions) {
+        let in_prefix_lengths = if cfg!(any(debug_assertions, disable_slow_tests)) {
             &MINIMAL_IN_PREFIX_LENS[..]
         } else {
             #[allow(clippy::needless_range_loop)]
diff --git a/aws-lc-rs/tests/digest_test.rs b/aws-lc-rs/tests/digest_test.rs
index ab757566f56..54034e78e2e 100644
--- a/aws-lc-rs/tests/digest_test.rs
+++ b/aws-lc-rs/tests/digest_test.rs
@@ -243,6 +243,7 @@ mod digest_shavs {
 macro_rules! test_i_u_f {
     ( $test_name:ident, $alg:expr) => {
         #[cfg(not(debug_assertions))]
+        #[cfg(not(disable_slow_tests))]
         // TODO: Get this working on WebAssembly
         #[cfg(not(target_arch = "wasm32"))]
         #[test]
@@ -308,6 +309,7 @@ macro_rules! test_large_digest {
     ( $test_name:ident, $alg:expr, $len:expr, $expected:expr) => {
         // TODO: get this working on WebAssembly.
         #[cfg(not(debug_assertions))]
+        #[cfg(not(disable_slow_tests))]
         #[cfg(not(target_arch = "wasm32"))]
         #[test]
         fn $test_name() {
diff --git a/aws-lc-rs/tests/rsa_test.rs b/aws-lc-rs/tests/rsa_test.rs
index e4e2f7c7d18..a55777bbf20 100644
--- a/aws-lc-rs/tests/rsa_test.rs
+++ b/aws-lc-rs/tests/rsa_test.rs
@@ -302,10 +302,14 @@ macro_rules! generate_encode_decode {
 }
 
 generate_encode_decode!(rsa2048_generate_encode_decode, KeySize::Rsa2048);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_encode_decode!(rsa3072_generate_encode_decode, KeySize::Rsa3072);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_encode_decode!(rsa4096_generate_encode_decode, KeySize::Rsa4096);
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_encode_decode!(rsa8192_generate_encode_decode, KeySize::Rsa8192);
 
 macro_rules! generate_fips_encode_decode {
@@ -336,10 +340,14 @@ macro_rules! generate_fips_encode_decode {
 }
 
 generate_fips_encode_decode!(rsa2048_generate_fips_encode_decode, KeySize::Rsa2048);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_fips_encode_decode!(rsa3072_generate_fips_encode_decode, KeySize::Rsa3072);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_fips_encode_decode!(rsa4096_generate_fips_encode_decode, KeySize::Rsa4096);
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 generate_fips_encode_decode!(rsa8192_generate_fips_encode_decode, KeySize::Rsa8192);
 
 macro_rules! encryption_generate_encode_decode {
@@ -365,10 +373,14 @@ macro_rules! encryption_generate_encode_decode {
 }
 
 encryption_generate_encode_decode!(rsa2048_encryption_generate_encode_decode, KeySize::Rsa2048);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 encryption_generate_encode_decode!(rsa3072_encryption_generate_encode_decode, KeySize::Rsa3072);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 encryption_generate_encode_decode!(rsa4096_encryption_generate_encode_decode, KeySize::Rsa4096);
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 encryption_generate_encode_decode!(rsa8192_encryption_generate_encode_decode, KeySize::Rsa8192);
 
 macro_rules! encryption_generate_fips_encode_decode {
@@ -408,16 +420,20 @@ encryption_generate_fips_encode_decode!(
     rsa2048_encryption_generate_fips_encode_decode,
     KeySize::Rsa2048
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 encryption_generate_fips_encode_decode!(
     rsa3072_encryption_generate_fips_encode_decode,
     KeySize::Rsa3072
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 encryption_generate_fips_encode_decode!(
     rsa4096_encryption_generate_fips_encode_decode,
     KeySize::Rsa4096
 );
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 encryption_generate_fips_encode_decode!(
     rsa8192_encryption_generate_fips_encode_decode,
     KeySize::Rsa8192
@@ -596,18 +612,22 @@ round_trip_oaep_algorithm!(
     &OAEP_SHA1_MGF1SHA1,
     KeySize::Rsa2048
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa3072_oaep_sha1_mgf1sha1,
     &OAEP_SHA1_MGF1SHA1,
     KeySize::Rsa3072
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa4096_oaep_sha1_mgf1sha1,
     &OAEP_SHA1_MGF1SHA1,
     KeySize::Rsa4096
 );
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa8192_oaep_sha1_mgf1sha1,
     &OAEP_SHA1_MGF1SHA1,
@@ -619,18 +639,22 @@ round_trip_oaep_algorithm!(
     &OAEP_SHA256_MGF1SHA256,
     KeySize::Rsa2048
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa3072_oaep_sha256_mgf1sha256,
     &OAEP_SHA256_MGF1SHA256,
     KeySize::Rsa3072
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa4096_oaep_sha256_mgf1sha256,
     &OAEP_SHA256_MGF1SHA256,
     KeySize::Rsa4096
 );
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa8192_oaep_sha256_mgf1sha256,
     &OAEP_SHA256_MGF1SHA256,
@@ -642,18 +666,22 @@ round_trip_oaep_algorithm!(
     &OAEP_SHA384_MGF1SHA384,
     KeySize::Rsa2048
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa3072_oaep_sha384_mgf1sha384,
     &OAEP_SHA384_MGF1SHA384,
     KeySize::Rsa3072
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa4096_oaep_sha384_mgf1sha384,
     &OAEP_SHA384_MGF1SHA384,
     KeySize::Rsa4096
 );
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa8192_oaep_sha384_mgf1sha384,
     &OAEP_SHA384_MGF1SHA384,
@@ -665,18 +693,22 @@ round_trip_oaep_algorithm!(
     &OAEP_SHA512_MGF1SHA512,
     KeySize::Rsa2048
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa3072_oaep_sha512_mgf1sha512,
     &OAEP_SHA512_MGF1SHA512,
     KeySize::Rsa3072
 );
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa4096_oaep_sha512_mgf1sha512,
     &OAEP_SHA512_MGF1SHA512,
     KeySize::Rsa4096
 );
-// RSA8192 tests are not run in dev (debug) builds because it is too slow.
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_oaep_algorithm!(
     rsa8192_oaep_sha512_mgf1sha512,
     &OAEP_SHA512_MGF1SHA512,
@@ -972,9 +1004,14 @@ macro_rules! round_trip_pkcs1_encryption {
 }
 
 round_trip_pkcs1_encryption!(rsa2048_pkcs1_encryption, KeySize::Rsa2048);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_pkcs1_encryption!(rsa3072_pkcs1_encryption, KeySize::Rsa3072);
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_pkcs1_encryption!(rsa4096_pkcs1_encryption, KeySize::Rsa4096);
-#[cfg(not(debug_assertions))]
+// Key generation for large RSA keys is very slow
+#[cfg(not(disable_slow_tests))]
 round_trip_pkcs1_encryption!(rsa8192_pkcs1_encryption, KeySize::Rsa8192);
 
 // Generated by `echo -n "OpenSSL KAT" | openssl pkeyutl -inkey rsa_test_public_key_2048.x509 -pubin -encrypt -pkeyopt rsa_padding_mode:pkcs1 | xxd -i`