microsoft · Vaiz · Dec 27, 2024 · Dec 27, 2024 · Dec 27, 2024 · Dec 27, 2024
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+*.sh text eol=lf
diff --git a/.github/workflows/bindgen.yml b/.github/workflows/bindgen.yml
@@ -0,0 +1,64 @@
+name: Bindgen
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+  BINDGEN_VERSION: 0.71.1
+
+jobs:
+  bindgen:
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [x86_64-pc-windows-msvc, aarch64-pc-windows-msvc, x86_64-unknown-linux-gnu, aarch64-unknown-linux-gnu]
+        include:
+        - target: x86_64-pc-windows-msvc
+          os: windows-latest
+        - target: aarch64-pc-windows-msvc
+          os: windows-latest
+        - target: x86_64-unknown-linux-gnu
+          os: ubuntu-24.04
+        - target: aarch64-unknown-linux-gnu
+          os: ubuntu-24.04
+
+    runs-on: ${{ matrix.os }}
+    name: Bindgen ${{ matrix.target }}
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+
+    - name: Install host target
+      shell: pwsh
+      run: |
+        rustup target add ${{ matrix.target }}
+        if ("${{ matrix.target }}" -match "aarch64-unknown-linux-gnu") {
+          sudo apt update
+          sudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
+        }
+
+    - uses: taiki-e/cache-cargo-install-action@v2
+      name: Install bindgen
+      with:
+        tool: bindgen-cli@${{ env.BINDGEN_VERSION }}
+
+    - name: Compare generated bindings
+      shell: pwsh
+      run: |
+        ./scripts/generate-bindings.ps1 -triple ${{ matrix.target }} -outDir ${{ runner.temp }}
+        $targetName = "${{ matrix.target }}".Replace("-", "_")
+        $newBindingsFile = "${{ runner.temp }}/$targetName.rs"
+        $oldBindingsFile = "./symcrypt-sys/src/bindings/$targetName.rs"
+        $diff = git diff --no-index $newBindingsFile $oldBindingsFile
+        if ($diff) {
+          Write-Output "Bindings have changed"
+          Write-Output $diff
+          exit 1
+        } else {
+          Write-Output "Bindings are up to date"
+        }
diff --git a/.github/workflows/builld.yml b/.github/workflows/builld.yml
@@ -0,0 +1,77 @@
+name: Build
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - target: x86_64-pc-windows-msvc
+          os: windows-latest
+          symcrypt: "https://github.com/microsoft/SymCrypt/releases/download/v103.4.2/symcrypt-windows-amd64-release-103.4.2-171f697.zip"
+          run-tests: true
+        - target: aarch64-pc-windows-msvc
+          os: windows-latest
+          symcrypt: "https://github.com/microsoft/SymCrypt/releases/download/v103.4.2/symcrypt-windows-arm64-release-103.4.2-171f697.zip"
+          run-tests: false # Windows doesn't support ARM64 emulation
+        - target: x86_64-unknown-linux-gnu
+          symcrypt: "https://github.com/microsoft/SymCrypt/releases/download/v103.4.2/symcrypt-linux-generic-amd64-release-103.4.2-171f697.tar.gz"
+          os: ubuntu-latest
+          run-tests: true
+        - target: aarch64-unknown-linux-gnu
+          os: ubuntu-latest
+          symcrypt: "https://github.com/microsoft/SymCrypt/releases/download/v103.4.2/symcrypt-linux-generic-arm64-release-103.4.2-171f697.tar.gz"
+          run-tests: false
+
+    runs-on: ${{ matrix.os }}
+    name: ${{ matrix.target }}    
+    env:
+      CARGO_BUILD_TARGET: ${{ matrix.target }}
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install host target
+      run: rustup target add ${{ matrix.target }}
+
+    - name: Download SymCrypt
+      shell: pwsh
+      run: |
+        $dir = $(Get-Item .).FullName
+        if ("${{ matrix.symcrypt }}" -match "\.tar\.gz$") {
+          Invoke-WebRequest -Uri ${{ matrix.symcrypt }} -OutFile symcrypt.tar.gz
+          New-Item -ItemType Directory -Force -Path symcrypt
+          tar -xzf symcrypt.tar.gz -C symcrypt
+          echo "$dir/symcrypt/lib" >> $env:GITHUB_PATH
+          echo "LD_LIBRARY_PATH=$dir/symcrypt/lib:$env:LD_LIBRARY_PATH" >> $env:GITHUB_ENV
+          echo "LIBRARY_PATH=$dir/symcrypt/lib:$env:LIBRARY_PATH" >> $env:GITHUB_ENV
+          echo "SYMCRYPT_LIB_PATH=$dir/symcrypt/lib" >> $env:GITHUB_ENV
+        } else {
+          Invoke-WebRequest -Uri ${{ matrix.symcrypt }} -OutFile symcrypt.zip
+          New-Item -ItemType Directory -Force -Path symcrypt
+          Expand-Archive -Path symcrypt.zip -DestinationPath symcrypt
+          echo "$dir/symcrypt/dll" >> $env:GITHUB_PATH
+          echo "SYMCRYPT_LIB_PATH=$dir/symcrypt/dll" >> $env:GITHUB_ENV   
+        }
+
+    - name: Debug build
+      run: cargo build --verbose --target ${{ matrix.target }}
+
+    - name: Release build
+      run: cargo build --release --verbose --target ${{ matrix.target }}
+
+    - name: Run tests
+      if: matrix.run-tests
+      shell: pwsh
+      run: |
+        Write-Output "SYMCRYPT_LIB_PATH=$env:SYMCRYPT_LIB_PATH"
+        Write-Output "PATH=$env:PATH"
+        cargo test --verbose --target ${{ matrix.target }}
diff --git a/.github/workflows/linelint.yml b/.github/workflows/linelint.yml
@@ -0,0 +1,17 @@
+name: linelint
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+
+jobs:
+  linelint:
+    runs-on: ubuntu-latest
+    name: Check if all files end in newline
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Linelint
+      uses: fernandrone/[email protected]
+      id: linelint
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,2 @@
-/rust-symcrypt/target
-/symcrypt-sys/target
-/symcrypt-bindgen/target
+/target/
 .vscode/
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "SymCrypt"]
+	path = symcrypt-sys/symcrypt
+	url = https://github.com/microsoft/SymCrypt.git
diff --git a/rust-symcrypt/Cargo.lock → Cargo.lock b/rust-symcrypt/Cargo.lock → Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -0,0 +1,6 @@
+[workspace]
+members = [
+    "rust-symcrypt",
+    "symcrypt-sys"
+]
+resolver = "2"
diff --git a/scripts/generate-all-bindings.ps1 b/scripts/generate-all-bindings.ps1
@@ -0,0 +1,37 @@
+# This script generates Rust bindings for the SymCrypt library for all supported target triples.
+# Prerequisites:
+# - The script must be run on Windows with WSL installed.
+# - LLVM and bindgen must be installed on both Windows and WSL.
+
+# Installation instructions:
+# Windows:
+#    winget install LLVM.LLVM
+#    cargo install bindgen-cli
+# WSL Ubuntu:
+#    sudo apt install pwsh clang libclang-dev
+#    sudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu # for cross-compilation
+#    cargo install bindgen-cli
+
+$ErrorActionPreference = "Stop"
+$PSNativeCommandUseErrorActionPreference = $True
+
+Push-Location "$PSScriptRoot/.." # Move to the root of the project
+
+python3 "./symcrypt-sys/symcrypt/scripts/version.py" --build-info
+mv -Force "./symcrypt-sys/symcrypt/inc/buildInfo.h" "./symcrypt-sys/inc/"
+
+$bindingsDir = "./symcrypt-sys/src/bindings" # is relative to the project root
+if (Test-Path $bindingsDir) {
+    Remove-Item -Recurse -Force "$bindingsDir"
+}
+
+& "$PSScriptRoot/generate-bindings.ps1" "x86_64-pc-windows-msvc" $bindingsDir
+& "$PSScriptRoot/generate-bindings.ps1" "aarch64-pc-windows-msvc" $bindingsDir
+
+wsl --shutdown # force WSL to reload the environment
+wsl exec bash "./scripts/generate-bindings.sh" "x86_64-unknown-linux-gnu" $bindingsDir
+wsl exec bash "./scripts/generate-bindings.sh" "aarch64-unknown-linux-gnu" $bindingsDir
+
+cargo fmt -p symcrypt-sys
+
+Pop-Location