2020-03-27 16:35:23 +01:00
|
|
|
#! /usr/bin/env bash
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2016-03-08 00:22:10 +01:00
|
|
|
# all.sh
|
|
|
|
#
|
2020-08-07 13:07:28 +02:00
|
|
|
# Copyright The Mbed TLS Contributors
|
2020-05-26 01:54:15 +02:00
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
# not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
2017-12-21 15:59:21 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
#### Documentation
|
|
|
|
################################################################
|
|
|
|
|
2016-03-08 00:22:10 +01:00
|
|
|
# Purpose
|
2017-12-21 15:59:21 +01:00
|
|
|
# -------
|
2016-03-08 00:22:10 +01:00
|
|
|
#
|
2016-04-16 22:54:39 +02:00
|
|
|
# To run all tests possible or available on the platform.
|
2014-03-19 18:29:01 +01:00
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# Notes for users
|
|
|
|
# ---------------
|
|
|
|
#
|
2016-04-16 22:54:39 +02:00
|
|
|
# Warning: the test is destructive. It includes various build modes and
|
|
|
|
# configurations, and can and will arbitrarily change the current CMake
|
2017-12-21 15:59:21 +01:00
|
|
|
# configuration. The following files must be committed into git:
|
2021-05-28 09:42:25 +02:00
|
|
|
# * include/mbedtls/mbedtls_config.h
|
2020-03-04 20:46:15 +01:00
|
|
|
# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
|
|
|
|
# programs/fuzz/Makefile
|
2017-12-21 15:59:21 +01:00
|
|
|
# After running this script, the CMake cache will be lost and CMake
|
|
|
|
# will no longer be initialised.
|
|
|
|
#
|
|
|
|
# The script assumes the presence of a number of tools:
|
|
|
|
# * Basic Unix tools (Windows users note: a Unix-style find must be before
|
|
|
|
# the Windows find in the PATH)
|
|
|
|
# * Perl
|
|
|
|
# * GNU Make
|
|
|
|
# * CMake
|
|
|
|
# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
|
2018-06-28 10:41:50 +02:00
|
|
|
# * G++
|
2017-12-21 15:59:21 +01:00
|
|
|
# * arm-gcc and mingw-gcc
|
|
|
|
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
|
|
|
|
# * OpenSSL and GnuTLS command line tools, recent enough for the
|
2021-04-15 13:28:52 +02:00
|
|
|
# interoperability tests. If they don't support old features which we want
|
|
|
|
# to test, then a legacy version of these tools must be present as well
|
|
|
|
# (search for LEGACY below).
|
2017-12-21 15:59:21 +01:00
|
|
|
# See the invocation of check_tools below for details.
|
|
|
|
#
|
|
|
|
# This script must be invoked from the toplevel directory of a git
|
|
|
|
# working copy of Mbed TLS.
|
|
|
|
#
|
2020-03-28 18:50:43 +01:00
|
|
|
# The behavior on an error depends on whether --keep-going (alias -k)
|
|
|
|
# is in effect.
|
|
|
|
# * Without --keep-going: the script stops on the first error without
|
|
|
|
# cleaning up. This lets you work in the configuration of the failing
|
|
|
|
# component.
|
|
|
|
# * With --keep-going: the script runs all requested components and
|
|
|
|
# reports failures at the end. In particular the script always cleans
|
|
|
|
# up on exit.
|
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# Note that the output is not saved. You may want to run
|
|
|
|
# script -c tests/scripts/all.sh
|
|
|
|
# or
|
|
|
|
# tests/scripts/all.sh >all.log 2>&1
|
2014-03-27 14:44:04 +01:00
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# Notes for maintainers
|
|
|
|
# ---------------------
|
2014-03-27 14:44:04 +01:00
|
|
|
#
|
2018-11-27 15:58:47 +01:00
|
|
|
# The bulk of the code is organized into functions that follow one of the
|
|
|
|
# following naming conventions:
|
|
|
|
# * pre_XXX: things to do before running the tests, in order.
|
|
|
|
# * component_XXX: independent components. They can be run in any order.
|
2019-01-09 22:29:17 +01:00
|
|
|
# * component_check_XXX: quick tests that aren't worth parallelizing.
|
|
|
|
# * component_build_XXX: build things but don't run them.
|
|
|
|
# * component_test_XXX: build and test.
|
2019-01-06 21:50:38 +01:00
|
|
|
# * support_XXX: if support_XXX exists and returns false then
|
|
|
|
# component_XXX is not run by default.
|
2018-11-27 15:58:47 +01:00
|
|
|
# * post_XXX: things to do after running the tests.
|
|
|
|
# * other: miscellaneous support functions.
|
|
|
|
#
|
2019-01-09 22:29:17 +01:00
|
|
|
# Each component must start by invoking `msg` with a short informative message.
|
|
|
|
#
|
2020-03-28 21:27:40 +01:00
|
|
|
# Warning: due to the way bash detects errors, the failure of a command
|
|
|
|
# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
|
|
|
|
#
|
2020-03-28 18:50:43 +01:00
|
|
|
# Each component is executed in a separate shell process. The component
|
|
|
|
# fails if any command in it returns a non-zero status.
|
|
|
|
#
|
2019-01-09 22:29:17 +01:00
|
|
|
# The framework performs some cleanup tasks after each component. This
|
|
|
|
# means that components can assume that the working directory is in a
|
|
|
|
# cleaned-up state, and don't need to perform the cleanup themselves.
|
|
|
|
# * Run `make clean`.
|
2021-06-28 15:11:11 +02:00
|
|
|
# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
|
2019-01-09 22:29:17 +01:00
|
|
|
# the component.
|
2020-03-04 20:46:15 +01:00
|
|
|
# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
|
|
|
|
# `tests/Makefile` and `programs/fuzz/Makefile` from git.
|
|
|
|
# This cleans up after an in-tree use of CMake.
|
2019-01-09 22:29:17 +01:00
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# The tests are roughly in order from fastest to slowest. This doesn't
|
|
|
|
# have to be exact, but in general you should add slower tests towards
|
|
|
|
# the end and fast checks near the beginning.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
#### Initialization and command line parsing
|
|
|
|
################################################################
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2020-03-28 18:50:49 +01:00
|
|
|
# Abort on errors (even on the left-hand side of a pipe).
|
|
|
|
# Treat uninitialised variables as errors.
|
|
|
|
set -e -o pipefail -u
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2022-08-30 21:02:44 +02:00
|
|
|
# Enable ksh/bash extended file matching patterns
|
|
|
|
shopt -s extglob
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_check_environment () {
|
2019-01-06 20:58:02 +01:00
|
|
|
if [ -d library -a -d include -a -d tests ]; then :; else
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "Must be run from mbed TLS root" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_initialize_variables () {
|
2021-05-28 09:42:25 +02:00
|
|
|
CONFIG_H='include/mbedtls/mbedtls_config.h'
|
2020-11-01 06:14:03 +01:00
|
|
|
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
|
2022-12-27 12:35:11 +01:00
|
|
|
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
|
2020-03-30 20:11:39 +02:00
|
|
|
|
|
|
|
# Files that are clobbered by some jobs will be backed up. Use a different
|
|
|
|
# suffix from auxiliary scripts so that all.sh and auxiliary scripts can
|
|
|
|
# independently decide when to remove the backup file.
|
|
|
|
backup_suffix='.all.bak'
|
|
|
|
# Files clobbered by config.py
|
2022-12-27 12:35:11 +01:00
|
|
|
files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
|
2021-07-12 18:16:01 +02:00
|
|
|
# Files clobbered by in-tree cmake
|
|
|
|
files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
|
2018-11-27 15:58:47 +01:00
|
|
|
|
2019-09-16 15:55:46 +02:00
|
|
|
append_outcome=0
|
2018-11-27 15:58:47 +01:00
|
|
|
MEMORY=0
|
|
|
|
FORCE=0
|
2020-06-02 11:28:07 +02:00
|
|
|
QUIET=0
|
2018-11-27 15:58:47 +01:00
|
|
|
KEEP_GOING=0
|
|
|
|
|
2020-06-08 12:59:27 +02:00
|
|
|
# Seed value used with the --release-test option.
|
2020-06-22 10:11:47 +02:00
|
|
|
#
|
|
|
|
# See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
|
|
|
|
# both values are kept in sync. If you change the value here because it
|
|
|
|
# breaks some tests, you'll definitely want to change it in
|
|
|
|
# basic-build-test.sh as well.
|
2020-06-08 12:59:27 +02:00
|
|
|
RELEASE_SEED=1
|
|
|
|
|
2019-09-16 15:55:46 +02:00
|
|
|
: ${MBEDTLS_TEST_OUTCOME_FILE=}
|
2019-09-16 15:20:36 +02:00
|
|
|
: ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
|
2019-09-16 15:55:46 +02:00
|
|
|
export MBEDTLS_TEST_OUTCOME_FILE
|
2019-09-16 15:20:36 +02:00
|
|
|
export MBEDTLS_TEST_PLATFORM
|
|
|
|
|
2019-01-30 16:35:44 +01:00
|
|
|
# Default commands, can be overridden by the environment
|
2018-11-27 15:58:47 +01:00
|
|
|
: ${OPENSSL:="openssl"}
|
|
|
|
: ${OPENSSL_LEGACY:="$OPENSSL"}
|
|
|
|
: ${OPENSSL_NEXT:="$OPENSSL"}
|
|
|
|
: ${GNUTLS_CLI:="gnutls-cli"}
|
|
|
|
: ${GNUTLS_SERV:="gnutls-serv"}
|
|
|
|
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
|
|
|
|
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
|
|
|
|
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
|
|
|
|
: ${ARMC5_BIN_DIR:=/usr/bin}
|
|
|
|
: ${ARMC6_BIN_DIR:=/usr/bin}
|
2020-04-30 18:19:32 +02:00
|
|
|
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
|
2020-08-18 10:28:51 +02:00
|
|
|
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
|
2018-11-27 15:58:47 +01:00
|
|
|
|
|
|
|
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
|
2019-01-06 21:15:26 +01:00
|
|
|
if [ -z "${MAKEFLAGS+set}" ]; then
|
2021-09-30 18:24:21 +02:00
|
|
|
export MAKEFLAGS="-j$(all_sh_nproc)"
|
2018-11-27 15:58:47 +01:00
|
|
|
fi
|
2019-01-06 21:50:38 +01:00
|
|
|
|
2021-09-20 18:57:55 +02:00
|
|
|
# Include more verbose output for failing tests run by CMake or make
|
2019-02-07 18:43:39 +01:00
|
|
|
export CTEST_OUTPUT_ON_FAILURE=1
|
|
|
|
|
2019-10-21 17:11:33 +02:00
|
|
|
# CFLAGS and LDFLAGS for Asan builds that don't use CMake
|
2022-11-30 10:42:03 +01:00
|
|
|
# default to -O2, use -Ox _after_ this if you want another level
|
2023-05-31 09:38:21 +02:00
|
|
|
ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
|
2019-10-21 17:11:33 +02:00
|
|
|
|
2019-01-06 21:50:38 +01:00
|
|
|
# Gather the list of available components. These are the functions
|
|
|
|
# defined in this script whose name starts with "component_".
|
2020-03-27 16:35:23 +01:00
|
|
|
# Parse the script with sed. This way we get the functions in the order
|
|
|
|
# they are defined.
|
2019-01-06 21:50:38 +01:00
|
|
|
ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
|
|
|
|
|
|
|
|
# Exclude components that are not supported on this platform.
|
|
|
|
SUPPORTED_COMPONENTS=
|
|
|
|
for component in $ALL_COMPONENTS; do
|
|
|
|
case $(type "support_$component" 2>&1) in
|
|
|
|
*' function'*)
|
|
|
|
if ! support_$component; then continue; fi;;
|
|
|
|
esac
|
|
|
|
SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
|
|
|
|
done
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-07-12 17:54:33 +02:00
|
|
|
|
2019-01-10 00:05:18 +01:00
|
|
|
# Test whether the component $1 is included in the command line patterns.
|
|
|
|
is_component_included()
|
2018-11-27 21:37:53 +01:00
|
|
|
{
|
2021-08-06 11:35:17 +02:00
|
|
|
# Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
|
|
|
|
# only does word splitting.
|
2018-11-27 21:37:53 +01:00
|
|
|
set -f
|
2019-01-06 23:11:25 +01:00
|
|
|
for pattern in $COMMAND_LINE_COMPONENTS; do
|
2018-11-27 21:37:53 +01:00
|
|
|
set +f
|
|
|
|
case ${1#component_} in $pattern) return 0;; esac
|
|
|
|
done
|
|
|
|
set +f
|
|
|
|
return 1
|
|
|
|
}
|
2016-07-12 17:54:33 +02:00
|
|
|
|
2016-09-07 01:07:09 +02:00
|
|
|
usage()
|
2016-04-16 22:54:39 +02:00
|
|
|
{
|
2017-12-10 23:43:39 +01:00
|
|
|
cat <<EOF
|
2018-11-27 18:15:35 +01:00
|
|
|
Usage: $0 [OPTION]... [COMPONENT]...
|
2018-11-27 17:04:29 +01:00
|
|
|
Run mbedtls release validation tests.
|
2018-11-27 18:15:35 +01:00
|
|
|
By default, run all tests. With one or more COMPONENT, run only those.
|
2019-01-10 00:05:18 +01:00
|
|
|
COMPONENT can be the name of a component or a shell wildcard pattern.
|
|
|
|
|
|
|
|
Examples:
|
|
|
|
$0 "check_*"
|
|
|
|
Run all sanity checks.
|
|
|
|
$0 --no-armcc --except test_memsan
|
|
|
|
Run everything except builds that require armcc and MemSan.
|
2018-11-27 17:04:29 +01:00
|
|
|
|
|
|
|
Special options:
|
|
|
|
-h|--help Print this help and exit.
|
2019-01-06 21:50:38 +01:00
|
|
|
--list-all-components List all available test components and exit.
|
|
|
|
--list-components List components supported on this platform and exit.
|
2017-12-10 23:43:39 +01:00
|
|
|
|
|
|
|
General options:
|
2020-06-02 11:28:07 +02:00
|
|
|
-q|--quiet Only output component names, and errors if any.
|
2017-12-10 23:43:39 +01:00
|
|
|
-f|--force Force the tests to overwrite any modified files.
|
2017-12-11 00:01:40 +01:00
|
|
|
-k|--keep-going Run all tests and report errors at the end.
|
2017-12-10 23:43:39 +01:00
|
|
|
-m|--memory Additional optional memory tests.
|
2019-09-16 15:55:46 +02:00
|
|
|
--append-outcome Append to the outcome file (if used).
|
2020-04-30 18:19:32 +02:00
|
|
|
--arm-none-eabi-gcc-prefix=<string>
|
|
|
|
Prefix for a cross-compiler for arm-none-eabi
|
|
|
|
(default: "${ARM_NONE_EABI_GCC_PREFIX}")
|
2020-08-18 10:28:51 +02:00
|
|
|
--arm-linux-gnueabi-gcc-prefix=<string>
|
|
|
|
Prefix for a cross-compiler for arm-linux-gnueabi
|
|
|
|
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
|
2017-12-19 18:24:31 +01:00
|
|
|
--armcc Run ARM Compiler builds (on by default).
|
2021-08-06 11:51:59 +02:00
|
|
|
--restore First clean up the build tree, restoring backed up
|
|
|
|
files. Do not run any components unless they are
|
|
|
|
explicitly specified.
|
2020-03-28 21:09:21 +01:00
|
|
|
--error-test Error test mode: run a failing function in addition
|
2021-08-05 15:11:33 +02:00
|
|
|
to any specified component. May be repeated.
|
2019-01-10 00:05:18 +01:00
|
|
|
--except Exclude the COMPONENTs listed on the command line,
|
|
|
|
instead of running only those.
|
2019-09-16 15:55:46 +02:00
|
|
|
--no-append-outcome Write a new outcome file and analyze it (default).
|
2017-12-19 18:24:31 +01:00
|
|
|
--no-armcc Skip ARM Compiler builds.
|
2018-03-21 08:40:26 +01:00
|
|
|
--no-force Refuse to overwrite modified files (default).
|
|
|
|
--no-keep-going Stop at the first error (default).
|
|
|
|
--no-memory No additional memory tests (default).
|
2021-12-21 06:14:10 +01:00
|
|
|
--no-quiet Print full output from components.
|
2017-12-10 23:43:39 +01:00
|
|
|
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
|
2019-09-16 15:55:46 +02:00
|
|
|
--outcome-file=<path> File where test outcomes are written (not done if
|
|
|
|
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
|
2018-03-21 08:40:26 +01:00
|
|
|
--random-seed Use a random seed value for randomized tests (default).
|
2020-06-08 12:59:27 +02:00
|
|
|
-r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
|
2017-12-10 23:43:39 +01:00
|
|
|
-s|--seed Integer seed value to use for this test run.
|
|
|
|
|
|
|
|
Tool path options:
|
|
|
|
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
|
|
|
|
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
|
|
|
|
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
|
|
|
|
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
|
|
|
|
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
|
|
|
|
--gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
|
|
|
|
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
|
2021-02-18 13:55:21 +01:00
|
|
|
--openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests..
|
2018-02-20 12:02:07 +01:00
|
|
|
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
|
2017-12-10 23:43:39 +01:00
|
|
|
EOF
|
2016-04-16 22:54:39 +02:00
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2021-08-03 13:44:28 +02:00
|
|
|
# Cleanup before/after running a component.
|
|
|
|
# Remove built files as well as the cmake cache/config.
|
|
|
|
# Does not remove generated source files.
|
2014-03-19 18:29:01 +01:00
|
|
|
cleanup()
|
|
|
|
{
|
2017-12-11 00:01:40 +01:00
|
|
|
command make clean
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2018-03-21 12:15:06 +01:00
|
|
|
# Remove CMake artefacts
|
2018-11-07 19:46:41 +01:00
|
|
|
find . -name .git -prune -o \
|
2018-03-21 12:15:06 +01:00
|
|
|
-iname CMakeFiles -exec rm -rf {} \+ -o \
|
|
|
|
\( -iname cmake_install.cmake -o \
|
|
|
|
-iname CTestTestfile.cmake -o \
|
2021-09-09 11:11:44 +02:00
|
|
|
-iname CMakeCache.txt -o \
|
|
|
|
-path './cmake/*.cmake' \) -exec rm -f {} \+
|
2018-03-21 12:15:06 +01:00
|
|
|
# Recover files overwritten by in-tree CMake builds
|
2022-08-30 21:02:44 +02:00
|
|
|
rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2019-06-20 18:38:22 +02:00
|
|
|
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
|
|
|
|
rm -rf programs/test/cmake_subproject/build
|
|
|
|
rm -f programs/test/cmake_subproject/Makefile
|
|
|
|
rm -f programs/test/cmake_subproject/cmake_subproject
|
|
|
|
|
2021-03-25 17:03:25 +01:00
|
|
|
# Remove any artifacts from the component_test_cmake_as_package test.
|
|
|
|
rm -rf programs/test/cmake_package/build
|
|
|
|
rm -f programs/test/cmake_package/Makefile
|
|
|
|
rm -f programs/test/cmake_package/cmake_package
|
|
|
|
|
|
|
|
# Remove any artifacts from the component_test_cmake_as_installed_package test.
|
|
|
|
rm -rf programs/test/cmake_package_install/build
|
|
|
|
rm -f programs/test/cmake_package_install/Makefile
|
|
|
|
rm -f programs/test/cmake_package_install/cmake_package_install
|
|
|
|
|
2020-03-30 20:11:39 +02:00
|
|
|
# Restore files that may have been clobbered by the job
|
|
|
|
for x in $files_to_back_up; do
|
2022-08-30 21:02:00 +02:00
|
|
|
if [[ -e "$x$backup_suffix" ]]; then
|
|
|
|
cp -p "$x$backup_suffix" "$x"
|
|
|
|
fi
|
2020-03-30 20:11:39 +02:00
|
|
|
done
|
|
|
|
}
|
2020-11-01 06:14:03 +01:00
|
|
|
|
2021-08-03 13:44:28 +02:00
|
|
|
# Final cleanup when this script exits (except when exiting on a failure
|
|
|
|
# in non-keep-going mode).
|
2020-03-30 20:11:39 +02:00
|
|
|
final_cleanup () {
|
|
|
|
cleanup
|
|
|
|
|
|
|
|
for x in $files_to_back_up; do
|
|
|
|
rm -f "$x$backup_suffix"
|
|
|
|
done
|
2014-03-19 18:29:01 +01:00
|
|
|
}
|
|
|
|
|
2017-12-11 00:01:40 +01:00
|
|
|
# Executed on exit. May be redefined depending on command line options.
|
|
|
|
final_report () {
|
|
|
|
:
|
|
|
|
}
|
|
|
|
|
|
|
|
fatal_signal () {
|
2020-03-30 20:11:39 +02:00
|
|
|
final_cleanup
|
2017-12-11 00:01:40 +01:00
|
|
|
final_report $1
|
|
|
|
trap - $1
|
|
|
|
kill -$1 $$
|
|
|
|
}
|
|
|
|
|
|
|
|
trap 'fatal_signal HUP' HUP
|
|
|
|
trap 'fatal_signal INT' INT
|
|
|
|
trap 'fatal_signal TERM' TERM
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2021-09-30 18:24:21 +02:00
|
|
|
# Number of processors on this machine. Used as the default setting
|
|
|
|
# for parallel make.
|
|
|
|
all_sh_nproc ()
|
|
|
|
{
|
|
|
|
{
|
|
|
|
nproc || # Linux
|
|
|
|
sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
|
|
|
|
sysctl -n hw.ncpu || # FreeBSD
|
|
|
|
echo 1
|
|
|
|
} 2>/dev/null
|
|
|
|
}
|
|
|
|
|
2014-03-27 14:44:04 +01:00
|
|
|
msg()
|
|
|
|
{
|
2018-12-04 12:49:28 +01:00
|
|
|
if [ -n "${current_component:-}" ]; then
|
|
|
|
current_section="${current_component#component_}: $1"
|
|
|
|
else
|
|
|
|
current_section="$1"
|
|
|
|
fi
|
2020-06-02 11:28:07 +02:00
|
|
|
|
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
2014-03-27 14:44:04 +01:00
|
|
|
echo ""
|
|
|
|
echo "******************************************************************"
|
2018-12-04 12:49:28 +01:00
|
|
|
echo "* $current_section "
|
2015-01-26 15:03:56 +01:00
|
|
|
printf "* "; date
|
2014-03-27 14:44:04 +01:00
|
|
|
echo "******************************************************************"
|
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
armc6_build_test()
|
|
|
|
{
|
|
|
|
FLAGS="$1"
|
2016-10-17 16:23:10 +02:00
|
|
|
|
2020-04-30 23:11:54 +02:00
|
|
|
msg "build: ARM Compiler 6 ($FLAGS)"
|
2018-11-27 15:58:47 +01:00
|
|
|
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
|
2023-03-02 14:39:04 +01:00
|
|
|
WARNING_CFLAGS='-Werror -xc -std=c99' make lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
|
|
|
msg "size: ARM Compiler 6 ($FLAGS)"
|
|
|
|
"$ARMC6_FROMELF" -z library/*.o
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
make clean
|
|
|
|
}
|
2016-10-17 16:23:10 +02:00
|
|
|
|
2016-08-26 15:42:14 +02:00
|
|
|
err_msg()
|
|
|
|
{
|
|
|
|
echo "$1" >&2
|
|
|
|
}
|
|
|
|
|
|
|
|
check_tools()
|
|
|
|
{
|
|
|
|
for TOOL in "$@"; do
|
2017-01-31 18:04:45 +01:00
|
|
|
if ! `type "$TOOL" >/dev/null 2>&1`; then
|
2016-08-26 15:42:14 +02:00
|
|
|
err_msg "$TOOL not found!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2023-06-09 15:20:18 +02:00
|
|
|
pre_parse_command_line_for_dirs () {
|
|
|
|
# Make an early pass through the options given, so we can set directories
|
|
|
|
# for Arm compilers, before SUPPORTED_COMPONENTS is determined.
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
case "$1" in
|
|
|
|
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
|
|
|
|
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
|
|
|
|
esac
|
|
|
|
shift
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_parse_command_line () {
|
2019-01-06 23:11:25 +01:00
|
|
|
COMMAND_LINE_COMPONENTS=
|
2019-01-10 00:05:18 +01:00
|
|
|
all_except=0
|
2020-03-28 21:09:21 +01:00
|
|
|
error_test=0
|
2021-08-06 11:51:59 +02:00
|
|
|
restore_first=0
|
2019-01-06 23:23:42 +01:00
|
|
|
no_armcc=
|
2019-01-06 23:11:25 +01:00
|
|
|
|
2018-11-02 19:34:17 +01:00
|
|
|
# Note that legacy options are ignored instead of being omitted from this
|
|
|
|
# list of options, so invocations that worked with previous version of
|
|
|
|
# all.sh will still run and work properly.
|
2018-11-27 15:58:47 +01:00
|
|
|
while [ $# -gt 0 ]; do
|
2019-01-09 22:28:21 +01:00
|
|
|
case "$1" in
|
2019-09-16 15:55:46 +02:00
|
|
|
--append-outcome) append_outcome=1;;
|
2020-04-30 18:19:32 +02:00
|
|
|
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
|
2020-08-18 10:28:51 +02:00
|
|
|
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
|
2019-01-06 23:23:42 +01:00
|
|
|
--armcc) no_armcc=;;
|
2023-06-09 15:20:18 +02:00
|
|
|
--armc5-bin-dir) shift; ;; # assignment to ARMC5_BIN_DIR done in pre_parse_command_line_for_dirs
|
|
|
|
--armc6-bin-dir) shift; ;; # assignment to ARMC6_BIN_DIR done in pre_parse_command_line_for_dirs
|
2020-03-28 21:09:21 +01:00
|
|
|
--error-test) error_test=$((error_test + 1));;
|
2019-01-06 23:11:25 +01:00
|
|
|
--except) all_except=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--force|-f) FORCE=1;;
|
|
|
|
--gnutls-cli) shift; GNUTLS_CLI="$1";;
|
|
|
|
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
|
|
|
|
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
|
|
|
|
--gnutls-serv) shift; GNUTLS_SERV="$1";;
|
|
|
|
--help|-h) usage; exit;;
|
|
|
|
--keep-going|-k) KEEP_GOING=1;;
|
2019-01-06 21:50:38 +01:00
|
|
|
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
|
|
|
|
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--memory|-m) MEMORY=1;;
|
2019-09-16 15:55:46 +02:00
|
|
|
--no-append-outcome) append_outcome=0;;
|
2019-01-06 23:23:42 +01:00
|
|
|
--no-armcc) no_armcc=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--no-force) FORCE=0;;
|
|
|
|
--no-keep-going) KEEP_GOING=0;;
|
|
|
|
--no-memory) MEMORY=0;;
|
2020-06-02 11:28:07 +02:00
|
|
|
--no-quiet) QUIET=0;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--openssl) shift; OPENSSL="$1";;
|
|
|
|
--openssl-legacy) shift; OPENSSL_LEGACY="$1";;
|
|
|
|
--openssl-next) shift; OPENSSL_NEXT="$1";;
|
2019-09-16 15:55:46 +02:00
|
|
|
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
|
2019-01-09 22:28:21 +01:00
|
|
|
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
|
2020-06-02 11:28:07 +02:00
|
|
|
--quiet|-q) QUIET=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--random-seed) unset SEED;;
|
2020-06-08 12:59:27 +02:00
|
|
|
--release-test|-r) SEED=$RELEASE_SEED;;
|
2021-08-06 11:51:59 +02:00
|
|
|
--restore) restore_first=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--seed|-s) shift; SEED="$1";;
|
|
|
|
-*)
|
|
|
|
echo >&2 "Unknown option: $1"
|
|
|
|
echo >&2 "Run $0 --help for usage."
|
|
|
|
exit 120
|
|
|
|
;;
|
2019-01-06 23:11:25 +01:00
|
|
|
*) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
|
2019-01-09 22:28:21 +01:00
|
|
|
esac
|
|
|
|
shift
|
2018-11-27 15:58:47 +01:00
|
|
|
done
|
2016-04-16 22:54:39 +02:00
|
|
|
|
2019-01-10 00:05:18 +01:00
|
|
|
# With no list of components, run everything.
|
2021-08-06 11:51:59 +02:00
|
|
|
if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
|
2019-01-06 23:11:25 +01:00
|
|
|
all_except=1
|
|
|
|
fi
|
2016-04-16 22:54:39 +02:00
|
|
|
|
2019-01-06 23:23:42 +01:00
|
|
|
# --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
|
|
|
|
# Ignore it if components are listed explicitly on the command line.
|
2019-01-10 00:05:18 +01:00
|
|
|
if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
|
2019-01-06 23:23:42 +01:00
|
|
|
COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
|
2016-08-31 18:33:13 +02:00
|
|
|
fi
|
|
|
|
|
2021-08-03 13:44:28 +02:00
|
|
|
# Error out if an explicitly requested component doesn't exist.
|
2020-03-28 21:37:59 +01:00
|
|
|
if [ $all_except -eq 0 ]; then
|
|
|
|
unsupported=0
|
2021-08-06 11:35:17 +02:00
|
|
|
# Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
|
|
|
|
# only does word splitting.
|
2021-08-03 13:43:36 +02:00
|
|
|
set -f
|
2020-03-28 21:37:59 +01:00
|
|
|
for component in $COMMAND_LINE_COMPONENTS; do
|
2021-08-03 13:43:36 +02:00
|
|
|
set +f
|
2021-08-03 13:44:28 +02:00
|
|
|
# If the requested name includes a wildcard character, don't
|
|
|
|
# check it. Accept wildcard patterns that don't match anything.
|
2020-03-28 21:37:59 +01:00
|
|
|
case $component in
|
|
|
|
*[*?\[]*) continue;;
|
|
|
|
esac
|
|
|
|
case " $SUPPORTED_COMPONENTS " in
|
|
|
|
*" $component "*) :;;
|
|
|
|
*)
|
|
|
|
echo >&2 "Component $component was explicitly requested, but is not known or not supported."
|
|
|
|
unsupported=$((unsupported + 1));;
|
|
|
|
esac
|
|
|
|
done
|
2021-08-03 13:43:36 +02:00
|
|
|
set +f
|
2020-03-28 21:37:59 +01:00
|
|
|
if [ $unsupported -ne 0 ]; then
|
|
|
|
exit 2
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2019-01-06 23:11:25 +01:00
|
|
|
# Build the list of components to run.
|
2019-01-10 00:05:18 +01:00
|
|
|
RUN_COMPONENTS=
|
|
|
|
for component in $SUPPORTED_COMPONENTS; do
|
|
|
|
if is_component_included "$component"; [ $? -eq $all_except ]; then
|
|
|
|
RUN_COMPONENTS="$RUN_COMPONENTS $component"
|
|
|
|
fi
|
|
|
|
done
|
2019-01-06 23:11:25 +01:00
|
|
|
|
|
|
|
unset all_except
|
2019-01-06 23:23:42 +01:00
|
|
|
unset no_armcc
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-04-16 22:54:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_check_git () {
|
|
|
|
if [ $FORCE -eq 1 ]; then
|
2019-01-09 23:17:35 +01:00
|
|
|
rm -rf "$OUT_OF_SOURCE_DIR"
|
2018-11-27 15:58:47 +01:00
|
|
|
git checkout-index -f -q $CONFIG_H
|
|
|
|
cleanup
|
|
|
|
else
|
2016-08-31 18:33:13 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
if [ -d "$OUT_OF_SOURCE_DIR" ]; then
|
|
|
|
echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
|
|
|
|
echo "You can either delete this directory manually, or force the test by rerunning"
|
|
|
|
echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2021-05-28 09:42:25 +02:00
|
|
|
if ! git diff --quiet include/mbedtls/mbedtls_config.h; then
|
|
|
|
err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "You can either delete or preserve your work, or force the test by rerunning the"
|
|
|
|
echo "script as: $0 --force"
|
|
|
|
exit 1
|
|
|
|
fi
|
2016-04-16 22:54:39 +02:00
|
|
|
fi
|
2019-02-14 13:18:59 +01:00
|
|
|
}
|
|
|
|
|
2021-07-12 18:16:01 +02:00
|
|
|
pre_restore_files () {
|
|
|
|
# If the makefiles have been generated by a framework such as cmake,
|
|
|
|
# restore them from git. If the makefiles look like modifications from
|
|
|
|
# the ones checked into git, take care not to modify them. Whatever
|
|
|
|
# this function leaves behind is what the script will restore before
|
|
|
|
# each component.
|
|
|
|
case "$(head -n1 Makefile)" in
|
|
|
|
*[Gg]enerated*)
|
|
|
|
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
|
|
|
|
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
2020-03-30 20:11:39 +02:00
|
|
|
pre_back_up () {
|
|
|
|
for x in $files_to_back_up; do
|
|
|
|
cp -p "$x" "$x$backup_suffix"
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_setup_keep_going () {
|
2020-03-28 18:50:43 +01:00
|
|
|
failure_count=0 # Number of failed components
|
|
|
|
last_failure_status=0 # Last failure status in this component
|
|
|
|
|
2020-03-28 19:34:23 +01:00
|
|
|
# See err_trap
|
|
|
|
previous_failure_status=0
|
|
|
|
previous_failed_command=
|
|
|
|
previous_failure_funcall_depth=0
|
2020-03-28 21:27:40 +01:00
|
|
|
unset report_failed_command
|
2020-03-28 19:34:23 +01:00
|
|
|
|
2017-12-11 00:01:40 +01:00
|
|
|
start_red=
|
|
|
|
end_color=
|
|
|
|
if [ -t 1 ]; then
|
2018-01-02 21:54:17 +01:00
|
|
|
case "${TERM:-}" in
|
2017-12-11 00:01:40 +01:00
|
|
|
*color*|cygwin|linux|rxvt*|screen|[Eex]term*)
|
|
|
|
start_red=$(printf '\033[31m')
|
|
|
|
end_color=$(printf '\033[0m')
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
fi
|
2020-03-28 18:50:43 +01:00
|
|
|
|
|
|
|
# Keep a summary of failures in a file. We'll print it out at the end.
|
|
|
|
failure_summary_file=$PWD/all-sh-failures-$$.log
|
|
|
|
: >"$failure_summary_file"
|
|
|
|
|
|
|
|
# Whether it makes sense to keep a component going after the specified
|
|
|
|
# command fails (test command) or not (configure or build).
|
2021-08-06 11:35:17 +02:00
|
|
|
# This function normally receives the failing simple command
|
|
|
|
# ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
|
|
|
|
# this is passed instead.
|
2020-03-28 18:50:43 +01:00
|
|
|
# This doesn't have to be 100% accurate: all failures are recorded anyway.
|
2021-08-02 23:29:53 +02:00
|
|
|
# False positives result in running things that can't be expected to
|
|
|
|
# work. False negatives result in things not running after something else
|
|
|
|
# failed even though they might have given useful feedback.
|
2020-03-28 18:50:43 +01:00
|
|
|
can_keep_going_after_failure () {
|
|
|
|
case "$1" in
|
|
|
|
"msg "*) false;;
|
2021-08-02 23:29:53 +02:00
|
|
|
"cd "*) false;;
|
|
|
|
*make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
|
|
|
|
*test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
|
|
|
|
*make*check*) true;;
|
|
|
|
"grep "*) true;;
|
|
|
|
"[ "*) true;;
|
|
|
|
"! "*) true;;
|
2020-03-28 18:50:43 +01:00
|
|
|
*) false;;
|
2017-12-11 00:01:40 +01:00
|
|
|
esac
|
|
|
|
}
|
2020-03-28 18:50:43 +01:00
|
|
|
|
|
|
|
# This function runs if there is any error in a component.
|
|
|
|
# It must either exit with a nonzero status, or set
|
|
|
|
# last_failure_status to a nonzero value.
|
|
|
|
err_trap () {
|
|
|
|
# Save $? (status of the failing command). This must be the very
|
|
|
|
# first thing, before $? is overridden.
|
|
|
|
last_failure_status=$?
|
2020-03-28 21:27:40 +01:00
|
|
|
failed_command=${report_failed_command-$BASH_COMMAND}
|
2020-03-28 18:50:43 +01:00
|
|
|
|
2020-03-28 19:34:23 +01:00
|
|
|
if [[ $last_failure_status -eq $previous_failure_status &&
|
|
|
|
"$failed_command" == "$previous_failed_command" &&
|
|
|
|
${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
|
|
|
|
then
|
|
|
|
# The same command failed twice in a row, but this time one level
|
|
|
|
# less deep in the function call stack. This happens when the last
|
|
|
|
# command of a function returns a nonzero status, and the function
|
|
|
|
# returns that same status. Ignore the second failure.
|
|
|
|
previous_failure_funcall_depth=${#FUNCNAME[@]}
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
previous_failure_status=$last_failure_status
|
|
|
|
previous_failed_command=$failed_command
|
|
|
|
previous_failure_funcall_depth=${#FUNCNAME[@]}
|
|
|
|
|
2020-03-28 18:50:43 +01:00
|
|
|
text="$current_section: $failed_command -> $last_failure_status"
|
|
|
|
echo "${start_red}^^^^$text^^^^${end_color}" >&2
|
|
|
|
echo "$text" >>"$failure_summary_file"
|
|
|
|
|
|
|
|
# If the command is fatal (configure or build command), stop this
|
|
|
|
# component. Otherwise (test command) keep the component running
|
|
|
|
# (run more tests from the same build).
|
|
|
|
if ! can_keep_going_after_failure "$failed_command"; then
|
|
|
|
exit $last_failure_status
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2017-12-11 00:01:40 +01:00
|
|
|
final_report () {
|
|
|
|
if [ $failure_count -gt 0 ]; then
|
|
|
|
echo
|
|
|
|
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
2020-03-28 18:50:43 +01:00
|
|
|
echo "${start_red}FAILED: $failure_count components${end_color}"
|
|
|
|
cat "$failure_summary_file"
|
2017-12-11 00:01:40 +01:00
|
|
|
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
|
|
elif [ -z "${1-}" ]; then
|
|
|
|
echo "SUCCESS :)"
|
|
|
|
fi
|
|
|
|
if [ -n "${1-}" ]; then
|
|
|
|
echo "Killed by SIG$1."
|
|
|
|
fi
|
2020-03-28 18:50:43 +01:00
|
|
|
rm -f "$failure_summary_file"
|
|
|
|
if [ $failure_count -gt 0 ]; then
|
|
|
|
exit 1
|
|
|
|
fi
|
2017-12-11 00:01:40 +01:00
|
|
|
}
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
|
|
|
|
2021-07-08 18:41:16 +02:00
|
|
|
# record_status() and if_build_succeeded() are kept temporarily for backward
|
|
|
|
# compatibility. Don't use them in new components.
|
2020-03-28 18:50:43 +01:00
|
|
|
record_status () {
|
|
|
|
"$@"
|
2017-12-11 00:01:40 +01:00
|
|
|
}
|
|
|
|
if_build_succeeded () {
|
2020-03-28 18:50:43 +01:00
|
|
|
"$@"
|
2018-06-07 10:51:44 +02:00
|
|
|
}
|
|
|
|
|
2020-03-28 21:27:40 +01:00
|
|
|
# '! true' does not trigger the ERR trap. Arrange to trigger it, with
|
|
|
|
# a reasonably informative error message (not just "$@").
|
|
|
|
not () {
|
|
|
|
if "$@"; then
|
|
|
|
report_failed_command="! $*"
|
|
|
|
false
|
|
|
|
unset report_failed_command
|
2020-06-02 11:28:07 +02:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2019-09-16 15:55:46 +02:00
|
|
|
pre_prepare_outcome_file () {
|
|
|
|
case "$MBEDTLS_TEST_OUTCOME_FILE" in
|
|
|
|
[!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
|
|
|
|
esac
|
|
|
|
if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
|
|
|
|
rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_print_configuration () {
|
2020-06-02 11:28:07 +02:00
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "info: $0 configuration"
|
|
|
|
echo "MEMORY: $MEMORY"
|
|
|
|
echo "FORCE: $FORCE"
|
2019-09-16 15:55:46 +02:00
|
|
|
echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "SEED: ${SEED-"UNSET"}"
|
2020-03-04 20:46:15 +01:00
|
|
|
echo
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "OPENSSL: $OPENSSL"
|
|
|
|
echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
|
|
|
|
echo "OPENSSL_NEXT: $OPENSSL_NEXT"
|
|
|
|
echo "GNUTLS_CLI: $GNUTLS_CLI"
|
|
|
|
echo "GNUTLS_SERV: $GNUTLS_SERV"
|
|
|
|
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
|
|
|
|
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
|
|
|
|
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
|
|
|
|
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
|
|
|
|
}
|
2016-10-10 16:46:20 +02:00
|
|
|
|
2016-08-26 15:42:14 +02:00
|
|
|
# Make sure the tools we need are available.
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_check_tools () {
|
2019-01-06 23:46:21 +01:00
|
|
|
# Build the list of variables to pass to output_env.sh.
|
|
|
|
set env
|
|
|
|
|
2019-01-06 23:40:00 +01:00
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
# Require OpenSSL and GnuTLS if running any tests (as opposed to
|
|
|
|
# only doing builds). Not all tests run OpenSSL and GnuTLS, but this
|
|
|
|
# is a good enough approximation in practice.
|
|
|
|
*" test_"*)
|
|
|
|
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh
|
|
|
|
# and ssl-opt.sh, we just export the variables they require.
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
export OPENSSL="$OPENSSL"
|
2019-01-06 23:40:00 +01:00
|
|
|
export GNUTLS_CLI="$GNUTLS_CLI"
|
|
|
|
export GNUTLS_SERV="$GNUTLS_SERV"
|
|
|
|
# Avoid passing --seed flag in every call to ssl-opt.sh
|
|
|
|
if [ -n "${SEED-}" ]; then
|
|
|
|
export SEED
|
|
|
|
fi
|
2019-01-06 23:46:21 +01:00
|
|
|
set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
|
|
|
|
set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
|
|
|
|
set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
|
|
|
|
set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
|
2019-01-06 23:40:00 +01:00
|
|
|
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
|
|
|
|
"$GNUTLS_CLI" "$GNUTLS_SERV" \
|
|
|
|
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
*_doxygen[_\ ]*) check_tools "doxygen" "dot";;
|
|
|
|
esac
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
2020-04-30 18:19:32 +02:00
|
|
|
*_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
|
2019-01-06 23:40:00 +01:00
|
|
|
esac
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
*_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
|
|
|
|
esac
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
*" test_zeroize "*) check_tools "gdb";;
|
|
|
|
esac
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2019-01-06 23:40:00 +01:00
|
|
|
case " $RUN_COMPONENTS " in
|
2019-01-06 23:23:42 +01:00
|
|
|
*_armcc*)
|
2019-01-06 23:40:00 +01:00
|
|
|
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
|
|
|
|
ARMC5_AR="$ARMC5_BIN_DIR/armar"
|
2020-04-30 23:11:54 +02:00
|
|
|
ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
|
2019-01-06 23:40:00 +01:00
|
|
|
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
|
|
|
|
ARMC6_AR="$ARMC6_BIN_DIR/armar"
|
2020-04-30 23:11:54 +02:00
|
|
|
ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
|
|
|
|
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
|
|
|
|
"$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
|
2019-01-06 23:23:42 +01:00
|
|
|
esac
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2020-06-02 11:28:07 +02:00
|
|
|
# past this point, no call to check_tool, only printing output
|
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
2019-01-06 23:46:21 +01:00
|
|
|
msg "info: output_env.sh"
|
|
|
|
case $RUN_COMPONENTS in
|
|
|
|
*_armcc*)
|
|
|
|
set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
|
|
|
|
*) set "$@" RUN_ARMCC=0;;
|
|
|
|
esac
|
|
|
|
"$@" scripts/output_env.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2021-04-22 01:10:12 +02:00
|
|
|
pre_generate_files() {
|
2021-06-18 13:30:14 +02:00
|
|
|
# since make doesn't have proper dependencies, remove any possibly outdate
|
|
|
|
# file that might be around before generating fresh ones
|
|
|
|
make neat
|
2021-07-08 19:07:07 +02:00
|
|
|
if [ $QUIET -eq 1 ]; then
|
2021-08-05 15:10:47 +02:00
|
|
|
make generated_files >/dev/null
|
2021-07-08 19:07:07 +02:00
|
|
|
else
|
|
|
|
make generated_files
|
|
|
|
fi
|
2021-04-22 01:10:12 +02:00
|
|
|
}
|
|
|
|
|
2023-05-25 09:39:08 +02:00
|
|
|
################################################################
|
|
|
|
#### Helpers for components using libtestdriver1
|
|
|
|
################################################################
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2023-06-06 11:14:57 +02:00
|
|
|
# How to use libtestdriver1
|
|
|
|
# -------------------------
|
|
|
|
#
|
|
|
|
# 1. Define the list algorithms and key types to accelerate,
|
|
|
|
# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
|
|
|
|
# Examples:
|
|
|
|
# - loc_accel_list="ALG_JPAKE"
|
|
|
|
# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# 2. Make configurations changes for the driver and/or main libraries.
|
|
|
|
# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
|
|
|
|
# can be either "default" to start with the default config, or a name
|
|
|
|
# supported by scripts/config.py (for example, "full"). This selects
|
2023-06-12 17:17:54 +02:00
|
|
|
# the base to use, and makes common adjustments.
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
|
|
|
|
# These changes affect both the driver and the main libraries.
|
|
|
|
# (Note: they need to have the same set of PSA_WANT symbols, as that
|
|
|
|
# determines the ABI between them.)
|
|
|
|
# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
|
|
|
|
# main libraries. Typically, you want to disable the module(s) that are
|
|
|
|
# being accelerated. You may need to also disable modules that depend
|
|
|
|
# on them or options that are not supported with drivers.
|
|
|
|
# 2d. On top of psa/crypto_config.h, the driver library uses its own config
|
|
|
|
# file: tests/include/test/drivers/config_test_driver.h. You usually
|
|
|
|
# don't need to edit it: using loc_extra_list (see below) is preferred.
|
|
|
|
# However, when there's no PSA symbol for what you want to enable,
|
|
|
|
# calling scripts/config.py on this file remains the only option.
|
|
|
|
# 3. Build the driver library, then the main libraries, test, and programs.
|
|
|
|
# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
|
|
|
|
# need to enable more algorithms here, typically hash algorithms when
|
|
|
|
# accelerating some signature algorithms (ECDSA, RSAv2). This is done
|
|
|
|
# by passing a 2nd argument listing the extra algorithms.
|
|
|
|
# Example:
|
|
|
|
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
|
|
|
|
# additional arguments will be passed to make: this can be useful if
|
|
|
|
# you don't want to build everything when iterating during development.
|
|
|
|
# Example:
|
|
|
|
# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
|
|
|
|
# 4. Run the tests you want.
|
2023-06-06 11:14:57 +02:00
|
|
|
|
2023-05-25 09:39:08 +02:00
|
|
|
# Adjust the configuration - for both libtestdriver1 and main library,
|
|
|
|
# as they should have the same PSA_WANT macros.
|
|
|
|
helper_libtestdriver1_adjust_config() {
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
BASE_CONFIG=$1
|
|
|
|
# Select the base configuration
|
|
|
|
if [ "$BASE_CONFIG" != "default" ]; then
|
|
|
|
scripts/config.py "$BASE_CONFIG"
|
|
|
|
fi
|
2017-12-21 15:59:21 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Enable PSA-based config (necessary to use drivers)
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
2023-05-25 09:39:08 +02:00
|
|
|
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
|
|
|
# partial support for cipher operations in the driver test library.
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
2023-06-12 17:17:54 +02:00
|
|
|
|
|
|
|
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
|
|
|
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
2023-05-25 09:39:08 +02:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
# Build the drivers library libtestdriver1.a (with ASan).
|
2023-05-25 10:07:31 +02:00
|
|
|
#
|
|
|
|
# Parameters:
|
|
|
|
# 1. a space-separated list of things to accelerate;
|
|
|
|
# 2. optional: a space-separate list of things to also support.
|
|
|
|
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
|
|
|
|
helper_libtestdriver1_make_drivers() {
|
|
|
|
loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
|
|
|
make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
# Build the main libraries, programs and tests,
|
|
|
|
# linking to the drivers library (with ASan).
|
|
|
|
#
|
|
|
|
# Parameters:
|
|
|
|
# 1. a space-separated list of things to accelerate;
|
|
|
|
# *. remaining arguments if any are passed directly to make
|
|
|
|
# (examples: lib, -C tests test_suite_xxx, etc.)
|
|
|
|
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
|
|
|
|
helper_libtestdriver1_make_main() {
|
|
|
|
loc_accel_list=$1
|
|
|
|
shift
|
|
|
|
|
|
|
|
# we need flags both with and without the LIBTESTDRIVER1_ prefix
|
|
|
|
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
|
|
|
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
|
|
|
make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
|
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
|
|
|
################################################################
|
|
|
|
#### Basic checks
|
|
|
|
################################################################
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2016-04-16 22:54:39 +02:00
|
|
|
#
|
|
|
|
# Test Suites to be executed
|
|
|
|
#
|
2014-06-09 11:21:49 +02:00
|
|
|
# The test ordering tries to optimize for the following criteria:
|
2014-11-20 13:48:53 +01:00
|
|
|
# 1. Catch possible problems early, by running first tests that run quickly
|
2014-08-14 11:29:06 +02:00
|
|
|
# and/or are more likely to fail than others (eg I use Clang most of the
|
|
|
|
# time, so start with a GCC build).
|
2014-06-09 11:21:49 +02:00
|
|
|
# 2. Minimize total running time, by avoiding useless rebuilds
|
|
|
|
#
|
|
|
|
# Indicative running times are given for reference.
|
2014-03-27 14:44:04 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_recursion () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: recursion.pl" # < 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/recursion.pl library/*.c
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2021-05-18 16:09:50 +02:00
|
|
|
component_check_generated_files () {
|
|
|
|
msg "Check: check-generated-files, files generated with make" # 2s
|
|
|
|
make generated_files
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh
|
2021-05-18 16:09:50 +02:00
|
|
|
|
|
|
|
msg "Check: check-generated-files -u, files present" # 2s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh -u
|
2021-05-18 16:09:50 +02:00
|
|
|
# Check that the generated files are considered up to date.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh
|
2021-05-18 16:09:50 +02:00
|
|
|
|
|
|
|
msg "Check: check-generated-files -u, files absent" # 2s
|
|
|
|
command make neat
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh -u
|
2021-05-18 16:09:50 +02:00
|
|
|
# Check that the generated files are considered up to date.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh
|
2021-05-18 16:09:50 +02:00
|
|
|
|
|
|
|
# This component ends with the generated files present in the source tree.
|
|
|
|
# This is necessary for subsequent components!
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_doxy_blocks () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: doxygen markup outside doxygen blocks" # < 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-doxy-blocks.pl
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-04-09 17:19:23 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_files () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: file sanity checks (permissions, encodings)" # < 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check_files.py
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-03-13 17:48:16 +01:00
|
|
|
|
2020-05-10 17:40:49 +02:00
|
|
|
component_check_changelog () {
|
|
|
|
msg "Check: changelog entries" # < 1s
|
|
|
|
rm -f ChangeLog.new
|
2021-07-08 18:41:16 +02:00
|
|
|
scripts/assemble_changelog.py -o ChangeLog.new
|
2020-05-10 17:40:49 +02:00
|
|
|
if [ -e ChangeLog.new ]; then
|
|
|
|
# Show the diff for information. It isn't an error if the diff is
|
|
|
|
# non-empty.
|
|
|
|
diff -u ChangeLog ChangeLog.new || true
|
|
|
|
rm ChangeLog.new
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_names () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: declared and exported names (builds the library)" # < 3s
|
2021-09-24 19:02:56 +02:00
|
|
|
tests/scripts/check_names.py -v
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-04-09 11:09:03 +02:00
|
|
|
|
2019-09-19 21:30:05 +02:00
|
|
|
component_check_test_cases () {
|
|
|
|
msg "Check: test case descriptions" # < 1s
|
2020-06-02 11:51:40 +02:00
|
|
|
if [ $QUIET -eq 1 ]; then
|
2020-06-08 10:59:41 +02:00
|
|
|
opt='--quiet'
|
2020-06-02 11:51:40 +02:00
|
|
|
else
|
2020-06-08 10:59:41 +02:00
|
|
|
opt=''
|
2020-06-02 11:51:40 +02:00
|
|
|
fi
|
2022-12-15 14:46:31 +01:00
|
|
|
tests/scripts/check_test_cases.py -q $opt
|
2020-06-08 10:59:41 +02:00
|
|
|
unset opt
|
2019-09-19 21:30:05 +02:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_doxygen_warnings () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/doxygen.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-01-04 16:49:09 +01:00
|
|
|
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
|
2017-12-21 15:59:21 +01:00
|
|
|
################################################################
|
|
|
|
#### Build and test many configurations and targets
|
|
|
|
################################################################
|
|
|
|
|
2019-04-08 17:00:15 +02:00
|
|
|
component_test_default_out_of_box () {
|
|
|
|
msg "build: make, default config (out-of-box)" # ~1min
|
|
|
|
make
|
2019-09-16 15:55:46 +02:00
|
|
|
# Disable fancy stuff
|
|
|
|
unset MBEDTLS_TEST_OUTCOME_FILE
|
2019-04-08 17:00:15 +02:00
|
|
|
|
|
|
|
msg "test: main suites make, default config (out-of-box)" # ~10s
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "selftest: make, default config (out-of-box)" # ~10s
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest
|
2019-04-08 17:00:15 +02:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_default_cmake_gcc_asan () {
|
|
|
|
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
make test
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2020-04-23 23:37:45 +02:00
|
|
|
msg "test: selftest (ASan build)" # ~ 10s
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest
|
2020-04-23 23:37:45 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: compat.sh (ASan build)" # ~ 6 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
msg "test: context-info.sh (ASan build)" # ~ 15 sec
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2019-02-26 15:27:09 +01:00
|
|
|
component_test_full_cmake_gcc_asan () {
|
|
|
|
msg "build: full config, cmake, gcc, ASan"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2019-02-26 15:27:09 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: main suites (inc. selftests) (full config, ASan build)"
|
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
2020-04-23 23:37:45 +02:00
|
|
|
msg "test: selftest (ASan build)" # ~ 10s
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest
|
2020-04-23 23:37:45 +02:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
msg "test: ssl-opt.sh (full config, ASan build)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
msg "test: compat.sh (full config, ASan build)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2022-12-30 17:45:05 +01:00
|
|
|
|
2023-01-04 16:12:42 +01:00
|
|
|
msg "test: check direct ECP dependencies in TLS and X.509"
|
2022-12-30 17:45:05 +01:00
|
|
|
docs/architecture/psa-migration/syms.sh full
|
|
|
|
|
2023-01-04 16:12:42 +01:00
|
|
|
# TODO: replace "mbedtls_ecp_curve" with "mbedtls_ecp" also for
|
|
|
|
# "full-tls-external" once Issue6839 is completed
|
2023-04-20 13:28:39 +02:00
|
|
|
not grep mbedtls_ecp_curve full-libmbedtls-external
|
|
|
|
not grep mbedtls_ecp full-libmbedx509-external
|
2022-12-30 17:45:05 +01:00
|
|
|
|
2023-04-20 13:28:39 +02:00
|
|
|
rm full-libmbedtls-external \
|
|
|
|
full-libmbedtls-modules \
|
|
|
|
full-libmbedx509-external \
|
|
|
|
full-libmbedx509-modules
|
2019-02-26 15:27:09 +01:00
|
|
|
}
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2020-10-29 10:51:32 +01:00
|
|
|
component_test_psa_crypto_key_id_encodes_owner () {
|
2022-01-03 12:53:24 +01:00
|
|
|
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
|
2020-10-29 10:51:32 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2021-06-17 11:37:52 +02:00
|
|
|
# check_renamed_symbols HEADER LIB
|
|
|
|
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
|
|
|
|
# name is LIB.
|
|
|
|
check_renamed_symbols () {
|
|
|
|
! nm "$2" | sed 's/.* //' |
|
|
|
|
grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
|
|
|
|
}
|
|
|
|
|
2021-06-15 18:37:38 +02:00
|
|
|
component_build_psa_crypto_spm () {
|
2022-01-03 12:53:24 +01:00
|
|
|
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
|
2021-06-15 18:37:38 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
|
|
|
|
# We can only compile, not link, since our test and sample programs
|
|
|
|
# aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
|
|
|
|
# is active.
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
|
2021-06-17 11:37:52 +02:00
|
|
|
|
|
|
|
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
|
|
|
|
# version is not present.
|
|
|
|
echo "Checking for renamed symbols in the library"
|
2021-07-08 18:41:16 +02:00
|
|
|
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
|
2021-06-15 18:37:38 +02:00
|
|
|
}
|
|
|
|
|
2021-01-28 17:54:24 +01:00
|
|
|
component_test_psa_crypto_client () {
|
|
|
|
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
2022-09-28 18:11:42 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2021-01-28 17:54:24 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.
Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.
Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.
It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.
Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
psa_crypto_rsa.c.obj: in function `rsa_generate_key':
psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'
Fixes #4512
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-14 09:34:32 +02:00
|
|
|
component_test_psa_crypto_rsa_no_genprime() {
|
|
|
|
msg "build: default config minus MBEDTLS_GENPRIME"
|
|
|
|
scripts/config.py unset MBEDTLS_GENPRIME
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: default config minus MBEDTLS_GENPRIME"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_ref_configs () {
|
|
|
|
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
2021-09-09 11:46:25 +02:00
|
|
|
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
|
|
|
# want to re-generate generated files that depend on it, quite correctly.
|
|
|
|
# However this doesn't work as the generation script expects a specific
|
|
|
|
# format for mbedtls_config.h, which the other files don't follow. Also,
|
|
|
|
# cmake can't know this, but re-generation is actually not necessary as
|
2021-10-20 13:29:47 +02:00
|
|
|
# the generated files only depend on the list of available options, not
|
2021-09-09 11:46:25 +02:00
|
|
|
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
|
|
|
# dependency resolution for generated files and just rely on them being
|
2021-10-20 18:14:23 +02:00
|
|
|
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
|
|
|
CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/test-ref-configs.pl
|
2018-11-27 16:11:09 +01:00
|
|
|
}
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_renegotiation () {
|
|
|
|
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2016-03-08 00:22:10 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
make test
|
2017-10-12 16:29:50 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-10-12 16:29:50 +02:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_no_pem_no_fs () {
|
|
|
|
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
|
|
|
|
scripts/config.py unset MBEDTLS_PEM_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_FS_IO
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2020-03-04 20:46:15 +01:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_rsa_no_crt () {
|
|
|
|
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_RSA_NO_CRT
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2016-03-08 00:22:10 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
make test
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f RSA
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh -t RSA
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_no_ctr_drbg_classic () {
|
|
|
|
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
|
2020-05-28 12:55:10 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-05-28 12:55:10 +02:00
|
|
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus CTR_DRBG, classic crypto - main suites"
|
2020-05-28 12:55:10 +02:00
|
|
|
make test
|
|
|
|
|
2021-01-13 20:02:03 +01:00
|
|
|
# In this configuration, the TLS test programs use HMAC_DRBG.
|
|
|
|
# The SSL tests are slow, so run a small subset, just enough to get
|
|
|
|
# confidence that the SSL code copes with HMAC_DRBG.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
2021-01-13 20:02:03 +01:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
|
2020-06-05 09:29:51 +02:00
|
|
|
}
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_no_ctr_drbg_use_psa () {
|
|
|
|
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
|
|
|
|
make test
|
|
|
|
|
|
|
|
# In this configuration, the TLS test programs use HMAC_DRBG.
|
|
|
|
# The SSL tests are slow, so run a small subset, just enough to get
|
|
|
|
# confidence that the SSL code copes with HMAC_DRBG.
|
|
|
|
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
2021-02-03 14:56:51 +01:00
|
|
|
|
|
|
|
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
|
2021-02-03 14:56:51 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
component_test_no_hmac_drbg_classic () {
|
|
|
|
msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
|
2020-06-05 09:29:51 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-06-05 09:29:51 +02:00
|
|
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
|
2020-06-05 09:29:51 +02:00
|
|
|
make test
|
|
|
|
|
2020-11-19 22:14:34 +01:00
|
|
|
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
|
|
|
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
|
|
|
# instead.
|
|
|
|
# Test SSL with non-deterministic ECDSA. Only test features that
|
|
|
|
# might be affected by how ECDSA signature is performed.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
2020-11-19 22:14:34 +01:00
|
|
|
|
|
|
|
# To save time, only test one protocol version, since this part of
|
|
|
|
# the protocol is identical in (D)TLS up to 1.2.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA'
|
2020-05-28 12:55:10 +02:00
|
|
|
}
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_no_hmac_drbg_use_psa () {
|
|
|
|
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
|
2020-06-05 09:29:51 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2020-06-05 09:29:51 +02:00
|
|
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
|
2020-06-05 09:29:51 +02:00
|
|
|
make test
|
|
|
|
|
2020-11-19 22:14:34 +01:00
|
|
|
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
|
|
|
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
|
|
|
# instead.
|
|
|
|
# Test SSL with non-deterministic ECDSA. Only test features that
|
|
|
|
# might be affected by how ECDSA signature is performed.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
2020-11-19 22:14:34 +01:00
|
|
|
|
|
|
|
# To save time, only test one protocol version, since this part of
|
|
|
|
# the protocol is identical in (D)TLS up to 1.2.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA'
|
2020-05-28 12:55:10 +02:00
|
|
|
}
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_psa_external_rng_no_drbg_classic () {
|
|
|
|
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py full
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
2021-02-08 21:02:53 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_C
|
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2021-02-03 20:07:11 +01:00
|
|
|
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
|
|
|
|
# the SSL test programs don't have an RNG and can't work. Explicitly
|
|
|
|
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
|
|
|
|
make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-23 17:39:04 +01:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
|
2020-11-23 17:39:04 +01:00
|
|
|
make test
|
|
|
|
|
2021-02-03 20:07:11 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default'
|
2020-11-23 17:39:04 +01:00
|
|
|
}
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_psa_external_rng_no_drbg_use_psa () {
|
|
|
|
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
2021-02-08 21:02:53 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_C
|
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
|
|
|
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
|
2020-11-23 17:39:04 +01:00
|
|
|
make test
|
|
|
|
|
2021-02-03 20:07:11 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|opaque'
|
2020-11-23 17:39:04 +01:00
|
|
|
}
|
|
|
|
|
2023-04-12 16:34:50 +02:00
|
|
|
component_test_sw_inet_pton () {
|
|
|
|
msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
|
|
|
|
|
|
|
|
# MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton
|
|
|
|
scripts/config.py set MBEDTLS_TEST_HOOKS
|
|
|
|
make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
|
|
|
|
|
|
|
|
msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-02-16 19:07:31 +01:00
|
|
|
component_test_crypto_full_md_light_only () {
|
|
|
|
msg "build: crypto_full with only the light subset of MD"
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
scripts/config.py crypto_full
|
2023-02-16 19:07:31 +01:00
|
|
|
# Disable MD
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
scripts/config.py unset MBEDTLS_MD_C
|
2023-03-16 11:39:20 +01:00
|
|
|
# Disable direct dependencies of MD_C
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HKDF_C
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
2022-11-09 17:36:10 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2023-03-16 11:39:20 +01:00
|
|
|
# Disable indirect dependencies of MD_C
|
2023-02-16 19:07:31 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
|
2023-03-16 11:39:20 +01:00
|
|
|
# Disable things that would auto-enable MD_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
|
|
|
|
2023-03-14 10:11:20 +01:00
|
|
|
# Note: MD-light is auto-enabled in build_info.h by modules that need it,
|
|
|
|
# which we haven't disabled, so no need to explicitly enable it.
|
|
|
|
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2023-02-16 19:07:31 +01:00
|
|
|
|
2023-02-23 13:02:13 +01:00
|
|
|
# Make sure we don't have the HMAC functions, but the hashing functions
|
2023-02-16 19:07:31 +01:00
|
|
|
not grep mbedtls_md_hmac library/md.o
|
2023-02-23 13:02:13 +01:00
|
|
|
grep mbedtls_md library/md.o
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
|
2023-02-16 19:07:31 +01:00
|
|
|
msg "test: crypto_full with only the light subset of MD"
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
component_test_full_no_cipher () {
|
|
|
|
msg "build: full minus CIPHER"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
2022-05-12 09:46:29 +02:00
|
|
|
# Direct dependencies
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
2022-05-12 09:46:29 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS_C
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-05-12 09:46:29 +02:00
|
|
|
# Indirect dependencies
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_CLI_C
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID
|
2022-10-26 18:08:54 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
2022-05-12 09:46:29 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SRV_C
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-09-28 10:32:48 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
2022-09-28 13:00:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: full minus CIPHER"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2022-05-02 11:03:35 +02:00
|
|
|
component_test_crypto_full_no_cipher () {
|
|
|
|
msg "build: crypto_full minus CIPHER"
|
|
|
|
scripts/config.py crypto_full
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
2022-05-12 09:46:29 +02:00
|
|
|
# Direct dependencies
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
2022-05-02 11:03:35 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
2022-05-12 09:46:29 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
2022-05-02 11:03:35 +02:00
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
2022-05-12 09:46:29 +02:00
|
|
|
# Indirect dependencies
|
2022-05-02 11:03:35 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-09-28 10:32:48 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
2022-09-28 13:00:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2022-05-02 11:03:35 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: crypto_full minus CIPHER"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-01-03 15:35:25 +01:00
|
|
|
component_test_full_no_bignum () {
|
|
|
|
msg "build: full minus bignum"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_BIGNUM_C
|
|
|
|
# Direct dependencies of bignum
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
|
|
|
# Direct dependencies of ECP
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
2023-06-14 17:23:19 +02:00
|
|
|
# Disable what auto-enables ECP_LIGHT
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
2023-01-03 15:35:25 +01:00
|
|
|
# Indirect dependencies of ECP
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
# Direct dependencies of DHM
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
# Direct dependencies of RSA
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
# PK and its dependencies
|
|
|
|
scripts/config.py unset MBEDTLS_PK_C
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_USE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CREATE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
|
|
|
|
scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: full minus bignum"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_stream_cipher_only () {
|
2022-09-27 13:34:31 +02:00
|
|
|
msg "build: default with only stream cipher"
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C
|
2022-09-27 13:34:31 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
2022-09-27 13:34:31 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-27 13:34:31 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 07:59:01 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-27 13:34:31 +02:00
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: default with only stream cipher"
|
|
|
|
make test
|
2022-10-03 09:04:16 +02:00
|
|
|
|
|
|
|
# Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
|
2022-09-27 13:34:31 +02:00
|
|
|
}
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_stream_cipher_only_use_psa () {
|
2022-10-03 09:04:16 +02:00
|
|
|
msg "build: default with only stream cipher use psa"
|
2022-09-28 09:51:55 +02:00
|
|
|
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 09:51:55 +02:00
|
|
|
|
|
|
|
make
|
|
|
|
|
2022-10-03 09:04:16 +02:00
|
|
|
msg "test: default with only stream cipher use psa"
|
2022-09-28 09:51:55 +02:00
|
|
|
make test
|
2022-10-03 09:04:16 +02:00
|
|
|
|
|
|
|
# Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
|
2022-09-28 09:51:55 +02:00
|
|
|
}
|
2022-09-27 13:34:31 +02:00
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_cbc_legacy_cipher_only () {
|
2022-09-28 10:23:22 +02:00
|
|
|
msg "build: default with only CBC-legacy cipher"
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 10:23:22 +02:00
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher"
|
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 10:23:22 +02:00
|
|
|
}
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
|
2022-09-28 12:06:57 +02:00
|
|
|
msg "build: default with only CBC-legacy cipher use psa"
|
|
|
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 12:06:57 +02:00
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher use psa"
|
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 12:06:57 +02:00
|
|
|
}
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
|
2022-09-28 12:06:57 +02:00
|
|
|
msg "build: default with only CBC-legacy and CBC-EtM ciphers"
|
2022-09-28 10:23:22 +02:00
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
|
|
|
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 10:23:22 +02:00
|
|
|
|
2022-09-28 12:06:57 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers"
|
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 12:06:57 +02:00
|
|
|
}
|
|
|
|
|
2022-09-29 15:22:01 +02:00
|
|
|
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
|
|
|
|
msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
|
2022-09-28 12:06:57 +02:00
|
|
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
|
|
|
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 12:06:57 +02:00
|
|
|
|
2022-09-28 10:23:22 +02:00
|
|
|
make
|
|
|
|
|
2022-09-29 15:22:01 +02:00
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
|
2022-09-28 10:23:22 +02:00
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 10:23:22 +02:00
|
|
|
}
|
|
|
|
|
2022-11-08 13:03:24 +01:00
|
|
|
# We're not aware of any other (open source) implementation of EC J-PAKE in TLS
|
|
|
|
# that we could use for interop testing. However, we now have sort of two
|
|
|
|
# implementations ourselves: one using PSA, the other not. At least test that
|
|
|
|
# these two interoperate with each other.
|
|
|
|
component_test_tls1_2_ecjpake_compatibility() {
|
|
|
|
msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
|
|
|
|
scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
make -C programs ssl/ssl_server2 ssl/ssl_client2
|
|
|
|
cp programs/ssl/ssl_server2 s2_no_use_psa
|
|
|
|
cp programs/ssl/ssl_client2 c2_no_use_psa
|
|
|
|
|
|
|
|
msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
make clean
|
|
|
|
make -C programs ssl/ssl_server2 ssl/ssl_client2
|
|
|
|
make -C programs test/udp_proxy test/query_compile_time_config
|
|
|
|
|
2022-12-02 16:21:56 +01:00
|
|
|
msg "test: server w/o USE_PSA - client w/ USE_PSA, text password"
|
|
|
|
P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
|
|
|
|
msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password"
|
|
|
|
P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS"
|
|
|
|
msg "test: client w/o USE_PSA - server w/ USE_PSA, text password"
|
|
|
|
P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
|
|
|
|
msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password"
|
|
|
|
P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS"
|
2022-11-08 13:03:24 +01:00
|
|
|
|
|
|
|
rm s2_no_use_psa c2_no_use_psa
|
|
|
|
}
|
|
|
|
|
2020-11-23 17:39:04 +01:00
|
|
|
component_test_psa_external_rng_use_psa_crypto () {
|
|
|
|
msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
|
|
|
|
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
|
|
|
make test
|
|
|
|
|
2021-01-13 20:02:03 +01:00
|
|
|
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|opaque'
|
2020-11-23 17:39:04 +01:00
|
|
|
}
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_everest () {
|
|
|
|
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
|
|
|
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f ECDH
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
|
|
|
# Exclude some symmetric ciphers that are redundant here to gain time.
|
2022-04-06 13:28:27 +02:00
|
|
|
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
|
2020-03-04 20:46:15 +01:00
|
|
|
}
|
|
|
|
|
2020-07-03 00:15:37 +02:00
|
|
|
component_test_everest_curve25519_only () {
|
|
|
|
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
|
|
|
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
2021-04-23 13:33:44 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
2020-07-03 00:15:37 +02:00
|
|
|
# Disable all curves
|
|
|
|
for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
|
|
|
|
scripts/config.py unset "$c"
|
|
|
|
done
|
|
|
|
scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
|
|
|
|
|
|
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
|
|
|
|
msg "test: Everest ECDH context, only Curve25519" # ~ 50s
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_ssl_out_content_len () {
|
|
|
|
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
|
|
|
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment\|Large packet"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_ssl_in_content_len () {
|
|
|
|
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096
|
|
|
|
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_ssl_dtls_max_buffering () {
|
|
|
|
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_mbedtls_ssl_dtls_max_buffering () {
|
|
|
|
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
|
2020-03-04 20:46:15 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2019-09-06 19:47:17 +02:00
|
|
|
component_test_psa_collect_statuses () {
|
|
|
|
msg "build+test: psa_collect_statuses" # ~30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/psa_collect_statuses.py
|
2019-09-06 19:47:17 +02:00
|
|
|
# Check that psa_crypto_init() succeeded at least once
|
2021-07-08 18:41:16 +02:00
|
|
|
grep -q '^0:psa_crypto_init:' tests/statuses.log
|
2019-09-06 19:47:17 +02:00
|
|
|
rm -f tests/statuses.log
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_full_cmake_clang () {
|
|
|
|
msg "build: cmake, full config, clang" # ~ 50s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2022-10-30 21:02:40 +01:00
|
|
|
CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2019-06-26 15:52:12 +02:00
|
|
|
msg "test: main suites (full config, clang)" # ~ 5s
|
2018-11-27 15:58:47 +01:00
|
|
|
make test
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2022-10-30 21:02:40 +01:00
|
|
|
msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
|
|
|
|
programs/test/cpp_dummy_build
|
|
|
|
|
2019-06-26 15:52:12 +02:00
|
|
|
msg "test: psa_constant_names (full config, clang)" # ~ 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/test_psa_constant_names.py
|
2020-02-26 19:51:43 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2022-04-06 13:28:27 +02:00
|
|
|
msg "test: compat.sh NULL (full config)" # ~ 2 min
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: compat.sh ARIA + ChachaPoly"
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2022-11-29 16:01:41 +01:00
|
|
|
skip_suites_without_constant_flow () {
|
|
|
|
# Skip the test suites that don't have any constant-flow annotations.
|
|
|
|
# This will need to be adjusted if we ever start declaring things as
|
|
|
|
# secret from macros or functions inside tests/include or tests/src.
|
|
|
|
SKIP_TEST_SUITES=$(
|
|
|
|
git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
|
|
|
|
sed 's/test_suite_//; s/\.function$//' |
|
|
|
|
tr '\n' ,)
|
|
|
|
export SKIP_TEST_SUITES
|
|
|
|
}
|
|
|
|
|
2020-07-10 09:35:54 +02:00
|
|
|
component_test_memsan_constant_flow () {
|
2022-03-18 09:57:32 +01:00
|
|
|
# This tests both (1) accesses to undefined memory, and (2) branches or
|
|
|
|
# memory access depending on secret values. To distinguish between those:
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
|
|
|
|
# - or alternatively, change the build type to MemSanDbg, which enables
|
|
|
|
# origin tracking and nicer stack traces (which are useful for debugging
|
|
|
|
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
|
|
|
|
msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_memsan_constant_flow_psa () {
|
2020-07-22 11:09:28 +02:00
|
|
|
# This tests both (1) accesses to undefined memory, and (2) branches or
|
|
|
|
# memory access depending on secret values. To distinguish between those:
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
|
|
|
|
# - or alternatively, change the build type to MemSanDbg, which enables
|
|
|
|
# origin tracking and nicer stack traces (which are useful for debugging
|
|
|
|
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
|
|
|
|
msg "build: cmake MSan (clang), full config with constant flow testing"
|
2020-07-10 09:35:54 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
|
|
|
make
|
|
|
|
|
2020-07-22 11:09:28 +02:00
|
|
|
msg "test: main suites (Msan + constant flow)"
|
2020-07-10 09:35:54 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2020-08-19 10:27:38 +02:00
|
|
|
component_test_valgrind_constant_flow () {
|
|
|
|
# This tests both (1) everything that valgrind's memcheck usually checks
|
|
|
|
# (heap buffer overflows, use of uninitialized memory, use-after-free,
|
|
|
|
# etc.) and (2) branches or memory access depending on secret values,
|
|
|
|
# which will be reported as uninitialized memory. To distinguish between
|
|
|
|
# secret and actually uninitialized:
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
|
|
|
|
# - or alternatively, build with debug info and manually run the offending
|
|
|
|
# test suite with valgrind --track-origins=yes, then check if the origin
|
|
|
|
# was TEST_CF_SECRET() or something else.
|
2022-03-18 09:57:32 +01:00
|
|
|
msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-11-29 16:01:41 +01:00
|
|
|
skip_suites_without_constant_flow
|
2022-03-18 09:57:32 +01:00
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
make
|
|
|
|
|
|
|
|
# this only shows a summary of the results (how many of each type)
|
|
|
|
# details are left in Testing/<date>/DynamicAnalysis.xml
|
2022-11-29 16:01:41 +01:00
|
|
|
msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
|
2022-03-18 09:57:32 +01:00
|
|
|
make memcheck
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_valgrind_constant_flow_psa () {
|
2020-08-19 10:27:38 +02:00
|
|
|
# This tests both (1) everything that valgrind's memcheck usually checks
|
|
|
|
# (heap buffer overflows, use of uninitialized memory, use-after-free,
|
|
|
|
# etc.) and (2) branches or memory access depending on secret values,
|
|
|
|
# which will be reported as uninitialized memory. To distinguish between
|
|
|
|
# secret and actually uninitialized:
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
|
|
|
|
# - or alternatively, build with debug info and manually run the offending
|
|
|
|
# test suite with valgrind --track-origins=yes, then check if the origin
|
|
|
|
# was TEST_CF_SECRET() or something else.
|
|
|
|
msg "build: cmake release GCC, full config with constant flow testing"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
|
2022-11-29 16:01:41 +01:00
|
|
|
skip_suites_without_constant_flow
|
2020-08-19 10:27:38 +02:00
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
make
|
|
|
|
|
|
|
|
# this only shows a summary of the results (how many of each type)
|
|
|
|
# details are left in Testing/<date>/DynamicAnalysis.xml
|
2022-11-29 16:01:41 +01:00
|
|
|
msg "test: some suites (valgrind + constant flow)"
|
2020-08-19 10:27:38 +02:00
|
|
|
make memcheck
|
|
|
|
}
|
|
|
|
|
2020-04-13 01:03:21 +02:00
|
|
|
component_test_default_no_deprecated () {
|
2020-04-30 09:07:29 +02:00
|
|
|
# Test that removing the deprecated features from the default
|
|
|
|
# configuration leaves something consistent.
|
2020-04-13 01:03:21 +02:00
|
|
|
msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
|
|
|
|
scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_full_no_deprecated () {
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "build: make, full_no_deprecated config" # ~ 30s
|
|
|
|
scripts/config.py full_no_deprecated
|
2020-04-13 01:03:21 +02:00
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
|
|
|
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "test: make, full_no_deprecated config" # ~ 5s
|
2020-04-13 01:03:21 +02:00
|
|
|
make test
|
2023-01-09 12:20:45 +01:00
|
|
|
|
|
|
|
msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
|
|
|
|
not grep mbedtls_mpi library/libmbedx509.a
|
2020-04-13 01:03:21 +02:00
|
|
|
}
|
|
|
|
|
2020-04-30 09:07:29 +02:00
|
|
|
component_test_full_no_deprecated_deprecated_warning () {
|
|
|
|
# Test that there is nothing deprecated in "full_no_deprecated".
|
|
|
|
# A deprecated feature would trigger a warning (made fatal) from
|
|
|
|
# MBEDTLS_DEPRECATED_WARNING.
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
|
|
|
|
scripts/config.py full_no_deprecated
|
2020-04-13 01:03:21 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
|
|
|
|
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
|
|
|
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
|
2020-04-13 01:03:21 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2020-04-30 09:07:29 +02:00
|
|
|
component_test_full_deprecated_warning () {
|
|
|
|
# Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
|
|
|
|
# with only certain whitelisted types of warnings.
|
2020-04-13 01:03:21 +02:00
|
|
|
msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
|
2020-04-13 01:03:21 +02:00
|
|
|
# Expect warnings from '#warning' directives in check_config.h.
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
|
2018-02-20 12:02:07 +01:00
|
|
|
|
2020-04-30 09:07:29 +02:00
|
|
|
msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
|
|
|
|
# Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features.
|
|
|
|
# By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
|
2020-04-13 01:03:21 +02:00
|
|
|
# Expect warnings from '#warning' directives in check_config.h and
|
|
|
|
# from the use of deprecated functions in test suites.
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
|
2019-11-26 17:37:37 +01:00
|
|
|
|
2020-04-13 01:03:21 +02:00
|
|
|
msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
|
|
|
|
make test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2020-01-31 14:24:14 +01:00
|
|
|
# Check that the specified libraries exist and are empty.
|
|
|
|
are_empty_libraries () {
|
|
|
|
nm "$@" >/dev/null 2>/dev/null
|
|
|
|
! nm "$@" 2>/dev/null | grep -v ':$' | grep .
|
|
|
|
}
|
|
|
|
|
|
|
|
component_build_crypto_default () {
|
|
|
|
msg "build: make, crypto only"
|
|
|
|
scripts/config.py crypto
|
2020-02-03 11:59:20 +01:00
|
|
|
make CFLAGS='-O1 -Werror'
|
2021-07-08 18:41:16 +02:00
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
2020-01-31 14:24:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
component_build_crypto_full () {
|
|
|
|
msg "build: make, crypto only, full config"
|
|
|
|
scripts/config.py crypto_full
|
2020-02-03 11:59:20 +01:00
|
|
|
make CFLAGS='-O1 -Werror'
|
2021-07-08 18:41:16 +02:00
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
2020-01-31 14:24:14 +01:00
|
|
|
}
|
|
|
|
|
2022-10-21 19:34:54 +02:00
|
|
|
component_test_crypto_for_psa_service () {
|
2022-10-11 21:05:06 +02:00
|
|
|
msg "build: make, config for PSA crypto service"
|
|
|
|
scripts/config.py crypto
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
# Disable things that are not needed for just cryptography, to
|
|
|
|
# reach a configuration that would be typical for a PSA cryptography
|
|
|
|
# service providing all implemented PSA algorithms.
|
|
|
|
# System stuff
|
|
|
|
scripts/config.py unset MBEDTLS_ERROR_C
|
|
|
|
scripts/config.py unset MBEDTLS_TIMING_C
|
2022-10-25 21:02:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_VERSION_FEATURES
|
2022-10-11 21:05:06 +02:00
|
|
|
# Crypto stuff with no PSA interface
|
|
|
|
scripts/config.py unset MBEDTLS_BASE64_C
|
2022-10-25 21:05:57 +02:00
|
|
|
# Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
|
2022-10-25 21:06:11 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent
|
2022-10-25 21:05:57 +02:00
|
|
|
# Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG.
|
2022-10-11 21:05:06 +02:00
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
scripts/config.py unset MBEDTLS_PEM_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PEM_WRITE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
2022-10-11 21:15:24 +02:00
|
|
|
# MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
|
|
|
|
# in PSA code to work with RSA keys. We don't require users to set those:
|
|
|
|
# they will be reenabled in build_info.h.
|
2022-10-25 21:02:56 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_C
|
2022-10-11 21:15:24 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
2022-10-11 21:05:06 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
|
|
|
make CFLAGS='-O1 -Werror' all test
|
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
|
|
|
}
|
|
|
|
|
2020-01-31 14:24:14 +01:00
|
|
|
component_build_crypto_baremetal () {
|
|
|
|
msg "build: make, crypto only, baremetal config"
|
|
|
|
scripts/config.py crypto_baremetal
|
2021-11-30 12:40:54 +01:00
|
|
|
make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
|
2021-07-08 18:41:16 +02:00
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
2020-01-31 14:24:14 +01:00
|
|
|
}
|
2020-09-02 13:30:13 +02:00
|
|
|
support_build_crypto_baremetal () {
|
2020-08-31 06:22:58 +02:00
|
|
|
support_build_baremetal "$@"
|
|
|
|
}
|
|
|
|
|
|
|
|
component_build_baremetal () {
|
|
|
|
msg "build: make, baremetal config"
|
|
|
|
scripts/config.py baremetal
|
2021-11-30 12:40:54 +01:00
|
|
|
make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
|
2020-08-31 06:22:58 +02:00
|
|
|
}
|
|
|
|
support_build_baremetal () {
|
2020-09-02 13:30:13 +02:00
|
|
|
# Older Glibc versions include time.h from other headers such as stdlib.h,
|
|
|
|
# which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
|
|
|
|
# problem, Ubuntu 18.04 is ok.
|
|
|
|
! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
|
|
|
|
}
|
2020-01-31 14:24:14 +01:00
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
# depends.py family of tests
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_cipher_id () {
|
|
|
|
msg "test/build: depends.py cipher_id (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py cipher_id --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_cipher_chaining () {
|
|
|
|
msg "test/build: depends.py cipher_chaining (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py cipher_chaining --unset-use-psa
|
2020-08-20 15:16:41 +02:00
|
|
|
}
|
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_cipher_padding () {
|
|
|
|
msg "test/build: depends.py cipher_padding (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py cipher_padding --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_curves () {
|
|
|
|
msg "test/build: depends.py curves (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py curves --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_hashes () {
|
|
|
|
msg "test/build: depends.py hashes (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py hashes --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_kex () {
|
|
|
|
msg "test/build: depends.py kex (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py kex --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_pkalgs () {
|
|
|
|
msg "test/build: depends.py pkalgs (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py pkalgs --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
# PSA equivalents of the depends.py tests
|
|
|
|
component_test_depends_py_cipher_id_psa () {
|
|
|
|
msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py cipher_id
|
|
|
|
}
|
2014-11-20 13:29:53 +01:00
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_cipher_chaining_psa () {
|
|
|
|
msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py cipher_chaining
|
|
|
|
}
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_cipher_padding_psa () {
|
|
|
|
msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py cipher_padding
|
|
|
|
}
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_curves_psa () {
|
|
|
|
msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py curves
|
|
|
|
}
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_hashes_psa () {
|
|
|
|
msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py hashes
|
|
|
|
}
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_kex_psa () {
|
|
|
|
msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py kex
|
|
|
|
}
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_pkalgs_psa () {
|
|
|
|
msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py pkalgs
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-06-06 11:36:16 +02:00
|
|
|
|
2023-01-20 14:18:05 +01:00
|
|
|
component_build_no_pk_rsa_alt_support () {
|
|
|
|
msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
|
|
|
|
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT
|
|
|
|
scripts/config.py set MBEDTLS_RSA_C
|
|
|
|
scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
|
|
|
|
|
|
|
|
# Only compile - this is primarily to test for compile issues
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
|
|
|
|
}
|
|
|
|
|
2021-05-25 09:04:46 +02:00
|
|
|
component_build_module_alt () {
|
|
|
|
msg "build: MBEDTLS_XXX_ALT" # ~30s
|
|
|
|
scripts/config.py full
|
2022-12-06 12:10:33 +01:00
|
|
|
|
|
|
|
# Disable options that are incompatible with some ALT implementations:
|
2021-05-25 09:04:46 +02:00
|
|
|
# aesni.c and padlock.c reference mbedtls_aes_context fields directly.
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-01-11 07:16:08 +01:00
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
2022-12-06 12:10:33 +01:00
|
|
|
# MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
2021-05-25 09:04:46 +02:00
|
|
|
# You can only have one threading implementation: alt or pthread, not both.
|
|
|
|
scripts/config.py unset MBEDTLS_THREADING_PTHREAD
|
2021-05-31 21:21:12 +02:00
|
|
|
# The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
|
|
|
|
# directly and assumes the implementation works with partial groups.
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
2022-02-20 23:25:31 +01:00
|
|
|
# MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
2022-03-15 11:51:52 +01:00
|
|
|
# MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
|
2022-12-06 12:10:33 +01:00
|
|
|
|
2021-05-25 09:04:46 +02:00
|
|
|
# Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
|
|
|
|
# MBEDTLS_XXX_YYY_ALT which are for single functions.
|
|
|
|
scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
|
2021-05-31 22:09:58 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C
|
2022-12-06 12:10:33 +01:00
|
|
|
|
2021-05-31 22:09:58 +02:00
|
|
|
# We can only compile, not link, since we don't have any implementations
|
|
|
|
# suitable for testing with the dummy alt headers.
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
|
|
|
|
}
|
|
|
|
|
|
|
|
component_build_dhm_alt () {
|
|
|
|
msg "build: MBEDTLS_DHM_ALT" # ~30s
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_DHM_ALT
|
|
|
|
# debug.c currently references mbedtls_dhm_context fields directly.
|
|
|
|
scripts/config.py unset MBEDTLS_DEBUG_C
|
2021-05-25 09:04:46 +02:00
|
|
|
# We can only compile, not link, since we don't have any implementations
|
|
|
|
# suitable for testing with the dummy alt headers.
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
|
|
|
|
}
|
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
component_test_no_use_psa_crypto_full_cmake_asan() {
|
|
|
|
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
|
2019-09-03 11:42:04 +02:00
|
|
|
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2021-12-08 16:57:54 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
2020-04-12 14:21:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
2022-09-28 10:32:48 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
2022-09-28 13:00:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2019-02-01 11:12:52 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-02-01 13:03:03 +01:00
|
|
|
make
|
2018-07-02 15:08:21 +02:00
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2019-02-01 13:03:03 +01:00
|
|
|
make test
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2022-12-07 10:38:43 +01:00
|
|
|
# Note: ssl-opt.sh has some test cases that depend on
|
|
|
|
# MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
# This is the only component where those tests are not skipped.
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2022-04-06 13:28:27 +02:00
|
|
|
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
|
2015-05-20 11:13:56 +02:00
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
2019-02-01 13:03:03 +01:00
|
|
|
}
|
2017-09-18 16:36:25 +02:00
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecdsa () {
|
2023-03-29 10:42:07 +02:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2022-12-27 13:03:10 +01:00
|
|
|
# Algorithms and key types to accelerate
|
2023-06-28 10:48:08 +02:00
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
|
|
|
KEY_TYPE_ECC_PUBLIC_KEY"
|
2022-12-27 13:03:10 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-06-15 09:07:10 +02:00
|
|
|
# Start from default config (no USE_PSA) + TLS 1.3
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2022-12-28 09:48:01 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
2022-12-27 13:03:10 +01:00
|
|
|
|
|
|
|
# Disable the module that's accelerated
|
2021-09-13 09:38:05 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
2022-12-27 13:03:10 +01:00
|
|
|
|
|
|
|
# Disable things that depend on it
|
2021-09-13 09:38:05 +02:00
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
|
|
|
|
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
|
|
|
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2022-12-28 10:09:53 +01:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-02-04 00:30:54 +01:00
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2022-12-27 13:03:10 +01:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
component_test_psa_crypto_config_accel_ecdh () {
|
2023-03-29 10:42:07 +02:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
2023-06-28 10:48:08 +02:00
|
|
|
loc_accel_list="ALG_ECDH \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
|
|
|
KEY_TYPE_ECC_PUBLIC_KEY"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2022-12-29 11:31:35 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
# Disable the module that's accelerated
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
|
|
|
# Disable things that depend on it
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
2022-12-29 11:31:35 +01:00
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
|
2022-12-29 11:31:35 +01:00
|
|
|
make test
|
2022-12-29 12:29:09 +01:00
|
|
|
}
|
|
|
|
|
2023-05-11 10:48:50 +02:00
|
|
|
component_test_psa_crypto_config_accel_ffdh () {
|
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-05-11 10:48:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2023-05-11 10:48:50 +02:00
|
|
|
|
|
|
|
# Disable the module that's accelerated
|
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
|
|
|
|
|
|
|
# Disable things that depend on it
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
2023-06-08 09:15:59 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-05-11 10:48:50 +02:00
|
|
|
|
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
|
|
|
not grep mbedtls_dhm_ library/dhm.o
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-03-27 09:38:51 +02:00
|
|
|
component_test_psa_crypto_config_accel_pake() {
|
2023-03-29 10:42:07 +02:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
|
|
|
loc_accel_list="ALG_JPAKE"
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-03-29 10:42:07 +02:00
|
|
|
# Make built-in fallback not available
|
2023-03-27 09:38:51 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2023-03-27 09:38:51 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2023-03-27 09:38:51 +02:00
|
|
|
not grep mbedtls_ecjpake_init library/ecjpake.o
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2023-03-27 09:38:51 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-03-20 13:54:41 +01:00
|
|
|
# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
|
|
|
|
# ECDH, ECDSA) with and without drivers.
|
2023-03-29 10:42:07 +02:00
|
|
|
# The input parameter is a boolean value which indicates:
|
|
|
|
# - 0 keep built-in EC algs,
|
|
|
|
# - 1 exclude built-in EC algs (driver only).
|
2023-03-20 13:54:41 +01:00
|
|
|
#
|
|
|
|
# This is used by the two following components to ensure they always use the
|
|
|
|
# same config, except for the use of driver or built-in EC algorithms:
|
2023-06-14 10:33:10 +02:00
|
|
|
# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
|
2023-03-22 14:02:57 +01:00
|
|
|
# This supports comparing their test coverage with analyze_outcomes.py.
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_config_ecp_ligh_only () {
|
2023-03-20 13:54:41 +01:00
|
|
|
DRIVER_ONLY="$1"
|
|
|
|
# start with config full for maximum coverage (also enables USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-03-20 13:54:41 +01:00
|
|
|
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
|
|
|
# Disable modules that are accelerated
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
2023-04-05 18:20:30 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
2023-03-20 13:54:41 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
}
|
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
|
|
|
|
component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
2023-03-20 13:54:41 +01:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
ALG_ECDH \
|
|
|
|
ALG_JPAKE \
|
2023-06-28 10:48:08 +02:00
|
|
|
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
|
|
|
KEY_TYPE_ECC_PUBLIC_KEY"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
# Use the same config as reference, only without built-in EC algs
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_config_ecp_ligh_only 1
|
2023-03-20 13:54:41 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2023-03-20 13:54:41 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
2023-04-05 18:20:30 +02:00
|
|
|
not grep mbedtls_ecp_mul library/ecp.o
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
|
|
|
msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
|
|
|
|
component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
|
2023-03-20 13:54:41 +01:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_config_ecp_ligh_only 0
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# This helper function is used by:
|
2023-06-14 10:33:10 +02:00
|
|
|
# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
|
2023-04-12 14:59:16 +02:00
|
|
|
# to ensure that both tests use the same underlying configuration when testing
|
|
|
|
# driver's coverage with analyze_outcomes.py.
|
|
|
|
#
|
|
|
|
# This functions accepts 1 boolean parameter as follows:
|
|
|
|
# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
|
|
|
|
# excluding their built-in implementation as well as ECP_C & ECP_LIGHT
|
|
|
|
# - 0: include built-in implementation of EC algorithms.
|
|
|
|
#
|
|
|
|
# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
|
|
|
|
# on the ECP module.
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_no_ecp_at_all () {
|
2023-04-12 14:59:16 +02:00
|
|
|
DRIVER_ONLY="$1"
|
2023-06-26 15:23:44 +02:00
|
|
|
# start with full config for maximum coverage (also enables USE_PSA)
|
|
|
|
helper_libtestdriver1_adjust_config "full"
|
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# enable support for drivers and configuring PSA-only algorithms
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
|
|
|
# Disable modules that are accelerated
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
# Disable ECP module (entirely)
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
|
|
|
fi
|
|
|
|
|
2023-06-14 10:42:31 +02:00
|
|
|
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
2023-06-14 10:46:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
2023-06-14 11:30:30 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
2023-06-14 10:42:31 +02:00
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
}
|
|
|
|
|
|
|
|
# Build and test a configuration where driver accelerates all EC algs while
|
|
|
|
# all support and dependencies from ECP and ECP_LIGHT are removed on the library
|
|
|
|
# side.
|
|
|
|
#
|
2023-06-14 10:33:10 +02:00
|
|
|
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
|
|
|
|
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
2023-06-27 17:16:33 +02:00
|
|
|
msg "build: full + accelerated EC algs + USE_PSA - ECP"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
ALG_ECDH \
|
|
|
|
ALG_JPAKE \
|
2023-06-28 10:48:08 +02:00
|
|
|
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
|
|
|
KEY_TYPE_ECC_PUBLIC_KEY"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# Set common configurations between library's and driver's builds
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_no_ecp_at_all 1
|
2023-04-12 14:59:16 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
# Things we wanted supported in libtestdriver1, but not accelerated in the main library:
|
|
|
|
# SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic.
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
|
2023-05-25 10:07:31 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
|
|
|
# Also ensure that ECP or RSA modules were not re-enabled
|
|
|
|
not grep mbedtls_ecp_ library/ecp.o
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2023-06-27 17:16:33 +02:00
|
|
|
msg "test: full + accelerated EC algs + USE_PSA - ECP"
|
2023-04-12 14:59:16 +02:00
|
|
|
make test
|
2023-06-27 17:45:49 +02:00
|
|
|
|
|
|
|
msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP"
|
|
|
|
tests/ssl-opt.sh
|
2023-04-12 14:59:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# Reference function used for driver's coverage analysis in analyze_outcomes.py
|
2023-06-14 10:33:10 +02:00
|
|
|
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
|
2023-04-12 14:59:16 +02:00
|
|
|
# Keep in sync with its accelerated counterpart.
|
2023-06-14 10:33:10 +02:00
|
|
|
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
|
2023-06-27 17:16:33 +02:00
|
|
|
msg "build: full + non accelerated EC algs + USE_PSA"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_no_ecp_at_all 0
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
make
|
|
|
|
|
2023-06-27 17:16:33 +02:00
|
|
|
msg "test: crypto_full + non accelerated EC algs + USE_PSA"
|
2023-04-12 14:59:16 +02:00
|
|
|
make test
|
2023-06-27 17:45:49 +02:00
|
|
|
|
|
|
|
msg "ssl-opt: crypto_full + non accelerated EC algs + USE_PSA"
|
|
|
|
tests/ssl-opt.sh
|
2023-04-12 14:59:16 +02:00
|
|
|
}
|
|
|
|
|
2023-03-24 16:51:17 +01:00
|
|
|
# Helper function used in:
|
|
|
|
# - component_test_psa_crypto_config_accel_all_curves_except_p192
|
|
|
|
# - component_test_psa_crypto_config_accel_all_curves_except_x25519
|
|
|
|
# to build and test with all accelerated curves a part from the specified one.
|
|
|
|
psa_crypto_config_accel_all_curves_except_one () {
|
|
|
|
BUILTIN_CURVE=$1
|
|
|
|
|
2023-03-28 10:35:45 +02:00
|
|
|
msg "build: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
|
2023-03-21 11:52:33 +01:00
|
|
|
|
|
|
|
# Accelerate all EC algs (all EC curves are automatically accelerated as
|
|
|
|
# well in the built-in version due to the "PSA_WANT_xxx" symbols in
|
|
|
|
# "crypto_config.h")
|
|
|
|
loc_accel_list="ALG_ECDH \
|
|
|
|
ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
ALG_JPAKE \
|
2023-06-27 12:08:56 +02:00
|
|
|
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
|
|
|
KEY_TYPE_ECC_PUBLIC_KEY"
|
2023-03-21 11:52:33 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-03-24 14:10:24 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-03-24 14:10:24 +01:00
|
|
|
|
|
|
|
# restartable is not yet supported in PSA
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
2023-03-21 11:52:33 +01:00
|
|
|
|
|
|
|
# disable modules for which we have drivers
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
2023-04-03 08:26:35 +02:00
|
|
|
# Ensure also RSA and asssociated algs are disabled so that the size of
|
|
|
|
# the public/private keys cannot be taken from there
|
2023-03-21 11:52:33 +01:00
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
2023-04-03 08:26:35 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Disable RSA on the PSA side too
|
2023-06-15 11:53:08 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
|
2023-05-26 13:49:33 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
|
|
|
for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset $ALG
|
|
|
|
done
|
2023-04-03 08:26:35 +02:00
|
|
|
# Also disable key exchanges that depend on RSA
|
2023-03-23 16:52:22 +01:00
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-03-27 12:44:15 +02:00
|
|
|
# Explicitly disable all SW implementation for elliptic curves
|
|
|
|
for CURVE in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
|
|
|
|
scripts/config.py unset "$CURVE"
|
|
|
|
done
|
|
|
|
# Just leave SW implementation for the specified curve for allowing to
|
|
|
|
# build with ECP_C.
|
2023-03-24 16:51:17 +01:00
|
|
|
scripts/config.py set $BUILTIN_CURVE
|
2023-03-27 12:44:15 +02:00
|
|
|
# Accelerate all curves listed in "crypto_config.h" (skipping the ones that
|
2023-06-13 09:51:32 +02:00
|
|
|
# are commented out).
|
|
|
|
# Note: Those are handled in a special way by the libtestdriver machinery,
|
|
|
|
# so we only want to include them in the accel list when building the main
|
|
|
|
# libraries, hence the use of a separate variable.
|
|
|
|
loc_curve_list=""
|
2023-03-27 13:36:13 +02:00
|
|
|
for CURVE in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
2023-06-13 09:51:32 +02:00
|
|
|
loc_curve_list="$loc_curve_list $CURVE"
|
2023-03-27 12:44:15 +02:00
|
|
|
done
|
2023-03-21 11:52:33 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
|
|
|
|
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
|
|
|
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
|
2023-06-13 09:51:32 +02:00
|
|
|
# (See above regarding loc_curve_list.)
|
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
2023-03-21 11:52:33 +01:00
|
|
|
|
|
|
|
# make sure excluded modules were not auto-re-enabled by accident
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
2023-03-24 16:51:17 +01:00
|
|
|
if [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_SECP192R1_ENABLED" ]; then
|
2023-03-27 12:44:15 +02:00
|
|
|
# The only built-in curve is Short Weierstrass, so ECP shouldn't have
|
|
|
|
# support for Montgomery curves. Functions with mxz in their name
|
|
|
|
# are specific to Montgomery curves.
|
2023-03-24 16:51:17 +01:00
|
|
|
not grep mxz library/ecp.o
|
2023-03-27 12:44:15 +02:00
|
|
|
elif [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_CURVE25519_ENABLED" ]; then
|
|
|
|
# The only built-in curve is Montgomery, so ECP shouldn't have
|
|
|
|
# support for Short Weierstrass curves. Functions with mbedtls_ecp_muladd
|
|
|
|
# in their name are specific to Short Weierstrass curves.
|
2023-03-24 16:51:17 +01:00
|
|
|
not grep mbedtls_ecp_muladd library/ecp.o
|
2023-03-27 12:44:15 +02:00
|
|
|
else
|
|
|
|
err_msg "Error: $BUILTIN_CURVE is not supported in psa_crypto_config_accel_all_curves_except_one()"
|
|
|
|
exit 1
|
2023-03-24 16:51:17 +01:00
|
|
|
fi
|
2023-03-21 11:52:33 +01:00
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
# -------------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
2023-03-28 10:35:45 +02:00
|
|
|
msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
|
2023-03-21 11:52:33 +01:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-03-24 16:51:17 +01:00
|
|
|
component_test_psa_crypto_config_accel_all_curves_except_p192 () {
|
|
|
|
psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_psa_crypto_config_accel_all_curves_except_x25519 () {
|
|
|
|
psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
|
|
}
|
|
|
|
|
2023-06-20 12:08:30 +02:00
|
|
|
# This is an helper used by:
|
|
|
|
# - component_test_psa_ecc_key_pair_no_derive
|
|
|
|
# - component_test_psa_ecc_key_pair_no_generate
|
|
|
|
# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
|
|
|
|
# enabled, but one. Input arguments are as follows:
|
|
|
|
# - $1 is the key type under test, i.e. ECC/RSA/DH
|
|
|
|
# - $2 is the key option to be unset (i.e. generate, derive, etc)
|
2023-06-22 11:22:23 +02:00
|
|
|
build_and_test_psa_want_key_pair_partial() {
|
2023-06-20 12:08:30 +02:00
|
|
|
KEY_TYPE=$1
|
|
|
|
UNSET_OPTION=$2
|
2023-06-22 11:33:14 +02:00
|
|
|
DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}"
|
2023-06-20 12:08:30 +02:00
|
|
|
|
2023-06-22 11:33:14 +02:00
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
|
2023-06-20 12:08:30 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
|
|
|
|
|
|
|
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
|
|
|
|
# crypto_config.h so we just disable the one we don't want.
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset "$DISABLED_PSA_WANT"
|
|
|
|
|
2023-06-22 11:33:14 +02:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2023-06-20 12:08:30 +02:00
|
|
|
|
2023-06-22 11:33:14 +02:00
|
|
|
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
|
2023-06-20 12:08:30 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_psa_ecc_key_pair_no_derive() {
|
2023-06-22 11:22:23 +02:00
|
|
|
build_and_test_psa_want_key_pair_partial "ECC" "DERIVE"
|
2023-06-20 12:08:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
component_test_psa_ecc_key_pair_no_generate() {
|
2023-06-22 11:22:23 +02:00
|
|
|
build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
|
2023-06-20 12:08:30 +02:00
|
|
|
}
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
component_test_psa_crypto_config_accel_rsa_signature () {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2021-09-13 09:38:05 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
|
|
|
# It seems it is not possible to remove only the support for RSA signature
|
|
|
|
# in the library. Thus we have to remove all RSA support (signature and
|
|
|
|
# encryption/decryption). AS there is no driver support for asymmetric
|
|
|
|
# encryption/decryption so far remove RSA encryption/decryption from the
|
|
|
|
# application algorithm list.
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
|
2023-06-12 17:22:24 +02:00
|
|
|
# Remove RSA support and its dependencies
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
# Make sure both the library and the test library support the SHA hash
|
|
|
|
# algorithms and only those ones (SHA256 is included by default). That way:
|
|
|
|
# - the test library can compute the RSA signatures even in the case of a
|
|
|
|
# composite RSA signature algorithm based on a SHA hash (no other hash
|
|
|
|
# used in the unit tests).
|
|
|
|
# - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is
|
|
|
|
# fulfilled as the hash SHA algorithm is supported by the library, and
|
|
|
|
# thus the tests are run, not skipped.
|
|
|
|
# - when testing a signature key with an algorithm wildcard built from
|
|
|
|
# PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
|
|
|
|
# algorithm based on the hashes supported by the library is also
|
|
|
|
# supported by the test library.
|
2023-06-12 17:22:24 +02:00
|
|
|
# Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list.
|
2021-09-13 09:38:05 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C
|
|
|
|
scripts/config.py unset MBEDTLS_MD5_C
|
|
|
|
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
|
|
|
|
|
|
|
# We need PEM parsing in the test library as well to support the import
|
|
|
|
# of PEM encoded RSA keys.
|
|
|
|
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C
|
|
|
|
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2021-09-13 09:38:05 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# These hashes are needed for some RSA-PSS signature tests.
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-02-04 00:30:54 +01:00
|
|
|
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
|
|
|
|
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-06-13 14:19:03 +02:00
|
|
|
# This is a temporary test to verify that full RSA support is present even when
|
2023-06-15 11:53:08 +02:00
|
|
|
# only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined.
|
2023-06-13 14:19:03 +02:00
|
|
|
component_test_new_psa_want_key_pair_symbol() {
|
2023-06-15 11:53:08 +02:00
|
|
|
msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
|
2023-06-13 14:19:03 +02:00
|
|
|
|
2023-06-13 15:39:23 +02:00
|
|
|
# Create a temporary output file unless there is already one set
|
|
|
|
if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
|
|
|
|
REMOVE_OUTCOME_ON_EXIT="no"
|
|
|
|
else
|
|
|
|
REMOVE_OUTCOME_ON_EXIT="yes"
|
|
|
|
MBEDTLS_TEST_OUTCOME_FILE="$PWD/out.csv"
|
|
|
|
export MBEDTLS_TEST_OUTCOME_FILE
|
|
|
|
fi
|
|
|
|
|
2023-06-13 14:19:03 +02:00
|
|
|
# Start from crypto configuration
|
|
|
|
scripts/config.py crypto
|
|
|
|
|
|
|
|
# Remove RSA support and its dependencies
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
|
|
|
# Enable PSA support
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
2023-06-15 11:53:08 +02:00
|
|
|
# Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure
|
2023-06-13 14:19:03 +02:00
|
|
|
# that proper translations is done in crypto_legacy.h.
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
|
|
|
|
|
|
|
make
|
|
|
|
|
2023-06-15 11:53:08 +02:00
|
|
|
msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
|
2023-06-13 15:39:23 +02:00
|
|
|
make test
|
|
|
|
|
|
|
|
# Parse only 1 relevant line from the outcome file, i.e. a test which is
|
|
|
|
# performing RSA signature.
|
|
|
|
msg "Verify that 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' is PASS"
|
|
|
|
cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
|
|
|
|
|
|
|
|
if [ "$REMOVE_OUTCOME_ON_EXIT" == "yes" ]; then
|
|
|
|
rm $MBEDTLS_TEST_OUTCOME_FILE
|
|
|
|
fi
|
2023-06-13 14:19:03 +02:00
|
|
|
}
|
|
|
|
|
2021-05-08 14:32:59 +02:00
|
|
|
component_test_psa_crypto_config_accel_hash () {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
|
|
|
|
|
2021-12-07 09:54:36 +01:00
|
|
|
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
2021-05-08 14:32:59 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2023-05-31 12:51:50 +02:00
|
|
|
|
|
|
|
# Disable the things that are being accelerated
|
2021-05-08 14:32:59 +02:00
|
|
|
scripts/config.py unset MBEDTLS_MD5_C
|
|
|
|
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA1_C
|
2023-03-22 00:32:04 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SHA224_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_C
|
2021-05-08 14:32:59 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA384_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_C
|
2023-05-25 10:39:23 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-05-08 14:32:59 +02:00
|
|
|
|
2023-03-22 00:32:04 +01:00
|
|
|
# There's a risk of something getting re-enabled via config_psa.h;
|
|
|
|
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
|
|
|
|
not grep mbedtls_md5 library/md5.o
|
|
|
|
not grep mbedtls_sha1 library/sha1.o
|
|
|
|
not grep mbedtls_sha256 library/sha256.o
|
|
|
|
not grep mbedtls_sha512 library/sha512.o
|
|
|
|
not grep mbedtls_ripemd160 library/ripemd160.o
|
2021-05-08 14:32:59 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2021-05-08 14:32:59 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-03-09 15:56:14 +01:00
|
|
|
component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
|
|
|
# This component ensures that all the test cases for
|
|
|
|
# md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
|
|
|
|
|
|
|
|
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
2023-05-25 10:07:31 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2022-11-15 13:21:14 +01:00
|
|
|
# Auxiliary function to build config for hashes with and without drivers
|
|
|
|
config_psa_crypto_hash_use_psa () {
|
|
|
|
DRIVER_ONLY="$1"
|
2022-09-19 10:38:46 +02:00
|
|
|
# start with config full for maximum coverage (also enables USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2022-11-15 13:21:14 +01:00
|
|
|
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
|
|
|
# disable the built-in implementation of hashes
|
|
|
|
scripts/config.py unset MBEDTLS_MD5_C
|
|
|
|
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA1_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA224_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
scripts/config.py unset MBEDTLS_SHA384_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_C
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Note that component_test_psa_crypto_config_reference_hash_use_psa
|
|
|
|
# is related to this component and both components need to be kept in sync.
|
|
|
|
# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
|
|
|
|
component_test_psa_crypto_config_accel_hash_use_psa () {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
|
|
|
|
|
|
|
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2022-11-15 13:21:14 +01:00
|
|
|
|
|
|
|
config_psa_crypto_hash_use_psa 1
|
2022-07-08 19:12:33 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2022-07-08 19:12:33 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2022-07-06 13:06:57 +02:00
|
|
|
|
2022-07-08 19:12:33 +02:00
|
|
|
# There's a risk of something getting re-enabled via config_psa.h;
|
2023-03-16 11:39:20 +01:00
|
|
|
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
|
2022-07-08 19:12:33 +02:00
|
|
|
not grep mbedtls_md5 library/md5.o
|
|
|
|
not grep mbedtls_sha1 library/sha1.o
|
2022-07-11 11:06:09 +02:00
|
|
|
not grep mbedtls_sha256 library/sha256.o
|
2022-07-08 19:12:33 +02:00
|
|
|
not grep mbedtls_sha512 library/sha512.o
|
|
|
|
not grep mbedtls_ripemd160 library/ripemd160.o
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2022-07-06 13:06:57 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
|
|
|
make test
|
2022-09-05 21:39:23 +02:00
|
|
|
|
2022-11-29 12:37:53 +01:00
|
|
|
# This is mostly useful so that we can later compare outcome files with
|
|
|
|
# the reference config in analyze_outcomes.py, to check that the
|
|
|
|
# dependency declarations in ssl-opt.sh and in TLS code are correct.
|
2022-10-27 08:24:43 +02:00
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
|
|
|
tests/ssl-opt.sh
|
2022-09-05 21:39:23 +02:00
|
|
|
|
2022-11-29 12:37:53 +01:00
|
|
|
# This is to make sure all ciphersuites are exercised, but we don't need
|
|
|
|
# interop testing (besides, we already got some from ssl-opt.sh).
|
|
|
|
msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
|
|
|
tests/compat.sh -p mbedTLS -V YES
|
2022-07-06 13:06:57 +02:00
|
|
|
}
|
|
|
|
|
2022-10-27 10:29:15 +02:00
|
|
|
# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa
|
|
|
|
# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py
|
|
|
|
# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
|
|
|
|
# Both components need to be kept in sync.
|
2022-10-20 14:21:21 +02:00
|
|
|
component_test_psa_crypto_config_reference_hash_use_psa() {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
2022-11-15 13:21:14 +01:00
|
|
|
|
|
|
|
config_psa_crypto_hash_use_psa 0
|
2022-10-20 14:21:21 +02:00
|
|
|
|
2022-10-24 11:29:35 +02:00
|
|
|
make
|
|
|
|
|
2022-10-20 14:21:21 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
|
|
|
make test
|
|
|
|
|
2022-10-27 08:24:43 +02:00
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
|
|
|
tests/ssl-opt.sh
|
2022-07-06 13:06:57 +02:00
|
|
|
}
|
|
|
|
|
2021-10-18 11:26:01 +02:00
|
|
|
component_test_psa_crypto_config_accel_cipher () {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
|
|
|
|
|
|
|
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2021-03-11 11:49:03 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from the default config (no TLS 1.3, no USE_PSA)
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2021-03-11 11:49:03 +01:00
|
|
|
|
2023-06-08 09:26:04 +02:00
|
|
|
# There is no intended accelerator support for ALG CMAC. Therefore, asking
|
|
|
|
# for it in the build implies the inclusion of the Mbed TLS cipher
|
|
|
|
# operations. As we want to test here with cipher operations solely
|
|
|
|
# supported by accelerators, disabled this PSA configuration option.
|
|
|
|
# (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are
|
|
|
|
# already disabled by helper_libtestdriver1_adjust_config above.)
|
2021-10-18 11:26:01 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Disable the things that are being accelerated
|
2021-10-18 11:26:01 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
2021-03-11 11:49:03 +01:00
|
|
|
scripts/config.py unset MBEDTLS_DES_C
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2021-10-18 11:26:01 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-10-18 11:26:01 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-02-04 00:30:54 +01:00
|
|
|
not grep mbedtls_des* library/des.o
|
2020-09-21 08:09:17 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2022-07-06 10:46:57 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
2020-10-23 10:26:57 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2022-10-02 20:58:39 +02:00
|
|
|
component_test_psa_crypto_config_accel_aead () {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
|
|
|
|
2022-10-11 11:52:25 +02:00
|
|
|
loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Disable things that are being accelerated
|
2022-10-11 11:52:25 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
|
|
|
# Features that depend on AEAD
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-13 09:59:52 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-10-02 20:58:39 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-10-11 11:52:25 +02:00
|
|
|
not grep mbedtls_ccm library/ccm.o
|
|
|
|
not grep mbedtls_gcm library/gcm.o
|
|
|
|
not grep mbedtls_chachapoly library/chachapoly.o
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2022-10-02 20:58:39 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-01-16 16:56:51 +01:00
|
|
|
component_test_psa_crypto_config_accel_pake() {
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
|
|
|
|
|
|
|
loc_accel_list="ALG_JPAKE"
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2020-10-23 10:26:57 +02:00
|
|
|
|
2023-01-16 16:56:51 +01:00
|
|
|
# Make build-in fallback not available
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
# -----
|
2023-01-16 16:56:51 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-01-16 16:56:51 +01:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2023-01-16 16:56:51 +01:00
|
|
|
not grep mbedtls_ecjpake_init library/ecjpake.o
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
# -------------
|
|
|
|
|
2023-01-16 16:56:51 +01:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
2020-09-21 08:09:17 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2021-10-13 11:09:44 +02:00
|
|
|
component_test_psa_crypto_config_chachapoly_disabled() {
|
2021-10-15 08:04:53 +02:00
|
|
|
# full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
|
|
|
|
msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
|
2021-10-13 11:09:44 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
|
2021-10-15 08:04:53 +02:00
|
|
|
msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
|
2021-10-13 11:09:44 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_ecdh() {
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
|
|
|
|
# without MBEDTLS_ECDH_C
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
2020-10-29 04:09:55 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_key_type_ecc_key_pair() {
|
2023-05-26 13:49:33 +02:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
|
2020-10-29 04:09:55 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-06-15 11:53:08 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
2023-05-26 13:49:33 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
2020-11-17 07:08:34 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
2020-10-29 04:09:55 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2020-11-04 21:28:15 +01:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
2020-10-29 04:09:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_key_type_ecc_public_key() {
|
2020-11-04 21:28:15 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
|
2020-10-29 04:09:55 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-04 21:28:15 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
2023-06-15 11:53:08 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
|
2023-05-26 13:49:33 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
2020-10-29 04:09:55 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2020-11-04 21:28:15 +01:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
2020-10-29 04:09:55 +01:00
|
|
|
}
|
|
|
|
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_hmac() {
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_hkdf() {
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
|
|
|
|
# without MBEDTLS_HKDF_C
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py unset MBEDTLS_HKDF_C
|
2021-12-08 16:57:54 +01:00
|
|
|
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
2020-11-27 17:51:22 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_md5() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
2022-09-14 18:47:26 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_ripemd160() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
2022-09-14 18:47:26 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_sha1() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
2022-09-14 18:47:26 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_sha224() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
2022-09-14 18:47:26 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_sha256() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_sha384() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
2022-09-14 18:47:26 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
|
|
|
|
component_build_psa_accel_alg_sha512() {
|
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
2022-09-14 18:47:26 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
|
2020-11-01 06:14:03 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
2020-11-04 04:05:36 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
|
2020-11-01 06:14:03 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
2020-11-04 04:05:36 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_oaep() {
|
2020-11-01 06:14:03 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1
|
2020-11-04 04:05:36 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_pss() {
|
2020-11-01 06:14:03 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
|
2020-11-04 04:05:36 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_key_type_rsa_key_pair() {
|
2023-05-26 13:49:33 +02:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx and PSA_WANT_ALG_RSA_PSS
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
|
2023-06-15 11:53:08 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
2023-05-26 13:49:33 +02:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_key_type_rsa_public_key() {
|
2020-11-01 06:14:03 +01:00
|
|
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
|
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2020-11-01 06:14:03 +01:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
}
|
|
|
|
|
2023-06-28 10:43:23 +02:00
|
|
|
|
2023-06-28 18:36:02 +02:00
|
|
|
support_build_tfm_armcc () {
|
2023-06-28 10:43:23 +02:00
|
|
|
armc6_cc="$ARMC6_BIN_DIR/armclang"
|
|
|
|
(check_tools "$armc6_cc" > /dev/null 2>&1)
|
|
|
|
}
|
|
|
|
|
2023-06-28 18:36:02 +02:00
|
|
|
component_build_tfm_armcc() {
|
|
|
|
# test the TF-M configuration can build cleanly with various warning flags enabled
|
|
|
|
cp configs/tfm_mbedcrypto_config_profile_medium.h include/mbedtls/mbedtls_config.h
|
|
|
|
cp configs/crypto_config_profile_medium.h include/psa/crypto_config.h
|
2023-06-28 10:43:23 +02:00
|
|
|
|
2023-06-29 13:35:51 +02:00
|
|
|
msg "build: TF-M config, armclang armv7-m thumb2"
|
2023-06-29 12:58:16 +02:00
|
|
|
make clean
|
|
|
|
armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
|
|
|
|
}
|
|
|
|
|
|
|
|
component_build_tfm() {
|
|
|
|
# test the TF-M configuration can build cleanly with various warning flags enabled
|
|
|
|
cp configs/tfm_mbedcrypto_config_profile_medium.h include/mbedtls/mbedtls_config.h
|
|
|
|
cp configs/crypto_config_profile_medium.h include/psa/crypto_config.h
|
|
|
|
|
2023-06-29 13:35:51 +02:00
|
|
|
msg "build: TF-M config, clang, armv7-m thumb2"
|
|
|
|
make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
|
2023-06-28 10:43:23 +02:00
|
|
|
|
2023-06-28 18:36:02 +02:00
|
|
|
msg "build: TF-M config, gcc native build"
|
|
|
|
make clean
|
2023-06-29 15:07:50 +02:00
|
|
|
make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op"
|
2023-06-28 10:43:23 +02:00
|
|
|
}
|
|
|
|
|
2023-06-29 10:29:00 +02:00
|
|
|
component_build_aes_variations() { # ~45s
|
2023-06-29 10:29:00 +02:00
|
|
|
# aes.o has many #if defined(...) guards that intersect in complex ways.
|
|
|
|
# Test that all the combinations build cleanly. The most common issue is
|
|
|
|
# unused variables/functions, so ensure -Wunused is set.
|
|
|
|
|
2023-06-29 10:29:00 +02:00
|
|
|
msg "build: aes.o for all combinations of relevant config options"
|
2023-06-29 13:10:45 +02:00
|
|
|
|
2023-06-29 10:29:00 +02:00
|
|
|
for a in set unset; do
|
|
|
|
for b in set unset; do
|
|
|
|
for c in set unset; do
|
|
|
|
for d in set unset; do
|
|
|
|
for e in set unset; do
|
|
|
|
for f in set unset; do
|
|
|
|
for g in set unset; do
|
2023-06-29 13:10:45 +02:00
|
|
|
echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
|
|
|
|
echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
|
|
|
|
echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
|
|
|
|
echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
|
|
|
|
echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
|
|
|
|
echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
|
|
|
|
echo ./scripts/config.py $g MBEDTLS_PADLOCK_C
|
|
|
|
|
|
|
|
./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
|
|
|
|
./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
|
|
|
|
./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
|
|
|
|
./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
|
|
|
|
./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
|
|
|
|
./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
|
|
|
|
./scripts/config.py $g MBEDTLS_PADLOCK_C
|
|
|
|
|
|
|
|
rm -f library/aes.o
|
|
|
|
make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
|
2023-06-29 10:29:00 +02:00
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_platform () {
|
|
|
|
# Full configuration build, without platform support, file IO and net sockets.
|
|
|
|
# This should catch missing mbedtls_printf definitions, and by disabling file
|
|
|
|
# IO, it should catch missing '#include <stdio.h>'
|
|
|
|
msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_C
|
|
|
|
scripts/config.py unset MBEDTLS_NET_C
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
2022-09-18 14:05:23 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
|
2022-06-30 17:01:40 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT
|
2020-04-12 23:43:28 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
scripts/config.py unset MBEDTLS_FS_IO
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
2018-11-27 15:58:47 +01:00
|
|
|
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
|
|
|
|
# to re-enable platform integration features otherwise disabled in C99 builds
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_std_function () {
|
|
|
|
# catch compile bugs in _uninit functions
|
|
|
|
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
2020-04-12 23:43:28 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2021-10-08 11:45:47 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
|
2021-10-07 19:34:57 +02:00
|
|
|
make
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-11 12:02:52 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_ssl_srv () {
|
2022-03-07 16:20:30 +01:00
|
|
|
msg "build: full config except SSL server, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SRV_C
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-11 12:02:52 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_ssl_cli () {
|
2022-03-07 16:20:30 +01:00
|
|
|
msg "build: full config except SSL client, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_CLI_C
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_sockets () {
|
|
|
|
# Note, C99 compliance can also be tested with the sockets support disabled,
|
|
|
|
# as that requires a POSIX platform (which isn't the same as C99).
|
|
|
|
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
|
|
|
|
scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2019-09-05 15:27:47 +02:00
|
|
|
component_test_memory_buffer_allocator_backtrace () {
|
|
|
|
msg "build: default config with memory buffer allocator and backtrace enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_DEBUG
|
2021-10-19 21:33:32 +02:00
|
|
|
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
|
2019-09-05 15:27:47 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_memory_buffer_allocator () {
|
|
|
|
msg "build: default config with memory buffer allocator"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
2021-10-19 21:33:32 +02:00
|
|
|
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
|
2019-02-26 15:34:13 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
|
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
|
|
|
|
# MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -e '^DTLS proxy'
|
2019-02-26 15:34:13 +01:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_max_fragment_length () {
|
|
|
|
# Run max fragment length tests with MFL disabled
|
|
|
|
msg "build: default config except MFL extension (ASan build)" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: ssl-opt.sh, MFL-related tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment length"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2019-02-19 12:10:48 +01:00
|
|
|
component_test_asan_remove_peer_certificate () {
|
|
|
|
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
2019-02-19 12:10:48 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-02-19 12:10:48 +01:00
|
|
|
|
|
|
|
msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2019-02-19 12:10:48 +01:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_max_fragment_length_small_ssl_out_content_len () {
|
|
|
|
msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|
|
|
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
|
|
|
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
msg "test: context-info.sh (disabled MFL extension case)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2019-12-02 11:53:11 +01:00
|
|
|
component_test_variable_ssl_in_out_buffer_len () {
|
|
|
|
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
|
|
|
|
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
|
|
|
|
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
}
|
|
|
|
|
2022-11-25 11:30:10 +01:00
|
|
|
component_test_dtls_cid_legacy () {
|
2022-11-23 11:14:03 +01:00
|
|
|
msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
|
2021-10-12 09:22:33 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
|
2019-12-02 11:53:11 +01:00
|
|
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
2022-11-23 11:14:03 +01:00
|
|
|
msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
|
2019-12-02 11:53:11 +01:00
|
|
|
make test
|
|
|
|
|
2022-11-23 11:14:03 +01:00
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
|
2022-11-25 11:30:10 +01:00
|
|
|
msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
}
|
|
|
|
|
2019-11-26 16:32:40 +01:00
|
|
|
component_test_ssl_alloc_buffer_and_mfl () {
|
|
|
|
msg "build: default config with memory buffer allocator and MFL extension"
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_DEBUG
|
|
|
|
scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|
|
|
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
2021-10-19 21:33:32 +02:00
|
|
|
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
|
2019-11-26 16:32:40 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Handshake memory usage"
|
2019-11-26 16:32:40 +01:00
|
|
|
}
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_when_no_ciphersuites_have_mac () {
|
|
|
|
msg "build: when no ciphersuites have MAC"
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
2021-04-28 16:50:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
2020-03-04 20:46:15 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
|
2020-03-04 20:46:15 +01:00
|
|
|
}
|
|
|
|
|
2020-06-15 17:03:13 +02:00
|
|
|
component_test_no_date_time () {
|
|
|
|
msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
|
|
|
|
scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
|
2021-10-08 11:45:47 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
|
2020-06-15 17:03:13 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_platform_calloc_macro () {
|
|
|
|
msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free
|
2018-11-27 15:58:47 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2019-09-17 19:04:38 +02:00
|
|
|
component_test_malloc_0_null () {
|
|
|
|
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2019-10-21 17:11:33 +02:00
|
|
|
make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
|
2019-09-17 19:04:38 +02:00
|
|
|
|
|
|
|
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
|
|
|
|
# Just the calloc selftest. "make test" ran the others as part of the
|
|
|
|
# test suites.
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest calloc
|
2020-02-11 18:26:34 +01:00
|
|
|
|
|
|
|
msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
|
|
|
|
# Run a subset of the tests. The choice is a balance between coverage
|
|
|
|
# and time (including time indirectly wasted due to flaky tests).
|
|
|
|
# The current choice is to skip tests whose description includes
|
|
|
|
# "proxy", which is an approximation of skipping tests that use the
|
|
|
|
# UDP proxy, which tend to be slower and flakier.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -e 'proxy'
|
2019-09-17 19:04:38 +02:00
|
|
|
}
|
|
|
|
|
2023-06-19 12:51:33 +02:00
|
|
|
support_test_aesni() {
|
|
|
|
# Check that gcc targets x86_64 (we can build AESNI), and check for
|
|
|
|
# AESNI support on the host (we can run AESNI).
|
|
|
|
#
|
|
|
|
# The name of this function is possibly slightly misleading, but needs to align
|
|
|
|
# with the name of the corresponding test, component_test_aesni.
|
2023-06-19 11:55:59 +02:00
|
|
|
#
|
|
|
|
# In principle 32-bit x86 can support AESNI, but our implementation does not
|
|
|
|
# support 32-bit x86, so we check for x86-64.
|
|
|
|
# We can only grep /proc/cpuinfo on Linux, so this also checks for Linux
|
2023-06-19 12:51:33 +02:00
|
|
|
(gcc -v 2>&1 | grep Target | grep -q x86_64) &&
|
|
|
|
[[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
|
2023-06-19 13:10:11 +02:00
|
|
|
(grep '^flags' /proc/cpuinfo | grep -qw aes)
|
2023-06-19 11:55:59 +02:00
|
|
|
}
|
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
component_test_aesni () { # ~ 60s
|
|
|
|
# This tests the two AESNI implementations (intrinsics and assembly), and also the plain C
|
|
|
|
# fallback. It also tests the logic that is used to select which implementation(s) to build.
|
|
|
|
#
|
|
|
|
# This test does not require the host to have support for AESNI (if it doesn't, the run-time
|
|
|
|
# AESNI detection will fallback to the plain C implementation, so the tests will instead
|
|
|
|
# exercise the plain C impl).
|
|
|
|
|
2023-06-16 18:04:52 +02:00
|
|
|
msg "build: default config with different AES implementations"
|
2023-06-16 14:18:19 +02:00
|
|
|
scripts/config.py set MBEDTLS_AESNI_C
|
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
# test the intrinsics implementation
|
|
|
|
msg "AES tests, test intrinsics"
|
|
|
|
make clean
|
|
|
|
make test programs/test/selftest CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
|
|
|
|
# check that we built intrinsics - this should be used by default when supported by the compiler
|
2023-06-19 11:27:31 +02:00
|
|
|
./programs/test/selftest | grep "AESNI code" | grep -q "intrinsics"
|
2023-06-16 18:04:52 +02:00
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
# test the asm implementation
|
|
|
|
msg "AES tests, test assembly"
|
2023-06-16 14:18:19 +02:00
|
|
|
make clean
|
2023-06-16 21:18:36 +02:00
|
|
|
make test programs/test/selftest CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
|
|
|
|
# check that we built assembly - this should be built if the compiler does not support intrinsics
|
2023-06-19 11:28:45 +02:00
|
|
|
./programs/test/selftest | grep "AESNI code" | grep -q "assembly"
|
2023-06-16 18:04:52 +02:00
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
# test the plain C implementation
|
2023-06-16 18:04:52 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
msg "AES tests, plain C"
|
|
|
|
make clean
|
2023-06-16 23:41:18 +02:00
|
|
|
make test programs/test/selftest CC=gcc CFLAGS='-O2 -Werror'
|
2023-06-16 21:18:36 +02:00
|
|
|
# check that there is no AESNI code present
|
2023-06-19 11:27:31 +02:00
|
|
|
./programs/test/selftest | not grep -q "AESNI code"
|
2023-06-16 14:18:19 +02:00
|
|
|
}
|
|
|
|
|
2023-04-14 11:43:36 +02:00
|
|
|
component_test_aes_only_128_bit_keys () {
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
|
2023-04-14 11:43:36 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH"
|
2023-04-14 11:43:36 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-05-05 06:46:48 +02:00
|
|
|
component_test_no_ctr_drbg_aes_only_128_bit_keys () {
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
|
2023-05-05 06:46:48 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
2023-06-14 11:10:13 +02:00
|
|
|
make CC=clang CFLAGS='-Werror -Wall -Wextra'
|
2023-05-05 06:46:48 +02:00
|
|
|
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
|
2023-05-05 06:46:48 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2023-05-11 11:47:56 +02:00
|
|
|
component_test_aes_only_128_bit_keys_have_builtins () {
|
|
|
|
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
|
|
|
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
|
|
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
|
|
|
programs/test/selftest
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_aes_fewer_tables () {
|
|
|
|
msg "build: default config with AES_FEWER_TABLES enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_FEWER_TABLES
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
msg "test: AES_FEWER_TABLES"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_aes_rom_tables () {
|
|
|
|
msg "build: default config with AES_ROM_TABLES enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_ROM_TABLES
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
msg "test: AES_ROM_TABLES"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_aes_fewer_tables_and_rom_tables () {
|
|
|
|
msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_FEWER_TABLES
|
|
|
|
scripts/config.py set MBEDTLS_AES_ROM_TABLES
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2019-10-07 18:49:32 +02:00
|
|
|
component_test_ctr_drbg_aes_256_sha_256 () {
|
|
|
|
msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
2020-02-18 17:56:33 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
|
2019-10-07 18:49:32 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_ctr_drbg_aes_128_sha_512 () {
|
|
|
|
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
|
2020-02-18 17:56:33 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
2019-10-07 18:49:32 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_ctr_drbg_aes_128_sha_256 () {
|
|
|
|
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
2020-02-18 17:56:33 +01:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
|
|
|
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
|
2019-10-07 18:49:32 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2019-07-24 14:58:38 +02:00
|
|
|
component_test_se_default () {
|
|
|
|
msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
|
2019-10-21 17:11:33 +02:00
|
|
|
make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
|
2019-07-24 14:58:38 +02:00
|
|
|
|
|
|
|
msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2020-07-16 20:28:59 +02:00
|
|
|
component_test_psa_crypto_drivers () {
|
2023-03-28 09:19:04 +02:00
|
|
|
msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
|
2021-03-15 11:38:44 +01:00
|
|
|
scripts/config.py full
|
2021-02-19 17:21:22 +01:00
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
|
2021-09-20 19:20:04 +02:00
|
|
|
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
|
|
|
|
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
|
2020-12-10 18:17:09 +01:00
|
|
|
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
|
|
|
|
|
|
|
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
|
2020-07-16 20:28:59 +02:00
|
|
|
|
2023-03-28 09:19:04 +02:00
|
|
|
msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
|
2020-07-16 20:28:59 +02:00
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_make_shared () {
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "build/test: make shared" # ~ 40s
|
2019-10-03 09:18:01 +02:00
|
|
|
make SHARED=1 all check
|
2019-07-03 20:43:32 +02:00
|
|
|
ldd programs/util/strerror | grep libmbedcrypto
|
2021-11-04 12:52:14 +01:00
|
|
|
programs/test/dlopen_demo.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-06-25 09:56:07 +02:00
|
|
|
|
2019-07-03 20:43:05 +02:00
|
|
|
component_test_cmake_shared () {
|
|
|
|
msg "build/test: cmake shared" # ~ 2min
|
|
|
|
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
|
|
|
|
make
|
2019-07-03 20:43:32 +02:00
|
|
|
ldd programs/util/strerror | grep libmbedcrypto
|
2019-07-03 20:43:05 +02:00
|
|
|
make test
|
2021-11-04 12:52:14 +01:00
|
|
|
programs/test/dlopen_demo.sh
|
2019-07-03 20:43:05 +02:00
|
|
|
}
|
|
|
|
|
2019-09-20 19:56:06 +02:00
|
|
|
test_build_opt () {
|
|
|
|
info=$1 cc=$2; shift 2
|
|
|
|
for opt in "$@"; do
|
|
|
|
msg "build/test: $cc $opt, $info" # ~ 30s
|
2020-04-14 20:08:41 +02:00
|
|
|
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
|
2019-09-20 19:56:06 +02:00
|
|
|
# We're confident enough in compilers to not run _all_ the tests,
|
|
|
|
# but at least run the unit tests. In particular, runs with
|
|
|
|
# optimizations use inline assembly whereas runs with -O0
|
|
|
|
# skip inline assembly.
|
|
|
|
make test # ~30s
|
|
|
|
make clean
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_clang_opt () {
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2019-09-20 19:56:06 +02:00
|
|
|
test_build_opt 'full config' clang -O0 -Os -O2
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_gcc_opt () {
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2019-09-20 19:56:06 +02:00
|
|
|
test_build_opt 'full config' gcc -O0 -Os -O2
|
|
|
|
}
|
|
|
|
|
2019-07-03 20:42:16 +02:00
|
|
|
component_build_mbedtls_config_file () {
|
|
|
|
msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
|
2022-04-07 20:55:57 +02:00
|
|
|
scripts/config.py -w full_config.h full
|
2019-07-03 20:42:16 +02:00
|
|
|
echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
|
2022-04-13 23:23:21 +02:00
|
|
|
# Make sure this feature is enabled. We'll disable it in the next phase.
|
2022-04-07 21:06:41 +02:00
|
|
|
programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
make clean
|
|
|
|
|
|
|
|
msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE"
|
|
|
|
# In the user config, disable one feature (for simplicity, pick a feature
|
|
|
|
# that nothing else depends on).
|
|
|
|
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'"
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
|
|
|
rm -f user_config.h full_config.h
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-06-25 09:56:07 +02:00
|
|
|
|
2022-04-07 21:59:14 +02:00
|
|
|
component_build_psa_config_file () {
|
|
|
|
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
cp "$CRYPTO_CONFIG_H" psa_test_config.h
|
|
|
|
echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
|
2022-04-13 23:23:21 +02:00
|
|
|
# Make sure this feature is enabled. We'll disable it in the next phase.
|
2022-04-07 21:59:14 +02:00
|
|
|
programs/test/query_compile_time_config MBEDTLS_CMAC_C
|
|
|
|
make clean
|
|
|
|
|
|
|
|
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
|
|
|
|
# In the user config, disable one feature, which will reflect on the
|
|
|
|
# mbedtls configuration so we can query it with query_compile_time_config.
|
|
|
|
echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
|
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_CMAC_C
|
|
|
|
|
|
|
|
rm -f psa_test_config.h psa_user_config.h
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-06-25 09:56:07 +02:00
|
|
|
|
2023-02-22 22:09:51 +01:00
|
|
|
component_build_psa_alt_headers () {
|
|
|
|
msg "build: make with PSA alt headers" # ~20s
|
|
|
|
|
|
|
|
# Generate alternative versions of the substitutable headers with the
|
|
|
|
# same content except different include guards.
|
|
|
|
make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
|
|
|
|
|
|
|
|
# Build the library and some programs.
|
|
|
|
# Don't build the fuzzers to avoid having to go through hoops to set
|
|
|
|
# a correct include path for programs/fuzz/Makefile.
|
|
|
|
make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
|
|
|
|
make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
|
|
|
|
|
|
|
|
# Check that we're getting the alternative include guards and not the
|
|
|
|
# original include guards.
|
|
|
|
programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
|
|
|
|
programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
|
|
|
|
programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
|
|
|
|
programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_m32_o0 () {
|
2021-10-07 19:27:16 +02:00
|
|
|
# Build without optimization, so as to use portable C code (in a 32-bit
|
|
|
|
# build) and not the i386-specific inline assembly.
|
2018-07-20 22:27:33 +02:00
|
|
|
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2019-10-21 17:11:33 +02:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2017-05-04 12:35:51 +02:00
|
|
|
|
2018-07-20 22:27:33 +02:00
|
|
|
msg "test: i386, make, gcc -O0 (ASan build)"
|
|
|
|
make test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2019-01-06 21:50:38 +01:00
|
|
|
support_test_m32_o0 () {
|
|
|
|
case $(uname -m) in
|
2022-10-21 12:50:26 +02:00
|
|
|
amd64|x86_64) true;;
|
2019-01-06 21:50:38 +01:00
|
|
|
*) false;;
|
|
|
|
esac
|
|
|
|
}
|
2018-07-20 22:27:33 +02:00
|
|
|
|
2021-10-05 09:36:03 +02:00
|
|
|
component_test_m32_o2 () {
|
|
|
|
# Build with optimization, to use the i386 specific inline assembly
|
|
|
|
# and go faster for tests.
|
|
|
|
msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2021-10-05 09:36:03 +02:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2018-07-20 22:27:33 +02:00
|
|
|
|
2021-10-05 09:36:03 +02:00
|
|
|
msg "test: i386, make, gcc -O2 (ASan build)"
|
2017-05-08 12:19:19 +02:00
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
2021-10-05 09:36:03 +02:00
|
|
|
msg "test ssl-opt.sh, i386, make, gcc-O2"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2021-10-07 19:25:29 +02:00
|
|
|
support_test_m32_o2 () {
|
2019-01-06 21:50:38 +01:00
|
|
|
support_test_m32_o0 "$@"
|
|
|
|
}
|
2017-05-08 12:19:19 +02:00
|
|
|
|
2019-04-12 20:29:48 +02:00
|
|
|
component_test_m32_everest () {
|
|
|
|
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
2019-10-21 17:11:33 +02:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2019-04-12 20:29:48 +02:00
|
|
|
|
|
|
|
msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f ECDH
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
|
|
|
# Exclude some symmetric ciphers that are redundant here to gain time.
|
2022-04-06 13:28:27 +02:00
|
|
|
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
|
2019-04-12 20:29:48 +02:00
|
|
|
}
|
|
|
|
support_test_m32_everest () {
|
|
|
|
support_test_m32_o0 "$@"
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_mx32 () {
|
2017-05-08 12:19:19 +02:00
|
|
|
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2019-06-07 14:50:09 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
|
2017-05-08 12:19:19 +02:00
|
|
|
|
|
|
|
msg "test: 64-bit ILP32, make, gcc"
|
|
|
|
make test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2019-01-06 21:50:38 +01:00
|
|
|
support_test_mx32 () {
|
|
|
|
case $(uname -m) in
|
|
|
|
amd64|x86_64) true;;
|
|
|
|
*) false;;
|
|
|
|
esac
|
|
|
|
}
|
2017-05-04 12:35:51 +02:00
|
|
|
|
2018-12-27 13:59:04 +01:00
|
|
|
component_test_min_mpi_window_size () {
|
|
|
|
msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
|
2018-12-27 13:59:04 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_have_int32 () {
|
|
|
|
msg "build: gcc, force 32-bit bignum limbs"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HAVE_ASM
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-01-11 07:16:08 +01:00
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
|
2016-09-27 16:05:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: gcc, force 32-bit bignum limbs"
|
|
|
|
make test
|
|
|
|
}
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_have_int64 () {
|
|
|
|
msg "build: gcc, force 64-bit bignum limbs"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HAVE_ASM
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-01-11 07:16:08 +01:00
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: gcc, force 64-bit bignum limbs"
|
|
|
|
make test
|
|
|
|
}
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_udbl_division () {
|
|
|
|
msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
|
2018-11-27 15:58:47 +01:00
|
|
|
make CFLAGS='-Werror -O1'
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
|
|
|
|
make test
|
|
|
|
}
|
2015-02-10 17:38:54 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_64bit_multiplication () {
|
|
|
|
msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
|
2018-11-27 15:58:47 +01:00
|
|
|
make CFLAGS='-Werror -O1'
|
2015-02-16 17:18:36 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2020-11-09 15:40:05 +01:00
|
|
|
component_test_no_strings () {
|
|
|
|
msg "build: no strings" # ~10s
|
|
|
|
scripts/config.py full
|
|
|
|
# Disable options that activate a large amount of string constants.
|
|
|
|
scripts/config.py unset MBEDTLS_DEBUG_C
|
|
|
|
scripts/config.py unset MBEDTLS_ERROR_C
|
|
|
|
scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY
|
|
|
|
scripts/config.py unset MBEDTLS_VERSION_FEATURES
|
|
|
|
make CFLAGS='-Werror -Os'
|
|
|
|
|
|
|
|
msg "test: no strings" # ~ 10s
|
|
|
|
make test
|
|
|
|
}
|
|
|
|
|
2020-10-09 12:10:42 +02:00
|
|
|
component_test_no_x509_info () {
|
|
|
|
msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
|
|
|
|
scripts/config.pl full
|
|
|
|
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
|
|
|
|
scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
|
2021-10-05 09:36:03 +02:00
|
|
|
make CFLAGS='-Werror -O2'
|
2020-10-09 12:10:42 +02:00
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
|
|
|
|
make test
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2020-10-09 12:10:42 +02:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_arm_none_eabi_gcc () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-06-07 10:51:44 +02:00
|
|
|
|
2020-08-18 10:28:51 +02:00
|
|
|
component_build_arm_linux_gnueabi_gcc_arm5vte () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
2019-08-09 16:05:05 +02:00
|
|
|
# Build for a target platform that's close to what Debian uses
|
|
|
|
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
|
2022-03-31 15:07:01 +02:00
|
|
|
# See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
|
2020-08-18 10:28:51 +02:00
|
|
|
# Build everything including programs, see for example
|
2022-03-31 15:07:01 +02:00
|
|
|
# https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
|
2020-08-18 10:28:51 +02:00
|
|
|
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
|
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
|
2020-08-18 10:28:51 +02:00
|
|
|
}
|
|
|
|
support_build_arm_linux_gnueabi_gcc_arm5vte () {
|
|
|
|
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
|
|
|
|
}
|
|
|
|
|
|
|
|
component_build_arm_none_eabi_gcc_arm5vte () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
|
2020-08-18 10:28:51 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
# This is an imperfect substitute for
|
|
|
|
# component_build_arm_linux_gnueabi_gcc_arm5vte
|
2021-07-06 09:44:59 +02:00
|
|
|
# in case the gcc-arm-linux-gnueabi toolchain is not available
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
|
2019-08-05 11:34:25 +02:00
|
|
|
}
|
|
|
|
|
2020-04-30 23:00:53 +02:00
|
|
|
component_build_arm_none_eabi_gcc_m0plus () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
|
|
|
|
scripts/config.py baremetal_size
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
|
2020-04-30 23:00:53 +02:00
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_arm_none_eabi_gcc_no_udbl_division () {
|
2020-04-30 18:19:32 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "Checking that software 64-bit division is not required"
|
2021-07-08 18:41:16 +02:00
|
|
|
not grep __aeabi_uldiv library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-06-07 10:51:44 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
|
2020-04-30 18:19:32 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "Checking that software 64-bit multiplication is not required"
|
2021-07-08 18:41:16 +02:00
|
|
|
not grep __aeabi_lmul library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
|
|
|
|
2023-06-02 16:26:24 +02:00
|
|
|
component_build_arm_clang_thumb () {
|
|
|
|
# ~ 30s
|
|
|
|
|
|
|
|
scripts/config.py baremetal
|
|
|
|
|
|
|
|
msg "build: clang thumb 2, make"
|
|
|
|
make clean
|
|
|
|
make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib
|
|
|
|
|
|
|
|
# Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
|
|
|
|
msg "build: clang thumb 1 -O0, make"
|
|
|
|
make clean
|
|
|
|
make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
|
|
|
|
|
|
|
|
msg "build: clang thumb 1 -Os, make"
|
|
|
|
make clean
|
|
|
|
make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_armcc () {
|
2020-04-30 23:11:54 +02:00
|
|
|
msg "build: ARM Compiler 5"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
2022-03-15 11:51:52 +01:00
|
|
|
# armc[56] don't support SHA-512 intrinsics
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
2023-03-02 14:38:33 +01:00
|
|
|
|
2023-03-02 16:32:12 +01:00
|
|
|
# Stop armclang warning about feature detection for A64_CRYPTO.
|
|
|
|
# With this enabled, the library does build correctly under armclang,
|
|
|
|
# but in baremetal builds (as tested here), feature detection is
|
|
|
|
# unavailable, and the user is notified via a #warning. So enabling
|
|
|
|
# this feature would prevent us from building with -Werror on
|
|
|
|
# armclang. Tracked in #7198.
|
2023-03-02 14:38:33 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
|
2022-07-15 13:08:19 +02:00
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
2022-03-15 11:51:52 +01:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
|
|
|
msg "size: ARM Compiler 5"
|
|
|
|
"$ARMC5_FROMELF" -z library/*.o
|
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
make clean
|
2016-09-27 16:05:15 +02:00
|
|
|
|
2023-06-02 19:54:00 +02:00
|
|
|
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
|
2022-07-15 13:08:19 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv7-A
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv7-M
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
|
|
|
|
|
|
|
|
# ARM Compiler 6 - Target ARMv7-M+DSP
|
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv8-A - AArch32
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv8-M
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2023-06-09 16:34:31 +02:00
|
|
|
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
|
|
|
|
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
|
|
|
|
|
2023-06-02 19:54:00 +02:00
|
|
|
# ARM Compiler 6 - Target Cortex-M0 - no optimisation
|
|
|
|
armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
|
|
|
|
|
2023-05-24 13:27:42 +02:00
|
|
|
# ARM Compiler 6 - Target Cortex-M0
|
|
|
|
armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2023-06-09 16:34:31 +02:00
|
|
|
|
2023-02-24 09:03:31 +01:00
|
|
|
support_build_armcc () {
|
2023-03-01 03:31:29 +01:00
|
|
|
armc5_cc="$ARMC5_BIN_DIR/armcc"
|
|
|
|
armc6_cc="$ARMC6_BIN_DIR/armclang"
|
|
|
|
(check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1)
|
2023-02-24 09:03:31 +01:00
|
|
|
}
|
2017-05-12 15:26:58 +02:00
|
|
|
|
2022-01-27 06:01:01 +01:00
|
|
|
component_test_tls13_only () {
|
|
|
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2021-12-24 11:45:45 +01:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
2022-10-29 17:44:19 +02:00
|
|
|
msg "test: TLS 1.3 only, all key exchange modes enabled"
|
|
|
|
make test
|
2022-02-15 03:26:40 +01:00
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
|
|
|
|
tests/ssl-opt.sh
|
2021-12-24 11:45:45 +01:00
|
|
|
}
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
component_test_tls13_only_psk () {
|
|
|
|
msg "build: TLS 1.3 only from default, only PSK key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
2023-06-14 11:12:45 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
2022-10-17 17:35:32 +02:00
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2022-11-11 11:37:38 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-06-10 17:21:51 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
2022-06-10 17:21:51 +02:00
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_tls13_only_ephemeral () {
|
|
|
|
msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
2022-11-15 11:52:57 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
2023-06-13 10:46:48 +02:00
|
|
|
component_test_tls13_only_ephemeral_ffdh () {
|
|
|
|
msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
2023-06-15 16:44:08 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
2023-06-13 10:46:48 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
component_test_tls13_only_psk_ephemeral () {
|
|
|
|
msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2022-11-11 11:37:38 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
2023-06-13 10:46:48 +02:00
|
|
|
component_test_tls13_only_psk_ephemeral_ffdh () {
|
|
|
|
msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2023-06-15 16:44:08 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
2023-06-13 10:46:48 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
component_test_tls13_only_psk_all () {
|
|
|
|
msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2022-11-11 11:37:38 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
}
|
|
|
|
|
|
|
|
component_test_tls13_only_ephemeral_all () {
|
|
|
|
msg "build: TLS 1.3 only from default, without PSK key exchange mode"
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
|
|
|
|
tests/ssl-opt.sh
|
2022-06-10 17:21:51 +02:00
|
|
|
}
|
|
|
|
|
2021-12-08 16:57:54 +01:00
|
|
|
component_test_tls13 () {
|
|
|
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
|
|
|
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
2021-12-09 10:39:19 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
|
|
|
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2021-12-09 10:39:19 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
2021-12-09 10:39:19 +01:00
|
|
|
make test
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "ssl-opt.sh (TLS 1.3)"
|
2022-02-04 00:30:54 +01:00
|
|
|
tests/ssl-opt.sh
|
2021-12-09 10:39:19 +01:00
|
|
|
}
|
|
|
|
|
2021-12-08 16:57:54 +01:00
|
|
|
component_test_tls13_no_compatibility_mode () {
|
|
|
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
|
|
|
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
2021-12-09 10:39:19 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
|
|
|
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2020-05-04 13:03:51 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
make
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
2021-08-01 20:20:10 +02:00
|
|
|
make test
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
|
2022-02-04 00:30:54 +01:00
|
|
|
tests/ssl-opt.sh
|
2021-08-01 20:20:10 +02:00
|
|
|
}
|
|
|
|
|
2023-02-10 12:45:19 +01:00
|
|
|
component_test_tls13_only_record_size_limit () {
|
|
|
|
msg "build: TLS 1.3 only from default, record size limit extension enabled"
|
|
|
|
scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled"
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)"
|
|
|
|
# Both the server and the client will currently abort the handshake when they encounter the
|
|
|
|
# record size limit extension. There is no way to prevent gnutls-cli from sending the extension
|
|
|
|
# which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension.
|
|
|
|
tests/ssl-opt.sh -f "Record Size Limit"
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_mingw () {
|
|
|
|
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
|
2019-10-03 09:18:01 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
|
2016-11-10 18:25:58 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
# note Make tests only builds the tests, but doesn't run them
|
2019-10-03 09:18:01 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
|
2018-11-27 15:58:47 +01:00
|
|
|
make WINDOWS_BUILD=1 clean
|
2015-02-16 17:18:36 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
|
2019-10-03 09:18:01 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
|
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
|
2018-11-27 15:58:47 +01:00
|
|
|
make WINDOWS_BUILD=1 clean
|
|
|
|
}
|
2019-04-17 16:19:26 +02:00
|
|
|
support_build_mingw() {
|
2023-02-24 08:38:52 +01:00
|
|
|
case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
|
|
|
|
[0-5]*|"") false;;
|
2019-04-17 16:19:26 +02:00
|
|
|
*) true;;
|
|
|
|
esac
|
|
|
|
}
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_memsan () {
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "build: MSan (clang)" # ~ 1 min 20s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
|
2017-12-10 23:22:20 +01:00
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
|
|
|
make
|
2014-11-20 13:10:22 +01:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "test: main suites (MSan)" # ~ 10s
|
|
|
|
make test
|
2014-05-09 13:46:59 +02:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2014-05-09 13:46:59 +02:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
# Optional part(s)
|
2014-11-20 13:10:22 +01:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
if [ "$MEMORY" -gt 0 ]; then
|
|
|
|
msg "test: compat.sh (MSan)" # ~ 6 min 20s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2017-12-10 23:22:20 +01:00
|
|
|
fi
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2019-01-10 00:11:42 +01:00
|
|
|
component_test_valgrind () {
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "build: Release (clang)"
|
2022-11-29 16:45:30 +01:00
|
|
|
# default config, in particular without MBEDTLS_USE_PSA_CRYPTO
|
2017-12-10 23:22:20 +01:00
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
make
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: main suites, Valgrind (default config)"
|
2017-12-10 23:22:20 +01:00
|
|
|
make memcheck
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
# Optional parts (slow; currently broken on OS X because programs don't
|
|
|
|
# seem to receive signals under valgrind on OS X).
|
2022-11-29 16:45:30 +01:00
|
|
|
# These optional parts don't run on the CI.
|
2017-12-10 23:22:20 +01:00
|
|
|
if [ "$MEMORY" -gt 0 ]; then
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: ssl-opt.sh --memcheck (default config)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh --memcheck
|
2017-12-10 23:22:20 +01:00
|
|
|
fi
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
if [ "$MEMORY" -gt 1 ]; then
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: compat.sh --memcheck (default config)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh --memcheck
|
2017-12-10 23:22:20 +01:00
|
|
|
fi
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
if [ "$MEMORY" -gt 0 ]; then
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: context-info.sh --memcheck (default config)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh --memcheck
|
2020-04-07 16:07:05 +02:00
|
|
|
fi
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2022-11-29 16:45:30 +01:00
|
|
|
component_test_valgrind_psa () {
|
|
|
|
msg "build: Release, full (clang)"
|
|
|
|
# full config, in particular with MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
scripts/config.py full
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "test: main suites, Valgrind (full config)"
|
|
|
|
make memcheck
|
|
|
|
}
|
|
|
|
|
2021-11-25 18:29:40 +01:00
|
|
|
support_test_cmake_out_of_source () {
|
|
|
|
distrib_id=""
|
|
|
|
distrib_ver=""
|
|
|
|
distrib_ver_minor=""
|
|
|
|
distrib_ver_major=""
|
|
|
|
|
|
|
|
# Attempt to parse lsb-release to find out distribution and version. If not
|
|
|
|
# found this should fail safe (test is supported).
|
|
|
|
if [[ -f /etc/lsb-release ]]; then
|
|
|
|
|
|
|
|
while read -r lsb_line; do
|
|
|
|
case "$lsb_line" in
|
|
|
|
"DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};;
|
|
|
|
"DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};;
|
|
|
|
esac
|
|
|
|
done < /etc/lsb-release
|
|
|
|
|
|
|
|
distrib_ver_major="${distrib_ver%%.*}"
|
|
|
|
distrib_ver="${distrib_ver#*.}"
|
|
|
|
distrib_ver_minor="${distrib_ver%%.*}"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Running the out of source CMake test on Ubuntu 16.04 using more than one
|
|
|
|
# processor (as the CI does) can create a race condition whereby the build
|
|
|
|
# fails to see a generated file, despite that file actually having been
|
|
|
|
# generated. This problem appears to go away with 18.04 or newer, so make
|
|
|
|
# the out of source tests unsupported on Ubuntu 16.04.
|
|
|
|
[ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_cmake_out_of_source () {
|
|
|
|
msg "build: cmake 'out-of-source' build"
|
|
|
|
MBEDTLS_ROOT_DIR="$PWD"
|
|
|
|
mkdir "$OUT_OF_SOURCE_DIR"
|
|
|
|
cd "$OUT_OF_SOURCE_DIR"
|
2021-10-07 19:34:57 +02:00
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR"
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: cmake 'out-of-source' build"
|
|
|
|
make test
|
2022-04-16 11:31:25 +02:00
|
|
|
# Check that ssl-opt.sh can find the test programs.
|
2018-11-27 15:58:47 +01:00
|
|
|
# Also ensure that there are no error messages such as
|
|
|
|
# "No such file or directory", which would indicate that some required
|
|
|
|
# file is missing (ssl-opt.sh tolerates the absence of some files so
|
|
|
|
# may exit with status 0 but emit errors).
|
2022-04-16 11:31:25 +02:00
|
|
|
./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
|
2022-04-15 22:43:38 +02:00
|
|
|
grep PASS ssl-opt.out
|
2020-03-28 18:56:09 +01:00
|
|
|
cat ssl-opt.err >&2
|
|
|
|
# If ssl-opt.err is non-empty, record an error and keep going.
|
2021-07-08 18:41:16 +02:00
|
|
|
[ ! -s ssl-opt.err ]
|
2022-04-15 22:43:38 +02:00
|
|
|
rm ssl-opt.out ssl-opt.err
|
2018-11-27 15:58:47 +01:00
|
|
|
cd "$MBEDTLS_ROOT_DIR"
|
|
|
|
rm -rf "$OUT_OF_SOURCE_DIR"
|
|
|
|
}
|
|
|
|
|
2019-06-20 18:38:22 +02:00
|
|
|
component_test_cmake_as_subdirectory () {
|
|
|
|
msg "build: cmake 'as-subdirectory' build"
|
|
|
|
cd programs/test/cmake_subproject
|
|
|
|
cmake .
|
|
|
|
make
|
2021-07-08 18:41:16 +02:00
|
|
|
./cmake_subproject
|
2019-06-20 18:38:22 +02:00
|
|
|
}
|
2022-02-04 00:21:12 +01:00
|
|
|
support_test_cmake_as_subdirectory () {
|
|
|
|
support_test_cmake_out_of_source
|
2019-06-20 18:38:22 +02:00
|
|
|
}
|
|
|
|
|
2021-03-25 17:03:25 +01:00
|
|
|
component_test_cmake_as_package () {
|
|
|
|
msg "build: cmake 'as-package' build"
|
|
|
|
cd programs/test/cmake_package
|
|
|
|
cmake .
|
|
|
|
make
|
2021-07-08 18:41:16 +02:00
|
|
|
./cmake_package
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
2022-02-04 00:21:12 +01:00
|
|
|
support_test_cmake_as_package () {
|
|
|
|
support_test_cmake_out_of_source
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
component_test_cmake_as_package_install () {
|
|
|
|
msg "build: cmake 'as-installed-package' build"
|
|
|
|
cd programs/test/cmake_package_install
|
|
|
|
cmake .
|
|
|
|
make
|
2021-07-08 18:41:16 +02:00
|
|
|
./cmake_package_install
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
2022-02-04 00:21:12 +01:00
|
|
|
support_test_cmake_as_package_install () {
|
|
|
|
support_test_cmake_out_of_source
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
|
|
|
|
2023-01-12 15:17:01 +01:00
|
|
|
component_build_cmake_custom_config_file () {
|
2023-01-31 11:34:44 +01:00
|
|
|
# Make a copy of config file to use for the in-tree test
|
|
|
|
cp "$CONFIG_H" include/mbedtls_config_in_tree_copy.h
|
2023-01-12 15:17:01 +01:00
|
|
|
|
|
|
|
MBEDTLS_ROOT_DIR="$PWD"
|
|
|
|
mkdir "$OUT_OF_SOURCE_DIR"
|
|
|
|
cd "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
2023-01-31 11:34:44 +01:00
|
|
|
# Build once to get the generated files (which need an intact config file)
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake "$MBEDTLS_ROOT_DIR"
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "build: cmake with -DMBEDTLS_CONFIG_FILE"
|
|
|
|
scripts/config.py -w full_config.h full
|
2023-01-31 11:34:44 +01:00
|
|
|
echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
|
|
|
|
# In the user config, disable one feature (for simplicity, pick a feature
|
|
|
|
# that nothing else depends on).
|
|
|
|
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
|
|
|
|
|
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h "$MBEDTLS_ROOT_DIR"
|
|
|
|
make
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
|
|
|
rm -f user_config.h full_config.h
|
|
|
|
|
|
|
|
cd "$MBEDTLS_ROOT_DIR"
|
|
|
|
rm -rf "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
|
|
|
# Now repeat the test for an in-tree build:
|
|
|
|
|
2023-01-31 11:34:44 +01:00
|
|
|
# Restore config for the in-tree test
|
|
|
|
mv include/mbedtls_config_in_tree_copy.h "$CONFIG_H"
|
2023-01-12 15:17:01 +01:00
|
|
|
|
2023-01-31 11:34:44 +01:00
|
|
|
# Build once to get the generated files (which need an intact config)
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE"
|
|
|
|
scripts/config.py -w full_config.h full
|
2023-01-31 11:34:44 +01:00
|
|
|
echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h .
|
|
|
|
make
|
|
|
|
|
|
|
|
msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
|
|
|
|
# In the user config, disable one feature (for simplicity, pick a feature
|
|
|
|
# that nothing else depends on).
|
|
|
|
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
|
|
|
|
|
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h .
|
|
|
|
make
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
|
|
|
rm -f user_config.h full_config.h
|
|
|
|
}
|
|
|
|
support_build_cmake_custom_config_file () {
|
|
|
|
support_test_cmake_out_of_source
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_zeroize () {
|
|
|
|
# Test that the function mbedtls_platform_zeroize() is not optimized away by
|
|
|
|
# different combinations of compilers and optimization flags by using an
|
|
|
|
# auxiliary GDB script. Unfortunately, GDB does not return error values to the
|
|
|
|
# system in all cases that the script fails, so we must manually search the
|
|
|
|
# output to check whether the pass string is present and no failure strings
|
|
|
|
# were printed.
|
2019-01-06 20:52:22 +01:00
|
|
|
|
|
|
|
# Don't try to disable ASLR. We don't care about ASLR here. We do care
|
|
|
|
# about a spurious message if Gdb tries and fails, so suppress that.
|
|
|
|
gdb_disable_aslr=
|
|
|
|
if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
|
|
|
|
gdb_disable_aslr='set disable-randomization off'
|
|
|
|
fi
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
for optimization_flag in -O2 -O3 -Ofast -Os; do
|
2019-01-09 22:28:21 +01:00
|
|
|
for compiler in clang gcc; do
|
|
|
|
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
|
|
|
|
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
|
2021-07-08 18:41:16 +02:00
|
|
|
gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
|
|
|
|
grep "The buffer was correctly zeroized" test_zeroize.log
|
|
|
|
not grep -i "error" test_zeroize.log
|
2019-01-09 22:28:21 +01:00
|
|
|
rm -f test_zeroize.log
|
|
|
|
make clean
|
|
|
|
done
|
2017-10-25 11:35:51 +02:00
|
|
|
done
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2021-10-19 15:05:36 +02:00
|
|
|
component_test_psa_compliance () {
|
|
|
|
msg "build: make, default config (out-of-box), libmbedcrypto.a only"
|
2021-10-25 19:29:07 +02:00
|
|
|
make -C library libmbedcrypto.a
|
2021-10-19 15:05:36 +02:00
|
|
|
|
|
|
|
msg "unit test: test_psa_compliance.py"
|
|
|
|
./tests/scripts/test_psa_compliance.py
|
|
|
|
}
|
|
|
|
|
|
|
|
support_test_psa_compliance () {
|
2021-11-03 11:36:09 +01:00
|
|
|
# psa-compliance-tests only supports CMake >= 3.10.0
|
2021-10-25 19:29:07 +02:00
|
|
|
ver="$(cmake --version)"
|
|
|
|
ver="${ver#cmake version }"
|
|
|
|
ver_major="${ver%%.*}"
|
|
|
|
|
|
|
|
ver="${ver#*.}"
|
|
|
|
ver_minor="${ver%%.*}"
|
|
|
|
|
|
|
|
[ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
|
2021-10-19 15:05:36 +02:00
|
|
|
}
|
|
|
|
|
2022-12-09 12:23:35 +01:00
|
|
|
component_check_code_style () {
|
|
|
|
msg "Check C code style"
|
|
|
|
./scripts/code_style.py
|
2022-11-10 19:30:52 +01:00
|
|
|
}
|
|
|
|
|
2022-12-09 12:23:35 +01:00
|
|
|
support_check_code_style() {
|
2022-11-10 19:30:52 +01:00
|
|
|
case $(uncrustify --version) in
|
|
|
|
*0.75.1*) true;;
|
|
|
|
*) false;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_python_files () {
|
|
|
|
msg "Lint: Python scripts"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-python-files.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2021-07-29 12:18:29 +02:00
|
|
|
component_check_test_helpers () {
|
|
|
|
msg "unit test: generate_test_code.py"
|
2020-06-02 11:40:08 +02:00
|
|
|
# unittest writes out mundane stuff like number or tests run on stderr.
|
|
|
|
# Our convention is to reserve stderr for actual errors, and write
|
|
|
|
# harmless info on stdout so it can be suppress with --quiet.
|
2021-07-08 18:41:16 +02:00
|
|
|
./tests/scripts/test_generate_test_code.py 2>&1
|
2021-07-29 12:18:29 +02:00
|
|
|
|
2021-08-06 10:41:27 +02:00
|
|
|
msg "unit test: translate_ciphers.py"
|
|
|
|
python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
|
|
|
################################################################
|
|
|
|
#### Termination
|
|
|
|
################################################################
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
post_report () {
|
|
|
|
msg "Done, cleaning up"
|
2020-03-30 20:11:39 +02:00
|
|
|
final_cleanup
|
2018-11-27 15:58:47 +01:00
|
|
|
|
|
|
|
final_report
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
#### Run all the things
|
|
|
|
################################################################
|
|
|
|
|
2020-03-28 21:09:21 +01:00
|
|
|
# Function invoked by --error-test to test error reporting.
|
|
|
|
pseudo_component_error_test () {
|
2021-08-02 23:28:00 +02:00
|
|
|
msg "Testing error reporting $error_test_i"
|
2020-03-28 21:09:21 +01:00
|
|
|
if [ $KEEP_GOING -ne 0 ]; then
|
|
|
|
echo "Expect three failing commands."
|
|
|
|
fi
|
2021-08-02 23:28:00 +02:00
|
|
|
# If the component doesn't run in a subshell, changing error_test_i to an
|
|
|
|
# invalid integer will cause an error in the loop that runs this function.
|
|
|
|
error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
|
2021-08-02 23:14:03 +02:00
|
|
|
# Expected error: 'grep non_existent /dev/null -> 1'
|
2020-03-28 21:09:21 +01:00
|
|
|
grep non_existent /dev/null
|
2021-08-02 23:14:03 +02:00
|
|
|
# Expected error: '! grep -q . tests/scripts/all.sh -> 1'
|
2020-03-28 21:09:21 +01:00
|
|
|
not grep -q . "$0"
|
2021-08-02 23:14:03 +02:00
|
|
|
# Expected error: 'make unknown_target -> 2'
|
2020-03-28 21:09:21 +01:00
|
|
|
make unknown_target
|
|
|
|
false "this should not be executed"
|
|
|
|
}
|
|
|
|
|
2018-11-27 16:06:30 +01:00
|
|
|
# Run one component and clean up afterwards.
|
2018-11-27 15:58:47 +01:00
|
|
|
run_component () {
|
2018-12-04 12:49:28 +01:00
|
|
|
current_component="$1"
|
2019-09-16 15:20:36 +02:00
|
|
|
export MBEDTLS_TEST_CONFIGURATION="$current_component"
|
2019-10-07 18:44:21 +02:00
|
|
|
|
|
|
|
# Unconditionally create a seedfile that's sufficiently long.
|
|
|
|
# Do this before each component, because a previous component may
|
|
|
|
# have messed it up or shortened it.
|
2021-07-08 19:03:50 +02:00
|
|
|
local dd_cmd
|
|
|
|
dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
|
|
|
|
case $OSTYPE in
|
2022-03-16 15:11:07 +01:00
|
|
|
linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
|
2021-07-08 19:03:50 +02:00
|
|
|
esac
|
|
|
|
"${dd_cmd[@]}"
|
2019-10-07 18:44:21 +02:00
|
|
|
|
2021-08-02 23:14:03 +02:00
|
|
|
# Run the component in a subshell, with error trapping and output
|
|
|
|
# redirection set up based on the relevant options.
|
2020-03-28 18:50:43 +01:00
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
2021-08-02 23:14:03 +02:00
|
|
|
# We want to keep running if the subshell fails, so 'set -e' must
|
|
|
|
# be off when the subshell runs.
|
2020-03-28 18:50:43 +01:00
|
|
|
set +e
|
|
|
|
fi
|
|
|
|
(
|
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
# msg() will be silenced, so just print the component name here.
|
|
|
|
echo "${current_component#component_}"
|
|
|
|
exec >/dev/null
|
|
|
|
fi
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
# Keep "set -e" off, and run an ERR trap instead to record failures.
|
|
|
|
set -E
|
|
|
|
trap err_trap ERR
|
|
|
|
fi
|
|
|
|
# The next line is what runs the component
|
|
|
|
"$@"
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
trap - ERR
|
|
|
|
exit $last_failure_status
|
|
|
|
fi
|
|
|
|
)
|
|
|
|
component_status=$?
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
set -e
|
|
|
|
if [ $component_status -ne 0 ]; then
|
|
|
|
failure_count=$((failure_count + 1))
|
|
|
|
fi
|
2020-06-02 11:28:07 +02:00
|
|
|
fi
|
2019-10-07 18:44:21 +02:00
|
|
|
|
|
|
|
# Restore the build tree to a clean state.
|
2018-11-27 16:06:30 +01:00
|
|
|
cleanup
|
2020-06-08 10:59:41 +02:00
|
|
|
unset current_component
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Preliminary setup
|
|
|
|
pre_check_environment
|
2023-06-09 15:20:18 +02:00
|
|
|
pre_parse_command_line_for_dirs "$@"
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_initialize_variables
|
|
|
|
pre_parse_command_line "$@"
|
2018-11-27 17:04:29 +01:00
|
|
|
|
2019-01-06 21:50:38 +01:00
|
|
|
pre_check_git
|
2021-07-12 18:16:01 +02:00
|
|
|
pre_restore_files
|
2020-03-30 20:11:39 +02:00
|
|
|
pre_back_up
|
2019-02-14 13:18:59 +01:00
|
|
|
|
2019-01-06 21:50:38 +01:00
|
|
|
build_status=0
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
pre_setup_keep_going
|
2018-11-27 15:58:47 +01:00
|
|
|
fi
|
2019-09-16 15:55:46 +02:00
|
|
|
pre_prepare_outcome_file
|
2019-01-06 21:50:38 +01:00
|
|
|
pre_print_configuration
|
|
|
|
pre_check_tools
|
2014-03-19 18:29:01 +01:00
|
|
|
cleanup
|
2021-04-22 01:10:12 +02:00
|
|
|
pre_generate_files
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2019-01-06 23:11:25 +01:00
|
|
|
# Run the requested tests.
|
2021-08-02 23:28:00 +02:00
|
|
|
for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
|
2020-03-28 21:09:21 +01:00
|
|
|
run_component pseudo_component_error_test
|
|
|
|
done
|
2021-08-02 23:28:00 +02:00
|
|
|
unset error_test_i
|
2019-01-06 23:11:25 +01:00
|
|
|
for component in $RUN_COMPONENTS; do
|
|
|
|
run_component "component_$component"
|
|
|
|
done
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
# We're done.
|
2019-01-06 21:50:38 +01:00
|
|
|
post_report
|