2020-03-27 16:35:23 +01:00
|
|
|
#! /usr/bin/env bash
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2016-03-08 00:22:10 +01:00
|
|
|
# all.sh
|
|
|
|
|
#
|
2020-08-07 13:07:28 +02:00
|
|
|
# Copyright The Mbed TLS Contributors
|
2023-11-02 20:47:20 +01:00
|
|
|
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
2017-12-21 15:59:21 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
|
#### Documentation
|
|
|
|
|
################################################################
|
|
|
|
|
|
2016-03-08 00:22:10 +01:00
|
|
|
# Purpose
|
2017-12-21 15:59:21 +01:00
|
|
|
# -------
|
2016-03-08 00:22:10 +01:00
|
|
|
#
|
2016-04-16 22:54:39 +02:00
|
|
|
# To run all tests possible or available on the platform.
|
2014-03-19 18:29:01 +01:00
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# Notes for users
|
|
|
|
|
# ---------------
|
|
|
|
|
#
|
2016-04-16 22:54:39 +02:00
|
|
|
# Warning: the test is destructive. It includes various build modes and
|
|
|
|
|
# configurations, and can and will arbitrarily change the current CMake
|
2017-12-21 15:59:21 +01:00
|
|
|
# configuration. The following files must be committed into git:
|
2021-05-28 09:42:25 +02:00
|
|
|
# * include/mbedtls/mbedtls_config.h
|
2020-03-04 20:46:15 +01:00
|
|
|
# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
|
|
|
|
|
# programs/fuzz/Makefile
|
2017-12-21 15:59:21 +01:00
|
|
|
# After running this script, the CMake cache will be lost and CMake
|
|
|
|
|
# will no longer be initialised.
|
|
|
|
|
#
|
|
|
|
|
# The script assumes the presence of a number of tools:
|
|
|
|
|
# * Basic Unix tools (Windows users note: a Unix-style find must be before
|
|
|
|
|
# the Windows find in the PATH)
|
|
|
|
|
# * Perl
|
|
|
|
|
# * GNU Make
|
|
|
|
|
# * CMake
|
|
|
|
|
# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
|
2018-06-28 10:41:50 +02:00
|
|
|
# * G++
|
2017-12-21 15:59:21 +01:00
|
|
|
# * arm-gcc and mingw-gcc
|
|
|
|
|
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
|
2023-08-27 21:39:21 +02:00
|
|
|
# * OpenSSL and GnuTLS command line tools, in suitable versions for the
|
|
|
|
|
# interoperability tests. The following are the official versions at the
|
|
|
|
|
# time of writing:
|
|
|
|
|
# * GNUTLS_{CLI,SERV} = 3.4.10
|
|
|
|
|
# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
|
|
|
|
|
# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
|
|
|
|
|
# * OPENSSL_NEXT = 1.1.1a
|
2017-12-21 15:59:21 +01:00
|
|
|
# See the invocation of check_tools below for details.
|
|
|
|
|
#
|
|
|
|
|
# This script must be invoked from the toplevel directory of a git
|
|
|
|
|
# working copy of Mbed TLS.
|
|
|
|
|
#
|
2020-03-28 18:50:43 +01:00
|
|
|
# The behavior on an error depends on whether --keep-going (alias -k)
|
|
|
|
|
# is in effect.
|
|
|
|
|
# * Without --keep-going: the script stops on the first error without
|
|
|
|
|
# cleaning up. This lets you work in the configuration of the failing
|
|
|
|
|
# component.
|
|
|
|
|
# * With --keep-going: the script runs all requested components and
|
|
|
|
|
# reports failures at the end. In particular the script always cleans
|
|
|
|
|
# up on exit.
|
|
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# Note that the output is not saved. You may want to run
|
|
|
|
|
# script -c tests/scripts/all.sh
|
|
|
|
|
# or
|
|
|
|
|
# tests/scripts/all.sh >all.log 2>&1
|
2014-03-27 14:44:04 +01:00
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# Notes for maintainers
|
|
|
|
|
# ---------------------
|
2014-03-27 14:44:04 +01:00
|
|
|
#
|
2018-11-27 15:58:47 +01:00
|
|
|
# The bulk of the code is organized into functions that follow one of the
|
|
|
|
|
# following naming conventions:
|
|
|
|
|
# * pre_XXX: things to do before running the tests, in order.
|
|
|
|
|
# * component_XXX: independent components. They can be run in any order.
|
2019-01-09 22:29:17 +01:00
|
|
|
# * component_check_XXX: quick tests that aren't worth parallelizing.
|
|
|
|
|
# * component_build_XXX: build things but don't run them.
|
|
|
|
|
# * component_test_XXX: build and test.
|
2019-01-06 21:50:38 +01:00
|
|
|
# * support_XXX: if support_XXX exists and returns false then
|
|
|
|
|
# component_XXX is not run by default.
|
2018-11-27 15:58:47 +01:00
|
|
|
# * post_XXX: things to do after running the tests.
|
|
|
|
|
# * other: miscellaneous support functions.
|
|
|
|
|
#
|
2019-01-09 22:29:17 +01:00
|
|
|
# Each component must start by invoking `msg` with a short informative message.
|
|
|
|
|
#
|
2020-03-28 21:27:40 +01:00
|
|
|
# Warning: due to the way bash detects errors, the failure of a command
|
|
|
|
|
# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
|
|
|
|
|
#
|
2020-03-28 18:50:43 +01:00
|
|
|
# Each component is executed in a separate shell process. The component
|
|
|
|
|
# fails if any command in it returns a non-zero status.
|
|
|
|
|
#
|
2019-01-09 22:29:17 +01:00
|
|
|
# The framework performs some cleanup tasks after each component. This
|
|
|
|
|
# means that components can assume that the working directory is in a
|
|
|
|
|
# cleaned-up state, and don't need to perform the cleanup themselves.
|
|
|
|
|
# * Run `make clean`.
|
2021-06-28 15:11:11 +02:00
|
|
|
# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
|
2019-01-09 22:29:17 +01:00
|
|
|
# the component.
|
2020-03-04 20:46:15 +01:00
|
|
|
# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
|
|
|
|
|
# `tests/Makefile` and `programs/fuzz/Makefile` from git.
|
|
|
|
|
# This cleans up after an in-tree use of CMake.
|
2019-01-09 22:29:17 +01:00
|
|
|
#
|
2017-12-21 15:59:21 +01:00
|
|
|
# The tests are roughly in order from fastest to slowest. This doesn't
|
|
|
|
|
# have to be exact, but in general you should add slower tests towards
|
|
|
|
|
# the end and fast checks near the beginning.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
|
#### Initialization and command line parsing
|
|
|
|
|
################################################################
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2020-03-28 18:50:49 +01:00
|
|
|
# Abort on errors (even on the left-hand side of a pipe).
|
|
|
|
|
# Treat uninitialised variables as errors.
|
|
|
|
|
set -e -o pipefail -u
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2022-08-30 21:02:44 +02:00
|
|
|
# Enable ksh/bash extended file matching patterns
|
|
|
|
|
shopt -s extglob
|
|
|
|
|
|
2023-08-17 18:32:26 +02:00
|
|
|
in_mbedtls_repo () {
|
2023-08-29 10:53:52 +02:00
|
|
|
test -d include -a -d library -a -d programs -a -d tests
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-09 10:25:45 +02:00
|
|
|
in_tf_psa_crypto_repo () {
|
2023-08-29 10:53:52 +02:00
|
|
|
test -d include -a -d core -a -d drivers -a -d programs -a -d tests
|
2023-07-14 13:30:00 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_check_environment () {
|
2023-10-09 10:25:45 +02:00
|
|
|
if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
|
|
|
|
|
echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
|
2018-11-27 15:58:47 +01:00
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_initialize_variables () {
|
2023-08-17 18:32:26 +02:00
|
|
|
if in_mbedtls_repo; then
|
2023-07-14 13:30:00 +02:00
|
|
|
CONFIG_H='include/mbedtls/mbedtls_config.h'
|
2023-08-17 18:32:26 +02:00
|
|
|
else
|
|
|
|
|
CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
|
2023-07-14 13:30:00 +02:00
|
|
|
fi
|
2020-11-01 06:14:03 +01:00
|
|
|
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
|
2022-12-27 12:35:11 +01:00
|
|
|
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
|
2020-03-30 20:11:39 +02:00
|
|
|
|
|
|
|
|
# Files that are clobbered by some jobs will be backed up. Use a different
|
|
|
|
|
# suffix from auxiliary scripts so that all.sh and auxiliary scripts can
|
|
|
|
|
# independently decide when to remove the backup file.
|
|
|
|
|
backup_suffix='.all.bak'
|
|
|
|
|
# Files clobbered by config.py
|
2023-07-31 11:57:16 +02:00
|
|
|
files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
|
2023-08-17 18:32:26 +02:00
|
|
|
if in_mbedtls_repo; then
|
2023-07-14 13:30:00 +02:00
|
|
|
# Files clobbered by in-tree cmake
|
|
|
|
|
files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
|
|
|
|
|
fi
|
2018-11-27 15:58:47 +01:00
|
|
|
|
2019-09-16 15:55:46 +02:00
|
|
|
append_outcome=0
|
2018-11-27 15:58:47 +01:00
|
|
|
MEMORY=0
|
|
|
|
|
FORCE=0
|
2020-06-02 11:28:07 +02:00
|
|
|
QUIET=0
|
2018-11-27 15:58:47 +01:00
|
|
|
KEEP_GOING=0
|
|
|
|
|
|
2020-06-08 12:59:27 +02:00
|
|
|
# Seed value used with the --release-test option.
|
2020-06-22 10:11:47 +02:00
|
|
|
#
|
|
|
|
|
# See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
|
|
|
|
|
# both values are kept in sync. If you change the value here because it
|
|
|
|
|
# breaks some tests, you'll definitely want to change it in
|
|
|
|
|
# basic-build-test.sh as well.
|
2020-06-08 12:59:27 +02:00
|
|
|
RELEASE_SEED=1
|
|
|
|
|
|
2023-11-23 14:29:56 +01:00
|
|
|
# Specify character collation for regular expressions and sorting with C locale
|
|
|
|
|
export LC_COLLATE=C
|
|
|
|
|
|
2019-09-16 15:55:46 +02:00
|
|
|
: ${MBEDTLS_TEST_OUTCOME_FILE=}
|
2019-09-16 15:20:36 +02:00
|
|
|
: ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
|
2019-09-16 15:55:46 +02:00
|
|
|
export MBEDTLS_TEST_OUTCOME_FILE
|
2019-09-16 15:20:36 +02:00
|
|
|
export MBEDTLS_TEST_PLATFORM
|
|
|
|
|
|
2019-01-30 16:35:44 +01:00
|
|
|
# Default commands, can be overridden by the environment
|
2018-11-27 15:58:47 +01:00
|
|
|
: ${OPENSSL:="openssl"}
|
|
|
|
|
: ${OPENSSL_NEXT:="$OPENSSL"}
|
|
|
|
|
: ${GNUTLS_CLI:="gnutls-cli"}
|
|
|
|
|
: ${GNUTLS_SERV:="gnutls-serv"}
|
|
|
|
|
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
|
|
|
|
|
: ${ARMC5_BIN_DIR:=/usr/bin}
|
|
|
|
|
: ${ARMC6_BIN_DIR:=/usr/bin}
|
2020-04-30 18:19:32 +02:00
|
|
|
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
|
2020-08-18 10:28:51 +02:00
|
|
|
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
|
2023-07-31 17:38:10 +02:00
|
|
|
: ${CLANG_LATEST:="clang-latest"}
|
|
|
|
|
: ${CLANG_EARLIEST:="clang-earliest"}
|
|
|
|
|
: ${GCC_LATEST:="gcc-latest"}
|
|
|
|
|
: ${GCC_EARLIEST:="gcc-earliest"}
|
2018-11-27 15:58:47 +01:00
|
|
|
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
|
2019-01-06 21:15:26 +01:00
|
|
|
if [ -z "${MAKEFLAGS+set}" ]; then
|
2021-09-30 18:24:21 +02:00
|
|
|
export MAKEFLAGS="-j$(all_sh_nproc)"
|
2018-11-27 15:58:47 +01:00
|
|
|
fi
|
2019-01-06 21:50:38 +01:00
|
|
|
|
2021-09-20 18:57:55 +02:00
|
|
|
# Include more verbose output for failing tests run by CMake or make
|
2019-02-07 18:43:39 +01:00
|
|
|
export CTEST_OUTPUT_ON_FAILURE=1
|
|
|
|
|
|
2019-10-21 17:11:33 +02:00
|
|
|
# CFLAGS and LDFLAGS for Asan builds that don't use CMake
|
2022-11-30 10:42:03 +01:00
|
|
|
# default to -O2, use -Ox _after_ this if you want another level
|
2023-05-31 09:38:21 +02:00
|
|
|
ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
|
2023-12-14 17:42:48 +01:00
|
|
|
# Normally, tests should use this compiler for ASAN testing
|
|
|
|
|
ASAN_CC=clang
|
2019-10-21 17:11:33 +02:00
|
|
|
|
2023-06-27 16:02:09 +02:00
|
|
|
# Platform tests have an allocation that returns null
|
|
|
|
|
export ASAN_OPTIONS="allocator_may_return_null=1"
|
2023-07-05 14:32:43 +02:00
|
|
|
export MSAN_OPTIONS="allocator_may_return_null=1"
|
2023-06-27 16:02:09 +02:00
|
|
|
|
2019-01-06 21:50:38 +01:00
|
|
|
# Gather the list of available components. These are the functions
|
|
|
|
|
# defined in this script whose name starts with "component_".
|
2023-07-28 17:41:21 +02:00
|
|
|
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
|
2019-01-06 21:50:38 +01:00
|
|
|
|
|
|
|
|
# Exclude components that are not supported on this platform.
|
|
|
|
|
SUPPORTED_COMPONENTS=
|
|
|
|
|
for component in $ALL_COMPONENTS; do
|
|
|
|
|
case $(type "support_$component" 2>&1) in
|
|
|
|
|
*' function'*)
|
|
|
|
|
if ! support_$component; then continue; fi;;
|
|
|
|
|
esac
|
|
|
|
|
SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
|
|
|
|
|
done
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-07-12 17:54:33 +02:00
|
|
|
|
2019-01-10 00:05:18 +01:00
|
|
|
# Test whether the component $1 is included in the command line patterns.
|
|
|
|
|
is_component_included()
|
2018-11-27 21:37:53 +01:00
|
|
|
{
|
2021-08-06 11:35:17 +02:00
|
|
|
# Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
|
|
|
|
|
# only does word splitting.
|
2018-11-27 21:37:53 +01:00
|
|
|
set -f
|
2019-01-06 23:11:25 +01:00
|
|
|
for pattern in $COMMAND_LINE_COMPONENTS; do
|
2018-11-27 21:37:53 +01:00
|
|
|
set +f
|
|
|
|
|
case ${1#component_} in $pattern) return 0;; esac
|
|
|
|
|
done
|
|
|
|
|
set +f
|
|
|
|
|
return 1
|
|
|
|
|
}
|
2016-07-12 17:54:33 +02:00
|
|
|
|
2016-09-07 01:07:09 +02:00
|
|
|
usage()
|
2016-04-16 22:54:39 +02:00
|
|
|
{
|
2017-12-10 23:43:39 +01:00
|
|
|
cat <<EOF
|
2018-11-27 18:15:35 +01:00
|
|
|
Usage: $0 [OPTION]... [COMPONENT]...
|
2018-11-27 17:04:29 +01:00
|
|
|
Run mbedtls release validation tests.
|
2018-11-27 18:15:35 +01:00
|
|
|
By default, run all tests. With one or more COMPONENT, run only those.
|
2019-01-10 00:05:18 +01:00
|
|
|
COMPONENT can be the name of a component or a shell wildcard pattern.
|
|
|
|
|
|
|
|
|
|
Examples:
|
|
|
|
|
$0 "check_*"
|
|
|
|
|
Run all sanity checks.
|
|
|
|
|
$0 --no-armcc --except test_memsan
|
|
|
|
|
Run everything except builds that require armcc and MemSan.
|
2018-11-27 17:04:29 +01:00
|
|
|
|
|
|
|
|
Special options:
|
|
|
|
|
-h|--help Print this help and exit.
|
2019-01-06 21:50:38 +01:00
|
|
|
--list-all-components List all available test components and exit.
|
|
|
|
|
--list-components List components supported on this platform and exit.
|
2017-12-10 23:43:39 +01:00
|
|
|
|
|
|
|
|
General options:
|
2020-06-02 11:28:07 +02:00
|
|
|
-q|--quiet Only output component names, and errors if any.
|
2017-12-10 23:43:39 +01:00
|
|
|
-f|--force Force the tests to overwrite any modified files.
|
2017-12-11 00:01:40 +01:00
|
|
|
-k|--keep-going Run all tests and report errors at the end.
|
2017-12-10 23:43:39 +01:00
|
|
|
-m|--memory Additional optional memory tests.
|
2019-09-16 15:55:46 +02:00
|
|
|
--append-outcome Append to the outcome file (if used).
|
2020-04-30 18:19:32 +02:00
|
|
|
--arm-none-eabi-gcc-prefix=<string>
|
|
|
|
|
Prefix for a cross-compiler for arm-none-eabi
|
|
|
|
|
(default: "${ARM_NONE_EABI_GCC_PREFIX}")
|
2020-08-18 10:28:51 +02:00
|
|
|
--arm-linux-gnueabi-gcc-prefix=<string>
|
|
|
|
|
Prefix for a cross-compiler for arm-linux-gnueabi
|
|
|
|
|
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
|
2017-12-19 18:24:31 +01:00
|
|
|
--armcc Run ARM Compiler builds (on by default).
|
2021-08-06 11:51:59 +02:00
|
|
|
--restore First clean up the build tree, restoring backed up
|
|
|
|
|
files. Do not run any components unless they are
|
|
|
|
|
explicitly specified.
|
2020-03-28 21:09:21 +01:00
|
|
|
--error-test Error test mode: run a failing function in addition
|
2021-08-05 15:11:33 +02:00
|
|
|
to any specified component. May be repeated.
|
2019-01-10 00:05:18 +01:00
|
|
|
--except Exclude the COMPONENTs listed on the command line,
|
|
|
|
|
instead of running only those.
|
2019-09-16 15:55:46 +02:00
|
|
|
--no-append-outcome Write a new outcome file and analyze it (default).
|
2017-12-19 18:24:31 +01:00
|
|
|
--no-armcc Skip ARM Compiler builds.
|
2018-03-21 08:40:26 +01:00
|
|
|
--no-force Refuse to overwrite modified files (default).
|
|
|
|
|
--no-keep-going Stop at the first error (default).
|
|
|
|
|
--no-memory No additional memory tests (default).
|
2021-12-21 06:14:10 +01:00
|
|
|
--no-quiet Print full output from components.
|
2017-12-10 23:43:39 +01:00
|
|
|
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
|
2019-09-16 15:55:46 +02:00
|
|
|
--outcome-file=<path> File where test outcomes are written (not done if
|
|
|
|
|
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
|
2018-03-21 08:40:26 +01:00
|
|
|
--random-seed Use a random seed value for randomized tests (default).
|
2020-06-08 12:59:27 +02:00
|
|
|
-r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
|
2017-12-10 23:43:39 +01:00
|
|
|
-s|--seed Integer seed value to use for this test run.
|
|
|
|
|
|
|
|
|
|
Tool path options:
|
|
|
|
|
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
|
|
|
|
|
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
|
2023-07-28 18:04:47 +02:00
|
|
|
--clang-earliest=<Clang_earliest_path> Earliest version of clang available
|
|
|
|
|
--clang-latest=<Clang_latest_path> Latest version of clang available
|
|
|
|
|
--gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
|
|
|
|
|
--gcc-latest=<GCC_latest_path> Latest version of GCC available
|
2017-12-10 23:43:39 +01:00
|
|
|
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
|
|
|
|
|
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
|
|
|
|
|
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
|
2018-02-20 12:02:07 +01:00
|
|
|
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
|
2017-12-10 23:43:39 +01:00
|
|
|
EOF
|
2016-04-16 22:54:39 +02:00
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2021-08-03 13:44:28 +02:00
|
|
|
# Cleanup before/after running a component.
|
|
|
|
|
# Remove built files as well as the cmake cache/config.
|
|
|
|
|
# Does not remove generated source files.
|
2014-03-19 18:29:01 +01:00
|
|
|
cleanup()
|
|
|
|
|
{
|
2023-08-17 18:32:26 +02:00
|
|
|
if in_mbedtls_repo; then
|
2023-07-14 13:30:00 +02:00
|
|
|
command make clean
|
|
|
|
|
fi
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2018-03-21 12:15:06 +01:00
|
|
|
# Remove CMake artefacts
|
2018-11-07 19:46:41 +01:00
|
|
|
find . -name .git -prune -o \
|
2018-03-21 12:15:06 +01:00
|
|
|
-iname CMakeFiles -exec rm -rf {} \+ -o \
|
|
|
|
|
\( -iname cmake_install.cmake -o \
|
|
|
|
|
-iname CTestTestfile.cmake -o \
|
2021-09-09 11:11:44 +02:00
|
|
|
-iname CMakeCache.txt -o \
|
|
|
|
|
-path './cmake/*.cmake' \) -exec rm -f {} \+
|
2018-03-21 12:15:06 +01:00
|
|
|
# Recover files overwritten by in-tree CMake builds
|
2022-08-30 21:02:44 +02:00
|
|
|
rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2019-06-20 18:38:22 +02:00
|
|
|
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
|
|
|
|
|
rm -rf programs/test/cmake_subproject/build
|
|
|
|
|
rm -f programs/test/cmake_subproject/Makefile
|
|
|
|
|
rm -f programs/test/cmake_subproject/cmake_subproject
|
|
|
|
|
|
2021-03-25 17:03:25 +01:00
|
|
|
# Remove any artifacts from the component_test_cmake_as_package test.
|
|
|
|
|
rm -rf programs/test/cmake_package/build
|
|
|
|
|
rm -f programs/test/cmake_package/Makefile
|
|
|
|
|
rm -f programs/test/cmake_package/cmake_package
|
|
|
|
|
|
|
|
|
|
# Remove any artifacts from the component_test_cmake_as_installed_package test.
|
|
|
|
|
rm -rf programs/test/cmake_package_install/build
|
|
|
|
|
rm -f programs/test/cmake_package_install/Makefile
|
|
|
|
|
rm -f programs/test/cmake_package_install/cmake_package_install
|
|
|
|
|
|
2020-03-30 20:11:39 +02:00
|
|
|
# Restore files that may have been clobbered by the job
|
|
|
|
|
for x in $files_to_back_up; do
|
2022-08-30 21:02:00 +02:00
|
|
|
if [[ -e "$x$backup_suffix" ]]; then
|
|
|
|
|
cp -p "$x$backup_suffix" "$x"
|
|
|
|
|
fi
|
2020-03-30 20:11:39 +02:00
|
|
|
done
|
|
|
|
|
}
|
2020-11-01 06:14:03 +01:00
|
|
|
|
2021-08-03 13:44:28 +02:00
|
|
|
# Final cleanup when this script exits (except when exiting on a failure
|
|
|
|
|
# in non-keep-going mode).
|
2020-03-30 20:11:39 +02:00
|
|
|
final_cleanup () {
|
|
|
|
|
cleanup
|
|
|
|
|
|
|
|
|
|
for x in $files_to_back_up; do
|
|
|
|
|
rm -f "$x$backup_suffix"
|
|
|
|
|
done
|
2014-03-19 18:29:01 +01:00
|
|
|
}
|
|
|
|
|
|
2017-12-11 00:01:40 +01:00
|
|
|
# Executed on exit. May be redefined depending on command line options.
|
|
|
|
|
final_report () {
|
|
|
|
|
:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fatal_signal () {
|
2020-03-30 20:11:39 +02:00
|
|
|
final_cleanup
|
2017-12-11 00:01:40 +01:00
|
|
|
final_report $1
|
|
|
|
|
trap - $1
|
|
|
|
|
kill -$1 $$
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
trap 'fatal_signal HUP' HUP
|
|
|
|
|
trap 'fatal_signal INT' INT
|
|
|
|
|
trap 'fatal_signal TERM' TERM
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2021-09-30 18:24:21 +02:00
|
|
|
# Number of processors on this machine. Used as the default setting
|
|
|
|
|
# for parallel make.
|
|
|
|
|
all_sh_nproc ()
|
|
|
|
|
{
|
|
|
|
|
{
|
|
|
|
|
nproc || # Linux
|
|
|
|
|
sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
|
|
|
|
|
sysctl -n hw.ncpu || # FreeBSD
|
|
|
|
|
echo 1
|
|
|
|
|
} 2>/dev/null
|
|
|
|
|
}
|
|
|
|
|
|
2014-03-27 14:44:04 +01:00
|
|
|
msg()
|
|
|
|
|
{
|
2018-12-04 12:49:28 +01:00
|
|
|
if [ -n "${current_component:-}" ]; then
|
|
|
|
|
current_section="${current_component#component_}: $1"
|
|
|
|
|
else
|
|
|
|
|
current_section="$1"
|
|
|
|
|
fi
|
2020-06-02 11:28:07 +02:00
|
|
|
|
|
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2014-03-27 14:44:04 +01:00
|
|
|
echo ""
|
|
|
|
|
echo "******************************************************************"
|
2018-12-04 12:49:28 +01:00
|
|
|
echo "* $current_section "
|
2015-01-26 15:03:56 +01:00
|
|
|
printf "* "; date
|
2014-03-27 14:44:04 +01:00
|
|
|
echo "******************************************************************"
|
|
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
armc6_build_test()
|
|
|
|
|
{
|
|
|
|
|
FLAGS="$1"
|
2016-10-17 16:23:10 +02:00
|
|
|
|
2020-04-30 23:11:54 +02:00
|
|
|
msg "build: ARM Compiler 6 ($FLAGS)"
|
2023-09-08 05:20:59 +02:00
|
|
|
make clean
|
2018-11-27 15:58:47 +01:00
|
|
|
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
|
2023-03-02 14:39:04 +01:00
|
|
|
WARNING_CFLAGS='-Werror -xc -std=c99' make lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
|
|
|
|
msg "size: ARM Compiler 6 ($FLAGS)"
|
|
|
|
|
"$ARMC6_FROMELF" -z library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-10-17 16:23:10 +02:00
|
|
|
|
2016-08-26 15:42:14 +02:00
|
|
|
err_msg()
|
|
|
|
|
{
|
|
|
|
|
echo "$1" >&2
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_tools()
|
|
|
|
|
{
|
2023-09-28 09:08:04 +02:00
|
|
|
for tool in "$@"; do
|
|
|
|
|
if ! `type "$tool" >/dev/null 2>&1`; then
|
|
|
|
|
err_msg "$tool not found!"
|
2016-08-26 15:42:14 +02:00
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-09 15:20:18 +02:00
|
|
|
pre_parse_command_line_for_dirs () {
|
|
|
|
|
# Make an early pass through the options given, so we can set directories
|
|
|
|
|
# for Arm compilers, before SUPPORTED_COMPONENTS is determined.
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
|
case "$1" in
|
|
|
|
|
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
|
|
|
|
|
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
|
|
|
|
|
esac
|
|
|
|
|
shift
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_parse_command_line () {
|
2019-01-06 23:11:25 +01:00
|
|
|
COMMAND_LINE_COMPONENTS=
|
2019-01-10 00:05:18 +01:00
|
|
|
all_except=0
|
2020-03-28 21:09:21 +01:00
|
|
|
error_test=0
|
2021-08-06 11:51:59 +02:00
|
|
|
restore_first=0
|
2019-01-06 23:23:42 +01:00
|
|
|
no_armcc=
|
2019-01-06 23:11:25 +01:00
|
|
|
|
2018-11-02 19:34:17 +01:00
|
|
|
# Note that legacy options are ignored instead of being omitted from this
|
|
|
|
|
# list of options, so invocations that worked with previous version of
|
|
|
|
|
# all.sh will still run and work properly.
|
2018-11-27 15:58:47 +01:00
|
|
|
while [ $# -gt 0 ]; do
|
2019-01-09 22:28:21 +01:00
|
|
|
case "$1" in
|
2019-09-16 15:55:46 +02:00
|
|
|
--append-outcome) append_outcome=1;;
|
2020-04-30 18:19:32 +02:00
|
|
|
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
|
2020-08-18 10:28:51 +02:00
|
|
|
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
|
2019-01-06 23:23:42 +01:00
|
|
|
--armcc) no_armcc=;;
|
2023-06-09 15:20:18 +02:00
|
|
|
--armc5-bin-dir) shift; ;; # assignment to ARMC5_BIN_DIR done in pre_parse_command_line_for_dirs
|
|
|
|
|
--armc6-bin-dir) shift; ;; # assignment to ARMC6_BIN_DIR done in pre_parse_command_line_for_dirs
|
2023-07-28 18:04:47 +02:00
|
|
|
--clang-earliest) shift; CLANG_EARLIEST="$1";;
|
|
|
|
|
--clang-latest) shift; CLANG_LATEST="$1";;
|
2020-03-28 21:09:21 +01:00
|
|
|
--error-test) error_test=$((error_test + 1));;
|
2019-01-06 23:11:25 +01:00
|
|
|
--except) all_except=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--force|-f) FORCE=1;;
|
2023-07-28 18:04:47 +02:00
|
|
|
--gcc-earliest) shift; GCC_EARLIEST="$1";;
|
|
|
|
|
--gcc-latest) shift; GCC_LATEST="$1";;
|
2019-01-09 22:28:21 +01:00
|
|
|
--gnutls-cli) shift; GNUTLS_CLI="$1";;
|
2023-08-27 21:39:21 +02:00
|
|
|
--gnutls-legacy-cli) shift;; # ignored for backward compatibility
|
|
|
|
|
--gnutls-legacy-serv) shift;; # ignored for backward compatibility
|
2019-01-09 22:28:21 +01:00
|
|
|
--gnutls-serv) shift; GNUTLS_SERV="$1";;
|
|
|
|
|
--help|-h) usage; exit;;
|
|
|
|
|
--keep-going|-k) KEEP_GOING=1;;
|
2019-01-06 21:50:38 +01:00
|
|
|
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
|
|
|
|
|
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--memory|-m) MEMORY=1;;
|
2019-09-16 15:55:46 +02:00
|
|
|
--no-append-outcome) append_outcome=0;;
|
2019-01-06 23:23:42 +01:00
|
|
|
--no-armcc) no_armcc=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--no-force) FORCE=0;;
|
|
|
|
|
--no-keep-going) KEEP_GOING=0;;
|
|
|
|
|
--no-memory) MEMORY=0;;
|
2020-06-02 11:28:07 +02:00
|
|
|
--no-quiet) QUIET=0;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--openssl) shift; OPENSSL="$1";;
|
|
|
|
|
--openssl-next) shift; OPENSSL_NEXT="$1";;
|
2019-09-16 15:55:46 +02:00
|
|
|
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
|
2019-01-09 22:28:21 +01:00
|
|
|
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
|
2020-06-02 11:28:07 +02:00
|
|
|
--quiet|-q) QUIET=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--random-seed) unset SEED;;
|
2020-06-08 12:59:27 +02:00
|
|
|
--release-test|-r) SEED=$RELEASE_SEED;;
|
2021-08-06 11:51:59 +02:00
|
|
|
--restore) restore_first=1;;
|
2019-01-09 22:28:21 +01:00
|
|
|
--seed|-s) shift; SEED="$1";;
|
|
|
|
|
-*)
|
|
|
|
|
echo >&2 "Unknown option: $1"
|
|
|
|
|
echo >&2 "Run $0 --help for usage."
|
|
|
|
|
exit 120
|
|
|
|
|
;;
|
2019-01-06 23:11:25 +01:00
|
|
|
*) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
|
2019-01-09 22:28:21 +01:00
|
|
|
esac
|
|
|
|
|
shift
|
2018-11-27 15:58:47 +01:00
|
|
|
done
|
2016-04-16 22:54:39 +02:00
|
|
|
|
2019-01-10 00:05:18 +01:00
|
|
|
# With no list of components, run everything.
|
2021-08-06 11:51:59 +02:00
|
|
|
if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
|
2019-01-06 23:11:25 +01:00
|
|
|
all_except=1
|
|
|
|
|
fi
|
2016-04-16 22:54:39 +02:00
|
|
|
|
2019-01-06 23:23:42 +01:00
|
|
|
# --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
|
|
|
|
|
# Ignore it if components are listed explicitly on the command line.
|
2019-01-10 00:05:18 +01:00
|
|
|
if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
|
2019-01-06 23:23:42 +01:00
|
|
|
COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
|
2016-08-31 18:33:13 +02:00
|
|
|
fi
|
|
|
|
|
|
2021-08-03 13:44:28 +02:00
|
|
|
# Error out if an explicitly requested component doesn't exist.
|
2020-03-28 21:37:59 +01:00
|
|
|
if [ $all_except -eq 0 ]; then
|
|
|
|
|
unsupported=0
|
2021-08-06 11:35:17 +02:00
|
|
|
# Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
|
|
|
|
|
# only does word splitting.
|
2021-08-03 13:43:36 +02:00
|
|
|
set -f
|
2020-03-28 21:37:59 +01:00
|
|
|
for component in $COMMAND_LINE_COMPONENTS; do
|
2021-08-03 13:43:36 +02:00
|
|
|
set +f
|
2021-08-03 13:44:28 +02:00
|
|
|
# If the requested name includes a wildcard character, don't
|
|
|
|
|
# check it. Accept wildcard patterns that don't match anything.
|
2020-03-28 21:37:59 +01:00
|
|
|
case $component in
|
|
|
|
|
*[*?\[]*) continue;;
|
|
|
|
|
esac
|
|
|
|
|
case " $SUPPORTED_COMPONENTS " in
|
|
|
|
|
*" $component "*) :;;
|
|
|
|
|
*)
|
|
|
|
|
echo >&2 "Component $component was explicitly requested, but is not known or not supported."
|
|
|
|
|
unsupported=$((unsupported + 1));;
|
|
|
|
|
esac
|
|
|
|
|
done
|
2021-08-03 13:43:36 +02:00
|
|
|
set +f
|
2020-03-28 21:37:59 +01:00
|
|
|
if [ $unsupported -ne 0 ]; then
|
|
|
|
|
exit 2
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2019-01-06 23:11:25 +01:00
|
|
|
# Build the list of components to run.
|
2019-01-10 00:05:18 +01:00
|
|
|
RUN_COMPONENTS=
|
|
|
|
|
for component in $SUPPORTED_COMPONENTS; do
|
|
|
|
|
if is_component_included "$component"; [ $? -eq $all_except ]; then
|
|
|
|
|
RUN_COMPONENTS="$RUN_COMPONENTS $component"
|
|
|
|
|
fi
|
|
|
|
|
done
|
2019-01-06 23:11:25 +01:00
|
|
|
|
|
|
|
|
unset all_except
|
2019-01-06 23:23:42 +01:00
|
|
|
unset no_armcc
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-04-16 22:54:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_check_git () {
|
|
|
|
|
if [ $FORCE -eq 1 ]; then
|
2019-01-09 23:17:35 +01:00
|
|
|
rm -rf "$OUT_OF_SOURCE_DIR"
|
2018-11-27 15:58:47 +01:00
|
|
|
git checkout-index -f -q $CONFIG_H
|
|
|
|
|
cleanup
|
|
|
|
|
else
|
2016-08-31 18:33:13 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
if [ -d "$OUT_OF_SOURCE_DIR" ]; then
|
|
|
|
|
echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
|
|
|
|
|
echo "You can either delete this directory manually, or force the test by rerunning"
|
|
|
|
|
echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2023-07-20 09:49:12 +02:00
|
|
|
if ! git diff --quiet "$CONFIG_H"; then
|
2023-07-14 13:30:00 +02:00
|
|
|
err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "You can either delete or preserve your work, or force the test by rerunning the"
|
|
|
|
|
echo "script as: $0 --force"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2016-04-16 22:54:39 +02:00
|
|
|
fi
|
2019-02-14 13:18:59 +01:00
|
|
|
}
|
|
|
|
|
|
2021-07-12 18:16:01 +02:00
|
|
|
pre_restore_files () {
|
|
|
|
|
# If the makefiles have been generated by a framework such as cmake,
|
|
|
|
|
# restore them from git. If the makefiles look like modifications from
|
|
|
|
|
# the ones checked into git, take care not to modify them. Whatever
|
|
|
|
|
# this function leaves behind is what the script will restore before
|
|
|
|
|
# each component.
|
|
|
|
|
case "$(head -n1 Makefile)" in
|
|
|
|
|
*[Gg]enerated*)
|
|
|
|
|
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
|
|
|
|
|
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-30 20:11:39 +02:00
|
|
|
pre_back_up () {
|
|
|
|
|
for x in $files_to_back_up; do
|
|
|
|
|
cp -p "$x" "$x$backup_suffix"
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_setup_keep_going () {
|
2020-03-28 18:50:43 +01:00
|
|
|
failure_count=0 # Number of failed components
|
|
|
|
|
last_failure_status=0 # Last failure status in this component
|
|
|
|
|
|
2020-03-28 19:34:23 +01:00
|
|
|
# See err_trap
|
|
|
|
|
previous_failure_status=0
|
|
|
|
|
previous_failed_command=
|
|
|
|
|
previous_failure_funcall_depth=0
|
2020-03-28 21:27:40 +01:00
|
|
|
unset report_failed_command
|
2020-03-28 19:34:23 +01:00
|
|
|
|
2017-12-11 00:01:40 +01:00
|
|
|
start_red=
|
|
|
|
|
end_color=
|
|
|
|
|
if [ -t 1 ]; then
|
2018-01-02 21:54:17 +01:00
|
|
|
case "${TERM:-}" in
|
2017-12-11 00:01:40 +01:00
|
|
|
*color*|cygwin|linux|rxvt*|screen|[Eex]term*)
|
|
|
|
|
start_red=$(printf '\033[31m')
|
|
|
|
|
end_color=$(printf '\033[0m')
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
fi
|
2020-03-28 18:50:43 +01:00
|
|
|
|
|
|
|
|
# Keep a summary of failures in a file. We'll print it out at the end.
|
|
|
|
|
failure_summary_file=$PWD/all-sh-failures-$$.log
|
|
|
|
|
: >"$failure_summary_file"
|
|
|
|
|
|
|
|
|
|
# Whether it makes sense to keep a component going after the specified
|
|
|
|
|
# command fails (test command) or not (configure or build).
|
2021-08-06 11:35:17 +02:00
|
|
|
# This function normally receives the failing simple command
|
|
|
|
|
# ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
|
|
|
|
|
# this is passed instead.
|
2020-03-28 18:50:43 +01:00
|
|
|
# This doesn't have to be 100% accurate: all failures are recorded anyway.
|
2021-08-02 23:29:53 +02:00
|
|
|
# False positives result in running things that can't be expected to
|
|
|
|
|
# work. False negatives result in things not running after something else
|
|
|
|
|
# failed even though they might have given useful feedback.
|
2020-03-28 18:50:43 +01:00
|
|
|
can_keep_going_after_failure () {
|
|
|
|
|
case "$1" in
|
|
|
|
|
"msg "*) false;;
|
2021-08-02 23:29:53 +02:00
|
|
|
"cd "*) false;;
|
2023-11-10 09:58:31 +01:00
|
|
|
"diff "*) true;;
|
2021-08-02 23:29:53 +02:00
|
|
|
*make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
|
|
|
|
|
*test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
|
|
|
|
|
*make*check*) true;;
|
|
|
|
|
"grep "*) true;;
|
|
|
|
|
"[ "*) true;;
|
|
|
|
|
"! "*) true;;
|
2020-03-28 18:50:43 +01:00
|
|
|
*) false;;
|
2017-12-11 00:01:40 +01:00
|
|
|
esac
|
|
|
|
|
}
|
2020-03-28 18:50:43 +01:00
|
|
|
|
|
|
|
|
# This function runs if there is any error in a component.
|
|
|
|
|
# It must either exit with a nonzero status, or set
|
|
|
|
|
# last_failure_status to a nonzero value.
|
|
|
|
|
err_trap () {
|
|
|
|
|
# Save $? (status of the failing command). This must be the very
|
|
|
|
|
# first thing, before $? is overridden.
|
|
|
|
|
last_failure_status=$?
|
2020-03-28 21:27:40 +01:00
|
|
|
failed_command=${report_failed_command-$BASH_COMMAND}
|
2020-03-28 18:50:43 +01:00
|
|
|
|
2020-03-28 19:34:23 +01:00
|
|
|
if [[ $last_failure_status -eq $previous_failure_status &&
|
|
|
|
|
"$failed_command" == "$previous_failed_command" &&
|
|
|
|
|
${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
|
|
|
|
|
then
|
|
|
|
|
# The same command failed twice in a row, but this time one level
|
|
|
|
|
# less deep in the function call stack. This happens when the last
|
|
|
|
|
# command of a function returns a nonzero status, and the function
|
|
|
|
|
# returns that same status. Ignore the second failure.
|
|
|
|
|
previous_failure_funcall_depth=${#FUNCNAME[@]}
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
previous_failure_status=$last_failure_status
|
|
|
|
|
previous_failed_command=$failed_command
|
|
|
|
|
previous_failure_funcall_depth=${#FUNCNAME[@]}
|
|
|
|
|
|
2020-03-28 18:50:43 +01:00
|
|
|
text="$current_section: $failed_command -> $last_failure_status"
|
|
|
|
|
echo "${start_red}^^^^$text^^^^${end_color}" >&2
|
|
|
|
|
echo "$text" >>"$failure_summary_file"
|
|
|
|
|
|
|
|
|
|
# If the command is fatal (configure or build command), stop this
|
|
|
|
|
# component. Otherwise (test command) keep the component running
|
|
|
|
|
# (run more tests from the same build).
|
|
|
|
|
if ! can_keep_going_after_failure "$failed_command"; then
|
|
|
|
|
exit $last_failure_status
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-11 00:01:40 +01:00
|
|
|
final_report () {
|
|
|
|
|
if [ $failure_count -gt 0 ]; then
|
|
|
|
|
echo
|
|
|
|
|
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
2020-03-28 18:50:43 +01:00
|
|
|
echo "${start_red}FAILED: $failure_count components${end_color}"
|
|
|
|
|
cat "$failure_summary_file"
|
2017-12-11 00:01:40 +01:00
|
|
|
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
|
|
|
elif [ -z "${1-}" ]; then
|
|
|
|
|
echo "SUCCESS :)"
|
|
|
|
|
fi
|
|
|
|
|
if [ -n "${1-}" ]; then
|
|
|
|
|
echo "Killed by SIG$1."
|
|
|
|
|
fi
|
2020-03-28 18:50:43 +01:00
|
|
|
rm -f "$failure_summary_file"
|
|
|
|
|
if [ $failure_count -gt 0 ]; then
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2017-12-11 00:01:40 +01:00
|
|
|
}
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
|
|
|
|
|
2021-07-08 18:41:16 +02:00
|
|
|
# record_status() and if_build_succeeded() are kept temporarily for backward
|
|
|
|
|
# compatibility. Don't use them in new components.
|
2020-03-28 18:50:43 +01:00
|
|
|
record_status () {
|
|
|
|
|
"$@"
|
2017-12-11 00:01:40 +01:00
|
|
|
}
|
|
|
|
|
if_build_succeeded () {
|
2020-03-28 18:50:43 +01:00
|
|
|
"$@"
|
2018-06-07 10:51:44 +02:00
|
|
|
}
|
|
|
|
|
|
2020-03-28 21:27:40 +01:00
|
|
|
# '! true' does not trigger the ERR trap. Arrange to trigger it, with
|
|
|
|
|
# a reasonably informative error message (not just "$@").
|
|
|
|
|
not () {
|
|
|
|
|
if "$@"; then
|
|
|
|
|
report_failed_command="! $*"
|
|
|
|
|
false
|
|
|
|
|
unset report_failed_command
|
2020-06-02 11:28:07 +02:00
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-16 15:55:46 +02:00
|
|
|
pre_prepare_outcome_file () {
|
|
|
|
|
case "$MBEDTLS_TEST_OUTCOME_FILE" in
|
|
|
|
|
[!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
|
|
|
|
|
esac
|
|
|
|
|
if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
|
|
|
|
|
rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_print_configuration () {
|
2020-06-02 11:28:07 +02:00
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "info: $0 configuration"
|
|
|
|
|
echo "MEMORY: $MEMORY"
|
|
|
|
|
echo "FORCE: $FORCE"
|
2019-09-16 15:55:46 +02:00
|
|
|
echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "SEED: ${SEED-"UNSET"}"
|
2020-03-04 20:46:15 +01:00
|
|
|
echo
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "OPENSSL: $OPENSSL"
|
|
|
|
|
echo "OPENSSL_NEXT: $OPENSSL_NEXT"
|
|
|
|
|
echo "GNUTLS_CLI: $GNUTLS_CLI"
|
|
|
|
|
echo "GNUTLS_SERV: $GNUTLS_SERV"
|
|
|
|
|
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
|
|
|
|
|
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
|
|
|
|
|
}
|
2016-10-10 16:46:20 +02:00
|
|
|
|
2016-08-26 15:42:14 +02:00
|
|
|
# Make sure the tools we need are available.
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_check_tools () {
|
2019-01-06 23:46:21 +01:00
|
|
|
# Build the list of variables to pass to output_env.sh.
|
|
|
|
|
set env
|
|
|
|
|
|
2019-01-06 23:40:00 +01:00
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
|
# Require OpenSSL and GnuTLS if running any tests (as opposed to
|
|
|
|
|
# only doing builds). Not all tests run OpenSSL and GnuTLS, but this
|
|
|
|
|
# is a good enough approximation in practice.
|
|
|
|
|
*" test_"*)
|
|
|
|
|
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh
|
|
|
|
|
# and ssl-opt.sh, we just export the variables they require.
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
export OPENSSL="$OPENSSL"
|
2019-01-06 23:40:00 +01:00
|
|
|
export GNUTLS_CLI="$GNUTLS_CLI"
|
|
|
|
|
export GNUTLS_SERV="$GNUTLS_SERV"
|
|
|
|
|
# Avoid passing --seed flag in every call to ssl-opt.sh
|
|
|
|
|
if [ -n "${SEED-}" ]; then
|
|
|
|
|
export SEED
|
|
|
|
|
fi
|
2023-08-27 21:39:21 +02:00
|
|
|
set "$@" OPENSSL="$OPENSSL"
|
2019-01-06 23:46:21 +01:00
|
|
|
set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
|
2023-08-27 21:39:21 +02:00
|
|
|
check_tools "$OPENSSL" "$OPENSSL_NEXT" \
|
|
|
|
|
"$GNUTLS_CLI" "$GNUTLS_SERV"
|
2019-01-06 23:40:00 +01:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
|
*_doxygen[_\ ]*) check_tools "doxygen" "dot";;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
2020-04-30 18:19:32 +02:00
|
|
|
*_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
|
2019-01-06 23:40:00 +01:00
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
|
*_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case " $RUN_COMPONENTS " in
|
|
|
|
|
*" test_zeroize "*) check_tools "gdb";;
|
|
|
|
|
esac
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2019-01-06 23:40:00 +01:00
|
|
|
case " $RUN_COMPONENTS " in
|
2019-01-06 23:23:42 +01:00
|
|
|
*_armcc*)
|
2019-01-06 23:40:00 +01:00
|
|
|
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
|
|
|
|
|
ARMC5_AR="$ARMC5_BIN_DIR/armar"
|
2020-04-30 23:11:54 +02:00
|
|
|
ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
|
2019-01-06 23:40:00 +01:00
|
|
|
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
|
|
|
|
|
ARMC6_AR="$ARMC6_BIN_DIR/armar"
|
2020-04-30 23:11:54 +02:00
|
|
|
ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
|
|
|
|
|
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
|
|
|
|
|
"$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
|
2019-01-06 23:23:42 +01:00
|
|
|
esac
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2020-06-02 11:28:07 +02:00
|
|
|
# past this point, no call to check_tool, only printing output
|
|
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2019-01-06 23:46:21 +01:00
|
|
|
msg "info: output_env.sh"
|
|
|
|
|
case $RUN_COMPONENTS in
|
|
|
|
|
*_armcc*)
|
|
|
|
|
set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
|
|
|
|
|
*) set "$@" RUN_ARMCC=0;;
|
|
|
|
|
esac
|
|
|
|
|
"$@" scripts/output_env.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2021-04-22 01:10:12 +02:00
|
|
|
pre_generate_files() {
|
2021-06-18 13:30:14 +02:00
|
|
|
# since make doesn't have proper dependencies, remove any possibly outdate
|
|
|
|
|
# file that might be around before generating fresh ones
|
|
|
|
|
make neat
|
2021-07-08 19:07:07 +02:00
|
|
|
if [ $QUIET -eq 1 ]; then
|
2021-08-05 15:10:47 +02:00
|
|
|
make generated_files >/dev/null
|
2021-07-08 19:07:07 +02:00
|
|
|
else
|
|
|
|
|
make generated_files
|
|
|
|
|
fi
|
2021-04-22 01:10:12 +02:00
|
|
|
}
|
|
|
|
|
|
2023-05-25 09:39:08 +02:00
|
|
|
################################################################
|
|
|
|
|
#### Helpers for components using libtestdriver1
|
|
|
|
|
################################################################
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2023-06-06 11:14:57 +02:00
|
|
|
# How to use libtestdriver1
|
|
|
|
|
# -------------------------
|
|
|
|
|
#
|
|
|
|
|
# 1. Define the list algorithms and key types to accelerate,
|
|
|
|
|
# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
|
|
|
|
|
# Examples:
|
|
|
|
|
# - loc_accel_list="ALG_JPAKE"
|
|
|
|
|
# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# 2. Make configurations changes for the driver and/or main libraries.
|
|
|
|
|
# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
|
|
|
|
|
# can be either "default" to start with the default config, or a name
|
|
|
|
|
# supported by scripts/config.py (for example, "full"). This selects
|
2023-06-12 17:17:54 +02:00
|
|
|
# the base to use, and makes common adjustments.
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
|
|
|
|
|
# These changes affect both the driver and the main libraries.
|
|
|
|
|
# (Note: they need to have the same set of PSA_WANT symbols, as that
|
|
|
|
|
# determines the ABI between them.)
|
|
|
|
|
# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
|
|
|
|
|
# main libraries. Typically, you want to disable the module(s) that are
|
|
|
|
|
# being accelerated. You may need to also disable modules that depend
|
|
|
|
|
# on them or options that are not supported with drivers.
|
|
|
|
|
# 2d. On top of psa/crypto_config.h, the driver library uses its own config
|
|
|
|
|
# file: tests/include/test/drivers/config_test_driver.h. You usually
|
|
|
|
|
# don't need to edit it: using loc_extra_list (see below) is preferred.
|
|
|
|
|
# However, when there's no PSA symbol for what you want to enable,
|
|
|
|
|
# calling scripts/config.py on this file remains the only option.
|
|
|
|
|
# 3. Build the driver library, then the main libraries, test, and programs.
|
|
|
|
|
# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
|
|
|
|
|
# need to enable more algorithms here, typically hash algorithms when
|
|
|
|
|
# accelerating some signature algorithms (ECDSA, RSAv2). This is done
|
|
|
|
|
# by passing a 2nd argument listing the extra algorithms.
|
|
|
|
|
# Example:
|
|
|
|
|
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
|
|
|
|
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2023-10-11 07:27:25 +02:00
|
|
|
# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# additional arguments will be passed to make: this can be useful if
|
|
|
|
|
# you don't want to build everything when iterating during development.
|
|
|
|
|
# Example:
|
|
|
|
|
# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
|
|
|
|
|
# 4. Run the tests you want.
|
2023-06-06 11:14:57 +02:00
|
|
|
|
2023-05-25 09:39:08 +02:00
|
|
|
# Adjust the configuration - for both libtestdriver1 and main library,
|
|
|
|
|
# as they should have the same PSA_WANT macros.
|
|
|
|
|
helper_libtestdriver1_adjust_config() {
|
2023-09-28 09:08:04 +02:00
|
|
|
base_config=$1
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Select the base configuration
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$base_config" != "default" ]; then
|
|
|
|
|
scripts/config.py "$base_config"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
fi
|
2017-12-21 15:59:21 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Enable PSA-based config (necessary to use drivers)
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
|
2023-06-12 17:17:54 +02:00
|
|
|
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
|
|
|
|
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
2023-05-25 09:39:08 +02:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2023-08-15 17:10:47 +02:00
|
|
|
# When called with no parameter this function disables all builtin curves.
|
2023-09-04 14:01:41 +02:00
|
|
|
# The function optionally accepts 1 parameter: a space-separated list of the
|
|
|
|
|
# curves that should be kept enabled.
|
2023-08-15 17:10:47 +02:00
|
|
|
helper_disable_builtin_curves() {
|
|
|
|
|
allowed_list="${1:-}"
|
|
|
|
|
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
|
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
for curve in $allowed_list; do
|
|
|
|
|
scripts/config.py set $curve
|
2023-08-15 17:10:47 +02:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
|
|
|
|
|
# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
|
|
|
|
|
# in the following helpers.
|
|
|
|
|
helper_get_psa_curve_list () {
|
|
|
|
|
loc_list=""
|
2023-09-28 09:08:04 +02:00
|
|
|
for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
|
|
|
|
loc_list="$loc_list $item"
|
2023-08-15 17:10:47 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo "$loc_list"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
|
2023-09-01 09:12:31 +02:00
|
|
|
# is useful to easily get a list of key type symbols to accelerate.
|
2023-08-15 17:10:47 +02:00
|
|
|
# The function accepts a single argument which is the key type: ECC, DH, RSA.
|
2023-09-01 09:12:31 +02:00
|
|
|
helper_get_psa_key_type_list() {
|
2023-09-28 09:08:04 +02:00
|
|
|
key_type="$1"
|
2023-08-15 17:10:47 +02:00
|
|
|
loc_list=""
|
2023-09-28 09:08:04 +02:00
|
|
|
for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
|
2023-08-15 17:10:47 +02:00
|
|
|
# Skip DERIVE for elliptic keys since there is no driver dispatch for
|
|
|
|
|
# it so it cannot be accelerated.
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
|
|
|
|
|
loc_list="$loc_list $item"
|
2023-08-15 17:10:47 +02:00
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo "$loc_list"
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
# Build the drivers library libtestdriver1.a (with ASan).
|
2023-05-25 10:07:31 +02:00
|
|
|
#
|
|
|
|
|
# Parameters:
|
|
|
|
|
# 1. a space-separated list of things to accelerate;
|
|
|
|
|
# 2. optional: a space-separate list of things to also support.
|
|
|
|
|
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
|
|
|
|
|
helper_libtestdriver1_make_drivers() {
|
|
|
|
|
loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
2023-05-25 10:07:31 +02:00
|
|
|
}
|
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
# Build the main libraries, programs and tests,
|
|
|
|
|
# linking to the drivers library (with ASan).
|
|
|
|
|
#
|
|
|
|
|
# Parameters:
|
|
|
|
|
# 1. a space-separated list of things to accelerate;
|
|
|
|
|
# *. remaining arguments if any are passed directly to make
|
|
|
|
|
# (examples: lib, -C tests test_suite_xxx, etc.)
|
|
|
|
|
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
|
|
|
|
|
helper_libtestdriver1_make_main() {
|
|
|
|
|
loc_accel_list=$1
|
|
|
|
|
shift
|
|
|
|
|
|
|
|
|
|
# we need flags both with and without the LIBTESTDRIVER1_ prefix
|
|
|
|
|
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
|
|
|
|
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
|
2023-05-25 10:39:23 +02:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
|
#### Basic checks
|
|
|
|
|
################################################################
|
2016-08-26 15:42:14 +02:00
|
|
|
|
2016-04-16 22:54:39 +02:00
|
|
|
#
|
|
|
|
|
# Test Suites to be executed
|
|
|
|
|
#
|
2014-06-09 11:21:49 +02:00
|
|
|
# The test ordering tries to optimize for the following criteria:
|
2014-11-20 13:48:53 +01:00
|
|
|
# 1. Catch possible problems early, by running first tests that run quickly
|
2014-08-14 11:29:06 +02:00
|
|
|
# and/or are more likely to fail than others (eg I use Clang most of the
|
|
|
|
|
# time, so start with a GCC build).
|
2014-06-09 11:21:49 +02:00
|
|
|
# 2. Minimize total running time, by avoiding useless rebuilds
|
|
|
|
|
#
|
|
|
|
|
# Indicative running times are given for reference.
|
2014-03-27 14:44:04 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_recursion () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: recursion.pl" # < 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/recursion.pl library/*.c
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2021-05-18 16:09:50 +02:00
|
|
|
component_check_generated_files () {
|
|
|
|
|
msg "Check: check-generated-files, files generated with make" # 2s
|
|
|
|
|
make generated_files
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh
|
2021-05-18 16:09:50 +02:00
|
|
|
|
|
|
|
|
msg "Check: check-generated-files -u, files present" # 2s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh -u
|
2021-05-18 16:09:50 +02:00
|
|
|
# Check that the generated files are considered up to date.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh
|
2021-05-18 16:09:50 +02:00
|
|
|
|
|
|
|
|
msg "Check: check-generated-files -u, files absent" # 2s
|
|
|
|
|
command make neat
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh -u
|
2021-05-18 16:09:50 +02:00
|
|
|
# Check that the generated files are considered up to date.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-generated-files.sh
|
2021-05-18 16:09:50 +02:00
|
|
|
|
|
|
|
|
# This component ends with the generated files present in the source tree.
|
|
|
|
|
# This is necessary for subsequent components!
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_doxy_blocks () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: doxygen markup outside doxygen blocks" # < 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-doxy-blocks.pl
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-04-09 17:19:23 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_files () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: file sanity checks (permissions, encodings)" # < 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check_files.py
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-03-13 17:48:16 +01:00
|
|
|
|
2020-05-10 17:40:49 +02:00
|
|
|
component_check_changelog () {
|
|
|
|
|
msg "Check: changelog entries" # < 1s
|
|
|
|
|
rm -f ChangeLog.new
|
2021-07-08 18:41:16 +02:00
|
|
|
scripts/assemble_changelog.py -o ChangeLog.new
|
2020-05-10 17:40:49 +02:00
|
|
|
if [ -e ChangeLog.new ]; then
|
|
|
|
|
# Show the diff for information. It isn't an error if the diff is
|
|
|
|
|
# non-empty.
|
|
|
|
|
diff -u ChangeLog ChangeLog.new || true
|
|
|
|
|
rm ChangeLog.new
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_names () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: declared and exported names (builds the library)" # < 3s
|
2021-09-24 19:02:56 +02:00
|
|
|
tests/scripts/check_names.py -v
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-04-09 11:09:03 +02:00
|
|
|
|
2019-09-19 21:30:05 +02:00
|
|
|
component_check_test_cases () {
|
|
|
|
|
msg "Check: test case descriptions" # < 1s
|
2020-06-02 11:51:40 +02:00
|
|
|
if [ $QUIET -eq 1 ]; then
|
2020-06-08 10:59:41 +02:00
|
|
|
opt='--quiet'
|
2020-06-02 11:51:40 +02:00
|
|
|
else
|
2020-06-08 10:59:41 +02:00
|
|
|
opt=''
|
2020-06-02 11:51:40 +02:00
|
|
|
fi
|
2022-12-15 14:46:31 +01:00
|
|
|
tests/scripts/check_test_cases.py -q $opt
|
2020-06-08 10:59:41 +02:00
|
|
|
unset opt
|
2019-09-19 21:30:05 +02:00
|
|
|
}
|
|
|
|
|
|
2023-11-08 12:54:02 +01:00
|
|
|
component_check_test_dependencies () {
|
|
|
|
|
msg "Check: test case dependencies: legacy vs PSA" # < 1s
|
2023-11-10 10:16:06 +01:00
|
|
|
# The purpose of this component is to catch unjustified dependencies on
|
|
|
|
|
# legacy feature macros (MBEDTLS_xxx) in PSA tests. Generally speaking,
|
|
|
|
|
# PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely
|
|
|
|
|
# MBEDTLS_PSA_xxx).
|
|
|
|
|
#
|
|
|
|
|
# Most of the time, use of legacy MBEDTLS_xxx macros are mistakes, which
|
|
|
|
|
# this component is meant to catch. However a few of them are justified,
|
|
|
|
|
# mostly by the absence of a PSA equivalent, so this component includes a
|
|
|
|
|
# list of expected exceptions.
|
2023-11-08 12:54:02 +01:00
|
|
|
|
|
|
|
|
found="check-test-deps-found-$$"
|
|
|
|
|
expected="check-test-deps-expected-$$"
|
|
|
|
|
|
|
|
|
|
# Find legacy dependencies in PSA tests
|
2023-11-10 10:04:22 +01:00
|
|
|
grep 'depends_on' \
|
|
|
|
|
tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function |
|
2023-11-08 12:54:02 +01:00
|
|
|
grep -Eo '!?MBEDTLS_[^: ]*' |
|
|
|
|
|
grep -v MBEDTLS_PSA_ |
|
2023-11-23 14:29:56 +01:00
|
|
|
sort -u > $found
|
2023-11-08 12:54:02 +01:00
|
|
|
|
2023-11-23 14:29:56 +01:00
|
|
|
# Expected ones with justification - keep in sorted order by ASCII table!
|
2023-11-08 12:54:02 +01:00
|
|
|
rm -f $expected
|
|
|
|
|
# No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
|
|
|
|
|
echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected
|
2023-11-23 14:29:56 +01:00
|
|
|
# No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
|
|
|
|
|
echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected
|
2023-11-08 12:54:02 +01:00
|
|
|
# This is used by import_rsa_made_up() in test_suite_psa_crypto in order
|
|
|
|
|
# to build a fake RSA key of the wanted size based on
|
|
|
|
|
# PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by
|
|
|
|
|
# the test code and that's probably the most convenient way of achieving
|
|
|
|
|
# the test's goal.
|
|
|
|
|
echo "MBEDTLS_ASN1_WRITE_C" >> $expected
|
|
|
|
|
# No PSA equivalent - we should probably have one in the future.
|
|
|
|
|
echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
|
|
|
|
|
# No PSA equivalent - needed by some init tests
|
|
|
|
|
echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected
|
|
|
|
|
# Used by two tests that are about an extension to the PSA standard;
|
|
|
|
|
# as such, no PSA equivalent.
|
|
|
|
|
echo "MBEDTLS_PEM_PARSE_C" >> $expected
|
|
|
|
|
|
|
|
|
|
# Compare reality with expectation.
|
|
|
|
|
# We want an exact match, to ensure the above list remains up-to-date.
|
2023-11-10 10:16:06 +01:00
|
|
|
#
|
|
|
|
|
# The output should be empty. When it's not:
|
|
|
|
|
# - Each '+' line is a macro that was found but not expected. You want to
|
|
|
|
|
# find where that macro occurs, and either replace it with PSA macros, or
|
|
|
|
|
# add it to the exceptions list above with a justification.
|
|
|
|
|
# - Each '-' line is a macro that was expected but not found; it means the
|
|
|
|
|
# exceptions list above should be updated by removing that macro.
|
2023-11-08 12:54:02 +01:00
|
|
|
diff -U0 $expected $found
|
|
|
|
|
|
|
|
|
|
rm $found $expected
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_doxygen_warnings () {
|
2019-09-19 21:29:11 +02:00
|
|
|
msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/doxygen.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2016-01-04 16:49:09 +01:00
|
|
|
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
|
2017-12-21 15:59:21 +01:00
|
|
|
################################################################
|
|
|
|
|
#### Build and test many configurations and targets
|
|
|
|
|
################################################################
|
|
|
|
|
|
2019-04-08 17:00:15 +02:00
|
|
|
component_test_default_out_of_box () {
|
|
|
|
|
msg "build: make, default config (out-of-box)" # ~1min
|
|
|
|
|
make
|
2019-09-16 15:55:46 +02:00
|
|
|
# Disable fancy stuff
|
|
|
|
|
unset MBEDTLS_TEST_OUTCOME_FILE
|
2019-04-08 17:00:15 +02:00
|
|
|
|
|
|
|
|
msg "test: main suites make, default config (out-of-box)" # ~10s
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "selftest: make, default config (out-of-box)" # ~10s
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest
|
2019-06-14 18:27:03 +02:00
|
|
|
|
|
|
|
|
msg "program demos: make, default config (out-of-box)" # ~10s
|
|
|
|
|
tests/scripts/run_demos.py
|
2019-04-08 17:00:15 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_default_cmake_gcc_asan () {
|
|
|
|
|
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
|
make
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2019-06-14 18:27:03 +02:00
|
|
|
msg "program demos (ASan build)" # ~10s
|
|
|
|
|
tests/scripts/run_demos.py
|
|
|
|
|
|
2020-04-23 23:37:45 +02:00
|
|
|
msg "test: selftest (ASan build)" # ~ 10s
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest
|
2020-04-23 23:37:45 +02:00
|
|
|
|
2023-11-02 19:58:03 +01:00
|
|
|
msg "test: metatests (GCC, ASan build)"
|
|
|
|
|
tests/scripts/run-metatests.sh any asan
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: compat.sh (ASan build)" # ~ 6 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
|
msg "test: context-info.sh (ASan build)" # ~ 15 sec
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2023-06-06 17:22:25 +02:00
|
|
|
component_test_default_cmake_gcc_asan_new_bignum () {
|
|
|
|
|
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
|
2023-07-31 11:57:16 +02:00
|
|
|
scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
|
2023-06-06 17:22:25 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2023-07-27 13:25:05 +02:00
|
|
|
make
|
2023-06-06 17:22:25 +02:00
|
|
|
|
|
|
|
|
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: selftest (ASan build)" # ~ 10s
|
|
|
|
|
programs/test/selftest
|
|
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
|
|
|
|
|
msg "test: compat.sh (ASan build)" # ~ 6 min
|
|
|
|
|
tests/compat.sh
|
|
|
|
|
|
|
|
|
|
msg "test: context-info.sh (ASan build)" # ~ 15 sec
|
|
|
|
|
tests/context-info.sh
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-26 15:27:09 +01:00
|
|
|
component_test_full_cmake_gcc_asan () {
|
|
|
|
|
msg "build: full config, cmake, gcc, ASan"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2019-02-26 15:27:09 +01:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: main suites (inc. selftests) (full config, ASan build)"
|
|
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
2020-04-23 23:37:45 +02:00
|
|
|
msg "test: selftest (ASan build)" # ~ 10s
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest
|
2020-04-23 23:37:45 +02:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
msg "test: ssl-opt.sh (full config, ASan build)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
|
msg "test: compat.sh (full config, ASan build)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
|
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2019-02-26 15:27:09 +01:00
|
|
|
}
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2023-06-06 17:22:25 +02:00
|
|
|
|
|
|
|
|
component_test_full_cmake_gcc_asan_new_bignum () {
|
|
|
|
|
msg "build: full config, cmake, gcc, ASan"
|
|
|
|
|
scripts/config.py full
|
2023-07-31 11:57:16 +02:00
|
|
|
scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
|
2023-06-06 17:22:25 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2023-07-27 13:25:05 +02:00
|
|
|
make
|
2023-06-06 17:22:25 +02:00
|
|
|
|
|
|
|
|
msg "test: main suites (inc. selftests) (full config, ASan build)"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: selftest (ASan build)" # ~ 10s
|
|
|
|
|
programs/test/selftest
|
|
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh (full config, ASan build)"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
|
|
|
|
|
msg "test: compat.sh (full config, ASan build)"
|
|
|
|
|
tests/compat.sh
|
|
|
|
|
|
|
|
|
|
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
|
|
|
|
|
tests/context-info.sh
|
2023-07-05 16:38:42 +02:00
|
|
|
}
|
|
|
|
|
|
2020-10-29 10:51:32 +01:00
|
|
|
component_test_psa_crypto_key_id_encodes_owner () {
|
2022-01-03 12:53:24 +01:00
|
|
|
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
|
2020-10-29 10:51:32 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-17 11:37:52 +02:00
|
|
|
# check_renamed_symbols HEADER LIB
|
|
|
|
|
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
|
|
|
|
|
# name is LIB.
|
|
|
|
|
check_renamed_symbols () {
|
|
|
|
|
! nm "$2" | sed 's/.* //' |
|
|
|
|
|
grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-15 18:37:38 +02:00
|
|
|
component_build_psa_crypto_spm () {
|
2022-01-03 12:53:24 +01:00
|
|
|
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
|
2021-06-15 18:37:38 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
|
|
|
|
|
# We can only compile, not link, since our test and sample programs
|
|
|
|
|
# aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
|
|
|
|
|
# is active.
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
|
2021-06-17 11:37:52 +02:00
|
|
|
|
|
|
|
|
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
|
|
|
|
|
# version is not present.
|
|
|
|
|
echo "Checking for renamed symbols in the library"
|
2021-07-08 18:41:16 +02:00
|
|
|
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
|
2021-06-15 18:37:38 +02:00
|
|
|
}
|
|
|
|
|
|
2021-01-28 17:54:24 +01:00
|
|
|
component_test_psa_crypto_client () {
|
|
|
|
|
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
2022-09-28 18:11:42 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2021-01-28 17:54:24 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.
Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.
Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.
It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.
Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
psa_crypto_rsa.c.obj: in function `rsa_generate_key':
psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'
Fixes #4512
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-14 09:34:32 +02:00
|
|
|
component_test_psa_crypto_rsa_no_genprime() {
|
|
|
|
|
msg "build: default config minus MBEDTLS_GENPRIME"
|
|
|
|
|
scripts/config.py unset MBEDTLS_GENPRIME
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: default config minus MBEDTLS_GENPRIME"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_ref_configs () {
|
|
|
|
|
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
2021-09-09 11:46:25 +02:00
|
|
|
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
|
|
|
|
# want to re-generate generated files that depend on it, quite correctly.
|
|
|
|
|
# However this doesn't work as the generation script expects a specific
|
|
|
|
|
# format for mbedtls_config.h, which the other files don't follow. Also,
|
|
|
|
|
# cmake can't know this, but re-generation is actually not necessary as
|
2021-10-20 13:29:47 +02:00
|
|
|
# the generated files only depend on the list of available options, not
|
2021-09-09 11:46:25 +02:00
|
|
|
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
|
|
|
|
# dependency resolution for generated files and just rely on them being
|
2021-10-20 18:14:23 +02:00
|
|
|
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/test-ref-configs.pl
|
2018-11-27 16:11:09 +01:00
|
|
|
}
|
2014-06-09 11:21:49 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_renegotiation () {
|
|
|
|
|
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2016-03-08 00:22:10 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
2017-10-12 16:29:50 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-10-12 16:29:50 +02:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_no_pem_no_fs () {
|
|
|
|
|
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
|
|
|
|
|
scripts/config.py unset MBEDTLS_PEM_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_FS_IO
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2020-03-04 20:46:15 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2020-03-04 20:46:15 +01:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_rsa_no_crt () {
|
|
|
|
|
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_RSA_NO_CRT
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2016-03-08 00:22:10 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f RSA
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh -t RSA
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
|
msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_no_ctr_drbg_classic () {
|
|
|
|
|
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
|
2020-05-28 12:55:10 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-05-28 12:55:10 +02:00
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2020-05-28 12:55:10 +02:00
|
|
|
make
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus CTR_DRBG, classic crypto - main suites"
|
2020-05-28 12:55:10 +02:00
|
|
|
make test
|
|
|
|
|
|
2021-01-13 20:02:03 +01:00
|
|
|
# In this configuration, the TLS test programs use HMAC_DRBG.
|
|
|
|
|
# The SSL tests are slow, so run a small subset, just enough to get
|
|
|
|
|
# confidence that the SSL code copes with HMAC_DRBG.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
2021-01-13 20:02:03 +01:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
|
2020-06-05 09:29:51 +02:00
|
|
|
}
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_no_ctr_drbg_use_psa () {
|
|
|
|
|
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2021-02-03 14:56:51 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
# In this configuration, the TLS test programs use HMAC_DRBG.
|
|
|
|
|
# The SSL tests are slow, so run a small subset, just enough to get
|
|
|
|
|
# confidence that the SSL code copes with HMAC_DRBG.
|
|
|
|
|
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
2021-02-03 14:56:51 +01:00
|
|
|
|
|
|
|
|
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
|
2021-02-03 14:56:51 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_no_hmac_drbg_classic () {
|
|
|
|
|
msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
|
2020-06-05 09:29:51 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-06-05 09:29:51 +02:00
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2020-06-05 09:29:51 +02:00
|
|
|
make
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
|
2020-06-05 09:29:51 +02:00
|
|
|
make test
|
|
|
|
|
|
2020-11-19 22:14:34 +01:00
|
|
|
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
|
|
|
|
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
|
|
|
|
# instead.
|
|
|
|
|
# Test SSL with non-deterministic ECDSA. Only test features that
|
|
|
|
|
# might be affected by how ECDSA signature is performed.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
2020-11-19 22:14:34 +01:00
|
|
|
|
|
|
|
|
# To save time, only test one protocol version, since this part of
|
|
|
|
|
# the protocol is identical in (D)TLS up to 1.2.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA'
|
2020-05-28 12:55:10 +02:00
|
|
|
}
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_no_hmac_drbg_use_psa () {
|
|
|
|
|
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
|
2020-06-05 09:29:51 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2020-06-05 09:29:51 +02:00
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2020-06-05 09:29:51 +02:00
|
|
|
make
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
|
2020-06-05 09:29:51 +02:00
|
|
|
make test
|
|
|
|
|
|
2020-11-19 22:14:34 +01:00
|
|
|
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
|
|
|
|
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
|
|
|
|
# instead.
|
|
|
|
|
# Test SSL with non-deterministic ECDSA. Only test features that
|
|
|
|
|
# might be affected by how ECDSA signature is performed.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
2020-11-19 22:14:34 +01:00
|
|
|
|
|
|
|
|
# To save time, only test one protocol version, since this part of
|
|
|
|
|
# the protocol is identical in (D)TLS up to 1.2.
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
|
2021-12-02 09:43:35 +01:00
|
|
|
tests/compat.sh -m tls12 -t 'ECDSA'
|
2020-05-28 12:55:10 +02:00
|
|
|
}
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_psa_external_rng_no_drbg_classic () {
|
|
|
|
|
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py full
|
2021-02-03 14:56:51 +01:00
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
2021-02-08 21:02:53 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2021-02-03 20:07:11 +01:00
|
|
|
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
|
|
|
|
|
# the SSL test programs don't have an RNG and can't work. Explicitly
|
|
|
|
|
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-23 17:39:04 +01:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
|
2020-11-23 17:39:04 +01:00
|
|
|
make test
|
|
|
|
|
|
2021-02-03 20:07:11 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default'
|
2020-11-23 17:39:04 +01:00
|
|
|
}
|
|
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
component_test_psa_external_rng_no_drbg_use_psa () {
|
|
|
|
|
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
2021-02-08 21:02:53 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2020-11-23 17:39:04 +01:00
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-23 17:39:04 +01:00
|
|
|
|
2021-02-03 14:56:51 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
|
2020-11-23 17:39:04 +01:00
|
|
|
make test
|
|
|
|
|
|
2021-02-03 20:07:11 +01:00
|
|
|
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|opaque'
|
2020-11-23 17:39:04 +01:00
|
|
|
}
|
|
|
|
|
|
2023-04-28 19:25:25 +02:00
|
|
|
component_test_psa_external_rng_use_psa_crypto () {
|
|
|
|
|
msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2023-04-28 19:25:25 +02:00
|
|
|
|
|
|
|
|
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
|
|
|
|
tests/ssl-opt.sh -f 'Default\|opaque'
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-28 21:04:28 +02:00
|
|
|
component_test_psa_inject_entropy () {
|
|
|
|
|
msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
|
|
|
|
|
scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
|
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
|
|
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
|
2023-04-28 21:04:28 +02:00
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-12 16:34:50 +02:00
|
|
|
component_test_sw_inet_pton () {
|
|
|
|
|
msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
|
|
|
|
|
|
|
|
|
|
# MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton
|
|
|
|
|
scripts/config.py set MBEDTLS_TEST_HOOKS
|
|
|
|
|
make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
|
|
|
|
|
|
|
|
|
|
msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-16 19:07:31 +01:00
|
|
|
component_test_crypto_full_md_light_only () {
|
|
|
|
|
msg "build: crypto_full with only the light subset of MD"
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
scripts/config.py crypto_full
|
2023-07-20 20:11:51 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
2023-02-16 19:07:31 +01:00
|
|
|
# Disable MD
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
scripts/config.py unset MBEDTLS_MD_C
|
2023-03-16 11:39:20 +01:00
|
|
|
# Disable direct dependencies of MD_C
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HKDF_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
2022-11-09 17:36:10 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2023-03-16 11:39:20 +01:00
|
|
|
# Disable indirect dependencies of MD_C
|
2023-02-16 19:07:31 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
|
2023-03-16 11:39:20 +01:00
|
|
|
# Disable things that would auto-enable MD_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
|
|
|
|
|
2023-03-14 10:11:20 +01:00
|
|
|
# Note: MD-light is auto-enabled in build_info.h by modules that need it,
|
|
|
|
|
# which we haven't disabled, so no need to explicitly enable it.
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2023-02-16 19:07:31 +01:00
|
|
|
|
2023-02-23 13:02:13 +01:00
|
|
|
# Make sure we don't have the HMAC functions, but the hashing functions
|
2023-02-16 19:07:31 +01:00
|
|
|
not grep mbedtls_md_hmac library/md.o
|
2023-02-23 13:02:13 +01:00
|
|
|
grep mbedtls_md library/md.o
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
|
2023-02-16 19:07:31 +01:00
|
|
|
msg "test: crypto_full with only the light subset of MD"
|
all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 15:44:18 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
component_test_full_no_cipher () {
|
2023-10-23 14:14:19 +02:00
|
|
|
msg "build: full no CIPHER no PSA_CRYPTO_C"
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
2023-08-09 19:48:42 +02:00
|
|
|
# Don't pull in cipher via PSA mechanisms
|
|
|
|
|
# (currently ignored anyway because we completely disable PSA)
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
2023-10-24 11:51:58 +02:00
|
|
|
# Disable features that depend on CIPHER_C
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2023-10-24 11:51:58 +02:00
|
|
|
# Disable features that depend on PSA_CRYPTO_C
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-09-28 10:32:48 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
2022-09-28 13:00:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
|
2023-10-23 14:14:19 +02:00
|
|
|
msg "test: full no CIPHER no PSA_CRYPTO_C"
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
make test
|
2023-08-25 09:14:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This is a common configurator and test function that is used in:
|
|
|
|
|
# - component_test_full_no_cipher_with_crypto
|
|
|
|
|
# - component_test_full_no_cipher_with_crypto_config
|
|
|
|
|
# It accepts 2 input parameters:
|
|
|
|
|
# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
# - $2: a text string which describes the test component
|
2023-10-24 13:41:44 +02:00
|
|
|
common_test_full_no_cipher_with_psa_crypto () {
|
2023-08-25 09:14:15 +02:00
|
|
|
USE_CRYPTO_CONFIG="$1"
|
|
|
|
|
COMPONENT_DESCRIPTION="$2"
|
|
|
|
|
|
|
|
|
|
msg "build: $COMPONENT_DESCRIPTION"
|
|
|
|
|
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
|
|
|
|
|
|
|
|
|
if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
|
2023-10-24 13:52:06 +02:00
|
|
|
# The built-in implementation of the following algs/key-types depends
|
|
|
|
|
# on CIPHER_C so we disable them.
|
|
|
|
|
# This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
|
|
|
|
|
# so we keep them enabled.
|
2023-08-25 09:14:15 +02:00
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
|
|
|
|
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
|
|
|
|
else
|
|
|
|
|
# Don't pull in cipher via PSA mechanisms
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
2023-10-24 14:12:59 +02:00
|
|
|
# Disable cipher modes/keys that make PSA depend on CIPHER_C.
|
|
|
|
|
# Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
|
|
|
|
|
scripts/config.py unset-all MBEDTLS_CIPHER_MODE
|
|
|
|
|
scripts/config.py unset MBEDTLS_DES_C
|
|
|
|
|
# Dependencies on AES_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
2023-08-25 09:14:15 +02:00
|
|
|
fi
|
2023-10-23 14:58:25 +02:00
|
|
|
# The following modules directly depends on CIPHER_C
|
2023-08-25 09:14:15 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
2023-10-23 14:58:55 +02:00
|
|
|
|
2023-08-25 09:14:15 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
# Ensure that CIPHER_C was not re-enabled
|
|
|
|
|
not grep mbedtls_cipher_init library/cipher.o
|
|
|
|
|
|
|
|
|
|
msg "test: $COMPONENT_DESCRIPTION"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_full_no_cipher_with_crypto() {
|
2023-10-24 13:41:44 +02:00
|
|
|
common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
|
2023-08-25 09:14:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_full_no_cipher_with_crypto_config() {
|
2023-10-24 13:41:44 +02:00
|
|
|
common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
}
|
|
|
|
|
|
2023-11-07 15:37:20 +01:00
|
|
|
component_test_full_no_ccm() {
|
|
|
|
|
msg "build: full no PSA_WANT_ALG_CCM"
|
|
|
|
|
|
|
|
|
|
# Full config enables:
|
|
|
|
|
# - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
|
|
|
|
|
# - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
|
|
|
|
|
# Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still
|
|
|
|
|
# enabled, but not used from TLS since USE_PSA is set.
|
|
|
|
|
# This is helpful to ensure that TLS tests below have proper dependencies.
|
|
|
|
|
#
|
|
|
|
|
# Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause
|
|
|
|
|
# PSA_WANT_ALG_CCM to be re-enabled.
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
|
|
|
|
|
|
2023-11-08 12:35:36 +01:00
|
|
|
make
|
2023-11-07 15:37:20 +01:00
|
|
|
|
|
|
|
|
msg "test: full no PSA_WANT_ALG_CCM"
|
2023-11-08 12:35:36 +01:00
|
|
|
make test
|
2023-11-07 15:37:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_full_no_ccm_star_no_tag() {
|
|
|
|
|
msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
|
|
|
|
|
|
|
|
|
|
# Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
|
|
|
|
|
# Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all
|
|
|
|
|
# other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol.
|
|
|
|
|
# This basically disables all unauthenticated ciphers on the PSA side, while
|
|
|
|
|
# keeping AEADs enabled.
|
|
|
|
|
#
|
|
|
|
|
# Note: PSA_WANT_ALG_CCM is enabled, but it does not cause
|
|
|
|
|
# PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
|
|
|
|
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
make
|
|
|
|
|
|
2023-11-07 15:37:20 +01:00
|
|
|
# Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled
|
|
|
|
|
not grep mbedtls_psa_cipher library/psa_crypto_cipher.o
|
2023-11-08 12:35:36 +01:00
|
|
|
|
|
|
|
|
msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
|
all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-02 10:55:33 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-03 15:35:25 +01:00
|
|
|
component_test_full_no_bignum () {
|
|
|
|
|
msg "build: full minus bignum"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_BIGNUM_C
|
|
|
|
|
# Direct dependencies of bignum
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
|
|
|
|
# Direct dependencies of ECP
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
2023-06-14 17:23:19 +02:00
|
|
|
# Disable what auto-enables ECP_LIGHT
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
2023-01-03 15:35:25 +01:00
|
|
|
# Indirect dependencies of ECP
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
|
# Direct dependencies of DHM
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
|
# Direct dependencies of RSA
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
# PK and its dependencies
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_USE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CREATE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
|
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: full minus bignum"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_stream_cipher_only () {
|
2022-09-27 13:34:31 +02:00
|
|
|
msg "build: default with only stream cipher"
|
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C
|
2022-09-27 13:34:31 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
2022-09-27 13:34:31 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-27 13:34:31 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 07:59:01 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-27 13:34:31 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: default with only stream cipher"
|
|
|
|
|
make test
|
2022-10-03 09:04:16 +02:00
|
|
|
|
|
|
|
|
# Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
|
2022-09-27 13:34:31 +02:00
|
|
|
}
|
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_stream_cipher_only_use_psa () {
|
2022-10-03 09:04:16 +02:00
|
|
|
msg "build: default with only stream cipher use psa"
|
2022-09-28 09:51:55 +02:00
|
|
|
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 09:51:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 09:51:55 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
2022-10-03 09:04:16 +02:00
|
|
|
msg "test: default with only stream cipher use psa"
|
2022-09-28 09:51:55 +02:00
|
|
|
make test
|
2022-10-03 09:04:16 +02:00
|
|
|
|
|
|
|
|
# Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
|
2022-09-28 09:51:55 +02:00
|
|
|
}
|
2022-09-27 13:34:31 +02:00
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_cbc_legacy_cipher_only () {
|
2022-09-28 10:23:22 +02:00
|
|
|
msg "build: default with only CBC-legacy cipher"
|
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 10:23:22 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher"
|
|
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
|
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 10:23:22 +02:00
|
|
|
}
|
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
|
2022-09-28 12:06:57 +02:00
|
|
|
msg "build: default with only CBC-legacy cipher use psa"
|
|
|
|
|
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 12:06:57 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher use psa"
|
|
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
|
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 12:06:57 +02:00
|
|
|
}
|
|
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
|
2022-09-28 12:06:57 +02:00
|
|
|
msg "build: default with only CBC-legacy and CBC-EtM ciphers"
|
2022-09-28 10:23:22 +02:00
|
|
|
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 10:23:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 10:23:22 +02:00
|
|
|
|
2022-09-28 12:06:57 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers"
|
|
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
|
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 12:06:57 +02:00
|
|
|
}
|
|
|
|
|
|
2022-09-29 15:22:01 +02:00
|
|
|
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
|
|
|
|
|
msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
|
2022-09-28 12:06:57 +02:00
|
|
|
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
2022-09-29 08:32:25 +02:00
|
|
|
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-09-29 08:32:25 +02:00
|
|
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
|
|
|
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
|
|
|
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
2022-10-03 09:04:16 +02:00
|
|
|
# Modules that depend on AEAD
|
2022-09-28 12:06:57 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
2022-10-10 08:47:13 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
2022-09-28 12:06:57 +02:00
|
|
|
|
2022-09-28 10:23:22 +02:00
|
|
|
make
|
|
|
|
|
|
2022-09-29 15:22:01 +02:00
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
|
2022-09-28 10:23:22 +02:00
|
|
|
make test
|
2022-09-29 15:22:01 +02:00
|
|
|
|
|
|
|
|
msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
|
|
|
|
|
tests/ssl-opt.sh -f "TLS 1.2"
|
2022-09-28 10:23:22 +02:00
|
|
|
}
|
|
|
|
|
|
2022-11-08 13:03:24 +01:00
|
|
|
# We're not aware of any other (open source) implementation of EC J-PAKE in TLS
|
|
|
|
|
# that we could use for interop testing. However, we now have sort of two
|
|
|
|
|
# implementations ourselves: one using PSA, the other not. At least test that
|
|
|
|
|
# these two interoperate with each other.
|
|
|
|
|
component_test_tls1_2_ecjpake_compatibility() {
|
|
|
|
|
msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
|
|
|
|
|
scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
2023-09-20 15:03:18 +02:00
|
|
|
# Explicitly make lib first to avoid a race condition:
|
|
|
|
|
# https://github.com/Mbed-TLS/mbedtls/issues/8229
|
|
|
|
|
make lib
|
2022-11-08 13:03:24 +01:00
|
|
|
make -C programs ssl/ssl_server2 ssl/ssl_client2
|
|
|
|
|
cp programs/ssl/ssl_server2 s2_no_use_psa
|
|
|
|
|
cp programs/ssl/ssl_client2 c2_no_use_psa
|
|
|
|
|
|
|
|
|
|
msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
|
|
|
|
|
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
make clean
|
2023-09-20 15:03:18 +02:00
|
|
|
make lib
|
2022-11-08 13:03:24 +01:00
|
|
|
make -C programs ssl/ssl_server2 ssl/ssl_client2
|
|
|
|
|
make -C programs test/udp_proxy test/query_compile_time_config
|
|
|
|
|
|
2022-12-02 16:21:56 +01:00
|
|
|
msg "test: server w/o USE_PSA - client w/ USE_PSA, text password"
|
|
|
|
|
P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
|
|
|
|
|
msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password"
|
|
|
|
|
P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS"
|
|
|
|
|
msg "test: client w/o USE_PSA - server w/ USE_PSA, text password"
|
|
|
|
|
P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
|
|
|
|
|
msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password"
|
|
|
|
|
P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS"
|
2022-11-08 13:03:24 +01:00
|
|
|
|
|
|
|
|
rm s2_no_use_psa c2_no_use_psa
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_everest () {
|
|
|
|
|
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
|
|
|
|
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
|
|
|
|
|
2023-11-02 19:58:03 +01:00
|
|
|
msg "test: metatests (clang, ASan)"
|
|
|
|
|
tests/scripts/run-metatests.sh any asan
|
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f ECDH
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
|
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
|
|
|
|
# Exclude some symmetric ciphers that are redundant here to gain time.
|
2022-04-06 13:28:27 +02:00
|
|
|
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
|
2020-03-04 20:46:15 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-03 00:15:37 +02:00
|
|
|
component_test_everest_curve25519_only () {
|
|
|
|
|
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
|
|
|
|
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
2021-04-23 13:33:44 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
2020-07-03 00:15:37 +02:00
|
|
|
# Disable all curves
|
2023-07-28 16:33:13 +02:00
|
|
|
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
2020-07-03 00:15:37 +02:00
|
|
|
scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2020-07-03 00:15:37 +02:00
|
|
|
|
|
|
|
|
msg "test: Everest ECDH context, only Curve25519" # ~ 50s
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_ssl_out_content_len () {
|
|
|
|
|
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2017-09-28 13:53:51 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment\|Large packet"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_ssl_in_content_len () {
|
|
|
|
|
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_ssl_dtls_max_buffering () {
|
|
|
|
|
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_small_mbedtls_ssl_dtls_max_buffering () {
|
|
|
|
|
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
|
2020-03-04 20:46:15 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2019-09-06 19:47:17 +02:00
|
|
|
component_test_psa_collect_statuses () {
|
|
|
|
|
msg "build+test: psa_collect_statuses" # ~30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/psa_collect_statuses.py
|
2019-09-06 19:47:17 +02:00
|
|
|
# Check that psa_crypto_init() succeeded at least once
|
2021-07-08 18:41:16 +02:00
|
|
|
grep -q '^0:psa_crypto_init:' tests/statuses.log
|
2019-09-06 19:47:17 +02:00
|
|
|
rm -f tests/statuses.log
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_full_cmake_clang () {
|
|
|
|
|
msg "build: cmake, full config, clang" # ~ 50s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2022-10-30 21:02:40 +01:00
|
|
|
CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2018-08-24 15:43:44 +02:00
|
|
|
|
2019-06-26 15:52:12 +02:00
|
|
|
msg "test: main suites (full config, clang)" # ~ 5s
|
2018-11-27 15:58:47 +01:00
|
|
|
make test
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2022-10-30 21:02:40 +01:00
|
|
|
msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
|
|
|
|
|
programs/test/cpp_dummy_build
|
|
|
|
|
|
2023-11-02 19:58:03 +01:00
|
|
|
msg "test: metatests (clang)"
|
2023-11-03 18:05:38 +01:00
|
|
|
tests/scripts/run-metatests.sh any pthread
|
2023-11-02 19:58:03 +01:00
|
|
|
|
2019-06-14 18:27:03 +02:00
|
|
|
msg "program demos (full config, clang)" # ~10s
|
|
|
|
|
tests/scripts/run_demos.py
|
|
|
|
|
|
2019-06-26 15:52:12 +02:00
|
|
|
msg "test: psa_constant_names (full config, clang)" # ~ 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/test_psa_constant_names.py
|
2020-02-26 19:51:43 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2022-04-06 13:28:27 +02:00
|
|
|
msg "test: compat.sh NULL (full config)" # ~ 2 min
|
2023-08-27 21:43:00 +02:00
|
|
|
tests/compat.sh -e '^$' -f 'NULL'
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: compat.sh ARIA + ChachaPoly"
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-07-12 04:00:00 +02:00
|
|
|
|
2022-11-29 16:01:41 +01:00
|
|
|
skip_suites_without_constant_flow () {
|
|
|
|
|
# Skip the test suites that don't have any constant-flow annotations.
|
|
|
|
|
# This will need to be adjusted if we ever start declaring things as
|
|
|
|
|
# secret from macros or functions inside tests/include or tests/src.
|
|
|
|
|
SKIP_TEST_SUITES=$(
|
|
|
|
|
git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
|
|
|
|
|
sed 's/test_suite_//; s/\.function$//' |
|
|
|
|
|
tr '\n' ,)
|
|
|
|
|
export SKIP_TEST_SUITES
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-31 19:07:44 +02:00
|
|
|
skip_all_except_given_suite () {
|
|
|
|
|
# Skip all but the given test suite
|
|
|
|
|
SKIP_TEST_SUITES=$(
|
|
|
|
|
ls -1 tests/suites/test_suite_*.function |
|
|
|
|
|
grep -v $1.function |
|
|
|
|
|
sed 's/tests.suites.test_suite_//; s/\.function$//' |
|
|
|
|
|
tr '\n' ,)
|
|
|
|
|
export SKIP_TEST_SUITES
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-10 09:35:54 +02:00
|
|
|
component_test_memsan_constant_flow () {
|
2022-03-18 09:57:32 +01:00
|
|
|
# This tests both (1) accesses to undefined memory, and (2) branches or
|
|
|
|
|
# memory access depending on secret values. To distinguish between those:
|
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
|
|
|
|
|
# - or alternatively, change the build type to MemSanDbg, which enables
|
|
|
|
|
# origin tracking and nicer stack traces (which are useful for debugging
|
|
|
|
|
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
|
|
|
|
|
msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
|
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_memsan_constant_flow_psa () {
|
2020-07-22 11:09:28 +02:00
|
|
|
# This tests both (1) accesses to undefined memory, and (2) branches or
|
|
|
|
|
# memory access depending on secret values. To distinguish between those:
|
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
|
|
|
|
|
# - or alternatively, change the build type to MemSanDbg, which enables
|
|
|
|
|
# origin tracking and nicer stack traces (which are useful for debugging
|
|
|
|
|
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
|
|
|
|
|
msg "build: cmake MSan (clang), full config with constant flow testing"
|
2020-07-10 09:35:54 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
|
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
|
|
|
|
make
|
|
|
|
|
|
2020-07-22 11:09:28 +02:00
|
|
|
msg "test: main suites (Msan + constant flow)"
|
2020-07-10 09:35:54 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-06 16:14:37 +01:00
|
|
|
component_release_test_valgrind_constant_flow () {
|
2020-08-19 10:27:38 +02:00
|
|
|
# This tests both (1) everything that valgrind's memcheck usually checks
|
|
|
|
|
# (heap buffer overflows, use of uninitialized memory, use-after-free,
|
|
|
|
|
# etc.) and (2) branches or memory access depending on secret values,
|
|
|
|
|
# which will be reported as uninitialized memory. To distinguish between
|
|
|
|
|
# secret and actually uninitialized:
|
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
|
|
|
|
|
# - or alternatively, build with debug info and manually run the offending
|
|
|
|
|
# test suite with valgrind --track-origins=yes, then check if the origin
|
|
|
|
|
# was TEST_CF_SECRET() or something else.
|
2022-03-18 09:57:32 +01:00
|
|
|
msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-11-29 16:01:41 +01:00
|
|
|
skip_suites_without_constant_flow
|
2022-03-18 09:57:32 +01:00
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
# this only shows a summary of the results (how many of each type)
|
|
|
|
|
# details are left in Testing/<date>/DynamicAnalysis.xml
|
2022-11-29 16:01:41 +01:00
|
|
|
msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
|
2022-03-18 09:57:32 +01:00
|
|
|
make memcheck
|
2023-07-31 19:07:44 +02:00
|
|
|
|
|
|
|
|
# Test asm path in constant time module - by default, it will test the plain C
|
|
|
|
|
# path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
|
|
|
|
|
msg "test: valgrind asm constant_time"
|
|
|
|
|
scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
|
|
|
|
|
skip_all_except_given_suite test_suite_constant_time
|
|
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
|
make clean
|
|
|
|
|
make
|
|
|
|
|
make memcheck
|
2022-03-18 09:57:32 +01:00
|
|
|
}
|
|
|
|
|
|
2023-12-06 16:14:37 +01:00
|
|
|
component_release_test_valgrind_constant_flow_psa () {
|
2020-08-19 10:27:38 +02:00
|
|
|
# This tests both (1) everything that valgrind's memcheck usually checks
|
|
|
|
|
# (heap buffer overflows, use of uninitialized memory, use-after-free,
|
|
|
|
|
# etc.) and (2) branches or memory access depending on secret values,
|
|
|
|
|
# which will be reported as uninitialized memory. To distinguish between
|
|
|
|
|
# secret and actually uninitialized:
|
|
|
|
|
# - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
|
|
|
|
|
# - or alternatively, build with debug info and manually run the offending
|
|
|
|
|
# test suite with valgrind --track-origins=yes, then check if the origin
|
|
|
|
|
# was TEST_CF_SECRET() or something else.
|
|
|
|
|
msg "build: cmake release GCC, full config with constant flow testing"
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
|
2022-11-29 16:01:41 +01:00
|
|
|
skip_suites_without_constant_flow
|
2020-08-19 10:27:38 +02:00
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
# this only shows a summary of the results (how many of each type)
|
|
|
|
|
# details are left in Testing/<date>/DynamicAnalysis.xml
|
2022-11-29 16:01:41 +01:00
|
|
|
msg "test: some suites (valgrind + constant flow)"
|
2020-08-19 10:27:38 +02:00
|
|
|
make memcheck
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-13 01:03:21 +02:00
|
|
|
component_test_default_no_deprecated () {
|
2020-04-30 09:07:29 +02:00
|
|
|
# Test that removing the deprecated features from the default
|
|
|
|
|
# configuration leaves something consistent.
|
2020-04-13 01:03:21 +02:00
|
|
|
msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
|
|
|
|
|
scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
|
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
|
|
msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_full_no_deprecated () {
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "build: make, full_no_deprecated config" # ~ 30s
|
|
|
|
|
scripts/config.py full_no_deprecated
|
2020-04-13 01:03:21 +02:00
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
|
|
|
|
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "test: make, full_no_deprecated config" # ~ 5s
|
2020-04-13 01:03:21 +02:00
|
|
|
make test
|
2023-01-09 12:20:45 +01:00
|
|
|
|
|
|
|
|
msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
|
|
|
|
|
not grep mbedtls_mpi library/libmbedx509.a
|
2020-04-13 01:03:21 +02:00
|
|
|
}
|
|
|
|
|
|
2020-04-30 09:07:29 +02:00
|
|
|
component_test_full_no_deprecated_deprecated_warning () {
|
|
|
|
|
# Test that there is nothing deprecated in "full_no_deprecated".
|
|
|
|
|
# A deprecated feature would trigger a warning (made fatal) from
|
|
|
|
|
# MBEDTLS_DEPRECATED_WARNING.
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
|
|
|
|
|
scripts/config.py full_no_deprecated
|
2020-04-13 01:03:21 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
|
|
|
|
|
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
|
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
|
|
|
|
|
2020-04-20 21:39:22 +02:00
|
|
|
msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
|
2020-04-13 01:03:21 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-30 09:07:29 +02:00
|
|
|
component_test_full_deprecated_warning () {
|
|
|
|
|
# Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
|
|
|
|
|
# with only certain whitelisted types of warnings.
|
2020-04-13 01:03:21 +02:00
|
|
|
msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
|
2020-04-13 01:03:21 +02:00
|
|
|
# Expect warnings from '#warning' directives in check_config.h.
|
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
|
2018-02-20 12:02:07 +01:00
|
|
|
|
2020-04-30 09:07:29 +02:00
|
|
|
msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
|
|
|
|
|
# Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features.
|
|
|
|
|
# By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
|
2020-04-13 01:03:21 +02:00
|
|
|
# Expect warnings from '#warning' directives in check_config.h and
|
|
|
|
|
# from the use of deprecated functions in test suites.
|
|
|
|
|
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
|
2019-11-26 17:37:37 +01:00
|
|
|
|
2020-04-13 01:03:21 +02:00
|
|
|
msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
|
|
|
|
|
make test
|
2019-06-14 18:27:03 +02:00
|
|
|
|
|
|
|
|
msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s
|
|
|
|
|
tests/scripts/run_demos.py
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2020-01-31 14:24:14 +01:00
|
|
|
# Check that the specified libraries exist and are empty.
|
|
|
|
|
are_empty_libraries () {
|
|
|
|
|
nm "$@" >/dev/null 2>/dev/null
|
|
|
|
|
! nm "$@" 2>/dev/null | grep -v ':$' | grep .
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_crypto_default () {
|
|
|
|
|
msg "build: make, crypto only"
|
|
|
|
|
scripts/config.py crypto
|
2020-02-03 11:59:20 +01:00
|
|
|
make CFLAGS='-O1 -Werror'
|
2021-07-08 18:41:16 +02:00
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
2020-01-31 14:24:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_crypto_full () {
|
|
|
|
|
msg "build: make, crypto only, full config"
|
|
|
|
|
scripts/config.py crypto_full
|
2020-02-03 11:59:20 +01:00
|
|
|
make CFLAGS='-O1 -Werror'
|
2021-07-08 18:41:16 +02:00
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
2020-01-31 14:24:14 +01:00
|
|
|
}
|
|
|
|
|
|
2022-10-21 19:34:54 +02:00
|
|
|
component_test_crypto_for_psa_service () {
|
2022-10-11 21:05:06 +02:00
|
|
|
msg "build: make, config for PSA crypto service"
|
|
|
|
|
scripts/config.py crypto
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
|
# Disable things that are not needed for just cryptography, to
|
|
|
|
|
# reach a configuration that would be typical for a PSA cryptography
|
|
|
|
|
# service providing all implemented PSA algorithms.
|
|
|
|
|
# System stuff
|
|
|
|
|
scripts/config.py unset MBEDTLS_ERROR_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_TIMING_C
|
2022-10-25 21:02:33 +02:00
|
|
|
scripts/config.py unset MBEDTLS_VERSION_FEATURES
|
2022-10-11 21:05:06 +02:00
|
|
|
# Crypto stuff with no PSA interface
|
|
|
|
|
scripts/config.py unset MBEDTLS_BASE64_C
|
2022-10-25 21:05:57 +02:00
|
|
|
# Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
|
2022-10-25 21:06:11 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent
|
2022-10-25 21:05:57 +02:00
|
|
|
# Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG.
|
2022-10-11 21:05:06 +02:00
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PEM_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PEM_WRITE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
2022-10-11 21:15:24 +02:00
|
|
|
# MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
|
|
|
|
|
# in PSA code to work with RSA keys. We don't require users to set those:
|
|
|
|
|
# they will be reenabled in build_info.h.
|
2022-10-25 21:02:56 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_C
|
2022-10-11 21:15:24 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
2022-10-11 21:05:06 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
|
|
|
|
make CFLAGS='-O1 -Werror' all test
|
|
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-31 14:24:14 +01:00
|
|
|
component_build_crypto_baremetal () {
|
|
|
|
|
msg "build: make, crypto only, baremetal config"
|
|
|
|
|
scripts/config.py crypto_baremetal
|
2021-11-30 12:40:54 +01:00
|
|
|
make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
|
2021-07-08 18:41:16 +02:00
|
|
|
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
2020-01-31 14:24:14 +01:00
|
|
|
}
|
2020-09-02 13:30:13 +02:00
|
|
|
support_build_crypto_baremetal () {
|
2020-08-31 06:22:58 +02:00
|
|
|
support_build_baremetal "$@"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_baremetal () {
|
|
|
|
|
msg "build: make, baremetal config"
|
|
|
|
|
scripts/config.py baremetal
|
2021-11-30 12:40:54 +01:00
|
|
|
make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
|
2020-08-31 06:22:58 +02:00
|
|
|
}
|
|
|
|
|
support_build_baremetal () {
|
2020-09-02 13:30:13 +02:00
|
|
|
# Older Glibc versions include time.h from other headers such as stdlib.h,
|
|
|
|
|
# which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
|
|
|
|
|
# problem, Ubuntu 18.04 is ok.
|
|
|
|
|
! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
|
|
|
|
|
}
|
2020-01-31 14:24:14 +01:00
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
# depends.py family of tests
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_cipher_id () {
|
|
|
|
|
msg "test/build: depends.py cipher_id (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py cipher_id --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_cipher_chaining () {
|
|
|
|
|
msg "test/build: depends.py cipher_chaining (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py cipher_chaining --unset-use-psa
|
2020-08-20 15:16:41 +02:00
|
|
|
}
|
|
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_cipher_padding () {
|
|
|
|
|
msg "test/build: depends.py cipher_padding (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py cipher_padding --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_curves () {
|
|
|
|
|
msg "test/build: depends.py curves (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py curves --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_hashes () {
|
|
|
|
|
msg "test/build: depends.py hashes (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py hashes --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_kex () {
|
|
|
|
|
msg "test/build: depends.py kex (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py kex --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-05 15:14:07 +02:00
|
|
|
component_test_depends_py_pkalgs () {
|
|
|
|
|
msg "test/build: depends.py pkalgs (gcc)"
|
2022-10-24 16:49:22 +02:00
|
|
|
tests/scripts/depends.py pkalgs --unset-use-psa
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-30 11:20:45 +01:00
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
# PSA equivalents of the depends.py tests
|
|
|
|
|
component_test_depends_py_cipher_id_psa () {
|
|
|
|
|
msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py cipher_id
|
|
|
|
|
}
|
2014-11-20 13:29:53 +01:00
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_cipher_chaining_psa () {
|
|
|
|
|
msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py cipher_chaining
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_cipher_padding_psa () {
|
|
|
|
|
msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py cipher_padding
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_curves_psa () {
|
|
|
|
|
msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py curves
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_hashes_psa () {
|
|
|
|
|
msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py hashes
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_kex_psa () {
|
|
|
|
|
msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py kex
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-24 16:49:22 +02:00
|
|
|
component_test_depends_py_pkalgs_psa () {
|
|
|
|
|
msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
|
2022-10-05 15:14:07 +02:00
|
|
|
tests/scripts/depends.py pkalgs
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-06-06 11:36:16 +02:00
|
|
|
|
2023-01-20 14:18:05 +01:00
|
|
|
component_build_no_pk_rsa_alt_support () {
|
|
|
|
|
msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
|
|
|
|
|
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT
|
|
|
|
|
scripts/config.py set MBEDTLS_RSA_C
|
|
|
|
|
scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
|
|
|
|
|
|
|
|
|
|
# Only compile - this is primarily to test for compile issues
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-25 09:04:46 +02:00
|
|
|
component_build_module_alt () {
|
|
|
|
|
msg "build: MBEDTLS_XXX_ALT" # ~30s
|
|
|
|
|
scripts/config.py full
|
2022-12-06 12:10:33 +01:00
|
|
|
|
|
|
|
|
# Disable options that are incompatible with some ALT implementations:
|
2021-05-25 09:04:46 +02:00
|
|
|
# aesni.c and padlock.c reference mbedtls_aes_context fields directly.
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-01-11 07:16:08 +01:00
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
2022-12-06 12:10:33 +01:00
|
|
|
# MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
2021-05-25 09:04:46 +02:00
|
|
|
# You can only have one threading implementation: alt or pthread, not both.
|
|
|
|
|
scripts/config.py unset MBEDTLS_THREADING_PTHREAD
|
2021-05-31 21:21:12 +02:00
|
|
|
# The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
|
|
|
|
|
# directly and assumes the implementation works with partial groups.
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
2023-10-10 15:59:02 +02:00
|
|
|
# MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
2022-03-15 11:51:52 +01:00
|
|
|
# MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
|
2022-12-06 12:10:33 +01:00
|
|
|
|
2021-05-25 09:04:46 +02:00
|
|
|
# Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
|
|
|
|
|
# MBEDTLS_XXX_YYY_ALT which are for single functions.
|
|
|
|
|
scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
|
2021-05-31 22:09:58 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C
|
2022-12-06 12:10:33 +01:00
|
|
|
|
2021-05-31 22:09:58 +02:00
|
|
|
# We can only compile, not link, since we don't have any implementations
|
|
|
|
|
# suitable for testing with the dummy alt headers.
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_dhm_alt () {
|
|
|
|
|
msg "build: MBEDTLS_DHM_ALT" # ~30s
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_DHM_ALT
|
|
|
|
|
# debug.c currently references mbedtls_dhm_context fields directly.
|
|
|
|
|
scripts/config.py unset MBEDTLS_DEBUG_C
|
2021-05-25 09:04:46 +02:00
|
|
|
# We can only compile, not link, since we don't have any implementations
|
|
|
|
|
# suitable for testing with the dummy alt headers.
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
component_test_no_use_psa_crypto_full_cmake_asan() {
|
|
|
|
|
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
|
2019-09-03 11:42:04 +02:00
|
|
|
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2021-12-08 16:57:54 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
2020-04-12 14:21:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
2022-09-28 10:32:48 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
2022-09-28 13:00:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-02-01 13:03:03 +01:00
|
|
|
make
|
2018-07-02 15:08:21 +02:00
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2019-02-01 13:03:03 +01:00
|
|
|
make test
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2022-12-07 10:38:43 +01:00
|
|
|
# Note: ssl-opt.sh has some test cases that depend on
|
|
|
|
|
# MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
# This is the only component where those tests are not skipped.
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2022-04-06 13:28:27 +02:00
|
|
|
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
2023-08-27 21:43:00 +02:00
|
|
|
tests/compat.sh -f 'NULL'
|
2015-05-20 11:13:56 +02:00
|
|
|
|
2019-02-01 12:38:40 +01:00
|
|
|
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
|
|
|
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
2019-02-01 13:03:03 +01:00
|
|
|
}
|
2017-09-18 16:36:25 +02:00
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecdsa () {
|
2023-03-29 10:42:07 +02:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2022-12-27 13:03:10 +01:00
|
|
|
# Algorithms and key types to accelerate
|
2023-06-28 10:48:08 +02:00
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
2023-10-30 11:08:12 +01:00
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2022-12-27 13:03:10 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-06-15 09:07:10 +02:00
|
|
|
# Start from default config (no USE_PSA) + TLS 1.3
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2022-12-28 09:48:01 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
2022-12-27 13:03:10 +01:00
|
|
|
|
|
|
|
|
# Disable the module that's accelerated
|
2021-09-13 09:38:05 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
2022-12-27 13:03:10 +01:00
|
|
|
|
|
|
|
|
# Disable things that depend on it
|
2021-09-13 09:38:05 +02:00
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
2023-09-23 08:54:30 +02:00
|
|
|
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2022-12-28 10:09:53 +01:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-02-04 00:30:54 +01:00
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2022-12-27 13:03:10 +01:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
component_test_psa_crypto_config_accel_ecdh () {
|
2023-03-29 10:42:07 +02:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
2023-06-28 10:48:08 +02:00
|
|
|
loc_accel_list="ALG_ECDH \
|
2023-10-30 11:08:12 +01:00
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2022-12-29 11:31:35 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
# Disable the module that's accelerated
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
|
|
|
|
|
# Disable things that depend on it
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2022-12-29 11:31:35 +01:00
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
2022-12-29 11:31:35 +01:00
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-03-22 14:02:57 +01:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
|
2022-12-29 11:31:35 +01:00
|
|
|
make test
|
2022-12-29 12:29:09 +01:00
|
|
|
}
|
|
|
|
|
|
2023-05-11 10:48:50 +02:00
|
|
|
component_test_psa_crypto_config_accel_ffdh () {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "build: full with accelerated FFDH"
|
2023-05-11 10:48:50 +02:00
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
2023-07-10 16:38:59 +02:00
|
|
|
loc_accel_list="ALG_FFDH \
|
2023-09-01 09:12:31 +02:00
|
|
|
$(helper_get_psa_key_type_list "DH")"
|
2023-05-11 10:48:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2023-05-11 10:48:50 +02:00
|
|
|
|
2023-07-05 11:07:07 +02:00
|
|
|
# start with full (USE_PSA and TLS 1.3)
|
2023-07-04 12:35:31 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-05-11 10:48:50 +02:00
|
|
|
|
|
|
|
|
# Disable the module that's accelerated
|
|
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
|
|
|
|
|
|
|
|
|
# Disable things that depend on it
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
|
2023-06-08 09:15:59 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-05-11 10:48:50 +02:00
|
|
|
|
|
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
|
|
|
|
not grep mbedtls_dhm_ library/dhm.o
|
|
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full with accelerated FFDH"
|
2023-05-11 10:48:50 +02:00
|
|
|
make test
|
2023-07-04 12:35:31 +02:00
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "ssl-opt: full with accelerated FFDH alg"
|
2023-07-04 12:35:31 +02:00
|
|
|
tests/ssl-opt.sh -f "ffdh"
|
2023-05-11 10:48:50 +02:00
|
|
|
}
|
|
|
|
|
|
2023-05-26 10:19:49 +02:00
|
|
|
component_test_psa_crypto_config_reference_ffdh () {
|
2023-08-09 19:48:58 +02:00
|
|
|
msg "build: full with non-accelerated FFDH"
|
2023-05-26 10:19:49 +02:00
|
|
|
|
|
|
|
|
# Start with full (USE_PSA and TLS 1.3)
|
2023-07-05 11:07:07 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-05-26 10:19:49 +02:00
|
|
|
|
|
|
|
|
# Disable things that are not supported
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
make
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test suites: full with non-accelerated FFDH alg"
|
2023-05-26 10:19:49 +02:00
|
|
|
make test
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "ssl-opt: full with non-accelerated FFDH alg"
|
2023-07-04 12:35:31 +02:00
|
|
|
tests/ssl-opt.sh -f "ffdh"
|
2023-05-11 10:48:50 +02:00
|
|
|
}
|
|
|
|
|
|
2023-03-27 09:38:51 +02:00
|
|
|
component_test_psa_crypto_config_accel_pake() {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "build: full with accelerated PAKE"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-09-20 12:45:01 +02:00
|
|
|
loc_accel_list="ALG_JPAKE \
|
2023-10-30 11:08:12 +01:00
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-03-29 10:42:07 +02:00
|
|
|
# Make built-in fallback not available
|
2023-03-27 09:38:51 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
2023-03-27 09:38:51 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-03-27 09:38:51 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2023-03-27 09:38:51 +02:00
|
|
|
not grep mbedtls_ecjpake_init library/ecjpake.o
|
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full with accelerated PAKE"
|
2023-03-27 09:38:51 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-26 12:03:10 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecc_some_key_types () {
|
|
|
|
|
msg "build: full with accelerated EC algs and some key types"
|
|
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
|
# For key types, use an explicitly list to omit GENERATE (and DERIVE)
|
|
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
|
ALG_ECDH \
|
|
|
|
|
ALG_JPAKE \
|
|
|
|
|
KEY_TYPE_ECC_PUBLIC_KEY \
|
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
|
|
|
|
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
2023-10-30 11:08:12 +01:00
|
|
|
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2023-09-26 12:03:10 +02:00
|
|
|
|
|
|
|
|
# Configure
|
|
|
|
|
# ---------
|
|
|
|
|
|
|
|
|
|
# start with config full for maximum coverage (also enables USE_PSA)
|
|
|
|
|
helper_libtestdriver1_adjust_config "full"
|
|
|
|
|
|
|
|
|
|
# Disable modules that are accelerated - some will be re-enabled
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
|
|
|
|
|
|
|
|
|
# Disable all curves - those that aren't accelerated should be re-enabled
|
|
|
|
|
helper_disable_builtin_curves
|
|
|
|
|
|
|
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
|
|
|
|
|
|
# this is not supported by the driver API yet
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
|
|
|
|
|
|
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-09-26 12:03:10 +02:00
|
|
|
|
|
|
|
|
# ECP should be re-enabled but not the others
|
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
|
not grep mbedtls_ecdsa library/ecdsa.o
|
|
|
|
|
not grep mbedtls_ecjpake library/ecjpake.o
|
|
|
|
|
grep mbedtls_ecp library/ecp.o
|
|
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
|
|
|
|
msg "test suites: full with accelerated EC algs and some key types"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-25 12:35:15 +02:00
|
|
|
# Run tests with only (non-)Weierstrass accelerated
|
|
|
|
|
# Common code used in:
|
2023-09-28 09:10:01 +02:00
|
|
|
# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
|
|
|
|
|
# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
|
2023-09-25 12:35:15 +02:00
|
|
|
common_test_psa_crypto_config_accel_ecc_some_curves () {
|
2023-09-28 09:08:04 +02:00
|
|
|
weierstrass=$1
|
|
|
|
|
if [ $weierstrass -eq 1 ]; then
|
|
|
|
|
desc="Weierstrass"
|
2023-09-25 12:35:15 +02:00
|
|
|
else
|
2023-09-28 09:08:04 +02:00
|
|
|
desc="non-Weierstrass"
|
2023-09-25 12:35:15 +02:00
|
|
|
fi
|
|
|
|
|
|
2023-09-28 10:05:57 +02:00
|
|
|
msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
|
2023-09-25 12:35:15 +02:00
|
|
|
|
|
|
|
|
# Note: Curves are handled in a special way by the libtestdriver machinery,
|
|
|
|
|
# so we only want to include them in the accel list when building the main
|
|
|
|
|
# libraries, hence the use of a separate variable.
|
|
|
|
|
# Note: the following loop is a modified version of
|
|
|
|
|
# helper_get_psa_curve_list that only keeps Weierstrass families.
|
|
|
|
|
loc_weierstrass_list=""
|
|
|
|
|
loc_non_weierstrass_list=""
|
2023-09-28 09:08:04 +02:00
|
|
|
for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
|
|
|
|
case $item in
|
2023-09-25 12:35:15 +02:00
|
|
|
ECC_BRAINPOOL*|ECC_SECP*)
|
2023-09-28 09:08:04 +02:00
|
|
|
loc_weierstrass_list="$loc_weierstrass_list $item"
|
2023-09-25 12:35:15 +02:00
|
|
|
;;
|
|
|
|
|
*)
|
2023-09-28 09:08:04 +02:00
|
|
|
loc_non_weierstrass_list="$loc_non_weierstrass_list $item"
|
2023-09-25 12:35:15 +02:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ $weierstrass -eq 1 ]; then
|
2023-09-25 12:35:15 +02:00
|
|
|
loc_curve_list=$loc_weierstrass_list
|
|
|
|
|
else
|
|
|
|
|
loc_curve_list=$loc_non_weierstrass_list
|
|
|
|
|
fi
|
|
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
|
ALG_ECDH \
|
|
|
|
|
ALG_JPAKE \
|
|
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$loc_curve_list"
|
|
|
|
|
|
2023-09-25 12:35:15 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
|
|
|
|
|
2023-09-28 10:05:57 +02:00
|
|
|
# Start with config crypto_full and remove PK_C:
|
|
|
|
|
# that's what's supported now, see docs/driver-only-builds.md.
|
|
|
|
|
helper_libtestdriver1_adjust_config "crypto_full"
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
|
|
|
|
# We need to disable RSA too or PK will be re-enabled.
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
|
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2023-09-25 12:35:15 +02:00
|
|
|
|
|
|
|
|
# Disable modules that are accelerated - some will be re-enabled
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
|
|
|
|
|
|
|
|
|
# Disable all curves - those that aren't accelerated should be re-enabled
|
|
|
|
|
helper_disable_builtin_curves
|
|
|
|
|
|
|
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
|
|
|
|
|
|
# this is not supported by the driver API yet
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
|
|
|
|
|
|
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
|
|
2023-10-31 12:23:44 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-09-25 12:35:15 +02:00
|
|
|
|
|
|
|
|
# We expect ECDH to be re-enabled for the missing curves
|
|
|
|
|
grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
|
# We expect ECP to be re-enabled, however the parts specific to the
|
|
|
|
|
# families of curves that are accelerated should be ommited.
|
|
|
|
|
# - functions with mxz in the name are specific to Montgomery curves
|
|
|
|
|
# - ecp_muladd is specific to Weierstrass curves
|
|
|
|
|
##nm library/ecp.o | tee ecp.syms
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ $weierstrass -eq 1 ]; then
|
2023-09-25 12:35:15 +02:00
|
|
|
not grep mbedtls_ecp_muladd library/ecp.o
|
|
|
|
|
grep mxz library/ecp.o
|
|
|
|
|
else
|
|
|
|
|
grep mbedtls_ecp_muladd library/ecp.o
|
|
|
|
|
not grep mxz library/ecp.o
|
|
|
|
|
fi
|
|
|
|
|
# We expect ECDSA and ECJPAKE to be re-enabled only when
|
|
|
|
|
# Weierstrass curves are not accelerated
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ $weierstrass -eq 1 ]; then
|
2023-09-25 12:35:15 +02:00
|
|
|
not grep mbedtls_ecdsa library/ecdsa.o
|
|
|
|
|
not grep mbedtls_ecjpake library/ecjpake.o
|
|
|
|
|
else
|
|
|
|
|
grep mbedtls_ecdsa library/ecdsa.o
|
|
|
|
|
grep mbedtls_ecjpake library/ecjpake.o
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-09-28 10:05:57 +02:00
|
|
|
msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
|
|
|
|
|
make test
|
2023-09-25 12:35:15 +02:00
|
|
|
}
|
|
|
|
|
|
2023-09-28 09:10:01 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {
|
2023-09-25 12:35:15 +02:00
|
|
|
common_test_psa_crypto_config_accel_ecc_some_curves 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-28 09:10:01 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () {
|
2023-09-25 12:35:15 +02:00
|
|
|
common_test_psa_crypto_config_accel_ecc_some_curves 0
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-20 13:54:41 +01:00
|
|
|
# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
|
|
|
|
|
# ECDH, ECDSA) with and without drivers.
|
2023-03-29 10:42:07 +02:00
|
|
|
# The input parameter is a boolean value which indicates:
|
|
|
|
|
# - 0 keep built-in EC algs,
|
|
|
|
|
# - 1 exclude built-in EC algs (driver only).
|
2023-03-20 13:54:41 +01:00
|
|
|
#
|
|
|
|
|
# This is used by the two following components to ensure they always use the
|
|
|
|
|
# same config, except for the use of driver or built-in EC algorithms:
|
2023-06-14 10:33:10 +02:00
|
|
|
# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
|
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
|
2023-03-22 14:02:57 +01:00
|
|
|
# This supports comparing their test coverage with analyze_outcomes.py.
|
2023-07-19 19:16:37 +02:00
|
|
|
config_psa_crypto_config_ecp_light_only () {
|
2023-09-28 09:08:04 +02:00
|
|
|
driver_only="$1"
|
2023-03-20 13:54:41 +01:00
|
|
|
# start with config full for maximum coverage (also enables USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$driver_only" -eq 1 ]; then
|
2023-03-20 13:54:41 +01:00
|
|
|
# Disable modules that are accelerated
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
2023-04-05 18:20:30 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
2023-03-20 13:54:41 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
|
|
|
|
|
component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "build: full with accelerated EC algs"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
|
ALG_ECDH \
|
|
|
|
|
ALG_JPAKE \
|
2023-10-30 11:08:12 +01:00
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
|
# Use the same config as reference, only without built-in EC algs
|
2023-07-19 19:16:37 +02:00
|
|
|
config_psa_crypto_config_ecp_light_only 1
|
2023-03-20 13:54:41 +01:00
|
|
|
|
2023-09-01 09:12:31 +02:00
|
|
|
# Do not disable builtin curves because that support is required for:
|
2023-08-15 17:10:47 +02:00
|
|
|
# - MBEDTLS_PK_PARSE_EC_EXTENDED
|
|
|
|
|
# - MBEDTLS_PK_PARSE_EC_COMPRESSED
|
2023-03-20 13:54:41 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
2023-03-20 13:54:41 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# These hashes are needed for some ECDSA signature tests.
|
2023-09-23 08:54:30 +02:00
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
|
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
|
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
2023-04-05 18:20:30 +02:00
|
|
|
not grep mbedtls_ecp_mul library/ecp.o
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test suites: full with accelerated EC algs"
|
2023-03-20 13:54:41 +01:00
|
|
|
make test
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "ssl-opt: full with accelerated EC algs"
|
2023-03-20 13:54:41 +01:00
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
|
|
|
|
|
component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
|
2023-03-20 13:54:41 +01:00
|
|
|
|
2023-07-19 19:16:37 +02:00
|
|
|
config_psa_crypto_config_ecp_light_only 0
|
2023-03-20 13:54:41 +01:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test suites: full with non-accelerated EC algs"
|
2023-03-20 13:54:41 +01:00
|
|
|
make test
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "ssl-opt: full with non-accelerated EC algs"
|
2023-03-20 13:54:41 +01:00
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# This helper function is used by:
|
2023-06-14 10:33:10 +02:00
|
|
|
# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
|
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
|
2023-04-12 14:59:16 +02:00
|
|
|
# to ensure that both tests use the same underlying configuration when testing
|
|
|
|
|
# driver's coverage with analyze_outcomes.py.
|
|
|
|
|
#
|
|
|
|
|
# This functions accepts 1 boolean parameter as follows:
|
|
|
|
|
# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
|
|
|
|
|
# excluding their built-in implementation as well as ECP_C & ECP_LIGHT
|
|
|
|
|
# - 0: include built-in implementation of EC algorithms.
|
|
|
|
|
#
|
|
|
|
|
# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
|
|
|
|
|
# on the ECP module.
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_no_ecp_at_all () {
|
2023-09-28 09:08:04 +02:00
|
|
|
driver_only="$1"
|
2023-06-26 15:23:44 +02:00
|
|
|
# start with full config for maximum coverage (also enables USE_PSA)
|
|
|
|
|
helper_libtestdriver1_adjust_config "full"
|
|
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$driver_only" -eq 1 ]; then
|
2023-04-12 14:59:16 +02:00
|
|
|
# Disable modules that are accelerated
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
# Disable ECP module (entirely)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
|
|
|
|
fi
|
|
|
|
|
|
2023-06-14 10:42:31 +02:00
|
|
|
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
2023-06-14 10:46:55 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
2023-06-14 10:42:31 +02:00
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Build and test a configuration where driver accelerates all EC algs while
|
|
|
|
|
# all support and dependencies from ECP and ECP_LIGHT are removed on the library
|
|
|
|
|
# side.
|
|
|
|
|
#
|
2023-06-14 10:33:10 +02:00
|
|
|
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
|
|
|
|
|
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "build: full + accelerated EC algs - ECP"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
|
# Algorithms and key types to accelerate
|
|
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
|
ALG_ECDH \
|
|
|
|
|
ALG_JPAKE \
|
2023-10-30 11:08:12 +01:00
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
2023-04-12 14:59:16 +02:00
|
|
|
# Set common configurations between library's and driver's builds
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_no_ecp_at_all 1
|
2023-08-15 17:10:47 +02:00
|
|
|
# Disable all the builtin curves. All the required algs are accelerated.
|
|
|
|
|
helper_disable_builtin_curves
|
2023-04-12 14:59:16 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
|
# Things we wanted supported in libtestdriver1, but not accelerated in the main library:
|
2023-09-23 08:54:30 +02:00
|
|
|
# SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
|
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
2023-05-25 10:07:31 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
|
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
|
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
2023-08-15 17:10:47 +02:00
|
|
|
# Also ensure that ECP module was not re-enabled
|
2023-04-12 14:59:16 +02:00
|
|
|
not grep mbedtls_ecp_ library/ecp.o
|
|
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full + accelerated EC algs - ECP"
|
2023-04-12 14:59:16 +02:00
|
|
|
make test
|
2023-06-27 17:45:49 +02:00
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "ssl-opt: full + accelerated EC algs - ECP"
|
2023-06-27 17:45:49 +02:00
|
|
|
tests/ssl-opt.sh
|
2023-04-12 14:59:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Reference function used for driver's coverage analysis in analyze_outcomes.py
|
2023-06-14 10:33:10 +02:00
|
|
|
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
|
2023-04-12 14:59:16 +02:00
|
|
|
# Keep in sync with its accelerated counterpart.
|
2023-06-14 10:33:10 +02:00
|
|
|
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "build: full + non accelerated EC algs"
|
2023-04-12 14:59:16 +02:00
|
|
|
|
2023-06-14 10:33:10 +02:00
|
|
|
config_psa_crypto_no_ecp_at_all 0
|
2023-04-12 14:59:16 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full + non accelerated EC algs"
|
2023-04-12 14:59:16 +02:00
|
|
|
make test
|
2023-06-27 17:45:49 +02:00
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "ssl-opt: full + non accelerated EC algs"
|
2023-06-27 17:45:49 +02:00
|
|
|
tests/ssl-opt.sh
|
2023-04-12 14:59:16 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
# This is a common configuration helper used directly from:
|
|
|
|
|
# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
|
|
|
|
|
# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
|
|
|
|
|
# and indirectly from:
|
2023-06-12 17:51:33 +02:00
|
|
|
# - component_test_psa_crypto_config_accel_ecc_no_bignum
|
2023-08-15 10:10:26 +02:00
|
|
|
# - accelerate all EC algs, disable RSA and FFDH
|
2023-06-12 17:51:33 +02:00
|
|
|
# - component_test_psa_crypto_config_reference_ecc_no_bignum
|
2023-08-15 10:10:26 +02:00
|
|
|
# - this is the reference component of the above
|
|
|
|
|
# - it still disables RSA and FFDH, but it uses builtin EC algs
|
|
|
|
|
# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
|
|
|
|
|
# - accelerate all EC and FFDH algs, disable only RSA
|
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
|
|
|
|
|
# - this is the reference component of the above
|
|
|
|
|
# - it still disables RSA, but it uses builtin EC and FFDH algs
|
|
|
|
|
#
|
|
|
|
|
# This function accepts 2 parameters:
|
2023-09-05 08:48:51 +02:00
|
|
|
# $1: a boolean value which states if we are testing an accelerated scenario
|
|
|
|
|
# or not.
|
|
|
|
|
# $2: a string value which states which components are tested. Allowed values
|
|
|
|
|
# are "ECC" or "ECC_DH".
|
2023-08-15 10:10:26 +02:00
|
|
|
config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
|
2023-09-28 09:08:04 +02:00
|
|
|
driver_only="$1"
|
|
|
|
|
test_target="$2"
|
2023-07-31 11:27:17 +02:00
|
|
|
# start with full config for maximum coverage (also enables USE_PSA)
|
2023-07-27 10:08:45 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-06-12 17:51:33 +02:00
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$driver_only" -eq 1 ]; then
|
2023-06-12 17:51:33 +02:00
|
|
|
# Disable modules that are accelerated
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
|
|
|
# Disable ECP module (entirely)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_C
|
2023-06-12 18:42:40 +02:00
|
|
|
# Also disable bignum
|
|
|
|
|
scripts/config.py unset MBEDTLS_BIGNUM_C
|
2023-06-12 17:51:33 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
|
|
|
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
|
|
|
|
|
2023-06-12 18:28:42 +02:00
|
|
|
# RSA support is intentionally disabled on this test because RSA_C depends
|
|
|
|
|
# on BIGNUM_C.
|
2023-07-28 16:33:13 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
|
2023-06-12 18:28:42 +02:00
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
# Also disable key exchanges that depend on RSA
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$test_target" = "ECC" ]; then
|
2023-08-15 10:10:26 +02:00
|
|
|
# When testing ECC only, we disable FFDH support, both from builtin and
|
|
|
|
|
# PSA sides, and also disable the key exchanges that depend on DHM.
|
|
|
|
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
|
|
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
else
|
|
|
|
|
# When testing ECC and DH instead, we disable DHM and depending key
|
|
|
|
|
# exchanges only in the accelerated build
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$driver_only" -eq 1 ]; then
|
2023-08-15 10:10:26 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2023-06-12 18:28:42 +02:00
|
|
|
|
2023-06-12 17:51:33 +02:00
|
|
|
# Restartable feature is not yet supported by PSA. Once it will in
|
|
|
|
|
# the future, the following line could be removed (see issues
|
|
|
|
|
# 6061, 6332 and following ones)
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
# Common helper used by:
|
|
|
|
|
# - component_test_psa_crypto_config_accel_ecc_no_bignum
|
|
|
|
|
# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
|
2023-06-12 17:51:33 +02:00
|
|
|
#
|
2023-08-15 10:10:26 +02:00
|
|
|
# The goal is to build and test accelerating either:
|
|
|
|
|
# - ECC only or
|
|
|
|
|
# - both ECC and FFDH
|
|
|
|
|
#
|
|
|
|
|
# It is meant to be used in conjunction with
|
2023-09-05 08:48:51 +02:00
|
|
|
# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
|
|
|
|
|
# coverage analysis in the "analyze_outcomes.py" script.
|
2023-08-15 10:10:26 +02:00
|
|
|
common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
2023-09-28 09:08:04 +02:00
|
|
|
test_target="$1"
|
2023-08-15 10:10:26 +02:00
|
|
|
|
2023-09-05 08:48:51 +02:00
|
|
|
# This is an internal helper to simplify text message handling
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$test_target" = "ECC_DH" ]; then
|
|
|
|
|
accel_text="ECC/FFDH"
|
|
|
|
|
removed_text="ECP - DH"
|
2023-08-15 10:10:26 +02:00
|
|
|
else
|
2023-09-28 09:08:04 +02:00
|
|
|
accel_text="ECC"
|
|
|
|
|
removed_text="ECP"
|
2023-08-15 10:10:26 +02:00
|
|
|
fi
|
2023-06-12 17:51:33 +02:00
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
|
2023-08-15 10:10:26 +02:00
|
|
|
|
|
|
|
|
# By default we accelerate all EC keys/algs
|
2023-06-12 17:51:33 +02:00
|
|
|
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
|
|
|
|
ALG_ECDH \
|
|
|
|
|
ALG_JPAKE \
|
2023-10-30 11:08:12 +01:00
|
|
|
$(helper_get_psa_key_type_list "ECC") \
|
|
|
|
|
$(helper_get_psa_curve_list)"
|
2023-08-15 10:10:26 +02:00
|
|
|
# Optionally we can also add DH to the list of accelerated items
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$test_target" = "ECC_DH" ]; then
|
2023-08-15 10:10:26 +02:00
|
|
|
loc_accel_list="$loc_accel_list \
|
|
|
|
|
ALG_FFDH \
|
2023-09-22 09:05:48 +02:00
|
|
|
$(helper_get_psa_key_type_list "DH")"
|
2023-08-15 10:10:26 +02:00
|
|
|
fi
|
2023-06-12 17:51:33 +02:00
|
|
|
|
|
|
|
|
# Configure
|
|
|
|
|
# ---------
|
|
|
|
|
|
|
|
|
|
# Set common configurations between library's and driver's builds
|
2023-09-28 09:08:04 +02:00
|
|
|
config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
|
2023-08-15 17:10:47 +02:00
|
|
|
# Disable all the builtin curves. All the required algs are accelerated.
|
|
|
|
|
helper_disable_builtin_curves
|
2023-06-12 17:51:33 +02:00
|
|
|
|
|
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
# Things we wanted supported in libtestdriver1, but not accelerated in the main library:
|
2023-09-23 08:54:30 +02:00
|
|
|
# SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
|
|
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
2023-06-12 17:51:33 +02:00
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
|
|
|
|
|
2023-10-30 11:08:12 +01:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-06-12 17:51:33 +02:00
|
|
|
|
|
|
|
|
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
|
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
|
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
|
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
2023-08-15 10:10:26 +02:00
|
|
|
# Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
|
2023-06-12 17:51:33 +02:00
|
|
|
not grep mbedtls_ecp_ library/ecp.o
|
2023-06-12 18:33:34 +02:00
|
|
|
not grep mbedtls_rsa_ library/rsa.o
|
2023-06-12 18:42:40 +02:00
|
|
|
not grep mbedtls_mpi_ library/bignum.o
|
2023-08-15 10:10:26 +02:00
|
|
|
not grep mbedtls_dhm_ library/dhm.o
|
2023-06-12 17:51:33 +02:00
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
|
2023-08-15 10:10:26 +02:00
|
|
|
|
2023-06-12 17:51:33 +02:00
|
|
|
make test
|
|
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
|
2023-07-31 11:27:17 +02:00
|
|
|
tests/ssl-opt.sh
|
2023-06-12 17:51:33 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
# Common helper used by:
|
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_no_bignum
|
|
|
|
|
# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
|
|
|
|
|
#
|
|
|
|
|
# The goal is to build and test a reference scenario (i.e. with builtin
|
|
|
|
|
# components) compared to the ones used in
|
|
|
|
|
# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above.
|
|
|
|
|
#
|
|
|
|
|
# It is meant to be used in conjunction with
|
|
|
|
|
# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
|
|
|
|
|
# coverage analysis in "analyze_outcomes.py" script.
|
|
|
|
|
common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
|
2023-09-28 09:08:04 +02:00
|
|
|
test_target="$1"
|
2023-08-15 10:10:26 +02:00
|
|
|
|
2023-09-05 08:48:51 +02:00
|
|
|
# This is an internal helper to simplify text message handling
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$test_target" = "ECC_DH" ]; then
|
|
|
|
|
accel_text="ECC/FFDH"
|
2023-08-15 10:10:26 +02:00
|
|
|
else
|
2023-09-28 09:08:04 +02:00
|
|
|
accel_text="ECC"
|
2023-08-15 10:10:26 +02:00
|
|
|
fi
|
2023-06-12 17:51:33 +02:00
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "build: full + non accelerated $accel_text algs + USE_PSA"
|
2023-06-12 17:51:33 +02:00
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target"
|
2023-06-12 17:51:33 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
2023-07-27 10:08:45 +02:00
|
|
|
msg "test suites: full + non accelerated EC algs + USE_PSA"
|
2023-06-12 17:51:33 +02:00
|
|
|
make test
|
|
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
|
2023-07-31 11:27:17 +02:00
|
|
|
tests/ssl-opt.sh
|
2023-06-12 17:51:33 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecc_no_bignum () {
|
|
|
|
|
common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC"
|
|
|
|
|
}
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
component_test_psa_crypto_config_reference_ecc_no_bignum () {
|
|
|
|
|
common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC"
|
|
|
|
|
}
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
|
|
|
|
common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH"
|
|
|
|
|
}
|
2023-03-24 14:10:24 +01:00
|
|
|
|
2023-08-15 10:10:26 +02:00
|
|
|
component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
|
|
|
|
|
common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
|
|
|
|
|
}
|
2023-03-24 14:10:24 +01:00
|
|
|
|
2023-08-04 12:49:11 +02:00
|
|
|
# Helper for setting common configurations between:
|
|
|
|
|
# - component_test_tfm_config_p256m_driver_accel_ec()
|
|
|
|
|
# - component_test_tfm_config()
|
2023-08-04 12:43:03 +02:00
|
|
|
common_tfm_config () {
|
|
|
|
|
# Enable TF-M config
|
2023-09-21 11:11:40 +02:00
|
|
|
cp configs/config-tfm.h "$CONFIG_H"
|
|
|
|
|
echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H"
|
|
|
|
|
cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-09-25 05:21:15 +02:00
|
|
|
# Other config adjustment to make the tests pass.
|
|
|
|
|
# This should probably be adopted upstream.
|
2023-08-04 12:43:03 +02:00
|
|
|
#
|
2023-08-08 13:01:29 +02:00
|
|
|
# - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
|
|
|
|
|
echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H"
|
2023-09-25 05:21:15 +02:00
|
|
|
|
|
|
|
|
# Config adjustment for better test coverage in our environment.
|
|
|
|
|
# This is not needed just to build and pass tests.
|
2023-08-04 12:43:03 +02:00
|
|
|
#
|
|
|
|
|
# Enable filesystem I/O for the benefit of PK parse/write tests.
|
|
|
|
|
echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
|
|
|
|
|
}
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-08-04 12:49:11 +02:00
|
|
|
# Keep this in sync with component_test_tfm_config() as they are both meant
|
|
|
|
|
# to be used in analyze_outcomes.py for driver's coverage analysis.
|
2023-08-04 12:43:03 +02:00
|
|
|
component_test_tfm_config_p256m_driver_accel_ec () {
|
|
|
|
|
msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
|
2023-08-04 12:43:03 +02:00
|
|
|
common_tfm_config
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
|
2023-11-15 17:34:20 +01:00
|
|
|
# Build crypto library
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-08-03 14:28:20 +02:00
|
|
|
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
2023-03-21 11:52:33 +01:00
|
|
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
2023-08-03 14:28:20 +02:00
|
|
|
not grep mbedtls_ecdh_ library/ecdh.o
|
2023-03-21 11:52:33 +01:00
|
|
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
2023-08-03 14:28:20 +02:00
|
|
|
# Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
|
2023-08-08 13:01:29 +02:00
|
|
|
not grep mbedtls_ecp_ library/ecp.o
|
2023-08-03 14:28:20 +02:00
|
|
|
not grep mbedtls_rsa_ library/rsa.o
|
|
|
|
|
not grep mbedtls_dhm_ library/dhm.o
|
2023-08-08 13:01:29 +02:00
|
|
|
not grep mbedtls_mpi_ library/bignum.o
|
2023-11-15 17:34:20 +01:00
|
|
|
# Check that p256m was built
|
2023-11-27 11:30:03 +01:00
|
|
|
grep -q p256_ecdsa_ library/libmbedcrypto.a
|
2023-03-21 11:52:33 +01:00
|
|
|
|
2023-12-04 12:07:30 +01:00
|
|
|
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
|
|
|
|
|
# files, so we want to ensure that it has not be re-enabled accidentally.
|
|
|
|
|
not grep mbedtls_cipher library/cipher.o
|
|
|
|
|
|
2023-03-21 11:52:33 +01:00
|
|
|
# Run the tests
|
2023-08-04 12:43:03 +02:00
|
|
|
msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
|
2023-08-03 14:28:20 +02:00
|
|
|
make test
|
2023-08-04 12:43:03 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-04 12:49:11 +02:00
|
|
|
# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
|
|
|
|
|
# they are both meant to be used in analyze_outcomes.py for driver's coverage
|
|
|
|
|
# analysis.
|
2023-08-04 12:43:03 +02:00
|
|
|
component_test_tfm_config() {
|
|
|
|
|
common_tfm_config
|
2023-08-03 14:28:20 +02:00
|
|
|
|
2023-11-15 17:34:20 +01:00
|
|
|
# Disable P256M driver, which is on by default, so that analyze_outcomes
|
|
|
|
|
# can compare this test with test_tfm_config_p256m_driver_accel_ec
|
|
|
|
|
echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
|
|
|
|
|
|
2023-08-04 12:43:03 +02:00
|
|
|
msg "build: TF-M config"
|
2023-09-27 15:53:08 +02:00
|
|
|
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
|
2023-05-31 12:51:50 +02:00
|
|
|
|
2023-11-15 17:34:20 +01:00
|
|
|
# Check that p256m was not built
|
2023-11-27 11:30:03 +01:00
|
|
|
not grep p256_ecdsa_ library/libmbedcrypto.a
|
2023-11-15 17:34:20 +01:00
|
|
|
|
2023-12-04 12:07:30 +01:00
|
|
|
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
|
|
|
|
|
# files, so we want to ensure that it has not be re-enabled accidentally.
|
|
|
|
|
not grep mbedtls_cipher library/cipher.o
|
|
|
|
|
|
2023-08-04 12:43:03 +02:00
|
|
|
msg "test: TF-M config"
|
2023-03-21 11:52:33 +01:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-02 11:30:50 +02:00
|
|
|
# Common helper for component_full_without_ecdhe_ecdsa() and
|
|
|
|
|
# component_full_without_ecdhe_ecdsa_and_tls13() which:
|
|
|
|
|
# - starts from the "full" configuration minus the list of symbols passed in
|
|
|
|
|
# as 1st parameter
|
|
|
|
|
# - build
|
|
|
|
|
# - test only TLS (i.e. test_suite_tls and ssl-opt)
|
|
|
|
|
build_full_minus_something_and_test_tls () {
|
2023-09-28 09:08:04 +02:00
|
|
|
symbols_to_disable="$1"
|
2023-08-02 11:30:50 +02:00
|
|
|
|
|
|
|
|
msg "build: full minus something, test TLS"
|
|
|
|
|
|
|
|
|
|
scripts/config.py full
|
2023-09-28 09:08:04 +02:00
|
|
|
for sym in $symbols_to_disable; do
|
|
|
|
|
echo "Disabling $sym"
|
|
|
|
|
scripts/config.py unset $sym
|
2023-08-02 11:30:50 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: full minus something, test TLS"
|
|
|
|
|
( cd tests; ./test_suite_ssl )
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt: full minus something, test TLS"
|
|
|
|
|
tests/ssl-opt.sh
|
2023-03-24 16:51:17 +01:00
|
|
|
}
|
|
|
|
|
|
2023-08-02 11:30:50 +02:00
|
|
|
component_full_without_ecdhe_ecdsa () {
|
|
|
|
|
build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_full_without_ecdhe_ecdsa_and_tls13 () {
|
|
|
|
|
build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
|
MBEDTLS_SSL_PROTO_TLS1_3"
|
2023-03-24 16:51:17 +01:00
|
|
|
}
|
|
|
|
|
|
2023-06-20 12:08:30 +02:00
|
|
|
# This is an helper used by:
|
|
|
|
|
# - component_test_psa_ecc_key_pair_no_derive
|
|
|
|
|
# - component_test_psa_ecc_key_pair_no_generate
|
|
|
|
|
# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
|
|
|
|
|
# enabled, but one. Input arguments are as follows:
|
|
|
|
|
# - $1 is the key type under test, i.e. ECC/RSA/DH
|
|
|
|
|
# - $2 is the key option to be unset (i.e. generate, derive, etc)
|
2023-06-22 11:22:23 +02:00
|
|
|
build_and_test_psa_want_key_pair_partial() {
|
2023-09-28 09:08:04 +02:00
|
|
|
key_type=$1
|
|
|
|
|
unset_option=$2
|
|
|
|
|
disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
|
2023-06-20 12:08:30 +02:00
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
|
2023-06-20 12:08:30 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
|
|
|
|
|
|
|
|
|
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
|
|
|
|
|
# crypto_config.h so we just disable the one we don't want.
|
2023-09-28 09:08:04 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
|
2023-06-20 12:08:30 +02:00
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2023-06-20 12:08:30 +02:00
|
|
|
|
2023-09-28 09:08:04 +02:00
|
|
|
msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
|
2023-06-20 12:08:30 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_psa_ecc_key_pair_no_derive() {
|
2023-06-22 11:22:23 +02:00
|
|
|
build_and_test_psa_want_key_pair_partial "ECC" "DERIVE"
|
2023-06-20 12:08:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_psa_ecc_key_pair_no_generate() {
|
2023-06-22 11:22:23 +02:00
|
|
|
build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
|
2023-06-20 12:08:30 +02:00
|
|
|
}
|
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
component_test_psa_crypto_config_accel_rsa_signature () {
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
|
|
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2021-09-13 09:38:05 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
|
|
|
|
# It seems it is not possible to remove only the support for RSA signature
|
|
|
|
|
# in the library. Thus we have to remove all RSA support (signature and
|
|
|
|
|
# encryption/decryption). AS there is no driver support for asymmetric
|
|
|
|
|
# encryption/decryption so far remove RSA encryption/decryption from the
|
|
|
|
|
# application algorithm list.
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-06-12 17:22:24 +02:00
|
|
|
# Remove RSA support and its dependencies
|
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
# Make sure both the library and the test library support the SHA hash
|
|
|
|
|
# algorithms and only those ones (SHA256 is included by default). That way:
|
|
|
|
|
# - the test library can compute the RSA signatures even in the case of a
|
|
|
|
|
# composite RSA signature algorithm based on a SHA hash (no other hash
|
|
|
|
|
# used in the unit tests).
|
|
|
|
|
# - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is
|
|
|
|
|
# fulfilled as the hash SHA algorithm is supported by the library, and
|
|
|
|
|
# thus the tests are run, not skipped.
|
|
|
|
|
# - when testing a signature key with an algorithm wildcard built from
|
|
|
|
|
# PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
|
|
|
|
|
# algorithm based on the hashes supported by the library is also
|
|
|
|
|
# supported by the test library.
|
2023-06-12 17:22:24 +02:00
|
|
|
# Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list.
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160_C
|
2021-09-13 09:38:05 +02:00
|
|
|
scripts/config.py unset MBEDTLS_MD5_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
|
|
|
|
|
|
|
|
|
# We need PEM parsing in the test library as well to support the import
|
|
|
|
|
# of PEM encoded RSA keys.
|
2023-07-20 10:03:54 +02:00
|
|
|
scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
|
|
|
|
|
scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
|
2021-09-13 09:38:05 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
2021-09-13 09:38:05 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# These hashes are needed for some RSA-PSS signature tests.
|
2023-09-23 08:54:30 +02:00
|
|
|
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-02-04 00:30:54 +01:00
|
|
|
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
|
|
|
|
|
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
|
2021-09-13 09:38:05 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2021-09-13 09:38:05 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-13 14:19:03 +02:00
|
|
|
# This is a temporary test to verify that full RSA support is present even when
|
2023-06-15 11:53:08 +02:00
|
|
|
# only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined.
|
2023-06-13 14:19:03 +02:00
|
|
|
component_test_new_psa_want_key_pair_symbol() {
|
2023-06-15 11:53:08 +02:00
|
|
|
msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
|
2023-06-13 14:19:03 +02:00
|
|
|
|
2023-06-13 15:39:23 +02:00
|
|
|
# Create a temporary output file unless there is already one set
|
|
|
|
|
if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
|
|
|
|
|
REMOVE_OUTCOME_ON_EXIT="no"
|
|
|
|
|
else
|
|
|
|
|
REMOVE_OUTCOME_ON_EXIT="yes"
|
|
|
|
|
MBEDTLS_TEST_OUTCOME_FILE="$PWD/out.csv"
|
|
|
|
|
export MBEDTLS_TEST_OUTCOME_FILE
|
|
|
|
|
fi
|
|
|
|
|
|
2023-06-13 14:19:03 +02:00
|
|
|
# Start from crypto configuration
|
|
|
|
|
scripts/config.py crypto
|
|
|
|
|
|
|
|
|
|
# Remove RSA support and its dependencies
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V15
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_RSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
|
|
|
|
|
# Enable PSA support
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
|
2023-06-15 11:53:08 +02:00
|
|
|
# Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure
|
2023-06-13 14:19:03 +02:00
|
|
|
# that proper translations is done in crypto_legacy.h.
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
2023-06-13 14:19:03 +02:00
|
|
|
|
|
|
|
|
make
|
|
|
|
|
|
2023-06-15 11:53:08 +02:00
|
|
|
msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
|
2023-06-13 15:39:23 +02:00
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
# Parse only 1 relevant line from the outcome file, i.e. a test which is
|
|
|
|
|
# performing RSA signature.
|
|
|
|
|
msg "Verify that 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' is PASS"
|
|
|
|
|
cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
|
|
|
|
|
|
|
|
|
|
if [ "$REMOVE_OUTCOME_ON_EXIT" == "yes" ]; then
|
|
|
|
|
rm $MBEDTLS_TEST_OUTCOME_FILE
|
|
|
|
|
fi
|
2023-06-13 14:19:03 +02:00
|
|
|
}
|
|
|
|
|
|
2021-05-08 14:32:59 +02:00
|
|
|
component_test_psa_crypto_config_accel_hash () {
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
|
|
|
|
|
|
2023-09-22 09:46:14 +02:00
|
|
|
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
|
|
|
|
|
ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
2021-05-08 14:32:59 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2023-05-31 12:51:50 +02:00
|
|
|
|
|
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2023-05-31 12:51:50 +02:00
|
|
|
|
|
|
|
|
# Disable the things that are being accelerated
|
2021-05-08 14:32:59 +02:00
|
|
|
scripts/config.py unset MBEDTLS_MD5_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA1_C
|
2023-03-22 00:32:04 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SHA224_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_C
|
2021-05-08 14:32:59 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA384_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_C
|
2023-09-22 09:46:14 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA3_C
|
2023-05-25 10:39:23 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-05-08 14:32:59 +02:00
|
|
|
|
2023-03-22 00:32:04 +01:00
|
|
|
# There's a risk of something getting re-enabled via config_psa.h;
|
|
|
|
|
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
|
|
|
|
|
not grep mbedtls_md5 library/md5.o
|
|
|
|
|
not grep mbedtls_sha1 library/sha1.o
|
|
|
|
|
not grep mbedtls_sha256 library/sha256.o
|
|
|
|
|
not grep mbedtls_sha512 library/sha512.o
|
|
|
|
|
not grep mbedtls_ripemd160 library/ripemd160.o
|
2021-05-08 14:32:59 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2021-05-08 14:32:59 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-09 15:56:14 +01:00
|
|
|
component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
|
|
|
|
# This component ensures that all the test cases for
|
|
|
|
|
# md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
|
|
|
|
|
|
2023-09-22 09:46:14 +02:00
|
|
|
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
|
|
|
|
|
ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Start from default config (no TLS 1.3, no USE_PSA)
|
|
|
|
|
helper_libtestdriver1_adjust_config "default"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
2023-05-25 10:07:31 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2023-03-09 15:56:14 +01:00
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-15 13:21:14 +01:00
|
|
|
# Auxiliary function to build config for hashes with and without drivers
|
|
|
|
|
config_psa_crypto_hash_use_psa () {
|
2023-09-28 09:08:04 +02:00
|
|
|
driver_only="$1"
|
2022-09-19 10:38:46 +02:00
|
|
|
# start with config full for maximum coverage (also enables USE_PSA)
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2023-09-28 09:08:04 +02:00
|
|
|
if [ "$driver_only" -eq 1 ]; then
|
2022-11-15 13:21:14 +01:00
|
|
|
# disable the built-in implementation of hashes
|
|
|
|
|
scripts/config.py unset MBEDTLS_MD5_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA1_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA224_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
|
2023-10-10 15:59:02 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
2022-11-15 13:21:14 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SHA384_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
2023-09-22 09:46:14 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA3_C
|
2022-11-15 13:21:14 +01:00
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Note that component_test_psa_crypto_config_reference_hash_use_psa
|
|
|
|
|
# is related to this component and both components need to be kept in sync.
|
|
|
|
|
# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
|
|
|
|
|
component_test_psa_crypto_config_accel_hash_use_psa () {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full with accelerated hashes"
|
2022-11-15 13:21:14 +01:00
|
|
|
|
2023-09-22 09:46:14 +02:00
|
|
|
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
|
|
|
|
|
ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
|
|
|
|
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2022-11-15 13:21:14 +01:00
|
|
|
|
|
|
|
|
config_psa_crypto_hash_use_psa 1
|
2022-07-08 19:12:33 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
2023-05-31 12:51:50 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2022-07-08 19:12:33 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2022-07-06 13:06:57 +02:00
|
|
|
|
2022-07-08 19:12:33 +02:00
|
|
|
# There's a risk of something getting re-enabled via config_psa.h;
|
2023-03-16 11:39:20 +01:00
|
|
|
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
|
2022-07-08 19:12:33 +02:00
|
|
|
not grep mbedtls_md5 library/md5.o
|
|
|
|
|
not grep mbedtls_sha1 library/sha1.o
|
2022-07-11 11:06:09 +02:00
|
|
|
not grep mbedtls_sha256 library/sha256.o
|
2022-07-08 19:12:33 +02:00
|
|
|
not grep mbedtls_sha512 library/sha512.o
|
|
|
|
|
not grep mbedtls_ripemd160 library/ripemd160.o
|
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full with accelerated hashes"
|
2022-07-06 13:06:57 +02:00
|
|
|
make test
|
2022-09-05 21:39:23 +02:00
|
|
|
|
2022-11-29 12:37:53 +01:00
|
|
|
# This is mostly useful so that we can later compare outcome files with
|
|
|
|
|
# the reference config in analyze_outcomes.py, to check that the
|
|
|
|
|
# dependency declarations in ssl-opt.sh and in TLS code are correct.
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: ssl-opt.sh, full with accelerated hashes"
|
2022-10-27 08:24:43 +02:00
|
|
|
tests/ssl-opt.sh
|
2022-09-05 21:39:23 +02:00
|
|
|
|
2022-11-29 12:37:53 +01:00
|
|
|
# This is to make sure all ciphersuites are exercised, but we don't need
|
|
|
|
|
# interop testing (besides, we already got some from ssl-opt.sh).
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: compat.sh, full with accelerated hashes"
|
2022-11-29 12:37:53 +01:00
|
|
|
tests/compat.sh -p mbedTLS -V YES
|
2022-07-06 13:06:57 +02:00
|
|
|
}
|
|
|
|
|
|
2022-10-27 10:29:15 +02:00
|
|
|
# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa
|
|
|
|
|
# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py
|
|
|
|
|
# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
|
|
|
|
|
# Both components need to be kept in sync.
|
2022-10-20 14:21:21 +02:00
|
|
|
component_test_psa_crypto_config_reference_hash_use_psa() {
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full without accelerated hashes"
|
2022-11-15 13:21:14 +01:00
|
|
|
|
|
|
|
|
config_psa_crypto_hash_use_psa 0
|
2022-10-20 14:21:21 +02:00
|
|
|
|
2022-10-24 11:29:35 +02:00
|
|
|
make
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: full without accelerated hashes"
|
2022-10-20 14:21:21 +02:00
|
|
|
make test
|
|
|
|
|
|
2023-07-19 19:30:04 +02:00
|
|
|
msg "test: ssl-opt.sh, full without accelerated hashes"
|
2022-10-27 08:24:43 +02:00
|
|
|
tests/ssl-opt.sh
|
2022-07-06 13:06:57 +02:00
|
|
|
}
|
|
|
|
|
|
2021-10-18 11:26:01 +02:00
|
|
|
component_test_psa_crypto_config_accel_cipher () {
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
|
|
|
|
|
2023-10-19 10:42:31 +02:00
|
|
|
loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
|
|
|
|
|
ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
|
|
|
|
|
KEY_TYPE_DES"
|
2021-10-18 11:26:01 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2021-03-11 11:49:03 +01:00
|
|
|
|
2023-10-17 11:40:42 +02:00
|
|
|
# Start from the full config
|
2023-10-03 15:16:38 +02:00
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2021-10-18 11:26:01 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Disable the things that are being accelerated
|
2021-10-18 11:26:01 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
2021-03-11 11:49:03 +01:00
|
|
|
scripts/config.py unset MBEDTLS_DES_C
|
2023-10-11 05:57:10 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
2021-03-11 11:49:03 +01:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
2021-10-18 11:26:01 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2021-10-18 11:26:01 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-02-04 00:30:54 +01:00
|
|
|
not grep mbedtls_des* library/des.o
|
2020-09-21 08:09:17 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2022-07-06 10:46:57 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
2020-10-23 10:26:57 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-02 20:58:39 +02:00
|
|
|
component_test_psa_crypto_config_accel_aead () {
|
|
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
|
|
|
|
|
2023-10-02 15:57:33 +02:00
|
|
|
loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \
|
|
|
|
|
KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Configure
|
|
|
|
|
# ---------
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-10-02 15:57:33 +02:00
|
|
|
# Start from full config
|
|
|
|
|
helper_libtestdriver1_adjust_config "full"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Disable things that are being accelerated
|
2022-10-11 11:52:25 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-11-08 15:58:47 +01:00
|
|
|
# Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
2022-10-02 20:58:39 +02:00
|
|
|
|
Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.
Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.
It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)
Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-05-25 10:39:23 +02:00
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
2022-10-02 20:58:39 +02:00
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2022-10-11 11:52:25 +02:00
|
|
|
not grep mbedtls_ccm library/ccm.o
|
|
|
|
|
not grep mbedtls_gcm library/gcm.o
|
|
|
|
|
not grep mbedtls_chachapoly library/chachapoly.o
|
|
|
|
|
|
2023-05-31 12:51:50 +02:00
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2022-10-02 20:58:39 +02:00
|
|
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-13 09:29:37 +02:00
|
|
|
# This is a common configuration function used in:
|
|
|
|
|
# - component_test_psa_crypto_config_accel_cipher_aead
|
|
|
|
|
# - component_test_psa_crypto_config_reference_cipher_aead
|
|
|
|
|
common_psa_crypto_config_accel_cipher_aead() {
|
2023-10-27 05:00:32 +02:00
|
|
|
# Start from the full config
|
|
|
|
|
helper_libtestdriver1_adjust_config "full"
|
|
|
|
|
|
2023-11-08 16:50:54 +01:00
|
|
|
# CIPHER_C is disabled in the accelerated test component so we disable
|
|
|
|
|
# all the features that depend on it both in the accelerated and in the
|
|
|
|
|
# reference components.
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS5_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS12_C
|
|
|
|
|
|
2023-10-13 09:29:37 +02:00
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-04 12:05:05 +02:00
|
|
|
# The 2 following test components, i.e.
|
|
|
|
|
# - component_test_psa_crypto_config_accel_cipher_aead
|
|
|
|
|
# - component_test_psa_crypto_config_reference_cipher_aead
|
|
|
|
|
# are meant to be used together in analyze_outcomes.py script in order to test
|
|
|
|
|
# driver's coverage for ciphers and AEADs.
|
|
|
|
|
component_test_psa_crypto_config_accel_cipher_aead () {
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "build: full config with accelerated cipher and AEAD"
|
2023-10-04 12:05:05 +02:00
|
|
|
|
2023-10-25 12:39:50 +02:00
|
|
|
loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
|
2023-11-08 10:56:54 +01:00
|
|
|
ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
|
2023-10-25 12:27:12 +02:00
|
|
|
ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
|
2023-10-04 12:05:05 +02:00
|
|
|
KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
|
|
|
|
|
|
|
|
|
|
# Configure
|
|
|
|
|
# ---------
|
|
|
|
|
|
2023-10-13 09:29:37 +02:00
|
|
|
common_psa_crypto_config_accel_cipher_aead
|
2023-10-04 12:05:05 +02:00
|
|
|
|
|
|
|
|
# Disable the things that are being accelerated
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
|
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CCM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2023-10-25 12:27:12 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
2023-10-04 12:05:05 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DES_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AES_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ARIA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHA20_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_CAMELLIA_C
|
|
|
|
|
|
2023-11-08 16:50:54 +01:00
|
|
|
# Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA
|
|
|
|
|
# does not depend on it.
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
|
|
|
|
|
2023-10-04 12:05:05 +02:00
|
|
|
# Build
|
|
|
|
|
# -----
|
|
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
|
|
|
|
|
|
|
|
|
helper_libtestdriver1_make_main "$loc_accel_list"
|
|
|
|
|
|
|
|
|
|
# Make sure this was not re-enabled by accident (additive config)
|
2023-11-08 16:50:54 +01:00
|
|
|
not grep mbedtls_cipher library/cipher.o
|
2023-10-12 15:24:12 +02:00
|
|
|
not grep mbedtls_des library/des.o
|
|
|
|
|
not grep mbedtls_aes library/aes.o
|
|
|
|
|
not grep mbedtls_aria library/aria.o
|
|
|
|
|
not grep mbedtls_camellia library/camellia.o
|
2023-10-04 12:05:05 +02:00
|
|
|
not grep mbedtls_ccm library/ccm.o
|
|
|
|
|
not grep mbedtls_gcm library/gcm.o
|
|
|
|
|
not grep mbedtls_chachapoly library/chachapoly.o
|
|
|
|
|
not grep mbedtls_cmac library/cmac.o
|
|
|
|
|
|
|
|
|
|
# Run the tests
|
|
|
|
|
# -------------
|
|
|
|
|
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "test: full config with accelerated cipher and AEAD"
|
2023-10-04 12:05:05 +02:00
|
|
|
make test
|
2023-11-09 10:43:20 +01:00
|
|
|
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "ssl-opt: full config with accelerated cipher and AEAD"
|
2023-11-09 10:43:20 +01:00
|
|
|
tests/ssl-opt.sh
|
2023-11-14 10:33:32 +01:00
|
|
|
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "compat.sh: full config with accelerated cipher and AEAD"
|
2023-11-14 10:33:32 +01:00
|
|
|
tests/compat.sh -V NO -p mbedTLS
|
2023-10-04 12:05:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_psa_crypto_config_reference_cipher_aead () {
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "build: full config with non-accelerated cipher and AEAD"
|
2023-10-13 09:29:37 +02:00
|
|
|
common_psa_crypto_config_accel_cipher_aead
|
2023-10-04 12:05:05 +02:00
|
|
|
|
2023-11-09 10:43:20 +01:00
|
|
|
make
|
|
|
|
|
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "test: full config with non-accelerated cipher and AEAD"
|
2023-10-04 12:05:05 +02:00
|
|
|
make test
|
2023-11-09 10:43:20 +01:00
|
|
|
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "ssl-opt: full config with non-accelerated cipher and AEAD"
|
2023-11-09 10:43:20 +01:00
|
|
|
tests/ssl-opt.sh
|
2023-11-14 10:33:32 +01:00
|
|
|
|
2023-11-16 10:55:25 +01:00
|
|
|
msg "compat.sh: full config with non-accelerated cipher and AEAD"
|
2023-11-14 10:33:32 +01:00
|
|
|
tests/compat.sh -V NO -p mbedTLS
|
2023-10-04 12:05:05 +02:00
|
|
|
}
|
|
|
|
|
|
2023-07-20 22:19:45 +02:00
|
|
|
component_test_aead_chachapoly_disabled() {
|
|
|
|
|
msg "build: full minus CHACHAPOLY"
|
2021-10-13 11:09:44 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2023-05-31 12:51:50 +02:00
|
|
|
|
2023-07-20 22:19:45 +02:00
|
|
|
msg "test: full minus CHACHAPOLY"
|
2020-09-21 08:09:17 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 22:19:45 +02:00
|
|
|
component_test_aead_only_ccm() {
|
|
|
|
|
msg "build: full minus CHACHAPOLY and GCM"
|
2021-10-13 11:09:44 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
2023-07-20 22:19:45 +02:00
|
|
|
scripts/config.py unset MBEDTLS_GCM_C
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
|
2023-07-20 22:19:45 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2021-10-13 11:09:44 +02:00
|
|
|
|
2023-07-20 22:19:45 +02:00
|
|
|
msg "test: full minus CHACHAPOLY and GCM"
|
2021-10-13 11:09:44 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-10 08:31:19 +02:00
|
|
|
component_test_ccm_aes_sha256() {
|
|
|
|
|
msg "build: CCM + AES + SHA256 configuration"
|
|
|
|
|
|
2023-07-20 10:03:54 +02:00
|
|
|
cp "$CONFIG_TEST_DRIVER_H" "$CONFIG_H"
|
2023-07-20 09:57:54 +02:00
|
|
|
cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
|
2023-07-10 08:31:19 +02:00
|
|
|
|
|
|
|
|
make CC=gcc
|
|
|
|
|
|
|
|
|
|
msg "test: CCM + AES + SHA256 configuration"
|
2021-10-13 11:09:44 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_ecdh() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_hmac() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_hkdf() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py unset MBEDTLS_HKDF_C
|
2021-12-08 16:57:54 +01:00
|
|
|
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
}
|
|
|
|
|
|
2020-11-27 17:51:22 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_md5() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_ripemd160() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_sha1() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_sha224() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_sha256() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_sha384() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
|
|
|
|
|
component_build_psa_accel_alg_sha512() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
|
2020-11-27 17:51:22 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
|
2022-10-13 22:05:38 +02:00
|
|
|
scripts/config.py unset MBEDTLS_LMS_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
2020-11-27 17:51:22 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-27 17:51:22 +01:00
|
|
|
}
|
|
|
|
|
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-01 06:14:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-01 06:14:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_oaep() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-01 06:14:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_alg_rsa_pss() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-01 06:14:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_key_type_rsa_key_pair() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
|
2020-11-01 06:14:03 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
2020-11-01 06:14:03 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
2020-11-01 06:14:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
2020-11-10 17:50:04 +01:00
|
|
|
component_build_psa_accel_key_type_rsa_public_key() {
|
2023-07-19 19:36:55 +02:00
|
|
|
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
2022-03-15 11:23:25 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
2023-07-20 09:57:54 +02:00
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
}
|
|
|
|
|
|
2023-06-28 10:43:23 +02:00
|
|
|
|
2023-06-28 18:36:02 +02:00
|
|
|
support_build_tfm_armcc () {
|
2023-11-10 05:21:35 +01:00
|
|
|
support_build_armcc
|
2023-06-28 10:43:23 +02:00
|
|
|
}
|
|
|
|
|
|
2023-06-28 18:36:02 +02:00
|
|
|
component_build_tfm_armcc() {
|
|
|
|
|
# test the TF-M configuration can build cleanly with various warning flags enabled
|
2023-11-28 11:06:33 +01:00
|
|
|
cp configs/config-tfm.h "$CONFIG_H"
|
2023-06-28 10:43:23 +02:00
|
|
|
|
2023-06-29 13:35:51 +02:00
|
|
|
msg "build: TF-M config, armclang armv7-m thumb2"
|
2023-09-27 15:53:08 +02:00
|
|
|
armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
|
2023-06-29 12:58:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_tfm() {
|
2023-09-06 16:23:13 +02:00
|
|
|
# Check that the TF-M configuration can build cleanly with various
|
|
|
|
|
# warning flags enabled. We don't build or run tests, since the
|
|
|
|
|
# TF-M configuration needs a TF-M platform. A tweaked version of
|
|
|
|
|
# the configuration that works on mainstream platforms is in
|
|
|
|
|
# configs/config-tfm.h, tested via test-ref-configs.pl.
|
2023-11-28 11:06:33 +01:00
|
|
|
cp configs/config-tfm.h "$CONFIG_H"
|
2023-06-29 12:58:16 +02:00
|
|
|
|
2023-06-29 13:35:51 +02:00
|
|
|
msg "build: TF-M config, clang, armv7-m thumb2"
|
2023-09-27 15:53:08 +02:00
|
|
|
make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
|
2023-06-28 10:43:23 +02:00
|
|
|
|
2023-06-28 18:36:02 +02:00
|
|
|
msg "build: TF-M config, gcc native build"
|
|
|
|
|
make clean
|
2023-09-27 15:53:08 +02:00
|
|
|
make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe"
|
2023-06-28 10:43:23 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-04 12:55:25 +02:00
|
|
|
# Test that the given .o file builds with all (valid) combinations of the given options.
|
|
|
|
|
#
|
|
|
|
|
# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ...
|
|
|
|
|
#
|
|
|
|
|
# The validator function is the name of a function to validate the combination of options.
|
|
|
|
|
# It may be "" if all combinations are valid.
|
|
|
|
|
# It receives a string containing a combination of options, as passed to the compiler,
|
2023-10-16 14:47:15 +02:00
|
|
|
# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
|
2023-10-01 19:41:09 +02:00
|
|
|
build_test_config_combos() {
|
2023-10-04 12:50:30 +02:00
|
|
|
file=$1
|
2023-10-01 19:41:09 +02:00
|
|
|
shift
|
2023-10-04 12:50:30 +02:00
|
|
|
validate_options=$1
|
2023-10-01 19:41:09 +02:00
|
|
|
shift
|
2023-10-04 12:50:30 +02:00
|
|
|
options=("$@")
|
2023-06-29 13:10:45 +02:00
|
|
|
|
2023-10-03 16:47:05 +02:00
|
|
|
# clear all of the options so that they can be overridden on the clang commandline
|
2023-10-04 12:50:30 +02:00
|
|
|
for opt in "${options[@]}"; do
|
|
|
|
|
./scripts/config.py unset ${opt}
|
2023-10-03 16:47:05 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# enter the directory containing the target file & strip the dir from the filename
|
2023-10-04 12:50:30 +02:00
|
|
|
cd $(dirname ${file})
|
|
|
|
|
file=$(basename ${file})
|
2023-10-03 16:47:05 +02:00
|
|
|
|
2023-10-01 19:41:09 +02:00
|
|
|
# The most common issue is unused variables/functions, so ensure -Wunused is set.
|
2023-10-04 12:50:30 +02:00
|
|
|
warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
|
2023-09-29 18:32:06 +02:00
|
|
|
|
2023-10-03 16:47:05 +02:00
|
|
|
# Extract the command generated by the Makefile to build the target file.
|
|
|
|
|
# This ensures that we have any include paths, macro definitions, etc
|
|
|
|
|
# that may be applied by make.
|
|
|
|
|
# Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
|
2023-10-13 11:33:15 +02:00
|
|
|
compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
|
2023-10-03 16:47:05 +02:00
|
|
|
|
2023-10-13 11:33:15 +02:00
|
|
|
makefile=$(TMPDIR=. mktemp)
|
2023-10-04 12:50:30 +02:00
|
|
|
deps=""
|
2023-09-29 18:32:06 +02:00
|
|
|
|
2023-10-04 12:50:30 +02:00
|
|
|
len=${#options[@]}
|
2023-10-13 11:33:15 +02:00
|
|
|
source_file=${file%.o}.c
|
|
|
|
|
|
|
|
|
|
targets=0
|
|
|
|
|
echo 'include Makefile' >${makefile}
|
2023-10-01 19:41:09 +02:00
|
|
|
|
2023-10-04 12:50:30 +02:00
|
|
|
for ((i = 0; i < $((2**${len})); i++)); do
|
2023-10-01 19:41:09 +02:00
|
|
|
# generate each of 2^n combinations of options
|
2023-10-04 12:50:30 +02:00
|
|
|
# each bit of $i is used to determine if options[i] will be set or not
|
|
|
|
|
target="t"
|
|
|
|
|
clang_args=""
|
|
|
|
|
for ((j = 0; j < ${len}; j++)); do
|
2023-10-04 13:30:23 +02:00
|
|
|
if (((i >> j) & 1)); then
|
2023-10-04 14:38:41 +02:00
|
|
|
opt=-D${options[$j]}
|
2023-10-04 14:14:20 +02:00
|
|
|
clang_args="${clang_args} ${opt}"
|
|
|
|
|
target="${target}${opt}"
|
2023-10-04 13:30:23 +02:00
|
|
|
fi
|
2023-10-01 19:41:09 +02:00
|
|
|
done
|
2023-09-29 16:47:07 +02:00
|
|
|
|
2023-10-04 13:30:23 +02:00
|
|
|
# if combination is not known to be invalid, add it to the makefile
|
2023-10-16 14:47:15 +02:00
|
|
|
if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
|
2023-10-04 12:50:30 +02:00
|
|
|
cmd="${compile_cmd} ${clang_args}"
|
2023-10-13 11:33:15 +02:00
|
|
|
echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile}
|
2023-10-01 19:41:09 +02:00
|
|
|
|
2023-10-04 12:50:30 +02:00
|
|
|
deps="${deps} ${target}"
|
2023-10-13 11:33:15 +02:00
|
|
|
((++targets))
|
2023-10-01 19:41:09 +02:00
|
|
|
fi
|
2023-09-29 16:47:07 +02:00
|
|
|
done
|
2023-10-01 19:41:09 +02:00
|
|
|
|
2023-10-13 11:33:15 +02:00
|
|
|
echo "build_test_config_combos: ${deps}" >> ${makefile}
|
2023-10-01 19:41:09 +02:00
|
|
|
|
|
|
|
|
# execute all of the commands via Make (probably in parallel)
|
2023-10-13 11:33:15 +02:00
|
|
|
make -s -f ${makefile} build_test_config_combos
|
|
|
|
|
echo "$targets targets checked"
|
2023-09-29 19:54:49 +02:00
|
|
|
|
2023-10-01 19:41:09 +02:00
|
|
|
# clean up the temporary makefile
|
2023-10-04 12:50:30 +02:00
|
|
|
rm ${makefile}
|
2023-06-29 10:29:00 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-02 18:09:37 +02:00
|
|
|
validate_aes_config_variations() {
|
2023-10-01 19:41:09 +02:00
|
|
|
if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
|
|
|
|
|
if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then
|
2023-10-16 15:04:21 +02:00
|
|
|
return 1
|
2023-10-01 19:41:09 +02:00
|
|
|
fi
|
|
|
|
|
if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
|
|
|
|
|
("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
|
2023-10-16 15:04:21 +02:00
|
|
|
return 1
|
2023-10-01 19:41:09 +02:00
|
|
|
fi
|
|
|
|
|
fi
|
2023-10-16 15:04:21 +02:00
|
|
|
return 0
|
2023-10-01 19:41:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_aes_variations() {
|
|
|
|
|
# 18s - around 90ms per clang invocation on M1 Pro
|
|
|
|
|
#
|
2023-06-29 10:29:00 +02:00
|
|
|
# aes.o has many #if defined(...) guards that intersect in complex ways.
|
2023-10-01 19:41:09 +02:00
|
|
|
# Test that all the combinations build cleanly.
|
2023-06-29 10:29:00 +02:00
|
|
|
|
2023-11-06 04:08:17 +01:00
|
|
|
MBEDTLS_ROOT_DIR="$PWD"
|
2023-06-29 10:29:00 +02:00
|
|
|
msg "build: aes.o for all combinations of relevant config options"
|
2023-06-29 13:10:45 +02:00
|
|
|
|
2023-10-03 16:47:05 +02:00
|
|
|
build_test_config_combos library/aes.o validate_aes_config_variations \
|
2023-10-01 19:41:09 +02:00
|
|
|
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
|
|
|
|
|
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
|
|
|
|
|
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
|
|
|
|
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
|
2023-11-06 04:08:17 +01:00
|
|
|
|
|
|
|
|
cd "$MBEDTLS_ROOT_DIR"
|
|
|
|
|
msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
|
|
|
|
|
|
2023-11-23 07:28:47 +01:00
|
|
|
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
|
2023-11-06 04:08:17 +01:00
|
|
|
# manually set or unset those configurations to check
|
|
|
|
|
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
|
|
|
|
|
scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
|
|
|
|
scripts/config.py unset MBEDTLS_DES_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
|
build_test_config_combos library/aes.o validate_aes_config_variations \
|
|
|
|
|
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
|
|
|
|
|
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
|
|
|
|
|
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
|
|
|
|
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
|
2023-06-29 10:29:00 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_platform () {
|
|
|
|
|
# Full configuration build, without platform support, file IO and net sockets.
|
|
|
|
|
# This should catch missing mbedtls_printf definitions, and by disabling file
|
|
|
|
|
# IO, it should catch missing '#include <stdio.h>'
|
|
|
|
|
msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
|
2023-10-18 18:44:59 +02:00
|
|
|
scripts/config.py full_no_platform
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_NET_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_FS_IO
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
2023-10-18 18:44:59 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
2018-11-27 15:58:47 +01:00
|
|
|
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
|
|
|
|
|
# to re-enable platform integration features otherwise disabled in C99 builds
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-04-11 08:28:39 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_std_function () {
|
|
|
|
|
# catch compile bugs in _uninit functions
|
|
|
|
|
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
|
|
|
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
2020-04-12 23:43:28 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
2021-10-08 11:45:47 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
|
2021-10-07 19:34:57 +02:00
|
|
|
make
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-11 12:02:52 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_ssl_srv () {
|
2022-03-07 16:20:30 +01:00
|
|
|
msg "build: full config except SSL server, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SRV_C
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-10-11 12:02:52 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_ssl_cli () {
|
2022-03-07 16:20:30 +01:00
|
|
|
msg "build: full config except SSL client, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_CLI_C
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_no_sockets () {
|
|
|
|
|
# Note, C99 compliance can also be tested with the sockets support disabled,
|
|
|
|
|
# as that requires a POSIX platform (which isn't the same as C99).
|
|
|
|
|
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
|
|
|
|
|
scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
|
2019-09-20 19:23:10 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2019-09-05 15:27:47 +02:00
|
|
|
component_test_memory_buffer_allocator_backtrace () {
|
|
|
|
|
msg "build: default config with memory buffer allocator and backtrace enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
|
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_DEBUG
|
2021-10-19 21:33:32 +02:00
|
|
|
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
|
2019-09-05 15:27:47 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_memory_buffer_allocator () {
|
|
|
|
|
msg "build: default config with memory buffer allocator"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
2021-10-19 21:33:32 +02:00
|
|
|
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
|
2019-02-26 15:34:13 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
|
|
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
|
|
|
|
|
# MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -e '^DTLS proxy'
|
2019-02-26 15:34:13 +01:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_max_fragment_length () {
|
|
|
|
|
# Run max fragment length tests with MFL disabled
|
|
|
|
|
msg "build: default config except MFL extension (ASan build)" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: ssl-opt.sh, MFL-related tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment length"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2019-02-19 12:10:48 +01:00
|
|
|
component_test_asan_remove_peer_certificate () {
|
|
|
|
|
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-02-19 12:10:48 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-02-19 12:10:48 +01:00
|
|
|
|
|
|
|
|
msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
|
msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2019-02-19 12:10:48 +01:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_max_fragment_length_small_ssl_out_content_len () {
|
|
|
|
|
msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
|
msg "test: context-info.sh (disabled MFL extension case)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-07-07 13:29:15 +02:00
|
|
|
|
2019-12-02 11:53:11 +01:00
|
|
|
component_test_variable_ssl_in_out_buffer_len () {
|
|
|
|
|
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-12-02 11:53:11 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
|
|
|
|
|
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
}
|
|
|
|
|
|
2022-11-25 11:30:10 +01:00
|
|
|
component_test_dtls_cid_legacy () {
|
2022-11-23 11:14:03 +01:00
|
|
|
msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
|
2021-10-12 09:22:33 +02:00
|
|
|
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
|
2019-12-02 11:53:11 +01:00
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-12-02 11:53:11 +01:00
|
|
|
make
|
|
|
|
|
|
2022-11-23 11:14:03 +01:00
|
|
|
msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
|
2019-12-02 11:53:11 +01:00
|
|
|
make test
|
|
|
|
|
|
2022-11-23 11:14:03 +01:00
|
|
|
msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
|
2022-11-25 11:30:10 +01:00
|
|
|
msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2019-12-02 11:53:11 +01:00
|
|
|
}
|
|
|
|
|
|
2019-11-26 16:32:40 +01:00
|
|
|
component_test_ssl_alloc_buffer_and_mfl () {
|
|
|
|
|
msg "build: default config with memory buffer allocator and MFL extension"
|
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
|
|
|
|
scripts/config.py set MBEDTLS_MEMORY_DEBUG
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
2021-10-19 21:33:32 +02:00
|
|
|
CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
|
2019-11-26 16:32:40 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f "Handshake memory usage"
|
2019-11-26 16:32:40 +01:00
|
|
|
}
|
|
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
component_test_when_no_ciphersuites_have_mac () {
|
|
|
|
|
msg "build: when no ciphersuites have MAC"
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
2021-04-28 16:50:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
2020-03-04 20:46:15 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
|
2020-03-04 20:46:15 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-15 17:03:13 +02:00
|
|
|
component_test_no_date_time () {
|
|
|
|
|
msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
|
|
|
|
|
scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
|
2021-10-08 11:45:47 +02:00
|
|
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
|
2020-06-15 17:03:13 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_platform_calloc_macro () {
|
|
|
|
|
msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
|
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
|
|
|
|
|
scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 19:04:38 +02:00
|
|
|
component_test_malloc_0_null () {
|
|
|
|
|
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
2019-09-17 19:04:38 +02:00
|
|
|
|
|
|
|
|
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
|
|
|
|
|
# Just the calloc selftest. "make test" ran the others as part of the
|
|
|
|
|
# test suites.
|
2021-07-08 18:41:16 +02:00
|
|
|
programs/test/selftest calloc
|
2020-02-11 18:26:34 +01:00
|
|
|
|
|
|
|
|
msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
|
|
|
|
|
# Run a subset of the tests. The choice is a balance between coverage
|
|
|
|
|
# and time (including time indirectly wasted due to flaky tests).
|
|
|
|
|
# The current choice is to skip tests whose description includes
|
|
|
|
|
# "proxy", which is an approximation of skipping tests that use the
|
|
|
|
|
# UDP proxy, which tend to be slower and flakier.
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -e 'proxy'
|
2019-09-17 19:04:38 +02:00
|
|
|
}
|
|
|
|
|
|
2023-06-19 12:51:33 +02:00
|
|
|
support_test_aesni() {
|
|
|
|
|
# Check that gcc targets x86_64 (we can build AESNI), and check for
|
|
|
|
|
# AESNI support on the host (we can run AESNI).
|
|
|
|
|
#
|
|
|
|
|
# The name of this function is possibly slightly misleading, but needs to align
|
|
|
|
|
# with the name of the corresponding test, component_test_aesni.
|
2023-06-19 11:55:59 +02:00
|
|
|
#
|
|
|
|
|
# In principle 32-bit x86 can support AESNI, but our implementation does not
|
|
|
|
|
# support 32-bit x86, so we check for x86-64.
|
|
|
|
|
# We can only grep /proc/cpuinfo on Linux, so this also checks for Linux
|
2023-06-19 12:51:33 +02:00
|
|
|
(gcc -v 2>&1 | grep Target | grep -q x86_64) &&
|
|
|
|
|
[[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
|
2023-08-08 06:57:35 +02:00
|
|
|
(lscpu | grep -qw aes)
|
2023-06-19 11:55:59 +02:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
component_test_aesni () { # ~ 60s
|
|
|
|
|
# This tests the two AESNI implementations (intrinsics and assembly), and also the plain C
|
|
|
|
|
# fallback. It also tests the logic that is used to select which implementation(s) to build.
|
|
|
|
|
#
|
|
|
|
|
# This test does not require the host to have support for AESNI (if it doesn't, the run-time
|
|
|
|
|
# AESNI detection will fallback to the plain C implementation, so the tests will instead
|
|
|
|
|
# exercise the plain C impl).
|
|
|
|
|
|
2023-06-16 18:04:52 +02:00
|
|
|
msg "build: default config with different AES implementations"
|
2023-06-16 14:18:19 +02:00
|
|
|
scripts/config.py set MBEDTLS_AESNI_C
|
2023-08-03 10:14:18 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
2023-06-16 14:18:19 +02:00
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
|
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
# test the intrinsics implementation
|
|
|
|
|
msg "AES tests, test intrinsics"
|
|
|
|
|
make clean
|
2023-08-08 06:57:35 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
|
2023-06-16 21:18:36 +02:00
|
|
|
# check that we built intrinsics - this should be used by default when supported by the compiler
|
2023-08-03 10:09:07 +02:00
|
|
|
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
|
2023-06-16 18:04:52 +02:00
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
# test the asm implementation
|
|
|
|
|
msg "AES tests, test assembly"
|
2023-06-16 14:18:19 +02:00
|
|
|
make clean
|
2023-08-08 06:57:35 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
|
2023-06-16 21:18:36 +02:00
|
|
|
# check that we built assembly - this should be built if the compiler does not support intrinsics
|
2023-08-03 10:09:07 +02:00
|
|
|
./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly"
|
2023-06-16 18:04:52 +02:00
|
|
|
|
2023-06-16 21:18:36 +02:00
|
|
|
# test the plain C implementation
|
2023-06-16 18:04:52 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
2023-08-03 10:14:18 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
2023-06-16 18:04:52 +02:00
|
|
|
msg "AES tests, plain C"
|
|
|
|
|
make clean
|
2023-08-08 06:57:35 +02:00
|
|
|
make CC=gcc CFLAGS='-O2 -Werror'
|
2023-06-16 21:18:36 +02:00
|
|
|
# check that there is no AESNI code present
|
2023-08-03 10:09:07 +02:00
|
|
|
./programs/test/selftest aes | not grep -q "AESNI code"
|
2023-08-08 10:03:55 +02:00
|
|
|
not grep -q "AES note: using AESNI" ./programs/test/selftest
|
|
|
|
|
grep -q "AES note: built-in implementation." ./programs/test/selftest
|
2023-08-03 11:01:02 +02:00
|
|
|
|
|
|
|
|
# test the intrinsics implementation
|
|
|
|
|
scripts/config.py set MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
msg "AES tests, test AESNI only"
|
|
|
|
|
make clean
|
2023-08-08 06:57:35 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
|
|
|
|
|
./programs/test/selftest aes | grep -q "AES note: using AESNI"
|
|
|
|
|
./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
|
2023-08-08 10:03:55 +02:00
|
|
|
grep -q "AES note: using AESNI" ./programs/test/selftest
|
|
|
|
|
not grep -q "AES note: built-in implementation." ./programs/test/selftest
|
2023-08-16 09:11:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
support_test_aesni_m32() {
|
2023-12-14 15:46:45 +01:00
|
|
|
support_test_m32_no_asm && (lscpu | grep -qw aes)
|
2023-06-16 14:18:19 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-16 09:11:48 +02:00
|
|
|
component_test_aesni_m32 () { # ~ 60s
|
|
|
|
|
# This tests are duplicated from component_test_aesni for i386 target
|
|
|
|
|
#
|
|
|
|
|
# AESNI intrinsic code supports i386 and assembly code does not support it.
|
|
|
|
|
|
|
|
|
|
msg "build: default config with different AES implementations"
|
|
|
|
|
scripts/config.py set MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py set MBEDTLS_PADLOCK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
|
|
|
|
|
2023-10-24 19:55:36 +02:00
|
|
|
# test the intrinsics implementation with gcc
|
|
|
|
|
msg "AES tests, test intrinsics (gcc)"
|
2023-08-16 09:11:48 +02:00
|
|
|
make clean
|
2023-10-24 19:55:36 +02:00
|
|
|
make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
|
2023-08-16 09:11:48 +02:00
|
|
|
# check that we built intrinsics - this should be used by default when supported by the compiler
|
|
|
|
|
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
|
|
|
|
|
grep -q "AES note: using AESNI" ./programs/test/selftest
|
|
|
|
|
grep -q "AES note: built-in implementation." ./programs/test/selftest
|
|
|
|
|
grep -q "AES note: using VIA Padlock" ./programs/test/selftest
|
|
|
|
|
grep -q mbedtls_aesni_has_support ./programs/test/selftest
|
|
|
|
|
|
|
|
|
|
scripts/config.py set MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
msg "AES tests, test AESNI only"
|
|
|
|
|
make clean
|
|
|
|
|
make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
|
|
|
|
|
./programs/test/selftest aes | grep -q "AES note: using AESNI"
|
|
|
|
|
./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
|
|
|
|
|
grep -q "AES note: using AESNI" ./programs/test/selftest
|
|
|
|
|
not grep -q "AES note: built-in implementation." ./programs/test/selftest
|
|
|
|
|
not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
|
|
|
|
|
not grep -q mbedtls_aesni_has_support ./programs/test/selftest
|
|
|
|
|
}
|
2023-08-03 11:06:29 +02:00
|
|
|
|
2023-10-24 19:55:36 +02:00
|
|
|
support_test_aesni_m32_clang() {
|
|
|
|
|
support_test_aesni_m32 && if command -v clang > /dev/null ; then
|
|
|
|
|
# clang >= 4 is required to build with target attributes
|
|
|
|
|
clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
|
|
|
|
|
[[ "${clang_ver}" -ge 4 ]]
|
|
|
|
|
else
|
|
|
|
|
# clang not available
|
|
|
|
|
false
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_aesni_m32_clang() {
|
|
|
|
|
|
|
|
|
|
scripts/config.py set MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py set MBEDTLS_PADLOCK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
|
|
|
|
|
|
|
|
|
# test the intrinsics implementation with clang
|
|
|
|
|
msg "AES tests, test intrinsics (clang)"
|
|
|
|
|
make clean
|
|
|
|
|
make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
|
|
|
|
|
# check that we built intrinsics - this should be used by default when supported by the compiler
|
|
|
|
|
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
|
|
|
|
|
grep -q "AES note: using AESNI" ./programs/test/selftest
|
|
|
|
|
grep -q "AES note: built-in implementation." ./programs/test/selftest
|
|
|
|
|
grep -q "AES note: using VIA Padlock" ./programs/test/selftest
|
|
|
|
|
grep -q mbedtls_aesni_has_support ./programs/test/selftest
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-03 11:06:29 +02:00
|
|
|
# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
|
|
|
|
|
component_build_aes_aesce_armcc () {
|
|
|
|
|
msg "Build: AESCE test on arm64 platform without plain C."
|
|
|
|
|
scripts/config.py baremetal
|
|
|
|
|
|
|
|
|
|
# armc[56] don't support SHA-512 intrinsics
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
|
|
|
|
|
|
# Stop armclang warning about feature detection for A64_CRYPTO.
|
|
|
|
|
# With this enabled, the library does build correctly under armclang,
|
|
|
|
|
# but in baremetal builds (as tested here), feature detection is
|
|
|
|
|
# unavailable, and the user is notified via a #warning. So enabling
|
|
|
|
|
# this feature would prevent us from building with -Werror on
|
|
|
|
|
# armclang. Tracked in #7198.
|
2023-10-10 15:59:02 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
2023-08-03 11:06:29 +02:00
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
|
|
|
|
|
|
|
|
|
msg "AESCE, build with default configuration."
|
|
|
|
|
scripts/config.py set MBEDTLS_AESCE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
|
|
|
|
|
|
|
|
|
|
msg "AESCE, build AESCE only"
|
|
|
|
|
scripts/config.py set MBEDTLS_AESCE_C
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-08 13:26:54 +02:00
|
|
|
support_build_aes_armce() {
|
|
|
|
|
# clang >= 4 is required to build with AES extensions
|
|
|
|
|
ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
|
2023-10-09 13:19:44 +02:00
|
|
|
[ "${ver}" -ge 11 ]
|
2023-10-08 13:26:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_aes_armce () {
|
|
|
|
|
# Test variations of AES with Armv8 crypto extensions
|
|
|
|
|
scripts/config.py set MBEDTLS_AESCE_C
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
|
|
|
|
|
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
|
2023-10-08 23:25:16 +02:00
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
|
2023-10-08 13:26:54 +02:00
|
|
|
|
|
|
|
|
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
|
|
|
|
|
|
|
|
|
|
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
|
|
|
|
|
|
2023-10-23 16:30:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
2023-10-08 13:26:54 +02:00
|
|
|
|
2023-10-23 16:30:20 +02:00
|
|
|
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
|
2023-10-08 13:26:54 +02:00
|
|
|
|
2023-10-23 16:30:20 +02:00
|
|
|
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
|
2023-10-08 13:26:54 +02:00
|
|
|
|
2023-10-23 16:30:20 +02:00
|
|
|
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
|
2023-10-11 17:21:25 +02:00
|
|
|
|
|
|
|
|
# test for presence of AES instructions
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
msg "clang, test A32 crypto instructions built"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
|
|
|
|
|
grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
|
|
|
|
|
msg "clang, test T32 crypto instructions built"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
|
|
|
|
|
grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
|
|
|
|
|
msg "clang, test aarch64 crypto instructions built"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
|
|
|
|
|
grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
|
|
|
|
|
|
|
|
|
|
# test for absence of AES instructions
|
|
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
|
|
|
|
msg "clang, test A32 crypto instructions not built"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
|
|
|
|
|
not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
|
|
|
|
|
msg "clang, test T32 crypto instructions not built"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
|
|
|
|
|
not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
|
|
|
|
|
msg "clang, test aarch64 crypto instructions not built"
|
|
|
|
|
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
|
|
|
|
|
not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
|
2023-10-08 13:26:54 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-05 01:06:47 +02:00
|
|
|
support_build_sha_armce() {
|
2023-10-16 12:37:28 +02:00
|
|
|
if command -v clang > /dev/null ; then
|
2023-10-16 11:25:30 +02:00
|
|
|
# clang >= 4 is required to build with SHA extensions
|
|
|
|
|
clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
|
2023-10-13 10:32:04 +02:00
|
|
|
|
2023-10-23 16:12:32 +02:00
|
|
|
[[ "${clang_ver}" -ge 4 ]]
|
2023-10-16 11:25:30 +02:00
|
|
|
else
|
|
|
|
|
# clang not available
|
|
|
|
|
false
|
|
|
|
|
fi
|
2023-10-05 01:06:47 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-04 18:17:46 +02:00
|
|
|
component_build_sha_armce () {
|
2023-10-10 15:59:02 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
2023-10-04 18:17:46 +02:00
|
|
|
|
|
|
|
|
|
2023-10-11 17:11:42 +02:00
|
|
|
# Test variations of SHA256 Armv8 crypto extensions
|
|
|
|
|
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
|
|
|
|
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
|
|
|
|
|
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
|
|
|
|
|
2023-10-04 18:17:46 +02:00
|
|
|
|
2023-10-10 13:59:29 +02:00
|
|
|
# test the deprecated form of the config option
|
|
|
|
|
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
2023-10-11 17:11:42 +02:00
|
|
|
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
2023-10-04 18:17:46 +02:00
|
|
|
|
2023-10-10 15:59:02 +02:00
|
|
|
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
2023-10-11 17:11:42 +02:00
|
|
|
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
2023-10-04 18:17:46 +02:00
|
|
|
|
2023-10-05 10:40:07 +02:00
|
|
|
|
2023-10-10 13:59:29 +02:00
|
|
|
# test the deprecated form of the config option
|
|
|
|
|
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
2023-10-11 17:11:42 +02:00
|
|
|
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
|
|
|
|
|
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# examine the disassembly for presence of SHA instructions
|
|
|
|
|
for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
|
|
|
|
|
scripts/config.py set ${opt}
|
|
|
|
|
msg "${opt} clang, test A32 crypto instructions built"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
|
|
|
|
|
grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
|
|
|
|
|
|
|
|
|
|
msg "${opt} clang, test T32 crypto instructions built"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
|
|
|
|
|
grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
|
|
|
|
|
|
|
|
|
|
msg "${opt} clang, test aarch64 crypto instructions built"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
|
|
|
|
|
grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
|
|
|
|
|
scripts/config.py unset ${opt}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# examine the disassembly for absence of SHA instructions
|
|
|
|
|
msg "clang, test A32 crypto instructions not built"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
|
|
|
|
|
not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
|
2023-10-10 13:59:29 +02:00
|
|
|
|
2023-10-11 17:11:42 +02:00
|
|
|
msg "clang, test T32 crypto instructions not built"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
|
|
|
|
|
not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
|
2023-10-05 10:40:07 +02:00
|
|
|
|
2023-10-11 17:11:42 +02:00
|
|
|
msg "clang, test aarch64 crypto instructions not built"
|
|
|
|
|
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
|
|
|
|
|
not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
|
2023-10-04 18:17:46 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-03 11:08:27 +02:00
|
|
|
# For timebeing, no VIA Padlock platform available.
|
|
|
|
|
component_build_aes_via_padlock () {
|
|
|
|
|
|
|
|
|
|
msg "AES:VIA PadLock, build with default configuration."
|
2023-08-16 11:11:22 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
2023-08-03 11:08:27 +02:00
|
|
|
scripts/config.py set MBEDTLS_PADLOCK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2023-08-16 11:11:22 +02:00
|
|
|
grep -q mbedtls_padlock_has_support ./programs/test/selftest
|
2023-08-03 11:08:27 +02:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
support_build_aes_via_padlock_only () {
|
|
|
|
|
( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
|
|
|
|
|
[ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
|
|
|
|
|
[ "`dpkg --print-foreign-architectures`" == "i386" ]
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-03 11:06:29 +02:00
|
|
|
support_build_aes_aesce_armcc () {
|
|
|
|
|
support_build_armcc
|
2023-06-16 14:18:19 +02:00
|
|
|
}
|
|
|
|
|
|
2023-04-14 11:43:36 +02:00
|
|
|
component_test_aes_only_128_bit_keys () {
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
|
2023-04-14 11:43:36 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH"
|
2023-04-14 11:43:36 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-05 06:46:48 +02:00
|
|
|
component_test_no_ctr_drbg_aes_only_128_bit_keys () {
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
|
2023-05-05 06:46:48 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
|
|
|
|
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
|
2023-06-14 11:10:13 +02:00
|
|
|
make CC=clang CFLAGS='-Werror -Wall -Wextra'
|
2023-05-05 06:46:48 +02:00
|
|
|
|
2023-05-11 11:47:56 +02:00
|
|
|
msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
|
2023-05-05 06:46:48 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-11 11:47:56 +02:00
|
|
|
component_test_aes_only_128_bit_keys_have_builtins () {
|
|
|
|
|
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
|
|
|
|
|
|
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
|
|
msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
|
|
|
|
programs/test/selftest
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_aes_fewer_tables () {
|
|
|
|
|
msg "build: default config with AES_FEWER_TABLES enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_FEWER_TABLES
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
|
|
msg "test: AES_FEWER_TABLES"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_aes_rom_tables () {
|
|
|
|
|
msg "build: default config with AES_ROM_TABLES enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_ROM_TABLES
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
|
|
msg "test: AES_ROM_TABLES"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_aes_fewer_tables_and_rom_tables () {
|
|
|
|
|
msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_AES_FEWER_TABLES
|
|
|
|
|
scripts/config.py set MBEDTLS_AES_ROM_TABLES
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
|
|
|
|
|
|
|
|
|
msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
# helper for common_block_cipher_no_decrypt() which:
|
|
|
|
|
# - enable/disable the list of config options passed from -s/-u respectively.
|
|
|
|
|
# - build
|
|
|
|
|
# - test for tests_suite_xxx
|
|
|
|
|
# - selftest
|
|
|
|
|
#
|
|
|
|
|
# Usage: helper_block_cipher_no_decrypt_build_test
|
|
|
|
|
# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
|
|
|
|
|
# Options: -s set_opts the list of config options to enable
|
|
|
|
|
# -u unset_opts the list of config options to disable
|
|
|
|
|
# -c cflags the list of options passed to CFLAGS
|
|
|
|
|
# -l ldflags the list of options passed to LDFLAGS
|
|
|
|
|
helper_block_cipher_no_decrypt_build_test () {
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
|
case "$1" in
|
|
|
|
|
-s)
|
|
|
|
|
shift; local set_opts="$1";;
|
|
|
|
|
-u)
|
|
|
|
|
shift; local unset_opts="$1";;
|
|
|
|
|
-c)
|
2023-11-13 10:15:39 +01:00
|
|
|
shift; local cflags="-Werror -Wall -Wextra $1";;
|
2023-11-10 04:58:37 +01:00
|
|
|
-l)
|
|
|
|
|
shift; local ldflags="$1";;
|
|
|
|
|
esac
|
|
|
|
|
shift
|
|
|
|
|
done
|
|
|
|
|
set_opts="${set_opts:-}"
|
|
|
|
|
unset_opts="${unset_opts:-}"
|
|
|
|
|
cflags="${cflags:-}"
|
|
|
|
|
ldflags="${ldflags:-}"
|
|
|
|
|
|
2023-11-13 09:57:47 +01:00
|
|
|
[ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
|
|
|
|
|
[ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
|
2023-08-31 05:42:49 +02:00
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
|
2023-08-31 05:42:49 +02:00
|
|
|
make clean
|
2023-11-10 04:58:37 +01:00
|
|
|
make CC=gcc CFLAGS="$cflags" LDFLAGS="$ldflags"
|
2023-05-15 12:03:10 +02:00
|
|
|
|
2023-09-08 05:09:26 +02:00
|
|
|
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
|
|
|
|
|
not grep mbedtls_aes_setkey_dec library/aes.o
|
|
|
|
|
not grep mbedtls_aria_setkey_dec library/aria.o
|
|
|
|
|
not grep mbedtls_camellia_setkey_dec library/camellia.o
|
|
|
|
|
# Make sure we don't have mbedtls_internal_aes_decrypt in AES
|
|
|
|
|
not grep mbedtls_internal_aes_decrypt library/aes.o
|
2023-11-13 09:48:36 +01:00
|
|
|
# Make sure we don't have mbedtls_aesni_inverse_key in AESNI
|
|
|
|
|
not grep mbedtls_aesni_inverse_key library/aesni.o
|
2023-09-08 05:09:26 +02:00
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
|
2023-05-15 12:03:10 +02:00
|
|
|
make test
|
|
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
|
2023-05-15 12:03:10 +02:00
|
|
|
programs/test/selftest
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
# This is a common configuration function used in:
|
|
|
|
|
# - component_test_block_cipher_no_decrypt_aesni_legacy()
|
|
|
|
|
# - component_test_block_cipher_no_decrypt_aesni_use_psa()
|
|
|
|
|
# in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics,
|
|
|
|
|
# AESNI assembly and AES C implementation on x86_64 and with AESNI intrinsics
|
|
|
|
|
# on x86.
|
|
|
|
|
common_block_cipher_no_decrypt () {
|
2023-11-01 11:55:13 +01:00
|
|
|
# test AESNI intrinsics
|
2023-11-10 04:58:37 +01:00
|
|
|
helper_block_cipher_no_decrypt_build_test \
|
|
|
|
|
-s "MBEDTLS_AESNI_C" \
|
2023-11-13 10:15:39 +01:00
|
|
|
-c "-mpclmul -msse2 -maes"
|
2023-11-01 11:55:13 +01:00
|
|
|
|
|
|
|
|
# test AESNI assembly
|
2023-11-10 04:58:37 +01:00
|
|
|
helper_block_cipher_no_decrypt_build_test \
|
|
|
|
|
-s "MBEDTLS_AESNI_C" \
|
2023-11-13 10:15:39 +01:00
|
|
|
-c "-mno-pclmul -mno-sse2 -mno-aes"
|
2023-11-01 11:55:13 +01:00
|
|
|
|
|
|
|
|
# test AES C implementation
|
2023-11-10 04:58:37 +01:00
|
|
|
helper_block_cipher_no_decrypt_build_test \
|
2023-11-13 10:15:39 +01:00
|
|
|
-u "MBEDTLS_AESNI_C"
|
2023-11-01 11:55:13 +01:00
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
# test AESNI intrinsics for i386 target
|
|
|
|
|
helper_block_cipher_no_decrypt_build_test \
|
|
|
|
|
-s "MBEDTLS_AESNI_C" \
|
2023-11-13 10:15:39 +01:00
|
|
|
-c "-m32 -mpclmul -msse2 -maes" \
|
2023-11-10 04:58:37 +01:00
|
|
|
-l "-m32"
|
2023-11-01 11:55:13 +01:00
|
|
|
}
|
|
|
|
|
|
2023-11-13 10:32:09 +01:00
|
|
|
# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx:
|
|
|
|
|
# usage: 0: no PSA crypto configuration
|
|
|
|
|
# 1: use PSA crypto configuration
|
|
|
|
|
config_block_cipher_no_decrypt () {
|
|
|
|
|
use_psa=$1
|
|
|
|
|
|
2023-11-01 11:55:13 +01:00
|
|
|
scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
|
|
|
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
|
|
|
|
scripts/config.py unset MBEDTLS_DES_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
|
|
|
|
2023-11-13 10:32:09 +01:00
|
|
|
if [ "$use_psa" -eq 1 ]; then
|
|
|
|
|
# Enable support for cryptographic mechanisms through the PSA API.
|
|
|
|
|
# Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
|
|
|
|
|
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_block_cipher_no_decrypt_aesni () {
|
|
|
|
|
config_block_cipher_no_decrypt 0
|
2023-11-10 04:58:37 +01:00
|
|
|
common_block_cipher_no_decrypt
|
2023-11-01 11:55:13 +01:00
|
|
|
}
|
|
|
|
|
|
2023-11-10 04:58:37 +01:00
|
|
|
component_test_block_cipher_no_decrypt_aesni_use_psa () {
|
2023-11-13 10:32:09 +01:00
|
|
|
config_block_cipher_no_decrypt 1
|
2023-11-10 04:58:37 +01:00
|
|
|
common_block_cipher_no_decrypt
|
2023-08-31 09:00:57 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-31 11:54:54 +01:00
|
|
|
support_test_block_cipher_no_decrypt_aesce_armcc () {
|
2023-11-10 05:21:35 +01:00
|
|
|
support_build_armcc
|
2023-08-31 08:47:01 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-31 11:54:54 +01:00
|
|
|
component_test_block_cipher_no_decrypt_aesce_armcc () {
|
2023-08-31 08:47:01 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
|
|
|
|
|
|
# armc[56] don't support SHA-512 intrinsics
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
|
|
|
|
|
|
# Stop armclang warning about feature detection for A64_CRYPTO.
|
|
|
|
|
# With this enabled, the library does build correctly under armclang,
|
|
|
|
|
# but in baremetal builds (as tested here), feature detection is
|
|
|
|
|
# unavailable, and the user is notified via a #warning. So enabling
|
|
|
|
|
# this feature would prevent us from building with -Werror on
|
|
|
|
|
# armclang. Tracked in #7198.
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
|
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
|
|
|
|
|
2023-11-13 10:32:09 +01:00
|
|
|
config_block_cipher_no_decrypt 1
|
2023-08-31 08:47:01 +02:00
|
|
|
|
|
|
|
|
# test AESCE baremetal build
|
|
|
|
|
scripts/config.py set MBEDTLS_AESCE_C
|
2023-10-31 11:54:54 +01:00
|
|
|
msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
|
2023-11-14 03:10:49 +01:00
|
|
|
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
|
2023-08-31 08:47:01 +02:00
|
|
|
|
2023-09-08 05:09:26 +02:00
|
|
|
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
|
|
|
|
|
not grep mbedtls_aes_setkey_dec library/aes.o
|
|
|
|
|
not grep mbedtls_aria_setkey_dec library/aria.o
|
|
|
|
|
not grep mbedtls_camellia_setkey_dec library/camellia.o
|
|
|
|
|
# Make sure we don't have mbedtls_internal_aes_decrypt in AES
|
|
|
|
|
not grep mbedtls_internal_aes_decrypt library/aes.o
|
2023-11-13 09:48:36 +01:00
|
|
|
# Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
|
2023-11-10 05:18:29 +01:00
|
|
|
not grep mbedtls_aesce_inverse_key library/aesce.o
|
|
|
|
|
not grep aesce_decrypt_block library/aesce.o
|
2023-08-31 08:47:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-10-07 18:49:32 +02:00
|
|
|
component_test_ctr_drbg_aes_256_sha_256 () {
|
|
|
|
|
msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
2020-02-18 17:56:33 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-10-07 18:49:32 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_ctr_drbg_aes_128_sha_512 () {
|
|
|
|
|
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
|
2020-02-18 17:56:33 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-10-07 18:49:32 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_ctr_drbg_aes_128_sha_256 () {
|
|
|
|
|
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
2020-02-18 17:56:33 +01:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
|
|
|
|
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2019-10-07 18:49:32 +02:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-24 14:58:38 +02:00
|
|
|
component_test_se_default () {
|
|
|
|
|
msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
|
2019-10-21 17:11:33 +02:00
|
|
|
make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
|
2019-07-24 14:58:38 +02:00
|
|
|
|
|
|
|
|
msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-16 20:28:59 +02:00
|
|
|
component_test_psa_crypto_drivers () {
|
2023-07-26 18:45:20 +02:00
|
|
|
msg "build: full + test drivers dispatching to builtins"
|
2021-03-15 11:38:44 +01:00
|
|
|
scripts/config.py full
|
2023-07-26 18:45:20 +02:00
|
|
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
2021-09-20 19:20:04 +02:00
|
|
|
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
|
|
|
|
|
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
|
2020-12-10 18:17:09 +01:00
|
|
|
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
|
|
|
|
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
|
2020-07-16 20:28:59 +02:00
|
|
|
|
2023-07-26 18:45:20 +02:00
|
|
|
msg "test: full + test drivers dispatching to builtins"
|
2020-07-16 20:28:59 +02:00
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_make_shared () {
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "build/test: make shared" # ~ 40s
|
2019-10-03 09:18:01 +02:00
|
|
|
make SHARED=1 all check
|
2019-07-03 20:43:32 +02:00
|
|
|
ldd programs/util/strerror | grep libmbedcrypto
|
2021-11-04 12:52:14 +01:00
|
|
|
programs/test/dlopen_demo.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-06-25 09:56:07 +02:00
|
|
|
|
2019-07-03 20:43:05 +02:00
|
|
|
component_test_cmake_shared () {
|
|
|
|
|
msg "build/test: cmake shared" # ~ 2min
|
|
|
|
|
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
|
|
|
|
|
make
|
2019-07-03 20:43:32 +02:00
|
|
|
ldd programs/util/strerror | grep libmbedcrypto
|
2019-07-03 20:43:05 +02:00
|
|
|
make test
|
2021-11-04 12:52:14 +01:00
|
|
|
programs/test/dlopen_demo.sh
|
2019-07-03 20:43:05 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-20 19:56:06 +02:00
|
|
|
test_build_opt () {
|
|
|
|
|
info=$1 cc=$2; shift 2
|
2023-07-19 09:39:20 +02:00
|
|
|
$cc --version
|
2019-09-20 19:56:06 +02:00
|
|
|
for opt in "$@"; do
|
|
|
|
|
msg "build/test: $cc $opt, $info" # ~ 30s
|
2020-04-14 20:08:41 +02:00
|
|
|
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
|
2019-09-20 19:56:06 +02:00
|
|
|
# We're confident enough in compilers to not run _all_ the tests,
|
|
|
|
|
# but at least run the unit tests. In particular, runs with
|
|
|
|
|
# optimizations use inline assembly whereas runs with -O0
|
|
|
|
|
# skip inline assembly.
|
|
|
|
|
make test # ~30s
|
|
|
|
|
make clean
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-19 09:39:20 +02:00
|
|
|
# For FreeBSD we invoke the function by name so this condition is added
|
|
|
|
|
# to disable the existing test_clang_opt function for linux.
|
|
|
|
|
if [[ $(uname) != "Linux" ]]; then
|
|
|
|
|
component_test_clang_opt () {
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
test_build_opt 'full config' clang -O0 -Os -O2
|
|
|
|
|
}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
component_test_clang_latest_opt () {
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2023-07-28 18:04:47 +02:00
|
|
|
test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
|
2023-07-19 09:39:20 +02:00
|
|
|
}
|
|
|
|
|
support_test_clang_latest_opt () {
|
2023-07-28 18:04:47 +02:00
|
|
|
type "$CLANG_LATEST" >/dev/null 2>/dev/null
|
2019-09-20 19:56:06 +02:00
|
|
|
}
|
|
|
|
|
|
2023-07-19 09:39:20 +02:00
|
|
|
component_test_clang_earliest_opt () {
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2023-07-28 18:04:47 +02:00
|
|
|
test_build_opt 'full config' "$CLANG_EARLIEST" -O0
|
2023-07-19 09:39:20 +02:00
|
|
|
}
|
|
|
|
|
support_test_clang_earliest_opt () {
|
2023-07-28 18:04:47 +02:00
|
|
|
type "$CLANG_EARLIEST" >/dev/null 2>/dev/null
|
2019-09-20 19:56:06 +02:00
|
|
|
}
|
|
|
|
|
|
2023-07-19 09:39:20 +02:00
|
|
|
component_test_gcc_latest_opt () {
|
2020-03-04 10:34:47 +01:00
|
|
|
scripts/config.py full
|
2023-07-28 18:04:47 +02:00
|
|
|
test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
|
2023-07-19 09:39:20 +02:00
|
|
|
}
|
|
|
|
|
support_test_gcc_latest_opt () {
|
2023-07-28 18:04:47 +02:00
|
|
|
type "$GCC_LATEST" >/dev/null 2>/dev/null
|
2023-07-19 09:39:20 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_gcc_earliest_opt () {
|
|
|
|
|
scripts/config.py full
|
2023-07-28 18:04:47 +02:00
|
|
|
test_build_opt 'full config' "$GCC_EARLIEST" -O0
|
2023-07-19 09:39:20 +02:00
|
|
|
}
|
|
|
|
|
support_test_gcc_earliest_opt () {
|
2023-07-28 18:04:47 +02:00
|
|
|
type "$GCC_EARLIEST" >/dev/null 2>/dev/null
|
2019-09-20 19:56:06 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-03 20:42:16 +02:00
|
|
|
component_build_mbedtls_config_file () {
|
|
|
|
|
msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
|
2022-04-07 20:55:57 +02:00
|
|
|
scripts/config.py -w full_config.h full
|
2019-07-03 20:42:16 +02:00
|
|
|
echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
|
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
|
2022-04-13 23:23:21 +02:00
|
|
|
# Make sure this feature is enabled. We'll disable it in the next phase.
|
2022-04-07 21:06:41 +02:00
|
|
|
programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
make clean
|
|
|
|
|
|
|
|
|
|
msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE"
|
|
|
|
|
# In the user config, disable one feature (for simplicity, pick a feature
|
|
|
|
|
# that nothing else depends on).
|
|
|
|
|
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
|
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'"
|
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
|
|
|
|
|
rm -f user_config.h full_config.h
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-06-25 09:56:07 +02:00
|
|
|
|
2022-04-07 21:59:14 +02:00
|
|
|
component_build_psa_config_file () {
|
|
|
|
|
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
|
|
|
|
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
cp "$CRYPTO_CONFIG_H" psa_test_config.h
|
|
|
|
|
echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
|
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
|
2022-04-13 23:23:21 +02:00
|
|
|
# Make sure this feature is enabled. We'll disable it in the next phase.
|
2022-04-07 21:59:14 +02:00
|
|
|
programs/test/query_compile_time_config MBEDTLS_CMAC_C
|
|
|
|
|
make clean
|
|
|
|
|
|
|
|
|
|
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
|
|
|
|
|
# In the user config, disable one feature, which will reflect on the
|
|
|
|
|
# mbedtls configuration so we can query it with query_compile_time_config.
|
|
|
|
|
echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
|
|
|
|
|
scripts/config.py unset MBEDTLS_CMAC_C
|
|
|
|
|
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
|
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_CMAC_C
|
|
|
|
|
|
|
|
|
|
rm -f psa_test_config.h psa_user_config.h
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-06-25 09:56:07 +02:00
|
|
|
|
2023-02-22 22:09:51 +01:00
|
|
|
component_build_psa_alt_headers () {
|
|
|
|
|
msg "build: make with PSA alt headers" # ~20s
|
|
|
|
|
|
|
|
|
|
# Generate alternative versions of the substitutable headers with the
|
|
|
|
|
# same content except different include guards.
|
|
|
|
|
make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
|
|
|
|
|
|
|
|
|
|
# Build the library and some programs.
|
|
|
|
|
# Don't build the fuzzers to avoid having to go through hoops to set
|
|
|
|
|
# a correct include path for programs/fuzz/Makefile.
|
|
|
|
|
make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
|
|
|
|
|
make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
|
|
|
|
|
|
|
|
|
|
# Check that we're getting the alternative include guards and not the
|
|
|
|
|
# original include guards.
|
|
|
|
|
programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
|
|
|
|
|
programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
|
|
|
|
|
programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
|
|
|
|
|
programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-14 15:46:45 +01:00
|
|
|
component_test_m32_no_asm () {
|
|
|
|
|
# Build without assembly, so as to use portable C code (in a 32-bit
|
2021-10-07 19:27:16 +02:00
|
|
|
# build) and not the i386-specific inline assembly.
|
2023-12-14 15:46:45 +01:00
|
|
|
msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2023-12-14 15:46:45 +01:00
|
|
|
scripts/config.py unset MBEDTLS_HAVE_ASM
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-10-16 08:03:29 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
|
2023-12-14 15:46:45 +01:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2017-05-04 12:35:51 +02:00
|
|
|
|
2023-12-14 15:46:45 +01:00
|
|
|
msg "test: i386, make, gcc, no asm (ASan build)"
|
2023-12-14 17:42:48 +01:00
|
|
|
#make test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2023-12-14 15:46:45 +01:00
|
|
|
support_test_m32_no_asm () {
|
2019-01-06 21:50:38 +01:00
|
|
|
case $(uname -m) in
|
2022-10-21 12:50:26 +02:00
|
|
|
amd64|x86_64) true;;
|
2019-01-06 21:50:38 +01:00
|
|
|
*) false;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
2018-07-20 22:27:33 +02:00
|
|
|
|
2021-10-05 09:36:03 +02:00
|
|
|
component_test_m32_o2 () {
|
|
|
|
|
# Build with optimization, to use the i386 specific inline assembly
|
|
|
|
|
# and go faster for tests.
|
|
|
|
|
msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2023-10-16 08:03:29 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
|
2023-12-14 15:42:42 +01:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2018-07-20 22:27:33 +02:00
|
|
|
|
2021-10-05 09:36:03 +02:00
|
|
|
msg "test: i386, make, gcc -O2 (ASan build)"
|
2017-05-08 12:19:19 +02:00
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
2021-10-05 09:36:03 +02:00
|
|
|
msg "test ssl-opt.sh, i386, make, gcc-O2"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2021-10-07 19:25:29 +02:00
|
|
|
support_test_m32_o2 () {
|
2023-12-14 15:46:45 +01:00
|
|
|
support_test_m32_no_asm "$@"
|
2019-01-06 21:50:38 +01:00
|
|
|
}
|
2017-05-08 12:19:19 +02:00
|
|
|
|
2019-04-12 20:29:48 +02:00
|
|
|
component_test_m32_everest () {
|
|
|
|
|
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
2023-10-16 08:03:29 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
|
2023-12-14 17:42:48 +01:00
|
|
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
|
2019-04-12 20:29:48 +02:00
|
|
|
|
|
|
|
|
msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
|
|
|
make test
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
|
msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh -f ECDH
|
2020-03-04 20:46:15 +01:00
|
|
|
|
|
|
|
|
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
|
|
|
|
# Exclude some symmetric ciphers that are redundant here to gain time.
|
2022-04-06 13:28:27 +02:00
|
|
|
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
|
2019-04-12 20:29:48 +02:00
|
|
|
}
|
|
|
|
|
support_test_m32_everest () {
|
2023-12-14 15:46:45 +01:00
|
|
|
support_test_m32_no_asm "$@"
|
2019-04-12 20:29:48 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_mx32 () {
|
2017-05-08 12:19:19 +02:00
|
|
|
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
2019-06-07 14:50:09 +02:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
|
2017-05-08 12:19:19 +02:00
|
|
|
|
|
|
|
|
msg "test: 64-bit ILP32, make, gcc"
|
|
|
|
|
make test
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2019-01-06 21:50:38 +01:00
|
|
|
support_test_mx32 () {
|
|
|
|
|
case $(uname -m) in
|
|
|
|
|
amd64|x86_64) true;;
|
|
|
|
|
*) false;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
2017-05-04 12:35:51 +02:00
|
|
|
|
2018-12-27 13:59:04 +01:00
|
|
|
component_test_min_mpi_window_size () {
|
|
|
|
|
msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2018-12-27 13:59:04 +01:00
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_have_int32 () {
|
|
|
|
|
msg "build: gcc, force 32-bit bignum limbs"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HAVE_ASM
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-01-11 07:16:08 +01:00
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
|
2016-09-27 16:05:15 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: gcc, force 32-bit bignum limbs"
|
|
|
|
|
make test
|
|
|
|
|
}
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_have_int64 () {
|
|
|
|
|
msg "build: gcc, force 64-bit bignum limbs"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_HAVE_ASM
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
2023-01-11 07:16:08 +01:00
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
2018-11-27 15:58:47 +01:00
|
|
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: gcc, force 64-bit bignum limbs"
|
|
|
|
|
make test
|
|
|
|
|
}
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2023-07-26 17:28:48 +02:00
|
|
|
component_test_have_int32_cmake_new_bignum () {
|
|
|
|
|
msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
|
|
|
|
|
scripts/config.py unset MBEDTLS_HAVE_ASM
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
|
|
|
|
scripts/config.py set MBEDTLS_TEST_HOOKS
|
2023-07-31 11:57:16 +02:00
|
|
|
scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
|
2023-07-31 11:07:57 +02:00
|
|
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS"
|
2023-07-26 17:28:48 +02:00
|
|
|
|
|
|
|
|
msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_udbl_division () {
|
|
|
|
|
msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
|
2018-11-27 15:58:47 +01:00
|
|
|
make CFLAGS='-Werror -O1'
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
|
|
|
|
|
make test
|
|
|
|
|
}
|
2015-02-10 17:38:54 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_no_64bit_multiplication () {
|
|
|
|
|
msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py full
|
|
|
|
|
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
|
2018-11-27 15:58:47 +01:00
|
|
|
make CFLAGS='-Werror -O1'
|
2015-02-16 17:18:36 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-09 15:40:05 +01:00
|
|
|
component_test_no_strings () {
|
|
|
|
|
msg "build: no strings" # ~10s
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
# Disable options that activate a large amount of string constants.
|
|
|
|
|
scripts/config.py unset MBEDTLS_DEBUG_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_ERROR_C
|
|
|
|
|
scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY
|
|
|
|
|
scripts/config.py unset MBEDTLS_VERSION_FEATURES
|
|
|
|
|
make CFLAGS='-Werror -Os'
|
|
|
|
|
|
|
|
|
|
msg "test: no strings" # ~ 10s
|
|
|
|
|
make test
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-09 12:10:42 +02:00
|
|
|
component_test_no_x509_info () {
|
|
|
|
|
msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
|
|
|
|
|
scripts/config.pl full
|
|
|
|
|
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
|
|
|
|
|
scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
|
2021-10-05 09:36:03 +02:00
|
|
|
make CFLAGS='-Werror -O2'
|
2020-10-09 12:10:42 +02:00
|
|
|
|
|
|
|
|
msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
|
|
|
|
|
make test
|
|
|
|
|
|
|
|
|
|
msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2020-10-09 12:10:42 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_arm_none_eabi_gcc () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-06-07 10:51:44 +02:00
|
|
|
|
2020-08-18 10:28:51 +02:00
|
|
|
component_build_arm_linux_gnueabi_gcc_arm5vte () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
2019-08-09 16:05:05 +02:00
|
|
|
# Build for a target platform that's close to what Debian uses
|
|
|
|
|
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
|
2022-03-31 15:07:01 +02:00
|
|
|
# See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
|
2020-08-18 10:28:51 +02:00
|
|
|
# Build everything including programs, see for example
|
2022-03-31 15:07:01 +02:00
|
|
|
# https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
|
2020-08-18 10:28:51 +02:00
|
|
|
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
|
|
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
|
2020-08-18 10:28:51 +02:00
|
|
|
}
|
|
|
|
|
support_build_arm_linux_gnueabi_gcc_arm5vte () {
|
|
|
|
|
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_build_arm_none_eabi_gcc_arm5vte () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
|
2020-08-18 10:28:51 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
|
# This is an imperfect substitute for
|
|
|
|
|
# component_build_arm_linux_gnueabi_gcc_arm5vte
|
2021-07-06 09:44:59 +02:00
|
|
|
# in case the gcc-arm-linux-gnueabi toolchain is not available
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
|
2019-08-05 11:34:25 +02:00
|
|
|
}
|
|
|
|
|
|
2020-04-30 23:00:53 +02:00
|
|
|
component_build_arm_none_eabi_gcc_m0plus () {
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
|
|
|
|
|
scripts/config.py baremetal_size
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
2021-09-01 20:00:33 +02:00
|
|
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
|
2023-03-28 12:49:39 +02:00
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
|
2023-06-06 13:01:18 +02:00
|
|
|
for lib in library/*.a; do
|
|
|
|
|
echo "$lib:"
|
|
|
|
|
${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
|
|
|
|
|
done
|
2020-04-30 23:00:53 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_arm_none_eabi_gcc_no_udbl_division () {
|
2020-04-30 18:19:32 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
|
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "Checking that software 64-bit division is not required"
|
2021-07-08 18:41:16 +02:00
|
|
|
not grep __aeabi_uldiv library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2018-06-07 10:51:44 +02:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
|
2020-04-30 18:19:32 +02:00
|
|
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
|
|
|
|
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
|
2020-09-02 11:03:04 +02:00
|
|
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
|
2018-11-27 15:58:47 +01:00
|
|
|
echo "Checking that software 64-bit multiplication is not required"
|
2021-07-08 18:41:16 +02:00
|
|
|
not grep __aeabi_lmul library/*.o
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
|
|
|
|
|
2023-06-02 16:26:24 +02:00
|
|
|
component_build_arm_clang_thumb () {
|
|
|
|
|
# ~ 30s
|
|
|
|
|
|
|
|
|
|
scripts/config.py baremetal
|
|
|
|
|
|
|
|
|
|
msg "build: clang thumb 2, make"
|
|
|
|
|
make clean
|
|
|
|
|
make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib
|
|
|
|
|
|
|
|
|
|
# Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
|
|
|
|
|
msg "build: clang thumb 1 -O0, make"
|
|
|
|
|
make clean
|
|
|
|
|
make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
|
|
|
|
|
|
|
|
|
|
msg "build: clang thumb 1 -Os, make"
|
|
|
|
|
make clean
|
|
|
|
|
make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_armcc () {
|
2020-04-30 23:11:54 +02:00
|
|
|
msg "build: ARM Compiler 5"
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py baremetal
|
2022-03-15 11:51:52 +01:00
|
|
|
# armc[56] don't support SHA-512 intrinsics
|
|
|
|
|
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
2023-03-02 14:38:33 +01:00
|
|
|
|
2023-10-08 22:41:40 +02:00
|
|
|
# older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
|
|
|
|
|
scripts/config.py unset MBEDTLS_AESCE_C
|
|
|
|
|
|
2023-03-02 16:32:12 +01:00
|
|
|
# Stop armclang warning about feature detection for A64_CRYPTO.
|
|
|
|
|
# With this enabled, the library does build correctly under armclang,
|
|
|
|
|
# but in baremetal builds (as tested here), feature detection is
|
|
|
|
|
# unavailable, and the user is notified via a #warning. So enabling
|
|
|
|
|
# this feature would prevent us from building with -Werror on
|
|
|
|
|
# armclang. Tracked in #7198.
|
2023-10-10 15:59:02 +02:00
|
|
|
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
2023-03-02 14:38:33 +01:00
|
|
|
|
2022-07-15 13:08:19 +02:00
|
|
|
scripts/config.py set MBEDTLS_HAVE_ASM
|
2022-03-15 11:51:52 +01:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
|
2020-04-30 23:11:54 +02:00
|
|
|
|
|
|
|
|
msg "size: ARM Compiler 5"
|
|
|
|
|
"$ARMC5_FROMELF" -z library/*.o
|
|
|
|
|
|
2023-06-02 19:54:00 +02:00
|
|
|
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
|
2022-07-15 13:08:19 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv7-A
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv7-M
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
|
|
|
|
|
|
|
|
|
|
# ARM Compiler 6 - Target ARMv7-M+DSP
|
|
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv8-A - AArch32
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2017-12-19 18:24:31 +01:00
|
|
|
# ARM Compiler 6 - Target ARMv8-M
|
2022-08-17 15:35:29 +02:00
|
|
|
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
|
2017-07-23 13:42:36 +02:00
|
|
|
|
2023-06-02 19:54:00 +02:00
|
|
|
# ARM Compiler 6 - Target Cortex-M0 - no optimisation
|
|
|
|
|
armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
|
|
|
|
|
|
2023-05-24 13:27:42 +02:00
|
|
|
# ARM Compiler 6 - Target Cortex-M0
|
|
|
|
|
armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
|
2023-10-08 22:41:40 +02:00
|
|
|
|
|
|
|
|
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
|
|
|
|
|
#
|
|
|
|
|
# Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
|
|
|
|
|
# that we have in our CI
|
|
|
|
|
scripts/config.py set MBEDTLS_AESCE_C
|
|
|
|
|
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2023-06-09 16:34:31 +02:00
|
|
|
|
2023-02-24 09:03:31 +01:00
|
|
|
support_build_armcc () {
|
2023-03-01 03:31:29 +01:00
|
|
|
armc5_cc="$ARMC5_BIN_DIR/armcc"
|
|
|
|
|
armc6_cc="$ARMC6_BIN_DIR/armclang"
|
|
|
|
|
(check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1)
|
2023-02-24 09:03:31 +01:00
|
|
|
}
|
2017-05-12 15:26:58 +02:00
|
|
|
|
2022-01-27 06:01:01 +01:00
|
|
|
component_test_tls13_only () {
|
|
|
|
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2021-12-24 11:45:45 +01:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
2022-10-29 17:44:19 +02:00
|
|
|
msg "test: TLS 1.3 only, all key exchange modes enabled"
|
|
|
|
|
make test
|
2022-02-15 03:26:40 +01:00
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
|
|
|
|
|
tests/ssl-opt.sh
|
2021-12-24 11:45:45 +01:00
|
|
|
}
|
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
component_test_tls13_only_psk () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, only PSK key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
2023-06-14 11:12:45 +02:00
|
|
|
scripts/config.py unset MBEDTLS_DHM_C
|
2022-10-17 17:35:32 +02:00
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2022-11-11 11:37:38 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-06-10 17:21:51 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
2022-06-10 17:21:51 +02:00
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_tls13_only_ephemeral () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
2022-11-15 11:52:57 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-13 10:46:48 +02:00
|
|
|
component_test_tls13_only_ephemeral_ffdh () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
2023-06-15 16:44:08 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
|
|
|
|
|
2023-06-13 10:46:48 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
component_test_tls13_only_psk_ephemeral () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2022-11-11 11:37:38 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-13 10:46:48 +02:00
|
|
|
component_test_tls13_only_psk_ephemeral_ffdh () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2023-06-15 16:44:08 +02:00
|
|
|
scripts/config.py unset MBEDTLS_ECDH_C
|
2023-06-13 10:46:48 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-17 17:35:32 +02:00
|
|
|
component_test_tls13_only_psk_all () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
|
|
|
scripts/config.py unset MBEDTLS_PKCS1_V21
|
2022-11-11 11:37:38 +01:00
|
|
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
|
|
|
|
|
tests/ssl-opt.sh
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_tls13_only_ephemeral_all () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, without PSK key exchange mode"
|
|
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2022-10-17 17:35:32 +02:00
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
|
|
|
|
|
tests/ssl-opt.sh
|
2022-06-10 17:21:51 +02:00
|
|
|
}
|
|
|
|
|
|
2021-12-08 16:57:54 +01:00
|
|
|
component_test_tls13 () {
|
|
|
|
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
2021-12-09 10:39:19 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2021-12-09 10:39:19 +01:00
|
|
|
make
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
2021-12-09 10:39:19 +01:00
|
|
|
make test
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "ssl-opt.sh (TLS 1.3)"
|
2022-02-04 00:30:54 +01:00
|
|
|
tests/ssl-opt.sh
|
2021-12-09 10:39:19 +01:00
|
|
|
}
|
|
|
|
|
|
2021-12-08 16:57:54 +01:00
|
|
|
component_test_tls13_no_compatibility_mode () {
|
|
|
|
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
2021-12-09 10:39:19 +01:00
|
|
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
2022-11-22 09:01:46 +01:00
|
|
|
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
2023-12-14 17:42:48 +01:00
|
|
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
2020-05-04 13:03:51 +02:00
|
|
|
make
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
2021-08-01 20:20:10 +02:00
|
|
|
make test
|
2021-12-08 16:57:54 +01:00
|
|
|
msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
|
2022-02-04 00:30:54 +01:00
|
|
|
tests/ssl-opt.sh
|
2021-08-01 20:20:10 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-10 12:45:19 +01:00
|
|
|
component_test_tls13_only_record_size_limit () {
|
|
|
|
|
msg "build: TLS 1.3 only from default, record size limit extension enabled"
|
|
|
|
|
scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
|
|
|
|
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
|
|
|
|
|
|
|
|
msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled"
|
|
|
|
|
cd tests; ./test_suite_ssl; cd ..
|
|
|
|
|
|
|
|
|
|
msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)"
|
|
|
|
|
# Both the server and the client will currently abort the handshake when they encounter the
|
|
|
|
|
# record size limit extension. There is no way to prevent gnutls-cli from sending the extension
|
|
|
|
|
# which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension.
|
|
|
|
|
tests/ssl-opt.sh -f "Record Size Limit"
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_build_mingw () {
|
|
|
|
|
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
|
2023-10-10 12:22:24 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
|
2016-11-10 18:25:58 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
# note Make tests only builds the tests, but doesn't run them
|
2023-10-10 12:22:24 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests
|
2018-11-27 15:58:47 +01:00
|
|
|
make WINDOWS_BUILD=1 clean
|
2015-02-16 17:18:36 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
|
2023-10-10 12:22:24 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs
|
|
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests
|
2018-11-27 15:58:47 +01:00
|
|
|
make WINDOWS_BUILD=1 clean
|
2023-10-19 04:38:58 +02:00
|
|
|
|
2023-10-19 05:27:05 +02:00
|
|
|
msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s
|
2023-10-19 04:38:58 +02:00
|
|
|
./scripts/config.py unset MBEDTLS_AESNI_C #
|
2023-10-19 05:27:05 +02:00
|
|
|
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib
|
2018-11-27 15:58:47 +01:00
|
|
|
make WINDOWS_BUILD=1 clean
|
|
|
|
|
}
|
2019-04-17 16:19:26 +02:00
|
|
|
support_build_mingw() {
|
2023-02-24 08:38:52 +01:00
|
|
|
case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
|
|
|
|
|
[0-5]*|"") false;;
|
2019-04-17 16:19:26 +02:00
|
|
|
*) true;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_memsan () {
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "build: MSan (clang)" # ~ 1 min 20s
|
2019-07-27 23:52:53 +02:00
|
|
|
scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
|
2017-12-10 23:22:20 +01:00
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
|
|
|
|
make
|
2014-11-20 13:10:22 +01:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "test: main suites (MSan)" # ~ 10s
|
|
|
|
|
make test
|
2014-05-09 13:46:59 +02:00
|
|
|
|
2023-11-02 19:58:03 +01:00
|
|
|
msg "test: metatests (MSan)"
|
|
|
|
|
tests/scripts/run-metatests.sh any msan
|
|
|
|
|
|
2019-06-14 18:27:03 +02:00
|
|
|
msg "program demos (MSan)" # ~20s
|
|
|
|
|
tests/scripts/run_demos.py
|
|
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh
|
2014-05-09 13:46:59 +02:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
# Optional part(s)
|
2014-11-20 13:10:22 +01:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
if [ "$MEMORY" -gt 0 ]; then
|
|
|
|
|
msg "test: compat.sh (MSan)" # ~ 6 min 20s
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh
|
2017-12-10 23:22:20 +01:00
|
|
|
fi
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2023-12-06 16:14:37 +01:00
|
|
|
component_release_test_valgrind () {
|
2017-12-10 23:22:20 +01:00
|
|
|
msg "build: Release (clang)"
|
2022-11-29 16:45:30 +01:00
|
|
|
# default config, in particular without MBEDTLS_USE_PSA_CRYPTO
|
2017-12-10 23:22:20 +01:00
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
|
make
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: main suites, Valgrind (default config)"
|
2017-12-10 23:22:20 +01:00
|
|
|
make memcheck
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2020-03-04 20:46:15 +01:00
|
|
|
# Optional parts (slow; currently broken on OS X because programs don't
|
|
|
|
|
# seem to receive signals under valgrind on OS X).
|
2022-11-29 16:45:30 +01:00
|
|
|
# These optional parts don't run on the CI.
|
2017-12-10 23:22:20 +01:00
|
|
|
if [ "$MEMORY" -gt 0 ]; then
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: ssl-opt.sh --memcheck (default config)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/ssl-opt.sh --memcheck
|
2017-12-10 23:22:20 +01:00
|
|
|
fi
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2017-12-10 23:22:20 +01:00
|
|
|
if [ "$MEMORY" -gt 1 ]; then
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: compat.sh --memcheck (default config)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/compat.sh --memcheck
|
2017-12-10 23:22:20 +01:00
|
|
|
fi
|
2020-04-07 16:07:05 +02:00
|
|
|
|
|
|
|
|
if [ "$MEMORY" -gt 0 ]; then
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "test: context-info.sh --memcheck (default config)"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/context-info.sh --memcheck
|
2020-04-07 16:07:05 +02:00
|
|
|
fi
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2023-12-06 16:14:37 +01:00
|
|
|
component_release_test_valgrind_psa () {
|
2022-11-29 16:45:30 +01:00
|
|
|
msg "build: Release, full (clang)"
|
|
|
|
|
# full config, in particular with MBEDTLS_USE_PSA_CRYPTO
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "test: main suites, Valgrind (full config)"
|
|
|
|
|
make memcheck
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-25 18:29:40 +01:00
|
|
|
support_test_cmake_out_of_source () {
|
|
|
|
|
distrib_id=""
|
|
|
|
|
distrib_ver=""
|
|
|
|
|
distrib_ver_minor=""
|
|
|
|
|
distrib_ver_major=""
|
|
|
|
|
|
|
|
|
|
# Attempt to parse lsb-release to find out distribution and version. If not
|
|
|
|
|
# found this should fail safe (test is supported).
|
|
|
|
|
if [[ -f /etc/lsb-release ]]; then
|
|
|
|
|
|
|
|
|
|
while read -r lsb_line; do
|
|
|
|
|
case "$lsb_line" in
|
|
|
|
|
"DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};;
|
|
|
|
|
"DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};;
|
|
|
|
|
esac
|
|
|
|
|
done < /etc/lsb-release
|
|
|
|
|
|
|
|
|
|
distrib_ver_major="${distrib_ver%%.*}"
|
|
|
|
|
distrib_ver="${distrib_ver#*.}"
|
|
|
|
|
distrib_ver_minor="${distrib_ver%%.*}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Running the out of source CMake test on Ubuntu 16.04 using more than one
|
|
|
|
|
# processor (as the CI does) can create a race condition whereby the build
|
|
|
|
|
# fails to see a generated file, despite that file actually having been
|
|
|
|
|
# generated. This problem appears to go away with 18.04 or newer, so make
|
|
|
|
|
# the out of source tests unsupported on Ubuntu 16.04.
|
|
|
|
|
[ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_cmake_out_of_source () {
|
2023-09-28 11:42:10 +02:00
|
|
|
# Remove existing generated files so that we use the ones cmake
|
2023-09-27 16:53:54 +02:00
|
|
|
# generates
|
|
|
|
|
make neat
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "build: cmake 'out-of-source' build"
|
|
|
|
|
MBEDTLS_ROOT_DIR="$PWD"
|
|
|
|
|
mkdir "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
cd "$OUT_OF_SOURCE_DIR"
|
2023-09-27 16:53:54 +02:00
|
|
|
# Note: Explicitly generate files as these are turned off in releases
|
|
|
|
|
cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
|
2018-11-27 15:58:47 +01:00
|
|
|
make
|
2015-01-26 15:03:56 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
msg "test: cmake 'out-of-source' build"
|
|
|
|
|
make test
|
2022-04-16 11:31:25 +02:00
|
|
|
# Check that ssl-opt.sh can find the test programs.
|
2018-11-27 15:58:47 +01:00
|
|
|
# Also ensure that there are no error messages such as
|
|
|
|
|
# "No such file or directory", which would indicate that some required
|
|
|
|
|
# file is missing (ssl-opt.sh tolerates the absence of some files so
|
|
|
|
|
# may exit with status 0 but emit errors).
|
2022-04-16 11:31:25 +02:00
|
|
|
./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
|
2022-04-15 22:43:38 +02:00
|
|
|
grep PASS ssl-opt.out
|
2020-03-28 18:56:09 +01:00
|
|
|
cat ssl-opt.err >&2
|
|
|
|
|
# If ssl-opt.err is non-empty, record an error and keep going.
|
2021-07-08 18:41:16 +02:00
|
|
|
[ ! -s ssl-opt.err ]
|
2022-04-15 22:43:38 +02:00
|
|
|
rm ssl-opt.out ssl-opt.err
|
2018-11-27 15:58:47 +01:00
|
|
|
cd "$MBEDTLS_ROOT_DIR"
|
|
|
|
|
rm -rf "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-20 18:38:22 +02:00
|
|
|
component_test_cmake_as_subdirectory () {
|
2023-09-27 16:53:54 +02:00
|
|
|
# Remove existing generated files so that we use the ones CMake
|
|
|
|
|
# generates
|
|
|
|
|
make neat
|
|
|
|
|
|
2019-06-20 18:38:22 +02:00
|
|
|
msg "build: cmake 'as-subdirectory' build"
|
|
|
|
|
cd programs/test/cmake_subproject
|
2023-09-27 16:53:54 +02:00
|
|
|
# Note: Explicitly generate files as these are turned off in releases
|
|
|
|
|
cmake -D GEN_FILES=ON .
|
2019-06-20 18:38:22 +02:00
|
|
|
make
|
2021-07-08 18:41:16 +02:00
|
|
|
./cmake_subproject
|
2019-06-20 18:38:22 +02:00
|
|
|
}
|
2022-02-04 00:21:12 +01:00
|
|
|
support_test_cmake_as_subdirectory () {
|
|
|
|
|
support_test_cmake_out_of_source
|
2019-06-20 18:38:22 +02:00
|
|
|
}
|
|
|
|
|
|
2021-03-25 17:03:25 +01:00
|
|
|
component_test_cmake_as_package () {
|
2023-09-28 11:40:22 +02:00
|
|
|
# Remove existing generated files so that we use the ones CMake
|
|
|
|
|
# generates
|
|
|
|
|
make neat
|
|
|
|
|
|
2021-03-25 17:03:25 +01:00
|
|
|
msg "build: cmake 'as-package' build"
|
|
|
|
|
cd programs/test/cmake_package
|
|
|
|
|
cmake .
|
|
|
|
|
make
|
2021-07-08 18:41:16 +02:00
|
|
|
./cmake_package
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
2022-02-04 00:21:12 +01:00
|
|
|
support_test_cmake_as_package () {
|
|
|
|
|
support_test_cmake_out_of_source
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
component_test_cmake_as_package_install () {
|
2023-09-28 11:40:22 +02:00
|
|
|
# Remove existing generated files so that we use the ones CMake
|
|
|
|
|
# generates
|
|
|
|
|
make neat
|
|
|
|
|
|
2021-03-25 17:03:25 +01:00
|
|
|
msg "build: cmake 'as-installed-package' build"
|
|
|
|
|
cd programs/test/cmake_package_install
|
|
|
|
|
cmake .
|
|
|
|
|
make
|
2021-07-08 18:41:16 +02:00
|
|
|
./cmake_package_install
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
2022-02-04 00:21:12 +01:00
|
|
|
support_test_cmake_as_package_install () {
|
|
|
|
|
support_test_cmake_out_of_source
|
2021-03-25 17:03:25 +01:00
|
|
|
}
|
|
|
|
|
|
2023-01-12 15:17:01 +01:00
|
|
|
component_build_cmake_custom_config_file () {
|
2023-01-31 11:34:44 +01:00
|
|
|
# Make a copy of config file to use for the in-tree test
|
|
|
|
|
cp "$CONFIG_H" include/mbedtls_config_in_tree_copy.h
|
2023-01-12 15:17:01 +01:00
|
|
|
|
|
|
|
|
MBEDTLS_ROOT_DIR="$PWD"
|
|
|
|
|
mkdir "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
cd "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
|
2023-01-31 11:34:44 +01:00
|
|
|
# Build once to get the generated files (which need an intact config file)
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake "$MBEDTLS_ROOT_DIR"
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "build: cmake with -DMBEDTLS_CONFIG_FILE"
|
|
|
|
|
scripts/config.py -w full_config.h full
|
2023-01-31 11:34:44 +01:00
|
|
|
echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
|
|
|
|
|
# In the user config, disable one feature (for simplicity, pick a feature
|
|
|
|
|
# that nothing else depends on).
|
|
|
|
|
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
|
|
|
|
|
|
|
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h "$MBEDTLS_ROOT_DIR"
|
|
|
|
|
make
|
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
|
|
|
|
|
rm -f user_config.h full_config.h
|
|
|
|
|
|
|
|
|
|
cd "$MBEDTLS_ROOT_DIR"
|
|
|
|
|
rm -rf "$OUT_OF_SOURCE_DIR"
|
|
|
|
|
|
|
|
|
|
# Now repeat the test for an in-tree build:
|
|
|
|
|
|
2023-01-31 11:34:44 +01:00
|
|
|
# Restore config for the in-tree test
|
|
|
|
|
mv include/mbedtls_config_in_tree_copy.h "$CONFIG_H"
|
2023-01-12 15:17:01 +01:00
|
|
|
|
2023-01-31 11:34:44 +01:00
|
|
|
# Build once to get the generated files (which need an intact config)
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE"
|
|
|
|
|
scripts/config.py -w full_config.h full
|
2023-01-31 11:34:44 +01:00
|
|
|
echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
|
2023-01-12 15:17:01 +01:00
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h .
|
|
|
|
|
make
|
|
|
|
|
|
|
|
|
|
msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
|
|
|
|
|
# In the user config, disable one feature (for simplicity, pick a feature
|
|
|
|
|
# that nothing else depends on).
|
|
|
|
|
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
|
|
|
|
|
|
|
|
|
|
cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h .
|
|
|
|
|
make
|
|
|
|
|
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
|
|
|
|
|
|
|
|
|
|
rm -f user_config.h full_config.h
|
|
|
|
|
}
|
|
|
|
|
support_build_cmake_custom_config_file () {
|
|
|
|
|
support_test_cmake_out_of_source
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2023-09-01 11:40:15 +02:00
|
|
|
component_build_zeroize_checks () {
|
|
|
|
|
msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
|
|
|
|
|
|
|
|
|
|
scripts/config.py full
|
|
|
|
|
|
|
|
|
|
# Only compile - we're looking for sizeof-pointer-memaccess warnings
|
2023-09-01 15:40:21 +02:00
|
|
|
make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
|
2023-09-01 11:40:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_test_zeroize () {
|
|
|
|
|
# Test that the function mbedtls_platform_zeroize() is not optimized away by
|
|
|
|
|
# different combinations of compilers and optimization flags by using an
|
|
|
|
|
# auxiliary GDB script. Unfortunately, GDB does not return error values to the
|
|
|
|
|
# system in all cases that the script fails, so we must manually search the
|
|
|
|
|
# output to check whether the pass string is present and no failure strings
|
|
|
|
|
# were printed.
|
2019-01-06 20:52:22 +01:00
|
|
|
|
|
|
|
|
# Don't try to disable ASLR. We don't care about ASLR here. We do care
|
|
|
|
|
# about a spurious message if Gdb tries and fails, so suppress that.
|
|
|
|
|
gdb_disable_aslr=
|
|
|
|
|
if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
|
|
|
|
|
gdb_disable_aslr='set disable-randomization off'
|
|
|
|
|
fi
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
for optimization_flag in -O2 -O3 -Ofast -Os; do
|
2019-01-09 22:28:21 +01:00
|
|
|
for compiler in clang gcc; do
|
|
|
|
|
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
|
|
|
|
|
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
|
2021-07-08 18:41:16 +02:00
|
|
|
gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
|
|
|
|
|
grep "The buffer was correctly zeroized" test_zeroize.log
|
|
|
|
|
not grep -i "error" test_zeroize.log
|
2019-01-09 22:28:21 +01:00
|
|
|
rm -f test_zeroize.log
|
|
|
|
|
make clean
|
|
|
|
|
done
|
2017-10-25 11:35:51 +02:00
|
|
|
done
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2021-10-19 15:05:36 +02:00
|
|
|
component_test_psa_compliance () {
|
|
|
|
|
msg "build: make, default config (out-of-box), libmbedcrypto.a only"
|
2021-10-25 19:29:07 +02:00
|
|
|
make -C library libmbedcrypto.a
|
2021-10-19 15:05:36 +02:00
|
|
|
|
|
|
|
|
msg "unit test: test_psa_compliance.py"
|
|
|
|
|
./tests/scripts/test_psa_compliance.py
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
support_test_psa_compliance () {
|
2021-11-03 11:36:09 +01:00
|
|
|
# psa-compliance-tests only supports CMake >= 3.10.0
|
2021-10-25 19:29:07 +02:00
|
|
|
ver="$(cmake --version)"
|
|
|
|
|
ver="${ver#cmake version }"
|
|
|
|
|
ver_major="${ver%%.*}"
|
|
|
|
|
|
|
|
|
|
ver="${ver#*.}"
|
|
|
|
|
ver_minor="${ver%%.*}"
|
|
|
|
|
|
|
|
|
|
[ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
|
2021-10-19 15:05:36 +02:00
|
|
|
}
|
|
|
|
|
|
2022-12-09 12:23:35 +01:00
|
|
|
component_check_code_style () {
|
|
|
|
|
msg "Check C code style"
|
|
|
|
|
./scripts/code_style.py
|
2022-11-10 19:30:52 +01:00
|
|
|
}
|
|
|
|
|
|
2022-12-09 12:23:35 +01:00
|
|
|
support_check_code_style() {
|
2022-11-10 19:30:52 +01:00
|
|
|
case $(uncrustify --version) in
|
|
|
|
|
*0.75.1*) true;;
|
|
|
|
|
*) false;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
component_check_python_files () {
|
|
|
|
|
msg "Lint: Python scripts"
|
2021-07-08 18:41:16 +02:00
|
|
|
tests/scripts/check-python-files.sh
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2021-07-29 12:18:29 +02:00
|
|
|
component_check_test_helpers () {
|
|
|
|
|
msg "unit test: generate_test_code.py"
|
2020-06-02 11:40:08 +02:00
|
|
|
# unittest writes out mundane stuff like number or tests run on stderr.
|
|
|
|
|
# Our convention is to reserve stderr for actual errors, and write
|
|
|
|
|
# harmless info on stdout so it can be suppress with --quiet.
|
2021-07-08 18:41:16 +02:00
|
|
|
./tests/scripts/test_generate_test_code.py 2>&1
|
2021-07-29 12:18:29 +02:00
|
|
|
|
2021-08-06 10:41:27 +02:00
|
|
|
msg "unit test: translate_ciphers.py"
|
|
|
|
|
python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
2017-12-21 15:59:21 +01:00
|
|
|
|
2023-03-31 09:03:55 +02:00
|
|
|
|
2017-12-21 15:59:21 +01:00
|
|
|
################################################################
|
|
|
|
|
#### Termination
|
|
|
|
|
################################################################
|
|
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
post_report () {
|
|
|
|
|
msg "Done, cleaning up"
|
2020-03-30 20:11:39 +02:00
|
|
|
final_cleanup
|
2018-11-27 15:58:47 +01:00
|
|
|
|
|
|
|
|
final_report
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
|
|
|
#### Run all the things
|
|
|
|
|
################################################################
|
|
|
|
|
|
2020-03-28 21:09:21 +01:00
|
|
|
# Function invoked by --error-test to test error reporting.
|
|
|
|
|
pseudo_component_error_test () {
|
2021-08-02 23:28:00 +02:00
|
|
|
msg "Testing error reporting $error_test_i"
|
2020-03-28 21:09:21 +01:00
|
|
|
if [ $KEEP_GOING -ne 0 ]; then
|
|
|
|
|
echo "Expect three failing commands."
|
|
|
|
|
fi
|
2021-08-02 23:28:00 +02:00
|
|
|
# If the component doesn't run in a subshell, changing error_test_i to an
|
|
|
|
|
# invalid integer will cause an error in the loop that runs this function.
|
|
|
|
|
error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
|
2021-08-02 23:14:03 +02:00
|
|
|
# Expected error: 'grep non_existent /dev/null -> 1'
|
2020-03-28 21:09:21 +01:00
|
|
|
grep non_existent /dev/null
|
2021-08-02 23:14:03 +02:00
|
|
|
# Expected error: '! grep -q . tests/scripts/all.sh -> 1'
|
2020-03-28 21:09:21 +01:00
|
|
|
not grep -q . "$0"
|
2021-08-02 23:14:03 +02:00
|
|
|
# Expected error: 'make unknown_target -> 2'
|
2020-03-28 21:09:21 +01:00
|
|
|
make unknown_target
|
|
|
|
|
false "this should not be executed"
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 16:06:30 +01:00
|
|
|
# Run one component and clean up afterwards.
|
2018-11-27 15:58:47 +01:00
|
|
|
run_component () {
|
2018-12-04 12:49:28 +01:00
|
|
|
current_component="$1"
|
2019-09-16 15:20:36 +02:00
|
|
|
export MBEDTLS_TEST_CONFIGURATION="$current_component"
|
2019-10-07 18:44:21 +02:00
|
|
|
|
|
|
|
|
# Unconditionally create a seedfile that's sufficiently long.
|
|
|
|
|
# Do this before each component, because a previous component may
|
|
|
|
|
# have messed it up or shortened it.
|
2021-07-08 19:03:50 +02:00
|
|
|
local dd_cmd
|
|
|
|
|
dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
|
|
|
|
|
case $OSTYPE in
|
2022-03-16 15:11:07 +01:00
|
|
|
linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
|
2021-07-08 19:03:50 +02:00
|
|
|
esac
|
|
|
|
|
"${dd_cmd[@]}"
|
2019-10-07 18:44:21 +02:00
|
|
|
|
2021-08-02 23:14:03 +02:00
|
|
|
# Run the component in a subshell, with error trapping and output
|
|
|
|
|
# redirection set up based on the relevant options.
|
2020-03-28 18:50:43 +01:00
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
2021-08-02 23:14:03 +02:00
|
|
|
# We want to keep running if the subshell fails, so 'set -e' must
|
|
|
|
|
# be off when the subshell runs.
|
2020-03-28 18:50:43 +01:00
|
|
|
set +e
|
|
|
|
|
fi
|
|
|
|
|
(
|
|
|
|
|
if [ $QUIET -eq 1 ]; then
|
|
|
|
|
# msg() will be silenced, so just print the component name here.
|
|
|
|
|
echo "${current_component#component_}"
|
|
|
|
|
exec >/dev/null
|
|
|
|
|
fi
|
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
|
# Keep "set -e" off, and run an ERR trap instead to record failures.
|
|
|
|
|
set -E
|
|
|
|
|
trap err_trap ERR
|
|
|
|
|
fi
|
|
|
|
|
# The next line is what runs the component
|
|
|
|
|
"$@"
|
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
|
trap - ERR
|
|
|
|
|
exit $last_failure_status
|
|
|
|
|
fi
|
|
|
|
|
)
|
|
|
|
|
component_status=$?
|
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
|
set -e
|
|
|
|
|
if [ $component_status -ne 0 ]; then
|
|
|
|
|
failure_count=$((failure_count + 1))
|
|
|
|
|
fi
|
2020-06-02 11:28:07 +02:00
|
|
|
fi
|
2019-10-07 18:44:21 +02:00
|
|
|
|
|
|
|
|
# Restore the build tree to a clean state.
|
2018-11-27 16:06:30 +01:00
|
|
|
cleanup
|
2020-06-08 10:59:41 +02:00
|
|
|
unset current_component
|
2018-11-27 15:58:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Preliminary setup
|
|
|
|
|
pre_check_environment
|
2023-06-09 15:20:18 +02:00
|
|
|
pre_parse_command_line_for_dirs "$@"
|
2018-11-27 15:58:47 +01:00
|
|
|
pre_initialize_variables
|
|
|
|
|
pre_parse_command_line "$@"
|
2018-11-27 17:04:29 +01:00
|
|
|
|
2019-01-06 21:50:38 +01:00
|
|
|
pre_check_git
|
2021-07-12 18:16:01 +02:00
|
|
|
pre_restore_files
|
2020-03-30 20:11:39 +02:00
|
|
|
pre_back_up
|
2019-02-14 13:18:59 +01:00
|
|
|
|
2019-01-06 21:50:38 +01:00
|
|
|
build_status=0
|
|
|
|
|
if [ $KEEP_GOING -eq 1 ]; then
|
|
|
|
|
pre_setup_keep_going
|
2018-11-27 15:58:47 +01:00
|
|
|
fi
|
2019-09-16 15:55:46 +02:00
|
|
|
pre_prepare_outcome_file
|
2019-01-06 21:50:38 +01:00
|
|
|
pre_print_configuration
|
|
|
|
|
pre_check_tools
|
2014-03-19 18:29:01 +01:00
|
|
|
cleanup
|
2023-08-17 18:32:26 +02:00
|
|
|
if in_mbedtls_repo; then
|
2023-07-14 13:30:00 +02:00
|
|
|
pre_generate_files
|
|
|
|
|
fi
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2019-01-06 23:11:25 +01:00
|
|
|
# Run the requested tests.
|
2021-08-02 23:28:00 +02:00
|
|
|
for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
|
2020-03-28 21:09:21 +01:00
|
|
|
run_component pseudo_component_error_test
|
|
|
|
|
done
|
2021-08-02 23:28:00 +02:00
|
|
|
unset error_test_i
|
2019-01-06 23:11:25 +01:00
|
|
|
for component in $RUN_COMPONENTS; do
|
|
|
|
|
run_component "component_$component"
|
|
|
|
|
done
|
2014-03-19 18:29:01 +01:00
|
|
|
|
2018-11-27 15:58:47 +01:00
|
|
|
# We're done.
|
2019-01-06 21:50:38 +01:00
|
|
|
post_report
|
