diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index c6e03969fd..ef7dac3713 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -22,7 +22,7 @@ Test Mbed TLS with a subset of algorithms. This script can be divided into several steps: -First, include/mbedtls/mbedtls_config.h or a different config file passed +First, include/mbedtls/config.h or a different config file passed in the arguments is parsed to extract any configuration options (collect_config_symbols). Then, test domains (groups of jobs, tests) are built based on predefined data @@ -43,18 +43,6 @@ The configuration building method can be one of the three following: any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not direct dependencies, but rather non-trivial results of other configs missing. Then look for any unset symbols and handle their reverse dependencies. - Examples of EXCLUSIVE_GROUPS usage: - - MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating - reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled, - and then SHA256 is found to depend on SHA224, so it is also disabled. To handle - this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224 - should also be enabled before processing reverse dependencies: - 'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'] - - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C - requires either SHA256 or SHA384 to work, so it also has to be disabled. - This is not a dependency on SHA512_C, but a result of an exclusive domain - config building method. Relevant field: - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'], - DualDomain - combination of the two above - both complementary and exclusive domain job generation code will be run. Currently only used for hashes. @@ -113,7 +101,7 @@ cmd is a list of strings: a command name and its arguments.""" log_line(' '.join(cmd), prefix='+') def backup_config(options): - """Back up the library configuration file (mbedtls_config.h). + """Back up the library configuration file (config.h). If the backup file already exists, it is presumed to be the desired backup, so don't make another backup.""" if os.path.exists(options.config_backup): @@ -123,7 +111,7 @@ so don't make another backup.""" shutil.copy(options.config, options.config_backup) def restore_config(options): - """Restore the library configuration file (mbedtls_config.h). + """Restore the library configuration file (config.h). Remove the backup file if it was saved earlier.""" if options.own_backup: shutil.move(options.config_backup, options.config) @@ -133,14 +121,14 @@ Remove the backup file if it was saved earlier.""" def run_config_py(options, args): """Run scripts/config.py with the specified arguments.""" cmd = ['scripts/config.py'] - if options.config != 'include/mbedtls/mbedtls_config.h': + if options.config != 'include/mbedtls/config.h': cmd += ['--file', options.config] cmd += args log_command(cmd) subprocess.check_call(cmd) def set_reference_config(options): - """Change the library configuration file (mbedtls_config.h) to the reference state. + """Change the library configuration file (config.h) to the reference state. The reference state is the one from which the tested configurations are derived.""" # Turn off options that are not relevant to the tests and slow them down. @@ -148,7 +136,7 @@ derived.""" run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS']) def collect_config_symbols(options): - """Read the list of settings from mbedtls_config.h. + """Read the list of settings from config.h. Return them in a generator.""" with open(options.config, encoding="utf-8") as config_file: rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])') @@ -261,17 +249,10 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_SHA1_C': SSL_PRE_1_2_DEPENDENCIES, 'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA224_C', 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'], - 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'], - 'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_C', - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'], 'MBEDTLS_X509_RSASSA_PSS_SUPPORT': [] } @@ -279,10 +260,7 @@ REVERSE_DEPENDENCIES = { # These are not necessarily dependencies, but just minimal required changes # if a given define is the only one enabled from an exclusive group. EXCLUSIVE_GROUPS = { - 'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'], - 'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C'], - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', - '-MBEDTLS_SSL_PROTO_TLS1_3'], + 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'], 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', '-MBEDTLS_ECDSA_DETERMINISTIC', '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', @@ -296,6 +274,16 @@ EXCLUSIVE_GROUPS = { '-MBEDTLS_ECJPAKE_C', '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'], + 'MBEDTLS_ARC4_C': ['-MBEDTLS_CMAC_C', + '-MBEDTLS_CCM_C', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION', + '-MBEDTLS_GCM_C'], + 'MBEDTLS_BLOWFISH_C': ['-MBEDTLS_CMAC_C', + '-MBEDTLS_CCM_C', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION', + '-MBEDTLS_GCM_C'], 'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'], 'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'], 'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C', @@ -391,7 +379,7 @@ class CipherInfo: # pylint: disable=too-few-public-methods class DomainData: """A container for domains and jobs, used to structurize testing.""" def config_symbols_matching(self, regexp): - """List the mbedtls_config.h settings matching regexp.""" + """List the config.h settings matching regexp.""" return [symbol for symbol in self.all_config_symbols if re.match(regexp, symbol)] @@ -408,7 +396,7 @@ class DomainData: key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') # Find cipher IDs (block permutations and stream ciphers --- chaining # and padding modes are exercised separately) information by parsing - # cipher.h, as the information is not readily available in mbedtls_config.h. + # cipher.h, as the information is not readily available in config.h. cipher_info = CipherInfo() # Find block cipher chaining and padding mode enabling macros by name. cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z') @@ -423,15 +411,9 @@ class DomainData: build_and_test), # Elliptic curves. Run the test suites. 'curves': ExclusiveDomain(curve_symbols, build_and_test), - # Hash algorithms. Exclude three groups: - # - Exclusive domain of MD, RIPEMD, SHA1 (obsolete); - # - Exclusive domain of SHA224 (tested with and depends on SHA256); - # - Complementary domain of SHA224 and SHA384 - tested with and depend - # on SHA256 and SHA512, respectively. + # Hash algorithms. Exclude exclusive domain of MD, RIPEMD, SHA1 (obsolete) 'hashes': DualDomain(hash_symbols, build_and_test, - exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ - '|MBEDTLS_SHA224_'\ - '|!MBEDTLS_(SHA224_|SHA384_)'), + exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'), # Key exchange types. Only build the library and the sample # programs. 'kex': ExclusiveDomain(key_exchange_symbols, @@ -522,7 +504,7 @@ def main(): choices=['always', 'auto', 'never'], default='auto') parser.add_argument('-c', '--config', metavar='FILE', help='Configuration file to modify', - default='include/mbedtls/mbedtls_config.h') + default='include/mbedtls/config.h') parser.add_argument('-C', '--directory', metavar='DIR', help='Change to this directory before anything else', default='.')