lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Adjust depends.py to the 2.28 branch

Browse Source 
SHA224 and SHA384 does not exist.
ARC4 and BLOWFISH requirements had to be added. 
Changed mbedtls_config.h to config.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
2022-10-20 06:15:06 -04:00
parent 15e5dd8d96
commit 467a0f2025
1 changed files with 23 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
tests/scripts/depends.py
View File

@@ -22,7 +22,7 @@ Test Mbed TLS with a subset of algorithms.
This script can be divided into several steps: This script can be divided into several steps:
First, include/mbedtls/mbedtls_config.h or a different config file passed First, include/mbedtls/config.h or a different config file passed
in the arguments is parsed to extract any configuration options (collect_config_symbols). in the arguments is parsed to extract any configuration options (collect_config_symbols).
Then, test domains (groups of jobs, tests) are built based on predefined data Then, test domains (groups of jobs, tests) are built based on predefined data
@@ -43,18 +43,6 @@ The configuration building method can be one of the three following:
any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not
direct dependencies, but rather non-trivial results of other configs missing. Then direct dependencies, but rather non-trivial results of other configs missing. Then
look for any unset symbols and handle their reverse dependencies. look for any unset symbols and handle their reverse dependencies.
Examples of EXCLUSIVE_GROUPS usage:
- MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating
reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled,
and then SHA256 is found to depend on SHA224, so it is also disabled. To handle
this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224
should also be enabled before processing reverse dependencies:
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C']
- MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
requires either SHA256 or SHA384 to work, so it also has to be disabled.
This is not a dependency on SHA512_C, but a result of an exclusive domain
config building method. Relevant field:
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'],
- DualDomain - combination of the two above - both complementary and exclusive domain - DualDomain - combination of the two above - both complementary and exclusive domain
job generation code will be run. Currently only used for hashes. job generation code will be run. Currently only used for hashes.
@@ -113,7 +101,7 @@ cmd is a list of strings: a command name and its arguments."""
log_line(' '.join(cmd), prefix='+') log_line(' '.join(cmd), prefix='+')
def backup_config(options): def backup_config(options):
"""Back up the library configuration file (mbedtls_config.h). """Back up the library configuration file (config.h).
If the backup file already exists, it is presumed to be the desired backup, If the backup file already exists, it is presumed to be the desired backup,
so don't make another backup.""" so don't make another backup."""
if os.path.exists(options.config_backup): if os.path.exists(options.config_backup):
@@ -123,7 +111,7 @@ so don't make another backup."""
shutil.copy(options.config, options.config_backup) shutil.copy(options.config, options.config_backup)
def restore_config(options): def restore_config(options):
"""Restore the library configuration file (mbedtls_config.h). """Restore the library configuration file (config.h).
Remove the backup file if it was saved earlier.""" Remove the backup file if it was saved earlier."""
if options.own_backup: if options.own_backup:
shutil.move(options.config_backup, options.config) shutil.move(options.config_backup, options.config)
@@ -133,14 +121,14 @@ Remove the backup file if it was saved earlier."""
def run_config_py(options, args): def run_config_py(options, args):
"""Run scripts/config.py with the specified arguments.""" """Run scripts/config.py with the specified arguments."""
cmd = ['scripts/config.py'] cmd = ['scripts/config.py']
if options.config != 'include/mbedtls/mbedtls_config.h': if options.config != 'include/mbedtls/config.h':
cmd += ['--file', options.config] cmd += ['--file', options.config]
cmd += args cmd += args
log_command(cmd) log_command(cmd)
subprocess.check_call(cmd) subprocess.check_call(cmd)
def set_reference_config(options): def set_reference_config(options):
"""Change the library configuration file (mbedtls_config.h) to the reference state. """Change the library configuration file (config.h) to the reference state.
The reference state is the one from which the tested configurations are The reference state is the one from which the tested configurations are
derived.""" derived."""
# Turn off options that are not relevant to the tests and slow them down. # Turn off options that are not relevant to the tests and slow them down.
@@ -148,7 +136,7 @@ derived."""
run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS']) run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
def collect_config_symbols(options): def collect_config_symbols(options):
"""Read the list of settings from mbedtls_config.h. """Read the list of settings from config.h.
Return them in a generator.""" Return them in a generator."""
with open(options.config, encoding="utf-8") as config_file: with open(options.config, encoding="utf-8") as config_file:
rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])') rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
@@ -261,17 +249,10 @@ REVERSE_DEPENDENCIES = {
'MBEDTLS_SHA1_C': SSL_PRE_1_2_DEPENDENCIES, 'MBEDTLS_SHA1_C': SSL_PRE_1_2_DEPENDENCIES,
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA224_C',
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'], 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C', 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'], 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_C',
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_X509_RSASSA_PSS_SUPPORT': [] 'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
} }
@@ -279,10 +260,7 @@ REVERSE_DEPENDENCIES = {
# These are not necessarily dependencies, but just minimal required changes # These are not necessarily dependencies, but just minimal required changes
# if a given define is the only one enabled from an exclusive group. # if a given define is the only one enabled from an exclusive group.
EXCLUSIVE_GROUPS = { EXCLUSIVE_GROUPS = {
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'], 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'],
'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C'],
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_PROTO_TLS1_3'],
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
'-MBEDTLS_ECDSA_DETERMINISTIC', '-MBEDTLS_ECDSA_DETERMINISTIC',
'-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
@@ -296,6 +274,16 @@ EXCLUSIVE_GROUPS = {
'-MBEDTLS_ECJPAKE_C', '-MBEDTLS_ECJPAKE_C',
'-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'], 'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'],
'MBEDTLS_ARC4_C': ['-MBEDTLS_CMAC_C',
'-MBEDTLS_CCM_C',
'-MBEDTLS_SSL_TICKET_C',
'-MBEDTLS_SSL_CONTEXT_SERIALIZATION',
'-MBEDTLS_GCM_C'],
'MBEDTLS_BLOWFISH_C': ['-MBEDTLS_CMAC_C',
'-MBEDTLS_CCM_C',
'-MBEDTLS_SSL_TICKET_C',
'-MBEDTLS_SSL_CONTEXT_SERIALIZATION',
'-MBEDTLS_GCM_C'],
'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'], 'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'],
'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'], 'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'],
'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C', 'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C',
@@ -391,7 +379,7 @@ class CipherInfo: # pylint: disable=too-few-public-methods
class DomainData: class DomainData:
"""A container for domains and jobs, used to structurize testing.""" """A container for domains and jobs, used to structurize testing."""
def config_symbols_matching(self, regexp): def config_symbols_matching(self, regexp):
"""List the mbedtls_config.h settings matching regexp.""" """List the config.h settings matching regexp."""
return [symbol for symbol in self.all_config_symbols return [symbol for symbol in self.all_config_symbols
if re.match(regexp, symbol)] if re.match(regexp, symbol)]
@@ -408,7 +396,7 @@ class DomainData:
key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
# Find cipher IDs (block permutations and stream ciphers --- chaining # Find cipher IDs (block permutations and stream ciphers --- chaining
# and padding modes are exercised separately) information by parsing # and padding modes are exercised separately) information by parsing
# cipher.h, as the information is not readily available in mbedtls_config.h. # cipher.h, as the information is not readily available in config.h.
cipher_info = CipherInfo() cipher_info = CipherInfo()
# Find block cipher chaining and padding mode enabling macros by name. # Find block cipher chaining and padding mode enabling macros by name.
cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z') cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z')
@@ -423,15 +411,9 @@ class DomainData:
build_and_test), build_and_test),
# Elliptic curves. Run the test suites. # Elliptic curves. Run the test suites.
'curves': ExclusiveDomain(curve_symbols, build_and_test), 'curves': ExclusiveDomain(curve_symbols, build_and_test),
# Hash algorithms. Exclude three groups: # Hash algorithms. Exclude exclusive domain of MD, RIPEMD, SHA1 (obsolete)
# - Exclusive domain of MD, RIPEMD, SHA1 (obsolete);
# - Exclusive domain of SHA224 (tested with and depends on SHA256);
# - Complementary domain of SHA224 and SHA384 - tested with and depend
# on SHA256 and SHA512, respectively.
'hashes': DualDomain(hash_symbols, build_and_test, 'hashes': DualDomain(hash_symbols, build_and_test,
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'),
'|MBEDTLS_SHA224_'\
'|!MBEDTLS_(SHA224_|SHA384_)'),
# Key exchange types. Only build the library and the sample # Key exchange types. Only build the library and the sample
# programs. # programs.
'kex': ExclusiveDomain(key_exchange_symbols, 'kex': ExclusiveDomain(key_exchange_symbols,
@@ -522,7 +504,7 @@ def main():
choices=['always', 'auto', 'never'], default='auto') choices=['always', 'auto', 'never'], default='auto')
parser.add_argument('-c', '--config', metavar='FILE', parser.add_argument('-c', '--config', metavar='FILE',
help='Configuration file to modify', help='Configuration file to modify',
default='include/mbedtls/mbedtls_config.h') default='include/mbedtls/config.h')
parser.add_argument('-C', '--directory', metavar='DIR', parser.add_argument('-C', '--directory', metavar='DIR',
help='Change to this directory before anything else', help='Change to this directory before anything else',
default='.') default='.')