mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-07 06:42:56 +03:00
Merge branch 'development_3.0' into drop_old_tls_options
This commit is contained in:
Mateusz Starzyk
@@ -798,6 +798,17 @@ component_test_psa_crypto_key_id_encodes_owner () {
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_client () {
|
||||
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
make
|
||||
|
||||
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_ref_configs () {
|
||||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
@@ -852,50 +863,146 @@ component_test_rsa_no_crt () {
|
||||
if_build_succeeded tests/context-info.sh
|
||||
}
|
||||
|
||||
component_test_no_ctr_drbg () {
|
||||
msg "build: Full minus CTR_DRBG"
|
||||
component_test_no_ctr_drbg_classic () {
|
||||
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: no CTR_DRBG"
|
||||
msg "test: Full minus CTR_DRBG, classic crypto - main suites"
|
||||
make test
|
||||
|
||||
# no ssl-opt.sh/compat.sh as they all depend on CTR_DRBG so far
|
||||
# In this configuration, the TLS test programs use HMAC_DRBG.
|
||||
# The SSL tests are slow, so run a small subset, just enough to get
|
||||
# confidence that the SSL code copes with HMAC_DRBG.
|
||||
msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
||||
|
||||
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
|
||||
}
|
||||
|
||||
component_test_no_hmac_drbg () {
|
||||
msg "build: Full minus HMAC_DRBG"
|
||||
component_test_no_ctr_drbg_use_psa () {
|
||||
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
|
||||
make test
|
||||
|
||||
# In this configuration, the TLS test programs use HMAC_DRBG.
|
||||
# The SSL tests are slow, so run a small subset, just enough to get
|
||||
# confidence that the SSL code copes with HMAC_DRBG.
|
||||
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
||||
|
||||
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
|
||||
}
|
||||
|
||||
component_test_no_hmac_drbg_classic () {
|
||||
msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: no HMAC_DRBG"
|
||||
msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
|
||||
make test
|
||||
|
||||
# No ssl-opt.sh/compat.sh as they never use HMAC_DRBG so far,
|
||||
# so there's little value in running those lengthy tests here.
|
||||
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
||||
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
||||
# instead.
|
||||
# Test SSL with non-deterministic ECDSA. Only test features that
|
||||
# might be affected by how ECDSA signature is performed.
|
||||
msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
||||
|
||||
# To save time, only test one protocol version, since this part of
|
||||
# the protocol is identical in (D)TLS up to 1.2.
|
||||
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_no_drbg () {
|
||||
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG"
|
||||
component_test_no_hmac_drbg_use_psa () {
|
||||
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
|
||||
make test
|
||||
|
||||
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
||||
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
||||
# instead.
|
||||
# Test SSL with non-deterministic ECDSA. Only test features that
|
||||
# might be affected by how ECDSA signature is performed.
|
||||
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
||||
|
||||
# To save time, only test one protocol version, since this part of
|
||||
# the protocol is identical in (D)TLS up to 1.2.
|
||||
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_no_drbg_classic () {
|
||||
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_C
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
|
||||
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
|
||||
# the SSL test programs don't have an RNG and can't work. Explicitly
|
||||
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
|
||||
make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
|
||||
make test
|
||||
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default'
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_no_drbg_use_psa () {
|
||||
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_C
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
|
||||
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG"
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
|
||||
make test
|
||||
|
||||
# No ssl-opt.sh/compat.sh because they require CTR_DRBG.
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_use_psa_crypto () {
|
||||
@@ -909,7 +1016,8 @@ component_test_psa_external_rng_use_psa_crypto () {
|
||||
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
||||
make test
|
||||
|
||||
# No ssl-opt.sh/compat.sh because they require CTR_DRBG.
|
||||
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
|
||||
}
|
||||
|
||||
component_test_ecp_no_internal_rng () {
|
||||
@@ -1276,14 +1384,63 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_basic() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG"
|
||||
# Test the library excluding all Mbed TLS cryptographic support for which
|
||||
# we have an accelerator support. Acceleration is faked with the
|
||||
# transparent test driver.
|
||||
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + as much acceleration as supported"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
# There is no intended accelerator support for ALG STREAM_CIPHER and
|
||||
# ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the
|
||||
# inclusion of the Mbed TLS cipher operations. As we want to test here with
|
||||
# cipher operations solely supported by accelerators, disabled those
|
||||
# PSA configuration options.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
# Don't test DES encryption as:
|
||||
# 1) It is not an issue if we don't test all cipher types here.
|
||||
# 2) That way we don't have to modify in psa_crypto.c the compilation
|
||||
# guards MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES for the code they guard to be
|
||||
# available to the test driver. Modifications that we would need to
|
||||
# revert when we move to compile the test driver separately.
|
||||
# We also disable MBEDTLS_DES_C as the dependencies on DES in PSA test
|
||||
# suites are still based on MBEDTLS_DES_C and not PSA_WANT_KEY_TYPE_DES.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES
|
||||
scripts/config.py unset MBEDTLS_DES_C
|
||||
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS"
|
||||
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
||||
|
||||
make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS"
|
||||
unset loc_cflags
|
||||
|
||||
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG"
|
||||
make test
|
||||
@@ -2048,11 +2205,39 @@ component_test_se_default () {
|
||||
|
||||
component_test_psa_crypto_drivers () {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS"
|
||||
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature"
|
||||
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
|
||||
unset loc_cflags
|
||||
|
||||
msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
|
||||
make test
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user