Merge remote-tracking branch 'origin/development' into adjust_tfm_configs
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ef84fe7..8fe97df 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -864,7 +864,7 @@
# Example:
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
-# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
+# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
# additional arguments will be passed to make: this can be useful if
# you don't want to build everything when iterating during development.
# Example:
@@ -883,11 +883,6 @@
# Enable PSA-based config (necessary to use drivers)
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
- # partial support for cipher operations in the driver test library.
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
-
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
@@ -1493,13 +1488,13 @@
}
component_test_full_no_cipher () {
- msg "build: full minus CIPHER"
+ msg "build: full no CIPHER no PSA_CRYPTO_C"
scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
# Don't pull in cipher via PSA mechanisms
# (currently ignored anyway because we completely disable PSA)
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
- # Direct dependencies
+ # Disable features that depend on CIPHER_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CMAC_C
scripts/config.py unset MBEDTLS_GCM_C
@@ -1509,24 +1504,93 @@
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_TICKET_C
- # Indirect dependencies
- scripts/config.py unset MBEDTLS_SSL_CLI_C
+ # Disable features that depend on PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY
- scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID
- scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py unset MBEDTLS_SSL_SRV_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
make
- msg "test: full minus CIPHER"
+ msg "test: full no CIPHER no PSA_CRYPTO_C"
make test
}
+# This is a common configurator and test function that is used in:
+# - component_test_full_no_cipher_with_crypto
+# - component_test_full_no_cipher_with_crypto_config
+# It accepts 2 input parameters:
+# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
+# - $2: a text string which describes the test component
+common_test_full_no_cipher_with_psa_crypto () {
+ USE_CRYPTO_CONFIG="$1"
+ COMPONENT_DESCRIPTION="$2"
+
+ msg "build: $COMPONENT_DESCRIPTION"
+
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CIPHER_C
+
+ if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
+ # The built-in implementation of the following algs/key-types depends
+ # on CIPHER_C so we disable them.
+ # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
+ # so we keep them enabled.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_AES
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_CAMELLIA
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ARIA
+ else
+ # Don't pull in cipher via PSA mechanisms
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
+ # Disable cipher modes/keys that make PSA depend on CIPHER_C.
+ # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
+ scripts/config.py unset-all MBEDTLS_CIPHER_MODE
+ scripts/config.py unset MBEDTLS_AES_C
+ scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_ARIA_C
+ scripts/config.py unset MBEDTLS_CAMELLIA_C
+ # Dependencies on AES_C
+ scripts/config.py unset MBEDTLS_CTR_DRBG_C
+ fi
+ # The following modules directly depends on CIPHER_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CMAC_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_SSL_TLS_C
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ # Ensure that CIPHER_C was not re-enabled
+ not grep mbedtls_cipher_init library/cipher.o
+
+ msg "test: $COMPONENT_DESCRIPTION"
+ make test
+}
+
+component_test_full_no_cipher_with_crypto() {
+ common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
+}
+
+component_test_full_no_cipher_with_crypto_config() {
+ common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
+}
+
component_test_full_no_bignum () {
msg "build: full minus bignum"
scripts/config.py full
@@ -2232,9 +2296,9 @@
# The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
# directly and assumes the implementation works with partial groups.
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
- # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
# MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
@@ -3431,7 +3495,7 @@
scripts/config.py unset MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SHA224_C
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
@@ -3508,7 +3572,9 @@
component_test_psa_crypto_config_accel_cipher () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
- loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
+ loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
+ ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
+ KEY_TYPE_DES"
# Configure
# ---------
@@ -3516,14 +3582,6 @@
# Start from the full config
helper_libtestdriver1_adjust_config "full"
- # There is no intended accelerator support for ALG CMAC. Therefore, asking
- # for it in the build implies the inclusion of the Mbed TLS cipher
- # operations. As we want to test here with cipher operations solely
- # supported by accelerators, disabled this PSA configuration option.
- # (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are
- # already disabled by helper_libtestdriver1_adjust_config above.)
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
-
# Disable the things that are being accelerated
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
@@ -3532,6 +3590,7 @@
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_CMAC_C
# Build
# -----
@@ -3586,6 +3645,85 @@
make test
}
+# This is a common configuration function used in:
+# - component_test_psa_crypto_config_accel_cipher_aead
+# - component_test_psa_crypto_config_reference_cipher_aead
+common_psa_crypto_config_accel_cipher_aead() {
+ scripts/config.py unset MBEDTLS_CTR_DRBG_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+}
+
+# The 2 following test components, i.e.
+# - component_test_psa_crypto_config_accel_cipher_aead
+# - component_test_psa_crypto_config_reference_cipher_aead
+# are meant to be used together in analyze_outcomes.py script in order to test
+# driver's coverage for ciphers and AEADs.
+component_test_psa_crypto_config_accel_cipher_aead () {
+ msg "test: crypto config with accelerated cipher and AEAD"
+
+ loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
+ ALG_OFB ALG_XTS ALG_STREAM_CIPHER \
+ ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
+ KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
+
+ # Configure
+ # ---------
+
+ # Start from the crypto config (no X509 and TLS)
+ helper_libtestdriver1_adjust_config "crypto_full"
+
+ common_psa_crypto_config_accel_cipher_aead
+
+ # Disable the things that are being accelerated
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ scripts/config.py unset MBEDTLS_CMAC_C
+ scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_AES_C
+ scripts/config.py unset MBEDTLS_ARIA_C
+ scripts/config.py unset MBEDTLS_CHACHA20_C
+ scripts/config.py unset MBEDTLS_CAMELLIA_C
+
+ # Build
+ # -----
+
+ helper_libtestdriver1_make_drivers "$loc_accel_list"
+
+ helper_libtestdriver1_make_main "$loc_accel_list"
+
+ # Make sure this was not re-enabled by accident (additive config)
+ not grep mbedtls_des library/des.o
+ not grep mbedtls_aes library/aes.o
+ not grep mbedtls_aria library/aria.o
+ not grep mbedtls_camellia library/camellia.o
+ not grep mbedtls_ccm library/ccm.o
+ not grep mbedtls_gcm library/gcm.o
+ not grep mbedtls_chachapoly library/chachapoly.o
+ not grep mbedtls_cmac library/cmac.o
+
+ # Run the tests
+ # -------------
+
+ msg "test: crypto config with accelerated cipher and AEAD"
+ make test
+}
+
+component_test_psa_crypto_config_reference_cipher_aead () {
+ helper_libtestdriver1_adjust_config "crypto_full"
+
+ common_psa_crypto_config_accel_cipher_aead
+
+ msg "test: crypto config with non-accelerated cipher and AEAD"
+ make test
+}
+
component_test_aead_chachapoly_disabled() {
msg "build: full minus CHACHAPOLY"
scripts/config.py full
@@ -4315,8 +4453,6 @@
not grep -q "AES note: built-in implementation." ./programs/test/selftest
}
-
-
support_test_aesni_m32() {
support_test_m32_o0 && (lscpu | grep -qw aes)
}
@@ -4332,10 +4468,10 @@
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
- # test the intrinsics implementation
- msg "AES tests, test intrinsics"
+ # test the intrinsics implementation with gcc
+ msg "AES tests, test intrinsics (gcc)"
make clean
- make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
+ make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
# check that we built intrinsics - this should be used by default when supported by the compiler
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
@@ -4357,6 +4493,36 @@
not grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
+support_test_aesni_m32_clang() {
+ support_test_aesni_m32 && if command -v clang > /dev/null ; then
+ # clang >= 4 is required to build with target attributes
+ clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+ [[ "${clang_ver}" -ge 4 ]]
+ else
+ # clang not available
+ false
+ fi
+}
+
+component_test_aesni_m32_clang() {
+
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ # test the intrinsics implementation with clang
+ msg "AES tests, test intrinsics (clang)"
+ make clean
+ make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
+ # check that we built intrinsics - this should be used by default when supported by the compiler
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ grep -q "AES note: built-in implementation." ./programs/test/selftest
+ grep -q "AES note: using VIA Padlock" ./programs/test/selftest
+ grep -q mbedtls_aesni_has_support ./programs/test/selftest
+}
+
# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
component_build_aes_aesce_armcc () {
msg "Build: AESCE test on arm64 platform without plain C."
@@ -4371,7 +4537,7 @@
# unavailable, and the user is notified via a #warning. So enabling
# this feature would prevent us from building with -Werror on
# armclang. Tracked in #7198.
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
scripts/config.py set MBEDTLS_HAVE_ASM
msg "AESCE, build with default configuration."
@@ -4385,6 +4551,84 @@
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
}
+support_build_sha_armce() {
+ if command -v clang > /dev/null ; then
+ # clang >= 4 is required to build with SHA extensions
+ clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+
+ [[ "${clang_ver}" -ge 4 ]]
+ else
+ # clang not available
+ false
+ fi
+}
+
+component_build_sha_armce () {
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+
+
+ # Test variations of SHA256 Armv8 crypto extensions
+ scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+
+
+ # test the deprecated form of the config option
+ scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+
+ scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+
+
+ # test the deprecated form of the config option
+ scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+
+
+ # examine the disassembly for presence of SHA instructions
+ for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
+ scripts/config.py set ${opt}
+ msg "${opt} clang, test A32 crypto instructions built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "${opt} clang, test T32 crypto instructions built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "${opt} clang, test aarch64 crypto instructions built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+ scripts/config.py unset ${opt}
+ done
+
+
+ # examine the disassembly for absence of SHA instructions
+ msg "clang, test A32 crypto instructions not built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "clang, test T32 crypto instructions not built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "clang, test aarch64 crypto instructions not built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+}
+
# For timebeing, no VIA Padlock platform available.
component_build_aes_via_padlock () {
@@ -4672,7 +4916,7 @@
# build) and not the i386-specific inline assembly.
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.py full
- scripts/config.py unset MBEDTLS_AESNI_C # AESNI depends on cpu modifiers
+ scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, make, gcc -O0 (ASan build)"
@@ -4690,7 +4934,7 @@
# and go faster for tests.
msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
scripts/config.py full
- scripts/config.py unset MBEDTLS_AESNI_C # AESNI depends on cpu modifiers
+ scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, make, gcc -O2 (ASan build)"
@@ -4706,7 +4950,7 @@
component_test_m32_everest () {
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
- scripts/config.py unset MBEDTLS_AESNI_C # AESNI depends on cpu modifiers
+ scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
@@ -4934,7 +5178,7 @@
# unavailable, and the user is notified via a #warning. So enabling
# this feature would prevent us from building with -Werror on
# armclang. Tracked in #7198.
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
scripts/config.py set MBEDTLS_HAVE_ASM
@@ -5160,16 +5404,20 @@
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
- scripts/config.py unset MBEDTLS_AESNI_C # AESNI depends on cpu modifiers
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
# note Make tests only builds the tests, but doesn't run them
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests
+ make WINDOWS_BUILD=1 clean
+
+ msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s
+ ./scripts/config.py unset MBEDTLS_AESNI_C #
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index d15bb0b..a070b01 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -95,9 +95,21 @@
else:
results.warning('Allow listed test case was executed: {}', key)
+def name_matches_pattern(name, str_or_re):
+ """Check if name matches a pattern, that may be a string or regex.
+ - If the pattern is a string, name must be equal to match.
+ - If the pattern is a regex, name must fully match.
+ """
+ # The CI's python is too old for re.Pattern
+ #if isinstance(str_or_re, re.Pattern):
+ if not isinstance(str_or_re, str):
+ return str_or_re.fullmatch(name)
+ else:
+ return str_or_re == name
+
def analyze_driver_vs_reference(results: Results, outcomes,
component_ref, component_driver,
- ignored_suites, ignored_test=None):
+ ignored_suites, ignored_tests=None):
"""Check that all tests executed in the reference component are also
executed in the corresponding driver component.
Skip:
@@ -105,22 +117,25 @@
- only some specific test inside a test suite, for which the corresponding
output string is provided
"""
- available = check_test_cases.collect_available_test_cases()
-
- for key in available:
- # Continue if test was not executed by any component
- hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- continue
- # Skip ignored test suites
- full_test_suite = key.split(';')[0] # retrieve full test suite name
- test_string = key.split(';')[1] # retrieve the text string of this test
+ seen_reference_passing = False
+ for key in outcomes:
+ # key is like "test_suite_foo.bar;Description of test case"
+ (full_test_suite, test_string) = key.split(';')
test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
+
+ # Immediately skip fully-ignored test suites
if test_suite in ignored_suites or full_test_suite in ignored_suites:
continue
- if ((full_test_suite in ignored_test) and
- (test_string in ignored_test[full_test_suite])):
- continue
+
+ # For ignored test cases inside test suites, just remember and:
+ # don't issue an error if they're skipped with drivers,
+ # but issue an error if they're not (means we have a bad entry).
+ ignored = False
+ if full_test_suite in ignored_tests:
+ for str_or_re in ignored_tests[test_suite]:
+ if name_matches_pattern(test_string, str_or_re):
+ ignored = True
+
# Search for tests that run in reference component and not in driver component
driver_test_passed = False
reference_test_passed = False
@@ -129,8 +144,14 @@
driver_test_passed = True
if component_ref in entry:
reference_test_passed = True
- if(reference_test_passed and not driver_test_passed):
- results.error("Did not pass with driver: {}", key)
+ seen_reference_passing = True
+ if reference_test_passed and not driver_test_passed and not ignored:
+ results.error("PASS -> SKIP/FAIL: {}", key)
+ if ignored and driver_test_passed:
+ results.error("uselessly ignored: {}", key)
+
+ if not seen_reference_passing:
+ results.error("no passing test in reference component: bad outcome file?")
def analyze_outcomes(results: Results, outcomes, args):
"""Run all analyses on the given outcome collection."""
@@ -214,17 +235,71 @@
}
}
},
+ 'analyze_driver_vs_reference_cipher_aead': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_cipher_aead',
+ 'component_driver': 'test_psa_crypto_config_accel_cipher_aead',
+ # Modules replaced by drivers.
+ 'ignored_suites': [
+ # low-level (block/stream) cipher modules
+ 'aes', 'aria', 'camellia', 'des', 'chacha20',
+ # AEAD modes
+ 'ccm', 'chachapoly', 'cmac', 'gcm',
+ # The Cipher abstraction layer
+ 'cipher',
+ ],
+ 'ignored_tests': {
+ # PEM decryption is not supported so far.
+ # The rest of PEM (write, unencrypted read) works though.
+ 'test_suite_pem': [
+ re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
+ ],
+ # Following tests depend on AES_C/DES_C but are not about
+ # them really, just need to know some error code is there.
+ 'test_suite_error': [
+ 'Low and high error',
+ 'Single low error'
+ ],
+ # Similar to test_suite_error above.
+ 'test_suite_version': [
+ 'Check for MBEDTLS_AES_C when already present',
+ ],
+ # The en/decryption part of PKCS#12 is not supported so far.
+ # The rest of PKCS#12 (key derivation) works though.
+ 'test_suite_pkcs12': [
+ re.compile(r'PBE Encrypt, .*'),
+ re.compile(r'PBE Decrypt, .*'),
+ ],
+ # The en/decryption part of PKCS#5 is not supported so far.
+ # The rest of PKCS#5 (PBKDF2) works though.
+ 'test_suite_pkcs5': [
+ re.compile(r'PBES2 Encrypt, .*'),
+ re.compile(r'PBES2 Decrypt .*'),
+ ],
+ # Encrypted keys are not supported so far.
+ # pylint: disable=line-too-long
+ 'test_suite_pkparse': [
+ 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
+ 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
+ re.compile(r'Parse RSA Key .*\(PKCS#8 encrypted .*\)'),
+ ],
+ }
+ }
+ },
'analyze_driver_vs_reference_ecp_light_only': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecc_ecp_light_only',
'component_driver': 'test_psa_crypto_config_accel_ecc_ecp_light_only',
'ignored_suites': [
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ # This test wants a legacy function that takes f_rng, p_rng
+ # arguments, and uses legacy ECDSA for that. The test is
+ # really about the wrapper around the PSA RNG, not ECDSA.
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
@@ -232,49 +307,14 @@
# so we must ignore disparities in the tests for which ECP_C
# is required.
'test_suite_ecp': [
- 'ECP check public-private #1 (OK)',
- 'ECP check public-private #2 (group none)',
- 'ECP check public-private #3 (group mismatch)',
- 'ECP check public-private #4 (Qx mismatch)',
- 'ECP check public-private #5 (Qy mismatch)',
- 'ECP check public-private #6 (wrong Qx)',
- 'ECP check public-private #7 (wrong Qy)',
- 'ECP gen keypair [#1]',
- 'ECP gen keypair [#2]',
- 'ECP gen keypair [#3]',
- 'ECP gen keypair wrapper',
- 'ECP point muladd secp256r1 #1',
- 'ECP point muladd secp256r1 #2',
- 'ECP point multiplication Curve25519 (element of order 2: origin) #3',
- 'ECP point multiplication Curve25519 (element of order 4: 1) #4',
- 'ECP point multiplication Curve25519 (element of order 8) #5',
- 'ECP point multiplication Curve25519 (normalized) #1',
- 'ECP point multiplication Curve25519 (not normalized) #2',
- 'ECP point multiplication rng fail Curve25519',
- 'ECP point multiplication rng fail secp256r1',
- 'ECP test vectors Curve25519',
- 'ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)',
- 'ECP test vectors brainpoolP256r1 rfc 7027',
- 'ECP test vectors brainpoolP384r1 rfc 7027',
- 'ECP test vectors brainpoolP512r1 rfc 7027',
- 'ECP test vectors secp192k1',
- 'ECP test vectors secp192r1 rfc 5114',
- 'ECP test vectors secp224k1',
- 'ECP test vectors secp224r1 rfc 5114',
- 'ECP test vectors secp256k1',
- 'ECP test vectors secp256r1 rfc 5114',
- 'ECP test vectors secp384r1 rfc 5114',
- 'ECP test vectors secp521r1 rfc 5114',
- ],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ re.compile(r'ECP check public-private .*'),
+ re.compile(r'ECP gen keypair .*'),
+ re.compile(r'ECP point muladd .*'),
+ re.compile(r'ECP point multiplication .*'),
+ re.compile(r'ECP test vectors .*'),
],
'test_suite_ssl': [
+ # This deprecated function is only present when ECP_C is On.
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
@@ -286,32 +326,14 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_ecp_at_all',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_ecp_at_all',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
'test_suite_pkparse': [
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
@@ -319,23 +341,10 @@
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -348,90 +357,31 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
+ # See no_ecp_at_all
'test_suite_pkparse': [
- # See the description provided above in the
- # analyze_driver_vs_reference_no_ecp_at_all component.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
- # Following tests depends on BIGNUM_C
- 'Debug print mbedtls_mpi #2: 3 bits',
- 'Debug print mbedtls_mpi: 0 (empty representation)',
- 'Debug print mbedtls_mpi: 0 (non-empty representation)',
- 'Debug print mbedtls_mpi: 49 bits',
- 'Debug print mbedtls_mpi: 759 bits',
- 'Debug print mbedtls_mpi: 764 bits #1',
- 'Debug print mbedtls_mpi: 764 bits #2',
+ re.compile(r'Debug print mbedtls_mpi.*'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -444,91 +394,31 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
- 'dhm',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
+ # See no_ecp_at_all
'test_suite_pkparse': [
- # See the description provided above in the
- # analyze_driver_vs_reference_no_ecp_at_all component.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
- # Following tests depends on BIGNUM_C
- 'Debug print mbedtls_mpi #2: 3 bits',
- 'Debug print mbedtls_mpi: 0 (empty representation)',
- 'Debug print mbedtls_mpi: 0 (non-empty representation)',
- 'Debug print mbedtls_mpi: 49 bits',
- 'Debug print mbedtls_mpi: 759 bits',
- 'Debug print mbedtls_mpi: 764 bits #1',
- 'Debug print mbedtls_mpi: 764 bits #2',
+ re.compile(r'Debug print mbedtls_mpi.*'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -550,73 +440,17 @@
'component_ref': 'test_tfm_config',
'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'asn1parse',
- 'asn1write',
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
+ # Modules replaced by drivers
+ 'asn1parse', 'asn1write',
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
- # Ignore all tests that require DERIVE support which is disabled
- # in the driver version
- 'test_suite_psa_crypto': [
- 'PSA key agreement setup: ECDH + HKDF-SHA-256: good',
- ('PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader '
- 'than required'),
- 'PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve',
- 'PSA key agreement setup: KDF instead of a key agreement algorithm',
- 'PSA key agreement setup: bad key agreement algorithm',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, info first',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, key output',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- 'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)',
- ],
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto_pake': [
- 'PSA PAKE: ecjpake size macros',
- ],
}
}
}
@@ -654,7 +488,7 @@
tasks_list = re.split(r'[, ]+', options.specified_tasks)
for task in tasks_list:
if task not in KNOWN_TASKS:
- sys.stderr.write('invalid task: {}'.format(task))
+ sys.stderr.write('invalid task: {}\n'.format(task))
sys.exit(2)
KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index e925641..96529de 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -262,16 +262,16 @@
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
'MBEDTLS_LMS_PRIVATE'],
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'],
'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
}