Add test components for tls 1.2 builds with single encryption type
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c0e0d30..935053a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1268,6 +1268,163 @@
# no SSL tests as they all depend on having a DRBG
}
+component_test_tls1_2_default_stream_cipher_only () {
+ msg "build: default with only stream cipher"
+
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+
+ make
+
+ msg "test: default with only stream cipher"
+ make test
+
+ # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
+}
+
+component_test_tls1_2_default_stream_cipher_only_use_psa () {
+ msg "build: default with only stream cipher use psa"
+
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+
+ make
+
+ msg "test: default with only stream cipher use psa"
+ make test
+
+ # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
+}
+
+component_test_tls1_2_default_cbc_legacy_cipher_only () {
+ msg "build: default with only CBC-legacy cipher"
+
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+
+ make
+
+ msg "test: default with only CBC-legacy cipher"
+ make test
+
+ msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
+component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
+ msg "build: default with only CBC-legacy cipher use psa"
+
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+
+ make
+
+ msg "test: default with only CBC-legacy cipher use psa"
+ make test
+
+ msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
+component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
+ msg "build: default with only CBC-legacy and CBC-EtM ciphers"
+
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+
+ make
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers"
+ make test
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
+component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
+ msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
+
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+
+ make
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
+ make test
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
component_test_new_ecdh_context () {
msg "build: new ECDH context (ASan build)" # ~ 6 min
scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT