TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 35b0b02e4ac6ce577d2f90f71b2aa3b319f9661e / . / tests / scripts / components-configuration-crypto.sh
blob: bbbd1a45e07ca6af022ce6a3e187d2c346e09142 [file] [log] [blame]
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]1# components-configuration-crypto.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
Minos Galanakis609f7492024-07-31 16:39:28 +0100[diff] [blame]6# This file contains test components that are executed by all.sh
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]7
8################################################################
9#### Configuration Testing - Crypto
10################################################################
11
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]12component_test_psa_crypto_key_id_encodes_owner () {
13 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
14 scripts/config.py full
15 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
16 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
17 make
18
19 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
20 make test
21}
22
23component_test_psa_assume_exclusive_buffers () {
24 msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
25 scripts/config.py full
26 scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
27 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
28 make
29
30 msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
31 make test
32}
33
Valerio Settidbb646b2024-06-20 14:40:54 +0200[diff] [blame]34component_test_crypto_with_static_key_slots() {
35 msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
36 scripts/config.py crypto_full
37 scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
38
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]39 msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
Valerio Settidbb646b2024-06-20 14:40:54 +0200[diff] [blame]40 make test
41}
42
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]43# check_renamed_symbols HEADER LIB
44# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
Minos Galanakis609f7492024-07-31 16:39:28 +0100[diff] [blame]45# name in LIB.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]46check_renamed_symbols () {
47 ! nm "$2" | sed 's/.* //' |
48 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
49}
50
51component_build_psa_crypto_spm () {
52 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
53 scripts/config.py full
54 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
55 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
56 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
57 # We can only compile, not link, since our test and sample programs
58 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
59 # is active.
60 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
61
62 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
63 # version is not present.
64 echo "Checking for renamed symbols in the library"
65 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
66}
67
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]68# The goal of this component is to build a configuration where:
69# - test code and libtestdriver1 can make use of calloc/free and
70# - core library (including PSA core) cannot use calloc/free.
71component_test_psa_crypto_without_heap() {
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]72 msg "crypto without heap: build libtestdriver1"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]73 # Disable PSA features that cannot be accelerated and whose builtin support
74 # requires calloc/free.
75 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]76 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
77 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
78 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]79 # RSA key support requires ASN1 parse/write support for testing, but ASN1
80 # is disabled below.
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]81 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
82 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]83 # DES requires built-in support for key generation (parity check) so it
84 # cannot be accelerated
85 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
86 # EC-JPAKE use calloc/free in PSA core
87 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
88
89 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
90 PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
91 loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
92
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]93 helper_libtestdriver1_adjust_config crypto
94 helper_libtestdriver1_make_drivers "$loc_accel_list"
95
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]96 msg "crypto without heap: build main library"
Valerio Setti35b0b022024-08-13 13:36:50 +0200[diff] [blame^]97 # Disable all legacy MBEDTLS_xxx symbols.
98 scripts/config.py unset-all "^MBEDTLS_"
99 # Build the PSA core using the proper config file.
100 scripts/config.py set MBEDTLS_PSA_CRYPTO_C
101 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]102 # Enable fully-static key slots in PSA core.
103 scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
Valerio Setti35b0b022024-08-13 13:36:50 +0200[diff] [blame^]104 # Prevent PSA core from creating a copy of input/output buffers.
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]105 scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
106 # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation.
107 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]108 # Set calloc/free as null pointer functions. Calling them would crash
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]109 # the program so we can use this as a "sentinel" for being sure no module
110 # is making use of these functions in the library.
Valerio Setti35b0b022024-08-13 13:36:50 +0200[diff] [blame^]111 scripts/config.py set MBEDTLS_PLATFORM_C
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]112 scripts/config.py set MBEDTLS_PLATFORM_MEMORY
113 scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL
114 scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL
115
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]116 helper_libtestdriver1_make_main "$loc_accel_list" lib
117
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]118 msg "crypto without heap: build test suites and helpers"
119 # Reset calloc/free functions to normal operations so that test code can
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]120 # freely use them.
121 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
122 scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC
123 scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE
124 helper_libtestdriver1_make_main "$loc_accel_list" tests
125
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]126 msg "crypto without heap: test"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]127 make test
128}
129
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]130component_test_no_rsa_key_pair_generation () {
Minos Galanakisdc0f73a2024-07-26 20:41:42 +0100[diff] [blame]131 msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
132 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
133 scripts/config.py unset MBEDTLS_GENPRIME
134 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
135 make
136
137 msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
138 make test
139}
140
Minos Galanakisc06fd302024-08-01 12:16:59 +0100[diff] [blame]141component_test_no_pem_no_fs () {
142 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
143 scripts/config.py unset MBEDTLS_PEM_PARSE_C
144 scripts/config.py unset MBEDTLS_FS_IO
145 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
146 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
147 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
148 make
149
150 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
151 make test
152
153 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
154 tests/ssl-opt.sh
155}
156
157component_test_rsa_no_crt () {
158 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
159 scripts/config.py set MBEDTLS_RSA_NO_CRT
160 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
161 make
162
163 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
164 make test
165
166 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
167 tests/ssl-opt.sh -f RSA
168
169 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
170 tests/compat.sh -t RSA
171
172 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
173 tests/context-info.sh
174}
175
176component_test_no_ctr_drbg_classic () {
177 msg "build: Full minus CTR_DRBG, classic crypto in TLS"
178 scripts/config.py full
179 scripts/config.py unset MBEDTLS_CTR_DRBG_C
180 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
181 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
182
183 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
184 make
185
186 msg "test: Full minus CTR_DRBG, classic crypto - main suites"
187 make test
188
189 # In this configuration, the TLS test programs use HMAC_DRBG.
190 # The SSL tests are slow, so run a small subset, just enough to get
191 # confidence that the SSL code copes with HMAC_DRBG.
192 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
193 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
194
195 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
196 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
197}
198
199component_test_no_ctr_drbg_use_psa () {
200 msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
201 scripts/config.py full
202 scripts/config.py unset MBEDTLS_CTR_DRBG_C
203 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
204
205 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
206 make
207
208 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
209 make test
210
211 # In this configuration, the TLS test programs use HMAC_DRBG.
212 # The SSL tests are slow, so run a small subset, just enough to get
213 # confidence that the SSL code copes with HMAC_DRBG.
214 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
215 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
216
217 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
218 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
219}
220
221component_test_no_hmac_drbg_classic () {
222 msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
223 scripts/config.py full
224 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
225 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
226 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
227 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
228
229 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
230 make
231
232 msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
233 make test
234
235 # Normally our ECDSA implementation uses deterministic ECDSA. But since
236 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
237 # instead.
238 # Test SSL with non-deterministic ECDSA. Only test features that
239 # might be affected by how ECDSA signature is performed.
240 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
241 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
242
243 # To save time, only test one protocol version, since this part of
244 # the protocol is identical in (D)TLS up to 1.2.
245 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
246 tests/compat.sh -m tls12 -t 'ECDSA'
247}
248
249component_test_no_hmac_drbg_use_psa () {
250 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
251 scripts/config.py full
252 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
253 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
254 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
255
256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
257 make
258
259 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
260 make test
261
262 # Normally our ECDSA implementation uses deterministic ECDSA. But since
263 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
264 # instead.
265 # Test SSL with non-deterministic ECDSA. Only test features that
266 # might be affected by how ECDSA signature is performed.
267 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
268 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
269
270 # To save time, only test one protocol version, since this part of
271 # the protocol is identical in (D)TLS up to 1.2.
272 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
273 tests/compat.sh -m tls12 -t 'ECDSA'
274}
275
276component_test_psa_external_rng_no_drbg_classic () {
277 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
278 scripts/config.py full
279 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
280 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
281 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
282 scripts/config.py unset MBEDTLS_ENTROPY_C
283 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
284 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
285 scripts/config.py unset MBEDTLS_CTR_DRBG_C
286 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
287 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
288 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
289 # the SSL test programs don't have an RNG and can't work. Explicitly
290 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
291 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
292
293 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
294 make test
295
296 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
297 tests/ssl-opt.sh -f 'Default'
298}
299
300component_test_psa_external_rng_no_drbg_use_psa () {
301 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
302 scripts/config.py full
303 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
304 scripts/config.py unset MBEDTLS_ENTROPY_C
305 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
306 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
307 scripts/config.py unset MBEDTLS_CTR_DRBG_C
308 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
309 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
310 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
311
312 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
313 make test
314
315 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
316 tests/ssl-opt.sh -f 'Default\|opaque'
317}
318
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]319component_test_psa_external_rng_use_psa_crypto () {
320 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
321 scripts/config.py full
322 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
323 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
324 scripts/config.py unset MBEDTLS_CTR_DRBG_C
325 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
326
327 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
328 make test
329
330 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
331 tests/ssl-opt.sh -f 'Default\|opaque'
332}
333
334component_test_psa_inject_entropy () {
335 msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
336 scripts/config.py full
337 scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
338 scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
339 scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
340 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
341 scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
342 scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
343 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
344
345 msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
346 make test
347}
348
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]349component_full_no_pkparse_pkwrite () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]350 msg "build: full without pkparse and pkwrite"
351
352 scripts/config.py crypto_full
353 scripts/config.py unset MBEDTLS_PK_PARSE_C
354 scripts/config.py unset MBEDTLS_PK_WRITE_C
355
356 make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
357
358 # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
359 not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o
360 not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o
361
362 msg "test: full without pkparse and pkwrite"
363 make test
364}
365
366component_test_crypto_full_md_light_only () {
367 msg "build: crypto_full with only the light subset of MD"
368 scripts/config.py crypto_full
369
370 # Disable MD
371 scripts/config.py unset MBEDTLS_MD_C
372 # Disable direct dependencies of MD_C
373 scripts/config.py unset MBEDTLS_HKDF_C
374 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
375 scripts/config.py unset MBEDTLS_PKCS7_C
376 # Disable indirect dependencies of MD_C
377 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
378 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
379 # Disable things that would auto-enable MD_C
380 scripts/config.py unset MBEDTLS_PKCS5_C
381
382 # Note: MD-light is auto-enabled in build_info.h by modules that need it,
383 # which we haven't disabled, so no need to explicitly enable it.
384 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
385
386 # Make sure we don't have the HMAC functions, but the hashing functions
387 not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
388 grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o
389
390 msg "test: crypto_full with only the light subset of MD"
391 make test
392}
393
Minos Galanakiscd5668f2024-07-26 20:36:23 +0100[diff] [blame]394component_test_full_no_cipher () {
395 msg "build: full no CIPHER"
396
397 scripts/config.py full
398 scripts/config.py unset MBEDTLS_CIPHER_C
399
400 # The built-in implementation of the following algs/key-types depends
401 # on CIPHER_C so we disable them.
402 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
403 # so we keep them enabled.
404 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
405 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
406 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
407 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
408 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
409 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
410 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
411 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
412 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
413 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
414 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
415
416 # The following modules directly depends on CIPHER_C
417 scripts/config.py unset MBEDTLS_CMAC_C
418 scripts/config.py unset MBEDTLS_NIST_KW_C
419
420 make
421
422 # Ensure that CIPHER_C was not re-enabled
423 not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o
424
425 msg "test: full no CIPHER"
426 make test
427}
428
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]429component_test_full_no_ccm () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]430 msg "build: full no PSA_WANT_ALG_CCM"
431
432 # Full config enables:
433 # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
434 # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
435 scripts/config.py full
436
437 # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still
438 # enabled, but not used from TLS since USE_PSA is set.
439 # This is helpful to ensure that TLS tests below have proper dependencies.
440 #
441 # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause
442 # PSA_WANT_ALG_CCM to be re-enabled.
443 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
444
445 make
446
447 msg "test: full no PSA_WANT_ALG_CCM"
448 make test
449}
450
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]451component_test_full_no_ccm_star_no_tag () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]452 msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
453
454 # Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
455 scripts/config.py full
456
457 # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all
458 # other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol.
459 # This basically disables all unauthenticated ciphers on the PSA side, while
460 # keeping AEADs enabled.
461 #
462 # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause
463 # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
464 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
465 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
466 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
467 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
468 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
469 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
470 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
471 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
472
473 make
474
475 # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled
476 not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o
477
478 msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
479 make test
480}
481
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]482component_test_config_symmetric_only () {
483 msg "build: configs/config-symmetric-only.h"
Gilles Peskineaf5a8992024-09-14 11:27:44 +0200[diff] [blame]484 cp configs/config-symmetric-only.h "$CONFIG_H"
Gilles Peskineaf5a8992024-09-14 11:27:44 +0200[diff] [blame]485 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
486 # want to re-generate generated files that depend on it, quite correctly.
487 # However this doesn't work as the generation script expects a specific
488 # format for mbedtls_config.h, which the other files don't follow. Also,
489 # cmake can't know this, but re-generation is actually not necessary as
490 # the generated files only depend on the list of available options, not
491 # whether they're on or off. So, disable cmake's (over-sensitive here)
492 # dependency resolution for generated files and just rely on them being
493 # present (thanks to pre_generate_files) by turning GEN_FILES off.
494 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
495 make
496
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]497 msg "test: configs/config-symmetric-only.h - unit tests"
Gilles Peskineaf5a8992024-09-14 11:27:44 +0200[diff] [blame]498 make test
499}
500
Minos Galanakisc06fd302024-08-01 12:16:59 +0100[diff] [blame]501component_test_everest () {
502 msg "build: Everest ECDH context (ASan build)" # ~ 6 min
503 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
504 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
505 make
506
507 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
508 make test
509
510 msg "test: metatests (clang, ASan)"
511 tests/scripts/run-metatests.sh any asan poison
512
513 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
514 tests/ssl-opt.sh -f ECDH
515
516 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
517 # Exclude some symmetric ciphers that are redundant here to gain time.
518 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
519}
520
521component_test_everest_curve25519_only () {
522 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
523 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
524 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
525 scripts/config.py unset MBEDTLS_ECDSA_C
526 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
527 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
528 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
529 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
530 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
531 scripts/config.py unset MBEDTLS_ECJPAKE_C
532 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
533
534 # Disable all curves
535 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
536 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
537 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
538
539 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
540
541 msg "test: Everest ECDH context, only Curve25519" # ~ 50s
542 make test
543}
544
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]545component_test_psa_collect_statuses () {
546 msg "build+test: psa_collect_statuses" # ~30s
547 scripts/config.py full
548 tests/scripts/psa_collect_statuses.py
549 # Check that psa_crypto_init() succeeded at least once
550 grep -q '^0:psa_crypto_init:' tests/statuses.log
551 rm -f tests/statuses.log
552}
553
554# Check that the specified libraries exist and are empty.
555are_empty_libraries () {
556 nm "$@" >/dev/null 2>/dev/null
557 ! nm "$@" 2>/dev/null | grep -v ':$' | grep .
558}
559
560component_build_crypto_default () {
561 msg "build: make, crypto only"
562 scripts/config.py crypto
563 make CFLAGS='-O1 -Werror'
564 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
565}
566
567component_build_crypto_full () {
568 msg "build: make, crypto only, full config"
569 scripts/config.py crypto_full
570 make CFLAGS='-O1 -Werror'
571 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
572}
573
574component_test_crypto_for_psa_service () {
575 msg "build: make, config for PSA crypto service"
576 scripts/config.py crypto
577 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
578 # Disable things that are not needed for just cryptography, to
579 # reach a configuration that would be typical for a PSA cryptography
580 # service providing all implemented PSA algorithms.
581 # System stuff
582 scripts/config.py unset MBEDTLS_ERROR_C
583 scripts/config.py unset MBEDTLS_TIMING_C
584 scripts/config.py unset MBEDTLS_VERSION_FEATURES
585 # Crypto stuff with no PSA interface
586 scripts/config.py unset MBEDTLS_BASE64_C
587 # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
588 scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent
589 # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG.
590 scripts/config.py unset MBEDTLS_NIST_KW_C
591 scripts/config.py unset MBEDTLS_PEM_PARSE_C
592 scripts/config.py unset MBEDTLS_PEM_WRITE_C
593 scripts/config.py unset MBEDTLS_PKCS12_C
594 scripts/config.py unset MBEDTLS_PKCS5_C
595 # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
596 # in PSA code to work with RSA keys. We don't require users to set those:
597 # they will be reenabled in build_info.h.
598 scripts/config.py unset MBEDTLS_PK_C
599 scripts/config.py unset MBEDTLS_PK_PARSE_C
600 scripts/config.py unset MBEDTLS_PK_WRITE_C
601 make CFLAGS='-O1 -Werror' all test
602 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
603}
604
605component_build_crypto_baremetal () {
606 msg "build: make, crypto only, baremetal config"
607 scripts/config.py crypto_baremetal
608 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
609 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
610}
611
612support_build_crypto_baremetal () {
613 support_build_baremetal "$@"
614}
615
616# depends.py family of tests
617component_test_depends_py_cipher_id () {
618 msg "test/build: depends.py cipher_id (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]619 tests/scripts/depends.py cipher_id
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]620}
621
622component_test_depends_py_cipher_chaining () {
623 msg "test/build: depends.py cipher_chaining (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]624 tests/scripts/depends.py cipher_chaining
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]625}
626
627component_test_depends_py_cipher_padding () {
628 msg "test/build: depends.py cipher_padding (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]629 tests/scripts/depends.py cipher_padding
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]630}
631
632component_test_depends_py_curves () {
633 msg "test/build: depends.py curves (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]634 tests/scripts/depends.py curves
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]635}
636
637component_test_depends_py_hashes () {
638 msg "test/build: depends.py hashes (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]639 tests/scripts/depends.py hashes
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]640}
641
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]642component_test_depends_py_pkalgs () {
643 msg "test/build: depends.py pkalgs (gcc)"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]644 tests/scripts/depends.py pkalgs
645}
646
647component_test_psa_crypto_config_ffdh_2048_only () {
648 msg "build: full config - only DH 2048"
649
650 scripts/config.py full
651
652 # Disable all DH groups other than 2048.
653 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
654 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
655 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
656 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
657
658 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
659
660 msg "test: full config - only DH 2048"
661 make test
662
663 msg "ssl-opt: full config - only DH 2048"
664 tests/ssl-opt.sh -f "ffdh"
665}
666
667component_build_no_pk_rsa_alt_support () {
668 msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
669
670 scripts/config.py full
671 scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT
672 scripts/config.py set MBEDTLS_RSA_C
673 scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
674
675 # Only compile - this is primarily to test for compile issues
676 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
677}
678
679component_build_module_alt () {
680 msg "build: MBEDTLS_XXX_ALT" # ~30s
681 scripts/config.py full
682
683 # Disable options that are incompatible with some ALT implementations:
684 # aesni.c references mbedtls_aes_context fields directly.
685 scripts/config.py unset MBEDTLS_AESNI_C
686 scripts/config.py unset MBEDTLS_AESCE_C
687 # MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
688 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
689 # You can only have one threading implementation: alt or pthread, not both.
690 scripts/config.py unset MBEDTLS_THREADING_PTHREAD
691 # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
692 # directly and assumes the implementation works with partial groups.
693 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
694 # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*
695 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
696 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
697 # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
698 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
699 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
700
701 # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
702 # MBEDTLS_XXX_YYY_ALT which are for single functions.
703 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
704
705 # We can only compile, not link, since we don't have any implementations
706 # suitable for testing with the dummy alt headers.
707 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
708}
709
710component_test_psa_crypto_config_accel_ecdsa () {
711 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
712
713 # Algorithms and key types to accelerate
714 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
715 $(helper_get_psa_key_type_list "ECC") \
716 $(helper_get_psa_curve_list)"
717
718 # Configure
719 # ---------
720
Elena Uziunaite91d83862024-09-04 14:51:31 +0100[diff] [blame]721 # Start from default config + TLS 1.3
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]722 helper_libtestdriver1_adjust_config "default"
723
Elena Uziunaite91d83862024-09-04 14:51:31 +0100[diff] [blame]724 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
725
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]726 # Disable the module that's accelerated
727 scripts/config.py unset MBEDTLS_ECDSA_C
728
729 # Disable things that depend on it
730 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
731 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
732
733 # Build
734 # -----
735
736 # These hashes are needed for some ECDSA signature tests.
Elena Uziunaiteffce45c2024-09-12 14:58:52 +0100[diff] [blame]737 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]738 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
739
740 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
741
742 helper_libtestdriver1_make_main "$loc_accel_list"
743
744 # Make sure this was not re-enabled by accident (additive config)
745 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
746
747 # Run the tests
748 # -------------
749
750 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
751 make test
752}
753
754component_test_psa_crypto_config_accel_ecdh () {
755 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
756
757 # Algorithms and key types to accelerate
758 loc_accel_list="ALG_ECDH \
759 $(helper_get_psa_key_type_list "ECC") \
760 $(helper_get_psa_curve_list)"
761
762 # Configure
763 # ---------
764
765 # Start from default config (no USE_PSA)
766 helper_libtestdriver1_adjust_config "default"
767
768 # Disable the module that's accelerated
769 scripts/config.py unset MBEDTLS_ECDH_C
770
771 # Disable things that depend on it
772 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
773 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
774 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
775 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
776 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
777
778 # Build
779 # -----
780
781 helper_libtestdriver1_make_drivers "$loc_accel_list"
782
783 helper_libtestdriver1_make_main "$loc_accel_list"
784
785 # Make sure this was not re-enabled by accident (additive config)
786 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
787
788 # Run the tests
789 # -------------
790
791 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
792 make test
793}
794
795component_test_psa_crypto_config_accel_ffdh () {
796 msg "build: full with accelerated FFDH"
797
798 # Algorithms and key types to accelerate
799 loc_accel_list="ALG_FFDH \
800 $(helper_get_psa_key_type_list "DH") \
801 $(helper_get_psa_dh_group_list)"
802
803 # Configure
804 # ---------
805
806 # start with full (USE_PSA and TLS 1.3)
807 helper_libtestdriver1_adjust_config "full"
808
809 # Disable the module that's accelerated
810 scripts/config.py unset MBEDTLS_DHM_C
811
812 # Disable things that depend on it
813 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
814 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
815
816 # Build
817 # -----
818
819 helper_libtestdriver1_make_drivers "$loc_accel_list"
820
821 helper_libtestdriver1_make_main "$loc_accel_list"
822
823 # Make sure this was not re-enabled by accident (additive config)
824 not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
825
826 # Run the tests
827 # -------------
828
829 msg "test: full with accelerated FFDH"
830 make test
831
832 msg "ssl-opt: full with accelerated FFDH alg"
833 tests/ssl-opt.sh -f "ffdh"
834}
835
836component_test_psa_crypto_config_reference_ffdh () {
837 msg "build: full with non-accelerated FFDH"
838
839 # Start with full (USE_PSA and TLS 1.3)
840 helper_libtestdriver1_adjust_config "full"
841
842 # Disable things that are not supported
843 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
844 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
845 make
846
847 msg "test suites: full with non-accelerated FFDH alg"
848 make test
849
850 msg "ssl-opt: full with non-accelerated FFDH alg"
851 tests/ssl-opt.sh -f "ffdh"
852}
853
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]854component_test_psa_crypto_config_accel_pake () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]855 msg "build: full with accelerated PAKE"
856
857 loc_accel_list="ALG_JPAKE \
858 $(helper_get_psa_key_type_list "ECC") \
859 $(helper_get_psa_curve_list)"
860
861 # Configure
862 # ---------
863
864 helper_libtestdriver1_adjust_config "full"
865
866 # Make built-in fallback not available
867 scripts/config.py unset MBEDTLS_ECJPAKE_C
868 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
869
870 # Build
871 # -----
872
873 helper_libtestdriver1_make_drivers "$loc_accel_list"
874
875 helper_libtestdriver1_make_main "$loc_accel_list"
876
877 # Make sure this was not re-enabled by accident (additive config)
878 not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o
879
880 # Run the tests
881 # -------------
882
883 msg "test: full with accelerated PAKE"
884 make test
885}
886
887component_test_psa_crypto_config_accel_ecc_some_key_types () {
888 msg "build: full with accelerated EC algs and some key types"
889
890 # Algorithms and key types to accelerate
891 # For key types, use an explicitly list to omit GENERATE (and DERIVE)
892 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
893 ALG_ECDH \
894 ALG_JPAKE \
895 KEY_TYPE_ECC_PUBLIC_KEY \
896 KEY_TYPE_ECC_KEY_PAIR_BASIC \
897 KEY_TYPE_ECC_KEY_PAIR_IMPORT \
898 KEY_TYPE_ECC_KEY_PAIR_EXPORT \
899 $(helper_get_psa_curve_list)"
900
901 # Configure
902 # ---------
903
904 # start with config full for maximum coverage (also enables USE_PSA)
905 helper_libtestdriver1_adjust_config "full"
906
907 # Disable modules that are accelerated - some will be re-enabled
908 scripts/config.py unset MBEDTLS_ECDSA_C
909 scripts/config.py unset MBEDTLS_ECDH_C
910 scripts/config.py unset MBEDTLS_ECJPAKE_C
911 scripts/config.py unset MBEDTLS_ECP_C
912
913 # Disable all curves - those that aren't accelerated should be re-enabled
914 helper_disable_builtin_curves
915
916 # Restartable feature is not yet supported by PSA. Once it will in
917 # the future, the following line could be removed (see issues
918 # 6061, 6332 and following ones)
919 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
920
921 # this is not supported by the driver API yet
922 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
923
924 # Build
925 # -----
926
927 # These hashes are needed for some ECDSA signature tests.
928 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
929 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
930 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
931
932 helper_libtestdriver1_make_main "$loc_accel_list"
933
934 # ECP should be re-enabled but not the others
935 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
936 not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
937 not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
938 grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o
939
940 # Run the tests
941 # -------------
942
943 msg "test suites: full with accelerated EC algs and some key types"
944 make test
945}
946
947# Run tests with only (non-)Weierstrass accelerated
948# Common code used in:
949# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
950# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]951common_test_psa_crypto_config_accel_ecc_some_curves () {
952 weierstrass=$1
953 if [ $weierstrass -eq 1 ]; then
954 desc="Weierstrass"
955 else
956 desc="non-Weierstrass"
957 fi
958
959 msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
960
961 # Note: Curves are handled in a special way by the libtestdriver machinery,
962 # so we only want to include them in the accel list when building the main
963 # libraries, hence the use of a separate variable.
964 # Note: the following loop is a modified version of
965 # helper_get_psa_curve_list that only keeps Weierstrass families.
966 loc_weierstrass_list=""
967 loc_non_weierstrass_list=""
968 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
969 case $item in
970 ECC_BRAINPOOL*|ECC_SECP*)
971 loc_weierstrass_list="$loc_weierstrass_list $item"
972 ;;
973 *)
974 loc_non_weierstrass_list="$loc_non_weierstrass_list $item"
975 ;;
976 esac
977 done
978 if [ $weierstrass -eq 1 ]; then
979 loc_curve_list=$loc_weierstrass_list
980 else
981 loc_curve_list=$loc_non_weierstrass_list
982 fi
983
984 # Algorithms and key types to accelerate
985 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
986 ALG_ECDH \
987 ALG_JPAKE \
988 $(helper_get_psa_key_type_list "ECC") \
989 $loc_curve_list"
990
991 # Configure
992 # ---------
993
994 # Start with config crypto_full and remove PK_C:
995 # that's what's supported now, see docs/driver-only-builds.md.
996 helper_libtestdriver1_adjust_config "crypto_full"
997 scripts/config.py unset MBEDTLS_PK_C
998 scripts/config.py unset MBEDTLS_PK_PARSE_C
999 scripts/config.py unset MBEDTLS_PK_WRITE_C
1000
1001 # Disable modules that are accelerated - some will be re-enabled
1002 scripts/config.py unset MBEDTLS_ECDSA_C
1003 scripts/config.py unset MBEDTLS_ECDH_C
1004 scripts/config.py unset MBEDTLS_ECJPAKE_C
1005 scripts/config.py unset MBEDTLS_ECP_C
1006
1007 # Disable all curves - those that aren't accelerated should be re-enabled
1008 helper_disable_builtin_curves
1009
1010 # Restartable feature is not yet supported by PSA. Once it will in
1011 # the future, the following line could be removed (see issues
1012 # 6061, 6332 and following ones)
1013 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1014
1015 # this is not supported by the driver API yet
1016 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1017
1018 # Build
1019 # -----
1020
1021 # These hashes are needed for some ECDSA signature tests.
1022 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1023 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1024 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1025
1026 helper_libtestdriver1_make_main "$loc_accel_list"
1027
1028 # We expect ECDH to be re-enabled for the missing curves
1029 grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1030 # We expect ECP to be re-enabled, however the parts specific to the
1031 # families of curves that are accelerated should be ommited.
1032 # - functions with mxz in the name are specific to Montgomery curves
1033 # - ecp_muladd is specific to Weierstrass curves
1034 ##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms
1035 if [ $weierstrass -eq 1 ]; then
1036 not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
1037 grep mxz ${BUILTIN_SRC_PATH}/ecp.o
1038 else
1039 grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
1040 not grep mxz ${BUILTIN_SRC_PATH}/ecp.o
1041 fi
1042 # We expect ECDSA and ECJPAKE to be re-enabled only when
1043 # Weierstrass curves are not accelerated
1044 if [ $weierstrass -eq 1 ]; then
1045 not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
1046 not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
1047 else
1048 grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
1049 grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
1050 fi
1051
1052 # Run the tests
1053 # -------------
1054
1055 msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
1056 make test
1057}
1058
1059component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {
1060 common_test_psa_crypto_config_accel_ecc_some_curves 1
1061}
1062
1063component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () {
1064 common_test_psa_crypto_config_accel_ecc_some_curves 0
1065}
1066
1067# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
1068# ECDH, ECDSA) with and without drivers.
1069# The input parameter is a boolean value which indicates:
1070# - 0 keep built-in EC algs,
1071# - 1 exclude built-in EC algs (driver only).
1072#
1073# This is used by the two following components to ensure they always use the
1074# same config, except for the use of driver or built-in EC algorithms:
1075# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
1076# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
1077# This supports comparing their test coverage with analyze_outcomes.py.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1078config_psa_crypto_config_ecp_light_only () {
1079 driver_only="$1"
1080 # start with config full for maximum coverage (also enables USE_PSA)
1081 helper_libtestdriver1_adjust_config "full"
1082 if [ "$driver_only" -eq 1 ]; then
1083 # Disable modules that are accelerated
1084 scripts/config.py unset MBEDTLS_ECDSA_C
1085 scripts/config.py unset MBEDTLS_ECDH_C
1086 scripts/config.py unset MBEDTLS_ECJPAKE_C
1087 scripts/config.py unset MBEDTLS_ECP_C
1088 fi
1089
1090 # Restartable feature is not yet supported by PSA. Once it will in
1091 # the future, the following line could be removed (see issues
1092 # 6061, 6332 and following ones)
1093 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1094}
1095
1096# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1097component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
1098 msg "build: full with accelerated EC algs"
1099
1100 # Algorithms and key types to accelerate
1101 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
1102 ALG_ECDH \
1103 ALG_JPAKE \
1104 $(helper_get_psa_key_type_list "ECC") \
1105 $(helper_get_psa_curve_list)"
1106
1107 # Configure
1108 # ---------
1109
1110 # Use the same config as reference, only without built-in EC algs
1111 config_psa_crypto_config_ecp_light_only 1
1112
1113 # Do not disable builtin curves because that support is required for:
1114 # - MBEDTLS_PK_PARSE_EC_EXTENDED
1115 # - MBEDTLS_PK_PARSE_EC_COMPRESSED
1116
1117 # Build
1118 # -----
1119
1120 # These hashes are needed for some ECDSA signature tests.
1121 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1122 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1123 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1124
1125 helper_libtestdriver1_make_main "$loc_accel_list"
1126
1127 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1128 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1129 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1130 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1131 not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o
1132
1133 # Run the tests
1134 # -------------
1135
1136 msg "test suites: full with accelerated EC algs"
1137 make test
1138
1139 msg "ssl-opt: full with accelerated EC algs"
1140 tests/ssl-opt.sh
1141}
1142
1143# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1144component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
1145 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
1146
1147 config_psa_crypto_config_ecp_light_only 0
1148
1149 make
1150
1151 msg "test suites: full with non-accelerated EC algs"
1152 make test
1153
1154 msg "ssl-opt: full with non-accelerated EC algs"
1155 tests/ssl-opt.sh
1156}
1157
1158# This helper function is used by:
1159# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
1160# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
1161# to ensure that both tests use the same underlying configuration when testing
1162# driver's coverage with analyze_outcomes.py.
1163#
1164# This functions accepts 1 boolean parameter as follows:
1165# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
1166# excluding their built-in implementation as well as ECP_C & ECP_LIGHT
1167# - 0: include built-in implementation of EC algorithms.
1168#
1169# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
1170# on the ECP module.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1171config_psa_crypto_no_ecp_at_all () {
1172 driver_only="$1"
1173 # start with full config for maximum coverage (also enables USE_PSA)
1174 helper_libtestdriver1_adjust_config "full"
1175
1176 if [ "$driver_only" -eq 1 ]; then
1177 # Disable modules that are accelerated
1178 scripts/config.py unset MBEDTLS_ECDSA_C
1179 scripts/config.py unset MBEDTLS_ECDH_C
1180 scripts/config.py unset MBEDTLS_ECJPAKE_C
1181 # Disable ECP module (entirely)
1182 scripts/config.py unset MBEDTLS_ECP_C
1183 fi
1184
1185 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
1186 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
1187 scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
1188 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1189
1190 # Restartable feature is not yet supported by PSA. Once it will in
1191 # the future, the following line could be removed (see issues
1192 # 6061, 6332 and following ones)
1193 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1194}
1195
1196# Build and test a configuration where driver accelerates all EC algs while
1197# all support and dependencies from ECP and ECP_LIGHT are removed on the library
1198# side.
1199#
1200# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1201component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
1202 msg "build: full + accelerated EC algs - ECP"
1203
1204 # Algorithms and key types to accelerate
1205 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
1206 ALG_ECDH \
1207 ALG_JPAKE \
1208 $(helper_get_psa_key_type_list "ECC") \
1209 $(helper_get_psa_curve_list)"
1210
1211 # Configure
1212 # ---------
1213
1214 # Set common configurations between library's and driver's builds
1215 config_psa_crypto_no_ecp_at_all 1
1216 # Disable all the builtin curves. All the required algs are accelerated.
1217 helper_disable_builtin_curves
1218
1219 # Build
1220 # -----
1221
1222 # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
1223 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
1224 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1225 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1226
1227 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1228
1229 helper_libtestdriver1_make_main "$loc_accel_list"
1230
1231 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1232 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1233 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1234 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1235 # Also ensure that ECP module was not re-enabled
1236 not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
1237
1238 # Run the tests
1239 # -------------
1240
1241 msg "test: full + accelerated EC algs - ECP"
1242 make test
1243
1244 msg "ssl-opt: full + accelerated EC algs - ECP"
1245 tests/ssl-opt.sh
1246}
1247
1248# Reference function used for driver's coverage analysis in analyze_outcomes.py
1249# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
1250# Keep in sync with its accelerated counterpart.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1251component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
1252 msg "build: full + non accelerated EC algs"
1253
1254 config_psa_crypto_no_ecp_at_all 0
1255
1256 make
1257
1258 msg "test: full + non accelerated EC algs"
1259 make test
1260
1261 msg "ssl-opt: full + non accelerated EC algs"
1262 tests/ssl-opt.sh
1263}
1264
1265# This is a common configuration helper used directly from:
1266# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
1267# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
1268# and indirectly from:
1269# - component_test_psa_crypto_config_accel_ecc_no_bignum
1270# - accelerate all EC algs, disable RSA and FFDH
1271# - component_test_psa_crypto_config_reference_ecc_no_bignum
1272# - this is the reference component of the above
1273# - it still disables RSA and FFDH, but it uses builtin EC algs
1274# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
1275# - accelerate all EC and FFDH algs, disable only RSA
1276# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
1277# - this is the reference component of the above
1278# - it still disables RSA, but it uses builtin EC and FFDH algs
1279#
1280# This function accepts 2 parameters:
1281# $1: a boolean value which states if we are testing an accelerated scenario
1282# or not.
1283# $2: a string value which states which components are tested. Allowed values
1284# are "ECC" or "ECC_DH".
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1285config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1286 driver_only="$1"
1287 test_target="$2"
1288 # start with full config for maximum coverage (also enables USE_PSA)
1289 helper_libtestdriver1_adjust_config "full"
1290
1291 if [ "$driver_only" -eq 1 ]; then
1292 # Disable modules that are accelerated
1293 scripts/config.py unset MBEDTLS_ECDSA_C
1294 scripts/config.py unset MBEDTLS_ECDH_C
1295 scripts/config.py unset MBEDTLS_ECJPAKE_C
1296 # Disable ECP module (entirely)
1297 scripts/config.py unset MBEDTLS_ECP_C
1298 # Also disable bignum
1299 scripts/config.py unset MBEDTLS_BIGNUM_C
1300 fi
1301
1302 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
1303 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
1304 scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1306
1307 # RSA support is intentionally disabled on this test because RSA_C depends
1308 # on BIGNUM_C.
1309 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
1310 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
1311 scripts/config.py unset MBEDTLS_RSA_C
1312 scripts/config.py unset MBEDTLS_PKCS1_V15
1313 scripts/config.py unset MBEDTLS_PKCS1_V21
1314 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
1315 # Also disable key exchanges that depend on RSA
1316 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
1317 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1318 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1319 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1320 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1321
1322 if [ "$test_target" = "ECC" ]; then
1323 # When testing ECC only, we disable FFDH support, both from builtin and
1324 # PSA sides, and also disable the key exchanges that depend on DHM.
1325 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH
1326 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
1327 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
1328 scripts/config.py unset MBEDTLS_DHM_C
1329 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
1330 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1331 else
1332 # When testing ECC and DH instead, we disable DHM and depending key
1333 # exchanges only in the accelerated build
1334 if [ "$driver_only" -eq 1 ]; then
1335 scripts/config.py unset MBEDTLS_DHM_C
1336 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
1337 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1338 fi
1339 fi
1340
1341 # Restartable feature is not yet supported by PSA. Once it will in
1342 # the future, the following line could be removed (see issues
1343 # 6061, 6332 and following ones)
1344 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1345}
1346
1347# Common helper used by:
1348# - component_test_psa_crypto_config_accel_ecc_no_bignum
1349# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
1350#
1351# The goal is to build and test accelerating either:
1352# - ECC only or
1353# - both ECC and FFDH
1354#
1355# It is meant to be used in conjunction with
1356# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
1357# coverage analysis in the "analyze_outcomes.py" script.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1358common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
1359 test_target="$1"
1360
1361 # This is an internal helper to simplify text message handling
1362 if [ "$test_target" = "ECC_DH" ]; then
1363 accel_text="ECC/FFDH"
1364 removed_text="ECP - DH"
1365 else
1366 accel_text="ECC"
1367 removed_text="ECP"
1368 fi
1369
1370 msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
1371
1372 # By default we accelerate all EC keys/algs
1373 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
1374 ALG_ECDH \
1375 ALG_JPAKE \
1376 $(helper_get_psa_key_type_list "ECC") \
1377 $(helper_get_psa_curve_list)"
1378 # Optionally we can also add DH to the list of accelerated items
1379 if [ "$test_target" = "ECC_DH" ]; then
1380 loc_accel_list="$loc_accel_list \
1381 ALG_FFDH \
1382 $(helper_get_psa_key_type_list "DH") \
1383 $(helper_get_psa_dh_group_list)"
1384 fi
1385
1386 # Configure
1387 # ---------
1388
1389 # Set common configurations between library's and driver's builds
1390 config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
1391 # Disable all the builtin curves. All the required algs are accelerated.
1392 helper_disable_builtin_curves
1393
1394 # Build
1395 # -----
1396
1397 # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
1398 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
1399 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1400 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1401
1402 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1403
1404 helper_libtestdriver1_make_main "$loc_accel_list"
1405
1406 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1407 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1408 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1409 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1410 # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
1411 not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
1412 not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
1413 not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
1414 not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
1415
1416 # Run the tests
1417 # -------------
1418
1419 msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
1420
1421 make test
1422
1423 msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
1424 tests/ssl-opt.sh
1425}
1426
1427# Common helper used by:
1428# - component_test_psa_crypto_config_reference_ecc_no_bignum
1429# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
1430#
1431# The goal is to build and test a reference scenario (i.e. with builtin
1432# components) compared to the ones used in
1433# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above.
1434#
1435# It is meant to be used in conjunction with
1436# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
1437# coverage analysis in "analyze_outcomes.py" script.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1438common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
1439 test_target="$1"
1440
1441 # This is an internal helper to simplify text message handling
1442 if [ "$test_target" = "ECC_DH" ]; then
1443 accel_text="ECC/FFDH"
1444 else
1445 accel_text="ECC"
1446 fi
1447
1448 msg "build: full + non accelerated $accel_text algs + USE_PSA"
1449
1450 config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target"
1451
1452 make
1453
1454 msg "test suites: full + non accelerated EC algs + USE_PSA"
1455 make test
1456
1457 msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
1458 tests/ssl-opt.sh
1459}
1460
1461component_test_psa_crypto_config_accel_ecc_no_bignum () {
1462 common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC"
1463}
1464
1465component_test_psa_crypto_config_reference_ecc_no_bignum () {
1466 common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC"
1467}
1468
1469component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
1470 common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH"
1471}
1472
1473component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
1474 common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
1475}
1476
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1477component_test_tfm_config_as_is () {
1478 msg "build: configs/config-tfm.h"
1479 cp configs/config-tfm.h "$CONFIG_H"
1480 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1481 make
1482
1483 msg "test: configs/config-tfm.h - unit tests"
1484 make test
1485}
1486
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1487# Helper for setting common configurations between:
1488# - component_test_tfm_config_p256m_driver_accel_ec()
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1489# - component_test_tfm_config_no_p256m()
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1490common_tfm_config () {
1491 # Enable TF-M config
1492 cp configs/config-tfm.h "$CONFIG_H"
1493 echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H"
1494 cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
1495
1496 # Other config adjustment to make the tests pass.
1497 # This should probably be adopted upstream.
1498 #
1499 # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
1500 echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H"
1501
1502 # Config adjustment for better test coverage in our environment.
1503 # This is not needed just to build and pass tests.
1504 #
1505 # Enable filesystem I/O for the benefit of PK parse/write tests.
1506 echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
1507}
1508
1509# Keep this in sync with component_test_tfm_config() as they are both meant
1510# to be used in analyze_outcomes.py for driver's coverage analysis.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1511component_test_tfm_config_p256m_driver_accel_ec () {
1512 msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
1513
1514 common_tfm_config
1515
1516 # Build crypto library
1517 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
1518
1519 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1520 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1521 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1522 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1523 # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
1524 not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
1525 not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
1526 not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
1527 not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
1528 # Check that p256m was built
1529 grep -q p256_ecdsa_ library/libmbedcrypto.a
1530
1531 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
1532 # files, so we want to ensure that it has not be re-enabled accidentally.
1533 not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
1534
1535 # Run the tests
1536 msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
1537 make test
1538}
1539
1540# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
1541# they are both meant to be used in analyze_outcomes.py for driver's coverage
1542# analysis.
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1543component_test_tfm_config_no_p256m () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1544 common_tfm_config
1545
1546 # Disable P256M driver, which is on by default, so that analyze_outcomes
1547 # can compare this test with test_tfm_config_p256m_driver_accel_ec
1548 echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
1549
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1550 msg "build: TF-M config without p256m"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1551 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
1552
1553 # Check that p256m was not built
1554 not grep p256_ecdsa_ library/libmbedcrypto.a
1555
1556 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
1557 # files, so we want to ensure that it has not be re-enabled accidentally.
1558 not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
1559
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1560 msg "test: TF-M config without p256m"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1561 make test
1562}
1563
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1564# This is an helper used by:
1565# - component_test_psa_ecc_key_pair_no_derive
1566# - component_test_psa_ecc_key_pair_no_generate
1567# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
1568# enabled, but one. Input arguments are as follows:
1569# - $1 is the key type under test, i.e. ECC/RSA/DH
1570# - $2 is the key option to be unset (i.e. generate, derive, etc)
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1571build_and_test_psa_want_key_pair_partial () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1572 key_type=$1
1573 unset_option=$2
1574 disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
1575
1576 msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
1577 scripts/config.py full
1578 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
1579 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
1580
1581 # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
1582 # crypto_config.h so we just disable the one we don't want.
1583 scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
1584
1585 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
1586
1587 msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
1588 make test
1589}
1590
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1591component_test_psa_ecc_key_pair_no_derive () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1592 build_and_test_psa_want_key_pair_partial "ECC" "DERIVE"
1593}
1594
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1595component_test_psa_ecc_key_pair_no_generate () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1596 build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
1597}
1598
1599config_psa_crypto_accel_rsa () {
1600 driver_only=$1
1601
1602 # Start from crypto_full config (no X.509, no TLS)
1603 helper_libtestdriver1_adjust_config "crypto_full"
1604
1605 if [ "$driver_only" -eq 1 ]; then
1606 # Remove RSA support and its dependencies
1607 scripts/config.py unset MBEDTLS_RSA_C
1608 scripts/config.py unset MBEDTLS_PKCS1_V15
1609 scripts/config.py unset MBEDTLS_PKCS1_V21
1610
1611 # We need PEM parsing in the test library as well to support the import
1612 # of PEM encoded RSA keys.
1613 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
1614 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
1615 fi
1616}
1617
1618component_test_psa_crypto_config_accel_rsa_crypto () {
1619 msg "build: crypto_full with accelerated RSA"
1620
1621 loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \
1622 ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \
1623 KEY_TYPE_RSA_PUBLIC_KEY \
1624 KEY_TYPE_RSA_KEY_PAIR_BASIC \
1625 KEY_TYPE_RSA_KEY_PAIR_GENERATE \
1626 KEY_TYPE_RSA_KEY_PAIR_IMPORT \
1627 KEY_TYPE_RSA_KEY_PAIR_EXPORT"
1628
1629 # Configure
1630 # ---------
1631
1632 config_psa_crypto_accel_rsa 1
1633
1634 # Build
1635 # -----
1636
1637 # These hashes are needed for unit tests.
1638 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1639 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5"
1640 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1641
1642 helper_libtestdriver1_make_main "$loc_accel_list"
1643
1644 # Make sure this was not re-enabled by accident (additive config)
1645 not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o
1646
1647 # Run the tests
1648 # -------------
1649
1650 msg "test: crypto_full with accelerated RSA"
1651 make test
1652}
1653
1654component_test_psa_crypto_config_reference_rsa_crypto () {
1655 msg "build: crypto_full with non-accelerated RSA"
1656
1657 # Configure
1658 # ---------
1659 config_psa_crypto_accel_rsa 0
1660
1661 # Build
1662 # -----
1663 make
1664
1665 # Run the tests
1666 # -------------
1667 msg "test: crypto_full with non-accelerated RSA"
1668 make test
1669}
1670
1671# This is a temporary test to verify that full RSA support is present even when
1672# only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1673component_test_new_psa_want_key_pair_symbol () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1674 msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
1675
1676 # Create a temporary output file unless there is already one set
1677 if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
1678 REMOVE_OUTCOME_ON_EXIT="no"
1679 else
1680 REMOVE_OUTCOME_ON_EXIT="yes"
1681 MBEDTLS_TEST_OUTCOME_FILE="$PWD/out.csv"
1682 export MBEDTLS_TEST_OUTCOME_FILE
1683 fi
1684
1685 # Start from crypto configuration
1686 scripts/config.py crypto
1687
1688 # Remove RSA support and its dependencies
1689 scripts/config.py unset MBEDTLS_PKCS1_V15
1690 scripts/config.py unset MBEDTLS_PKCS1_V21
1691 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1692 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1693 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1694 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
1695 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1696 scripts/config.py unset MBEDTLS_RSA_C
1697 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
1698
1699 # Enable PSA support
1700 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
1701
1702 # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure
1703 # that proper translations is done in crypto_legacy.h.
1704 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
1705 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
1706 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
1707
1708 make
1709
1710 msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
1711 make test
1712
1713 # Parse only 1 relevant line from the outcome file, i.e. a test which is
1714 # performing RSA signature.
1715 msg "Verify that 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' is PASS"
1716 cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
1717
1718 if [ "$REMOVE_OUTCOME_ON_EXIT" == "yes" ]; then
1719 rm $MBEDTLS_TEST_OUTCOME_FILE
1720 fi
1721}
1722
1723component_test_psa_crypto_config_accel_hash () {
1724 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
1725
1726 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
1727 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1728 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1729
1730 # Configure
1731 # ---------
1732
1733 # Start from default config (no USE_PSA)
1734 helper_libtestdriver1_adjust_config "default"
1735
1736 # Disable the things that are being accelerated
1737 scripts/config.py unset MBEDTLS_MD5_C
1738 scripts/config.py unset MBEDTLS_RIPEMD160_C
1739 scripts/config.py unset MBEDTLS_SHA1_C
1740 scripts/config.py unset MBEDTLS_SHA224_C
1741 scripts/config.py unset MBEDTLS_SHA256_C
1742 scripts/config.py unset MBEDTLS_SHA384_C
1743 scripts/config.py unset MBEDTLS_SHA512_C
1744 scripts/config.py unset MBEDTLS_SHA3_C
1745
1746 # Build
1747 # -----
1748
1749 helper_libtestdriver1_make_drivers "$loc_accel_list"
1750
1751 helper_libtestdriver1_make_main "$loc_accel_list"
1752
1753 # There's a risk of something getting re-enabled via config_psa.h;
1754 # make sure it did not happen. Note: it's OK for MD_C to be enabled.
1755 not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
1756 not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
1757 not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
1758 not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
1759 not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
1760
1761 # Run the tests
1762 # -------------
1763
1764 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
1765 make test
1766}
1767
1768# Auxiliary function to build config for hashes with and without drivers
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1769config_psa_crypto_hash_use_psa () {
1770 driver_only="$1"
1771 # start with config full for maximum coverage (also enables USE_PSA)
1772 helper_libtestdriver1_adjust_config "full"
1773 if [ "$driver_only" -eq 1 ]; then
1774 # disable the built-in implementation of hashes
1775 scripts/config.py unset MBEDTLS_MD5_C
1776 scripts/config.py unset MBEDTLS_RIPEMD160_C
1777 scripts/config.py unset MBEDTLS_SHA1_C
1778 scripts/config.py unset MBEDTLS_SHA224_C
1779 scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
1780 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
1781 scripts/config.py unset MBEDTLS_SHA384_C
1782 scripts/config.py unset MBEDTLS_SHA512_C
1783 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
1784 scripts/config.py unset MBEDTLS_SHA3_C
1785 fi
1786}
1787
1788# Note that component_test_psa_crypto_config_reference_hash_use_psa
1789# is related to this component and both components need to be kept in sync.
1790# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1791component_test_psa_crypto_config_accel_hash_use_psa () {
1792 msg "test: full with accelerated hashes"
1793
1794 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
1795 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1796 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1797
1798 # Configure
1799 # ---------
1800
1801 config_psa_crypto_hash_use_psa 1
1802
1803 # Build
1804 # -----
1805
1806 helper_libtestdriver1_make_drivers "$loc_accel_list"
1807
1808 helper_libtestdriver1_make_main "$loc_accel_list"
1809
1810 # There's a risk of something getting re-enabled via config_psa.h;
1811 # make sure it did not happen. Note: it's OK for MD_C to be enabled.
1812 not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
1813 not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
1814 not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
1815 not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
1816 not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
1817
1818 # Run the tests
1819 # -------------
1820
1821 msg "test: full with accelerated hashes"
1822 make test
1823
1824 # This is mostly useful so that we can later compare outcome files with
1825 # the reference config in analyze_outcomes.py, to check that the
1826 # dependency declarations in ssl-opt.sh and in TLS code are correct.
1827 msg "test: ssl-opt.sh, full with accelerated hashes"
1828 tests/ssl-opt.sh
1829
1830 # This is to make sure all ciphersuites are exercised, but we don't need
1831 # interop testing (besides, we already got some from ssl-opt.sh).
1832 msg "test: compat.sh, full with accelerated hashes"
1833 tests/compat.sh -p mbedTLS -V YES
1834}
1835
1836# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa
1837# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py
1838# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
1839# Both components need to be kept in sync.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1840component_test_psa_crypto_config_reference_hash_use_psa () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1841 msg "test: full without accelerated hashes"
1842
1843 config_psa_crypto_hash_use_psa 0
1844
1845 make
1846
1847 msg "test: full without accelerated hashes"
1848 make test
1849
1850 msg "test: ssl-opt.sh, full without accelerated hashes"
1851 tests/ssl-opt.sh
1852}
1853
1854# Auxiliary function to build config for hashes with and without drivers
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1855config_psa_crypto_hmac_use_psa () {
1856 driver_only="$1"
1857 # start with config full for maximum coverage (also enables USE_PSA)
1858 helper_libtestdriver1_adjust_config "full"
1859
1860 if [ "$driver_only" -eq 1 ]; then
1861 # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT
1862 # is still enabled though (for ENTROPY_C among others).
1863 scripts/config.py unset MBEDTLS_MD_C
1864 # Disable also the builtin hashes since they are supported by the driver
1865 # and MD module is able to perform PSA dispathing.
1866 scripts/config.py unset-all MBEDTLS_SHA
1867 scripts/config.py unset MBEDTLS_MD5_C
1868 scripts/config.py unset MBEDTLS_RIPEMD160_C
1869 fi
1870
1871 # Direct dependencies of MD_C. We disable them also in the reference
1872 # component to work with the same set of features.
1873 scripts/config.py unset MBEDTLS_PKCS7_C
1874 scripts/config.py unset MBEDTLS_PKCS5_C
1875 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
1876 scripts/config.py unset MBEDTLS_HKDF_C
1877 # Dependencies of HMAC_DRBG
1878 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
1879 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
1880}
1881
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1882component_test_psa_crypto_config_accel_hmac () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1883 msg "test: full with accelerated hmac"
1884
1885 loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \
1886 ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
1887 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1888 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1889
1890 # Configure
1891 # ---------
1892
1893 config_psa_crypto_hmac_use_psa 1
1894
1895 # Build
1896 # -----
1897
1898 helper_libtestdriver1_make_drivers "$loc_accel_list"
1899
1900 helper_libtestdriver1_make_main "$loc_accel_list"
1901
1902 # Ensure that built-in support for HMAC is disabled.
1903 not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
1904
1905 # Run the tests
1906 # -------------
1907
1908 msg "test: full with accelerated hmac"
1909 make test
1910}
1911
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1912component_test_psa_crypto_config_reference_hmac () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1913 msg "test: full without accelerated hmac"
1914
1915 config_psa_crypto_hmac_use_psa 0
1916
1917 make
1918
1919 msg "test: full without accelerated hmac"
1920 make test
1921}
1922
1923component_test_psa_crypto_config_accel_des () {
1924 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
1925
1926 # Albeit this components aims at accelerating DES which should only support
1927 # CBC and ECB modes, we need to accelerate more than that otherwise DES_C
1928 # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
1929 loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
1930 ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
1931 KEY_TYPE_DES"
1932
1933 # Note: we cannot accelerate all ciphers' key types otherwise we would also
1934 # have to either disable CCM/GCM or accelerate them, but that's out of scope
1935 # of this component. This limitation will be addressed by #8598.
1936
1937 # Configure
1938 # ---------
1939
1940 # Start from the full config
1941 helper_libtestdriver1_adjust_config "full"
1942
1943 # Disable the things that are being accelerated
1944 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
1945 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
1946 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
1947 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
1948 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
1949 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
1950 scripts/config.py unset MBEDTLS_DES_C
1951 scripts/config.py unset MBEDTLS_CMAC_C
1952
1953 # Build
1954 # -----
1955
1956 helper_libtestdriver1_make_drivers "$loc_accel_list"
1957
1958 helper_libtestdriver1_make_main "$loc_accel_list"
1959
1960 # Make sure this was not re-enabled by accident (additive config)
1961 not grep mbedtls_des* ${BUILTIN_SRC_PATH}/des.o
1962
1963 # Run the tests
1964 # -------------
1965
1966 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
1967 make test
1968}
1969
1970component_test_psa_crypto_config_accel_aead () {
1971 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
1972
1973 loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \
1974 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
1975
1976 # Configure
1977 # ---------
1978
1979 # Start from full config
1980 helper_libtestdriver1_adjust_config "full"
1981
1982 # Disable things that are being accelerated
1983 scripts/config.py unset MBEDTLS_GCM_C
1984 scripts/config.py unset MBEDTLS_CCM_C
1985 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
1986
1987 # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
1988 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1989
1990 # Build
1991 # -----
1992
1993 helper_libtestdriver1_make_drivers "$loc_accel_list"
1994
1995 helper_libtestdriver1_make_main "$loc_accel_list"
1996
1997 # Make sure this was not re-enabled by accident (additive config)
1998 not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
1999 not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
2000 not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
2001
2002 # Run the tests
2003 # -------------
2004
2005 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
2006 make test
2007}
2008
2009# This is a common configuration function used in:
2010# - component_test_psa_crypto_config_accel_cipher_aead_cmac
2011# - component_test_psa_crypto_config_reference_cipher_aead_cmac
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2012common_psa_crypto_config_accel_cipher_aead_cmac () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2013 # Start from the full config
2014 helper_libtestdriver1_adjust_config "full"
2015
2016 scripts/config.py unset MBEDTLS_NIST_KW_C
2017}
2018
2019# The 2 following test components, i.e.
2020# - component_test_psa_crypto_config_accel_cipher_aead_cmac
2021# - component_test_psa_crypto_config_reference_cipher_aead_cmac
2022# are meant to be used together in analyze_outcomes.py script in order to test
2023# driver's coverage for ciphers and AEADs.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2024component_test_psa_crypto_config_accel_cipher_aead_cmac () {
2025 msg "build: full config with accelerated cipher inc. AEAD and CMAC"
2026
2027 loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
2028 ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
2029 ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
2030 KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
2031
2032 # Configure
2033 # ---------
2034
2035 common_psa_crypto_config_accel_cipher_aead_cmac
2036
2037 # Disable the things that are being accelerated
2038 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
2039 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
2040 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
2041 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
2042 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
2043 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
2044 scripts/config.py unset MBEDTLS_GCM_C
2045 scripts/config.py unset MBEDTLS_CCM_C
2046 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
2047 scripts/config.py unset MBEDTLS_CMAC_C
2048 scripts/config.py unset MBEDTLS_DES_C
2049 scripts/config.py unset MBEDTLS_AES_C
2050 scripts/config.py unset MBEDTLS_ARIA_C
2051 scripts/config.py unset MBEDTLS_CHACHA20_C
2052 scripts/config.py unset MBEDTLS_CAMELLIA_C
2053
2054 # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA
2055 # does not depend on it.
2056 scripts/config.py unset MBEDTLS_CIPHER_C
2057
2058 # Build
2059 # -----
2060
2061 helper_libtestdriver1_make_drivers "$loc_accel_list"
2062
2063 helper_libtestdriver1_make_main "$loc_accel_list"
2064
2065 # Make sure this was not re-enabled by accident (additive config)
2066 not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
2067 not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
2068 not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
2069 not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
2070 not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
2071 not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
2072 not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
2073 not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
2074 not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o
2075
2076 # Run the tests
2077 # -------------
2078
2079 msg "test: full config with accelerated cipher inc. AEAD and CMAC"
2080 make test
2081
2082 msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
2083 tests/ssl-opt.sh
2084
2085 msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC"
2086 tests/compat.sh -V NO -p mbedTLS
2087}
2088
2089component_test_psa_crypto_config_reference_cipher_aead_cmac () {
2090 msg "build: full config with non-accelerated cipher inc. AEAD and CMAC"
2091 common_psa_crypto_config_accel_cipher_aead_cmac
2092
2093 make
2094
2095 msg "test: full config with non-accelerated cipher inc. AEAD and CMAC"
2096 make test
2097
2098 msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
2099 tests/ssl-opt.sh
2100
2101 msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
2102 tests/compat.sh -V NO -p mbedTLS
2103}
2104
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2105common_block_cipher_dispatch () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2106 TEST_WITH_DRIVER="$1"
2107
2108 # Start from the full config
2109 helper_libtestdriver1_adjust_config "full"
2110
2111 if [ "$TEST_WITH_DRIVER" -eq 1 ]; then
2112 # Disable key types that are accelerated (there is no legacy equivalent
2113 # symbol for ECB)
2114 scripts/config.py unset MBEDTLS_AES_C
2115 scripts/config.py unset MBEDTLS_ARIA_C
2116 scripts/config.py unset MBEDTLS_CAMELLIA_C
2117 fi
2118
2119 # Disable cipher's modes that, when not accelerated, cause
2120 # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
2121 # Keep this also in the reference component in order to skip the same tests
2122 # that were skipped in the accelerated one.
2123 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
2124 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
2125 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
2126 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
2127 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
2128 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
2129 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
2130 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
2131
2132 # Disable direct dependency on AES_C
2133 scripts/config.py unset MBEDTLS_NIST_KW_C
2134
2135 # Prevent the cipher module from using deprecated PSA path. The reason is
2136 # that otherwise there will be tests relying on "aes_info" (defined in
2137 # "cipher_wrap.c") whose functions are not available when AES_C is
2138 # not defined. ARIA and Camellia are not a problem in this case because
2139 # the PSA path is not tested for these key types.
2140 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
2141}
2142
Gilles Peskinea9dda7e2024-06-21 11:25:01 +0200[diff] [blame]2143component_test_full_block_cipher_psa_dispatch_static_keystore () {
2144 msg "build: full + PSA dispatch in block_cipher with static keystore"
2145 # Check that the static key store works well when CTR_DRBG uses a
2146 # PSA key for AES.
2147 scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
2148
2149 loc_accel_list="ALG_ECB_NO_PADDING \
2150 KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
2151
2152 # Configure
2153 # ---------
2154
2155 common_block_cipher_dispatch 1
2156
2157 # Build
2158 # -----
2159
2160 helper_libtestdriver1_make_drivers "$loc_accel_list"
2161
2162 helper_libtestdriver1_make_main "$loc_accel_list"
2163
2164 # Make sure disabled components were not re-enabled by accident (additive
2165 # config)
2166 not grep mbedtls_aes_ library/aes.o
2167 not grep mbedtls_aria_ library/aria.o
2168 not grep mbedtls_camellia_ library/camellia.o
2169
2170 # Run the tests
2171 # -------------
2172
2173 msg "test: full + PSA dispatch in block_cipher with static keystore"
2174 make test
2175}
2176
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2177component_test_full_block_cipher_psa_dispatch () {
2178 msg "build: full + PSA dispatch in block_cipher"
2179
2180 loc_accel_list="ALG_ECB_NO_PADDING \
2181 KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
2182
2183 # Configure
2184 # ---------
2185
2186 common_block_cipher_dispatch 1
2187
2188 # Build
2189 # -----
2190
2191 helper_libtestdriver1_make_drivers "$loc_accel_list"
2192
2193 helper_libtestdriver1_make_main "$loc_accel_list"
2194
2195 # Make sure disabled components were not re-enabled by accident (additive
2196 # config)
2197 not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o
2198 not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o
2199 not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o
2200
2201 # Run the tests
2202 # -------------
2203
2204 msg "test: full + PSA dispatch in block_cipher"
2205 make test
2206}
2207
2208# This is the reference component of component_test_full_block_cipher_psa_dispatch
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2209component_test_full_block_cipher_legacy_dispatch () {
2210 msg "build: full + legacy dispatch in block_cipher"
2211
2212 common_block_cipher_dispatch 0
2213
2214 make
2215
2216 msg "test: full + legacy dispatch in block_cipher"
2217 make test
2218}
2219
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2220component_test_aead_chachapoly_disabled () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2221 msg "build: full minus CHACHAPOLY"
2222 scripts/config.py full
2223 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
2224 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
2225 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
2226
2227 msg "test: full minus CHACHAPOLY"
2228 make test
2229}
2230
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2231component_test_aead_only_ccm () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2232 msg "build: full minus CHACHAPOLY and GCM"
2233 scripts/config.py full
2234 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
2235 scripts/config.py unset MBEDTLS_GCM_C
2236 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
2237 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
2238 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
2239
2240 msg "test: full minus CHACHAPOLY and GCM"
2241 make test
2242}
2243
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2244component_test_ccm_aes_sha256 () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2245 msg "build: CCM + AES + SHA256 configuration"
2246
2247 cp "$CONFIG_TEST_DRIVER_H" "$CONFIG_H"
2248 cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
2249
2250 make
2251
2252 msg "test: CCM + AES + SHA256 configuration"
2253 make test
2254}
2255
2256# Test that the given .o file builds with all (valid) combinations of the given options.
2257#
2258# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ...
2259#
2260# The validator function is the name of a function to validate the combination of options.
2261# It may be "" if all combinations are valid.
2262# It receives a string containing a combination of options, as passed to the compiler,
2263# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2264build_test_config_combos () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2265 file=$1
2266 shift
2267 validate_options=$1
2268 shift
2269 options=("$@")
2270
2271 # clear all of the options so that they can be overridden on the clang commandline
2272 for opt in "${options[@]}"; do
2273 ./scripts/config.py unset ${opt}
2274 done
2275
2276 # enter the library directory
2277 cd library
2278
2279 # The most common issue is unused variables/functions, so ensure -Wunused is set.
2280 warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
2281
2282 # Extract the command generated by the Makefile to build the target file.
2283 # This ensures that we have any include paths, macro definitions, etc
2284 # that may be applied by make.
2285 # Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
2286 compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
2287
2288 makefile=$(TMPDIR=. mktemp)
2289 deps=""
2290
2291 len=${#options[@]}
2292 source_file=../${file%.o}.c
2293
2294 targets=0
2295 echo 'include Makefile' >${makefile}
2296
2297 for ((i = 0; i < $((2**${len})); i++)); do
2298 # generate each of 2^n combinations of options
2299 # each bit of $i is used to determine if options[i] will be set or not
2300 target="t"
2301 clang_args=""
2302 for ((j = 0; j < ${len}; j++)); do
2303 if (((i >> j) & 1)); then
2304 opt=-D${options[$j]}
2305 clang_args="${clang_args} ${opt}"
2306 target="${target}${opt}"
2307 fi
2308 done
2309
2310 # if combination is not known to be invalid, add it to the makefile
2311 if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
2312 cmd="${compile_cmd} ${clang_args}"
2313 echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile}
2314
2315 deps="${deps} ${target}"
2316 ((++targets))
2317 fi
2318 done
2319
2320 echo "build_test_config_combos: ${deps}" >> ${makefile}
2321
2322 # execute all of the commands via Make (probably in parallel)
2323 make -s -f ${makefile} build_test_config_combos
2324 echo "$targets targets checked"
2325
2326 # clean up the temporary makefile
2327 rm ${makefile}
2328}
2329
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2330validate_aes_config_variations () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2331 if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
2332 if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
2333 ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
2334 return 1
2335 fi
2336 fi
2337 return 0
2338}
2339
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2340component_build_aes_variations () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2341 # 18s - around 90ms per clang invocation on M1 Pro
2342 #
2343 # aes.o has many #if defined(...) guards that intersect in complex ways.
2344 # Test that all the combinations build cleanly.
2345
2346 MBEDTLS_ROOT_DIR="$PWD"
2347 msg "build: aes.o for all combinations of relevant config options"
2348
2349 build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
Thomas Daubney6cf05f92024-07-18 11:30:22 +0100[diff] [blame]2350 "MBEDTLS_AES_ROM_TABLES" \
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2351 "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
2352 "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
2353
2354 cd "$MBEDTLS_ROOT_DIR"
2355 msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
2356
2357 # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
2358 # manually set or unset those configurations to check
2359 # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
Ronald Cron54d1eec2024-09-06 09:55:38 +0200[diff] [blame]2360 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2361 scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2362 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2363 scripts/config.py unset MBEDTLS_NIST_KW_C
Ronald Cron54d1eec2024-09-06 09:55:38 +0200[diff] [blame]2364
2365 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
2366 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
2367 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
2368 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]2369 # Note: The two unsets below are to be removed for Mbed TLS 4.0
Ronald Cron54d1eec2024-09-06 09:55:38 +0200[diff] [blame]2370 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
2371 scripts/config.py unset MBEDTLS_DES_C
2372
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2373 build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
Thomas Daubney6cf05f92024-07-18 11:30:22 +0100[diff] [blame]2374 "MBEDTLS_AES_ROM_TABLES" \
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2375 "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
2376 "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
2377}
2378
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2379component_test_sha3_variations () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2380 msg "sha3 loop unroll variations"
2381
2382 # define minimal config sufficient to test SHA3
Ronald Crone7f289e2024-09-06 11:02:47 +0200[diff] [blame]2383 cat > include/mbedtls/mbedtls_config.h << END
2384 #define MBEDTLS_AES_C
2385 #define MBEDTLS_CTR_DRBG_C
2386 #define MBEDTLS_ENTROPY_C
2387 #define MBEDTLS_PSA_CRYPTO_C
2388 #define MBEDTLS_PSA_CRYPTO_CONFIG
2389 #define MBEDTLS_SELF_TEST
2390END
2391
2392 cat > tf-psa-crypto/include/psa/crypto_config.h << END
2393 #define PSA_WANT_ALG_SHA_256 1
2394 #define PSA_WANT_ALG_SHA3_224 1
2395 #define PSA_WANT_ALG_SHA3_256 1
2396 #define PSA_WANT_ALG_SHA3_384 1
2397 #define PSA_WANT_ALG_SHA3_512 1
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2398END
2399
2400 msg "all loops unrolled"
2401 make clean
2402 make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1"
2403 ./tf-psa-crypto/tests/test_suite_shax
2404
2405 msg "all loops rolled up"
2406 make clean
2407 make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0"
2408 ./tf-psa-crypto/tests/test_suite_shax
2409}
2410
Minos Galanakisf699d512024-08-01 11:32:30 +0100[diff] [blame]2411support_build_aes_aesce_armcc () {
2412 support_build_armcc
2413}
2414
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2415# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
2416component_build_aes_aesce_armcc () {
2417 msg "Build: AESCE test on arm64 platform without plain C."
2418 scripts/config.py baremetal
2419
2420 # armc[56] don't support SHA-512 intrinsics
2421 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
2422
2423 # Stop armclang warning about feature detection for A64_CRYPTO.
2424 # With this enabled, the library does build correctly under armclang,
2425 # but in baremetal builds (as tested here), feature detection is
2426 # unavailable, and the user is notified via a #warning. So enabling
2427 # this feature would prevent us from building with -Werror on
2428 # armclang. Tracked in #7198.
2429 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
2430 scripts/config.py set MBEDTLS_HAVE_ASM
2431
2432 msg "AESCE, build with default configuration."
2433 scripts/config.py set MBEDTLS_AESCE_C
2434 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
Manuel Pégourié-Gonnard8f08bcd2024-10-01 13:01:54 +0200[diff] [blame]2435 helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2436
2437 msg "AESCE, build AESCE only"
2438 scripts/config.py set MBEDTLS_AESCE_C
2439 scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
Manuel Pégourié-Gonnard8f08bcd2024-10-01 13:01:54 +0200[diff] [blame]2440 helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2441}
2442
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2443component_test_aes_only_128_bit_keys () {
2444 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
2445 scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
2446
2447 make CFLAGS='-O2 -Werror -Wall -Wextra'
2448
2449 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH"
2450 make test
2451}
2452
2453component_test_no_ctr_drbg_aes_only_128_bit_keys () {
2454 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
2455 scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
2456 scripts/config.py unset MBEDTLS_CTR_DRBG_C
2457
2458 make CC=clang CFLAGS='-Werror -Wall -Wextra'
2459
2460 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
2461 make test
2462}
2463
2464component_test_aes_only_128_bit_keys_have_builtins () {
2465 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
2466 scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
2467 scripts/config.py unset MBEDTLS_AESNI_C
2468 scripts/config.py unset MBEDTLS_AESCE_C
2469
2470 make CFLAGS='-O2 -Werror -Wall -Wextra'
2471
2472 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
2473 make test
2474
2475 msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
2476 programs/test/selftest
2477}
2478
2479component_test_gcm_largetable () {
2480 msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
2481 scripts/config.py set MBEDTLS_GCM_LARGE_TABLE
2482 scripts/config.py unset MBEDTLS_AESNI_C
2483 scripts/config.py unset MBEDTLS_AESCE_C
2484
2485 make CFLAGS='-O2 -Werror -Wall -Wextra'
2486
2487 msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C"
2488 make test
2489}
2490
2491component_test_aes_fewer_tables () {
2492 msg "build: default config with AES_FEWER_TABLES enabled"
2493 scripts/config.py set MBEDTLS_AES_FEWER_TABLES
2494 make CFLAGS='-O2 -Werror -Wall -Wextra'
2495
2496 msg "test: AES_FEWER_TABLES"
2497 make test
2498}
2499
2500component_test_aes_rom_tables () {
2501 msg "build: default config with AES_ROM_TABLES enabled"
2502 scripts/config.py set MBEDTLS_AES_ROM_TABLES
2503 make CFLAGS='-O2 -Werror -Wall -Wextra'
2504
2505 msg "test: AES_ROM_TABLES"
2506 make test
2507}
2508
2509component_test_aes_fewer_tables_and_rom_tables () {
2510 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
2511 scripts/config.py set MBEDTLS_AES_FEWER_TABLES
2512 scripts/config.py set MBEDTLS_AES_ROM_TABLES
2513 make CFLAGS='-O2 -Werror -Wall -Wextra'
2514
2515 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
2516 make test
2517}
2518
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2519# helper for component_test_block_cipher_no_decrypt_aesni() which:
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2520# - enable/disable the list of config options passed from -s/-u respectively.
2521# - build
2522# - test for tests_suite_xxx
2523# - selftest
2524#
2525# Usage: helper_block_cipher_no_decrypt_build_test
2526# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
2527# Options: -s set_opts the list of config options to enable
2528# -u unset_opts the list of config options to disable
2529# -c cflags the list of options passed to CFLAGS
2530# -l ldflags the list of options passed to LDFLAGS
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2531helper_block_cipher_no_decrypt_build_test () {
2532 while [ $# -gt 0 ]; do
2533 case "$1" in
2534 -s)
2535 shift; local set_opts="$1";;
2536 -u)
2537 shift; local unset_opts="$1";;
2538 -c)
2539 shift; local cflags="-Werror -Wall -Wextra $1";;
2540 -l)
2541 shift; local ldflags="$1";;
2542 esac
2543 shift
2544 done
2545 set_opts="${set_opts:-}"
2546 unset_opts="${unset_opts:-}"
2547 cflags="${cflags:-}"
2548 ldflags="${ldflags:-}"
2549
2550 [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
2551 [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
2552
2553 msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
2554 make clean
2555 make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
2556
2557 # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
2558 not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
2559 not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
2560 not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
2561 # Make sure we don't have mbedtls_internal_aes_decrypt in AES
2562 not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
2563 # Make sure we don't have mbedtls_aesni_inverse_key in AESNI
2564 not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o
2565
2566 msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
2567 make test
2568
2569 msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
2570 programs/test/selftest
2571}
2572
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2573# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx:
2574config_block_cipher_no_decrypt () {
2575 scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2576 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
2577 scripts/config.py unset MBEDTLS_NIST_KW_C
2578
2579 # Enable support for cryptographic mechanisms through the PSA API.
2580 # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
2581 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
2582 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
2583 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
2584 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
2585 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]2586 # Note: The two unsets below are to be removed for Mbed TLS 4.0
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2587 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
2588 scripts/config.py unset MBEDTLS_DES_C
2589}
2590
2591component_test_block_cipher_no_decrypt_aesni () {
2592 # Test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, AESNI assembly and
2593 # AES C implementation on x86_64 and with AESNI intrinsics on x86.
2594
2595 # This consistently causes an llvm crash on clang 3.8, so use gcc
2596 export CC=gcc
2597 config_block_cipher_no_decrypt
2598
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2599 # test AESNI intrinsics
2600 helper_block_cipher_no_decrypt_build_test \
2601 -s "MBEDTLS_AESNI_C" \
2602 -c "-mpclmul -msse2 -maes"
2603
2604 # test AESNI assembly
2605 helper_block_cipher_no_decrypt_build_test \
2606 -s "MBEDTLS_AESNI_C" \
2607 -c "-mno-pclmul -mno-sse2 -mno-aes"
2608
2609 # test AES C implementation
2610 helper_block_cipher_no_decrypt_build_test \
2611 -u "MBEDTLS_AESNI_C"
2612
2613 # test AESNI intrinsics for i386 target
2614 helper_block_cipher_no_decrypt_build_test \
2615 -s "MBEDTLS_AESNI_C" \
2616 -c "-m32 -mpclmul -msse2 -maes" \
2617 -l "-m32"
2618}
2619
Minos Galanakisf699d512024-08-01 11:32:30 +0100[diff] [blame]2620support_test_block_cipher_no_decrypt_aesce_armcc () {
2621 support_build_armcc
2622}
2623
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2624component_test_block_cipher_no_decrypt_aesce_armcc () {
2625 scripts/config.py baremetal
2626
2627 # armc[56] don't support SHA-512 intrinsics
2628 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
2629
2630 # Stop armclang warning about feature detection for A64_CRYPTO.
2631 # With this enabled, the library does build correctly under armclang,
2632 # but in baremetal builds (as tested here), feature detection is
2633 # unavailable, and the user is notified via a #warning. So enabling
2634 # this feature would prevent us from building with -Werror on
2635 # armclang. Tracked in #7198.
2636 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
2637 scripts/config.py set MBEDTLS_HAVE_ASM
2638
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2639 config_block_cipher_no_decrypt
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2640
2641 # test AESCE baremetal build
2642 scripts/config.py set MBEDTLS_AESCE_C
2643 msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
Manuel Pégourié-Gonnard8f08bcd2024-10-01 13:01:54 +0200[diff] [blame]2644 helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2645
2646 # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
2647 not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
2648 not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
2649 not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
2650 # Make sure we don't have mbedtls_internal_aes_decrypt in AES
2651 not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
2652 # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
2653 not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o
2654 not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o
2655}
2656
2657component_test_ctr_drbg_aes_256_sha_256 () {
2658 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2659 scripts/config.py full
2660 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
2661 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
2662 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2663 make
2664
2665 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2666 make test
2667}
2668
2669component_test_ctr_drbg_aes_128_sha_512 () {
2670 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
2671 scripts/config.py full
2672 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
2673 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2674 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2675 make
2676
2677 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
2678 make test
2679}
2680
2681component_test_ctr_drbg_aes_128_sha_256 () {
2682 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2683 scripts/config.py full
2684 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
2685 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2686 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
2687 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2688 make
2689
2690 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2691 make test
2692}
2693
2694component_test_se_default () {
2695 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
2696 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
2697 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
2698
2699 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
2700 make test
2701}
2702
Gilles Peskinea9dda7e2024-06-21 11:25:01 +0200[diff] [blame]2703component_test_full_static_keystore () {
2704 msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC"
2705 scripts/config.py full
2706 scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
2707 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
2708
2709 msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC"
2710 make test
2711}
2712
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2713component_test_psa_crypto_drivers () {
Ronald Crona0afbfb2024-10-15 13:20:31 +0200[diff] [blame]2714 # Test dispatch to drivers and fallbacks with
2715 # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that
2716 # are wrappers around the builtin drivers are activated by
2717 # PSA_CRYPTO_DRIVER_TEST.
2718 #
2719 # For the time being, some test cases in test_suite_block_cipher and
2720 # test_suite_md.psa rely on this component to be run at least once by the
2721 # CI. This should disappear as we progress the 4.x work. See
2722 # config_adjust_test_accelerators.h for more information.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2723 msg "build: full + test drivers dispatching to builtins"
2724 scripts/config.py full
Ronald Cron67cc6a72024-10-14 10:55:24 +0200[diff] [blame]2725 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
Ronald Cronede04b32024-10-16 10:47:15 +0200[diff] [blame]2726 loc_cflags="${loc_cflags} -I../tests/include"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2727
2728 make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
2729
2730 msg "test: full + test drivers dispatching to builtins"
2731 make test
2732}
2733
2734component_build_psa_config_file () {
2735 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
2736 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
2737 cp "$CRYPTO_CONFIG_H" psa_test_config.h
2738 echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
2739 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
2740 # Make sure this feature is enabled. We'll disable it in the next phase.
2741 programs/test/query_compile_time_config MBEDTLS_CMAC_C
2742 make clean
2743
2744 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
2745 # In the user config, disable one feature and its dependencies, which will
2746 # reflect on the mbedtls configuration so we can query it with
2747 # query_compile_time_config.
2748 echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
2749 echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h
2750 scripts/config.py unset MBEDTLS_CMAC_C
2751 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
2752 not programs/test/query_compile_time_config MBEDTLS_CMAC_C
2753
2754 rm -f psa_test_config.h psa_user_config.h
2755}
2756
2757component_build_psa_alt_headers () {
2758 msg "build: make with PSA alt headers" # ~20s
2759
2760 # Generate alternative versions of the substitutable headers with the
2761 # same content except different include guards.
2762 make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
2763
2764 # Build the library and some programs.
2765 # Don't build the fuzzers to avoid having to go through hoops to set
2766 # a correct include path for programs/fuzz/Makefile.
2767 make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
2768 make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
2769
2770 # Check that we're getting the alternative include guards and not the
2771 # original include guards.
2772 programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
2773 programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
2774 programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
2775 programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
2776}
2777
2778component_test_min_mpi_window_size () {
2779 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
2780 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
2781 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2782 make
2783
2784 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
2785 make test
2786}