TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4f7f132536321dcc1b8e2a9df440cfd486aca885 / . / tests / scripts / components-configuration-tls.sh
blob: b522419beb1cf497c331f5072ad83da3339e0e19 [file] [log] [blame]
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]1# components-configuration-tls.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
Minos Galanakis609f7492024-07-31 16:39:28 +0100[diff] [blame]6# This file contains test components that are executed by all.sh
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]7
8################################################################
9#### Configuration Testing - TLS
10################################################################
11
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]12component_test_config_suite_b () {
13 msg "build: configs/config-suite-b.h"
Gilles Peskineb6d49132024-09-14 11:21:29 +0200[diff] [blame]14 cp configs/config-suite-b.h "$CONFIG_H"
Gilles Peskineb6d49132024-09-14 11:21:29 +0200[diff] [blame]15 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
16 # want to re-generate generated files that depend on it, quite correctly.
17 # However this doesn't work as the generation script expects a specific
18 # format for mbedtls_config.h, which the other files don't follow. Also,
19 # cmake can't know this, but re-generation is actually not necessary as
20 # the generated files only depend on the list of available options, not
21 # whether they're on or off. So, disable cmake's (over-sensitive here)
22 # dependency resolution for generated files and just rely on them being
23 # present (thanks to pre_generate_files) by turning GEN_FILES off.
24 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
25 make
26
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]27 msg "test: configs/config-suite-b.h - unit tests"
Gilles Peskineb6d49132024-09-14 11:21:29 +0200[diff] [blame]28 make test
29
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]30 msg "test: configs/config-suite-b.h - compat.sh"
Gilles Peskineb6d49132024-09-14 11:21:29 +0200[diff] [blame]31 tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS
32
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]33 msg "build: configs/config-suite-b.h + DEBUG"
Gilles Peskineb6d49132024-09-14 11:21:29 +0200[diff] [blame]34 MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
35 make clean
36 scripts/config.py set MBEDTLS_DEBUG_C
37 scripts/config.py set MBEDTLS_ERROR_C
38 make ssl-opt
39
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]40 msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh"
Gilles Peskineb6d49132024-09-14 11:21:29 +0200[diff] [blame]41 tests/ssl-opt.sh
42}
43
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]44component_test_no_renegotiation () {
45 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
46 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
47 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
48 make
49
50 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
51 make test
52
53 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
54 tests/ssl-opt.sh
55}
56
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]57component_test_tls1_2_default_stream_cipher_only () {
58 msg "build: default with only stream cipher use psa"
59
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]60 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
61 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
62 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
63 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
64 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
65 # Note: The three unsets below are to be removed for Mbed TLS 4.0
66 scripts/config.py unset MBEDTLS_GCM_C
67 scripts/config.py unset MBEDTLS_CCM_C
68 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
69 #Disable TLS 1.3 (as no AEAD)
70 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
71 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
72 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
73 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
74 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
75 # Note: The unset below is to be removed for 4.0
76 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
77 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
78 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
79 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
80 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
81 # Modules that depend on AEAD
82 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
83 scripts/config.py unset MBEDTLS_SSL_TICKET_C
84
85 make
86
87 msg "test: default with only stream cipher use psa"
88 make test
89
90 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
91}
92
93component_test_tls1_2_default_cbc_legacy_cipher_only () {
94 msg "build: default with only CBC-legacy cipher use psa"
95
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]96 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
97 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
98 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
99 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
100 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
101 # Note: The three unsets below are to be removed for Mbed TLS 4.0
102 scripts/config.py unset MBEDTLS_GCM_C
103 scripts/config.py unset MBEDTLS_CCM_C
104 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
105 #Disable TLS 1.3 (as no AEAD)
106 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
107 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
108 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
109 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
110 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
111 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
112 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
113 # Modules that depend on AEAD
114 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
115 scripts/config.py unset MBEDTLS_SSL_TICKET_C
116
117 make
118
119 msg "test: default with only CBC-legacy cipher use psa"
120 make test
121
122 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
123 tests/ssl-opt.sh -f "TLS 1.2"
124}
125
126component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
127 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
128
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]129 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
130 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
131 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
132 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
133 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
134 # Note: The three unsets below are to be removed for Mbed TLS 4.0
135 scripts/config.py unset MBEDTLS_GCM_C
136 scripts/config.py unset MBEDTLS_CCM_C
137 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
138 #Disable TLS 1.3 (as no AEAD)
139 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
140 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
141 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
142 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
143 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
144 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
145 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
146 # Modules that depend on AEAD
147 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
148 scripts/config.py unset MBEDTLS_SSL_TICKET_C
149
150 make
151
152 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
153 make test
154
155 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
156 tests/ssl-opt.sh -f "TLS 1.2"
157}
158
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]159component_test_config_thread () {
160 msg "build: configs/config-thread.h"
Gilles Peskine86ceb132024-09-14 11:24:07 +0200[diff] [blame]161 cp configs/config-thread.h "$CONFIG_H"
Gilles Peskine86ceb132024-09-14 11:24:07 +0200[diff] [blame]162 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
163 # want to re-generate generated files that depend on it, quite correctly.
164 # However this doesn't work as the generation script expects a specific
165 # format for mbedtls_config.h, which the other files don't follow. Also,
166 # cmake can't know this, but re-generation is actually not necessary as
167 # the generated files only depend on the list of available options, not
168 # whether they're on or off. So, disable cmake's (over-sensitive here)
169 # dependency resolution for generated files and just rely on them being
170 # present (thanks to pre_generate_files) by turning GEN_FILES off.
171 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
172 make
173
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]174 msg "test: configs/config-thread.h - unit tests"
Gilles Peskine86ceb132024-09-14 11:24:07 +0200[diff] [blame]175 make test
176
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]177 msg "test: configs/config-thread.h - ssl-opt.sh"
Gilles Peskine86ceb132024-09-14 11:24:07 +0200[diff] [blame]178 tests/ssl-opt.sh -f 'ECJPAKE.*nolog'
179}
180
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]181component_test_tls1_2_ccm_psk () {
182 msg "build: configs/config-ccm-psk-tls1_2.h"
Gilles Peskine063fb8c2024-09-14 11:10:05 +0200[diff] [blame]183 cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"
Gilles Peskine063fb8c2024-09-14 11:10:05 +0200[diff] [blame]184 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
185 # want to re-generate generated files that depend on it, quite correctly.
186 # However this doesn't work as the generation script expects a specific
187 # format for mbedtls_config.h, which the other files don't follow. Also,
188 # cmake can't know this, but re-generation is actually not necessary as
189 # the generated files only depend on the list of available options, not
190 # whether they're on or off. So, disable cmake's (over-sensitive here)
191 # dependency resolution for generated files and just rely on them being
192 # present (thanks to pre_generate_files) by turning GEN_FILES off.
193 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
194 make
195
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]196 msg "test: configs/config-ccm-psk-tls1_2.h - unit tests"
Gilles Peskine063fb8c2024-09-14 11:10:05 +0200[diff] [blame]197 make test
198
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]199 msg "test: configs/config-ccm-psk-tls1_2.h - compat.sh"
Gilles Peskine063fb8c2024-09-14 11:10:05 +0200[diff] [blame]200 tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
201}
202
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]203component_test_tls1_2_ccm_psk_dtls () {
204 msg "build: configs/config-ccm-psk-dtls1_2.h"
Gilles Peskine68f511e2024-09-14 11:19:31 +0200[diff] [blame]205 cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H"
Gilles Peskine68f511e2024-09-14 11:19:31 +0200[diff] [blame]206 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
207 # want to re-generate generated files that depend on it, quite correctly.
208 # However this doesn't work as the generation script expects a specific
209 # format for mbedtls_config.h, which the other files don't follow. Also,
210 # cmake can't know this, but re-generation is actually not necessary as
211 # the generated files only depend on the list of available options, not
212 # whether they're on or off. So, disable cmake's (over-sensitive here)
213 # dependency resolution for generated files and just rely on them being
214 # present (thanks to pre_generate_files) by turning GEN_FILES off.
215 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
216 make
217
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]218 msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests"
Gilles Peskine68f511e2024-09-14 11:19:31 +0200[diff] [blame]219 make test
220
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]221 msg "test: configs/config-ccm-psk-dtls1_2.h - compat.sh"
Gilles Peskine68f511e2024-09-14 11:19:31 +0200[diff] [blame]222 tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
223
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]224 msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG"
Gilles Peskine68f511e2024-09-14 11:19:31 +0200[diff] [blame]225 MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
226 make clean
227 scripts/config.py set MBEDTLS_DEBUG_C
228 scripts/config.py set MBEDTLS_ERROR_C
229 make ssl-opt
230
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]231 msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh"
Gilles Peskine68f511e2024-09-14 11:19:31 +0200[diff] [blame]232 tests/ssl-opt.sh
233}
234
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]235component_test_small_ssl_out_content_len () {
236 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
237 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
238 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
239 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
240 make
241
242 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
243 tests/ssl-opt.sh -f "Max fragment\|Large packet"
244}
245
246component_test_small_ssl_in_content_len () {
247 msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
248 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096
249 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
250 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
251 make
252
253 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
254 tests/ssl-opt.sh -f "Max fragment"
255}
256
257component_test_small_ssl_dtls_max_buffering () {
258 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
259 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
260 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
261 make
262
263 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
264 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
265}
266
267component_test_small_mbedtls_ssl_dtls_max_buffering () {
268 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
269 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
270 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
271 make
272
273 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
274 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
275}
276
277# Common helper for component_full_without_ecdhe_ecdsa() and
278# component_full_without_ecdhe_ecdsa_and_tls13() which:
279# - starts from the "full" configuration minus the list of symbols passed in
280# as 1st parameter
281# - build
282# - test only TLS (i.e. test_suite_tls and ssl-opt)
283build_full_minus_something_and_test_tls () {
284 symbols_to_disable="$1"
285
286 msg "build: full minus something, test TLS"
287
288 scripts/config.py full
289 for sym in $symbols_to_disable; do
290 echo "Disabling $sym"
291 scripts/config.py unset $sym
292 done
293
294 make
295
296 msg "test: full minus something, test TLS"
297 ( cd tests; ./test_suite_ssl )
298
299 msg "ssl-opt: full minus something, test TLS"
300 tests/ssl-opt.sh
301}
302
303component_full_without_ecdhe_ecdsa () {
304 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
305}
306
307component_full_without_ecdhe_ecdsa_and_tls13 () {
308 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
309 MBEDTLS_SSL_PROTO_TLS1_3"
310}
311
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]312component_build_no_ssl_srv () {
313 msg "build: full config except SSL server, make, gcc" # ~ 30s
314 scripts/config.py full
315 scripts/config.py unset MBEDTLS_SSL_SRV_C
Minos Galanakisa368c8a2024-08-06 12:06:51 +0100[diff] [blame]316 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes'
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]317}
318
319component_build_no_ssl_cli () {
320 msg "build: full config except SSL client, make, gcc" # ~ 30s
321 scripts/config.py full
322 scripts/config.py unset MBEDTLS_SSL_CLI_C
Minos Galanakisa368c8a2024-08-06 12:06:51 +0100[diff] [blame]323 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes'
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]324}
325
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]326component_test_no_max_fragment_length () {
327 # Run max fragment length tests with MFL disabled
328 msg "build: default config except MFL extension (ASan build)" # ~ 30s
329 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
330 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
331 make
332
333 msg "test: ssl-opt.sh, MFL-related tests"
334 tests/ssl-opt.sh -f "Max fragment length"
335}
336
337component_test_asan_remove_peer_certificate () {
338 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
339 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
340 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
341 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
342 make
343
344 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
345 make test
346
347 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
348 tests/ssl-opt.sh
349
350 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
351 tests/compat.sh
352
353 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
354 tests/context-info.sh
355}
356
357component_test_no_max_fragment_length_small_ssl_out_content_len () {
358 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
359 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
360 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
361 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
362 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
363 make
364
365 msg "test: MFL tests (disabled MFL extension case) & large packet tests"
366 tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
367
368 msg "test: context-info.sh (disabled MFL extension case)"
369 tests/context-info.sh
370}
371
372component_test_variable_ssl_in_out_buffer_len () {
373 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
374 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
375 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
376 make
377
378 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
379 make test
380
381 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
382 tests/ssl-opt.sh
383
384 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
385 tests/compat.sh
386}
387
388component_test_dtls_cid_legacy () {
389 msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
390 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
391
392 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
393 make
394
395 msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
396 make test
397
398 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
399 tests/ssl-opt.sh
400
401 msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
402 tests/compat.sh
403}
404
405component_test_ssl_alloc_buffer_and_mfl () {
406 msg "build: default config with memory buffer allocator and MFL extension"
407 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
408 scripts/config.py set MBEDTLS_PLATFORM_MEMORY
409 scripts/config.py set MBEDTLS_MEMORY_DEBUG
410 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
411 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
412 cmake -DCMAKE_BUILD_TYPE:String=Release .
413 make
414
415 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
416 make test
417
418 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
419 tests/ssl-opt.sh -f "Handshake memory usage"
420}
421
422component_test_when_no_ciphersuites_have_mac () {
423 msg "build: when no ciphersuites have MAC"
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]424 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
425 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
426 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
427 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
428
429 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
430 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
431 scripts/config.py unset MBEDTLS_CMAC_C
432
433 make
434
435 msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC"
436 make test
437
438 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC"
439 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
440}
441
442component_test_tls12_only () {
443 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan"
444 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
445 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
446 make
447
448 msg "test: main suites (inc. selftests) (ASan build)"
449 make test
450
451 msg "test: ssl-opt.sh (ASan build)"
452 tests/ssl-opt.sh
453
454 msg "test: compat.sh (ASan build)"
455 tests/compat.sh
456}
457
458component_test_tls13_only () {
459 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
460 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
461 scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
462 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
463
464 msg "test: TLS 1.3 only, all key exchange modes enabled"
465 make test
466
467 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
468 tests/ssl-opt.sh
469}
470
471component_test_tls13_only_psk () {
472 msg "build: TLS 1.3 only from default, only PSK key exchange mode"
473 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
474 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]475 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
476 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
477 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]478 scripts/config.py unset MBEDTLS_PKCS7_C
479 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]480
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]481 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
482 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
483 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
484 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
485 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
486 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH
487 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
488 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
489 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
490 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
491 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
492 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048
493 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072
494 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096
495 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144
496 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]497 # Note: The four unsets below are to be removed for Mbed TLS 4.0
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]498 scripts/config.py unset MBEDTLS_ECDH_C
499 scripts/config.py unset MBEDTLS_ECDSA_C
500 scripts/config.py unset MBEDTLS_PKCS1_V21
501 scripts/config.py unset MBEDTLS_DHM_C
502
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]503 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
504
505 msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled"
506 cd tests; ./test_suite_ssl; cd ..
507
508 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
509 tests/ssl-opt.sh
510}
511
512component_test_tls13_only_ephemeral () {
513 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
514 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
515 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
516 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
517 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
518
519 msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
520 cd tests; ./test_suite_ssl; cd ..
521
522 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
523 tests/ssl-opt.sh
524}
525
526component_test_tls13_only_ephemeral_ffdh () {
527 msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
528 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
529 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
530 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]531
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]532 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]533 # Note: The unset below is to be removed for Mbed TLS 4.0
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]534 scripts/config.py unset MBEDTLS_ECDH_C
535
536 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
537
538 msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode"
539 cd tests; ./test_suite_ssl; cd ..
540
541 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
542 tests/ssl-opt.sh
543}
544
545component_test_tls13_only_psk_ephemeral () {
546 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
547 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
548 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
549 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
550 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
551 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]552 scripts/config.py unset MBEDTLS_PKCS7_C
553 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]554
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]555 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
556 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
557 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
558 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]559 # Note: The two unsets below are to be removed for Mbed TLS 4.0
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]560 scripts/config.py unset MBEDTLS_ECDSA_C
561 scripts/config.py unset MBEDTLS_PKCS1_V21
562
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]563 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
564
565 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode"
566 cd tests; ./test_suite_ssl; cd ..
567
568 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
569 tests/ssl-opt.sh
570}
571
572component_test_tls13_only_psk_ephemeral_ffdh () {
573 msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode"
574 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
575 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
576 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
577 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
578 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]579 scripts/config.py unset MBEDTLS_PKCS7_C
580 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]581
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]582 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
583 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
584 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
585 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
586 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
587 # Note: The three unsets below are to be removed for Mbed TLS 4.0
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]588 scripts/config.py unset MBEDTLS_ECDH_C
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]589 scripts/config.py unset MBEDTLS_ECDSA_C
590 scripts/config.py unset MBEDTLS_PKCS1_V21
591
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]592 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
593
594 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
595 cd tests; ./test_suite_ssl; cd ..
596
597 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
598 tests/ssl-opt.sh
599}
600
601component_test_tls13_only_psk_all () {
602 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
603 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
604 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
605 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
606 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]607 scripts/config.py unset MBEDTLS_PKCS7_C
608 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]609
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]610 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
611 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
612 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
613 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]614 # Note: The two unsets below are to be removed for Mbed TLS 4.0
Ronald Crona9511bc2024-09-06 09:21:10 +0200[diff] [blame]615 scripts/config.py unset MBEDTLS_ECDSA_C
616 scripts/config.py unset MBEDTLS_PKCS1_V21
617
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]618 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
619
620 msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
621 cd tests; ./test_suite_ssl; cd ..
622
623 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
624 tests/ssl-opt.sh
625}
626
627component_test_tls13_only_ephemeral_all () {
628 msg "build: TLS 1.3 only from default, without PSK key exchange mode"
629 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
630 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
631 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
632
633 msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
634 cd tests; ./test_suite_ssl; cd ..
635
636 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
637 tests/ssl-opt.sh
638}
639
640component_test_tls13_no_padding () {
641 msg "build: default config plus early data minus padding"
642 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
643 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
644 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
645 make
646 msg "test: default config plus early data minus padding"
647 make test
648 msg "ssl-opt.sh (TLS 1.3 no padding)"
649 tests/ssl-opt.sh
650}
651
652component_test_tls13_no_compatibility_mode () {
653 msg "build: default config plus early data minus middlebox compatibility mode"
654 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
655 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
656 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
657 make
658 msg "test: default config plus early data minus middlebox compatibility mode"
659 make test
660 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
661 tests/ssl-opt.sh
662}
663
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]664component_test_full_minus_session_tickets () {
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]665 msg "build: full config without session tickets"
666 scripts/config.py full
667 scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
668 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
669 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
670 make
671 msg "test: full config without session tickets"
672 make test
673 msg "ssl-opt.sh (full config without session tickets)"
674 tests/ssl-opt.sh
675}
676
Minos Galanakis4b6ee642024-08-01 11:20:02 +0100[diff] [blame]677component_test_depends_py_kex () {
678 msg "test/build: depends.py kex (gcc)"
Minos Galanakis4b6ee642024-08-01 11:20:02 +0100[diff] [blame]679 tests/scripts/depends.py kex
680}
681
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]682