Minos Galanakis | 7771119 | 2024-07-25 14:24:37 +0100 | [diff] [blame] | 1 | # components.sh |
| 2 | # |
| 3 | # Copyright The Mbed TLS Contributors |
| 4 | # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| 5 | |
| 6 | # This file contains the test components that are executed by all.sh |
| 7 | |
| 8 | # The functions below are named as follows: |
| 9 | # * component_XXX: independent components. They can be run in any order. |
| 10 | # * component_check_XXX: quick tests that aren't worth parallelizing. |
| 11 | # * component_build_XXX: build things but don't run them. |
| 12 | # * component_test_XXX: build and test. |
| 13 | # * component_release_XXX: tests that the CI should skip during PR testing. |
| 14 | # * support_XXX: if support_XXX exists and returns false then |
| 15 | # component_XXX is not run by default. |
| 16 | |
| 17 | # Each component must start by invoking `msg` with a short informative message. |
| 18 | # |
| 19 | # Warning: due to the way bash detects errors, the failure of a command |
| 20 | # inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. |
| 21 | # |
| 22 | # Each component is executed in a separate shell process. The component |
| 23 | # fails if any command in it returns a non-zero status. |
| 24 | # |
| 25 | # The framework in all.sh performs some cleanup tasks after each component. |
| 26 | # This means that components can assume that the working directory is in a |
| 27 | # cleaned-up state, and don't need to perform the cleanup themselves. |
| 28 | # * Run `make clean`. |
| 29 | # * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running |
| 30 | # the component. |
| 31 | # * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, |
| 32 | # `tests/Makefile` and `programs/fuzz/Makefile` from git. |
| 33 | # This cleans up after an in-tree use of CMake. |
| 34 | # |
| 35 | # The tests are roughly in order from fastest to slowest. This doesn't |
| 36 | # have to be exact, but in general you should add slower tests towards |
| 37 | # the end and fast checks near the beginning. |
| 38 | |
| 39 | |
| 40 | ################################################################ |
| 41 | #### Build and test many configurations and targets |
| 42 | ################################################################ |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 43 | |
| 44 | ################################################################ |
| 45 | #### Basic checks |
| 46 | ################################################################ |
| 47 | |
| 48 | # |
| 49 | # Test Suites to be executed |
| 50 | # |
| 51 | # The test ordering tries to optimize for the following criteria: |
| 52 | # 1. Catch possible problems early, by running first tests that run quickly |
| 53 | # and/or are more likely to fail than others (eg I use Clang most of the |
| 54 | # time, so start with a GCC build). |
| 55 | # 2. Minimize total running time, by avoiding useless rebuilds |
| 56 | # |
| 57 | # Indicative running times are given for reference. |
| 58 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 59 | ################################################################ |
| 60 | #### Build and test many configurations and targets |
| 61 | ################################################################ |
| 62 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 63 | # Get a list of library-wise undefined symbols and ensure that they only |
| 64 | # belong to psa_xxx() functions and not to mbedtls_yyy() ones. |
| 65 | # This function is a common helper used by both: |
| 66 | # - component_test_default_psa_crypto_client_without_crypto_provider |
| 67 | # - component_build_full_psa_crypto_client_without_crypto_provider. |
| 68 | common_check_mbedtls_missing_symbols () { |
| 69 | nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt |
| 70 | nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt |
| 71 | comm sym_def.txt sym_undef.txt -13 > linking_errors.txt |
| 72 | not grep mbedtls_ linking_errors.txt |
| 73 | |
| 74 | rm sym_def.txt sym_undef.txt linking_errors.txt |
| 75 | } |
| 76 | |
| 77 | component_test_default_psa_crypto_client_without_crypto_provider () { |
| 78 | msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" |
| 79 | |
| 80 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_C |
| 81 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C |
| 82 | scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C |
| 83 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 84 | scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT |
| 85 | scripts/config.py unset MBEDTLS_LMS_C |
| 86 | |
| 87 | make |
| 88 | |
| 89 | msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" |
| 90 | common_check_mbedtls_missing_symbols |
| 91 | |
| 92 | msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" |
| 93 | make test |
| 94 | } |
| 95 | |
| 96 | component_build_full_psa_crypto_client_without_crypto_provider () { |
| 97 | msg "build: full config - PSA_CRYPTO_C" |
| 98 | |
| 99 | # Use full config which includes USE_PSA and CRYPTO_CLIENT. |
| 100 | scripts/config.py full |
| 101 | |
| 102 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_C |
| 103 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C |
| 104 | # Dynamic secure element support is a deprecated feature and it is not |
| 105 | # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled. |
| 106 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C |
| 107 | |
| 108 | # Since there is no crypto provider in this build it is not possible to |
| 109 | # build all the test executables and progrems due to missing PSA functions |
| 110 | # at link time. Therefore we will just build libraries and we'll check |
| 111 | # that symbols of interest are there. |
| 112 | make lib |
| 113 | |
| 114 | msg "check missing symbols: full config - PSA_CRYPTO_C" |
| 115 | |
| 116 | common_check_mbedtls_missing_symbols |
| 117 | |
| 118 | # Ensure that desired functions are included into the build (extend the |
| 119 | # following list as required). |
| 120 | grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a |
| 121 | grep mbedtls_pk_import_into_psa library/libmbedcrypto.a |
| 122 | grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a |
| 123 | } |
| 124 | |
| 125 | component_test_psa_crypto_rsa_no_genprime () { |
| 126 | msg "build: default config minus MBEDTLS_GENPRIME" |
| 127 | scripts/config.py unset MBEDTLS_GENPRIME |
| 128 | make |
| 129 | |
| 130 | msg "test: default config minus MBEDTLS_GENPRIME" |
| 131 | make test |
| 132 | } |
| 133 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 134 | component_test_full_no_cipher_no_psa_crypto () { |
| 135 | msg "build: full no CIPHER no PSA_CRYPTO_C" |
| 136 | scripts/config.py full |
| 137 | scripts/config.py unset MBEDTLS_CIPHER_C |
| 138 | # Don't pull in cipher via PSA mechanisms |
| 139 | # (currently ignored anyway because we completely disable PSA) |
| 140 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG |
| 141 | # Disable features that depend on CIPHER_C |
| 142 | scripts/config.py unset MBEDTLS_CMAC_C |
| 143 | scripts/config.py unset MBEDTLS_NIST_KW_C |
| 144 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_C |
| 145 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT |
| 146 | scripts/config.py unset MBEDTLS_SSL_TLS_C |
| 147 | scripts/config.py unset MBEDTLS_SSL_TICKET_C |
| 148 | # Disable features that depend on PSA_CRYPTO_C |
| 149 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C |
| 150 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C |
| 151 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 152 | scripts/config.py unset MBEDTLS_LMS_C |
| 153 | scripts/config.py unset MBEDTLS_LMS_PRIVATE |
| 154 | |
| 155 | msg "test: full no CIPHER no PSA_CRYPTO_C" |
| 156 | make test |
| 157 | } |
| 158 | |
| 159 | # This is a common configurator and test function that is used in: |
| 160 | # - component_test_full_no_cipher_with_psa_crypto |
| 161 | # - component_test_full_no_cipher_with_psa_crypto_config |
| 162 | # It accepts 2 input parameters: |
| 163 | # - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG |
| 164 | # - $2: a text string which describes the test component |
| 165 | common_test_full_no_cipher_with_psa_crypto () { |
| 166 | USE_CRYPTO_CONFIG="$1" |
| 167 | COMPONENT_DESCRIPTION="$2" |
| 168 | |
| 169 | msg "build: $COMPONENT_DESCRIPTION" |
| 170 | |
| 171 | scripts/config.py full |
| 172 | scripts/config.py unset MBEDTLS_CIPHER_C |
| 173 | |
| 174 | if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then |
| 175 | # The built-in implementation of the following algs/key-types depends |
| 176 | # on CIPHER_C so we disable them. |
| 177 | # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 |
| 178 | # so we keep them enabled. |
| 179 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG |
| 180 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC |
| 181 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING |
| 182 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 |
| 183 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB |
| 184 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR |
| 185 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING |
| 186 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB |
| 187 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 |
| 188 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER |
| 189 | scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES |
| 190 | else |
| 191 | # Don't pull in cipher via PSA mechanisms |
| 192 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG |
| 193 | # Disable cipher modes/keys that make PSA depend on CIPHER_C. |
| 194 | # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C. |
| 195 | scripts/config.py unset-all MBEDTLS_CIPHER_MODE |
| 196 | fi |
| 197 | # The following modules directly depends on CIPHER_C |
| 198 | scripts/config.py unset MBEDTLS_CMAC_C |
| 199 | scripts/config.py unset MBEDTLS_NIST_KW_C |
| 200 | |
| 201 | make |
| 202 | |
| 203 | # Ensure that CIPHER_C was not re-enabled |
| 204 | not grep mbedtls_cipher_init library/cipher.o |
| 205 | |
| 206 | msg "test: $COMPONENT_DESCRIPTION" |
| 207 | make test |
| 208 | } |
| 209 | |
| 210 | component_test_full_no_cipher_with_psa_crypto () { |
| 211 | common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG" |
| 212 | } |
| 213 | |
| 214 | component_test_full_no_cipher_with_psa_crypto_config () { |
| 215 | common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER" |
| 216 | } |
| 217 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 218 | component_test_full_no_bignum () { |
| 219 | msg "build: full minus bignum" |
| 220 | scripts/config.py full |
| 221 | scripts/config.py unset MBEDTLS_BIGNUM_C |
| 222 | # Direct dependencies of bignum |
| 223 | scripts/config.py unset MBEDTLS_ECP_C |
| 224 | scripts/config.py unset MBEDTLS_RSA_C |
| 225 | scripts/config.py unset MBEDTLS_DHM_C |
| 226 | # Direct dependencies of ECP |
| 227 | scripts/config.py unset MBEDTLS_ECDH_C |
| 228 | scripts/config.py unset MBEDTLS_ECDSA_C |
| 229 | scripts/config.py unset MBEDTLS_ECJPAKE_C |
| 230 | scripts/config.py unset MBEDTLS_ECP_RESTARTABLE |
| 231 | # Disable what auto-enables ECP_LIGHT |
| 232 | scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED |
| 233 | scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED |
| 234 | # Indirect dependencies of ECP |
| 235 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
| 236 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| 237 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
| 238 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| 239 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 240 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
| 241 | scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED |
| 242 | scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED |
| 243 | # Direct dependencies of DHM |
| 244 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
| 245 | # Direct dependencies of RSA |
| 246 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
| 247 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| 248 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
| 249 | scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT |
| 250 | # PK and its dependencies |
| 251 | scripts/config.py unset MBEDTLS_PK_C |
| 252 | scripts/config.py unset MBEDTLS_PK_PARSE_C |
| 253 | scripts/config.py unset MBEDTLS_PK_WRITE_C |
| 254 | scripts/config.py unset MBEDTLS_X509_USE_C |
| 255 | scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C |
| 256 | scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C |
| 257 | scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C |
| 258 | scripts/config.py unset MBEDTLS_X509_CREATE_C |
| 259 | scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C |
| 260 | scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C |
| 261 | scripts/config.py unset MBEDTLS_PKCS7_C |
| 262 | scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION |
| 263 | scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE |
| 264 | scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK |
| 265 | |
| 266 | make |
| 267 | |
| 268 | msg "test: full minus bignum" |
| 269 | make test |
| 270 | } |
| 271 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 272 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 273 | |
| 274 | component_test_tls1_2_default_stream_cipher_only_use_psa () { |
| 275 | msg "build: default with only stream cipher use psa" |
| 276 | |
| 277 | scripts/config.py set MBEDTLS_USE_PSA_CRYPTO |
| 278 | # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) |
| 279 | scripts/config.py unset MBEDTLS_GCM_C |
| 280 | scripts/config.py unset MBEDTLS_CCM_C |
| 281 | scripts/config.py unset MBEDTLS_CHACHAPOLY_C |
| 282 | #Disable TLS 1.3 (as no AEAD) |
| 283 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 284 | # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) |
| 285 | scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC |
| 286 | # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| 287 | scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC |
| 288 | # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) |
| 289 | scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER |
| 290 | # Modules that depend on AEAD |
| 291 | scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION |
| 292 | scripts/config.py unset MBEDTLS_SSL_TICKET_C |
| 293 | |
| 294 | make |
| 295 | |
| 296 | msg "test: default with only stream cipher use psa" |
| 297 | make test |
| 298 | |
| 299 | # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. |
| 300 | } |
| 301 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 302 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 303 | |
| 304 | component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { |
| 305 | msg "build: default with only CBC-legacy cipher use psa" |
| 306 | |
| 307 | scripts/config.py set MBEDTLS_USE_PSA_CRYPTO |
| 308 | # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) |
| 309 | scripts/config.py unset MBEDTLS_GCM_C |
| 310 | scripts/config.py unset MBEDTLS_CCM_C |
| 311 | scripts/config.py unset MBEDTLS_CHACHAPOLY_C |
| 312 | #Disable TLS 1.3 (as no AEAD) |
| 313 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 314 | # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) |
| 315 | scripts/config.py set MBEDTLS_CIPHER_MODE_CBC |
| 316 | # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| 317 | scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC |
| 318 | # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) |
| 319 | scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER |
| 320 | # Modules that depend on AEAD |
| 321 | scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION |
| 322 | scripts/config.py unset MBEDTLS_SSL_TICKET_C |
| 323 | |
| 324 | make |
| 325 | |
| 326 | msg "test: default with only CBC-legacy cipher use psa" |
| 327 | make test |
| 328 | |
| 329 | msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" |
| 330 | tests/ssl-opt.sh -f "TLS 1.2" |
| 331 | } |
| 332 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 333 | component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { |
| 334 | msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" |
| 335 | |
| 336 | scripts/config.py set MBEDTLS_USE_PSA_CRYPTO |
| 337 | # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) |
| 338 | scripts/config.py unset MBEDTLS_GCM_C |
| 339 | scripts/config.py unset MBEDTLS_CCM_C |
| 340 | scripts/config.py unset MBEDTLS_CHACHAPOLY_C |
| 341 | #Disable TLS 1.3 (as no AEAD) |
| 342 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 343 | # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) |
| 344 | scripts/config.py set MBEDTLS_CIPHER_MODE_CBC |
| 345 | # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| 346 | scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC |
| 347 | # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) |
| 348 | scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER |
| 349 | # Modules that depend on AEAD |
| 350 | scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION |
| 351 | scripts/config.py unset MBEDTLS_SSL_TICKET_C |
| 352 | |
| 353 | make |
| 354 | |
| 355 | msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" |
| 356 | make test |
| 357 | |
| 358 | msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" |
| 359 | tests/ssl-opt.sh -f "TLS 1.2" |
| 360 | } |
| 361 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 362 | skip_suites_without_constant_flow () { |
| 363 | # Skip the test suites that don't have any constant-flow annotations. |
| 364 | # This will need to be adjusted if we ever start declaring things as |
| 365 | # secret from macros or functions inside tests/include or tests/src. |
| 366 | SKIP_TEST_SUITES=$( |
| 367 | git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | |
| 368 | sed 's/test_suite_//; s/\.function$//' | |
| 369 | tr '\n' ,) |
| 370 | export SKIP_TEST_SUITES |
| 371 | } |
| 372 | |
| 373 | skip_all_except_given_suite () { |
| 374 | # Skip all but the given test suite |
| 375 | SKIP_TEST_SUITES=$( |
| 376 | ls -1 tests/suites/test_suite_*.function | |
| 377 | grep -v $1.function | |
| 378 | sed 's/tests.suites.test_suite_//; s/\.function$//' | |
| 379 | tr '\n' ,) |
| 380 | export SKIP_TEST_SUITES |
| 381 | } |
| 382 | |
| 383 | component_test_memsan_constant_flow () { |
| 384 | # This tests both (1) accesses to undefined memory, and (2) branches or |
| 385 | # memory access depending on secret values. To distinguish between those: |
| 386 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? |
| 387 | # - or alternatively, change the build type to MemSanDbg, which enables |
| 388 | # origin tracking and nicer stack traces (which are useful for debugging |
| 389 | # anyway), and check if the origin was TEST_CF_SECRET() or something else. |
| 390 | msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing" |
| 391 | scripts/config.py full |
| 392 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN |
| 393 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 394 | scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm |
| 395 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . |
| 396 | make |
| 397 | |
| 398 | msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)" |
| 399 | make test |
| 400 | } |
| 401 | |
| 402 | component_test_memsan_constant_flow_psa () { |
| 403 | # This tests both (1) accesses to undefined memory, and (2) branches or |
| 404 | # memory access depending on secret values. To distinguish between those: |
| 405 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? |
| 406 | # - or alternatively, change the build type to MemSanDbg, which enables |
| 407 | # origin tracking and nicer stack traces (which are useful for debugging |
| 408 | # anyway), and check if the origin was TEST_CF_SECRET() or something else. |
| 409 | msg "build: cmake MSan (clang), full config with constant flow testing" |
| 410 | scripts/config.py full |
| 411 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN |
| 412 | scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm |
| 413 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . |
| 414 | make |
| 415 | |
| 416 | msg "test: main suites (Msan + constant flow)" |
| 417 | make test |
| 418 | } |
| 419 | |
| 420 | component_release_test_valgrind_constant_flow () { |
| 421 | # This tests both (1) everything that valgrind's memcheck usually checks |
| 422 | # (heap buffer overflows, use of uninitialized memory, use-after-free, |
| 423 | # etc.) and (2) branches or memory access depending on secret values, |
| 424 | # which will be reported as uninitialized memory. To distinguish between |
| 425 | # secret and actually uninitialized: |
| 426 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? |
| 427 | # - or alternatively, build with debug info and manually run the offending |
| 428 | # test suite with valgrind --track-origins=yes, then check if the origin |
| 429 | # was TEST_CF_SECRET() or something else. |
| 430 | msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing" |
| 431 | scripts/config.py full |
| 432 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND |
| 433 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 434 | skip_suites_without_constant_flow |
| 435 | cmake -D CMAKE_BUILD_TYPE:String=Release . |
| 436 | make |
| 437 | |
| 438 | # this only shows a summary of the results (how many of each type) |
| 439 | # details are left in Testing/<date>/DynamicAnalysis.xml |
| 440 | msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)" |
| 441 | make memcheck |
| 442 | |
| 443 | # Test asm path in constant time module - by default, it will test the plain C |
| 444 | # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s) |
| 445 | msg "test: valgrind asm constant_time" |
| 446 | scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM |
| 447 | skip_all_except_given_suite test_suite_constant_time |
| 448 | cmake -D CMAKE_BUILD_TYPE:String=Release . |
| 449 | make clean |
| 450 | make |
| 451 | make memcheck |
| 452 | } |
| 453 | |
| 454 | component_release_test_valgrind_constant_flow_psa () { |
| 455 | # This tests both (1) everything that valgrind's memcheck usually checks |
| 456 | # (heap buffer overflows, use of uninitialized memory, use-after-free, |
| 457 | # etc.) and (2) branches or memory access depending on secret values, |
| 458 | # which will be reported as uninitialized memory. To distinguish between |
| 459 | # secret and actually uninitialized: |
| 460 | # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? |
| 461 | # - or alternatively, build with debug info and manually run the offending |
| 462 | # test suite with valgrind --track-origins=yes, then check if the origin |
| 463 | # was TEST_CF_SECRET() or something else. |
| 464 | msg "build: cmake release GCC, full config with constant flow testing" |
| 465 | scripts/config.py full |
| 466 | scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND |
| 467 | skip_suites_without_constant_flow |
| 468 | cmake -D CMAKE_BUILD_TYPE:String=Release . |
| 469 | make |
| 470 | |
| 471 | # this only shows a summary of the results (how many of each type) |
| 472 | # details are left in Testing/<date>/DynamicAnalysis.xml |
| 473 | msg "test: some suites (valgrind + constant flow)" |
| 474 | make memcheck |
| 475 | } |
| 476 | |
| 477 | component_test_tsan () { |
| 478 | msg "build: TSan (clang)" |
| 479 | scripts/config.py full |
| 480 | scripts/config.py set MBEDTLS_THREADING_C |
| 481 | scripts/config.py set MBEDTLS_THREADING_PTHREAD |
| 482 | # Self-tests do not currently use multiple threads. |
| 483 | scripts/config.py unset MBEDTLS_SELF_TEST |
| 484 | |
| 485 | # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. |
| 486 | scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C |
| 487 | |
| 488 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . |
| 489 | make |
| 490 | |
| 491 | msg "test: main suites (TSan)" |
| 492 | make test |
| 493 | } |
| 494 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 495 | component_build_dhm_alt () { |
| 496 | msg "build: MBEDTLS_DHM_ALT" # ~30s |
| 497 | scripts/config.py full |
| 498 | scripts/config.py set MBEDTLS_DHM_ALT |
| 499 | # debug.c currently references mbedtls_dhm_context fields directly. |
| 500 | scripts/config.py unset MBEDTLS_DEBUG_C |
| 501 | # We can only compile, not link, since we don't have any implementations |
| 502 | # suitable for testing with the dummy alt headers. |
| 503 | make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib |
| 504 | } |
| 505 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 506 | component_test_psa_crypto_config_accel_hash_keep_builtins () { |
| 507 | msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" |
| 508 | # This component ensures that all the test cases for |
| 509 | # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run. |
| 510 | |
| 511 | loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ |
| 512 | ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ |
| 513 | ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" |
| 514 | |
| 515 | # Start from default config (no USE_PSA) |
| 516 | helper_libtestdriver1_adjust_config "default" |
| 517 | |
| 518 | helper_libtestdriver1_make_drivers "$loc_accel_list" |
| 519 | |
| 520 | helper_libtestdriver1_make_main "$loc_accel_list" |
| 521 | |
| 522 | msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" |
| 523 | make test |
| 524 | } |
| 525 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 526 | # This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. |
| 527 | component_build_psa_accel_alg_ecdh () { |
| 528 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" |
| 529 | scripts/config.py full |
| 530 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 531 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 532 | scripts/config.py unset MBEDTLS_ECDH_C |
| 533 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| 534 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
| 535 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 536 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| 537 | scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
| 538 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 539 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 540 | } |
| 541 | |
| 542 | # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. |
| 543 | component_build_psa_accel_alg_hmac () { |
| 544 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC" |
| 545 | scripts/config.py full |
| 546 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 547 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 548 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 549 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 550 | } |
| 551 | |
| 552 | # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. |
| 553 | component_build_psa_accel_alg_hkdf () { |
| 554 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" |
| 555 | scripts/config.py full |
| 556 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 557 | scripts/config.py unset MBEDTLS_HKDF_C |
| 558 | # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. |
| 559 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 560 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 561 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 562 | } |
| 563 | |
| 564 | # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. |
| 565 | component_build_psa_accel_alg_md5 () { |
| 566 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes" |
| 567 | scripts/config.py full |
| 568 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 569 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 570 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 |
| 571 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 |
| 572 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 |
| 573 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 |
| 574 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 |
| 575 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 |
| 576 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS |
| 577 | scripts/config.py unset MBEDTLS_LMS_C |
| 578 | scripts/config.py unset MBEDTLS_LMS_PRIVATE |
| 579 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 580 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 581 | } |
| 582 | |
| 583 | # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. |
| 584 | component_build_psa_accel_alg_ripemd160 () { |
| 585 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes" |
| 586 | scripts/config.py full |
| 587 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 588 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 589 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 |
| 590 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 |
| 591 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 |
| 592 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 |
| 593 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 |
| 594 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 |
| 595 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS |
| 596 | scripts/config.py unset MBEDTLS_LMS_C |
| 597 | scripts/config.py unset MBEDTLS_LMS_PRIVATE |
| 598 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 599 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 600 | } |
| 601 | |
| 602 | # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. |
| 603 | component_build_psa_accel_alg_sha1 () { |
| 604 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes" |
| 605 | scripts/config.py full |
| 606 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 607 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 608 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 |
| 609 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 |
| 610 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 |
| 611 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 |
| 612 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 |
| 613 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 |
| 614 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS |
| 615 | scripts/config.py unset MBEDTLS_LMS_C |
| 616 | scripts/config.py unset MBEDTLS_LMS_PRIVATE |
| 617 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 618 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 619 | } |
| 620 | |
| 621 | # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. |
| 622 | component_build_psa_accel_alg_sha224 () { |
| 623 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes" |
| 624 | scripts/config.py full |
| 625 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 626 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 627 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 |
| 628 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 |
| 629 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 |
| 630 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 |
| 631 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 |
| 632 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS |
| 633 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 634 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 635 | } |
| 636 | |
| 637 | # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. |
| 638 | component_build_psa_accel_alg_sha256 () { |
| 639 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes" |
| 640 | scripts/config.py full |
| 641 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 642 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 643 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 |
| 644 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 |
| 645 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 |
| 646 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 |
| 647 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 |
| 648 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 |
| 649 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 650 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 651 | } |
| 652 | |
| 653 | # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. |
| 654 | component_build_psa_accel_alg_sha384 () { |
| 655 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes" |
| 656 | scripts/config.py full |
| 657 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 658 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 659 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 |
| 660 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 |
| 661 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 |
| 662 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 |
| 663 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 |
| 664 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS |
| 665 | scripts/config.py unset MBEDTLS_LMS_C |
| 666 | scripts/config.py unset MBEDTLS_LMS_PRIVATE |
| 667 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 668 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 669 | } |
| 670 | |
| 671 | # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. |
| 672 | component_build_psa_accel_alg_sha512 () { |
| 673 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes" |
| 674 | scripts/config.py full |
| 675 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 676 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 677 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 |
| 678 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 |
| 679 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 |
| 680 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 |
| 681 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 |
| 682 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 |
| 683 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS |
| 684 | scripts/config.py unset MBEDTLS_LMS_C |
| 685 | scripts/config.py unset MBEDTLS_LMS_PRIVATE |
| 686 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 687 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 688 | } |
| 689 | |
| 690 | # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. |
| 691 | component_build_psa_accel_alg_rsa_pkcs1v15_crypt () { |
| 692 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" |
| 693 | scripts/config.py full |
| 694 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 695 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 696 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 |
| 697 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN |
| 698 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP |
| 699 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS |
| 700 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 701 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 702 | } |
| 703 | |
| 704 | # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. |
| 705 | component_build_psa_accel_alg_rsa_pkcs1v15_sign () { |
| 706 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" |
| 707 | scripts/config.py full |
| 708 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 709 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 710 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 |
| 711 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT |
| 712 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP |
| 713 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS |
| 714 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 715 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 716 | } |
| 717 | |
| 718 | # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. |
| 719 | component_build_psa_accel_alg_rsa_oaep () { |
| 720 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" |
| 721 | scripts/config.py full |
| 722 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 723 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 724 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1 |
| 725 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT |
| 726 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN |
| 727 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS |
| 728 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 729 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 730 | } |
| 731 | |
| 732 | # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. |
| 733 | component_build_psa_accel_alg_rsa_pss () { |
| 734 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" |
| 735 | scripts/config.py full |
| 736 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 737 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 738 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 |
| 739 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT |
| 740 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN |
| 741 | scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP |
| 742 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 743 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 744 | } |
| 745 | |
| 746 | # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. |
| 747 | component_build_psa_accel_key_type_rsa_key_pair () { |
| 748 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS" |
| 749 | scripts/config.py full |
| 750 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 751 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 752 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 |
| 753 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 |
| 754 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 |
| 755 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 |
| 756 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 |
| 757 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 758 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 759 | } |
| 760 | |
| 761 | # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. |
| 762 | component_build_psa_accel_key_type_rsa_public_key () { |
| 763 | msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" |
| 764 | scripts/config.py full |
| 765 | scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO |
| 766 | scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 |
| 767 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 |
| 768 | scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 |
| 769 | # Need to define the correct symbol and include the test driver header path in order to build with the test driver |
| 770 | make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" |
| 771 | } |
| 772 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 773 | support_test_aesni () { |
| 774 | # Check that gcc targets x86_64 (we can build AESNI), and check for |
| 775 | # AESNI support on the host (we can run AESNI). |
| 776 | # |
| 777 | # The name of this function is possibly slightly misleading, but needs to align |
| 778 | # with the name of the corresponding test, component_test_aesni. |
| 779 | # |
| 780 | # In principle 32-bit x86 can support AESNI, but our implementation does not |
| 781 | # support 32-bit x86, so we check for x86-64. |
| 782 | # We can only grep /proc/cpuinfo on Linux, so this also checks for Linux |
| 783 | (gcc -v 2>&1 | grep Target | grep -q x86_64) && |
| 784 | [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] && |
| 785 | (lscpu | grep -qw aes) |
| 786 | } |
| 787 | |
| 788 | component_test_aesni () { # ~ 60s |
| 789 | # This tests the two AESNI implementations (intrinsics and assembly), and also the plain C |
| 790 | # fallback. It also tests the logic that is used to select which implementation(s) to build. |
| 791 | # |
| 792 | # This test does not require the host to have support for AESNI (if it doesn't, the run-time |
| 793 | # AESNI detection will fallback to the plain C implementation, so the tests will instead |
| 794 | # exercise the plain C impl). |
| 795 | |
| 796 | msg "build: default config with different AES implementations" |
| 797 | scripts/config.py set MBEDTLS_AESNI_C |
| 798 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 799 | scripts/config.py set MBEDTLS_HAVE_ASM |
| 800 | |
| 801 | # test the intrinsics implementation |
| 802 | msg "AES tests, test intrinsics" |
| 803 | make clean |
| 804 | make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' |
| 805 | # check that we built intrinsics - this should be used by default when supported by the compiler |
| 806 | ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" |
| 807 | |
| 808 | # test the asm implementation |
| 809 | msg "AES tests, test assembly" |
| 810 | make clean |
| 811 | make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' |
| 812 | # check that we built assembly - this should be built if the compiler does not support intrinsics |
| 813 | ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly" |
| 814 | |
| 815 | # test the plain C implementation |
| 816 | scripts/config.py unset MBEDTLS_AESNI_C |
| 817 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 818 | msg "AES tests, plain C" |
| 819 | make clean |
| 820 | make CC=gcc CFLAGS='-O2 -Werror' |
| 821 | # check that there is no AESNI code present |
| 822 | ./programs/test/selftest aes | not grep -q "AESNI code" |
| 823 | not grep -q "AES note: using AESNI" ./programs/test/selftest |
| 824 | grep -q "AES note: built-in implementation." ./programs/test/selftest |
| 825 | |
| 826 | # test the intrinsics implementation |
| 827 | scripts/config.py set MBEDTLS_AESNI_C |
| 828 | scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY |
| 829 | msg "AES tests, test AESNI only" |
| 830 | make clean |
| 831 | make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' |
| 832 | ./programs/test/selftest aes | grep -q "AES note: using AESNI" |
| 833 | ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." |
| 834 | grep -q "AES note: using AESNI" ./programs/test/selftest |
| 835 | not grep -q "AES note: built-in implementation." ./programs/test/selftest |
| 836 | } |
| 837 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 838 | support_test_aesni_m32 () { |
| 839 | support_test_m32_no_asm && (lscpu | grep -qw aes) |
| 840 | } |
| 841 | |
| 842 | component_test_aesni_m32 () { # ~ 60s |
| 843 | # This tests are duplicated from component_test_aesni for i386 target |
| 844 | # |
| 845 | # AESNI intrinsic code supports i386 and assembly code does not support it. |
| 846 | |
| 847 | msg "build: default config with different AES implementations" |
| 848 | scripts/config.py set MBEDTLS_AESNI_C |
| 849 | scripts/config.py set MBEDTLS_PADLOCK_C |
| 850 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 851 | scripts/config.py set MBEDTLS_HAVE_ASM |
| 852 | |
| 853 | # test the intrinsics implementation with gcc |
| 854 | msg "AES tests, test intrinsics (gcc)" |
| 855 | make clean |
| 856 | make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' |
| 857 | # check that we built intrinsics - this should be used by default when supported by the compiler |
| 858 | ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" |
| 859 | grep -q "AES note: using AESNI" ./programs/test/selftest |
| 860 | grep -q "AES note: built-in implementation." ./programs/test/selftest |
| 861 | grep -q "AES note: using VIA Padlock" ./programs/test/selftest |
| 862 | grep -q mbedtls_aesni_has_support ./programs/test/selftest |
| 863 | |
| 864 | scripts/config.py set MBEDTLS_AESNI_C |
| 865 | scripts/config.py unset MBEDTLS_PADLOCK_C |
| 866 | scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY |
| 867 | msg "AES tests, test AESNI only" |
| 868 | make clean |
| 869 | make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' |
| 870 | ./programs/test/selftest aes | grep -q "AES note: using AESNI" |
| 871 | ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." |
| 872 | grep -q "AES note: using AESNI" ./programs/test/selftest |
| 873 | not grep -q "AES note: built-in implementation." ./programs/test/selftest |
| 874 | not grep -q "AES note: using VIA Padlock" ./programs/test/selftest |
| 875 | not grep -q mbedtls_aesni_has_support ./programs/test/selftest |
| 876 | } |
| 877 | |
| 878 | support_test_aesni_m32_clang () { |
| 879 | # clang >= 4 is required to build with target attributes |
| 880 | support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]] |
| 881 | } |
| 882 | |
| 883 | component_test_aesni_m32_clang () { |
| 884 | |
| 885 | scripts/config.py set MBEDTLS_AESNI_C |
| 886 | scripts/config.py set MBEDTLS_PADLOCK_C |
| 887 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 888 | scripts/config.py set MBEDTLS_HAVE_ASM |
| 889 | |
| 890 | # test the intrinsics implementation with clang |
| 891 | msg "AES tests, test intrinsics (clang)" |
| 892 | make clean |
| 893 | make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' |
| 894 | # check that we built intrinsics - this should be used by default when supported by the compiler |
| 895 | ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" |
| 896 | grep -q "AES note: using AESNI" ./programs/test/selftest |
| 897 | grep -q "AES note: built-in implementation." ./programs/test/selftest |
| 898 | grep -q "AES note: using VIA Padlock" ./programs/test/selftest |
| 899 | grep -q mbedtls_aesni_has_support ./programs/test/selftest |
| 900 | } |
| 901 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 902 | support_build_aes_armce () { |
| 903 | # clang >= 11 is required to build with AES extensions |
| 904 | [[ $(clang_version) -ge 11 ]] |
| 905 | } |
| 906 | |
| 907 | component_build_aes_armce () { |
| 908 | # Test variations of AES with Armv8 crypto extensions |
| 909 | scripts/config.py set MBEDTLS_AESCE_C |
| 910 | scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY |
| 911 | |
| 912 | msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" |
| 913 | make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" |
| 914 | |
| 915 | msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" |
| 916 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" |
| 917 | |
| 918 | msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" |
| 919 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" |
| 920 | |
| 921 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 922 | |
| 923 | msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" |
| 924 | make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" |
| 925 | |
| 926 | msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" |
| 927 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" |
| 928 | |
| 929 | msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" |
| 930 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" |
| 931 | |
| 932 | # test for presence of AES instructions |
| 933 | scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY |
| 934 | msg "clang, test A32 crypto instructions built" |
| 935 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S" |
| 936 | grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o |
| 937 | msg "clang, test T32 crypto instructions built" |
| 938 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S" |
| 939 | grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o |
| 940 | msg "clang, test aarch64 crypto instructions built" |
| 941 | make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S" |
| 942 | grep -E 'aes[a-z]+\s*[qv]' library/aesce.o |
| 943 | |
| 944 | # test for absence of AES instructions |
| 945 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 946 | scripts/config.py unset MBEDTLS_AESCE_C |
| 947 | msg "clang, test A32 crypto instructions not built" |
| 948 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S" |
| 949 | not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o |
| 950 | msg "clang, test T32 crypto instructions not built" |
| 951 | make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S" |
| 952 | not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o |
| 953 | msg "clang, test aarch64 crypto instructions not built" |
| 954 | make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S" |
| 955 | not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o |
| 956 | } |
| 957 | |
| 958 | support_build_sha_armce () { |
| 959 | # clang >= 4 is required to build with SHA extensions |
| 960 | [[ $(clang_version) -ge 4 ]] |
| 961 | } |
| 962 | |
| 963 | component_build_sha_armce () { |
| 964 | scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT |
| 965 | |
| 966 | |
| 967 | # Test variations of SHA256 Armv8 crypto extensions |
| 968 | scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY |
| 969 | msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64" |
| 970 | make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" |
| 971 | msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm" |
| 972 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" |
| 973 | scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY |
| 974 | |
| 975 | |
| 976 | # test the deprecated form of the config option |
| 977 | scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY |
| 978 | msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb" |
| 979 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" |
| 980 | scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY |
| 981 | |
| 982 | scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT |
| 983 | msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" |
| 984 | make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" |
| 985 | scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT |
| 986 | |
| 987 | |
| 988 | # test the deprecated form of the config option |
| 989 | scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT |
| 990 | msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm" |
| 991 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99" |
| 992 | msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb" |
| 993 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" |
| 994 | scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT |
| 995 | |
| 996 | |
| 997 | # examine the disassembly for presence of SHA instructions |
| 998 | for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do |
| 999 | scripts/config.py set ${opt} |
| 1000 | msg "${opt} clang, test A32 crypto instructions built" |
| 1001 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S" |
| 1002 | grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o |
| 1003 | |
| 1004 | msg "${opt} clang, test T32 crypto instructions built" |
| 1005 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S" |
| 1006 | grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o |
| 1007 | |
| 1008 | msg "${opt} clang, test aarch64 crypto instructions built" |
| 1009 | make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S" |
| 1010 | grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o |
| 1011 | scripts/config.py unset ${opt} |
| 1012 | done |
| 1013 | |
| 1014 | |
| 1015 | # examine the disassembly for absence of SHA instructions |
| 1016 | msg "clang, test A32 crypto instructions not built" |
| 1017 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S" |
| 1018 | not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o |
| 1019 | |
| 1020 | msg "clang, test T32 crypto instructions not built" |
| 1021 | make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S" |
| 1022 | not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o |
| 1023 | |
| 1024 | msg "clang, test aarch64 crypto instructions not built" |
| 1025 | make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S" |
| 1026 | not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o |
| 1027 | } |
| 1028 | |
| 1029 | # For timebeing, no VIA Padlock platform available. |
| 1030 | component_build_aes_via_padlock () { |
| 1031 | |
| 1032 | msg "AES:VIA PadLock, build with default configuration." |
| 1033 | scripts/config.py unset MBEDTLS_AESNI_C |
| 1034 | scripts/config.py set MBEDTLS_PADLOCK_C |
| 1035 | scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY |
| 1036 | make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" |
| 1037 | grep -q mbedtls_padlock_has_support ./programs/test/selftest |
| 1038 | |
| 1039 | } |
| 1040 | |
| 1041 | support_build_aes_via_padlock_only () { |
| 1042 | ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \ |
| 1043 | [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \ |
| 1044 | [ "`dpkg --print-foreign-architectures`" == "i386" ] |
| 1045 | } |
| 1046 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 1047 | component_test_m32_no_asm () { |
| 1048 | # Build without assembly, so as to use portable C code (in a 32-bit |
| 1049 | # build) and not the i386-specific inline assembly. |
| 1050 | # |
| 1051 | # Note that we require gcc, because clang Asan builds fail to link for |
| 1052 | # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue). |
| 1053 | msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s |
| 1054 | scripts/config.py full |
| 1055 | scripts/config.py unset MBEDTLS_HAVE_ASM |
| 1056 | scripts/config.py unset MBEDTLS_PADLOCK_C |
| 1057 | scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 |
| 1058 | make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" |
| 1059 | |
| 1060 | msg "test: i386, make, gcc, no asm (ASan build)" |
| 1061 | make test |
| 1062 | } |
| 1063 | support_test_m32_no_asm () { |
| 1064 | case $(uname -m) in |
| 1065 | amd64|x86_64) true;; |
| 1066 | *) false;; |
| 1067 | esac |
| 1068 | } |
| 1069 | |
| 1070 | component_test_m32_o2 () { |
| 1071 | # Build with optimization, to use the i386 specific inline assembly |
| 1072 | # and go faster for tests. |
| 1073 | msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s |
| 1074 | scripts/config.py full |
| 1075 | scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 |
| 1076 | make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" |
| 1077 | |
| 1078 | msg "test: i386, make, gcc -O2 (ASan build)" |
| 1079 | make test |
| 1080 | |
| 1081 | msg "test ssl-opt.sh, i386, make, gcc-O2" |
| 1082 | tests/ssl-opt.sh |
| 1083 | } |
| 1084 | support_test_m32_o2 () { |
| 1085 | support_test_m32_no_asm "$@" |
| 1086 | } |
| 1087 | |
| 1088 | component_test_m32_everest () { |
| 1089 | msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min |
| 1090 | scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED |
| 1091 | scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 |
| 1092 | make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" |
| 1093 | |
| 1094 | msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s |
| 1095 | make test |
| 1096 | |
| 1097 | msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s |
| 1098 | tests/ssl-opt.sh -f ECDH |
| 1099 | |
| 1100 | msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min |
| 1101 | # Exclude some symmetric ciphers that are redundant here to gain time. |
| 1102 | tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' |
| 1103 | } |
| 1104 | support_test_m32_everest () { |
| 1105 | support_test_m32_no_asm "$@" |
| 1106 | } |
| 1107 | |
| 1108 | component_test_mx32 () { |
| 1109 | msg "build: 64-bit ILP32, make, gcc" # ~ 30s |
| 1110 | scripts/config.py full |
| 1111 | make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' |
| 1112 | |
| 1113 | msg "test: 64-bit ILP32, make, gcc" |
| 1114 | make test |
| 1115 | } |
| 1116 | support_test_mx32 () { |
| 1117 | case $(uname -m) in |
| 1118 | amd64|x86_64) true;; |
| 1119 | *) false;; |
| 1120 | esac |
| 1121 | } |
| 1122 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 1123 | component_build_arm_none_eabi_gcc () { |
| 1124 | msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s |
| 1125 | scripts/config.py baremetal |
| 1126 | make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib |
| 1127 | |
| 1128 | msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" |
| 1129 | ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o |
| 1130 | } |
| 1131 | |
| 1132 | component_build_arm_linux_gnueabi_gcc_arm5vte () { |
| 1133 | msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s |
| 1134 | scripts/config.py baremetal |
| 1135 | # Build for a target platform that's close to what Debian uses |
| 1136 | # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). |
| 1137 | # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. |
| 1138 | # Build everything including programs, see for example |
| 1139 | # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 |
| 1140 | make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' |
| 1141 | |
| 1142 | msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" |
| 1143 | ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o |
| 1144 | } |
| 1145 | support_build_arm_linux_gnueabi_gcc_arm5vte () { |
| 1146 | type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 |
| 1147 | } |
| 1148 | |
| 1149 | component_build_arm_none_eabi_gcc_arm5vte () { |
| 1150 | msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s |
| 1151 | scripts/config.py baremetal |
| 1152 | # This is an imperfect substitute for |
| 1153 | # component_build_arm_linux_gnueabi_gcc_arm5vte |
| 1154 | # in case the gcc-arm-linux-gnueabi toolchain is not available |
| 1155 | make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib |
| 1156 | |
| 1157 | msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" |
| 1158 | ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o |
| 1159 | } |
| 1160 | |
| 1161 | component_build_arm_none_eabi_gcc_m0plus () { |
| 1162 | msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s |
| 1163 | scripts/config.py baremetal_size |
| 1164 | make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib |
| 1165 | |
| 1166 | msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" |
| 1167 | ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o |
| 1168 | for lib in library/*.a; do |
| 1169 | echo "$lib:" |
| 1170 | ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS |
| 1171 | done |
| 1172 | } |
| 1173 | |
| 1174 | component_build_arm_none_eabi_gcc_no_udbl_division () { |
| 1175 | msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s |
| 1176 | scripts/config.py baremetal |
| 1177 | scripts/config.py set MBEDTLS_NO_UDBL_DIVISION |
| 1178 | make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib |
| 1179 | echo "Checking that software 64-bit division is not required" |
| 1180 | not grep __aeabi_uldiv library/*.o |
| 1181 | } |
| 1182 | |
| 1183 | component_build_arm_none_eabi_gcc_no_64bit_multiplication () { |
| 1184 | msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s |
| 1185 | scripts/config.py baremetal |
| 1186 | scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION |
| 1187 | make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib |
| 1188 | echo "Checking that software 64-bit multiplication is not required" |
| 1189 | not grep __aeabi_lmul library/*.o |
| 1190 | } |
| 1191 | |
| 1192 | component_build_arm_clang_thumb () { |
| 1193 | # ~ 30s |
| 1194 | |
| 1195 | scripts/config.py baremetal |
| 1196 | |
| 1197 | msg "build: clang thumb 2, make" |
| 1198 | make clean |
| 1199 | make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib |
| 1200 | |
| 1201 | # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os |
| 1202 | msg "build: clang thumb 1 -O0, make" |
| 1203 | make clean |
| 1204 | make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib |
| 1205 | |
| 1206 | msg "build: clang thumb 1 -Os, make" |
| 1207 | make clean |
| 1208 | make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib |
| 1209 | } |
| 1210 | |
| 1211 | component_build_armcc () { |
| 1212 | msg "build: ARM Compiler 5" |
| 1213 | scripts/config.py baremetal |
| 1214 | # armc[56] don't support SHA-512 intrinsics |
| 1215 | scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT |
| 1216 | |
| 1217 | # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm |
| 1218 | scripts/config.py unset MBEDTLS_AESCE_C |
| 1219 | |
| 1220 | # Stop armclang warning about feature detection for A64_CRYPTO. |
| 1221 | # With this enabled, the library does build correctly under armclang, |
| 1222 | # but in baremetal builds (as tested here), feature detection is |
| 1223 | # unavailable, and the user is notified via a #warning. So enabling |
| 1224 | # this feature would prevent us from building with -Werror on |
| 1225 | # armclang. Tracked in #7198. |
| 1226 | scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT |
| 1227 | |
| 1228 | scripts/config.py set MBEDTLS_HAVE_ASM |
| 1229 | |
| 1230 | make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib |
| 1231 | |
| 1232 | msg "size: ARM Compiler 5" |
| 1233 | "$ARMC5_FROMELF" -z library/*.o |
| 1234 | |
| 1235 | # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. |
| 1236 | |
| 1237 | # ARM Compiler 6 - Target ARMv7-A |
| 1238 | armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a" |
| 1239 | |
| 1240 | # ARM Compiler 6 - Target ARMv7-M |
| 1241 | armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m" |
| 1242 | |
| 1243 | # ARM Compiler 6 - Target ARMv7-M+DSP |
| 1244 | armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp" |
| 1245 | |
| 1246 | # ARM Compiler 6 - Target ARMv8-A - AArch32 |
| 1247 | armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a" |
| 1248 | |
| 1249 | # ARM Compiler 6 - Target ARMv8-M |
| 1250 | armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" |
| 1251 | |
| 1252 | # ARM Compiler 6 - Target Cortex-M0 - no optimisation |
| 1253 | armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" |
| 1254 | |
| 1255 | # ARM Compiler 6 - Target Cortex-M0 |
| 1256 | armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" |
| 1257 | |
| 1258 | # ARM Compiler 6 - Target ARMv8.2-A - AArch64 |
| 1259 | # |
| 1260 | # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang |
| 1261 | # that we have in our CI |
| 1262 | scripts/config.py set MBEDTLS_AESCE_C |
| 1263 | armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" |
| 1264 | } |
| 1265 | |
| 1266 | support_build_armcc () { |
| 1267 | armc5_cc="$ARMC5_BIN_DIR/armcc" |
| 1268 | armc6_cc="$ARMC6_BIN_DIR/armclang" |
| 1269 | (check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1) |
| 1270 | } |
| 1271 | |
Minos Galanakis | f7d1cb0 | 2024-07-30 17:25:31 +0100 | [diff] [blame] | 1272 | component_test_memsan () { |
| 1273 | msg "build: MSan (clang)" # ~ 1 min 20s |
| 1274 | scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm |
| 1275 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . |
| 1276 | make |
| 1277 | |
| 1278 | msg "test: main suites (MSan)" # ~ 10s |
| 1279 | make test |
| 1280 | |
| 1281 | msg "test: metatests (MSan)" |
| 1282 | tests/scripts/run-metatests.sh any msan |
| 1283 | |
| 1284 | msg "program demos (MSan)" # ~20s |
| 1285 | tests/scripts/run_demos.py |
| 1286 | |
| 1287 | msg "test: ssl-opt.sh (MSan)" # ~ 1 min |
| 1288 | tests/ssl-opt.sh |
| 1289 | |
| 1290 | # Optional part(s) |
| 1291 | |
| 1292 | if [ "$MEMORY" -gt 0 ]; then |
| 1293 | msg "test: compat.sh (MSan)" # ~ 6 min 20s |
| 1294 | tests/compat.sh |
| 1295 | fi |
| 1296 | } |
| 1297 | |
| 1298 | component_release_test_valgrind () { |
| 1299 | msg "build: Release (clang)" |
| 1300 | # default config, in particular without MBEDTLS_USE_PSA_CRYPTO |
| 1301 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . |
| 1302 | make |
| 1303 | |
| 1304 | msg "test: main suites, Valgrind (default config)" |
| 1305 | make memcheck |
| 1306 | |
| 1307 | # Optional parts (slow; currently broken on OS X because programs don't |
| 1308 | # seem to receive signals under valgrind on OS X). |
| 1309 | # These optional parts don't run on the CI. |
| 1310 | if [ "$MEMORY" -gt 0 ]; then |
| 1311 | msg "test: ssl-opt.sh --memcheck (default config)" |
| 1312 | tests/ssl-opt.sh --memcheck |
| 1313 | fi |
| 1314 | |
| 1315 | if [ "$MEMORY" -gt 1 ]; then |
| 1316 | msg "test: compat.sh --memcheck (default config)" |
| 1317 | tests/compat.sh --memcheck |
| 1318 | fi |
| 1319 | |
| 1320 | if [ "$MEMORY" -gt 0 ]; then |
| 1321 | msg "test: context-info.sh --memcheck (default config)" |
| 1322 | tests/context-info.sh --memcheck |
| 1323 | fi |
| 1324 | } |
| 1325 | |
| 1326 | component_release_test_valgrind_psa () { |
| 1327 | msg "build: Release, full (clang)" |
| 1328 | # full config, in particular with MBEDTLS_USE_PSA_CRYPTO |
| 1329 | scripts/config.py full |
| 1330 | CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . |
| 1331 | make |
| 1332 | |
| 1333 | msg "test: main suites, Valgrind (full config)" |
| 1334 | make memcheck |
| 1335 | } |
| 1336 | |
Minos Galanakis | 5b4386c | 2024-08-01 17:12:24 +0100 | [diff] [blame] | 1337 | |