blob: 9114ed96d02fd5c6196433ee8a8391baded32afb [file] [log] [blame]
Minos Galanakis77711192024-07-25 14:24:37 +01001# components.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
6# This file contains the test components that are executed by all.sh
7
8# The functions below are named as follows:
9# * component_XXX: independent components. They can be run in any order.
10# * component_check_XXX: quick tests that aren't worth parallelizing.
11# * component_build_XXX: build things but don't run them.
12# * component_test_XXX: build and test.
13# * component_release_XXX: tests that the CI should skip during PR testing.
14# * support_XXX: if support_XXX exists and returns false then
15# component_XXX is not run by default.
16
17# Each component must start by invoking `msg` with a short informative message.
18#
19# Warning: due to the way bash detects errors, the failure of a command
20# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
21#
22# Each component is executed in a separate shell process. The component
23# fails if any command in it returns a non-zero status.
24#
25# The framework in all.sh performs some cleanup tasks after each component.
26# This means that components can assume that the working directory is in a
27# cleaned-up state, and don't need to perform the cleanup themselves.
28# * Run `make clean`.
29# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
30# the component.
31# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
32# `tests/Makefile` and `programs/fuzz/Makefile` from git.
33# This cleans up after an in-tree use of CMake.
34#
35# The tests are roughly in order from fastest to slowest. This doesn't
36# have to be exact, but in general you should add slower tests towards
37# the end and fast checks near the beginning.
38
39
40################################################################
41#### Build and test many configurations and targets
42################################################################
Minos Galanakisf7d1cb02024-07-30 17:25:31 +010043
44################################################################
45#### Basic checks
46################################################################
47
48#
49# Test Suites to be executed
50#
51# The test ordering tries to optimize for the following criteria:
52# 1. Catch possible problems early, by running first tests that run quickly
53# and/or are more likely to fail than others (eg I use Clang most of the
54# time, so start with a GCC build).
55# 2. Minimize total running time, by avoiding useless rebuilds
56#
57# Indicative running times are given for reference.
58
Minos Galanakisf7d1cb02024-07-30 17:25:31 +010059################################################################
60#### Build and test many configurations and targets
61################################################################
62
Minos Galanakisf7d1cb02024-07-30 17:25:31 +010063# Get a list of library-wise undefined symbols and ensure that they only
64# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
65# This function is a common helper used by both:
66# - component_test_default_psa_crypto_client_without_crypto_provider
67# - component_build_full_psa_crypto_client_without_crypto_provider.
68common_check_mbedtls_missing_symbols () {
69 nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
70 nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
71 comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
72 not grep mbedtls_ linking_errors.txt
73
74 rm sym_def.txt sym_undef.txt linking_errors.txt
75}
76
77component_test_default_psa_crypto_client_without_crypto_provider () {
78 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
79
80 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
81 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
82 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
83 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
84 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
85 scripts/config.py unset MBEDTLS_LMS_C
86
87 make
88
89 msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
90 common_check_mbedtls_missing_symbols
91
92 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
93 make test
94}
95
96component_build_full_psa_crypto_client_without_crypto_provider () {
97 msg "build: full config - PSA_CRYPTO_C"
98
99 # Use full config which includes USE_PSA and CRYPTO_CLIENT.
100 scripts/config.py full
101
102 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
103 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
104 # Dynamic secure element support is a deprecated feature and it is not
105 # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
106 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
107
108 # Since there is no crypto provider in this build it is not possible to
109 # build all the test executables and progrems due to missing PSA functions
110 # at link time. Therefore we will just build libraries and we'll check
111 # that symbols of interest are there.
112 make lib
113
114 msg "check missing symbols: full config - PSA_CRYPTO_C"
115
116 common_check_mbedtls_missing_symbols
117
118 # Ensure that desired functions are included into the build (extend the
119 # following list as required).
120 grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
121 grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
122 grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
123}
124
125component_test_psa_crypto_rsa_no_genprime () {
126 msg "build: default config minus MBEDTLS_GENPRIME"
127 scripts/config.py unset MBEDTLS_GENPRIME
128 make
129
130 msg "test: default config minus MBEDTLS_GENPRIME"
131 make test
132}
133
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100134component_test_full_no_cipher_no_psa_crypto () {
135 msg "build: full no CIPHER no PSA_CRYPTO_C"
136 scripts/config.py full
137 scripts/config.py unset MBEDTLS_CIPHER_C
138 # Don't pull in cipher via PSA mechanisms
139 # (currently ignored anyway because we completely disable PSA)
140 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
141 # Disable features that depend on CIPHER_C
142 scripts/config.py unset MBEDTLS_CMAC_C
143 scripts/config.py unset MBEDTLS_NIST_KW_C
144 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
145 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
146 scripts/config.py unset MBEDTLS_SSL_TLS_C
147 scripts/config.py unset MBEDTLS_SSL_TICKET_C
148 # Disable features that depend on PSA_CRYPTO_C
149 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
150 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
151 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
152 scripts/config.py unset MBEDTLS_LMS_C
153 scripts/config.py unset MBEDTLS_LMS_PRIVATE
154
155 msg "test: full no CIPHER no PSA_CRYPTO_C"
156 make test
157}
158
159# This is a common configurator and test function that is used in:
160# - component_test_full_no_cipher_with_psa_crypto
161# - component_test_full_no_cipher_with_psa_crypto_config
162# It accepts 2 input parameters:
163# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
164# - $2: a text string which describes the test component
165common_test_full_no_cipher_with_psa_crypto () {
166 USE_CRYPTO_CONFIG="$1"
167 COMPONENT_DESCRIPTION="$2"
168
169 msg "build: $COMPONENT_DESCRIPTION"
170
171 scripts/config.py full
172 scripts/config.py unset MBEDTLS_CIPHER_C
173
174 if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
175 # The built-in implementation of the following algs/key-types depends
176 # on CIPHER_C so we disable them.
177 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
178 # so we keep them enabled.
179 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
180 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
181 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
182 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
183 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
184 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
185 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
186 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
187 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
188 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
189 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
190 else
191 # Don't pull in cipher via PSA mechanisms
192 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
193 # Disable cipher modes/keys that make PSA depend on CIPHER_C.
194 # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
195 scripts/config.py unset-all MBEDTLS_CIPHER_MODE
196 fi
197 # The following modules directly depends on CIPHER_C
198 scripts/config.py unset MBEDTLS_CMAC_C
199 scripts/config.py unset MBEDTLS_NIST_KW_C
200
201 make
202
203 # Ensure that CIPHER_C was not re-enabled
204 not grep mbedtls_cipher_init library/cipher.o
205
206 msg "test: $COMPONENT_DESCRIPTION"
207 make test
208}
209
210component_test_full_no_cipher_with_psa_crypto () {
211 common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
212}
213
214component_test_full_no_cipher_with_psa_crypto_config () {
215 common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
216}
217
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100218component_test_full_no_bignum () {
219 msg "build: full minus bignum"
220 scripts/config.py full
221 scripts/config.py unset MBEDTLS_BIGNUM_C
222 # Direct dependencies of bignum
223 scripts/config.py unset MBEDTLS_ECP_C
224 scripts/config.py unset MBEDTLS_RSA_C
225 scripts/config.py unset MBEDTLS_DHM_C
226 # Direct dependencies of ECP
227 scripts/config.py unset MBEDTLS_ECDH_C
228 scripts/config.py unset MBEDTLS_ECDSA_C
229 scripts/config.py unset MBEDTLS_ECJPAKE_C
230 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
231 # Disable what auto-enables ECP_LIGHT
232 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
233 scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
234 # Indirect dependencies of ECP
235 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
236 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
237 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
238 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
239 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
240 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
241 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
242 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
243 # Direct dependencies of DHM
244 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
245 # Direct dependencies of RSA
246 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
247 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
248 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
249 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
250 # PK and its dependencies
251 scripts/config.py unset MBEDTLS_PK_C
252 scripts/config.py unset MBEDTLS_PK_PARSE_C
253 scripts/config.py unset MBEDTLS_PK_WRITE_C
254 scripts/config.py unset MBEDTLS_X509_USE_C
255 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
256 scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
257 scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
258 scripts/config.py unset MBEDTLS_X509_CREATE_C
259 scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
260 scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
261 scripts/config.py unset MBEDTLS_PKCS7_C
262 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
263 scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
264 scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
265
266 make
267
268 msg "test: full minus bignum"
269 make test
270}
271
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100272
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100273
274component_test_tls1_2_default_stream_cipher_only_use_psa () {
275 msg "build: default with only stream cipher use psa"
276
277 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
278 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
279 scripts/config.py unset MBEDTLS_GCM_C
280 scripts/config.py unset MBEDTLS_CCM_C
281 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
282 #Disable TLS 1.3 (as no AEAD)
283 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
284 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
285 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
286 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
287 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
288 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
289 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
290 # Modules that depend on AEAD
291 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
292 scripts/config.py unset MBEDTLS_SSL_TICKET_C
293
294 make
295
296 msg "test: default with only stream cipher use psa"
297 make test
298
299 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
300}
301
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100302
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100303
304component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
305 msg "build: default with only CBC-legacy cipher use psa"
306
307 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
308 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
309 scripts/config.py unset MBEDTLS_GCM_C
310 scripts/config.py unset MBEDTLS_CCM_C
311 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
312 #Disable TLS 1.3 (as no AEAD)
313 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
314 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
315 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
316 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
317 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
318 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
319 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
320 # Modules that depend on AEAD
321 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
322 scripts/config.py unset MBEDTLS_SSL_TICKET_C
323
324 make
325
326 msg "test: default with only CBC-legacy cipher use psa"
327 make test
328
329 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
330 tests/ssl-opt.sh -f "TLS 1.2"
331}
332
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100333component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
334 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
335
336 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
337 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
338 scripts/config.py unset MBEDTLS_GCM_C
339 scripts/config.py unset MBEDTLS_CCM_C
340 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
341 #Disable TLS 1.3 (as no AEAD)
342 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
343 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
344 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
345 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
346 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
347 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
348 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
349 # Modules that depend on AEAD
350 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
351 scripts/config.py unset MBEDTLS_SSL_TICKET_C
352
353 make
354
355 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
356 make test
357
358 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
359 tests/ssl-opt.sh -f "TLS 1.2"
360}
361
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100362skip_suites_without_constant_flow () {
363 # Skip the test suites that don't have any constant-flow annotations.
364 # This will need to be adjusted if we ever start declaring things as
365 # secret from macros or functions inside tests/include or tests/src.
366 SKIP_TEST_SUITES=$(
367 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
368 sed 's/test_suite_//; s/\.function$//' |
369 tr '\n' ,)
370 export SKIP_TEST_SUITES
371}
372
373skip_all_except_given_suite () {
374 # Skip all but the given test suite
375 SKIP_TEST_SUITES=$(
376 ls -1 tests/suites/test_suite_*.function |
377 grep -v $1.function |
378 sed 's/tests.suites.test_suite_//; s/\.function$//' |
379 tr '\n' ,)
380 export SKIP_TEST_SUITES
381}
382
383component_test_memsan_constant_flow () {
384 # This tests both (1) accesses to undefined memory, and (2) branches or
385 # memory access depending on secret values. To distinguish between those:
386 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
387 # - or alternatively, change the build type to MemSanDbg, which enables
388 # origin tracking and nicer stack traces (which are useful for debugging
389 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
390 msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
391 scripts/config.py full
392 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
393 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
394 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
395 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
396 make
397
398 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
399 make test
400}
401
402component_test_memsan_constant_flow_psa () {
403 # This tests both (1) accesses to undefined memory, and (2) branches or
404 # memory access depending on secret values. To distinguish between those:
405 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
406 # - or alternatively, change the build type to MemSanDbg, which enables
407 # origin tracking and nicer stack traces (which are useful for debugging
408 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
409 msg "build: cmake MSan (clang), full config with constant flow testing"
410 scripts/config.py full
411 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
412 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
413 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
414 make
415
416 msg "test: main suites (Msan + constant flow)"
417 make test
418}
419
420component_release_test_valgrind_constant_flow () {
421 # This tests both (1) everything that valgrind's memcheck usually checks
422 # (heap buffer overflows, use of uninitialized memory, use-after-free,
423 # etc.) and (2) branches or memory access depending on secret values,
424 # which will be reported as uninitialized memory. To distinguish between
425 # secret and actually uninitialized:
426 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
427 # - or alternatively, build with debug info and manually run the offending
428 # test suite with valgrind --track-origins=yes, then check if the origin
429 # was TEST_CF_SECRET() or something else.
430 msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
431 scripts/config.py full
432 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
433 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
434 skip_suites_without_constant_flow
435 cmake -D CMAKE_BUILD_TYPE:String=Release .
436 make
437
438 # this only shows a summary of the results (how many of each type)
439 # details are left in Testing/<date>/DynamicAnalysis.xml
440 msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
441 make memcheck
442
443 # Test asm path in constant time module - by default, it will test the plain C
444 # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
445 msg "test: valgrind asm constant_time"
446 scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
447 skip_all_except_given_suite test_suite_constant_time
448 cmake -D CMAKE_BUILD_TYPE:String=Release .
449 make clean
450 make
451 make memcheck
452}
453
454component_release_test_valgrind_constant_flow_psa () {
455 # This tests both (1) everything that valgrind's memcheck usually checks
456 # (heap buffer overflows, use of uninitialized memory, use-after-free,
457 # etc.) and (2) branches or memory access depending on secret values,
458 # which will be reported as uninitialized memory. To distinguish between
459 # secret and actually uninitialized:
460 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
461 # - or alternatively, build with debug info and manually run the offending
462 # test suite with valgrind --track-origins=yes, then check if the origin
463 # was TEST_CF_SECRET() or something else.
464 msg "build: cmake release GCC, full config with constant flow testing"
465 scripts/config.py full
466 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
467 skip_suites_without_constant_flow
468 cmake -D CMAKE_BUILD_TYPE:String=Release .
469 make
470
471 # this only shows a summary of the results (how many of each type)
472 # details are left in Testing/<date>/DynamicAnalysis.xml
473 msg "test: some suites (valgrind + constant flow)"
474 make memcheck
475}
476
477component_test_tsan () {
478 msg "build: TSan (clang)"
479 scripts/config.py full
480 scripts/config.py set MBEDTLS_THREADING_C
481 scripts/config.py set MBEDTLS_THREADING_PTHREAD
482 # Self-tests do not currently use multiple threads.
483 scripts/config.py unset MBEDTLS_SELF_TEST
484
485 # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe.
486 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
487
488 CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
489 make
490
491 msg "test: main suites (TSan)"
492 make test
493}
494
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100495component_build_dhm_alt () {
496 msg "build: MBEDTLS_DHM_ALT" # ~30s
497 scripts/config.py full
498 scripts/config.py set MBEDTLS_DHM_ALT
499 # debug.c currently references mbedtls_dhm_context fields directly.
500 scripts/config.py unset MBEDTLS_DEBUG_C
501 # We can only compile, not link, since we don't have any implementations
502 # suitable for testing with the dummy alt headers.
503 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
504}
505
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100506component_test_psa_crypto_config_accel_hash_keep_builtins () {
507 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
508 # This component ensures that all the test cases for
509 # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
510
511 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
512 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
513 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
514
515 # Start from default config (no USE_PSA)
516 helper_libtestdriver1_adjust_config "default"
517
518 helper_libtestdriver1_make_drivers "$loc_accel_list"
519
520 helper_libtestdriver1_make_main "$loc_accel_list"
521
522 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
523 make test
524}
525
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100526# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
527component_build_psa_accel_alg_ecdh () {
528 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
529 scripts/config.py full
530 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
531 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
532 scripts/config.py unset MBEDTLS_ECDH_C
533 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
534 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
535 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
536 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
537 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
538 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
539 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
540}
541
542# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
543component_build_psa_accel_alg_hmac () {
544 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
545 scripts/config.py full
546 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
547 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
548 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
549 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
550}
551
552# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
553component_build_psa_accel_alg_hkdf () {
554 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
555 scripts/config.py full
556 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
557 scripts/config.py unset MBEDTLS_HKDF_C
558 # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
559 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
560 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
561 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
562}
563
564# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
565component_build_psa_accel_alg_md5 () {
566 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
567 scripts/config.py full
568 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
569 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
570 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
571 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
572 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
573 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
574 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
575 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
576 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
577 scripts/config.py unset MBEDTLS_LMS_C
578 scripts/config.py unset MBEDTLS_LMS_PRIVATE
579 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
580 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
581}
582
583# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
584component_build_psa_accel_alg_ripemd160 () {
585 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
586 scripts/config.py full
587 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
588 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
589 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
590 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
591 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
592 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
593 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
594 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
595 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
596 scripts/config.py unset MBEDTLS_LMS_C
597 scripts/config.py unset MBEDTLS_LMS_PRIVATE
598 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
599 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
600}
601
602# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
603component_build_psa_accel_alg_sha1 () {
604 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
605 scripts/config.py full
606 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
607 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
608 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
609 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
610 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
611 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
612 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
613 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
614 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
615 scripts/config.py unset MBEDTLS_LMS_C
616 scripts/config.py unset MBEDTLS_LMS_PRIVATE
617 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
618 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
619}
620
621# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
622component_build_psa_accel_alg_sha224 () {
623 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
624 scripts/config.py full
625 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
626 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
627 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
628 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
629 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
630 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
631 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
632 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
633 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
634 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
635}
636
637# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
638component_build_psa_accel_alg_sha256 () {
639 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
640 scripts/config.py full
641 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
642 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
643 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
644 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
645 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
646 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
647 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
648 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
649 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
650 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
651}
652
653# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
654component_build_psa_accel_alg_sha384 () {
655 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
656 scripts/config.py full
657 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
658 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
659 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
660 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
661 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
662 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
663 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
664 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
665 scripts/config.py unset MBEDTLS_LMS_C
666 scripts/config.py unset MBEDTLS_LMS_PRIVATE
667 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
668 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
669}
670
671# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
672component_build_psa_accel_alg_sha512 () {
673 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
674 scripts/config.py full
675 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
676 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
677 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
678 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
679 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
680 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
681 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
682 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
683 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
684 scripts/config.py unset MBEDTLS_LMS_C
685 scripts/config.py unset MBEDTLS_LMS_PRIVATE
686 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
687 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
688}
689
690# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
691component_build_psa_accel_alg_rsa_pkcs1v15_crypt () {
692 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
693 scripts/config.py full
694 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
695 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
696 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
697 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
698 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
699 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
700 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
701 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
702}
703
704# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
705component_build_psa_accel_alg_rsa_pkcs1v15_sign () {
706 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
707 scripts/config.py full
708 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
709 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
710 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
711 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
712 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
713 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
714 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
715 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
716}
717
718# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
719component_build_psa_accel_alg_rsa_oaep () {
720 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
721 scripts/config.py full
722 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
723 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
724 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
725 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
726 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
727 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
728 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
729 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
730}
731
732# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
733component_build_psa_accel_alg_rsa_pss () {
734 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
735 scripts/config.py full
736 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
737 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
738 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
739 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
740 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
741 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
742 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
743 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
744}
745
746# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
747component_build_psa_accel_key_type_rsa_key_pair () {
748 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
749 scripts/config.py full
750 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
751 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
752 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
753 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
754 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
755 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
756 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
757 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
758 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
759}
760
761# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
762component_build_psa_accel_key_type_rsa_public_key () {
763 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
764 scripts/config.py full
765 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
766 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
767 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
768 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
769 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
770 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
771}
772
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100773support_test_aesni () {
774 # Check that gcc targets x86_64 (we can build AESNI), and check for
775 # AESNI support on the host (we can run AESNI).
776 #
777 # The name of this function is possibly slightly misleading, but needs to align
778 # with the name of the corresponding test, component_test_aesni.
779 #
780 # In principle 32-bit x86 can support AESNI, but our implementation does not
781 # support 32-bit x86, so we check for x86-64.
782 # We can only grep /proc/cpuinfo on Linux, so this also checks for Linux
783 (gcc -v 2>&1 | grep Target | grep -q x86_64) &&
784 [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
785 (lscpu | grep -qw aes)
786}
787
788component_test_aesni () { # ~ 60s
789 # This tests the two AESNI implementations (intrinsics and assembly), and also the plain C
790 # fallback. It also tests the logic that is used to select which implementation(s) to build.
791 #
792 # This test does not require the host to have support for AESNI (if it doesn't, the run-time
793 # AESNI detection will fallback to the plain C implementation, so the tests will instead
794 # exercise the plain C impl).
795
796 msg "build: default config with different AES implementations"
797 scripts/config.py set MBEDTLS_AESNI_C
798 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
799 scripts/config.py set MBEDTLS_HAVE_ASM
800
801 # test the intrinsics implementation
802 msg "AES tests, test intrinsics"
803 make clean
804 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
805 # check that we built intrinsics - this should be used by default when supported by the compiler
806 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
807
808 # test the asm implementation
809 msg "AES tests, test assembly"
810 make clean
811 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
812 # check that we built assembly - this should be built if the compiler does not support intrinsics
813 ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly"
814
815 # test the plain C implementation
816 scripts/config.py unset MBEDTLS_AESNI_C
817 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
818 msg "AES tests, plain C"
819 make clean
820 make CC=gcc CFLAGS='-O2 -Werror'
821 # check that there is no AESNI code present
822 ./programs/test/selftest aes | not grep -q "AESNI code"
823 not grep -q "AES note: using AESNI" ./programs/test/selftest
824 grep -q "AES note: built-in implementation." ./programs/test/selftest
825
826 # test the intrinsics implementation
827 scripts/config.py set MBEDTLS_AESNI_C
828 scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
829 msg "AES tests, test AESNI only"
830 make clean
831 make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
832 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
833 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
834 grep -q "AES note: using AESNI" ./programs/test/selftest
835 not grep -q "AES note: built-in implementation." ./programs/test/selftest
836}
837
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100838support_test_aesni_m32 () {
839 support_test_m32_no_asm && (lscpu | grep -qw aes)
840}
841
842component_test_aesni_m32 () { # ~ 60s
843 # This tests are duplicated from component_test_aesni for i386 target
844 #
845 # AESNI intrinsic code supports i386 and assembly code does not support it.
846
847 msg "build: default config with different AES implementations"
848 scripts/config.py set MBEDTLS_AESNI_C
849 scripts/config.py set MBEDTLS_PADLOCK_C
850 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
851 scripts/config.py set MBEDTLS_HAVE_ASM
852
853 # test the intrinsics implementation with gcc
854 msg "AES tests, test intrinsics (gcc)"
855 make clean
856 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
857 # check that we built intrinsics - this should be used by default when supported by the compiler
858 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
859 grep -q "AES note: using AESNI" ./programs/test/selftest
860 grep -q "AES note: built-in implementation." ./programs/test/selftest
861 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
862 grep -q mbedtls_aesni_has_support ./programs/test/selftest
863
864 scripts/config.py set MBEDTLS_AESNI_C
865 scripts/config.py unset MBEDTLS_PADLOCK_C
866 scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
867 msg "AES tests, test AESNI only"
868 make clean
869 make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
870 ./programs/test/selftest aes | grep -q "AES note: using AESNI"
871 ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
872 grep -q "AES note: using AESNI" ./programs/test/selftest
873 not grep -q "AES note: built-in implementation." ./programs/test/selftest
874 not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
875 not grep -q mbedtls_aesni_has_support ./programs/test/selftest
876}
877
878support_test_aesni_m32_clang () {
879 # clang >= 4 is required to build with target attributes
880 support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]]
881}
882
883component_test_aesni_m32_clang () {
884
885 scripts/config.py set MBEDTLS_AESNI_C
886 scripts/config.py set MBEDTLS_PADLOCK_C
887 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
888 scripts/config.py set MBEDTLS_HAVE_ASM
889
890 # test the intrinsics implementation with clang
891 msg "AES tests, test intrinsics (clang)"
892 make clean
893 make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
894 # check that we built intrinsics - this should be used by default when supported by the compiler
895 ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
896 grep -q "AES note: using AESNI" ./programs/test/selftest
897 grep -q "AES note: built-in implementation." ./programs/test/selftest
898 grep -q "AES note: using VIA Padlock" ./programs/test/selftest
899 grep -q mbedtls_aesni_has_support ./programs/test/selftest
900}
901
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100902support_build_aes_armce () {
903 # clang >= 11 is required to build with AES extensions
904 [[ $(clang_version) -ge 11 ]]
905}
906
907component_build_aes_armce () {
908 # Test variations of AES with Armv8 crypto extensions
909 scripts/config.py set MBEDTLS_AESCE_C
910 scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
911
912 msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
913 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
914
915 msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
916 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
917
918 msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
919 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
920
921 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
922
923 msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
924 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
925
926 msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
927 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
928
929 msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
930 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
931
932 # test for presence of AES instructions
933 scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
934 msg "clang, test A32 crypto instructions built"
935 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
936 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
937 msg "clang, test T32 crypto instructions built"
938 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
939 grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
940 msg "clang, test aarch64 crypto instructions built"
941 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
942 grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
943
944 # test for absence of AES instructions
945 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
946 scripts/config.py unset MBEDTLS_AESCE_C
947 msg "clang, test A32 crypto instructions not built"
948 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
949 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
950 msg "clang, test T32 crypto instructions not built"
951 make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
952 not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
953 msg "clang, test aarch64 crypto instructions not built"
954 make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
955 not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
956}
957
958support_build_sha_armce () {
959 # clang >= 4 is required to build with SHA extensions
960 [[ $(clang_version) -ge 4 ]]
961}
962
963component_build_sha_armce () {
964 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
965
966
967 # Test variations of SHA256 Armv8 crypto extensions
968 scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
969 msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
970 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
971 msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
972 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
973 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
974
975
976 # test the deprecated form of the config option
977 scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
978 msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
979 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
980 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
981
982 scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
983 msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
984 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
985 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
986
987
988 # test the deprecated form of the config option
989 scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
990 msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
991 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
992 msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
993 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
994 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
995
996
997 # examine the disassembly for presence of SHA instructions
998 for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
999 scripts/config.py set ${opt}
1000 msg "${opt} clang, test A32 crypto instructions built"
1001 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
1002 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
1003
1004 msg "${opt} clang, test T32 crypto instructions built"
1005 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
1006 grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
1007
1008 msg "${opt} clang, test aarch64 crypto instructions built"
1009 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
1010 grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
1011 scripts/config.py unset ${opt}
1012 done
1013
1014
1015 # examine the disassembly for absence of SHA instructions
1016 msg "clang, test A32 crypto instructions not built"
1017 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
1018 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
1019
1020 msg "clang, test T32 crypto instructions not built"
1021 make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
1022 not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
1023
1024 msg "clang, test aarch64 crypto instructions not built"
1025 make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
1026 not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
1027}
1028
1029# For timebeing, no VIA Padlock platform available.
1030component_build_aes_via_padlock () {
1031
1032 msg "AES:VIA PadLock, build with default configuration."
1033 scripts/config.py unset MBEDTLS_AESNI_C
1034 scripts/config.py set MBEDTLS_PADLOCK_C
1035 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
1036 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
1037 grep -q mbedtls_padlock_has_support ./programs/test/selftest
1038
1039}
1040
1041support_build_aes_via_padlock_only () {
1042 ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
1043 [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
1044 [ "`dpkg --print-foreign-architectures`" == "i386" ]
1045}
1046
Minos Galanakisf7d1cb02024-07-30 17:25:31 +01001047component_test_m32_no_asm () {
1048 # Build without assembly, so as to use portable C code (in a 32-bit
1049 # build) and not the i386-specific inline assembly.
1050 #
1051 # Note that we require gcc, because clang Asan builds fail to link for
1052 # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue).
1053 msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
1054 scripts/config.py full
1055 scripts/config.py unset MBEDTLS_HAVE_ASM
1056 scripts/config.py unset MBEDTLS_PADLOCK_C
1057 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
1058 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
1059
1060 msg "test: i386, make, gcc, no asm (ASan build)"
1061 make test
1062}
1063support_test_m32_no_asm () {
1064 case $(uname -m) in
1065 amd64|x86_64) true;;
1066 *) false;;
1067 esac
1068}
1069
1070component_test_m32_o2 () {
1071 # Build with optimization, to use the i386 specific inline assembly
1072 # and go faster for tests.
1073 msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
1074 scripts/config.py full
1075 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
1076 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
1077
1078 msg "test: i386, make, gcc -O2 (ASan build)"
1079 make test
1080
1081 msg "test ssl-opt.sh, i386, make, gcc-O2"
1082 tests/ssl-opt.sh
1083}
1084support_test_m32_o2 () {
1085 support_test_m32_no_asm "$@"
1086}
1087
1088component_test_m32_everest () {
1089 msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
1090 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
1091 scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
1092 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
1093
1094 msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
1095 make test
1096
1097 msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
1098 tests/ssl-opt.sh -f ECDH
1099
1100 msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
1101 # Exclude some symmetric ciphers that are redundant here to gain time.
1102 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
1103}
1104support_test_m32_everest () {
1105 support_test_m32_no_asm "$@"
1106}
1107
1108component_test_mx32 () {
1109 msg "build: 64-bit ILP32, make, gcc" # ~ 30s
1110 scripts/config.py full
1111 make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
1112
1113 msg "test: 64-bit ILP32, make, gcc"
1114 make test
1115}
1116support_test_mx32 () {
1117 case $(uname -m) in
1118 amd64|x86_64) true;;
1119 *) false;;
1120 esac
1121}
1122
Minos Galanakisf7d1cb02024-07-30 17:25:31 +01001123component_build_arm_none_eabi_gcc () {
1124 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
1125 scripts/config.py baremetal
1126 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
1127
1128 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
1129 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
1130}
1131
1132component_build_arm_linux_gnueabi_gcc_arm5vte () {
1133 msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
1134 scripts/config.py baremetal
1135 # Build for a target platform that's close to what Debian uses
1136 # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
1137 # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
1138 # Build everything including programs, see for example
1139 # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
1140 make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
1141
1142 msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
1143 ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
1144}
1145support_build_arm_linux_gnueabi_gcc_arm5vte () {
1146 type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
1147}
1148
1149component_build_arm_none_eabi_gcc_arm5vte () {
1150 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
1151 scripts/config.py baremetal
1152 # This is an imperfect substitute for
1153 # component_build_arm_linux_gnueabi_gcc_arm5vte
1154 # in case the gcc-arm-linux-gnueabi toolchain is not available
1155 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
1156
1157 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
1158 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
1159}
1160
1161component_build_arm_none_eabi_gcc_m0plus () {
1162 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
1163 scripts/config.py baremetal_size
1164 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
1165
1166 msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
1167 ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
1168 for lib in library/*.a; do
1169 echo "$lib:"
1170 ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
1171 done
1172}
1173
1174component_build_arm_none_eabi_gcc_no_udbl_division () {
1175 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
1176 scripts/config.py baremetal
1177 scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
1178 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
1179 echo "Checking that software 64-bit division is not required"
1180 not grep __aeabi_uldiv library/*.o
1181}
1182
1183component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
1184 msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
1185 scripts/config.py baremetal
1186 scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
1187 make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
1188 echo "Checking that software 64-bit multiplication is not required"
1189 not grep __aeabi_lmul library/*.o
1190}
1191
1192component_build_arm_clang_thumb () {
1193 # ~ 30s
1194
1195 scripts/config.py baremetal
1196
1197 msg "build: clang thumb 2, make"
1198 make clean
1199 make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib
1200
1201 # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
1202 msg "build: clang thumb 1 -O0, make"
1203 make clean
1204 make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
1205
1206 msg "build: clang thumb 1 -Os, make"
1207 make clean
1208 make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
1209}
1210
1211component_build_armcc () {
1212 msg "build: ARM Compiler 5"
1213 scripts/config.py baremetal
1214 # armc[56] don't support SHA-512 intrinsics
1215 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
1216
1217 # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
1218 scripts/config.py unset MBEDTLS_AESCE_C
1219
1220 # Stop armclang warning about feature detection for A64_CRYPTO.
1221 # With this enabled, the library does build correctly under armclang,
1222 # but in baremetal builds (as tested here), feature detection is
1223 # unavailable, and the user is notified via a #warning. So enabling
1224 # this feature would prevent us from building with -Werror on
1225 # armclang. Tracked in #7198.
1226 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
1227
1228 scripts/config.py set MBEDTLS_HAVE_ASM
1229
1230 make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
1231
1232 msg "size: ARM Compiler 5"
1233 "$ARMC5_FROMELF" -z library/*.o
1234
1235 # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
1236
1237 # ARM Compiler 6 - Target ARMv7-A
1238 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
1239
1240 # ARM Compiler 6 - Target ARMv7-M
1241 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
1242
1243 # ARM Compiler 6 - Target ARMv7-M+DSP
1244 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
1245
1246 # ARM Compiler 6 - Target ARMv8-A - AArch32
1247 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
1248
1249 # ARM Compiler 6 - Target ARMv8-M
1250 armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
1251
1252 # ARM Compiler 6 - Target Cortex-M0 - no optimisation
1253 armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
1254
1255 # ARM Compiler 6 - Target Cortex-M0
1256 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
1257
1258 # ARM Compiler 6 - Target ARMv8.2-A - AArch64
1259 #
1260 # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
1261 # that we have in our CI
1262 scripts/config.py set MBEDTLS_AESCE_C
1263 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
1264}
1265
1266support_build_armcc () {
1267 armc5_cc="$ARMC5_BIN_DIR/armcc"
1268 armc6_cc="$ARMC6_BIN_DIR/armclang"
1269 (check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1)
1270}
1271
Minos Galanakisf7d1cb02024-07-30 17:25:31 +01001272component_test_memsan () {
1273 msg "build: MSan (clang)" # ~ 1 min 20s
1274 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
1275 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
1276 make
1277
1278 msg "test: main suites (MSan)" # ~ 10s
1279 make test
1280
1281 msg "test: metatests (MSan)"
1282 tests/scripts/run-metatests.sh any msan
1283
1284 msg "program demos (MSan)" # ~20s
1285 tests/scripts/run_demos.py
1286
1287 msg "test: ssl-opt.sh (MSan)" # ~ 1 min
1288 tests/ssl-opt.sh
1289
1290 # Optional part(s)
1291
1292 if [ "$MEMORY" -gt 0 ]; then
1293 msg "test: compat.sh (MSan)" # ~ 6 min 20s
1294 tests/compat.sh
1295 fi
1296}
1297
1298component_release_test_valgrind () {
1299 msg "build: Release (clang)"
1300 # default config, in particular without MBEDTLS_USE_PSA_CRYPTO
1301 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
1302 make
1303
1304 msg "test: main suites, Valgrind (default config)"
1305 make memcheck
1306
1307 # Optional parts (slow; currently broken on OS X because programs don't
1308 # seem to receive signals under valgrind on OS X).
1309 # These optional parts don't run on the CI.
1310 if [ "$MEMORY" -gt 0 ]; then
1311 msg "test: ssl-opt.sh --memcheck (default config)"
1312 tests/ssl-opt.sh --memcheck
1313 fi
1314
1315 if [ "$MEMORY" -gt 1 ]; then
1316 msg "test: compat.sh --memcheck (default config)"
1317 tests/compat.sh --memcheck
1318 fi
1319
1320 if [ "$MEMORY" -gt 0 ]; then
1321 msg "test: context-info.sh --memcheck (default config)"
1322 tests/context-info.sh --memcheck
1323 fi
1324}
1325
1326component_release_test_valgrind_psa () {
1327 msg "build: Release, full (clang)"
1328 # full config, in particular with MBEDTLS_USE_PSA_CRYPTO
1329 scripts/config.py full
1330 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
1331 make
1332
1333 msg "test: main suites, Valgrind (full config)"
1334 make memcheck
1335}
1336
Minos Galanakis5b4386c2024-08-01 17:12:24 +01001337