TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c2a6e8b3a95b942a93d39df790fe957a50e41511 / . / tests / scripts / components-configuration-crypto.sh
blob: 26bb5e7340485b95fe31d215b04a599596e7a211 [file] [log] [blame]
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]1# components-configuration-crypto.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
Minos Galanakis609f7492024-07-31 16:39:28 +0100[diff] [blame]6# This file contains test components that are executed by all.sh
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]7
8################################################################
9#### Configuration Testing - Crypto
10################################################################
11
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]12component_test_psa_crypto_key_id_encodes_owner () {
13 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
14 scripts/config.py full
15 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
16 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
17 make
18
19 msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
20 make test
21}
22
23component_test_psa_assume_exclusive_buffers () {
24 msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
25 scripts/config.py full
26 scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
27 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
28 make
29
30 msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan"
31 make test
32}
33
Valerio Settidbb646b2024-06-20 14:40:54 +0200[diff] [blame]34component_test_crypto_with_static_key_slots() {
35 msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
36 scripts/config.py crypto_full
37 scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
Valerio Setti2a3c9b32024-08-14 06:37:02 +0200[diff] [blame]38 # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller
39 # than PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE where the latter would be 2364
40 # bytes for an RSA key pair of 4096 bits.
41 scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 2362
Valerio Settidbb646b2024-06-20 14:40:54 +0200[diff] [blame]42
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]43 msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
Valerio Setti2a3c9b32024-08-14 06:37:02 +0200[diff] [blame]44 make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test
Valerio Settidbb646b2024-06-20 14:40:54 +0200[diff] [blame]45}
46
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]47# check_renamed_symbols HEADER LIB
48# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
Minos Galanakis609f7492024-07-31 16:39:28 +0100[diff] [blame]49# name in LIB.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]50check_renamed_symbols () {
51 ! nm "$2" | sed 's/.* //' |
52 grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
53}
54
55component_build_psa_crypto_spm () {
56 msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
57 scripts/config.py full
58 scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
59 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
60 scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
61 # We can only compile, not link, since our test and sample programs
62 # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
63 # is active.
64 make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
65
66 # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
67 # version is not present.
68 echo "Checking for renamed symbols in the library"
69 check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
70}
71
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]72# The goal of this component is to build a configuration where:
73# - test code and libtestdriver1 can make use of calloc/free and
74# - core library (including PSA core) cannot use calloc/free.
75component_test_psa_crypto_without_heap() {
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]76 msg "crypto without heap: build libtestdriver1"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]77 # Disable PSA features that cannot be accelerated and whose builtin support
78 # requires calloc/free.
79 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]80 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
81 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
82 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]83 # RSA key support requires ASN1 parse/write support for testing, but ASN1
84 # is disabled below.
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]85 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
86 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]87 # DES requires built-in support for key generation (parity check) so it
88 # cannot be accelerated
89 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
90 # EC-JPAKE use calloc/free in PSA core
91 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
92
93 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
94 PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
95 loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
96
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]97 helper_libtestdriver1_adjust_config crypto
98 helper_libtestdriver1_make_drivers "$loc_accel_list"
99
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]100 msg "crypto without heap: build main library"
Valerio Setti35b0b022024-08-13 13:36:50 +0200[diff] [blame]101 # Disable all legacy MBEDTLS_xxx symbols.
102 scripts/config.py unset-all "^MBEDTLS_"
103 # Build the PSA core using the proper config file.
104 scripts/config.py set MBEDTLS_PSA_CRYPTO_C
105 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]106 # Enable fully-static key slots in PSA core.
107 scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
Valerio Setti35b0b022024-08-13 13:36:50 +0200[diff] [blame]108 # Prevent PSA core from creating a copy of input/output buffers.
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]109 scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
110 # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation.
111 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]112 # Set calloc/free as null pointer functions. Calling them would crash
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]113 # the program so we can use this as a "sentinel" for being sure no module
114 # is making use of these functions in the library.
Valerio Setti35b0b022024-08-13 13:36:50 +0200[diff] [blame]115 scripts/config.py set MBEDTLS_PLATFORM_C
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]116 scripts/config.py set MBEDTLS_PLATFORM_MEMORY
117 scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL
118 scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL
119
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]120 helper_libtestdriver1_make_main "$loc_accel_list" lib
121
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]122 msg "crypto without heap: build test suites and helpers"
123 # Reset calloc/free functions to normal operations so that test code can
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]124 # freely use them.
125 scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
126 scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC
127 scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE
128 helper_libtestdriver1_make_main "$loc_accel_list" tests
129
Valerio Setti13aadd72024-08-13 13:13:23 +0200[diff] [blame]130 msg "crypto without heap: test"
Valerio Settia47b0452024-06-25 18:31:36 +0200[diff] [blame]131 make test
132}
133
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]134component_test_no_rsa_key_pair_generation () {
Minos Galanakisdc0f73a2024-07-26 20:41:42 +0100[diff] [blame]135 msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
136 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
137 scripts/config.py unset MBEDTLS_GENPRIME
138 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
139 make
140
141 msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
142 make test
143}
144
Minos Galanakisc06fd302024-08-01 12:16:59 +0100[diff] [blame]145component_test_no_pem_no_fs () {
146 msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
147 scripts/config.py unset MBEDTLS_PEM_PARSE_C
148 scripts/config.py unset MBEDTLS_FS_IO
149 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
150 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
151 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
152 make
153
154 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
155 make test
156
157 msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
158 tests/ssl-opt.sh
159}
160
161component_test_rsa_no_crt () {
162 msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
163 scripts/config.py set MBEDTLS_RSA_NO_CRT
164 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
165 make
166
167 msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
168 make test
169
170 msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
171 tests/ssl-opt.sh -f RSA
172
173 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
174 tests/compat.sh -t RSA
175
176 msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
177 tests/context-info.sh
178}
179
180component_test_no_ctr_drbg_classic () {
181 msg "build: Full minus CTR_DRBG, classic crypto in TLS"
182 scripts/config.py full
183 scripts/config.py unset MBEDTLS_CTR_DRBG_C
184 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
185 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
186
187 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
188 make
189
190 msg "test: Full minus CTR_DRBG, classic crypto - main suites"
191 make test
192
193 # In this configuration, the TLS test programs use HMAC_DRBG.
194 # The SSL tests are slow, so run a small subset, just enough to get
195 # confidence that the SSL code copes with HMAC_DRBG.
196 msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
197 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
198
199 msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
200 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
201}
202
203component_test_no_ctr_drbg_use_psa () {
204 msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
205 scripts/config.py full
206 scripts/config.py unset MBEDTLS_CTR_DRBG_C
207 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
208
209 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
210 make
211
212 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
213 make test
214
215 # In this configuration, the TLS test programs use HMAC_DRBG.
216 # The SSL tests are slow, so run a small subset, just enough to get
217 # confidence that the SSL code copes with HMAC_DRBG.
218 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
219 tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
220
221 msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
222 tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
223}
224
225component_test_no_hmac_drbg_classic () {
226 msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
227 scripts/config.py full
228 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
229 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
230 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
231 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
232
233 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
234 make
235
236 msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
237 make test
238
239 # Normally our ECDSA implementation uses deterministic ECDSA. But since
240 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
241 # instead.
242 # Test SSL with non-deterministic ECDSA. Only test features that
243 # might be affected by how ECDSA signature is performed.
244 msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
245 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
246
247 # To save time, only test one protocol version, since this part of
248 # the protocol is identical in (D)TLS up to 1.2.
249 msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
250 tests/compat.sh -m tls12 -t 'ECDSA'
251}
252
253component_test_no_hmac_drbg_use_psa () {
254 msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
255 scripts/config.py full
256 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
257 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
258 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
259
260 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
261 make
262
263 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
264 make test
265
266 # Normally our ECDSA implementation uses deterministic ECDSA. But since
267 # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
268 # instead.
269 # Test SSL with non-deterministic ECDSA. Only test features that
270 # might be affected by how ECDSA signature is performed.
271 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
272 tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
273
274 # To save time, only test one protocol version, since this part of
275 # the protocol is identical in (D)TLS up to 1.2.
276 msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
277 tests/compat.sh -m tls12 -t 'ECDSA'
278}
279
280component_test_psa_external_rng_no_drbg_classic () {
281 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
282 scripts/config.py full
283 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
284 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
285 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
286 scripts/config.py unset MBEDTLS_ENTROPY_C
287 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
288 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
289 scripts/config.py unset MBEDTLS_CTR_DRBG_C
290 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
291 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
292 # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
293 # the SSL test programs don't have an RNG and can't work. Explicitly
294 # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
295 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
296
297 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
298 make test
299
300 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
301 tests/ssl-opt.sh -f 'Default'
302}
303
304component_test_psa_external_rng_no_drbg_use_psa () {
305 msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
306 scripts/config.py full
307 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
308 scripts/config.py unset MBEDTLS_ENTROPY_C
309 scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
310 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
311 scripts/config.py unset MBEDTLS_CTR_DRBG_C
312 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
313 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
314 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
315
316 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
317 make test
318
319 msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
320 tests/ssl-opt.sh -f 'Default\|opaque'
321}
322
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]323component_test_psa_external_rng_use_psa_crypto () {
324 msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
325 scripts/config.py full
326 scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
327 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
328 scripts/config.py unset MBEDTLS_CTR_DRBG_C
329 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
330
331 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
332 make test
333
334 msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
335 tests/ssl-opt.sh -f 'Default\|opaque'
336}
337
338component_test_psa_inject_entropy () {
339 msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
340 scripts/config.py full
341 scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
342 scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
343 scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
344 scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
345 scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
346 scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
347 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
348
349 msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
350 make test
351}
352
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]353component_full_no_pkparse_pkwrite () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]354 msg "build: full without pkparse and pkwrite"
355
356 scripts/config.py crypto_full
357 scripts/config.py unset MBEDTLS_PK_PARSE_C
358 scripts/config.py unset MBEDTLS_PK_WRITE_C
359
360 make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
361
362 # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
363 not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o
364 not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o
365
366 msg "test: full without pkparse and pkwrite"
367 make test
368}
369
370component_test_crypto_full_md_light_only () {
371 msg "build: crypto_full with only the light subset of MD"
372 scripts/config.py crypto_full
373
374 # Disable MD
375 scripts/config.py unset MBEDTLS_MD_C
376 # Disable direct dependencies of MD_C
377 scripts/config.py unset MBEDTLS_HKDF_C
378 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
379 scripts/config.py unset MBEDTLS_PKCS7_C
380 # Disable indirect dependencies of MD_C
381 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
382 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
383 # Disable things that would auto-enable MD_C
384 scripts/config.py unset MBEDTLS_PKCS5_C
385
386 # Note: MD-light is auto-enabled in build_info.h by modules that need it,
387 # which we haven't disabled, so no need to explicitly enable it.
388 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
389
390 # Make sure we don't have the HMAC functions, but the hashing functions
391 not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
392 grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o
393
394 msg "test: crypto_full with only the light subset of MD"
395 make test
396}
397
Minos Galanakiscd5668f2024-07-26 20:36:23 +0100[diff] [blame]398component_test_full_no_cipher () {
399 msg "build: full no CIPHER"
400
401 scripts/config.py full
402 scripts/config.py unset MBEDTLS_CIPHER_C
403
404 # The built-in implementation of the following algs/key-types depends
405 # on CIPHER_C so we disable them.
406 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
407 # so we keep them enabled.
408 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
409 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
410 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
411 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
412 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
413 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
414 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
415 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
416 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
417 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
418 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
419
420 # The following modules directly depends on CIPHER_C
421 scripts/config.py unset MBEDTLS_CMAC_C
422 scripts/config.py unset MBEDTLS_NIST_KW_C
423
424 make
425
426 # Ensure that CIPHER_C was not re-enabled
427 not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o
428
429 msg "test: full no CIPHER"
430 make test
431}
432
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]433component_test_full_no_ccm () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]434 msg "build: full no PSA_WANT_ALG_CCM"
435
436 # Full config enables:
437 # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
438 # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
439 scripts/config.py full
440
441 # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still
442 # enabled, but not used from TLS since USE_PSA is set.
443 # This is helpful to ensure that TLS tests below have proper dependencies.
444 #
445 # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause
446 # PSA_WANT_ALG_CCM to be re-enabled.
447 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
448
449 make
450
451 msg "test: full no PSA_WANT_ALG_CCM"
452 make test
453}
454
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]455component_test_full_no_ccm_star_no_tag () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]456 msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
457
458 # Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
459 scripts/config.py full
460
461 # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all
462 # other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol.
463 # This basically disables all unauthenticated ciphers on the PSA side, while
464 # keeping AEADs enabled.
465 #
466 # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause
467 # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
468 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
469 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
470 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
471 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
472 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
473 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
474 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
475 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
476
477 make
478
479 # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled
480 not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o
481
482 msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
483 make test
484}
485
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]486component_test_config_symmetric_only () {
487 msg "build: configs/config-symmetric-only.h"
Gilles Peskineaf5a8992024-09-14 11:27:44 +0200[diff] [blame]488 cp configs/config-symmetric-only.h "$CONFIG_H"
Gilles Peskineaf5a8992024-09-14 11:27:44 +0200[diff] [blame]489 # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
490 # want to re-generate generated files that depend on it, quite correctly.
491 # However this doesn't work as the generation script expects a specific
492 # format for mbedtls_config.h, which the other files don't follow. Also,
493 # cmake can't know this, but re-generation is actually not necessary as
494 # the generated files only depend on the list of available options, not
495 # whether they're on or off. So, disable cmake's (over-sensitive here)
496 # dependency resolution for generated files and just rely on them being
497 # present (thanks to pre_generate_files) by turning GEN_FILES off.
498 CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
499 make
500
Gilles Peskineea5de2b2024-09-19 18:41:55 +0200[diff] [blame]501 msg "test: configs/config-symmetric-only.h - unit tests"
Gilles Peskineaf5a8992024-09-14 11:27:44 +0200[diff] [blame]502 make test
503}
504
Minos Galanakisc06fd302024-08-01 12:16:59 +0100[diff] [blame]505component_test_everest () {
506 msg "build: Everest ECDH context (ASan build)" # ~ 6 min
507 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
508 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
509 make
510
511 msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
512 make test
513
514 msg "test: metatests (clang, ASan)"
515 tests/scripts/run-metatests.sh any asan poison
516
517 msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
518 tests/ssl-opt.sh -f ECDH
519
520 msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
521 # Exclude some symmetric ciphers that are redundant here to gain time.
522 tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
523}
524
525component_test_everest_curve25519_only () {
526 msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
527 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
528 scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
529 scripts/config.py unset MBEDTLS_ECDSA_C
530 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
531 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
532 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
533 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
534 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
535 scripts/config.py unset MBEDTLS_ECJPAKE_C
536 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
537
538 # Disable all curves
539 scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
540 scripts/config.py -f $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
541 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
542
543 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
544
545 msg "test: Everest ECDH context, only Curve25519" # ~ 50s
546 make test
547}
548
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]549component_test_psa_collect_statuses () {
550 msg "build+test: psa_collect_statuses" # ~30s
551 scripts/config.py full
552 tests/scripts/psa_collect_statuses.py
553 # Check that psa_crypto_init() succeeded at least once
554 grep -q '^0:psa_crypto_init:' tests/statuses.log
555 rm -f tests/statuses.log
556}
557
558# Check that the specified libraries exist and are empty.
559are_empty_libraries () {
560 nm "$@" >/dev/null 2>/dev/null
561 ! nm "$@" 2>/dev/null | grep -v ':$' | grep .
562}
563
564component_build_crypto_default () {
565 msg "build: make, crypto only"
566 scripts/config.py crypto
567 make CFLAGS='-O1 -Werror'
568 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
569}
570
571component_build_crypto_full () {
572 msg "build: make, crypto only, full config"
573 scripts/config.py crypto_full
574 make CFLAGS='-O1 -Werror'
575 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
576}
577
578component_test_crypto_for_psa_service () {
579 msg "build: make, config for PSA crypto service"
580 scripts/config.py crypto
581 scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
582 # Disable things that are not needed for just cryptography, to
583 # reach a configuration that would be typical for a PSA cryptography
584 # service providing all implemented PSA algorithms.
585 # System stuff
586 scripts/config.py unset MBEDTLS_ERROR_C
587 scripts/config.py unset MBEDTLS_TIMING_C
588 scripts/config.py unset MBEDTLS_VERSION_FEATURES
589 # Crypto stuff with no PSA interface
590 scripts/config.py unset MBEDTLS_BASE64_C
591 # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
592 scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent
593 # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG.
594 scripts/config.py unset MBEDTLS_NIST_KW_C
595 scripts/config.py unset MBEDTLS_PEM_PARSE_C
596 scripts/config.py unset MBEDTLS_PEM_WRITE_C
597 scripts/config.py unset MBEDTLS_PKCS12_C
598 scripts/config.py unset MBEDTLS_PKCS5_C
599 # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
600 # in PSA code to work with RSA keys. We don't require users to set those:
601 # they will be reenabled in build_info.h.
602 scripts/config.py unset MBEDTLS_PK_C
603 scripts/config.py unset MBEDTLS_PK_PARSE_C
604 scripts/config.py unset MBEDTLS_PK_WRITE_C
605 make CFLAGS='-O1 -Werror' all test
606 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
607}
608
609component_build_crypto_baremetal () {
610 msg "build: make, crypto only, baremetal config"
611 scripts/config.py crypto_baremetal
612 make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
613 are_empty_libraries library/libmbedx509.* library/libmbedtls.*
614}
615
616support_build_crypto_baremetal () {
617 support_build_baremetal "$@"
618}
619
620# depends.py family of tests
621component_test_depends_py_cipher_id () {
622 msg "test/build: depends.py cipher_id (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]623 tests/scripts/depends.py cipher_id
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]624}
625
626component_test_depends_py_cipher_chaining () {
627 msg "test/build: depends.py cipher_chaining (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]628 tests/scripts/depends.py cipher_chaining
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]629}
630
631component_test_depends_py_cipher_padding () {
632 msg "test/build: depends.py cipher_padding (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]633 tests/scripts/depends.py cipher_padding
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]634}
635
636component_test_depends_py_curves () {
637 msg "test/build: depends.py curves (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]638 tests/scripts/depends.py curves
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]639}
640
641component_test_depends_py_hashes () {
642 msg "test/build: depends.py hashes (gcc)"
Gabor Mezei9ce6d242024-06-19 17:47:05 +0200[diff] [blame]643 tests/scripts/depends.py hashes
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]644}
645
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]646component_test_depends_py_pkalgs () {
647 msg "test/build: depends.py pkalgs (gcc)"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]648 tests/scripts/depends.py pkalgs
649}
650
651component_test_psa_crypto_config_ffdh_2048_only () {
652 msg "build: full config - only DH 2048"
653
654 scripts/config.py full
655
656 # Disable all DH groups other than 2048.
657 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
658 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
659 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
660 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
661
662 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
663
664 msg "test: full config - only DH 2048"
665 make test
666
667 msg "ssl-opt: full config - only DH 2048"
668 tests/ssl-opt.sh -f "ffdh"
669}
670
671component_build_no_pk_rsa_alt_support () {
672 msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
673
674 scripts/config.py full
675 scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT
676 scripts/config.py set MBEDTLS_RSA_C
677 scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
678
679 # Only compile - this is primarily to test for compile issues
680 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
681}
682
683component_build_module_alt () {
684 msg "build: MBEDTLS_XXX_ALT" # ~30s
685 scripts/config.py full
686
687 # Disable options that are incompatible with some ALT implementations:
688 # aesni.c references mbedtls_aes_context fields directly.
689 scripts/config.py unset MBEDTLS_AESNI_C
690 scripts/config.py unset MBEDTLS_AESCE_C
691 # MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
692 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
693 # You can only have one threading implementation: alt or pthread, not both.
694 scripts/config.py unset MBEDTLS_THREADING_PTHREAD
695 # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
696 # directly and assumes the implementation works with partial groups.
697 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
698 # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*
699 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
700 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
701 # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
702 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
703 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
704
705 # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
706 # MBEDTLS_XXX_YYY_ALT which are for single functions.
707 scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
708
709 # We can only compile, not link, since we don't have any implementations
710 # suitable for testing with the dummy alt headers.
711 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
712}
713
714component_test_psa_crypto_config_accel_ecdsa () {
715 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
716
717 # Algorithms and key types to accelerate
718 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
719 $(helper_get_psa_key_type_list "ECC") \
720 $(helper_get_psa_curve_list)"
721
722 # Configure
723 # ---------
724
Elena Uziunaite91d83862024-09-04 14:51:31 +0100[diff] [blame]725 # Start from default config + TLS 1.3
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]726 helper_libtestdriver1_adjust_config "default"
727
Elena Uziunaite91d83862024-09-04 14:51:31 +0100[diff] [blame]728 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
729
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]730 # Disable the module that's accelerated
731 scripts/config.py unset MBEDTLS_ECDSA_C
732
733 # Disable things that depend on it
734 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
735 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
736
737 # Build
738 # -----
739
740 # These hashes are needed for some ECDSA signature tests.
Elena Uziunaiteffce45c2024-09-12 14:58:52 +0100[diff] [blame]741 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]742 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
743
744 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
745
746 helper_libtestdriver1_make_main "$loc_accel_list"
747
748 # Make sure this was not re-enabled by accident (additive config)
749 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
750
751 # Run the tests
752 # -------------
753
754 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
755 make test
756}
757
758component_test_psa_crypto_config_accel_ecdh () {
759 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
760
761 # Algorithms and key types to accelerate
762 loc_accel_list="ALG_ECDH \
763 $(helper_get_psa_key_type_list "ECC") \
764 $(helper_get_psa_curve_list)"
765
766 # Configure
767 # ---------
768
769 # Start from default config (no USE_PSA)
770 helper_libtestdriver1_adjust_config "default"
771
772 # Disable the module that's accelerated
773 scripts/config.py unset MBEDTLS_ECDH_C
774
775 # Disable things that depend on it
776 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
777 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
778 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
779 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
780 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
781
782 # Build
783 # -----
784
785 helper_libtestdriver1_make_drivers "$loc_accel_list"
786
787 helper_libtestdriver1_make_main "$loc_accel_list"
788
789 # Make sure this was not re-enabled by accident (additive config)
790 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
791
792 # Run the tests
793 # -------------
794
795 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
796 make test
797}
798
799component_test_psa_crypto_config_accel_ffdh () {
800 msg "build: full with accelerated FFDH"
801
802 # Algorithms and key types to accelerate
803 loc_accel_list="ALG_FFDH \
804 $(helper_get_psa_key_type_list "DH") \
805 $(helper_get_psa_dh_group_list)"
806
807 # Configure
808 # ---------
809
810 # start with full (USE_PSA and TLS 1.3)
811 helper_libtestdriver1_adjust_config "full"
812
813 # Disable the module that's accelerated
814 scripts/config.py unset MBEDTLS_DHM_C
815
816 # Disable things that depend on it
817 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
818 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
819
820 # Build
821 # -----
822
823 helper_libtestdriver1_make_drivers "$loc_accel_list"
824
825 helper_libtestdriver1_make_main "$loc_accel_list"
826
827 # Make sure this was not re-enabled by accident (additive config)
828 not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
829
830 # Run the tests
831 # -------------
832
833 msg "test: full with accelerated FFDH"
834 make test
835
836 msg "ssl-opt: full with accelerated FFDH alg"
837 tests/ssl-opt.sh -f "ffdh"
838}
839
840component_test_psa_crypto_config_reference_ffdh () {
841 msg "build: full with non-accelerated FFDH"
842
843 # Start with full (USE_PSA and TLS 1.3)
844 helper_libtestdriver1_adjust_config "full"
845
846 # Disable things that are not supported
847 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
848 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
849 make
850
851 msg "test suites: full with non-accelerated FFDH alg"
852 make test
853
854 msg "ssl-opt: full with non-accelerated FFDH alg"
855 tests/ssl-opt.sh -f "ffdh"
856}
857
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]858component_test_psa_crypto_config_accel_pake () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]859 msg "build: full with accelerated PAKE"
860
861 loc_accel_list="ALG_JPAKE \
862 $(helper_get_psa_key_type_list "ECC") \
863 $(helper_get_psa_curve_list)"
864
865 # Configure
866 # ---------
867
868 helper_libtestdriver1_adjust_config "full"
869
870 # Make built-in fallback not available
871 scripts/config.py unset MBEDTLS_ECJPAKE_C
872 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
873
874 # Build
875 # -----
876
877 helper_libtestdriver1_make_drivers "$loc_accel_list"
878
879 helper_libtestdriver1_make_main "$loc_accel_list"
880
881 # Make sure this was not re-enabled by accident (additive config)
882 not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o
883
884 # Run the tests
885 # -------------
886
887 msg "test: full with accelerated PAKE"
888 make test
889}
890
891component_test_psa_crypto_config_accel_ecc_some_key_types () {
892 msg "build: full with accelerated EC algs and some key types"
893
894 # Algorithms and key types to accelerate
895 # For key types, use an explicitly list to omit GENERATE (and DERIVE)
896 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
897 ALG_ECDH \
898 ALG_JPAKE \
899 KEY_TYPE_ECC_PUBLIC_KEY \
900 KEY_TYPE_ECC_KEY_PAIR_BASIC \
901 KEY_TYPE_ECC_KEY_PAIR_IMPORT \
902 KEY_TYPE_ECC_KEY_PAIR_EXPORT \
903 $(helper_get_psa_curve_list)"
904
905 # Configure
906 # ---------
907
908 # start with config full for maximum coverage (also enables USE_PSA)
909 helper_libtestdriver1_adjust_config "full"
910
911 # Disable modules that are accelerated - some will be re-enabled
912 scripts/config.py unset MBEDTLS_ECDSA_C
913 scripts/config.py unset MBEDTLS_ECDH_C
914 scripts/config.py unset MBEDTLS_ECJPAKE_C
915 scripts/config.py unset MBEDTLS_ECP_C
916
917 # Disable all curves - those that aren't accelerated should be re-enabled
918 helper_disable_builtin_curves
919
920 # Restartable feature is not yet supported by PSA. Once it will in
921 # the future, the following line could be removed (see issues
922 # 6061, 6332 and following ones)
923 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
924
925 # this is not supported by the driver API yet
926 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
927
928 # Build
929 # -----
930
931 # These hashes are needed for some ECDSA signature tests.
932 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
933 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
934 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
935
936 helper_libtestdriver1_make_main "$loc_accel_list"
937
938 # ECP should be re-enabled but not the others
939 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
940 not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
941 not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
942 grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o
943
944 # Run the tests
945 # -------------
946
947 msg "test suites: full with accelerated EC algs and some key types"
948 make test
949}
950
951# Run tests with only (non-)Weierstrass accelerated
952# Common code used in:
953# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
954# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]955common_test_psa_crypto_config_accel_ecc_some_curves () {
956 weierstrass=$1
957 if [ $weierstrass -eq 1 ]; then
958 desc="Weierstrass"
959 else
960 desc="non-Weierstrass"
961 fi
962
963 msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
964
965 # Note: Curves are handled in a special way by the libtestdriver machinery,
966 # so we only want to include them in the accel list when building the main
967 # libraries, hence the use of a separate variable.
968 # Note: the following loop is a modified version of
969 # helper_get_psa_curve_list that only keeps Weierstrass families.
970 loc_weierstrass_list=""
971 loc_non_weierstrass_list=""
972 for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
973 case $item in
974 ECC_BRAINPOOL*|ECC_SECP*)
975 loc_weierstrass_list="$loc_weierstrass_list $item"
976 ;;
977 *)
978 loc_non_weierstrass_list="$loc_non_weierstrass_list $item"
979 ;;
980 esac
981 done
982 if [ $weierstrass -eq 1 ]; then
983 loc_curve_list=$loc_weierstrass_list
984 else
985 loc_curve_list=$loc_non_weierstrass_list
986 fi
987
988 # Algorithms and key types to accelerate
989 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
990 ALG_ECDH \
991 ALG_JPAKE \
992 $(helper_get_psa_key_type_list "ECC") \
993 $loc_curve_list"
994
995 # Configure
996 # ---------
997
998 # Start with config crypto_full and remove PK_C:
999 # that's what's supported now, see docs/driver-only-builds.md.
1000 helper_libtestdriver1_adjust_config "crypto_full"
1001 scripts/config.py unset MBEDTLS_PK_C
1002 scripts/config.py unset MBEDTLS_PK_PARSE_C
1003 scripts/config.py unset MBEDTLS_PK_WRITE_C
1004
1005 # Disable modules that are accelerated - some will be re-enabled
1006 scripts/config.py unset MBEDTLS_ECDSA_C
1007 scripts/config.py unset MBEDTLS_ECDH_C
1008 scripts/config.py unset MBEDTLS_ECJPAKE_C
1009 scripts/config.py unset MBEDTLS_ECP_C
1010
1011 # Disable all curves - those that aren't accelerated should be re-enabled
1012 helper_disable_builtin_curves
1013
1014 # Restartable feature is not yet supported by PSA. Once it will in
1015 # the future, the following line could be removed (see issues
1016 # 6061, 6332 and following ones)
1017 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1018
1019 # this is not supported by the driver API yet
1020 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1021
1022 # Build
1023 # -----
1024
1025 # These hashes are needed for some ECDSA signature tests.
1026 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1027 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1028 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1029
1030 helper_libtestdriver1_make_main "$loc_accel_list"
1031
1032 # We expect ECDH to be re-enabled for the missing curves
1033 grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1034 # We expect ECP to be re-enabled, however the parts specific to the
1035 # families of curves that are accelerated should be ommited.
1036 # - functions with mxz in the name are specific to Montgomery curves
1037 # - ecp_muladd is specific to Weierstrass curves
1038 ##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms
1039 if [ $weierstrass -eq 1 ]; then
1040 not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
1041 grep mxz ${BUILTIN_SRC_PATH}/ecp.o
1042 else
1043 grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
1044 not grep mxz ${BUILTIN_SRC_PATH}/ecp.o
1045 fi
1046 # We expect ECDSA and ECJPAKE to be re-enabled only when
1047 # Weierstrass curves are not accelerated
1048 if [ $weierstrass -eq 1 ]; then
1049 not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
1050 not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
1051 else
1052 grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
1053 grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
1054 fi
1055
1056 # Run the tests
1057 # -------------
1058
1059 msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
1060 make test
1061}
1062
1063component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {
1064 common_test_psa_crypto_config_accel_ecc_some_curves 1
1065}
1066
1067component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () {
1068 common_test_psa_crypto_config_accel_ecc_some_curves 0
1069}
1070
1071# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
1072# ECDH, ECDSA) with and without drivers.
1073# The input parameter is a boolean value which indicates:
1074# - 0 keep built-in EC algs,
1075# - 1 exclude built-in EC algs (driver only).
1076#
1077# This is used by the two following components to ensure they always use the
1078# same config, except for the use of driver or built-in EC algorithms:
1079# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
1080# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
1081# This supports comparing their test coverage with analyze_outcomes.py.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1082config_psa_crypto_config_ecp_light_only () {
1083 driver_only="$1"
1084 # start with config full for maximum coverage (also enables USE_PSA)
1085 helper_libtestdriver1_adjust_config "full"
1086 if [ "$driver_only" -eq 1 ]; then
1087 # Disable modules that are accelerated
1088 scripts/config.py unset MBEDTLS_ECDSA_C
1089 scripts/config.py unset MBEDTLS_ECDH_C
1090 scripts/config.py unset MBEDTLS_ECJPAKE_C
1091 scripts/config.py unset MBEDTLS_ECP_C
1092 fi
1093
1094 # Restartable feature is not yet supported by PSA. Once it will in
1095 # the future, the following line could be removed (see issues
1096 # 6061, 6332 and following ones)
1097 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1098}
1099
1100# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1101component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
1102 msg "build: full with accelerated EC algs"
1103
1104 # Algorithms and key types to accelerate
1105 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
1106 ALG_ECDH \
1107 ALG_JPAKE \
1108 $(helper_get_psa_key_type_list "ECC") \
1109 $(helper_get_psa_curve_list)"
1110
1111 # Configure
1112 # ---------
1113
1114 # Use the same config as reference, only without built-in EC algs
1115 config_psa_crypto_config_ecp_light_only 1
1116
1117 # Do not disable builtin curves because that support is required for:
1118 # - MBEDTLS_PK_PARSE_EC_EXTENDED
1119 # - MBEDTLS_PK_PARSE_EC_COMPRESSED
1120
1121 # Build
1122 # -----
1123
1124 # These hashes are needed for some ECDSA signature tests.
1125 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1126 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1127 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1128
1129 helper_libtestdriver1_make_main "$loc_accel_list"
1130
1131 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1132 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1133 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1134 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1135 not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o
1136
1137 # Run the tests
1138 # -------------
1139
1140 msg "test suites: full with accelerated EC algs"
1141 make test
1142
1143 msg "ssl-opt: full with accelerated EC algs"
1144 tests/ssl-opt.sh
1145}
1146
1147# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1148component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
1149 msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
1150
1151 config_psa_crypto_config_ecp_light_only 0
1152
1153 make
1154
1155 msg "test suites: full with non-accelerated EC algs"
1156 make test
1157
1158 msg "ssl-opt: full with non-accelerated EC algs"
1159 tests/ssl-opt.sh
1160}
1161
1162# This helper function is used by:
1163# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
1164# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
1165# to ensure that both tests use the same underlying configuration when testing
1166# driver's coverage with analyze_outcomes.py.
1167#
1168# This functions accepts 1 boolean parameter as follows:
1169# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
1170# excluding their built-in implementation as well as ECP_C & ECP_LIGHT
1171# - 0: include built-in implementation of EC algorithms.
1172#
1173# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
1174# on the ECP module.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1175config_psa_crypto_no_ecp_at_all () {
1176 driver_only="$1"
1177 # start with full config for maximum coverage (also enables USE_PSA)
1178 helper_libtestdriver1_adjust_config "full"
1179
1180 if [ "$driver_only" -eq 1 ]; then
1181 # Disable modules that are accelerated
1182 scripts/config.py unset MBEDTLS_ECDSA_C
1183 scripts/config.py unset MBEDTLS_ECDH_C
1184 scripts/config.py unset MBEDTLS_ECJPAKE_C
1185 # Disable ECP module (entirely)
1186 scripts/config.py unset MBEDTLS_ECP_C
1187 fi
1188
1189 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
1190 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
1191 scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
1192 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1193
1194 # Restartable feature is not yet supported by PSA. Once it will in
1195 # the future, the following line could be removed (see issues
1196 # 6061, 6332 and following ones)
1197 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1198}
1199
1200# Build and test a configuration where driver accelerates all EC algs while
1201# all support and dependencies from ECP and ECP_LIGHT are removed on the library
1202# side.
1203#
1204# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1205component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
1206 msg "build: full + accelerated EC algs - ECP"
1207
1208 # Algorithms and key types to accelerate
1209 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
1210 ALG_ECDH \
1211 ALG_JPAKE \
1212 $(helper_get_psa_key_type_list "ECC") \
1213 $(helper_get_psa_curve_list)"
1214
1215 # Configure
1216 # ---------
1217
1218 # Set common configurations between library's and driver's builds
1219 config_psa_crypto_no_ecp_at_all 1
1220 # Disable all the builtin curves. All the required algs are accelerated.
1221 helper_disable_builtin_curves
1222
1223 # Build
1224 # -----
1225
1226 # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
1227 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
1228 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1229 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1230
1231 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1232
1233 helper_libtestdriver1_make_main "$loc_accel_list"
1234
1235 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1236 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1237 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1238 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1239 # Also ensure that ECP module was not re-enabled
1240 not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
1241
1242 # Run the tests
1243 # -------------
1244
1245 msg "test: full + accelerated EC algs - ECP"
1246 make test
1247
1248 msg "ssl-opt: full + accelerated EC algs - ECP"
1249 tests/ssl-opt.sh
1250}
1251
1252# Reference function used for driver's coverage analysis in analyze_outcomes.py
1253# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
1254# Keep in sync with its accelerated counterpart.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1255component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
1256 msg "build: full + non accelerated EC algs"
1257
1258 config_psa_crypto_no_ecp_at_all 0
1259
1260 make
1261
1262 msg "test: full + non accelerated EC algs"
1263 make test
1264
1265 msg "ssl-opt: full + non accelerated EC algs"
1266 tests/ssl-opt.sh
1267}
1268
1269# This is a common configuration helper used directly from:
1270# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
1271# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
1272# and indirectly from:
1273# - component_test_psa_crypto_config_accel_ecc_no_bignum
1274# - accelerate all EC algs, disable RSA and FFDH
1275# - component_test_psa_crypto_config_reference_ecc_no_bignum
1276# - this is the reference component of the above
1277# - it still disables RSA and FFDH, but it uses builtin EC algs
1278# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
1279# - accelerate all EC and FFDH algs, disable only RSA
1280# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
1281# - this is the reference component of the above
1282# - it still disables RSA, but it uses builtin EC and FFDH algs
1283#
1284# This function accepts 2 parameters:
1285# $1: a boolean value which states if we are testing an accelerated scenario
1286# or not.
1287# $2: a string value which states which components are tested. Allowed values
1288# are "ECC" or "ECC_DH".
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1289config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1290 driver_only="$1"
1291 test_target="$2"
1292 # start with full config for maximum coverage (also enables USE_PSA)
1293 helper_libtestdriver1_adjust_config "full"
1294
1295 if [ "$driver_only" -eq 1 ]; then
1296 # Disable modules that are accelerated
1297 scripts/config.py unset MBEDTLS_ECDSA_C
1298 scripts/config.py unset MBEDTLS_ECDH_C
1299 scripts/config.py unset MBEDTLS_ECJPAKE_C
1300 # Disable ECP module (entirely)
1301 scripts/config.py unset MBEDTLS_ECP_C
1302 # Also disable bignum
1303 scripts/config.py unset MBEDTLS_BIGNUM_C
1304 fi
1305
1306 # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
1307 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
1308 scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
1309 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1310
1311 # RSA support is intentionally disabled on this test because RSA_C depends
1312 # on BIGNUM_C.
1313 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
1314 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
1315 scripts/config.py unset MBEDTLS_RSA_C
1316 scripts/config.py unset MBEDTLS_PKCS1_V15
1317 scripts/config.py unset MBEDTLS_PKCS1_V21
1318 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
1319 # Also disable key exchanges that depend on RSA
1320 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
1321 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1322 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1323 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1324 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1325
1326 if [ "$test_target" = "ECC" ]; then
1327 # When testing ECC only, we disable FFDH support, both from builtin and
1328 # PSA sides, and also disable the key exchanges that depend on DHM.
1329 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH
1330 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
1331 scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
1332 scripts/config.py unset MBEDTLS_DHM_C
1333 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
1334 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1335 else
1336 # When testing ECC and DH instead, we disable DHM and depending key
1337 # exchanges only in the accelerated build
1338 if [ "$driver_only" -eq 1 ]; then
1339 scripts/config.py unset MBEDTLS_DHM_C
1340 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
1341 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1342 fi
1343 fi
1344
1345 # Restartable feature is not yet supported by PSA. Once it will in
1346 # the future, the following line could be removed (see issues
1347 # 6061, 6332 and following ones)
1348 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
1349}
1350
1351# Common helper used by:
1352# - component_test_psa_crypto_config_accel_ecc_no_bignum
1353# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
1354#
1355# The goal is to build and test accelerating either:
1356# - ECC only or
1357# - both ECC and FFDH
1358#
1359# It is meant to be used in conjunction with
1360# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
1361# coverage analysis in the "analyze_outcomes.py" script.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1362common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
1363 test_target="$1"
1364
1365 # This is an internal helper to simplify text message handling
1366 if [ "$test_target" = "ECC_DH" ]; then
1367 accel_text="ECC/FFDH"
1368 removed_text="ECP - DH"
1369 else
1370 accel_text="ECC"
1371 removed_text="ECP"
1372 fi
1373
1374 msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
1375
1376 # By default we accelerate all EC keys/algs
1377 loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
1378 ALG_ECDH \
1379 ALG_JPAKE \
1380 $(helper_get_psa_key_type_list "ECC") \
1381 $(helper_get_psa_curve_list)"
1382 # Optionally we can also add DH to the list of accelerated items
1383 if [ "$test_target" = "ECC_DH" ]; then
1384 loc_accel_list="$loc_accel_list \
1385 ALG_FFDH \
1386 $(helper_get_psa_key_type_list "DH") \
1387 $(helper_get_psa_dh_group_list)"
1388 fi
1389
1390 # Configure
1391 # ---------
1392
1393 # Set common configurations between library's and driver's builds
1394 config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
1395 # Disable all the builtin curves. All the required algs are accelerated.
1396 helper_disable_builtin_curves
1397
1398 # Build
1399 # -----
1400
1401 # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
1402 # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
1403 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1404 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1405
1406 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1407
1408 helper_libtestdriver1_make_main "$loc_accel_list"
1409
1410 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1411 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1412 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1413 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1414 # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
1415 not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
1416 not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
1417 not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
1418 not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
1419
1420 # Run the tests
1421 # -------------
1422
1423 msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
1424
1425 make test
1426
1427 msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
1428 tests/ssl-opt.sh
1429}
1430
1431# Common helper used by:
1432# - component_test_psa_crypto_config_reference_ecc_no_bignum
1433# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
1434#
1435# The goal is to build and test a reference scenario (i.e. with builtin
1436# components) compared to the ones used in
1437# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above.
1438#
1439# It is meant to be used in conjunction with
1440# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
1441# coverage analysis in "analyze_outcomes.py" script.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1442common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
1443 test_target="$1"
1444
1445 # This is an internal helper to simplify text message handling
1446 if [ "$test_target" = "ECC_DH" ]; then
1447 accel_text="ECC/FFDH"
1448 else
1449 accel_text="ECC"
1450 fi
1451
1452 msg "build: full + non accelerated $accel_text algs + USE_PSA"
1453
1454 config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target"
1455
1456 make
1457
1458 msg "test suites: full + non accelerated EC algs + USE_PSA"
1459 make test
1460
1461 msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
1462 tests/ssl-opt.sh
1463}
1464
1465component_test_psa_crypto_config_accel_ecc_no_bignum () {
1466 common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC"
1467}
1468
1469component_test_psa_crypto_config_reference_ecc_no_bignum () {
1470 common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC"
1471}
1472
1473component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
1474 common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH"
1475}
1476
1477component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
1478 common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
1479}
1480
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1481component_test_tfm_config_as_is () {
1482 msg "build: configs/config-tfm.h"
1483 cp configs/config-tfm.h "$CONFIG_H"
1484 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
1485 make
1486
1487 msg "test: configs/config-tfm.h - unit tests"
1488 make test
1489}
1490
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1491# Helper for setting common configurations between:
1492# - component_test_tfm_config_p256m_driver_accel_ec()
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1493# - component_test_tfm_config_no_p256m()
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1494common_tfm_config () {
1495 # Enable TF-M config
1496 cp configs/config-tfm.h "$CONFIG_H"
1497 echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H"
1498 cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
1499
1500 # Other config adjustment to make the tests pass.
1501 # This should probably be adopted upstream.
1502 #
1503 # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
1504 echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H"
1505
1506 # Config adjustment for better test coverage in our environment.
1507 # This is not needed just to build and pass tests.
1508 #
1509 # Enable filesystem I/O for the benefit of PK parse/write tests.
1510 echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
1511}
1512
1513# Keep this in sync with component_test_tfm_config() as they are both meant
1514# to be used in analyze_outcomes.py for driver's coverage analysis.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1515component_test_tfm_config_p256m_driver_accel_ec () {
1516 msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
1517
1518 common_tfm_config
1519
1520 # Build crypto library
1521 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
1522
1523 # Make sure any built-in EC alg was not re-enabled by accident (additive config)
1524 not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
1525 not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
1526 not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
1527 # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
1528 not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
1529 not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
1530 not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
1531 not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
1532 # Check that p256m was built
1533 grep -q p256_ecdsa_ library/libmbedcrypto.a
1534
1535 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
1536 # files, so we want to ensure that it has not be re-enabled accidentally.
1537 not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
1538
1539 # Run the tests
1540 msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
1541 make test
1542}
1543
1544# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
1545# they are both meant to be used in analyze_outcomes.py for driver's coverage
1546# analysis.
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1547component_test_tfm_config_no_p256m () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1548 common_tfm_config
1549
1550 # Disable P256M driver, which is on by default, so that analyze_outcomes
1551 # can compare this test with test_tfm_config_p256m_driver_accel_ec
1552 echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
1553
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1554 msg "build: TF-M config without p256m"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1555 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
1556
1557 # Check that p256m was not built
1558 not grep p256_ecdsa_ library/libmbedcrypto.a
1559
1560 # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
1561 # files, so we want to ensure that it has not be re-enabled accidentally.
1562 not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
1563
Gilles Peskineeffa6a02024-09-14 11:35:36 +0200[diff] [blame]1564 msg "test: TF-M config without p256m"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1565 make test
1566}
1567
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1568# This is an helper used by:
1569# - component_test_psa_ecc_key_pair_no_derive
1570# - component_test_psa_ecc_key_pair_no_generate
1571# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
1572# enabled, but one. Input arguments are as follows:
1573# - $1 is the key type under test, i.e. ECC/RSA/DH
1574# - $2 is the key option to be unset (i.e. generate, derive, etc)
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1575build_and_test_psa_want_key_pair_partial () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1576 key_type=$1
1577 unset_option=$2
1578 disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
1579
1580 msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
1581 scripts/config.py full
1582 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
1583 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
1584
1585 # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
1586 # crypto_config.h so we just disable the one we don't want.
1587 scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
1588
1589 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
1590
1591 msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
1592 make test
1593}
1594
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1595component_test_psa_ecc_key_pair_no_derive () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1596 build_and_test_psa_want_key_pair_partial "ECC" "DERIVE"
1597}
1598
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1599component_test_psa_ecc_key_pair_no_generate () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1600 build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
1601}
1602
1603config_psa_crypto_accel_rsa () {
1604 driver_only=$1
1605
1606 # Start from crypto_full config (no X.509, no TLS)
1607 helper_libtestdriver1_adjust_config "crypto_full"
1608
1609 if [ "$driver_only" -eq 1 ]; then
1610 # Remove RSA support and its dependencies
1611 scripts/config.py unset MBEDTLS_RSA_C
1612 scripts/config.py unset MBEDTLS_PKCS1_V15
1613 scripts/config.py unset MBEDTLS_PKCS1_V21
1614
1615 # We need PEM parsing in the test library as well to support the import
1616 # of PEM encoded RSA keys.
1617 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
1618 scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
1619 fi
1620}
1621
1622component_test_psa_crypto_config_accel_rsa_crypto () {
1623 msg "build: crypto_full with accelerated RSA"
1624
1625 loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \
1626 ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \
1627 KEY_TYPE_RSA_PUBLIC_KEY \
1628 KEY_TYPE_RSA_KEY_PAIR_BASIC \
1629 KEY_TYPE_RSA_KEY_PAIR_GENERATE \
1630 KEY_TYPE_RSA_KEY_PAIR_IMPORT \
1631 KEY_TYPE_RSA_KEY_PAIR_EXPORT"
1632
1633 # Configure
1634 # ---------
1635
1636 config_psa_crypto_accel_rsa 1
1637
1638 # Build
1639 # -----
1640
1641 # These hashes are needed for unit tests.
1642 loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1643 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5"
1644 helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
1645
1646 helper_libtestdriver1_make_main "$loc_accel_list"
1647
1648 # Make sure this was not re-enabled by accident (additive config)
1649 not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o
1650
1651 # Run the tests
1652 # -------------
1653
1654 msg "test: crypto_full with accelerated RSA"
1655 make test
1656}
1657
1658component_test_psa_crypto_config_reference_rsa_crypto () {
1659 msg "build: crypto_full with non-accelerated RSA"
1660
1661 # Configure
1662 # ---------
1663 config_psa_crypto_accel_rsa 0
1664
1665 # Build
1666 # -----
1667 make
1668
1669 # Run the tests
1670 # -------------
1671 msg "test: crypto_full with non-accelerated RSA"
1672 make test
1673}
1674
1675# This is a temporary test to verify that full RSA support is present even when
1676# only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1677component_test_new_psa_want_key_pair_symbol () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1678 msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
1679
1680 # Create a temporary output file unless there is already one set
1681 if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
1682 REMOVE_OUTCOME_ON_EXIT="no"
1683 else
1684 REMOVE_OUTCOME_ON_EXIT="yes"
1685 MBEDTLS_TEST_OUTCOME_FILE="$PWD/out.csv"
1686 export MBEDTLS_TEST_OUTCOME_FILE
1687 fi
1688
1689 # Start from crypto configuration
1690 scripts/config.py crypto
1691
1692 # Remove RSA support and its dependencies
1693 scripts/config.py unset MBEDTLS_PKCS1_V15
1694 scripts/config.py unset MBEDTLS_PKCS1_V21
1695 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1696 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1697 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1698 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
1699 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1700 scripts/config.py unset MBEDTLS_RSA_C
1701 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
1702
1703 # Enable PSA support
1704 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
1705
1706 # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure
1707 # that proper translations is done in crypto_legacy.h.
1708 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
1709 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
1710 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
1711
1712 make
1713
1714 msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
1715 make test
1716
1717 # Parse only 1 relevant line from the outcome file, i.e. a test which is
1718 # performing RSA signature.
1719 msg "Verify that 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' is PASS"
1720 cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS"
1721
1722 if [ "$REMOVE_OUTCOME_ON_EXIT" == "yes" ]; then
1723 rm $MBEDTLS_TEST_OUTCOME_FILE
1724 fi
1725}
1726
1727component_test_psa_crypto_config_accel_hash () {
1728 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
1729
1730 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
1731 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1732 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1733
1734 # Configure
1735 # ---------
1736
1737 # Start from default config (no USE_PSA)
1738 helper_libtestdriver1_adjust_config "default"
1739
1740 # Disable the things that are being accelerated
1741 scripts/config.py unset MBEDTLS_MD5_C
1742 scripts/config.py unset MBEDTLS_RIPEMD160_C
1743 scripts/config.py unset MBEDTLS_SHA1_C
1744 scripts/config.py unset MBEDTLS_SHA224_C
1745 scripts/config.py unset MBEDTLS_SHA256_C
1746 scripts/config.py unset MBEDTLS_SHA384_C
1747 scripts/config.py unset MBEDTLS_SHA512_C
1748 scripts/config.py unset MBEDTLS_SHA3_C
1749
1750 # Build
1751 # -----
1752
1753 helper_libtestdriver1_make_drivers "$loc_accel_list"
1754
1755 helper_libtestdriver1_make_main "$loc_accel_list"
1756
1757 # There's a risk of something getting re-enabled via config_psa.h;
1758 # make sure it did not happen. Note: it's OK for MD_C to be enabled.
1759 not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
1760 not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
1761 not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
1762 not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
1763 not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
1764
1765 # Run the tests
1766 # -------------
1767
1768 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
1769 make test
1770}
1771
1772# Auxiliary function to build config for hashes with and without drivers
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1773config_psa_crypto_hash_use_psa () {
1774 driver_only="$1"
1775 # start with config full for maximum coverage (also enables USE_PSA)
1776 helper_libtestdriver1_adjust_config "full"
1777 if [ "$driver_only" -eq 1 ]; then
1778 # disable the built-in implementation of hashes
1779 scripts/config.py unset MBEDTLS_MD5_C
1780 scripts/config.py unset MBEDTLS_RIPEMD160_C
1781 scripts/config.py unset MBEDTLS_SHA1_C
1782 scripts/config.py unset MBEDTLS_SHA224_C
1783 scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
1784 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
1785 scripts/config.py unset MBEDTLS_SHA384_C
1786 scripts/config.py unset MBEDTLS_SHA512_C
1787 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
1788 scripts/config.py unset MBEDTLS_SHA3_C
1789 fi
1790}
1791
1792# Note that component_test_psa_crypto_config_reference_hash_use_psa
1793# is related to this component and both components need to be kept in sync.
1794# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1795component_test_psa_crypto_config_accel_hash_use_psa () {
1796 msg "test: full with accelerated hashes"
1797
1798 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
1799 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1800 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1801
1802 # Configure
1803 # ---------
1804
1805 config_psa_crypto_hash_use_psa 1
1806
1807 # Build
1808 # -----
1809
1810 helper_libtestdriver1_make_drivers "$loc_accel_list"
1811
1812 helper_libtestdriver1_make_main "$loc_accel_list"
1813
1814 # There's a risk of something getting re-enabled via config_psa.h;
1815 # make sure it did not happen. Note: it's OK for MD_C to be enabled.
1816 not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
1817 not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
1818 not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
1819 not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
1820 not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
1821
1822 # Run the tests
1823 # -------------
1824
1825 msg "test: full with accelerated hashes"
1826 make test
1827
1828 # This is mostly useful so that we can later compare outcome files with
1829 # the reference config in analyze_outcomes.py, to check that the
1830 # dependency declarations in ssl-opt.sh and in TLS code are correct.
1831 msg "test: ssl-opt.sh, full with accelerated hashes"
1832 tests/ssl-opt.sh
1833
1834 # This is to make sure all ciphersuites are exercised, but we don't need
1835 # interop testing (besides, we already got some from ssl-opt.sh).
1836 msg "test: compat.sh, full with accelerated hashes"
1837 tests/compat.sh -p mbedTLS -V YES
1838}
1839
1840# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa
1841# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py
1842# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
1843# Both components need to be kept in sync.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1844component_test_psa_crypto_config_reference_hash_use_psa () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1845 msg "test: full without accelerated hashes"
1846
1847 config_psa_crypto_hash_use_psa 0
1848
1849 make
1850
1851 msg "test: full without accelerated hashes"
1852 make test
1853
1854 msg "test: ssl-opt.sh, full without accelerated hashes"
1855 tests/ssl-opt.sh
1856}
1857
1858# Auxiliary function to build config for hashes with and without drivers
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1859config_psa_crypto_hmac_use_psa () {
1860 driver_only="$1"
1861 # start with config full for maximum coverage (also enables USE_PSA)
1862 helper_libtestdriver1_adjust_config "full"
1863
1864 if [ "$driver_only" -eq 1 ]; then
1865 # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT
1866 # is still enabled though (for ENTROPY_C among others).
1867 scripts/config.py unset MBEDTLS_MD_C
1868 # Disable also the builtin hashes since they are supported by the driver
1869 # and MD module is able to perform PSA dispathing.
1870 scripts/config.py unset-all MBEDTLS_SHA
1871 scripts/config.py unset MBEDTLS_MD5_C
1872 scripts/config.py unset MBEDTLS_RIPEMD160_C
1873 fi
1874
1875 # Direct dependencies of MD_C. We disable them also in the reference
1876 # component to work with the same set of features.
1877 scripts/config.py unset MBEDTLS_PKCS7_C
1878 scripts/config.py unset MBEDTLS_PKCS5_C
1879 scripts/config.py unset MBEDTLS_HMAC_DRBG_C
1880 scripts/config.py unset MBEDTLS_HKDF_C
1881 # Dependencies of HMAC_DRBG
1882 scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
1883 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
1884}
1885
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1886component_test_psa_crypto_config_accel_hmac () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1887 msg "test: full with accelerated hmac"
1888
1889 loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \
1890 ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
1891 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
1892 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
1893
1894 # Configure
1895 # ---------
1896
1897 config_psa_crypto_hmac_use_psa 1
1898
1899 # Build
1900 # -----
1901
1902 helper_libtestdriver1_make_drivers "$loc_accel_list"
1903
1904 helper_libtestdriver1_make_main "$loc_accel_list"
1905
1906 # Ensure that built-in support for HMAC is disabled.
1907 not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
1908
1909 # Run the tests
1910 # -------------
1911
1912 msg "test: full with accelerated hmac"
1913 make test
1914}
1915
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]1916component_test_psa_crypto_config_reference_hmac () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]1917 msg "test: full without accelerated hmac"
1918
1919 config_psa_crypto_hmac_use_psa 0
1920
1921 make
1922
1923 msg "test: full without accelerated hmac"
1924 make test
1925}
1926
1927component_test_psa_crypto_config_accel_des () {
1928 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
1929
1930 # Albeit this components aims at accelerating DES which should only support
1931 # CBC and ECB modes, we need to accelerate more than that otherwise DES_C
1932 # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
1933 loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
1934 ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
1935 KEY_TYPE_DES"
1936
1937 # Note: we cannot accelerate all ciphers' key types otherwise we would also
1938 # have to either disable CCM/GCM or accelerate them, but that's out of scope
1939 # of this component. This limitation will be addressed by #8598.
1940
1941 # Configure
1942 # ---------
1943
1944 # Start from the full config
1945 helper_libtestdriver1_adjust_config "full"
1946
1947 # Disable the things that are being accelerated
1948 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
1949 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
1950 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
1951 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
1952 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
1953 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
1954 scripts/config.py unset MBEDTLS_DES_C
1955 scripts/config.py unset MBEDTLS_CMAC_C
1956
1957 # Build
1958 # -----
1959
1960 helper_libtestdriver1_make_drivers "$loc_accel_list"
1961
1962 helper_libtestdriver1_make_main "$loc_accel_list"
1963
1964 # Make sure this was not re-enabled by accident (additive config)
1965 not grep mbedtls_des* ${BUILTIN_SRC_PATH}/des.o
1966
1967 # Run the tests
1968 # -------------
1969
1970 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
1971 make test
1972}
1973
1974component_test_psa_crypto_config_accel_aead () {
1975 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
1976
1977 loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \
1978 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
1979
1980 # Configure
1981 # ---------
1982
1983 # Start from full config
1984 helper_libtestdriver1_adjust_config "full"
1985
1986 # Disable things that are being accelerated
1987 scripts/config.py unset MBEDTLS_GCM_C
1988 scripts/config.py unset MBEDTLS_CCM_C
1989 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
1990
1991 # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
1992 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
1993
1994 # Build
1995 # -----
1996
1997 helper_libtestdriver1_make_drivers "$loc_accel_list"
1998
1999 helper_libtestdriver1_make_main "$loc_accel_list"
2000
2001 # Make sure this was not re-enabled by accident (additive config)
2002 not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
2003 not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
2004 not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
2005
2006 # Run the tests
2007 # -------------
2008
2009 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
2010 make test
2011}
2012
2013# This is a common configuration function used in:
2014# - component_test_psa_crypto_config_accel_cipher_aead_cmac
2015# - component_test_psa_crypto_config_reference_cipher_aead_cmac
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2016common_psa_crypto_config_accel_cipher_aead_cmac () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2017 # Start from the full config
2018 helper_libtestdriver1_adjust_config "full"
2019
2020 scripts/config.py unset MBEDTLS_NIST_KW_C
2021}
2022
2023# The 2 following test components, i.e.
2024# - component_test_psa_crypto_config_accel_cipher_aead_cmac
2025# - component_test_psa_crypto_config_reference_cipher_aead_cmac
2026# are meant to be used together in analyze_outcomes.py script in order to test
2027# driver's coverage for ciphers and AEADs.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2028component_test_psa_crypto_config_accel_cipher_aead_cmac () {
2029 msg "build: full config with accelerated cipher inc. AEAD and CMAC"
2030
2031 loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
2032 ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
2033 ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
2034 KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
2035
2036 # Configure
2037 # ---------
2038
2039 common_psa_crypto_config_accel_cipher_aead_cmac
2040
2041 # Disable the things that are being accelerated
2042 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
2043 scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
2044 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
2045 scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
2046 scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
2047 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
2048 scripts/config.py unset MBEDTLS_GCM_C
2049 scripts/config.py unset MBEDTLS_CCM_C
2050 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
2051 scripts/config.py unset MBEDTLS_CMAC_C
2052 scripts/config.py unset MBEDTLS_DES_C
2053 scripts/config.py unset MBEDTLS_AES_C
2054 scripts/config.py unset MBEDTLS_ARIA_C
2055 scripts/config.py unset MBEDTLS_CHACHA20_C
2056 scripts/config.py unset MBEDTLS_CAMELLIA_C
2057
2058 # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA
2059 # does not depend on it.
2060 scripts/config.py unset MBEDTLS_CIPHER_C
2061
2062 # Build
2063 # -----
2064
2065 helper_libtestdriver1_make_drivers "$loc_accel_list"
2066
2067 helper_libtestdriver1_make_main "$loc_accel_list"
2068
2069 # Make sure this was not re-enabled by accident (additive config)
2070 not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
2071 not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
2072 not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
2073 not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
2074 not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
2075 not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
2076 not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
2077 not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
2078 not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o
2079
2080 # Run the tests
2081 # -------------
2082
2083 msg "test: full config with accelerated cipher inc. AEAD and CMAC"
2084 make test
2085
2086 msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
2087 tests/ssl-opt.sh
2088
2089 msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC"
2090 tests/compat.sh -V NO -p mbedTLS
2091}
2092
2093component_test_psa_crypto_config_reference_cipher_aead_cmac () {
2094 msg "build: full config with non-accelerated cipher inc. AEAD and CMAC"
2095 common_psa_crypto_config_accel_cipher_aead_cmac
2096
2097 make
2098
2099 msg "test: full config with non-accelerated cipher inc. AEAD and CMAC"
2100 make test
2101
2102 msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
2103 tests/ssl-opt.sh
2104
2105 msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
2106 tests/compat.sh -V NO -p mbedTLS
2107}
2108
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2109common_block_cipher_dispatch () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2110 TEST_WITH_DRIVER="$1"
2111
2112 # Start from the full config
2113 helper_libtestdriver1_adjust_config "full"
2114
2115 if [ "$TEST_WITH_DRIVER" -eq 1 ]; then
2116 # Disable key types that are accelerated (there is no legacy equivalent
2117 # symbol for ECB)
2118 scripts/config.py unset MBEDTLS_AES_C
2119 scripts/config.py unset MBEDTLS_ARIA_C
2120 scripts/config.py unset MBEDTLS_CAMELLIA_C
2121 fi
2122
2123 # Disable cipher's modes that, when not accelerated, cause
2124 # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
2125 # Keep this also in the reference component in order to skip the same tests
2126 # that were skipped in the accelerated one.
2127 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
2128 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
2129 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
2130 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
2131 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
2132 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
2133 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
2134 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
2135
2136 # Disable direct dependency on AES_C
2137 scripts/config.py unset MBEDTLS_NIST_KW_C
2138
2139 # Prevent the cipher module from using deprecated PSA path. The reason is
2140 # that otherwise there will be tests relying on "aes_info" (defined in
2141 # "cipher_wrap.c") whose functions are not available when AES_C is
2142 # not defined. ARIA and Camellia are not a problem in this case because
2143 # the PSA path is not tested for these key types.
2144 scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
2145}
2146
Gilles Peskinea9dda7e2024-06-21 11:25:01 +0200[diff] [blame]2147component_test_full_block_cipher_psa_dispatch_static_keystore () {
2148 msg "build: full + PSA dispatch in block_cipher with static keystore"
2149 # Check that the static key store works well when CTR_DRBG uses a
2150 # PSA key for AES.
2151 scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
2152
2153 loc_accel_list="ALG_ECB_NO_PADDING \
2154 KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
2155
2156 # Configure
2157 # ---------
2158
2159 common_block_cipher_dispatch 1
2160
2161 # Build
2162 # -----
2163
2164 helper_libtestdriver1_make_drivers "$loc_accel_list"
2165
2166 helper_libtestdriver1_make_main "$loc_accel_list"
2167
2168 # Make sure disabled components were not re-enabled by accident (additive
2169 # config)
2170 not grep mbedtls_aes_ library/aes.o
2171 not grep mbedtls_aria_ library/aria.o
2172 not grep mbedtls_camellia_ library/camellia.o
2173
2174 # Run the tests
2175 # -------------
2176
2177 msg "test: full + PSA dispatch in block_cipher with static keystore"
2178 make test
2179}
2180
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2181component_test_full_block_cipher_psa_dispatch () {
2182 msg "build: full + PSA dispatch in block_cipher"
2183
2184 loc_accel_list="ALG_ECB_NO_PADDING \
2185 KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
2186
2187 # Configure
2188 # ---------
2189
2190 common_block_cipher_dispatch 1
2191
2192 # Build
2193 # -----
2194
2195 helper_libtestdriver1_make_drivers "$loc_accel_list"
2196
2197 helper_libtestdriver1_make_main "$loc_accel_list"
2198
2199 # Make sure disabled components were not re-enabled by accident (additive
2200 # config)
2201 not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o
2202 not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o
2203 not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o
2204
2205 # Run the tests
2206 # -------------
2207
2208 msg "test: full + PSA dispatch in block_cipher"
2209 make test
2210}
2211
2212# This is the reference component of component_test_full_block_cipher_psa_dispatch
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2213component_test_full_block_cipher_legacy_dispatch () {
2214 msg "build: full + legacy dispatch in block_cipher"
2215
2216 common_block_cipher_dispatch 0
2217
2218 make
2219
2220 msg "test: full + legacy dispatch in block_cipher"
2221 make test
2222}
2223
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2224component_test_aead_chachapoly_disabled () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2225 msg "build: full minus CHACHAPOLY"
2226 scripts/config.py full
2227 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
2228 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
2229 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
2230
2231 msg "test: full minus CHACHAPOLY"
2232 make test
2233}
2234
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2235component_test_aead_only_ccm () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2236 msg "build: full minus CHACHAPOLY and GCM"
2237 scripts/config.py full
2238 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
2239 scripts/config.py unset MBEDTLS_GCM_C
2240 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
2241 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
2242 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
2243
2244 msg "test: full minus CHACHAPOLY and GCM"
2245 make test
2246}
2247
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2248component_test_ccm_aes_sha256 () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2249 msg "build: CCM + AES + SHA256 configuration"
2250
2251 cp "$CONFIG_TEST_DRIVER_H" "$CONFIG_H"
2252 cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
2253
2254 make
2255
2256 msg "test: CCM + AES + SHA256 configuration"
2257 make test
2258}
2259
2260# Test that the given .o file builds with all (valid) combinations of the given options.
2261#
2262# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ...
2263#
2264# The validator function is the name of a function to validate the combination of options.
2265# It may be "" if all combinations are valid.
2266# It receives a string containing a combination of options, as passed to the compiler,
2267# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2268build_test_config_combos () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2269 file=$1
2270 shift
2271 validate_options=$1
2272 shift
2273 options=("$@")
2274
2275 # clear all of the options so that they can be overridden on the clang commandline
2276 for opt in "${options[@]}"; do
2277 ./scripts/config.py unset ${opt}
2278 done
2279
2280 # enter the library directory
2281 cd library
2282
2283 # The most common issue is unused variables/functions, so ensure -Wunused is set.
2284 warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
2285
2286 # Extract the command generated by the Makefile to build the target file.
2287 # This ensures that we have any include paths, macro definitions, etc
2288 # that may be applied by make.
2289 # Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
2290 compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
2291
2292 makefile=$(TMPDIR=. mktemp)
2293 deps=""
2294
2295 len=${#options[@]}
2296 source_file=../${file%.o}.c
2297
2298 targets=0
2299 echo 'include Makefile' >${makefile}
2300
2301 for ((i = 0; i < $((2**${len})); i++)); do
2302 # generate each of 2^n combinations of options
2303 # each bit of $i is used to determine if options[i] will be set or not
2304 target="t"
2305 clang_args=""
2306 for ((j = 0; j < ${len}; j++)); do
2307 if (((i >> j) & 1)); then
2308 opt=-D${options[$j]}
2309 clang_args="${clang_args} ${opt}"
2310 target="${target}${opt}"
2311 fi
2312 done
2313
2314 # if combination is not known to be invalid, add it to the makefile
2315 if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
2316 cmd="${compile_cmd} ${clang_args}"
2317 echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile}
2318
2319 deps="${deps} ${target}"
2320 ((++targets))
2321 fi
2322 done
2323
2324 echo "build_test_config_combos: ${deps}" >> ${makefile}
2325
2326 # execute all of the commands via Make (probably in parallel)
2327 make -s -f ${makefile} build_test_config_combos
2328 echo "$targets targets checked"
2329
2330 # clean up the temporary makefile
2331 rm ${makefile}
2332}
2333
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2334validate_aes_config_variations () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2335 if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
2336 if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
2337 ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
2338 return 1
2339 fi
2340 fi
2341 return 0
2342}
2343
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2344component_build_aes_variations () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2345 # 18s - around 90ms per clang invocation on M1 Pro
2346 #
2347 # aes.o has many #if defined(...) guards that intersect in complex ways.
2348 # Test that all the combinations build cleanly.
2349
2350 MBEDTLS_ROOT_DIR="$PWD"
2351 msg "build: aes.o for all combinations of relevant config options"
2352
2353 build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
Thomas Daubney6cf05f92024-07-18 11:30:22 +0100[diff] [blame]2354 "MBEDTLS_AES_ROM_TABLES" \
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2355 "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
2356 "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
2357
2358 cd "$MBEDTLS_ROOT_DIR"
2359 msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
2360
2361 # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
2362 # manually set or unset those configurations to check
2363 # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
Ronald Cron54d1eec2024-09-06 09:55:38 +0200[diff] [blame]2364 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2365 scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2366 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2367 scripts/config.py unset MBEDTLS_NIST_KW_C
Ronald Cron54d1eec2024-09-06 09:55:38 +0200[diff] [blame]2368
2369 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
2370 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
2371 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
2372 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]2373 # Note: The two unsets below are to be removed for Mbed TLS 4.0
Ronald Cron54d1eec2024-09-06 09:55:38 +0200[diff] [blame]2374 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
2375 scripts/config.py unset MBEDTLS_DES_C
2376
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2377 build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
Thomas Daubney6cf05f92024-07-18 11:30:22 +0100[diff] [blame]2378 "MBEDTLS_AES_ROM_TABLES" \
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2379 "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
2380 "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
2381}
2382
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]2383component_test_sha3_variations () {
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2384 msg "sha3 loop unroll variations"
2385
2386 # define minimal config sufficient to test SHA3
Ronald Crone7f289e2024-09-06 11:02:47 +0200[diff] [blame]2387 cat > include/mbedtls/mbedtls_config.h << END
2388 #define MBEDTLS_AES_C
2389 #define MBEDTLS_CTR_DRBG_C
2390 #define MBEDTLS_ENTROPY_C
2391 #define MBEDTLS_PSA_CRYPTO_C
2392 #define MBEDTLS_PSA_CRYPTO_CONFIG
2393 #define MBEDTLS_SELF_TEST
2394END
2395
2396 cat > tf-psa-crypto/include/psa/crypto_config.h << END
2397 #define PSA_WANT_ALG_SHA_256 1
2398 #define PSA_WANT_ALG_SHA3_224 1
2399 #define PSA_WANT_ALG_SHA3_256 1
2400 #define PSA_WANT_ALG_SHA3_384 1
2401 #define PSA_WANT_ALG_SHA3_512 1
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2402END
2403
2404 msg "all loops unrolled"
2405 make clean
2406 make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1"
2407 ./tf-psa-crypto/tests/test_suite_shax
2408
2409 msg "all loops rolled up"
2410 make clean
2411 make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0"
2412 ./tf-psa-crypto/tests/test_suite_shax
2413}
2414
Minos Galanakisf699d512024-08-01 11:32:30 +0100[diff] [blame]2415support_build_aes_aesce_armcc () {
2416 support_build_armcc
2417}
2418
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2419# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
2420component_build_aes_aesce_armcc () {
2421 msg "Build: AESCE test on arm64 platform without plain C."
2422 scripts/config.py baremetal
2423
2424 # armc[56] don't support SHA-512 intrinsics
2425 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
2426
2427 # Stop armclang warning about feature detection for A64_CRYPTO.
2428 # With this enabled, the library does build correctly under armclang,
2429 # but in baremetal builds (as tested here), feature detection is
2430 # unavailable, and the user is notified via a #warning. So enabling
2431 # this feature would prevent us from building with -Werror on
2432 # armclang. Tracked in #7198.
2433 scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
2434 scripts/config.py set MBEDTLS_HAVE_ASM
2435
2436 msg "AESCE, build with default configuration."
2437 scripts/config.py set MBEDTLS_AESCE_C
2438 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
Manuel Pégourié-Gonnard8f08bcd2024-10-01 13:01:54 +0200[diff] [blame]2439 helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2440
2441 msg "AESCE, build AESCE only"
2442 scripts/config.py set MBEDTLS_AESCE_C
2443 scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
Manuel Pégourié-Gonnard8f08bcd2024-10-01 13:01:54 +0200[diff] [blame]2444 helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2445}
2446
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2447component_test_aes_only_128_bit_keys () {
2448 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
2449 scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
2450
2451 make CFLAGS='-O2 -Werror -Wall -Wextra'
2452
2453 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH"
2454 make test
2455}
2456
2457component_test_no_ctr_drbg_aes_only_128_bit_keys () {
2458 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
2459 scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
2460 scripts/config.py unset MBEDTLS_CTR_DRBG_C
2461
2462 make CC=clang CFLAGS='-Werror -Wall -Wextra'
2463
2464 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
2465 make test
2466}
2467
2468component_test_aes_only_128_bit_keys_have_builtins () {
2469 msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
2470 scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
2471 scripts/config.py unset MBEDTLS_AESNI_C
2472 scripts/config.py unset MBEDTLS_AESCE_C
2473
2474 make CFLAGS='-O2 -Werror -Wall -Wextra'
2475
2476 msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
2477 make test
2478
2479 msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
2480 programs/test/selftest
2481}
2482
2483component_test_gcm_largetable () {
2484 msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
2485 scripts/config.py set MBEDTLS_GCM_LARGE_TABLE
2486 scripts/config.py unset MBEDTLS_AESNI_C
2487 scripts/config.py unset MBEDTLS_AESCE_C
2488
2489 make CFLAGS='-O2 -Werror -Wall -Wextra'
2490
2491 msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C"
2492 make test
2493}
2494
2495component_test_aes_fewer_tables () {
2496 msg "build: default config with AES_FEWER_TABLES enabled"
2497 scripts/config.py set MBEDTLS_AES_FEWER_TABLES
2498 make CFLAGS='-O2 -Werror -Wall -Wextra'
2499
2500 msg "test: AES_FEWER_TABLES"
2501 make test
2502}
2503
2504component_test_aes_rom_tables () {
2505 msg "build: default config with AES_ROM_TABLES enabled"
2506 scripts/config.py set MBEDTLS_AES_ROM_TABLES
2507 make CFLAGS='-O2 -Werror -Wall -Wextra'
2508
2509 msg "test: AES_ROM_TABLES"
2510 make test
2511}
2512
2513component_test_aes_fewer_tables_and_rom_tables () {
2514 msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
2515 scripts/config.py set MBEDTLS_AES_FEWER_TABLES
2516 scripts/config.py set MBEDTLS_AES_ROM_TABLES
2517 make CFLAGS='-O2 -Werror -Wall -Wextra'
2518
2519 msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
2520 make test
2521}
2522
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2523# helper for component_test_block_cipher_no_decrypt_aesni() which:
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2524# - enable/disable the list of config options passed from -s/-u respectively.
2525# - build
2526# - test for tests_suite_xxx
2527# - selftest
2528#
2529# Usage: helper_block_cipher_no_decrypt_build_test
2530# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
2531# Options: -s set_opts the list of config options to enable
2532# -u unset_opts the list of config options to disable
2533# -c cflags the list of options passed to CFLAGS
2534# -l ldflags the list of options passed to LDFLAGS
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2535helper_block_cipher_no_decrypt_build_test () {
2536 while [ $# -gt 0 ]; do
2537 case "$1" in
2538 -s)
2539 shift; local set_opts="$1";;
2540 -u)
2541 shift; local unset_opts="$1";;
2542 -c)
2543 shift; local cflags="-Werror -Wall -Wextra $1";;
2544 -l)
2545 shift; local ldflags="$1";;
2546 esac
2547 shift
2548 done
2549 set_opts="${set_opts:-}"
2550 unset_opts="${unset_opts:-}"
2551 cflags="${cflags:-}"
2552 ldflags="${ldflags:-}"
2553
2554 [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
2555 [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
2556
2557 msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
2558 make clean
2559 make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
2560
2561 # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
2562 not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
2563 not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
2564 not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
2565 # Make sure we don't have mbedtls_internal_aes_decrypt in AES
2566 not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
2567 # Make sure we don't have mbedtls_aesni_inverse_key in AESNI
2568 not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o
2569
2570 msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
2571 make test
2572
2573 msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
2574 programs/test/selftest
2575}
2576
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2577# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx:
2578config_block_cipher_no_decrypt () {
2579 scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2580 scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
2581 scripts/config.py unset MBEDTLS_NIST_KW_C
2582
2583 # Enable support for cryptographic mechanisms through the PSA API.
2584 # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
2585 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
2586 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
2587 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
2588 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
2589 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
Ronald Cron4153ebb2024-09-11 15:32:48 +0200[diff] [blame]2590 # Note: The two unsets below are to be removed for Mbed TLS 4.0
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2591 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
2592 scripts/config.py unset MBEDTLS_DES_C
2593}
2594
2595component_test_block_cipher_no_decrypt_aesni () {
2596 # Test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, AESNI assembly and
2597 # AES C implementation on x86_64 and with AESNI intrinsics on x86.
2598
2599 # This consistently causes an llvm crash on clang 3.8, so use gcc
2600 export CC=gcc
2601 config_block_cipher_no_decrypt
2602
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2603 # test AESNI intrinsics
2604 helper_block_cipher_no_decrypt_build_test \
2605 -s "MBEDTLS_AESNI_C" \
2606 -c "-mpclmul -msse2 -maes"
2607
2608 # test AESNI assembly
2609 helper_block_cipher_no_decrypt_build_test \
2610 -s "MBEDTLS_AESNI_C" \
2611 -c "-mno-pclmul -mno-sse2 -mno-aes"
2612
2613 # test AES C implementation
2614 helper_block_cipher_no_decrypt_build_test \
2615 -u "MBEDTLS_AESNI_C"
2616
2617 # test AESNI intrinsics for i386 target
2618 helper_block_cipher_no_decrypt_build_test \
2619 -s "MBEDTLS_AESNI_C" \
2620 -c "-m32 -mpclmul -msse2 -maes" \
2621 -l "-m32"
2622}
2623
Minos Galanakisf699d512024-08-01 11:32:30 +0100[diff] [blame]2624support_test_block_cipher_no_decrypt_aesce_armcc () {
2625 support_build_armcc
2626}
2627
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2628component_test_block_cipher_no_decrypt_aesce_armcc () {
2629 scripts/config.py baremetal
2630
2631 # armc[56] don't support SHA-512 intrinsics
2632 scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
2633
2634 # Stop armclang warning about feature detection for A64_CRYPTO.
2635 # With this enabled, the library does build correctly under armclang,
2636 # but in baremetal builds (as tested here), feature detection is
2637 # unavailable, and the user is notified via a #warning. So enabling
2638 # this feature would prevent us from building with -Werror on
2639 # armclang. Tracked in #7198.
2640 scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
2641 scripts/config.py set MBEDTLS_HAVE_ASM
2642
Ronald Cron66040472024-09-06 10:14:38 +0200[diff] [blame]2643 config_block_cipher_no_decrypt
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2644
2645 # test AESCE baremetal build
2646 scripts/config.py set MBEDTLS_AESCE_C
2647 msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
Manuel Pégourié-Gonnard8f08bcd2024-10-01 13:01:54 +0200[diff] [blame]2648 helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2649
2650 # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
2651 not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
2652 not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
2653 not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
2654 # Make sure we don't have mbedtls_internal_aes_decrypt in AES
2655 not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
2656 # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
2657 not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o
2658 not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o
2659}
2660
2661component_test_ctr_drbg_aes_256_sha_256 () {
2662 msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2663 scripts/config.py full
2664 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
2665 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
2666 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2667 make
2668
2669 msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2670 make test
2671}
2672
2673component_test_ctr_drbg_aes_128_sha_512 () {
2674 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
2675 scripts/config.py full
2676 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
2677 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2678 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2679 make
2680
2681 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
2682 make test
2683}
2684
2685component_test_ctr_drbg_aes_128_sha_256 () {
2686 msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2687 scripts/config.py full
2688 scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
2689 scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2690 scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
2691 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2692 make
2693
2694 msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
2695 make test
2696}
2697
2698component_test_se_default () {
2699 msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
2700 scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
2701 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
2702
2703 msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
2704 make test
2705}
2706
Gilles Peskinea9dda7e2024-06-21 11:25:01 +0200[diff] [blame]2707component_test_full_static_keystore () {
2708 msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC"
2709 scripts/config.py full
2710 scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
2711 make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
2712
2713 msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC"
2714 make test
2715}
2716
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2717component_test_psa_crypto_drivers () {
Ronald Crona0afbfb2024-10-15 13:20:31 +0200[diff] [blame]2718 # Test dispatch to drivers and fallbacks with
2719 # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that
2720 # are wrappers around the builtin drivers are activated by
2721 # PSA_CRYPTO_DRIVER_TEST.
2722 #
2723 # For the time being, some test cases in test_suite_block_cipher and
2724 # test_suite_md.psa rely on this component to be run at least once by the
2725 # CI. This should disappear as we progress the 4.x work. See
2726 # config_adjust_test_accelerators.h for more information.
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2727 msg "build: full + test drivers dispatching to builtins"
2728 scripts/config.py full
Ronald Cron67cc6a72024-10-14 10:55:24 +0200[diff] [blame]2729 loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
Ronald Cronede04b32024-10-16 10:47:15 +0200[diff] [blame]2730 loc_cflags="${loc_cflags} -I../tests/include"
Minos Galanakis471b34c2024-07-26 15:39:24 +0100[diff] [blame]2731
2732 make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
2733
2734 msg "test: full + test drivers dispatching to builtins"
2735 make test
2736}
2737
2738component_build_psa_config_file () {
2739 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE" # ~40s
2740 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
2741 cp "$CRYPTO_CONFIG_H" psa_test_config.h
2742 echo '#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
2743 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
2744 # Make sure this feature is enabled. We'll disable it in the next phase.
2745 programs/test/query_compile_time_config MBEDTLS_CMAC_C
2746 make clean
2747
2748 msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
2749 # In the user config, disable one feature and its dependencies, which will
2750 # reflect on the mbedtls configuration so we can query it with
2751 # query_compile_time_config.
2752 echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
2753 echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h
2754 scripts/config.py unset MBEDTLS_CMAC_C
2755 make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
2756 not programs/test/query_compile_time_config MBEDTLS_CMAC_C
2757
2758 rm -f psa_test_config.h psa_user_config.h
2759}
2760
2761component_build_psa_alt_headers () {
2762 msg "build: make with PSA alt headers" # ~20s
2763
2764 # Generate alternative versions of the substitutable headers with the
2765 # same content except different include guards.
2766 make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
2767
2768 # Build the library and some programs.
2769 # Don't build the fuzzers to avoid having to go through hoops to set
2770 # a correct include path for programs/fuzz/Makefile.
2771 make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
2772 make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
2773
2774 # Check that we're getting the alternative include guards and not the
2775 # original include guards.
2776 programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
2777 programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
2778 programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
2779 programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
2780}
2781
2782component_test_min_mpi_window_size () {
2783 msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
2784 scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
2785 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
2786 make
2787
2788 msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
2789 make test
2790}