Define "light" subset of MD
See docs/architecture/psa-migration/md-cipher-dispatch.md
Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7d91fa2..c4a8fe6 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1219,19 +1219,25 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
-component_test_crypto_full_no_md () {
- msg "build: crypto_full minus MD"
+component_test_crypto_full_md_light_only () {
+ msg "build: crypto_full with only the light subset of MD"
scripts/config.py crypto_full
+ # Disable MD
scripts/config.py unset MBEDTLS_MD_C
- # Direct dependencies
+ # Disable direct dependencies of MD
scripts/config.py unset MBEDTLS_HKDF_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_PKCS7_C
- # Indirect dependencies
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
- make
+ # Disable indirect dependencies of MD
+ scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
+ # Enable "light" subset of MD
+ scripts/config.py set MBEDTLS_MD_LIGHT
+ make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
- msg "test: crypto_full minus MD"
+ # Make sure we don't have the HMAC functions
+ not grep mbedtls_md_hmac library/md.o
+
+ msg "test: crypto_full with only the light subset of MD"
make test
}
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index ac3a8ba..1e8622b 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -3,11 +3,11 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_MD_C
+ * depends_on:MBEDTLS_MD_LIGHT
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
void mbedtls_md_list()
{
const int *md_type_ptr;
@@ -38,21 +38,27 @@
void md_null_args()
{
mbedtls_md_context_t ctx;
+#if defined(MBEDTLS_MD_C)
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*(mbedtls_md_list()));
+#endif
unsigned char buf[1] = { 0 };
mbedtls_md_init(&ctx);
TEST_EQUAL(0, mbedtls_md_get_size(NULL));
+#if defined(MBEDTLS_MD_C)
TEST_EQUAL(mbedtls_md_get_type(NULL), MBEDTLS_MD_NONE);
TEST_ASSERT(mbedtls_md_get_name(NULL) == NULL);
TEST_ASSERT(mbedtls_md_info_from_string(NULL) == NULL);
TEST_ASSERT(mbedtls_md_info_from_ctx(NULL) == NULL);
TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == NULL);
+#endif /* MBEDTLS_MD_C */
TEST_EQUAL(mbedtls_md_setup(&ctx, NULL, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+#if defined(MBEDTLS_MD_C)
TEST_EQUAL(mbedtls_md_setup(NULL, info, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+#endif
TEST_EQUAL(mbedtls_md_starts(NULL), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_md_starts(&ctx), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
@@ -65,6 +71,7 @@
TEST_EQUAL(mbedtls_md(NULL, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+#if defined(MBEDTLS_MD_C)
#if defined(MBEDTLS_FS_IO)
TEST_EQUAL(mbedtls_md_file(NULL, "", buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
#endif
@@ -87,10 +94,13 @@
TEST_EQUAL(mbedtls_md_hmac(NULL, buf, 1, buf, 1, buf),
MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+#endif /* MBEDTLS_MD_C */
/* Ok, this is not NULL arg but NULL return... */
TEST_ASSERT(mbedtls_md_info_from_type(MBEDTLS_MD_NONE) == NULL);
+#if defined(MBEDTLS_MD_C)
TEST_ASSERT(mbedtls_md_info_from_string("no such md") == NULL);
+#endif
}
/* END_CASE */
@@ -98,24 +108,31 @@
void md_info(int md_type, char *md_name, int md_size)
{
const mbedtls_md_info_t *md_info;
+#if defined(MBEDTLS_MD_C)
const int *md_type_ptr;
- int found;
+#else
+ (void) md_name;
+#endif
md_info = mbedtls_md_info_from_type(md_type);
TEST_ASSERT(md_info != NULL);
+#if defined(MBEDTLS_MD_C)
TEST_ASSERT(md_info == mbedtls_md_info_from_string(md_name));
+#endif
TEST_EQUAL(mbedtls_md_get_type(md_info), (mbedtls_md_type_t) md_type);
TEST_EQUAL(mbedtls_md_get_size(md_info), (unsigned char) md_size);
+#if defined(MBEDTLS_MD_C)
TEST_EQUAL(0, strcmp(mbedtls_md_get_name(md_info), md_name));
- found = 0;
+ int found = 0;
for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) {
if (*md_type_ptr == md_type) {
found = 1;
}
}
TEST_EQUAL(found, 1);
+#endif /* MBEDTLS_MD_C */
}
/* END_CASE */
@@ -173,8 +190,10 @@
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0));
TEST_EQUAL(0, mbedtls_md_setup(&ctx_copy, md_info, 0));
+#if defined(MBEDTLS_MD_C)
TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info);
TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx_copy) == md_info);
+#endif /* MBEDTLS_MD_C */
TEST_EQUAL(0, mbedtls_md_starts(&ctx));
TEST_ASSERT(ctx.md_ctx != NULL);
@@ -213,8 +232,10 @@
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0));
TEST_EQUAL(0, mbedtls_md_setup(&ctx_copy, md_info, 0));
+#if defined(MBEDTLS_MD_C)
TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info);
TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx_copy) == md_info);
+#endif /* MBEDTLS_MD_C */
halfway = src_str->len / 2;
@@ -240,7 +261,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
void mbedtls_md_hmac(int md_type, int trunc_size,
data_t *key_str, data_t *src_str,
data_t *hash)
@@ -259,7 +280,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
void md_hmac_multi(int md_type, int trunc_size, data_t *key_str,
data_t *src_str, data_t *hash)
{
@@ -273,7 +294,9 @@
md_info = mbedtls_md_info_from_type(md_type);
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
+#if defined(MBEDTLS_MD_C)
TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info);
+#endif
halfway = src_str->len / 2;
@@ -300,7 +323,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_MD_C */
void mbedtls_md_file(int md_type, char *filename,
data_t *hash)
{