blob: 2e14866c088fef294d086104766b3f0d16abdcaf [file] [log] [blame]
Minos Galanakis77711192024-07-25 14:24:37 +01001# components.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
6# This file contains the test components that are executed by all.sh
7
8# The functions below are named as follows:
9# * component_XXX: independent components. They can be run in any order.
10# * component_check_XXX: quick tests that aren't worth parallelizing.
11# * component_build_XXX: build things but don't run them.
12# * component_test_XXX: build and test.
13# * component_release_XXX: tests that the CI should skip during PR testing.
14# * support_XXX: if support_XXX exists and returns false then
15# component_XXX is not run by default.
16
17# Each component must start by invoking `msg` with a short informative message.
18#
19# Warning: due to the way bash detects errors, the failure of a command
20# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
21#
22# Each component is executed in a separate shell process. The component
23# fails if any command in it returns a non-zero status.
24#
25# The framework in all.sh performs some cleanup tasks after each component.
26# This means that components can assume that the working directory is in a
27# cleaned-up state, and don't need to perform the cleanup themselves.
28# * Run `make clean`.
29# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
30# the component.
31# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
32# `tests/Makefile` and `programs/fuzz/Makefile` from git.
33# This cleans up after an in-tree use of CMake.
34#
35# The tests are roughly in order from fastest to slowest. This doesn't
36# have to be exact, but in general you should add slower tests towards
37# the end and fast checks near the beginning.
38
39
40################################################################
41#### Build and test many configurations and targets
42################################################################
Minos Galanakisf7d1cb02024-07-30 17:25:31 +010043
44################################################################
45#### Basic checks
46################################################################
47
48#
49# Test Suites to be executed
50#
51# The test ordering tries to optimize for the following criteria:
52# 1. Catch possible problems early, by running first tests that run quickly
53# and/or are more likely to fail than others (eg I use Clang most of the
54# time, so start with a GCC build).
55# 2. Minimize total running time, by avoiding useless rebuilds
56#
57# Indicative running times are given for reference.
58
Minos Galanakisf7d1cb02024-07-30 17:25:31 +010059################################################################
60#### Build and test many configurations and targets
61################################################################
62
Minos Galanakisf7d1cb02024-07-30 17:25:31 +010063# Get a list of library-wise undefined symbols and ensure that they only
64# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
65# This function is a common helper used by both:
66# - component_test_default_psa_crypto_client_without_crypto_provider
67# - component_build_full_psa_crypto_client_without_crypto_provider.
68common_check_mbedtls_missing_symbols () {
69 nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
70 nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
71 comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
72 not grep mbedtls_ linking_errors.txt
73
74 rm sym_def.txt sym_undef.txt linking_errors.txt
75}
76
77component_test_default_psa_crypto_client_without_crypto_provider () {
78 msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
79
80 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
81 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
82 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
83 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
84 scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
85 scripts/config.py unset MBEDTLS_LMS_C
86
87 make
88
89 msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
90 common_check_mbedtls_missing_symbols
91
92 msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
93 make test
94}
95
96component_build_full_psa_crypto_client_without_crypto_provider () {
97 msg "build: full config - PSA_CRYPTO_C"
98
99 # Use full config which includes USE_PSA and CRYPTO_CLIENT.
100 scripts/config.py full
101
102 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
103 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
104 # Dynamic secure element support is a deprecated feature and it is not
105 # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
106 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
107
108 # Since there is no crypto provider in this build it is not possible to
109 # build all the test executables and progrems due to missing PSA functions
110 # at link time. Therefore we will just build libraries and we'll check
111 # that symbols of interest are there.
112 make lib
113
114 msg "check missing symbols: full config - PSA_CRYPTO_C"
115
116 common_check_mbedtls_missing_symbols
117
118 # Ensure that desired functions are included into the build (extend the
119 # following list as required).
120 grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
121 grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
122 grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
123}
124
125component_test_psa_crypto_rsa_no_genprime () {
126 msg "build: default config minus MBEDTLS_GENPRIME"
127 scripts/config.py unset MBEDTLS_GENPRIME
128 make
129
130 msg "test: default config minus MBEDTLS_GENPRIME"
131 make test
132}
133
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100134component_test_full_no_cipher_no_psa_crypto () {
135 msg "build: full no CIPHER no PSA_CRYPTO_C"
136 scripts/config.py full
137 scripts/config.py unset MBEDTLS_CIPHER_C
138 # Don't pull in cipher via PSA mechanisms
139 # (currently ignored anyway because we completely disable PSA)
140 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
141 # Disable features that depend on CIPHER_C
142 scripts/config.py unset MBEDTLS_CMAC_C
143 scripts/config.py unset MBEDTLS_NIST_KW_C
144 scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
145 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
146 scripts/config.py unset MBEDTLS_SSL_TLS_C
147 scripts/config.py unset MBEDTLS_SSL_TICKET_C
148 # Disable features that depend on PSA_CRYPTO_C
149 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
150 scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
151 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
152 scripts/config.py unset MBEDTLS_LMS_C
153 scripts/config.py unset MBEDTLS_LMS_PRIVATE
154
155 msg "test: full no CIPHER no PSA_CRYPTO_C"
156 make test
157}
158
159# This is a common configurator and test function that is used in:
160# - component_test_full_no_cipher_with_psa_crypto
161# - component_test_full_no_cipher_with_psa_crypto_config
162# It accepts 2 input parameters:
163# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
164# - $2: a text string which describes the test component
165common_test_full_no_cipher_with_psa_crypto () {
166 USE_CRYPTO_CONFIG="$1"
167 COMPONENT_DESCRIPTION="$2"
168
169 msg "build: $COMPONENT_DESCRIPTION"
170
171 scripts/config.py full
172 scripts/config.py unset MBEDTLS_CIPHER_C
173
174 if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
175 # The built-in implementation of the following algs/key-types depends
176 # on CIPHER_C so we disable them.
177 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
178 # so we keep them enabled.
179 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
180 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
181 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
182 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
183 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
184 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
185 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
186 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
187 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
188 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
189 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
190 else
191 # Don't pull in cipher via PSA mechanisms
192 scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
193 # Disable cipher modes/keys that make PSA depend on CIPHER_C.
194 # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
195 scripts/config.py unset-all MBEDTLS_CIPHER_MODE
196 fi
197 # The following modules directly depends on CIPHER_C
198 scripts/config.py unset MBEDTLS_CMAC_C
199 scripts/config.py unset MBEDTLS_NIST_KW_C
200
201 make
202
203 # Ensure that CIPHER_C was not re-enabled
204 not grep mbedtls_cipher_init library/cipher.o
205
206 msg "test: $COMPONENT_DESCRIPTION"
207 make test
208}
209
210component_test_full_no_cipher_with_psa_crypto () {
211 common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
212}
213
214component_test_full_no_cipher_with_psa_crypto_config () {
215 common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
216}
217
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100218component_test_full_no_bignum () {
219 msg "build: full minus bignum"
220 scripts/config.py full
221 scripts/config.py unset MBEDTLS_BIGNUM_C
222 # Direct dependencies of bignum
223 scripts/config.py unset MBEDTLS_ECP_C
224 scripts/config.py unset MBEDTLS_RSA_C
225 scripts/config.py unset MBEDTLS_DHM_C
226 # Direct dependencies of ECP
227 scripts/config.py unset MBEDTLS_ECDH_C
228 scripts/config.py unset MBEDTLS_ECDSA_C
229 scripts/config.py unset MBEDTLS_ECJPAKE_C
230 scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
231 # Disable what auto-enables ECP_LIGHT
232 scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
233 scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
234 # Indirect dependencies of ECP
235 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
236 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
237 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
238 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
239 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
240 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
241 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
242 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
243 # Direct dependencies of DHM
244 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
245 # Direct dependencies of RSA
246 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
247 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
248 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
249 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
250 # PK and its dependencies
251 scripts/config.py unset MBEDTLS_PK_C
252 scripts/config.py unset MBEDTLS_PK_PARSE_C
253 scripts/config.py unset MBEDTLS_PK_WRITE_C
254 scripts/config.py unset MBEDTLS_X509_USE_C
255 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
256 scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
257 scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
258 scripts/config.py unset MBEDTLS_X509_CREATE_C
259 scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
260 scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
261 scripts/config.py unset MBEDTLS_PKCS7_C
262 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
263 scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
264 scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
265
266 make
267
268 msg "test: full minus bignum"
269 make test
270}
271
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100272
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100273
274component_test_tls1_2_default_stream_cipher_only_use_psa () {
275 msg "build: default with only stream cipher use psa"
276
277 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
278 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
279 scripts/config.py unset MBEDTLS_GCM_C
280 scripts/config.py unset MBEDTLS_CCM_C
281 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
282 #Disable TLS 1.3 (as no AEAD)
283 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
284 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
285 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
286 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
287 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
288 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
289 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
290 # Modules that depend on AEAD
291 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
292 scripts/config.py unset MBEDTLS_SSL_TICKET_C
293
294 make
295
296 msg "test: default with only stream cipher use psa"
297 make test
298
299 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
300}
301
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100302
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100303
304component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
305 msg "build: default with only CBC-legacy cipher use psa"
306
307 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
308 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
309 scripts/config.py unset MBEDTLS_GCM_C
310 scripts/config.py unset MBEDTLS_CCM_C
311 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
312 #Disable TLS 1.3 (as no AEAD)
313 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
314 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
315 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
316 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
317 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
318 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
319 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
320 # Modules that depend on AEAD
321 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
322 scripts/config.py unset MBEDTLS_SSL_TICKET_C
323
324 make
325
326 msg "test: default with only CBC-legacy cipher use psa"
327 make test
328
329 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
330 tests/ssl-opt.sh -f "TLS 1.2"
331}
332
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100333component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
334 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
335
336 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
337 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
338 scripts/config.py unset MBEDTLS_GCM_C
339 scripts/config.py unset MBEDTLS_CCM_C
340 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
341 #Disable TLS 1.3 (as no AEAD)
342 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
343 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
344 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
345 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
346 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
347 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
348 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
349 # Modules that depend on AEAD
350 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
351 scripts/config.py unset MBEDTLS_SSL_TICKET_C
352
353 make
354
355 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
356 make test
357
358 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
359 tests/ssl-opt.sh -f "TLS 1.2"
360}
361
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100362component_build_dhm_alt () {
363 msg "build: MBEDTLS_DHM_ALT" # ~30s
364 scripts/config.py full
365 scripts/config.py set MBEDTLS_DHM_ALT
366 # debug.c currently references mbedtls_dhm_context fields directly.
367 scripts/config.py unset MBEDTLS_DEBUG_C
368 # We can only compile, not link, since we don't have any implementations
369 # suitable for testing with the dummy alt headers.
370 make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
371}
372
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100373component_test_psa_crypto_config_accel_hash_keep_builtins () {
374 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
375 # This component ensures that all the test cases for
376 # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
377
378 loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
379 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
380 ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
381
382 # Start from default config (no USE_PSA)
383 helper_libtestdriver1_adjust_config "default"
384
385 helper_libtestdriver1_make_drivers "$loc_accel_list"
386
387 helper_libtestdriver1_make_main "$loc_accel_list"
388
389 msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
390 make test
391}
392
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100393# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
394component_build_psa_accel_alg_ecdh () {
395 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
396 scripts/config.py full
397 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
398 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
399 scripts/config.py unset MBEDTLS_ECDH_C
400 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
401 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
402 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
403 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
404 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
405 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
406 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
407}
408
409# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
410component_build_psa_accel_alg_hmac () {
411 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
412 scripts/config.py full
413 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
414 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
415 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
416 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
417}
418
419# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
420component_build_psa_accel_alg_hkdf () {
421 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
422 scripts/config.py full
423 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
424 scripts/config.py unset MBEDTLS_HKDF_C
425 # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
426 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
427 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
428 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
429}
430
431# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
432component_build_psa_accel_alg_md5 () {
433 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
434 scripts/config.py full
435 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
436 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
437 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
438 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
439 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
440 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
441 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
442 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
443 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
444 scripts/config.py unset MBEDTLS_LMS_C
445 scripts/config.py unset MBEDTLS_LMS_PRIVATE
446 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
447 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
448}
449
450# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
451component_build_psa_accel_alg_ripemd160 () {
452 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
453 scripts/config.py full
454 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
455 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
456 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
457 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
458 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
459 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
460 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
461 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
462 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
463 scripts/config.py unset MBEDTLS_LMS_C
464 scripts/config.py unset MBEDTLS_LMS_PRIVATE
465 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
466 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
467}
468
469# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
470component_build_psa_accel_alg_sha1 () {
471 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
472 scripts/config.py full
473 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
474 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
475 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
476 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
477 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
478 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
479 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
480 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
481 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
482 scripts/config.py unset MBEDTLS_LMS_C
483 scripts/config.py unset MBEDTLS_LMS_PRIVATE
484 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
485 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
486}
487
488# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
489component_build_psa_accel_alg_sha224 () {
490 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
491 scripts/config.py full
492 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
493 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
494 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
495 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
496 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
497 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
498 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
499 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
500 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
501 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
502}
503
504# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
505component_build_psa_accel_alg_sha256 () {
506 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
507 scripts/config.py full
508 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
509 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
510 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
511 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
512 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
513 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
514 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
515 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
516 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
517 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
518}
519
520# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
521component_build_psa_accel_alg_sha384 () {
522 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
523 scripts/config.py full
524 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
525 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
526 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
527 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
528 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
529 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
530 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
531 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
532 scripts/config.py unset MBEDTLS_LMS_C
533 scripts/config.py unset MBEDTLS_LMS_PRIVATE
534 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
535 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
536}
537
538# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
539component_build_psa_accel_alg_sha512 () {
540 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
541 scripts/config.py full
542 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
543 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
544 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
545 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
546 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
547 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
548 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
549 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
550 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
551 scripts/config.py unset MBEDTLS_LMS_C
552 scripts/config.py unset MBEDTLS_LMS_PRIVATE
553 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
554 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
555}
556
557# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
558component_build_psa_accel_alg_rsa_pkcs1v15_crypt () {
559 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
560 scripts/config.py full
561 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
562 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
563 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
564 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
565 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
566 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
567 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
568 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
569}
570
571# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
572component_build_psa_accel_alg_rsa_pkcs1v15_sign () {
573 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
574 scripts/config.py full
575 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
576 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
577 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
578 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
579 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
580 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
581 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
582 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
583}
584
585# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
586component_build_psa_accel_alg_rsa_oaep () {
587 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
588 scripts/config.py full
589 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
590 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
591 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
592 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
593 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
594 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
595 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
596 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
597}
598
599# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
600component_build_psa_accel_alg_rsa_pss () {
601 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
602 scripts/config.py full
603 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
604 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
605 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
606 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
607 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
608 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
609 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
610 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
611}
612
613# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
614component_build_psa_accel_key_type_rsa_key_pair () {
615 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
616 scripts/config.py full
617 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
618 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
619 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
620 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
621 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
622 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
623 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
624 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
625 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
626}
627
628# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
629component_build_psa_accel_key_type_rsa_public_key () {
630 msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
631 scripts/config.py full
632 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
633 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
634 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
635 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
636 # Need to define the correct symbol and include the test driver header path in order to build with the test driver
637 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
638}
639
Minos Galanakisf7d1cb02024-07-30 17:25:31 +0100640# For timebeing, no VIA Padlock platform available.
641component_build_aes_via_padlock () {
642
643 msg "AES:VIA PadLock, build with default configuration."
644 scripts/config.py unset MBEDTLS_AESNI_C
645 scripts/config.py set MBEDTLS_PADLOCK_C
646 scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
647 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
648 grep -q mbedtls_padlock_has_support ./programs/test/selftest
649
650}
651
652support_build_aes_via_padlock_only () {
653 ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
654 [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
655 [ "`dpkg --print-foreign-architectures`" == "i386" ]
656}
657