TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c06fd308c2b7fdeb6676137f579444457081a182 / . / tests / scripts / components-configuration-tls.sh
blob: 0af20e519da4907ba49e8bf8941b6a6c11dbbe6c [file] [log] [blame]
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]1# components-configuration-tls.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
Minos Galanakis609f7492024-07-31 16:39:28 +0100[diff] [blame]6# This file contains test components that are executed by all.sh
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]7
8################################################################
9#### Configuration Testing - TLS
10################################################################
11
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]12component_test_no_renegotiation () {
13 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
14 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
15 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
16 make
17
18 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
19 make test
20
21 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
22 tests/ssl-opt.sh
23}
24
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]25component_test_sw_inet_pton () {
26 msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
27
28 # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton
29 scripts/config.py set MBEDTLS_TEST_HOOKS
30 make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
31
32 msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
33 make test
34}
35
36component_test_tls1_2_default_stream_cipher_only () {
37 msg "build: default with only stream cipher use psa"
38
39 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
40 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
41 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
42 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
43 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
44 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
45 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
46 # Note: The three unsets below are to be removed for Mbed TLS 4.0
47 scripts/config.py unset MBEDTLS_GCM_C
48 scripts/config.py unset MBEDTLS_CCM_C
49 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
50 #Disable TLS 1.3 (as no AEAD)
51 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
52 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
53 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
54 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
55 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
56 # Note: The unset below is to be removed for 4.0
57 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
58 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
59 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
60 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
61 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
62 # Modules that depend on AEAD
63 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
64 scripts/config.py unset MBEDTLS_SSL_TICKET_C
65
66 make
67
68 msg "test: default with only stream cipher use psa"
69 make test
70
71 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
72}
73
74component_test_tls1_2_default_cbc_legacy_cipher_only () {
75 msg "build: default with only CBC-legacy cipher use psa"
76
77 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
78 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
79 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
80 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
81 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
82 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
83 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
84 # Note: The three unsets below are to be removed for Mbed TLS 4.0
85 scripts/config.py unset MBEDTLS_GCM_C
86 scripts/config.py unset MBEDTLS_CCM_C
87 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
88 #Disable TLS 1.3 (as no AEAD)
89 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
90 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
91 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
92 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
93 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
94 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
95 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
96 # Modules that depend on AEAD
97 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
98 scripts/config.py unset MBEDTLS_SSL_TICKET_C
99
100 make
101
102 msg "test: default with only CBC-legacy cipher use psa"
103 make test
104
105 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
106 tests/ssl-opt.sh -f "TLS 1.2"
107}
108
109component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
110 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
111
112 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
113 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
114 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
115 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
116 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
117 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
118 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
119 # Note: The three unsets below are to be removed for Mbed TLS 4.0
120 scripts/config.py unset MBEDTLS_GCM_C
121 scripts/config.py unset MBEDTLS_CCM_C
122 scripts/config.py unset MBEDTLS_CHACHAPOLY_C
123 #Disable TLS 1.3 (as no AEAD)
124 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
125 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
126 scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
127 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
128 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
129 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
130 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
131 # Modules that depend on AEAD
132 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
133 scripts/config.py unset MBEDTLS_SSL_TICKET_C
134
135 make
136
137 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
138 make test
139
140 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
141 tests/ssl-opt.sh -f "TLS 1.2"
142}
143
144# We're not aware of any other (open source) implementation of EC J-PAKE in TLS
145# that we could use for interop testing. However, we now have sort of two
146# implementations ourselves: one using PSA, the other not. At least test that
147# these two interoperate with each other.
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]148component_test_tls1_2_ecjpake_compatibility () {
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]149 msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
150 scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
151 # Explicitly make lib first to avoid a race condition:
152 # https://github.com/Mbed-TLS/mbedtls/issues/8229
153 make lib
154 make -C programs ssl/ssl_server2 ssl/ssl_client2
155 cp programs/ssl/ssl_server2 s2_no_use_psa
156 cp programs/ssl/ssl_client2 c2_no_use_psa
157
158 msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
159 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
160 make clean
161 make lib
162 make -C programs ssl/ssl_server2 ssl/ssl_client2
163 make -C programs test/udp_proxy test/query_compile_time_config
164
165 msg "test: server w/o USE_PSA - client w/ USE_PSA, text password"
166 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
167 msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password"
168 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS"
169 msg "test: client w/o USE_PSA - server w/ USE_PSA, text password"
170 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS"
171 msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password"
172 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS"
173
174 rm s2_no_use_psa c2_no_use_psa
175}
176
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]177component_test_small_ssl_out_content_len () {
178 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
179 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
180 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
181 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
182 make
183
184 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
185 tests/ssl-opt.sh -f "Max fragment\|Large packet"
186}
187
188component_test_small_ssl_in_content_len () {
189 msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
190 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096
191 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
192 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
193 make
194
195 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
196 tests/ssl-opt.sh -f "Max fragment"
197}
198
199component_test_small_ssl_dtls_max_buffering () {
200 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
201 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
202 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
203 make
204
205 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
206 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
207}
208
209component_test_small_mbedtls_ssl_dtls_max_buffering () {
210 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
211 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
212 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
213 make
214
215 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
216 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
217}
218
219# Common helper for component_full_without_ecdhe_ecdsa() and
220# component_full_without_ecdhe_ecdsa_and_tls13() which:
221# - starts from the "full" configuration minus the list of symbols passed in
222# as 1st parameter
223# - build
224# - test only TLS (i.e. test_suite_tls and ssl-opt)
225build_full_minus_something_and_test_tls () {
226 symbols_to_disable="$1"
227
228 msg "build: full minus something, test TLS"
229
230 scripts/config.py full
231 for sym in $symbols_to_disable; do
232 echo "Disabling $sym"
233 scripts/config.py unset $sym
234 done
235
236 make
237
238 msg "test: full minus something, test TLS"
239 ( cd tests; ./test_suite_ssl )
240
241 msg "ssl-opt: full minus something, test TLS"
242 tests/ssl-opt.sh
243}
244
245component_full_without_ecdhe_ecdsa () {
246 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
247}
248
249component_full_without_ecdhe_ecdsa_and_tls13 () {
250 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
251 MBEDTLS_SSL_PROTO_TLS1_3"
252}
253
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]254component_build_no_ssl_srv () {
255 msg "build: full config except SSL server, make, gcc" # ~ 30s
256 scripts/config.py full
257 scripts/config.py unset MBEDTLS_SSL_SRV_C
258 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
259}
260
261component_build_no_ssl_cli () {
262 msg "build: full config except SSL client, make, gcc" # ~ 30s
263 scripts/config.py full
264 scripts/config.py unset MBEDTLS_SSL_CLI_C
265 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
266}
267
268component_test_memory_buffer_allocator_backtrace () {
269 msg "build: default config with memory buffer allocator and backtrace enabled"
270 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
271 scripts/config.py set MBEDTLS_PLATFORM_MEMORY
272 scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
273 scripts/config.py set MBEDTLS_MEMORY_DEBUG
274 cmake -DCMAKE_BUILD_TYPE:String=Release .
275 make
276
277 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
278 make test
279}
280
281component_test_memory_buffer_allocator () {
282 msg "build: default config with memory buffer allocator"
283 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
284 scripts/config.py set MBEDTLS_PLATFORM_MEMORY
285 cmake -DCMAKE_BUILD_TYPE:String=Release .
286 make
287
288 msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
289 make test
290
291 msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
292 # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
293 tests/ssl-opt.sh -e '^DTLS proxy'
294}
295
296component_test_no_max_fragment_length () {
297 # Run max fragment length tests with MFL disabled
298 msg "build: default config except MFL extension (ASan build)" # ~ 30s
299 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
300 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
301 make
302
303 msg "test: ssl-opt.sh, MFL-related tests"
304 tests/ssl-opt.sh -f "Max fragment length"
305}
306
307component_test_asan_remove_peer_certificate () {
308 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
309 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
310 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
311 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
312 make
313
314 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
315 make test
316
317 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
318 tests/ssl-opt.sh
319
320 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
321 tests/compat.sh
322
323 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
324 tests/context-info.sh
325}
326
327component_test_no_max_fragment_length_small_ssl_out_content_len () {
328 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
329 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
330 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
331 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
332 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
333 make
334
335 msg "test: MFL tests (disabled MFL extension case) & large packet tests"
336 tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
337
338 msg "test: context-info.sh (disabled MFL extension case)"
339 tests/context-info.sh
340}
341
342component_test_variable_ssl_in_out_buffer_len () {
343 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
344 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
345 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
346 make
347
348 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
349 make test
350
351 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
352 tests/ssl-opt.sh
353
354 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
355 tests/compat.sh
356}
357
358component_test_dtls_cid_legacy () {
359 msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
360 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
361
362 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
363 make
364
365 msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
366 make test
367
368 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
369 tests/ssl-opt.sh
370
371 msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
372 tests/compat.sh
373}
374
375component_test_ssl_alloc_buffer_and_mfl () {
376 msg "build: default config with memory buffer allocator and MFL extension"
377 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
378 scripts/config.py set MBEDTLS_PLATFORM_MEMORY
379 scripts/config.py set MBEDTLS_MEMORY_DEBUG
380 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
381 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
382 cmake -DCMAKE_BUILD_TYPE:String=Release .
383 make
384
385 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
386 make test
387
388 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
389 tests/ssl-opt.sh -f "Handshake memory usage"
390}
391
392component_test_when_no_ciphersuites_have_mac () {
393 msg "build: when no ciphersuites have MAC"
394 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
395 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
396 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
397 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
398 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
399
400 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
401 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
402 scripts/config.py unset MBEDTLS_CMAC_C
403
404 make
405
406 msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC"
407 make test
408
409 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC"
410 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
411}
412
413component_test_tls12_only () {
414 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan"
415 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
416 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
417 make
418
419 msg "test: main suites (inc. selftests) (ASan build)"
420 make test
421
422 msg "test: ssl-opt.sh (ASan build)"
423 tests/ssl-opt.sh
424
425 msg "test: compat.sh (ASan build)"
426 tests/compat.sh
427}
428
429component_test_tls13_only () {
430 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
431 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
432 scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
433 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
434
435 msg "test: TLS 1.3 only, all key exchange modes enabled"
436 make test
437
438 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
439 tests/ssl-opt.sh
440}
441
442component_test_tls13_only_psk () {
443 msg "build: TLS 1.3 only from default, only PSK key exchange mode"
444 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
445 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
446 scripts/config.py unset MBEDTLS_ECDH_C
447 scripts/config.py unset MBEDTLS_DHM_C
448 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
449 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
450 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
451 scripts/config.py unset MBEDTLS_ECDSA_C
452 scripts/config.py unset MBEDTLS_PKCS1_V21
453 scripts/config.py unset MBEDTLS_PKCS7_C
454 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
455 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
456
457 msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled"
458 cd tests; ./test_suite_ssl; cd ..
459
460 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
461 tests/ssl-opt.sh
462}
463
464component_test_tls13_only_ephemeral () {
465 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
466 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
467 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
468 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
469 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
470
471 msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
472 cd tests; ./test_suite_ssl; cd ..
473
474 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
475 tests/ssl-opt.sh
476}
477
478component_test_tls13_only_ephemeral_ffdh () {
479 msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
480 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
481 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
482 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
483 scripts/config.py unset MBEDTLS_ECDH_C
484
485 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
486
487 msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode"
488 cd tests; ./test_suite_ssl; cd ..
489
490 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
491 tests/ssl-opt.sh
492}
493
494component_test_tls13_only_psk_ephemeral () {
495 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
496 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
497 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
498 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
499 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
500 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
501 scripts/config.py unset MBEDTLS_ECDSA_C
502 scripts/config.py unset MBEDTLS_PKCS1_V21
503 scripts/config.py unset MBEDTLS_PKCS7_C
504 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
505 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
506
507 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode"
508 cd tests; ./test_suite_ssl; cd ..
509
510 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
511 tests/ssl-opt.sh
512}
513
514component_test_tls13_only_psk_ephemeral_ffdh () {
515 msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode"
516 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
517 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
518 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
519 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
520 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
521 scripts/config.py unset MBEDTLS_ECDSA_C
522 scripts/config.py unset MBEDTLS_PKCS1_V21
523 scripts/config.py unset MBEDTLS_PKCS7_C
524 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
525 scripts/config.py unset MBEDTLS_ECDH_C
526 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
527
528 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
529 cd tests; ./test_suite_ssl; cd ..
530
531 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode"
532 tests/ssl-opt.sh
533}
534
535component_test_tls13_only_psk_all () {
536 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
537 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
538 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
539 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
540 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
541 scripts/config.py unset MBEDTLS_ECDSA_C
542 scripts/config.py unset MBEDTLS_PKCS1_V21
543 scripts/config.py unset MBEDTLS_PKCS7_C
544 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
545 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
546
547 msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
548 cd tests; ./test_suite_ssl; cd ..
549
550 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
551 tests/ssl-opt.sh
552}
553
554component_test_tls13_only_ephemeral_all () {
555 msg "build: TLS 1.3 only from default, without PSK key exchange mode"
556 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
557 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
558 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
559
560 msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
561 cd tests; ./test_suite_ssl; cd ..
562
563 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
564 tests/ssl-opt.sh
565}
566
567component_test_tls13_no_padding () {
568 msg "build: default config plus early data minus padding"
569 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
570 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
571 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
572 make
573 msg "test: default config plus early data minus padding"
574 make test
575 msg "ssl-opt.sh (TLS 1.3 no padding)"
576 tests/ssl-opt.sh
577}
578
579component_test_tls13_no_compatibility_mode () {
580 msg "build: default config plus early data minus middlebox compatibility mode"
581 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
582 scripts/config.py set MBEDTLS_SSL_EARLY_DATA
583 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
584 make
585 msg "test: default config plus early data minus middlebox compatibility mode"
586 make test
587 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
588 tests/ssl-opt.sh
589}
590
Minos Galanakisf78447f2024-07-26 20:49:51 +0100[diff] [blame]591component_test_full_minus_session_tickets () {
Minos Galanakis7665a932024-07-26 15:45:11 +0100[diff] [blame]592 msg "build: full config without session tickets"
593 scripts/config.py full
594 scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
595 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
596 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
597 make
598 msg "test: full config without session tickets"
599 make test
600 msg "ssl-opt.sh (full config without session tickets)"
601 tests/ssl-opt.sh
602}
603
Minos Galanakis4b6ee642024-08-01 11:20:02 +0100[diff] [blame]604component_test_depends_py_kex () {
605 msg "test/build: depends.py kex (gcc)"
606 tests/scripts/depends.py kex --unset-use-psa
607}
608
609component_test_depends_py_kex_psa () {
610 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
611 tests/scripts/depends.py kex
612}
613
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]614