mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-25 09:02:48 +00:00
all.sh/components: Moved more components to configuration crypto.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit is contained in:
parent
4ca7b14060
commit
0c0c3e1713
@ -56,6 +56,77 @@ component_build_psa_crypto_spm () {
|
|||||||
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
|
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Get a list of library-wise undefined symbols and ensure that they only
|
||||||
|
# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
|
||||||
|
# This function is a common helper used by both:
|
||||||
|
# - component_test_default_psa_crypto_client_without_crypto_provider
|
||||||
|
# - component_build_full_psa_crypto_client_without_crypto_provider.
|
||||||
|
common_check_mbedtls_missing_symbols () {
|
||||||
|
nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
|
||||||
|
nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
|
||||||
|
comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
|
||||||
|
not grep mbedtls_ linking_errors.txt
|
||||||
|
|
||||||
|
rm sym_def.txt sym_undef.txt linking_errors.txt
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_default_psa_crypto_client_without_crypto_provider () {
|
||||||
|
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
||||||
|
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
||||||
|
scripts/config.py unset MBEDTLS_LMS_C
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
||||||
|
common_check_mbedtls_missing_symbols
|
||||||
|
|
||||||
|
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
component_build_full_psa_crypto_client_without_crypto_provider () {
|
||||||
|
msg "build: full config - PSA_CRYPTO_C"
|
||||||
|
|
||||||
|
# Use full config which includes USE_PSA and CRYPTO_CLIENT.
|
||||||
|
scripts/config.py full
|
||||||
|
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
# Dynamic secure element support is a deprecated feature and it is not
|
||||||
|
# available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
|
|
||||||
|
# Since there is no crypto provider in this build it is not possible to
|
||||||
|
# build all the test executables and progrems due to missing PSA functions
|
||||||
|
# at link time. Therefore we will just build libraries and we'll check
|
||||||
|
# that symbols of interest are there.
|
||||||
|
make lib
|
||||||
|
|
||||||
|
msg "check missing symbols: full config - PSA_CRYPTO_C"
|
||||||
|
|
||||||
|
common_check_mbedtls_missing_symbols
|
||||||
|
|
||||||
|
# Ensure that desired functions are included into the build (extend the
|
||||||
|
# following list as required).
|
||||||
|
grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
|
||||||
|
grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
|
||||||
|
grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_psa_crypto_rsa_no_genprime () {
|
||||||
|
msg "build: default config minus MBEDTLS_GENPRIME"
|
||||||
|
scripts/config.py unset MBEDTLS_GENPRIME
|
||||||
|
make
|
||||||
|
|
||||||
|
msg "test: default config minus MBEDTLS_GENPRIME"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
component_test_no_pem_no_fs () {
|
component_test_no_pem_no_fs () {
|
||||||
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
|
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
|
||||||
scripts/config.py unset MBEDTLS_PEM_PARSE_C
|
scripts/config.py unset MBEDTLS_PEM_PARSE_C
|
||||||
@ -308,6 +379,90 @@ component_test_crypto_full_md_light_only () {
|
|||||||
make test
|
make test
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_full_no_cipher_no_psa_crypto () {
|
||||||
|
msg "build: full no CIPHER no PSA_CRYPTO_C"
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
||||||
|
# Don't pull in cipher via PSA mechanisms
|
||||||
|
# (currently ignored anyway because we completely disable PSA)
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
# Disable features that depend on CIPHER_C
|
||||||
|
scripts/config.py unset MBEDTLS_CMAC_C
|
||||||
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_TLS_C
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
||||||
|
# Disable features that depend on PSA_CRYPTO_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
scripts/config.py unset MBEDTLS_LMS_C
|
||||||
|
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
||||||
|
|
||||||
|
msg "test: full no CIPHER no PSA_CRYPTO_C"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
# This is a common configurator and test function that is used in:
|
||||||
|
# - component_test_full_no_cipher_with_psa_crypto
|
||||||
|
# - component_test_full_no_cipher_with_psa_crypto_config
|
||||||
|
# It accepts 2 input parameters:
|
||||||
|
# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
# - $2: a text string which describes the test component
|
||||||
|
common_test_full_no_cipher_with_psa_crypto () {
|
||||||
|
USE_CRYPTO_CONFIG="$1"
|
||||||
|
COMPONENT_DESCRIPTION="$2"
|
||||||
|
|
||||||
|
msg "build: $COMPONENT_DESCRIPTION"
|
||||||
|
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py unset MBEDTLS_CIPHER_C
|
||||||
|
|
||||||
|
if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
|
||||||
|
# The built-in implementation of the following algs/key-types depends
|
||||||
|
# on CIPHER_C so we disable them.
|
||||||
|
# This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
|
||||||
|
# so we keep them enabled.
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
|
||||||
|
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
||||||
|
else
|
||||||
|
# Don't pull in cipher via PSA mechanisms
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
# Disable cipher modes/keys that make PSA depend on CIPHER_C.
|
||||||
|
# Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
|
||||||
|
scripts/config.py unset-all MBEDTLS_CIPHER_MODE
|
||||||
|
fi
|
||||||
|
# The following modules directly depends on CIPHER_C
|
||||||
|
scripts/config.py unset MBEDTLS_CMAC_C
|
||||||
|
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
# Ensure that CIPHER_C was not re-enabled
|
||||||
|
not grep mbedtls_cipher_init library/cipher.o
|
||||||
|
|
||||||
|
msg "test: $COMPONENT_DESCRIPTION"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_full_no_cipher_with_psa_crypto () {
|
||||||
|
common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_full_no_cipher_with_psa_crypto_config () {
|
||||||
|
common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
|
||||||
|
}
|
||||||
|
|
||||||
component_test_full_no_ccm () {
|
component_test_full_no_ccm () {
|
||||||
msg "build: full no PSA_WANT_ALG_CCM"
|
msg "build: full no PSA_WANT_ALG_CCM"
|
||||||
|
|
||||||
@ -361,6 +516,71 @@ component_test_full_no_ccm_star_no_tag () {
|
|||||||
make test
|
make test
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_full_no_bignum () {
|
||||||
|
msg "build: full minus bignum"
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py unset MBEDTLS_BIGNUM_C
|
||||||
|
# Direct dependencies of bignum
|
||||||
|
scripts/config.py unset MBEDTLS_ECP_C
|
||||||
|
scripts/config.py unset MBEDTLS_RSA_C
|
||||||
|
scripts/config.py unset MBEDTLS_DHM_C
|
||||||
|
# Direct dependencies of ECP
|
||||||
|
scripts/config.py unset MBEDTLS_ECDH_C
|
||||||
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||||
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||||
|
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||||
|
# Disable what auto-enables ECP_LIGHT
|
||||||
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||||
|
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||||
|
# Indirect dependencies of ECP
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||||
|
# Direct dependencies of DHM
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||||
|
# Direct dependencies of RSA
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||||
|
# PK and its dependencies
|
||||||
|
scripts/config.py unset MBEDTLS_PK_C
|
||||||
|
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
||||||
|
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_USE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_CREATE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
|
||||||
|
scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
|
||||||
|
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
|
||||||
|
scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
msg "test: full minus bignum"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
component_build_dhm_alt () {
|
||||||
|
msg "build: MBEDTLS_DHM_ALT" # ~30s
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py set MBEDTLS_DHM_ALT
|
||||||
|
# debug.c currently references mbedtls_dhm_context fields directly.
|
||||||
|
scripts/config.py unset MBEDTLS_DEBUG_C
|
||||||
|
# We can only compile, not link, since we don't have any implementations
|
||||||
|
# suitable for testing with the dummy alt headers.
|
||||||
|
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
|
||||||
|
}
|
||||||
|
|
||||||
component_test_everest () {
|
component_test_everest () {
|
||||||
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
|
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
|
||||||
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||||
|
@ -60,226 +60,6 @@
|
|||||||
#### Build and test many configurations and targets
|
#### Build and test many configurations and targets
|
||||||
################################################################
|
################################################################
|
||||||
|
|
||||||
# Get a list of library-wise undefined symbols and ensure that they only
|
|
||||||
# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
|
|
||||||
# This function is a common helper used by both:
|
|
||||||
# - component_test_default_psa_crypto_client_without_crypto_provider
|
|
||||||
# - component_build_full_psa_crypto_client_without_crypto_provider.
|
|
||||||
common_check_mbedtls_missing_symbols () {
|
|
||||||
nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
|
|
||||||
nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
|
|
||||||
comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
|
|
||||||
not grep mbedtls_ linking_errors.txt
|
|
||||||
|
|
||||||
rm sym_def.txt sym_undef.txt linking_errors.txt
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_default_psa_crypto_client_without_crypto_provider () {
|
|
||||||
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
|
||||||
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
|
||||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
|
||||||
scripts/config.py unset MBEDTLS_LMS_C
|
|
||||||
|
|
||||||
make
|
|
||||||
|
|
||||||
msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
|
||||||
common_check_mbedtls_missing_symbols
|
|
||||||
|
|
||||||
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
|
|
||||||
make test
|
|
||||||
}
|
|
||||||
|
|
||||||
component_build_full_psa_crypto_client_without_crypto_provider () {
|
|
||||||
msg "build: full config - PSA_CRYPTO_C"
|
|
||||||
|
|
||||||
# Use full config which includes USE_PSA and CRYPTO_CLIENT.
|
|
||||||
scripts/config.py full
|
|
||||||
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
||||||
# Dynamic secure element support is a deprecated feature and it is not
|
|
||||||
# available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
|
||||||
|
|
||||||
# Since there is no crypto provider in this build it is not possible to
|
|
||||||
# build all the test executables and progrems due to missing PSA functions
|
|
||||||
# at link time. Therefore we will just build libraries and we'll check
|
|
||||||
# that symbols of interest are there.
|
|
||||||
make lib
|
|
||||||
|
|
||||||
msg "check missing symbols: full config - PSA_CRYPTO_C"
|
|
||||||
|
|
||||||
common_check_mbedtls_missing_symbols
|
|
||||||
|
|
||||||
# Ensure that desired functions are included into the build (extend the
|
|
||||||
# following list as required).
|
|
||||||
grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
|
|
||||||
grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
|
|
||||||
grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_psa_crypto_rsa_no_genprime () {
|
|
||||||
msg "build: default config minus MBEDTLS_GENPRIME"
|
|
||||||
scripts/config.py unset MBEDTLS_GENPRIME
|
|
||||||
make
|
|
||||||
|
|
||||||
msg "test: default config minus MBEDTLS_GENPRIME"
|
|
||||||
make test
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_full_no_cipher_no_psa_crypto () {
|
|
||||||
msg "build: full no CIPHER no PSA_CRYPTO_C"
|
|
||||||
scripts/config.py full
|
|
||||||
scripts/config.py unset MBEDTLS_CIPHER_C
|
|
||||||
# Don't pull in cipher via PSA mechanisms
|
|
||||||
# (currently ignored anyway because we completely disable PSA)
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
|
||||||
# Disable features that depend on CIPHER_C
|
|
||||||
scripts/config.py unset MBEDTLS_CMAC_C
|
|
||||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_TLS_C
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
|
||||||
# Disable features that depend on PSA_CRYPTO_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
||||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
|
||||||
scripts/config.py unset MBEDTLS_LMS_C
|
|
||||||
scripts/config.py unset MBEDTLS_LMS_PRIVATE
|
|
||||||
|
|
||||||
msg "test: full no CIPHER no PSA_CRYPTO_C"
|
|
||||||
make test
|
|
||||||
}
|
|
||||||
|
|
||||||
# This is a common configurator and test function that is used in:
|
|
||||||
# - component_test_full_no_cipher_with_psa_crypto
|
|
||||||
# - component_test_full_no_cipher_with_psa_crypto_config
|
|
||||||
# It accepts 2 input parameters:
|
|
||||||
# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
|
|
||||||
# - $2: a text string which describes the test component
|
|
||||||
common_test_full_no_cipher_with_psa_crypto () {
|
|
||||||
USE_CRYPTO_CONFIG="$1"
|
|
||||||
COMPONENT_DESCRIPTION="$2"
|
|
||||||
|
|
||||||
msg "build: $COMPONENT_DESCRIPTION"
|
|
||||||
|
|
||||||
scripts/config.py full
|
|
||||||
scripts/config.py unset MBEDTLS_CIPHER_C
|
|
||||||
|
|
||||||
if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
|
|
||||||
# The built-in implementation of the following algs/key-types depends
|
|
||||||
# on CIPHER_C so we disable them.
|
|
||||||
# This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
|
|
||||||
# so we keep them enabled.
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
|
|
||||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
|
||||||
else
|
|
||||||
# Don't pull in cipher via PSA mechanisms
|
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
|
||||||
# Disable cipher modes/keys that make PSA depend on CIPHER_C.
|
|
||||||
# Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
|
|
||||||
scripts/config.py unset-all MBEDTLS_CIPHER_MODE
|
|
||||||
fi
|
|
||||||
# The following modules directly depends on CIPHER_C
|
|
||||||
scripts/config.py unset MBEDTLS_CMAC_C
|
|
||||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
|
||||||
|
|
||||||
make
|
|
||||||
|
|
||||||
# Ensure that CIPHER_C was not re-enabled
|
|
||||||
not grep mbedtls_cipher_init library/cipher.o
|
|
||||||
|
|
||||||
msg "test: $COMPONENT_DESCRIPTION"
|
|
||||||
make test
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_full_no_cipher_with_psa_crypto () {
|
|
||||||
common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_full_no_cipher_with_psa_crypto_config () {
|
|
||||||
common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_full_no_bignum () {
|
|
||||||
msg "build: full minus bignum"
|
|
||||||
scripts/config.py full
|
|
||||||
scripts/config.py unset MBEDTLS_BIGNUM_C
|
|
||||||
# Direct dependencies of bignum
|
|
||||||
scripts/config.py unset MBEDTLS_ECP_C
|
|
||||||
scripts/config.py unset MBEDTLS_RSA_C
|
|
||||||
scripts/config.py unset MBEDTLS_DHM_C
|
|
||||||
# Direct dependencies of ECP
|
|
||||||
scripts/config.py unset MBEDTLS_ECDH_C
|
|
||||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
|
||||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
|
||||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
|
||||||
# Disable what auto-enables ECP_LIGHT
|
|
||||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
|
||||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
|
||||||
# Indirect dependencies of ECP
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
||||||
# Direct dependencies of DHM
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
||||||
# Direct dependencies of RSA
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
||||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
||||||
# PK and its dependencies
|
|
||||||
scripts/config.py unset MBEDTLS_PK_C
|
|
||||||
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
|
||||||
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_USE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_CREATE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
|
|
||||||
scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
|
|
||||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
||||||
scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
|
|
||||||
scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
|
||||||
|
|
||||||
make
|
|
||||||
|
|
||||||
msg "test: full minus bignum"
|
|
||||||
make test
|
|
||||||
}
|
|
||||||
|
|
||||||
component_build_dhm_alt () {
|
|
||||||
msg "build: MBEDTLS_DHM_ALT" # ~30s
|
|
||||||
scripts/config.py full
|
|
||||||
scripts/config.py set MBEDTLS_DHM_ALT
|
|
||||||
# debug.c currently references mbedtls_dhm_context fields directly.
|
|
||||||
scripts/config.py unset MBEDTLS_DEBUG_C
|
|
||||||
# We can only compile, not link, since we don't have any implementations
|
|
||||||
# suitable for testing with the dummy alt headers.
|
|
||||||
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
||||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
||||||
# This component ensures that all the test cases for
|
# This component ensures that all the test cases for
|
||||||
|
Loading…
x
Reference in New Issue
Block a user