mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-17 12:40:01 +00:00
Merge pull request #7672 from mpg/libtestdriver1-helpers
Libtestdriver1 helpers
This commit is contained in:
commit
24f467668e
@ -807,7 +807,101 @@ pre_generate_files() {
|
||||
fi
|
||||
}
|
||||
|
||||
################################################################
|
||||
#### Helpers for components using libtestdriver1
|
||||
################################################################
|
||||
|
||||
# How to use libtestdriver1
|
||||
# -------------------------
|
||||
#
|
||||
# 1. Define the list algorithms and key types to accelerate,
|
||||
# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
|
||||
# Examples:
|
||||
# - loc_accel_list="ALG_JPAKE"
|
||||
# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
|
||||
# 2. Make configurations changes for the driver and/or main libraries.
|
||||
# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
|
||||
# can be either "default" to start with the default config, or a name
|
||||
# supported by scripts/config.py (for example, "full"). This selects
|
||||
# the base to use, and makes common adjustments.
|
||||
# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
|
||||
# These changes affect both the driver and the main libraries.
|
||||
# (Note: they need to have the same set of PSA_WANT symbols, as that
|
||||
# determines the ABI between them.)
|
||||
# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
|
||||
# main libraries. Typically, you want to disable the module(s) that are
|
||||
# being accelerated. You may need to also disable modules that depend
|
||||
# on them or options that are not supported with drivers.
|
||||
# 2d. On top of psa/crypto_config.h, the driver library uses its own config
|
||||
# file: tests/include/test/drivers/config_test_driver.h. You usually
|
||||
# don't need to edit it: using loc_extra_list (see below) is preferred.
|
||||
# However, when there's no PSA symbol for what you want to enable,
|
||||
# calling scripts/config.py on this file remains the only option.
|
||||
# 3. Build the driver library, then the main libraries, test, and programs.
|
||||
# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
|
||||
# need to enable more algorithms here, typically hash algorithms when
|
||||
# accelerating some signature algorithms (ECDSA, RSAv2). This is done
|
||||
# by passing a 2nd argument listing the extra algorithms.
|
||||
# Example:
|
||||
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
|
||||
# additional arguments will be passed to make: this can be useful if
|
||||
# you don't want to build everything when iterating during development.
|
||||
# Example:
|
||||
# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
|
||||
# 4. Run the tests you want.
|
||||
|
||||
# Adjust the configuration - for both libtestdriver1 and main library,
|
||||
# as they should have the same PSA_WANT macros.
|
||||
helper_libtestdriver1_adjust_config() {
|
||||
BASE_CONFIG=$1
|
||||
# Select the base configuration
|
||||
if [ "$BASE_CONFIG" != "default" ]; then
|
||||
scripts/config.py "$BASE_CONFIG"
|
||||
fi
|
||||
|
||||
# Enable PSA-based config (necessary to use drivers)
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
}
|
||||
|
||||
# Build the drivers library libtestdriver1.a (with ASan).
|
||||
#
|
||||
# Parameters:
|
||||
# 1. a space-separated list of things to accelerate;
|
||||
# 2. optional: a space-separate list of things to also support.
|
||||
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
|
||||
helper_libtestdriver1_make_drivers() {
|
||||
loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
}
|
||||
|
||||
# Build the main libraries, programs and tests,
|
||||
# linking to the drivers library (with ASan).
|
||||
#
|
||||
# Parameters:
|
||||
# 1. a space-separated list of things to accelerate;
|
||||
# *. remaining arguments if any are passed directly to make
|
||||
# (examples: lib, -C tests test_suite_xxx, etc.)
|
||||
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
|
||||
helper_libtestdriver1_make_main() {
|
||||
loc_accel_list=$1
|
||||
shift
|
||||
|
||||
# we need flags both with and without the LIBTESTDRIVER1_ prefix
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
|
||||
}
|
||||
|
||||
################################################################
|
||||
#### Basic checks
|
||||
@ -2081,27 +2175,11 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure and build the test driver library
|
||||
# -------------------------------------------
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries
|
||||
# --------------------------------------
|
||||
|
||||
# Start from default config (no USE_PSA) + driver support + TLS 1.3
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Start from default config (no USE_PSA) + TLS 1.3
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
||||
# Disable the module that's accelerated
|
||||
@ -2111,9 +2189,15 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
|
||||
# Build the library
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
@ -2131,22 +2215,11 @@ component_test_psa_crypto_config_accel_ecdh () {
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure and build the test driver library
|
||||
# -------------------------------------------
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries
|
||||
# --------------------------------------
|
||||
|
||||
# Start from default config (no USE_PSA or TLS 1.3)
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# Disable the module that's accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
@ -2158,9 +2231,12 @@ component_test_psa_crypto_config_accel_ecdh () {
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
|
||||
# Build the main library
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
@ -2178,22 +2254,11 @@ component_test_psa_crypto_config_accel_ffdh () {
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
|
||||
|
||||
# Configure and build the test driver library
|
||||
# -------------------------------------------
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries
|
||||
# --------------------------------------
|
||||
|
||||
# Start from default config (no USE_PSA or TLS 1.3)
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# Disable the module that's accelerated
|
||||
scripts/config.py unset MBEDTLS_DHM_C
|
||||
@ -2202,9 +2267,12 @@ component_test_psa_crypto_config_accel_ffdh () {
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
|
||||
# Build the main library
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_dhm_ library/dhm.o
|
||||
@ -2219,33 +2287,30 @@ component_test_psa_crypto_config_accel_ffdh () {
|
||||
component_test_psa_crypto_config_accel_pake() {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
|
||||
# Start with full
|
||||
scripts/config.py full
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_list="ALG_JPAKE"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Make built-in fallback not available
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
# Build
|
||||
# -----
|
||||
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecjpake_init library/ecjpake.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
make test
|
||||
}
|
||||
@ -2264,9 +2329,7 @@ component_test_psa_crypto_config_accel_pake() {
|
||||
config_psa_crypto_config_all_ec_algs_use_psa () {
|
||||
DRIVER_ONLY="$1"
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
scripts/config.py full
|
||||
# enable support for drivers and configuring PSA-only algorithms
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
||||
# Disable modules that are accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
@ -2279,9 +2342,6 @@ config_psa_crypto_config_all_ec_algs_use_psa () {
|
||||
# the future, the following line could be removed (see issues
|
||||
# 6061, 6332 and following ones)
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
}
|
||||
|
||||
# Keep in sync with component_test_psa_crypto_config_reference_all_ec_algs_use_psa
|
||||
@ -2294,32 +2354,24 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () {
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure and build the test driver library
|
||||
# -------------------------------------------
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
# Things we wanted supported in libtestdriver1, but not accelerated in the main library:
|
||||
# SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic.
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries with drivers enabled
|
||||
# -----------------------------------------------------------
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Use the same config as reference, only without built-in EC algs
|
||||
config_psa_crypto_config_all_ec_algs_use_psa 1
|
||||
|
||||
# Build the library
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \
|
||||
-DMBEDTLS_TEST_LIBTESTDRIVER1 \
|
||||
-DMBEDTLS_ECP_LIGHT"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Temporary hack to enable MBEDTLS_ECP_LIGHT
|
||||
# (will soon be auto-enabled in build_info.h)
|
||||
echo '#define MBEDTLS_ECP_LIGHT' >> include/mbedtls/mbedtls_config.h
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
@ -2341,10 +2393,6 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () {
|
||||
component_test_psa_crypto_config_reference_all_ec_algs_use_psa () {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
||||
|
||||
# To be aligned with component_test_psa_crypto_config_accel_all_ec_algs_use_psa()
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
config_psa_crypto_config_all_ec_algs_use_psa 0
|
||||
|
||||
make
|
||||
@ -2373,7 +2421,8 @@ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () {
|
||||
DRIVER_ONLY="$1"
|
||||
# start with crypto_full config for maximum coverage (also enables USE_PSA),
|
||||
# but excluding X509, TLS and key exchanges
|
||||
scripts/config.py crypto_full
|
||||
helper_libtestdriver1_adjust_config "crypto_full"
|
||||
|
||||
# enable support for drivers and configuring PSA-only algorithms
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
||||
@ -2406,14 +2455,6 @@ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () {
|
||||
# the future, the following line could be removed (see issues
|
||||
# 6061, 6332 and following ones)
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
# Disable PSA_WANT symbols that would re-enable PK
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
@ -2437,26 +2478,22 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () {
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Set common configurations between library's and driver's builds
|
||||
config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 1
|
||||
|
||||
# Configure and build the test driver library
|
||||
# -------------------------------------------
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# Things we wanted supported in libtestdriver1, but not accelerated in the main library:
|
||||
# SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic.
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries with drivers enabled
|
||||
# -----------------------------------------------------------
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
# Build the library
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \
|
||||
-DMBEDTLS_TEST_LIBTESTDRIVER1"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
@ -2507,40 +2544,10 @@ psa_crypto_config_accel_all_curves_except_one () {
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure and build the test driver library
|
||||
# --------------------------------------------
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
# RSA support is intentionally disabled on this test (see below for
|
||||
# explanation) so lets disable it also on the driver side
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
||||
scripts/config.py -f include/psa/crypto_config.h unset $ALG
|
||||
done
|
||||
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries
|
||||
# ---------------------------------------
|
||||
|
||||
# full config (includes USE_PSA, TLS 1.3 and driver support)
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# restartable is not yet supported in PSA
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
@ -2556,6 +2563,12 @@ psa_crypto_config_accel_all_curves_except_one () {
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V15
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V21
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
# Disable RSA on the PSA side too
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
||||
scripts/config.py -f include/psa/crypto_config.h unset $ALG
|
||||
done
|
||||
# Also disable key exchanges that depend on RSA
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
@ -2571,14 +2584,24 @@ psa_crypto_config_accel_all_curves_except_one () {
|
||||
# build with ECP_C.
|
||||
scripts/config.py set $BUILTIN_CURVE
|
||||
# Accelerate all curves listed in "crypto_config.h" (skipping the ones that
|
||||
# are commented out)
|
||||
# are commented out).
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list=""
|
||||
for CURVE in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
||||
loc_accel_list="$loc_accel_list $CURVE"
|
||||
loc_curve_list="$loc_curve_list $CURVE"
|
||||
done
|
||||
|
||||
# build and link with test drivers
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
# (See above regarding loc_curve_list.)
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# make sure excluded modules were not auto-re-enabled by accident
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
@ -2601,6 +2624,7 @@ psa_crypto_config_accel_all_curves_except_one () {
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
|
||||
make test
|
||||
}
|
||||
@ -2616,10 +2640,13 @@ component_test_psa_crypto_config_accel_all_curves_except_x25519 () {
|
||||
component_test_psa_crypto_config_accel_rsa_signature () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# It seems it is not possible to remove only the support for RSA signature
|
||||
# in the library. Thus we have to remove all RSA support (signature and
|
||||
@ -2629,6 +2656,17 @@ component_test_psa_crypto_config_accel_rsa_signature () {
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
|
||||
# Remove RSA support and its dependencies
|
||||
scripts/config.py unset MBEDTLS_RSA_C
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V15
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V21
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
|
||||
# Make sure both the library and the test library support the SHA hash
|
||||
# algorithms and only those ones (SHA256 is included by default). That way:
|
||||
# - the test library can compute the RSA signatures even in the case of a
|
||||
@ -2641,51 +2679,33 @@ component_test_psa_crypto_config_accel_rsa_signature () {
|
||||
# PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
|
||||
# algorithm based on the hashes supported by the library is also
|
||||
# supported by the test library.
|
||||
# Disabled unwanted hashes here, we'll enable hashes we want in loc_accel_flags.
|
||||
# Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C
|
||||
scripts/config.py unset MBEDTLS_MD5_C
|
||||
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
||||
|
||||
# We need PEM parsing in the test library as well to support the import
|
||||
# of PEM encoded RSA keys.
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C
|
||||
|
||||
loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some RSA-PSS signature tests.
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_1"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
# Mbed TLS library build
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
|
||||
# Remove RSA support and its dependencies
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V15
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V21
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_RSA_C
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
|
||||
scripts/config.py unset MBEDTLS_MD5_C
|
||||
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1
|
||||
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
|
||||
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
||||
make test
|
||||
}
|
||||
@ -2693,16 +2713,15 @@ component_test_psa_crypto_config_accel_rsa_signature () {
|
||||
component_test_psa_crypto_config_accel_hash () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# Disable the things that are being accelerated
|
||||
scripts/config.py unset MBEDTLS_MD5_C
|
||||
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
||||
scripts/config.py unset MBEDTLS_SHA1_C
|
||||
@ -2710,8 +2729,13 @@ component_test_psa_crypto_config_accel_hash () {
|
||||
scripts/config.py unset MBEDTLS_SHA256_C
|
||||
scripts/config.py unset MBEDTLS_SHA384_C
|
||||
scripts/config.py unset MBEDTLS_SHA512_C
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# There's a risk of something getting re-enabled via config_psa.h;
|
||||
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
|
||||
@ -2721,6 +2745,9 @@ component_test_psa_crypto_config_accel_hash () {
|
||||
not grep mbedtls_sha512 library/sha512.o
|
||||
not grep mbedtls_ripemd160 library/ripemd160.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
|
||||
make test
|
||||
}
|
||||
@ -2730,18 +2757,14 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
||||
# This component ensures that all the test cases for
|
||||
# md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
|
||||
make test
|
||||
@ -2751,9 +2774,7 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () {
|
||||
config_psa_crypto_hash_use_psa () {
|
||||
DRIVER_ONLY="$1"
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
scripts/config.py full
|
||||
# enable support for drivers and configuring PSA-only algorithms
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
||||
# disable the built-in implementation of hashes
|
||||
scripts/config.py unset MBEDTLS_MD5_C
|
||||
@ -2766,10 +2787,6 @@ config_psa_crypto_hash_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_SHA512_C
|
||||
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
||||
fi
|
||||
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
}
|
||||
|
||||
# Note that component_test_psa_crypto_config_reference_hash_use_psa
|
||||
@ -2778,19 +2795,19 @@ config_psa_crypto_hash_use_psa () {
|
||||
component_test_psa_crypto_config_accel_hash_use_psa () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
config_psa_crypto_hash_use_psa 1
|
||||
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# There's a risk of something getting re-enabled via config_psa.h;
|
||||
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
|
||||
@ -2800,6 +2817,9 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
|
||||
not grep mbedtls_sha512 library/sha512.o
|
||||
not grep mbedtls_ripemd160 library/ripemd160.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
make test
|
||||
|
||||
@ -2822,9 +2842,6 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
|
||||
component_test_psa_crypto_config_reference_hash_use_psa() {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
||||
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
config_psa_crypto_hash_use_psa 0
|
||||
|
||||
make
|
||||
@ -2840,20 +2857,22 @@ component_test_psa_crypto_config_accel_cipher () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
||||
|
||||
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# There is no intended accelerator support for ALG STREAM_CIPHER and
|
||||
# ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the
|
||||
# inclusion of the Mbed TLS cipher operations. As we want to test here with
|
||||
# cipher operations solely supported by accelerators, disabled those
|
||||
# PSA configuration options.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
# Start from the default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# There is no intended accelerator support for ALG CMAC. Therefore, asking
|
||||
# for it in the build implies the inclusion of the Mbed TLS cipher
|
||||
# operations. As we want to test here with cipher operations solely
|
||||
# supported by accelerators, disabled this PSA configuration option.
|
||||
# (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are
|
||||
# already disabled by helper_libtestdriver1_adjust_config above.)
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC
|
||||
|
||||
# Disable the things that are being accelerated
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
|
||||
@ -2862,11 +2881,19 @@ component_test_psa_crypto_config_accel_cipher () {
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
||||
scripts/config.py unset MBEDTLS_DES_C
|
||||
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_des* library/des.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
||||
make test
|
||||
}
|
||||
@ -2874,17 +2901,15 @@ component_test_psa_crypto_config_accel_cipher () {
|
||||
component_test_psa_crypto_config_accel_aead () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
|
||||
# Disable things that are being accelerated
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
@ -2892,15 +2917,21 @@ component_test_psa_crypto_config_accel_aead () {
|
||||
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
||||
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# There's a risk of something getting re-enabled via config_psa.h
|
||||
# make sure it did not happen.
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ccm library/ccm.o
|
||||
not grep mbedtls_gcm library/gcm.o
|
||||
not grep mbedtls_chachapoly library/chachapoly.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
||||
make test
|
||||
}
|
||||
@ -2908,33 +2939,30 @@ component_test_psa_crypto_config_accel_aead () {
|
||||
component_test_psa_crypto_config_accel_pake() {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
|
||||
# Start with full
|
||||
scripts/config.py full
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_list="ALG_JPAKE"
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Make build-in fallback not available
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
# Build
|
||||
# -----
|
||||
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecjpake_init library/ecjpake.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
make test
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user