From 85347d15c6532c3af4c138d293748327c7fc2fd1 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 1 Aug 2024 22:45:10 +0100 Subject: [PATCH] all.sh/components: Moved more components to configuration tls. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-tls.sh | 86 ++++++++++++++++++ tests/scripts/components.sh | 90 ------------------- 2 files changed, 86 insertions(+), 90 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 33f627e6ba..af58245833 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -49,6 +49,34 @@ component_test_tls1_2_default_stream_cipher_only () { # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. } +component_test_tls1_2_default_stream_cipher_only_use_psa () { + msg "build: default with only stream cipher use psa" + + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + #Disable TLS 1.3 (as no AEAD) + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only stream cipher use psa" + make test + + # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. +} + component_test_tls1_2_default_cbc_legacy_cipher_only () { msg "build: default with only CBC-legacy cipher" @@ -77,6 +105,35 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { tests/ssl-opt.sh -f "TLS 1.2" } +component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { + msg "build: default with only CBC-legacy cipher use psa" + + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + #Disable TLS 1.3 (as no AEAD) + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only CBC-legacy cipher use psa" + make test + + msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" + tests/ssl-opt.sh -f "TLS 1.2" +} + component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { msg "build: default with only CBC-legacy and CBC-EtM ciphers" @@ -105,6 +162,35 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { tests/ssl-opt.sh -f "TLS 1.2" } +component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { + msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" + + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + #Disable TLS 1.3 (as no AEAD) + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" + make test + + msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" + tests/ssl-opt.sh -f "TLS 1.2" +} + # We're not aware of any other (open source) implementation of EC J-PAKE in TLS # that we could use for interop testing. However, we now have sort of two # implementations ourselves: one using PSA, the other not. At least test that diff --git a/tests/scripts/components.sh b/tests/scripts/components.sh index 2e14866c08..14adcc3fce 100644 --- a/tests/scripts/components.sh +++ b/tests/scripts/components.sh @@ -269,96 +269,6 @@ component_test_full_no_bignum () { make test } - - -component_test_tls1_2_default_stream_cipher_only_use_psa () { - msg "build: default with only stream cipher use psa" - - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only stream cipher use psa" - make test - - # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. -} - - - -component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { - msg "build: default with only CBC-legacy cipher use psa" - - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only CBC-legacy cipher use psa" - make test - - msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - -component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { - msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" - - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC - # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" - make test - - msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - component_build_dhm_alt () { msg "build: MBEDTLS_DHM_ALT" # ~30s scripts/config.py full