diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 37b610f79a..d54cdb2e33 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2286,11 +2286,19 @@ component_build_aes_variations () { # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C + + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + # Note: The two unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_DES_C + build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ @@ -2301,9 +2309,21 @@ component_test_sha3_variations () { msg "sha3 loop unroll variations" # define minimal config sufficient to test SHA3 - cat > include/mbedtls/mbedtls_config.h << END - #define MBEDTLS_SELF_TEST - #define MBEDTLS_SHA3_C + cat > include/mbedtls/mbedtls_config.h << END + #define MBEDTLS_AES_C + #define MBEDTLS_CTR_DRBG_C + #define MBEDTLS_ENTROPY_C + #define MBEDTLS_PSA_CRYPTO_C + #define MBEDTLS_PSA_CRYPTO_CONFIG + #define MBEDTLS_SELF_TEST +END + + cat > tf-psa-crypto/include/psa/crypto_config.h << END + #define PSA_WANT_ALG_SHA_256 1 + #define PSA_WANT_ALG_SHA3_224 1 + #define PSA_WANT_ALG_SHA3_256 1 + #define PSA_WANT_ALG_SHA3_384 1 + #define PSA_WANT_ALG_SHA3_512 1 END msg "all loops unrolled" @@ -2425,7 +2445,7 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -# helper for common_block_cipher_no_decrypt() which: +# helper for component_test_block_cipher_no_decrypt_aesni() which: # - enable/disable the list of config options passed from -s/-u respectively. # - build # - test for tests_suite_xxx @@ -2479,13 +2499,32 @@ helper_block_cipher_no_decrypt_build_test () { programs/test/selftest } -# This is a common configuration function used in: -# - component_test_block_cipher_no_decrypt_aesni_legacy() -# - component_test_block_cipher_no_decrypt_aesni_use_psa() -# in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, -# AESNI assembly and AES C implementation on x86_64 and with AESNI intrinsics -# on x86. -common_block_cipher_no_decrypt () { +# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: +config_block_cipher_no_decrypt () { + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + # Note: The two unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_DES_C +} + +component_test_block_cipher_no_decrypt_aesni () { + # Test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, AESNI assembly and + # AES C implementation on x86_64 and with AESNI intrinsics on x86. + + # This consistently causes an llvm crash on clang 3.8, so use gcc + export CC=gcc + config_block_cipher_no_decrypt + # test AESNI intrinsics helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ @@ -2507,43 +2546,6 @@ common_block_cipher_no_decrypt () { -l "-m32" } -# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: -# usage: 0: no PSA crypto configuration -# 1: use PSA crypto configuration -config_block_cipher_no_decrypt () { - use_psa=$1 - - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - if [ "$use_psa" -eq 1 ]; then - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - fi -} - -component_test_block_cipher_no_decrypt_aesni () { - # This consistently causes an llvm crash on clang 3.8, so use gcc - export CC=gcc - config_block_cipher_no_decrypt 0 - common_block_cipher_no_decrypt -} - -component_test_block_cipher_no_decrypt_aesni_use_psa () { - # This consistently causes an llvm crash on clang 3.8, so use gcc - export CC=gcc - config_block_cipher_no_decrypt 1 - common_block_cipher_no_decrypt -} - support_test_block_cipher_no_decrypt_aesce_armcc () { support_build_armcc } @@ -2563,7 +2565,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_HAVE_ASM - config_block_cipher_no_decrypt 1 + config_block_cipher_no_decrypt # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index f9360426f4..d81303b76f 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -404,15 +404,35 @@ component_test_tls13_only_psk () { msg "build: TLS 1.3 only from default, only PSK key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_DHM_C scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py set MBEDTLS_SSL_EARLY_DATA + + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192 + # Note: The four unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_DHM_C + make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" @@ -441,6 +461,10 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED scripts/config.py unset MBEDTLS_SSL_EARLY_DATA + + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH + # Note: The unset below is to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -459,10 +483,18 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py set MBEDTLS_SSL_EARLY_DATA + + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + # Note: The two unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_PKCS1_V21 + make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" @@ -479,11 +511,20 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py set MBEDTLS_SSL_EARLY_DATA + + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + # Note: The three unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_PKCS1_V21 + make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" @@ -499,10 +540,18 @@ component_test_tls13_only_psk_all () { scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py set MBEDTLS_SSL_EARLY_DATA + + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + # Note: The two unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_PKCS1_V21 + make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"