1# components-configuration-tls.sh 2# 3# Copyright The Mbed TLS Contributors 4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 5 6# This file contains test components that are executed by all.sh 7 8################################################################ 9#### Configuration Testing - TLS 10################################################################ 11 12component_test_config_suite_b () { 13 msg "build: configs/config-suite-b.h" 14 MBEDTLS_CONFIG="configs/config-suite-b.h" 15 CRYPTO_CONFIG="configs/crypto-config-suite-b.h" 16 CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . 17 make 18 19 msg "test: configs/config-suite-b.h - unit tests" 20 make test 21 22 msg "test: configs/config-suite-b.h - compat.sh" 23 tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS 24 25 msg "build: configs/config-suite-b.h + DEBUG" 26 MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" 27 make clean 28 scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C 29 scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C 30 make ssl-opt 31 32 msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh" 33 tests/ssl-opt.sh 34} 35 36component_test_no_renegotiation () { 37 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 38 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 39 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 40 make 41 42 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 43 make test 44 45 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 46 tests/ssl-opt.sh 47} 48 49component_test_tls1_2_default_stream_cipher_only () { 50 msg "build: default with only stream cipher use psa" 51 52 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 53 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM 54 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG 55 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM 56 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 57 #Disable TLS 1.3 (as no AEAD) 58 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 59 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC 60 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING 61 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 62 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 63 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 64 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 65 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 66 # Modules that depend on AEAD 67 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 68 scripts/config.py unset MBEDTLS_SSL_TICKET_C 69 70 make 71 72 msg "test: default with only stream cipher use psa" 73 make test 74 75 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 76} 77 78component_test_tls1_2_default_cbc_legacy_cipher_only () { 79 msg "build: default with only CBC-legacy cipher use psa" 80 81 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 82 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM 83 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG 84 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM 85 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 86 #Disable TLS 1.3 (as no AEAD) 87 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 88 # Enable CBC-legacy 89 scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING 90 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 91 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 92 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 93 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 94 # Modules that depend on AEAD 95 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 96 scripts/config.py unset MBEDTLS_SSL_TICKET_C 97 98 make 99 100 msg "test: default with only CBC-legacy cipher use psa" 101 make test 102 103 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" 104 tests/ssl-opt.sh -f "TLS 1.2" 105} 106 107component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { 108 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" 109 110 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 111 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM 112 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG 113 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM 114 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 115 #Disable TLS 1.3 (as no AEAD) 116 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 117 # Enable CBC-legacy 118 scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING 119 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 120 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 121 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 122 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 123 # Modules that depend on AEAD 124 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 125 scripts/config.py unset MBEDTLS_SSL_TICKET_C 126 127 make 128 129 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" 130 make test 131 132 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" 133 tests/ssl-opt.sh -f "TLS 1.2" 134} 135 136component_test_config_thread () { 137 msg "build: configs/config-thread.h" 138 MBEDTLS_CONFIG="configs/config-thread.h" 139 CRYPTO_CONFIG="configs/crypto-config-thread.h" 140 CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . 141 make 142 143 msg "test: configs/config-thread.h - unit tests" 144 make test 145 146 msg "test: configs/config-thread.h - ssl-opt.sh" 147 tests/ssl-opt.sh -f 'ECJPAKE.*nolog' 148} 149 150component_test_tls1_2_ccm_psk () { 151 msg "build: configs/config-ccm-psk-tls1_2.h" 152 MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h" 153 CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" 154 CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . 155 make 156 157 msg "test: configs/config-ccm-psk-tls1_2.h - unit tests" 158 make test 159 160 msg "test: configs/config-ccm-psk-tls1_2.h - compat.sh" 161 tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8' 162} 163 164component_test_tls1_2_ccm_psk_dtls () { 165 msg "build: configs/config-ccm-psk-dtls1_2.h" 166 MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" 167 CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" 168 CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . 169 make 170 171 msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests" 172 make test 173 174 msg "test: configs/config-ccm-psk-dtls1_2.h - compat.sh" 175 tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8' 176 177 msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG" 178 MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" 179 make clean 180 scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C 181 scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C 182 make ssl-opt 183 184 msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh" 185 tests/ssl-opt.sh 186} 187 188component_test_small_ssl_out_content_len () { 189 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 190 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 191 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 192 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 193 make 194 195 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 196 tests/ssl-opt.sh -f "Max fragment\|Large packet" 197} 198 199component_test_small_ssl_in_content_len () { 200 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 201 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 202 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 203 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 204 make 205 206 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 207 tests/ssl-opt.sh -f "Max fragment" 208} 209 210component_test_small_ssl_dtls_max_buffering () { 211 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 212 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 213 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 214 make 215 216 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 217 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 218} 219 220component_test_small_mbedtls_ssl_dtls_max_buffering () { 221 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 222 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 223 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 224 make 225 226 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 227 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 228} 229 230# Common helper for component_full_without_ecdhe_ecdsa(), 231# component_full_without_ecdhe_ecdsa_and_tls13() and component_full_without_tls13 which: 232# - starts from the "full" configuration minus the list of symbols passed in 233# as 1st parameter 234# - build 235# - test only TLS (i.e. test_suite_tls and ssl-opt) 236build_full_minus_something_and_test_tls () { 237 symbols_to_disable="$1" 238 239 msg "build: full minus something, test TLS" 240 241 scripts/config.py full 242 for sym in $symbols_to_disable; do 243 echo "Disabling $sym" 244 scripts/config.py unset $sym 245 done 246 247 make 248 249 msg "test: full minus something, test TLS" 250 ( cd tests; ./test_suite_ssl ) 251 252 msg "ssl-opt: full minus something, test TLS" 253 tests/ssl-opt.sh 254} 255 256component_full_without_ecdhe_ecdsa () { 257 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 258} 259 260component_full_without_ecdhe_ecdsa_and_tls13 () { 261 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 262 MBEDTLS_SSL_PROTO_TLS1_3" 263} 264 265component_full_without_tls13 () { 266 build_full_minus_something_and_test_tls "MBEDTLS_SSL_PROTO_TLS1_3" 267} 268 269component_build_no_ssl_srv () { 270 msg "build: full config except SSL server, make, gcc" # ~ 30s 271 scripts/config.py full 272 scripts/config.py unset MBEDTLS_SSL_SRV_C 273 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' 274} 275 276component_build_no_ssl_cli () { 277 msg "build: full config except SSL client, make, gcc" # ~ 30s 278 scripts/config.py full 279 scripts/config.py unset MBEDTLS_SSL_CLI_C 280 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' 281} 282 283component_test_no_max_fragment_length () { 284 # Run max fragment length tests with MFL disabled 285 msg "build: default config except MFL extension (ASan build)" # ~ 30s 286 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 287 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 288 make 289 290 msg "test: ssl-opt.sh, MFL-related tests" 291 tests/ssl-opt.sh -f "Max fragment length" 292} 293 294component_test_asan_remove_peer_certificate () { 295 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 296 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 297 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 298 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 299 make 300 301 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 302 make test 303 304 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 305 tests/ssl-opt.sh 306 307 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 308 tests/compat.sh 309 310 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 311 tests/context-info.sh 312} 313 314component_test_no_max_fragment_length_small_ssl_out_content_len () { 315 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 316 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 317 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 318 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 319 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 320 make 321 322 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 323 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 324 325 msg "test: context-info.sh (disabled MFL extension case)" 326 tests/context-info.sh 327} 328 329component_test_variable_ssl_in_out_buffer_len () { 330 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 331 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 332 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 333 make 334 335 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 336 make test 337 338 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 339 tests/ssl-opt.sh 340 341 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 342 tests/compat.sh 343} 344 345component_test_ssl_alloc_buffer_and_mfl () { 346 msg "build: default config with memory buffer allocator and MFL extension" 347 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 348 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 349 scripts/config.py set MBEDTLS_MEMORY_DEBUG 350 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 351 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 352 cmake -DCMAKE_BUILD_TYPE:String=Release . 353 make 354 355 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 356 make test 357 358 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 359 tests/ssl-opt.sh -f "Handshake memory usage" 360} 361 362component_test_when_no_ciphersuites_have_mac () { 363 msg "build: when no ciphersuites have MAC" 364 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING 365 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 366 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC 367 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 368 369 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 370 371 make 372 373 msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" 374 make test 375 376 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" 377 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 378} 379 380component_test_tls12_only () { 381 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan" 382 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 383 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 384 make 385 386 msg "test: main suites (inc. selftests) (ASan build)" 387 make test 388 389 msg "test: ssl-opt.sh (ASan build)" 390 tests/ssl-opt.sh 391 392 msg "test: compat.sh (ASan build)" 393 tests/compat.sh 394} 395 396component_test_tls13_only () { 397 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2" 398 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 399 scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT 400 401 scripts/config.py set MBEDTLS_TEST_HOOKS 402 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 403 404 msg "test: TLS 1.3 only, all key exchange modes enabled" 405 make test 406 407 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" 408 tests/ssl-opt.sh 409} 410 411component_test_tls13_only_psk () { 412 msg "build: TLS 1.3 only from default, only PSK key exchange mode" 413 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 414 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 415 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 416 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 417 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 418 scripts/config.py unset MBEDTLS_PKCS7_C 419 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 420 421 scripts/config.py set MBEDTLS_TEST_HOOKS 422 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH 423 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA 424 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA 425 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP 426 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS 427 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH 428 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 429 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 430 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 431 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 432 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 433 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048 434 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072 435 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096 436 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144 437 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192 438 # Note: The four unsets below are to be removed for Mbed TLS 4.0 439 scripts/config.py unset MBEDTLS_ECDH_C 440 scripts/config.py unset MBEDTLS_ECDSA_C 441 442 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 443 444 msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" 445 cd tests; ./test_suite_ssl; cd .. 446 447 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled" 448 tests/ssl-opt.sh 449} 450 451component_test_tls13_only_ephemeral () { 452 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode" 453 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 454 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 455 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 456 457 scripts/config.py set MBEDTLS_TEST_HOOKS 458 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 459 460 msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" 461 cd tests; ./test_suite_ssl; cd .. 462 463 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode" 464 tests/ssl-opt.sh 465} 466 467component_test_tls13_only_ephemeral_ffdh () { 468 msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" 469 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 470 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 471 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 472 473 scripts/config.py set MBEDTLS_TEST_HOOKS 474 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH 475 # Note: The unset below is to be removed for Mbed TLS 4.0 476 scripts/config.py unset MBEDTLS_ECDH_C 477 478 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 479 480 msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode" 481 cd tests; ./test_suite_ssl; cd .. 482 483 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" 484 tests/ssl-opt.sh 485} 486 487component_test_tls13_only_psk_ephemeral () { 488 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode" 489 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 490 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 491 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 492 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 493 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 494 scripts/config.py unset MBEDTLS_PKCS7_C 495 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 496 497 scripts/config.py set MBEDTLS_TEST_HOOKS 498 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA 499 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA 500 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP 501 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS 502 # Note: The two unsets below are to be removed for Mbed TLS 4.0 503 scripts/config.py unset MBEDTLS_ECDSA_C 504 505 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 506 507 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" 508 cd tests; ./test_suite_ssl; cd .. 509 510 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode" 511 tests/ssl-opt.sh 512} 513 514component_test_tls13_only_psk_ephemeral_ffdh () { 515 msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode" 516 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 517 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 518 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 519 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 520 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 521 scripts/config.py unset MBEDTLS_PKCS7_C 522 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 523 524 scripts/config.py set MBEDTLS_TEST_HOOKS 525 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH 526 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA 527 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA 528 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP 529 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS 530 # Note: The three unsets below are to be removed for Mbed TLS 4.0 531 scripts/config.py unset MBEDTLS_ECDH_C 532 scripts/config.py unset MBEDTLS_ECDSA_C 533 534 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 535 536 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" 537 cd tests; ./test_suite_ssl; cd .. 538 539 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" 540 tests/ssl-opt.sh 541} 542 543component_test_tls13_only_psk_all () { 544 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode" 545 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 546 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 547 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 548 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 549 scripts/config.py unset MBEDTLS_PKCS7_C 550 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 551 552 scripts/config.py set MBEDTLS_TEST_HOOKS 553 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA 554 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA 555 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP 556 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS 557 # Note: The two unsets below are to be removed for Mbed TLS 4.0 558 scripts/config.py unset MBEDTLS_ECDSA_C 559 560 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 561 562 msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" 563 cd tests; ./test_suite_ssl; cd .. 564 565 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" 566 tests/ssl-opt.sh 567} 568 569component_test_tls13_only_ephemeral_all () { 570 msg "build: TLS 1.3 only from default, without PSK key exchange mode" 571 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 572 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 573 574 scripts/config.py set MBEDTLS_TEST_HOOKS 575 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 576 577 msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" 578 cd tests; ./test_suite_ssl; cd .. 579 580 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" 581 tests/ssl-opt.sh 582} 583 584component_test_tls13_no_padding () { 585 msg "build: default config plus early data minus padding" 586 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 587 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 588 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 589 make 590 msg "test: default config plus early data minus padding" 591 make test 592 msg "ssl-opt.sh (TLS 1.3 no padding)" 593 tests/ssl-opt.sh 594} 595 596component_test_tls13_no_compatibility_mode () { 597 msg "build: default config plus early data minus middlebox compatibility mode" 598 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 599 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 600 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 601 make 602 msg "test: default config plus early data minus middlebox compatibility mode" 603 make test 604 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" 605 tests/ssl-opt.sh 606} 607 608component_test_full_minus_session_tickets () { 609 msg "build: full config without session tickets" 610 scripts/config.py full 611 scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS 612 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 613 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 614 make 615 msg "test: full config without session tickets" 616 make test 617 msg "ssl-opt.sh (full config without session tickets)" 618 tests/ssl-opt.sh 619} 620 621component_test_depends_py_kex () { 622 msg "test/build: depends.py kex (gcc)" 623 tests/scripts/depends.py kex 624} 625 626 627