mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 01:14:23 +01:00
Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO
Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant difference with respect to how random generators are used (and, for no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with and without it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
aaedbdcfd6
commit
2747d7dc60
@ -911,37 +911,61 @@ component_test_rsa_no_crt () {
|
||||
if_build_succeeded tests/context-info.sh
|
||||
}
|
||||
|
||||
component_test_no_ctr_drbg () {
|
||||
msg "build: Full minus CTR_DRBG"
|
||||
component_test_no_ctr_drbg_classic () {
|
||||
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: Full minus CTR_DRBG - main suites"
|
||||
msg "test: Full minus CTR_DRBG, classic crypto - main suites"
|
||||
make test
|
||||
|
||||
# In this configuration, the TLS test programs use HMAC_DRBG.
|
||||
# The SSL tests are slow, so run a small subset, just enough to get
|
||||
# confidence that the SSL code copes with HMAC_DRBG.
|
||||
msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)"
|
||||
msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
||||
|
||||
msg "test: Full minus CTR_DRBG - compat.sh (subset)"
|
||||
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
|
||||
}
|
||||
|
||||
component_test_no_hmac_drbg () {
|
||||
msg "build: Full minus HMAC_DRBG"
|
||||
component_test_no_ctr_drbg_use_psa () {
|
||||
msg "build: Full minus CTR_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: Full minus HMAC_DRBG - main suites"
|
||||
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
|
||||
make test
|
||||
|
||||
# In this configuration, the TLS test programs use HMAC_DRBG.
|
||||
# The SSL tests are slow, so run a small subset, just enough to get
|
||||
# confidence that the SSL code copes with HMAC_DRBG.
|
||||
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
|
||||
|
||||
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
|
||||
}
|
||||
|
||||
component_test_no_hmac_drbg_classic () {
|
||||
msg "build: Full minus HMAC_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
|
||||
make test
|
||||
|
||||
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
||||
@ -949,17 +973,61 @@ component_test_no_hmac_drbg () {
|
||||
# instead.
|
||||
# Test SSL with non-deterministic ECDSA. Only test features that
|
||||
# might be affected by how ECDSA signature is performed.
|
||||
msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)"
|
||||
msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
||||
|
||||
# To save time, only test one protocol version, since this part of
|
||||
# the protocol is identical in (D)TLS up to 1.2.
|
||||
msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)"
|
||||
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_no_drbg () {
|
||||
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG"
|
||||
component_test_no_hmac_drbg_use_psa () {
|
||||
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
|
||||
make test
|
||||
|
||||
# Normally our ECDSA implementation uses deterministic ECDSA. But since
|
||||
# HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
|
||||
# instead.
|
||||
# Test SSL with non-deterministic ECDSA. Only test features that
|
||||
# might be affected by how ECDSA signature is performed.
|
||||
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
|
||||
|
||||
# To save time, only test one protocol version, since this part of
|
||||
# the protocol is identical in (D)TLS up to 1.2.
|
||||
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
|
||||
if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_no_drbg_classic () {
|
||||
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
|
||||
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
|
||||
make test
|
||||
|
||||
# no SSL tests as they all depend on having a DRBG
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_no_drbg_use_psa () {
|
||||
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
@ -968,10 +1036,8 @@ component_test_psa_external_rng_no_drbg () {
|
||||
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
|
||||
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG"
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
|
||||
make test
|
||||
|
||||
# no SSL tests as they all depend on having a DRBG
|
||||
}
|
||||
|
||||
component_test_psa_external_rng_use_psa_crypto () {
|
||||
|
Loading…
Reference in New Issue
Block a user