From c109b37b07146261e2eaae6a483743ac257721e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 23 Nov 2020 17:39:04 +0100 Subject: [PATCH] Test MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Add two builds with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG to all.sh: * full minus all DRBG (validates that PSA can work without any of the DRBG modules). * with MBEDTLS_USE_PSA_CRYPTO and no CTR_DRBG (validates that PSA can work without CTR_DRBG, and that it works for USE_PSA_CRYPTO). The goal is to exercise default/full, with/out USE_PSA_CRYPTO, and with/out deterministic ECDSA (which requires HMAC_DRBG). The choice of pairing is rather arbitrary. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 30ec62f86..c53ce870f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -941,6 +941,36 @@ component_test_no_hmac_drbg () { # so there's little value in running those lengthy tests here. } +component_test_psa_external_rng_no_drbg () { + msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG + make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG" + make test + + # No ssl-opt.sh/compat.sh because they require CTR_DRBG. +} + +component_test_psa_external_rng_use_psa_crypto () { + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_CTR_DRBG_C + make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + make test + + # No ssl-opt.sh/compat.sh because they require CTR_DRBG. +} + component_test_ecp_no_internal_rng () { msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG