From 6f77baff685669bf6f21ffd90517e6e1fdd889d2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 20 Sep 2024 14:18:42 +0200 Subject: [PATCH 1/9] Use PSA macros for the `chipher_chaining` domain Exclude the XTS mode because it is not implemented via the PSA API. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cc7aca9699..ceaac22774 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -260,11 +260,7 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_CMAC_C'], 'PSA_WANT_ALG_GCM': ['MBEDTLS_GCM_C'], - 'MBEDTLS_CIPHER_MODE_CBC': ['PSA_WANT_ALG_CBC_PKCS7', - 'PSA_WANT_ALG_CBC_NO_PADDING'], - 'MBEDTLS_CIPHER_MODE_CFB': ['PSA_WANT_ALG_CFB'], - 'MBEDTLS_CIPHER_MODE_CTR': ['PSA_WANT_ALG_CTR'], - 'MBEDTLS_CIPHER_MODE_OFB': ['PSA_WANT_ALG_OFB'], + 'PSA_WANT_ALG_CBC_NO_PADDING': ['PSA_WANT_ALG_CBC_PKCS7'], 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', @@ -504,14 +500,26 @@ class DomainData: for key_type, symbol in key_types.items() for alg in cipher_algs if key_type.can_do(alg)} - # Find block cipher chaining and padding mode enabling macros by name. - cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z') + + # Get block cipher chaining modes. Do not select ECB, it is always enabled. + cipher_modes_filter = re.compile(r'PSA_WANT_ALG_(?!ECB|STREAM|CCM)\w+\Z') + cipher_chaining_symbols = {symbol + for alg, symbol in algs.items() + if alg.can_do(crypto_knowledge.AlgorithmCategory.CIPHER) + if re.match(cipher_modes_filter, symbol)} + + # Find block padding mode enabling macros by name. cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') + self.domains = { # Cipher key types 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), + + # XTS is not supported via the PSA API. 'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols, - build_and_test), + build_and_test, + exclude=r'PSA_WANT_ALG_XTS'), + 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, build_and_test), # Elliptic curves. Run the test suites. From 5a61086748b4734d7603045a6e1886cd00808850 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 30 Oct 2024 17:19:00 +0100 Subject: [PATCH 2/9] Test all cipher algorithm Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index ceaac22774..5f2e1d9b57 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -501,12 +501,8 @@ class DomainData: for alg in cipher_algs if key_type.can_do(alg)} - # Get block cipher chaining modes. Do not select ECB, it is always enabled. - cipher_modes_filter = re.compile(r'PSA_WANT_ALG_(?!ECB|STREAM|CCM)\w+\Z') - cipher_chaining_symbols = {symbol - for alg, symbol in algs.items() - if alg.can_do(crypto_knowledge.AlgorithmCategory.CIPHER) - if re.match(cipher_modes_filter, symbol)} + # Get cipher modes + cipher_chaining_symbols = {algs[cipher_alg] for cipher_alg in cipher_algs} # Find block padding mode enabling macros by name. cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') From e191c0358e2e176f3f3cb09e5801d252785b7ffc Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 30 Oct 2024 17:20:23 +0100 Subject: [PATCH 3/9] Update the dependencies of the cipher algorithms Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5f2e1d9b57..0f96f8fa84 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -260,7 +260,11 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_CMAC_C'], 'PSA_WANT_ALG_GCM': ['MBEDTLS_GCM_C'], - 'PSA_WANT_ALG_CBC_NO_PADDING': ['PSA_WANT_ALG_CBC_PKCS7'], + 'PSA_WANT_ALG_CBC_NO_PADDING': ['MBEDTLS_CIPHER_MODE_CBC'], + 'PSA_WANT_ALG_CBC_PKCS7': ['MBEDTLS_CIPHER_MODE_CBC'], + 'PSA_WANT_ALG_CFB': ['MBEDTLS_CIPHER_MODE_CFB'], + 'PSA_WANT_ALG_CTR': ['MBEDTLS_CIPHER_MODE_CTR'], + 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', From 95be5fb18b4c1527f590975ca7babae291737cf3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 30 Oct 2024 17:21:49 +0100 Subject: [PATCH 4/9] Add support for common dependencies in exclusive groups When elements of an exclusive group have dependencies in common turning them off breaks the elements build. Support added to handle and ignore these dependencies when only one of the elements is enabled. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 0f96f8fa84..d1de526ff2 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -387,19 +387,33 @@ defines to be altered. """ dep = dep[1:] config_settings[dep] = not unset -def turn_off_dependencies(config_settings): +def turn_off_dependencies(config_settings, exclude=None): """For every option turned off config_settings, also turn off what depends on it. An option O is turned off if config_settings[O] is False. Handle the dependencies recursively. + + If 'exclude' is a symbol, do not process it's dependencies. It is usefull when + two symbol has dependencies is common but need to be switched separately. """ + + # Recursively determine the excludable dependencies + excludes = set() + if exclude: + rev_excludes = set(REVERSE_DEPENDENCIES.get(exclude, [])) + while rev_excludes: + dep = rev_excludes.pop() + excludes.add(dep) + rev_excludes.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - excludes) + for key, value in sorted(config_settings.items()): if value is not False: continue - # Save the processed settings to handle cross referencies - revdep = set(REVERSE_DEPENDENCIES.get(key, [])) - history = set() + # Save the processed settings to handle cross referencies. + # Mark the excluded dependencies as already processed to skip it. + history = excludes.copy() + revdep = set(REVERSE_DEPENDENCIES.get(key, [])) - excludes while revdep: dep = revdep.pop() history.add(dep) @@ -435,7 +449,7 @@ would match this regular expression.""" config_settings = base_config_settings.copy() config_settings[symbol] = True handle_exclusive_groups(config_settings, symbol) - turn_off_dependencies(config_settings) + turn_off_dependencies(config_settings, symbol) job = Job(description, config_settings, commands) self.jobs.append(job) From a5f35296bd78319ede4fe4e2614df7790f6176d7 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 30 Oct 2024 17:30:25 +0100 Subject: [PATCH 5/9] Update comment Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index d1de526ff2..3547f422df 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -529,7 +529,8 @@ class DomainData: # Cipher key types 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), - # XTS is not supported via the PSA API. + # XTS is not yet supported via the PSA API. + # See https://github.com/Mbed-TLS/mbedtls/issues/6384 'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols, build_and_test, exclude=r'PSA_WANT_ALG_XTS'), From 242806ad6f9090326f06a23248b4aea6db7ef021 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 6 Nov 2024 16:17:19 +0100 Subject: [PATCH 6/9] Update dependencies All cipher padding methods depend on CBC. To aviod switching it off add this dependency to all of the methods and handle it as a common dependency. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 3547f422df..cdc38ea063 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -269,6 +269,9 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'PSA_WANT_ALG_CBC_PKCS7'], + 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], + 'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], + 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'], 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'], 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'], From af198c2ee5ba50c33dbeb0d1c63f1d0ebea272c7 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 12 Nov 2024 18:03:33 +0100 Subject: [PATCH 7/9] Rename variable Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cdc38ea063..6fdb83b90b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -403,11 +403,11 @@ def turn_off_dependencies(config_settings, exclude=None): # Recursively determine the excludable dependencies excludes = set() if exclude: - rev_excludes = set(REVERSE_DEPENDENCIES.get(exclude, [])) - while rev_excludes: - dep = rev_excludes.pop() + revdep = set(REVERSE_DEPENDENCIES.get(exclude, [])) + while revdep: + dep = revdep.pop() excludes.add(dep) - rev_excludes.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - excludes) + revdep.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - excludes) for key, value in sorted(config_settings.items()): if value is not False: From 655c487edbe5535c4a76705b860b122529c5820b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 12 Nov 2024 18:04:19 +0100 Subject: [PATCH 8/9] Update dependencies Added `MBEDTLS_CIPHER_MODE_XTS` as a dependency for `PSA_WANT_ALG_XTS`. Otherwise, `MBEDTLS_CIPHER_MODE_XTS` is always enabled which enables a lot of code we would like to be disabled when testing CFB/CTR... only. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 6fdb83b90b..2e0849b871 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -265,6 +265,7 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_ALG_CFB': ['MBEDTLS_CIPHER_MODE_CFB'], 'PSA_WANT_ALG_CTR': ['MBEDTLS_CIPHER_MODE_CTR'], 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], + 'PSA_WANT_ALG_XTS': ['MBEDTLS_CIPHER_MODE_XTS'], 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', From 6763a5546ab78464847fac22fa22c2ec63928e2b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 12 Nov 2024 18:07:42 +0100 Subject: [PATCH 9/9] Update comments Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 2e0849b871..f7fc60f579 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -397,11 +397,11 @@ def turn_off_dependencies(config_settings, exclude=None): An option O is turned off if config_settings[O] is False. Handle the dependencies recursively. - If 'exclude' is a symbol, do not process it's dependencies. It is usefull when - two symbol has dependencies is common but need to be switched separately. + If 'exclude' is a symbol, ensure its dependencies are not turned off while dependencies + of other settings are turned off. """ - # Recursively determine the excludable dependencies + # Determine recursively the settings that should not be turned off for the sake of 'exclude'. excludes = set() if exclude: revdep = set(REVERSE_DEPENDENCIES.get(exclude, [])) @@ -415,7 +415,7 @@ def turn_off_dependencies(config_settings, exclude=None): continue # Save the processed settings to handle cross referencies. - # Mark the excluded dependencies as already processed to skip it. + # Start with set of settings that we do not want to turn off. history = excludes.copy() revdep = set(REVERSE_DEPENDENCIES.get(key, [])) - excludes while revdep: