From b50043b960d7c1e37948d5a01a30b1c2daf0d681 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 18 Jun 2024 20:30:36 +0200 Subject: [PATCH 1/7] Update `cipher_id` domain to use PSA macros Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 54 +++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5eddaae79d..2ad01ad193 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -241,22 +241,13 @@ and subsequent commands are tests that cannot run if the build failed).''' # This file includes a copy because it changes rarely and it would be a pain # to extract automatically. REVERSE_DEPENDENCIES = { - 'MBEDTLS_AES_C': ['MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'PSA_WANT_KEY_TYPE_AES', - 'PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], - 'MBEDTLS_ARIA_C': ['PSA_WANT_KEY_TYPE_ARIA'], - 'MBEDTLS_CAMELLIA_C': ['PSA_WANT_KEY_TYPE_CAMELLIA'], - 'MBEDTLS_CCM_C': ['PSA_WANT_ALG_CCM', - 'PSA_WANT_ALG_CCM_STAR_NO_TAG'], - 'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C', - 'PSA_WANT_KEY_TYPE_CHACHA20', - 'PSA_WANT_ALG_CHACHA20_POLY1305', - 'PSA_WANT_ALG_STREAM_CIPHER'], - 'MBEDTLS_CMAC_C': ['PSA_WANT_ALG_CMAC', - 'PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], - 'MBEDTLS_DES_C': ['PSA_WANT_KEY_TYPE_DES'], - 'MBEDTLS_GCM_C': ['PSA_WANT_ALG_GCM'], + 'PSA_WANT_KEY_TYPE_AES': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', + 'MBEDTLS_CTR_DRBG_C', + 'MBEDTLS_NIST_KW_C'], + 'PSA_WANT_KEY_TYPE_CHACHA20': ['PSA_WANT_ALG_CHACHA20_POLY1305', + 'PSA_WANT_ALG_STREAM_CIPHER'], + 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], + 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], 'MBEDTLS_CIPHER_MODE_CBC': ['PSA_WANT_ALG_CBC_PKCS7', 'PSA_WANT_ALG_CBC_NO_PADDING'], @@ -363,20 +354,20 @@ EXCLUSIVE_GROUPS = { 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C', '-MBEDTLS_ECDSA_DETERMINISTIC', '-MBEDTLS_ECJPAKE_C'], - 'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C', - '-MBEDTLS_CCM_C', - '-MBEDTLS_GCM_C', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], - 'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'], - 'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', - '-MBEDTLS_CCM_C', - '-MBEDTLS_GCM_C', - '-PSA_WANT_ALG_ECB_NO_PADDING'], - 'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C', - '-MBEDTLS_GCM_C', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], + 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', + '-PSA_WANT_ALG_CCM', + '-PSA_WANT_ALG_GCM', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], + 'PSA_WANT_KEY_TYPE_CAMELLIA': ['-PSA_WANT_ALG_CMAC'], + 'PSA_WANT_KEY_TYPE_CHACHA20': ['-PSA_WANT_ALG_CMAC', + '-PSA_WANT_ALG_CCM', + '-PSA_WANT_ALG_GCM', + '-PSA_WANT_ALG_ECB_NO_PADDING'], + 'PSA_WANT_KEY_TYPE_DES': ['-PSA_WANT_ALG_CCM', + '-PSA_WANT_ALG_GCM', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], } def handle_exclusive_groups(config_settings, symbol): """For every symbol tested in an exclusive group check if there are other @@ -476,7 +467,7 @@ class CipherInfo: # pylint: disable=too-few-public-methods for line in fh: m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line) if m and m.group(1) not in ['NONE', 'NULL', '3DES']: - self.base_symbols.add('MBEDTLS_' + m.group(1) + '_C') + self.base_symbols.add('PSA_WANT_KEY_TYPE_' + m.group(1)) class DomainData: """A container for domains and jobs, used to structurize testing.""" @@ -496,6 +487,7 @@ class DomainData: curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') + # Find cipher IDs (block permutations and stream ciphers --- chaining # and padding modes are exercised separately) information by parsing # cipher.h, as the information is not readily available in mbedtls_config.h. From 402381d2a600ecf09a71b986f9964add3b70f59d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 24 Sep 2024 19:46:54 +0200 Subject: [PATCH 2/7] Collect the algorithms Use Algorithm from crypto_knowledge to use its functionality. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 2ad01ad193..1ff6a02d9e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -56,6 +56,8 @@ from typing import Union import scripts_path # pylint: disable=unused-import import config from mbedtls_framework import c_build_helper +from mbedtls_framework import crypto_knowledge +from mbedtls_framework import psa_information class Colors: # pylint: disable=too-few-public-methods """Minimalistic support for colored output. @@ -481,6 +483,12 @@ class DomainData: build_command = [options.make_command, 'CFLAGS=-Werror -O2'] build_and_test = [build_command, [options.make_command, 'test']] self.all_config_symbols = set(conf.settings.keys()) + psa_info = psa_information.Information().constructors + algs = {crypto_knowledge.Algorithm(alg): symbol + for alg, symbol in ((alg, psa_information.psa_want_symbol(alg)) + for alg in psa_info.algorithms) + if symbol in self.all_config_symbols} + # Find hash modules by name. hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') # Find elliptic curve enabling macros by name. From 06a060ddd82e77adceda167e74abdc920d42738b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 4 Nov 2024 17:36:22 +0100 Subject: [PATCH 3/7] Collect the cipher algorithms Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 1ff6a02d9e..0939eadc8c 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -488,6 +488,9 @@ class DomainData: for alg, symbol in ((alg, psa_information.psa_want_symbol(alg)) for alg in psa_info.algorithms) if symbol in self.all_config_symbols} + cipher_algs = {alg + for alg in algs + if alg.can_do(crypto_knowledge.AlgorithmCategory.CIPHER)} # Find hash modules by name. hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') From 03cc5921be82ea78aee272a403be989b3ca8cea6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 4 Nov 2024 17:28:46 +0100 Subject: [PATCH 4/7] Collect key types Use KeyType from crypto_knowledge to use its functionality. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 0939eadc8c..3f271fb9c6 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -491,6 +491,11 @@ class DomainData: cipher_algs = {alg for alg in algs if alg.can_do(crypto_knowledge.AlgorithmCategory.CIPHER)} + key_types = {crypto_knowledge.KeyType(expr): symbol + for key_type in psa_info.key_types + for expr, symbol in ((expr, psa_information.psa_want_symbol(key_type)) + for expr in psa_info.generate_expressions([key_type])) + if symbol in self.all_config_symbols} # Find hash modules by name. hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') From fb6b0dbbfd07cb02b97ce0c97124a6b57541536a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 4 Nov 2024 17:30:32 +0100 Subject: [PATCH 5/7] Use crypto_knowledge to determine the cipher key types Replace the old implementation which uses `cipher.h` to gather information. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 3f271fb9c6..a82fc63457 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -457,20 +457,6 @@ Both parent class __init__ calls are performed in any order and each call adds respective jobs. The job array initialization is done once in BaseDomain, before the parent __init__ calls.""" -class CipherInfo: # pylint: disable=too-few-public-methods - """Collect data about cipher.h.""" - def __init__(self): - self.base_symbols = set() - if os.path.isdir('tf-psa-crypto'): - cipher_h_path = 'tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h' - else: - cipher_h_path = 'include/mbedtls/cipher.h' - with open(cipher_h_path, encoding="utf-8") as fh: - for line in fh: - m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line) - if m and m.group(1) not in ['NONE', 'NULL', '3DES']: - self.base_symbols.add('PSA_WANT_KEY_TYPE_' + m.group(1)) - class DomainData: """A container for domains and jobs, used to structurize testing.""" def config_symbols_matching(self, regexp): @@ -504,17 +490,17 @@ class DomainData: # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') - # Find cipher IDs (block permutations and stream ciphers --- chaining - # and padding modes are exercised separately) information by parsing - # cipher.h, as the information is not readily available in mbedtls_config.h. - cipher_info = CipherInfo() + # Find cipher key types + cipher_key_types = {symbol + for key_type, symbol in key_types.items() + for alg in cipher_algs + if key_type.can_do(alg)} # Find block cipher chaining and padding mode enabling macros by name. cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z') cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') self.domains = { - # Cipher IDs, chaining modes and padding modes. Run the test suites. - 'cipher_id': ExclusiveDomain(cipher_info.base_symbols, - build_and_test), + # Cipher key types + 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), 'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols, build_and_test), 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, From e6cfa3b428c5bbbb9268cc8c95f98c3862227bb9 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 4 Nov 2024 17:32:34 +0100 Subject: [PATCH 6/7] Update dependencies Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index a82fc63457..a6f16d3403 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -245,11 +245,20 @@ and subsequent commands are tests that cannot run if the build failed).''' REVERSE_DEPENDENCIES = { 'PSA_WANT_KEY_TYPE_AES': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_NIST_KW_C'], + 'MBEDTLS_NIST_KW_C', + 'MBEDTLS_AES_C'], + 'PSA_WANT_KEY_TYPE_ARIA': ['MBEDTLS_ARIA_C'], + 'PSA_WANT_KEY_TYPE_CAMELLIA': ['MBEDTLS_CAMELLIA_C'], 'PSA_WANT_KEY_TYPE_CHACHA20': ['PSA_WANT_ALG_CHACHA20_POLY1305', - 'PSA_WANT_ALG_STREAM_CIPHER'], - 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], - 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], + 'PSA_WANT_ALG_STREAM_CIPHER', + 'MBEDTLS_CHACHA20_C', + 'MBEDTLS_CHACHAPOLY_C'], + 'PSA_WANT_KEY_TYPE_DES': ['MBEDTLS_DES_C'], + 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG', + 'MBEDTLS_CCM_C'], + 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', + 'MBEDTLS_CMAC_C'], + 'PSA_WANT_ALG_GCM': ['MBEDTLS_GCM_C'], 'MBEDTLS_CIPHER_MODE_CBC': ['PSA_WANT_ALG_CBC_PKCS7', 'PSA_WANT_ALG_CBC_NO_PADDING'], From bd8e81834f823a893373b3bf588a42403c365de2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 6 Nov 2024 11:23:23 +0100 Subject: [PATCH 7/7] Fix pylint issue Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index a6f16d3403..f2147bc64c 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -473,6 +473,7 @@ class DomainData: return [symbol for symbol in self.all_config_symbols if re.match(regexp, symbol)] + # pylint: disable=too-many-locals def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" build_command = [options.make_command, 'CFLAGS=-Werror -O2']