From 27e1767c44a9a8b7afe4171d9b2f172473af6559 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 25 May 2023 09:39:08 +0200 Subject: [PATCH 01/13] all.sh: add helper_libtestdriver1_adjust_config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 70 ++++++++++++++++---------------------------- 1 file changed, 26 insertions(+), 44 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 36d5fa4167..c0dc636c04 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -795,7 +795,18 @@ pre_generate_files() { fi } +################################################################ +#### Helpers for components using libtestdriver1 +################################################################ +# Adjust the configuration - for both libtestdriver1 and main library, +# as they should have the same PSA_WANT macros. +helper_libtestdriver1_adjust_config() { + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING +} ################################################################ #### Basic checks @@ -2072,10 +2083,7 @@ component_test_psa_crypto_config_accel_ecdsa () { # Configure and build the test driver library # ------------------------------------------- - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) # These hashes are needed for some ECDSA signature tests. @@ -2122,10 +2130,7 @@ component_test_psa_crypto_config_accel_ecdh () { # Configure and build the test driver library # ------------------------------------------- - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" @@ -2210,10 +2215,7 @@ component_test_psa_crypto_config_accel_pake() { # Start with full scripts/config.py full - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_list="ALG_JPAKE" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) @@ -2285,10 +2287,7 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # Configure and build the test driver library # ------------------------------------------- - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. @@ -2431,6 +2430,8 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () { # Configure and build the test driver library # ------------------------------------------- + helper_libtestdriver1_adjust_config + # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" @@ -2498,10 +2499,7 @@ psa_crypto_config_accel_all_curves_except_one () { # Configure and build the test driver library # -------------------------------------------- - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config # RSA support is intentionally disabled on this test (see below for # explanation) so lets disable it also on the driver side @@ -2604,10 +2602,7 @@ component_test_psa_crypto_config_accel_all_curves_except_x25519 () { component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config # It seems it is not possible to remove only the support for RSA signature # in the library. Thus we have to remove all RSA support (signature and @@ -2681,10 +2676,7 @@ component_test_psa_crypto_config_accel_rsa_signature () { component_test_psa_crypto_config_accel_hash () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) @@ -2718,10 +2710,7 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { # This component ensures that all the test cases for # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run. - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) @@ -2766,10 +2755,7 @@ config_psa_crypto_hash_use_psa () { component_test_psa_crypto_config_accel_hash_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) @@ -2827,6 +2813,8 @@ component_test_psa_crypto_config_reference_hash_use_psa() { component_test_psa_crypto_config_accel_cipher () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" + helper_libtestdriver1_adjust_config + loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" @@ -2862,10 +2850,7 @@ component_test_psa_crypto_config_accel_cipher () { component_test_psa_crypto_config_accel_aead () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) @@ -2899,10 +2884,7 @@ component_test_psa_crypto_config_accel_pake() { # Start with full scripts/config.py full - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config loc_accel_list="ALG_JPAKE" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) From 31639e49d2b90b72c17acdcfede91165651bd6a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 25 May 2023 10:07:31 +0200 Subject: [PATCH 02/13] all.sh: add helper_libtestdriver1_make_drivers() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 66 +++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 37 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c0dc636c04..2adeead4f1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -808,6 +808,17 @@ helper_libtestdriver1_adjust_config() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING } +# Build libtestdriver1.a (with ASan) +# +# Parameters: +# 1. a space-separated list of things to accelerate; +# 2. optional: a space-separate list of things to also support. +# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. +helper_libtestdriver1_make_drivers() { + loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" +} + ################################################################ #### Basic checks ################################################################ @@ -2085,13 +2096,10 @@ component_test_psa_crypto_config_accel_ecdsa () { helper_libtestdriver1_adjust_config - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) # These hashes are needed for some ECDSA signature tests. - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" # Configure and build the main libraries # -------------------------------------- @@ -2132,8 +2140,7 @@ component_test_psa_crypto_config_accel_ecdh () { helper_libtestdriver1_adjust_config - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" # Configure and build the main libraries # -------------------------------------- @@ -2218,8 +2225,7 @@ component_test_psa_crypto_config_accel_pake() { helper_libtestdriver1_adjust_config loc_accel_list="ALG_JPAKE" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -2292,8 +2298,7 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" # Configure and build the main libraries with drivers enabled # ----------------------------------------------------------- @@ -2435,8 +2440,8 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () { # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" # Configure and build the main libraries with drivers enabled # ----------------------------------------------------------- @@ -2511,11 +2516,8 @@ psa_crypto_config_accel_all_curves_except_one () { loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) # These hashes are needed for some ECDSA signature tests. - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" # Configure and build the main libraries # --------------------------------------- @@ -2636,12 +2638,8 @@ component_test_psa_crypto_config_accel_rsa_signature () { loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) # These hashes are needed for some RSA-PSS signature tests. - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_1" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" - loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" # Mbed TLS library build scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -2679,8 +2677,7 @@ component_test_psa_crypto_config_accel_hash () { helper_libtestdriver1_adjust_config loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_MD5_C @@ -2713,8 +2710,7 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { helper_libtestdriver1_adjust_config loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" @@ -2758,8 +2754,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () { helper_libtestdriver1_adjust_config loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" config_psa_crypto_hash_use_psa 1 @@ -2816,8 +2811,7 @@ component_test_psa_crypto_config_accel_cipher () { helper_libtestdriver1_adjust_config loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -2853,8 +2847,7 @@ component_test_psa_crypto_config_accel_aead () { helper_libtestdriver1_adjust_config loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -2887,8 +2880,7 @@ component_test_psa_crypto_config_accel_pake() { helper_libtestdriver1_adjust_config loc_accel_list="ALG_JPAKE" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG From 27dd73fb918b942d2a22ae47b5e580ed4db0317f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 25 May 2023 10:39:23 +0200 Subject: [PATCH 03/13] all.sh: add helper_libtestdriver1_make_main() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also, remove things that are redundant with ASAN_CFLAGS (-Werror, -O). Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 72 +++++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2adeead4f1..618326fa93 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -808,7 +808,7 @@ helper_libtestdriver1_adjust_config() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING } -# Build libtestdriver1.a (with ASan) +# Build the drivers library libtestdriver1.a (with ASan). # # Parameters: # 1. a space-separated list of things to accelerate; @@ -819,6 +819,24 @@ helper_libtestdriver1_make_drivers() { make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" } +# Build the main libraries, programs and tests, +# linking to the drivers library (with ASan). +# +# Parameters: +# 1. a space-separated list of things to accelerate; +# *. remaining arguments if any are passed directly to make +# (examples: lib, -C tests test_suite_xxx, etc.) +# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. +helper_libtestdriver1_make_main() { + loc_accel_list=$1 + shift + + # we need flags both with and without the LIBTESTDRIVER1_ prefix + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" +} + ################################################################ #### Basic checks ################################################################ @@ -2116,8 +2134,7 @@ component_test_psa_crypto_config_accel_ecdsa () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED # Build the library - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2159,8 +2176,7 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # Build the main library - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdh_ library/ecdh.o @@ -2237,8 +2253,7 @@ component_test_psa_crypto_config_accel_pake() { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" not grep mbedtls_ecjpake_init library/ecjpake.o @@ -2306,12 +2321,12 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # Use the same config as reference, only without built-in EC algs config_psa_crypto_config_all_ec_algs_use_psa 1 + # Temporary hack to enable MBEDTLS_ECP_LIGHT + # (will soon be auto-enabled in build_info.h) + echo '#define MBEDTLS_ECP_LIGHT' >> include/mbedtls/mbedtls_config.h + # Build the library - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \ - -DMBEDTLS_TEST_LIBTESTDRIVER1 \ - -DMBEDTLS_ECP_LIGHT" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2447,10 +2462,7 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () { # ----------------------------------------------------------- # Build the library - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \ - -DMBEDTLS_TEST_LIBTESTDRIVER1" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2514,7 +2526,6 @@ psa_crypto_config_accel_all_curves_except_one () { scripts/config.py -f include/psa/crypto_config.h unset $ALG done - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) # These hashes are needed for some ECDSA signature tests. loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" @@ -2565,8 +2576,7 @@ psa_crypto_config_accel_all_curves_except_one () { done # build and link with test drivers - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" # make sure excluded modules were not auto-re-enabled by accident not grep mbedtls_ecdh_ library/ecdh.o @@ -2636,7 +2646,7 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + # These hashes are needed for some RSA-PSS signature tests. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" @@ -2661,8 +2671,7 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o @@ -2687,8 +2696,8 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + helper_libtestdriver1_make_main "$loc_accel_list" # There's a risk of something getting re-enabled via config_psa.h; # make sure it did not happen. Note: it's OK for MD_C to be enabled. @@ -2713,8 +2722,7 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { helper_libtestdriver1_make_drivers "$loc_accel_list" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" make test @@ -2758,8 +2766,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () { config_psa_crypto_hash_use_psa 1 - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all + helper_libtestdriver1_make_main "$loc_accel_list" # There's a risk of something getting re-enabled via config_psa.h; # make sure it did not happen. Note: it's OK for MD_C to be enabled. @@ -2832,8 +2839,7 @@ component_test_psa_crypto_config_accel_cipher () { scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" not grep mbedtls_des* library/des.o @@ -2858,8 +2864,7 @@ component_test_psa_crypto_config_accel_aead () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" # There's a risk of something getting re-enabled via config_psa.h # make sure it did not happen. @@ -2892,8 +2897,7 @@ component_test_psa_crypto_config_accel_pake() { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_accel_list" not grep mbedtls_ecjpake_init library/ecjpake.o From 239094d51c4b521c52a39aa648f5b187e2dd1eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 31 May 2023 12:51:50 +0200 Subject: [PATCH 04/13] all.sh: make libtestdriver1 components more uniform MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 142 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 113 insertions(+), 29 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 618326fa93..27b7fca0be 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2109,11 +2109,11 @@ component_test_psa_crypto_config_accel_ecdsa () { # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Configure and build the test driver library # ------------------------------------------- - helper_libtestdriver1_adjust_config - # These hashes are needed for some ECDSA signature tests. loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" @@ -2152,11 +2152,11 @@ component_test_psa_crypto_config_accel_ecdh () { # Algorithms and key types to accelerate loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Configure and build the test driver library # ------------------------------------------- - helper_libtestdriver1_adjust_config - helper_libtestdriver1_make_drivers "$loc_accel_list" # Configure and build the main libraries @@ -2235,14 +2235,20 @@ component_test_psa_crypto_config_accel_ffdh () { component_test_psa_crypto_config_accel_pake() { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" - # Start with full - scripts/config.py full + loc_accel_list="ALG_JPAKE" helper_libtestdriver1_adjust_config - loc_accel_list="ALG_JPAKE" + # Configure and build the test driver library + # ------------------------------------------- + helper_libtestdriver1_make_drivers "$loc_accel_list" + # Configure and build the main libraries + # -------------------------------------- + + # Start with full + scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Make built-in fallback not available @@ -2255,8 +2261,12 @@ component_test_psa_crypto_config_accel_pake() { helper_libtestdriver1_make_main "$loc_accel_list" + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecjpake_init library/ecjpake.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" make test } @@ -2305,11 +2315,11 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { ALG_JPAKE \ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Configure and build the test driver library # ------------------------------------------- - helper_libtestdriver1_adjust_config - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" @@ -2444,14 +2454,14 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () { ALG_JPAKE \ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Set common configurations between library's and driver's builds config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 1 # Configure and build the test driver library # ------------------------------------------- - helper_libtestdriver1_adjust_config - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" @@ -2513,11 +2523,11 @@ psa_crypto_config_accel_all_curves_except_one () { ALG_JPAKE \ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Configure and build the test driver library # -------------------------------------------- - helper_libtestdriver1_adjust_config - # RSA support is intentionally disabled on this test (see below for # explanation) so lets disable it also on the driver side scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @@ -2599,6 +2609,7 @@ psa_crypto_config_accel_all_curves_except_one () { # Run the tests # ------------- + msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO" make test } @@ -2614,8 +2625,13 @@ component_test_psa_crypto_config_accel_all_curves_except_x25519 () { component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" + loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Configure and build the test driver library + # ------------------------------------------- + # It seems it is not possible to remove only the support for RSA signature # in the library. Thus we have to remove all RSA support (signature and # encryption/decryption). AS there is no driver support for asymmetric @@ -2645,13 +2661,14 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C - loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" - # These hashes are needed for some RSA-PSS signature tests. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - # Mbed TLS library build + # Configure and build the test driver library + # ------------------------------------------- + + # Start from default config (no TLS 1.3, no USE_PSA) scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Remove RSA support and its dependencies @@ -2671,11 +2688,16 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING + # Build the library helper_libtestdriver1_make_main "$loc_accel_list" + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" make test } @@ -2683,12 +2705,22 @@ component_test_psa_crypto_config_accel_rsa_signature () { component_test_psa_crypto_config_accel_hash () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" + loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_adjust_config - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + # Configure and build the test driver library + # ------------------------------------------- + helper_libtestdriver1_make_drivers "$loc_accel_list" + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no TLS 1.3, no USE_PSA) scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Disable the things that are being accelerated scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C scripts/config.py unset MBEDTLS_SHA1_C @@ -2707,6 +2739,9 @@ component_test_psa_crypto_config_accel_hash () { not grep mbedtls_sha512 library/sha512.o not grep mbedtls_ripemd160 library/ripemd160.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" make test } @@ -2716,11 +2751,14 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { # This component ensures that all the test cases for # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run. + loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_adjust_config - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + # build the drivers library helper_libtestdriver1_make_drivers "$loc_accel_list" + # configure and build the main libraires scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG helper_libtestdriver1_make_main "$loc_accel_list" @@ -2759,11 +2797,18 @@ config_psa_crypto_hash_use_psa () { component_test_psa_crypto_config_accel_hash_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" + loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_adjust_config - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + # Configure and build the test driver library + # ------------------------------------------- + helper_libtestdriver1_make_drivers "$loc_accel_list" + # Configure and build the main libraries + # -------------------------------------- + config_psa_crypto_hash_use_psa 1 helper_libtestdriver1_make_main "$loc_accel_list" @@ -2776,6 +2821,9 @@ component_test_psa_crypto_config_accel_hash_use_psa () { not grep mbedtls_sha512 library/sha512.o not grep mbedtls_ripemd160 library/ripemd160.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" make test @@ -2815,12 +2863,12 @@ component_test_psa_crypto_config_reference_hash_use_psa() { component_test_psa_crypto_config_accel_cipher () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" - helper_libtestdriver1_adjust_config - loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" - helper_libtestdriver1_make_drivers "$loc_accel_list" - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + # Common config for drivers and main libraries + # -------------------------------------------- + + helper_libtestdriver1_adjust_config # There is no intended accelerator support for ALG STREAM_CIPHER and # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the @@ -2831,6 +2879,17 @@ component_test_psa_crypto_config_accel_cipher () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC + # Configure and build the test driver library + # ------------------------------------------- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + + # Configure and build the main libraries + # -------------------------------------- + + # Start from the default config (no TLS 1.3, no USE_PSA) + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR @@ -2841,8 +2900,12 @@ component_test_psa_crypto_config_accel_cipher () { helper_libtestdriver1_make_main "$loc_accel_list" + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_des* library/des.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" make test } @@ -2850,11 +2913,19 @@ component_test_psa_crypto_config_accel_cipher () { component_test_psa_crypto_config_accel_aead () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + helper_libtestdriver1_adjust_config - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + # Configure and build the test driver library + # ------------------------------------------- + helper_libtestdriver1_make_drivers "$loc_accel_list" + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no TLS 1.3, no USE_PSA) scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_GCM_C @@ -2866,12 +2937,14 @@ component_test_psa_crypto_config_accel_aead () { helper_libtestdriver1_make_main "$loc_accel_list" - # There's a risk of something getting re-enabled via config_psa.h - # make sure it did not happen. + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ccm library/ccm.o not grep mbedtls_gcm library/gcm.o not grep mbedtls_chachapoly library/chachapoly.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" make test } @@ -2879,14 +2952,20 @@ component_test_psa_crypto_config_accel_aead () { component_test_psa_crypto_config_accel_pake() { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" - # Start with full - scripts/config.py full + loc_accel_list="ALG_JPAKE" helper_libtestdriver1_adjust_config - loc_accel_list="ALG_JPAKE" + # Configure and build the test driver library + # ------------------------------------------- + helper_libtestdriver1_make_drivers "$loc_accel_list" + # Configure and build the main libraries + # -------------------------------------- + + # Start with full + scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Make build-in fallback not available @@ -2897,10 +2976,15 @@ component_test_psa_crypto_config_accel_pake() { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + # Build the library helper_libtestdriver1_make_main "$loc_accel_list" + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecjpake_init library/ecjpake.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" make test } From f5c5d971e73a8c7cf0bbf3b9db20ef85f141a6ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2023 11:14:57 +0200 Subject: [PATCH 05/13] Add documentation about libtestdriver1 usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 27b7fca0be..eef180fa9c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -799,6 +799,40 @@ pre_generate_files() { #### Helpers for components using libtestdriver1 ################################################################ +# How to use libtestdriver1 +# ------------------------- +# +# 1. Define the list algorithms and key types to accelerate, +# designated the same way as PSA_WANT_ macros but without PSA_WANT_. +# Examples: +# - loc_accel_list="ALG_JPAKE" +# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" +# 2. Make configurations changes that are common to driver and main libraries. +# WARNING: both libraries MUST have the same set of PSA_WANT_ALG symbols, +# as they determine the ABI between them, so all changes to these symbols +# go here. +# 2a. Call helper_libtestdriver1_adjust_config. +# 2b. Any other change you need to make. +# 3. Build the driver library: libtestdriver1.a. +# Just call helper_libtestdriver1_make_drivers, passing "$loc_accel_list". +# You may need to enable more algorithms here, typically hash algorithms +# when accelerating some signature algoritms (ECDSA, RSAv2). This is done +# by passing a 2nd argument listing the extra algorithms. +# Example: +# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" +# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" +# 4. Configure and build the main libraries using drivers. +# 4a. (optional) Call scripts/config.py full if you want. +# 4b. Call scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG +# 4c. Make any other config adjustments you want. Typically you want to +# disable the modules that are being accelerated. You may need to also +# disable modules that depend on them or options that are not supported +# with drivers. +# WARNING: do NOT change any PSA_WANT symbol at that point, that should +# only be done in step 2 above. +# 4d. Call helper_libtestdriver1_make_main "$loc_accel_list". +# 5. Run the tests you want. + # Adjust the configuration - for both libtestdriver1 and main library, # as they should have the same PSA_WANT macros. helper_libtestdriver1_adjust_config() { From d4dff8b4dea218fae10b605a865ea9663a7a2315 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2023 11:19:37 +0200 Subject: [PATCH 06/13] Update FFDH component MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Was added while I was preparing this PR. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index eef180fa9c..01a64cf55d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2228,16 +2228,12 @@ component_test_psa_crypto_config_accel_ffdh () { # Algorithms and key types to accelerate loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" + helper_libtestdriver1_adjust_config + # Configure and build the test driver library # ------------------------------------------- - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + helper_libtestdriver1_make_drivers "$loc_extra_list" # Configure and build the main libraries # -------------------------------------- @@ -2253,8 +2249,7 @@ component_test_psa_crypto_config_accel_ffdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED # Build the main library - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + helper_libtestdriver1_make_main "$loc_extra_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_dhm_ library/dhm.o From 981732e453a61c3e75f915b7e08ae3e10c9826c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Jun 2023 09:15:59 +0200 Subject: [PATCH 07/13] Fix some typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 01a64cf55d..715f2928da 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -807,7 +807,7 @@ pre_generate_files() { # Examples: # - loc_accel_list="ALG_JPAKE" # - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" -# 2. Make configurations changes that are common to driver and main libraries. +# 2. Make configuration changes that are common to driver and main libraries. # WARNING: both libraries MUST have the same set of PSA_WANT_ALG symbols, # as they determine the ABI between them, so all changes to these symbols # go here. @@ -816,7 +816,7 @@ pre_generate_files() { # 3. Build the driver library: libtestdriver1.a. # Just call helper_libtestdriver1_make_drivers, passing "$loc_accel_list". # You may need to enable more algorithms here, typically hash algorithms -# when accelerating some signature algoritms (ECDSA, RSAv2). This is done +# when accelerating some signature algorithms (ECDSA, RSAv2). This is done # by passing a 2nd argument listing the extra algorithms. # Example: # loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" @@ -2233,7 +2233,7 @@ component_test_psa_crypto_config_accel_ffdh () { # Configure and build the test driver library # ------------------------------------------- - helper_libtestdriver1_make_drivers "$loc_extra_list" + helper_libtestdriver1_make_drivers "$loc_accel_list" # Configure and build the main libraries # -------------------------------------- @@ -2249,7 +2249,7 @@ component_test_psa_crypto_config_accel_ffdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED # Build the main library - helper_libtestdriver1_make_main "$loc_extra_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_dhm_ library/dhm.o From 7ae342f3f7a836c1c861f5ca6ef233a1142f92ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Jun 2023 09:26:04 +0200 Subject: [PATCH 08/13] Use helper_libtestdriver1_adjust_config more MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 715f2928da..9943659934 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2388,8 +2388,7 @@ component_test_psa_crypto_config_reference_all_ec_algs_use_psa () { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA" # To be aligned with component_test_psa_crypto_config_accel_all_ec_algs_use_psa() - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + helper_libtestdriver1_adjust_config config_psa_crypto_config_all_ec_algs_use_psa 0 @@ -2456,10 +2455,8 @@ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + # Adjustments for the test driver library + helper_libtestdriver1_adjust_config # Disable PSA_WANT symbols that would re-enable PK scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @@ -2875,8 +2872,8 @@ component_test_psa_crypto_config_accel_hash_use_psa () { component_test_psa_crypto_config_reference_hash_use_psa() { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + # To be aligned with the accelerated component + helper_libtestdriver1_adjust_config config_psa_crypto_hash_use_psa 0 @@ -2899,13 +2896,12 @@ component_test_psa_crypto_config_accel_cipher () { helper_libtestdriver1_adjust_config - # There is no intended accelerator support for ALG STREAM_CIPHER and - # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the - # inclusion of the Mbed TLS cipher operations. As we want to test here with - # cipher operations solely supported by accelerators, disabled those - # PSA configuration options. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + # There is no intended accelerator support for ALG CMAC. Therefore, asking + # for it in the build implies the inclusion of the Mbed TLS cipher + # operations. As we want to test here with cipher operations solely + # supported by accelerators, disabled this PSA configuration option. + # (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are + # already disabled by helper_libtestdriver1_adjust_config above.) scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC # Configure and build the test driver library From 8df87bf05263a580a78385f9437d2ebfba2913cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 17:09:38 +0200 Subject: [PATCH 09/13] Group both configuration steps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Compared to the previous scheme, this avoid the problem of having to warn about adjusting PSA_WANT in the wrong place. Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config rather than having to repeat it in every single component. It also plays more nicely with components that have an associated reference component and use a common config function. (Some of them were already using the new order.) Finally, "configure, build, run the tests" seems more natural than "configure, build, configure, build, test" (and, coming back to the initial point, it avoid questions about what to configure when). Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 386 +++++++++++++++++++------------------------ 1 file changed, 172 insertions(+), 214 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9943659934..5fc70c076c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -807,35 +807,51 @@ pre_generate_files() { # Examples: # - loc_accel_list="ALG_JPAKE" # - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" -# 2. Make configuration changes that are common to driver and main libraries. -# WARNING: both libraries MUST have the same set of PSA_WANT_ALG symbols, -# as they determine the ABI between them, so all changes to these symbols -# go here. -# 2a. Call helper_libtestdriver1_adjust_config. -# 2b. Any other change you need to make. -# 3. Build the driver library: libtestdriver1.a. -# Just call helper_libtestdriver1_make_drivers, passing "$loc_accel_list". -# You may need to enable more algorithms here, typically hash algorithms -# when accelerating some signature algorithms (ECDSA, RSAv2). This is done -# by passing a 2nd argument listing the extra algorithms. -# Example: -# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" -# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" -# 4. Configure and build the main libraries using drivers. -# 4a. (optional) Call scripts/config.py full if you want. -# 4b. Call scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG -# 4c. Make any other config adjustments you want. Typically you want to -# disable the modules that are being accelerated. You may need to also -# disable modules that depend on them or options that are not supported -# with drivers. -# WARNING: do NOT change any PSA_WANT symbol at that point, that should -# only be done in step 2 above. -# 4d. Call helper_libtestdriver1_make_main "$loc_accel_list". -# 5. Run the tests you want. +# 2. Make configurations changes for the driver and/or main libraries. +# 2a. Call helper_libtestdriver1_adjust_config , where the argument +# can be either "default" to start with the default config, or a name +# supported by scripts/config.py (for example, "full"). This selects +# the base to use, and make common adjustments. +# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h. +# These changes affect both the driver and the main libraries. +# (Note: they need to have the same set of PSA_WANT symbols, as that +# determines the ABI between them.) +# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the +# main libraries. Typically, you want to disable the module(s) that are +# being accelerated. You may need to also disable modules that depend +# on them or options that are not supported with drivers. +# 2d. On top of psa/crypto_config.h, the driver library uses its own config +# file: tests/include/test/drivers/config_test_driver.h. You usually +# don't need to edit it: using loc_extra_list (see below) is preferred. +# However, when there's no PSA symbol for what you want to enable, +# calling scripts/config.py on this file remains the only option. +# 3. Build the driver library, then the main libraries, test, and programs. +# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may +# need to enable more algorithms here, typically hash algorithms when +# accelerating some signature algorithms (ECDSA, RSAv2). This is done +# by passing a 2nd argument listing the extra algorithms. +# Example: +# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" +# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" +# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any +# additional arguments will be passed to make: this can be useful if +# you don't want to build everything when iterating during development. +# Example: +# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo +# 4. Run the tests you want. # Adjust the configuration - for both libtestdriver1 and main library, # as they should have the same PSA_WANT macros. helper_libtestdriver1_adjust_config() { + BASE_CONFIG=$1 + # Select the base configuration + if [ "$BASE_CONFIG" != "default" ]; then + scripts/config.py "$BASE_CONFIG" + fi + + # Enable PSA-based config (necessary to use drivers) + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having # partial support for cipher operations in the driver test library. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER @@ -2143,22 +2159,11 @@ component_test_psa_crypto_config_accel_ecdsa () { # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # ------------------------------------------- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - # Configure and build the main libraries - # -------------------------------------- - - # Start from default config (no USE_PSA) + driver support + TLS 1.3 - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 + # Start from default config (no TLS 1.3, no USE_PSA) + helper_libtestdriver1_adjust_config "default" # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDSA_C @@ -2167,7 +2172,14 @@ component_test_psa_crypto_config_accel_ecdsa () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - # Build the library + # Build + # ----- + + # These hashes are needed for some ECDSA signature tests. + loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2186,18 +2198,11 @@ component_test_psa_crypto_config_accel_ecdh () { # Algorithms and key types to accelerate loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- - - # Start from default config (no USE_PSA or TLS 1.3) - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + # Start from default config (no TLS 1.3, no USE_PSA) + helper_libtestdriver1_adjust_config "default" # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C @@ -2209,7 +2214,11 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - # Build the main library + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2228,18 +2237,11 @@ component_test_psa_crypto_config_accel_ffdh () { # Algorithms and key types to accelerate loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- - - # Start from default config (no USE_PSA or TLS 1.3) - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + # Start from default config (no TLS 1.3, no USE_PSA) + helper_libtestdriver1_adjust_config "default" # Disable the module that's accelerated scripts/config.py unset MBEDTLS_DHM_C @@ -2248,7 +2250,11 @@ component_test_psa_crypto_config_accel_ffdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - # Build the main library + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2266,19 +2272,10 @@ component_test_psa_crypto_config_accel_pake() { loc_accel_list="ALG_JPAKE" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- - - # Start with full - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "full" # Make built-in fallback not available scripts/config.py unset MBEDTLS_ECJPAKE_C @@ -2288,6 +2285,11 @@ component_test_psa_crypto_config_accel_pake() { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2314,9 +2316,7 @@ component_test_psa_crypto_config_accel_pake() { config_psa_crypto_config_all_ec_algs_use_psa () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) - scripts/config.py full - # enable support for drivers and configuring PSA-only algorithms - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "full" if [ "$DRIVER_ONLY" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C @@ -2344,18 +2344,8 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { ALG_JPAKE \ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" - helper_libtestdriver1_adjust_config - - # Configure and build the test driver library - # ------------------------------------------- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - # Configure and build the main libraries with drivers enabled - # ----------------------------------------------------------- + # Configure + # --------- # Use the same config as reference, only without built-in EC algs config_psa_crypto_config_all_ec_algs_use_psa 1 @@ -2364,7 +2354,13 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # (will soon be auto-enabled in build_info.h) echo '#define MBEDTLS_ECP_LIGHT' >> include/mbedtls/mbedtls_config.h - # Build the library + # Build + # ----- + + # These hashes are needed for some ECDSA signature tests. + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) @@ -2387,9 +2383,6 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { component_test_psa_crypto_config_reference_all_ec_algs_use_psa () { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA" - # To be aligned with component_test_psa_crypto_config_accel_all_ec_algs_use_psa() - helper_libtestdriver1_adjust_config - config_psa_crypto_config_all_ec_algs_use_psa 0 make @@ -2418,7 +2411,8 @@ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () { DRIVER_ONLY="$1" # start with crypto_full config for maximum coverage (also enables USE_PSA), # but excluding X509, TLS and key exchanges - scripts/config.py crypto_full + helper_libtestdriver1_adjust_config "crypto_full" + # enable support for drivers and configuring PSA-only algorithms scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG if [ "$DRIVER_ONLY" -eq 1 ]; then @@ -2455,9 +2449,6 @@ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - # Adjustments for the test driver library - helper_libtestdriver1_adjust_config - # Disable PSA_WANT symbols that would re-enable PK scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @@ -2480,13 +2471,14 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () { ALG_JPAKE \ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" - helper_libtestdriver1_adjust_config + # Configure + # --------- # Set common configurations between library's and driver's builds config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 1 - # Configure and build the test driver library - # ------------------------------------------- + # Build + # ----- # Things we wanted supported in libtestdriver1, but not accelerated in the main library: # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. @@ -2494,10 +2486,6 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () { helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - # Configure and build the main libraries with drivers enabled - # ----------------------------------------------------------- - - # Build the library helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) @@ -2549,29 +2537,10 @@ psa_crypto_config_accel_all_curves_except_one () { ALG_JPAKE \ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # -------------------------------------------- - - # RSA support is intentionally disabled on this test (see below for - # explanation) so lets disable it also on the driver side - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f include/psa/crypto_config.h unset $ALG - done - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - # Configure and build the main libraries - # --------------------------------------- - - # full config (includes USE_PSA, TLS 1.3 and driver support) - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "full" # Dynamic secure element support is a deprecated feature and needs to be disabled here. # This is done to have the same form of psa_key_attributes_s for libdriver and library. @@ -2591,6 +2560,12 @@ psa_crypto_config_accel_all_curves_except_one () { scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT + # Disable RSA on the PSA side too + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + scripts/config.py -f include/psa/crypto_config.h unset $ALG + done # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED @@ -2611,6 +2586,13 @@ psa_crypto_config_accel_all_curves_except_one () { loc_accel_list="$loc_accel_list $CURVE" done + # Build + # ----- + + # These hashes are needed for some ECDSA signature tests. + loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" + # build and link with test drivers helper_libtestdriver1_make_main "$loc_accel_list" @@ -2653,10 +2635,11 @@ component_test_psa_crypto_config_accel_rsa_signature () { loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # ------------------------------------------- + # Start from default config (no TLS 1.3, no USE_PSA) + helper_libtestdriver1_adjust_config "default" # It seems it is not possible to remove only the support for RSA signature # in the library. Thus we have to remove all RSA support (signature and @@ -2682,21 +2665,6 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C - # We need PEM parsing in the test library as well to support the import - # of PEM encoded RSA keys. - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C - - # These hashes are needed for some RSA-PSS signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - # Configure and build the test driver library - # ------------------------------------------- - - # Start from default config (no TLS 1.3, no USE_PSA) - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - # Remove RSA support and its dependencies scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_PKCS1_V21 @@ -2714,7 +2682,18 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING - # Build the library + # We need PEM parsing in the test library as well to support the import + # of PEM encoded RSA keys. + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C + + # Build + # ----- + + # These hashes are needed for some RSA-PSS signature tests. + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2733,18 +2712,11 @@ component_test_psa_crypto_config_accel_hash () { loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - helper_libtestdriver1_adjust_config - - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- + # Configure + # --------- # Start from default config (no TLS 1.3, no USE_PSA) - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "default" # Disable the things that are being accelerated scripts/config.py unset MBEDTLS_MD5_C @@ -2755,6 +2727,11 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # There's a risk of something getting re-enabled via config_psa.h; @@ -2779,13 +2756,11 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - helper_libtestdriver1_adjust_config + # Start from default config (no TLS 1.3, no USE_PSA) + helper_libtestdriver1_adjust_config "default" - # build the drivers library helper_libtestdriver1_make_drivers "$loc_accel_list" - # configure and build the main libraires - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG helper_libtestdriver1_make_main "$loc_accel_list" msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" @@ -2796,9 +2771,7 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { config_psa_crypto_hash_use_psa () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) - scripts/config.py full - # enable support for drivers and configuring PSA-only algorithms - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "full" if [ "$DRIVER_ONLY" -eq 1 ]; then # disable the built-in implementation of hashes scripts/config.py unset MBEDTLS_MD5_C @@ -2825,18 +2798,16 @@ component_test_psa_crypto_config_accel_hash_use_psa () { loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" - helper_libtestdriver1_adjust_config - - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- + # Configure + # --------- config_psa_crypto_hash_use_psa 1 + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # There's a risk of something getting re-enabled via config_psa.h; @@ -2872,9 +2843,6 @@ component_test_psa_crypto_config_accel_hash_use_psa () { component_test_psa_crypto_config_reference_hash_use_psa() { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" - # To be aligned with the accelerated component - helper_libtestdriver1_adjust_config - config_psa_crypto_hash_use_psa 0 make @@ -2891,10 +2859,11 @@ component_test_psa_crypto_config_accel_cipher () { loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" - # Common config for drivers and main libraries - # -------------------------------------------- + # Configure + # --------- - helper_libtestdriver1_adjust_config + # Start from the default config (no TLS 1.3, no USE_PSA) + helper_libtestdriver1_adjust_config "default" # There is no intended accelerator support for ALG CMAC. Therefore, asking # for it in the build implies the inclusion of the Mbed TLS cipher @@ -2904,17 +2873,7 @@ component_test_psa_crypto_config_accel_cipher () { # already disabled by helper_libtestdriver1_adjust_config above.) scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- - - # Start from the default config (no TLS 1.3, no USE_PSA) - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - + # Disable the things that are being accelerated scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR @@ -2923,6 +2882,11 @@ component_test_psa_crypto_config_accel_cipher () { scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2940,19 +2904,13 @@ component_test_psa_crypto_config_accel_aead () { loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - helper_libtestdriver1_adjust_config - - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- + # Configure + # --------- # Start from default config (no TLS 1.3, no USE_PSA) - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "default" + # Disable things that are being accelerated scripts/config.py unset MBEDTLS_GCM_C scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CHACHAPOLY_C @@ -2960,6 +2918,11 @@ component_test_psa_crypto_config_accel_aead () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) @@ -2979,19 +2942,10 @@ component_test_psa_crypto_config_accel_pake() { loc_accel_list="ALG_JPAKE" - helper_libtestdriver1_adjust_config + # Configure + # --------- - # Configure and build the test driver library - # ------------------------------------------- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - # Configure and build the main libraries - # -------------------------------------- - - # Start with full - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + helper_libtestdriver1_adjust_config "full" # Make build-in fallback not available scripts/config.py unset MBEDTLS_ECJPAKE_C @@ -3001,7 +2955,11 @@ component_test_psa_crypto_config_accel_pake() { # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - # Build the library + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) From 2336c8e929611da608d6a044a2062da204d4ccbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 17:17:54 +0200 Subject: [PATCH 10/13] Make -SE_C part of adjust_config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several components needed to remove it, with the same comment every time. It's probably just chance that other components happened to work despite it being enabled. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5fc70c076c..bf72ff5897 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -811,7 +811,7 @@ pre_generate_files() { # 2a. Call helper_libtestdriver1_adjust_config , where the argument # can be either "default" to start with the default config, or a name # supported by scripts/config.py (for example, "full"). This selects -# the base to use, and make common adjustments. +# the base to use, and makes common adjustments. # 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h. # These changes affect both the driver and the main libraries. # (Note: they need to have the same set of PSA_WANT symbols, as that @@ -856,6 +856,10 @@ helper_libtestdriver1_adjust_config() { # partial support for cipher operations in the driver test library. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + # Dynamic secure element support is a deprecated feature and needs to be disabled here. + # This is done to have the same form of psa_key_attributes_s for libdriver and library. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C } # Build the drivers library libtestdriver1.a (with ASan). @@ -2281,10 +2285,6 @@ component_test_psa_crypto_config_accel_pake() { scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - # Build # ----- @@ -2329,9 +2329,6 @@ config_psa_crypto_config_all_ec_algs_use_psa () { # the future, the following line could be removed (see issues # 6061, 6332 and following ones) scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C } # Keep in sync with component_test_psa_crypto_config_reference_all_ec_algs_use_psa @@ -2445,9 +2442,6 @@ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () { # the future, the following line could be removed (see issues # 6061, 6332 and following ones) scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C # Disable PSA_WANT symbols that would re-enable PK scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @@ -2542,10 +2536,6 @@ psa_crypto_config_accel_all_curves_except_one () { helper_libtestdriver1_adjust_config "full" - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - # restartable is not yet supported in PSA scripts/config.py unset MBEDTLS_ECP_RESTARTABLE @@ -2784,10 +2774,6 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT fi - - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C } # Note that component_test_psa_crypto_config_reference_hash_use_psa @@ -2951,10 +2937,6 @@ component_test_psa_crypto_config_accel_pake() { scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - # Build # ----- From aed1d7875abfc1ab9a83d0a40413a61580b51b9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 17:22:24 +0200 Subject: [PATCH 11/13] Remove references to non-existing options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We no longer support TLS 1.0, TLS 1.1 or CBC record splitting since 3.0, but those where still referenced here. While at it, group things in a more logical way in this component. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bf72ff5897..b71fd124b5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2639,6 +2639,17 @@ component_test_psa_crypto_config_accel_rsa_signature () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + # Remove RSA support and its dependencies + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + # Make sure both the library and the test library support the SHA hash # algorithms and only those ones (SHA256 is included by default). That way: # - the test library can compute the RSA signatures even in the case of a @@ -2651,26 +2662,11 @@ component_test_psa_crypto_config_accel_rsa_signature () { # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash # algorithm based on the hashes supported by the library is also # supported by the test library. - # Disabled unwanted hashes here, we'll enable hashes we want in loc_accel_flags. + # Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C - - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 - scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING # We need PEM parsing in the test library as well to support the import # of PEM encoded RSA keys. From f8930e2c8008f6e6d056dd21d2b55dd5f6a5d703 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 13 Jun 2023 09:51:32 +0200 Subject: [PATCH 12/13] Fix special-case with all curves except one. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b71fd124b5..f0d50d42a5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2571,9 +2571,13 @@ psa_crypto_config_accel_all_curves_except_one () { # build with ECP_C. scripts/config.py set $BUILTIN_CURVE # Accelerate all curves listed in "crypto_config.h" (skipping the ones that - # are commented out) + # are commented out). + # Note: Those are handled in a special way by the libtestdriver machinery, + # so we only want to include them in the accel list when building the main + # libraries, hence the use of a separate variable. + loc_curve_list="" for CURVE in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - loc_accel_list="$loc_accel_list $CURVE" + loc_curve_list="$loc_curve_list $CURVE" done # Build @@ -2583,8 +2587,8 @@ psa_crypto_config_accel_all_curves_except_one () { loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - # build and link with test drivers - helper_libtestdriver1_make_main "$loc_accel_list" + # (See above regarding loc_curve_list.) + helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" # make sure excluded modules were not auto-re-enabled by accident not grep mbedtls_ecdh_ library/ecdh.o From 8d645dcd774ec6349e67e55319c797b5f1c0d79a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 15 Jun 2023 09:07:10 +0200 Subject: [PATCH 13/13] Fix unintentional config reduction in prev commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f0d50d42a5..8e72bbfa99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2166,8 +2166,9 @@ component_test_psa_crypto_config_accel_ecdsa () { # Configure # --------- - # Start from default config (no TLS 1.3, no USE_PSA) + # Start from default config (no USE_PSA) + TLS 1.3 helper_libtestdriver1_adjust_config "default" + scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDSA_C