From 3a1b786d5d059f20ac9014801fe4543ace8a46be Mon Sep 17 00:00:00 2001 From: Ryan Date: Fri, 1 Mar 2024 17:24:04 +0000 Subject: [PATCH 1/5] Add a concurrent key generation test function Split into n threads, each thread will repeatedly generate, exercise and destroy a key. Then join the threads, and ensure using PSA_DONE that no keys still exist. Signed-off-by: Ryan Everett --- tests/suites/test_suite_psa_crypto.function | 117 ++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 09874a110d..114159799d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -28,6 +28,10 @@ #define TEST_DRIVER_LOCATION 0x7fffff #endif +#if defined(MBEDTLS_THREADING_PTHREAD) +#include "mbedtls/threading.h" +#endif + /* If this comes up, it's a bug in the test code or in the test data. */ #define UNUSED 0xdeadbeef @@ -1333,6 +1337,66 @@ exit: return 0; } +#if defined(MBEDTLS_THREADING_PTHREAD) +typedef struct generate_key_context { + psa_key_type_t type; + psa_key_usage_t usage; + size_t bits; + psa_algorithm_t alg; + psa_status_t expected_status; + psa_key_attributes_t *attributes; + int is_large_key; + int reps; +} +generate_key_context; +void *thread_generate_key(void *ctx) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; + generate_key_context *gkc = (struct generate_key_context *) ctx; + + /* If there are race conditions, it is likely the case that they do not + * arise every time the code runs. We repeat the code to increase the + * chance that any race conditions will be hit. */ + for (int n = 0; n < gkc->reps; n++) { + /* Generate a key */ + psa_status_t status = psa_generate_key(gkc->attributes, &key); + + if (gkc->is_large_key > 0) { + TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY); + } + + TEST_EQUAL(status, gkc->expected_status); + if (gkc->expected_status != PSA_SUCCESS) { + PSA_ASSERT(psa_destroy_key(key)); + goto exit; + } + + /* Test the key information */ + PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); + TEST_EQUAL(psa_get_key_type(&got_attributes), gkc->type); + TEST_EQUAL(psa_get_key_bits(&got_attributes), gkc->bits); + + /* Do something with the key according + * to its type and permitted usage. */ + if (!mbedtls_test_psa_exercise_key(key, gkc->usage, gkc->alg)) { + psa_destroy_key(key); + goto exit; + } + psa_reset_key_attributes(&got_attributes); + + PSA_ASSERT(psa_destroy_key(key)); + } +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&got_attributes); + return NULL; +} +#endif /* MBEDTLS_THREADING_PTHREAD */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -9783,6 +9847,59 @@ exit: } /* END_CASE */ +#if defined MBEDTLS_THREADING_PTHREAD + +/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ +void concurrently_generate_keys(int type_arg, + int bits_arg, + int usage_arg, + int alg_arg, + int expected_status_arg, + int is_large_key_arg, + int arg_thread_count, + int reps_arg) +{ + size_t thread_count = (size_t) arg_thread_count; + mbedtls_test_thread_t *threads = NULL; + generate_key_context gkc; + gkc.type = type_arg; + gkc.usage = usage_arg; + gkc.bits = bits_arg; + gkc.alg = alg_arg; + gkc.expected_status = expected_status_arg; + gkc.is_large_key = is_large_key_arg; + gkc.reps = reps_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, usage_arg); + psa_set_key_algorithm(&attributes, alg_arg); + psa_set_key_type(&attributes, type_arg); + psa_set_key_bits(&attributes, bits_arg); + gkc.attributes = &attributes; + + TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count); + + /* Split threads to generate key then destroy key. */ + for (size_t i = 0; i < thread_count; i++) { + TEST_EQUAL( + mbedtls_test_thread_create(&threads[i], thread_generate_key, + (void *) &gkc), 0); + } + + /* Join threads. */ + for (size_t i = 0; i < thread_count; i++) { + TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); + } + +exit: + mbedtls_free(threads); + PSA_DONE(); +} +/* END_CASE */ +#endif + /* BEGIN_CASE */ void generate_key(int type_arg, int bits_arg, From 2066d0451f2644606573c05f1c12d7eeebd49069 Mon Sep 17 00:00:00 2001 From: Ryan Date: Fri, 1 Mar 2024 17:25:54 +0000 Subject: [PATCH 2/5] Add test cases for concurrently_generate_keys For every generate_key test there is now a concurrently_generate_keys test. 8 threads per test, and 5 repetitions. Signed-off-by: Ryan Everett --- tests/suites/test_suite_psa_crypto.data | 144 ++++++++++++++++++++++++ 1 file changed, 144 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c55af03bd2..b633c6f60f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7532,6 +7532,150 @@ PSA generate key ext: ECC, params.data non-empty depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT +PSA concurrent key generation: bad type (RSA public key) +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 0 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 7 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation- raw data, 9 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 + +PSA concurrent key generation: raw data, 65536 bits (not supported) +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65536:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: AES, 128 bits, CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: AES, 128 bits, GCM +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 64 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 128 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 192 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: invalid key size: AES, 64 bits +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1032 bits, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, encrypt (OAEP SHA-256) +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 0 bits: invalid +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: RSA, size not multiple of 8: not supported +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: RSA, size not multiple of 2: not supported +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: RSA, maximum size exceeded +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: ECC, SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: ECC, SECP256R1, incorrect bit size +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD +# INVALID_ARGUMENT would make more sense, but our code as currently structured +# doesn't fully relate the curve with its size. +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: ECC, Curve25519, good +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: ECC, Curve448, good +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 2048 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 3072 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_3072:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 4096 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_4096:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 6144 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_6144:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 8192 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_8192:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 1024 bits, invalid bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5 + Key production parameters initializers key_production_parameters_init: From b0b3c0d80ab8c7c986a13d901c661bb7f4da1090 Mon Sep 17 00:00:00 2001 From: Ryan Date: Fri, 1 Mar 2024 17:30:12 +0000 Subject: [PATCH 3/5] Disable MBEDTLS_SELF_TEST in the TSan config Enabling this causes TSan warnings, as some self-tests use unprotected globals (see X_count variables in ecp.c). This isn't an issue, as these globals are only read in self tests, which do not use threads. Signed-off-by: Ryan Everett --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fcb465e0e4..2b7ed00746 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2198,6 +2198,8 @@ component_test_tsan () { scripts/config.py full scripts/config.py set MBEDTLS_THREADING_C scripts/config.py set MBEDTLS_THREADING_PTHREAD + # Self-tests do not currently use multiple threads. + scripts/config.py unset MBEDTLS_SELF_TEST CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . make From 16d5160504f05c76401b12702c6cfb3ef9549163 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 5 Mar 2024 14:54:28 +0000 Subject: [PATCH 4/5] Allow the use of threading dependancies in PSA tests. Signed-off-by: Paul Elliott --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2b7ed00746..99c1d49001 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1110,6 +1110,9 @@ component_check_test_dependencies () { echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected + # No PSA equivalent - required to run threaded tests. + echo "MBEDTLS_THREADING_C" >> $expected + echo "MBEDTLS_THREADING_PTHREAD" >> $expected # Compare reality with expectation. # We want an exact match, to ensure the above list remains up-to-date. From 63c1cf7eaaef45f99a29a93e35f10fc4b66e36a4 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 5 Mar 2024 17:35:16 +0000 Subject: [PATCH 5/5] Remove MBEDTLS_THREADING_C check in check_test_dependencies At the moment our tests only check for MBEDTLS_THREADIN_PTHREAD Signed-off-by: Ryan Everett --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 99c1d49001..9191f65c56 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1111,7 +1111,6 @@ component_check_test_dependencies () { # No PSA equivalent - needed by some init tests echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected # No PSA equivalent - required to run threaded tests. - echo "MBEDTLS_THREADING_C" >> $expected echo "MBEDTLS_THREADING_PTHREAD" >> $expected # Compare reality with expectation.