From db1156135243f292324d209ac81b48c9d83bd9f6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Oct 2024 09:56:08 +0200 Subject: [PATCH 1/9] Introduce config_adjust_test_accelerators.h As we move to PSA_CRYPTO_CONFIG always on, the way to configure the build with both the builtin drivers and the transparent test drivers (that are wrappers around the builtin drivers) cannot be done through the MBEDTLS_USER_CONFIG_FILE mechanism anymore. With this mechanism and PSA_CRYPTO_CONFIG enabled, the PSA_ACCEL_ macros are defined before including config_adjust_legacy_from_psa.h and the builtin implementations are removed. Thus, we will rather define the PSA_ACCEL_ just after the inclusion of config_adjust_legacy_from_psa.h through the dedicated config_adjust_test_accelerators.h header introduced by this commit. Signed-off-by: Ronald Cron --- tests/configs/user-config-for-test.h | 102 ------------- .../mbedtls/config_adjust_test_accelerators.h | 141 ++++++++++++++++++ 2 files changed, 141 insertions(+), 102 deletions(-) create mode 100644 tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index f40f83895f..e543297e59 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -10,108 +10,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#if defined(PSA_CRYPTO_DRIVER_TEST_ALL) -/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the - * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx - * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but - * here we arrange to have both active so that psa_crypto_*.c includes - * the built-in implementations and the driver code can call the built-in - * implementations. - * - * The point of this test mode is to verify that the - * driver entry points are called when they should be in a lightweight - * way, without requiring an actual driver. This is different from builds - * with libtestdriver1, where we make a copy of the library source code - * and use that as an external driver. - */ - -/* Enable the use of the test driver in the library, and build the generic - * part of the test driver. */ -#define PSA_CRYPTO_DRIVER_TEST - -/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the - * built-in implementations won't be enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#error \ - "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG" -#endif - -/* Use the accelerator driver for all cryptographic mechanisms for which - * the test driver is implemented. This is copied from psa/crypto_config.h - * with the parts not implemented by the test driver commented out. */ -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE -//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY - -#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING -#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 -#define MBEDTLS_PSA_ACCEL_ALG_CCM -#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG -#define MBEDTLS_PSA_ACCEL_ALG_CMAC -#define MBEDTLS_PSA_ACCEL_ALG_CFB -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 -#define MBEDTLS_PSA_ACCEL_ALG_CTR -#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING -#define MBEDTLS_PSA_ACCEL_ALG_ECDH -#define MBEDTLS_PSA_ACCEL_ALG_FFDH -#define MBEDTLS_PSA_ACCEL_ALG_ECDSA -#define MBEDTLS_PSA_ACCEL_ALG_JPAKE -#define MBEDTLS_PSA_ACCEL_ALG_GCM -//#define MBEDTLS_PSA_ACCEL_ALG_HKDF -//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT -//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND -#define MBEDTLS_PSA_ACCEL_ALG_HMAC -#define MBEDTLS_PSA_ACCEL_ALG_MD5 -#define MBEDTLS_PSA_ACCEL_ALG_OFB -//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC -//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 -#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS -#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 -#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 -#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 -#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 -#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 -#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER -//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF -//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS -//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS - -#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */ - - - #if defined(MBEDTLS_PSA_INJECT_ENTROPY) /* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h new file mode 100644 index 0000000000..3aa278ebac --- /dev/null +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -0,0 +1,141 @@ +/* + * \file mbedtls/config_adjust_test_accelerators.h + * \brief Declare the transparent test drivers as accelerators + * + * This is an internal header for test purposes only. Do not include it directly. + * + * As part of the transition to MBEDTLS_PSA_CRYPTO_CONFIG always on, the + * purpose of this header is to keep executing as long as necessary some + * driver-only related unit test cases when running the test_psa_crypto_drivers + * all.sh component (namely test cases in test_suite_block_cipher and + * test_suite_md.psa). It is expected that as the 4.x work progress these test + * cases will not be necessary anymore and: + * . test_psa_crypto_drivers scope is restricted to running the + * test_suite_psa_crypto_driver_wrappers test suite: test of the dispatch to + * drivers and fallbacks. + * . this file can be removed. + * + * This header is used as part of a build containing all the built-in drivers + * and all the transparent test drivers as wrappers around the built-in + * drivers. All the built-in drivers and the transparent test drivers are + * included in the build by starting from a full configuration (config.py full) + * and defining PSA_CRYPTO_DRIVER_TEST when building + * (make -DPSA_CRYPTO_DRIVER_TEST ...). + * + * The purpose of this header is to declare the transparent test drivers as + * accelerators just after infering the built-in drivers + * (config_adjust_legacy_from_psa.h). Not before the inclusion + * of config_adjust_legacy_from_psa.h in the build_info.h sequence of header + * inclusions as this would remove the built-in drivers. Just after to set up + * properly the internal macros introduced as part of the driver only work + * (mainly if not only in config_adjust_legacy_crypto.h). + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H +#define MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H + +#if defined(PSA_CRYPTO_DRIVER_TEST_ALL) +/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the + * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx + * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but + * here we arrange to have both active so that psa_crypto_*.c includes + * the built-in implementations and the driver code can call the built-in + * implementations. + * + * The point of this test mode is to verify that the + * driver entry points are called when they should be in a lightweight + * way, without requiring an actual driver. This is different from builds + * with libtestdriver1, where we make a copy of the library source code + * and use that as an external driver. + */ + +/* Enable the use of the test driver in the library, and build the generic + * part of the test driver. */ +#define PSA_CRYPTO_DRIVER_TEST + +/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the + * built-in implementations won't be enabled. */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#error \ + "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG" +#endif + +/* Use the accelerator driver for all cryptographic mechanisms for which + * the test driver is implemented. This is copied from psa/crypto_config.h + * with the parts not implemented by the test driver commented out. */ +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE +//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY + +#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING +#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#define MBEDTLS_PSA_ACCEL_ALG_CCM +#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG +#define MBEDTLS_PSA_ACCEL_ALG_CMAC +#define MBEDTLS_PSA_ACCEL_ALG_CFB +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 +#define MBEDTLS_PSA_ACCEL_ALG_CTR +#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING +#define MBEDTLS_PSA_ACCEL_ALG_ECDH +#define MBEDTLS_PSA_ACCEL_ALG_FFDH +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_JPAKE +#define MBEDTLS_PSA_ACCEL_ALG_GCM +//#define MBEDTLS_PSA_ACCEL_ALG_HKDF +//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT +//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND +#define MBEDTLS_PSA_ACCEL_ALG_HMAC +#define MBEDTLS_PSA_ACCEL_ALG_MD5 +#define MBEDTLS_PSA_ACCEL_ALG_OFB +//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC +//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 +#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS +#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 +#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER +//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF +//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS +//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS + +#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */ + +#endif /* MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H */ From 2b36f5f5ab29efb1dbef164602fbf8a664c067a9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Oct 2024 10:27:02 +0200 Subject: [PATCH 2/9] config_adjust_test_accelerators.h: Do not error if PSA_CRYPTO_CONFIG is ON That's the purpose of the changes, to have PSA_CRYPTO_CONFIG enabled. Signed-off-by: Ronald Cron --- .../include/mbedtls/config_adjust_test_accelerators.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index 3aa278ebac..32aa015242 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -57,13 +57,6 @@ * part of the test driver. */ #define PSA_CRYPTO_DRIVER_TEST -/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the - * built-in implementations won't be enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#error \ - "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG" -#endif - /* Use the accelerator driver for all cryptographic mechanisms for which * the test driver is implemented. This is copied from psa/crypto_config.h * with the parts not implemented by the test driver commented out. */ From e8a9258ff03d54f6b8eff0b5d8f930308bc8aa26 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Oct 2024 10:28:33 +0200 Subject: [PATCH 3/9] config_adjust_test_accelerators.h: Do not define PSA_CRYPTO_DRIVER_TEST PSA_CRYPTO_DRIVER_TEST needs to be defined upper in build_info.h sequence of definitions/ inclusions. Signed-off-by: Ronald Cron --- .../builtin/include/mbedtls/config_adjust_test_accelerators.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index 32aa015242..7b50936dc7 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -53,10 +53,6 @@ * and use that as an external driver. */ -/* Enable the use of the test driver in the library, and build the generic - * part of the test driver. */ -#define PSA_CRYPTO_DRIVER_TEST - /* Use the accelerator driver for all cryptographic mechanisms for which * the test driver is implemented. This is copied from psa/crypto_config.h * with the parts not implemented by the test driver commented out. */ From 1520875247a51eeb1ac564dc2c68c0ef1ce4fe36 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Oct 2024 09:52:57 +0200 Subject: [PATCH 4/9] config_adjust_test_accelerators.h: Error out if wrong usage Signed-off-by: Ronald Cron --- .../include/mbedtls/config_adjust_test_accelerators.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index 7b50936dc7..5f25879780 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -38,6 +38,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H #define MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif + #if defined(PSA_CRYPTO_DRIVER_TEST_ALL) /* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx From 67cc6a73aaefa12df1c81840f7a70b19b7b6a95f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Oct 2024 10:55:24 +0200 Subject: [PATCH 5/9] Use config_adjust_test_accelerators.h Use config_adjust_test_accelerators.h to adjust the configuration needed for test_psa_crypto_drivers all.sh component with PSA_CRYPTO_CONFIG enabled. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 4 +--- .../builtin/include/mbedtls/config_adjust_test_accelerators.h | 3 --- tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h | 3 +++ 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 74ebb793d7..07b6fa5a37 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2673,9 +2673,7 @@ component_test_full_static_keystore () { component_test_psa_crypto_drivers () { msg "build: full + test drivers dispatching to builtins" scripts/config.py full - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" - loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index 5f25879780..28718a08a2 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -46,7 +46,6 @@ "automatically at the right point." #endif -#if defined(PSA_CRYPTO_DRIVER_TEST_ALL) /* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but @@ -133,6 +132,4 @@ //#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS //#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS -#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */ - #endif /* MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h index 2520a9a53d..ed45dead4f 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h @@ -38,7 +38,10 @@ /* If we are implementing PSA crypto ourselves, then we want to enable the * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#if defined(MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS) +#include "mbedtls/config_adjust_test_accelerators.h" #endif +#endif /* MBEDTLS_PSA_CRYPTO_C */ #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ From a0afbfb2a4d2b87b7d8d517970f9962ccc6bbfd7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Oct 2024 13:20:31 +0200 Subject: [PATCH 6/9] Fix/Add documentation Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 9 +++++++++ .../mbedtls/config_adjust_test_accelerators.h | 16 +--------------- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 07b6fa5a37..0ccb2cefa3 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2671,6 +2671,15 @@ component_test_full_static_keystore () { } component_test_psa_crypto_drivers () { + # Test dispatch to drivers and fallbacks with + # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that + # are wrappers around the builtin drivers are activated by + # PSA_CRYPTO_DRIVER_TEST. + # + # For the time being, some test cases in test_suite_block_cipher and + # test_suite_md.psa rely on this component to be run at least once by the + # CI. This should disappear as we progress the 4.x work. See + # config_adjust_test_accelerators.h for more information. msg "build: full + test drivers dispatching to builtins" scripts/config.py full loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index 28718a08a2..bf3eb83a9c 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -46,21 +46,7 @@ "automatically at the right point." #endif -/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the - * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx - * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but - * here we arrange to have both active so that psa_crypto_*.c includes - * the built-in implementations and the driver code can call the built-in - * implementations. - * - * The point of this test mode is to verify that the - * driver entry points are called when they should be in a lightweight - * way, without requiring an actual driver. This is different from builds - * with libtestdriver1, where we make a copy of the library source code - * and use that as an external driver. - */ - -/* Use the accelerator driver for all cryptographic mechanisms for which +/* Declare the accelerator driver for all cryptographic mechanisms for which * the test driver is implemented. This is copied from psa/crypto_config.h * with the parts not implemented by the test driver commented out. */ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE From 360928af9d88a7c43cda7272d00e18d1badb8590 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Oct 2024 14:49:26 +0200 Subject: [PATCH 7/9] Pacify check_names.py Signed-off-by: Ronald Cron --- .../include/mbedtls/config_adjust_test_accelerators.h | 10 +++++----- .../drivers/builtin/include/mbedtls/config_psa.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index bf3eb83a9c..98f0e367d1 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -49,10 +49,10 @@ /* Declare the accelerator driver for all cryptographic mechanisms for which * the test driver is implemented. This is copied from psa/crypto_config.h * with the parts not implemented by the test driver commented out. */ -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE //no-check-names +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD //no-check-names +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH //no-check-names +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC //no-check-names #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA #define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA @@ -69,7 +69,7 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA //no-check-names #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h index ed45dead4f..86bcc80a7b 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h @@ -38,7 +38,7 @@ /* If we are implementing PSA crypto ourselves, then we want to enable the * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" -#if defined(MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS) +#if defined(MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS) //no-check-names #include "mbedtls/config_adjust_test_accelerators.h" #endif #endif /* MBEDTLS_PSA_CRYPTO_C */ From 6197cdf869368991f3e05239e3eba7c081237a0c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 16 Oct 2024 10:45:38 +0200 Subject: [PATCH 8/9] Fix comment Signed-off-by: Ronald Cron --- .../builtin/include/mbedtls/config_adjust_test_accelerators.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index 98f0e367d1..7d930427e6 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -20,7 +20,7 @@ * drivers. All the built-in drivers and the transparent test drivers are * included in the build by starting from a full configuration (config.py full) * and defining PSA_CRYPTO_DRIVER_TEST when building - * (make -DPSA_CRYPTO_DRIVER_TEST ...). + * (make CFLAGS="-DPSA_CRYPTO_DRIVER_TEST ..."). * * The purpose of this header is to declare the transparent test drivers as * accelerators just after infering the built-in drivers From ede04b34d1922a4c7e4c9c2955a984dbdecccc93 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 16 Oct 2024 10:47:15 +0200 Subject: [PATCH 9/9] Remove unnecessary -O2 compilation flag Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0ccb2cefa3..de8ab2d0ce 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2683,7 +2683,7 @@ component_test_psa_crypto_drivers () { msg "build: full + test drivers dispatching to builtins" scripts/config.py full loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" - loc_cflags="${loc_cflags} -I../tests/include -O2" + loc_cflags="${loc_cflags} -I../tests/include" make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"