From e662736f4cb77357aef7bc780f1bf077426259aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 27 Sep 2023 12:52:34 +0200 Subject: [PATCH 1/9] Rename macros for consistency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's spelled KEY_TYPE everywhere else. Signed-off-by: Manuel Pégourié-Gonnard --- .../mbedtls/config_adjust_legacy_from_psa.h | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index cb2dad4a7c..c91f64e36b 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -145,35 +145,35 @@ /* ECC: key types: is acceleration complete? */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC #endif #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC #endif #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES #endif #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES #endif #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES #endif /* Special case: we don't support cooked key derivation in drivers yet */ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \ (1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES +#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES #endif /* ECC: curves: enable built-ins as needed. @@ -185,7 +185,7 @@ */ #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_ECP_DP_BP256R1_ENABLED @@ -194,7 +194,7 @@ #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_ECP_DP_BP384R1_ENABLED @@ -203,7 +203,7 @@ #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 #define MBEDTLS_ECP_DP_BP512R1_ENABLED @@ -212,7 +212,7 @@ #if defined(PSA_WANT_ECC_MONTGOMERY_255) #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED @@ -221,7 +221,7 @@ #if defined(PSA_WANT_ECC_MONTGOMERY_448) #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 #define MBEDTLS_ECP_DP_CURVE448_ENABLED @@ -230,7 +230,7 @@ #if defined(PSA_WANT_ECC_SECP_R1_192) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -239,7 +239,7 @@ #if defined(PSA_WANT_ECC_SECP_R1_224) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED @@ -248,7 +248,7 @@ #if defined(PSA_WANT_ECC_SECP_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -257,7 +257,7 @@ #if defined(PSA_WANT_ECC_SECP_R1_384) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED @@ -266,7 +266,7 @@ #if defined(PSA_WANT_ECC_SECP_R1_521) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED @@ -275,7 +275,7 @@ #if defined(PSA_WANT_ECC_SECP_K1_192) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED @@ -284,7 +284,7 @@ #if defined(PSA_WANT_ECC_SECP_K1_224) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED @@ -295,7 +295,7 @@ #if defined(PSA_WANT_ECC_SECP_K1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED @@ -317,7 +317,7 @@ #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_HMAC_DRBG_C @@ -333,7 +333,7 @@ #if defined(PSA_WANT_ALG_ECDH) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC) #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 #define MBEDTLS_ECDH_C #define MBEDTLS_ECP_C @@ -344,7 +344,7 @@ #if defined(PSA_WANT_ALG_ECDSA) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC) #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 #define MBEDTLS_ECDSA_C #define MBEDTLS_ECP_C @@ -357,7 +357,7 @@ #if defined(PSA_WANT_ALG_JPAKE) #if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) || \ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ - defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) + defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC) #define MBEDTLS_PSA_BUILTIN_PAKE 1 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED From 822870bd5d7b1134748feec28d7538d9545aadde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 27 Sep 2023 12:57:37 +0200 Subject: [PATCH 2/9] Adjust handling of special case for DERIVE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/config_adjust_legacy_from_psa.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index c91f64e36b..71d9c083cd 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -171,8 +171,13 @@ #endif /* Special case: we don't support cooked key derivation in drivers yet */ +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE +#endif + +/* Note: the condition is always true as DERIVE can't be accelerated yet */ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \ - (1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)) + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES #endif @@ -421,9 +426,9 @@ #endif /* missing accel */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ -/* Special case: we don't support cooked key derivation in drivers yet */ +/* Note: the condition is always true as DERIVE can't be accelerated yet */ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#if 1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 #define MBEDTLS_ECP_LIGHT From 6be64f7d5ba133b64a92d541120b20b44d3b23d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 09:08:04 +0200 Subject: [PATCH 3/9] Use lowercase for local variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 132 +++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0b2acdc8af..b03b076454 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -428,9 +428,9 @@ err_msg() check_tools() { - for TOOL in "$@"; do - if ! `type "$TOOL" >/dev/null 2>&1`; then - err_msg "$TOOL not found!" + for tool in "$@"; do + if ! `type "$tool" >/dev/null 2>&1`; then + err_msg "$tool not found!" exit 1 fi done @@ -884,10 +884,10 @@ pre_generate_files() { # Adjust the configuration - for both libtestdriver1 and main library, # as they should have the same PSA_WANT macros. helper_libtestdriver1_adjust_config() { - BASE_CONFIG=$1 + base_config=$1 # Select the base configuration - if [ "$BASE_CONFIG" != "default" ]; then - scripts/config.py "$BASE_CONFIG" + if [ "$base_config" != "default" ]; then + scripts/config.py "$base_config" fi # Enable PSA-based config (necessary to use drivers) @@ -910,8 +910,8 @@ helper_disable_builtin_curves() { allowed_list="${1:-}" scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - for CURVE in $allowed_list; do - scripts/config.py set $CURVE + for curve in $allowed_list; do + scripts/config.py set $curve done } @@ -920,8 +920,8 @@ helper_disable_builtin_curves() { # in the following helpers. helper_get_psa_curve_list () { loc_list="" - for ITEM in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - loc_list="$loc_list $ITEM" + for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + loc_list="$loc_list $item" done echo "$loc_list" @@ -931,13 +931,13 @@ helper_get_psa_curve_list () { # is useful to easily get a list of key type symbols to accelerate. # The function accepts a single argument which is the key type: ECC, DH, RSA. helper_get_psa_key_type_list() { - KEY_TYPE="$1" + key_type="$1" loc_list="" - for ITEM in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${KEY_TYPE}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do + for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do # Skip DERIVE for elliptic keys since there is no driver dispatch for # it so it cannot be accelerated. - if [ "$ITEM" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then - loc_list="$loc_list $ITEM" + if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then + loc_list="$loc_list $item" fi done @@ -2589,14 +2589,14 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # - component_test_psa_crypto_config_accel_ecc_weirstrass_curves # - component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves common_test_psa_crypto_config_accel_ecc_some_curves () { - WEIERSTRASS=$1 - if [ $WEIERSTRASS -eq 1 ]; then - DESC="Weierstrass" + weierstrass=$1 + if [ $weierstrass -eq 1 ]; then + desc="Weierstrass" else - DESC="non-Weierstrass" + desc="non-Weierstrass" fi - msg "build: full with accelerated EC algs and $DESC curves" + msg "build: full with accelerated EC algs and $desc curves" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2611,17 +2611,17 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # helper_get_psa_curve_list that only keeps Weierstrass families. loc_weierstrass_list="" loc_non_weierstrass_list="" - for ITEM in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - case $ITEM in + for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + case $item in ECC_BRAINPOOL*|ECC_SECP*) - loc_weierstrass_list="$loc_weierstrass_list $ITEM" + loc_weierstrass_list="$loc_weierstrass_list $item" ;; *) - loc_non_weierstrass_list="$loc_non_weierstrass_list $ITEM" + loc_non_weierstrass_list="$loc_non_weierstrass_list $item" ;; esac done - if [ $WEIERSTRASS -eq 1 ]; then + if [ $weierstrass -eq 1 ]; then loc_curve_list=$loc_weierstrass_list else loc_curve_list=$loc_non_weierstrass_list @@ -2667,7 +2667,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # - functions with mxz in the name are specific to Montgomery curves # - ecp_muladd is specific to Weierstrass curves ##nm library/ecp.o | tee ecp.syms - if [ $WEIERSTRASS -eq 1 ]; then + if [ $weierstrass -eq 1 ]; then not grep mbedtls_ecp_muladd library/ecp.o grep mxz library/ecp.o else @@ -2676,7 +2676,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { fi # We expect ECDSA and ECJPAKE to be re-enabled only when # Weierstrass curves are not accelerated - if [ $WEIERSTRASS -eq 1 ]; then + if [ $weierstrass -eq 1 ]; then not grep mbedtls_ecdsa library/ecdsa.o not grep mbedtls_ecjpake library/ecjpake.o else @@ -2687,7 +2687,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Run the tests # ------------- - msg "test suites: full with accelerated EC algs and $DESC curves" + msg "test suites: full with accelerated EC algs and $desc curves" # does not work for PK (and above), see #8255 make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug } @@ -2712,10 +2712,10 @@ component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves () { # - component_test_psa_crypto_config_reference_ecc_ecp_light_only. # This supports comparing their test coverage with analyze_outcomes.py. config_psa_crypto_config_ecp_light_only () { - DRIVER_ONLY="$1" + driver_only="$1" # start with config full for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$DRIVER_ONLY" -eq 1 ]; then + if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDH_C @@ -2809,11 +2809,11 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { # PK_C and RSA_C are always disabled to ensure there is no remaining dependency # on the ECP module. config_psa_crypto_no_ecp_at_all () { - DRIVER_ONLY="$1" + driver_only="$1" # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$DRIVER_ONLY" -eq 1 ]; then + if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDH_C @@ -2927,12 +2927,12 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { # $2: a string value which states which components are tested. Allowed values # are "ECC" or "ECC_DH". config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { - DRIVER_ONLY="$1" - TEST_TARGET="$2" + driver_only="$1" + test_target="$2" # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$DRIVER_ONLY" -eq 1 ]; then + if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDH_C @@ -2963,7 +2963,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - if [ "$TEST_TARGET" = "ECC" ]; then + if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and # PSA sides, and also disable the key exchanges that depend on DHM. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH @@ -2974,7 +2974,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { else # When testing ECC and DH instead, we disable DHM and depending key # exchanges only in the accelerated build - if [ "$DRIVER_ONLY" -eq 1 ]; then + if [ "$driver_only" -eq 1 ]; then scripts/config.py unset MBEDTLS_DHM_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED @@ -2999,18 +2999,18 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { # common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers # coverage analysis in the "analyze_outcomes.py" script. common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - TEST_TARGET="$1" + test_target="$1" # This is an internal helper to simplify text message handling - if [ "$TEST_TARGET" = "ECC_DH" ]; then - ACCEL_TEXT="ECC/FFDH" - REMOVED_TEXT="ECP - DH" + if [ "$test_target" = "ECC_DH" ]; then + accel_text="ECC/FFDH" + removed_text="ECP - DH" else - ACCEL_TEXT="ECC" - REMOVED_TEXT="ECP" + accel_text="ECC" + removed_text="ECP" fi - msg "build: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM" + msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" # By default we accelerate all EC keys/algs loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -3018,7 +3018,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { ALG_JPAKE \ $(helper_get_psa_key_type_list "ECC")" # Optionally we can also add DH to the list of accelerated items - if [ "$TEST_TARGET" = "ECC_DH" ]; then + if [ "$test_target" = "ECC_DH" ]; then loc_accel_list="$loc_accel_list \ ALG_FFDH \ $(helper_get_psa_key_type_list "DH")" @@ -3033,7 +3033,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # --------- # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$TEST_TARGET" + config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" # Disable all the builtin curves. All the required algs are accelerated. helper_disable_builtin_curves @@ -3062,11 +3062,11 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # Run the tests # ------------- - msg "test suites: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - DHM - BIGNUM" + msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" make test - msg "ssl-opt: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM" + msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" tests/ssl-opt.sh } @@ -3082,25 +3082,25 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers' # coverage analysis in "analyze_outcomes.py" script. common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - TEST_TARGET="$1" + test_target="$1" # This is an internal helper to simplify text message handling - if [ "$TEST_TARGET" = "ECC_DH" ]; then - ACCEL_TEXT="ECC/FFDH" + if [ "$test_target" = "ECC_DH" ]; then + accel_text="ECC/FFDH" else - ACCEL_TEXT="ECC" + accel_text="ECC" fi - msg "build: full + non accelerated $ACCEL_TEXT algs + USE_PSA" + msg "build: full + non accelerated $accel_text algs + USE_PSA" - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$TEST_TARGET" + config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" make msg "test suites: full + non accelerated EC algs + USE_PSA" make test - msg "ssl-opt: full + non accelerated $ACCEL_TEXT algs + USE_PSA" + msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" tests/ssl-opt.sh } @@ -3228,14 +3228,14 @@ component_test_tfm_config() { # - build # - test only TLS (i.e. test_suite_tls and ssl-opt) build_full_minus_something_and_test_tls () { - SYMBOLS_TO_DISABLE="$1" + symbols_to_disable="$1" msg "build: full minus something, test TLS" scripts/config.py full - for SYM in $SYMBOLS_TO_DISABLE; do - echo "Disabling $SYM" - scripts/config.py unset $SYM + for sym in $symbols_to_disable; do + echo "Disabling $sym" + scripts/config.py unset $sym done make @@ -3264,22 +3264,22 @@ component_full_without_ecdhe_ecdsa_and_tls13 () { # - $1 is the key type under test, i.e. ECC/RSA/DH # - $2 is the key option to be unset (i.e. generate, derive, etc) build_and_test_psa_want_key_pair_partial() { - KEY_TYPE=$1 - UNSET_OPTION=$2 - DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}" + key_type=$1 + unset_option=$2 + disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}" - msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # crypto_config.h so we just disable the one we don't want. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$DISABLED_PSA_WANT" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}" + msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" make test } @@ -3484,10 +3484,10 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { # Auxiliary function to build config for hashes with and without drivers config_psa_crypto_hash_use_psa () { - DRIVER_ONLY="$1" + driver_only="$1" # start with config full for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$DRIVER_ONLY" -eq 1 ]; then + if [ "$driver_only" -eq 1 ]; then # disable the built-in implementation of hashes scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C From faea919365d0bcf7c3dbaf9f7159ba582962edaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 09:10:01 +0200 Subject: [PATCH 4/9] Fix typo: weiErstrass MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b03b076454..1d66f3ed42 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2586,8 +2586,8 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # Run tests with only (non-)Weierstrass accelerated # Common code used in: -# - component_test_psa_crypto_config_accel_ecc_weirstrass_curves -# - component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves +# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves +# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves common_test_psa_crypto_config_accel_ecc_some_curves () { weierstrass=$1 if [ $weierstrass -eq 1 ]; then @@ -2692,11 +2692,11 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug } -component_test_psa_crypto_config_accel_ecc_weirstrass_curves () { +component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { common_test_psa_crypto_config_accel_ecc_some_curves 1 } -component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves () { +component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () { common_test_psa_crypto_config_accel_ecc_some_curves 0 } From 842d3552b61d4473abf651a357cd5854afbb3e7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 09:29:43 +0200 Subject: [PATCH 5/9] Add check for unsupported partial key type acceleration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tested manually as follows: in component_test_psa_crypto_config_accel_ecc_some_key_types, modify loc_accel_list to remove one of the key types between helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main, and observe that the 2nd build fails with the expected #error. Note: removing one of the key types before helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to fail, which is quite acceptable, just not what we're trying to observe. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6a2f9d21a3..86598608b8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -125,6 +125,22 @@ #endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */ +/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`, + * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have + * all 4 of them. + */ +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md" +#endif /* not all of public, basic, import, export */ +#endif /* one of public, basic, import, export */ + #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif From 7f22f3478dbad9650aea482cac430b8ed3503a38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 09:46:22 +0200 Subject: [PATCH 6/9] Add check for unsupported partial curves acceleration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manual test: run test_psa_crypto_config_accel_ecc_non_weierstrass_curves or test_psa_crypto_config_accel_ecc_weierstrass_curves as they are now, observe it failing with the expected #error. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 86598608b8..e18e9a5fc6 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -141,6 +141,30 @@ #endif /* not all of public, basic, import, export */ #endif /* one of public, basic, import, export */ +/* Limitations on ECC curves acceleration: partial curve acceleration is only + * supported with crypto excluding PK, X.509 or TLS. + * Note: no need to check X.509 as it depends on PK. */ +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ + defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) +#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) +#if defined(MBEDTLS_PK_C) || \ + defined(MBEDTLS_SSL_TLS_C) +#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md" +#endif /* modules beyond what's supported */ +#endif /* not all curves accelerated */ +#endif /* some curve accelerated */ + #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif From c0c9b23b23e1ee4052631c7e85ce80c4ae99fec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 10:05:57 +0200 Subject: [PATCH 7/9] Test only what's support with partial curves accel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1d66f3ed42..da58909892 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2596,7 +2596,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { desc="non-Weierstrass" fi - msg "build: full with accelerated EC algs and $desc curves" + msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2630,8 +2630,18 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Configure # --------- - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" + # Start with config crypto_full and remove PK_C: + # that's what's supported now, see docs/driver-only-builds.md. + helper_libtestdriver1_adjust_config "crypto_full" + scripts/config.py unset MBEDTLS_PK_C + scripts/config.py unset MBEDTLS_PK_PARSE_C + scripts/config.py unset MBEDTLS_PK_WRITE_C + # We need to disable RSA too or PK will be re-enabled. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C @@ -2687,9 +2697,8 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Run the tests # ------------- - msg "test suites: full with accelerated EC algs and $desc curves" - # does not work for PK (and above), see #8255 - make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug + msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" + make test } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { From 680b48e6b5934cf9d8a02c7f125cede0875b1fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 12:49:23 +0200 Subject: [PATCH 8/9] Update list of ECC key types in user-config-for-test.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/configs/user-config-for-test.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index 9151532c69..a9386a2369 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -52,7 +52,11 @@ * the test driver implemented. */ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES #define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR #define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING #define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 From 3b2357cdca0f3274f79e986690c55e3d6ca2fa30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 12:50:15 +0200 Subject: [PATCH 9/9] Remove components that partially accelerate ECC keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These are build-only components so this was never supported for sure. Let's stick to what's really tested for now, and expand later (with proper testing!) if there's demand for more flexibility. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index da58909892..7cc3cefe87 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3712,33 +3712,6 @@ component_build_psa_accel_alg_ecdh() { make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } -# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. -component_build_psa_accel_key_type_ecc_key_pair() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set-all "PSA_WANT_KEY_TYPE_ECC_[0-9A-Z_a-z]*" - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. -component_build_psa_accel_key_type_ecc_public_key() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" -} - # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. component_build_psa_accel_alg_hmac() { msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"