mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-03 01:20:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #8264 from mpg/follow-up-8075

Browse Source 
Follow up to 8075
This commit is contained in:
Dave Rodgman 2023-09-28 17:32:12 +00:00 committed by GitHub
commit b51f3da354
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 161 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
include/mbedtls/check_config.h
View File

@ -125,6 +125,46 @@
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
* `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
* all 4 of them.
*/
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md"
#endif /* not all of public, basic, import, export */
#endif /* one of public, basic, import, export */
/* Limitations on ECC curves acceleration: partial curve acceleration is only
* supported with crypto excluding PK, X.509 or TLS.
* Note: no need to check X.509 as it depends on PK. */
#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
#if defined(MBEDTLS_PK_C) || \
defined(MBEDTLS_SSL_TLS_C)
#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
#endif /* modules beyond what's supported */
#endif /* not all curves accelerated */
#endif /* some curve accelerated */
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif #endif

61
include/mbedtls/config_adjust_legacy_from_psa.h
View File

@ -159,35 +159,40 @@
/* ECC: key types: is acceleration complete? */ /* ECC: key types: is acceleration complete? */
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
#endif #endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
#endif #endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#endif #endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#endif #endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#endif #endif
/* Special case: we don't support cooked key derivation in drivers yet */ /* Special case: we don't support cooked key derivation in drivers yet */
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
#endif
/* Note: the condition is always true as DERIVE can't be accelerated yet */
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
(1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)) !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#endif #endif
/* ECC: curves: enable built-ins as needed. /* ECC: curves: enable built-ins as needed.
@ -199,7 +204,7 @@
*/ */
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
#define MBEDTLS_ECP_DP_BP256R1_ENABLED #define MBEDTLS_ECP_DP_BP256R1_ENABLED
@ -208,7 +213,7 @@
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
#define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP384R1_ENABLED
@ -217,7 +222,7 @@
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
#define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED
@ -226,7 +231,7 @@
#if defined(PSA_WANT_ECC_MONTGOMERY_255) #if defined(PSA_WANT_ECC_MONTGOMERY_255)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
@ -235,7 +240,7 @@
#if defined(PSA_WANT_ECC_MONTGOMERY_448) #if defined(PSA_WANT_ECC_MONTGOMERY_448)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
#define MBEDTLS_ECP_DP_CURVE448_ENABLED #define MBEDTLS_ECP_DP_CURVE448_ENABLED
@ -244,7 +249,7 @@
#if defined(PSA_WANT_ECC_SECP_R1_192) #if defined(PSA_WANT_ECC_SECP_R1_192)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
@ -253,7 +258,7 @@
#if defined(PSA_WANT_ECC_SECP_R1_224) #if defined(PSA_WANT_ECC_SECP_R1_224)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
@ -262,7 +267,7 @@
#if defined(PSA_WANT_ECC_SECP_R1_256) #if defined(PSA_WANT_ECC_SECP_R1_256)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@ -271,7 +276,7 @@
#if defined(PSA_WANT_ECC_SECP_R1_384) #if defined(PSA_WANT_ECC_SECP_R1_384)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
@ -280,7 +285,7 @@
#if defined(PSA_WANT_ECC_SECP_R1_521) #if defined(PSA_WANT_ECC_SECP_R1_521)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
@ -289,7 +294,7 @@
#if defined(PSA_WANT_ECC_SECP_K1_192) #if defined(PSA_WANT_ECC_SECP_K1_192)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
@ -298,7 +303,7 @@
#if defined(PSA_WANT_ECC_SECP_K1_224) #if defined(PSA_WANT_ECC_SECP_K1_224)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@ -309,7 +314,7 @@
#if defined(PSA_WANT_ECC_SECP_K1_256) #if defined(PSA_WANT_ECC_SECP_K1_256)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
@ -331,7 +336,7 @@
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) || \ #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
#define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_HMAC_DRBG_C
@ -347,7 +352,7 @@
#if defined(PSA_WANT_ALG_ECDH) #if defined(PSA_WANT_ALG_ECDH)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) || \ #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
#define MBEDTLS_ECDH_C #define MBEDTLS_ECDH_C
#define MBEDTLS_ECP_C #define MBEDTLS_ECP_C
@ -358,7 +363,7 @@
#if defined(PSA_WANT_ALG_ECDSA) #if defined(PSA_WANT_ALG_ECDSA)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
#define MBEDTLS_ECDSA_C #define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C #define MBEDTLS_ECP_C
@ -371,7 +376,7 @@
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) || \ #if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) || \
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
#define MBEDTLS_PSA_BUILTIN_PAKE 1 #define MBEDTLS_PSA_BUILTIN_PAKE 1
#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@ -435,9 +440,9 @@
#endif /* missing accel */ #endif /* missing accel */
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
/* Special case: we don't support cooked key derivation in drivers yet */ /* Note: the condition is always true as DERIVE can't be accelerated yet */
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#if 1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
#define MBEDTLS_ECP_LIGHT #define MBEDTLS_ECP_LIGHT

6
tests/configs/user-config-for-test.h
View File

@ -52,7 +52,11 @@
* the test driver implemented. */ * the test driver implemented. */
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA #define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING #define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 #define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7

184
tests/scripts/all.sh
View File

@ -428,9 +428,9 @@ err_msg()
check_tools() check_tools()
{ {
for TOOL in "$@"; do for tool in "$@"; do
if ! `type "$TOOL" >/dev/null 2>&1`; then if ! `type "$tool" >/dev/null 2>&1`; then
err_msg "$TOOL not found!" err_msg "$tool not found!"
exit 1 exit 1
fi fi
done done
@ -884,10 +884,10 @@ pre_generate_files() {
# Adjust the configuration - for both libtestdriver1 and main library, # Adjust the configuration - for both libtestdriver1 and main library,
# as they should have the same PSA_WANT macros. # as they should have the same PSA_WANT macros.
helper_libtestdriver1_adjust_config() { helper_libtestdriver1_adjust_config() {
BASE_CONFIG=$1 base_config=$1
# Select the base configuration # Select the base configuration
if [ "$BASE_CONFIG" != "default" ]; then if [ "$base_config" != "default" ]; then
scripts/config.py "$BASE_CONFIG" scripts/config.py "$base_config"
fi fi
# Enable PSA-based config (necessary to use drivers) # Enable PSA-based config (necessary to use drivers)
@ -910,8 +910,8 @@ helper_disable_builtin_curves() {
allowed_list="${1:-}" allowed_list="${1:-}"
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
for CURVE in $allowed_list; do for curve in $allowed_list; do
scripts/config.py set $CURVE scripts/config.py set $curve
done done
} }
@ -920,8 +920,8 @@ helper_disable_builtin_curves() {
# in the following helpers. # in the following helpers.
helper_get_psa_curve_list () { helper_get_psa_curve_list () {
loc_list="" loc_list=""
for ITEM in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
loc_list="$loc_list $ITEM" loc_list="$loc_list $item"
done done
echo "$loc_list" echo "$loc_list"
@ -931,13 +931,13 @@ helper_get_psa_curve_list () {
# is useful to easily get a list of key type symbols to accelerate. # is useful to easily get a list of key type symbols to accelerate.
# The function accepts a single argument which is the key type: ECC, DH, RSA. # The function accepts a single argument which is the key type: ECC, DH, RSA.
helper_get_psa_key_type_list() { helper_get_psa_key_type_list() {
KEY_TYPE="$1" key_type="$1"
loc_list="" loc_list=""
for ITEM in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${KEY_TYPE}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
# Skip DERIVE for elliptic keys since there is no driver dispatch for # Skip DERIVE for elliptic keys since there is no driver dispatch for
# it so it cannot be accelerated. # it so it cannot be accelerated.
if [ "$ITEM" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
loc_list="$loc_list $ITEM" loc_list="$loc_list $item"
fi fi
done done
@ -2560,17 +2560,17 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
# Run tests with only (non-)Weierstrass accelerated # Run tests with only (non-)Weierstrass accelerated
# Common code used in: # Common code used in:
# - component_test_psa_crypto_config_accel_ecc_weirstrass_curves # - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
# - component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves # - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
common_test_psa_crypto_config_accel_ecc_some_curves () { common_test_psa_crypto_config_accel_ecc_some_curves () {
WEIERSTRASS=$1 weierstrass=$1
if [ $WEIERSTRASS -eq 1 ]; then if [ $weierstrass -eq 1 ]; then
DESC="Weierstrass" desc="Weierstrass"
else else
DESC="non-Weierstrass" desc="non-Weierstrass"
fi fi
msg "build: full with accelerated EC algs and $DESC curves" msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
# Algorithms and key types to accelerate # Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@ -2585,17 +2585,17 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
# helper_get_psa_curve_list that only keeps Weierstrass families. # helper_get_psa_curve_list that only keeps Weierstrass families.
loc_weierstrass_list="" loc_weierstrass_list=""
loc_non_weierstrass_list="" loc_non_weierstrass_list=""
for ITEM in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
case $ITEM in case $item in
ECC_BRAINPOOL*|ECC_SECP*) ECC_BRAINPOOL*|ECC_SECP*)
loc_weierstrass_list="$loc_weierstrass_list $ITEM" loc_weierstrass_list="$loc_weierstrass_list $item"
;; ;;
*) *)
loc_non_weierstrass_list="$loc_non_weierstrass_list $ITEM" loc_non_weierstrass_list="$loc_non_weierstrass_list $item"
;; ;;
esac esac
done done
if [ $WEIERSTRASS -eq 1 ]; then if [ $weierstrass -eq 1 ]; then
loc_curve_list=$loc_weierstrass_list loc_curve_list=$loc_weierstrass_list
else else
loc_curve_list=$loc_non_weierstrass_list loc_curve_list=$loc_non_weierstrass_list
@ -2604,8 +2604,18 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
# Configure # Configure
# --------- # ---------
# start with config full for maximum coverage (also enables USE_PSA) # Start with config crypto_full and remove PK_C:
helper_libtestdriver1_adjust_config "full" # that's what's supported now, see docs/driver-only-builds.md.
helper_libtestdriver1_adjust_config "crypto_full"
scripts/config.py unset MBEDTLS_PK_C
scripts/config.py unset MBEDTLS_PK_PARSE_C
scripts/config.py unset MBEDTLS_PK_WRITE_C
# We need to disable RSA too or PK will be re-enabled.
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
# Disable modules that are accelerated - some will be re-enabled # Disable modules that are accelerated - some will be re-enabled
scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDSA_C
@ -2641,7 +2651,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
# - functions with mxz in the name are specific to Montgomery curves # - functions with mxz in the name are specific to Montgomery curves
# - ecp_muladd is specific to Weierstrass curves # - ecp_muladd is specific to Weierstrass curves
##nm library/ecp.o | tee ecp.syms ##nm library/ecp.o | tee ecp.syms
if [ $WEIERSTRASS -eq 1 ]; then if [ $weierstrass -eq 1 ]; then
not grep mbedtls_ecp_muladd library/ecp.o not grep mbedtls_ecp_muladd library/ecp.o
grep mxz library/ecp.o grep mxz library/ecp.o
else else
@ -2650,7 +2660,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
fi fi
# We expect ECDSA and ECJPAKE to be re-enabled only when # We expect ECDSA and ECJPAKE to be re-enabled only when
# Weierstrass curves are not accelerated # Weierstrass curves are not accelerated
if [ $WEIERSTRASS -eq 1 ]; then if [ $weierstrass -eq 1 ]; then
not grep mbedtls_ecdsa library/ecdsa.o not grep mbedtls_ecdsa library/ecdsa.o
not grep mbedtls_ecjpake library/ecjpake.o not grep mbedtls_ecjpake library/ecjpake.o
else else
@ -2661,16 +2671,15 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
# Run the tests # Run the tests
# ------------- # -------------
msg "test suites: full with accelerated EC algs and $DESC curves" msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
# does not work for PK (and above), see #8255 make test
make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug
} }
component_test_psa_crypto_config_accel_ecc_weirstrass_curves () { component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {
common_test_psa_crypto_config_accel_ecc_some_curves 1 common_test_psa_crypto_config_accel_ecc_some_curves 1
} }
component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves () { component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () {
common_test_psa_crypto_config_accel_ecc_some_curves 0 common_test_psa_crypto_config_accel_ecc_some_curves 0
} }
@ -2686,10 +2695,10 @@ component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves () {
# - component_test_psa_crypto_config_reference_ecc_ecp_light_only. # - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
# This supports comparing their test coverage with analyze_outcomes.py. # This supports comparing their test coverage with analyze_outcomes.py.
config_psa_crypto_config_ecp_light_only () { config_psa_crypto_config_ecp_light_only () {
DRIVER_ONLY="$1" driver_only="$1"
# start with config full for maximum coverage (also enables USE_PSA) # start with config full for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full" helper_libtestdriver1_adjust_config "full"
if [ "$DRIVER_ONLY" -eq 1 ]; then if [ "$driver_only" -eq 1 ]; then
# Disable modules that are accelerated # Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDH_C
@ -2783,11 +2792,11 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
# PK_C and RSA_C are always disabled to ensure there is no remaining dependency # PK_C and RSA_C are always disabled to ensure there is no remaining dependency
# on the ECP module. # on the ECP module.
config_psa_crypto_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all () {
DRIVER_ONLY="$1" driver_only="$1"
# start with full config for maximum coverage (also enables USE_PSA) # start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full" helper_libtestdriver1_adjust_config "full"
if [ "$DRIVER_ONLY" -eq 1 ]; then if [ "$driver_only" -eq 1 ]; then
# Disable modules that are accelerated # Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDH_C
@ -2901,12 +2910,12 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
# $2: a string value which states which components are tested. Allowed values # $2: a string value which states which components are tested. Allowed values
# are "ECC" or "ECC_DH". # are "ECC" or "ECC_DH".
config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
DRIVER_ONLY="$1" driver_only="$1"
TEST_TARGET="$2" test_target="$2"
# start with full config for maximum coverage (also enables USE_PSA) # start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full" helper_libtestdriver1_adjust_config "full"
if [ "$DRIVER_ONLY" -eq 1 ]; then if [ "$driver_only" -eq 1 ]; then
# Disable modules that are accelerated # Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDH_C
@ -2937,7 +2946,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
if [ "$TEST_TARGET" = "ECC" ]; then if [ "$test_target" = "ECC" ]; then
# When testing ECC only, we disable FFDH support, both from builtin and # When testing ECC only, we disable FFDH support, both from builtin and
# PSA sides, and also disable the key exchanges that depend on DHM. # PSA sides, and also disable the key exchanges that depend on DHM.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
@ -2948,7 +2957,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
else else
# When testing ECC and DH instead, we disable DHM and depending key # When testing ECC and DH instead, we disable DHM and depending key
# exchanges only in the accelerated build # exchanges only in the accelerated build
if [ "$DRIVER_ONLY" -eq 1 ]; then if [ "$driver_only" -eq 1 ]; then
scripts/config.py unset MBEDTLS_DHM_C scripts/config.py unset MBEDTLS_DHM_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@ -2973,18 +2982,18 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers # common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
# coverage analysis in the "analyze_outcomes.py" script. # coverage analysis in the "analyze_outcomes.py" script.
common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
TEST_TARGET="$1" test_target="$1"
# This is an internal helper to simplify text message handling # This is an internal helper to simplify text message handling
if [ "$TEST_TARGET" = "ECC_DH" ]; then if [ "$test_target" = "ECC_DH" ]; then
ACCEL_TEXT="ECC/FFDH" accel_text="ECC/FFDH"
REMOVED_TEXT="ECP - DH" removed_text="ECP - DH"
else else
ACCEL_TEXT="ECC" accel_text="ECC"
REMOVED_TEXT="ECP" removed_text="ECP"
fi fi
msg "build: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM" msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
# By default we accelerate all EC keys/algs # By default we accelerate all EC keys/algs
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@ -2992,7 +3001,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
ALG_JPAKE \ ALG_JPAKE \
$(helper_get_psa_key_type_list "ECC")" $(helper_get_psa_key_type_list "ECC")"
# Optionally we can also add DH to the list of accelerated items # Optionally we can also add DH to the list of accelerated items
if [ "$TEST_TARGET" = "ECC_DH" ]; then if [ "$test_target" = "ECC_DH" ]; then
loc_accel_list="$loc_accel_list \ loc_accel_list="$loc_accel_list \
ALG_FFDH \ ALG_FFDH \
$(helper_get_psa_key_type_list "DH")" $(helper_get_psa_key_type_list "DH")"
@ -3007,7 +3016,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
# --------- # ---------
# Set common configurations between library's and driver's builds # Set common configurations between library's and driver's builds
config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$TEST_TARGET" config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
# Disable all the builtin curves. All the required algs are accelerated. # Disable all the builtin curves. All the required algs are accelerated.
helper_disable_builtin_curves helper_disable_builtin_curves
@ -3036,11 +3045,11 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
# Run the tests # Run the tests
# ------------- # -------------
msg "test suites: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - DHM - BIGNUM" msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
make test make test
msg "ssl-opt: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM" msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
tests/ssl-opt.sh tests/ssl-opt.sh
} }
@ -3056,25 +3065,25 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers' # common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
# coverage analysis in "analyze_outcomes.py" script. # coverage analysis in "analyze_outcomes.py" script.
common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
TEST_TARGET="$1" test_target="$1"
# This is an internal helper to simplify text message handling # This is an internal helper to simplify text message handling
if [ "$TEST_TARGET" = "ECC_DH" ]; then if [ "$test_target" = "ECC_DH" ]; then
ACCEL_TEXT="ECC/FFDH" accel_text="ECC/FFDH"
else else
ACCEL_TEXT="ECC" accel_text="ECC"
fi fi
msg "build: full + non accelerated $ACCEL_TEXT algs + USE_PSA" msg "build: full + non accelerated $accel_text algs + USE_PSA"
config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$TEST_TARGET" config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target"
make make
msg "test suites: full + non accelerated EC algs + USE_PSA" msg "test suites: full + non accelerated EC algs + USE_PSA"
make test make test
msg "ssl-opt: full + non accelerated $ACCEL_TEXT algs + USE_PSA" msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
tests/ssl-opt.sh tests/ssl-opt.sh
} }
@ -3189,14 +3198,14 @@ component_test_tfm_config() {
# - build # - build
# - test only TLS (i.e. test_suite_tls and ssl-opt) # - test only TLS (i.e. test_suite_tls and ssl-opt)
build_full_minus_something_and_test_tls () { build_full_minus_something_and_test_tls () {
SYMBOLS_TO_DISABLE="$1" symbols_to_disable="$1"
msg "build: full minus something, test TLS" msg "build: full minus something, test TLS"
scripts/config.py full scripts/config.py full
for SYM in $SYMBOLS_TO_DISABLE; do for sym in $symbols_to_disable; do
echo "Disabling $SYM" echo "Disabling $sym"
scripts/config.py unset $SYM scripts/config.py unset $sym
done done
make make
@ -3225,22 +3234,22 @@ component_full_without_ecdhe_ecdsa_and_tls13 () {
# - $1 is the key type under test, i.e. ECC/RSA/DH # - $1 is the key type under test, i.e. ECC/RSA/DH
# - $2 is the key option to be unset (i.e. generate, derive, etc) # - $2 is the key option to be unset (i.e. generate, derive, etc)
build_and_test_psa_want_key_pair_partial() { build_and_test_psa_want_key_pair_partial() {
KEY_TYPE=$1 key_type=$1
UNSET_OPTION=$2 unset_option=$2
DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}" disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}" msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
scripts/config.py full scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
# crypto_config.h so we just disable the one we don't want. # crypto_config.h so we just disable the one we don't want.
scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$DISABLED_PSA_WANT" scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}" msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
make test make test
} }
@ -3445,10 +3454,10 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () {
# Auxiliary function to build config for hashes with and without drivers # Auxiliary function to build config for hashes with and without drivers
config_psa_crypto_hash_use_psa () { config_psa_crypto_hash_use_psa () {
DRIVER_ONLY="$1" driver_only="$1"
# start with config full for maximum coverage (also enables USE_PSA) # start with config full for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full" helper_libtestdriver1_adjust_config "full"
if [ "$DRIVER_ONLY" -eq 1 ]; then if [ "$driver_only" -eq 1 ]; then
# disable the built-in implementation of hashes # disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C scripts/config.py unset MBEDTLS_RIPEMD160_C
@ -3664,33 +3673,6 @@ component_build_psa_accel_alg_ecdh() {
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
} }
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
component_build_psa_accel_key_type_ecc_key_pair() {
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set-all "PSA_WANT_KEY_TYPE_ECC_[0-9A-Z_a-z]*"
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
component_build_psa_accel_key_type_ecc_public_key() {
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
component_build_psa_accel_alg_hmac() { component_build_psa_accel_alg_hmac() {
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC" msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"