mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-28 18:32:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test partial ECC creation support: switch to MBEDTLS_USE_PSA_CRYPTO

Browse Source 
With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE disabled, test TLS 1.3 and
USE_PSA TLS 1.2.

With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE disabled, just test crypto,
because the TLS code needs that to generate ephemeral ECDH keys but this is
not tracked properly (the ephemeral ECDH code is only gated on having ECDH).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-20 16:07:09 +02:00
parent f0abbb4f1a
commit fef912c30b
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
tests/scripts/components-configuration-crypto.sh
View File

@ -1495,17 +1495,17 @@ component_test_tfm_config_no_p256m () {
# - component_test_psa_ecc_key_pair_no_generate # - component_test_psa_ecc_key_pair_no_generate
# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols # The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols
# enabled, but one. Input arguments are as follows: # enabled, but one. Input arguments are as follows:
# - $1 is the key type under test, i.e. ECC/RSA/DH # - $1 is the configuration to start from
# - $2 is the key option to be unset (i.e. generate, derive, etc) # - $2 is the key type under test, i.e. ECC/RSA/DH
# - $3 is the key option to be unset (i.e. generate, derive, etc)
build_and_test_psa_want_key_pair_partial () { build_and_test_psa_want_key_pair_partial () {
key_type=$1 base_config=$1
unset_option=$2 key_type=$2
unset_option=$3
disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}" disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" msg "build: $base_config - ${disabled_psa_want}"
scripts/config.py full scripts/config.py "$base_config"
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
# crypto_config.h so we just disable the one we don't want. # crypto_config.h so we just disable the one we don't want.
@ -1513,16 +1513,20 @@ build_and_test_psa_want_key_pair_partial () {
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" msg "test: $base_config - ${disabled_psa_want}"
make test make test
} }
component_test_psa_ecc_key_pair_no_derive () { component_test_psa_ecc_key_pair_no_derive () {
build_and_test_psa_want_key_pair_partial "ECC" "DERIVE" build_and_test_psa_want_key_pair_partial full "ECC" "DERIVE"
} }
component_test_psa_ecc_key_pair_no_generate () { component_test_psa_ecc_key_pair_no_generate () {
build_and_test_psa_want_key_pair_partial "ECC" "GENERATE" # TLS needs ECC key generation whenever ephemeral ECDH is enabled.
# We don't have proper guards for configurations with ECC key generation
# disabled (https://github.com/Mbed-TLS/mbedtls/issues/9481). Until
# then (if ever), just test the crypto part of the library.
build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE"
} }
config_psa_crypto_accel_rsa () { config_psa_crypto_accel_rsa () {