From e3095e7cb022ba92ed47a62761d97affac2e5607 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Dec 2022 10:09:53 +0100 Subject: [PATCH 1/7] Add comments to accel_ecdh component MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d..484bf809d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2063,8 +2063,8 @@ component_test_psa_crypto_config_accel_ecdsa () { loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" - # Configure and build the test driver library - # ------------------------------------------- + # Configure and build the main libraries + # -------------------------------------- # Start from default config (no USE_PSA) + driver support + TLS 1.3 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS @@ -2082,7 +2082,7 @@ component_test_psa_crypto_config_accel_ecdsa () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - # Make sure ECDSA was not re-enabled by accident (additive config) + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o # Run the tests @@ -2183,31 +2183,47 @@ component_test_psa_crypto_config_reference_ecdsa_use_psa () { component_test_psa_crypto_config_accel_ecdh () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having # partial support for cipher operations in the driver test library. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no USE_PSA or TLS 1.3) + driver support scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + + # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C + + # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + # Build the library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdh_ library/ecdh.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" make test } From 59a2b8fd57413ddfbb5b8f23938f20743bee11e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 12:42:31 +0100 Subject: [PATCH 2/7] Add component accel_ecdh_use_psa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 60 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 484bf809d..2cedb2142 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2092,7 +2092,7 @@ component_test_psa_crypto_config_accel_ecdsa () { make test } -# Auxiliary function to build config for hashes with and without drivers +# Auxiliary function to build config for ECDSA with and without drivers config_psa_crypto_config_ecdsa_use_psa () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) @@ -2228,6 +2228,64 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +component_test_psa_crypto_config_accel_ecdh_use_psa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # -------------------------------------- + + # Start from full config (USE_PSA and TLS 1.3) + driver support + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_ECDH_C + + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + # Note: the above two lines should be enough, but currently there's a bug + # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) + # when TLS 1.2 is also enabled, see #6848. + # So, as a temporary measure disable all of TLS 1.3. + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + + # Build the library + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_ecdh_ library/ecdh.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" + make test + + # ssl-opt.sh later (probably doesn't pass right now) +} + component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" From e91bcf31b630b1c44c1defe7952ce5845febe49d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 13:07:19 +0100 Subject: [PATCH 3/7] Add comparison of accel_ecdh_use_psa against ref MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With temporary exclusions to be lifted as follow-ups. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 76 ++++++++++++++++++++++--------- tests/scripts/analyze_outcomes.py | 17 +++++++ 2 files changed, 72 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2cedb2142..f90c27ea2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2228,6 +2228,40 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +# Auxiliary function to build config for ECDH with and without drivers +config_psa_crypto_config_ecdh_use_psa () { + DRIVER_ONLY="$1" + # start with config full for maximum coverage (also enables USE_PSA) + scripts/config.py full + # enable support for drivers and configuring PSA-only algorithms + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + if [ "$DRIVER_ONLY" -eq 1 ]; then + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_ECDH_C + fi + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + # Note: the above two lines should be enough, but currently there's a bug + # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) + # when TLS 1.2 is also enabled, see #6848. + # So, as a temporary measure disable all of TLS 1.3. + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE +} + +# Keep in sync with component_test_psa_crypto_config_reference_ecdh_use_psa component_test_psa_crypto_config_accel_ecdh_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" @@ -2248,27 +2282,8 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Configure and build the main libraries # -------------------------------------- - # Start from full config (USE_PSA and TLS 1.3) + driver support - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDH_C - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - # Note: the above two lines should be enough, but currently there's a bug - # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) - # when TLS 1.2 is also enabled, see #6848. - # So, as a temporary measure disable all of TLS 1.3. - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + # Use the same config as reference, only without built-in ECDH + config_psa_crypto_config_ecdh_use_psa 1 # Build the library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" @@ -2286,6 +2301,25 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # ssl-opt.sh later (probably doesn't pass right now) } +# Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa. +# Used by tests/scripts/analyze_outcomes.py for comparison purposes. +component_test_psa_crypto_config_reference_ecdh_use_psa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + + # To be aligned with the accel component that needs this + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + config_psa_crypto_config_ecdh_use_psa 0 + + make + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + make test + + # ssl-opt.sh later when the accel component is ready +} + component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 44c62f71f..7501ec383 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -183,6 +183,23 @@ TASKS = { } } }, + 'analyze_driver_vs_reference_ecdh': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_ecdh_use_psa', + 'component_driver': 'test_psa_crypto_config_accel_ecdh_use_psa', + 'ignored_suites': [ + 'ecdh', # the software implementation that's excluded + ], + 'ignored_tests': { + # temporary + 'test_suite_psa_crypto': [ + 'PSA key agreement setup: ECDH, unknown KDF', + 'PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw', + ], + } + } + }, } def main(): From d1c001aff7139b0daecfebcf23ea80dd8a639082 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 13:12:30 +0100 Subject: [PATCH 4/7] Fix some dependencies in test_suite_psa_crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/analyze_outcomes.py | 5 ----- tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7501ec383..3fd24e98d 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -192,11 +192,6 @@ TASKS = { 'ecdh', # the software implementation that's excluded ], 'ignored_tests': { - # temporary - 'test_suite_psa_crypto': [ - 'PSA key agreement setup: ECDH, unknown KDF', - 'PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw', - ], } } }, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c3561420b..d4a24b127 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1061,7 +1061,7 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MB raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECDH_C +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key policy: raw agreement, key specifies KDF @@ -6232,7 +6232,7 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECDH_C +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: bad key agreement algorithm From 0d1f5be6885737e6dffe570e117e9666f5aa3c12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 13:35:21 +0100 Subject: [PATCH 5/7] Add comment about shared config function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f90c27ea2..70a578398 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2228,7 +2228,13 @@ component_test_psa_crypto_config_accel_ecdh () { make test } -# Auxiliary function to build config for ECDH with and without drivers +# Auxiliary function to build config for ECDH with and without drivers. +# +# This is used by the two following components to ensure they always use the +# same config, except for the use of driver or built-in ECDH: +# - component_test_psa_crypto_config_accel_ecdh_use_psa; +# - component_test_psa_crypto_config_reference_ecdh_use_psa. +# This support comparing their test coverage with analyze_outcomes.py. config_psa_crypto_config_ecdh_use_psa () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) @@ -2240,7 +2246,7 @@ config_psa_crypto_config_ecdh_use_psa () { # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C fi - # Disable things that depend on it + # Disable things that depend on it (regardless of driver or built-in) scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -2296,7 +2302,8 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # ------------- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" - make test + #make test + tests/ssl-opt.sh # ssl-opt.sh later (probably doesn't pass right now) } From 07d92620d4dba04c7f3a2b1f35c5740ed0b958d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 13:37:21 +0100 Subject: [PATCH 6/7] Fix some message strings and comments in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 70a578398..fdf3e2cdc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2214,7 +2214,7 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - # Build the library + # Build the main library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" @@ -2291,7 +2291,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Use the same config as reference, only without built-in ECDH config_psa_crypto_config_ecdh_use_psa 1 - # Build the library + # Build the main library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" @@ -2301,7 +2301,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Run the tests # ------------- - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" #make test tests/ssl-opt.sh @@ -2311,7 +2311,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa. # Used by tests/scripts/analyze_outcomes.py for comparison purposes. component_test_psa_crypto_config_reference_ecdh_use_psa () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" # To be aligned with the accel component that needs this scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER @@ -2321,7 +2321,7 @@ component_test_psa_crypto_config_reference_ecdh_use_psa () { make - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" make test # ssl-opt.sh later when the accel component is ready From 86393db84da2bdb1ca0dabc702202fa22ef72fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 16:19:05 +0100 Subject: [PATCH 7/7] Revert local experiment. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was never meant to be committed here. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fdf3e2cdc..85fd1d847 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2302,8 +2302,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # ------------- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" - #make test - tests/ssl-opt.sh + make test # ssl-opt.sh later (probably doesn't pass right now) }