From a9c9deccb9d3c28d0858216a881114d96b2c9573 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 16:05:49 +0100 Subject: [PATCH 1/5] ecjpake: add tests for driver coverage analysis Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 30185ad65..1bab17c53 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2334,6 +2334,94 @@ component_test_psa_crypto_config_reference_ecdh_use_psa () { # ssl-opt.sh later when the accel component is ready } +# Auxiliary function to build config for EC JPAKE with and without drivers. +# +# This is used by the two following components to ensure they always use the +# same config, except for the use of driver or built-in ECJPAKE: +# - component_test_psa_crypto_config_accel_ecjpake_use_psa; +# - component_test_psa_crypto_config_reference_ecjpake_use_psa. +# This support comparing their test coverage with analyze_outcomes.py. +config_psa_crypto_config_ecjpake_use_psa () { + DRIVER_ONLY="$1" + # start with config full for maximum coverage (also enables USE_PSA) + scripts/config.py full + # enable support for drivers and configuring PSA-only algorithms + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + if [ "$DRIVER_ONLY" -eq 1 ]; then + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_ECJPAKE_C + fi + # Disable things that depend on it (regardless of driver or built-in) + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + + # Dynamic secure element support is a deprecated feature and needs to be disabled here. + # This is done to have the same form of psa_key_attributes_s for libdriver and library. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C +} + +# Keep in sync with component_test_psa_crypto_config_reference_ecjpake_use_psa +component_test_psa_crypto_config_accel_ecjpake_use_psa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECJPAKE + USE_PSA" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="-O0 -g $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # -------------------------------------- + + # Use the same config as reference, only without built-in JPAKE + config_psa_crypto_config_ecjpake_use_psa 1 + + # Build the main library + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + #make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -O0 -g -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_ecjpake_ library/ecjpake.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated JPAKE + USE_PSA" + make test + + # ssl-opt will be added later. Please check issue 7255 for a list of + # follow up activities +} + +# Keep in sync with component_test_psa_crypto_config_accel_ecjpake_use_psa. +# Used by tests/scripts/analyze_outcomes.py for comparison purposes. +component_test_psa_crypto_config_reference_ecjpake_use_psa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECJPAKE + USE_PSA" + + # To be aligned with the accel component that needs this + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + config_psa_crypto_config_ecjpake_use_psa 0 + + make + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECJPAKE + USE_PSA" + make test + + # ssl-opt will be added later. Please check issue 7255 for a list of + # follow up activities +} + component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" From 60976169f6fe85ba58d9e7ac52e31f65ee9d8317 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 16:07:30 +0100 Subject: [PATCH 2/5] libtestdriver: add EC support when only ECJPAKE is accelarated Signed-off-by: Valerio Setti --- .../include/test/drivers/crypto_config_test_driver_extension.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 26c432cde..5b1a15ac7 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -253,6 +253,7 @@ #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) +#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 @@ -268,6 +269,7 @@ #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 #endif #endif +#endif #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 From d0fffc56c3d41df8c8cd5f00ca3bde04fbec95d5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 16:08:03 +0100 Subject: [PATCH 3/5] analyze_outcomes: add coverage test for ecjpake Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 3fd24e98d..2228b7214 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -195,6 +195,18 @@ TASKS = { } } }, + 'analyze_driver_vs_reference_ecjpake': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_ecjpake_use_psa', + 'component_driver': 'test_psa_crypto_config_accel_ecjpake_use_psa', + 'ignored_suites': [ + 'ecjpake', # the software implementation that's excluded + ], + 'ignored_tests': { + } + } + }, } def main(): From d8fb0af7ddb1e9aad6b5c9b038e138506bfc6dae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 Mar 2023 19:38:32 +0100 Subject: [PATCH 4/5] crypto_config_test_driver_extension: small reshape of guard symbols Signed-off-by: Valerio Setti --- .../test/drivers/crypto_config_test_driver_extension.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 5b1a15ac7..ff2abfb37 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -251,9 +251,9 @@ #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 #define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 @@ -268,8 +268,6 @@ #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 #endif -#endif -#endif #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 From 943f8ddf812c212418a7ca78bde5a3f76d0484c2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Mar 2023 16:47:17 +0100 Subject: [PATCH 5/5] test: remove leftovers from debug sessions Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1bab17c53..8da2da793 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2376,7 +2376,7 @@ component_test_psa_crypto_config_accel_ecjpake_use_psa () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="-O0 -g $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" # Configure and build the main libraries # -------------------------------------- @@ -2386,8 +2386,7 @@ component_test_psa_crypto_config_accel_ecjpake_use_psa () { # Build the main library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - #make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - make CFLAGS="$ASAN_CFLAGS -O0 -g -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecjpake_ library/ecjpake.o