From 54e3c6593e2958314567268b6ec7899994a7853e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 30 Jan 2023 13:01:36 +0100 Subject: [PATCH] Fix failures in signature accel test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The test driver library tries to only build what's necessary, but must use the same PSA_WANT macros as the main library. So, for things that are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the command line, in which case it undefines it and defineds BUILTIN instead. This negation happens in crypto_config_test_driver_extension.h and reflects the fact that what we want accelerated in the main library is what we want built-in in the driver library (and vice versa if we want to minimize the size of the driver library). So, the ACCEL symbols in inside the test driver library (while it's being built, not those on the command line) are a bit of a white lie: they don't actually mean "there's an accelerator for this" but instead "I won't include a built-in for this even though the corresponding PSA_WANT symbol is defined". This was quite harmless until MD started making dispatch decisions based on the ACCEL symbols: when it tries to dispatch to an accelerator that doesn't actually exist, things tend to go badly. The minimal fix for this is to change how we enable extra hashes in the test driver library: by defining the ACCEL symbol on the command line, in the build we'll end up with the BUILTIN symbol (and implementation!) and no ACCEL symbol, which is exactly what we want. Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599 Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c21f1be0e..d444cbaf6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2062,12 +2062,12 @@ component_test_psa_crypto_config_accel_ecdsa () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - # These hashes are needed for some ECDSA signature tests. - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + # These hashes are needed for some ECDSA signature tests. + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" # Configure and build the main libraries @@ -2135,14 +2135,13 @@ component_test_psa_crypto_config_accel_ecdsa_use_psa () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - # SHA-1 and all variants of SHA-2 are needed for ECDSA and X.509 tests, - # but only SHA-256 is enabled by default, so enable the others. - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + # SHA-1 and all variants of SHA-2 are needed for ECDSA and X.509 tests + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_1" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" # Configure and build the main libraries with drivers enabled @@ -2364,14 +2363,10 @@ component_test_psa_crypto_config_accel_rsa_signature () { # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash # algorithm based on the hashes supported by the library is also # supported by the test library. + # Disabled unwanted hashes here, we'll enable hashes we want in loc_accel_flags. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C - # We need to define either MD_C or all of the PSA_WANT_ALG_SHAxxx. - scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_MD_C # We need PEM parsing in the test library as well to support the import # of PEM encoded RSA keys. scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C @@ -2379,6 +2374,12 @@ component_test_psa_crypto_config_accel_rsa_signature () { loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + # These hashes are needed for some RSA-PSS signature tests. + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_1" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" # Mbed TLS library build