From b7e9544194e0e7547e8aade8ac30bee0c3a9e96b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 21 Mar 2023 11:52:33 +0100 Subject: [PATCH] test: add specific test with only accel EC curves and algs Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 159 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 158 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 23ad16e12..2ce40a1f4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O0 -g -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". @@ -2285,6 +2285,163 @@ component_test_psa_crypto_config_reference_all_ec_algs_use_psa () { tests/ssl-opt.sh } +component_test_psa_crypto_config_accel_ecc () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH ALG_ECDSA ALG_DETERMINISTIC_ECDSA ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # -------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + # These hashes are needed for some ECDSA signature tests. + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # --------------------------------------- + + # start with default + driver support + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # disable modules for which we have drivers + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + + # dependencies + #scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # not in default anyway + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + + # build and link with test drivers + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # make sure these were not auto-re-enabled by accident + not grep mbedtls_ecdh_ library/ecdh.o + not grep mbedtls_ecdsa_ library/ecdsa.o + not grep mbedtls_ecjpake_ library/ecjpake.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC" + make test +} + +component_test_verify_ec_max_size () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG + accel EC algs + USE_PSA_CRYPTO" + + # Accelerate all EC algs (all EC curves are automatically accelerated as + # well in the built-in version due to the "PSA_WANT_xxx" symbols in + # "crypto_config.h") + loc_accel_list="ALG_ECDH \ + ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + ALG_JPAKE \ + KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # -------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + # These hashes are needed for some ECDSA signature tests. + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384" + loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512" + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # --------------------------------------- + + # start with default + driver support + USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + + # disable modules for which we have drivers + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + + # disable key exchanges dependencies from the modules above + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + + # Ensure also RSA_C is disabled so that the size of the public/private + # keys cannot be taken from there + scripts/config.py unset MBEDTLS_RSA_C + + # Explicitly disable all SW implementation for elliptic curves and enable + # their accelerated version (this excludes the built-in automatic inclusion + # from "config_psa.h") + # Just leave SW implementation for the curve with the smallest bit size + # (MBEDTLS_ECP_DP_SECP192R1_ENABLED) for allowing to build with ECP_C. + # scripts/config.py unset MBEDTLS_ECP_DP_SECP192R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP224R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP256R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP384R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP521R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP192K1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP224K1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_SECP256K1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_BP256R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_BP384R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_BP512R1_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_CURVE25519_ENABLED + scripts/config.py unset MBEDTLS_ECP_DP_CURVE448_ENABLED + loc_accel_list="$loc_accel_list ECC_SECP_R1_521" + loc_accel_list="$loc_accel_list ECC_BRAINPOOL_P_R1_512" + loc_accel_list="$loc_accel_list ECC_MONTGOMERY_448" + loc_accel_list="$loc_accel_list ECC_SECP_R1_384" + loc_accel_list="$loc_accel_list ECC_BRAINPOOL_P_R1_384" + loc_accel_list="$loc_accel_list ECC_SECP_R1_256" + loc_accel_list="$loc_accel_list ECC_SECP_K1_256" + loc_accel_list="$loc_accel_list ECC_BRAINPOOL_P_R1_256" + loc_accel_list="$loc_accel_list ECC_MONTGOMERY_255" + loc_accel_list="$loc_accel_list ECC_SECP_R1_224" + loc_accel_list="$loc_accel_list ECC_SECP_K1_224" + loc_accel_list="$loc_accel_list ECC_SECP_R1_192" + loc_accel_list="$loc_accel_list ECC_SECP_K1_192" + + # build and link with test drivers + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # make sure excluded modules were not auto-re-enabled by accident + not grep mbedtls_ecdh_ library/ecdh.o + not grep mbedtls_ecdsa_ library/ecdsa.o + not grep mbedtls_ecjpake_ library/ecjpake.o + + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC" + make test +} + component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"