Add comparison of accel_ecdh_use_psa against ref

With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-02-21 13:07:19 +01:00
parent 59a2b8fd57
commit e91bcf31b6
2 changed files with 72 additions and 21 deletions

View file

@ -2228,6 +2228,40 @@ component_test_psa_crypto_config_accel_ecdh () {
make test
}
# Auxiliary function to build config for ECDH with and without drivers
config_psa_crypto_config_ecdh_use_psa () {
DRIVER_ONLY="$1"
# start with config full for maximum coverage (also enables USE_PSA)
scripts/config.py full
# enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
if [ "$DRIVER_ONLY" -eq 1 ]; then
# Disable the module that's accelerated
scripts/config.py unset MBEDTLS_ECDH_C
fi
# Disable things that depend on it
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
# Note: the above two lines should be enough, but currently there's a bug
# that prevents tests from passing TLS 1.3 with only PSK (no ephemeral)
# when TLS 1.2 is also enabled, see #6848.
# So, as a temporary measure disable all of TLS 1.3.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Restartable feature is not yet supported by PSA. Once it will in
# the future, the following line could be removed (see issues
# 6061, 6332 and following ones)
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
}
# Keep in sync with component_test_psa_crypto_config_reference_ecdh_use_psa
component_test_psa_crypto_config_accel_ecdh_use_psa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
@ -2248,27 +2282,8 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () {
# Configure and build the main libraries
# --------------------------------------
# Start from full config (USE_PSA and TLS 1.3) + driver support
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Disable the module that's accelerated
scripts/config.py unset MBEDTLS_ECDH_C
# Disable things that depend on it
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
# Note: the above two lines should be enough, but currently there's a bug
# that prevents tests from passing TLS 1.3 with only PSK (no ephemeral)
# when TLS 1.2 is also enabled, see #6848.
# So, as a temporary measure disable all of TLS 1.3.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Use the same config as reference, only without built-in ECDH
config_psa_crypto_config_ecdh_use_psa 1
# Build the library
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
@ -2286,6 +2301,25 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () {
# ssl-opt.sh later (probably doesn't pass right now)
}
# Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa.
# Used by tests/scripts/analyze_outcomes.py for comparison purposes.
component_test_psa_crypto_config_reference_ecdh_use_psa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
# To be aligned with the accel component that needs this
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
config_psa_crypto_config_ecdh_use_psa 0
make
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
make test
# ssl-opt.sh later when the accel component is ready
}
component_test_psa_crypto_config_accel_rsa_signature () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"

View file

@ -183,6 +183,23 @@ TASKS = {
}
}
},
'analyze_driver_vs_reference_ecdh': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecdh_use_psa',
'component_driver': 'test_psa_crypto_config_accel_ecdh_use_psa',
'ignored_suites': [
'ecdh', # the software implementation that's excluded
],
'ignored_tests': {
# temporary
'test_suite_psa_crypto': [
'PSA key agreement setup: ECDH, unknown KDF',
'PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw',
],
}
}
},
}
def main():