From f7dc6cfef18627459e2b151c1d1191167ea1c9a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 27 Sep 2023 10:34:52 +0200 Subject: [PATCH] Document limitation on "mixed" builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 24 ++++++++++++++++++++++++ tests/scripts/all.sh | 4 ++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 3b6132903..7b0d8c402 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -179,6 +179,30 @@ builtin and PSA sides. In particular: curve. In other words, in order to exclue all builtin algs, all the required curves should be supported and accelerated by the PSA driver. +### Limitations regarding "mixed" builds (driver and built-in) + +In order for a build to be driver-only (no built-in implementation), all the +requested algorithms, key types (key operations) and curves must be +accelerated (plus a few other restrictions, see "Limitations regarding fully +removing `ecp.c`" above). However, what if you have an accelerator that only +supports some algorithms, some key types (key operations), or some curves, but +want to have more enabled in you build? + +It is possible to have acceleration for only a subset of the requested +algorithms. In this case, the built-in implementation of the accelerated +algorithms will be disabled, provided all the requested curves and key types +that can be used with this algorithm are also declared as accelerated. + +There is very limited support for having acceleration for only a subset of the +requested key type operations. The only configuration that's tested is that of +a driver accelerating `PUBLIC_KEY`, `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, +`KEY_PAIR_EXPORT` but not `KEY_PAIR_GENERATE`. (Note: currently the driver +interface does not support `KEY_PAIR_DERIVE`.) + +There is limited support for having acceleration for only a subset of the +requested curves. In such builds, only the PSA API is currently tested and +working; there are known issues in PK, and X.509 and TLS are untested. + Finite-field Diffie-Hellman --------------------------- diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a94953f41..15c83efcd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2584,7 +2584,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { make test } - # Run tests with only (non-)Weierstrass accelerated # Common code used in: # - component_test_psa_crypto_config_accel_ecc_weirstrass_curves @@ -2689,7 +2688,8 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: full with accelerated EC algs and $DESC curves" - make test + # does not work for PK (and above), see #8255 + make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug } component_test_psa_crypto_config_accel_ecc_weirstrass_curves () {