To keep a concise markdown table, we don't list text and data
section from old Git revision. However, it should be ideal to keep
those two sections in CSV output. Therefore, we list comparison
result for CSV output in following format:
filename new(text) new(data) old(text) old(data) change(text) change(data)
Additionally, if a file only exits in new Git revision not in old
Git revision, it's marked as `NotCreated` as we haven't created this
file yet from perspective of old Git revision.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
In comparison result, to indicate it's a delta value, we add `+` in
front of positive values. For unchanged attributes, it's still
shown as `0'.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Previously we set loglevel >= WARNING printed to stderr and
loglevel < WARNING printed to stdout. To be more flexible, we
replace this `WARNING` value with an argument: split_level and leave
`WARNING` as default split_level if not set.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Transparent drivers don't have this entry points. Other entry points
that are only for opaque drivers are not listed here but only in the
opaque_driver.json file, so this was likely a mistake.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The EXCLUDE_FROM_FULL list in config.py should be, and used to be, but
no longer is, in alphabetical order, and with a comma on the last
element.
Signed-off-by: Janos Follath <janos.follath@arm.com>
By default, the full configuration enables all options. But we
specifically don't want to enable MBEDTLS_ECP_WITH_MPI_UINT except where
it's done explicitly, because it disables the old ecp. So it needs to be
added to the exceptions in config.py (EXCLUDE_FROM_FULL).
Signed-off-by: Janos Follath <janos.follath@arm.com>
The latest and earliest clang/GCC compilers are now used through
variables instead of symlinks and also the all.sh script is updated
to support options for overriding the default values.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
When '--show-all' is enabled, all the objects will be displayed in
comparison result no matter if there is code size change or not.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
It makes sense to display code size changes if a file has been
removed in our library. With this commit we track old objects as
well. If a file is not present in the new Git revision,
we display -old_size in the new_size column. The size change is
marked as `Removed` to indicate the file has been removed.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The result format for code size comparison is:
filename new(text) new(data) change(text) change(data)
yyy.o xxx xxx xx xx
The numbers followed are in bytes.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Percentage is not a useful number when looking at code size changes.
Since it depends on the base of the code size. It might give
misleading information by simply looking at the numbers.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The Ubuntu 16.04 and 22.04 docker images have been updated with
earliest and latest versions of gcc and clang respectively.
This patch adds the necessary component and support functions
required for the CI to run these compilers.
For FreeBSD we invoke the function by name so a condition is added
to disable the existing test_clang_opt function for linux.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
If we use option --stdout, the logging level is set as
logging.ERROR. But --verbose is able to overwrite logging level as
logging.INFO if we want to display intermediate log in the process
of code size comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
If we output comparison result into sys.stdout, it will print an
extra line to show information we used for code size comparison in
detail. This would be helpful if we copy & paste code size changes
in Github comment.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit changes how to infer make command. Although we haven't
supported to pass more options in command line, this is the
preparation work to support those features.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The option --markdown supports to only show the files that
have changed in a markdown table between two commits.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Previously we used dec(total) as comparison result of code size
measurement. However, it's not accurate because dec(total) is
the sum of text, data and bss. Now we show text,data instead
since those are sections we care about in code size perspective
specifically for TF-M.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
For time being, code_size_compare.py only supports `size`. This
commit builds up foundation to extend code size measurement with
other tools.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
We use SimpleNamespace class to store all the information used to
measure code size of objects in library.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
CodeSizeCalculator is aimed to calculate code size based on a Git
revision and code size measurement tool. The output of code size is
in utf-8 encoding.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit splits CodeSizeBase as a separate class to prepare a
parser as CodeSizeGenerator. The benefit is we can extend the tool
of code size measurement in order to generate more types of code
size record.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Back when we introduced MBEDTLS_PSA_CRYPTO_CONFIG and it was still
experimental, it made sense that we tested it separately. Nowadays, the
feature is fully implemented, and the full config without
MBEDTLS_PSA_CRYPTO_CONFIG keeps cryptographic mechanisms that only have a
PSA implementation and aren't in the default build disabled (currently:
PBKDF2). So enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
New scripts have updated executable permissions to be consistent with
project requirements.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
If we don't remove all executable files in current working
directory, we might measure code size between different architecture
and configuration. This generates a wrong code size comparison
report. This commit guarantees it runs `make clean` before build
libraries for code size comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This patch introduces a rounding-error-resiliant method to
calculate bits_to_limbs, and is updating `SECP224R1` and
`SECP224K1` to use it.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Use a switch instead of an array. The array was very hollow for some enum
types such as mbedtls_ssl_protocol_version (which formerly used small
values, but switched to using the protocol encoding as enum values in Mbed
TLS 3.2.0). Optimizing compilers know how to compile a switch into a lookup
table when the range warrants it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This patch updates `ecp_mod_p_generic_raw` and corresponding
curve test methods, that depend on the NIST optimisation
parameter to not run when it is not included.
The following curves are affected:
* SECP192R1
* SECP224R1
* SECP256R1
* SECP384R1
* SECP521R1
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The code size measurement script generates code size
record / comparison csv file in a more readable format.
The script won't generate new record file if there is an existing
one. It reads the record and stores data into dictionary of code_size
for comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
CodeSizeBase class aims to store size information for a specific
revision. It also has support to write csv report, comparison result
in a more readable format. This commit lays out foundation to
simplify code for CodeSizeComparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
If system architecture doesn't match architecture of input argument
for default configuration, it's reported as an error.
Additionally, it prints out help message to show which architecture
and configuration option should be used.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit splits parsed arguments into required group and optional
group to present help message clearer to users.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Add prompt message for a series of supported combination of
architecture and configuration when someone tries unsupported
combinations.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit adds suffix of architecture and configuration to the
file of code size record and comparison result.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
With this change, the program cleans up worktree in errors of
execution of subprocess.checkout. Additionally, the error log is
printed out for users.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This patch introduces the `EcpP255Raw` test class for testing
the curve using the preestablished `ecp_mod_p_generic_raw()`
test. The test's logic has been updated accordingly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit adds configuration check in check_config.h if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled
by default in scripts/config.py for full configuration.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The build option MBEDTLS_PSA_INJECT_ENTROPY requires some extra platform
functions, for historical reasons. To enable us to test this option, provide
a version of these functions for testing.
(These versions would actually work in production, but providing them in the
library in a way that doesn't break existing users might be slightly tricky,
so it's out of scope of this commit.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
This patch introduces automatic test input generation for
`mpi_core_shift_l()` function.
It also adds two utility functions in bignum_common.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch introduces basic unit-testing for the `ecp_mod_p256k1()`.
The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.
The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch enables declaring dependencie as test-class
members. ECP curve functions have been updated
to use the new capability.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch replaces similiarly structured test functions
for:
* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1
with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.
The python test framework has been updated to provide that extra field.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.
Move the internal ecp set to before each ecp call.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
Now when logic is moved to core information about `alg` is required.
`computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Move the obfuscation of the internal library only returning a delta of ops done
into the driver wrapper, thus meaning driver wrapper and API call both return
absolute values of work done. Document the differences at the internal
implementation level.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
