Merge pull request #7275 from valeriosetti/issue7255
Driver-only EC JPAKE: starter
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
index 26c432c..ff2abfb 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h
@@ -251,8 +251,9 @@
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1
#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
@@ -267,7 +268,6 @@
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
#endif
-#endif
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d444cba..5969e38 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2335,6 +2335,93 @@
tests/ssl-opt.sh
}
+# Auxiliary function to build config for EC JPAKE with and without drivers.
+#
+# This is used by the two following components to ensure they always use the
+# same config, except for the use of driver or built-in ECJPAKE:
+# - component_test_psa_crypto_config_accel_ecjpake_use_psa;
+# - component_test_psa_crypto_config_reference_ecjpake_use_psa.
+# This support comparing their test coverage with analyze_outcomes.py.
+config_psa_crypto_config_ecjpake_use_psa () {
+ DRIVER_ONLY="$1"
+ # start with config full for maximum coverage (also enables USE_PSA)
+ scripts/config.py full
+ # enable support for drivers and configuring PSA-only algorithms
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ # Disable the module that's accelerated
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ fi
+ # Disable things that depend on it (regardless of driver or built-in)
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+}
+
+# Keep in sync with component_test_psa_crypto_config_reference_ecjpake_use_psa
+component_test_psa_crypto_config_accel_ecjpake_use_psa () {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECJPAKE + USE_PSA"
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries
+ # --------------------------------------
+
+ # Use the same config as reference, only without built-in JPAKE
+ config_psa_crypto_config_ecjpake_use_psa 1
+
+ # Build the main library
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # Make sure this was not re-enabled by accident (additive config)
+ not grep mbedtls_ecjpake_ library/ecjpake.o
+
+ # Run the tests
+ # -------------
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated JPAKE + USE_PSA"
+ make test
+
+ # ssl-opt will be added later. Please check issue 7255 for a list of
+ # follow up activities
+}
+
+# Keep in sync with component_test_psa_crypto_config_accel_ecjpake_use_psa.
+# Used by tests/scripts/analyze_outcomes.py for comparison purposes.
+component_test_psa_crypto_config_reference_ecjpake_use_psa () {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECJPAKE + USE_PSA"
+
+ # To be aligned with the accel component that needs this
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ config_psa_crypto_config_ecjpake_use_psa 0
+
+ make
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECJPAKE + USE_PSA"
+ make test
+
+ # ssl-opt will be added later. Please check issue 7255 for a list of
+ # follow up activities
+}
+
component_test_psa_crypto_config_accel_rsa_signature () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 49ff218..61f6bb9 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -195,6 +195,18 @@
}
}
},
+ 'analyze_driver_vs_reference_ecjpake': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecjpake_use_psa',
+ 'component_driver': 'test_psa_crypto_config_accel_ecjpake_use_psa',
+ 'ignored_suites': [
+ 'ecjpake', # the software implementation that's excluded
+ ],
+ 'ignored_tests': {
+ }
+ }
+ },
}
def main():