diff --git a/ChangeLog.d/fix_aead_psa_driver_build.txt b/ChangeLog.d/fix_aead_psa_driver_build.txt new file mode 100644 index 000000000000..a6d11d38d003 --- /dev/null +++ b/ChangeLog.d/fix_aead_psa_driver_build.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compilation errors when trying to build with + PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index a875b2370415..711c43df7850 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -43,6 +43,12 @@ #define MBEDTLS_PSA_BUILTIN_MAC #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) typedef struct { diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 97be72d2fbe1..09c9a8741148 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -39,6 +39,7 @@ #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_POLY1305_C /* * Configuration options that may need to be additionally enabled for the diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index af4686b97e7a..91ee3206a536 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -158,6 +158,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) +#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES @@ -198,9 +206,16 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#endif +#endif + #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 @@ -232,7 +247,6 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9e061f7896ec..c0bad4da5920 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1962,6 +1962,41 @@ component_test_psa_crypto_config_accel_cipher () { make test } +component_test_psa_crypto_config_accel_aead () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Features that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # There's a risk of something getting re-enabled via config_psa.h + # make sure it did not happen. + not grep mbedtls_ccm library/ccm.o + not grep mbedtls_gcm library/gcm.o + not grep mbedtls_chachapoly library/chachapoly.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 25396c92f5e3..e249ec37d4e8 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -28,6 +28,10 @@ #include "test/drivers/aead.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_aead.h" +#endif + mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; @@ -49,6 +53,18 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_encrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, @@ -57,8 +73,23 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( additional_data, additional_data_length, plaintext, plaintext_length, ciphertext, ciphertext_size, ciphertext_length ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) plaintext; + (void) plaintext_length; + (void) ciphertext; + (void) ciphertext_size; + (void) ciphertext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); } @@ -80,6 +111,18 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_decrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, @@ -88,8 +131,23 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( additional_data, additional_data_length, ciphertext, ciphertext_length, plaintext, plaintext_size, plaintext_length ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) ciphertext; + (void) ciphertext_length; + (void) plaintext; + (void) plaintext_size; + (void) plaintext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); }