From 8b56f23db2dce5380462d9eedb69b0b34e42d215 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 2 Oct 2022 20:58:39 +0200 Subject: [PATCH 1/7] all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 12e3efa9d327..1671cd05f683 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1962,6 +1962,41 @@ component_test_psa_crypto_config_accel_cipher () { make test } +component_test_psa_crypto_config_accel_aead () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Features that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # There's a risk of something getting re-enabled via config_psa.h + # make sure it did not happen. + not grep mbedtls_ccm library/ccm.o + not grep mbedtls_gcm library/gcm.o + not grep mbedtls_chachapoly library/chachapoly.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" From f886241f86450745ce0370768818238e3c859b81 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 2 Oct 2022 21:01:23 +0200 Subject: [PATCH 2/7] test_driver_aead.c: add support for LIBTESTDRIVER1 tests Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_aead.c | 64 +++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 25396c92f5e3..d2563d50673e 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -28,6 +28,10 @@ #include "test/drivers/aead.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_aead.h" +#endif + mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; @@ -49,6 +53,18 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_encrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, @@ -58,7 +74,23 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( plaintext, plaintext_length, ciphertext, ciphertext_size, ciphertext_length ); } - +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) plaintext; + (void) plaintext_length; + (void) ciphertext; + (void) ciphertext_size; + (void) ciphertext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } return( mbedtls_test_driver_aead_hooks.driver_status ); } @@ -80,6 +112,18 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_decrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, @@ -89,7 +133,23 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( ciphertext, ciphertext_length, plaintext, plaintext_size, plaintext_length ); } - +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) ciphertext; + (void) ciphertext_length; + (void) plaintext; + (void) plaintext_size; + (void) plaintext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } return( mbedtls_test_driver_aead_hooks.driver_status ); } From b771762102ec2544121b2e3a75bb9235a3bd1ba2 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 5 Oct 2022 08:18:55 +0200 Subject: [PATCH 3/7] crypto_config_test_driver_extension.h: add support for ChaCha20 - Poly1305 This is done to have LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 defined in libtestdriver1. Signed-off-by: Przemek Stekiel --- .../crypto_config_test_driver_extension.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index af4686b97e7a..91ee3206a536 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -158,6 +158,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) +#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES @@ -198,9 +206,16 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#endif +#endif + #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 @@ -232,7 +247,6 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 From 9e8556c655bfcc848e9f19e8b79c3d7a7cdbcadd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 12 Oct 2022 13:02:35 +0200 Subject: [PATCH 4/7] Enable MBEDTLS_POLY1305_C in test drivers build Signed-off-by: Przemek Stekiel --- tests/include/test/drivers/config_test_driver.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 97be72d2fbe1..09c9a8741148 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -39,6 +39,7 @@ #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_POLY1305_C /* * Configuration options that may need to be additionally enabled for the From 0368d365522d5f9808b4720a7f392ab0f6758779 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 13 Oct 2022 08:02:53 +0200 Subject: [PATCH 5/7] Add MBEDTLS_PSA_BUILTIN_AEAD definition Signed-off-by: Przemek Stekiel --- include/psa/crypto_builtin_composites.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index a875b2370415..711c43df7850 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -43,6 +43,12 @@ #define MBEDTLS_PSA_BUILTIN_MAC #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) typedef struct { From 65caa1697361f13a6241fecfd6abe853be0d448b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 12 Oct 2022 10:11:25 +0200 Subject: [PATCH 6/7] Add changelog entry Signed-off-by: Przemek Stekiel --- ChangeLog.d/fix_aead_psa_driver_build.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix_aead_psa_driver_build.txt diff --git a/ChangeLog.d/fix_aead_psa_driver_build.txt b/ChangeLog.d/fix_aead_psa_driver_build.txt new file mode 100644 index 000000000000..a6d11d38d003 --- /dev/null +++ b/ChangeLog.d/fix_aead_psa_driver_build.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compilation errors when trying to build with + PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). From 9030a252141bd3d87b811a458756f647c22b30f6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 13 Oct 2022 10:23:58 +0200 Subject: [PATCH 7/7] Fix aead driver code (remove redundant brace) Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_aead.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index d2563d50673e..e249ec37d4e8 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -73,7 +73,6 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( additional_data, additional_data_length, plaintext, plaintext_length, ciphertext, ciphertext_size, ciphertext_length ); - } #else (void) attributes; (void) key_buffer; @@ -132,7 +131,6 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( additional_data, additional_data_length, ciphertext, ciphertext_length, plaintext, plaintext_size, plaintext_length ); - } #else (void) attributes; (void) key_buffer;