From 01c248c00bda8ebf567c0e28c4ff3a4609bf2f94 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 26 May 2023 10:19:49 +0200
Subject: [PATCH 1/4] Enable TLS1.3 in FFDH alg build with drivers and add
 reference config(without drivers)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/all.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 581343d67f75..d7875cee2738 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2254,6 +2254,9 @@ component_test_psa_crypto_config_accel_ecdh () {
 component_test_psa_crypto_config_accel_ffdh () {
     msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
 
+    # Start with full
+    scripts/config.py full
+
     # Algorithms and key types to accelerate
     loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
 
@@ -2287,6 +2290,34 @@ component_test_psa_crypto_config_accel_ffdh () {
     make test
 }
 
+component_test_psa_crypto_config_reference_ffdh () {
+    msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+
+    # Start with full (USE_PSA and TLS 1.3)
+    scripts/config.py full
+
+    # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+    # partial support for cipher operations in the driver test library.
+    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+    # enable support for drivers and configuring PSA-only algorithms
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+    # Disable things that are not supported
+    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+    scripts/config.py unset MBEDTLS_DHM_C
+
+    make
+
+    msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
+    make test
+
+    msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
+    tests/ssl-opt.sh -f "FFDH"
+}
+
 component_test_psa_crypto_config_accel_pake() {
     msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
 

From 85b644262d80a2ecfaf4be00232769d9093f8861 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 26 May 2023 09:55:23 +0200
Subject: [PATCH 2/4] Add ffdh accel vs reference check to analyze_outcomes.py

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/analyze_outcomes.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 46c21f73a359..4a8ddf5fbd2e 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -262,7 +262,7 @@ def do_analyze_driver_vs_reference(outcome_file, args):
                     ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking '
                      'requirements, from RFC8410 Appendix A but made into version 0)'),
                 ],
-            }
+            },
         }
     },
     'analyze_driver_vs_reference_no_ecp_at_all': {
@@ -328,6 +328,17 @@ def do_analyze_driver_vs_reference(outcome_file, args):
             }
         }
     },
+    'analyze_driver_vs_reference_ffdh_alg': {
+        'test_function': do_analyze_driver_vs_reference,
+        'args': {
+            'component_ref': 'test_psa_crypto_config_reference_ffdh',
+            'component_driver': 'test_psa_crypto_config_accel_ffdh',
+            'ignored_suites': [
+            ],
+            'ignored_tests': {
+            }
+        }
+    },
 }
 
 def main():

From 84f4ff1dd3cbc2903b793bd647cb5a6fc6935ba7 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 4 Jul 2023 12:35:31 +0200
Subject: [PATCH 3/4] Minor adaptations after ffdh was enabled for tls1.3

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/all.sh                                 | 12 ++++++------
 tests/scripts/analyze_outcomes.py                    |  6 ++----
 tests/suites/test_suite_psa_crypto_metadata.function |  2 +-
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d7875cee2738..703594c1929c 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2254,9 +2254,6 @@ component_test_psa_crypto_config_accel_ecdh () {
 component_test_psa_crypto_config_accel_ffdh () {
     msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
 
-    # Start with full
-    scripts/config.py full
-
     # Algorithms and key types to accelerate
     loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
 
@@ -2264,7 +2261,7 @@ component_test_psa_crypto_config_accel_ffdh () {
     # ---------
 
     # Start from default config (no TLS 1.3, no USE_PSA)
-    helper_libtestdriver1_adjust_config "default"
+    helper_libtestdriver1_adjust_config "full"
 
     # Disable the module that's accelerated
     scripts/config.py unset MBEDTLS_DHM_C
@@ -2288,6 +2285,9 @@ component_test_psa_crypto_config_accel_ffdh () {
 
     msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
     make test
+
+    msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH alg"
+    tests/ssl-opt.sh -f "ffdh"
 }
 
 component_test_psa_crypto_config_reference_ffdh () {
@@ -2307,7 +2307,7 @@ component_test_psa_crypto_config_reference_ffdh () {
     # Disable things that are not supported
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_DHM_C
+    scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
 
     make
 
@@ -2315,7 +2315,7 @@ component_test_psa_crypto_config_reference_ffdh () {
     make test
 
     msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
-    tests/ssl-opt.sh -f "FFDH"
+    tests/ssl-opt.sh -f "ffdh"
 }
 
 component_test_psa_crypto_config_accel_pake() {
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 4a8ddf5fbd2e..2fca75105980 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -333,10 +333,8 @@ def do_analyze_driver_vs_reference(outcome_file, args):
         'args': {
             'component_ref': 'test_psa_crypto_config_reference_ffdh',
             'component_driver': 'test_psa_crypto_config_accel_ffdh',
-            'ignored_suites': [
-            ],
-            'ignored_tests': {
-            }
+            'ignored_suites': ['dhm'],
+            'ignored_tests': {'test_suite_pkparse': ['DH group family: RFC 7919']}
         }
     },
 }
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index b28ed2a75280..b51f2a28b783 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -699,7 +699,7 @@ void ecc_key_family(int curve_arg)
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
+/* BEGIN_CASE depends_on:PSA_KEY_TYPE_DH_PUBLIC_KEY:PSA_KEY_TYPE_DH_KEY_PAIR */
 void dh_key_family(int group_arg)
 {
     psa_dh_family_t group = group_arg;

From 565353ef71b6786205f1876af534b6c7d990a65e Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 5 Jul 2023 11:07:07 +0200
Subject: [PATCH 4/4] Cleanup the code

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/scripts/all.sh              | 14 ++------------
 tests/scripts/analyze_outcomes.py |  2 +-
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 703594c1929c..ac7a07dc2c17 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2260,7 +2260,7 @@ component_test_psa_crypto_config_accel_ffdh () {
     # Configure
     # ---------
 
-    # Start from default config (no TLS 1.3, no USE_PSA)
+    # start with full (USE_PSA and TLS 1.3)
     helper_libtestdriver1_adjust_config "full"
 
     # Disable the module that's accelerated
@@ -2294,21 +2294,11 @@ component_test_psa_crypto_config_reference_ffdh () {
     msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
 
     # Start with full (USE_PSA and TLS 1.3)
-    scripts/config.py full
-
-    # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
-    # partial support for cipher operations in the driver test library.
-    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
-    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
-
-    # enable support for drivers and configuring PSA-only algorithms
-    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+    helper_libtestdriver1_adjust_config "full"
 
     # Disable things that are not supported
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
     make
 
     msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 2fca75105980..a2b135618898 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -334,7 +334,7 @@ def do_analyze_driver_vs_reference(outcome_file, args):
             'component_ref': 'test_psa_crypto_config_reference_ffdh',
             'component_driver': 'test_psa_crypto_config_accel_ffdh',
             'ignored_suites': ['dhm'],
-            'ignored_tests': {'test_suite_pkparse': ['DH group family: RFC 7919']}
+            'ignored_tests': {}
         }
     },
 }