diff --git a/core/constant_time_impl.h b/core/constant_time_impl.h index 14e4a0d3a5..334764ebc1 100644 --- a/core/constant_time_impl.h +++ b/core/constant_time_impl.h @@ -12,10 +12,6 @@ #include "tf_psa_crypto_common.h" -#if defined(MBEDTLS_BIGNUM_C) -#include "mbedtls/private/bignum.h" -#endif - /* * To improve readability of constant_time_internal.h, the static inline * definitions are here, and constant_time_internal.h has only the declarations. @@ -430,19 +426,6 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t c (mbedtls_ct_uint_t) if0); } -#if defined(MBEDTLS_BIGNUM_C) - -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, - mbedtls_mpi_uint if1, - mbedtls_mpi_uint if0) -{ - return (mbedtls_mpi_uint) mbedtls_ct_if(condition, - (mbedtls_ct_uint_t) if1, - (mbedtls_ct_uint_t) if0); -} - -#endif - static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1) { return (size_t) (condition & if1); @@ -459,16 +442,6 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condit return (mbedtls_ct_condition_t) (condition & if1); } -#if defined(MBEDTLS_BIGNUM_C) - -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition, - mbedtls_mpi_uint if1) -{ - return (mbedtls_mpi_uint) (condition & if1); -} - -#endif /* MBEDTLS_BIGNUM_C */ - static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0) { /* Coverting int -> uint -> int here is safe, because we require if1 and if0 to be diff --git a/core/constant_time_internal.h b/core/constant_time_internal.h index 5dfb01409e..d6dcec4fae 100644 --- a/core/constant_time_internal.h +++ b/core/constant_time_internal.h @@ -13,9 +13,11 @@ #include "tf_psa_crypto_common.h" -#if defined(MBEDTLS_BIGNUM_C) +/* + * bignum.h may define MBEDTLS_HAVE_INT64 that is used in the definition of + * mbedtls_ct_*_t types below. + */ #include "mbedtls/private/bignum.h" -#endif /* The constant-time interface provides various operations that are likely * to result in constant-time code that does not branch or use conditional @@ -295,26 +297,6 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t c mbedtls_ct_condition_t if1, mbedtls_ct_condition_t if0); -#if defined(MBEDTLS_BIGNUM_C) - -/** Choose between two mbedtls_mpi_uint values. - * - * Functionally equivalent to: - * - * condition ? if1 : if0. - * - * \param condition Condition to test. - * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. - * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. - * - * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. - */ -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, \ - mbedtls_mpi_uint if1, \ - mbedtls_mpi_uint if0); - -#endif - /** Choose between an unsigned value and 0. * * Functionally equivalent to: @@ -364,27 +346,6 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condit */ static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1); -#if defined(MBEDTLS_BIGNUM_C) - -/** Choose between an mbedtls_mpi_uint value and 0. - * - * Functionally equivalent to: - * - * condition ? if1 : 0. - * - * Functionally equivalent to mbedtls_ct_mpi_uint_if(condition, if1, 0) but - * results in smaller code size. - * - * \param condition Condition to test. - * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. - * - * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. - */ -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition, - mbedtls_mpi_uint if1); - -#endif - /** Constant-flow char selection * * \param low Secret. Bottom of range diff --git a/core/psa_crypto.c b/core/psa_crypto.c index 878c0612b2..97acabe306 100644 --- a/core/psa_crypto.c +++ b/core/psa_crypto.c @@ -480,19 +480,8 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_ENTROPY; #endif -#if defined(MBEDTLS_ECP_LIGHT) case MBEDTLS_ERR_ECP_INVALID_KEY: return PSA_ERROR_INVALID_ARGUMENT; - case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: - return PSA_ERROR_NOT_SUPPORTED; - case MBEDTLS_ERR_ECP_RANDOM_FAILED: - return PSA_ERROR_INSUFFICIENT_ENTROPY; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - case MBEDTLS_ERR_ECP_IN_PROGRESS: - return PSA_OPERATION_INCOMPLETE; -#endif -#endif case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: return PSA_ERROR_CORRUPTION_DETECTED; diff --git a/core/psa_crypto_core.h b/core/psa_crypto_core.h index e0cf001963..5a7b48083e 100644 --- a/core/psa_crypto_core.h +++ b/core/psa_crypto_core.h @@ -631,110 +631,6 @@ psa_status_t psa_key_agreement_raw_builtin( size_t shared_secret_size, size_t *shared_secret_length); -/** - * \brief Get the total number of ops that a key agreement operation has taken - * since its start. - * - * \note The signature of this function is that of a PSA driver - * key_agreement_get_num_ops entry point. This function behaves as an - * key_agreement_get_num_ops entry point as defined in the PSA driver - * interface specification for transparent drivers. - * - * \param[in] operation The \c mbedtls_psa_key_agreement_interruptible_operation_t to use. - * This must be initialized first. - * - * \return Total number of operations. - */ -uint32_t mbedtls_psa_key_agreement_iop_get_num_ops( - mbedtls_psa_key_agreement_interruptible_operation_t *operation); - -/** - * \brief Set up a new interruptible key agreement operation. - * - * \note The signature of this function is that of a PSA driver - * key_agreement_setup entry point. This function behaves as a - * key_agreement_setup entry point as defined in the PSA driver interface - * specification for transparent drivers. - * - * \param[in] operation The \c psa_key_agreement_iop_t to use. - * This must be initialized first. - * \param[in] private_key_attributes The attributes of the private key to use for the - * operation. - * \param[in] private_key_buffer The buffer containing the private key - * context. - * \param[in] private_key_buffer_len Size of the \p private_key_buffer buffer in - * bytes. - * \param[in] peer_key The buffer containing the key context - * of the peer's public key. - * \param[in] peer_key_length Size of the \p peer_key buffer in - * bytes. - * \retval #PSA_SUCCESS - * The operation started successfully - call \c psa_key_agreement_complete() - * with the same context to complete the operation - * \retval #PSA_ERROR_INVALID_ARGUMENT - * An unsupported, incorrectly formatted or incorrect type of key was - * used. - * \retval #PSA_ERROR_NOT_SUPPORTED Either no internal interruptible operations - * are currently supported, or the key type is currently unsupported. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * There was insufficient memory to load the key representation. - */ -psa_status_t mbedtls_psa_key_agreement_iop_setup( - mbedtls_psa_key_agreement_interruptible_operation_t *operation, - const psa_key_attributes_t *private_key_attributes, - const uint8_t *private_key_buffer, - size_t private_key_buffer_len, - const uint8_t *peer_key, - size_t peer_key_length); - -/** - * \brief Continue and eventually complete a key agreement operation. - * - * \note The signature of this function is that of a PSA driver - * key_agreement_complete entry point. This function behaves as a - * key_agreement_complete entry point as defined in the PSA driver - * interface specification for transparent drivers. - * - * \param[in] operation The \c mbedtls_psa_key_agreement_interruptible_operation_t to use. - * This must be initialized first. - * \param[out] shared_secret The buffer to which the shared secret - * is to be written. - * \param[in] shared_secret_size Size of the \p shared_secret buffer in - * bytes. - * \param[out] shared_secret_length On success, the number of bytes that make - * up the returned shared secret. - * \retval #PSA_SUCCESS - * The shared secret was calculated successfully. - * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * Internal interruptible operations are currently not supported. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * \p shared_secret_size is too small - */ -psa_status_t mbedtls_psa_key_agreement_iop_complete( - mbedtls_psa_key_agreement_interruptible_operation_t *operation, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length); - -/** - * \brief Abort a key agreement operation. - * - * \note The signature of this function is that of a PSA driver - * key_agreement_abort entry point. This function behaves as a - * key_agreement_abort entry point as defined in the PSA driver - * interface specification for transparent drivers. - * - * \param[in] operation The \c mbedtls_psa_key_agreement_interruptible_operation_t to abort. - * This must be initialized first. - * - * \retval #PSA_SUCCESS - * The operation was aborted successfully. - */ -psa_status_t mbedtls_psa_key_agreement_iop_abort( - mbedtls_psa_key_agreement_interruptible_operation_t *operation); - - /** * \brief Set the maximum number of ops allowed to be executed by an * interruptible function in a single call. diff --git a/drivers/builtin/include/mbedtls/private/ecp.h b/drivers/builtin/include/mbedtls/private/ecp.h index 02f31ea403..bd2b454fed 100644 --- a/drivers/builtin/include/mbedtls/private/ecp.h +++ b/drivers/builtin/include/mbedtls/private/ecp.h @@ -36,13 +36,13 @@ /** The buffer is too small to write to. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** The requested feature is not available, for example, the requested curve is not supported. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE PSA_ERROR_NOT_SUPPORTED /** The signature is not valid. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE /** Memory allocation failed. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Generation of random value, such as ephemeral key, failed. */ -#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 +#define MBEDTLS_ERR_ECP_RANDOM_FAILED PSA_ERROR_INSUFFICIENT_ENTROPY /** Invalid private or public key. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /** Operation in progress, call again with the same parameters to continue. */ diff --git a/drivers/builtin/src/bignum_core.c b/drivers/builtin/src/bignum_core.c index 07f0f8c19b..4a853b91a6 100644 --- a/drivers/builtin/src/bignum_core.c +++ b/drivers/builtin/src/bignum_core.c @@ -19,6 +19,7 @@ #include "bignum_core.h" #include "bignum_core_invasive.h" +#include "bignum_internal.h" #include "bn_mul.h" #include "constant_time_internal.h" diff --git a/drivers/builtin/src/bignum_internal.h b/drivers/builtin/src/bignum_internal.h index 58f097610e..7a14c0e8f9 100644 --- a/drivers/builtin/src/bignum_internal.h +++ b/drivers/builtin/src/bignum_internal.h @@ -14,6 +14,8 @@ #ifndef TF_PSA_CRYPTO_BIGNUM_INTERNAL_H #define TF_PSA_CRYPTO_BIGNUM_INTERNAL_H +#include "constant_time_internal.h" + /** * \brief Perform a modular exponentiation: X = A^E mod N * @@ -119,4 +121,44 @@ int mbedtls_mpi_inv_mod_even_in_range(mbedtls_mpi *X, mbedtls_mpi const *A, mbedtls_mpi const *N); +/** Choose between two mbedtls_mpi_uint values. + * + * Functionally equivalent to: + * + * condition ? if1 : if0. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. + */ +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, + mbedtls_mpi_uint if1, + mbedtls_mpi_uint if0) +{ + return (mbedtls_mpi_uint) mbedtls_ct_if(condition, + (mbedtls_ct_uint_t) if1, + (mbedtls_ct_uint_t) if0); +} + +/** Choose between an mbedtls_mpi_uint value and 0. + * + * Functionally equivalent to: + * + * condition ? if1 : 0. + * + * Functionally equivalent to mbedtls_ct_mpi_uint_if(condition, if1, 0) but + * results in smaller code size. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. + */ +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0( + mbedtls_ct_condition_t condition, mbedtls_mpi_uint if1) +{ + return (mbedtls_mpi_uint) (condition & if1); +} #endif /* TF_PSA_CRYPTO_BIGNUM_INTERNAL_H */ diff --git a/drivers/builtin/src/psa_crypto_ecp.h b/drivers/builtin/src/psa_crypto_ecp.h index ec5074a516..b6b1bc1074 100644 --- a/drivers/builtin/src/psa_crypto_ecp.h +++ b/drivers/builtin/src/psa_crypto_ecp.h @@ -289,6 +289,109 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_complete( psa_status_t mbedtls_psa_ecp_generate_key_iop_abort( mbedtls_psa_generate_key_iop_t *operation); +/** + * \brief Get the total number of ops that a key agreement operation has taken + * since its start. + * + * \note The signature of this function is that of a PSA driver + * key_agreement_get_num_ops entry point. This function behaves as an + * key_agreement_get_num_ops entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in] operation The \c mbedtls_psa_key_agreement_interruptible_operation_t to use. + * This must be initialized first. + * + * \return Total number of operations. + */ +uint32_t mbedtls_psa_key_agreement_iop_get_num_ops( + mbedtls_psa_key_agreement_interruptible_operation_t *operation); + +/** + * \brief Set up a new interruptible key agreement operation. + * + * \note The signature of this function is that of a PSA driver + * key_agreement_setup entry point. This function behaves as a + * key_agreement_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c psa_key_agreement_iop_t to use. + * This must be initialized first. + * \param[in] private_key_attributes The attributes of the private key to use for the + * operation. + * \param[in] private_key_buffer The buffer containing the private key + * context. + * \param[in] private_key_buffer_len Size of the \p private_key_buffer buffer in + * bytes. + * \param[in] peer_key The buffer containing the key context + * of the peer's public key. + * \param[in] peer_key_length Size of the \p peer_key buffer in + * bytes. + * \retval #PSA_SUCCESS + * The operation started successfully - call \c psa_key_agreement_complete() + * with the same context to complete the operation + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An unsupported, incorrectly formatted or incorrect type of key was + * used. + * \retval #PSA_ERROR_NOT_SUPPORTED Either no internal interruptible operations + * are currently supported, or the key type is currently unsupported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * There was insufficient memory to load the key representation. + */ +psa_status_t mbedtls_psa_key_agreement_iop_setup( + mbedtls_psa_key_agreement_interruptible_operation_t *operation, + const psa_key_attributes_t *private_key_attributes, + const uint8_t *private_key_buffer, + size_t private_key_buffer_len, + const uint8_t *peer_key, + size_t peer_key_length); + +/** + * \brief Continue and eventually complete a key agreement operation. + * + * \note The signature of this function is that of a PSA driver + * key_agreement_complete entry point. This function behaves as a + * key_agreement_complete entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in] operation The \c mbedtls_psa_key_agreement_interruptible_operation_t to use. + * This must be initialized first. + * \param[out] shared_secret The buffer to which the shared secret + * is to be written. + * \param[in] shared_secret_size Size of the \p shared_secret buffer in + * bytes. + * \param[out] shared_secret_length On success, the number of bytes that make + * up the returned shared secret. + * \retval #PSA_SUCCESS + * The shared secret was calculated successfully. + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * Internal interruptible operations are currently not supported. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p shared_secret_size is too small + */ +psa_status_t mbedtls_psa_key_agreement_iop_complete( + mbedtls_psa_key_agreement_interruptible_operation_t *operation, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length); + +/** + * \brief Abort a key agreement operation. + * + * \note The signature of this function is that of a PSA driver + * key_agreement_abort entry point. This function behaves as a + * key_agreement_abort entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in] operation The \c mbedtls_psa_key_agreement_interruptible_operation_t to abort. + * This must be initialized first. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + */ +psa_status_t mbedtls_psa_key_agreement_iop_abort( + mbedtls_psa_key_agreement_interruptible_operation_t *operation); + /** Sign an already-calculated hash with ECDSA. * * \note The signature of this function is that of a PSA driver diff --git a/drivers/builtin/src/psa_crypto_pake.c b/drivers/builtin/src/psa_crypto_pake.c index 8476761229..2e5c38c623 100644 --- a/drivers/builtin/src/psa_crypto_pake.c +++ b/drivers/builtin/src/psa_crypto_pake.c @@ -114,8 +114,6 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) return PSA_ERROR_DATA_INVALID; case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; - case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: - return PSA_ERROR_CORRUPTION_DETECTED; default: return PSA_ERROR_GENERIC_ERROR; } diff --git a/tests/configs/user-config-accel-ecdh.h b/tests/configs/user-config-accel-ecc-ffdh.h similarity index 54% rename from tests/configs/user-config-accel-ecdh.h rename to tests/configs/user-config-accel-ecc-ffdh.h index 379e273bcc..f70a34db92 100644 --- a/tests/configs/user-config-accel-ecdh.h +++ b/tests/configs/user-config-accel-ecc-ffdh.h @@ -1,4 +1,7 @@ +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA #define MBEDTLS_PSA_ACCEL_ALG_ECDH +#define MBEDTLS_PSA_ACCEL_ALG_JPAKE #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT @@ -14,4 +17,16 @@ #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 +#define MBEDTLS_PSA_ACCEL_ALG_FFDH +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 + #include "user-config-test-driver-extension.h" diff --git a/tests/configs/user-config-accel-ecdsa.h b/tests/configs/user-config-accel-ecc.h similarity index 91% rename from tests/configs/user-config-accel-ecdsa.h rename to tests/configs/user-config-accel-ecc.h index 02a14468b3..0efcdbae9a 100644 --- a/tests/configs/user-config-accel-ecdsa.h +++ b/tests/configs/user-config-accel-ecc.h @@ -1,5 +1,7 @@ #define MBEDTLS_PSA_ACCEL_ALG_ECDSA #define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_ECDH +#define MBEDTLS_PSA_ACCEL_ALG_JPAKE #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 236f449b61..b64c7fd6cc 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -11,19 +11,353 @@ CMAKE_BUILTIN_BUILD_DIR="drivers/builtin/CMakeFiles/builtin.dir/src" +component_test_accel_ecc_all () { + msg "build: full + all ECC accelerated" + + # Configure + # --------- + + ./scripts/config.py full + # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED + scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + + # Build + # ----- + + cd $OUT_OF_SOURCE_DIR + cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="../tests/configs/user-config-accel-ecc.h" .. + cmake --build . + + # Make sure built-in EC alg objects are empty. + not grep mbedtls_ecdsa_ ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o + not grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.c.o + not grep mbedtls_ecjpake_ ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o + # Also ensure that ECP module was not re-enabled + not grep mbedtls_ecp_ ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + + # Run the tests + # ------------- + + msg "test: full + all ECC accelerated" + ctest +} + +component_test_accel_ecc_all_but_ecp_light() { + msg "build: full + all ECC accelerated but ECP_LIGHT" + + # Configure + # --------- + + ./scripts/config.py full + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + + # Emphasize on the configuration that enable ECP_LIGHT. Note that currently + # ECC key pair derivation acceleration is not supported. + scripts/config.py set MBEDTLS_PK_PARSE_EC_EXTENDED + scripts/config.py set MBEDTLS_PK_PARSE_EC_COMPRESSED + scripts/config.py set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + # Build + # ----- + + cd $OUT_OF_SOURCE_DIR + cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="../tests/configs/user-config-accel-ecc.h" .. + cmake --build . + + # Make sure built-in EC alg objects are empty but ECP one. + not grep mbedtls_ecdsa_ ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o + not grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.c.o + not grep mbedtls_ecjpake_ ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o + not grep mbedtls_ecp_mul ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + grep mbedtls_ecp_ ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + + # Run the tests + # ------------- + + msg "test: full + all ECC accelerated but ECP_LIGHT" + ctest +} + +# This is a common configuration helper used directly from +# common_test_accel_ecc_ffdh_no_bignum and indirectly from: +# - component_test_accel_ecc_no_bignum +# - accelerate all EC algs, disable RSA and FFDH +# - component_test_accel_ecc_ffdh_no_bignum +# - accelerate all EC and FFDH algs, disable only RSA +# +# This function accepts one parameter: +# $1: a string value which states which components are tested. Allowed values +# are "ECC" or "ECC_DH". +config_accel_ecc_ffdh_no_bignum () { + test_target="$1" + + scripts/config.py "full" + + # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED + scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + # RSA support is intentionally disabled on this test because RSA_C depends + # on BIGNUM_C. + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" + + if [ "$test_target" = "ECC" ]; then + # When testing ECC only, we disable FFDH support. + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*" + fi + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE +} + +# Common helper used by: +# - component_test_accel_ecc_no_bignum +# - component_test_accel_ecc_ffdh_no_bignum +# +# The goal is to build and test accelerating either: +# - ECC only or +# - both ECC and FFDH +common_test_accel_ecc_ffdh_no_bignum () { + test_target="$1" + + # This is an internal helper to simplify text message handling + if [ "$test_target" = "ECC_DH" ]; then + accel_text="ECC/FFDH" + removed_text="ECP - DH" + else + accel_text="ECC" + removed_text="ECP" + fi + + msg "build: full + accelerated $accel_text algs - $removed_text - BIGNUM" + + # Configure + # --------- + + config_accel_ecc_ffdh_no_bignum "$test_target" + + if [ "$test_target" = "ECC_DH" ]; then + user_config_accel_file_path="../tests/configs/user-config-accel-ecc-ffdh.h" + else + user_config_accel_file_path="../tests/configs/user-config-accel-ecc.h" + fi + + # Build + # ----- + + cd $OUT_OF_SOURCE_DIR + cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="${user_config_accel_file_path}" .. + cmake --build . + + # Make sure any built-in EC alg was not re-enabled + not grep mbedtls_ecdsa_ ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.o + not grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.o + not grep mbedtls_ecjpake_ ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.o + # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled + not grep mbedtls_ecp_ ${CMAKE_BUILTIN_BUILD_DIR}/ecp.o + not grep mbedtls_rsa_ ${CMAKE_BUILTIN_BUILD_DIR}/rsa.o + not grep mbedtls_mpi_ ${CMAKE_BUILTIN_BUILD_DIR}/bignum.o + + # Run the tests + # ------------- + + msg "test suites: full + accelerated $accel_text algs - $removed_text - BIGNUM" + ctest +} + +component_test_accel_ecc_no_bignum () { + common_test_accel_ecc_ffdh_no_bignum "ECC" +} + +component_test_accel_ecc_ffdh_no_bignum () { + common_test_accel_ecc_ffdh_no_bignum "ECC_DH" +} + +component_test_accel_ecc_some_key_types () { + msg "build: full with accelerated EC algs and some key types" + + # Configure + # --------- + # Start from no builtin ECC at all, like in test_accel_ecc_all. Then, just + # disable MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE. + + ./scripts/config.py full + # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED + scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + + cp "tests/configs/user-config-accel-ecc.h" \ + "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-key-types.h" + cp "tests/configs/user-config-test-driver-extension.h" $OUT_OF_SOURCE_DIR + + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-key-types.h" \ + unset MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE + + # Build + # ----- + + cd $OUT_OF_SOURCE_DIR + cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="user-config-accel-ecc-some-key-types.h" .. + cmake --build . + + # ECP should be enabled but not the others + not grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.c.o + not grep mbedtls_ecdsa ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o + not grep mbedtls_ecjpake ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o + grep mbedtls_ecp_ ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + grep mbedtls_ecp_mul ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + + # Run the tests + # ------------- + + msg "test suites: full with accelerated EC algs and some key types" + ctest +} + +# Run tests with only (non-)Weierstrass accelerated +# Common code used in: +# - component_test_accel_ecc_weierstrass_curves +# - component_test_accel_ecc_non_weierstrass_curves +common_test_accel_ecc_some_curves () { + weierstrass=$1 + if [ $weierstrass -eq 1 ]; then + desc="Weierstrass" + else + desc="non-Weierstrass" + fi + msg "build: full minus PK with accelerated EC algs and $desc curves" + + # Configure + # --------- + + # Start with config crypto_full and remove PK_C: + # that's what's supported now, see docs/driver-only-builds.md. + ./scripts/config.py full + scripts/config.py unset MBEDTLS_PK_C + scripts/config.py unset MBEDTLS_PK_PARSE_C + scripts/config.py unset MBEDTLS_PK_WRITE_C + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + + # this is not supported by the driver API yet + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + cp "tests/configs/user-config-accel-ecc.h" "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-curves.h" + cp "tests/configs/user-config-test-driver-extension.h" $OUT_OF_SOURCE_DIR + + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-curves.h" \ + unset-all MBEDTLS_PSA_ACCEL_ECC_ + + if [ $weierstrass -eq 1 ]; then + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-curves.h" \ + set-all MBEDTLS_PSA_ACCEL_ECC_SECP + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-curves.h" \ + set-all MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL + else + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecc-some-curves.h" \ + set-all MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY + fi + + # Build + # ----- + + cd $OUT_OF_SOURCE_DIR + cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="user-config-accel-ecc-some-curves.h" .. + cmake --build . + + # We expect ECDH to be re-enabled for the missing curves + grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.c.o + # We expect ECP to be re-enabled, however the parts specific to the + # families of curves that are accelerated should be ommited. + # - functions with mxz in the name are specific to Montgomery curves + # - ecp_muladd is specific to Weierstrass curves + if [ $weierstrass -eq 1 ]; then + not grep mbedtls_ecp_muladd ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + grep mxz ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + else + grep mbedtls_ecp_muladd ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + not grep mxz ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + fi + # We expect ECDSA and ECJPAKE to be re-enabled only when + # Weierstrass curves are not accelerated + if [ $weierstrass -eq 1 ]; then + not grep mbedtls_ecdsa ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o + not grep mbedtls_ecjpake ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o + else + grep mbedtls_ecdsa ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o + grep mbedtls_ecjpake ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o + fi + + # Run the tests + # ------------- + + msg "test suites: crypto_full minus PK with accelerated EC algs and weirstrass curves" + ctest +} + +component_test_accel_ecc_weierstrass_curves () { + common_test_accel_ecc_some_curves 1 +} + +component_test_accel_ecc_non_weierstrass_curves () { + common_test_accel_ecc_some_curves 0 +} + component_test_accel_ecdh() { msg "build: accelerated ECDH" + # Configure + # --------- + + cp "tests/configs/user-config-accel-ecc.h" \ + "$OUT_OF_SOURCE_DIR/user-config-accel-ecdh.h" + cp "tests/configs/user-config-test-driver-extension.h" $OUT_OF_SOURCE_DIR + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecdh.h" \ + unset-all MBEDTLS_PSA_ACCEL_ALG + + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecdh.h" \ + set MBEDTLS_PSA_ACCEL_ALG_ECDH + # Build # ----- cd $OUT_OF_SOURCE_DIR - cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ - -DTF_PSA_CRYPTO_USER_CONFIG_FILE="../tests/configs/user-config-accel-ecdh.h" .. - make + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="user-config-accel-ecdh.h" .. + cmake --build . - # Make sure built-in ECDH was not re-enabled by accident (additive config) + # Make sure built-in ECDH is empty. not grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.c.o # Run the tests @@ -36,16 +370,34 @@ component_test_accel_ecdh() { component_test_accel_ecdsa() { msg "build: accelerated ECDSA" + # Configure + # --------- + + # Note: We accelerate all curves, including Montgomery curves, even though + # they are not usable for ECDSA. This is done because we want to test with + # PK enabled, and PK does not support partial acceleration of ECC curves. + + cp "tests/configs/user-config-accel-ecc.h" \ + "$OUT_OF_SOURCE_DIR/user-config-accel-ecdsa.h" + cp "tests/configs/user-config-test-driver-extension.h" $OUT_OF_SOURCE_DIR + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecdsa.h" \ + unset-all MBEDTLS_PSA_ACCEL_ALG + + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecdsa.h" \ + set MBEDTLS_PSA_ACCEL_ALG_ECDSA + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecdsa.h" \ + set MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA + # Build # ----- cd $OUT_OF_SOURCE_DIR cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ - -DTF_PSA_CRYPTO_USER_CONFIG_FILE="../tests/configs/user-config-accel-ecdsa.h" .. - make + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="user-config-accel-ecdsa.h" .. + cmake --build . - # Make sure built-in ECDSA was not re-enabled by accident (additive config) + # Make sure built-in ECDSA is empty. not grep mbedtls_ecdsa_ ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o # Run the tests @@ -55,6 +407,40 @@ component_test_accel_ecdsa() { ctest } +component_test_accel_ecjpake() { + msg "build: full with accelerated EC-JPAKE" + + # Configure + # --------- + + ./scripts/config.py full + cp "tests/configs/user-config-accel-ecc.h" \ + "$OUT_OF_SOURCE_DIR/user-config-accel-ecjpake.h" + cp "tests/configs/user-config-test-driver-extension.h" $OUT_OF_SOURCE_DIR + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecjpake.h" \ + unset-all MBEDTLS_PSA_ACCEL_ALG + + scripts/config.py -f "$OUT_OF_SOURCE_DIR/user-config-accel-ecjpake.h" \ + set MBEDTLS_PSA_ACCEL_ALG_JPAKE + + # Build + # ----- + + cd $OUT_OF_SOURCE_DIR + cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ + -DTF_PSA_CRYPTO_USER_CONFIG_FILE="user-config-accel-ecjpake.h" .. + cmake --build . + + # Make sure built-in EC-JPAKE is empty. + not grep mbedtls_ecjpake_init ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o + + # Run the tests + # ------------- + + msg "test: full with accelerated JPAKE" + ctest +} + component_test_accel_hash () { msg "test: accelerated hash" @@ -64,7 +450,7 @@ component_test_accel_hash () { cd $OUT_OF_SOURCE_DIR cmake -DTF_PSA_CRYPTO_TEST_DRIVER=On \ -DTF_PSA_CRYPTO_USER_CONFIG_FILE="../tests/configs/user-config-accel-hash.h" .. - make + cmake --build . # Make sure built-in hash objects are empty. not grep mbedtls_md5 ${CMAKE_BUILTIN_BUILD_DIR}/md5.c.o diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index dac0034942..4b9a151fc0 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -16,6 +16,7 @@ #include #include +#include #include #include