cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-28 16:03:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix configuration for accelerated jpake

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-02-27 13:00:57 +01:00
parent 4dc83d40af
commit 4aa99403f4
7 changed files with 33 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/mbedtls/config_psa.h
View File

@ -147,12 +147,15 @@ extern "C" {
#endif #endif
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
#define MBEDTLS_PSA_BUILTIN_PAKE 1 #define MBEDTLS_PSA_BUILTIN_PAKE 1
#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_BIGNUM_C #define MBEDTLS_BIGNUM_C
#define MBEDTLS_ECP_C #define MBEDTLS_ECP_C
#define MBEDTLS_ECJPAKE_C #define MBEDTLS_ECJPAKE_C
#define MBEDTLS_SHA256_C
#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) #if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)

2
include/psa/crypto_extra.h
View File

@ -2042,7 +2042,7 @@ struct psa_pake_operation_s {
/* Holds computation stage of the PAKE algorithms. */ /* Holds computation stage of the PAKE algorithms. */
union { union {
uint8_t MBEDTLS_PRIVATE(dummy); uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake);
#endif #endif
} MBEDTLS_PRIVATE(computation_stage); } MBEDTLS_PRIVATE(computation_stage);

24
library/psa_crypto.c
View File

@ -7255,7 +7255,7 @@ psa_status_t psa_pake_setup(
operation->alg = cipher_suite->algorithm; operation->alg = cipher_suite->algorithm;
operation->data.inputs.cipher_suite = *cipher_suite; operation->data.inputs.cipher_suite = *cipher_suite;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake; &operation->computation_stage.jpake;
@ -7405,7 +7405,7 @@ exit:
} }
/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step(
psa_jpake_computation_stage_t *stage) psa_jpake_computation_stage_t *stage)
{ {
@ -7499,7 +7499,7 @@ static psa_status_t psa_pake_complete_inputs(
mbedtls_free(inputs.password); mbedtls_free(inputs.password);
if (status == PSA_SUCCESS) { if (status == PSA_SUCCESS) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *computation_stage =
@ -7517,7 +7517,7 @@ static psa_status_t psa_pake_complete_inputs(
return status; return status;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_output_prologue( static psa_status_t psa_jpake_output_prologue(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_step_t step) psa_pake_step_t step)
@ -7639,7 +7639,7 @@ psa_status_t psa_pake_output(
} }
switch (operation->alg) { switch (operation->alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_output_prologue(operation, step); status = psa_jpake_output_prologue(operation, step);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
@ -7653,7 +7653,7 @@ psa_status_t psa_pake_output(
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
status = psa_driver_wrapper_pake_output(operation, status = psa_driver_wrapper_pake_output(operation,
convert_jpake_computation_stage_to_driver_step( convert_jpake_computation_stage_to_driver_step(
&operation->computation_stage.jpake), &operation->computation_stage.jpake),
@ -7670,7 +7670,7 @@ psa_status_t psa_pake_output(
} }
switch (operation->alg) { switch (operation->alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_output_epilogue(operation); status = psa_jpake_output_epilogue(operation);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
@ -7689,7 +7689,7 @@ exit:
return status; return status;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_input_prologue( static psa_status_t psa_jpake_input_prologue(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_step_t step, psa_pake_step_t step,
@ -7816,7 +7816,7 @@ psa_status_t psa_pake_input(
} }
switch (operation->alg) { switch (operation->alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_input_prologue(operation, step, input_length); status = psa_jpake_input_prologue(operation, step, input_length);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
@ -7830,7 +7830,7 @@ psa_status_t psa_pake_input(
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
status = psa_driver_wrapper_pake_input(operation, status = psa_driver_wrapper_pake_input(operation,
convert_jpake_computation_stage_to_driver_step( convert_jpake_computation_stage_to_driver_step(
&operation->computation_stage.jpake), &operation->computation_stage.jpake),
@ -7846,7 +7846,7 @@ psa_status_t psa_pake_input(
} }
switch (operation->alg) { switch (operation->alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_input_epilogue(operation); status = psa_jpake_input_epilogue(operation);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
@ -7879,7 +7879,7 @@ psa_status_t psa_pake_get_implicit_key(
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake; &operation->computation_stage.jpake;

8
tests/include/test/drivers/crypto_config_test_driver_extension.h
View File

@ -158,6 +158,14 @@
#endif #endif
#endif #endif
#if defined(PSA_WANT_ALG_JPAKE)
#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE
#else
#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_KEY_TYPE_AES)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES

44
tests/scripts/all.sh
View File

@ -2500,7 +2500,7 @@ component_test_psa_crypto_config_accel_aead () {
make test make test
} }
component_test_psa_crypto_config_accel_pake () { component_test_psa_crypto_config_accel_pake() {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
# Start with full # Start with full
@ -2518,44 +2518,8 @@ component_test_psa_crypto_config_accel_pake () {
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_ECJPAKE_C
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
tests/ssl-opt.sh -f "ECJPAKE"
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
make test
}
component_test_psa_crypto_config_accel_pake_no_fallback () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback"
# Start with full
scripts/config.py full
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
loc_accel_list="ALG_JPAKE"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_ECJPAKE_C
# Make build-in fallback not available # Make build-in fallback not available
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_JPAKE scripts/config.py unset MBEDTLS_ECJPAKE_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
# Dynamic secure element support is a deprecated feature and needs to be disabled here. # Dynamic secure element support is a deprecated feature and needs to be disabled here.
@ -2565,7 +2529,9 @@ component_test_psa_crypto_config_accel_pake_no_fallback () {
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" not grep mbedtls_ecjpake_init library/ecjpake.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
make test make test
} }

2
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View File

@ -2976,7 +2976,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg,
data_t *forced_output, int expected_status_arg, data_t *forced_output, int expected_status_arg,
int fut) int fut)

6
tests/suites/test_suite_psa_crypto_pake.function
View File

@ -909,7 +909,7 @@ void ecjpake_size_macros()
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_input_getters_password() void pake_input_getters_password()
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
@ -975,7 +975,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_input_getters_cipher_suite() void pake_input_getters_cipher_suite()
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
@ -1008,7 +1008,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_input_getters_role() void pake_input_getters_role()
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();