From 1c49cff468c4b56ec076638f63c91ce24e8c3025 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 23 Sep 2024 14:38:59 +0200 Subject: [PATCH] Use PSA macros for the `curves` domain Exclude the SECP224K1 curve due it is unstable via the PSA API. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 68 ++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index f7fc60f579..2765e72b3d 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -274,21 +274,21 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'], - 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'], - 'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'], - 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'], - 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'], - 'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'], - 'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'], - 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256', - 'PSA_WANT_ALG_JPAKE', - 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], - 'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'], - 'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'], - 'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'], - 'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'], - 'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'], + 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], + 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], + 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], + 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], + 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C', + 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_512': ['MBEDTLS_ECP_DP_SECP512R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_224': ['MBEDTLS_ECP_DP_SECP224K1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', @@ -362,12 +362,12 @@ REVERSE_DEPENDENCIES = { EXCLUSIVE_GROUPS = { 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', '-MBEDTLS_SSL_TLS_C'], - 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C',], - 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C'], + 'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C', + '-MBEDTLS_ECDSA_DETERMINISTIC', + '-MBEDTLS_ECJPAKE_C',], + 'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C', + '-MBEDTLS_ECDSA_DETERMINISTIC', + '-MBEDTLS_ECJPAKE_C'], 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', @@ -512,8 +512,23 @@ class DomainData: # Find hash modules by name. hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') - # Find elliptic curve enabling macros by name. - curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z') + + # Find elliptic curve enabling macros + # Mapping is needed for PSA_WANT_ECC_SECP_K1_224 because it actually uses 225 bits. + key_type_mapping = {('PSA_ECC_FAMILY_SECP_K1', '225'): ('PSA_ECC_FAMILY_SECP_K1', '224')} + def get_symbol_from_key_type(key_type_family, bit_size): + (family_name, corrected_bit_size) = key_type_mapping.get((key_type_family, bit_size), + (key_type_family, bit_size)) + symbol = psa_information.finish_family_dependency(family_name, corrected_bit_size) + return psa_information.psa_want_symbol(symbol) + + curve_symbols = {symbol + for symbol in (get_symbol_from_key_type(key_type.family_name, bit_size) + for key_type in key_types + if key_type.family_name in psa_info.ecc_curves + for bit_size in key_type.sizes_to_test()) + if symbol in self.all_config_symbols} + # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') @@ -541,8 +556,13 @@ class DomainData: 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, build_and_test), + # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test), + # The SECP_K1_224 is not stable via the PSA API. + # See https://github.com/Mbed-TLS/mbedtls/issues/3541 + 'curves': ExclusiveDomain(curve_symbols, + build_and_test, + exclude=r'PSA_WANT_ECC_SECP_K1_224'), # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used # across various modules, but it depends on either SHA256 or SHA512.