Merge pull request #6415 from mprse/aead_driver_test_2_28_backport

2.28 backport: Enable testing of AEAD drivers with libtestdriver1

ChangeLog.d/fix_aead_psa_driver_build.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix compilation errors when trying to build with
+     PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305).

include/psa/crypto_builtin_composites.h

@@ -43,6 +43,12 @@
 #define MBEDTLS_PSA_BUILTIN_MAC
 #endif
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+#define MBEDTLS_PSA_BUILTIN_AEAD  1
+#endif
+
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
 typedef struct
 {

tests/include/test/drivers/config_test_driver.h

@@ -39,6 +39,7 @@
 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
 #define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_ENTROPY_C
+#define MBEDTLS_POLY1305_C
 
 /*
  * Configuration options that may need to be additionally enabled for the

tests/include/test/drivers/crypto_config_test_driver_extension.h

@@ -158,6 +158,14 @@
 #endif
 #endif
 
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
+#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1
+#endif
+#endif
+
 #if defined(PSA_WANT_KEY_TYPE_AES)
 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
 #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
@@ -198,9 +206,16 @@
 #endif
 #endif
 
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
+#else
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1
+#endif
+#endif
+
 #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1
-#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1
 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
@@ -232,7 +247,6 @@
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1

tests/scripts/all.sh

@@ -1962,6 +1962,41 @@ component_test_psa_crypto_config_accel_cipher () {
     make test
 }
 
+component_test_psa_crypto_config_accel_aead () {
+    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
+
+    # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+    # partial support for cipher operations in the driver test library.
+    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+    scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+    loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
+    loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+    make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+    scripts/config.py unset MBEDTLS_GCM_C
+    scripts/config.py unset MBEDTLS_CCM_C
+    scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+    # Features that depend on AEAD
+    scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+    scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+    loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+    make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+    # There's a risk of something getting re-enabled via config_psa.h
+    # make sure it did not happen.
+    not grep mbedtls_ccm library/ccm.o
+    not grep mbedtls_gcm library/gcm.o
+    not grep mbedtls_chachapoly library/chachapoly.o
+
+    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
+    make test
+}
+
 component_test_psa_crypto_config_no_driver() {
     # full plus MBEDTLS_PSA_CRYPTO_CONFIG
     msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"

tests/src/drivers/test_driver_aead.c

@@ -28,6 +28,10 @@
 
 #include "test/drivers/aead.h"
 
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#include "libtestdriver1/library/psa_crypto_aead.h"
+#endif
+
 mbedtls_test_driver_aead_hooks_t
     mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
 
@@ -49,6 +53,18 @@ psa_status_t mbedtls_test_transparent_aead_encrypt(
     }
     else
     {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
+        mbedtls_test_driver_aead_hooks.driver_status =
+            libtestdriver1_mbedtls_psa_aead_encrypt(
+                (const libtestdriver1_psa_key_attributes_t *)attributes,
+                key_buffer, key_buffer_size,
+                alg,
+                nonce, nonce_length,
+                additional_data, additional_data_length,
+                plaintext, plaintext_length,
+                ciphertext, ciphertext_size, ciphertext_length );
+#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
         mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_encrypt(
                 attributes, key_buffer, key_buffer_size,
@@ -57,8 +73,23 @@ psa_status_t mbedtls_test_transparent_aead_encrypt(
                 additional_data, additional_data_length,
                 plaintext, plaintext_length,
                 ciphertext, ciphertext_size, ciphertext_length );
+#else
+        (void) attributes;
+        (void) key_buffer;
+        (void) key_buffer_size;
+        (void) alg;
+        (void) nonce;
+        (void) nonce_length;
+        (void) additional_data;
+        (void) additional_data_length;
+        (void) plaintext;
+        (void) plaintext_length;
+        (void) ciphertext;
+        (void) ciphertext_size;
+        (void) ciphertext_length;
+        mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
+#endif
     }
-
     return( mbedtls_test_driver_aead_hooks.driver_status );
 }
 
@@ -80,6 +111,18 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
     }
     else
     {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
+        mbedtls_test_driver_aead_hooks.driver_status =
+            libtestdriver1_mbedtls_psa_aead_decrypt(
+                (const libtestdriver1_psa_key_attributes_t *)attributes,
+                key_buffer, key_buffer_size,
+                alg,
+                nonce, nonce_length,
+                additional_data, additional_data_length,
+                ciphertext, ciphertext_length,
+                plaintext, plaintext_size, plaintext_length );
+#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
         mbedtls_test_driver_aead_hooks.driver_status =
             mbedtls_psa_aead_decrypt(
                 attributes, key_buffer, key_buffer_size,
@@ -88,8 +131,23 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
                 additional_data, additional_data_length,
                 ciphertext, ciphertext_length,
                 plaintext, plaintext_size, plaintext_length );
+#else
+        (void) attributes;
+        (void) key_buffer;
+        (void) key_buffer_size;
+        (void) alg;
+        (void) nonce;
+        (void) nonce_length;
+        (void) additional_data;
+        (void) additional_data_length;
+        (void) ciphertext;
+        (void) ciphertext_length;
+        (void) plaintext;
+        (void) plaintext_size;
+        (void) plaintext_length;
+        mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
+#endif
     }
-
     return( mbedtls_test_driver_aead_hooks.driver_status );
 }