From 5081d6544da76964a0811375384a2509e0a26a52 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 2 Apr 2025 14:29:59 +0100 Subject: [PATCH 1/6] Switch all.sh components from selftest to which_aes Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 41 +++++++++++----------------- 1 file changed, 16 insertions(+), 25 deletions(-) mode change 100644 => 100755 tests/scripts/components-platform.sh diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh old mode 100644 new mode 100755 index abae2830ad..824e5ff2e5 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -120,15 +120,17 @@ component_test_aesni () { # ~ 60s msg "AES tests, test intrinsics" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" + # check that the intrinsics implementation is in use - this should be used by default when + # supported by the compiler + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # test the asm implementation msg "AES tests, test assembly" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - # check that we built assembly - this should be built if the compiler does not support intrinsics - ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly" + # check that the assembly implementation is in use - this should be used if the compiler + # does not support intrinsics + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI ASSEMBLY" # test the plain C implementation scripts/config.py unset MBEDTLS_AESNI_C @@ -137,20 +139,17 @@ component_test_aesni () { # ~ 60s make clean make CC=gcc CFLAGS='-O2 -Werror' # check that there is no AESNI code present - ./programs/test/selftest aes | not grep -q "AESNI code" - not grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest + not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes + # check that the built-in software implementation is in use + ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" - # test the intrinsics implementation + # test the AESNI implementation scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } support_test_aesni_m32 () { @@ -172,21 +171,15 @@ component_test_aesni_m32 () { # ~ 60s make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest - not grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } support_test_aesni_m32_clang () { @@ -205,10 +198,8 @@ component_test_aesni_m32_clang () { make clean make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } support_build_aes_armce () { From 9949f0093020f1db77669f18847be26a1d427eed Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 3 Apr 2025 15:05:21 +0100 Subject: [PATCH 2/6] Add tf-psa-crypto/programs/test/which_aes to Makefile Signed-off-by: Felix Conway --- programs/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/Makefile b/programs/Makefile index b26429061e..a043fe1912 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -47,6 +47,7 @@ APPS = \ ../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_hash \ + ../tf-psa-crypto/programs/test/which_aes \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -179,6 +180,10 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) echo " CC psa/psa_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) + echo " CC test/which_aes.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 8e13c8f018ecb78713e335b659605de1b1ed113d Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 3 Apr 2025 15:06:37 +0100 Subject: [PATCH 3/6] Add shebang to fix CI error Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 824e5ff2e5..9831b8f88e 100755 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -1,3 +1,5 @@ +#!/bin/bash + # components-platform.sh # # Copyright The Mbed TLS Contributors From ad7049407b79cdd5839e06d754c860fe3476dace Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 15:41:11 +0100 Subject: [PATCH 4/6] Remove executable permissions and shebang from component-platforms.sh Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 2 -- 1 file changed, 2 deletions(-) mode change 100755 => 100644 tests/scripts/components-platform.sh diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh old mode 100755 new mode 100644 index 9831b8f88e..824e5ff2e5 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -1,5 +1,3 @@ -#!/bin/bash - # components-platform.sh # # Copyright The Mbed TLS Contributors From 690858013199630d533dc0fe0225a20d4a788a47 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 17:05:00 +0100 Subject: [PATCH 5/6] Use aesni_crypt_ecb and internal_aes_encrypt to check conditional compilation Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 824e5ff2e5..25cfd4163d 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -138,8 +138,9 @@ component_test_aesni () { # ~ 60s msg "AES tests, plain C" make clean make CC=gcc CFLAGS='-O2 -Werror' - # check that there is no AESNI code present - not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes + # check that the plain C implementation is present and the AESNI one is not + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o + not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o # check that the built-in software implementation is in use ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" @@ -149,6 +150,9 @@ component_test_aesni () { # ~ 60s msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + # check that the AESNI implementation is present and the plain C one is not + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } @@ -172,6 +176,9 @@ component_test_aesni_m32 () { # ~ 60s make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + # check that both the AESNI and plain C implementations are present + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes scripts/config.py set MBEDTLS_AESNI_C @@ -180,6 +187,10 @@ component_test_aesni_m32 () { # ~ 60s make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" + # check that the AESNI implementation is present and the plain C one is not + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o + not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } support_test_aesni_m32_clang () { @@ -199,6 +210,9 @@ component_test_aesni_m32_clang () { make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + # check that both the AESNI and plain C implementations are present + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } From f065c311d4e8778e5dd4bae5d313dc750884bae6 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 22 Apr 2025 10:52:18 +0100 Subject: [PATCH 6/6] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 4a9f29b05c..f936d86b25 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 +Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6