lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Document limitation on "mixed" builds

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2023-09-27 10:34:52 +02:00
parent 5c21036d19
commit f7dc6cfef1
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/driver-only-builds.md
View File

@ -179,6 +179,30 @@ builtin and PSA sides. In particular:
curve. In other words, in order to exclue all builtin algs, all the required curve. In other words, in order to exclue all builtin algs, all the required
curves should be supported and accelerated by the PSA driver. curves should be supported and accelerated by the PSA driver.
### Limitations regarding "mixed" builds (driver and built-in)
In order for a build to be driver-only (no built-in implementation), all the
requested algorithms, key types (key operations) and curves must be
accelerated (plus a few other restrictions, see "Limitations regarding fully
removing `ecp.c`" above). However, what if you have an accelerator that only
supports some algorithms, some key types (key operations), or some curves, but
want to have more enabled in you build?
It is possible to have acceleration for only a subset of the requested
algorithms. In this case, the built-in implementation of the accelerated
algorithms will be disabled, provided all the requested curves and key types
that can be used with this algorithm are also declared as accelerated.
There is very limited support for having acceleration for only a subset of the
requested key type operations. The only configuration that's tested is that of
a driver accelerating `PUBLIC_KEY`, `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`,
`KEY_PAIR_EXPORT` but not `KEY_PAIR_GENERATE`. (Note: currently the driver
interface does not support `KEY_PAIR_DERIVE`.)
There is limited support for having acceleration for only a subset of the
requested curves. In such builds, only the PSA API is currently tested and
working; there are known issues in PK, and X.509 and TLS are untested.
Finite-field Diffie-Hellman Finite-field Diffie-Hellman
--------------------------- ---------------------------

4
tests/scripts/all.sh
View File

@ -2584,7 +2584,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
make test make test
} }
# Run tests with only (non-)Weierstrass accelerated # Run tests with only (non-)Weierstrass accelerated
# Common code used in: # Common code used in:
# - component_test_psa_crypto_config_accel_ecc_weirstrass_curves # - component_test_psa_crypto_config_accel_ecc_weirstrass_curves
@ -2689,7 +2688,8 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
# ------------- # -------------
msg "test suites: full with accelerated EC algs and $DESC curves" msg "test suites: full with accelerated EC algs and $DESC curves"
make test # does not work for PK (and above), see #8255
make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug
} }
component_test_psa_crypto_config_accel_ecc_weirstrass_curves () { component_test_psa_crypto_config_accel_ecc_weirstrass_curves () {