Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

driver-only ECC: ECPf.PK testing #7682

Merged
merged 11 commits into from
Jun 22, 2023
Merged

driver-only ECC: ECPf.PK testing #7682

merged 11 commits into from
Jun 22, 2023

Conversation

valeriosetti
Copy link
Contributor

@valeriosetti valeriosetti commented Jun 5, 2023
edited by mpg
Loading

This PR re-enables the PK module while keeping the ECP one disabled in the following test components:

  • component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa
  • component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa

Depends on #7717
Resolve #7453

PR checklist

@valeriosetti valeriosetti added needs-review Every commit must be reviewed by at least two team members, needs-ci Needs to pass CI tests needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels Jun 5, 2023
@valeriosetti valeriosetti requested a review from mpg June 5, 2023 10:31
@valeriosetti valeriosetti self-assigned this Jun 5, 2023
@valeriosetti
Copy link
Contributor Author

Note for reviewers: this PR starts at de15ba2

@valeriosetti valeriosetti force-pushed the issue7453 branch 2 times, most recently from dfda836 to 80fc0b5 Compare June 6, 2023 10:43
@valeriosetti valeriosetti removed the needs-ci Needs to pass CI tests label Jun 6, 2023
mpg
mpg requested changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking pretty good, just a few suggestions for improvements.

mpg
mpg reviewed Jun 7, 2023
View reviewed changes
@valeriosetti valeriosetti requested a review from mpg June 7, 2023 15:54
mpg
mpg requested changes Jun 8, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks almost entirely good to me! Just one last point - upon closer inspection, I changed my mind about a suggestion I made, sorry.

@valeriosetti valeriosetti requested a review from mpg June 8, 2023 08:57
mpg
mpg previously approved these changes Jun 8, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@valeriosetti valeriosetti mentioned this pull request Jun 8, 2023
Merged
3 tasks
@valeriosetti valeriosetti requested a review from mpg June 8, 2023 13:25
mpg
mpg previously approved these changes Jun 9, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for noticing the missing free() call that I misses. (Or was it caught by the CI?)

@mpg mpg mentioned this pull request Jun 9, 2023
Closed
@valeriosetti
Copy link
Contributor Author

Or was it caught by the CI?

It was caught by the CI indeed. At first I didn't realize that pk_convert_compressed_ec() was allocating the mbedtls_ecp_keypair directly on its own stack so of course this has to be cleaned on exit ':)

mpg
mpg reviewed Jun 12, 2023
View reviewed changes
tests/scripts/all.sh
@@ -2452,7 +2429,6 @@ component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () {
not grep mbedtls_ecjpake_ library/ecjpake.o
# Also ensure that ECP or RSA modules were not re-enabled
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSA should no longer be mentioned here

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still stands

@mpg
Copy link
Contributor

mpg commented Jun 12, 2023

Note: there a few remaining occurrences of ECP_LIGHT that should be changed to MBEDTLS_PK_HAVE_ECC_KEYS. In particular, those that guard the #include "pkwrite.h" in pkparse.c and pkwrite.c. After this PR, trying to build and run tests in a configuration similar to config_psa_crypto_full_all_ec_algs_no_ecp_use_psa but without RSA would fail (even after the check in check_config.h has been fixed).

I'm not sure if we should consider fixing this in scope for this PR, or leave it for a follow-up, but it will need to be fixed at some point.

Also, I'm starting to wonder if have #7717 depend on this one is really the right way, or if we should have this one depending on 7717 instead. Possible reasons for reversing the dependency:

  • 7717 belongs to an earlier EPIC than this one, so it's more logical for later things to depend on ealiers ones,
  • with 7717 done, I think here we should be able to achieve a state where ECP_LIGHT is never referenced anymore in any pk*.c or pk*.h file - which is easier to review as having to go over all uses and think if they're OK or not.

Wdyt?

@mpg mpg changed the title driver-only ECC: ECP.PK starter driver-only ECC: ECPf.PK testing Jun 13, 2023
@valeriosetti
Copy link
Contributor Author

I'm not sure if we should consider fixing this in scope for this PR, or leave it for a follow-up, but it will need to be fixed at some point.

I'm more for a follow up PR if this is not strictly mandatory to make the CI happy for this one. This helps in keeping the PRs smaller and easy to review.

with 7717 done, I think here we should be able to achieve a state where ECP_LIGHT is never referenced anymore in any pk*.c or pk*.h file - which is easier to review as having to go over all uses and think if they're OK or not.

Ok, this sounds to me like a major benefit of reversing the dependency, so I'll work on this for both PRs

@mpg
Copy link
Contributor

mpg commented Jun 14, 2023

I'm more for a follow up PR if this is not strictly mandatory to make the CI happy for this one. This helps in keeping the PRs smaller and easy to review.

Agreed.

@valeriosetti
test: re-enable PK and RSA in component without ECP/ECP_LIGHT
1814bb7 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
pk: add new symbol to state that PK has support for EC keys
e489e81 
Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS
has been move on top of the pk.h file because we need these symbols
when crypto.h is evaluated otherwise functions like
mbedtls_ecc_group_of_psa() won't be available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
81d7512 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
test: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
545a0d6 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
pk: remove useless internal function
30fdc03 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
build_info: do not enable ECP_LIGHT when PSA_WANT_ALG_ECDSA
f54ca35 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
psa: move mbedtls_ecc_group_to_psa() from inline function to standard…
bc2b1d3 
… one

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_…
a9aab1a 
…group_of_psa()

This allows also to:
- removing the dependency on ECP_C for these functions and only rely
  on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
  their original position in pk.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
pkwrite: fix wrong guard position for pk_get_opaque_ec_family()
e165136 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti
test: ignore compressed points' tests when checking coverage without …
5bd2523 
…ECP at all

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
mpg
mpg previously approved these changes Jun 20, 2023
View reviewed changes
@mpg mpg mentioned this pull request Jun 20, 2023
Merged
3 tasks
AndrzejKurek
AndrzejKurek reviewed Jun 20, 2023
View reviewed changes
tests/suites/test_suite_pkparse.data Outdated
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0

Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0

Parse Public EC Key #10 (RFC 8410, DER, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost all of these tests have duplicated "depends_on" field, MBEDTLS_PK_HAVE_ECC_KEYS, with the place in the function file,

/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_public_keyfile_ec(char *key_file, int result)

If all test cases that call this function need this define, then there's no use of adding it again in the .data file.
If only selected test cases need this define, please remove it from the .function file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct! Thanks for noticing this ;)

AndrzejKurek
AndrzejKurek suggested changes Jun 20, 2023
View reviewed changes
Copy link
Contributor

@AndrzejKurek AndrzejKurek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only one remark about the tests left.

@valeriosetti
test: remove duplicate PK_HAVE_ECC_KEYS dependency in pkparse suite
4b3c02b 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
@valeriosetti valeriosetti requested review from AndrzejKurek and mpg June 21, 2023 09:23
mpg
mpg approved these changes Jun 21, 2023
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AndrzejKurek AndrzejKurek added needs-ci Needs to pass CI tests approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Jun 21, 2023
@mpg mpg removed the needs-ci Needs to pass CI tests label Jun 22, 2023
@mpg mpg merged commit 2fb9d00 into Mbed-TLS:development Jun 22, 2023
@valeriosetti valeriosetti deleted the issue7453 branch December 6, 2024 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpg mpg mpg approved these changes

@AndrzejKurek AndrzejKurek AndrzejKurek approved these changes

Assignees

@valeriosetti valeriosetti

Labels
approved Design and code approved - may be waiting for CI or backports priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

driver-only ECC: ECPf.PK testing
3 participants
@valeriosetti @mpg @AndrzejKurek