Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Driver-only ECDH starter #7142

Merged
merged 7 commits into from
Mar 7, 2023
Merged

Driver-only ECDH starter #7142

merged 7 commits into from
Mar 7, 2023

Conversation

mpg
Copy link
Contributor

@mpg mpg commented Feb 21, 2023
edited by valeriosetti
Loading

Description

This creates / updates the infrastructure for testing work on driver-only ECDH.

Context: see #6839. This is about the TL-ecdh intermediate goal - not doing the work itself, just putting the test components in place. TL-ecdh will be achieved when the all.sh component introduced here is complete (full config without undue exclusions, running ssl-opt.sh too) and has testing parity with its reference component (that is, no undue "ignore"s in analyze_outcome.py).

Follow-ups: tasks being created:

Gatekeeper checklist

  • changelog not required - test only
  • backport not required - new feature
  • tests provided

mpg added 4 commits February 21, 2023 12:19
@mpg
Add comments to accel_ecdh component
e3095e7 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg
Add component accel_ecdh_use_psa
59a2b8f 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg
Add comparison of accel_ecdh_use_psa against ref
e91bcf3 
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg
Fix some dependencies in test_suite_psa_crypto
d1c001a 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg mpg added enhancement component-crypto Crypto primitives and low-level interfaces size-s Estimated task size: small (~2d) labels Feb 21, 2023
@mpg mpg self-assigned this Feb 21, 2023
@mpg mpg requested a review from valeriosetti February 21, 2023 13:02
@mpg mpg added needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Feb 22, 2023
@mpg mpg mentioned this pull request Feb 22, 2023
Closed
valeriosetti
valeriosetti previously approved these changes Feb 24, 2023
View reviewed changes
Copy link
Contributor

@valeriosetti valeriosetti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ;)

@AndrzejKurek AndrzejKurek self-requested a review March 2, 2023 10:15
AndrzejKurek
AndrzejKurek reviewed Mar 2, 2023
View reviewed changes
tests/scripts/all.sh Outdated
# Disable the module that's accelerated
scripts/config.py unset MBEDTLS_ECDH_C
fi
# Disable things that depend on it
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please either remove this comment, or unset kex defines conditionally

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll give my 2cents here. Albeit it is not explicitly written, I think that @mpg's plan is to start with these key exchanges disabled and then remove these lines as long as the ECDH task moves forward. We did the same for accelerated ECDSA.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, it's just good to have a comment / follow-up issue linked to explain why these are disabled even if MBEDTLS_ECDH_C isn't :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I'll add a comment, as this is not intuitive indeed.

AndrzejKurek
AndrzejKurek reviewed Mar 2, 2023
View reviewed changes
tests/scripts/all.sh Outdated
not grep mbedtls_ecdh_ library/ecdh.o

# Run the tests
# -------------

msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"

AndrzejKurek
AndrzejKurek reviewed Mar 2, 2023
View reviewed changes
tests/scripts/all.sh Outdated
# Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa.
# Used by tests/scripts/analyze_outcomes.py for comparison purposes.
component_test_psa_crypto_config_reference_ecdh_use_psa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG reference ECDH + USE_PSA"

AndrzejKurek
AndrzejKurek reviewed Mar 2, 2023
View reviewed changes
tests/scripts/all.sh Outdated

make

msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA"
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG reference ECDH + USE_PSA"

AndrzejKurek
AndrzejKurek reviewed Mar 2, 2023
View reviewed changes
tests/scripts/all.sh Outdated
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED

# Build the library
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Build the library
# Build the main library

AndrzejKurek
AndrzejKurek reviewed Mar 2, 2023
View reviewed changes
tests/scripts/all.sh Outdated
# Use the same config as reference, only without built-in ECDH
config_psa_crypto_config_ecdh_use_psa 1

# Build the library
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Build the library
# Build the main library

AndrzejKurek
AndrzejKurek suggested changes Mar 2, 2023
View reviewed changes
Copy link
Contributor

@AndrzejKurek AndrzejKurek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments left.

mpg added 2 commits March 6, 2023 13:35
@mpg
Add comment about shared config function
0d1f5be 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg
Fix some message strings and comments in all.sh
07d9262 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg mpg removed the needs-reviewer This PR needs someone to pick it up for review label Mar 6, 2023
@mpg
Copy link
Contributor Author

mpg commented Mar 6, 2023

@AndrzejKurek Thanks for your review! I think I've addressed your comments, so this should be ready to review again.

@mpg mpg requested review from AndrzejKurek and valeriosetti March 6, 2023 12:42
AndrzejKurek
AndrzejKurek previously approved these changes Mar 6, 2023
View reviewed changes
valeriosetti
valeriosetti requested changes Mar 6, 2023
View reviewed changes
Copy link
Contributor

@valeriosetti valeriosetti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only found one mistake (which I guess might be due to some investigation about issue #7148)

tests/scripts/all.sh Outdated
Comment on lines 2305 to 2306
#make test
tests/ssl-opt.sh
Copy link
Contributor

@valeriosetti valeriosetti Mar 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like an error to me: I think that in this PR we should run make test, but not ssl-opt.sh as the latter is supposed to be solved in #7148 . Isn't it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, thanks for catching this. Indeed you guessed right, this was supposed to be a local experiment that I never intended to commit.

@mpg
Revert local experiment.
86393db 
This was never meant to be committed here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@AndrzejKurek AndrzejKurek added approved Design and code approved - may be waiting for CI or backports needs-ci Needs to pass CI tests and removed needs-review Every commit must be reviewed by at least two team members, labels Mar 6, 2023
@mpg mpg removed the needs-ci Needs to pass CI tests label Mar 7, 2023
@mpg mpg merged commit a5ffa93 into Mbed-TLS:development Mar 7, 2023
This was referenced Mar 9, 2023
Merged
Closed
Closed
Merged
@mpg mpg mentioned this pull request Mar 28, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valeriosetti valeriosetti valeriosetti approved these changes

@AndrzejKurek AndrzejKurek AndrzejKurek approved these changes

Assignees

@mpg mpg

Labels
approved Design and code approved - may be waiting for CI or backports component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mpg @AndrzejKurek @valeriosetti