search

Mbed-TLS / TF-PSA-Crypto

Reference implementation of the PSA Cryptography API
Apache License 2.0
9 stars 7 forks source link

Investigate psa-crypto all.sh test and build components #57

Open ronald-cron-arm opened 1 year ago

ronald-cron-arm commented 1 year ago

Investigate which Mbed TLS all.sh test and build components should have an equivalent in psa-crypto and in what form. List of Mbed TLS test components in the below tables as of 87fe996.

Below table of the Mbed TLS all.sh test components for which it is planned to have an equivalent in psa-crypto: Mbed TLS psa-crypto Issue Comment
default_out_of_box
default_no_deprecated 54
default_cmake_gcc_asan 56
default_cmake_gcc_asan_new_bignum 56
full_cmake_gcc_asan 59
full_cmake_gcc_asan_new_bignum 59
full_cmake_gcc_asan_new_bignum_test_hooks 59
full_no_deprecated 59
full_no_deprecated_deprecated_warning 59
full_deprecated_warning 59
full_cmake_clang 59
psa_compliance psa_compliance -
psa_crypto_drivers psa_crypto_drivers -
ccm_aes_sha256 ccm_aes_sha256 - ref_configs?
cmake_as_subdirectory cmake_as_subdirectory 33
cmake_as_package cmake_as_package 33
cmake_as_package_install cmake_as_package_install 33
cmake_shared cmake_shared 33
clang_latest_opt 60
clang_earliest_opt 60
gcc_latest_opt 60
gcc_earliest_opt 60
psa_crypto_config_accel_ecdsa 61
psa_crypto_config_accel_ecdh 62
psa_crypto_config_accel_ffdh 62
psa_crypto_config_reference_ffdh 62
psa_crypto_config_accel_pake 62
psa_crypto_config_accel_ecc_ecp_light_only 62
psa_crypto_config_reference_ecc_ecp_light_only 62
psa_crypto_config_accel_ecc_ffdh_no_bignum 62
psa_crypto_config_reference_ecc_ffdh_no_bignum 62
psa_crypto_config_accel_ecc_no_ecp_at_all 62
psa_crypto_config_reference_ecc_no_ecp_at_all 62
psa_crypto_config_accel_ecc_no_bignum 62
psa_crypto_config_reference_ecc_no_bignum 62
psa_crypto_config_accel_all_curves_except_p192 62
psa_crypto_config_accel_all_curves_except_x25519 62
psa_crypto_config_accel_rsa_signature 62
psa_crypto_config_accel_hash 62
psa_crypto_config_accel_hash_keep_builtins 62
psa_crypto_config_accel_hash_use_psa` 62
psa_crypto_config_reference_hash_use_psa 62
psa_crypto_config_accel_cipher 62
psa_crypto_config_accel_aead 62
psa_ecc_key_pair_no_derive 63
psa_ecc_key_pair_no_generate 63
new_psa_want_key_pair_symbol 63
aead_chachapoly_disabled 63
aead_only_ccm 63
psa_crypto_key_id_encodes_owner 63
crypto_for_psa_service 63
test_psa_crypto_rsa_no_genprime test_no_rsa_key_pair_generation 63
memsan 64
memsan_constant_flow_psa 64
valgrind_psa 64
valgrind_constant_flow_psa 64
aesni 65
aes_only_128_bit_keys 65
aes_only_128_bit_keys_have_builtins 65
aes_fewer_tables 65
aes_rom_tables 65
aes_fewer_tables_and_rom_tables 65
no_ctr_drbg_use_psa hmac_drbg 67
no_ctr_drbg_aes_only_128_bit_keys hmac_drbg_aes_only_128_bit_keys 67
ctr_drbg_aes_256_sha_256 67
ctr_drbg_aes_128_sha_512 67
ctr_drbg_aes_128_sha_256 67
psa_external_rng_no_drbg_use_psa psa_external_rng 67
psa_external_rng_use_psa_crypto psa_external_rbg 67
no_udbl_division 68
no_64bit_multiplication 68
m32_o0 68
m32_o2 68
mx32 68
min_mpi_window_size 68
have_int32 68
have_int64 68
psa_inject_entropy 69
depends_py_cipher_id_psa 70
depends_py_cipher_chaining_psa 70
depends_py_curves_psa 70
depends_py_hashes_psa 70
depends_py_pkalgs_psa 70
rsa_no_crt 73
test_memory_buffer_allocator_backtrace 74
test_memory_buffer_allocator 74
test_ref_configs 75
test_tfm_config_p256m_driver_accel_ec test_ccm_aes_sha256_secp256r1_p256m 77

TBC

ronald-cron-arm commented 1 year ago
Below table of the Mbed TLS all.sh test components with still some unknows: Mbed TLS component Comment
test_malloc_0_null Based on a configuration option that does not exist yet in psa-crypto
test_zeroize Test psa_crypto_zeroize?
test_no_pem_no_fs Need a PEM configuration options, not sure how to add it yet
test_everest Everest in psa-crypto? Should be as a driver but no driver support in PSA key agreement yet
test_everest_curve25519_only ditto
test_m32_everest ditto
test_psa_collect_statuses Not essential in the first place it seems
ronald-cron-arm commented 1 year ago
Below table of the Mbed TLS all.sh test components for which it is NOT planned to have an equivalent in psa-crypto: Mbed TLS component Comment
tls1_2_default_stream_cipher_only TLS
tls1_2_default_stream_cipher_only_use_psa TLS
tls1_2_default_cbc_legacy_cipher_only TLS
tls1_2_deafult_cbc_legacy_cipher_only_use_psa TLS
tls1_2_default_cbc_legacy_cbc_etm_cipher_only TLS
tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa TLS
tls1_2_ecjpake_compatibility TLS
tls13_only TLS
tls13_only_psk TLS
tls13_only_ephemeral TLS
tls13_only_ephemeral_ffdh` TLS
tls13_only_psk_ephemeral TLS
tls13_only_psk_ephemeral_ffdh TLS
tls13_only_psk_all TLS
tls13_only_ephemeral_all TLS
tls13 TLS
tls13_no_compatibility_mode TLS
tls13_only_record_size_limit TLS
small_ssl_out_content_len TLS
small_ssl_in_content_len TLS
small_ssl_dtls_max_buffering TLS
small_mbedtls_ssl_dtls_max_buffering TLS
no_renegotiation TLS
no_max_fragment_length TLS
no_x509_info x509
memsan_constant_flow Only version with USE_PSA_CRYPTO enabled
valgrind_constant_flow Only version with USE_PSA_CRYPTO enabled
valgrind Only version with USE_PSA_CRYPTO enabled
no_strings no DEBUG, ERROR, VERSION_FEATURES
dtls_cid_legacy TLS
ssl_alloc_buffer_and_mfl TLS
se_default MBEDTLS_PSA_CRYPTO_SE_C not supported in psa-crypto
psa_external_rng_no_drbg_classic Only version with USE_PSA_CRYPTO enabled
no_ctr_drbg_classic Only version with USE_PSA_CRYPTO enabled
no_hmac_drbg_classic Only version with USE_PSA_CRYPTO enabled
sw_inet_pton TLS
asan_remove_peer_certificate TLS
no_use_psa_crypto_full_cmake_asan USE_PSA_CRYPTO enabled
no_max_fragment_length_small_ssl_out_content_len TLS
variable_ssl_in_out_buffer_len TLS
when_no_ciphersuites_have_mac TLS
depends_py_cipher_id Only version with USE_PSA_CRYPTO enabled
depends_py_cipher_chaining Only version with USE_PSA_CRYPTO enabled
depends_py_cipher_padding Only version with USE_PSA_CRYPTO enabled
depends_py_curves Only version with USE_PSA_CRYPTO enabled
depends_py_hashes Only version with USE_PSA_CRYPTO enabled
depends_py_kex Only version with USE_PSA_CRYPTO enabled
depends_py_pkalgs Only version with USE_PSA_CRYPTO enabled
depends_py_cipher_padding_psa No cipher padding config options in psa-crypto
depends_py_kex_psa TLS
make_shared Only CMake
cmake_out_of_source all builds are out of source
no_platform No platform module
no_date_time No time module
crypto_full_md_light_only Mbed TLS config specific
platform_calloc_macro No calloc macro
aesni_m32 No support for VIA Padlock
no_hmac_drbg_use_psa Equivalent to DRBG default configuration
psa_crypto_client Not possible to disable the PSA Crypto implementation
full_no_cipher Rather a no cipher reference config tested with test-ref-configs.pl/py
full_no_bignum Rather a no asymmetric crypto reference config tested with test-ref-configs.pl/py
tfm_config No tf-m psa-crypto config for the time being, currently have the ref config ccm-aes-sha256-secp256r1.h
full_cmake_gcc_asan_new_bignum_test_hooks Redundant with full_cmake_gcc_asan_new_bignum
ronald-cron-arm commented 1 year ago

Below table of the Mbed TLS all.sh build components for which it is planned to have an equivalent in psa-crypto:

Mbed TLS psa-crypto Issue Comment
build_arm_clang_thumb 79
build_arm_linux_gnueabi_gcc_arm5vte 79
build_arm_none_eabi_gcc 79
build_arm_none_eabi_gcc_arm5vte 79
build_arm_none_eabi_gcc_m0plus 79
build_arm_none_eabi_gcc_no_64bit_multiplication 79
build_arm_none_eabi_gcc_no_udbl_division 79
build_baremetal 79
build_psa_accel_alg_hkdf 80
build_psa_accel_alg_hmac 80
build_psa_accel_alg_md5 80
build_psa_accel_alg_ripemd160 80
build_psa_accel_alg_rsa_oaep 80
build_psa_accel_alg_rsa_pkcs1v15_crypt 80
build_psa_accel_alg_rsa_pkcs1v15_sign 80
build_psa_accel_alg_rsa_pss 80
build_psa_accel_alg_sha1 80
build_psa_accel_alg_sha224 80
build_psa_accel_alg_sha256 80
build_psa_accel_alg_sha384 80
build_psa_accel_alg_sha512 80
build_psa_accel_key_type_rsa_key_pair 80
build_psa_accel_key_type_rsa_public_key 80
build_aes_variations 81 *_ALT and PADLOCK config options not relevant
build_cmake_custom_config_file 81
build_psa_alt_headers 81
build_psa_crypto_spm 81
build_zeroize_checks 81
Below table of the Mbed TLS all.sh build components for which it is NOT planned to have an equivalent in psa-crypto: Mbed TLS build component Comment
build_aes_via_padlock No PADLOCK support in psa-crypto
build_crypto_baremetal Identical to build_baremetal in psa-crypto context
build_crypto_default Done in test components
build_crypto_full Done in test components
build_dhm_alt No DHM_ALT config option
build_mbedtls_config_file No user Mbed TLS config file in psa-crypto
build_module_alt No _ALT config options in psa-crypto
build_no_sockets TLS
build_no_ssl_cli TLS
build_no_ssl_srv TLS
build_no_pk_rsa_alt_support No equivalent of MBEDTLS_PK_RSA_ALT_SUPPORT
build_psa_accel_alg_ecdh Redundant with psa_crypto_config_accel_ecdh
build_psa_config_file No make build system
build_tfm No psa-crypto TF-M config yet
build_no_std_function Some ref configs used in test components without STD functions already