Validate values of PSA Crypto macros against spec #3936
Conversation
bensze01
added
mbed TLS team
needs-ci
Revision: 76df6622ac6508d477733f5f45f5c0bed472e192 include/psa/crypto.h sphinx-source/appendix/specdef_values.rst Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
bensze01
force-pushed
the
psa_validate
branch
from
72523c6 to
71c509d
Compare
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
bensze01
force-pushed
the
psa_validate
branch
from
71c509d to
75c5710
Compare
|
Force-pushed PR to fix a permissions issue. Content unchanged. |
There was a problem hiding this comment.
I gave this a quick overview and I think the test achieves its intended purpose, but the code should be refactored to avoid duplication and the integration isn't quite right. So I propose to use the script manually for now to validate that we make the right changes to crypto*.h to conform to the PSA specification 1.0.1, and take our time to finish the script and include it in our tests.
| Based on the MacroCollector in generate_psa_constants.py, | ||
| but *just* different enough not to warrant inheriting anything from it. | ||
|
|
||
| Should probably create a shared base class for the two of them at some point. |
There was a problem hiding this comment.
Yes. Let's use this script to validate that we get the values right, but not merge it until we've cleaned it up and got rid of code duplication.
| #endif | ||
| ''' | ||
|
|
||
| class MacroCollector(): |
There was a problem hiding this comment.
For information, I'm working on a script that generates storage test cases, and it also uses the MacroCollector class. So far I've only made a tiny patch and then I derive from it. As discussed internally, I'm going to create a directory scripts/mbedtls_dev and start putting non-executable Python modules there.
There was a problem hiding this comment.
#3953 creates scripts/mbedtls_dev. MacroCollector could be moved to a new module there. (import generate_psa_constants.MacroCollector would work, but creating a new module is cleaner.)
| component_check_verify_psa_macros () { | ||
| msg "Check: verify PSA Crypto macros against spec" # ~ 2s | ||
| make -C programs test/verify_psa_macros | ||
| if_build_succeeded programs/test/verify_psa_macros |
There was a problem hiding this comment.
This is independent of the library configuration, so I think it should be part of an existing component, like tests/scripts/test_psa_constant_names.py.
| os.chdir('..') | ||
| generate_verify_psa_macros(('scripts/data_files/psa_spec/crypto.h', | ||
| 'scripts/data_files/psa_spec/specdef_values.rst'), | ||
| 'programs/test/verify_psa_macros.c') |
There was a problem hiding this comment.
Is it useful to have verify_psa_macros.c as a test program checked into the repository? It seems to me like this program has no value except to compile it, run it and see its output as part of a test, so it could be generated and run on the fly like test_psa_constant_names.py does.
| @@ -0,0 +1,562 @@ | |||
| typedef /* implementation-defined type */ psa_aead_operation_t; | |||
There was a problem hiding this comment.
This is generated from a commit which is slightly anterior to the psa-crypto-api-1.0.1 tag, and slightly different (1.0.1 has additional lifetime-related macros). Let's base our copy on the official released version.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Tag: psa-crypto-api-1.0.1 Revision: 9ce27ef1c6b196184cf7b1665b62c0371d1b81b6 include/psa/crypto.h sphinx-source/appendix/specdef_values.rst Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
bensze01
force-pushed
the
psa_validate
branch
from
efea61e to
6bb6395
Compare
To PSA Crypto API version 1.0.1 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
For PSA Crypto API 1.0.1 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
bensze01
force-pushed
the
psa_validate
branch
from
6bb6395 to
4b11b25
Compare
bensze01
added
needs-work
and removed
needs-review
| {header} | ||
|
|
||
| #define hash_alg PSA_ALG_SHA_256 | ||
| #define mac_alg PSA_ALG_CMAC |
There was a problem hiding this comment.
Missing: aead_alg (for PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG and PSA_ALG_AEAD_WITH_SHORTENED_TAG).
| #define mac_alg PSA_ALG_CMAC | ||
| #define ka_alg PSA_ALG_ECDH | ||
| #define kdf_alg PSA_ALG_HKDF(PSA_ALG_SHA_256) | ||
| #define mac_length 4 |
There was a problem hiding this comment.
Missing: tag_length (for PSA_ALG_AEAD_WITH_SHORTENED_TAG).
| {header} | ||
|
|
||
| #define hash_alg PSA_ALG_SHA_256 | ||
| #define mac_alg PSA_ALG_CMAC |
There was a problem hiding this comment.
Using a single value isn't enough to test the shortened/default-length macros. There needs to be at least one shortened value as well.
There was a problem hiding this comment.
More generally, this program should test several parameter values for each type of parameter. Possibly have the Python code enumerate all possible arguments by reusing code from test_psa_constant_names.py.
|
This is a PR, moved the corresponding issue (#3922) into the epic and backlog boards instead. I have added it to the unified board as well. |
daverodgman
added
the
historical-reviewed
daverodgman
added
component-psa
|
We are now converting older PRs to draft PRs where the following conditions are met: They have not been updated in the last 3 months, and they need more than non-trivial work to complete. |
Description
This PR adds a test case which validates the values of the PSA macros in our headers (except
_IS_and_GET_macros already covered elsewhere) against the PSA crypto API spec.It also warns about macros present in the spec, but not defined by us.
Closes #3922
Status
IN DEVELOPMENT
Requires Backporting
No, PSA only
Migrations
Still need to update the PSA macros in our headers to match the spec.
Additional comments
I'll push a new commit to update PSA macros after verifying the tests fail correctly.
Todos