mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Update the reference configs to use `MBEDTLS_PSA_CRYPTO_CONFIG`

Open Ryan-Everett-arm opened this issue 10 months ago • 5 comments

Description

Update the reference configs to use the new PSA symbols and have MBEDTLS_PSA_CRYPTO_CONFIG turned on. These configs are tested by component_test_ref_configs, which runs them with PSA disabled/enabled.

This doesn't modify config-no-entropy.h, it is my understanding that PSA requires entropy so this config does not work with this change.

The new config files were created by replacing legacy symbols with equivalent PSA symbols (the equivalences can be derived from config_adjust_legacy_from_psa.h and config_adjust_psa_from_legacy.h). The crypto config files are referenced in the same style config-tfm uses. Defined and inferred symbols can be checked via ./build/programs/test/query_compile_time_config -l

Progresses #8153.

Dependency: https://github.com/Mbed-TLS/mbedtls/issues/9063

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

  • [x] changelog not required
  • [x] 3.6 backport for a few small preexisting issues: https://github.com/Mbed-TLS/mbedtls/pull/9160
  • [x] 2.28 backport not required - 4.0 work
  • [x] tests check that each configuration still seems to do what it's intended to do, e.g. that it's executing the right test cases

Ryan-Everett-arm avatar Apr 25 '24 16:04 Ryan-Everett-arm

FYI all_u16-test_m32_o2 error is a timeout rather than a test failure

tom-daubney-arm avatar Apr 26 '24 13:04 tom-daubney-arm

I am happy to review this PR but won't have time today, and am out Mon and Tues next week, which is not ideal timing for Ryan's rotation. If this is not fully reviewed by Wednesday morning I will pick it up and do it Weds.

tom-daubney-arm avatar Apr 26 '24 13:04 tom-daubney-arm

I have addressed the uncontroversial issues with this PR. The test coverage comments and HMAC comments may need some more discussion before a change can be made.

Ryan-Everett-arm avatar Apr 30 '24 16:04 Ryan-Everett-arm

@gilles-peskine-arm I believe your comments have been all addressed now. The head is now https://github.com/Mbed-TLS/mbedtls/commit/33897b974ec1a8ac96f346852428e7f038231b44. I am now rebasing on top of development to get the benefits of 9067.

ronald-cron-arm avatar May 16 '24 06:05 ronald-cron-arm

@gilles-peskine-arm I've addressed your last comments, please have another look. Thanks.

ronald-cron-arm avatar May 21 '24 06:05 ronald-cron-arm