Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 2.28: Start testing the PSA built-in drivers: hashes #8222

Merged
merged 5 commits into from
Nov 21, 2023
Merged

Backport 2.28: Start testing the PSA built-in drivers: hashes #8222

merged 5 commits into from
Nov 21, 2023
+629 −133

Conversation

tgonzalezorlandoarm
Copy link
Contributor

Description

Backport of #7803

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

  • changelog no (test only)
  • backport this is the backport
  • tests provided

Notes for the submitter

Please refer to the contributing guidelines, especially the
checklist for PR contributors.

Sorry, something went wrong.

@tgonzalezorlandoarm tgonzalezorlandoarm added component-crypto Crypto primitives and low-level interfaces size-s Estimated task size: small (~2d) component-test Test framework and CI scripts priority-high High priority - will be reviewed soon labels Sep 18, 2023
@tgonzalezorlandoarm tgonzalezorlandoarm self-assigned this Sep 18, 2023
@tgonzalezorlandoarm tgonzalezorlandoarm changed the base branch from development to mbedtls-2.28 September 18, 2023 14:09
@tgonzalezorlandoarm
Copy link
Contributor Author

A couple of questions:

  1. @gilles-peskine-arm I only left your Sign-off and author as these are your commits. I have barely retouched one commit to make it fit to the backport, so I hope this is okay, let me know otherwise.
  2. I see that the test does not get generated. I can't find why it's behaving this way, I would appreciate any pointers.

@tgonzalezorlandoarm tgonzalezorlandoarm added the needs-ci Needs to pass CI tests label Sep 18, 2023
@gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm I only left your Sign-off and author as these are your commits. I have barely retouched one commit to make it fit to the backport, so I hope this is okay, let me know otherwise.

That's fine. The signoff line isn't the author line, it's a claim that we have the rights to contribute the code. Between arm employees, we don't really care who signs off: we're all signing off as agents of our employer.

I see that the test does not get generated. I can't find why it's behaving this way, I would appreciate any pointers.

In 2.28, all generated files are checked into git (because we don't require users to have the necessary tools). When you do something that affects a generated source file, you need to run tests/scripts/check_generated_files -u and commit the result.

@tgonzalezorlandoarm tgonzalezorlandoarm force-pushed the tg/backport-psa-low-hash-mac-size branch from 74a08ac to 890ca87 Compare September 19, 2023 09:33
@tgonzalezorlandoarm
Copy link
Contributor Author

Perfect, thanks for the information @gilles-peskine-arm ! I've just updated the files accordingly

@tgonzalezorlandoarm tgonzalezorlandoarm marked this pull request as ready for review September 19, 2023 09:42
@tgonzalezorlandoarm tgonzalezorlandoarm added needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Sep 19, 2023
@daverodgman daverodgman added priority-very-high Highest priority - prioritise this over other review work and removed priority-high High priority - will be reviewed soon labels Sep 29, 2023
@gilles-peskine-arm gilles-peskine-arm added priority-high High priority - will be reviewed soon and removed needs-ci Needs to pass CI tests priority-very-high Highest priority - prioritise this over other review work labels Sep 29, 2023
@gilles-peskine-arm
Copy link
Contributor

Looks like I merged #7803 without waiting for its backport, which is this pull request. That's not ideal, but it's not a big deal either since this is just tests. The original pull request was motivated by improved driver support, which doesn't exist in 2.28: we wanted extra tests to make sure the driver interface supports drivers well. The reason to backport is mostly to facilitate the backports of future tests.

Since this is just tests and not bug fixes, it doesn't matter if we make a release with #7803 but not its backport.

gilles-peskine-arm
gilles-peskine-arm requested changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code move wasn't backported correctly.

scripts/mbedtls_dev/psa_information.py
@@ -0,0 +1,162 @@
"""Collect information about PSA cryptographic mechanisms.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commit "Move PSA information and dependency automation into their own module" should be doing the following:

  • Create psa_information.py and write some stuff at the top (docstring, copyright notice, imports).
  • Move blocks of code from generate_psa_tests.py to psa_information.py.
  • In generate_psa_tests.py, add psa_information. when referencing functions that have moved to the new module.
  • (not in 2.28) update dependencies in makefiles.

b4b5402 is not doing this correctly: it's adding code from development. This commit needs to be reconstructed rather than cherry-picked.

This has consequences, some benign, some not. One bad consequence is that PSA_WANT_KEY_TYPE_xxx_KEY_PAIR dependencies have moved to their 3.5 names, which is wrong because those names don't exist in 2.28. This causes some test cases to be never executed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I now managed to do the backport properly, sorry for the confusion

@gilles-peskine-arm gilles-peskine-arm added needs-work and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Sep 29, 2023
@minosgalanakis minosgalanakis mentioned this pull request Oct 3, 2023
Merged
3 tasks
@tgonzalezorlandoarm tgonzalezorlandoarm force-pushed the tg/backport-psa-low-hash-mac-size branch from 890ca87 to 5f6057b Compare October 30, 2023 16:38
@tgonzalezorlandoarm tgonzalezorlandoarm added needs-review Every commit must be reviewed by at least two team members, and removed needs-work labels Oct 30, 2023
@tgonzalezorlandoarm
Move PSA information and dependency automation into their own module
734d22c 
This will let us use these features from other modules (yet to be created).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
tgonzalezorlandoarm and others added 3 commits October 31, 2023 09:32
@tgonzalezorlandoarm
New test suite for the low-level hash interface
2bff1bf 
Some basic test coverage for now:

* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.

Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
@gilles-peskine-arm @tgonzalezorlandoarm
Remove dead code
e25a619 
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
@gilles-peskine-arm @tgonzalezorlandoarm
Fix type annotation
9043a2f 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@tgonzalezorlandoarm tgonzalezorlandoarm force-pushed the tg/backport-psa-low-hash-mac-size branch from 5f6057b to 9043a2f Compare October 31, 2023 09:33
gilles-peskine-arm
gilles-peskine-arm previously approved these changes Oct 31, 2023
View reviewed changes
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

scripts/mbedtls_dev/psa_information.py
Comment on lines +83 to +84
if not all((dep.lstrip('!') in _implemented_dependencies or
not dep.lstrip('!').startswith('PSA_WANT'))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

734d22c changed these two lines from

    if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep)

The new code is better, so that's ok. It would have been better to do this in a separate commit, but never mind now.

@tgonzalezorlandoarm tgonzalezorlandoarm added needs-reviewer This PR needs someone to pick it up for review needs-review Every commit must be reviewed by at least two team members, and removed needs-review Every commit must be reviewed by at least two team members, labels Oct 31, 2023
@minosgalanakis minosgalanakis self-requested a review November 9, 2023 14:27
@minosgalanakis
Copy link
Contributor

minosgalanakis commented Nov 10, 2023
edited
Loading

This PR looks good code-wise but I think it should be be updated to the newer licence headers.

@tgonzalezorlandoarm
Update new license headers
Loading
Loading status checks…
5fae560 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
@tgonzalezorlandoarm tgonzalezorlandoarm removed the needs-reviewer This PR needs someone to pick it up for review label Nov 13, 2023
minosgalanakis
minosgalanakis approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@minosgalanakis minosgalanakis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

gilles-peskine-arm
gilles-peskine-arm approved these changes Nov 20, 2023
View reviewed changes
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tgonzalezorlandoarm tgonzalezorlandoarm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, labels Nov 20, 2023
@daverodgman daverodgman added this pull request to the merge queue Nov 21, 2023
Merged via the queue into Mbed-TLS:mbedtls-2.28 with commit b9c7058 Nov 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gilles-peskine-arm gilles-peskine-arm

@minosgalanakis minosgalanakis

Assignees

@tgonzalezorlandoarm tgonzalezorlandoarm

Labels
approved Design and code approved - may be waiting for CI or backports component-crypto Crypto primitives and low-level interfaces component-test Test framework and CI scripts priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)
Projects
Past EPICs
Status: Mbed TLS 3.6 release
Roadmap Board for Mbed TLS
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tgonzalezorlandoarm @gilles-peskine-arm @minosgalanakis @daverodgman