From 0aef47a07e784ebcf949d0fa8fc41b808ae50b17 Mon Sep 17 00:00:00 2001 From: Ashish Sharma Date: Thu, 22 Jan 2026 16:34:15 +0800 Subject: [PATCH] change(mbedtls): rename builtin to mbed-builtin --- components/mbedtls/CMakeLists.txt | 3 + components/mbedtls/test_apps/main/test_ecp.c | 24 +---- .../mbedtls/test_apps/main/test_psa_ecdsa.c | 93 +------------------ .../mbedtls/test_apps/main/test_psa_gcm.c | 13 +-- .../mbedtls/test_apps/pytest_mbedtls_ut.py | 15 ++- .../mbedtls/test_apps/sdkconfig.ci.aria | 1 + 6 files changed, 27 insertions(+), 122 deletions(-) create mode 100644 components/mbedtls/test_apps/sdkconfig.ci.aria diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index e8eac5da22..1e69282055 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -186,6 +186,9 @@ endif() # Core libraries from the mbedTLS project set(mbedtls_targets mbedtls mbedx509 tfpsacrypto builtin) +add_library(mbed-builtin ALIAS builtin) +set_target_properties(builtin PROPERTIES OUTPUT_NAME "mbed-builtin") + target_include_directories(tfpsacrypto PUBLIC "port/include") message(STATUS "Setting up mbedtls configuration") diff --git a/components/mbedtls/test_apps/main/test_ecp.c b/components/mbedtls/test_apps/main/test_ecp.c index dc514efcdd..df8a684339 100644 --- a/components/mbedtls/test_apps/main/test_ecp.c +++ b/components/mbedtls/test_apps/main/test_ecp.c @@ -3,7 +3,7 @@ * Focus on testing functionality where we use ESP32 hardware * accelerated crypto features. * - * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -308,9 +308,7 @@ static void test_ecp_mul(mbedtls_ecp_group_id id, const uint8_t *x_coord, const TEST_ASSERT_EQUAL(0, memcmp(x, result_x_coord, mbedtls_mpi_size(&R.MBEDTLS_PRIVATE(X)))); TEST_ASSERT_EQUAL(0, memcmp(y, result_y_coord, mbedtls_mpi_size(&R.MBEDTLS_PRIVATE(Y)))); - if (id == MBEDTLS_ECP_DP_SECP192R1) { - TEST_PERFORMANCE_CCOMP_LESS_THAN(ECP_P192_POINT_MULTIPLY_OP, "%" NEWLIB_NANO_COMPAT_FORMAT" us", NEWLIB_NANO_COMPAT_CAST(elapsed_time)); - } else if (id == MBEDTLS_ECP_DP_SECP256R1) { + if (id == MBEDTLS_ECP_DP_SECP256R1) { TEST_PERFORMANCE_CCOMP_LESS_THAN(ECP_P256_POINT_MULTIPLY_OP, "%" NEWLIB_NANO_COMPAT_FORMAT" us", NEWLIB_NANO_COMPAT_CAST(elapsed_time)); #if SOC_ECC_SUPPORT_CURVE_P384 } else if (id == MBEDTLS_ECP_DP_SECP384R1) { @@ -326,15 +324,6 @@ static void test_ecp_mul(mbedtls_ecp_group_id id, const uint8_t *x_coord, const mbedtls_ecp_group_free(&grp); } -TEST_CASE("mbedtls ECP point multiply with SECP192R1", "[mbedtls]") -{ - test_ecp_mul(MBEDTLS_ECP_DP_SECP192R1, ecc_p192_point_x, ecc_p192_point_y, ecc_p192_scalar, - ecc_p192_mul_res_x, ecc_p192_mul_res_y); - - test_ecp_mul(MBEDTLS_ECP_DP_SECP192R1, ecc_p192_point_x, ecc_p192_point_y, NULL, - ecc_p192_small_mul_res_x, ecc_p192_small_mul_res_y); -} - TEST_CASE("mbedtls ECP point multiply with SECP256R1", "[mbedtls]") { test_ecp_mul(MBEDTLS_ECP_DP_SECP256R1, ecc_p256_point_x, ecc_p256_point_y, ecc_p256_scalar, @@ -383,9 +372,7 @@ static void test_ecp_verify(mbedtls_ecp_group_id id, const uint8_t *x_coord, con TEST_ASSERT_EQUAL(0, ret); - if (id == MBEDTLS_ECP_DP_SECP192R1) { - TEST_PERFORMANCE_CCOMP_LESS_THAN(ECP_P192_POINT_VERIFY_OP, "%" NEWLIB_NANO_COMPAT_FORMAT" us", NEWLIB_NANO_COMPAT_CAST(elapsed_time)); - } else if (id == MBEDTLS_ECP_DP_SECP256R1) { + if (id == MBEDTLS_ECP_DP_SECP256R1) { TEST_PERFORMANCE_CCOMP_LESS_THAN(ECP_P256_POINT_VERIFY_OP, "%" NEWLIB_NANO_COMPAT_FORMAT" us", NEWLIB_NANO_COMPAT_CAST(elapsed_time)); #if SOC_ECC_SUPPORT_CURVE_P384 } else if (id == MBEDTLS_ECP_DP_SECP384R1) { @@ -399,11 +386,6 @@ static void test_ecp_verify(mbedtls_ecp_group_id id, const uint8_t *x_coord, con mbedtls_ecp_group_free(&grp); } -TEST_CASE("mbedtls ECP point verify with SECP192R1", "[mbedtls]") -{ - test_ecp_verify(MBEDTLS_ECP_DP_SECP192R1, ecc_p192_mul_res_x, ecc_p192_mul_res_y); -} - TEST_CASE("mbedtls ECP point verify with SECP256R1", "[mbedtls]") { test_ecp_verify(MBEDTLS_ECP_DP_SECP256R1, ecc_p256_mul_res_x, ecc_p256_mul_res_y); diff --git a/components/mbedtls/test_apps/main/test_psa_ecdsa.c b/components/mbedtls/test_apps/main/test_psa_ecdsa.c index 1ebe7dfe6c..c9c1d25f78 100644 --- a/components/mbedtls/test_apps/main/test_psa_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_psa_ecdsa.c @@ -195,10 +195,6 @@ void test_ecdsa_verify(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8 psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); switch (curve) { - case ESP_ECDSA_CURVE_SECP192R1: - plen = 192; - hash_len = HASH_LEN; - break; case ESP_ECDSA_CURVE_SECP256R1: plen = 256; hash_len = HASH_LEN; @@ -237,9 +233,7 @@ void test_ecdsa_verify(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8 TEST_ASSERT_EQUAL(PSA_SUCCESS, status); elapsed_time = ccomp_timer_stop(); - if (curve == ESP_ECDSA_CURVE_SECP192R1) { - TEST_PERFORMANCE_CCOMP_LESS_THAN(ECDSA_P192_VERIFY_OP, "%" NEWLIB_NANO_COMPAT_FORMAT" us", NEWLIB_NANO_COMPAT_CAST(elapsed_time)); - } else if (curve == ESP_ECDSA_CURVE_SECP256R1) { + if (curve == ESP_ECDSA_CURVE_SECP256R1) { TEST_PERFORMANCE_CCOMP_LESS_THAN(ECDSA_P256_VERIFY_OP, "%" NEWLIB_NANO_COMPAT_FORMAT" us", NEWLIB_NANO_COMPAT_CAST(elapsed_time)); } #if SOC_ECDSA_SUPPORT_CURVE_P384 @@ -251,16 +245,6 @@ void test_ecdsa_verify(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8 psa_reset_key_attributes(&key_attr); } -TEST_CASE("mbedtls ECDSA signature verification performance on SECP192R1", "[mbedtls]") -{ -#if SOC_ECDSA_SUPPORTED - if (!ecdsa_ll_is_supported()) { - TEST_IGNORE_MESSAGE("ECDSA is not supported"); - } -#endif - test_ecdsa_verify(ESP_ECDSA_CURVE_SECP192R1, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y); -} - TEST_CASE("mbedtls ECDSA signature verification performance on SECP256R1", "[mbedtls]") { #if SOC_ECDSA_SUPPORTED @@ -291,11 +275,9 @@ TEST_CASE("mbedtls ECDSA signature verification performance on SECP384R1", "[mbe /* * This test assumes that ECDSA private key has been burnt in efuse. * - * ecdsa_key_p192.pem must be burnt in efuse block 4 * ecdsa_key_p256.pem must be burnt in efuse block 5 * ecdsa_key_p384.pem must be burnt in efuse block 6 and 7 */ -#define SECP192R1_EFUSE_BLOCK 4 // EFUSE_BLK_KEY0 #define SECP256R1_EFUSE_BLOCK 5 // EFUSE_BLK_KEY1 #define SECP384R1_EFUSE_BLOCK_HIGH 6 // EFUSE_BLK_KEY2 #define SECP384R1_EFUSE_BLOCK_LOW 7 // EFUSE_BLK_KEY3 @@ -327,11 +309,6 @@ void test_ecdsa_sign(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8_t psa_algorithm_t sha_alg = 0; switch (curve) { - case ESP_ECDSA_CURVE_SECP192R1: - hash_len = HASH_LEN; - plen = 192; - sha_alg = PSA_ALG_SHA_256; - break; case ESP_ECDSA_CURVE_SECP256R1: hash_len = HASH_LEN; plen = 256; @@ -390,14 +367,6 @@ void test_ecdsa_sign(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8_t psa_reset_key_attributes(&priv_attr); } -TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][efuse_key]") -{ - if (!ecdsa_ll_is_supported()) { - TEST_IGNORE_MESSAGE("ECDSA is not supported"); - } - test_ecdsa_sign(ESP_ECDSA_CURVE_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, SECP192R1_EFUSE_BLOCK); -} - TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_key]") { if (!ecdsa_ll_is_supported()) { @@ -442,17 +411,6 @@ static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_k free(key_config); } -TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_manager_key]") -{ - if (!key_mgr_ll_is_supported()) { - TEST_IGNORE_MESSAGE("Key manager is not supported"); - } - - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); - test_ecdsa_sign(ESP_ECDSA_CURVE_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); -} - TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_manager_key]") { if (!key_mgr_ll_is_supported()) { @@ -466,14 +424,6 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_mana #endif /* SOC_KEY_MANAGER_SUPPORTED */ #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE -TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]") -{ - if (!ecdsa_ll_is_deterministic_mode_supported()) { - ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); - } else { - test_ecdsa_sign(ESP_ECDSA_CURVE_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, true, SECP192R1_EFUSE_BLOCK); - } -} TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][efuse_key]") { @@ -493,20 +443,6 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP384R1", "[mbe #endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */ #if SOC_KEY_MANAGER_SUPPORTED -TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][key_manager_key]") -{ - if (!key_mgr_ll_is_supported()) { - TEST_IGNORE_MESSAGE("Key manager is not supported"); - } - - if (!ecdsa_ll_is_deterministic_mode_supported()) { - ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); - } else { - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); - test_ecdsa_sign(ESP_ECDSA_CURVE_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); - } -} TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][key_manager_key]") { @@ -538,10 +474,6 @@ void test_ecdsa_export_pubkey(esp_ecdsa_curve_t curve, const uint8_t *pub_x, con psa_algorithm_t sha_alg = 0; switch (curve) { - case ESP_ECDSA_CURVE_SECP192R1: - plen = 192; - sha_alg = PSA_ALG_SHA_256; - break; case ESP_ECDSA_CURVE_SECP256R1: plen = 256; sha_alg = PSA_ALG_SHA_256; @@ -588,14 +520,6 @@ void test_ecdsa_export_pubkey(esp_ecdsa_curve_t curve, const uint8_t *pub_x, con psa_reset_key_attributes(&key_attr); } -TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][efuse_key]") -{ - if (!ecdsa_ll_is_supported()) { - TEST_IGNORE_MESSAGE("ECDSA is not supported"); - } - test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP192R1, ecdsa192_pub_x, ecdsa192_pub_y, SECP192R1_EFUSE_BLOCK); -} - TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]") { if (!ecdsa_ll_is_supported()) { @@ -613,16 +537,6 @@ TEST_CASE("mbedtls ECDSA export public key on SECP384R1", "[mbedtls][efuse_key]" #endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */ #if SOC_KEY_MANAGER_SUPPORTED -TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][key_manager_key]") -{ - if (!key_mgr_ll_is_supported()) { - TEST_IGNORE_MESSAGE("Key manager is not supported"); - } - - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); - test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP192R1, ecdsa192_pub_x, ecdsa192_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); -} TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager_key]") { @@ -644,11 +558,6 @@ void test_ecdsa_sign_verify_import_export_error_codes(esp_ecdsa_curve_t curve, c psa_algorithm_t sha_alg = 0; switch (curve) { - case ESP_ECDSA_CURVE_SECP192R1: - hash_len = HASH_LEN; - plen = 192; - sha_alg = PSA_ALG_SHA_256; - break; case ESP_ECDSA_CURVE_SECP256R1: hash_len = HASH_LEN; plen = 256; diff --git a/components/mbedtls/test_apps/main/test_psa_gcm.c b/components/mbedtls/test_apps/main/test_psa_gcm.c index 5bc858a0c5..f747a9b0d3 100644 --- a/components/mbedtls/test_apps/main/test_psa_gcm.c +++ b/components/mbedtls/test_apps/main/test_psa_gcm.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2025-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -13,8 +13,7 @@ #include "unity.h" #include "sdkconfig.h" -#if CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER - +#ifdef CONFIG_MBEDTLS_ARIA_C static const uint8_t key_256[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, @@ -22,10 +21,8 @@ static const uint8_t key_256[] = { 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, }; -TEST_CASE("PSA ARIA-GCM multipart", "[psa-gcm]") +TEST_CASE("PSA ARIA-GCM multipart", "[psa-gcm][aria]") { - // TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_crypto_init()); - const size_t SZ = 100; const size_t iv_SZ = 12; // GCM typically uses 12 bytes IV const size_t tag_SZ = 16; // GCM tag size @@ -134,7 +131,7 @@ TEST_CASE("PSA ARIA-GCM multipart", "[psa-gcm]") psa_destroy_key(key_id); } -TEST_CASE("PSA ARIA-GCM one-shot", "[psa-gcm]") +TEST_CASE("PSA ARIA-GCM one-shot", "[psa-gcm][aria]") { // TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_crypto_init()); @@ -209,4 +206,4 @@ TEST_CASE("PSA ARIA-GCM one-shot", "[psa-gcm]") /* Destroy the key */ psa_destroy_key(key_id); } -#endif /* CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER */ +#endif /* CONFIG_MBEDTLS_ARIA_C */ diff --git a/components/mbedtls/test_apps/pytest_mbedtls_ut.py b/components/mbedtls/test_apps/pytest_mbedtls_ut.py index 2edea13c17..6723bef695 100644 --- a/components/mbedtls/test_apps/pytest_mbedtls_ut.py +++ b/components/mbedtls/test_apps/pytest_mbedtls_ut.py @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2022-2026 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: CC0-1.0 import pytest from pytest_embedded import Dut @@ -116,3 +116,16 @@ def test_mbedtls_ecdsa_sign(dut: Dut) -> None: @idf_parametrize('target', ['esp32s3'], indirect=['target']) def test_mbedtls_ds_rsa(dut: Dut) -> None: dut.run_all_single_board_cases(group='ds_rsa') + + +@pytest.mark.generic +@pytest.mark.parametrize( + 'config', + [ + 'aria', + ], + indirect=True, +) +@idf_parametrize('target', ['esp32s3'], indirect=['target']) +def test_mbedtls_aria(dut: Dut) -> None: + dut.run_all_single_board_cases(group='aria') diff --git a/components/mbedtls/test_apps/sdkconfig.ci.aria b/components/mbedtls/test_apps/sdkconfig.ci.aria new file mode 100644 index 0000000000..9aa619c011 --- /dev/null +++ b/components/mbedtls/test_apps/sdkconfig.ci.aria @@ -0,0 +1 @@ +CONFIG_MBEDTLS_ARIA_C=y