Update the hashes domain to use PSA macros in depends.py
#9634
Conversation
gabor-mezei-arm
added
enhancement
needs-ci
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
8ab32ac to
fcfc93d
Compare
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
fcfc93d to
baa11a9
Compare
gabor-mezei-arm
removed
the
needs-preceding-pr
gabor-mezei-arm
added
needs-review
ronald-cron-arm
removed
the
needs-reviewer
minosgalanakis
left a comment
minosgalanakis
left a comment
There was a problem hiding this comment.
Looks good. Some minor non blocking comments.
tests/scripts/depends.py
Outdated
| alter_names = {'!' + symbol for symbol in config_settings.keys()} | ||
| job = Job(description, config_settings, commands, alter_names) | ||
| self.jobs.append(job) | ||
| valid_symbols -= config_settings.keys() |
There was a problem hiding this comment.
Question.
Updating the valid_symbols while iterating through the mutual_exlusion implies that that a single valid_symbol can only pair with a single group. So we cannot have two groups that depend on the same valid_symbol
Is that intended as per design?
tests/scripts/depends.py
Outdated
| # across various modules, but it depends on either SHA256 or SHA512. | ||
| # As a consequence an "exclusive" test of anything other than SHA256 | ||
| # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible. | ||
| # Note for update: when MBEDTLS_SHA3_C is removed the mutual_exclusion |
There was a problem hiding this comment.
We need a common operator to indicate things that need to be done in the documentation. Until that is decided shoud we use TODO: which is global?
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
0e4ecd0 to
7151645
Compare
|
Rebased |
There was a problem hiding this comment.
First, I see the grouping mechanism (or mutual_exclusion) as a improvement but not really as something necessary.
In terms of complementary domain jobs, we should have !PSA_WANT_ALG_SHA3_224 !PSA_WANT_ALG_SHA3_256 !PSA_WANT_ALG_SHA3_384 !PSA_WANT_ALG_SHA3_512. I know in all of them MBEDTLS_SHA3_C is enabled but they are not completely equivalent, we have some code guarded by only PSA_WANT_ALG_SHA3_224/256 ... In all these jobs, MBEDTLS_SHA3_C is indeed not disabled but we have the same kind of situation with !PSA_WANT_ALG_SHA_224/384 and !PSA_WANT_ALG_SHA_256/512 (sha256/512.c "enabled").
I agree that it would be nice to keep the case where MBEDTLS_SHA3_C is disabled and have on top of the above jobs, the job !(PSA_WANT_ALG_SHA3_224 PSA_WANT_ALG_SHA3_256 PSA_WANT_ALG_SHA3_384 PSA_WANT_ALG_SHA3_512) as we have currently.
Thus we could add grouping support for complementary and exclusive domains. It should then probably be a "groups" parameter not a "mutual_exclusion" as the latter does not fit well with exclusive domains I'd say. We would have then for hashes, three groups:
- PSA_WANT_ALG_SHA3_224 + PSA_WANT_ALG_SHA3_256 + PSA_WANT_ALG_SHA3_384 + PSA_WANT_ALG_SHA3_512
- PSA_WANT_ALG_SHA_224 + PSA_WANT_ALG_SHA_256
- PSA_WANT_ALG_SHA_384 + PSA_WANT_ALG_SHA_512
I propose to move the grouping support in another PR and here to do only the changes to reach the point where for hashes we have the following jobs:
!PSA_WANT_ALG_SHA3_224 !PSA_WANT_ALG_SHA3_256 !PSA_WANT_ALG_SHA3_384 !PSA_WANT_ALG_SHA3_512 !PSA_WANT_ALG_MD5 !PSA_WANT_ALG_RIPEMD160 !PSA_WANT_ALG_SHA_1 !PSA_WANT_ALG_SHA_224 !PSA_WANT_ALG_SHA_256 !PSA_WANT_ALG_SHA_384 !PSA_WANT_ALG_SHA_512 PSA_WANT_ALG_SHA_256 PSA_WANT_ALG_SHA_512
See my comment below about disabling MBEDTLS_SHA3_C as a reverse dependency.
tests/scripts/depends.py
Outdated
| 'PSA_WANT_ALG_SHA3_224': ['MBEDTLS_SHA3_C'], | ||
| 'PSA_WANT_ALG_SHA3_256': ['MBEDTLS_SHA3_C'], | ||
| 'PSA_WANT_ALG_SHA3_384': ['MBEDTLS_SHA3_C'], | ||
| 'PSA_WANT_ALG_SHA3_512': ['MBEDTLS_SHA3_C'], |
There was a problem hiding this comment.
For !PSA_WANT_ALG_SHA3_224 !PSA_WANT_ALG_SHA3_256 !PSA_WANT_ALG_SHA3_384 !PSA_WANT_ALG_SHA3_512 (see my general comment on the PR) this is problematic. We are close to remove the MBEDTLS_SHA3_C config option, thus I would say let's just remove that now.
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
7151645 to
8d62e8f
Compare
gabor-mezei-arm
added
needs-ci
Yes, I think we should really prioritize the minimal changes that are needed in order to unblock other work, and leave any improvements for a follow-up. |
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
8d62e8f to
48372ed
Compare
|
@gabor-mezei-arm Thanks for updating this. Unfortunately, there are now conflicts, and also the CI has complaints about the code style. Can you fix that and then re-request a review? As of for the other |
gabor-mezei-arm
added
the
needs-preceding-pr
|
The |
Ah, I wasn't aware, thanks for the info! |
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
48372ed to
b65099a
Compare
Signed-off-by: Gabor Mezei <[email protected]>
Signed-off-by: Gabor Mezei <[email protected]>
gabor-mezei-arm
force-pushed
the
9144_update_depends.py_hashes_domain
branch
from
b65099a to
3795f8a
Compare
ronald-cron-arm
removed
the
needs-preceding-pr
|
@minosgalanakis This is ready for re-review (and a prompt re-review would be greatly appreciated). |
github-project-automation
bot
moved this from In Development
to Has Approval
in Roadmap pull requests (new board)
gabor-mezei-arm
added
approved
github-project-automation
bot
moved this from Has Approval
to Done
in Roadmap pull requests (new board)
4 participants
Description
In
depends.pyuse PSA macros for thehashesdomain.Resolve #9144 #10203
Depends on #10145 #9292(merged)PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.