From c8e4fd3f1a637608501f4422da992b2892a7d216 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 22 Sep 2025 14:09:40 +0100 Subject: [PATCH] Initial removal of DES from mbedtls Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 15 +-------------- tests/scripts/depends.py | 4 ---- tests/scripts/set_psa_test_dependencies.py | 1 - 3 files changed, 1 insertion(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0551e6a404..f5a0afc82c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -90,9 +90,6 @@ component_test_psa_crypto_without_heap() { # is disabled below. scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" - # DES requires built-in support for key generation (parity check) so it - # cannot be accelerated - scripts/config.py unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core scripts/config.py unset PSA_WANT_ALG_JPAKE # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. @@ -330,7 +327,6 @@ component_test_full_no_cipher () { scripts/config.py unset PSA_WANT_ALG_OFB scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1709,10 +1705,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac - # Disable DES, if it still exists. - # This can be removed once we remove DES from the library. - scripts/config.py unset PSA_WANT_KEY_TYPE_DES - # Build # ----- @@ -1749,11 +1741,8 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" common_psa_crypto_config_accel_cipher_aead_cmac - # Disable DES, if it still exists. - # This can be removed once we remove DES from the library. - scripts/config.py unset PSA_WANT_KEY_TYPE_DES - $MAKE_COMMAND + make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" $MAKE_COMMAND test @@ -2016,7 +2005,6 @@ component_build_aes_variations () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_KEY_TYPE_DES build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ @@ -2230,7 +2218,6 @@ config_block_cipher_no_decrypt () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_KEY_TYPE_DES } component_test_block_cipher_no_decrypt_aesni () { diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 10d7028df0..bf401e0675 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -324,10 +324,6 @@ EXCLUSIVE_GROUPS = { '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', '-PSA_WANT_ALG_ECB_NO_PADDING'], - 'PSA_WANT_KEY_TYPE_DES': ['-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], } def handle_exclusive_groups(config_settings, symbol): """For every symbol tested in an exclusive group check if there are other diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 0be8ac5e4e..37152112be 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -53,7 +53,6 @@ CLASSIC_DEPENDENCIES = frozenset([ 'MBEDTLS_CHACHAPOLY_C', 'MBEDTLS_CMAC_C', 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_DES_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECDSA_C', 'MBEDTLS_ECJPAKE_C',