diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 17c235bb17..6ed656bff9 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -82,19 +82,19 @@ component_test_psa_crypto_without_heap() { msg "crypto without heap: build libtestdriver1" # Disable PSA features that cannot be accelerated and whose builtin support # requires calloc/free. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_" + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset-all "^PSA_WANT_ALG_HKDF" + scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_" + scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_" # RSA key support requires ASN1 parse/write support for testing, but ASN1 # is disabled below. - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_" + scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" + scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" # DES requires built-in support for key generation (parity check) so it # cannot be accelerated - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. # This is required to get the proper test coverage otherwise there are # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. @@ -102,7 +102,7 @@ component_test_psa_crypto_without_heap() { scripts/config.py set PSA_WANT_ECC_SECP_R1_192 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). - PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) + PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') helper_libtestdriver1_adjust_config crypto @@ -143,7 +143,7 @@ component_test_psa_crypto_without_heap() { component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" @@ -293,8 +293,7 @@ component_test_crypto_full_md_light_only () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C # Disable indirect dependencies of MD_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -319,17 +318,17 @@ component_test_full_no_cipher () { # on CIPHER_C so we disable them. # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 # so we keep them enabled. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -357,7 +356,7 @@ component_test_full_no_ccm () { # # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause # PSA_WANT_ALG_CCM to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM make @@ -378,17 +377,17 @@ component_test_full_no_ccm_star_no_tag () { # # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 make @@ -434,18 +433,18 @@ component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Disable all curves scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -541,10 +540,10 @@ component_test_psa_crypto_config_ffdh_2048_only () { scripts/config.py full # Disable all DH groups other than 2048. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192 + scripts/config.py unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py unset PSA_WANT_DH_RFC7919_8192 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" @@ -755,7 +754,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Build # ----- @@ -849,7 +848,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Build # ----- @@ -1021,7 +1020,7 @@ config_psa_crypto_no_ecp_at_all () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -1138,12 +1137,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # RSA support is intentionally disabled on this test because RSA_C depends # on BIGNUM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1152,9 +1151,9 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and # PSA sides. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*" fi # Restartable feature is not yet supported by PSA. Once it will in @@ -1391,7 +1390,7 @@ build_and_test_psa_want_key_pair_partial () { # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # crypto_config.h so we just disable the one we don't want. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" + scripts/config.py unset "$disabled_psa_want" make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -1502,9 +1501,9 @@ component_test_new_psa_want_key_pair_symbol () { # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure # that proper translations is done in crypto_legacy.h. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make @@ -1656,8 +1655,7 @@ config_psa_crypto_hmac_use_psa () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HKDF_C # Dependencies of HMAC_DRBG - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } component_test_psa_crypto_config_accel_hmac () { @@ -1714,7 +1712,7 @@ component_test_psa_crypto_config_accel_aead () { helper_libtestdriver1_adjust_config "full" # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG # Build # ----- @@ -1830,14 +1828,14 @@ common_block_cipher_dispatch () { # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". # Keep this also in the reference component in order to skip the same tests # that were skipped in the accelerated one. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 # Disable direct dependency on AES_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1930,7 +1928,7 @@ component_test_full_block_cipher_legacy_dispatch () { component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" @@ -1940,8 +1938,8 @@ component_test_aead_chachapoly_disabled () { component_test_aead_only_ccm () { msg "build: full minus CHACHAPOLY and GCM" scripts/config.py full - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_GCM make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" @@ -2067,10 +2065,10 @@ component_build_aes_variations () { scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_KEY_TYPE_DES build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ @@ -2281,10 +2279,10 @@ config_block_cipher_no_decrypt () { # Enable support for cryptographic mechanisms through the PSA API. # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_KEY_TYPE_DES } component_test_block_cipher_no_decrypt_aesni () { diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index c8b2287d71..b74b30477c 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -50,15 +50,15 @@ component_test_tls1_2_default_stream_cipher_only () { msg "build: default with only stream cipher use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -79,14 +79,14 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { msg "build: default with only CBC-legacy cipher use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -108,14 +108,14 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -361,10 +361,10 @@ component_test_ssl_alloc_buffer_and_mfl () { component_test_when_no_ciphersuites_have_mac () { msg "build: when no ciphersuites have MAC" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER @@ -419,22 +419,22 @@ component_test_tls13_only_psk () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192 + scripts/config.py unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_DH_RFC7919_2048 + scripts/config.py unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py unset PSA_WANT_DH_RFC7919_8192 # Note: The four unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C @@ -471,7 +471,7 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDH # Note: The unset below is to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C @@ -495,10 +495,10 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C @@ -522,11 +522,11 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The three unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C @@ -550,10 +550,10 @@ component_test_tls13_only_psk_all () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh index ba8ab331d2..a20f917ddb 100644 --- a/tests/scripts/components-psasim.sh +++ b/tests/scripts/components-psasim.sh @@ -78,7 +78,7 @@ component_test_suite_with_psasim() msg "build client library" helper_psasim_config client # PAKE functions are still unsupported from PSASIM - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED helper_psasim_build client