mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
Merge pull request #10367 from davidhorstmann-arm/configuration-crypto-sh-legacy-ecdsa-deterministic
Remove component uses of `MBEDTLS_ECDSA_DETERMINISTIC`
This commit is contained in:
David Horstmann
@@ -82,19 +82,19 @@ component_test_psa_crypto_without_heap() {
|
||||
msg "crypto without heap: build libtestdriver1"
|
||||
# Disable PSA features that cannot be accelerated and whose builtin support
|
||||
# requires calloc/free.
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
scripts/config.py unset-all "^PSA_WANT_ALG_HKDF"
|
||||
scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_"
|
||||
scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_"
|
||||
# RSA key support requires ASN1 parse/write support for testing, but ASN1
|
||||
# is disabled below.
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
|
||||
scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_"
|
||||
scripts/config.py unset-all "^PSA_WANT_ALG_RSA_"
|
||||
# DES requires built-in support for key generation (parity check) so it
|
||||
# cannot be accelerated
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DES
|
||||
# EC-JPAKE use calloc/free in PSA core
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
|
||||
scripts/config.py unset PSA_WANT_ALG_JPAKE
|
||||
# Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto.
|
||||
# This is required to get the proper test coverage otherwise there are
|
||||
# tests in 'test_suite_psa_crypto_op_fail' that would never be executed.
|
||||
@@ -102,7 +102,7 @@ component_test_psa_crypto_without_heap() {
|
||||
scripts/config.py set PSA_WANT_ECC_SECP_R1_192
|
||||
|
||||
# Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
|
||||
PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
|
||||
PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT)
|
||||
loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
|
||||
|
||||
helper_libtestdriver1_adjust_config crypto
|
||||
@@ -143,7 +143,7 @@ component_test_psa_crypto_without_heap() {
|
||||
|
||||
component_test_no_rsa_key_pair_generation () {
|
||||
msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
make
|
||||
|
||||
msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
|
||||
@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
|
||||
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG
|
||||
|
||||
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
@@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG
|
||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
|
||||
@@ -293,8 +293,7 @@ component_test_crypto_full_md_light_only () {
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
# Disable indirect dependencies of MD_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
# Disable things that would auto-enable MD_C
|
||||
scripts/config.py unset MBEDTLS_PKCS5_C
|
||||
|
||||
@@ -319,17 +318,17 @@ component_test_full_no_cipher () {
|
||||
# on CIPHER_C so we disable them.
|
||||
# This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
|
||||
# so we keep them enabled.
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset PSA_WANT_ALG_CFB
|
||||
scripts/config.py unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DES
|
||||
|
||||
# The following modules directly depends on CIPHER_C
|
||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||
@@ -357,7 +356,7 @@ component_test_full_no_ccm () {
|
||||
#
|
||||
# Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause
|
||||
# PSA_WANT_ALG_CCM to be re-enabled.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM
|
||||
|
||||
make
|
||||
|
||||
@@ -378,17 +377,17 @@ component_test_full_no_ccm_star_no_tag () {
|
||||
#
|
||||
# Note: PSA_WANT_ALG_CCM is enabled, but it does not cause
|
||||
# PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py unset PSA_WANT_ALG_CFB
|
||||
scripts/config.py unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
# NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will
|
||||
# mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
|
||||
make
|
||||
|
||||
@@ -434,18 +433,18 @@ component_test_everest_curve25519_only () {
|
||||
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
|
||||
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py set PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
|
||||
scripts/config.py unset PSA_WANT_ALG_JPAKE
|
||||
|
||||
# Disable all curves
|
||||
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
|
||||
scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
|
||||
scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255
|
||||
|
||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
@@ -541,10 +540,10 @@ component_test_psa_crypto_config_ffdh_2048_only () {
|
||||
scripts/config.py full
|
||||
|
||||
# Disable all DH groups other than 2048.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_3072
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_4096
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_6144
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_8192
|
||||
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
@@ -755,7 +754,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
|
||||
# this is not supported by the driver API yet
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
|
||||
# Build
|
||||
# -----
|
||||
@@ -849,7 +848,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
|
||||
# this is not supported by the driver API yet
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
|
||||
# Build
|
||||
# -----
|
||||
@@ -1021,7 +1020,7 @@ config_psa_crypto_no_ecp_at_all () {
|
||||
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
|
||||
# Restartable feature is not yet supported by PSA. Once it will in
|
||||
# the future, the following line could be removed (see issues
|
||||
@@ -1138,12 +1137,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
||||
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
|
||||
# RSA support is intentionally disabled on this test because RSA_C depends
|
||||
# on BIGNUM_C.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
|
||||
scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
|
||||
scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
# Also disable key exchanges that depend on RSA
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
@@ -1152,9 +1151,9 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
||||
if [ "$test_target" = "ECC" ]; then
|
||||
# When testing ECC only, we disable FFDH support, both from builtin and
|
||||
# PSA sides.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
|
||||
scripts/config.py unset PSA_WANT_ALG_FFDH
|
||||
scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
|
||||
scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
|
||||
fi
|
||||
|
||||
# Restartable feature is not yet supported by PSA. Once it will in
|
||||
@@ -1391,7 +1390,7 @@ build_and_test_psa_want_key_pair_partial () {
|
||||
|
||||
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
|
||||
# crypto_config.h so we just disable the one we don't want.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
|
||||
scripts/config.py unset "$disabled_psa_want"
|
||||
|
||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
@@ -1502,9 +1501,9 @@ component_test_new_psa_want_key_pair_symbol () {
|
||||
|
||||
# Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure
|
||||
# that proper translations is done in crypto_legacy.h.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
|
||||
make
|
||||
|
||||
@@ -1656,8 +1655,7 @@ config_psa_crypto_hmac_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_HKDF_C
|
||||
# Dependencies of HMAC_DRBG
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_hmac () {
|
||||
@@ -1714,7 +1712,7 @@ component_test_psa_crypto_config_accel_aead () {
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
|
||||
# Build
|
||||
# -----
|
||||
@@ -1830,14 +1828,14 @@ common_block_cipher_dispatch () {
|
||||
# legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
|
||||
# Keep this also in the reference component in order to skip the same tests
|
||||
# that were skipped in the accelerated one.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
scripts/config.py unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py unset PSA_WANT_ALG_CFB
|
||||
scripts/config.py unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
|
||||
# Disable direct dependency on AES_C
|
||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||
@@ -1930,7 +1928,7 @@ component_test_full_block_cipher_legacy_dispatch () {
|
||||
component_test_aead_chachapoly_disabled () {
|
||||
msg "build: full minus CHACHAPOLY"
|
||||
scripts/config.py full
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full minus CHACHAPOLY"
|
||||
@@ -1940,8 +1938,8 @@ component_test_aead_chachapoly_disabled () {
|
||||
component_test_aead_only_ccm () {
|
||||
msg "build: full minus CHACHAPOLY and GCM"
|
||||
scripts/config.py full
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py unset PSA_WANT_ALG_GCM
|
||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full minus CHACHAPOLY and GCM"
|
||||
@@ -2067,10 +2065,10 @@ component_build_aes_variations () {
|
||||
scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
|
||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DES
|
||||
|
||||
build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
|
||||
"MBEDTLS_AES_ROM_TABLES" \
|
||||
@@ -2281,10 +2279,10 @@ config_block_cipher_no_decrypt () {
|
||||
|
||||
# Enable support for cryptographic mechanisms through the PSA API.
|
||||
# Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DES
|
||||
}
|
||||
|
||||
component_test_block_cipher_no_decrypt_aesni () {
|
||||
|
||||
@@ -50,15 +50,15 @@ component_test_tls1_2_default_stream_cipher_only () {
|
||||
msg "build: default with only stream cipher use psa"
|
||||
|
||||
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
||||
@@ -79,14 +79,14 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () {
|
||||
msg "build: default with only CBC-legacy cipher use psa"
|
||||
|
||||
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Enable CBC-legacy
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
||||
@@ -108,14 +108,14 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
|
||||
msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
|
||||
|
||||
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
#Disable TLS 1.3 (as no AEAD)
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Enable CBC-legacy
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING
|
||||
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
||||
@@ -361,10 +361,10 @@ component_test_ssl_alloc_buffer_and_mfl () {
|
||||
|
||||
component_test_when_no_ciphersuites_have_mac () {
|
||||
msg "build: when no ciphersuites have MAC"
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
|
||||
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
||||
|
||||
@@ -419,22 +419,22 @@ component_test_tls13_only_psk () {
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
scripts/config.py unset PSA_WANT_ALG_FFDH
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
|
||||
scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_2048
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_3072
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_4096
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_6144
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_8192
|
||||
# Note: The four unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
@@ -471,7 +471,7 @@ component_test_tls13_only_ephemeral_ffdh () {
|
||||
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDH
|
||||
# Note: The unset below is to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
|
||||
@@ -495,10 +495,10 @@ component_test_tls13_only_psk_ephemeral () {
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
# Note: The two unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
@@ -522,11 +522,11 @@ component_test_tls13_only_psk_ephemeral_ffdh () {
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
# Note: The three unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
@@ -550,10 +550,10 @@ component_test_tls13_only_psk_all () {
|
||||
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
# Note: The two unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
|
||||
@@ -78,7 +78,7 @@ component_test_suite_with_psasim()
|
||||
msg "build client library"
|
||||
helper_psasim_config client
|
||||
# PAKE functions are still unsupported from PSASIM
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
|
||||
scripts/config.py unset PSA_WANT_ALG_JPAKE
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
helper_psasim_build client
|
||||
|
||||
|
||||
Reference in New Issue
Block a user