From aef1ba679d6a9e09aa08912c0a704570141d3cba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 21:05:06 +0200 Subject: [PATCH] Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a1b47f4669..fa41604158 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1554,6 +1554,33 @@ component_build_crypto_full () { are_empty_libraries library/libmbedx509.* library/libmbedtls.* } +component_build_crypto_light () { + msg "build: make, config for PSA crypto service" + scripts/config.py crypto + scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + # Disable things that are not needed for just cryptography, to + # reach a configuration that would be typical for a PSA cryptography + # service providing all implemented PSA algorithms. + # System stuff + scripts/config.py unset MBEDTLS_ERROR_C + scripts/config.py unset MBEDTLS_TIMING_C + scripts/config.py unset MBEDTLS_VERSION_FEATURES_C + # Crypto stuff with no PSA interface + scripts/config.py unset MBEDTLS_BASE64_C + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_PEM_PARSE_C + scripts/config.py unset MBEDTLS_PEM_WRITE_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_PKCS5_C + # MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export, + # but build_info.h will reenable it. + scripts/config.py unset MBEDTLS_PK_WRITE_C + # At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed + # for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408). + make CFLAGS='-O1 -Werror' all test + are_empty_libraries library/libmbedx509.* library/libmbedtls.* +} + component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal