mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 07:20:52 +00:00
Merge pull request #9160 from ronald-cron-arm/crypto-config-test_ref_configs-3.6
[Backport 3.6] Partial backport of #9057
This commit is contained in:
commit
baf6775a73
@ -65,13 +65,11 @@
|
||||
#define MBEDTLS_PSA_ITS_FILE_C
|
||||
#define MBEDTLS_RIPEMD160_C
|
||||
#define MBEDTLS_SHA1_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SHA384_C
|
||||
#define MBEDTLS_SHA512_C
|
||||
#define MBEDTLS_SHA3_C
|
||||
//#define MBEDTLS_THREADING_C
|
||||
#define MBEDTLS_TIMING_C
|
||||
#define MBEDTLS_VERSION_C
|
||||
|
@ -2,7 +2,7 @@
|
||||
* \file configs/crypto-config-ccm-aes-sha256.h
|
||||
*
|
||||
* \brief PSA crypto configuration with only symmetric cryptography: CCM-AES,
|
||||
* SHA-256, HMAC and key derivation
|
||||
* SHA-256 and key derivation (uses HMAC).
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
@ -13,12 +13,10 @@
|
||||
#define PSA_CRYPTO_CONFIG_H
|
||||
|
||||
#define PSA_WANT_ALG_CCM 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
||||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC 1
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
||||
|
||||
|
@ -498,7 +498,6 @@
|
||||
* The PSA implementation has its own implementation of HKDF, separate from
|
||||
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
|
||||
*/
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
|
||||
#endif /* PSA_WANT_ALG_HKDF */
|
||||
@ -509,7 +508,6 @@
|
||||
* The PSA implementation has its own implementation of HKDF, separate from
|
||||
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
|
||||
*/
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
|
||||
#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
|
||||
@ -520,7 +518,6 @@
|
||||
* The PSA implementation has its own implementation of HKDF, separate from
|
||||
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
|
||||
*/
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
|
||||
#endif /* PSA_WANT_ALG_HKDF_EXPAND */
|
||||
@ -630,9 +627,6 @@
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
|
||||
#define PSA_HAVE_SOFT_PBKDF2_HMAC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
|
||||
#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
|
||||
#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
|
||||
|
||||
|
@ -22,6 +22,8 @@
|
||||
|
||||
#include "psa/crypto_adjust_config_synonyms.h"
|
||||
|
||||
#include "psa/crypto_adjust_config_dependencies.h"
|
||||
|
||||
#include "mbedtls/config_adjust_psa_superset_legacy.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||
|
43
include/psa/crypto_adjust_config_dependencies.h
Normal file
43
include/psa/crypto_adjust_config_dependencies.h
Normal file
@ -0,0 +1,43 @@
|
||||
/**
|
||||
* \file psa/crypto_adjust_config_dependencies.h
|
||||
* \brief Adjust PSA configuration by resolving some dependencies.
|
||||
*
|
||||
* This is an internal header. Do not include it directly.
|
||||
*
|
||||
* See docs/proposed/psa-conditional-inclusion-c.md.
|
||||
* If the Mbed TLS implementation of a cryptographic mechanism A depends on a
|
||||
* cryptographic mechanism B then if the cryptographic mechanism A is enabled
|
||||
* and not accelerated enable B. Note that if A is enabled and accelerated, it
|
||||
* is not necessary to enable B for A support.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
|
||||
#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
|
||||
|
||||
#if (defined(PSA_WANT_ALG_TLS12_PRF) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \
|
||||
(defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)) || \
|
||||
(defined(PSA_WANT_ALG_HKDF) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)) || \
|
||||
(defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)) || \
|
||||
(defined(PSA_WANT_ALG_HKDF_EXPAND) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)) || \
|
||||
(defined(PSA_WANT_ALG_PBKDF2_HMAC) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC))
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC 1
|
||||
#endif
|
||||
|
||||
#if (defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128))
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define PSA_WANT_ALG_CMAC 1
|
||||
#endif
|
||||
|
||||
#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */
|
@ -1725,6 +1725,7 @@ common_test_full_no_cipher_with_psa_crypto () {
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
|
||||
else
|
||||
@ -4090,6 +4091,7 @@ common_block_cipher_dispatch() {
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
|
||||
# Disable direct dependency on AES_C
|
||||
scripts/config.py unset MBEDTLS_NIST_KW_C
|
||||
@ -5538,9 +5540,11 @@ component_build_psa_config_file () {
|
||||
make clean
|
||||
|
||||
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
|
||||
# In the user config, disable one feature, which will reflect on the
|
||||
# mbedtls configuration so we can query it with query_compile_time_config.
|
||||
# In the user config, disable one feature and its dependencies, which will
|
||||
# reflect on the mbedtls configuration so we can query it with
|
||||
# query_compile_time_config.
|
||||
echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
|
||||
echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h
|
||||
scripts/config.py unset MBEDTLS_CMAC_C
|
||||
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
|
||||
not programs/test/query_compile_time_config MBEDTLS_CMAC_C
|
||||
|
@ -17,32 +17,26 @@ use strict;
|
||||
|
||||
my %configs = (
|
||||
'config-ccm-psk-tls1_2.h' => {
|
||||
'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
|
||||
'test_again_with_use_psa' => 1
|
||||
'compat' => '-m tls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
|
||||
},
|
||||
'config-ccm-psk-dtls1_2.h' => {
|
||||
'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
|
||||
'compat' => '-m dtls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
|
||||
'opt' => ' ',
|
||||
'opt_needs_debug' => 1,
|
||||
'test_again_with_use_psa' => 1
|
||||
},
|
||||
'config-no-entropy.h' => {
|
||||
},
|
||||
'config-suite-b.h' => {
|
||||
'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
|
||||
'test_again_with_use_psa' => 1,
|
||||
'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS",
|
||||
'opt' => ' ',
|
||||
'opt_needs_debug' => 1,
|
||||
},
|
||||
'config-symmetric-only.h' => {
|
||||
'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
|
||||
},
|
||||
'config-tfm.h' => {
|
||||
'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
|
||||
},
|
||||
'config-thread.h' => {
|
||||
'opt' => '-f ECJPAKE.*nolog',
|
||||
'test_again_with_use_psa' => 1,
|
||||
},
|
||||
);
|
||||
|
||||
@ -148,7 +142,10 @@ sub perform_test {
|
||||
}
|
||||
|
||||
foreach my $conf ( @configs_to_test ) {
|
||||
my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'};
|
||||
system("grep '//#define MBEDTLS_USE_PSA_CRYPTO' configs/$conf > /dev/null");
|
||||
die "grep ... configs/$conf: $!" if $? != 0 && $? != 0x100;
|
||||
my $test_with_psa = $? == 0;
|
||||
|
||||
if ( $test_with_psa )
|
||||
{
|
||||
perform_test( $conf, $configs{$conf}, $test_with_psa );
|
||||
|
@ -1818,7 +1818,7 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding)
|
||||
int ret;
|
||||
#endif /* MBEDTLS_RSA_C || MBEDTLS_PK_WRITE_C */
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
mbedtls_ecp_group_id ecp_grp_id;
|
||||
mbedtls_ecp_group_id ecp_grp_id = MBEDTLS_ECP_DP_NONE;
|
||||
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
|
||||
|
||||
/*
|
||||
|
Loading…
x
Reference in New Issue
Block a user