Added minimal TLSv1.3 AES-GCP configuration

Signed-off-by: Nadav Tasher <tashernadav@gmail.com>

configs/config-aes-gcm-tls1_3.h

@@ -0,0 +1,62 @@
+/**
+ * \file config-aes-gcm-tls1_3.h
+ *
+ * \brief Minimal configuration for a TLS 1.3 only client with AES-GCM ciphersuites
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#define TF_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-aes-gcm-tls1_3.h"
+
+/* Crypto support */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/* Mbed TLS modules */
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/* Configuration values for test suite */
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_X509_CREATE_C
+
+/* TLS protocol feature support */
+#define MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+
+/*
+ * Use only AES-GCM ciphersuites, and
+ * save ROM and a few bytes of RAM by specifying our own ciphersuite list
+ */
+#define MBEDTLS_SSL_CIPHERSUITES \
+		MBEDTLS_TLS1_3_AES_128_GCM_SHA256, \
+		MBEDTLS_TLS1_3_AES_256_GCM_SHA384
+
+/*
+ * You should adjust this to the exact number of sources you're using: default
+ * is the "platform_entropy_poll" source, but you may want to add other ones
+ * Minimum is 2 for the entropy test suite.
+ */
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+
+/* Error messages and TLS debugging traces
+ * (huge code size increase, needed for tests/ssl-opt.sh) */
+//#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_ERROR_C
+

configs/crypto-config-aes-gcm-tls1_3.h

@@ -0,0 +1,30 @@
+/**
+ * \file crypto-config-aes-gcm-tls1_3.h
+ *
+ * \brief Minimal crypto configuration for a TLS 1.3 only client with AES-GCM ciphersuites
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * To be used in conjunction with configs/config-aes-gcm-tls1_3.h */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_GCM                        1
+#define PSA_WANT_ALG_ECDH                       1
+#define PSA_WANT_ALG_ECDSA                      1
+#define PSA_WANT_ALG_SHA_256                    1
+#define PSA_WANT_ALG_SHA_384                    1
+#define PSA_WANT_ALG_HKDF_EXPAND                1
+#define PSA_WANT_ALG_HKDF_EXTRACT               1
+#define PSA_WANT_ECC_SECP_R1_256                1
+
+#define PSA_WANT_KEY_TYPE_AES                   1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC    1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+
+#endif /* PSA_CRYPTO_CONFIG_H */

tests/scripts/components-configuration-tls.sh

@@ -683,4 +683,9 @@ component_test_depends_py_kex () {
     tests/scripts/depends.py kex
 }
 
-
+component_test_config_minimal_tls1_3 () {
+    msg "build: configs/config-aes-gcm-tls1_3.h"
+    MBEDTLS_CONFIG="configs/config-aes-gcm-tls1_3.h"
+    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+}