mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-01 10:06:53 +03:00
Use PSA macros for the curves domain
Exclude the SECP224K1 curve due it is unstable via the PSA API. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei
@ -274,21 +274,21 @@ REVERSE_DEPENDENCIES = {
|
||||
'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'],
|
||||
'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'],
|
||||
|
||||
'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'],
|
||||
'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'],
|
||||
'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'],
|
||||
'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'],
|
||||
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'],
|
||||
'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'],
|
||||
'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'],
|
||||
'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256',
|
||||
'PSA_WANT_ALG_JPAKE',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
|
||||
'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'],
|
||||
'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'],
|
||||
'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'],
|
||||
'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'],
|
||||
'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'],
|
||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'],
|
||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'],
|
||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
|
||||
'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
|
||||
'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C',
|
||||
'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_512': ['MBEDTLS_ECP_DP_SECP512R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_K1_224': ['MBEDTLS_ECP_DP_SECP224K1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
|
||||
|
||||
'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
|
||||
@ -362,12 +362,12 @@ REVERSE_DEPENDENCIES = {
|
||||
EXCLUSIVE_GROUPS = {
|
||||
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
|
||||
'-MBEDTLS_SSL_TLS_C'],
|
||||
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
|
||||
'-MBEDTLS_ECDSA_DETERMINISTIC',
|
||||
'-MBEDTLS_ECJPAKE_C',],
|
||||
'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C',
|
||||
'-MBEDTLS_ECDSA_DETERMINISTIC',
|
||||
'-MBEDTLS_ECJPAKE_C'],
|
||||
'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C',
|
||||
'-MBEDTLS_ECDSA_DETERMINISTIC',
|
||||
'-MBEDTLS_ECJPAKE_C',],
|
||||
'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C',
|
||||
'-MBEDTLS_ECDSA_DETERMINISTIC',
|
||||
'-MBEDTLS_ECJPAKE_C'],
|
||||
'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC',
|
||||
'-PSA_WANT_ALG_CCM',
|
||||
'-PSA_WANT_ALG_GCM',
|
||||
@ -512,8 +512,23 @@ class DomainData:
|
||||
|
||||
# Find hash modules by name.
|
||||
hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
|
||||
# Find elliptic curve enabling macros by name.
|
||||
curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z')
|
||||
|
||||
# Find elliptic curve enabling macros
|
||||
# Mapping is needed for PSA_WANT_ECC_SECP_K1_224 because it actually uses 225 bits.
|
||||
key_type_mapping = {('PSA_ECC_FAMILY_SECP_K1', '225'): ('PSA_ECC_FAMILY_SECP_K1', '224')}
|
||||
def get_symbol_from_key_type(key_type_family, bit_size):
|
||||
(family_name, corrected_bit_size) = key_type_mapping.get((key_type_family, bit_size),
|
||||
(key_type_family, bit_size))
|
||||
symbol = psa_information.finish_family_dependency(family_name, corrected_bit_size)
|
||||
return psa_information.psa_want_symbol(symbol)
|
||||
|
||||
curve_symbols = {symbol
|
||||
for symbol in (get_symbol_from_key_type(key_type.family_name, bit_size)
|
||||
for key_type in key_types
|
||||
if key_type.family_name in psa_info.ecc_curves
|
||||
for bit_size in key_type.sizes_to_test())
|
||||
if symbol in self.all_config_symbols}
|
||||
|
||||
# Find key exchange enabling macros by name.
|
||||
key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
|
||||
|
||||
@ -541,8 +556,13 @@ class DomainData:
|
||||
|
||||
'cipher_padding': ExclusiveDomain(cipher_padding_symbols,
|
||||
build_and_test),
|
||||
|
||||
# Elliptic curves. Run the test suites.
|
||||
'curves': ExclusiveDomain(curve_symbols, build_and_test),
|
||||
# The SECP_K1_224 is not stable via the PSA API.
|
||||
# See https://github.com/Mbed-TLS/mbedtls/issues/3541
|
||||
'curves': ExclusiveDomain(curve_symbols,
|
||||
build_and_test,
|
||||
exclude=r'PSA_WANT_ECC_SECP_K1_224'),
|
||||
# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1,
|
||||
# SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
|
||||
# across various modules, but it depends on either SHA256 or SHA512.
|
||||
|
||||
Reference in New Issue
Block a user