lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Remove: DES selftest, component_test_psa_crypto_config_accel_des and dead DES mentions prior to TF-PSA-Crypto cleanup

Browse Source 
Signed-off-by: Ari Weiler-Ofek <ariwei01@e134794.arm.com>
This commit is contained in:
Ari Weiler-Ofek
2025-07-04 14:43:30 +01:00
parent 2795197ba0
commit 86422e5509
5 changed files with 8 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/compat.sh
View File

@ -599,11 +599,6 @@ setup_arguments()
*) O_SUPPORT_STATIC_ECDH="NO";;
esac
case $($OPENSSL ciphers ALL) in
*DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";;
*) O_SUPPORT_SINGLE_DES="NO";;
esac
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
# supports -dtls1_2 from the s_server help. (The s_client
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2

52
tests/scripts/components-configuration-crypto.sh
View File

@ -1734,53 +1734,6 @@ component_test_psa_crypto_config_reference_hmac () {
make test
}
component_test_psa_crypto_config_accel_des () {
msg "test: accelerated DES"
# Albeit this components aims at accelerating DES which should only support
# CBC and ECB modes, we need to accelerate more than that otherwise DES_C
# would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
KEY_TYPE_DES"
# Note: we cannot accelerate all ciphers' key types otherwise we would also
# have to either disable CCM/GCM or accelerate them, but that's out of scope
# of this component. This limitation will be addressed by #8598.
# Configure
# ---------
# Start from the full config
helper_libtestdriver1_adjust_config "full"
# Disable the things that are being accelerated
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
scripts/config.py unset MBEDTLS_CMAC_C
# Build
# -----
helper_libtestdriver1_make_drivers "$loc_accel_list"
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
# Run the tests
# -------------
msg "test: accelerated DES"
make test
}
component_test_psa_crypto_config_accel_aead () {
msg "test: accelerated AEAD"
@ -1841,7 +1794,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
# Configure
# ---------
@ -1878,7 +1831,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
@ -2168,7 +2120,7 @@ component_build_aes_variations () {
cd "$MBEDTLS_ROOT_DIR"
msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW,
# manually set or unset those configurations to check
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT

6
tests/scripts/components-configuration-tls.sh
View File

@ -63,7 +63,7 @@ component_test_tls1_2_default_stream_cipher_only () {
# Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
# Note: The unset below is to be removed for 4.0
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@ -96,7 +96,7 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () {
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
@ -129,7 +129,7 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC