Merge pull request #10297 from ronald-cron-arm/remove-legacy-crypto-options-preparation-1

Remove legacy crypto options preparation-1

tests/scripts/analyze_outcomes.py

@@ -292,15 +292,15 @@ class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference):
     IGNORED_SUITES = [
         # low-level (block/stream) cipher modules
         'aes', 'aria', 'camellia', 'des', 'chacha20',
-        # AEAD modes and CMAC
-        'ccm', 'chachapoly', 'cmac', 'gcm',
+        # AEAD modes, CMAC and POLY1305
+        'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305',
         # The Cipher abstraction layer
         'cipher',
     ]
     IGNORED_TESTS = {
         'test_suite_config': [
             re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
-            re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'),
+            re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'),
             re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
             re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
         ],
@@ -568,6 +568,10 @@ class DriverVSReference_rsa(outcome_analysis.DriverVSReference):
         'pk', 'pkwrite', 'pkparse'
     ]
     IGNORED_TESTS = {
+        'test_suite_bignum.misc': [
+            re.compile(r'.*\bmbedtls_mpi_is_prime.*'),
+            re.compile(r'.*\bmbedtls_mpi_gen_prime.*'),
+        ],
         'test_suite_config': [
             re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
             re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')

tests/scripts/components-configuration-crypto.sh

@@ -1429,6 +1429,7 @@ config_psa_crypto_accel_rsa () {
         scripts/config.py unset MBEDTLS_RSA_C
         scripts/config.py unset MBEDTLS_PKCS1_V15
         scripts/config.py unset MBEDTLS_PKCS1_V21
+        scripts/config.py unset MBEDTLS_GENPRIME
 
         # We need PEM parsing in the test library as well to support the import
         # of PEM encoded RSA keys.
@@ -1817,6 +1818,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
     scripts/config.py unset MBEDTLS_ARIA_C
     scripts/config.py unset MBEDTLS_CHACHA20_C
     scripts/config.py unset MBEDTLS_CAMELLIA_C
+    scripts/config.py unset MBEDTLS_POLY1305_C
 
     # Disable DES, if it still exists.
     # This can be removed once we remove DES from the library.
@@ -1842,6 +1844,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
     not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
     not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
     not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o
+    not grep mbedtls_poly1305 ${BUILTIN_SRC_PATH}/poly1305.o
 
     # Run the tests
     # -------------
@@ -1850,7 +1853,8 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
     make test
 
     msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
-    tests/ssl-opt.sh
+    # Exclude password-protected key tests — they require built-in CBC and AES.
+    tests/ssl-opt.sh -e "TLS: password protected"
 
     msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC"
     tests/compat.sh -V NO -p mbedTLS
@@ -1870,7 +1874,8 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () {
     make test
 
     msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
-    tests/ssl-opt.sh
+    # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac.
+    tests/ssl-opt.sh -e "TLS: password protected"
 
     msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
     tests/compat.sh -V NO -p mbedTLS
@@ -2499,7 +2504,7 @@ component_build_psa_config_file () {
     echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
     make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
     # Make sure this feature is enabled. We'll disable it in the next phase.
-    programs/test/query_compile_time_config MBEDTLS_CMAC_C
+    programs/test/query_compile_time_config PSA_WANT_ALG_CMAC
     make clean
 
     msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
@@ -2510,7 +2515,7 @@ component_build_psa_config_file () {
     echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h
     echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h
     make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
-    not programs/test/query_compile_time_config MBEDTLS_CMAC_C
+    not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC
 
     rm -f psa_test_config.h psa_user_config.h
 }
@@ -2545,3 +2550,18 @@ component_test_min_mpi_window_size () {
     msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
     make test
 }
+
+component_test_xts () {
+    # Component dedicated to run XTS unit test cases while XTS is not
+    # supported through the PSA API.
+    msg "build: Default + MBEDTLS_CIPHER_MODE_XTS"
+
+    echo "#define MBEDTLS_CIPHER_MODE_XTS" > psa_user_config.h
+    cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h"
+    make
+
+    rm -f psa_user_config.h
+
+    msg "test: Default + MBEDTLS_CIPHER_MODE_XTS"
+    make test
+}

tests/scripts/depends.py

@@ -109,6 +109,12 @@ def set_config_option_value(conf, option, colors, value: Union[bool, str]):
 value can be either True/False (set/unset config option), or a string,
 which will make a symbol defined with a certain value."""
     if not option_exists(conf, option):
+        if value is False:
+            log_line(
+                f'Warning, disabling {option} that does not exist in {conf.filename}',
+                color=colors.cyan
+            )
+            return True
         log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red)
         return False