Merge pull request #298 from gilles-peskine-arm/config-symmetric-only
Test a build without any asymmetric cryptography
This commit is contained in:
commit
cb0101ff33
6 changed files with 120 additions and 2 deletions
99
configs/config-symmetric-only.h
Normal file
99
configs/config-symmetric-only.h
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
/**
|
||||||
|
* \file config-symmetric-only.h
|
||||||
|
*
|
||||||
|
* \brief Configuration without any asymmetric cryptography.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2019, ARM Limited, All Rights Reserved
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*
|
||||||
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef MBEDTLS_CONFIG_H
|
||||||
|
#define MBEDTLS_CONFIG_H
|
||||||
|
|
||||||
|
/* System support */
|
||||||
|
//#define MBEDTLS_HAVE_ASM
|
||||||
|
#define MBEDTLS_HAVE_TIME
|
||||||
|
#define MBEDTLS_HAVE_TIME_DATE
|
||||||
|
|
||||||
|
/* Mbed Crypto feature support */
|
||||||
|
#define MBEDTLS_CIPHER_MODE_CBC
|
||||||
|
#define MBEDTLS_CIPHER_MODE_CFB
|
||||||
|
#define MBEDTLS_CIPHER_MODE_CTR
|
||||||
|
#define MBEDTLS_CIPHER_MODE_OFB
|
||||||
|
#define MBEDTLS_CIPHER_MODE_XTS
|
||||||
|
#define MBEDTLS_CIPHER_PADDING_PKCS7
|
||||||
|
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
|
||||||
|
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
|
||||||
|
#define MBEDTLS_CIPHER_PADDING_ZEROS
|
||||||
|
#define MBEDTLS_ERROR_STRERROR_DUMMY
|
||||||
|
#define MBEDTLS_FS_IO
|
||||||
|
#define MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
#define MBEDTLS_SELF_TEST
|
||||||
|
#define MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
#define MBEDTLS_VERSION_FEATURES
|
||||||
|
|
||||||
|
/* Mbed Crypto modules */
|
||||||
|
#define MBEDTLS_AES_C
|
||||||
|
#define MBEDTLS_ARC4_C
|
||||||
|
#define MBEDTLS_ASN1_PARSE_C
|
||||||
|
#define MBEDTLS_ASN1_WRITE_C
|
||||||
|
#define MBEDTLS_BASE64_C
|
||||||
|
#define MBEDTLS_BLOWFISH_C
|
||||||
|
#define MBEDTLS_CAMELLIA_C
|
||||||
|
#define MBEDTLS_ARIA_C
|
||||||
|
#define MBEDTLS_CCM_C
|
||||||
|
#define MBEDTLS_CHACHA20_C
|
||||||
|
#define MBEDTLS_CHACHAPOLY_C
|
||||||
|
#define MBEDTLS_CIPHER_C
|
||||||
|
#define MBEDTLS_CMAC_C
|
||||||
|
#define MBEDTLS_CTR_DRBG_C
|
||||||
|
#define MBEDTLS_DES_C
|
||||||
|
#define MBEDTLS_ENTROPY_C
|
||||||
|
#define MBEDTLS_ERROR_C
|
||||||
|
#define MBEDTLS_GCM_C
|
||||||
|
//#define MBEDTLS_HAVEGE_C
|
||||||
|
#define MBEDTLS_HKDF_C
|
||||||
|
#define MBEDTLS_HMAC_DRBG_C
|
||||||
|
#define MBEDTLS_NIST_KW_C
|
||||||
|
#define MBEDTLS_MD_C
|
||||||
|
#define MBEDTLS_MD2_C
|
||||||
|
#define MBEDTLS_MD4_C
|
||||||
|
#define MBEDTLS_MD5_C
|
||||||
|
#define MBEDTLS_OID_C
|
||||||
|
#define MBEDTLS_PEM_PARSE_C
|
||||||
|
#define MBEDTLS_PEM_WRITE_C
|
||||||
|
#define MBEDTLS_PKCS5_C
|
||||||
|
#define MBEDTLS_PKCS12_C
|
||||||
|
#define MBEDTLS_PLATFORM_C
|
||||||
|
#define MBEDTLS_POLY1305_C
|
||||||
|
#define MBEDTLS_PSA_CRYPTO_C
|
||||||
|
#define MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
|
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
#define MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
#define MBEDTLS_RIPEMD160_C
|
||||||
|
#define MBEDTLS_SHA1_C
|
||||||
|
#define MBEDTLS_SHA256_C
|
||||||
|
#define MBEDTLS_SHA512_C
|
||||||
|
//#define MBEDTLS_THREADING_C
|
||||||
|
#define MBEDTLS_TIMING_C
|
||||||
|
#define MBEDTLS_VERSION_C
|
||||||
|
#define MBEDTLS_XTEA_C
|
||||||
|
|
||||||
|
#include "check_config.h"
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_CONFIG_H */
|
|
@ -230,9 +230,11 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
|
||||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
|
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||||
}
|
default:
|
||||||
|
(void) oid;
|
||||||
|
(void) oid_len;
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
|
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
|
||||||
|
|
|
@ -2006,6 +2006,7 @@ exit:
|
||||||
/* Message digests */
|
/* Message digests */
|
||||||
/****************************************************************/
|
/****************************************************************/
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||||
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
||||||
{
|
{
|
||||||
switch( alg )
|
switch( alg )
|
||||||
|
@ -2046,6 +2047,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
||||||
return( NULL );
|
return( NULL );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
|
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
|
||||||
{
|
{
|
||||||
|
|
|
@ -879,6 +879,8 @@ component_test_se_default () {
|
||||||
|
|
||||||
component_test_se_full () {
|
component_test_se_full () {
|
||||||
msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C"
|
msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C"
|
||||||
|
scripts/config.pl full
|
||||||
|
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||||
scripts/config.pl set MBEDTLS_PSA_CRYPTO_SE_C
|
scripts/config.pl set MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,8 @@ use warnings;
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
my %configs = (
|
my %configs = (
|
||||||
|
'config-symmetric-only.h' => {
|
||||||
|
},
|
||||||
'config-suite-b.h' => {
|
'config-suite-b.h' => {
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
|
@ -48,6 +50,15 @@ sub abort {
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Create a seedfile for configurations that enable MBEDTLS_ENTROPY_NV_SEED.
|
||||||
|
# For test purposes, this doesn't have to be cryptographically random.
|
||||||
|
if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) {
|
||||||
|
local *SEEDFILE;
|
||||||
|
open SEEDFILE, ">tests/seedfile" or die;
|
||||||
|
print SEEDFILE "*" x 64 or die;
|
||||||
|
close SEEDFILE or die;
|
||||||
|
}
|
||||||
|
|
||||||
while( my ($conf, $data) = each %configs ) {
|
while( my ($conf, $data) = each %configs ) {
|
||||||
system( "cp $config_h.bak $config_h" ) and die;
|
system( "cp $config_h.bak $config_h" ) and die;
|
||||||
system( "make clean" ) and die;
|
system( "make clean" ) and die;
|
||||||
|
|
|
@ -899,6 +899,8 @@ static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
|
||||||
"No sanity check for public key type=0x%08lx",
|
"No sanity check for public key type=0x%08lx",
|
||||||
(unsigned long) type );
|
(unsigned long) type );
|
||||||
test_fail( message, __LINE__, __FILE__ );
|
test_fail( message, __LINE__, __FILE__ );
|
||||||
|
(void) p;
|
||||||
|
(void) end;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue