Skip to content

Update the hashes domain to use PSA macros in depends.py #9634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ronald-cron-arm merged 2 commits into from
Jun 13, 2025
Merged

Update the hashes domain to use PSA macros in depends.py #9634

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ef013a6
Use PSA macros for the `hashes` domain
gabor-mezei-arm Sep 24, 2024
3795f8a
Remove temporary component created for SHA3 testing
gabor-mezei-arm Jun 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 0 additions & 13 deletions tests/scripts/components-configuration.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -351,16 +351,3 @@ component_test_memory_buffer_allocator () {
# MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
tests/ssl-opt.sh -e '^DTLS proxy'
}

# Temporary component for SHA3 config option removal
# Will be removed according to this issue:
# https://github.com/Mbed-TLS/mbedtls/issues/10203
component_test_full_no_sha3 () {
msg "build: full config without SHA3"
scripts/config.py full
scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*'
make

msg "test: full - PSA_WANT_ALG_SHA3_*"
make test
}
63 changes: 31 additions & 32 deletions tests/scripts/depends.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,35 +328,35 @@ def test(self, options):
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
'MBEDTLS_RSA_C'],

'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'],
'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'],
'MBEDTLS_SHA1_C' : ['PSA_WANT_ALG_SHA_1'],
'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'PSA_WANT_ALG_SHA_224'],
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
'MBEDTLS_LMS_PRIVATE',
'PSA_WANT_ALG_SHA_256',
'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'],
'MBEDTLS_SHA384_C' : ['PSA_WANT_ALG_SHA_384'],
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
'PSA_WANT_ALG_SHA_512'],
'PSA_WANT_ALG_MD5': ['MBEDTLS_MD5_C'],
'PSA_WANT_ALG_RIPEMD160': ['MBEDTLS_RIPEMD160_C'],
'PSA_WANT_ALG_SHA_1': ['MBEDTLS_SHA1_C'],
'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_SHA224_C'],
'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
'MBEDTLS_LMS_PRIVATE',
'MBEDTLS_SHA256_C',
'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'],
'PSA_WANT_ALG_SHA_384': ['MBEDTLS_SHA384_C'],
'PSA_WANT_ALG_SHA_512': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
'MBEDTLS_SHA512_C'],
'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'],
}

# If an option is tested in an exclusive test, alter the following defines.
# These are not necessarily dependencies, but just minimal required changes
# if a given define is the only one enabled from an exclusive group.
EXCLUSIVE_GROUPS = {
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_TLS_C'],
'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_TLS_C'],
'PSA_WANT_ECC_MONTGOMERY_448': ['-PSA_WANT_ALG_ECDSA',
'-PSA_WANT_ALG_JPAKE',],
'PSA_WANT_ECC_MONTGOMERY_255': ['-PSA_WANT_ALG_ECDSA',
Expand Down Expand Up @@ -503,10 +503,12 @@ def __init__(self, options, conf):
for expr in psa_info.generate_expressions([key_type]))
if symbol in self.all_config_symbols}

# Find hash modules by name.
hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
# Find hash modules by category.
hash_symbols = {symbol
for alg, symbol in algs.items()
if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)}

# Find elliptic curve enabling macros
# Find elliptic curve enabling macros by name.
# MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves
curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|'
r'MBEDTLS_ECP_DP_SECP224K1_ENABLED')
Expand Down Expand Up @@ -540,19 +542,16 @@ def __init__(self, options, conf):
build_and_test),

# Elliptic curves. Run the test suites.
'curves': ExclusiveDomain(curve_symbols, build_and_test,
exclude=r'MBEDTLS_ECP_DP_SECP224K1_ENABLED'),
'curves': ExclusiveDomain(curve_symbols, build_and_test),

# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1,
# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*,
# SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
# across various modules, but it depends on either SHA256 or SHA512.
# As a consequence an "exclusive" test of anything other than SHA256
# or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible.
'hashes': DualDomain(hash_symbols, build_and_test,
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
'|MBEDTLS_SHA224_' \
'|MBEDTLS_SHA384_' \
'|MBEDTLS_SHA3_'),
exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'),

# Key exchange types.
'kex': ExclusiveDomain(key_exchange_symbols, build_and_test),

Expand Down