Use PSA macros for the `curves` domain
Exclude the SECP224K1 curve due it is unstable via the PSA API.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index f7fc60f..2765e72 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -274,21 +274,21 @@
'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'],
'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'],
- 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'],
- 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'],
- 'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'],
- 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'],
- 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'],
- 'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'],
- 'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'],
- 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256',
- 'PSA_WANT_ALG_JPAKE',
- 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
- 'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'],
- 'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'],
- 'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'],
- 'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'],
- 'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'],
+ 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'],
+ 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'],
+ 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
+ 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
+ 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C',
+ 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_512': ['MBEDTLS_ECP_DP_SECP512R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_K1_224': ['MBEDTLS_ECP_DP_SECP224K1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
@@ -362,12 +362,12 @@
EXCLUSIVE_GROUPS = {
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_TLS_C'],
- 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
- '-MBEDTLS_ECDSA_DETERMINISTIC',
- '-MBEDTLS_ECJPAKE_C',],
- 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C',
- '-MBEDTLS_ECDSA_DETERMINISTIC',
- '-MBEDTLS_ECJPAKE_C'],
+ 'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C',
+ '-MBEDTLS_ECDSA_DETERMINISTIC',
+ '-MBEDTLS_ECJPAKE_C',],
+ 'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C',
+ '-MBEDTLS_ECDSA_DETERMINISTIC',
+ '-MBEDTLS_ECJPAKE_C'],
'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC',
'-PSA_WANT_ALG_CCM',
'-PSA_WANT_ALG_GCM',
@@ -512,8 +512,23 @@
# Find hash modules by name.
hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
- # Find elliptic curve enabling macros by name.
- curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z')
+
+ # Find elliptic curve enabling macros
+ # Mapping is needed for PSA_WANT_ECC_SECP_K1_224 because it actually uses 225 bits.
+ key_type_mapping = {('PSA_ECC_FAMILY_SECP_K1', '225'): ('PSA_ECC_FAMILY_SECP_K1', '224')}
+ def get_symbol_from_key_type(key_type_family, bit_size):
+ (family_name, corrected_bit_size) = key_type_mapping.get((key_type_family, bit_size),
+ (key_type_family, bit_size))
+ symbol = psa_information.finish_family_dependency(family_name, corrected_bit_size)
+ return psa_information.psa_want_symbol(symbol)
+
+ curve_symbols = {symbol
+ for symbol in (get_symbol_from_key_type(key_type.family_name, bit_size)
+ for key_type in key_types
+ if key_type.family_name in psa_info.ecc_curves
+ for bit_size in key_type.sizes_to_test())
+ if symbol in self.all_config_symbols}
+
# Find key exchange enabling macros by name.
key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
@@ -541,8 +556,13 @@
'cipher_padding': ExclusiveDomain(cipher_padding_symbols,
build_and_test),
+
# Elliptic curves. Run the test suites.
- 'curves': ExclusiveDomain(curve_symbols, build_and_test),
+ # The SECP_K1_224 is not stable via the PSA API.
+ # See https://github.com/Mbed-TLS/mbedtls/issues/3541
+ 'curves': ExclusiveDomain(curve_symbols,
+ build_and_test,
+ exclude=r'PSA_WANT_ECC_SECP_K1_224'),
# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1,
# SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
# across various modules, but it depends on either SHA256 or SHA512.