Add build with a typical configuration for a PSA crypto service
Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.
This serves as a non-regression test for #6408 and #6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index a1b47f4..fa41604 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1554,6 +1554,33 @@
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
+component_build_crypto_light () {
+ msg "build: make, config for PSA crypto service"
+ scripts/config.py crypto
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ # Disable things that are not needed for just cryptography, to
+ # reach a configuration that would be typical for a PSA cryptography
+ # service providing all implemented PSA algorithms.
+ # System stuff
+ scripts/config.py unset MBEDTLS_ERROR_C
+ scripts/config.py unset MBEDTLS_TIMING_C
+ scripts/config.py unset MBEDTLS_VERSION_FEATURES_C
+ # Crypto stuff with no PSA interface
+ scripts/config.py unset MBEDTLS_BASE64_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ scripts/config.py unset MBEDTLS_PEM_PARSE_C
+ scripts/config.py unset MBEDTLS_PEM_WRITE_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ # MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export,
+ # but build_info.h will reenable it.
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ # At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed
+ # for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408).
+ make CFLAGS='-O1 -Werror' all test
+ are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+}
+
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal