Crypto: Update default Mbed Crypto config This patch updates the default Mbed Crypto build configuration to disable modules built by default, in particular MD-2, MD-4, MD-5, RIPEMD-160, DES, Camellia. Regression tests are updated to remove the tests which involve these algorithms. Change-Id: I4dce094271c263024373be3edf9c0daeeafd0daf Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>

commit: a27bfb57ff478e4a489f88afc478f95d9bdf825d [log] [tgz]
author: Antonio de Angelis <antonio.deangelis@arm.com> Fri May 03 15:49:02 2019 +0100
committer: Jamie Fox <jamie.fox@arm.com> Fri May 24 11:02:49 2019 +0100
tree: 2b57f3dfdc747f6e080929b70c8aea75e28ee621
parent: ee774c2e0aee0b835d0020138290d60a8225b82d [diff]
diff --git a/platform/ext/common/tfm_mbedcrypto_config.h b/platform/ext/common/tfm_mbedcrypto_config.h
index ceb4ffc..a63e471 100644
--- a/platform/ext/common/tfm_mbedcrypto_config.h
+++ b/platform/ext/common/tfm_mbedcrypto_config.h

@@ -605,7 +605,7 @@
  *
  * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
  */
-#define MBEDTLS_CIPHER_MODE_XTS
+//#define MBEDTLS_CIPHER_MODE_XTS
 
 /**
  * \def MBEDTLS_CIPHER_NULL_CIPHER
@@ -778,7 +778,7 @@
  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -809,7 +809,7 @@
  *             See dhm.h for more details.
  *
  */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -829,7 +829,7 @@
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -854,7 +854,7 @@
  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -882,7 +882,7 @@
  *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
  *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
  */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@@ -915,7 +915,7 @@
  *             See dhm.h for more details.
  *
  */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -940,7 +940,7 @@
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -964,7 +964,7 @@
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -988,7 +988,7 @@
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -1012,7 +1012,7 @@
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -1252,7 +1252,7 @@
  *
  * Enable the checkup functions (*_self_test).
  */
-#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_SELF_TEST
 
 /**
  * \def MBEDTLS_SHA256_SMALLER
@@ -1282,7 +1282,7 @@
  *
  * Enable sending of all alert messages
  */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+//#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
 
 /**
  * \def MBEDTLS_SSL_ASYNC_PRIVATE
@@ -1327,7 +1327,7 @@
  *
  * Comment this macro to disable support for Encrypt-then-MAC
  */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
 
 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
  *
@@ -1345,7 +1345,7 @@
  *
  * Comment this macro to disable support for Extended Master Secret.
  */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 
 /**
  * \def MBEDTLS_SSL_FALLBACK_SCSV
@@ -1362,7 +1362,7 @@
  *
  * Comment this macro to disable support for FALLBACK_SCSV
  */
-#define MBEDTLS_SSL_FALLBACK_SCSV
+//#define MBEDTLS_SSL_FALLBACK_SCSV
 
 /**
  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -1384,7 +1384,7 @@
  *
  * Comment this macro to disable 1/n-1 record splitting.
  */
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+//#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
 
 /**
  * \def MBEDTLS_SSL_RENEGOTIATION
@@ -1406,7 +1406,7 @@
  *          configuration of this extension).
  *
  */
-#define MBEDTLS_SSL_RENEGOTIATION
+//#define MBEDTLS_SSL_RENEGOTIATION
 
 /**
  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1435,7 +1435,7 @@
  *
  * Comment this macro to disable support for the max_fragment_length extension
  */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 
 /**
  * \def MBEDTLS_SSL_PROTO_SSL3
@@ -1459,7 +1459,7 @@
  *
  * Comment this macro to disable support for TLS 1.0
  */
-#define MBEDTLS_SSL_PROTO_TLS1
+//#define MBEDTLS_SSL_PROTO_TLS1
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_1
@@ -1471,7 +1471,7 @@
  *
  * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
  */
-#define MBEDTLS_SSL_PROTO_TLS1_1
+//#define MBEDTLS_SSL_PROTO_TLS1_1
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_2
@@ -1483,7 +1483,7 @@
  *
  * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
  */
-#define MBEDTLS_SSL_PROTO_TLS1_2
+//#define MBEDTLS_SSL_PROTO_TLS1_2
 
 /**
  * \def MBEDTLS_SSL_PROTO_DTLS
@@ -1498,7 +1498,7 @@
  *
  * Comment this macro to disable support for DTLS
  */
-#define MBEDTLS_SSL_PROTO_DTLS
+//#define MBEDTLS_SSL_PROTO_DTLS
 
 /**
  * \def MBEDTLS_SSL_ALPN
@@ -1507,7 +1507,7 @@
  *
  * Comment this macro to disable support for ALPN.
  */
-#define MBEDTLS_SSL_ALPN
+//#define MBEDTLS_SSL_ALPN
 
 /**
  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1522,7 +1522,7 @@
  *
  * Comment this to disable anti-replay in DTLS.
  */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 
 /**
  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@@ -1540,7 +1540,7 @@
  *
  * Comment this to disable support for HelloVerifyRequest.
  */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 
 /**
  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@@ -1556,7 +1556,7 @@
  *
  * Comment this to disable support for clients reusing the source port.
  */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 
 /**
  * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@@ -1567,7 +1567,7 @@
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 
 /**
  * \def MBEDTLS_SSL_SESSION_TICKETS
@@ -1581,7 +1581,7 @@
  *
  * Comment this macro to disable support for SSL session tickets
  */
-#define MBEDTLS_SSL_SESSION_TICKETS
+//#define MBEDTLS_SSL_SESSION_TICKETS
 
 /**
  * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1591,7 +1591,7 @@
  *
  * Comment this macro to disable support for key export
  */
-#define MBEDTLS_SSL_EXPORT_KEYS
+//#define MBEDTLS_SSL_EXPORT_KEYS
 
 /**
  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@@ -1602,7 +1602,7 @@
  *
  * Comment this macro to disable support for server name indication in SSL
  */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+//#define MBEDTLS_SSL_SERVER_NAME_INDICATION
 
 /**
  * \def MBEDTLS_SSL_TRUNCATED_HMAC
@@ -1611,7 +1611,7 @@
  *
  * Comment this macro to disable support for truncated HMAC in SSL
  */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
+//#define MBEDTLS_SSL_TRUNCATED_HMAC
 
 /**
  * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
@@ -1688,7 +1688,7 @@
  *
  * Comment this to disable run-time checking and save ROM space
  */
-#define MBEDTLS_VERSION_FEATURES
+//#define MBEDTLS_VERSION_FEATURES
 
 /**
  * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1747,7 +1747,7 @@
  *
  * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
 /**
  * \def MBEDTLS_ZLIB_SUPPORT
@@ -1794,7 +1794,7 @@
  *
  * This modules adds support for the AES-NI instructions on x86-64
  */
-#define MBEDTLS_AESNI_C
+//#define MBEDTLS_AESNI_C
 
 /**
  * \def MBEDTLS_AES_C
@@ -1897,7 +1897,7 @@
  *            it, and considering stronger ciphers instead.
  *
  */
-#define MBEDTLS_ARC4_C
+//#define MBEDTLS_ARC4_C
 
 /**
  * \def MBEDTLS_ASN1_PARSE_C
@@ -1963,7 +1963,7 @@
  *
  * Module:  library/blowfish.c
  */
-#define MBEDTLS_BLOWFISH_C
+//#define MBEDTLS_BLOWFISH_C
 
 /**
  * \def MBEDTLS_CAMELLIA_C
@@ -2018,7 +2018,7 @@
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
  */
-#define MBEDTLS_CAMELLIA_C
+//#define MBEDTLS_CAMELLIA_C
 
 /**
  * \def MBEDTLS_ARIA_C
@@ -2096,7 +2096,7 @@
  *
  * This module is used for testing (ssl_client/server).
  */
-#define MBEDTLS_CERTS_C
+//#define MBEDTLS_CERTS_C
 
 /**
  * \def MBEDTLS_CHACHA20_C
@@ -2105,7 +2105,7 @@
  *
  * Module:  library/chacha20.c
  */
-#define MBEDTLS_CHACHA20_C
+//#define MBEDTLS_CHACHA20_C
 
 /**
  * \def MBEDTLS_CHACHAPOLY_C
@@ -2116,7 +2116,7 @@
  *
  * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
  */
-#define MBEDTLS_CHACHAPOLY_C
+//#define MBEDTLS_CHACHAPOLY_C
 
 /**
  * \def MBEDTLS_CIPHER_C
@@ -2171,7 +2171,7 @@
  *
  * This module provides debugging functions.
  */
-#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_DEBUG_C
 
 /**
  * \def MBEDTLS_DES_C
@@ -2200,7 +2200,7 @@
  * \warning   DES is considered a weak cipher and its use constitutes a
  *            security risk. We recommend considering stronger ciphers instead.
  */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
 
 /**
  * \def MBEDTLS_DHM_C
@@ -2221,7 +2221,7 @@
  *             See dhm.h for more details.
  *
  */
-#define MBEDTLS_DHM_C
+//#define MBEDTLS_DHM_C
 
 /**
  * \def MBEDTLS_ECDH_C
@@ -2419,7 +2419,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_MD2_C
+//#define MBEDTLS_MD2_C
 
 /**
  * \def MBEDTLS_MD4_C
@@ -2436,7 +2436,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_MD4_C
+//#define MBEDTLS_MD4_C
 
 /**
  * \def MBEDTLS_MD5_C
@@ -2458,7 +2458,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_MD5_C
+//#define MBEDTLS_MD5_C
 
 /**
  * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
@@ -2530,7 +2530,7 @@
  *
  * This modules adds support for the VIA PadLock on x86.
  */
-#define MBEDTLS_PADLOCK_C
+//#define MBEDTLS_PADLOCK_C
 
 /**
  * \def MBEDTLS_PEM_PARSE_C
@@ -2683,7 +2683,7 @@
  * Module:  library/poly1305.c
  * Caller:  library/chachapoly.c
  */
-#define MBEDTLS_POLY1305_C
+//#define MBEDTLS_POLY1305_C
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_C
@@ -2746,7 +2746,7 @@
  * Caller:  library/md.c
  *
  */
-#define MBEDTLS_RIPEMD160_C
+//#define MBEDTLS_RIPEMD160_C
 
 /**
  * \def MBEDTLS_RSA_C
@@ -2831,7 +2831,7 @@
  *
  * Requires: MBEDTLS_SSL_CACHE_C
  */
-#define MBEDTLS_SSL_CACHE_C
+//#define MBEDTLS_SSL_CACHE_C
 
 /**
  * \def MBEDTLS_SSL_COOKIE_C
@@ -2841,7 +2841,7 @@
  * Module:  library/ssl_cookie.c
  * Caller:
  */
-#define MBEDTLS_SSL_COOKIE_C
+//#define MBEDTLS_SSL_COOKIE_C
 
 /**
  * \def MBEDTLS_SSL_TICKET_C
@@ -2853,7 +2853,7 @@
  *
  * Requires: MBEDTLS_CIPHER_C
  */
-#define MBEDTLS_SSL_TICKET_C
+//#define MBEDTLS_SSL_TICKET_C
 
 /**
  * \def MBEDTLS_SSL_CLI_C
@@ -2867,7 +2867,7 @@
  *
  * This module is required for SSL/TLS client support.
  */
-#define MBEDTLS_SSL_CLI_C
+//#define MBEDTLS_SSL_CLI_C
 
 /**
  * \def MBEDTLS_SSL_SRV_C
@@ -2881,7 +2881,7 @@
  *
  * This module is required for SSL/TLS server support.
  */
-#define MBEDTLS_SSL_SRV_C
+//#define MBEDTLS_SSL_SRV_C
 
 /**
  * \def MBEDTLS_SSL_TLS_C
@@ -2897,7 +2897,7 @@
  *
  * This module is required for SSL/TLS.
  */
-#define MBEDTLS_SSL_TLS_C
+//#define MBEDTLS_SSL_TLS_C
 
 /**
  * \def MBEDTLS_THREADING_C
@@ -2953,7 +2953,7 @@
  *
  * This module provides run-time version information.
  */
-#define MBEDTLS_VERSION_C
+//#define MBEDTLS_VERSION_C
 
 /**
  * \def MBEDTLS_X509_USE_C
@@ -2970,7 +2970,7 @@
  *
  * This module is required for the X.509 parsing modules.
  */
-#define MBEDTLS_X509_USE_C
+//#define MBEDTLS_X509_USE_C
 
 /**
  * \def MBEDTLS_X509_CRT_PARSE_C
@@ -2986,7 +2986,7 @@
  *
  * This module is required for X.509 certificate parsing.
  */
-#define MBEDTLS_X509_CRT_PARSE_C
+//#define MBEDTLS_X509_CRT_PARSE_C
 
 /**
  * \def MBEDTLS_X509_CRL_PARSE_C
@@ -3000,7 +3000,7 @@
  *
  * This module is required for X.509 CRL parsing.
  */
-#define MBEDTLS_X509_CRL_PARSE_C
+//#define MBEDTLS_X509_CRL_PARSE_C
 
 /**
  * \def MBEDTLS_X509_CSR_PARSE_C
@@ -3014,7 +3014,7 @@
  *
  * This module is used for reading X.509 certificate request.
  */
-#define MBEDTLS_X509_CSR_PARSE_C
+//#define MBEDTLS_X509_CSR_PARSE_C
 
 /**
  * \def MBEDTLS_X509_CREATE_C
@@ -3027,7 +3027,7 @@
  *
  * This module is the basis for creating X.509 certificates and CSRs.
  */
-#define MBEDTLS_X509_CREATE_C
+//#define MBEDTLS_X509_CREATE_C
 
 /**
  * \def MBEDTLS_X509_CRT_WRITE_C
@@ -3040,7 +3040,7 @@
  *
  * This module is required for X.509 certificate creation.
  */
-#define MBEDTLS_X509_CRT_WRITE_C
+//#define MBEDTLS_X509_CRT_WRITE_C
 
 /**
  * \def MBEDTLS_X509_CSR_WRITE_C
@@ -3053,7 +3053,7 @@
  *
  * This module is required for X.509 certificate request writing.
  */
-#define MBEDTLS_X509_CSR_WRITE_C
+//#define MBEDTLS_X509_CSR_WRITE_C
 
 /**
  * \def MBEDTLS_XTEA_C
@@ -3063,7 +3063,7 @@
  * Module:  library/xtea.c
  * Caller:
  */
-#define MBEDTLS_XTEA_C
+//#define MBEDTLS_XTEA_C
 
 /* \} name SECTION: mbed TLS modules */
 

diff --git a/test/suites/crypto/crypto_tests_common.c b/test/suites/crypto/crypto_tests_common.c
index c6a1975..b28d394 100644
--- a/test/suites/crypto/crypto_tests_common.c
+++ b/test/suites/crypto/crypto_tests_common.c

@@ -392,10 +392,6 @@
     PSA_ALG_SHA_256,
     PSA_ALG_SHA_384,
     PSA_ALG_SHA_512,
-    PSA_ALG_MD5,
-    PSA_ALG_RIPEMD160,
-    PSA_ALG_MD2,
-    PSA_ALG_MD4
 };
 
 static const uint8_t hash_val[][PSA_HASH_SIZE(PSA_ALG_SHA_512)] = {
@@ -424,15 +420,6 @@
      0x01, 0xA8, 0x3B, 0x58, 0xE7, 0x48, 0x13, 0x1A,
      0x7E, 0xCD, 0xE1, 0xD2, 0x46, 0x10, 0x58, 0x34,
      0x49, 0x14, 0x4B, 0xAA, 0x89, 0xA9, 0xF5, 0xB1},
-    {0x63, 0xFC, 0x11, 0x88, 0xB7, 0x03, 0xDD, 0xD5, /*!< MD-5 */
-     0x36, 0xB9, 0x2F, 0xD6, 0x9E, 0x91, 0x96, 0xF8},
-    {0xF5, 0x8E, 0xB3, 0xCB, 0xE5, 0xF0, 0x3B, 0xC5, /*!< RIPEMD-160 */
-     0x7C, 0x45, 0xE2, 0x49, 0xAA, 0x66, 0xC6, 0x5A,
-     0x47, 0xEA, 0x34, 0x91},
-    {0x7E, 0x28, 0x13, 0xAE, 0x98, 0xBD, 0x38, 0x6C, /*!< MD-2 */
-     0xDC, 0x8C, 0xF8, 0x04, 0xC6, 0x58, 0xA9, 0x69},
-    {0xA0, 0xB9, 0x82, 0x4E, 0xE0, 0x74, 0x4F, 0x1E, /*!< MD-4 */
-     0xA4, 0x7F, 0xA3, 0xDF, 0xD0, 0x0D, 0x97, 0xEB},
 };
 
 void psa_hash_test(const psa_algorithm_t alg,
@@ -496,7 +483,7 @@
      0x0a, 0x92, 0x4d, 0xd3, 0xba, 0x7e, 0xb1, 0x1a,
      0xdb, 0xa2, 0x25, 0xb2, 0x82, 0x8e, 0xdf, 0xbb,
      0x61, 0xbf, 0x91, 0x1d, 0x28, 0x23, 0x4a, 0x04},
-    {0x94, 0x21, 0x9b, 0xc3, 0xd5, 0xed, 0xe6, 0xee,  /*!< SHA-384 */
+    {0x94, 0x21, 0x9b, 0xc3, 0xd5, 0xed, 0xe6, 0xee, /*!< SHA-384 */
      0x42, 0x10, 0x5a, 0x58, 0xa4, 0x4d, 0x67, 0x87,
      0x16, 0xa2, 0xa7, 0x6c, 0x2e, 0xc5, 0x85, 0xb7,
      0x6a, 0x4c, 0x90, 0xb2, 0x73, 0xee, 0x58, 0x3c,
@@ -510,15 +497,6 @@
      0x05, 0x6a, 0xbd, 0x7f, 0x9d, 0xff, 0xaa, 0xf3,
      0x9a, 0x1c, 0xb7, 0xb7, 0xbd, 0x03, 0x61, 0xa3,
      0xa9, 0x6a, 0x5d, 0xb2, 0x81, 0xe1, 0x6f, 0x1f},
-    {0x26, 0xfb, 0x68, 0xd2, 0x28, 0x17, 0xc2, 0x9c, /*!< MD-5 */
-     0xbe, 0xed, 0x95, 0x16, 0x82, 0xb0, 0xd8, 0x99},
-    {0x5c, 0xd9, 0x49, 0xc8, 0x66, 0x7a, 0xfa, 0x79, /*!< RIPEMD-160 */
-     0xa8, 0x88, 0x2e, 0x53, 0xf4, 0xee, 0xc0, 0x2d,
-     0x1e, 0xf0, 0x80, 0x25},
-    {0x0c, 0x8c, 0x8c, 0x16, 0x49, 0x92, 0x76, 0xf1, /*!< MD-2 */
-     0xc4, 0xcc, 0xdc, 0x9f, 0x7c, 0xb2, 0xeb, 0x87},
-    {0x44, 0xdf, 0x1b, 0x97, 0xe9, 0xe8, 0xd3, 0xb0, /*!< MD-4 */
-     0xe8, 0x8d, 0xad, 0xdb, 0x86, 0xab, 0xa6, 0xc6},
 };
 
 static const uint8_t long_key_hmac_val[PSA_HASH_SIZE(PSA_ALG_SHA_1)] = {
@@ -805,8 +783,8 @@
         return;
     }
 
-    /* DES does not support 152-bit keys */
-    status = psa_import_key(key_handle, PSA_KEY_TYPE_DES, data, sizeof(data));
+    /* AES does not support 152-bit keys */
+    status = psa_import_key(key_handle, PSA_KEY_TYPE_AES, data, sizeof(data));
     if (status != PSA_ERROR_INVALID_ARGUMENT) {
         TEST_FAIL("Should not successfully import with an invalid key length");
         return;

diff --git a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
index 568e5d7..4399bc0 100644
--- a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
+++ b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c

@@ -13,9 +13,7 @@
 static void tfm_crypto_test_6001(struct test_result_t *ret);
 static void tfm_crypto_test_6002(struct test_result_t *ret);
 static void tfm_crypto_test_6003(struct test_result_t *ret);
-static void tfm_crypto_test_6004(struct test_result_t *ret);
 static void tfm_crypto_test_6005(struct test_result_t *ret);
-static void tfm_crypto_test_6006(struct test_result_t *ret);
 static void tfm_crypto_test_6007(struct test_result_t *ret);
 static void tfm_crypto_test_6008(struct test_result_t *ret);
 static void tfm_crypto_test_6009(struct test_result_t *ret);
@@ -24,15 +22,10 @@
 static void tfm_crypto_test_6012(struct test_result_t *ret);
 static void tfm_crypto_test_6013(struct test_result_t *ret);
 static void tfm_crypto_test_6014(struct test_result_t *ret);
-static void tfm_crypto_test_6015(struct test_result_t *ret);
-static void tfm_crypto_test_6016(struct test_result_t *ret);
-static void tfm_crypto_test_6017(struct test_result_t *ret);
-static void tfm_crypto_test_6018(struct test_result_t *ret);
 static void tfm_crypto_test_6019(struct test_result_t *ret);
 static void tfm_crypto_test_6020(struct test_result_t *ret);
 static void tfm_crypto_test_6021(struct test_result_t *ret);
 static void tfm_crypto_test_6022(struct test_result_t *ret);
-static void tfm_crypto_test_6023(struct test_result_t *ret);
 static void tfm_crypto_test_6024(struct test_result_t *ret);
 static void tfm_crypto_test_6030(struct test_result_t *ret);
 static void tfm_crypto_test_6031(struct test_result_t *ret);
@@ -46,16 +39,12 @@
      "Non Secure Symmetric encryption (AES-128-CBC) interface", {0} },
     {&tfm_crypto_test_6003, "TFM_CRYPTO_TEST_6003",
      "Non Secure Symmetric encryption (AES-128-CFB) interface", {0} },
-    {&tfm_crypto_test_6004, "TFM_CRYPTO_TEST_6004",
-     "Non Secure Symmetric encryption (DES-128-CBC) interface", {0} },
     {&tfm_crypto_test_6005, "TFM_CRYPTO_TEST_6005",
-     "Non Secure Symmetric encryption (CAMELLIA-128-CTR) interface", {0} },
-    {&tfm_crypto_test_6006, "TFM_CRYPTO_TEST_6006",
-     "Non Secure Symmetric encryption invalid cipher (DES-128-RC4)", {0} },
+     "Non Secure Symmetric encryption (AES-128-CTR) interface", {0} },
     {&tfm_crypto_test_6007, "TFM_CRYPTO_TEST_6007",
      "Non Secure Symmetric encryption invalid cipher (AES-128-GCM)", {0} },
     {&tfm_crypto_test_6008, "TFM_CRYPTO_TEST_6008",
-     "Non Secure Symmetric encryption invalid cipher (DES-152-CBC)", {0} },
+     "Non Secure Symmetric encryption invalid cipher (AES-152-CBC)", {0} },
     {&tfm_crypto_test_6009, "TFM_CRYPTO_TEST_6009",
      "Non Secure Symmetric encryption invalid cipher (HMAC-128-CFB)", {0} },
     {&tfm_crypto_test_6010, "TFM_CRYPTO_TEST_6010",
@@ -68,14 +57,6 @@
      "Non Secure Hash (SHA-384) interface", {0} },
     {&tfm_crypto_test_6014, "TFM_CRYPTO_TEST_6014",
      "Non Secure Hash (SHA-512) interface", {0} },
-    {&tfm_crypto_test_6015, "TFM_CRYPTO_TEST_6015",
-     "Non Secure Hash (MD-5) interface", {0} },
-    {&tfm_crypto_test_6016, "TFM_CRYPTO_TEST_6016",
-     "Non Secure Hash (RIPEMD-160) interface", {0} },
-    {&tfm_crypto_test_6017, "TFM_CRYPTO_TEST_6017",
-     "Non Secure Hash (MD-2) interface", {0} },
-    {&tfm_crypto_test_6018, "TFM_CRYPTO_TEST_6018",
-     "Non Secure Hash (MD-4) interface", {0} },
     {&tfm_crypto_test_6019, "TFM_CRYPTO_TEST_6019",
      "Non Secure HMAC (SHA-1) interface", {0} },
     {&tfm_crypto_test_6020, "TFM_CRYPTO_TEST_6020",
@@ -84,8 +65,6 @@
      "Non Secure HMAC (SHA-384) interface", {0} },
     {&tfm_crypto_test_6022, "TFM_CRYPTO_TEST_6022",
      "Non Secure HMAC (SHA-512) interface", {0} },
-    {&tfm_crypto_test_6023, "TFM_CRYPTO_TEST_6023",
-     "Non Secure HMAC (MD-5) interface", {0} },
     {&tfm_crypto_test_6024, "TFM_CRYPTO_TEST_6024",
      "Non Secure HMAC with long key (SHA-1) interface", {0} },
     {&tfm_crypto_test_6030, "TFM_CRYPTO_TEST_6030",
@@ -130,20 +109,9 @@
     psa_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_CFB, ret);
 }
 
-static void tfm_crypto_test_6004(struct test_result_t *ret)
-{
-    psa_cipher_test(PSA_KEY_TYPE_DES, PSA_ALG_CBC_NO_PADDING, ret);
-}
-
 static void tfm_crypto_test_6005(struct test_result_t *ret)
 {
-    psa_cipher_test(PSA_KEY_TYPE_CAMELLIA, PSA_ALG_CTR, ret);
-}
-
-static void tfm_crypto_test_6006(struct test_result_t *ret)
-{
-    /* Invalid combination: DES keytypes are not usable with a stream cipher */
-    psa_invalid_cipher_test(PSA_KEY_TYPE_DES, PSA_ALG_ARC4, 16, ret);
+    psa_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_CTR, ret);
 }
 
 static void tfm_crypto_test_6007(struct test_result_t *ret)
@@ -188,26 +156,6 @@
     psa_hash_test(PSA_ALG_SHA_512, ret);
 }
 
-static void tfm_crypto_test_6015(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_MD5, ret);
-}
-
-static void tfm_crypto_test_6016(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_RIPEMD160, ret);
-}
-
-static void tfm_crypto_test_6017(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_MD2, ret);
-}
-
-static void tfm_crypto_test_6018(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_MD4, ret);
-}
-
 static void tfm_crypto_test_6019(struct test_result_t *ret)
 {
     psa_mac_test(PSA_ALG_HMAC(PSA_ALG_SHA_1), 0, ret);
@@ -227,12 +175,6 @@
 {
     psa_mac_test(PSA_ALG_HMAC(PSA_ALG_SHA_512), 0, ret);
 }
-
-static void tfm_crypto_test_6023(struct test_result_t *ret)
-{
-    psa_mac_test(PSA_ALG_HMAC(PSA_ALG_MD5), 0, ret);
-}
-
 static void tfm_crypto_test_6024(struct test_result_t *ret)
 {
     psa_mac_test(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1, ret);

diff --git a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
index 5958373..71d8a77 100644
--- a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
+++ b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c

@@ -13,9 +13,7 @@
 static void tfm_crypto_test_5001(struct test_result_t *ret);
 static void tfm_crypto_test_5002(struct test_result_t *ret);
 static void tfm_crypto_test_5003(struct test_result_t *ret);
-static void tfm_crypto_test_5004(struct test_result_t *ret);
 static void tfm_crypto_test_5005(struct test_result_t *ret);
-static void tfm_crypto_test_5006(struct test_result_t *ret);
 static void tfm_crypto_test_5007(struct test_result_t *ret);
 static void tfm_crypto_test_5008(struct test_result_t *ret);
 static void tfm_crypto_test_5009(struct test_result_t *ret);
@@ -24,15 +22,10 @@
 static void tfm_crypto_test_5012(struct test_result_t *ret);
 static void tfm_crypto_test_5013(struct test_result_t *ret);
 static void tfm_crypto_test_5014(struct test_result_t *ret);
-static void tfm_crypto_test_5015(struct test_result_t *ret);
-static void tfm_crypto_test_5016(struct test_result_t *ret);
-static void tfm_crypto_test_5017(struct test_result_t *ret);
-static void tfm_crypto_test_5018(struct test_result_t *ret);
 static void tfm_crypto_test_5019(struct test_result_t *ret);
 static void tfm_crypto_test_5020(struct test_result_t *ret);
 static void tfm_crypto_test_5021(struct test_result_t *ret);
 static void tfm_crypto_test_5022(struct test_result_t *ret);
-static void tfm_crypto_test_5023(struct test_result_t *ret);
 static void tfm_crypto_test_5024(struct test_result_t *ret);
 static void tfm_crypto_test_5030(struct test_result_t *ret);
 static void tfm_crypto_test_5031(struct test_result_t *ret);
@@ -46,16 +39,12 @@
      "Secure Symmetric encryption (AES-128-CBC) interface", {0} },
     {&tfm_crypto_test_5003, "TFM_CRYPTO_TEST_5003",
      "Secure Symmetric encryption (AES-128-CFB) interface", {0} },
-    {&tfm_crypto_test_5004, "TFM_CRYPTO_TEST_5004",
-     "Secure Symmetric encryption (DES-128-CBC) interface", {0} },
     {&tfm_crypto_test_5005, "TFM_CRYPTO_TEST_5005",
-     "Secure Symmetric encryption (CAMELLIA-128-CTR) interface", {0} },
-    {&tfm_crypto_test_5006, "TFM_CRYPTO_TEST_5006",
-     "Secure Symmetric encryption invalid cipher (DES-128-RC4)", {0} },
+     "Secure Symmetric encryption (AES-128-CTR) interface", {0} },
     {&tfm_crypto_test_5007, "TFM_CRYPTO_TEST_5007",
      "Secure Symmetric encryption invalid cipher (AES-128-GCM)", {0} },
     {&tfm_crypto_test_5008, "TFM_CRYPTO_TEST_5008",
-     "Secure Symmetric encryption invalid cipher (DES-152-CBC)", {0} },
+     "Secure Symmetric encryption invalid cipher (AES-152-CBC)", {0} },
     {&tfm_crypto_test_5009, "TFM_CRYPTO_TEST_5009",
      "Secure Symmetric encryption invalid cipher (HMAC-128-CFB)", {0} },
     {&tfm_crypto_test_5010, "TFM_CRYPTO_TEST_5010",
@@ -68,14 +57,6 @@
      "Secure Hash (SHA-384) interface", {0} },
     {&tfm_crypto_test_5014, "TFM_CRYPTO_TEST_5014",
      "Secure Hash (SHA-512) interface", {0} },
-    {&tfm_crypto_test_5015, "TFM_CRYPTO_TEST_5015",
-     "Secure Hash (MD-5) interface", {0} },
-    {&tfm_crypto_test_5016, "TFM_CRYPTO_TEST_5016",
-     "Secure Hash (RIPEMD-160) interface", {0} },
-    {&tfm_crypto_test_5017, "TFM_CRYPTO_TEST_5017",
-     "Secure Hash (MD-2) interface", {0} },
-    {&tfm_crypto_test_5018, "TFM_CRYPTO_TEST_5018",
-     "Secure Hash (MD-4) interface", {0} },
     {&tfm_crypto_test_5019, "TFM_CRYPTO_TEST_5019",
      "Secure HMAC (SHA-1) interface", {0} },
     {&tfm_crypto_test_5020, "TFM_CRYPTO_TEST_5020",
@@ -84,8 +65,6 @@
      "Secure HMAC (SHA-384) interface", {0} },
     {&tfm_crypto_test_5022, "TFM_CRYPTO_TEST_5022",
      "Secure HMAC (SHA-512) interface", {0} },
-    {&tfm_crypto_test_5023, "TFM_CRYPTO_TEST_5023",
-     "Secure HMAC (MD-5) interface", {0} },
     {&tfm_crypto_test_5024, "TFM_CRYPTO_TEST_5024",
      "Secure HMAC with long key (SHA-1) interface", {0} },
     {&tfm_crypto_test_5030, "TFM_CRYPTO_TEST_5030",
@@ -130,20 +109,9 @@
     psa_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_CFB, ret);
 }
 
-static void tfm_crypto_test_5004(struct test_result_t *ret)
-{
-    psa_cipher_test(PSA_KEY_TYPE_DES, PSA_ALG_CBC_NO_PADDING, ret);
-}
-
 static void tfm_crypto_test_5005(struct test_result_t *ret)
 {
-    psa_cipher_test(PSA_KEY_TYPE_CAMELLIA, PSA_ALG_CTR, ret);
-}
-
-static void tfm_crypto_test_5006(struct test_result_t *ret)
-{
-    /* Invalid combination: DES keytypes are not usable with a stream cipher */
-    psa_invalid_cipher_test(PSA_KEY_TYPE_DES, PSA_ALG_ARC4, 16, ret);
+    psa_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_CTR, ret);
 }
 
 static void tfm_crypto_test_5007(struct test_result_t *ret)
@@ -188,26 +156,6 @@
     psa_hash_test(PSA_ALG_SHA_512, ret);
 }
 
-static void tfm_crypto_test_5015(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_MD5, ret);
-}
-
-static void tfm_crypto_test_5016(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_RIPEMD160, ret);
-}
-
-static void tfm_crypto_test_5017(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_MD2, ret);
-}
-
-static void tfm_crypto_test_5018(struct test_result_t *ret)
-{
-    psa_hash_test(PSA_ALG_MD4, ret);
-}
-
 static void tfm_crypto_test_5019(struct test_result_t *ret)
 {
     psa_mac_test(PSA_ALG_HMAC(PSA_ALG_SHA_1), 0, ret);
@@ -228,11 +176,6 @@
     psa_mac_test(PSA_ALG_HMAC(PSA_ALG_SHA_512), 0, ret);
 }
 
-static void tfm_crypto_test_5023(struct test_result_t *ret)
-{
-    psa_mac_test(PSA_ALG_HMAC(PSA_ALG_MD5), 0, ret);
-}
-
 static void tfm_crypto_test_5024(struct test_result_t *ret)
 {
     psa_mac_test(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1, ret);
commit	a27bfb57ff478e4a489f88afc478f95d9bdf825d	[log] [tgz]
author	Antonio de Angelis <antonio.deangelis@arm.com>	Fri May 03 15:49:02 2019 +0100
committer	Jamie Fox <jamie.fox@arm.com>	Fri May 24 11:02:49 2019 +0100
tree	2b57f3dfdc747f6e080929b70c8aea75e28ee621
parent	ee774c2e0aee0b835d0020138290d60a8225b82d [diff]