Remove: DES selftest, component_test_psa_crypto_config_accel_des and dead DES mentions prior to TF-PSA-Crypto cleanup
Signed-off-by: Ari Weiler-Ofek <ariwei01@e134794.arm.com>
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 8516f3a..372a84d 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -21,7 +21,6 @@
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#include "mbedtls/sha3.h"
-#include "mbedtls/des.h"
#include "mbedtls/aes.h"
#include "mbedtls/camellia.h"
#include "mbedtls/aria.h"
@@ -296,9 +295,6 @@
defined(PSA_WANT_ALG_SHA3_512)
{ "sha3", mbedtls_sha3_self_test },
#endif
-#if defined(MBEDTLS_DES_C)
- { "des", mbedtls_des_self_test },
-#endif
#if defined(MBEDTLS_AES_C)
{ "aes", mbedtls_aes_self_test },
#endif
@@ -448,7 +444,8 @@
} \
} else { \
mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \
- " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
+ " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \
+ "\n", \
sizeof(TYPE)); \
mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
diff --git a/scripts/config.py b/scripts/config.py
index e5182a6..a61e9f6 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -75,7 +75,7 @@
#pylint: disable=line-too-long
'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency
- 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES
+ 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
diff --git a/tests/compat.sh b/tests/compat.sh
index 975d8dc..a11fffd 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -599,11 +599,6 @@
*) O_SUPPORT_STATIC_ECDH="NO";;
esac
- case $($OPENSSL ciphers ALL) in
- *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";;
- *) O_SUPPORT_SINGLE_DES="NO";;
- esac
-
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
# supports -dtls1_2 from the s_server help. (The s_client
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 9de7597..9820408 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1734,53 +1734,6 @@
make test
}
-component_test_psa_crypto_config_accel_des () {
- msg "test: accelerated DES"
-
- # Albeit this components aims at accelerating DES which should only support
- # CBC and ECB modes, we need to accelerate more than that otherwise DES_C
- # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
- loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
- ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
- KEY_TYPE_DES"
-
- # Note: we cannot accelerate all ciphers' key types otherwise we would also
- # have to either disable CCM/GCM or accelerate them, but that's out of scope
- # of this component. This limitation will be addressed by #8598.
-
- # Configure
- # ---------
-
- # Start from the full config
- helper_libtestdriver1_adjust_config "full"
-
- # Disable the things that are being accelerated
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
- scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
- scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
- scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
- scripts/config.py unset MBEDTLS_DES_C
- scripts/config.py unset MBEDTLS_CMAC_C
-
- # Build
- # -----
-
- helper_libtestdriver1_make_drivers "$loc_accel_list"
-
- helper_libtestdriver1_make_main "$loc_accel_list"
-
- # Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
-
- # Run the tests
- # -------------
-
- msg "test: accelerated DES"
- make test
-}
-
component_test_psa_crypto_config_accel_aead () {
msg "test: accelerated AEAD"
@@ -1841,7 +1794,7 @@
loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
- KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
+ KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
# Configure
# ---------
@@ -1878,7 +1831,6 @@
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
- not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
@@ -2168,7 +2120,7 @@
cd "$MBEDTLS_ROOT_DIR"
msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
- # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
+ # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW,
# manually set or unset those configurations to check
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index 6b3f9c2..ff83157 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -63,7 +63,7 @@
# Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
- # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
# Note: The unset below is to be removed for 4.0
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@@ -96,7 +96,7 @@
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
@@ -129,7 +129,7 @@
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC