Add config.h option MBEDTLS_PK_SINGLE_HASH
No effect for now, just declaring it here, implemented in subsequent commits.
The option requires MBEDTLS_USE_TINYCRYPT and is incompatible with
MBEDTLS_PK_RSA_ALT_SUPPORT and MBEDTLS_RSA_C.
Currently users (including the X.509 and SSL libraries) assume that if both PK
and RSA are enabled, then RSA is available through PK. If we allowed RSA to be
enabled together with PK_SINGLE_TYPE, we'd break that assumption. Going
through the code to find all place that rely on that assumption and fix them
would be cumbersome, and people who want PK_SINGLE_TYPE are unlikely to care
about RSA anyway, so let's just make them incompatible.
This is also consistent with what's done in the MD module: MD_SINGLE_HASH
requires that exactly one hash be enabled.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 977ee9c..bf552c6 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1494,6 +1494,47 @@
if_build_succeeded tests/compat.sh -f 'ECDHE-ECDSA\|ECDHE-PSK\|ECDH-ECDSA'
}
+component_test_hardcoded_pk_type () {
+ msg "build: default config + single PK type harcoded (tinycrypt)"
+ # need to enable tinycrypt first - copied from tinycrypt component
+ scripts/config.pl set MBEDTLS_USE_TINYCRYPT
+ scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
+ scripts/config.pl unset MBEDTLS_ECP_C
+ scripts/config.pl unset MBEDTLS_ECDH_C
+ scripts/config.pl unset MBEDTLS_ECDSA_C
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_BP256R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_BP384R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_BP512R1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ scripts/config.pl unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ # now single-PK specific configs
+ scripts/config.pl set MBEDTLS_PK_SINGLE_TYPE MBEDTLS_PK_INFO_ECKEY
+ scripts/config.pl unset MBEDTLS_PK_RSA_ALT_SUPPORT
+ scripts/config.pl unset MBEDTLS_RSA_C
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ scripts/config.pl unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ make CFLAGS='-Werror -O1'
+
+ msg "test: default config + single PK type harcoded (tinycrypt)"
+ make test
+ if_build_succeeded tests/ssl-opt.sh -f '^Default, DTLS$'
+}
+
component_test_baremetal () {
msg "build: lib+test+programs for baremetal.h + baremetal_test.h"
record_status scripts/baremetal.sh --ram --build-only