State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility
Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client
code intended to use key identifiers of type psa_key_id_t.
Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
configuration option is incompatible with
MBEDTLS_USE_PSA_CRYPTO.
State this in config.h and check_config.h.
As a consequence:
. remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from
the full configuration, as MBEDTLS_USE_PSA_CRYPTO is
part of it.
. add a new component in all.sh to keep testing the
library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
is set.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fd979db..1ebb706 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -609,6 +609,11 @@
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
+#endif
+
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2ac2cc6..c930a8f 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1266,7 +1266,7 @@
* which is currently hard-coded to be int32_t.
*
* Note that this option is meant for internal use only and may be removed
- * without notice.
+ * without notice. It is incompatible with PSA_USE_PSA_CRYPTO.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
diff --git a/scripts/config.py b/scripts/config.py
index 6c29981..ae0614a 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -185,6 +185,7 @@
'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config
+ 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 757a9ec..3c27617 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -780,6 +780,18 @@
if_build_succeeded tests/context-info.sh
}
+component_test_psa_crypto_key_id_encodes_owner () {
+ msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
+ make test
+}
+
component_test_zlib_make() {
msg "build: zlib enabled, make"
scripts/config.py set MBEDTLS_ZLIB_SUPPORT