Merge pull request #61 from Mbed-TLS/issue-51

Add a Python utility function to get the 3.6 feature macro
2026-06-05 21:15:09 +00:00 · 2024-11-05 10:49:12 +01:00
parent d68446c9da f93ac3be7c
commit 5560984550
3 changed files with 55 additions and 15 deletions
@@ -14,7 +14,6 @@ import config
 from mbedtls_framework import config_common
 from mbedtls_framework import test_case
 from mbedtls_framework import test_data_generation
-from mbedtls_framework import build_tree


 def single_setting_case(setting: config_common.Setting, when_on: bool,
@@ -88,12 +87,8 @@ def dependencies_of_setting(cfg: config_common.Config,
        if name.startswith('MBEDTLS_CIPHER_PADDING_'):
            return 'MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC'
        if name.startswith('MBEDTLS_PK_PARSE_EC_'):
-            #temporary solution to determine correct dependency macros between 3.6 and 4.0
-            #see issue #51 in mbedtls-framework
-            if build_tree.is_mbedtls_3_6():
-                return 'MBEDTLS_PK_C:MBEDTLS_PK_HAVE_ECC_KEYS'
-            else:
-                return 'MBEDTLS_PK_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY'
+            return 'MBEDTLS_PK_C:' + test_case.psa_or_3_6_feature_macro(
+                'PSA_KEY_TYPE_ECC_PUBLIC_KEY', test_case.Domain36.USE_PSA)

        # For TLS settings, insist on having them once off and once on in
        # a configuration where both client support and server support are
@@ -16,7 +16,7 @@ Given a valid DER pkcs7 file add tests to the test_suite_pkcs7.data file

 import sys
 from os.path import exists
-from mbedtls_framework import build_tree
+from mbedtls_framework import test_case

 PKCS7_TEST_FILE = "../suites/test_suite_pkcs7.data"

@@ -38,12 +38,8 @@ class TestData:
    Take in test_suite_pkcs7.data file.
    Allow for new tests to be added.
    """
-    #temporary solution to determine correct dependency macros between 3.6 and 4.0
-    #see issue #51 in mbedtls-framework
-    if build_tree.is_mbedtls_3_6():
-        mandatory_dep = "MBEDTLS_MD_CAN_SHA256"
-    else:
-        mandatory_dep = "PSA_WANT_ALG_SHA_256"
+    mandatory_dep = test_case.psa_or_3_6_feature_macro("PSA_ALG_SHA_256",
+                                                       test_case.Domain36.USE_PSA)

    test_name = "PKCS7 Parse Failure Invalid ASN1"
    test_function = "pkcs7_asn1_fail:"
@@ -9,13 +9,39 @@ import binascii
 import os
 import sys
 from typing import Iterable, List, Optional
+from enum import Enum

+from . import build_tree
+from . import psa_information
 from . import typing_util

+HASHES_3_6 = {
+    "PSA_ALG_MD5" : "MBEDTLS_MD_CAN_MD5",
+    "PSA_ALG_RIPEMD160" : "MBEDTLS_MD_CAN_RIPEMD160",
+    "PSA_ALG_SHA_1" : "MBEDTLS_MD_CAN_SHA1",
+    "PSA_ALG_SHA_224" : "MBEDTLS_MD_CAN_SHA224",
+    "PSA_ALG_SHA_256" : "MBEDTLS_MD_CAN_SHA256",
+    "PSA_ALG_SHA_384" : "MBEDTLS_MD_CAN_SHA384",
+    "PSA_ALG_SHA_512" : "MBEDTLS_MD_CAN_SHA512",
+    "PSA_ALG_SHA3_224" : "MBEDTLS_MD_CAN_SHA3_224",
+    "PSA_ALG_SHA3_256" : "MBEDTLS_MD_CAN_SHA3_256",
+    "PSA_ALG_SHA3_384" : "MBEDTLS_MD_CAN_SHA3_384",
+    "PSA_ALG_SHA3_512" : "MBEDTLS_MD_CAN_SHA3_512"
+}
+
+PK_MACROS_3_6 = {
+    "PSA_KEY_TYPE_ECC_PUBLIC_KEY" : "MBEDTLS_PK_HAVE_ECC_KEYS"
+}
+
+class Domain36(Enum):
+    PSA = 1
+    TLS_1_3_ONLY = 2
+    USE_PSA = 3
+    LEGACY = 4
+
 def hex_string(data: bytes) -> str:
    return '"' + binascii.hexlify(data).decode('ascii') + '"'

-
 class MissingDescription(Exception):
    pass

@@ -89,3 +115,26 @@ def write_data_file(filename: str,
            tc.write(out)
        out.write('\n# End of automatically generated file.\n')
    os.replace(tempfile, filename)
+
+def psa_or_3_6_feature_macro(psa_name: str,
+                             domain_3_6: Domain36) -> str:
+    """Determine the dependency symbol for a given psa_name based on
+       the domain and Mbed TLS version. For more information about the domains,
+       and MBEDTLS_MD_CAN_ prefixed symbols, see transition-guards.md.
+       This function currently works with hashes and some PK symbols only.
+       It accepts PSA_ALG_xxx or PSA_KEY_TYPE_xxx as inputs for psa_name.
+    """
+
+    if domain_3_6 == Domain36.PSA or domain_3_6 == Domain36.TLS_1_3_ONLY or \
+        not build_tree.is_mbedtls_3_6():
+        if psa_name in PK_MACROS_3_6 or psa_name in HASHES_3_6:
+            return psa_information.psa_want_symbol(psa_name)
+
+    if domain_3_6 == Domain36.USE_PSA:
+        if psa_name in PK_MACROS_3_6:
+            return PK_MACROS_3_6[psa_name]
+
+    if psa_name in HASHES_3_6:
+        return HASHES_3_6[psa_name]
+
+    raise ValueError(f'Unable to determine dependency symbol for {psa_name} in {domain_3_6}')