From 66111393e4a8b8f4801c42e0e7c337df839ae913 Mon Sep 17 00:00:00 2001
From: Yanray Wang <yanray.wang@arm.com>
Date: Tue, 31 Oct 2023 18:54:54 +0800
Subject: [PATCH] all.sh: modify components to test BLOCK_CIPHER_NO_DECRYPT

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 tests/scripts/all.sh | 97 ++++++++++++++++++--------------------------
 1 file changed, 39 insertions(+), 58 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 2540b5e49..4daae6c41 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4488,25 +4488,19 @@ component_test_aes_fewer_tables_and_rom_tables () {
     make test
 }
 
-component_test_cipher_encrypt_only_aesni () {
-    # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY
-    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+component_test_block_cipher_no_decrypt_aesni () {
+    # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs
+    scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
     scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
     scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
     scripts/config.py unset MBEDTLS_DES_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
 
-    echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h
-
     # test AESNI intrinsics
     scripts/config.py set MBEDTLS_AESNI_C
-    msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics"
+    msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics"
     make clean
-    make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \
-        -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'"
+    make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
 
     # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
     not grep mbedtls_aes_setkey_dec library/aes.o
@@ -4515,18 +4509,17 @@ component_test_cipher_encrypt_only_aesni () {
     # Make sure we don't have mbedtls_internal_aes_decrypt in AES
     not grep mbedtls_internal_aes_decrypt library/aes.o
 
-    msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics"
+    msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics"
     make test
 
-    msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics"
+    msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics"
     programs/test/selftest
 
     # test AESNI assembly
     scripts/config.py set MBEDTLS_AESNI_C
-    msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly"
+    msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly"
     make clean
-    make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \
-        -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'"
+    make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
 
     # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
     not grep mbedtls_aes_setkey_dec library/aes.o
@@ -4535,18 +4528,17 @@ component_test_cipher_encrypt_only_aesni () {
     # Make sure we don't have mbedtls_internal_aes_decrypt in AES
     not grep mbedtls_internal_aes_decrypt library/aes.o
 
-    msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly"
+    msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly"
     make test
 
-    msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly"
+    msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly"
     programs/test/selftest
 
     # test AES C implementation
-    msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation"
+    msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation"
     scripts/config.py unset MBEDTLS_AESNI_C
     make clean
-    make CC=gcc CFLAGS="-Werror -Wall -Wextra \
-        -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'"
+    make CC=gcc CFLAGS='-Werror -Wall -Wextra'
 
     # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
     not grep mbedtls_aes_setkey_dec library/aes.o
@@ -4555,35 +4547,27 @@ component_test_cipher_encrypt_only_aesni () {
     # Make sure we don't have mbedtls_internal_aes_decrypt in AES
     not grep mbedtls_internal_aes_decrypt library/aes.o
 
-    msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation"
+    msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation"
     make test
 
-    msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation"
+    msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation"
     programs/test/selftest
-
-    rm -f psa_cipher_encrypt_only.h
 }
 
-component_test_cipher_encrypt_only_aesni_m32 () {
-    # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY
-    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+component_test_block_cipher_no_decrypt_aesni_m32 () {
+    # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs
+    scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
     scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
     scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
     scripts/config.py unset MBEDTLS_DES_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
 
-    echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h
-
     # test AESNI intrinsics for i386 with VIA PADLOCK
     scripts/config.py set MBEDTLS_AESNI_C
     scripts/config.py set MBEDTLS_PADLOCK_C
-    msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK"
+    msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK"
     make clean
-    make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\
-        -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'"
+    make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes'
 
     # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
     not grep mbedtls_aes_setkey_dec library/aes.o
@@ -4592,19 +4576,18 @@ component_test_cipher_encrypt_only_aesni_m32 () {
     # Make sure we don't have mbedtls_internal_aes_decrypt in AES
     not grep mbedtls_internal_aes_decrypt library/aes.o
 
-    msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK"
+    msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK"
     make test
 
-    msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK"
+    msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK"
     programs/test/selftest
 
     # test AESNI intrinsics for i386 without VIA PADLOCK
     scripts/config.py set MBEDTLS_AESNI_C
     scripts/config.py unset MBEDTLS_PADLOCK_C
-    msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK"
+    msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK"
     make clean
-    make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\
-        -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'"
+    make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes'
 
     # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
     not grep mbedtls_aes_setkey_dec library/aes.o
@@ -4613,21 +4596,19 @@ component_test_cipher_encrypt_only_aesni_m32 () {
     # Make sure we don't have mbedtls_internal_aes_decrypt in AES
     not grep mbedtls_internal_aes_decrypt library/aes.o
 
-    msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK"
+    msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK"
     make test
 
-    msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK"
+    msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK"
     programs/test/selftest
-
-    rm -f psa_cipher_encrypt_only.h
 }
 
-support_test_cipher_encrypt_only_aesce_armcc () {
+support_test_block_cipher_no_decrypt_aesce_armcc () {
     armc6_cc="$ARMC6_BIN_DIR/armclang"
     (check_tools "$armc6_cc" > /dev/null 2>&1)
 }
 
-component_test_cipher_encrypt_only_aesce_armcc () {
+component_test_block_cipher_no_decrypt_aesce_armcc () {
     scripts/config.py baremetal
 
     # armc[56] don't support SHA-512 intrinsics
@@ -4642,23 +4623,25 @@ component_test_cipher_encrypt_only_aesce_armcc () {
     scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
     scripts/config.py set MBEDTLS_HAVE_ASM
 
-    # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY
-    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+    # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs
+    scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
     scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
     scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
     scripts/config.py unset MBEDTLS_DES_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
 
-    echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h
-    echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h
+    # Enable support for cryptographic mechanisms through the PSA API.
+    # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
 
     # test AESCE baremetal build
     scripts/config.py set MBEDTLS_AESCE_C
-    msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESCE"
-    armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \
-        -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'"
+    msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
+    armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
 
     # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
     not grep mbedtls_aes_setkey_dec library/aes.o
@@ -4666,8 +4649,6 @@ component_test_cipher_encrypt_only_aesce_armcc () {
     not grep mbedtls_camellia_setkey_dec library/camellia.o
     # Make sure we don't have mbedtls_internal_aes_decrypt in AES
     not grep mbedtls_internal_aes_decrypt library/aes.o
-
-    rm -f psa_cipher_encrypt_only.h
 }
 
 component_test_ctr_drbg_aes_256_sha_256 () {