Merge pull request #8641 from valeriosetti/issue8358

G3-G4 wrap-up

ChangeLog.d/8358.txt

@@ -0,0 +1,9 @@
+Features
+   * If a cipher or AEAD mechanism has a PSA driver, you can now build the
+     library without the corresponding built-in implementation. See
+     docs/driver-only-builds.md for full details and current limitations.
+   * It is possible to disable MBEDTLS_CIPHER_C in some circumstances, please
+     see docs/driver-only-builds.md for full details and current limitations.
+   * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
+     disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to
+     MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES.

docs/driver-only-builds.md

@@ -55,7 +55,15 @@ For now, only the following (families of) mechanisms are supported:
 - hashes: SHA-3, SHA-2, SHA-1, MD5, etc.
 - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types.
 - finite-field Diffie-Hellman: FFDH algorithm, DH key types.
-- AEADs: GCM, CCM and ChachaPoly
+- AEADs:
+  - GCM and CCM with AES, ARIA and Camellia key types
+  - ChachaPoly with ChaCha20 Key type
+- Unauthenticated ciphers:
+  - key types: AES, ARIA, Camellia, DES
+  - modes: ECB, CBC, CTR, CFB, OFB, XTS
+
+For each family listed above, all the mentioned alorithms/key types are also
+all the mechanisms that exist in PSA API.
 
 Supported means that when those are provided only by drivers, everything
 (including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should
@@ -63,9 +71,6 @@ work in the same way as if the mechanisms where built-in, except as documented
 in the "Limitations" sub-sections of the sections dedicated to each family
 below.
 
-In the near future (end of 2023), we are planning to also add support for
-ciphers (AES, ARIA, Camellia).
-
 Currently (mid-2023) we don't have plans to extend this to RSA. If
 you're interested in driver-only support for RSA, please let us know.
 
@@ -238,37 +243,151 @@ The same holds for the associated algorithm:
 `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
 removing builtin support (i.e. `MBEDTLS_DHM_C`).
 
-### Limitations
+Ciphers (unauthenticated and AEAD)
-Support for deterministic derivation of a DH keypair
+----------------------------------
-(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported.
 
-AEADs
+It is possible to have all ciphers and AEAD operations provided only by a
------
+driver. More precisely, for each desired combination of key type and
+algorithm/mode you can:
+- Enable desired PSA key type(s):
+  - `PSA_WANT_KEY_TYPE_AES`,
+  - `PSA_WANT_KEY_TYPE_ARIA`,
+  - `PSA_WANT_KEY_TYPE_CAMELLIA`,
+  - `PSA_WANT_KEY_TYPE_CHACHA20`,
+  - `PSA_WANT_KEY_TYPE_DES`.
+- Enable desired PSA algorithm(s):
+  - Unauthenticated ciphers modes:
+    - `PSA_WANT_ALG_CBC_NO_PADDING`,
+    - `PSA_WANT_ALG_CBC_PKCS7`,
+    - `PSA_WANT_ALG_CCM_STAR_NO_TAG`,
+    - `PSA_WANT_ALG_CFB`,
+    - `PSA_WANT_ALG_CTR`,
+    - `PSA_WANT_ALG_ECB_NO_PADDING`,
+    - `PSA_WANT_ALG_OFB`,
+    - `PSA_WANT_ALG_STREAM_CIPHER`.
+  - AEADs:
+    - `PSA_WANT_ALG_CCM`,
+    - `PSA_WANT_ALG_GCM`,
+    - `PSA_WANT_ALG_CHACHA20_POLY1305`.
+- Enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond
+   to the `PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps.
+- Disable builtin support of key types:
+  - `MBEDTLS_AES_C`,
+  - `MBEDTLS_ARIA_C`,
+  - `MBEDTLS_CAMELLIA_C`,
+  - `MBEDTLS_DES_C`,
+  - `MBEDTLS_CHACHA20_C`.
+  and algorithms/modes:
+  - `MBEDTLS_CBC_C`,
+  - `MBEDTLS_CFB_C`,
+  - `MBEDTLS_CTR_C`,
+  - `MBEDTLS_OFB_C`,
+  - `MBEDTLS_XTS_C`,
+  - `MBEDTLS_CCM_C`,
+  - `MBEDTLS_GCM_C`,
+  - `MBEDTLS_CHACHAPOLY_C`,
+  - `MBEDTLS_NULL_CIPHER`.
 
-[This section might contain incomplete data and it is going to be updated in
+Once a key type and related algorithm are accelerated, all the PSA Crypto APIs
-#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.]
+will work, as well as X.509 and TLS (with `MBEDTLS_USE_PSA_CRYPTO` enabled) but
+some non-PSA APIs will be absent or have reduced functionality, see
+[Restrictions](#restrictions) for details.
 
-It is possible to have all AEADs operations provided only by a driver.
+### Restrictions
+
+- If an algorithm other than CCM and GCM (see
+  ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm) below)
+  is enabled but not accelerated, then all key types that can be used with it
+  will need to be built-in.
+- If a key type is enabled but not accelerated, then all algorithms that can be
+  used with it will need to be built-in.
+
+Some legacy modules can't take advantage of PSA drivers yet, and will either
+need to be disabled, or have reduced features when the built-in implementations
+of some ciphers are removed:
+- `MBEDTLS_NIST_KW_C` needs built-in AES: it must be disabled when
+  `MBEDTLS_AES_C` is disabled.
+- `MBEDTLS_CMAC_C` needs built-in AES/DES: it must be disabled when
+  `MBEDTLS_AES_C` and `MBEDTLS_DES_C` are both disabled. When only one of them
+  is enabled, then only the corresponding cipher will be available at runtime
+  for use with `mbedtls_cipher_cmac_xxx`. (Note: if there is driver support for
+  CMAC and all compatible key types, then `PSA_WANT_ALG_CMAC` can be enabled
+  without `MBEDTLS_CMAC_C` and CMAC will be usable with `psa_max_xxx` APIs.)
+- `MBEDTLS_CIPHER_C`: the `mbedtls_cipher_xxx()` APIs will only work with
+  ciphers that are built-in - that is, both the underlying cipher
+  (eg `MBEDTLS_AES_C`) and the mode (eg `MBEDTLS_CIPHER_MODE_CBC` or
+  `MBEDTLS_GCM_C`).
+- `MBEDTLS_PKCS5_C`: encryption/decryption (PBES2, PBE) will only work with
+  ciphers that are built-in.
+- PEM decryption will only work with ciphers that are built-in.
+- PK parse will only be able to parse encrypted keys using built-in ciphers.
+
+Note that if you also disable `MBEDTLS_CIPHER_C`, there will be additional
+restrictions, see [Disabling `MBEDTLS_CIPHER_C`](#disabling-mbedtls_cipher_c).
+
+### Legacy <-> PSA matching
+
+Note that the relationship between legacy (i.e. `MBEDTLS_xxx_C`) and PSA
+(i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example:
+- ECB mode is always enabled in the legacy configuration for each key type that
+  allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled
+  in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`.
+- In the legacy API, `MBEDTLS_CHACHA20_C` enables the ChaCha20 stream cipher, and
+  enabling `MBEDTLS_CHACHAPOLY_C` also enables the ChaCha20-Poly1305 AEAD. In the
+  PSA API, you need to enable `PSA_KEY_TYPE_CHACHA20` for both, plus
+  `PSA_ALG_STREAM_CIPHER` or `PSA_ALG_CHACHA20_POLY1305` as desired.
+- The legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD,
+  whereas in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG`
+  and `PSA_WANT_ALG_CCM`, respectively.
+
+### Partial acceleration for CCM/GCM
+
+[This section depends on #8598 so it might be updated while that PR progresses.]
+
+In case legacy CCM/GCM algorithms are enabled, it is still possible to benefit
+from PSA acceleration of the underlying block cipher by enabling support for
+ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING` + `MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING`)
+together with desired key type(s) (`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` +
+`MBEDTLS_PSA_ACCEL_KEY_TYPE_[AES|ARIA|CAMELLIA]`).
+In such configurations it is possible to:
+- Use CCM and GCM via the PSA Crypto APIs.
+- Use CCM and GCM via legacy functions (`mbedtls_[ccm|gcm]_xxx()`).
+- Disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no
+  other dependency requiring them.
+
+ChaChaPoly has no such feature, so it requires full acceleration (key type +
+algorithm) in order to work with a driver.
+
+### CTR-DRBG
+
+The legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit
+from PSA acceleration if both of the following conditions are met:
+- The legacy AES module (`MBEDTLS_AES_C`) is not enabled and
+- AES is supported on the PSA side together with ECB mode, i.e.
+  `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`.
+
+### Disabling `MBEDTLS_CIPHER_C`
+
+It is possible to save code size by disabling MBEDTLS_CIPHER_C when all of the 
+following conditions are met:
+- The application is not using the `mbedtls_cipher_` API.
+- In PSA, all unauthenticated (that is, non-AEAD) ciphers are either disabled or
+  fully accelerated (that is, all compatible key types are accelerated too).
+- Either TLS is disabled, or `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+- `MBEDTLS_NIST_KW` is disabled.
+- `MBEDTLS_CMAC_C` is disabled. (Note: support for CMAC in PSA can be provided by
+  a driver.)
+
+In such a build, everything will work as usual except for the following:
+- Encryption/decryption functions from the PKCS5 and PKCS12 module will not be
+  available (only key derivation functions).
+- Parsing of PKCS5- or PKCS12-encrypted keys in PK parse will fail.
+
+Note: AEAD ciphers (CCM, GCM, ChachaPoly) do not have a dependency on
+MBEDTLS_CIPHER_C even when using the built-in implementations.
+
+If you also have some ciphers fully accelerated and the built-ins removed, see
+[Restrictions](#restrictions) for restrictions related to removing the built-ins.
 
-More precisely you can:
-- enable desired PSA algorithm(s) and key type(s):
-  - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`
-  - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`;
-- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the
-  `PSA_WANT_xxx` of the previous step (both for algorithms and key types);
-- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C`
-  algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs
-  which are accelerated.
 
-In a build in which all AEADs algorithms and related key types are accelerated
-all AEADs operations requested through the PSA Crypto API (including those in
-TLS and X.509) will be performed by the driver.
-Moreover if no unauthenticated cipher is required, it is also possible to
-disable all built-in block cipher's key types
-(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
-helps in further reducing code's footprint, but unfortunately it makes the
-following modules unavailable:
-- `MBEDTLS_PKCS[5|12]_C`
-- `MBEDTLS_CTR_DRBG_C`
-- `MBEDTLS_NIST_KW_C`
 

include/mbedtls/check_config.h

@@ -281,15 +281,6 @@
 #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS5_C) && \
-    !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
-#endif
-
 /* Helpers for hash dependencies, will be undefined at the end of the file */
 /* Do SHA-256, 384, 512 to cover Entropy and TLS. */
 #if defined(MBEDTLS_SHA256_C) || \

include/mbedtls/mbedtls_config.h

@@ -3084,7 +3084,6 @@
  *
  * Module:  library/pkcs5.c
  *
- * Requires: MBEDTLS_CIPHER_C
  * Auto-enables: MBEDTLS_MD_C
  *
  * \warning If using a hash that is only provided by PSA drivers, you must
@@ -3119,8 +3118,8 @@
  * Module:  library/pkcs12.c
  * Caller:  library/pkparse.c
  *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
+ * Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or
- * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *           MBEDTLS_PSA_CRYPTO_C.
  *
  * \warning If using a hash that is only provided by PSA drivers, you must
  * call psa_crypto_init() before doing any PKCS12 operations.

include/mbedtls/oid.h

@@ -698,7 +698,6 @@ int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
 int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg);
-#endif /* MBEDTLS_CIPHER_C */
 
 #if defined(MBEDTLS_PKCS12_C)
 /**
@@ -714,6 +713,7 @@ int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_
 int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
                                    mbedtls_cipher_type_t *cipher_alg);
 #endif /* MBEDTLS_PKCS12_C */
+#endif /* MBEDTLS_CIPHER_C */
 
 #ifdef __cplusplus
 }

include/mbedtls/pkcs12.h

@@ -38,7 +38,7 @@
 extern "C" {
 #endif
 
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
@@ -145,7 +145,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
 
 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
 
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */
 
 /**
  * \brief            The PKCS#12 derivation function uses a password and a salt

include/mbedtls/pkcs5.h

@@ -38,7 +38,7 @@
 extern "C" {
 #endif
 
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
@@ -130,7 +130,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
 
 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
 
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C*/
 
 /**
  * \brief          PKCS#5 PBKDF2 using HMAC without using the HMAC context

library/oid.c

@@ -866,7 +866,7 @@ static const oid_md_hmac_t oid_md_hmac[] =
 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
 
-#if defined(MBEDTLS_PKCS12_C)
+#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C)
 /*
  * For PKCS#12 PBEs
  */
@@ -904,7 +904,7 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg,
                  md_alg,
                  mbedtls_cipher_type_t,
                  cipher_alg)
-#endif /* MBEDTLS_PKCS12_C */
+#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */
 
 /* Return the x.y.z.... style numeric string for the given OID */
 int mbedtls_oid_get_numeric_string(char *buf, size_t size,

library/pkcs12.c

@@ -17,7 +17,9 @@
 
 #include "mbedtls/pkcs12.h"
 #include "mbedtls/asn1.h"
+#if defined(MBEDTLS_CIPHER_C)
 #include "mbedtls/cipher.h"
+#endif /* MBEDTLS_CIPHER_C */
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 
@@ -29,7 +31,7 @@
 
 #include "psa_util_internal.h"
 
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
 
 static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
                                    mbedtls_asn1_buf *salt, int *iterations)
@@ -238,7 +240,7 @@ exit:
     return ret;
 }
 
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */
 
 static void pkcs12_fill_buffer(unsigned char *data, size_t data_len,
                                const unsigned char *filler, size_t fill_len)

library/pkcs5.c

@@ -24,7 +24,9 @@
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 #include "mbedtls/asn1.h"
+#if defined(MBEDTLS_CIPHER_C)
 #include "mbedtls/cipher.h"
+#endif /* MBEDTLS_CIPHER_C */
 #include "mbedtls/oid.h"
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
@@ -34,7 +36,7 @@
 
 #include "psa_util_internal.h"
 
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
 static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
                                      mbedtls_asn1_buf *salt, int *iterations,
                                      int *keylen, mbedtls_md_type_t *md_type)
@@ -261,7 +263,7 @@ exit:
 
     return ret;
 }
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */
 
 static int pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
                              const unsigned char *password,

library/pkparse.c

@@ -1409,7 +1409,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
     unsigned char *buf;
     unsigned char *p, *end;
     mbedtls_asn1_buf pbe_alg_oid, pbe_params;
-#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) && defined(MBEDTLS_CIPHER_C)
     mbedtls_cipher_type_t cipher_alg;
     mbedtls_md_type_t md_alg;
 #endif
@@ -1457,7 +1457,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
     /*
      * Decrypt EncryptedData with appropriate PBE
      */
-#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) && defined(MBEDTLS_CIPHER_C)
     if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
         if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
                                           cipher_alg, md_alg,
@@ -1471,8 +1471,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
 
         decrypted = 1;
     } else
-#endif /* MBEDTLS_PKCS12_C */
+#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_PADDING_PKCS7 && MBEDTLS_CIPHER_C */
-#if defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#if defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) && defined(MBEDTLS_CIPHER_C)
     if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) {
         if ((ret = mbedtls_pkcs5_pbes2_ext(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
                                            p, len, buf, len, &outlen)) != 0) {
@@ -1485,7 +1485,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
 
         decrypted = 1;
     } else
-#endif /* MBEDTLS_PKCS5_C */
+#endif /* MBEDTLS_PKCS5_C && MBEDTLS_CIPHER_PADDING_PKCS7 && MBEDTLS_CIPHER_C */
     {
         ((void) pwd);
     }

tests/scripts/all.sh

@@ -1546,8 +1546,6 @@ component_test_full_no_cipher () {
     # Disable features that depend on CIPHER_C
     scripts/config.py unset MBEDTLS_CMAC_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
-    scripts/config.py unset MBEDTLS_PKCS12_C
-    scripts/config.py unset MBEDTLS_PKCS5_C
     scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
     scripts/config.py unset MBEDTLS_SSL_TLS_C
     scripts/config.py unset MBEDTLS_SSL_TICKET_C
@@ -1598,15 +1596,10 @@ common_test_full_no_cipher_with_psa_crypto () {
         # Disable cipher modes/keys that make PSA depend on CIPHER_C.
         # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
         scripts/config.py unset-all MBEDTLS_CIPHER_MODE
-        scripts/config.py unset MBEDTLS_DES_C
-        # Dependencies on AES_C
-        scripts/config.py unset MBEDTLS_CTR_DRBG_C
     fi
     # The following modules directly depends on CIPHER_C
     scripts/config.py unset MBEDTLS_CMAC_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
-    scripts/config.py unset MBEDTLS_PKCS12_C
-    scripts/config.py unset MBEDTLS_PKCS5_C
 
     make
 
@@ -3655,13 +3648,20 @@ component_test_psa_crypto_config_reference_hash_use_psa() {
     tests/ssl-opt.sh
 }
 
-component_test_psa_crypto_config_accel_cipher () {
+component_test_psa_crypto_config_accel_des () {
-    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
+    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
 
+    # Albeit this components aims at accelerating DES which should only support
+    # CBC and ECB modes, we need to accelerate more than that otherwise DES_C
+    # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
     loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
                     ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
                     KEY_TYPE_DES"
 
+    # Note: we cannot accelerate all ciphers' key types otherwise we would also
+    # have to either disable CCM/GCM or accelerate them, but that's out of scope
+    # of this component. This limitation will be addressed by #8598.
+
     # Configure
     # ---------
 
@@ -3691,7 +3691,7 @@ component_test_psa_crypto_config_accel_cipher () {
     # Run the tests
     # -------------
 
-    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
+    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
     make test
 }
 
@@ -3741,12 +3741,6 @@ common_psa_crypto_config_accel_cipher_aead() {
     # Start from the full config
     helper_libtestdriver1_adjust_config "full"
 
-    # CIPHER_C is disabled in the accelerated test component so we disable
-    # all the features that depend on it both in the accelerated and in the
-    # reference components.
-    scripts/config.py unset MBEDTLS_PKCS5_C
-    scripts/config.py unset MBEDTLS_PKCS12_C
-
     scripts/config.py unset MBEDTLS_NIST_KW_C
 }
 

tests/suites/test_suite_pkcs12.function

@@ -69,7 +69,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */
 void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
                         data_t *data, int outsize, int ref_ret, data_t *ref_out)
 {
@@ -124,7 +124,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */
 void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
                         data_t *data, int outsize, int ref_ret, data_t *ref_out)
 {

tests/suites/test_suite_pkcs5.function

@@ -27,7 +27,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */
 void pbes2_encrypt(int params_tag, data_t *params_hex, data_t *pw,
                    data_t *data, int outsize, int ref_ret,
                    data_t *ref_out)
@@ -75,7 +75,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */
 void pbes2_decrypt(int params_tag, data_t *params_hex, data_t *pw,
                    data_t *data, int outsize, int ref_ret,
                    data_t *ref_out)