Merge pull request #3023 from gilles-peskine-arm/config-crypto

Add crypto-only preset configurations
2020-02-05 11:17:56 +01:00 · 2020-02-05 11:17:56 +01:00 · 5da20cc569
commit 5da20cc569
parent 0330e21043 6bb3915e96
3 changed files with 67 additions and 2 deletions
--- a/scripts/config.py
+++ b/scripts/config.py
@ -232,6 +232,35 @@ def baremetal_adapter(name, active, section):
        return True
    return include_in_full(name) and keep_in_baremetal(name)

+def include_in_crypto(name):
+    """Rules for symbols in a crypto configuration."""
+    if name.startswith('MBEDTLS_X509_') or \
+       name.startswith('MBEDTLS_SSL_') or \
+       name.startswith('MBEDTLS_KEY_EXCHANGE_'):
+        return False
+    if name in [
+            'MBEDTLS_CERTS_C',
+            'MBEDTLS_DEBUG_C',
+            'MBEDTLS_NET_C',
+            'MBEDTLS_PKCS11_C',
+    ]:
+        return False
+    return True
+
+def crypto_adapter(adapter):
+    """Modify an adapter to disable non-crypto symbols.
+
+    ``crypto_adapter(adapter)(name, active, section)`` is like
+    ``adapter(name, active, section)``, but unsets all X.509 and TLS symbols.
+    """
+    def continuation(name, active, section):
+        if not include_in_crypto(name):
+            return False
+        if adapter is None:
+            return active
+        return adapter(name, active, section)
+    return continuation
+
 class ConfigFile(Config):
    """Representation of the Mbed TLS configuration read for a file.

@ -396,6 +425,14 @@ if __name__ == '__main__':
        add_adapter('realfull', realfull_adapter,
                    """Uncomment all boolean #defines.
                    Suitable for generating documentation, but not for building.""")
+        add_adapter('crypto', crypto_adapter(None),
+                    """Only include crypto features. Exclude X.509 and TLS.""")
+        add_adapter('crypto_baremetal', crypto_adapter(baremetal_adapter),
+                    """Like baremetal, but with only crypto features,
+                    excluding X.509 and TLS.""")
+        add_adapter('crypto_full', crypto_adapter(full_adapter),
+                    """Like full, but with only crypto features,
+                    excluding X.509 and TLS.""")

        args = parser.parse_args()
        config = ConfigFile(args.file)