Adapt SHA256 dependency in generate_pkcs7_tests.py

scripts/generate_pkcs7_tests.py

@@ -17,6 +17,8 @@
 import sys
 from os.path import exists
 
+from mbedtls_framework import test_case
+
 PKCS7_TEST_FILE = "../suites/test_suite_pkcs7.data"
 
 class Test: # pylint: disable=too-few-public-methods
@@ -37,7 +39,11 @@ class TestData:
     Take in test_suite_pkcs7.data file.
     Allow for new tests to be added.
     """
-    mandatory_dep = "MBEDTLS_MD_CAN_SHA256"
+    # In Mbed TLS 3.6, PKCS7 code belongs to the USE_PSA_CRYPTO domain (see
+    # transition-guards.md for more information) thus use
+    # test_case.hash_dependency_symbol() to get the proper dependency symbol
+    # for SHA256.
+    mandatory_dep = test_case.hash_dependency_symbol("PSA_ALG_SHA_256")
     test_name = "PKCS7 Parse Failure Invalid ASN1"
     test_function = "pkcs7_asn1_fail:"
     def __init__(self, file_name):

scripts/mbedtls_framework/test_case.py

@@ -10,6 +10,8 @@
 import sys
 from typing import Iterable, List, Optional
 
+from . import build_tree
+from . import psa_information
 from . import typing_util
 
 def hex_string(data: bytes) -> str:
@@ -89,3 +91,33 @@ def write_data_file(filename: str,
             tc.write(out)
         out.write('\n# End of automatically generated file.\n')
     os.replace(tempfile, filename)
+
+def hash_dependency_symbol(psa_hash_alg: str) -> str:
+    """Get the dependency symbol for an hash algorithm when the algorithm
+       support is needed by legacy or USE_PSA_CRYPTO domain code.
+
+       The function should be used only for dependencies of legacy or
+       USE_PSA_CRYPTO domain code. Otherwise, just use the PSA_WANT_ prefixed
+       symbols. For more information about the legacy and USE_PSA_CRYPTO domain,
+       as well as MBEDTLS_MD_CAN_ prefixed symbols, see transition-guards.md.
+
+       psa_hash_alg  PSA macro of an hash algorithm (e.g. PSA_ALG_SHA_256)
+
+       If invoked in the context of Mbed TLS 4.x or TF-PSA-Crypto, the function
+       just returns the PSA_WANT_ prefixed symbol that corresponds to
+       psa_hash_alg.
+
+       If invoked in the context of Mbed TLS 3.6, the function returns the
+       MBEDTLS_MD_CAN_ prefixed symbol that corresponds to psa_hash_alg.
+
+    """
+    if not psa_hash_alg.startswith('PSA_ALG_') or \
+       psa_hash_alg[8:] not in ['MD5', 'RIPEMD160', 'SHA_1', 'SHA_224',
+                                'SHA_256', 'SHA_384', 'SHA_512', 'SHA3_224',
+                                'SHA3_256', 'SHA3_384', 'SHA3_512']:
+        raise ValueError('Unable to determine dependency symbol for ' + psa_hash_alg)
+
+    if build_tree.is_mbedtls_3_6():
+        return "MBEDTLS_MD_CAN_" + psa_hash_alg[8:].replace("_", "")
+    else:
+        return psa_information.psa_want_symbol(psa_hash_alg)