Merge pull request #9792 from gabor-mezei-arm/9157_minimal_tf_psa_crypto_config.py
Minimal `config.py` for TF-PSA-Crypto
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c5d19af..1501240 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -413,9 +413,30 @@
#
if(ENABLE_TESTING OR ENABLE_PROGRAMS)
file(GLOB MBEDTLS_TEST_HELPER_FILES
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
set_base_compile_options(mbedtls_test_helpers)
+
+ if(GEN_FILES)
+ add_custom_command(
+ OUTPUT
+ ${MBEDTLS_DIR}/tests/src/test_certs.h
+ WORKING_DIRECTORY
+ ${MBEDTLS_DIR}/tests
+ COMMAND
+ "${MBEDTLS_PYTHON_EXECUTABLE}"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
+ "--output"
+ "${MBEDTLS_DIR}/tests/src/test_certs.h"
+ DEPENDS
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
+ )
+ add_custom_target(mbedtls_test_certs_header
+ DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
+ add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header)
+ endif()
+
target_include_directories(mbedtls_test_helpers
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
index 15aa155..b392a85 100644
--- a/docs/psa-driver-example-and-guide.md
+++ b/docs/psa-driver-example-and-guide.md
@@ -43,7 +43,7 @@
- C header files defining the types required by the driver description. The names of these header files are declared in the driver description file.
- An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled.
-The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/framework/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`.
+The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/framework/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`.
### Process for Entry Points where auto-generation is not implemented
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/timing.h b/include/mbedtls/timing.h
similarity index 100%
rename from tf-psa-crypto/drivers/builtin/include/mbedtls/timing.h
rename to include/mbedtls/timing.h
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index c6ee8eb..a32b4bc 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -30,6 +30,7 @@
ssl_tls13_server.c
ssl_tls13_client.c
ssl_tls13_generic.c
+ timing.c
version.c
version_features.c
)
diff --git a/library/Makefile b/library/Makefile
index 29fd376..b874acf 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -186,7 +186,6 @@
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/timing.o \
# This line is intentionally left blank
THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers
@@ -227,6 +226,7 @@
ssl_tls13_client.o \
ssl_tls13_server.o \
ssl_tls13_generic.o \
+ timing.o \
version.o \
version_features.o \
# This line is intentionally left blank
@@ -389,12 +389,12 @@
GENERATED_WRAPPER_FILES = \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
-$(GENERATED_WRAPPER_FILES): ../scripts/generate_driver_wrappers.py
-$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
-$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
+$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py
+$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
$(GENERATED_WRAPPER_FILES):
echo " Gen $(GENERATED_WRAPPER_FILES)"
- $(PYTHON) ../scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
+ $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8b8f519..ae4fd89 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2452,6 +2452,17 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+const mbedtls_error_pair_t psa_to_ssl_errors[] =
+{
+ { PSA_SUCCESS, 0 },
+ { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED },
+ { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE },
+ { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC },
+ { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA },
+ { PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR },
+ { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL }
+};
+
psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type,
size_t taglen,
psa_algorithm_t *alg,
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 96aad1c..5128a41 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -12,7 +12,6 @@
#include <stdint.h>
#include <string.h>
-#include "mbedtls/hkdf.h"
#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/timing.c b/library/timing.c
similarity index 98%
rename from tf-psa-crypto/drivers/builtin/src/timing.c
rename to library/timing.c
index 58f1c1e..1ed8863 100644
--- a/tf-psa-crypto/drivers/builtin/src/timing.c
+++ b/library/timing.c
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#include "common.h"
+#include "ssl_misc.h"
#if defined(MBEDTLS_TIMING_C)
diff --git a/programs/.gitignore b/programs/.gitignore
index e0c4987..c3e61c1 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -33,12 +33,6 @@
pkey/rsa_sign_pss
pkey/rsa_verify
pkey/rsa_verify_pss
-psa/aead_demo
-psa/crypto_examples
-psa/hmac_demo
-psa/key_ladder_demo
-psa/psa_constant_names
-psa/psa_hash
random/gen_entropy
random/gen_random_ctr_drbg
ssl/dtls_client
@@ -75,7 +69,6 @@
###START_GENERATED_FILES###
# Generated source files
-/psa/psa_constant_names_generated.c
/test/query_config.c
# Generated data files
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index aaf93ba..87b9a1b 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -8,7 +8,7 @@
endif()
add_subdirectory(hash)
add_subdirectory(pkey)
-add_subdirectory(psa)
+add_subdirectory(../tf-psa-crypto/programs/psa ../tf-psa-crypto/programs/psa)
add_subdirectory(random)
add_subdirectory(ssl)
add_subdirectory(test)
diff --git a/programs/Makefile b/programs/Makefile
index 13fb793..0b3025d 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -29,6 +29,9 @@
## be declared by appending with `APPS += ...` afterwards.
## See the get_app_list function in scripts/generate_visualc_files.pl and
## make sure to check that it still works if you tweak the format here.
+##
+## Note: Variables cannot be used to define an apps path. This cannot be
+## substituted by the script generate_visualc_files.pl.
APPS = \
aes/crypt_and_hash \
cipher/cipher_aead_demo \
@@ -55,12 +58,12 @@
pkey/rsa_sign_pss \
pkey/rsa_verify \
pkey/rsa_verify_pss \
- psa/aead_demo \
- psa/crypto_examples \
- psa/hmac_demo \
- psa/key_ladder_demo \
- psa/psa_constant_names \
- psa/psa_hash \
+ ../tf-psa-crypto/programs/psa/aead_demo \
+ ../tf-psa-crypto/programs/psa/crypto_examples \
+ ../tf-psa-crypto/programs/psa/hmac_demo \
+ ../tf-psa-crypto/programs/psa/key_ladder_demo \
+ ../tf-psa-crypto/programs/psa/psa_constant_names \
+ ../tf-psa-crypto/programs/psa/psa_hash \
random/gen_entropy \
random/gen_random_ctr_drbg \
ssl/dtls_client \
@@ -132,13 +135,13 @@
GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
generated_files: $(GENERATED_FILES)
-psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
+../tf-psa-crypto/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
psa/psa_constant_names_generated.c:
echo " Gen $@"
- $(PYTHON) ../scripts/generate_psa_constants.py
+ cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py
test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl
## The generated file only depends on the options that are present in mbedtls_config.h,
@@ -252,29 +255,29 @@
echo " CC pkey/rsa_encrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/aead_demo$(EXEXT): psa/aead_demo.c $(DEP)
+../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
echo " CC psa/aead_demo.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
+../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP)
echo " CC psa/crypto_examples.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/hmac_demo$(EXEXT): psa/hmac_demo.c $(DEP)
+../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP)
echo " CC psa/hmac_demo.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/key_ladder_demo$(EXEXT): psa/key_ladder_demo.c $(DEP)
+../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP)
echo " CC psa/key_ladder_demo.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c psa/psa_constant_names_generated.c $(DEP)
+../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c psa/psa_constant_names_generated.c $(DEP)
echo " CC psa/psa_constant_names.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP)
+../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP)
echo " CC psa/psa_hash.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
echo " CC random/gen_entropy.c"
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index baa5ad9..57cfeee 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -28,7 +28,10 @@
foreach(exe IN LISTS executables_no_common_c executables_with_common_c)
- set(exe_sources ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+ set(exe_sources
+ ${exe}.c
+ $<TARGET_OBJECTS:mbedtls_test_helpers>
+ $<TARGET_OBJECTS:tf_psa_crypto_test>)
if(NOT FUZZINGENGINE_LIB)
list(APPEND exe_sources onefile.c)
endif()
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index da7d262..99999c7 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -22,11 +22,9 @@
}
#else
-#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 5ccb063..d01aa88 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -12,7 +12,6 @@
#if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index a460b18..d34cbe1 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -24,9 +24,7 @@
}
#else
-#include "mbedtls/error.h"
#include "mbedtls/pk.h"
-#include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 025f69c..3dbfde0 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -12,7 +12,6 @@
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 9ada67d..a3a7c1b 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -12,7 +12,6 @@
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index b8f06c4..c1640d6 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -25,7 +25,6 @@
}
#else
-#include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/pk.h"
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 063abd7..7b88cab 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -23,7 +23,6 @@
}
#else
-#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include <stdio.h>
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 23faf71..513c866 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -38,7 +38,10 @@
${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h
${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c)
endif()
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>
+ add_executable(${exe}
+ ${exe}.c
+ $<TARGET_OBJECTS:mbedtls_test_helpers>
+ $<TARGET_OBJECTS:tf_psa_crypto_test>
${extra_sources})
set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
@@ -54,7 +57,10 @@
endforeach()
if(THREADS_FOUND)
- add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+ add_executable(ssl_pthread_server
+ ssl_pthread_server.c
+ $<TARGET_OBJECTS:mbedtls_test_helpers>
+ $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(ssl_pthread_server)
target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 99dcd4a..285da13 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -4,6 +4,7 @@
set(executables_libs
metatest
+ query_compile_time_config
query_included_headers
selftest
udp_proxy
@@ -13,7 +14,6 @@
set(executables_mbedcrypto
benchmark
- query_compile_time_config
zeroize
)
add_dependencies(${programs_target} ${executables_mbedcrypto})
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 36ac022..c878e34 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -46,7 +46,7 @@
#include "mbedtls/ecdsa.h"
#include "mbedtls/ecdh.h"
-#include "mbedtls/error.h"
+#include "mbedtls/error_common.h"
/* *INDENT-OFF* */
#ifndef asm
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index 1c91461..c3ee348 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -20,6 +20,8 @@
endforeach()
target_link_libraries(cert_app ${mbedtls_target})
+# For mbedtls_timing_get_timer()
+target_link_libraries(load_roots ${mbedtls_target})
install(TARGETS ${executables}
DESTINATION "bin"
diff --git a/scripts/config.pl b/scripts/config.pl
deleted file mode 100755
index ca02b90..0000000
--- a/scripts/config.pl
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env perl
-# Backward compatibility redirection
-
-## Copyright The Mbed TLS Contributors
-## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-##
-
-my $py = $0;
-$py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script";
-exec 'python3', $py, @ARGV;
-print STDERR "$0: python3: $!. Trying python instead.\n";
-exec 'python', $py, @ARGV;
-print STDERR "$0: python: $!\n";
-exit 127;
diff --git a/scripts/config.py b/scripts/config.py
index 1027f2c..db2bc57 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -220,6 +220,7 @@
'MBEDTLS_DEBUG_C', # part of libmbedtls
'MBEDTLS_NET_C', # part of libmbedtls
'MBEDTLS_PKCS7_C', # part of libmbedx509
+ 'MBEDTLS_TIMING_C', # part of libmbedtls
'MBEDTLS_ERROR_C', # part of libmbedx509
'MBEDTLS_ERROR_STRERROR_DUMMY', # part of libmbedx509
]:
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 76a6c32..d0fcb7d 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -21,7 +21,9 @@
my $vsx_sln_tpl_file = "scripts/data_files/vs2017-sln-template.sln";
my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
-my $programs_dir = 'programs';
+my $mbedtls_programs_dir = "programs";
+my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs";
+
my $mbedtls_header_dir = 'include/mbedtls';
my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
my $psa_header_dir = 'tf-psa-crypto/include/psa';
@@ -122,7 +124,8 @@
&& -d $test_header_dir
&& -d $tls_test_header_dir
&& -d $test_drivers_header_dir
- && -d $programs_dir;
+ && -d $mbedtls_programs_dir
+ && -d $tfpsacrypto_programs_dir;
}
sub slurp_file {
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 4612cc2..fb4a225 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -9,7 +9,7 @@
@rem @@@@ library\** @@@@
@rem psa_crypto_driver_wrappers.h needs to be generated prior to
@rem generate_visualc_files.pl being invoked.
-python scripts\generate_driver_wrappers.py || exit /b 1
+python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
@@ -19,7 +19,9 @@
perl scripts\generate_visualc_files.pl || exit /b 1
@rem @@@@ programs\** @@@@
+cd tf-psa-crypto
python scripts\generate_psa_constants.py || exit /b 1
+cd ..
@rem @@@@ tests\** @@@@
python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat
deleted file mode 100644
index 2bc6a51..0000000
--- a/scripts/windows_msbuild.bat
+++ /dev/null
@@ -1,20 +0,0 @@
-@rem Build and test Mbed TLS with Visual Studio using msbuild.
-@rem Usage: windows_msbuild [RETARGET]
-@rem RETARGET: version of Visual Studio to emulate
-@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset
-
-@rem These parameters are hard-coded for now.
-set "arch=x64" & @rem "x86" or "x64"
-set "cfg=Release" & @rem "Debug" or "Release"
-set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat"
-
-if not "%~1"=="" set "retarget=,PlatformToolset=%1"
-
-@rem If the %USERPROFILE%\Source directory exists, then running
-@rem vcvarsall.bat will silently change the directory to that directory.
-@rem Setting the VSCMD_START_DIR environment variable causes it to change
-@rem to that directory instead.
-set "VSCMD_START_DIR=%~dp0\..\visualc\VS2017"
-
-"%vcvarsall%" x64 && ^
-msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln
diff --git a/tests/Makefile b/tests/Makefile
index c141abf..69285b6 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -310,7 +310,6 @@
define libtestdriver1_rewrite :=
s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \
- s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_legacy_crypto.h!$${1}libtestdriver1/include/mbedtls/config_adjust_legacy_crypto.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \
@@ -333,10 +332,11 @@
cp -Rf ../framework ./libtestdriver1
cp -Rf ../library ./libtestdriver1
cp -Rf ../include ./libtestdriver1
+ cp -Rf ../scripts ./libtestdriver1
cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto
cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto
cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers
- cp -Rf ../scripts ./libtestdriver1
+ cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto
# Set the test driver base (minimal) configuration.
cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
deleted file mode 100644
index e4c49fa..0000000
--- a/tests/docker/bionic/Dockerfile
+++ /dev/null
@@ -1,158 +0,0 @@
-# Dockerfile
-#
-# Purpose
-# -------
-# Defines a Docker container suitable to build and run all tests (all.sh),
-# except for those that use a proprietary toolchain.
-#
-# WARNING: this Dockerfile is no longer maintained! See
-# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
-# for the set of Docker images we use on the CI.
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-ARG MAKEFLAGS_PARALLEL=""
-ARG MY_REGISTRY=
-
-FROM ${MY_REGISTRY}ubuntu:bionic
-
-
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update \
- && apt-get -y install software-properties-common \
- && rm -rf /var/lib/apt/lists
-
-RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
-
-RUN apt-get update \
- && apt-get -y install \
- # mbedtls build/test dependencies
- build-essential \
- clang \
- cmake \
- doxygen \
- gcc-arm-none-eabi \
- gcc-mingw-w64-i686 \
- gcc-multilib \
- g++-multilib \
- gdb \
- git \
- graphviz \
- lsof \
- python \
- python3-pip \
- python3 \
- pylint3 \
- valgrind \
- wget \
- # libnettle build dependencies
- libgmp-dev \
- m4 \
- pkg-config \
- && rm -rf /var/lib/apt/lists/*
-
-# Jinja2 is required for driver dispatch code generation.
-RUN python3 -m pip install \
- jinja2==2.10.1 types-jinja2
-
-# Build a static, legacy openssl from sources with sslv3 enabled
-# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
-# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
-RUN cd /tmp \
- && wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \
- && cd openssl-1.0.1j \
- && ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \
- && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
- && make install_sw \
- && rm -rf /tmp/openssl*
-ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl
-
-# Build OPENSSL as 1.0.2g
-RUN cd /tmp \
- && wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \
- && cd openssl-1.0.2g \
- && ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \
- && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
- && make install_sw \
- && rm -rf /tmp/openssl*
-ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl
-
-# Build a new openssl binary for ARIA/CHACHA20 support
-# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
-RUN cd /tmp \
- && wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \
- && cd openssl-1.1.1a \
- && ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install_sw \
- && rm -rf /tmp/openssl*
-ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl
-
-# Build libnettle 2.7.1 (needed by legacy gnutls)
-RUN cd /tmp \
- && wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \
- && cd nettle-2.7.1 \
- && ./configure --disable-documentation \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install \
- && /sbin/ldconfig \
- && rm -rf /tmp/nettle*
-
-# Build legacy gnutls (3.3.8)
-RUN cd /tmp \
- && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \
- && cd gnutls-3.3.8 \
- && ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install \
- && rm -rf /tmp/gnutls*
-ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli
-ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv
-
-# Build libnettle 3.1 (needed by gnutls)
-RUN cd /tmp \
- && wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \
- && cd nettle-3.1 \
- && ./configure --disable-documentation \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install \
- && /sbin/ldconfig \
- && rm -rf /tmp/nettle*
-
-# Build gnutls (3.4.10)
-RUN cd /tmp \
- && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \
- && cd gnutls-3.4.10 \
- && ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \
- --with-included-libtasn1 --without-p11-kit \
- --disable-shared --disable-guile --disable-doc \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install \
- && rm -rf /tmp/gnutls*
-ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
-ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
-
-# Build libnettle 3.7.3 (needed by gnutls next)
-RUN cd /tmp \
- && wget https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz -qO- | tar xz \
- && cd nettle-3.7.3 \
- && ./configure --disable-documentation \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install \
- && /sbin/ldconfig \
- && rm -rf /tmp/nettle*
-
-# Build gnutls next (3.7.2)
-RUN cd /tmp \
- && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz -qO- | tar xJ \
- && cd gnutls-3.7.2 \
- && ./configure --prefix=/usr/local/gnutls-3.7.2 --exec_prefix=/usr/local/gnutls-3.7.2 \
- --with-included-libtasn1 --with-included-unistring --without-p11-kit \
- --disable-shared --disable-guile --disable-doc \
- && make ${MAKEFLAGS_PARALLEL} \
- && make install \
- && rm -rf /tmp/gnutls*
-
-ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.7.2/bin/gnutls-cli
-ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.7.2/bin/gnutls-serv
diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh
deleted file mode 100755
index b2a31c2..0000000
--- a/tests/scripts/all-in-docker.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash -eu
-
-# all-in-docker.sh
-#
-# Purpose
-# -------
-# This runs all.sh (except for armcc) in a Docker container.
-#
-# WARNING: the Dockerfile used by this script is no longer maintained! See
-# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
-# for the set of Docker images we use on the CI.
-#
-# Notes for users
-# ---------------
-# See docker_env.sh for prerequisites and other information.
-#
-# See also all.sh for notes about invocation of that script.
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-source tests/scripts/docker_env.sh
-
-# Run tests that are possible with openly available compilers
-run_in_docker tests/scripts/all.sh \
- --no-armcc \
- $@
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
deleted file mode 100755
index 81ee8d6..0000000
--- a/tests/scripts/basic-in-docker.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash -eu
-
-# basic-in-docker.sh
-#
-# Purpose
-# -------
-# This runs sanity checks and library tests in a Docker container. The tests
-# are run for both clang and gcc. The testing includes a full test run
-# in the default configuration, partial test runs in the reference
-# configurations, and some dependency tests.
-#
-# WARNING: the Dockerfile used by this script is no longer maintained! See
-# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
-# for the set of Docker images we use on the CI.
-#
-# Notes for users
-# ---------------
-# See docker_env.sh for prerequisites and other information.
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-source tests/scripts/docker_env.sh
-
-run_in_docker tests/scripts/all.sh 'check_*'
-
-for compiler in clang gcc; do
- run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" .
- run_in_docker -e CC=${compiler} make
- run_in_docker -e CC=${compiler} make test
- run_in_docker programs/test/selftest
- run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh
- run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
- run_in_docker tests/scripts/depends.py curves
- run_in_docker tests/scripts/depends.py kex
-done
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 865e247..a66c370 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -140,11 +140,14 @@
# directory in Mbed TLS that is not just a TF-PSA-Crypto submodule.
if [ -d tf-psa-crypto ]; then
cd tf-psa-crypto
+ check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c
check ../framework/scripts/generate_bignum_tests.py $(../framework/scripts/generate_bignum_tests.py --list)
check ../framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data
check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list)
check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list)
cd ..
+ check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
+ ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data
else
check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
@@ -155,12 +158,11 @@
fi
check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
+ check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
+ ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
fi
-check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h
-check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
- ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
# Additional checks for Mbed TLS only
if in_mbedtls_repo; then
@@ -179,4 +181,4 @@
# Generated files that are present in the repository even in the development
# branch. (This is intended to be temporary, until the generator scripts are
# fully reviewed and the build scripts support a generated header file.)
-check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
+check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c
diff --git a/tests/scripts/components-configuration-x509.sh b/tests/scripts/components-configuration-x509.sh
index e8ef283..800d98e 100644
--- a/tests/scripts/components-configuration-x509.sh
+++ b/tests/scripts/components-configuration-x509.sh
@@ -11,9 +11,9 @@
component_test_no_x509_info () {
msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.py set MBEDTLS_X509_REMOVE_INFO
make CFLAGS='-Werror -O2'
msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh
deleted file mode 100755
index cfc98df..0000000
--- a/tests/scripts/docker_env.sh
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/bin/bash -eu
-
-# docker_env.sh
-#
-# Purpose
-# -------
-#
-# This is a helper script to enable running tests under a Docker container,
-# thus making it easier to get set up as well as isolating test dependencies
-# (which include legacy/insecure configurations of openssl and gnutls).
-#
-# WARNING: the Dockerfile used by this script is no longer maintained! See
-# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
-# for the set of Docker images we use on the CI.
-#
-# Notes for users
-# ---------------
-# This script expects a Linux x86_64 system with a recent version of Docker
-# installed and available for use, as well as http/https access. If a proxy
-# server must be used, invoke this script with the usual environment variables
-# (http_proxy and https_proxy) set appropriately. If an alternate Docker
-# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the
-# host name.
-#
-#
-# Running this script directly will check for Docker availability and set up
-# the Docker image.
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-
-# default values, can be overridden by the environment
-: ${MBEDTLS_DOCKER_GUEST:=bionic}
-
-
-DOCKER_IMAGE_TAG="armmbed/mbedtls-test:${MBEDTLS_DOCKER_GUEST}"
-
-# Make sure docker is available
-if ! which docker > /dev/null; then
- echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started"
- exit 1
-fi
-
-# Figure out if we need to 'sudo docker'
-if groups | grep docker > /dev/null; then
- DOCKER="docker"
-else
- echo "Using sudo to invoke docker since you're not a member of the docker group..."
- DOCKER="sudo docker"
-fi
-
-# Figure out the number of processors available
-if [ "$(uname)" == "Darwin" ]; then
- NUM_PROC="$(sysctl -n hw.logicalcpu)"
-else
- NUM_PROC="$(nproc)"
-fi
-
-# Build the Docker image
-echo "Getting docker image up to date (this may take a few minutes)..."
-${DOCKER} image build \
- -t ${DOCKER_IMAGE_TAG} \
- --cache-from=${DOCKER_IMAGE_TAG} \
- --build-arg MAKEFLAGS_PARALLEL="-j ${NUM_PROC}" \
- --network host \
- ${http_proxy+--build-arg http_proxy=${http_proxy}} \
- ${https_proxy+--build-arg https_proxy=${https_proxy}} \
- ${MBEDTLS_DOCKER_REGISTRY+--build-arg MY_REGISTRY="${MBEDTLS_DOCKER_REGISTRY}/"} \
- tests/docker/${MBEDTLS_DOCKER_GUEST}
-
-run_in_docker()
-{
- ENV_ARGS=""
- while [ "$1" == "-e" ]; do
- ENV_ARGS="${ENV_ARGS} $1 $2"
- shift 2
- done
-
- ${DOCKER} container run -it --rm \
- --cap-add SYS_PTRACE \
- --user "$(id -u):$(id -g)" \
- --volume $PWD:$PWD \
- --workdir $PWD \
- -e MAKEFLAGS \
- -e PYLINTHOME=/tmp/.pylintd \
- ${ENV_ARGS} \
- ${DOCKER_IMAGE_TAG} \
- $@
-}
diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py
index 11bbebc..d835ba7 100755
--- a/tests/scripts/psa_collect_statuses.py
+++ b/tests/scripts/psa_collect_statuses.py
@@ -21,7 +21,7 @@
import sys
DEFAULT_STATUS_LOG_FILE = 'tests/statuses.log'
-DEFAULT_PSA_CONSTANT_NAMES = 'programs/psa/psa_constant_names'
+DEFAULT_PSA_CONSTANT_NAMES = 'tf-psa-crypto/programs/psa/psa_constant_names'
class Statuses:
"""Information about observed return statues of API functions."""
diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py
index 6a63d23..f9a8100 100755
--- a/tests/scripts/run_demos.py
+++ b/tests/scripts/run_demos.py
@@ -44,7 +44,9 @@
Return True if all demos passed and False if a demo fails.
"""
- all_demos = glob.glob('programs/*/*_demo.sh')
+ mbedtls_demos = glob.glob('programs/*/*_demo.sh')
+ tf_psa_crypto_demos = glob.glob('tf-psa-crypto/programs/*/*_demo.sh')
+ all_demos = mbedtls_demos + tf_psa_crypto_demos
if not all_demos:
# Keep the message on one line. pylint: disable=line-too-long
raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.')
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
deleted file mode 100755
index 9aff22d..0000000
--- a/tests/scripts/tcp_client.pl
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/env perl
-
-# A simple TCP client that sends some data and expects a response.
-# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
-# DATA: hex-encoded data to send to the server
-# RESPONSE: regexp that must match the server's response
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-use warnings;
-use strict;
-use IO::Socket::INET;
-
-# Pack hex digits into a binary string, ignoring whitespace.
-sub parse_hex {
- my ($hex) = @_;
- $hex =~ s/\s+//g;
- return pack('H*', $hex);
-}
-
-## Open a TCP connection to the specified host and port.
-sub open_connection {
- my ($host, $port) = @_;
- my $socket = IO::Socket::INET->new(PeerAddr => $host,
- PeerPort => $port,
- Proto => 'tcp',
- Timeout => 1);
- die "Cannot connect to $host:$port: $!" unless $socket;
- return $socket;
-}
-
-## Close the TCP connection.
-sub close_connection {
- my ($connection) = @_;
- $connection->shutdown(2);
- # Ignore shutdown failures (at least for now)
- return 1;
-}
-
-## Write the given data, expressed as hexadecimal
-sub write_data {
- my ($connection, $hexdata) = @_;
- my $data = parse_hex($hexdata);
- my $total_sent = 0;
- while ($total_sent < length($data)) {
- my $sent = $connection->send($data, 0);
- if (!defined $sent) {
- die "Unable to send data: $!";
- }
- $total_sent += $sent;
- }
- return 1;
-}
-
-## Read a response and check it against an expected prefix
-sub read_response {
- my ($connection, $expected_hex) = @_;
- my $expected_data = parse_hex($expected_hex);
- my $start_offset = 0;
- while ($start_offset < length($expected_data)) {
- my $actual_data;
- my $ok = $connection->recv($actual_data, length($expected_data));
- if (!defined $ok) {
- die "Unable to receive data: $!";
- }
- if (($actual_data ^ substr($expected_data, $start_offset)) =~ /[^\000]/) {
- printf STDERR ("Received \\x%02x instead of \\x%02x at offset %d\n",
- ord(substr($actual_data, $-[0], 1)),
- ord(substr($expected_data, $start_offset + $-[0], 1)),
- $start_offset + $-[0]);
- return 0;
- }
- $start_offset += length($actual_data);
- }
- return 1;
-}
-
-if (@ARGV != 4) {
- print STDERR "Usage: $0 HOSTNAME PORT DATA1 RESPONSE1\n";
- exit(3);
-}
-my ($host, $port, $data1, $response1) = @ARGV;
-my $connection = open_connection($host, $port);
-write_data($connection, $data1);
-if (!read_response($connection, $response1)) {
- exit(1);
-}
-close_connection($connection);
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index 8ed0fee..e697d17 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -173,7 +173,7 @@
action='store_false', dest='keep_c',
help='Don\'t keep the intermediate C file (default)')
parser.add_argument('--program',
- default='programs/psa/psa_constant_names',
+ default='tf-psa-crypto/programs/psa/psa_constant_names',
help='Program to test')
parser.add_argument('--show',
action='store_true',
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
deleted file mode 100755
index 3daecf3..0000000
--- a/tests/scripts/travis-log-failure.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-
-# travis-log-failure.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# List the server and client logs on failed ssl-opt.sh and compat.sh tests.
-# This script is used to make the logs show up in the Travis test results.
-#
-# Some of the logs can be very long: this means usually a couple of megabytes
-# but it can be much more. For example, the client log of test 273 in ssl-opt.sh
-# is more than 630 Megabytes long.
-
-if [ -d include/mbedtls ]; then :; else
- echo "$0: must be run from root" >&2
- exit 1
-fi
-
-FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log"
-MAX_LOG_SIZE=1048576
-
-for PATTERN in $FILES; do
- for LOG in $( ls tests/$PATTERN 2>/dev/null ); do
- echo
- echo "****** BEGIN file: $LOG ******"
- echo
- tail -c $MAX_LOG_SIZE $LOG
- echo "****** END file: $LOG ******"
- echo
- rm $LOG
- done
-done
diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh
deleted file mode 100755
index c0c85fc..0000000
--- a/tests/ssl-opt-in-docker.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash -eu
-
-# ssl-opt-in-docker.sh
-#
-# Purpose
-# -------
-# This runs ssl-opt.sh in a Docker container.
-#
-# WARNING: the Dockerfile used by this script is no longer maintained! See
-# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
-# for the set of Docker images we use on the CI.
-#
-# Notes for users
-# ---------------
-# If OPENSSL, GNUTLS_CLI, or GNUTLS_SERV are specified, the path must
-# correspond to an executable inside the Docker container. The special
-# values "next" and "legacy" are also allowed as shorthand for the
-# installations inside the container.
-#
-# See also:
-# - scripts/docker_env.sh for general Docker prerequisites and other information.
-# - ssl-opt.sh for notes about invocation of that script.
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-source tests/scripts/docker_env.sh
-
-case "${OPENSSL:-default}" in
- "legacy") export OPENSSL="/usr/local/openssl-1.0.1j/bin/openssl";;
- "next") export OPENSSL="/usr/local/openssl-1.1.1a/bin/openssl";;
- *) ;;
-esac
-
-case "${GNUTLS_CLI:-default}" in
- "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
- "next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";;
- *) ;;
-esac
-
-case "${GNUTLS_SERV:-default}" in
- "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
- "next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";;
- *) ;;
-esac
-
-run_in_docker \
- -e P_SRV \
- -e P_CLI \
- -e P_PXY \
- -e GNUTLS_CLI \
- -e GNUTLS_SERV \
- -e OPENSSL \
- tests/ssl-opt.sh \
- $@
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0c34844..1c4fae7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -68,7 +68,6 @@
O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"
G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key"
G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt"
-TCP_CLIENT="$PERL scripts/tcp_client.pl"
# alternative versions of OpenSSL and GnuTLS (no default path)
diff --git a/tf-psa-crypto/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_timing.data
rename to tests/suites/test_suite_timing.data
diff --git a/tf-psa-crypto/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_timing.function
rename to tests/suites/test_suite_timing.function
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index b9eaa41..a55b162 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -65,7 +65,7 @@
# Set the project, Mbed TLS and framework root directory.
set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
-set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
+set(TF_PSA_CRYPTO_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
# Put the version numbers into relevant files
set(version_number_files
@@ -376,8 +376,8 @@
endif()
endif()
-if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
- message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+if (NOT EXISTS "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/CMakeLists.txt")
+ message(FATAL_ERROR "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
endif()
add_subdirectory(include)
@@ -401,46 +401,32 @@
#
if(ENABLE_TESTING OR ENABLE_PROGRAMS)
file(GLOB MBEDTLS_TEST_FILES
- ${MBEDTLS_FRAMEWORK_DIR}/tests/src/*.c
- ${MBEDTLS_FRAMEWORK_DIR}/tests/src/drivers/*.c
- ${MBEDTLS_DIR}/tests/src/*.c)
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/*.c
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/drivers/*.c
+ ${TF_PSA_CRYPTO_DIR}/tests/src/*.c)
add_library(tf_psa_crypto_test OBJECT ${MBEDTLS_TEST_FILES})
set_base_compile_options(tf_psa_crypto_test)
if(GEN_FILES)
add_custom_command(
OUTPUT
- ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h
WORKING_DIRECTORY
${MBEDTLS_DIR}/tests
COMMAND
"${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
- "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
+ "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
"--output"
- "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h"
+ "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h"
DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_keys.py
)
- add_custom_target(tf_psa_crypto_test_keys_header DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h)
-
- add_custom_command(
- OUTPUT
- ${MBEDTLS_DIR}/tests/src/test_certs.h
- WORKING_DIRECTORY
- ${MBEDTLS_DIR}/tests
- COMMAND
- "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
- "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
- "--output"
- "${MBEDTLS_DIR}/tests/src/test_certs.h"
- DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
- )
- add_custom_target(tf_psa_crypto_test_certs_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
- add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header tf_psa_crypto_test_certs_header)
+ add_custom_target(tf_psa_crypto_test_keys_header
+ DEPENDS ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h)
+ add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header)
endif()
target_include_directories(tf_psa_crypto_test
- PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
- PRIVATE ${MBEDTLS_DIR}/tests/include
+ PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
+ PRIVATE ${TF_PSA_CRYPTO_DIR}/tests/include
PRIVATE ${MBEDTLS_DIR}/include
PRIVATE include
PRIVATE drivers/builtin/include
diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt
index 3e4092c..ccf1148 100644
--- a/tf-psa-crypto/core/CMakeLists.txt
+++ b/tf-psa-crypto/core/CMakeLists.txt
@@ -15,12 +15,12 @@
${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_DIR}/scripts/generate_driver_wrappers.py
+ ${TF_PSA_CRYPTO_DIR}/scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
- ${MBEDTLS_DIR}/scripts/generate_driver_wrappers.py
- ${MBEDTLS_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
- ${MBEDTLS_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
+ ${TF_PSA_CRYPTO_DIR}/scripts/generate_driver_wrappers.py
+ ${TF_PSA_CRYPTO_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+ ${TF_PSA_CRYPTO_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
)
else()
link_to_source(psa_crypto_driver_wrappers.h)
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h
similarity index 100%
rename from include/mbedtls/config_adjust_legacy_crypto.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h
diff --git a/include/mbedtls/hkdf.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/hkdf.h
similarity index 100%
rename from include/mbedtls/hkdf.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/hkdf.h
diff --git a/tf-psa-crypto/drivers/builtin/src/psa_util.c b/tf-psa-crypto/drivers/builtin/src/psa_util.c
index b2d2cd9..f441779 100644
--- a/tf-psa-crypto/drivers/builtin/src/psa_util.c
+++ b/tf-psa-crypto/drivers/builtin/src/psa_util.c
@@ -28,10 +28,6 @@
#if defined(MBEDTLS_LMS_C)
#include <mbedtls/lms.h>
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && \
- (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
-#include <mbedtls/ssl.h>
-#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
#include <mbedtls/rsa.h>
@@ -79,20 +75,6 @@
};
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && \
- (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
-const mbedtls_error_pair_t psa_to_ssl_errors[] =
-{
- { PSA_SUCCESS, 0 },
- { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED },
- { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE },
- { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC },
- { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA },
- { PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR },
- { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL }
-};
-#endif
-
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
const mbedtls_error_pair_t psa_to_pk_rsa_errors[] =
diff --git a/tf-psa-crypto/programs/.gitignore b/tf-psa-crypto/programs/.gitignore
index e69de29..55c6e56 100644
--- a/tf-psa-crypto/programs/.gitignore
+++ b/tf-psa-crypto/programs/.gitignore
@@ -0,0 +1,10 @@
+psa/aead_demo
+psa/crypto_examples
+psa/hmac_demo
+psa/key_ladder_demo
+psa/psa_constant_names
+psa/psa_hash
+
+###START_GENERATED_FILES###
+# Generated source files
+psa/psa_constant_names_generated.c
diff --git a/programs/psa/CMakeLists.txt b/tf-psa-crypto/programs/psa/CMakeLists.txt
similarity index 90%
rename from programs/psa/CMakeLists.txt
rename to tf-psa-crypto/programs/psa/CMakeLists.txt
index 3c20a70..2356c81 100644
--- a/programs/psa/CMakeLists.txt
+++ b/tf-psa-crypto/programs/psa/CMakeLists.txt
@@ -20,8 +20,8 @@
${CMAKE_CURRENT_SOURCE_DIR}/../..
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_values.h
- ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_extra.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
)
else()
link_to_source(psa_constant_names_generated.c)
diff --git a/programs/psa/aead_demo.c b/tf-psa-crypto/programs/psa/aead_demo.c
similarity index 100%
rename from programs/psa/aead_demo.c
rename to tf-psa-crypto/programs/psa/aead_demo.c
diff --git a/programs/psa/crypto_examples.c b/tf-psa-crypto/programs/psa/crypto_examples.c
similarity index 100%
rename from programs/psa/crypto_examples.c
rename to tf-psa-crypto/programs/psa/crypto_examples.c
diff --git a/programs/psa/hmac_demo.c b/tf-psa-crypto/programs/psa/hmac_demo.c
similarity index 100%
rename from programs/psa/hmac_demo.c
rename to tf-psa-crypto/programs/psa/hmac_demo.c
diff --git a/programs/psa/key_ladder_demo.c b/tf-psa-crypto/programs/psa/key_ladder_demo.c
similarity index 100%
rename from programs/psa/key_ladder_demo.c
rename to tf-psa-crypto/programs/psa/key_ladder_demo.c
diff --git a/programs/psa/key_ladder_demo.sh b/tf-psa-crypto/programs/psa/key_ladder_demo.sh
similarity index 97%
rename from programs/psa/key_ladder_demo.sh
rename to tf-psa-crypto/programs/psa/key_ladder_demo.sh
index e55da7e..526fde5 100755
--- a/programs/psa/key_ladder_demo.sh
+++ b/tf-psa-crypto/programs/psa/key_ladder_demo.sh
@@ -3,7 +3,7 @@
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-. "${0%/*}/../demo_common.sh"
+. "${0%/*}/../../../programs/demo_common.sh"
msg <<'EOF'
This script demonstrates the use of the PSA cryptography interface to
diff --git a/programs/psa/psa_constant_names.c b/tf-psa-crypto/programs/psa/psa_constant_names.c
similarity index 100%
rename from programs/psa/psa_constant_names.c
rename to tf-psa-crypto/programs/psa/psa_constant_names.c
diff --git a/programs/psa/psa_hash.c b/tf-psa-crypto/programs/psa/psa_hash.c
similarity index 100%
rename from programs/psa/psa_hash.c
rename to tf-psa-crypto/programs/psa/psa_hash.c
diff --git a/programs/psa/psa_hash_demo.sh b/tf-psa-crypto/programs/psa/psa_hash_demo.sh
similarity index 89%
rename from programs/psa/psa_hash_demo.sh
rename to tf-psa-crypto/programs/psa/psa_hash_demo.sh
index a26697c..5e257d7 100755
--- a/programs/psa/psa_hash_demo.sh
+++ b/tf-psa-crypto/programs/psa/psa_hash_demo.sh
@@ -3,7 +3,7 @@
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-. "${0%/*}/../demo_common.sh"
+. "${0%/*}/../../../programs/demo_common.sh"
msg <<'EOF'
This program demonstrates the use of the PSA cryptography interface to
diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/tf-psa-crypto/scripts/data_files/driver_jsons/driver_opaque_schema.json
similarity index 100%
rename from scripts/data_files/driver_jsons/driver_opaque_schema.json
rename to tf-psa-crypto/scripts/data_files/driver_jsons/driver_opaque_schema.json
diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/tf-psa-crypto/scripts/data_files/driver_jsons/driver_transparent_schema.json
similarity index 100%
rename from scripts/data_files/driver_jsons/driver_transparent_schema.json
rename to tf-psa-crypto/scripts/data_files/driver_jsons/driver_transparent_schema.json
diff --git a/scripts/data_files/driver_jsons/driverlist.json b/tf-psa-crypto/scripts/data_files/driver_jsons/driverlist.json
similarity index 100%
rename from scripts/data_files/driver_jsons/driverlist.json
rename to tf-psa-crypto/scripts/data_files/driver_jsons/driverlist.json
diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json
similarity index 100%
rename from scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json
rename to tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json
diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json
similarity index 100%
rename from scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json
rename to tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json
diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/tf-psa-crypto/scripts/data_files/driver_jsons/p256_transparent_driver.json
similarity index 100%
rename from scripts/data_files/driver_jsons/p256_transparent_driver.json
rename to tf-psa-crypto/scripts/data_files/driver_jsons/p256_transparent_driver.json
diff --git a/scripts/data_files/driver_templates/OS-template-opaque.jinja b/tf-psa-crypto/scripts/data_files/driver_templates/OS-template-opaque.jinja
similarity index 100%
rename from scripts/data_files/driver_templates/OS-template-opaque.jinja
rename to tf-psa-crypto/scripts/data_files/driver_templates/OS-template-opaque.jinja
diff --git a/scripts/data_files/driver_templates/OS-template-transparent.jinja b/tf-psa-crypto/scripts/data_files/driver_templates/OS-template-transparent.jinja
similarity index 100%
rename from scripts/data_files/driver_templates/OS-template-transparent.jinja
rename to tf-psa-crypto/scripts/data_files/driver_templates/OS-template-transparent.jinja
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
similarity index 100%
rename from scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
rename to tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja b/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
similarity index 100%
rename from scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
rename to tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
diff --git a/scripts/generate_driver_wrappers.py b/tf-psa-crypto/scripts/generate_driver_wrappers.py
similarity index 98%
rename from scripts/generate_driver_wrappers.py
rename to tf-psa-crypto/scripts/generate_driver_wrappers.py
index 9579764..7f5be2a 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/tf-psa-crypto/scripts/generate_driver_wrappers.py
@@ -179,6 +179,8 @@
args = parser.parse_args()
project_root = os.path.abspath(args.project_root)
+ if build_tree.looks_like_mbedtls_root(project_root):
+ project_root = os.path.join(project_root, 'tf-psa-crypto')
crypto_core_directory = build_tree.crypto_core_directory(project_root)
diff --git a/scripts/generate_psa_constants.py b/tf-psa-crypto/scripts/generate_psa_constants.py
similarity index 98%
rename from scripts/generate_psa_constants.py
rename to tf-psa-crypto/scripts/generate_psa_constants.py
index d472c6d..a22e406 100755
--- a/scripts/generate_psa_constants.py
+++ b/tf-psa-crypto/scripts/generate_psa_constants.py
@@ -329,6 +329,6 @@
# Allow to change the directory where psa_constant_names_generated.c is written to.
OUTPUT_FILE_DIR = sys.argv[1] if len(sys.argv) == 2 else "programs/psa"
- generate_psa_constants(['tf-psa-crypto/include/psa/crypto_values.h',
- 'tf-psa-crypto/include/psa/crypto_extra.h'],
+ generate_psa_constants(['include/psa/crypto_values.h',
+ 'include/psa/crypto_extra.h'],
OUTPUT_FILE_DIR + '/psa_constant_names_generated.c')
diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt
index c5813a6..2929cf3 100644
--- a/tf-psa-crypto/tests/CMakeLists.txt
+++ b/tf-psa-crypto/tests/CMakeLists.txt
@@ -14,7 +14,7 @@
execute_process(
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -26,7 +26,7 @@
execute_process(
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -45,7 +45,7 @@
execute_process(
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -57,7 +57,7 @@
execute_process(
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -98,16 +98,16 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_core.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod_raw.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_core.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod_raw.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
)
add_custom_command(
OUTPUT
@@ -116,11 +116,11 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
${config_generated_data_files}
DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_config_tests.py
# Do not declare the configuration files as dependencies: they
# change too often in ways that don't affect the result
# ((un)commenting some options).
@@ -132,14 +132,14 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/ecp.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/ecp.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
)
add_custom_command(
OUTPUT
@@ -148,17 +148,17 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_data_tests.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_knowledge.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/macro_collector.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_information.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_storage.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_data_tests.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_knowledge.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/macro_collector.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_information.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_storage.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
@@ -272,7 +272,7 @@
test_suite_${data_name}.c
COMMAND
${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_code.py
-f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
-d ${data_file}
-t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
@@ -281,7 +281,7 @@
--helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
-o .
DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
+ ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_code.py
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
${data_file}
${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
@@ -303,7 +303,7 @@
# files are automatically included because the library targets declare
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../drivers/builtin/src)
diff --git a/tests/include/test/psa_test_wrappers.h b/tf-psa-crypto/tests/include/test/psa_test_wrappers.h
similarity index 100%
rename from tests/include/test/psa_test_wrappers.h
rename to tf-psa-crypto/tests/include/test/psa_test_wrappers.h
diff --git a/tests/src/psa_test_wrappers.c b/tf-psa-crypto/tests/src/psa_test_wrappers.c
similarity index 100%
rename from tests/src/psa_test_wrappers.c
rename to tf-psa-crypto/tests/src/psa_test_wrappers.c