diff --git a/library/Makefile b/library/Makefile index 9085ab481c..17155c80ad 100644 --- a/library/Makefile +++ b/library/Makefile @@ -1,63 +1,7 @@ -ifndef MBEDTLS_PATH -MBEDTLS_PATH := .. -endif - -TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - -# List the generated files without running a script, so that this -# works with no tooling dependencies when GEN_FILES is disabled. -GENERATED_FILES := \ - mbedtls_config_check_before.h \ - mbedtls_config_check_final.h \ - mbedtls_config_check_user.h \ - error.c \ - version_features.c \ - ssl_debug_helpers_generated.c - -# Also list the generated files from crypto that are needed in the build, -# because we don't have the list in a consumable form. -GENERATED_FILES += \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h - -ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) - ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message -$(MBEDTLS_PATH)/framework/exported.make not found. -Run `git submodule update --init` to fetch the submodule contents. -This is a fatal error - endef - $(error $(error_message)) - endif - include $(MBEDTLS_PATH)/framework/exported.make -endif - -# Also see "include/mbedtls/mbedtls_config.h" - CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -# Include ../include, ../tf-psa-crypto/include and -# ../tf-psa-crypto/drivers/builtin/include for public headers and ., -# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for -# private headers. -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \ - -I../tf-psa-crypto/drivers/builtin/src \ - -I../include -I../tf-psa-crypto/include \ - -I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = - -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - # MicroBlaze specific options: # CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift @@ -72,6 +16,41 @@ else PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif +# Set AR_DASH= (empty string) to use an ar implementation that does not accept +# the - prefix for command line options (e.g. llvm-ar) +AR_DASH ?= - + +ifndef MBEDTLS_PATH +MBEDTLS_PATH := .. +endif + +ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) + # Use the define keyword to get a multi-line message. + # GNU make appends ". Stop.", so tweak the ending of our message accordingly. + define error_message +$(MBEDTLS_PATH)/framework/exported.make not found. +Run `git submodule update --init` to fetch the submodule contents. +This is a fatal error + endef + $(error $(error_message)) +endif +include $(MBEDTLS_PATH)/framework/exported.make + +include $(MBEDTLS_PATH)/scripts/crypto-common.make + +# For the time being, Mbed TLS uses non-public interfaces of TF-PSA-Crypto, +# so we include both public and internal headers. +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. \ + $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) \ + -I../include \ + $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) \ + -D_FILE_OFFSET_BITS=64 +LOCAL_LDFLAGS = + +ifdef DEBUG +LOCAL_CFLAGS += -g3 +endif + # if were running on Windows build for Windows ifdef WINDOWS WINDOWS_BUILD=1 @@ -97,10 +76,6 @@ SOEXT_TLS?=so.21 SOEXT_X509?=so.8 SOEXT_CRYPTO?=so.16 -# Set AR_DASH= (empty string) to use an ar implementation that does not accept -# the - prefix for command line options (e.g. llvm-ar) -AR_DASH ?= - - ARFLAGS = $(AR_DASH)src ifdef APPLE_BUILD ifneq ($(APPLE_BUILD),0) @@ -121,16 +96,15 @@ DLEXT = dylib endif endif -OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) -GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o -OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) -OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) +# See root Makefile +GEN_FILES ?= yes +ifdef GEN_FILES +gen_file_dep = +else +gen_file_dep = | +endif -THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) -OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) +OBJS_CRYPTO = $(TF_PSA_CRYPTO_LIBRARY_OBJS) OBJS_X509= \ mbedtls_config.o \ @@ -181,6 +155,8 @@ else all: shared static endif +include crypto-library.make + static: libmbedcrypto.a libmbedx509.a libmbedtls.a cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile cd ../tf-psa-crypto/tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile @@ -290,17 +266,20 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< +# List the generated files without running a script, so that this +# works with no tooling dependencies when GEN_FILES is disabled. +GENERATED_FILES := \ + mbedtls_config_check_before.h \ + mbedtls_config_check_final.h \ + mbedtls_config_check_user.h \ + error.c \ + version_features.c \ + ssl_debug_helpers_generated.c \ + $(TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES) + .PHONY: generated_files generated_files: $(GENERATED_FILES) -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - error.c: $(gen_file_dep) ../scripts/generate_errors.pl error.c: $(gen_file_dep) ../scripts/data_files/error.fmt error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) @@ -326,21 +305,9 @@ version_features.c: echo " Gen $@" $(PERL) ../scripts/generate_features.pl -GENERATED_WRAPPER_FILES = \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja -$(GENERATED_WRAPPER_FILES): - echo " Gen $(GENERATED_WRAPPER_FILES)" - $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) - -$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h - GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) $(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + ../scripts/generate_config_checks.py \ ../framework/scripts/mbedtls_framework/config_checks_generator.py $(GENERATED_CONFIG_CHECK_FILES): echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" @@ -348,18 +315,6 @@ $(GENERATED_CONFIG_CHECK_FILES): mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES) -TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - --list $(TF_PSA_CRYPTO_CORE_PATH)) -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - ../scripts/generate_config_checks.py \ - ../framework/scripts/mbedtls_framework/config_checks_generator.py -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): - echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" - $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py - -$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) - clean: ifndef WINDOWS rm -f *.o *.s libmbed* diff --git a/library/crypto-library.make b/library/crypto-library.make new file mode 100644 index 0000000000..826b118ca2 --- /dev/null +++ b/library/crypto-library.make @@ -0,0 +1,42 @@ +# Helper code for library/Makefile in Mbed TLS. +# This file is only meant to be included by library/Makefile in Mbed TLS and +# is unlikely to work in another context. + +# List the generated files from crypto that are needed in the build, +# because we don't have the list in a consumable form. +TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h + +GENERATED_WRAPPER_FILES = \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c +$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py +$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja +$(GENERATED_WRAPPER_FILES): + echo " Gen $(GENERATED_WRAPPER_FILES)" + $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) + +$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h + +TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + --list $(TF_PSA_CRYPTO_CORE_PATH)) +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + ../framework/scripts/mbedtls_framework/config_checks_generator.py +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): + echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" + $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py + +$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) + +TF_PSA_CRYPTO_LIBRARY_OBJS := $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) +TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o +TF_PSA_CRYPTO_LIBRARY_OBJS := $(filter-out $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS),$(TF_PSA_CRYPTO_LIBRARY_OBJS)) +TF_PSA_CRYPTO_LIBRARY_OBJS += $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS) +TF_PSA_CRYPTO_LIBRARY_OBJS+=$(THIRDPARTY_CRYPTO_OBJECTS) diff --git a/programs/Makefile b/programs/Makefile index 47745de052..b1aee9c57a 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -25,6 +25,12 @@ else BUILD_DLOPEN = endif +# Declare the default rule early, since it must come first, in particular +# before including crypto-programs.make. +default: all + +include crypto-programs.make + LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## The following assignment is the list of base names of applications that @@ -36,13 +42,7 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - ../tf-psa-crypto/programs/psa/aead_demo \ - ../tf-psa-crypto/programs/psa/crypto_examples \ - ../tf-psa-crypto/programs/psa/hmac_demo \ - ../tf-psa-crypto/programs/psa/key_ladder_demo \ - ../tf-psa-crypto/programs/psa/psa_constant_names \ - ../tf-psa-crypto/programs/psa/psa_hash \ - ../tf-psa-crypto/programs/test/which_aes \ + $(TF_PSA_CRYPTO_APPS) \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -108,17 +108,11 @@ ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test .PHONY: generated_files -GENERATED_FILES = ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c test/query_config.c +GENERATED_FILES := \ + test/query_config.c \ + $(TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES) generated_files: $(GENERATED_FILES) -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: - echo " Gen $@" - cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py - test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl ## The generated file only depends on the options that are present in mbedtls_config.h, ## not on which options are set. To avoid regenerating this file all the time @@ -131,34 +125,6 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) - echo " CC psa/aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) - echo " CC psa/crypto_examples.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) - echo " CC psa/hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) - echo " CC psa/key_ladder_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) - echo " CC psa/psa_constant_names.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) - echo " CC psa/psa_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) - echo " CC test/which_aes.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/crypto-programs.make b/programs/crypto-programs.make new file mode 100644 index 0000000000..37a759ca7d --- /dev/null +++ b/programs/crypto-programs.make @@ -0,0 +1,52 @@ +# Helper code for programs/Makefile in Mbed TLS. +# This file is only meant to be included by programs/Makefile in Mbed TLS and +# is unlikely to work in another context. + +TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES := \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names_generated.c + +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: + echo " Gen $@" + cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py + +TF_PSA_CRYPTO_APPS := \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/aead_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/crypto_examples \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/hmac_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/key_ladder_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_hash \ + $(TF_PSA_CRYPTO_PATH)/programs/test/which_aes \ +# End of APPS + +../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) + echo " CC psa/aead_demo.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) + echo " CC psa/crypto_examples.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) + echo " CC psa/hmac_demo.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) + echo " CC psa/key_ladder_demo.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) + echo " CC psa/psa_constant_names.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) + echo " CC psa/psa_hash.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) + echo " CC test/which_aes.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/scripts/common.make b/scripts/common.make index c0e7b1d966..18dd29d2ed 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -1,4 +1,15 @@ -# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS +CFLAGS ?= -O2 +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic +LDFLAGS ?= + +PERL ?= perl + +ifdef WINDOWS +PYTHON ?= python +else +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) +endif ifndef MBEDTLS_PATH MBEDTLS_PATH := .. @@ -18,15 +29,14 @@ This is a fatal error endif include $(MBEDTLS_PATH)/framework/exported.make -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic -LDFLAGS ?= +include $(MBEDTLS_PATH)/scripts/crypto-common.make + +# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ -I$(MBEDTLS_PATH)/framework/tests/include \ - -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ + -I$(MBEDTLS_PATH)/include \ + $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) \ -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS) @@ -36,20 +46,17 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -lpsaclient \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) + -lmbedcrypto$(SHARED_SUFFIX) \ + $(TF_PSA_CRYPTO_EXTRA_LDFLAGS) else LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L$(MBEDTLS_PATH)/library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) + -lmbedcrypto$(SHARED_SUFFIX) \ + $(TF_PSA_CRYPTO_EXTRA_LDFLAGS) endif -THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(THIRDPARTY_DIR)/everest/Makefile.inc -include $(THIRDPARTY_DIR)/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) - ifdef PSASIM MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ $(PSASIM_PATH)/client_libs/libmbedx509.a \ @@ -74,27 +81,6 @@ ifdef WINDOWS WINDOWS_BUILD=1 endif -## Usage: $(call remove_enabled_options,PREPROCESSOR_INPUT) -## Remove the preprocessor symbols that are set in the current configuration -## from PREPROCESSOR_INPUT. Also normalize whitespace. -## Example: -## $(call remove_enabled_options,MBEDTLS_FOO MBEDTLS_BAR) -## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is -## disabled, etc. -## -## This only works with a Unix-like shell environment (Bourne/POSIX-style shell -## and standard commands) and a Unix-like compiler (supporting -E). In -## other environments, the output is likely to be empty. -define remove_enabled_options -$(strip $(shell - exec 2>/dev/null; - { echo '#include '; echo $(1); } | - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -E - | - tail -n 1 -)) -endef - ifdef WINDOWS_BUILD DLEXT=dll EXEXT=.exe @@ -102,31 +88,10 @@ ifdef WINDOWS_BUILD ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif - else # Not building for Windows DLEXT ?= so EXEXT= SHARED_SUFFIX= - ifndef THREADING - # Auto-detect configurations with pthread. - # If the call to remove_enabled_options returns "control", the symbols - # are confirmed set and we link with pthread. - # If the auto-detection fails, the result of the call is empty and - # we keep THREADING undefined. - ifeq (control,$(call remove_enabled_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) - THREADING := pthread - endif - endif - - ifeq ($(THREADING),pthread) - LOCAL_LDFLAGS += -lpthread - endif -endif - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif # See root Makefile diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make new file mode 100644 index 0000000000..c5c24e2b09 --- /dev/null +++ b/scripts/crypto-common.make @@ -0,0 +1,99 @@ +# Helper code for the make build system in Mbed TLS: define some variables +# providing information such as file paths. +# This file is only meant to exist for a short transition period. +# It may change or be removed without notice. +# Do not use it if you are not Mbed TLS! + +# Assume that this makefile is located in a first-level subdirectory of the +# Mbed TLS root, and is accessed directly (not via VPATH or such). +# If this is not the case, TF_PSA_CRYPTO_PATH or MBEDTLS_PATH must be defined +# before including this file. +ifneq ($(origin TF_PSA_CRYPTO_PATH), undefined) + # TF_PSA_CRYPTO_PATH was defined before including this file, good. +else ifneq ($(origin MBEDTLS_PATH), undefined) + TF_PSA_CRYPTO_PATH := $(MBEDTLS_PATH)/tf-psa-crypto +else + # $(dir $(lastword $(MAKEFILE_LIST))) is the path to this file, possibly + # a relative path, with a trailing slash. Strip off another directory + # from that. + TF_PSA_CRYPTO_PATH := $(patsubst %/,%,$(dir $(patsubst %/,%,$(dir $(lastword $(MAKEFILE_LIST))))))/tf-psa-crypto +endif + +ifeq (,$(wildcard $(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c)) + $(error $$(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c not found) +endif + +TF_PSA_CRYPTO_CORE_PATH = $(TF_PSA_CRYPTO_PATH)/core +TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(TF_PSA_CRYPTO_PATH)/drivers/builtin/src + +# Gather information about crypto drivers that are separate from the main +# "builtin" driver (historically located in /3rdparty in Mbed TLS 2.x/3.x). +THIRDPARTY_DIR := $(TF_PSA_CRYPTO_PATH)/drivers +THIRDPARTY_INCLUDES = +include $(TF_PSA_CRYPTO_PATH)/drivers/everest/Makefile.inc +include $(TF_PSA_CRYPTO_PATH)/drivers/p256-m/Makefile.inc + +# Directories with headers of public interfaces of TF-PSA-Crypto +TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE = \ + -I$(TF_PSA_CRYPTO_PATH)/include \ + -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/include \ + $(THIRDPARTY_INCLUDES) + +# Directories with headers of internal interfaces of TF-PSA-Crypto +# (currently consumed by Mbed TLS, eventually not so when we've finished +# cleaning up) +TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \ + -I$(TF_PSA_CRYPTO_CORE_PATH) \ + -I$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH) + +# Extra linker flags required by the crypto library or the platform +TF_PSA_CRYPTO_EXTRA_LDFLAGS = + +## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT) +## Remove the preprocessor symbols that are set in the current configuration +## from PREPROCESSOR_INPUT. Also normalize whitespace. +## Example: +## $(call remove_enabled_options_crypto,MBEDTLS_FOO MBEDTLS_BAR) +## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both +## enabled in the TF-PSA-Crypto configuration, to "MBEDTLS_FOO" if +## MBEDTLS_BAR is enabled but MBEDTLS_FOO is disabled, etc. +## +## This only works with a Unix-like shell environment (Bourne/POSIX-style shell +## and standard commands) and a Unix-like compiler (supporting -E). In +## other environments, the output is likely to be empty. +define remove_enabled_options_crypto +$(strip $(shell + exec 2>/dev/null; + { echo '#include '; echo $(1); } | + $(CC) $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) $(CFLAGS) -E - | + tail -n 1 +)) +endef + +# Ensure that `THREADING` is always defined. This lets us get a clean run +# with `make --warn-undefined-variables` without making the conditionals +# below more complex than they already are. At this stage, if `$(THREADING)` +# is empty, it means we don't know yet whether the threading implementation +# requires extra `LDFLAGS`. Once we've done the analysis, if `$(THREADING)` +# is empty, it will mean that no extra `LDFLAGS` are required, either +# because threading is disabled or because the threading implementation +# doesn't require any extra `LDFLAGS`. +THREADING ?= + +ifndef WINDOWS_BUILD + ifeq ($(THREADING),) + # Auto-detect configurations with pthread. + # If the call to remove_enabled_options returns "control", the symbols + # are confirmed set and we link with pthread. + # If the auto-detection fails, the result of the call is empty and + # we keep THREADING undefined. + ifeq (control,$(call remove_enabled_options_crypto,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) + THREADING := pthread + endif + endif + #$(info THREADING = $(THREADING)) + + ifeq ($(THREADING),pthread) + TF_PSA_CRYPTO_EXTRA_LDFLAGS += -lpthread + endif +endif diff --git a/tests/Makefile b/tests/Makefile index a52bc32f57..2a7040279f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,8 +4,15 @@ include ../scripts/common.make # Set this to -v to see the details of failing test cases TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) +# Declare the default rule early, since it must come first, in particular +# before including crypto-programs.make. +default: all + +include crypto-tests.make + # Also include private headers, for the sake of invasive tests. -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library -I$(MBEDTLS_PATH)/tf-psa-crypto/core -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src +LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library +LOCAL_CFLAGS += $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) # Enable definition of various functions used throughout the testsuite # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless @@ -16,15 +23,6 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG endif -GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) - GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ echo FAILED \ @@ -32,41 +30,16 @@ GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) endif - -GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) -$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) -endif - -GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) -GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_ECP_DATA_FILES) +GENERATED_C_FILES = \ + include/test/test_keys.h include/test/test_certs.h -GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES) - -GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES) -GENERATED_FILES += include/test/test_keys.h \ - ../tf-psa-crypto/tests/include/test/test_keys.h \ - include/test/test_certs.h +GENERATED_FILES = \ + $(GENERATED_DATA_FILES) \ + $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) \ + $(GENERATED_C_FILES) \ + $(TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES) # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt @@ -87,90 +60,33 @@ ssl-opt: opt-testcases/tls13-compat.sh .PHONY: generated_files generated_files: $(GENERATED_FILES) -# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing -# inputs than generating outputs. Its inputs are the same no matter which files -# are being generated. -# It's rare not to want all the outputs. So always generate all of its outputs. -# Use an intermediate phony dependency so that parallel builds don't run -# a separate instance of the recipe for each output file. -$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data -generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_bignum_test_data: - echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_bignum_test_data - # We deliberately omit the configuration files (mbedtls_config.h, # crypto_config.h) from the depenency list because during development # and on the CI, we often edit those in a way that doesn't change the # output, to comment out certain options, or even to remove certain # lines which do affect the output negatively (it will miss the # corresponding test cases). -$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data +$(GENERATED_MBEDTLS_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data generated_config_test_data: ../framework/scripts/generate_config_tests.py generated_config_test_data: ../scripts/config.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_config_test_data: - echo " Gen $(GENERATED_CONFIG_DATA_FILES)" + echo " Gen $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)" $(PYTHON) ../framework/scripts/generate_config_tests.py - cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py .SECONDARY: generated_config_test_data -$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data -generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_ecp_test_data: - echo " Gen $(GENERATED_ECP_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_ecp_test_data - -$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data -generated_psa_test_data: ../framework/scripts/generate_psa_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -## The generated file only depends on the options that are present in -## crypto_config.h, not on which options are set. To avoid regenerating this -## file all the time when switching between configurations, don't declare -## crypto_config.h as a dependency. Remove this file from your working tree -## if you've just added or removed an option in crypto_config.h. -#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h -generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -generated_psa_test_data: - echo " Gen $(GENERATED_PSA_DATA_FILES) ..." - $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_psa_test_data - # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data)) -CRYPTO_DATA_FILES = $(filter-out $(GENERATED_CRYPTO_DATA_FILES), $(wildcard ../tf-psa-crypto/tests/suites/test_suite_*.data)) # Make sure that generated data files are included even if they don't # exist yet when the makefile is parsed. DATA_FILES += $(GENERATED_DATA_FILES) -CRYPTO_DATA_FILES += $(GENERATED_CRYPTO_DATA_FILES) APPS = $(basename $(subst suites/,,$(DATA_FILES))) -CRYPTO_APPS = $(basename $(subst suites/,,$(CRYPTO_DATA_FILES))) +CRYPTO_APPS = $(basename $(subst suites/,,$(TF_PSA_CRYPTO_TESTS_DATA_FILES))) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -185,7 +101,7 @@ all: $(BINARIES) $(CRYPTO_BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ - $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) + $(shell $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ @@ -193,10 +109,6 @@ include/test/test_keys.h: ../framework/scripts/generate_test_keys.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ -../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ - TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) ifdef RECORD_PSA_STATUS_COVERAGE_LOG # Explicitly depend on this header because on a clean copy of the source tree, @@ -334,7 +246,7 @@ libtestdriver1.a: mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc - cp -Rf ../framework/scripts ./libtestdriver1/framework + cp -Rf ../framework/scripts ../framework/exported.make ./libtestdriver1/framework cp -Rf ../library ./libtestdriver1 cp -Rf ../include ./libtestdriver1 cp -Rf ../scripts ./libtestdriver1 diff --git a/tests/crypto-tests.make b/tests/crypto-tests.make new file mode 100644 index 0000000000..fbfc12dbd2 --- /dev/null +++ b/tests/crypto-tests.make @@ -0,0 +1,121 @@ +# Helper code for tests/Makefile in Mbed TLS. +# This file is only meant to be included by tests/Makefile in Mbed TLS and +# is unlikely to work in another context. + +GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) + +# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing +# inputs than generating outputs. Its inputs are the same no matter which files +# are being generated. +# It's rare not to want all the outputs. So always generate all of its outputs. +# Use an intermediate phony dependency so that parallel builds don't run +# a separate instance of the recipe for each output file. +$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data +generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_bignum_test_data: + echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" + $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites +.SECONDARY: generated_bignum_test_data + +GENERATED_CRYPTO_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_CRYPTO_CONFIG_DATA_FILES),FAILED) +$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_CRYPTO_CONFIG_DATA_FILES) + +# We deliberately omit the configuration files (mbedtls_config.h, +# crypto_config.h) from the depenency list because during development +# and on the CI, we often edit those in a way that doesn't change the +# output, to comment out certain options, or even to remove certain +# lines which do affect the output negatively (it will miss the +# corresponding test cases). +$(GENERATED_CRYPTO_CONFIG_DATA_FILES): $(gen_file_dep) generated_crypto_config_test_data +generated_crypto_config_test_data: ../framework/scripts/generate_config_tests.py +generated_crypto_config_test_data: ../scripts/config.py +generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_crypto_config_test_data: + echo " Gen $(GENERATED_CRYPTO_CONFIG_DATA_FILES)" + cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py +.SECONDARY: generated_crypto_config_test_data + +GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES) + +$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data +generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_ecp_test_data: + echo " Gen $(GENERATED_ECP_DATA_FILES)" + $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites +.SECONDARY: generated_ecp_test_data + +GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) + +$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data +generated_psa_test_data: ../framework/scripts/generate_psa_tests.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +## The generated file only depends on the options that are present in +## crypto_config.h, not on which options are set. To avoid regenerating this +## file all the time when switching between configurations, don't declare +## crypto_config.h as a dependency. Remove this file from your working tree +## if you've just added or removed an option in crypto_config.h. +#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h +generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h +generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h +generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data +generated_psa_test_data: + echo " Gen $(GENERATED_PSA_DATA_FILES) ..." + $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites +.SECONDARY: generated_psa_test_data + +TF_PSA_CRYPTO_TESTS_DATA_FILES = $(filter-out $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES), $(wildcard $(TF_PSA_CRYPTO_PATH)/tests/suites/test_suite_*.data)) +# Make sure that generated data files are included even if they don't +# exist yet when the makefile is parsed. +TF_PSA_CRYPTO_TESTS_DATA_FILES += $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) + +../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py + echo " Gen $@" + $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ + +TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES = \ + ../tf-psa-crypto/tests/include/test/test_keys.h