TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10543 from gilles-peskine-arm/split-crypto-makefiles

Browse Source 
Split crypto part of Mbed TLS makefiles
This commit is contained in:
Ronald Cron
2026-01-07 15:18:32 +00:00
committed by GitHub
parent a271e934ed dd255696a5
commit 67152f3049
8 changed files with 422 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
library/Makefile
View File

@@ -1,63 +1,7 @@
ifndef MBEDTLS_PATH
MBEDTLS_PATH := ..
endif
TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core
TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src
# List the generated files without running a script, so that this
# works with no tooling dependencies when GEN_FILES is disabled.
GENERATED_FILES := \
mbedtls_config_check_before.h \
mbedtls_config_check_final.h \
mbedtls_config_check_user.h \
error.c \
version_features.c \
ssl_debug_helpers_generated.c
# Also list the generated files from crypto that are needed in the build,
# because we don't have the list in a consumable form.
GENERATED_FILES += \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h
ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES)))
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
define error_message
$(MBEDTLS_PATH)/framework/exported.make not found.
Run `git submodule update --init` to fetch the submodule contents.
This is a fatal error
endef
$(error $(error_message))
endif
include $(MBEDTLS_PATH)/framework/exported.make
endif
# Also see "include/mbedtls/mbedtls_config.h"
CFLAGS ?= -O2 CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?= LDFLAGS ?=
# Include ../include, ../tf-psa-crypto/include and
# ../tf-psa-crypto/drivers/builtin/include for public headers and .,
# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for
# private headers.
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \
-I../tf-psa-crypto/drivers/builtin/src \
-I../include -I../tf-psa-crypto/include \
-I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG
LOCAL_CFLAGS += -g3
endif
# MicroBlaze specific options: # MicroBlaze specific options:
# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift # CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift
@@ -72,6 +16,41 @@ else
PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif endif
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)
AR_DASH ?= -
ifndef MBEDTLS_PATH
MBEDTLS_PATH := ..
endif
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
define error_message
$(MBEDTLS_PATH)/framework/exported.make not found.
Run `git submodule update --init` to fetch the submodule contents.
This is a fatal error
endef
$(error $(error_message))
endif
include $(MBEDTLS_PATH)/framework/exported.make
include $(MBEDTLS_PATH)/scripts/crypto-common.make
# For the time being, Mbed TLS uses non-public interfaces of TF-PSA-Crypto,
# so we include both public and internal headers.
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. \
$(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) \
-I../include \
$(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) \
-D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG
LOCAL_CFLAGS += -g3
endif
# if were running on Windows build for Windows # if were running on Windows build for Windows
ifdef WINDOWS ifdef WINDOWS
WINDOWS_BUILD=1 WINDOWS_BUILD=1
@@ -97,10 +76,6 @@ SOEXT_TLS?=so.21
SOEXT_X509?=so.8 SOEXT_X509?=so.8
SOEXT_CRYPTO?=so.16 SOEXT_CRYPTO?=so.16
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)
AR_DASH ?= -
ARFLAGS = $(AR_DASH)src ARFLAGS = $(AR_DASH)src
ifdef APPLE_BUILD ifdef APPLE_BUILD
ifneq ($(APPLE_BUILD),0) ifneq ($(APPLE_BUILD),0)
@@ -121,16 +96,15 @@ DLEXT = dylib
endif endif
endif endif
OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) # See root Makefile
GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o GEN_FILES ?= yes
OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) ifdef GEN_FILES
OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) gen_file_dep =
else
gen_file_dep = |
endif
THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers OBJS_CRYPTO = $(TF_PSA_CRYPTO_LIBRARY_OBJS)
include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc
include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
OBJS_X509= \ OBJS_X509= \
mbedtls_config.o \ mbedtls_config.o \
@@ -181,6 +155,8 @@ else
all: shared static all: shared static
endif endif
include crypto-library.make
static: libmbedcrypto.a libmbedx509.a libmbedtls.a static: libmbedcrypto.a libmbedx509.a libmbedtls.a
cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile
cd ../tf-psa-crypto/tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile cd ../tf-psa-crypto/tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile
@@ -290,17 +266,20 @@ libmbedcrypto.dll: $(OBJS_CRYPTO)
echo " CC $<" echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $<
# List the generated files without running a script, so that this
# works with no tooling dependencies when GEN_FILES is disabled.
GENERATED_FILES := \
mbedtls_config_check_before.h \
mbedtls_config_check_final.h \
mbedtls_config_check_user.h \
error.c \
version_features.c \
ssl_debug_helpers_generated.c \
$(TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES)
.PHONY: generated_files .PHONY: generated_files
generated_files: $(GENERATED_FILES) generated_files: $(GENERATED_FILES)
# See root Makefile
GEN_FILES ?= yes
ifdef GEN_FILES
gen_file_dep =
else
gen_file_dep = |
endif
error.c: $(gen_file_dep) ../scripts/generate_errors.pl error.c: $(gen_file_dep) ../scripts/generate_errors.pl
error.c: $(gen_file_dep) ../scripts/data_files/error.fmt error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
@@ -326,21 +305,9 @@ version_features.c:
echo " Gen $@" echo " Gen $@"
$(PERL) ../scripts/generate_features.pl $(PERL) ../scripts/generate_features.pl
GENERATED_WRAPPER_FILES = \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py
$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
$(GENERATED_WRAPPER_FILES):
echo " Gen $(GENERATED_WRAPPER_FILES)"
$(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .)
$(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ $(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \
$(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ ../scripts/generate_config_checks.py \
../framework/scripts/mbedtls_framework/config_checks_generator.py ../framework/scripts/mbedtls_framework/config_checks_generator.py
$(GENERATED_CONFIG_CHECK_FILES): $(GENERATED_CONFIG_CHECK_FILES):
echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" echo " Gen $(GENERATED_CONFIG_CHECK_FILES)"
@@ -348,18 +315,6 @@ $(GENERATED_CONFIG_CHECK_FILES):
mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES) mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES)
TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \
$(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \
--list $(TF_PSA_CRYPTO_CORE_PATH))
$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \
../scripts/generate_config_checks.py \
../framework/scripts/mbedtls_framework/config_checks_generator.py
$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES):
echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)"
$(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)
clean: clean:
ifndef WINDOWS ifndef WINDOWS
rm -f *.o *.s libmbed* rm -f *.o *.s libmbed*

42
library/crypto-library.make Normal file
View File

@@ -0,0 +1,42 @@
# Helper code for library/Makefile in Mbed TLS.
# This file is only meant to be included by library/Makefile in Mbed TLS and
# is unlikely to work in another context.
# List the generated files from crypto that are needed in the build,
# because we don't have the list in a consumable form.
TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h
GENERATED_WRAPPER_FILES = \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py
$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
$(GENERATED_WRAPPER_FILES):
echo " Gen $(GENERATED_WRAPPER_FILES)"
$(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \
$(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \
--list $(TF_PSA_CRYPTO_CORE_PATH))
$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \
$(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \
../framework/scripts/mbedtls_framework/config_checks_generator.py
$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES):
echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)"
$(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)
TF_PSA_CRYPTO_LIBRARY_OBJS := $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c))
TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o
TF_PSA_CRYPTO_LIBRARY_OBJS := $(filter-out $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS),$(TF_PSA_CRYPTO_LIBRARY_OBJS))
TF_PSA_CRYPTO_LIBRARY_OBJS += $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS)
TF_PSA_CRYPTO_LIBRARY_OBJS+=$(THIRDPARTY_CRYPTO_OBJECTS)

54
programs/Makefile
View File

@@ -25,6 +25,12 @@ else
BUILD_DLOPEN = BUILD_DLOPEN =
endif endif
# Declare the default rule early, since it must come first, in particular
# before including crypto-programs.make.
default: all
include crypto-programs.make
LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs
## The following assignment is the list of base names of applications that ## The following assignment is the list of base names of applications that
@@ -36,13 +42,7 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs
## Note: Variables cannot be used to define an apps path. This cannot be ## Note: Variables cannot be used to define an apps path. This cannot be
## substituted by the script generate_visualc_files.pl. ## substituted by the script generate_visualc_files.pl.
APPS = \ APPS = \
../tf-psa-crypto/programs/psa/aead_demo \ $(TF_PSA_CRYPTO_APPS) \
../tf-psa-crypto/programs/psa/crypto_examples \
../tf-psa-crypto/programs/psa/hmac_demo \
../tf-psa-crypto/programs/psa/key_ladder_demo \
../tf-psa-crypto/programs/psa/psa_constant_names \
../tf-psa-crypto/programs/psa/psa_hash \
../tf-psa-crypto/programs/test/which_aes \
ssl/dtls_client \ ssl/dtls_client \
ssl/dtls_server \ ssl/dtls_server \
ssl/mini_client \ ssl/mini_client \
@@ -108,17 +108,11 @@ ${MBEDTLS_TEST_OBJS}:
$(MAKE) -C ../tests mbedtls_test $(MAKE) -C ../tests mbedtls_test
.PHONY: generated_files .PHONY: generated_files
GENERATED_FILES = ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c test/query_config.c GENERATED_FILES := \
test/query_config.c \
$(TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES)
generated_files: $(GENERATED_FILES) generated_files: $(GENERATED_FILES)
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c:
echo " Gen $@"
cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py
test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl
## The generated file only depends on the options that are present in mbedtls_config.h, ## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time ## not on which options are set. To avoid regenerating this file all the time
@@ -131,34 +125,6 @@ test/query_config.c:
echo " Gen $@" echo " Gen $@"
$(PERL) ../scripts/generate_query_config.pl $(PERL) ../scripts/generate_query_config.pl
../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
echo " CC psa/aead_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP)
echo " CC psa/crypto_examples.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP)
echo " CC psa/hmac_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP)
echo " CC psa/key_ladder_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP)
echo " CC psa/psa_constant_names.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP)
echo " CC psa/psa_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP)
echo " CC test/which_aes.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP)
echo " CC ssl/dtls_client.c" echo " CC ssl/dtls_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

52
programs/crypto-programs.make Normal file
View File

@@ -0,0 +1,52 @@
# Helper code for programs/Makefile in Mbed TLS.
# This file is only meant to be included by programs/Makefile in Mbed TLS and
# is unlikely to work in another context.
TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES := \
$(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names_generated.c
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
../tf-psa-crypto/programs/psa/psa_constant_names_generated.c:
echo " Gen $@"
cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py
TF_PSA_CRYPTO_APPS := \
$(TF_PSA_CRYPTO_PATH)/programs/psa/aead_demo \
$(TF_PSA_CRYPTO_PATH)/programs/psa/crypto_examples \
$(TF_PSA_CRYPTO_PATH)/programs/psa/hmac_demo \
$(TF_PSA_CRYPTO_PATH)/programs/psa/key_ladder_demo \
$(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names \
$(TF_PSA_CRYPTO_PATH)/programs/psa/psa_hash \
$(TF_PSA_CRYPTO_PATH)/programs/test/which_aes \
# End of APPS
../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
echo " CC psa/aead_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP)
echo " CC psa/crypto_examples.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP)
echo " CC psa/hmac_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP)
echo " CC psa/key_ladder_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP)
echo " CC psa/psa_constant_names.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP)
echo " CC psa/psa_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP)
echo " CC test/which_aes.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

77
scripts/common.make
View File

@@ -1,4 +1,15 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic
LDFLAGS ?=
PERL ?= perl
ifdef WINDOWS
PYTHON ?= python
else
PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
ifndef MBEDTLS_PATH ifndef MBEDTLS_PATH
MBEDTLS_PATH := .. MBEDTLS_PATH := ..
@@ -18,15 +29,14 @@ This is a fatal error
endif endif
include $(MBEDTLS_PATH)/framework/exported.make include $(MBEDTLS_PATH)/framework/exported.make
CFLAGS ?= -O2 include $(MBEDTLS_PATH)/scripts/crypto-common.make
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
-I$(MBEDTLS_PATH)/framework/tests/include \ -I$(MBEDTLS_PATH)/framework/tests/include \
-I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ -I$(MBEDTLS_PATH)/include \
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) \
-D_FILE_OFFSET_BITS=64 -D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS) LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS)
@@ -36,20 +46,17 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-lpsaclient \ -lpsaclient \
-lmbedtls$(SHARED_SUFFIX) \ -lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX) -lmbedcrypto$(SHARED_SUFFIX) \
$(TF_PSA_CRYPTO_EXTRA_LDFLAGS)
else else
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \ -L$(MBEDTLS_PATH)/library \
-lmbedtls$(SHARED_SUFFIX) \ -lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX) -lmbedcrypto$(SHARED_SUFFIX) \
$(TF_PSA_CRYPTO_EXTRA_LDFLAGS)
endif endif
THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers
include $(THIRDPARTY_DIR)/everest/Makefile.inc
include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
ifdef PSASIM ifdef PSASIM
MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \
$(PSASIM_PATH)/client_libs/libmbedx509.a \ $(PSASIM_PATH)/client_libs/libmbedx509.a \
@@ -74,27 +81,6 @@ ifdef WINDOWS
WINDOWS_BUILD=1 WINDOWS_BUILD=1
endif endif
## Usage: $(call remove_enabled_options,PREPROCESSOR_INPUT)
## Remove the preprocessor symbols that are set in the current configuration
## from PREPROCESSOR_INPUT. Also normalize whitespace.
## Example:
## $(call remove_enabled_options,MBEDTLS_FOO MBEDTLS_BAR)
## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both
## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is
## disabled, etc.
##
## This only works with a Unix-like shell environment (Bourne/POSIX-style shell
## and standard commands) and a Unix-like compiler (supporting -E). In
## other environments, the output is likely to be empty.
define remove_enabled_options
$(strip $(shell
exec 2>/dev/null;
{ echo '#include <mbedtls/build_info.h>'; echo $(1); } |
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -E - |
tail -n 1
))
endef
ifdef WINDOWS_BUILD ifdef WINDOWS_BUILD
DLEXT=dll DLEXT=dll
EXEXT=.exe EXEXT=.exe
@@ -102,31 +88,10 @@ ifdef WINDOWS_BUILD
ifdef SHARED ifdef SHARED
SHARED_SUFFIX=.$(DLEXT) SHARED_SUFFIX=.$(DLEXT)
endif endif
else # Not building for Windows else # Not building for Windows
DLEXT ?= so DLEXT ?= so
EXEXT= EXEXT=
SHARED_SUFFIX= SHARED_SUFFIX=
ifndef THREADING
# Auto-detect configurations with pthread.
# If the call to remove_enabled_options returns "control", the symbols
# are confirmed set and we link with pthread.
# If the auto-detection fails, the result of the call is empty and
# we keep THREADING undefined.
ifeq (control,$(call remove_enabled_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD))
THREADING := pthread
endif
endif
ifeq ($(THREADING),pthread)
LOCAL_LDFLAGS += -lpthread
endif
endif
ifdef WINDOWS
PYTHON ?= python
else
PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif endif
# See root Makefile # See root Makefile

99
scripts/crypto-common.make Normal file
View File

@@ -0,0 +1,99 @@
# Helper code for the make build system in Mbed TLS: define some variables
# providing information such as file paths.
# This file is only meant to exist for a short transition period.
# It may change or be removed without notice.
# Do not use it if you are not Mbed TLS!
# Assume that this makefile is located in a first-level subdirectory of the
# Mbed TLS root, and is accessed directly (not via VPATH or such).
# If this is not the case, TF_PSA_CRYPTO_PATH or MBEDTLS_PATH must be defined
# before including this file.
ifneq ($(origin TF_PSA_CRYPTO_PATH), undefined)
# TF_PSA_CRYPTO_PATH was defined before including this file, good.
else ifneq ($(origin MBEDTLS_PATH), undefined)
TF_PSA_CRYPTO_PATH := $(MBEDTLS_PATH)/tf-psa-crypto
else
# $(dir $(lastword $(MAKEFILE_LIST))) is the path to this file, possibly
# a relative path, with a trailing slash. Strip off another directory
# from that.
TF_PSA_CRYPTO_PATH := $(patsubst %/,%,$(dir $(patsubst %/,%,$(dir $(lastword $(MAKEFILE_LIST))))))/tf-psa-crypto
endif
ifeq (,$(wildcard $(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c))
$(error $$(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c not found)
endif
TF_PSA_CRYPTO_CORE_PATH = $(TF_PSA_CRYPTO_PATH)/core
TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(TF_PSA_CRYPTO_PATH)/drivers/builtin/src
# Gather information about crypto drivers that are separate from the main
# "builtin" driver (historically located in /3rdparty in Mbed TLS 2.x/3.x).
THIRDPARTY_DIR := $(TF_PSA_CRYPTO_PATH)/drivers
THIRDPARTY_INCLUDES =
include $(TF_PSA_CRYPTO_PATH)/drivers/everest/Makefile.inc
include $(TF_PSA_CRYPTO_PATH)/drivers/p256-m/Makefile.inc
# Directories with headers of public interfaces of TF-PSA-Crypto
TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE = \
-I$(TF_PSA_CRYPTO_PATH)/include \
-I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/include \
$(THIRDPARTY_INCLUDES)
# Directories with headers of internal interfaces of TF-PSA-Crypto
# (currently consumed by Mbed TLS, eventually not so when we've finished
# cleaning up)
TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \
-I$(TF_PSA_CRYPTO_CORE_PATH) \
-I$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)
# Extra linker flags required by the crypto library or the platform
TF_PSA_CRYPTO_EXTRA_LDFLAGS =
## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT)
## Remove the preprocessor symbols that are set in the current configuration
## from PREPROCESSOR_INPUT. Also normalize whitespace.
## Example:
## $(call remove_enabled_options_crypto,MBEDTLS_FOO MBEDTLS_BAR)
## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both
## enabled in the TF-PSA-Crypto configuration, to "MBEDTLS_FOO" if
## MBEDTLS_BAR is enabled but MBEDTLS_FOO is disabled, etc.
##
## This only works with a Unix-like shell environment (Bourne/POSIX-style shell
## and standard commands) and a Unix-like compiler (supporting -E). In
## other environments, the output is likely to be empty.
define remove_enabled_options_crypto
$(strip $(shell
exec 2>/dev/null;
{ echo '#include <tf-psa-crypto/build_info.h>'; echo $(1); } |
$(CC) $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) $(CFLAGS) -E - |
tail -n 1
))
endef
# Ensure that `THREADING` is always defined. This lets us get a clean run
# with `make --warn-undefined-variables` without making the conditionals
# below more complex than they already are. At this stage, if `$(THREADING)`
# is empty, it means we don't know yet whether the threading implementation
# requires extra `LDFLAGS`. Once we've done the analysis, if `$(THREADING)`
# is empty, it will mean that no extra `LDFLAGS` are required, either
# because threading is disabled or because the threading implementation
# doesn't require any extra `LDFLAGS`.
THREADING ?=
ifndef WINDOWS_BUILD
ifeq ($(THREADING),)
# Auto-detect configurations with pthread.
# If the call to remove_enabled_options returns "control", the symbols
# are confirmed set and we link with pthread.
# If the auto-detection fails, the result of the call is empty and
# we keep THREADING undefined.
ifeq (control,$(call remove_enabled_options_crypto,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD))
THREADING := pthread
endif
endif
#$(info THREADING = $(THREADING))
ifeq ($(THREADING),pthread)
TF_PSA_CRYPTO_EXTRA_LDFLAGS += -lpthread
endif
endif

128
tests/Makefile
View File

@@ -4,8 +4,15 @@ include ../scripts/common.make
# Set this to -v to see the details of failing test cases # Set this to -v to see the details of failing test cases
TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,)
# Declare the default rule early, since it must come first, in particular
# before including crypto-programs.make.
default: all
include crypto-tests.make
# Also include private headers, for the sake of invasive tests. # Also include private headers, for the sake of invasive tests.
LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library -I$(MBEDTLS_PATH)/tf-psa-crypto/core -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library
LOCAL_CFLAGS += $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE)
# Enable definition of various functions used throughout the testsuite # Enable definition of various functions used throughout the testsuite
# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
@@ -16,15 +23,6 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG
LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG
endif endif
GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed)
endif
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES)
GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \
echo FAILED \ echo FAILED \
@@ -32,41 +30,16 @@ GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \
ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed)
endif endif
GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED)
$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed)
endif
GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES)
GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES)
GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ GENERATED_C_FILES = \
$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ include/test/test_keys.h include/test/test_certs.h
echo FAILED \
))
ifeq ($(GENERATED_ECP_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed)
endif
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_ECP_DATA_FILES)
GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ GENERATED_FILES = \
$(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ $(GENERATED_DATA_FILES) \
echo FAILED \ $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) \
)) $(GENERATED_C_FILES) \
ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) $(TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES)
$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed)
endif
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES)
GENERATED_FILES += include/test/test_keys.h \
../tf-psa-crypto/tests/include/test/test_keys.h \
include/test/test_certs.h
# Generated files needed to (fully) run ssl-opt.sh # Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt .PHONY: ssl-opt
@@ -87,90 +60,33 @@ ssl-opt: opt-testcases/tls13-compat.sh
.PHONY: generated_files .PHONY: generated_files
generated_files: $(GENERATED_FILES) generated_files: $(GENERATED_FILES)
# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing
# inputs than generating outputs. Its inputs are the same no matter which files
# are being generated.
# It's rare not to want all the outputs. So always generate all of its outputs.
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data
generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_bignum_test_data:
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites
.SECONDARY: generated_bignum_test_data
# We deliberately omit the configuration files (mbedtls_config.h, # We deliberately omit the configuration files (mbedtls_config.h,
# crypto_config.h) from the depenency list because during development # crypto_config.h) from the depenency list because during development
# and on the CI, we often edit those in a way that doesn't change the # and on the CI, we often edit those in a way that doesn't change the
# output, to comment out certain options, or even to remove certain # output, to comment out certain options, or even to remove certain
# lines which do affect the output negatively (it will miss the # lines which do affect the output negatively (it will miss the
# corresponding test cases). # corresponding test cases).
$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data $(GENERATED_MBEDTLS_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data
generated_config_test_data: ../framework/scripts/generate_config_tests.py generated_config_test_data: ../framework/scripts/generate_config_tests.py
generated_config_test_data: ../scripts/config.py generated_config_test_data: ../scripts/config.py
generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_config_test_data: generated_config_test_data:
echo " Gen $(GENERATED_CONFIG_DATA_FILES)" echo " Gen $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_config_tests.py $(PYTHON) ../framework/scripts/generate_config_tests.py
cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py
.SECONDARY: generated_config_test_data .SECONDARY: generated_config_test_data
$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_ecp_test_data:
echo " Gen $(GENERATED_ECP_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites
.SECONDARY: generated_ecp_test_data
$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data
generated_psa_test_data: ../framework/scripts/generate_psa_tests.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
## crypto_config.h as a dependency. Remove this file from your working tree
## if you've just added or removed an option in crypto_config.h.
#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h
generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h
generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h
generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
generated_psa_test_data:
echo " Gen $(GENERATED_PSA_DATA_FILES) ..."
$(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites
.SECONDARY: generated_psa_test_data
# A test application is built for each suites/test_suite_*.data file. # A test application is built for each suites/test_suite_*.data file.
# Application name is same as .data file's base name and can be # Application name is same as .data file's base name and can be
# constructed by stripping path 'suites/' and extension .data. # constructed by stripping path 'suites/' and extension .data.
DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data)) DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data))
CRYPTO_DATA_FILES = $(filter-out $(GENERATED_CRYPTO_DATA_FILES), $(wildcard ../tf-psa-crypto/tests/suites/test_suite_*.data))
# Make sure that generated data files are included even if they don't # Make sure that generated data files are included even if they don't
# exist yet when the makefile is parsed. # exist yet when the makefile is parsed.
DATA_FILES += $(GENERATED_DATA_FILES) DATA_FILES += $(GENERATED_DATA_FILES)
CRYPTO_DATA_FILES += $(GENERATED_CRYPTO_DATA_FILES)
APPS = $(basename $(subst suites/,,$(DATA_FILES))) APPS = $(basename $(subst suites/,,$(DATA_FILES)))
CRYPTO_APPS = $(basename $(subst suites/,,$(CRYPTO_DATA_FILES))) CRYPTO_APPS = $(basename $(subst suites/,,$(TF_PSA_CRYPTO_TESTS_DATA_FILES)))
# Construct executable name by adding OS specific suffix $(EXEXT). # Construct executable name by adding OS specific suffix $(EXEXT).
BINARIES := $(addsuffix $(EXEXT),$(APPS)) BINARIES := $(addsuffix $(EXEXT),$(APPS))
@@ -185,7 +101,7 @@ all: $(BINARIES) $(CRYPTO_BINARIES)
mbedtls_test: $(MBEDTLS_TEST_OBJS) mbedtls_test: $(MBEDTLS_TEST_OBJS)
include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
$($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) $(shell $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
echo " Gen $@" echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
@@ -193,10 +109,6 @@ include/test/test_keys.h: ../framework/scripts/generate_test_keys.py
echo " Gen $@" echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py
echo " Gen $@"
$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@
TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h)
ifdef RECORD_PSA_STATUS_COVERAGE_LOG ifdef RECORD_PSA_STATUS_COVERAGE_LOG
# Explicitly depend on this header because on a clean copy of the source tree, # Explicitly depend on this header because on a clean copy of the source tree,
@@ -334,7 +246,7 @@ libtestdriver1.a:
mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m
touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc
touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc
cp -Rf ../framework/scripts ./libtestdriver1/framework cp -Rf ../framework/scripts ../framework/exported.make ./libtestdriver1/framework
cp -Rf ../library ./libtestdriver1 cp -Rf ../library ./libtestdriver1
cp -Rf ../include ./libtestdriver1 cp -Rf ../include ./libtestdriver1
cp -Rf ../scripts ./libtestdriver1 cp -Rf ../scripts ./libtestdriver1

121
tests/crypto-tests.make Normal file
View File

@@ -0,0 +1,121 @@
# Helper code for tests/Makefile in Mbed TLS.
# This file is only meant to be included by tests/Makefile in Mbed TLS and
# is unlikely to work in another context.
GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed)
endif
TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES)
# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing
# inputs than generating outputs. Its inputs are the same no matter which files
# are being generated.
# It's rare not to want all the outputs. So always generate all of its outputs.
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data
generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_bignum_test_data:
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites
.SECONDARY: generated_bignum_test_data
GENERATED_CRYPTO_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_CRYPTO_CONFIG_DATA_FILES),FAILED)
$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed)
endif
TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_CRYPTO_CONFIG_DATA_FILES)
# We deliberately omit the configuration files (mbedtls_config.h,
# crypto_config.h) from the depenency list because during development
# and on the CI, we often edit those in a way that doesn't change the
# output, to comment out certain options, or even to remove certain
# lines which do affect the output negatively (it will miss the
# corresponding test cases).
$(GENERATED_CRYPTO_CONFIG_DATA_FILES): $(gen_file_dep) generated_crypto_config_test_data
generated_crypto_config_test_data: ../framework/scripts/generate_config_tests.py
generated_crypto_config_test_data: ../scripts/config.py
generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_crypto_config_test_data:
echo " Gen $(GENERATED_CRYPTO_CONFIG_DATA_FILES)"
cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py
.SECONDARY: generated_crypto_config_test_data
GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_ECP_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed)
endif
TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES)
$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_ecp_test_data:
echo " Gen $(GENERATED_ECP_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites
.SECONDARY: generated_ecp_test_data
GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
$(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_PSA_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed)
endif
TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data
generated_psa_test_data: ../framework/scripts/generate_psa_tests.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
## crypto_config.h as a dependency. Remove this file from your working tree
## if you've just added or removed an option in crypto_config.h.
#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h
generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h
generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h
generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
generated_psa_test_data:
echo " Gen $(GENERATED_PSA_DATA_FILES) ..."
$(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites
.SECONDARY: generated_psa_test_data
TF_PSA_CRYPTO_TESTS_DATA_FILES = $(filter-out $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES), $(wildcard $(TF_PSA_CRYPTO_PATH)/tests/suites/test_suite_*.data))
# Make sure that generated data files are included even if they don't
# exist yet when the makefile is parsed.
TF_PSA_CRYPTO_TESTS_DATA_FILES += $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES)
../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py
echo " Gen $@"
$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@
TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES = \
../tf-psa-crypto/tests/include/test/test_keys.h