The original make -C tests, contains a perl inliner
to generate the alt-headers. Replicated that logic in
sed regex.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Certain testing components require building with a specific subset of LDFLAGS,
such as `-O1`. This patch moves them to the default cmake invokation of `cmake .`
which is the equivalent of `cmake -D CMAKE_BUILD_TYPE:String=None .`
Also remove flags such as `-Werror` which are present in all configs.
Improve compilation flag granularity by disabling CMAKE_BUILD_TYPE defaults
and asserting test-specific flags manually.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Moved the following components to CMAKE_BUILD_TYPE:String=Release
and adjusted the include paths for cmake:
* component_build_psa_crypto_spm
* component_test_tfm_config_no_p256m
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
- By default all unspecified build-type components should be release
- CMAKE_BUILD_TYPE:String=Release enables the following
CFLAGS: "-O2 -Werror -Wall -Wextra"
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Paths for "not grep" should have been updated when the build system
switched from Makefile to CMake.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
A switch has recently been made from make to cmake to build these tests
but paths for "not grep" were not properly updated.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Switching to CMake build caused some failures due to the fact that:
- binary objects in tf-psa-crypto are not in the same location as before;
- header files from "<mbedtls-root>/include" are no more included when
building tf-psa-crypto ojects.
This commit fixes both problems.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is similar to the already existing "component_full_no_pkparse_pkwrite".
The biggest difference is that this new component starts from "full" config
instead of "crypto_full" because we want to test also some TLS modules,
in particular "test_suite_debug" where the new function
"mbedtls_pk_write_pubkey_psa" has been introduced.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Keep MBEDTLS_PK_WRITE_C as guard only for "debug_print_pk" but let
"mbedtls_debug_print_crt" to work also when MBEDTLS_PK_WRITE_C is disabled.
In this case the only public key won't be printed, but the rest of the
certificate will be.
This commit also updates test coverage by duplicating test cases: now there
will be one case for when MBEDTLS_PK_WRITE_C is enabled and another one
for !MBEDTLS_PK_WRITE_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In tf-psa-crypto "mbedtls_pk_write_pubkey_psa()" is only available when
MBEDTLS_PK_WRITE_C is defined. Therefore we need to add this guard also
in mbedtls to "debug_print_pk" (and indirectly to
"mbedtls_debug_print_crt") and the corresponding tests using it.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Adjust dumping format of public keys following recent updates to
mbedtls_debug_print_crt() and debug_print_pk()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The new file is in Mbed TLS for now. Once we have finished moving code to
it, it will move to TF-PSA-Crypto.
What got moved:
* List of generated .data files in crypto
* Rules to generate .data files in crypto
* List of test suites in crypto
* List of generated .h files in crypto
* Rules to generate .h in crypto
What didn't get moved:
* Rules to generate the crypto part of `$(GENERATED_CONFIG_DATA_FILES)`,
because they are currently mixed with the rule for the mbedtls part. This
will be done in a subsequent commit.
* Rules to generate .c files from .function files, and to compile the
resulting .c files. At least for now, we let Mbed TLS decide how to do
that on its own.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use separate variables for the crypto part of lists of generated C files,
generated objects, sample programs and test data files.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define these intermediate variables in the crypto helper file.
No behavior change except possibly an inconsequential reordering of compiler
options.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We put that in 3.6.0 because we wanted to minimize changes in a minor
release, and in particular we wanted users to be able to build the library
if they were checking out a release tag without checking out submodules
recursively. That was possible because 3.6.x release tags contain the
generated files.
Since 4.0.0, it's completely impossible to build Mbed TLS without the
`tf-psa-crypto` submodule. So there's no point in trying to allow a build
without the `framework` submodule.
In the libtestdriver1 build, where we copy part of the framework, copy the
framework makefile as well, which is what we use to check for the presence
of the framework (even though the framework makefile doesn't do anything
useful after all).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't print the differences: interested users can just run `git diff` (or
save the old file and run `comm`).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that `scripts/data_files/config-options-current.txt` is up-to-date.
This file needs to change every time we add or remove a config option.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This script may be generalized to check other files that need lists of
current options. But for now, the script just checks
`scripts/data_files/config-options-current.txt`.
This script is identical to the file in crypto. If the file grows to support
multiple targets, we'll probably want to split it, with a generic part in
the framework and a project-specific part (probably little more than the
list of targets) in each project. But for now the file is too simple to split.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
secp192 curves are no more supported in tf-psa-crypto and also all the
temporary fixes has been removed. This one can be removed as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
We're going to remove ecdh.c soon, so use another way of testing whether
builtin ECDH is included in the build.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This replacement is either:
- "server5-rsa-signed.crt": if a generic secp256r1 EC key is enough, i.e.
any EC key is fine as it's not secp192 since this support is being
removed from TF-PSA-Crypto.
- "server11-rsa-signed.crt": if an EC key which does not belong to "suite-b"
is required. For this case "secp256r1" wouldn't be good, so we use
a "secp256k1" key.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
After some analysis search it was determined that previous test data seem
not to belong to the "framework/data_files" certificate files. Therefore
new test data has been generated from scratch.
The improvement compared to the previous situation is that comments has
been added on top of each test in order to explain how to recreate new test
data.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is temporary but still required in order to have this commit merged
before the crypto#570, where these curves are really removed.
These lines will be removed in a follow-up PR once crypto#570 is merged.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
