mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9340 from ronald-cron-arm/move-mbedtls-crypto-modules

Browse Source 
Move mbedtls crypto modules
This commit is contained in:
Ronald Cron 2024-07-10 14:02:42 +00:00 committed by GitHub
commit 1004c9cacb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
200 changed files with 973 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
3rdparty/Makefile.inc vendored
View File

@ -1,3 +0,0 @@
THIRDPARTY_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
include $(THIRDPARTY_DIR)/everest/Makefile.inc
include $(THIRDPARTY_DIR)/p256-m/Makefile.inc

12
CMakeLists.txt
View File

@ -294,12 +294,10 @@ add_subdirectory(framework)
add_subdirectory(include)
add_subdirectory(3rdparty)
add_subdirectory(tf-psa-crypto)
add_subdirectory(library)
add_subdirectory(tf-psa-crypto)
add_subdirectory(pkgconfig)
#
@ -357,7 +355,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src)
# Request C11, needed for memory poisoning tests
set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
@ -370,7 +370,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/everest/include)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
if(MBEDTLS_CONFIG_FILE)

19
Makefile
View File

@ -200,12 +200,18 @@ endif
## Editor navigation files
C_SOURCE_FILES = $(wildcard \
3rdparty/*/include/*/*.h 3rdparty/*/include/*/*/*.h 3rdparty/*/include/*/*/*/*.h \
3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \
include/*/*.h \
library/*.[hc] \
tf-psa-crypto/core/*.[hc] \
tf-psa-crypto/include/*/*.h \
tf-psa-crypto/drivers/builtin/include/*/*.h \
tf-psa-crypto/drivers/*/include/*/*.h \
tf-psa-crypto/drivers/*/include/*/*/*.h \
tf-psa-crypto/drivers/*/include/*/*/*/*.h \
tf-psa-crypto/drivers/builtin/src/*.[hc] \
tf-psa-crypto/drivers/*/*.c \
tf-psa-crypto/drivers/*/*/*.c \
tf-psa-crypto/drivers/*/*/*/*.c \
tf-psa-crypto/drivers/*/*/*/*/*.c \
programs/*/*.[hc] \
tests/include/*/*.h tests/include/*/*/*.h \
tests/src/*.c tests/src/*/*.c \
@ -222,7 +228,8 @@ GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
cscope: cscope.in.out cscope.po.out cscope.out
cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include \
-Itf-psa-crypto/drivers/builtin/include \
$(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \
-Itf-psa-crypto/include \
-Itf-psa-crypto/drivers/builtin/src \
$(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Itests/include $(C_SOURCE_FILES)
.PHONY: cscope global

6
README.md
View File

@ -315,10 +315,10 @@ Unless specifically indicated otherwise in a file, Mbed TLS files are provided u
### Third-party code included in Mbed TLS
This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below:
This project contains code from other projects. This code is located within the `tf-psa-crypto/drivers/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below:
* `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author.
* `drivers/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
* `drivers/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author.
Contributing
------------

2
docs/psa-driver-example-and-guide.md
View File

@ -138,7 +138,7 @@ This guide assumes you are building Mbed TLS from source alongside your project.
### Example: Manually integrating a software accelerator alongside Mbed TLS
[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done.
[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `drivers/p256-m`. In this section, we will look at how this integration was done.
The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_PSA_P256M_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:

2
framework

@ -1 +1 @@
Subproject commit 8853c8471200e62448413d1f40d6801a19796a83
Subproject commit 9eeacb7125d6630a11e29d8a7aab5873b3638b6d

2
library/.gitignore vendored
View File

@ -6,6 +6,4 @@ libmbed*
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
/psa_crypto_driver_wrappers.h
/psa_crypto_driver_wrappers_no_static.c
###END_GENERATED_FILES###

198
library/CMakeLists.txt
View File

@ -10,87 +10,90 @@ if(NOT DEFINED MBEDTLS_DIR)
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
set(TF_PSA_CRYPTO_CORE_DIR ../tf-psa-crypto/core)
set(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR ../tf-psa-crypto/drivers/builtin/src)
set(src_crypto
aes.c
aesni.c
aesce.c
aria.c
asn1parse.c
asn1write.c
base64.c
bignum.c
bignum_core.c
bignum_mod.c
bignum_mod_raw.c
block_cipher.c
camellia.c
ccm.c
chacha20.c
chachapoly.c
cipher.c
cipher_wrap.c
constant_time.c
cmac.c
ctr_drbg.c
des.c
dhm.c
ecdh.c
ecdsa.c
ecjpake.c
ecp.c
ecp_curves.c
ecp_curves_new.c
entropy.c
entropy_poll.c
error.c
gcm.c
hkdf.c
hmac_drbg.c
lmots.c
lms.c
md.c
md5.c
memory_buffer_alloc.c
nist_kw.c
oid.c
pem.c
pk.c
pk_ecc.c
pk_wrap.c
pkcs12.c
pkcs5.c
pkparse.c
pkwrite.c
platform.c
platform_util.c
poly1305.c
psa_crypto.c
psa_crypto_aead.c
psa_crypto_cipher.c
psa_crypto_client.c
psa_crypto_driver_wrappers_no_static.c
psa_crypto_ecp.c
psa_crypto_ffdh.c
psa_crypto_hash.c
psa_crypto_mac.c
psa_crypto_pake.c
psa_crypto_rsa.c
psa_crypto_se.c
psa_crypto_slot_management.c
psa_crypto_storage.c
psa_its_file.c
psa_util.c
ripemd160.c
rsa.c
rsa_alt_helpers.c
sha1.c
sha256.c
sha512.c
sha3.c
threading.c
timing.c
version.c
version_features.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aes.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aesni.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aesce.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aria.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/asn1parse.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/asn1write.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/base64.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_core.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_mod.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_mod_raw.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/block_cipher.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/camellia.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ccm.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/chacha20.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/chachapoly.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cipher.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cipher_wrap.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/constant_time.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cmac.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ctr_drbg.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/des.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/dhm.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecdh.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecdsa.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecjpake.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp_curves.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp_curves_new.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/entropy.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/entropy_poll.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/gcm.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/hkdf.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/hmac_drbg.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/lmots.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/lms.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/md.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/md5.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/memory_buffer_alloc.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/nist_kw.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/oid.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pem.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk_ecc.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk_wrap.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkcs12.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkcs5.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkparse.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkwrite.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/platform.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/platform_util.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/poly1305.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_aead.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_cipher.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_client.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_ecp.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_ffdh.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_hash.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_mac.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_pake.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_rsa.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_se.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_slot_management.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_storage.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_its_file.c
${TF_PSA_CRYPTO_CORE_DIR}/psa_util.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ripemd160.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/rsa.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/rsa_alt_helpers.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha1.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha256.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha512.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha3.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/threading.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/timing.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version.c
${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
)
set(src_x509
@ -133,14 +136,14 @@ if(GEN_FILES)
file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/error.c
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
${CMAKE_CURRENT_BINARY_DIR}/error.c
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${crypto_error_headers}
@ -150,13 +153,13 @@ if(GEN_FILES)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/version_features.c
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
${CMAKE_CURRENT_BINARY_DIR}/version_features.c
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
@ -178,24 +181,23 @@ if(GEN_FILES)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.h
${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers.h
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
)
else()
link_to_source(error.c)
link_to_source(version_features.c)
link_to_source(${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c)
link_to_source(${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
link_to_source(psa_crypto_driver_wrappers_no_static.c)
link_to_source(${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers.h)
link_to_source(${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
@ -324,19 +326,19 @@ endif(USE_SHARED_MBEDTLS_LIBRARY)
foreach(target IN LISTS target_libraries)
add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support
# Include public header files from /include and other directories
# declared by /3rdparty/**/CMakeLists.txt. Include private header files
# from /library and others declared by /3rdparty/**/CMakeLists.txt.
# /library needs to be listed explicitly when building .c files outside
# of /library (which currently means: under /3rdparty).
# Include public header files from /include, /tf-psa-crypto/include/ and
# tf-psa-crypto/drivers/builtin/include/. Include private header files
# from /library, tf-psa-crypto/core/ and tf-psa-crypto/drivers/builtin/src/.
target_include_directories(${target}
PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include/>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include/>
$<INSTALL_INTERFACE:include/>
PRIVATE ${MBEDTLS_DIR}/library/
${MBEDTLS_DIR}/tf-psa-crypto/core
${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src
# Needed to include psa_crypto_driver_wrappers.h
${CMAKE_CURRENT_BINARY_DIR})
${CMAKE_CURRENT_BINARY_DIR}/../tf-psa-crypto/core)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
if(MBEDTLS_CONFIG_FILE)
target_compile_definitions(${target}

208
library/Makefile
View File

@ -2,11 +2,15 @@ ifndef MBEDTLS_PATH
MBEDTLS_PATH := ..
endif
TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core
TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src
GENERATED_FILES := \
error.c version_features.c \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c \
ssl_debug_helpers_generated.c \
psa_crypto_driver_wrappers.h \
psa_crypto_driver_wrappers_no_static.c
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES)))
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
@ -29,11 +33,12 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
# Include ../include, ../tf-psa-crypto/include and
# ../tf-psa-crypto/drivers/builtin/include for public headers and . for
# private headers. Note that . needs to be included explicitly for the sake of
# library files that are not in the /library directory (which currently means
# under /3rdparty).
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include \
# ../tf-psa-crypto/drivers/builtin/include for public headers and .,
# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for
# private headers.
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \
-I../tf-psa-crypto/drivers/builtin/src \
-I../include -I../tf-psa-crypto/include \
-I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
@ -105,89 +110,91 @@ endif
endif
OBJS_CRYPTO= \
aes.o \
aesni.o \
aesce.o \
aria.o \
asn1parse.o \
asn1write.o \
base64.o \
bignum.o \
bignum_core.o \
bignum_mod.o \
bignum_mod_raw.o \
block_cipher.o \
camellia.o \
ccm.o \
chacha20.o \
chachapoly.o \
cipher.o \
cipher_wrap.o \
cmac.o \
constant_time.o \
ctr_drbg.o \
des.o \
dhm.o \
ecdh.o \
ecdsa.o \
ecjpake.o \
ecp.o \
ecp_curves.o \
ecp_curves_new.o \
entropy.o \
entropy_poll.o \
error.o \
gcm.o \
hkdf.o \
hmac_drbg.o \
lmots.o \
lms.o \
md.o \
md5.o \
memory_buffer_alloc.o \
nist_kw.o \
oid.o \
pem.o \
pk.o \
pk_ecc.o \
pk_wrap.o \
pkcs12.o \
pkcs5.o \
pkparse.o \
pkwrite.o \
platform.o \
platform_util.o \
poly1305.o \
psa_crypto.o \
psa_crypto_aead.o \
psa_crypto_cipher.o \
psa_crypto_client.o \
psa_crypto_driver_wrappers_no_static.o \
psa_crypto_ecp.o \
psa_crypto_ffdh.o \
psa_crypto_hash.o \
psa_crypto_mac.o \
psa_crypto_pake.o \
psa_crypto_rsa.o \
psa_crypto_se.o \
psa_crypto_slot_management.o \
psa_crypto_storage.o \
psa_its_file.o \
psa_util.o \
ripemd160.o \
rsa.o \
rsa_alt_helpers.o \
sha1.o \
sha256.o \
sha512.o \
sha3.o \
threading.o \
timing.o \
version.o \
version_features.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_aead.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_cipher.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_ecp.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_ffdh.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_hash.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_mac.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_pake.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_rsa.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_util.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aes.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesni.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesce.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aria.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1parse.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1write.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/base64.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_core.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod_raw.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/block_cipher.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/camellia.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ccm.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chacha20.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chachapoly.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher_wrap.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cmac.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/dhm.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves_new.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy_poll.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/gcm.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hkdf.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hmac_drbg.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lmots.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lms.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md5.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/memory_buffer_alloc.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/nist_kw.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/oid.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pem.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_ecc.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_wrap.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs12.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs5.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkparse.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkwrite.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform_util.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/poly1305.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ripemd160.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa_alt_helpers.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha1.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha256.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/timing.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.o \
# This line is intentionally left blank
include ../3rdparty/Makefile.inc
THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers
include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc
include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
@ -349,10 +356,10 @@ else
gen_file_dep = |
endif
error.c: $(gen_file_dep) ../scripts/generate_errors.pl
error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
error.c:
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c: $(gen_file_dep) ../scripts/generate_errors.pl
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c:
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
@ -362,33 +369,34 @@ ssl_debug_helpers_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
#version_features.c: ../include/mbedtls/mbedtls_config.h
version_features.c:
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
GENERATED_WRAPPER_FILES = \
psa_crypto_driver_wrappers.h \
psa_crypto_driver_wrappers_no_static.c
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
$(GENERATED_WRAPPER_FILES): ../scripts/generate_driver_wrappers.py
$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
$(GENERATED_WRAPPER_FILES):
echo " Gen $(GENERATED_WRAPPER_FILES)"
$(PYTHON) ../scripts/generate_driver_wrappers.py
$(PYTHON) ../scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
psa_crypto.o:psa_crypto_driver_wrappers.h
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
clean:
ifndef WINDOWS
rm -f *.o libmbed*
rm -f $(OBJS_CRYPTO)
rm -f $(THIRDPARTY_CRYPTO_OBJECTS)
else
if exist *.o del /Q /F *.o

2
programs/Makefile
View File

@ -356,7 +356,7 @@ endif
test/metatest$(EXEXT): test/metatest.c $(DEP)
echo " CC test/metatest.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/query_config.o: test/query_config.c test/query_config.h $(DEP)
echo " CC test/query_config.c"

7
programs/test/CMakeLists.txt
View File

@ -78,8 +78,11 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto)
endif()
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library)
target_include_directories(${exe}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_include_directories(${exe}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core)
if(exe STREQUAL "query_compile_time_config")
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
endif()

5
scripts/code_style.py
View File

@ -66,7 +66,7 @@ def get_src_files(since: Optional[str]) -> List[str]:
that have changed since that commit. Without this argument, list all
files known to git.
Only C files are included, and certain files (generated, or 3rdparty)
Only C files are included, and certain files (generated, or third party)
are excluded.
"""
file_patterns = ["*.[hc]",
@ -130,7 +130,8 @@ def get_src_files(since: Optional[str]) -> List[str]:
# companion files in the same subtree), or for automatically
# generated files (we're correcting the templates instead).
src_files = [filename for filename in src_files
if not (filename.startswith("3rdparty/") or
if not (filename.startswith("tf-psa-crypto/drivers/everest/") or
filename.startswith("tf-psa-crypto/drivers/p256-m/") or
filename in generated_files or
is_file_autogenerated(filename))]
return src_files

4
scripts/common.make
View File

@ -44,7 +44,9 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-lmbedcrypto$(SHARED_SUFFIX)
endif
include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers
include $(THIRDPARTY_DIR)/everest/Makefile.inc
include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
ifdef PSASIM

2
scripts/data_files/driver_jsons/p256_transparent_driver.json
View File

@ -2,7 +2,7 @@
"prefix": "p256",
"type": "transparent",
"mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
"headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"],
"headers": ["../tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.h"],
"capabilities": [
{
"mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",

4
scripts/generate_driver_wrappers.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3
"""Generate library/psa_crypto_driver_wrappers.h
library/psa_crypto_driver_wrappers_no_static.c
"""Generate psa_crypto_driver_wrappers.h
psa_crypto_driver_wrappers_no_static.c
This module is invoked by the build scripts to auto generate the
psa_crypto_driver_wrappers.h and psa_crypto_driver_wrappers_no_static

2
scripts/generate_errors.pl
View File

@ -24,7 +24,7 @@ if( @ARGV ) {
$crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
$tls_include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
$error_file = 'library/error.c';
$error_file = 'tf-psa-crypto/drivers/builtin/src/error.c';
unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) {
chdir '..' or die;

2
scripts/generate_features.pl
View File

@ -16,7 +16,7 @@ if( @ARGV ) {
} else {
$include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
$feature_file = 'library/version_features.c';
$feature_file = 'tf-psa-crypto/drivers/builtin/src/version_features.c';
unless( -d $include_dir && -d $data_dir ) {
chdir '..' or die;

38
scripts/generate_visualc_files.pl
View File

@ -25,19 +25,21 @@ my $programs_dir = 'programs';
my $mbedtls_header_dir = 'include/mbedtls';
my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
my $psa_header_dir = 'tf-psa-crypto/include/psa';
my $source_dir = 'library';
my $tls_source_dir = 'library';
my $crypto_core_source_dir = 'tf-psa-crypto/core';
my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src';
my $test_source_dir = 'tests/src';
my $test_header_dir = 'tests/include/test';
my $test_drivers_header_dir = 'tests/include/test/drivers';
my $test_drivers_source_dir = 'tests/src/drivers';
my @thirdparty_header_dirs = qw(
3rdparty/everest/include/everest
tf-psa-crypto/drivers/everest/include/everest
);
my @thirdparty_source_dirs = qw(
3rdparty/everest/library
3rdparty/everest/library/kremlib
3rdparty/everest/library/legacy
tf-psa-crypto/drivers/everest/library
tf-psa-crypto/drivers/everest/library/kremlib
tf-psa-crypto/drivers/everest/library/legacy
);
# Directories to add to the include path.
@ -47,25 +49,27 @@ my @include_directories = qw(
include
tf-psa-crypto/include
tf-psa-crypto/drivers/builtin/include
3rdparty/everest/include/
3rdparty/everest/include/everest
3rdparty/everest/include/everest/vs2013
3rdparty/everest/include/everest/kremlib
tf-psa-crypto/drivers/everest/include/
tf-psa-crypto/drivers/everest/include/everest
tf-psa-crypto/drivers/everest/include/everest/vs2013
tf-psa-crypto/drivers/everest/include/everest/kremlib
tests/include
);
my $include_directories = join(';', map {"../../$_"} @include_directories);
# Directories to add to the include path when building the library, but not
# Directories to add to the include path when building the libraries, but not
# when building tests or applications.
my @library_include_directories = qw(
library
tf-psa-crypto/core
tf-psa-crypto/drivers/builtin/src
);
my $library_include_directories =
join(';', map {"../../$_"} (@library_include_directories,
@include_directories));
my @excluded_files = qw(
3rdparty/everest/library/Hacl_Curve25519.c
tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c
);
my %excluded_files = ();
foreach (@excluded_files) { $excluded_files{$_} = 1 }
@ -106,7 +110,9 @@ sub check_dirs {
&& -d $mbedtls_header_dir
&& -d $drivers_builtin_header_dir
&& -d $psa_header_dir
&& -d $source_dir
&& -d $tls_source_dir
&& -d $crypto_core_source_dir
&& -d $crypto_source_dir
&& -d $test_source_dir
&& -d $test_drivers_source_dir
&& -d $test_header_dir
@ -265,12 +271,16 @@ sub main {
$psa_header_dir,
$test_header_dir,
$test_drivers_header_dir,
$source_dir,
$tls_source_dir,
$crypto_core_source_dir,
$crypto_source_dir,
@thirdparty_header_dirs,
);
my @headers = (map { <$_/*.h> } @header_dirs);
my @source_dirs = (
$source_dir,
$tls_source_dir,
$crypto_core_source_dir,
$crypto_source_dir,
$test_source_dir,
$test_drivers_source_dir,
@thirdparty_source_dirs,

4
tests/CMakeLists.txt
View File

@ -291,7 +291,9 @@ function(add_test_suite suite_name)
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src)
# Request C11, which is needed for memory poisoning tests
set_target_properties(test_suite_${data_name} PROPERTIES C_STANDARD 11)

21
tests/Makefile
View File

@ -4,8 +4,8 @@ include ../scripts/common.make
# Set this to -v to see the details of failing test cases
TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,)
# Also include library headers, for the sake of invasive tests.
LOCAL_CFLAGS += -I../library
# Also include private headers, for the sake of invasive tests.
LOCAL_CFLAGS += -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/src
# Enable definition of various functions used throughout the testsuite
@ -268,17 +268,22 @@ define libtestdriver1_rewrite :=
s/\b(?=mbedtls_|psa_)/libtestdriver1_/g;
endef
libtestdriver1.a: export MBEDTLS_PATH := $(patsubst ../..//%,/%,../../$(MBEDTLS_PATH))
libtestdriver1.a:
# Copy the library and fake a 3rdparty Makefile include.
rm -Rf ./libtestdriver1
mkdir ./libtestdriver1
mkdir ./libtestdriver1/tf-psa-crypto
mkdir ./libtestdriver1/tf-psa-crypto/drivers
mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest
mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m
touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc
touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc
cp -Rf ../framework ./libtestdriver1
cp -Rf ../library ./libtestdriver1
cp -Rf ../include ./libtestdriver1
cp -Rf ../tf-psa-crypto ./libtestdriver1
cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto
cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto
cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers
cp -Rf ../scripts ./libtestdriver1
mkdir ./libtestdriver1/3rdparty
touch ./libtestdriver1/3rdparty/Makefile.inc
# Set the test driver base (minimal) configuration.
cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
@ -298,8 +303,10 @@ libtestdriver1.a:
# when this test driver library is linked with the Mbed TLS library.
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/core/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch]
$(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a

296
tests/scripts/all.sh
View File

@ -133,10 +133,18 @@ pre_check_environment () {
pre_initialize_variables () {
if in_mbedtls_repo; then
CONFIG_H='include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
if [ -d tf-psa-crypto ]; then
CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
PSA_CORE_PATH='tf-psa-crypto/core'
BUILTIN_SRC_PATH='tf-psa-crypto/drivers/builtin/src'
else
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
fi
else
CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
PSA_CORE_PATH='core'
BUILTIN_SRC_PATH='drivers/builtin/src'
fi
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
@ -331,9 +339,14 @@ cleanup()
-iname CMakeCache.txt -o \
-path './cmake/*.cmake' \) -exec rm -f {} \+
# Remove Makefiles generated by in-tree CMake builds
rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile
rm -f pkgconfig/Makefile framework/Makefile
rm -f include/Makefile programs/!(fuzz)/Makefile
rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile
rm -f tf-psa-crypto/core/Makefile tf-psa-crypto/drivers/Makefile
rm -f tf-psa-crypto/drivers/everest/Makefile
rm -f tf-psa-crypto/drivers/p256-m/Makefile
rm -f tf-psa-crypto/drivers/builtin/Makefile
rm -f tf-psa-crypto/drivers/builtin/src/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
@ -444,6 +457,12 @@ armc6_build_test()
msg "size: ARM Compiler 6 ($FLAGS)"
"$ARMC6_FROMELF" -z library/*.o
if [ -n ${PSA_CORE_PATH} ]; then
"$ARMC6_FROMELF" -z ${PSA_CORE_PATH}/*.o
fi
if [ -n ${BUILTIN_SRC_PATH} ]; then
"$ARMC6_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
fi
}
err_msg()
@ -1108,6 +1127,8 @@ helper_psasim_server() {
component_check_recursion () {
msg "Check: recursion.pl" # < 1s
tests/scripts/recursion.pl library/*.c
tests/scripts/recursion.pl ${PSA_CORE_PATH}/*.c
tests/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c
}
component_check_generated_files () {
@ -1670,8 +1691,8 @@ component_full_no_pkparse_pkwrite() {
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
# Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
not grep mbedtls_pk_parse_key library/pkparse.o
not grep mbedtls_pk_write_key_der library/pkwrite.o
not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o
not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o
msg "test: full without pkparse and pkwrite"
make test
@ -1698,8 +1719,8 @@ component_test_crypto_full_md_light_only () {
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
# Make sure we don't have the HMAC functions, but the hashing functions
not grep mbedtls_md_hmac library/md.o
grep mbedtls_md library/md.o
not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o
msg "test: crypto_full with only the light subset of MD"
make test
@ -1734,7 +1755,7 @@ component_test_full_no_cipher () {
make
# Ensure that CIPHER_C was not re-enabled
not grep mbedtls_cipher_init library/cipher.o
not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o
msg "test: full no CIPHER"
make test
@ -1787,7 +1808,7 @@ component_test_full_no_ccm_star_no_tag() {
make
# Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled
not grep mbedtls_psa_cipher library/psa_crypto_cipher.o
not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o
msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
make test
@ -2524,7 +2545,7 @@ component_test_psa_crypto_config_accel_ecdsa () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
# Run the tests
# -------------
@ -2565,7 +2586,7 @@ component_test_psa_crypto_config_accel_ecdh () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
# Run the tests
# -------------
@ -2603,7 +2624,7 @@ component_test_psa_crypto_config_accel_ffdh () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_dhm_ library/dhm.o
not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
# Run the tests
# -------------
@ -2657,7 +2678,7 @@ component_test_psa_crypto_config_accel_pake() {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_ecjpake_init library/ecjpake.o
not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o
# Run the tests
# -------------
@ -2714,10 +2735,10 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
helper_libtestdriver1_make_main "$loc_accel_list"
# ECP should be re-enabled but not the others
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecdsa library/ecdsa.o
not grep mbedtls_ecjpake library/ecjpake.o
grep mbedtls_ecp library/ecp.o
not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o
# Run the tests
# -------------
@ -2808,27 +2829,27 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
helper_libtestdriver1_make_main "$loc_accel_list"
# We expect ECDH to be re-enabled for the missing curves
grep mbedtls_ecdh_ library/ecdh.o
grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
# We expect ECP to be re-enabled, however the parts specific to the
# families of curves that are accelerated should be ommited.
# - functions with mxz in the name are specific to Montgomery curves
# - ecp_muladd is specific to Weierstrass curves
##nm library/ecp.o | tee ecp.syms
##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms
if [ $weierstrass -eq 1 ]; then
not grep mbedtls_ecp_muladd library/ecp.o
grep mxz library/ecp.o
not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
grep mxz ${BUILTIN_SRC_PATH}/ecp.o
else
grep mbedtls_ecp_muladd library/ecp.o
not grep mxz library/ecp.o
grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
not grep mxz ${BUILTIN_SRC_PATH}/ecp.o
fi
# We expect ECDSA and ECJPAKE to be re-enabled only when
# Weierstrass curves are not accelerated
if [ $weierstrass -eq 1 ]; then
not grep mbedtls_ecdsa library/ecdsa.o
not grep mbedtls_ecjpake library/ecjpake.o
not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
else
grep mbedtls_ecdsa library/ecdsa.o
grep mbedtls_ecjpake library/ecjpake.o
grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
fi
# Run the tests
@ -2907,10 +2928,10 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
not grep mbedtls_ecp_mul library/ecp.o
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o
# Run the tests
# -------------
@ -3011,11 +3032,11 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
# Also ensure that ECP module was not re-enabled
not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
# Run the tests
# -------------
@ -3186,14 +3207,14 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
# Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_rsa_ library/rsa.o
not grep mbedtls_mpi_ library/bignum.o
not grep mbedtls_dhm_ library/dhm.o
not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
# Run the tests
# -------------
@ -3289,20 +3310,20 @@ component_test_tfm_config_p256m_driver_accel_ec () {
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
# Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_rsa_ library/rsa.o
not grep mbedtls_dhm_ library/dhm.o
not grep mbedtls_mpi_ library/bignum.o
not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
# Check that p256m was built
grep -q p256_ecdsa_ library/libmbedcrypto.a
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
# files, so we want to ensure that it has not be re-enabled accidentally.
not grep mbedtls_cipher library/cipher.o
not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
# Run the tests
msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
@ -3327,7 +3348,7 @@ component_test_tfm_config() {
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
# files, so we want to ensure that it has not be re-enabled accidentally.
not grep mbedtls_cipher library/cipher.o
not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
msg "test: TF-M config"
make test
@ -3449,7 +3470,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_rsa library/rsa.o
not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o
# Run the tests
# -------------
@ -3559,11 +3580,11 @@ component_test_psa_crypto_config_accel_hash () {
# There's a risk of something getting re-enabled via config_psa.h;
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
not grep mbedtls_md5 library/md5.o
not grep mbedtls_sha1 library/sha1.o
not grep mbedtls_sha256 library/sha256.o
not grep mbedtls_sha512 library/sha512.o
not grep mbedtls_ripemd160 library/ripemd160.o
not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
# Run the tests
# -------------
@ -3616,11 +3637,11 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
# There's a risk of something getting re-enabled via config_psa.h;
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
not grep mbedtls_md5 library/md5.o
not grep mbedtls_sha1 library/sha1.o
not grep mbedtls_sha256 library/sha256.o
not grep mbedtls_sha512 library/sha512.o
not grep mbedtls_ripemd160 library/ripemd160.o
not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
# Run the tests
# -------------
@ -3707,7 +3728,7 @@ component_test_psa_crypto_config_accel_hmac() {
helper_libtestdriver1_make_main "$loc_accel_list"
# Ensure that built-in support for HMAC is disabled.
not grep mbedtls_md_hmac library/md.o
not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
# Run the tests
# -------------
@ -3765,7 +3786,7 @@ component_test_psa_crypto_config_accel_des () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_des* library/des.o
not grep mbedtls_des* ${BUILTIN_SRC_PATH}/des.o
# Run the tests
# -------------
@ -3802,9 +3823,9 @@ component_test_psa_crypto_config_accel_aead () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_ccm library/ccm.o
not grep mbedtls_gcm library/gcm.o
not grep mbedtls_chachapoly library/chachapoly.o
not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
# Run the tests
# -------------
@ -3870,15 +3891,15 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_cipher library/cipher.o
not grep mbedtls_des library/des.o
not grep mbedtls_aes library/aes.o
not grep mbedtls_aria library/aria.o
not grep mbedtls_camellia library/camellia.o
not grep mbedtls_ccm library/ccm.o
not grep mbedtls_gcm library/gcm.o
not grep mbedtls_chachapoly library/chachapoly.o
not grep mbedtls_cmac library/cmac.o
not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o
# Run the tests
# -------------
@ -3967,9 +3988,9 @@ component_test_full_block_cipher_psa_dispatch () {
# Make sure disabled components were not re-enabled by accident (additive
# config)
not grep mbedtls_aes_ library/aes.o
not grep mbedtls_aria_ library/aria.o
not grep mbedtls_camellia_ library/camellia.o
not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o
# Run the tests
# -------------
@ -4074,9 +4095,8 @@ build_test_config_combos() {
./scripts/config.py unset ${opt}
done
# enter the directory containing the target file & strip the dir from the filename
cd $(dirname ${file})
file=$(basename ${file})
# enter the library directory
cd library
# The most common issue is unused variables/functions, so ensure -Wunused is set.
warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
@ -4091,7 +4111,7 @@ build_test_config_combos() {
deps=""
len=${#options[@]}
source_file=${file%.o}.c
source_file=../${file%.o}.c
targets=0
echo 'include Makefile' >${makefile}
@ -4148,7 +4168,7 @@ component_build_aes_variations() {
MBEDTLS_ROOT_DIR="$PWD"
msg "build: aes.o for all combinations of relevant config options"
build_test_config_combos library/aes.o validate_aes_config_variations \
build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
@ -4165,7 +4185,7 @@ component_build_aes_variations() {
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
scripts/config.py unset MBEDTLS_NIST_KW_C
build_test_config_combos library/aes.o validate_aes_config_variations \
build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
@ -4597,49 +4617,49 @@ component_build_aes_armce () {
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
# test for presence of AES instructions
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "clang, test A32 crypto instructions built"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test T32 crypto instructions built"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test aarch64 crypto instructions built"
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
# test for absence of AES instructions
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py unset MBEDTLS_AESCE_C
msg "clang, test A32 crypto instructions not built"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test T32 crypto instructions not built"
make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test aarch64 crypto instructions not built"
make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
not grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
}
support_build_sha_armce() {
@ -4654,30 +4674,30 @@ component_build_sha_armce () {
# Test variations of SHA256 Armv8 crypto extensions
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
# test the deprecated form of the config option
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
# test the deprecated form of the config option
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
@ -4685,32 +4705,32 @@ component_build_sha_armce () {
for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
scripts/config.py set ${opt}
msg "${opt} clang, test A32 crypto instructions built"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "${opt} clang, test T32 crypto instructions built"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "${opt} clang, test aarch64 crypto instructions built"
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
scripts/config.py unset ${opt}
done
# examine the disassembly for absence of SHA instructions
msg "clang, test A32 crypto instructions not built"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "clang, test T32 crypto instructions not built"
make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "clang, test aarch64 crypto instructions not built"
make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
}
support_build_aes_aesce_armcc () {
@ -4832,13 +4852,13 @@ helper_block_cipher_no_decrypt_build_test () {
make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
not grep mbedtls_aes_setkey_dec library/aes.o
not grep mbedtls_aria_setkey_dec library/aria.o
not grep mbedtls_camellia_setkey_dec library/camellia.o
not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
# Make sure we don't have mbedtls_internal_aes_decrypt in AES
not grep mbedtls_internal_aes_decrypt library/aes.o
not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
# Make sure we don't have mbedtls_aesni_inverse_key in AESNI
not grep mbedtls_aesni_inverse_key library/aesni.o
not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o
msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
make test
@ -4939,14 +4959,14 @@ component_test_block_cipher_no_decrypt_aesce_armcc () {
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
not grep mbedtls_aes_setkey_dec library/aes.o
not grep mbedtls_aria_setkey_dec library/aria.o
not grep mbedtls_camellia_setkey_dec library/camellia.o
not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
# Make sure we don't have mbedtls_internal_aes_decrypt in AES
not grep mbedtls_internal_aes_decrypt library/aes.o
not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
# Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
not grep mbedtls_aesce_inverse_key library/aesce.o
not grep aesce_decrypt_block library/aesce.o
not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o
not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o
}
component_test_ctr_drbg_aes_256_sha_256 () {
@ -5319,6 +5339,8 @@ component_build_arm_none_eabi_gcc () {
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_linux_gnueabi_gcc_arm5vte () {
@ -5333,6 +5355,8 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () {
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
@ -5348,6 +5372,8 @@ component_build_arm_none_eabi_gcc_arm5vte () {
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_none_eabi_gcc_m0plus () {
@ -5357,6 +5383,8 @@ component_build_arm_none_eabi_gcc_m0plus () {
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
for lib in library/*.a; do
echo "$lib:"
${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
@ -5370,6 +5398,8 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
not grep __aeabi_uldiv library/*.o
not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o
not grep __aeabi_uldiv ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
@ -5379,6 +5409,8 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
not grep __aeabi_lmul library/*.o
not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o
not grep __aeabi_lmul ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_clang_thumb () {
@ -5423,6 +5455,8 @@ component_build_armcc () {
msg "size: ARM Compiler 5"
"$ARMC5_FROMELF" -z library/*.o
"$ARMC5_FROMELF" -z ${PSA_CORE_PATH}/*.o
"$ARMC5_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.

18
tests/scripts/check-generated-files.sh
View File

@ -31,9 +31,16 @@ in_tf_psa_crypto_repo () {
}
if in_mbedtls_repo; then
library_dir='library'
if [ -d tf-psa-crypto ]; then
crypto_core_dir='tf-psa-crypto/core'
builtin_drivers_dir='tf-psa-crypto/drivers/builtin/src'
else
crypto_core_dir='library'
builtin_drivers_dir='library'
fi
elif in_tf_psa_crypto_repo; then
library_dir='core'
crypto_core_dir='core'
builtin_drivers_dir='drivers/builtin/src/'
else
echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2
exit 1
@ -133,13 +140,14 @@ check framework/scripts/generate_config_tests.py $(framework/scripts/generate_co
check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
check framework/scripts/generate_test_keys.py tests/src/test_keys.h
check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
# Additional checks for Mbed TLS only
if in_mbedtls_repo; then
check scripts/generate_errors.pl library/error.c
check scripts/generate_errors.pl ${builtin_drivers_dir}/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_features.pl ${builtin_drivers_dir}/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't

5
tests/scripts/check_files.py
View File

@ -368,9 +368,8 @@ class LicenseIssueTracker(LineIssueTracker):
heading = "License issue:"
LICENSE_EXEMPTION_RE_LIST = [
# Third-party code, other than whitelisted third-party modules,
# may be under a different license.
r'3rdparty/(?!(p256-m)/.*)',
# Exempt third-party drivers which may be under a different license
r'tf-psa-crypto/drivers/(?=(everest)/.*)',
# Documentation explaining the license may have accidental
# false positives.
r'(ChangeLog|LICENSE|framework\/LICENSE|[-0-9A-Z_a-z]+\.md)\Z',

38
tests/scripts/check_names.py
View File

@ -240,15 +240,19 @@ class CodeParser():
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
"tf-psa-crypto/drivers/everest/include/everest/everest.h",
"tf-psa-crypto/drivers/everest/include/everest/x25519.h"
])
all_macros["internal"] = self.parse_macros([
"library/*.h",
"tf-psa-crypto/core/*.h",
"tf-psa-crypto/drivers/builtin/src/*.h",
"tests/include/test/drivers/*.h",
])
all_macros["private"] = self.parse_macros([
"library/*.c",
"tf-psa-crypto/core/*.c",
"tf-psa-crypto/drivers/builtin/src/*.c",
])
enum_consts = self.parse_enum_consts([
"include/mbedtls/*.h",
@ -256,9 +260,13 @@ class CodeParser():
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"tf-psa-crypto/core/*.h",
"tf-psa-crypto/drivers/builtin/src/*.h",
"library/*.c",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
"tf-psa-crypto/core/*.c",
"tf-psa-crypto/drivers/builtin/src/*.c",
"tf-psa-crypto/drivers/everest/include/everest/everest.h",
"tf-psa-crypto/drivers/everest/include/everest/x25519.h"
])
identifiers, excluded_identifiers = self.parse_identifiers([
"include/mbedtls/*.h",
@ -266,21 +274,27 @@ class CodeParser():
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
], ["3rdparty/p256-m/p256-m/p256-m.h"])
"tf-psa-crypto/core/*.h",
"tf-psa-crypto/drivers/builtin/src/*.h",
"tf-psa-crypto/drivers/everest/include/everest/everest.h",
"tf-psa-crypto/drivers/everest/include/everest/x25519.h"
], ["tf-psa-crypto/drivers/p256-m/p256-m/p256-m.h"])
mbed_psa_words = self.parse_mbed_psa_words([
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h",
"tf-psa-crypto/core/*.h",
"tf-psa-crypto/drivers/builtin/src/*.h",
"tf-psa-crypto/drivers/everest/include/everest/everest.h",
"tf-psa-crypto/drivers/everest/include/everest/x25519.h",
"library/*.c",
"3rdparty/everest/library/everest.c",
"3rdparty/everest/library/x25519.c"
], ["library/psa_crypto_driver_wrappers.h"])
"tf-psa-crypto/core/*.c",
"tf-psa-crypto/drivers/builtin/src/*.c",
"tf-psa-crypto/drivers/everest/library/everest.c",
"tf-psa-crypto/drivers/everest/library/x25519.c"
], ["tf-psa-crypto/core/psa_crypto_driver_wrappers.h"])
symbols = self.parse_symbols()
# Remove identifier macros like mbedtls_printf or mbedtls_calloc

4
tests/scripts/list_internal_identifiers.py
View File

@ -33,7 +33,9 @@ def main():
name_check = CodeParser(logging.getLogger())
result = name_check.parse_identifiers([
"include/mbedtls/*_internal.h",
"library/*.h"
"library/*.h",
"tf-psa-crypto/core/*.h",
"tf-psa-crypto/drivers/builtin/src/*.h"
])[0]
result.sort(key=lambda x: x.name)

9
tests/scripts/test_psa_compliance.py
View File

@ -39,7 +39,14 @@ def main(library_build_dir: str):
in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir)
crypto_name = build_tree.crypto_library_filename(root_dir)
library_subdir = build_tree.crypto_core_directory(root_dir, relative=True)
# Temporary, while the crypto library is still located in the library
# directory. This will not be the case anymore when it will be built by
# the TF-PSA-Crypto build system.
if in_tf_psa_crypto_repo:
library_subdir = build_tree.crypto_core_directory(root_dir, relative=True)
else:
library_subdir = 'library'
crypto_lib_filename = (library_build_dir + '/' +
library_subdir + '/' +

2
tests/src/drivers/hash.c
View File

@ -13,7 +13,7 @@
#include "test/drivers/hash.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_hash.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h"
#endif
mbedtls_test_driver_hash_hooks_t

2
tests/src/drivers/test_driver_aead.c
View File

@ -16,7 +16,7 @@
#include "mbedtls/constant_time.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_aead.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_aead.h"
#endif
mbedtls_test_driver_aead_hooks_t

2
tests/src/drivers/test_driver_asymmetric_encryption.c
View File

@ -16,7 +16,7 @@
#include "test/drivers/key_management.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_rsa.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
#endif
#define PSA_RSA_KEY_PAIR_MAX_SIZE \

2
tests/src/drivers/test_driver_cipher.c
View File

@ -19,7 +19,7 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_cipher.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_cipher.h"
#endif
#include <string.h>

4
tests/src/drivers/test_driver_key_agreement.c
View File

@ -21,8 +21,8 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_ffdh.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h"
#endif
mbedtls_test_driver_key_agreement_hooks_t

6
tests/src/drivers/test_driver_key_management.c
View File

@ -23,9 +23,9 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
#include "libtestdriver1/library/psa_crypto_ffdh.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h"
#endif
#include <string.h>

2
tests/src/drivers/test_driver_mac.c
View File

@ -13,7 +13,7 @@
#include "test/drivers/mac.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_mac.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_mac.h"
#endif
mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =

2
tests/src/drivers/test_driver_pake.c
View File

@ -14,7 +14,7 @@
#include "string.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_pake.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_pake.h"
#endif
mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =

6
tests/src/drivers/test_driver_signature.c
View File

@ -26,9 +26,9 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_hash.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h"
#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
#endif
#include <string.h>

2
tf-psa-crypto/CMakeLists.txt
View File

@ -36,3 +36,5 @@ if(LIB_INSTALL_DIR)
endif()
add_subdirectory(include)
add_subdirectory(core)
add_subdirectory(drivers)

4
tf-psa-crypto/core/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
###START_GENERATED_FILES###
/psa_crypto_driver_wrappers.h
/psa_crypto_driver_wrappers_no_static.c
###END_GENERATED_FILES###

0
tf-psa-crypto/core/CMakeLists.txt Normal file
View File

0
library/alignment.h → tf-psa-crypto/core/alignment.h
View File

435
tf-psa-crypto/core/common.h Normal file
View File

@ -0,0 +1,435 @@
/**
* \file common.h
*
* \brief Utility macros for internal use in the library
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_LIBRARY_COMMON_H
#define MBEDTLS_LIBRARY_COMMON_H
#include "mbedtls/build_info.h"
#include "alignment.h"
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <stddef.h>
#if defined(__ARM_NEON)
#include <arm_neon.h>
#define MBEDTLS_HAVE_NEON_INTRINSICS
#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
#include <arm64_neon.h>
#define MBEDTLS_HAVE_NEON_INTRINSICS
#endif
/** Helper to define a function as static except when building invasive tests.
*
* If a function is only used inside its own source file and should be
* declared `static` to allow the compiler to optimize for code size,
* but that function has unit tests, define it with
* ```
* MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... }
* ```
* and declare it in a header in the `library/` directory with
* ```
* #if defined(MBEDTLS_TEST_HOOKS)
* int mbedtls_foo(...);
* #endif
* ```
*/
#if defined(MBEDTLS_TEST_HOOKS)
#define MBEDTLS_STATIC_TESTABLE
#else
#define MBEDTLS_STATIC_TESTABLE static
#endif
#if defined(MBEDTLS_TEST_HOOKS)
extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const char *file);
#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) \
do { \
if ((!(TEST)) && ((*mbedtls_test_hook_test_fail) != NULL)) \
{ \
(*mbedtls_test_hook_test_fail)( #TEST, __LINE__, __FILE__); \
} \
} while (0)
#else
#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
#endif /* defined(MBEDTLS_TEST_HOOKS) */
/** \def ARRAY_LENGTH
* Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
/* A correct implementation of ARRAY_LENGTH, but which silently gives
* a nonsensical result if called with a pointer rather than an array. */
#define ARRAY_LENGTH_UNSAFE(array) \
(sizeof(array) / sizeof(*(array)))
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER(arg) \
(!__builtin_types_compatible_p(__typeof__(arg), \
__typeof__(&(arg)[0])))
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR(const_expr) \
(0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN(condition, value) \
(STATIC_ASSERT_EXPR(condition) ? 0 : (value))
#define ARRAY_LENGTH(array) \
(STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
ARRAY_LENGTH_UNSAFE(array)))
#else
/* If we aren't sure the compiler supports our non-standard tricks,
* fall back to the unsafe implementation. */
#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
#endif
/** Allow library to access its structs' private members.
*
* Although structs defined in header files are publicly available,
* their members are private and should not be accessed by the user.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
/**
* \brief Securely zeroize a buffer then free it.
*
* Similar to making consecutive calls to
* \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has
* code size savings, and potential for optimisation in the future.
*
* Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0.
*
* \param buf Buffer to be zeroized then freed.
* \param len Length of the buffer in bytes
*/
void mbedtls_zeroize_and_free(void *buf, size_t len);
/** Return an offset into a buffer.
*
* This is just the addition of an offset to a pointer, except that this
* function also accepts an offset of 0 into a buffer whose pointer is null.
* (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
* A null pointer is a valid buffer pointer when the size is 0, for example
* as the result of `malloc(0)` on some platforms.)
*
* \param p Pointer to a buffer of at least n bytes.
* This may be \p NULL if \p n is zero.
* \param n An offset in bytes.
* \return Pointer to offset \p n in the buffer \p p.
* Note that this is only a valid pointer if the size of the
* buffer is at least \p n + 1.
*/
static inline unsigned char *mbedtls_buffer_offset(
unsigned char *p, size_t n)
{
return p == NULL ? NULL : p + n;
}
/** Return an offset into a read-only buffer.
*
* Similar to mbedtls_buffer_offset(), but for const pointers.
*
* \param p Pointer to a buffer of at least n bytes.
* This may be \p NULL if \p n is zero.
* \param n An offset in bytes.
* \return Pointer to offset \p n in the buffer \p p.
* Note that this is only a valid pointer if the size of the
* buffer is at least \p n + 1.
*/
static inline const unsigned char *mbedtls_buffer_offset_const(
const unsigned char *p, size_t n)
{
return p == NULL ? NULL : p + n;
}
/* Always inline mbedtls_xor() for similar reasons as mbedtls_xor_no_simd(). */
#if defined(__IAR_SYSTEMS_ICC__)
#pragma inline = forced
#elif defined(__GNUC__)
__attribute__((always_inline))
#endif
/**
* Perform a fast block XOR operation, such that
* r[i] = a[i] ^ b[i] where 0 <= i < n
*
* \param r Pointer to result (buffer of at least \p n bytes). \p r
* may be equal to either \p a or \p b, but behaviour when
* it overlaps in other ways is undefined.
* \param a Pointer to input (buffer of at least \p n bytes)
* \param b Pointer to input (buffer of at least \p n bytes)
* \param n Number of bytes to process.
*
* \note Depending on the situation, it may be faster to use either mbedtls_xor() or
* mbedtls_xor_no_simd() (these are functionally equivalent).
* If the result is used immediately after the xor operation in non-SIMD code (e.g, in
* AES-CBC), there may be additional latency to transfer the data from SIMD to scalar
* registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where
* the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster.
* For targets without SIMD support, they will behave the same.
*/
static inline void mbedtls_xor(unsigned char *r,
const unsigned char *a,
const unsigned char *b,
size_t n)
{
size_t i = 0;
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \
(!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300))
/* Old GCC versions generate a warning here, so disable the NEON path for these compilers */
for (; (i + 16) <= n; i += 16) {
uint8x16_t v1 = vld1q_u8(a + i);
uint8x16_t v2 = vld1q_u8(b + i);
uint8x16_t x = veorq_u8(v1, v2);
vst1q_u8(r + i, x);
}
#if defined(__IAR_SYSTEMS_ICC__)
/* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
* where n is a constant multiple of 16.
* For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
* constant, and is a very small perf regression if n is not a compile-time constant. */
if (n % 16 == 0) {
return;
}
#endif
#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
/* This codepath probably only makes sense on architectures with 64-bit registers */
for (; (i + 8) <= n; i += 8) {
uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
mbedtls_put_unaligned_uint64(r + i, x);
}
#if defined(__IAR_SYSTEMS_ICC__)
if (n % 8 == 0) {
return;
}
#endif
#else
for (; (i + 4) <= n; i += 4) {
uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
mbedtls_put_unaligned_uint32(r + i, x);
}
#if defined(__IAR_SYSTEMS_ICC__)
if (n % 4 == 0) {
return;
}
#endif
#endif
#endif
for (; i < n; i++) {
r[i] = a[i] ^ b[i];
}
}
/* Always inline mbedtls_xor_no_simd() as we see significant perf regressions when it does not get
* inlined (e.g., observed about 3x perf difference in gcm_mult_largetable with gcc 7 - 12) */
#if defined(__IAR_SYSTEMS_ICC__)
#pragma inline = forced
#elif defined(__GNUC__)
__attribute__((always_inline))
#endif
/**
* Perform a fast block XOR operation, such that
* r[i] = a[i] ^ b[i] where 0 <= i < n
*
* In some situations, this can perform better than mbedtls_xor() (e.g., it's about 5%
* better in AES-CBC).
*
* \param r Pointer to result (buffer of at least \p n bytes). \p r
* may be equal to either \p a or \p b, but behaviour when
* it overlaps in other ways is undefined.
* \param a Pointer to input (buffer of at least \p n bytes)
* \param b Pointer to input (buffer of at least \p n bytes)
* \param n Number of bytes to process.
*
* \note Depending on the situation, it may be faster to use either mbedtls_xor() or
* mbedtls_xor_no_simd() (these are functionally equivalent).
* If the result is used immediately after the xor operation in non-SIMD code (e.g, in
* AES-CBC), there may be additional latency to transfer the data from SIMD to scalar
* registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where
* the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster.
* For targets without SIMD support, they will behave the same.
*/
static inline void mbedtls_xor_no_simd(unsigned char *r,
const unsigned char *a,
const unsigned char *b,
size_t n)
{
size_t i = 0;
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
#if defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
/* This codepath probably only makes sense on architectures with 64-bit registers */
for (; (i + 8) <= n; i += 8) {
uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
mbedtls_put_unaligned_uint64(r + i, x);
}
#if defined(__IAR_SYSTEMS_ICC__)
/* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
* where n is a constant multiple of 8.
* For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
* constant, and is a very small perf regression if n is not a compile-time constant. */
if (n % 8 == 0) {
return;
}
#endif
#else
for (; (i + 4) <= n; i += 4) {
uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
mbedtls_put_unaligned_uint32(r + i, x);
}
#if defined(__IAR_SYSTEMS_ICC__)
if (n % 4 == 0) {
return;
}
#endif
#endif
#endif
for (; i < n; i++) {
r[i] = a[i] ^ b[i];
}
}
/* Fix MSVC C99 compatible issue
* MSVC support __func__ from visual studio 2015( 1900 )
* Use MSVC predefine macro to avoid name check fail.
*/
#if (defined(_MSC_VER) && (_MSC_VER <= 1900))
#define /*no-check-names*/ __func__ __FUNCTION__
#endif
/* Define `asm` for compilers which don't define it. */
/* *INDENT-OFF* */
#ifndef asm
#if defined(__IAR_SYSTEMS_ICC__)
#define asm __asm
#else
#define asm __asm__
#endif
#endif
/* *INDENT-ON* */
/*
* Define the constraint used for read-only pointer operands to aarch64 asm.
*
* This is normally the usual "r", but for aarch64_32 (aka ILP32,
* as found in watchos), "p" is required to avoid warnings from clang.
*
* Note that clang does not recognise '+p' or '=p', and armclang
* does not recognise 'p' at all. Therefore, to update a pointer from
* aarch64 assembly, it is necessary to use something like:
*
* uintptr_t uptr = (uintptr_t) ptr;
* asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : )
* ptr = (void*) uptr;
*
* Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings.
*/
#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM)
#if UINTPTR_MAX == 0xfffffffful
/* ILP32: Specify the pointer operand slightly differently, as per #7787. */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p"
#elif UINTPTR_MAX == 0xfffffffffffffffful
/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
#else
#error "Unrecognised pointer size for aarch64"
#endif
#endif
/* Always provide a static assert macro, so it can be used unconditionally.
* It will expand to nothing on some systems.
* Can be used outside functions (but don't add a trailing ';' in that case:
* the semicolon is included here to avoid triggering -Wextra-semi when
* MBEDTLS_STATIC_ASSERT() expands to nothing).
* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
* defines static_assert even with -std=c99, but then complains about it.
*/
#if defined(static_assert) && !defined(__FreeBSD__)
#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg);
#else
#define MBEDTLS_STATIC_ASSERT(expr, msg)
#endif
#if defined(__has_builtin)
#define MBEDTLS_HAS_BUILTIN(x) __has_builtin(x)
#else
#define MBEDTLS_HAS_BUILTIN(x) 0
#endif
/* Define compiler branch hints */
#if MBEDTLS_HAS_BUILTIN(__builtin_expect)
#define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1)
#define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0)
#else
#define MBEDTLS_LIKELY(x) x
#define MBEDTLS_UNLIKELY(x) x
#endif
/* MBEDTLS_ASSUME may be used to provide additional information to the compiler
* which can result in smaller code-size. */
#if MBEDTLS_HAS_BUILTIN(__builtin_assume)
/* clang provides __builtin_assume */
#define MBEDTLS_ASSUME(x) __builtin_assume(x)
#elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable)
/* gcc and IAR can use __builtin_unreachable */
#define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0)
#elif defined(_MSC_VER)
/* Supported by MSVC since VS 2005 */
#define MBEDTLS_ASSUME(x) __assume(x)
#else
#define MBEDTLS_ASSUME(x) do { } while (0)
#endif
/* For gcc -Os, override with -O2 for a given function.
*
* This will not affect behaviour for other optimisation settings, e.g. -O0.
*/
#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__OPTIMIZE_SIZE__)
#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE __attribute__((optimize("-O2")))
#else
#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE
#endif
/* Suppress compiler warnings for unused functions and variables. */
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
# if __has_attribute(unused)
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
# endif
#endif
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
#endif
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support)
* is given; the pragma always works.
* Unfortunately the pragma affects the rest of the file where it is used, but this is harmless.
* Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't
* able to find documentation).
*/
# if (__VER__ >= 5020000)
# define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177")
# endif
#endif
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
#endif
#if !defined(MBEDTLS_MAYBE_UNUSED)
# define MBEDTLS_MAYBE_UNUSED
#endif
#endif /* MBEDTLS_LIBRARY_COMMON_H */

0
library/psa_crypto.c → tf-psa-crypto/core/psa_crypto.c
View File

0
library/psa_crypto_aead.c → tf-psa-crypto/core/psa_crypto_aead.c
View File

0
library/psa_crypto_aead.h → tf-psa-crypto/core/psa_crypto_aead.h
View File

0
library/psa_crypto_cipher.c → tf-psa-crypto/core/psa_crypto_cipher.c
View File

0
library/psa_crypto_cipher.h → tf-psa-crypto/core/psa_crypto_cipher.h
View File

0
library/psa_crypto_client.c → tf-psa-crypto/core/psa_crypto_client.c
View File

0
library/psa_crypto_core.h → tf-psa-crypto/core/psa_crypto_core.h
View File

0
library/psa_crypto_core_common.h → tf-psa-crypto/core/psa_crypto_core_common.h
View File

0
library/psa_crypto_driver_wrappers_no_static.h → tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.h
View File

0
library/psa_crypto_ecp.c → tf-psa-crypto/core/psa_crypto_ecp.c
View File

0
library/psa_crypto_ecp.h → tf-psa-crypto/core/psa_crypto_ecp.h
View File

0
library/psa_crypto_ffdh.c → tf-psa-crypto/core/psa_crypto_ffdh.c
View File

0
library/psa_crypto_ffdh.h → tf-psa-crypto/core/psa_crypto_ffdh.h
View File

0
library/psa_crypto_hash.c → tf-psa-crypto/core/psa_crypto_hash.c
View File

0
library/psa_crypto_hash.h → tf-psa-crypto/core/psa_crypto_hash.h
View File

0
library/psa_crypto_invasive.h → tf-psa-crypto/core/psa_crypto_invasive.h
View File

0
library/psa_crypto_its.h → tf-psa-crypto/core/psa_crypto_its.h
View File

0
library/psa_crypto_mac.c → tf-psa-crypto/core/psa_crypto_mac.c
View File

0
library/psa_crypto_mac.h → tf-psa-crypto/core/psa_crypto_mac.h
View File

0
library/psa_crypto_pake.c → tf-psa-crypto/core/psa_crypto_pake.c
View File

0
library/psa_crypto_pake.h → tf-psa-crypto/core/psa_crypto_pake.h
View File

0
library/psa_crypto_random_impl.h → tf-psa-crypto/core/psa_crypto_random_impl.h
View File

0
library/psa_crypto_rsa.c → tf-psa-crypto/core/psa_crypto_rsa.c
View File

0
library/psa_crypto_rsa.h → tf-psa-crypto/core/psa_crypto_rsa.h
View File

0
library/psa_crypto_se.c → tf-psa-crypto/core/psa_crypto_se.c
View File

0
library/psa_crypto_se.h → tf-psa-crypto/core/psa_crypto_se.h
View File

0
library/psa_crypto_slot_management.c → tf-psa-crypto/core/psa_crypto_slot_management.c
View File

0
library/psa_crypto_slot_management.h → tf-psa-crypto/core/psa_crypto_slot_management.h
View File

0
library/psa_crypto_storage.c → tf-psa-crypto/core/psa_crypto_storage.c
View File

0
library/psa_crypto_storage.h → tf-psa-crypto/core/psa_crypto_storage.h
View File

0
library/psa_its_file.c → tf-psa-crypto/core/psa_its_file.c
View File

0
library/psa_util.c → tf-psa-crypto/core/psa_util.c
View File

0
library/psa_util_internal.h → tf-psa-crypto/core/psa_util_internal.h
View File

1
3rdparty/CMakeLists.txt → tf-psa-crypto/drivers/CMakeLists.txt
View File

@ -1,2 +1,3 @@
add_subdirectory(builtin)
add_subdirectory(everest)
add_subdirectory(p256-m)

1
tf-psa-crypto/drivers/builtin/CMakeLists.txt Normal file
View File

@ -0,0 +1 @@
add_subdirectory(src)

4
tf-psa-crypto/drivers/builtin/src/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
###START_GENERATED_FILES###
/error.c
/version_features.c
###END_GENERATED_FILES###

0
tf-psa-crypto/drivers/builtin/src/CMakeLists.txt Normal file
View File

0
library/aes.c → tf-psa-crypto/drivers/builtin/src/aes.c
View File

0
library/aesce.c → tf-psa-crypto/drivers/builtin/src/aesce.c
View File

0
library/aesce.h → tf-psa-crypto/drivers/builtin/src/aesce.h
View File

0
library/aesni.c → tf-psa-crypto/drivers/builtin/src/aesni.c
View File

0
library/aesni.h → tf-psa-crypto/drivers/builtin/src/aesni.h
View File

0
library/aria.c → tf-psa-crypto/drivers/builtin/src/aria.c
View File

0
library/asn1parse.c → tf-psa-crypto/drivers/builtin/src/asn1parse.c
View File

0
library/asn1write.c → tf-psa-crypto/drivers/builtin/src/asn1write.c
View File

0
library/base64.c → tf-psa-crypto/drivers/builtin/src/base64.c
View File

0
library/base64_internal.h → tf-psa-crypto/drivers/builtin/src/base64_internal.h
View File

0
library/bignum.c → tf-psa-crypto/drivers/builtin/src/bignum.c
View File

0
library/bignum_core.c → tf-psa-crypto/drivers/builtin/src/bignum_core.c
View File

0
library/bignum_core.h → tf-psa-crypto/drivers/builtin/src/bignum_core.h
View File

0
library/bignum_mod.c → tf-psa-crypto/drivers/builtin/src/bignum_mod.c
View File

0
library/bignum_mod.h → tf-psa-crypto/drivers/builtin/src/bignum_mod.h
View File

0
library/bignum_mod_raw.c → tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.c
View File

0
library/bignum_mod_raw.h → tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.h
View File

0
library/bignum_mod_raw_invasive.h → tf-psa-crypto/drivers/builtin/src/bignum_mod_raw_invasive.h
View File

0
library/block_cipher.c → tf-psa-crypto/drivers/builtin/src/block_cipher.c
View File

0
library/block_cipher_internal.h → tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h
View File

0
library/bn_mul.h → tf-psa-crypto/drivers/builtin/src/bn_mul.h
View File

0
library/camellia.c → tf-psa-crypto/drivers/builtin/src/camellia.c
View File

0
library/ccm.c → tf-psa-crypto/drivers/builtin/src/ccm.c
View File

Some files were not shown because too many files have changed in this diff Show More