From c707ac56fa20e3d3adfb420211b7b5f387fab9a4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 20 Nov 2024 16:58:50 +0100 Subject: [PATCH 01/16] Add python module serach path library for TF PSA Crypto Signed-off-by: Gabor Mezei --- .../scripts/framework_scripts_path.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 tf-psa-crypto/scripts/framework_scripts_path.py diff --git a/tf-psa-crypto/scripts/framework_scripts_path.py b/tf-psa-crypto/scripts/framework_scripts_path.py new file mode 100644 index 0000000000..fd39ce3e9a --- /dev/null +++ b/tf-psa-crypto/scripts/framework_scripts_path.py @@ -0,0 +1,18 @@ +"""Add our Python library directory to the module search path. + +Usage: + + import framework_scripts_path # pylint: disable=unused-import +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# + +import os +import sys + +sys.path.append(os.path.join(os.path.dirname(__file__), + os.path.pardir, + os.path.pardir, + 'framework', 'scripts')) From 3191144e225b5bada27da819d831183da3ebd934 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 20 Nov 2024 17:05:16 +0100 Subject: [PATCH 02/16] Add config.py for TF PSA Crypto Add minimal required classes to use `get`, `set` and `unset` operations. Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/tf_psa_crypto_config.py | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100755 tf-psa-crypto/scripts/tf_psa_crypto_config.py diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/tf_psa_crypto_config.py new file mode 100755 index 0000000000..33faeecf92 --- /dev/null +++ b/tf-psa-crypto/scripts/tf_psa_crypto_config.py @@ -0,0 +1,95 @@ +#!/usr/bin/env python3 + +"""TF PSA Crypto configuration file manipulation library and tool + +Basic usage, to read the TF PSA Crypto configuration: + config = TfPSACryptoConfig() + if 'PSA_WANT_ALG_MD5' in config: print('MD5 is enabled') +""" + +## Copyright The Mbed TLS Contributors +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +## + +import os +import sys + +import framework_scripts_path # pylint: disable=unused-import +from mbedtls_framework import config_common + + +PSA_UNSUPPORTED_FEATURE = frozenset([ + 'PSA_WANT_ALG_CBC_MAC', + 'PSA_WANT_ALG_XTS', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE', + 'PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE' +]) + +PSA_UNSTABLE_FEATURE = frozenset([ + 'PSA_WANT_ECC_SECP_K1_224' +]) + + +class TfPSACryptoConfigFile(config_common.ConfigFile): + """Representation of a TF PSA Crypto configuration file.""" + + _path_in_tree = 'tf-psa-crypto/include/psa/crypto_config.h' + default_path = [_path_in_tree, + os.path.join(os.path.dirname(__file__), + os.pardir, + _path_in_tree), + os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))), + _path_in_tree)] + + def __init__(self, filename=None): + super().__init__(self.default_path, 'Crypto', filename) + + +class TfPSACryptoConfig(config_common.Config): + """Representation of the TF PSA Crypto configuration. + + See the documentation of the `Config` class for methods to query + and modify the configuration. + """ + + def __init__(self, *configfiles): + """Read the PSA crypto configuration files.""" + + super().__init__() + self.configfiles.extend(configfiles) + self.settings.update({name: config_common.Setting(configfile, active, name, value, section) + for configfile in configfiles + for (active, name, value, section) in configfile.parse_file()}) + + def set(self, name, value=None): + """Set name to the given value and make it active.""" + + if name in PSA_UNSUPPORTED_FEATURE: + raise ValueError(f'Feature is unsupported: \'{name}\'') + if name in PSA_UNSTABLE_FEATURE: + raise ValueError(f'Feature is unstable: \'{name}\'') + + if name not in self.settings: + self._get_configfile().templates.append((name, '', f'#define {name} ')) + + # Default value for PSA macros is '1' + if name.startswith('PSA_') and not value: + value = '1' + + super().set(name, value) + + +class TfPSACryptoConfigTool(config_common.ConfigTool): + """Command line TF PSA Crypto config file manipulation tool.""" + + def __init__(self): + super().__init__(TfPSACryptoConfigFile.default_path[0], single_config=False) + configfiles = [TfPSACryptoConfigFile(file) for file in self.args.file] + self.config = TfPSACryptoConfig(*configfiles) + + def custom_parser_options(self): + """Adds TF PSA Crypto specific options for the parser.""" + + +if __name__ == '__main__': + sys.exit(TfPSACryptoConfigTool().main()) From 871cde613d6ebe579fa8f674e85b26f10b8f00d2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 20 Nov 2024 17:08:19 +0100 Subject: [PATCH 03/16] Add `full` adapter for tf-psa_crypto_config.py Add the `full` adapter to enable most of the config feature. Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/tf_psa_crypto_config.py | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/tf_psa_crypto_config.py index 33faeecf92..b822ac56a2 100755 --- a/tf-psa-crypto/scripts/tf_psa_crypto_config.py +++ b/tf-psa-crypto/scripts/tf_psa_crypto_config.py @@ -25,10 +25,92 @@ PSA_UNSUPPORTED_FEATURE = frozenset([ 'PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE' ]) +PSA_DEPRECATED_FEATURE = frozenset([ + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR' +]) + PSA_UNSTABLE_FEATURE = frozenset([ 'PSA_WANT_ECC_SECP_K1_224' ]) +# The goal of the full configuration is to have everything that can be tested +# together. This includes deprecated or insecure options. It excludes: +# * Options that require additional build dependencies or unusual hardware. +# * Options that make testing less effective. +# * Options that are incompatible with other options, or more generally that +# interact with other parts of the code in such a way that a bulk enabling +# is not a good way to test them. +# * Options that remove features. +EXCLUDE_FROM_FULL = frozenset([ + #pylint: disable=line-too-long + 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY + 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES + 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 + 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options + 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options + 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS + 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental + 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY + 'MBEDTLS_HAVE_SSE2', # hardware dependency + 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C + 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C + 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum + 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature + 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature + 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum + 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA + 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature + 'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature + 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency + 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change + 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) + 'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources + 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS + 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient + 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) + 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) + 'MBEDTLS_X509_REMOVE_INFO', # removes a feature + *PSA_UNSUPPORTED_FEATURE, + *PSA_DEPRECATED_FEATURE, + *PSA_UNSTABLE_FEATURE +]) + +def is_boolean_setting(name, value): + """Is this a boolean setting? + + Mbed TLS boolean settings are enabled if the preprocessor macro is + defined, and disabled if the preprocessor macro is not defined. The + macro definition line in the configuration file has an empty expansion. + + PSA_WANT_xxx settings are also boolean, but when they are enabled, + they expand to a nonzero value. We leave them undefined when they + are disabled. (Setting them to 0 currently means to enable them, but + this might change to mean disabling them. Currently we just never set + them to 0.) + """ + if name.startswith('PSA_WANT_'): + return True + if not value: + return True + return False + +def include_in_full(name): + """Rules for symbols in the "full" configuration.""" + if name in EXCLUDE_FROM_FULL: + return False + return True + +def full_adapter(name, value, active): + """Config adapter for "full".""" + if not is_boolean_setting(name, value): + return active + return include_in_full(name) + class TfPSACryptoConfigFile(config_common.ConfigFile): """Representation of a TF PSA Crypto configuration file.""" @@ -90,6 +172,13 @@ class TfPSACryptoConfigTool(config_common.ConfigTool): def custom_parser_options(self): """Adds TF PSA Crypto specific options for the parser.""" + self.add_adapter( + 'full', full_adapter, + """Uncomment most features. + Exclude alternative implementations and platform support options, as well as + some options that are awkward to test. + """) + if __name__ == '__main__': sys.exit(TfPSACryptoConfigTool().main()) From afc5fa5ad2b5b86af810efa8a903f30a6fdbe856 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 29 Nov 2024 12:57:53 +0100 Subject: [PATCH 04/16] Rename TfPSA to TFPSA Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/tf_psa_crypto_config.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/tf_psa_crypto_config.py index b822ac56a2..2b27f0facb 100755 --- a/tf-psa-crypto/scripts/tf_psa_crypto_config.py +++ b/tf-psa-crypto/scripts/tf_psa_crypto_config.py @@ -3,7 +3,7 @@ """TF PSA Crypto configuration file manipulation library and tool Basic usage, to read the TF PSA Crypto configuration: - config = TfPSACryptoConfig() + config = TFPSACryptoConfig() if 'PSA_WANT_ALG_MD5' in config: print('MD5 is enabled') """ @@ -112,7 +112,7 @@ def full_adapter(name, value, active): return include_in_full(name) -class TfPSACryptoConfigFile(config_common.ConfigFile): +class TFPSACryptoConfigFile(config_common.ConfigFile): """Representation of a TF PSA Crypto configuration file.""" _path_in_tree = 'tf-psa-crypto/include/psa/crypto_config.h' @@ -127,7 +127,7 @@ class TfPSACryptoConfigFile(config_common.ConfigFile): super().__init__(self.default_path, 'Crypto', filename) -class TfPSACryptoConfig(config_common.Config): +class TFPSACryptoConfig(config_common.Config): """Representation of the TF PSA Crypto configuration. See the documentation of the `Config` class for methods to query @@ -161,13 +161,13 @@ class TfPSACryptoConfig(config_common.Config): super().set(name, value) -class TfPSACryptoConfigTool(config_common.ConfigTool): +class TFPSACryptoConfigTool(config_common.ConfigTool): """Command line TF PSA Crypto config file manipulation tool.""" def __init__(self): - super().__init__(TfPSACryptoConfigFile.default_path[0], single_config=False) - configfiles = [TfPSACryptoConfigFile(file) for file in self.args.file] - self.config = TfPSACryptoConfig(*configfiles) + super().__init__(TFPSACryptoConfigFile.default_path[0], single_config=False) + configfiles = [TFPSACryptoConfigFile(file) for file in self.args.file] + self.config = TFPSACryptoConfig(*configfiles) def custom_parser_options(self): """Adds TF PSA Crypto specific options for the parser.""" @@ -181,4 +181,4 @@ class TfPSACryptoConfigTool(config_common.ConfigTool): if __name__ == '__main__': - sys.exit(TfPSACryptoConfigTool().main()) + sys.exit(TFPSACryptoConfigTool().main()) From 1044a8066bf48e6bd7984850f92ba9ce856899c1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 29 Nov 2024 12:58:44 +0100 Subject: [PATCH 05/16] Use better config name Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/tf_psa_crypto_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/tf_psa_crypto_config.py index 2b27f0facb..df69eeb70e 100755 --- a/tf-psa-crypto/scripts/tf_psa_crypto_config.py +++ b/tf-psa-crypto/scripts/tf_psa_crypto_config.py @@ -124,7 +124,7 @@ class TFPSACryptoConfigFile(config_common.ConfigFile): _path_in_tree)] def __init__(self, filename=None): - super().__init__(self.default_path, 'Crypto', filename) + super().__init__(self.default_path, 'TF-PSA-Crypto', filename) class TFPSACryptoConfig(config_common.Config): From 37bf61ee96e860f9902d800a008a4be3ca6dbc1e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 29 Nov 2024 12:59:26 +0100 Subject: [PATCH 06/16] Fix crypto config path Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/tf_psa_crypto_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/tf_psa_crypto_config.py index df69eeb70e..b6437e7683 100755 --- a/tf-psa-crypto/scripts/tf_psa_crypto_config.py +++ b/tf-psa-crypto/scripts/tf_psa_crypto_config.py @@ -115,7 +115,7 @@ def full_adapter(name, value, active): class TFPSACryptoConfigFile(config_common.ConfigFile): """Representation of a TF PSA Crypto configuration file.""" - _path_in_tree = 'tf-psa-crypto/include/psa/crypto_config.h' + _path_in_tree = 'include/psa/crypto_config.h' default_path = [_path_in_tree, os.path.join(os.path.dirname(__file__), os.pardir, From 680a7c30c2353656ba445fee2ab240ac0e6cb4ce Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 29 Nov 2024 13:09:10 +0100 Subject: [PATCH 07/16] Use only one config file in config.py Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/tf_psa_crypto_config.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/tf_psa_crypto_config.py index b6437e7683..ef76d3b771 100755 --- a/tf-psa-crypto/scripts/tf_psa_crypto_config.py +++ b/tf-psa-crypto/scripts/tf_psa_crypto_config.py @@ -134,13 +134,13 @@ class TFPSACryptoConfig(config_common.Config): and modify the configuration. """ - def __init__(self, *configfiles): + def __init__(self, filename): """Read the PSA crypto configuration files.""" super().__init__() - self.configfiles.extend(configfiles) + configfile = TFPSACryptoConfigFile(filename) + self.configfiles.append(configfile) self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for configfile in configfiles for (active, name, value, section) in configfile.parse_file()}) def set(self, name, value=None): @@ -165,9 +165,8 @@ class TFPSACryptoConfigTool(config_common.ConfigTool): """Command line TF PSA Crypto config file manipulation tool.""" def __init__(self): - super().__init__(TFPSACryptoConfigFile.default_path[0], single_config=False) - configfiles = [TFPSACryptoConfigFile(file) for file in self.args.file] - self.config = TFPSACryptoConfig(*configfiles) + super().__init__(TFPSACryptoConfigFile.default_path[0]) + self.config = TFPSACryptoConfig(self.args.file) def custom_parser_options(self): """Adds TF PSA Crypto specific options for the parser.""" From a53712d21d075967e5f1f1ebe154ecef113b8638 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 29 Nov 2024 13:12:01 +0100 Subject: [PATCH 08/16] Rename tf_psa_crypto_config.py to config.py Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/{tf_psa_crypto_config.py => config.py} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tf-psa-crypto/scripts/{tf_psa_crypto_config.py => config.py} (100%) diff --git a/tf-psa-crypto/scripts/tf_psa_crypto_config.py b/tf-psa-crypto/scripts/config.py similarity index 100% rename from tf-psa-crypto/scripts/tf_psa_crypto_config.py rename to tf-psa-crypto/scripts/config.py From 75c7e13fa722a48dd9b95237621aabdf9370cecf Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 10:02:39 +0100 Subject: [PATCH 09/16] Update framework Signed-off-by: Gabor Mezei --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index a2c76945ca..d4585fde2c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a2c76945ca090f9dd099001d7c5158557f5a2036 +Subproject commit d4585fde2c09206d594826476a715fd075716fce From fb36814669d9637f2539e6038162f22cdc033f84 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 10:11:46 +0100 Subject: [PATCH 10/16] Use default value for the `filename` parameter Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/scripts/config.py b/tf-psa-crypto/scripts/config.py index ef76d3b771..8002392e2a 100755 --- a/tf-psa-crypto/scripts/config.py +++ b/tf-psa-crypto/scripts/config.py @@ -134,7 +134,7 @@ class TFPSACryptoConfig(config_common.Config): and modify the configuration. """ - def __init__(self, filename): + def __init__(self, filename=None): """Read the PSA crypto configuration files.""" super().__init__() From 1a7bbe1ca8d9bdb344cb55a06b5d303df1559281 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 10:17:13 +0100 Subject: [PATCH 11/16] Handle the `_ALT` macros in the `full` adapter Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/config.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tf-psa-crypto/scripts/config.py b/tf-psa-crypto/scripts/config.py index 8002392e2a..a5253b4c0a 100755 --- a/tf-psa-crypto/scripts/config.py +++ b/tf-psa-crypto/scripts/config.py @@ -99,10 +99,34 @@ def is_boolean_setting(name, value): return True return False +def is_seamless_alt(name): + """Whether the xxx_ALT symbol should be included in the full configuration. + + Include alternative implementations of platform functions, which are + configurable function pointers that default to the built-in function. + This way we test that the function pointers exist and build correctly + without changing the behavior, and tests can verify that the function + pointers are used by modifying those pointers. + + Exclude alternative implementations of library functions since they require + an implementation of the relevant functions and an xxx_alt.h header. + """ + if name in ( + 'MBEDTLS_PLATFORM_GMTIME_R_ALT', + 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', + 'MBEDTLS_PLATFORM_MS_TIME_ALT', + 'MBEDTLS_PLATFORM_ZEROIZE_ALT', + ): + # Similar to non-platform xxx_ALT, requires platform_alt.h + return False + return name.startswith('MBEDTLS_PLATFORM_') + def include_in_full(name): """Rules for symbols in the "full" configuration.""" if name in EXCLUDE_FROM_FULL: return False + if name.endswith('_ALT'): + return is_seamless_alt(name) return True def full_adapter(name, value, active): From fc719d6e8c740205dabd2e86b57419b4a4a1a3d4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 18:40:22 +0100 Subject: [PATCH 12/16] Unify PSA symbol identification Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/config.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/scripts/config.py b/tf-psa-crypto/scripts/config.py index a5253b4c0a..8412637235 100755 --- a/tf-psa-crypto/scripts/config.py +++ b/tf-psa-crypto/scripts/config.py @@ -11,6 +11,7 @@ Basic usage, to read the TF PSA Crypto configuration: ## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## +import re import os import sys @@ -18,6 +19,8 @@ import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import config_common +PSA_SYMBOL_REGEXP = re.compile(r'^PSA_.*') + PSA_UNSUPPORTED_FEATURE = frozenset([ 'PSA_WANT_ALG_CBC_MAC', 'PSA_WANT_ALG_XTS', @@ -93,7 +96,7 @@ def is_boolean_setting(name, value): this might change to mean disabling them. Currently we just never set them to 0.) """ - if name.startswith('PSA_WANT_'): + if re.match(PSA_SYMBOL_REGEXP, name): return True if not value: return True @@ -179,7 +182,7 @@ class TFPSACryptoConfig(config_common.Config): self._get_configfile().templates.append((name, '', f'#define {name} ')) # Default value for PSA macros is '1' - if name.startswith('PSA_') and not value: + if not value and re.match(PSA_SYMBOL_REGEXP, name): value = '1' super().set(name, value) From c716aade4fe96bb6c4993e58329c28d98d1ca3b5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 18:41:27 +0100 Subject: [PATCH 13/16] Make the file path generation more transparent Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/scripts/config.py b/tf-psa-crypto/scripts/config.py index 8412637235..474fea3953 100755 --- a/tf-psa-crypto/scripts/config.py +++ b/tf-psa-crypto/scripts/config.py @@ -147,7 +147,7 @@ class TFPSACryptoConfigFile(config_common.ConfigFile): os.path.join(os.path.dirname(__file__), os.pardir, _path_in_tree), - os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))), + os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), _path_in_tree)] def __init__(self, filename=None): From 2e3f17a40fed54a3ba9810baa3085a80b0595f3a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 18:43:00 +0100 Subject: [PATCH 14/16] Remove not TF-PSA-Cripto related symbol Signed-off-by: Gabor Mezei --- tf-psa-crypto/scripts/config.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tf-psa-crypto/scripts/config.py b/tf-psa-crypto/scripts/config.py index 474fea3953..30b6067578 100755 --- a/tf-psa-crypto/scripts/config.py +++ b/tf-psa-crypto/scripts/config.py @@ -77,7 +77,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) - 'MBEDTLS_X509_REMOVE_INFO', # removes a feature *PSA_UNSUPPORTED_FEATURE, *PSA_DEPRECATED_FEATURE, *PSA_UNSTABLE_FEATURE From 5034a1f597c98f01c2ad31cf2d43a7a37637a721 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Dec 2024 19:06:19 +0100 Subject: [PATCH 15/16] Fix PSA macro identification regexp Signed-off-by: Gabor Mezei --- scripts/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index 9e546f7671..1027f2c99c 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -397,7 +397,7 @@ class CombinedConfig(config_common.Config): for configfile in [self.mbedtls_configfile, self.crypto_configfile] for (active, name, value, section) in configfile.parse_file()}) - _crypto_regexp = re.compile(r'$PSA_.*') + _crypto_regexp = re.compile(r'^PSA_.*') def _get_configfile(self, name=None): """Find a config type for a setting name""" From d1a5bb22ce8620d9a87084339f3836b32bdcf9ee Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 9 Dec 2024 10:29:31 +0100 Subject: [PATCH 16/16] Update framework Signed-off-by: Gabor Mezei --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d4585fde2c..150bf84281 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d4585fde2c09206d594826476a715fd075716fce +Subproject commit 150bf842819e8680a2733774cdceabf60ffbe164