From e829cd6953afbd246fa0db60a296bdae8eaaec81 Mon Sep 17 00:00:00 2001 From: Archana Date: Fri, 24 Dec 2021 12:50:36 +0530 Subject: [PATCH 01/28] Driver Wrapper CodeGen Rev 1.1 (1) Add in driver jsons. (2) Improve Python scripts to take JSON file directory and template directory paths as arguments. (3) Add in file augment template files to template common functionality (4) render tempplates for Header files, ID generation and key management. (5) Changed driver ID nomenclature to be in synch with function names. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- .../data_files/driver_jsons/driverlist.json | 1 + .../mbedtls_test_opaque_driver.json | 18 ++ .../mbedtls_test_transparent_driver.json | 13 + .../driver_templates/OS-template-opaque.jinja | 10 + .../OS-template-transparent.jinja | 12 + .../psa_crypto_driver_wrappers.c.jinja | 254 ++++++++++-------- scripts/generate_driver_wrappers.py | 58 +++- tests/include/test/drivers/test_driver.h | 9 + 8 files changed, 247 insertions(+), 128 deletions(-) create mode 100644 scripts/data_files/driver_jsons/driverlist.json create mode 100644 scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json create mode 100644 scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json create mode 100644 scripts/data_files/driver_templates/OS-template-opaque.jinja create mode 100644 scripts/data_files/driver_templates/OS-template-transparent.jinja diff --git a/scripts/data_files/driver_jsons/driverlist.json b/scripts/data_files/driver_jsons/driverlist.json new file mode 100644 index 0000000000..50ad81604a --- /dev/null +++ b/scripts/data_files/driver_jsons/driverlist.json @@ -0,0 +1 @@ +["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json"] diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json new file mode 100644 index 0000000000..1322083c3f --- /dev/null +++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json @@ -0,0 +1,18 @@ +[{ + "prefix": "mbedtls_test", + "type": "opaque", + "location": "0x7fffff", + "headers": ["test/drivers/test_driver.h"], + "capabilities": [ + { + "_comment": "The mbedTLS opaque driver supports import key/export key/export_public key", + "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "entry_points": ["import_key", "export_key", "export_public_key"] + }, + { + "_comment": "The mbedTLS opaque driver supports copy key/ get builtin key", + "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "entry_points": ["copy_key","get_builtin_key"] + } + ] +}] diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json new file mode 100644 index 0000000000..dfa42340ce --- /dev/null +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -0,0 +1,13 @@ +[{ + "prefix": "mbedtls_test", + "type": "transparent", + "headers": ["test/drivers/test_driver.h"], + "capabilities": [ + { + "_comment": "The mbedTLS transparent driver supports import key/export key/export_public key", + "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "entry_points": ["import_key", "export_key", "export_public_key"], + "fallback": true + } + ] +}] diff --git a/scripts/data_files/driver_templates/OS-template-opaque.jinja b/scripts/data_files/driver_templates/OS-template-opaque.jinja new file mode 100644 index 0000000000..3d9724c947 --- /dev/null +++ b/scripts/data_files/driver_templates/OS-template-opaque.jinja @@ -0,0 +1,10 @@ +{% for driver in drivers if driver.type == "opaque" -%} +{% for capability in driver.capabilities if entry_point in capability.entry_points -%} +#if ({% if capability.depend_on is defined -%}{{ capability.depend_on }} {% else -%} {{ 1 }} {% endif %}) +{%- filter indent(width = nest_indent) %} +case {{ driver.location }}: + return({{driver.prefix}}_{{driver.type}}_{{entry_point}}({{entry_point_attributes(driver) | indent(20)}})); +{% endfilter -%} +#endif +{% endfor %} +{% endfor %} diff --git a/scripts/data_files/driver_templates/OS-template-transparent.jinja b/scripts/data_files/driver_templates/OS-template-transparent.jinja new file mode 100644 index 0000000000..017c937cb2 --- /dev/null +++ b/scripts/data_files/driver_templates/OS-template-transparent.jinja @@ -0,0 +1,12 @@ +{% for driver in drivers if driver.type == "transparent" -%} +{% for capability in driver.capabilities if entry_point in capability.entry_points -%} +#if ({% if capability.depend_on is defined -%}{{ capability.depend_on }} {% else -%} {{ 1 }} {% endif %}) +{%- filter indent(width = nest_indent) %} +status = {{driver.prefix}}_{{driver.type}}_{{entry_point}}({{entry_point_attributes(driver) | indent(20)}}); + +if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +{% endfilter -%} +#endif +{% endfor %} +{% endfor %} diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index a5ae6a29e4..3abd1eff10 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -19,6 +19,8 @@ * limitations under the License. */ + +/* BEGIN-common headers */ #include "common.h" #include "psa_crypto_aead.h" #include "psa_crypto_cipher.h" @@ -29,34 +31,30 @@ #include "psa_crypto_rsa.h" #include "mbedtls/platform.h" +/* END-common headers */ #if defined(MBEDTLS_PSA_CRYPTO_C) +/* BEGIN-driver headers */ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) - -/* Include test driver definition when running tests */ -#if defined(PSA_CRYPTO_DRIVER_TEST) -#ifndef PSA_CRYPTO_DRIVER_PRESENT -#define PSA_CRYPTO_DRIVER_PRESENT -#endif -#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#endif -#include "test/drivers/test_driver.h" -#endif /* PSA_CRYPTO_DRIVER_TEST */ - -/* Repeat above block for each JSON-declared driver during autogeneration */ +{% for driver in drivers -%} +/* Headers for {{driver.prefix}} {{driver.type}} driver */ +{% for header in driver.headers -%} +#include "{{ header }}" +{% endfor %} +{% endfor %} #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ +/* END-driver headers */ /* Auto-generated values depending on which drivers are registered. * ID 0 is reserved for unallocated operations. * ID 1 is reserved for the Mbed TLS software driver. */ +/* BEGIN-driver id definition */ #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2) -#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3) -#endif /* PSA_CRYPTO_DRIVER_TEST */ +{% for driver in drivers -%} +#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }}) +{% endfor %} +/* END-driver id */ /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -592,6 +590,16 @@ psa_status_t psa_driver_wrapper_import_key( size_t *key_buffer_length, size_t *bits ) { +{% set entry_point = "import_key" -%} +{% macro entry_point_attributes(driver) -%} +attributes, +data, +data_length, +key_buffer, +key_buffer_size, +key_buffer_length, +bits +{% endmacro %} psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); @@ -631,17 +639,13 @@ psa_status_t psa_driver_wrapper_import_key( /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_transparent_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ); - /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +/* BEGIN-Templating */ +{% with nest_indent=12 %} +{% include "OS-template-transparent.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + /* Fell through, meaning no accelerator supports this operation */ return( psa_import_key_into_slot( attributes, data, data_length, @@ -649,14 +653,11 @@ psa_status_t psa_driver_wrapper_import_key( key_buffer_length, bits ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +/* BEGIN-Templating */ +{% with nest_indent=8 %} +{% include "OS-template-opaque.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)status; @@ -671,6 +672,15 @@ psa_status_t psa_driver_wrapper_export_key( uint8_t *data, size_t data_size, size_t *data_length ) { +{% set entry_point = "export_key" -%} +{% macro entry_point_attributes(driver) -%} +attributes, +key_buffer, +key_buffer_size, +data, +data_size, +data_length +{% endmacro %} psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); @@ -707,15 +717,11 @@ psa_status_t psa_driver_wrapper_export_key( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_export_key( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +/* BEGIN-Templating */ +{% with nest_indent=8 %} +{% include "OS-template-opaque.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ @@ -729,6 +735,15 @@ psa_status_t psa_driver_wrapper_export_public_key( uint8_t *data, size_t data_size, size_t *data_length ) { +{% set entry_point = "export_public_key" -%} +{% macro entry_point_attributes(driver) -%} +attributes, +key_buffer, +key_buffer_size, +data, +data_size, +data_length +{% endmacro %} psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); @@ -759,18 +774,11 @@ psa_status_t psa_driver_wrapper_export_public_key( /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_transparent_export_public_key( - attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ); - /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +/* BEGIN-Templating */ +{% with nest_indent=12 %} +{% include "OS-template-transparent.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ return( psa_export_public_key_internal( attributes, @@ -782,15 +790,11 @@ psa_status_t psa_driver_wrapper_export_public_key( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_export_public_key( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +/* BEGIN-Templating */ +{% with nest_indent=8 %} +{% include "OS-template-opaque.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ @@ -803,15 +807,23 @@ psa_status_t psa_driver_wrapper_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { +{% set entry_point = "get_builtin_key" -%} +{% macro entry_point_attributes(driver) -%} +slot_number, +attributes, +key_buffer, +key_buffer_size, +key_buffer_length +{% endmacro %} psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) { #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_get_builtin_key( - slot_number, - attributes, - key_buffer, key_buffer_size, key_buffer_length ) ); +/* BEGIN-Templating */ +{% with nest_indent=8 %} +{% include "OS-template-opaque.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_DRIVER_TEST */ default: (void) slot_number; @@ -828,6 +840,15 @@ psa_status_t psa_driver_wrapper_copy_key( uint8_t *target_key_buffer, size_t target_key_buffer_size, size_t *target_key_buffer_length ) { +{% set entry_point = "copy_key" -%} +{% macro entry_point_attributes(driver) -%} +attributes, +source_key, +source_key_length, +target_key_buffer, +target_key_buffer_size, +target_key_buffer_length +{% endmacro %} psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -846,14 +867,11 @@ psa_status_t psa_driver_wrapper_copy_key( switch( location ) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_copy_key( attributes, source_key, - source_key_length, - target_key_buffer, - target_key_buffer_size, - target_key_buffer_length) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +/* BEGIN-Templating */ +{% with nest_indent=8 %} +{% include "OS-template-opaque.jinja" -%} +{% endwith -%} +/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)source_key; @@ -1068,7 +1086,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -1100,7 +1118,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -1141,7 +1159,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -1172,7 +1190,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -1204,12 +1222,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_cipher_set_iv( &operation->ctx.transparent_test_driver_ctx, iv, iv_length ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_cipher_set_iv( &operation->ctx.opaque_test_driver_ctx, iv, iv_length ) ); @@ -1245,13 +1263,13 @@ psa_status_t psa_driver_wrapper_cipher_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_cipher_update( &operation->ctx.transparent_test_driver_ctx, input, input_length, output, output_size, output_length ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_cipher_update( &operation->ctx.opaque_test_driver_ctx, input, input_length, @@ -1287,12 +1305,12 @@ psa_status_t psa_driver_wrapper_cipher_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_cipher_finish( &operation->ctx.transparent_test_driver_ctx, output, output_size, output_length ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_cipher_finish( &operation->ctx.opaque_test_driver_ctx, output, output_size, output_length ) ); @@ -1321,7 +1339,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: status = mbedtls_test_transparent_cipher_abort( &operation->ctx.transparent_test_driver_ctx ); mbedtls_platform_zeroize( @@ -1329,7 +1347,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( sizeof( operation->ctx.transparent_test_driver_ctx ) ); return( status ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: status = mbedtls_test_opaque_cipher_abort( &operation->ctx.opaque_test_driver_ctx ); mbedtls_platform_zeroize( @@ -1394,7 +1412,7 @@ psa_status_t psa_driver_wrapper_hash_setup( status = mbedtls_test_transparent_hash_setup( &operation->ctx.test_driver_ctx, alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -1429,8 +1447,8 @@ psa_status_t psa_driver_wrapper_hash_clone( &target_operation->ctx.mbedtls_ctx ) ); #endif #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; return( mbedtls_test_transparent_hash_clone( &source_operation->ctx.test_driver_ctx, &target_operation->ctx.test_driver_ctx ) ); @@ -1454,7 +1472,7 @@ psa_status_t psa_driver_wrapper_hash_update( input, input_length ) ); #endif #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_update( &operation->ctx.test_driver_ctx, input, input_length ) ); @@ -1480,7 +1498,7 @@ psa_status_t psa_driver_wrapper_hash_finish( hash, hash_size, hash_length ) ); #endif #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_finish( &operation->ctx.test_driver_ctx, hash, hash_size, hash_length ) ); @@ -1503,7 +1521,7 @@ psa_status_t psa_driver_wrapper_hash_abort( return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); #endif #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_abort( &operation->ctx.test_driver_ctx ) ); #endif @@ -1650,7 +1668,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; status = mbedtls_test_transparent_aead_encrypt_setup( &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, @@ -1698,7 +1716,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; status = mbedtls_test_transparent_aead_decrypt_setup( &operation->ctx.transparent_test_driver_ctx, attributes, @@ -1747,7 +1765,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_set_nonce( &operation->ctx.transparent_test_driver_ctx, nonce, nonce_length ) ); @@ -1781,7 +1799,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_set_lengths( &operation->ctx.transparent_test_driver_ctx, ad_length, plaintext_length ) ); @@ -1815,7 +1833,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_update_ad( &operation->ctx.transparent_test_driver_ctx, input, input_length ) ); @@ -1853,7 +1871,7 @@ psa_status_t psa_driver_wrapper_aead_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_update( &operation->ctx.transparent_test_driver_ctx, input, input_length, output, output_size, @@ -1897,7 +1915,7 @@ psa_status_t psa_driver_wrapper_aead_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_finish( &operation->ctx.transparent_test_driver_ctx, ciphertext, ciphertext_size, @@ -1961,7 +1979,7 @@ psa_status_t psa_driver_wrapper_aead_verify( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_verify( &operation->ctx.transparent_test_driver_ctx, plaintext, plaintext_size, @@ -1995,7 +2013,7 @@ psa_status_t psa_driver_wrapper_aead_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_aead_abort( &operation->ctx.transparent_test_driver_ctx ) ); @@ -2104,7 +2122,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -2135,7 +2153,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -2176,7 +2194,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -2207,7 +2225,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -2238,12 +2256,12 @@ psa_status_t psa_driver_wrapper_mac_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_mac_update( &operation->ctx.transparent_test_driver_ctx, input, input_length ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_mac_update( &operation->ctx.opaque_test_driver_ctx, input, input_length ) ); @@ -2272,12 +2290,12 @@ psa_status_t psa_driver_wrapper_mac_sign_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_mac_sign_finish( &operation->ctx.transparent_test_driver_ctx, mac, mac_size, mac_length ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_mac_sign_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_size, mac_length ) ); @@ -2306,12 +2324,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_mac_verify_finish( &operation->ctx.transparent_test_driver_ctx, mac, mac_length ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_mac_verify_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_length ) ); @@ -2336,10 +2354,10 @@ psa_status_t psa_driver_wrapper_mac_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_mac_abort( &operation->ctx.transparent_test_driver_ctx ) ); - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_mac_abort( &operation->ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 42331acc81..8e58b66f51 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -22,52 +22,90 @@ import sys import os +import json import argparse import jinja2 from mbedtls_dev import build_tree -def render(template_path: str) -> str: +def render(template_path: str, driver_jsoncontext: list) -> str: """ - Render template from the input file. + Render template from the input file and driver JSON. """ environment = jinja2.Environment( loader=jinja2.FileSystemLoader(os.path.dirname(template_path)), keep_trailing_newline=True) template = environment.get_template(os.path.basename(template_path)) - return template.render() + return template.render(drivers = driver_jsoncontext) -def generate_driver_wrapper_file(mbedtls_root: str, output_dir: str) -> None: + +def generate_driver_wrapper_file(template_dir: str, output_dir: str, driver_jsoncontext: list ) -> None: """ Generate the file psa_crypto_driver_wrapper.c. """ driver_wrapper_template_filename = \ - os.path.join(mbedtls_root, \ - "scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja") + os.path.join(template_dir, "psa_crypto_driver_wrappers.c.jinja") - result = render(driver_wrapper_template_filename) + result = render(driver_wrapper_template_filename, driver_jsoncontext) with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file: out_file.write(result) +def validate_mergedjson(merged_driverjson: list) -> int: + """ + Validate the merged Driver JSON for errors that we can catch early + """ + return 0 + + +def merge_driverjsonfiles(json_directory: str, jsondriverlistName: str) -> list: + """ + Merge driver JSON files into a single ordered JSON. + """ + result = list() + driverlist = list() + with open(os.path.join(json_directory, jsondriverlistName), 'r') as driverlistfile: + driverlist = json.load(driverlistfile) + for file_name in driverlist: + with open(os.path.join(json_directory, file_name), 'r') as infile: + result.extend(json.load(infile)) + + return result + + def main() -> int: """ Main with command line arguments. """ def_arg_mbedtls_root = build_tree.guess_mbedtls_root() def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library') + def_arg_template_dir = os.path.join(def_arg_mbedtls_root, 'scripts/data_files/driver_templates/') + def_arg_json_dir = os.path.join(def_arg_mbedtls_root, 'scripts/data_files/driver_jsons/') parser = argparse.ArgumentParser() parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root, help='root directory of mbedtls source code') + parser.add_argument('--template_dir', nargs='?', default=def_arg_template_dir, + help='root directory of mbedtls source code') + parser.add_argument('--json_dir', nargs='?', default=def_arg_json_dir, + help='root directory of mbedtls source code') parser.add_argument('output_directory', nargs='?', default=def_arg_output_dir, help='output file\'s location') args = parser.parse_args() - mbedtls_root = os.path.abspath(args.mbedtls_root) - output_directory = args.output_directory + mbedtls_root = os.path.abspath(args.mbedtls_root) + output_directory = args.output_directory + template_directory = args.template_dir + json_directory = args.json_dir - generate_driver_wrapper_file(mbedtls_root, output_directory) + # load list of driver jsons from driverlist.json + merged_driverjson = merge_driverjsonfiles(json_directory, 'driverlist.json') + ret = validate_mergedjson(merged_driverjson) + if ret == 1: + print("Validation failed ") + return 1 + + generate_driver_wrapper_file(template_directory, output_directory, merged_driverjson) return 0 diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 098b21abff..b3c29e4337 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -20,6 +20,14 @@ #ifndef PSA_CRYPTO_TEST_DRIVER_H #define PSA_CRYPTO_TEST_DRIVER_H +#if defined(PSA_CRYPTO_DRIVER_TEST) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif + #define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff #include "test/drivers/aead.h" @@ -30,4 +38,5 @@ #include "test/drivers/signature.h" #include "test/drivers/asymmetric_encryption.h" +#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVER_H */ From 05efa1754955e4aa0133b0bcefe113b5f26477dd Mon Sep 17 00:00:00 2001 From: Archana Date: Sun, 9 Jan 2022 09:30:32 +0530 Subject: [PATCH 02/28] JSON upgrade to give function names Function names can be provided against entry points. This helps to ensure easy migration for misnamed functions. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- .../driver_jsons/mbedtls_test_opaque_driver.json | 3 ++- .../mbedtls_test_transparent_driver.json | 12 ++++++++++-- .../driver_templates/OS-template-opaque.jinja | 4 ++++ .../driver_templates/OS-template-transparent.jinja | 4 ++++ 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json index 1322083c3f..c63e36094d 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json @@ -12,7 +12,8 @@ { "_comment": "The mbedTLS opaque driver supports copy key/ get builtin key", "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", - "entry_points": ["copy_key","get_builtin_key"] + "entry_points": ["copy_key","get_builtin_key"], + "name": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"} } ] }] diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json index dfa42340ce..1b4d615df6 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -4,10 +4,18 @@ "headers": ["test/drivers/test_driver.h"], "capabilities": [ { - "_comment": "The mbedTLS transparent driver supports import key/export key/export_public key", + "_comment": "The mbedTLS transparent driver supports import key/export key", "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", - "entry_points": ["import_key", "export_key", "export_public_key"], + "entry_points": ["import_key", "export_key"], "fallback": true + }, + { + "_comment": "The mbedTLS transparent driver supports export_public key", + "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "entry_points": ["export_public_key"], + "fallback": true, + "name": {"export_public_key":"mbedtls_test_transparent_export_public_key"} } + ] }] diff --git a/scripts/data_files/driver_templates/OS-template-opaque.jinja b/scripts/data_files/driver_templates/OS-template-opaque.jinja index 3d9724c947..f11ac770b8 100644 --- a/scripts/data_files/driver_templates/OS-template-opaque.jinja +++ b/scripts/data_files/driver_templates/OS-template-opaque.jinja @@ -3,7 +3,11 @@ #if ({% if capability.depend_on is defined -%}{{ capability.depend_on }} {% else -%} {{ 1 }} {% endif %}) {%- filter indent(width = nest_indent) %} case {{ driver.location }}: + {% if capability.name is defined and entry_point in capability.name.keys() -%} + return({{ capability.name[entry_point]}}({{entry_point_attributes(driver) | indent(20)}})); + {% else -%} return({{driver.prefix}}_{{driver.type}}_{{entry_point}}({{entry_point_attributes(driver) | indent(20)}})); + {% endif -%} {% endfilter -%} #endif {% endfor %} diff --git a/scripts/data_files/driver_templates/OS-template-transparent.jinja b/scripts/data_files/driver_templates/OS-template-transparent.jinja index 017c937cb2..4eadd1e40b 100644 --- a/scripts/data_files/driver_templates/OS-template-transparent.jinja +++ b/scripts/data_files/driver_templates/OS-template-transparent.jinja @@ -2,7 +2,11 @@ {% for capability in driver.capabilities if entry_point in capability.entry_points -%} #if ({% if capability.depend_on is defined -%}{{ capability.depend_on }} {% else -%} {{ 1 }} {% endif %}) {%- filter indent(width = nest_indent) %} +{% if capability.name is defined and entry_point in capability.name.keys() -%} +status = {{ capability.name[entry_point]}}({{entry_point_attributes(driver) | indent(20)}}); +{% else -%} status = {{driver.prefix}}_{{driver.type}}_{{entry_point}}({{entry_point_attributes(driver) | indent(20)}}); +{% endif -%} if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); From 04cfe3463953234816e89ac0954f314698616d10 Mon Sep 17 00:00:00 2001 From: Archana Date: Sun, 9 Jan 2022 13:28:28 +0530 Subject: [PATCH 03/28] JSON Validation added (1) JSON file structure altered a bit. (2) JSON validated against schema. (3) Corresponding changes in the python script. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- .../driver_jsons/driver_opaque_schema.json | 112 ++++++++++++++++++ .../driver_transparent_schema.json | 106 +++++++++++++++++ .../mbedtls_test_opaque_driver.json | 5 +- .../mbedtls_test_transparent_driver.json | 5 +- .../psa_crypto_driver_wrappers.c.jinja | 4 + scripts/generate_driver_wrappers.py | 53 ++++++--- tests/docker/bionic/Dockerfile | 4 + 7 files changed, 269 insertions(+), 20 deletions(-) create mode 100644 scripts/data_files/driver_jsons/driver_opaque_schema.json create mode 100644 scripts/data_files/driver_jsons/driver_transparent_schema.json diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json new file mode 100644 index 0000000000..53660c8e95 --- /dev/null +++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json @@ -0,0 +1,112 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "prefix": { + "type": "string" + }, + "type": { + "type": "string" + }, + "location": { + "type": "string" + }, + "dependency": { + "type": "string" + }, + "headers": { + "type": "array", + "items": [ + { + "type": "string" + } + ] + }, + "capabilities": { + "type": "array", + "items": [ + { + "type": "object", + "properties": { + "_comment": { + "type": "string" + }, + "depend_on": { + "type": "string" + }, + "entry_points": { + "type": "array", + "items": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "_comment", + "depend_on", + "entry_points" + ] + }, + { + "type": "object", + "properties": { + "_comment": { + "type": "string" + }, + "depend_on": { + "type": "string" + }, + "entry_points": { + "type": "array", + "items": [ + { + "type": "string" + }, + { + "type": "string" + } + ] + }, + "name": { + "type": "object", + "properties": { + "copy_key": { + "type": "string" + }, + "get_builtin_key": { + "type": "string" + } + }, + "required": [ + "copy_key", + "get_builtin_key" + ] + } + }, + "required": [ + "_comment", + "depend_on", + "entry_points", + "name" + ] + } + ] + } + }, + "required": [ + "prefix", + "type", + "location", + "dependency", + "headers", + "capabilities" + ] +} diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json new file mode 100644 index 0000000000..dd1178d63a --- /dev/null +++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json @@ -0,0 +1,106 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "prefix": { + "type": "string" + }, + "type": { + "type": "string" + }, + "dependency": { + "type": "string" + }, + "headers": { + "type": "array", + "items": [ + { + "type": "string" + } + ] + }, + "capabilities": { + "type": "array", + "items": [ + { + "type": "object", + "properties": { + "_comment": { + "type": "string" + }, + "depend_on": { + "type": "string" + }, + "entry_points": { + "type": "array", + "items": [ + { + "type": "string" + }, + { + "type": "string" + } + ] + }, + "fallback": { + "type": "boolean" + } + }, + "required": [ + "_comment", + "depend_on", + "entry_points", + "fallback" + ] + }, + { + "type": "object", + "properties": { + "_comment": { + "type": "string" + }, + "depend_on": { + "type": "string" + }, + "entry_points": { + "type": "array", + "items": [ + { + "type": "string" + } + ] + }, + "fallback": { + "type": "boolean" + }, + "name": { + "type": "object", + "properties": { + "export_public_key": { + "type": "string" + } + }, + "required": [ + "export_public_key" + ] + } + }, + "required": [ + "_comment", + "depend_on", + "entry_points", + "fallback", + "name" + ] + } + ] + } + }, + "required": [ + "prefix", + "type", + "dependency", + "headers", + "capabilities" + ] +} diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json index c63e36094d..3747404559 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json @@ -1,7 +1,8 @@ -[{ +{ "prefix": "mbedtls_test", "type": "opaque", "location": "0x7fffff", + "dependency": "defined(PSA_CRYPTO_DRIVER_TEST)", "headers": ["test/drivers/test_driver.h"], "capabilities": [ { @@ -16,4 +17,4 @@ "name": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"} } ] -}] +} diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json index 1b4d615df6..52f6cd3006 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -1,6 +1,7 @@ -[{ +{ "prefix": "mbedtls_test", "type": "transparent", + "dependency": "defined(PSA_CRYPTO_DRIVER_TEST)", "headers": ["test/drivers/test_driver.h"], "capabilities": [ { @@ -18,4 +19,4 @@ } ] -}] +} diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 3abd1eff10..bea02a506c 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -39,9 +39,13 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) {% for driver in drivers -%} /* Headers for {{driver.prefix}} {{driver.type}} driver */ +{% if driver.dependency is defined -%} +#if {{ driver.dependency }} +{% endif -%} {% for header in driver.headers -%} #include "{{ header }}" {% endfor %} +#endif {% endfor %} #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* END-driver headers */ diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 8e58b66f51..260be7edd8 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -23,6 +23,8 @@ import sys import os import json +from jsonschema import validate +from typing import Tuple import argparse import jinja2 from mbedtls_dev import build_tree @@ -51,26 +53,48 @@ def generate_driver_wrapper_file(template_dir: str, output_dir: str, driver_json with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file: out_file.write(result) -def validate_mergedjson(merged_driverjson: list) -> int: - """ - Validate the merged Driver JSON for errors that we can catch early - """ - return 0 - -def merge_driverjsonfiles(json_directory: str, jsondriverlistName: str) -> list: +def validate_json(driverjson_data: list, driverschema: list) -> bool: """ - Merge driver JSON files into a single ordered JSON. + Validate the Driver JSON against schema + """ + try: + validate(instance = driverjson_data, schema = driverschema) + except jsonschema.exceptions.ValidationError as err: + print(err) + err = "The driver JSON data is InValid" + return False + + message = "The driver JSON data is Valid" + return True + +def merge_driverjsonfiles(mbedtls_root: str, json_directory: str, jsondriverlistName: str) -> Tuple[bool,list]: + """ + Merge driver JSON files into a single ordered JSON after validation. """ result = list() driverlist = list() + with open(os.path.join(mbedtls_root, 'scripts/data_files/driver_jsons/driver_transparent_schema.json'), 'r') as file: + transparent_driver_schema = json.load(file) + with open(os.path.join(mbedtls_root, 'scripts/data_files/driver_jsons/driver_opaque_schema.json'), 'r') as file: + opaque_driver_schema = json.load(file) + with open(os.path.join(json_directory, jsondriverlistName), 'r') as driverlistfile: driverlist = json.load(driverlistfile) for file_name in driverlist: with open(os.path.join(json_directory, file_name), 'r') as infile: - result.extend(json.load(infile)) - - return result + json_data = json.load(infile) + if json_data['type'] == 'transparent': + ret = validate_json(json_data, transparent_driver_schema) + elif json_data['type'] == 'opaque': + ret = validate_json(json_data, opaque_driver_schema) + else: + ret = False + print("Unknown Driver type") + if ret == False: + return ret, [] + result.append(json_data) + return True, result def main() -> int: @@ -99,12 +123,9 @@ def main() -> int: json_directory = args.json_dir # load list of driver jsons from driverlist.json - merged_driverjson = merge_driverjsonfiles(json_directory, 'driverlist.json') - ret = validate_mergedjson(merged_driverjson) - if ret == 1: - print("Validation failed ") + ret, merged_driverjson = merge_driverjsonfiles(mbedtls_root, json_directory, 'driverlist.json') + if ret == False: return 1 - generate_driver_wrapper_file(template_directory, output_directory, merged_driverjson) return 0 diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index 28d33b7553..5580679754 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -64,6 +64,10 @@ RUN apt-get update \ RUN python3 -m pip install \ jinja2==2.10.1 types-jinja2 + +RUN python3 -m pip install \ + jsonschema + # Build a static, legacy openssl from sources with sslv3 enabled # Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) # Note: openssl-1.0.2 and earlier has known build issues with parallel make. From 314380564c7407200b42b0ddb99a6d5ee2d899b1 Mon Sep 17 00:00:00 2001 From: Archana Date: Sun, 9 Jan 2022 15:01:20 +0530 Subject: [PATCH 04/28] PyLint errors fixed Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 40 +++++++++++++++++------------ 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 260be7edd8..3b6032028b 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -23,9 +23,10 @@ import sys import os import json -from jsonschema import validate from typing import Tuple import argparse +import jsonschema +from jsonschema import validate import jinja2 from mbedtls_dev import build_tree @@ -38,10 +39,11 @@ def render(template_path: str, driver_jsoncontext: list) -> str: keep_trailing_newline=True) template = environment.get_template(os.path.basename(template_path)) - return template.render(drivers = driver_jsoncontext) + return template.render(drivers=driver_jsoncontext) -def generate_driver_wrapper_file(template_dir: str, output_dir: str, driver_jsoncontext: list ) -> None: +def generate_driver_wrapper_file(template_dir: str, \ + output_dir: str, driver_jsoncontext: list) -> None: """ Generate the file psa_crypto_driver_wrapper.c. """ @@ -59,27 +61,29 @@ def validate_json(driverjson_data: list, driverschema: list) -> bool: Validate the Driver JSON against schema """ try: - validate(instance = driverjson_data, schema = driverschema) + validate(instance=driverjson_data, schema=driverschema) except jsonschema.exceptions.ValidationError as err: print(err) - err = "The driver JSON data is InValid" + print("The driver JSON data is InValid") return False - message = "The driver JSON data is Valid" return True -def merge_driverjsonfiles(mbedtls_root: str, json_directory: str, jsondriverlistName: str) -> Tuple[bool,list]: +def merge_driverjsonfiles(mbedtls_root: str, json_directory: str, \ + jsondriver_list: str) -> Tuple[bool, list]: """ Merge driver JSON files into a single ordered JSON after validation. """ result = list() driverlist = list() - with open(os.path.join(mbedtls_root, 'scripts/data_files/driver_jsons/driver_transparent_schema.json'), 'r') as file: + with open(os.path.join(mbedtls_root, \ + 'scripts/data_files/driver_jsons/driver_transparent_schema.json'), 'r') as file: transparent_driver_schema = json.load(file) - with open(os.path.join(mbedtls_root, 'scripts/data_files/driver_jsons/driver_opaque_schema.json'), 'r') as file: + with open(os.path.join(mbedtls_root, \ + 'scripts/data_files/driver_jsons/driver_opaque_schema.json'), 'r') as file: opaque_driver_schema = json.load(file) - with open(os.path.join(json_directory, jsondriverlistName), 'r') as driverlistfile: + with open(os.path.join(json_directory, jsondriver_list), 'r') as driverlistfile: driverlist = json.load(driverlistfile) for file_name in driverlist: with open(os.path.join(json_directory, file_name), 'r') as infile: @@ -91,7 +95,7 @@ def merge_driverjsonfiles(mbedtls_root: str, json_directory: str, jsondriverlist else: ret = False print("Unknown Driver type") - if ret == False: + if ret is False: return ret, [] result.append(json_data) return True, result @@ -103,8 +107,10 @@ def main() -> int: """ def_arg_mbedtls_root = build_tree.guess_mbedtls_root() def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library') - def_arg_template_dir = os.path.join(def_arg_mbedtls_root, 'scripts/data_files/driver_templates/') - def_arg_json_dir = os.path.join(def_arg_mbedtls_root, 'scripts/data_files/driver_jsons/') + def_arg_template_dir = os.path.join(def_arg_mbedtls_root, \ + 'scripts/data_files/driver_templates/') + def_arg_json_dir = os.path.join(def_arg_mbedtls_root, \ + 'scripts/data_files/driver_jsons/') parser = argparse.ArgumentParser() parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root, @@ -117,14 +123,14 @@ def main() -> int: default=def_arg_output_dir, help='output file\'s location') args = parser.parse_args() - mbedtls_root = os.path.abspath(args.mbedtls_root) - output_directory = args.output_directory + mbedtls_root = os.path.abspath(args.mbedtls_root) + output_directory = args.output_directory template_directory = args.template_dir - json_directory = args.json_dir + json_directory = args.json_dir # load list of driver jsons from driverlist.json ret, merged_driverjson = merge_driverjsonfiles(mbedtls_root, json_directory, 'driverlist.json') - if ret == False: + if ret is False: return 1 generate_driver_wrapper_file(template_directory, output_directory, merged_driverjson) From 25876b8abb288d64a156e7a3d51df0f2ac575dc3 Mon Sep 17 00:00:00 2001 From: Archana Date: Mon, 10 Jan 2022 01:55:26 +0530 Subject: [PATCH 05/28] Adding JSONSchema to CI scripts jsonschema is added to the ci scripts and Dockerfile Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- scripts/driver.requirements.txt | 4 +++- tests/docker/bionic/Dockerfile | 9 +++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt index 38838f58bc..2a1bef7e67 100644 --- a/scripts/driver.requirements.txt +++ b/scripts/driver.requirements.txt @@ -13,4 +13,6 @@ markupsafe < 2.1 Jinja2 >= 2.10.1 # Jinja2 >=2.10, <3.0 needs a separate package for type annotations types-Jinja2 - +# jsonschema > 3.2.0 is not compatible with Python 3.5, force 3.2.0 +jsonschema >= 3.2.0 +types-jsonschema diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index 5580679754..8fa58143eb 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -60,13 +60,10 @@ RUN apt-get update \ pkg-config \ && rm -rf /var/lib/apt/lists/* -# Jinja2 is required for driver dispatch code generation. +# Jinja2 and jsonschema is required for driver dispatch code generation. RUN python3 -m pip install \ - jinja2==2.10.1 types-jinja2 - - -RUN python3 -m pip install \ - jsonschema + jinja2==2.10.1 types-jinja2 \ + jsonschema==3.2.0 types-jsonschema # Build a static, legacy openssl from sources with sslv3 enabled # Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) From 634e0d25cb9e75c54c72391be28da4c2f7a1def0 Mon Sep 17 00:00:00 2001 From: Archana Date: Mon, 10 Jan 2022 17:37:42 +0530 Subject: [PATCH 06/28] Update check_names.py to exclude autogen file Don't look for MBED keywords on the autogenerated psa_crypto_driver_wrappers.c file. This is needed since the naming of constants is dependent on the driver json and the naming conventions used through the library is stuck at a place where it does not swing either way ( mbedtls_ / psa_). Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- tests/scripts/check_names.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 8bb4923b77..2e39271306 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -279,7 +279,7 @@ class CodeParser(): "library/*.c", "3rdparty/everest/library/everest.c", "3rdparty/everest/library/x25519.c" - ]) + ], ["library/psa_crypto_driver_wrappers.c"]) symbols = self.parse_symbols() # Remove identifier macros like mbedtls_printf or mbedtls_calloc From e17071a5ee1bcce1e3a6e239b4b60424796b001d Mon Sep 17 00:00:00 2001 From: Archana Date: Tue, 11 Jan 2022 02:40:46 +0530 Subject: [PATCH 07/28] Update Dockerfile with missing packages Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- tests/docker/bionic/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index 8fa58143eb..4b5739cce7 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -60,6 +60,11 @@ RUN apt-get update \ pkg-config \ && rm -rf /var/lib/apt/lists/* +# The following packages are required for validating Python files. +# The version of Pylint is set to 2.4.4 to match CI. +RUN python3 -m pip install \ + packaging mypy pylint==2.4.4 + # Jinja2 and jsonschema is required for driver dispatch code generation. RUN python3 -m pip install \ jinja2==2.10.1 types-jinja2 \ From fdbbcba3eb771fb0aae8679448a09678709aa93c Mon Sep 17 00:00:00 2001 From: Archana Date: Sun, 27 Feb 2022 05:38:55 +0530 Subject: [PATCH 08/28] JSONschema and python improvements * JSON Schema manually updated to be more semantically valid. * Python script improved to be more verbose with exceptions * Templating file improved by adding an additional macro. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- .../driver_jsons/driver_opaque_schema.json | 90 ++++++----------- .../driver_transparent_schema.json | 92 ++++++----------- .../mbedtls_test_opaque_driver.json | 12 +-- .../mbedtls_test_transparent_driver.json | 10 +- .../driver_templates/OS-template-opaque.jinja | 15 +-- .../OS-template-transparent.jinja | 15 +-- .../psa_crypto_driver_wrappers.c.jinja | 28 ++++-- scripts/generate_driver_wrappers.py | 99 +++++++++++++------ 8 files changed, 176 insertions(+), 185 deletions(-) diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json index 53660c8e95..4a769f0bda 100644 --- a/scripts/data_files/driver_jsons/driver_opaque_schema.json +++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json @@ -2,25 +2,31 @@ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { - "prefix": { + "_comment": { "type": "string" }, + "prefix": { + "type": "string", + "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$" + }, "type": { - "type": "string" + "type": "string", + "const": ["opaque"] }, "location": { - "type": "string" + "type": ["integer","string"], + "pattern": "^(0x|0X)?[a-fA-F0-9]+$" }, - "dependency": { + "mbedtls/h_depend_on": { "type": "string" }, "headers": { "type": "array", - "items": [ - { + "items": { "type": "string" - } - ] + }, + "minItems": 1, + "uniqueItems": true }, "capabilities": { "type": "array", @@ -31,71 +37,33 @@ "_comment": { "type": "string" }, - "depend_on": { + "mbedtls/c_depend_on": { "type": "string" }, "entry_points": { "type": "array", - "items": [ - { - "type": "string" + "items": { + "type": "string", + "enum": ["import_key", "export_key", "export_public_key", + "copy_key", "get_builtin_key"] }, - { - "type": "string" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "_comment", - "depend_on", - "entry_points" - ] - }, - { - "type": "object", - "properties": { - "_comment": { - "type": "string" - }, - "depend_on": { - "type": "string" - }, - "entry_points": { - "type": "array", - "items": [ - { - "type": "string" - }, - { - "type": "string" - } - ] + "minItems": 1, + "uniqueItems": true }, "name": { "type": "object", - "properties": { - "copy_key": { - "type": "string" - }, - "get_builtin_key": { - "type": "string" + "patternProperties": { + "^[A-Z_a-z][0-9A-Z_a-z]*$": { + "type": "string", + "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$" } }, - "required": [ - "copy_key", - "get_builtin_key" - ] + "minItems": 1, + "uniqueItems": true } }, "required": [ - "_comment", - "depend_on", - "entry_points", - "name" + "entry_points" ] } ] @@ -105,8 +73,6 @@ "prefix", "type", "location", - "dependency", - "headers", "capabilities" ] } diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json index dd1178d63a..bf86ceb614 100644 --- a/scripts/data_files/driver_jsons/driver_transparent_schema.json +++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json @@ -2,22 +2,27 @@ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { - "prefix": { + "_comment": { "type": "string" }, + "prefix": { + "type": "string", + "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$" + }, "type": { - "type": "string" + "type": "string", + "const": ["transparent"] }, - "dependency": { + "mbedtls/h_depend_on": { "type": "string" }, "headers": { "type": "array", - "items": [ - { + "items": { "type": "string" - } - ] + }, + "minItems": 1, + "uniqueItems": true }, "capabilities": { "type": "array", @@ -28,79 +33,46 @@ "_comment": { "type": "string" }, - "depend_on": { + "mbedtls/c_depend_on": { "type": "string" }, "entry_points": { "type": "array", - "items": [ - { - "type": "string" + "items": { + "type": "string", + "enum": ["import_key", "export_key", "export_public_key", + "copy_key", "get_builtin_key"] }, - { - "type": "string" - } - ] - }, - "fallback": { - "type": "boolean" - } - }, - "required": [ - "_comment", - "depend_on", - "entry_points", - "fallback" - ] - }, - { - "type": "object", - "properties": { - "_comment": { - "type": "string" - }, - "depend_on": { - "type": "string" - }, - "entry_points": { - "type": "array", - "items": [ - { - "type": "string" - } - ] - }, - "fallback": { - "type": "boolean" + "minItems": 1, + "uniqueItems": true }, "name": { "type": "object", - "properties": { - "export_public_key": { - "type": "string" + "patternProperties": { + "^[A-Z_a-z][0-9A-Z_a-z]*$": { + "type": "string", + "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$" } }, - "required": [ - "export_public_key" - ] + "minItems": 1, + "uniqueItems": true + }, + "fallback": { + "type": "boolean", + "default": "false" } }, "required": [ - "_comment", - "depend_on", - "entry_points", - "fallback", - "name" + "entry_points" ] } - ] + ], + "default": [] } }, "required": [ "prefix", "type", - "dependency", - "headers", "capabilities" ] } diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json index 3747404559..a38287d5ad 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json @@ -2,18 +2,18 @@ "prefix": "mbedtls_test", "type": "opaque", "location": "0x7fffff", - "dependency": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/h_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "headers": ["test/drivers/test_driver.h"], "capabilities": [ { - "_comment": "The mbedTLS opaque driver supports import key/export key/export_public key", - "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "_comment": "The Mbed TLS opaque driver supports import key/export key/export_public key", + "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["import_key", "export_key", "export_public_key"] }, { - "_comment": "The mbedTLS opaque driver supports copy key/ get builtin key", - "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", - "entry_points": ["copy_key","get_builtin_key"], + "_comment": "The Mbed TLS opaque driver supports copy key/ get builtin key", + "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "entry_points": ["copy_key", "get_builtin_key"], "name": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"} } ] diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json index 52f6cd3006..5c9b9feac0 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -1,18 +1,18 @@ { "prefix": "mbedtls_test", "type": "transparent", - "dependency": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/h_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "headers": ["test/drivers/test_driver.h"], "capabilities": [ { - "_comment": "The mbedTLS transparent driver supports import key/export key", - "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "_comment": "The Mbed TLS transparent driver supports import key/export key", + "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["import_key", "export_key"], "fallback": true }, { - "_comment": "The mbedTLS transparent driver supports export_public key", - "depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "_comment": "The Mbed TLS transparent driver supports export_public key", + "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["export_public_key"], "fallback": true, "name": {"export_public_key":"mbedtls_test_transparent_export_public_key"} diff --git a/scripts/data_files/driver_templates/OS-template-opaque.jinja b/scripts/data_files/driver_templates/OS-template-opaque.jinja index f11ac770b8..115e22c860 100644 --- a/scripts/data_files/driver_templates/OS-template-opaque.jinja +++ b/scripts/data_files/driver_templates/OS-template-opaque.jinja @@ -1,13 +1,16 @@ +{# One Shot function's dispatch code for opaque drivers. +Expected inputs: +* drivers: the list of driver descriptions. +* entry_point: the name of the entry point that this function dispatches to. +* entry_point_param(driver): the parameters to pass to the entry point. +* nest_indent: number of extra spaces to indent the code to. +-#} {% for driver in drivers if driver.type == "opaque" -%} {% for capability in driver.capabilities if entry_point in capability.entry_points -%} -#if ({% if capability.depend_on is defined -%}{{ capability.depend_on }} {% else -%} {{ 1 }} {% endif %}) +#if ({% if capability['mbedtls/c_depend_on'] is defined -%}{{ capability['mbedtls/c_depend_on'] }} {% else -%} {{ 1 }} {% endif %}) {%- filter indent(width = nest_indent) %} case {{ driver.location }}: - {% if capability.name is defined and entry_point in capability.name.keys() -%} - return({{ capability.name[entry_point]}}({{entry_point_attributes(driver) | indent(20)}})); - {% else -%} - return({{driver.prefix}}_{{driver.type}}_{{entry_point}}({{entry_point_attributes(driver) | indent(20)}})); - {% endif -%} + return( {{ entry_point_name(capability, entry_point, driver) }}({{entry_point_param(driver) | indent(20)}})); {% endfilter -%} #endif {% endfor %} diff --git a/scripts/data_files/driver_templates/OS-template-transparent.jinja b/scripts/data_files/driver_templates/OS-template-transparent.jinja index 4eadd1e40b..9ba115568b 100644 --- a/scripts/data_files/driver_templates/OS-template-transparent.jinja +++ b/scripts/data_files/driver_templates/OS-template-transparent.jinja @@ -1,12 +1,15 @@ +{# One Shot function's dispatch code for transparent drivers. +Expected inputs: +* drivers: the list of driver descriptions. +* entry_point: the name of the entry point that this function dispatches to. +* entry_point_param(driver): the parameters to pass to the entry point. +* nest_indent: number of extra spaces to indent the code to. +-#} {% for driver in drivers if driver.type == "transparent" -%} {% for capability in driver.capabilities if entry_point in capability.entry_points -%} -#if ({% if capability.depend_on is defined -%}{{ capability.depend_on }} {% else -%} {{ 1 }} {% endif %}) +#if ({% if capability['mbedtls/c_depend_on'] is defined -%}{{ capability['mbedtls/c_depend_on'] }} {% else -%} {{ 1 }} {% endif %}) {%- filter indent(width = nest_indent) %} -{% if capability.name is defined and entry_point in capability.name.keys() -%} -status = {{ capability.name[entry_point]}}({{entry_point_attributes(driver) | indent(20)}}); -{% else -%} -status = {{driver.prefix}}_{{driver.type}}_{{entry_point}}({{entry_point_attributes(driver) | indent(20)}}); -{% endif -%} +status = {{ entry_point_name(capability, entry_point, driver) }}({{entry_point_param(driver) | indent(20)}}); if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index bea02a506c..b90a9c89d1 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -1,7 +1,7 @@ /* * Functions to delegate cryptographic operations to an available * and appropriate accelerator. - * Warning: This file will be auto-generated in the future. + * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -39,13 +39,15 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) {% for driver in drivers -%} /* Headers for {{driver.prefix}} {{driver.type}} driver */ -{% if driver.dependency is defined -%} -#if {{ driver.dependency }} +{% if driver['mbedtls/h_depend_on'] is defined -%} +#if {{ driver['mbedtls/h_depend_on'] }} {% endif -%} {% for header in driver.headers -%} #include "{{ header }}" {% endfor %} +{% if driver['mbedtls/h_depend_on'] is defined -%} #endif +{% endif -%} {% endfor %} #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* END-driver headers */ @@ -60,6 +62,16 @@ {% endfor %} /* END-driver id */ +/* BEGIN-Common Macro definitions */ +{% macro entry_point_name(capability, entry_point, driver) -%} + {% if capability.name is defined and entry_point in capability.name.keys() -%} + {{ capability.name[entry_point]}} + {% else -%} + {{driver.prefix}}_{{driver.type}}_{{entry_point}} + {% endif -%} +{% endmacro %} +/* END-Common Macro definitions */ + /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style @@ -595,7 +607,7 @@ psa_status_t psa_driver_wrapper_import_key( size_t *bits ) { {% set entry_point = "import_key" -%} -{% macro entry_point_attributes(driver) -%} +{% macro entry_point_param(driver) -%} attributes, data, data_length, @@ -677,7 +689,7 @@ psa_status_t psa_driver_wrapper_export_key( { {% set entry_point = "export_key" -%} -{% macro entry_point_attributes(driver) -%} +{% macro entry_point_param(driver) -%} attributes, key_buffer, key_buffer_size, @@ -740,7 +752,7 @@ psa_status_t psa_driver_wrapper_export_public_key( { {% set entry_point = "export_public_key" -%} -{% macro entry_point_attributes(driver) -%} +{% macro entry_point_param(driver) -%} attributes, key_buffer, key_buffer_size, @@ -812,7 +824,7 @@ psa_status_t psa_driver_wrapper_get_builtin_key( uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { {% set entry_point = "get_builtin_key" -%} -{% macro entry_point_attributes(driver) -%} +{% macro entry_point_param(driver) -%} slot_number, attributes, key_buffer, @@ -845,7 +857,7 @@ psa_status_t psa_driver_wrapper_copy_key( size_t *target_key_buffer_length ) { {% set entry_point = "copy_key" -%} -{% macro entry_point_attributes(driver) -%} +{% macro entry_point_param(driver) -%} attributes, source_key, source_key_length, diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 3b6032028b..3d9be88e2f 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -23,13 +23,15 @@ import sys import os import json -from typing import Tuple +from typing import Tuple, NewType import argparse import jsonschema -from jsonschema import validate import jinja2 from mbedtls_dev import build_tree +JSONSchema = NewType('JSONSchema', object) +Driver = NewType('Driver', object) + def render(template_path: str, driver_jsoncontext: list) -> str: """ Render template from the input file and driver JSON. @@ -56,45 +58,68 @@ def generate_driver_wrapper_file(template_dir: str, \ out_file.write(result) -def validate_json(driverjson_data: list, driverschema: list) -> bool: +def validate_json(driverjson_data: Driver, driverschema_list: dict) -> bool: """ - Validate the Driver JSON against schema + Validate the Driver JSON against an appropriate schema + the schema passed could be that matching an opaque/ transparent driver. """ + + driver_type = driverjson_data["type"] + driver_prefix = driverjson_data["prefix"] try: - validate(instance=driverjson_data, schema=driverschema) + _schema = driverschema_list[driver_type] + jsonschema.validate(instance=driverjson_data, schema=_schema) + + except KeyError as err: + # This could happen if the driverjson_data.type does not exist in the passed in schema list + # schemas = {'transparent': transparent_driver_schema, 'opaque': opaque_driver_schema} + # Print onto stdout and stderr. + print("Unknown Driver type " + driver_type + + " for driver " + driver_prefix, str(err)) + print("Unknown Driver type " + driver_type + + " for driver " + driver_prefix, str(err), file=sys.stderr) + return False + except jsonschema.exceptions.ValidationError as err: - print(err) - print("The driver JSON data is InValid") + # Print onto stdout and stderr. + print("Error: Failed to validate data file: {} using schema: {}." + "\n Exception Message: \"{}\"" + " ".format(driverjson_data, _schema, str(err))) + print("Error: Failed to validate data file: {} using schema: {}." + "\n Exception Message: \"{}\"" + " ".format(driverjson_data, _schema, str(err)), file=sys.stderr) return False return True -def merge_driverjsonfiles(mbedtls_root: str, json_directory: str, \ +def read_driver_descriptions(mbedtls_root: str, json_directory: str, \ jsondriver_list: str) -> Tuple[bool, list]: """ Merge driver JSON files into a single ordered JSON after validation. """ - result = list() - driverlist = list() - with open(os.path.join(mbedtls_root, \ - 'scripts/data_files/driver_jsons/driver_transparent_schema.json'), 'r') as file: + result = [] + with open(os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons', + 'driver_transparent_schema.json'), 'r') as file: transparent_driver_schema = json.load(file) - with open(os.path.join(mbedtls_root, \ - 'scripts/data_files/driver_jsons/driver_opaque_schema.json'), 'r') as file: + with open(os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons', + 'driver_opaque_schema.json'), 'r') as file: opaque_driver_schema = json.load(file) + driver_schema_list = {'transparent':transparent_driver_schema, + 'opaque':opaque_driver_schema} + with open(os.path.join(json_directory, jsondriver_list), 'r') as driverlistfile: driverlist = json.load(driverlistfile) for file_name in driverlist: with open(os.path.join(json_directory, file_name), 'r') as infile: json_data = json.load(infile) - if json_data['type'] == 'transparent': - ret = validate_json(json_data, transparent_driver_schema) - elif json_data['type'] == 'opaque': - ret = validate_json(json_data, opaque_driver_schema) - else: - ret = False - print("Unknown Driver type") + ret = validate_json(json_data, driver_schema_list) if ret is False: return ret, [] result.append(json_data) @@ -104,35 +129,45 @@ def merge_driverjsonfiles(mbedtls_root: str, json_directory: str, \ def main() -> int: """ Main with command line arguments. + returns 1 when read_driver_descriptions returns False """ def_arg_mbedtls_root = build_tree.guess_mbedtls_root() def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library') - def_arg_template_dir = os.path.join(def_arg_mbedtls_root, \ - 'scripts/data_files/driver_templates/') - def_arg_json_dir = os.path.join(def_arg_mbedtls_root, \ - 'scripts/data_files/driver_jsons/') + def_arg_template_dir = os.path.join(def_arg_mbedtls_root, + 'scripts', + 'data_files', + 'driver_templates') + def_arg_json_dir = os.path.join(def_arg_mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons') parser = argparse.ArgumentParser() parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root, help='root directory of mbedtls source code') - parser.add_argument('--template_dir', nargs='?', default=def_arg_template_dir, + parser.add_argument('--template-dir', nargs='?', default=def_arg_template_dir, help='root directory of mbedtls source code') - parser.add_argument('--json_dir', nargs='?', default=def_arg_json_dir, + parser.add_argument('--json-dir', nargs='?', default=def_arg_json_dir, help='root directory of mbedtls source code') - parser.add_argument('output_directory', nargs='?', + parser.add_argument('output-directory', nargs='?', default=def_arg_output_dir, help='output file\'s location') args = parser.parse_args() mbedtls_root = os.path.abspath(args.mbedtls_root) - output_directory = args.output_directory + output_directory = def_arg_output_dir + if args.template_dir is None: + args.template_dir = os.path.join(args.mbedtls_root, def_arg_template_dir) template_directory = args.template_dir + if args.json_dir is None: + args.json_dir = os.path.join(args.mbedtls_root, def_arg_json_dir) json_directory = args.json_dir - # load list of driver jsons from driverlist.json - ret, merged_driverjson = merge_driverjsonfiles(mbedtls_root, json_directory, 'driverlist.json') + # Read and validate list of driver jsons from driverlist.json + ret, merged_driver_json = read_driver_descriptions(mbedtls_root, json_directory, + 'driverlist.json') if ret is False: return 1 - generate_driver_wrapper_file(template_directory, output_directory, merged_driverjson) + generate_driver_wrapper_file(template_directory, output_directory, merged_driver_json) return 0 From a78dc70a502da2e3096861975052fbb0498e2429 Mon Sep 17 00:00:00 2001 From: Archana Date: Sun, 13 Mar 2022 17:57:45 +0530 Subject: [PATCH 09/28] Fix JsonObject type for MyPy Workaround a MyPy error by marking the driver json Object as of type dict and indexable. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 3d9be88e2f..3c71202d3b 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -30,7 +30,9 @@ import jinja2 from mbedtls_dev import build_tree JSONSchema = NewType('JSONSchema', object) -Driver = NewType('Driver', object) +# The Driver is an Object, but practically it's indexable and can called a dictionary to +# keep MyPy happy till MyPy comes with a more composite type for JsonObjects. +Driver = NewType('Driver', dict) def render(template_path: str, driver_jsoncontext: list) -> str: """ @@ -63,7 +65,6 @@ def validate_json(driverjson_data: Driver, driverschema_list: dict) -> bool: Validate the Driver JSON against an appropriate schema the schema passed could be that matching an opaque/ transparent driver. """ - driver_type = driverjson_data["type"] driver_prefix = driverjson_data["prefix"] try: From 46886247ad6ec8ec20a96476077639c273efbb3e Mon Sep 17 00:00:00 2001 From: Archana Date: Sun, 13 Mar 2022 19:49:11 +0530 Subject: [PATCH 10/28] Driver Wrappers code gen migration guide updated. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- ...-driver-wrappers-codegen-migration-guide.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md index 4f82bedd54..222788322a 100644 --- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md +++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md @@ -13,20 +13,28 @@ During the process of implementation there might be minor variations wrt version ## Prerequisites -Python3 and Jinja2 rev 2.10.1 +Python3, Jinja2 rev 2.10.1 and jsonschema rev 3.2.0 ## Feature Version -1.0 +1.1 ### What's critical for a migrating user The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver descrioption JSON file(s). -While that is the larger goal, for version 1.0 here's what's changed +While that is the larger goal, for version 1.1 here's what's changed #### What's changed (1) psa_crypto_driver_wrappers.c will from this point on be auto generated. -(2) The auto generation is based on the template file at scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja. -(3) So while all driver wrapper templating support is yet to come in, the library user will need to patch into the template file as needed, this could be read as replacing the template file with the current psa_crypto_driver_wrappers.c file maintained by the library user. +(2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja**. +(3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.c file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py. +(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.c file, the userwill need to patch into the template file as needed (psa_crypto_driver_wrappers.c.jinja). + +#### How to set your driver up + +Please refer to psa-driver-interface.md for information on how a driver schema can be written. +One can also refer to the example test drivers/ JSON schemas under **scripts/data_files/driver_jsons/**. + +The JSON file 'driverlist.json' is meant to be edited by the user to reftlect the drivers one wants to use on a device. The order in which the drivers are passed is also essential if/when there are multiple transparent drivers on a given system to retain the same order in the templating. From 01aa39e3ff189fff96022c965c126f02c737ba03 Mon Sep 17 00:00:00 2001 From: Archana Date: Mon, 14 Mar 2022 15:29:00 +0530 Subject: [PATCH 11/28] Arg parse improvements Arg parse improved to update the input params path relative to mbedtls_root passed, if the other params are not explicitly passed. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 34 ++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 3c71202d3b..c025ed3296 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -133,34 +133,34 @@ def main() -> int: returns 1 when read_driver_descriptions returns False """ def_arg_mbedtls_root = build_tree.guess_mbedtls_root() - def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library') - def_arg_template_dir = os.path.join(def_arg_mbedtls_root, - 'scripts', - 'data_files', - 'driver_templates') - def_arg_json_dir = os.path.join(def_arg_mbedtls_root, - 'scripts', - 'data_files', - 'driver_jsons') parser = argparse.ArgumentParser() parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root, help='root directory of mbedtls source code') - parser.add_argument('--template-dir', nargs='?', default=def_arg_template_dir, + parser.add_argument('--template-dir', nargs='?', help='root directory of mbedtls source code') - parser.add_argument('--json-dir', nargs='?', default=def_arg_json_dir, + parser.add_argument('--json-dir', nargs='?', help='root directory of mbedtls source code') - parser.add_argument('output-directory', nargs='?', - default=def_arg_output_dir, help='output file\'s location') + parser.add_argument('output_directory', nargs='?', + help='output file\'s location') args = parser.parse_args() mbedtls_root = os.path.abspath(args.mbedtls_root) - output_directory = def_arg_output_dir if args.template_dir is None: - args.template_dir = os.path.join(args.mbedtls_root, def_arg_template_dir) - template_directory = args.template_dir + args.template_dir = os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_templates') if args.json_dir is None: - args.json_dir = os.path.join(args.mbedtls_root, def_arg_json_dir) + args.json_dir = os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons') + if args.output_directory is None: + args.output_directory = os.path.join(mbedtls_root, 'library') + + output_directory = args.output_directory + template_directory = args.template_dir json_directory = args.json_dir # Read and validate list of driver jsons from driverlist.json From 22c78278763661f92513dc40bb847464bf0cbd4d Mon Sep 17 00:00:00 2001 From: Archana Date: Mon, 11 Apr 2022 10:12:08 +0530 Subject: [PATCH 12/28] Schema and script improvements Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- .../driver_jsons/driver_opaque_schema.json | 17 +++------- .../driver_transparent_schema.json | 20 ++++------- .../mbedtls_test_opaque_driver.json | 2 +- .../mbedtls_test_transparent_driver.json | 2 +- .../psa_crypto_driver_wrappers.c.jinja | 34 +++++++------------ scripts/generate_driver_wrappers.py | 10 +++--- 6 files changed, 30 insertions(+), 55 deletions(-) diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json index 4a769f0bda..946977eb7e 100644 --- a/scripts/data_files/driver_jsons/driver_opaque_schema.json +++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json @@ -25,8 +25,7 @@ "items": { "type": "string" }, - "minItems": 1, - "uniqueItems": true + "default": [] }, "capabilities": { "type": "array", @@ -43,23 +42,17 @@ "entry_points": { "type": "array", "items": { - "type": "string", - "enum": ["import_key", "export_key", "export_public_key", - "copy_key", "get_builtin_key"] - }, - "minItems": 1, - "uniqueItems": true + "type": "string" + } }, - "name": { + "names": { "type": "object", "patternProperties": { "^[A-Z_a-z][0-9A-Z_a-z]*$": { "type": "string", "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$" } - }, - "minItems": 1, - "uniqueItems": true + } } }, "required": [ diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json index bf86ceb614..06fea55594 100644 --- a/scripts/data_files/driver_jsons/driver_transparent_schema.json +++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json @@ -21,8 +21,7 @@ "items": { "type": "string" }, - "minItems": 1, - "uniqueItems": true + "default": [] }, "capabilities": { "type": "array", @@ -39,23 +38,17 @@ "entry_points": { "type": "array", "items": { - "type": "string", - "enum": ["import_key", "export_key", "export_public_key", - "copy_key", "get_builtin_key"] - }, - "minItems": 1, - "uniqueItems": true + "type": "string" + } }, - "name": { + "names": { "type": "object", "patternProperties": { "^[A-Z_a-z][0-9A-Z_a-z]*$": { "type": "string", "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$" } - }, - "minItems": 1, - "uniqueItems": true + } }, "fallback": { "type": "boolean", @@ -66,8 +59,7 @@ "entry_points" ] } - ], - "default": [] + ] } }, "required": [ diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json index a38287d5ad..c31f964909 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json @@ -14,7 +14,7 @@ "_comment": "The Mbed TLS opaque driver supports copy key/ get builtin key", "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["copy_key", "get_builtin_key"], - "name": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"} + "names": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"} } ] } diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json index 5c9b9feac0..db31ff4085 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -15,7 +15,7 @@ "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["export_public_key"], "fallback": true, - "name": {"export_public_key":"mbedtls_test_transparent_export_public_key"} + "names": {"export_public_key":"mbedtls_test_transparent_export_public_key"} } ] diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index b90a9c89d1..f38479df08 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -64,8 +64,8 @@ /* BEGIN-Common Macro definitions */ {% macro entry_point_name(capability, entry_point, driver) -%} - {% if capability.name is defined and entry_point in capability.name.keys() -%} - {{ capability.name[entry_point]}} + {% if capability.name is defined and entry_point in capability.names.keys() -%} + {{ capability.names[entry_point]}} {% else -%} {{driver.prefix}}_{{driver.type}}_{{entry_point}} {% endif -%} @@ -606,7 +606,7 @@ psa_status_t psa_driver_wrapper_import_key( size_t *key_buffer_length, size_t *bits ) { -{% set entry_point = "import_key" -%} +{% with entry_point = "import_key" -%} {% macro entry_point_param(driver) -%} attributes, data, @@ -655,11 +655,9 @@ bits /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -/* BEGIN-Templating */ {% with nest_indent=12 %} {% include "OS-template-transparent.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ @@ -669,17 +667,15 @@ bits key_buffer_length, bits ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -/* BEGIN-Templating */ {% with nest_indent=8 %} {% include "OS-template-opaque.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } - +{% endwith %} } psa_status_t psa_driver_wrapper_export_key( @@ -688,7 +684,7 @@ psa_status_t psa_driver_wrapper_export_key( uint8_t *data, size_t data_size, size_t *data_length ) { -{% set entry_point = "export_key" -%} +{% with entry_point = "export_key" -%} {% macro entry_point_param(driver) -%} attributes, key_buffer, @@ -733,16 +729,15 @@ data_length /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -/* BEGIN-Templating */ {% with nest_indent=8 %} {% include "OS-template-opaque.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ return( status ); } +{% endwith %} } psa_status_t psa_driver_wrapper_export_public_key( @@ -751,7 +746,7 @@ psa_status_t psa_driver_wrapper_export_public_key( uint8_t *data, size_t data_size, size_t *data_length ) { -{% set entry_point = "export_public_key" -%} +{% with entry_point = "export_public_key" -%} {% macro entry_point_param(driver) -%} attributes, key_buffer, @@ -790,11 +785,9 @@ data_length /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -/* BEGIN-Templating */ {% with nest_indent=12 %} {% include "OS-template-transparent.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ return( psa_export_public_key_internal( attributes, @@ -806,16 +799,15 @@ data_length /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -/* BEGIN-Templating */ {% with nest_indent=8 %} {% include "OS-template-opaque.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ return( status ); } +{% endwith %} } psa_status_t psa_driver_wrapper_get_builtin_key( @@ -823,7 +815,7 @@ psa_status_t psa_driver_wrapper_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { -{% set entry_point = "get_builtin_key" -%} +{% with entry_point = "get_builtin_key" -%} {% macro entry_point_param(driver) -%} slot_number, attributes, @@ -835,11 +827,9 @@ key_buffer_length switch( location ) { #if defined(PSA_CRYPTO_DRIVER_TEST) -/* BEGIN-Templating */ {% with nest_indent=8 %} {% include "OS-template-opaque.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_DRIVER_TEST */ default: (void) slot_number; @@ -848,6 +838,7 @@ key_buffer_length (void) key_buffer_length; return( PSA_ERROR_DOES_NOT_EXIST ); } +{% endwith %} } psa_status_t psa_driver_wrapper_copy_key( @@ -856,7 +847,7 @@ psa_status_t psa_driver_wrapper_copy_key( uint8_t *target_key_buffer, size_t target_key_buffer_size, size_t *target_key_buffer_length ) { -{% set entry_point = "copy_key" -%} +{% with entry_point = "copy_key" -%} {% macro entry_point_param(driver) -%} attributes, source_key, @@ -883,11 +874,9 @@ target_key_buffer_length switch( location ) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -/* BEGIN-Templating */ {% with nest_indent=8 %} {% include "OS-template-opaque.jinja" -%} {% endwith -%} -/* END-Templating */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)source_key; @@ -898,6 +887,7 @@ target_key_buffer_length status = PSA_ERROR_INVALID_ARGUMENT; } return( status ); +{% endwith %} } /* diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index c025ed3296..097edd9707 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -135,12 +135,12 @@ def main() -> int: def_arg_mbedtls_root = build_tree.guess_mbedtls_root() parser = argparse.ArgumentParser() - parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root, - help='root directory of mbedtls source code') - parser.add_argument('--template-dir', nargs='?', - help='root directory of mbedtls source code') - parser.add_argument('--json-dir', nargs='?', + parser.add_argument('--mbedtls-root', default=def_arg_mbedtls_root, help='root directory of mbedtls source code') + parser.add_argument('--template-dir', + help='directory holding the driver templates') + parser.add_argument('--json-dir', + help='directory holding the driver JSONs') parser.add_argument('output_directory', nargs='?', help='output file\'s location') args = parser.parse_args() From 1776dd902271136e1cd2f11e726f69046d4f127c Mon Sep 17 00:00:00 2001 From: Archana Date: Tue, 12 Apr 2022 13:12:18 +0530 Subject: [PATCH 13/28] Doc improvements -Cosmetic Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- docs/proposed/psa-driver-wrappers-codegen-migration-guide.md | 4 ++-- scripts/driver.requirements.txt | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md index 222788322a..9862db9232 100644 --- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md +++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md @@ -30,11 +30,11 @@ While that is the larger goal, for version 1.1 here's what's changed (1) psa_crypto_driver_wrappers.c will from this point on be auto generated. (2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja**. (3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.c file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py. -(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.c file, the userwill need to patch into the template file as needed (psa_crypto_driver_wrappers.c.jinja). +(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.c file, the user will need to patch into the template file as needed (psa_crypto_driver_wrappers.c.jinja). #### How to set your driver up Please refer to psa-driver-interface.md for information on how a driver schema can be written. One can also refer to the example test drivers/ JSON schemas under **scripts/data_files/driver_jsons/**. -The JSON file 'driverlist.json' is meant to be edited by the user to reftlect the drivers one wants to use on a device. The order in which the drivers are passed is also essential if/when there are multiple transparent drivers on a given system to retain the same order in the templating. +The JSON file 'driverlist.json' is meant to be edited by the user to reflect the drivers one wants to use on a device. The order in which the drivers are passed is also essential if/when there are multiple transparent drivers on a given system to retain the same order in the templating. diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt index 2a1bef7e67..aff0d0e80a 100644 --- a/scripts/driver.requirements.txt +++ b/scripts/driver.requirements.txt @@ -13,6 +13,5 @@ markupsafe < 2.1 Jinja2 >= 2.10.1 # Jinja2 >=2.10, <3.0 needs a separate package for type annotations types-Jinja2 -# jsonschema > 3.2.0 is not compatible with Python 3.5, force 3.2.0 jsonschema >= 3.2.0 types-jsonschema From a2cac3224da64632cf24a168df38c2d449f8caa9 Mon Sep 17 00:00:00 2001 From: Archana Date: Thu, 14 Apr 2022 09:31:28 +0530 Subject: [PATCH 14/28] Update and document mbedtls extensions Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- docs/proposed/psa-driver-developer-guide.md | 6 ++++++ scripts/data_files/driver_jsons/driver_opaque_schema.json | 4 ++-- .../data_files/driver_jsons/driver_transparent_schema.json | 4 ++-- .../data_files/driver_jsons/mbedtls_test_opaque_driver.json | 6 +++--- .../driver_jsons/mbedtls_test_transparent_driver.json | 6 +++--- .../data_files/driver_templates/OS-template-opaque.jinja | 2 +- .../driver_templates/OS-template-transparent.jinja | 2 +- .../driver_templates/psa_crypto_driver_wrappers.c.jinja | 6 +++--- 8 files changed, 21 insertions(+), 15 deletions(-) diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md index 70cb9d397d..b39f5599e3 100644 --- a/docs/proposed/psa-driver-developer-guide.md +++ b/docs/proposed/psa-driver-developer-guide.md @@ -36,6 +36,12 @@ A driver therefore consists of: Mbed TLS calls driver entry points [as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section. +## Mbed TLS extensions + +The driver description can include Mbed TLS extensions (marked by the namespace "mbedtls"). Mbed TLS extensions are meant to extend/help integrating the driver into the library's infrastructure. +* `"mbedtls/h_condition"` (optional, string) can include complex preprocessor definitions to conditionally include header files for a given driver. +* `"mbedtls/c_condition"` (optional, string) can include complex preprocessor definitions to conditionally enable dispatch capabilities for a driver. + ## Building and testing your driver diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json index 946977eb7e..933eb07488 100644 --- a/scripts/data_files/driver_jsons/driver_opaque_schema.json +++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json @@ -17,7 +17,7 @@ "type": ["integer","string"], "pattern": "^(0x|0X)?[a-fA-F0-9]+$" }, - "mbedtls/h_depend_on": { + "mbedtls/h_condition": { "type": "string" }, "headers": { @@ -36,7 +36,7 @@ "_comment": { "type": "string" }, - "mbedtls/c_depend_on": { + "mbedtls/c_condition": { "type": "string" }, "entry_points": { diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json index 06fea55594..f5d91eb321 100644 --- a/scripts/data_files/driver_jsons/driver_transparent_schema.json +++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json @@ -13,7 +13,7 @@ "type": "string", "const": ["transparent"] }, - "mbedtls/h_depend_on": { + "mbedtls/h_condition": { "type": "string" }, "headers": { @@ -32,7 +32,7 @@ "_comment": { "type": "string" }, - "mbedtls/c_depend_on": { + "mbedtls/c_condition": { "type": "string" }, "entry_points": { diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json index c31f964909..41c74f2db1 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json @@ -2,17 +2,17 @@ "prefix": "mbedtls_test", "type": "opaque", "location": "0x7fffff", - "mbedtls/h_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/h_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", "headers": ["test/drivers/test_driver.h"], "capabilities": [ { "_comment": "The Mbed TLS opaque driver supports import key/export key/export_public key", - "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["import_key", "export_key", "export_public_key"] }, { "_comment": "The Mbed TLS opaque driver supports copy key/ get builtin key", - "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["copy_key", "get_builtin_key"], "names": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"} } diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json index db31ff4085..9eb259f655 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -1,18 +1,18 @@ { "prefix": "mbedtls_test", "type": "transparent", - "mbedtls/h_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/h_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", "headers": ["test/drivers/test_driver.h"], "capabilities": [ { "_comment": "The Mbed TLS transparent driver supports import key/export key", - "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["import_key", "export_key"], "fallback": true }, { "_comment": "The Mbed TLS transparent driver supports export_public key", - "mbedtls/c_depend_on": "defined(PSA_CRYPTO_DRIVER_TEST)", + "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", "entry_points": ["export_public_key"], "fallback": true, "names": {"export_public_key":"mbedtls_test_transparent_export_public_key"} diff --git a/scripts/data_files/driver_templates/OS-template-opaque.jinja b/scripts/data_files/driver_templates/OS-template-opaque.jinja index 115e22c860..a25d1c3719 100644 --- a/scripts/data_files/driver_templates/OS-template-opaque.jinja +++ b/scripts/data_files/driver_templates/OS-template-opaque.jinja @@ -7,7 +7,7 @@ Expected inputs: -#} {% for driver in drivers if driver.type == "opaque" -%} {% for capability in driver.capabilities if entry_point in capability.entry_points -%} -#if ({% if capability['mbedtls/c_depend_on'] is defined -%}{{ capability['mbedtls/c_depend_on'] }} {% else -%} {{ 1 }} {% endif %}) +#if ({% if capability['mbedtls/c_condition'] is defined -%}{{ capability['mbedtls/c_condition'] }} {% else -%} {{ 1 }} {% endif %}) {%- filter indent(width = nest_indent) %} case {{ driver.location }}: return( {{ entry_point_name(capability, entry_point, driver) }}({{entry_point_param(driver) | indent(20)}})); diff --git a/scripts/data_files/driver_templates/OS-template-transparent.jinja b/scripts/data_files/driver_templates/OS-template-transparent.jinja index 9ba115568b..a6b7d69053 100644 --- a/scripts/data_files/driver_templates/OS-template-transparent.jinja +++ b/scripts/data_files/driver_templates/OS-template-transparent.jinja @@ -7,7 +7,7 @@ Expected inputs: -#} {% for driver in drivers if driver.type == "transparent" -%} {% for capability in driver.capabilities if entry_point in capability.entry_points -%} -#if ({% if capability['mbedtls/c_depend_on'] is defined -%}{{ capability['mbedtls/c_depend_on'] }} {% else -%} {{ 1 }} {% endif %}) +#if ({% if capability['mbedtls/c_condition'] is defined -%}{{ capability['mbedtls/c_condition'] }} {% else -%} {{ 1 }} {% endif %}) {%- filter indent(width = nest_indent) %} status = {{ entry_point_name(capability, entry_point, driver) }}({{entry_point_param(driver) | indent(20)}}); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index f38479df08..d5ae91103e 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -39,13 +39,13 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) {% for driver in drivers -%} /* Headers for {{driver.prefix}} {{driver.type}} driver */ -{% if driver['mbedtls/h_depend_on'] is defined -%} -#if {{ driver['mbedtls/h_depend_on'] }} +{% if driver['mbedtls/h_condition'] is defined -%} +#if {{ driver['mbedtls/h_condition'] }} {% endif -%} {% for header in driver.headers -%} #include "{{ header }}" {% endfor %} -{% if driver['mbedtls/h_depend_on'] is defined -%} +{% if driver['mbedtls/h_condition'] is defined -%} #endif {% endif -%} {% endfor %} From 08f397a676a7103b7dfa6b6dd4b5b1dd59833f96 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Thu, 15 Sep 2022 14:25:37 +0200 Subject: [PATCH 15/28] refactored generate_driver_wrappers.py Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 42 ++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 097edd9707..97e8bfdeac 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -23,7 +23,7 @@ import sys import os import json -from typing import Tuple, NewType +from typing import Tuple, NewType, Dict, Any import argparse import jsonschema import jinja2 @@ -34,6 +34,13 @@ JSONSchema = NewType('JSONSchema', object) # keep MyPy happy till MyPy comes with a more composite type for JsonObjects. Driver = NewType('Driver', dict) + +class JsonValidationException(Exception): + def __init__(self, message="Json Validation Failed"): + self.message = message + super().__init__(self.message) + + def render(template_path: str, driver_jsoncontext: list) -> str: """ Render template from the input file and driver JSON. @@ -93,8 +100,17 @@ def validate_json(driverjson_data: Driver, driverschema_list: dict) -> bool: return True + +def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: + with open(driver_file, 'r') as f: + json_data = json.load(f) + if not validate_json(json_data, schemas): + raise JsonValidationException() + return json_data + + def read_driver_descriptions(mbedtls_root: str, json_directory: str, \ - jsondriver_list: str) -> Tuple[bool, list]: + jsondriver_list: str) -> Tuple[bool, list]: """ Merge driver JSON files into a single ordered JSON after validation. """ @@ -112,18 +128,17 @@ def read_driver_descriptions(mbedtls_root: str, json_directory: str, \ 'driver_opaque_schema.json'), 'r') as file: opaque_driver_schema = json.load(file) - driver_schema_list = {'transparent':transparent_driver_schema, - 'opaque':opaque_driver_schema} - + driver_schema = {'transparent': transparent_driver_schema, + 'opaque': opaque_driver_schema} with open(os.path.join(json_directory, jsondriver_list), 'r') as driverlistfile: - driverlist = json.load(driverlistfile) - for file_name in driverlist: - with open(os.path.join(json_directory, file_name), 'r') as infile: - json_data = json.load(infile) - ret = validate_json(json_data, driver_schema_list) - if ret is False: - return ret, [] - result.append(json_data) + driver_list = json.load(driverlistfile) + + try: + result = [load_driver(driver_schema, driver_file=os.path.join(json_directory, driver_file_name)) + for driver_file_name in driver_list] + except JsonValidationException as _: + return False, [] + return True, result @@ -172,5 +187,6 @@ def main() -> int: return 0 + if __name__ == '__main__': sys.exit(main()) From 39452a8ca422df78b6dfef2f1c286d52da85b027 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Fri, 16 Sep 2022 13:02:06 +0200 Subject: [PATCH 16/28] fixed formating of driver generator script Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 97e8bfdeac..ae6db54af7 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -134,7 +134,8 @@ def read_driver_descriptions(mbedtls_root: str, json_directory: str, \ driver_list = json.load(driverlistfile) try: - result = [load_driver(driver_schema, driver_file=os.path.join(json_directory, driver_file_name)) + result = [load_driver(schemas=driver_schema, + driver_file=os.path.join(json_directory, driver_file_name)) for driver_file_name in driver_list] except JsonValidationException as _: return False, [] From de0880317086183efc4906a5fb89a3c2ed46c4be Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Sat, 17 Sep 2022 22:07:58 +0200 Subject: [PATCH 17/28] refactored and addressed reviewer observations in generate_driver_wrappers.py Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 122 ++++++++++++++++------------ 1 file changed, 68 insertions(+), 54 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index f43d4e57aa..6cf8e86d43 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -28,6 +28,7 @@ import argparse import jsonschema import jinja2 from mbedtls_dev import build_tree +from traceback import format_tb JSONSchema = NewType('JSONSchema', object) # The Driver is an Object, but practically it's indexable and can called a dictionary to @@ -41,6 +42,12 @@ class JsonValidationException(Exception): super().__init__(self.message) +class DriverReaderException(Exception): + def __init__(self, message="Driver Reader Failed"): + self.message = message + super().__init__(self.message) + + def render(template_path: str, driver_jsoncontext: list) -> str: """ Render template from the input file and driver JSON. @@ -67,7 +74,7 @@ def generate_driver_wrapper_file(template_dir: str, \ out_file.write(result) -def validate_json(driverjson_data: Driver, driverschema_list: dict) -> bool: +def validate_json(driverjson_data: Driver, driverschema_list: dict) -> None: """ Validate the Driver JSON against an appropriate schema the schema passed could be that matching an opaque/ transparent driver. @@ -77,16 +84,15 @@ def validate_json(driverjson_data: Driver, driverschema_list: dict) -> bool: try: _schema = driverschema_list[driver_type] jsonschema.validate(instance=driverjson_data, schema=_schema) - except KeyError as err: - # This could happen if the driverjson_data.type does not exist in the passed in schema list + # This could happen if the driverjson_data.type does not exist in the provided schema list # schemas = {'transparent': transparent_driver_schema, 'opaque': opaque_driver_schema} # Print onto stdout and stderr. print("Unknown Driver type " + driver_type + " for driver " + driver_prefix, str(err)) print("Unknown Driver type " + driver_type + " for driver " + driver_prefix, str(err), file=sys.stderr) - return False + raise JsonValidationException() from err except jsonschema.exceptions.ValidationError as err: # Print onto stdout and stderr. @@ -96,51 +102,60 @@ def validate_json(driverjson_data: Driver, driverschema_list: dict) -> bool: print("Error: Failed to validate data file: {} using schema: {}." "\n Exception Message: \"{}\"" " ".format(driverjson_data, _schema, str(err)), file=sys.stderr) - return False - - return True + raise JsonValidationException() from err def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: with open(driver_file, 'r') as f: json_data = json.load(f) - if not validate_json(json_data, schemas): - raise JsonValidationException() + try: + validate_json(json_data, schemas) + except JsonValidationException as e: + raise DriverReaderException from e return json_data -def read_driver_descriptions(mbedtls_root: str, json_directory: str, \ - jsondriver_list: str) -> Tuple[bool, list]: +def load_schemas(mbedtls_root): + schema_file_paths = { + 'transparent': os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons', + 'driver_transparent_schema.json'), + 'opaque': os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons', + 'driver_transparent_schema.json') + } + driver_schema = {} + for key, file_path in schema_file_paths.items(): + with open(file_path, 'r') as file: + driver_schema[key] = json.load(file) + return driver_schema + + +def read_driver_descriptions(mbedtls_root: str, + json_directory: str, + jsondriver_list: str) -> list: """ Merge driver JSON files into a single ordered JSON after validation. """ result = [] - with open(os.path.join(mbedtls_root, - 'scripts', - 'data_files', - 'driver_jsons', - 'driver_transparent_schema.json'), 'r') as file: - transparent_driver_schema = json.load(file) - with open(os.path.join(mbedtls_root, - 'scripts', - 'data_files', - 'driver_jsons', - 'driver_opaque_schema.json'), 'r') as file: - opaque_driver_schema = json.load(file) + driver_schema = load_schemas(mbedtls_root) - driver_schema = {'transparent': transparent_driver_schema, - 'opaque': opaque_driver_schema} - with open(os.path.join(json_directory, jsondriver_list), 'r') as driverlistfile: - driver_list = json.load(driverlistfile) + with open(os.path.join(json_directory, jsondriver_list), 'r') as driver_list_file: + driver_list = json.load(driver_list_file) - try: - result = [load_driver(schemas=driver_schema, - driver_file=os.path.join(json_directory, driver_file_name)) - for driver_file_name in driver_list] - except JsonValidationException as _: - return False, [] + return [load_driver(schemas=driver_schema, + driver_file=os.path.join(json_directory, driver_file_name)) + for driver_file_name in driver_list] - return True, result + +def trace_exception(e, file=sys.stderr): + print("Exception: type: %s, message: %s, trace: %s" % ( + e.__class__, str(e), format_tb(e.__traceback__) + ), file) def main() -> int: @@ -162,30 +177,29 @@ def main() -> int: args = parser.parse_args() mbedtls_root = os.path.abspath(args.mbedtls_root) - if args.template_dir is None: - args.template_dir = os.path.join(mbedtls_root, - 'scripts', - 'data_files', - 'driver_templates') - if args.json_dir is None: - args.json_dir = os.path.join(mbedtls_root, - 'scripts', - 'data_files', - 'driver_jsons') - if args.output_directory is None: - args.output_directory = os.path.join(mbedtls_root, 'library') - output_directory = args.output_directory - template_directory = args.template_dir - json_directory = args.json_dir + output_directory = args.output_directory if args.output_directory is not None else \ + os.path.join(mbedtls_root, 'library') + template_directory = args.template_dir if args.template_dir is not None else \ + os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_templates') + json_directory = args.json_dir if args.json_dir is not None else \ + os.path.join(mbedtls_root, + 'scripts', + 'data_files', + 'driver_jsons') - # Read and validate list of driver jsons from driverlist.json - ret, merged_driver_json = read_driver_descriptions(mbedtls_root, json_directory, - 'driverlist.json') - if ret is False: + try: + # Read and validate list of driver jsons from driverlist.json + merged_driver_json = read_driver_descriptions(mbedtls_root, + json_directory, + 'driverlist.json') + except DriverReaderException as e: + trace_exception(e) return 1 generate_driver_wrapper_file(template_directory, output_directory, merged_driver_json) - return 0 From 4c93bb52efb39ce674acf446eecb18f5b904bf9b Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Sat, 17 Sep 2022 22:20:33 +0200 Subject: [PATCH 18/28] removed changed made to the test/bionic/Dockerfile Signed-off-by: Asfandyar Orakzai --- tests/docker/bionic/Dockerfile | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index 4b5739cce7..28d33b7553 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -60,15 +60,9 @@ RUN apt-get update \ pkg-config \ && rm -rf /var/lib/apt/lists/* -# The following packages are required for validating Python files. -# The version of Pylint is set to 2.4.4 to match CI. +# Jinja2 is required for driver dispatch code generation. RUN python3 -m pip install \ - packaging mypy pylint==2.4.4 - -# Jinja2 and jsonschema is required for driver dispatch code generation. -RUN python3 -m pip install \ - jinja2==2.10.1 types-jinja2 \ - jsonschema==3.2.0 types-jsonschema + jinja2==2.10.1 types-jinja2 # Build a static, legacy openssl from sources with sslv3 enabled # Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) From 5c9569a2bc2f46a5a357ce517bf1ac1cb8f68267 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Sat, 17 Sep 2022 23:13:52 +0200 Subject: [PATCH 19/28] fixed formating Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 6cf8e86d43..72a8c6182f 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -23,12 +23,12 @@ import sys import os import json -from typing import Tuple, NewType, Dict, Any +from typing import NewType, Dict, Any +from traceback import format_tb import argparse import jsonschema import jinja2 from mbedtls_dev import build_tree -from traceback import format_tb JSONSchema = NewType('JSONSchema', object) # The Driver is an Object, but practically it's indexable and can called a dictionary to @@ -70,7 +70,9 @@ def generate_driver_wrapper_file(template_dir: str, \ result = render(driver_wrapper_template_filename, driver_jsoncontext) - with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file: + with open(file=os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), + mode='w', + encoding='UTF-8') as out_file: out_file.write(result) @@ -106,7 +108,7 @@ def validate_json(driverjson_data: Driver, driverschema_list: dict) -> None: def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: - with open(driver_file, 'r') as f: + with open(file=driver_file, mode='r', encoding='UTF-8') as f: json_data = json.load(f) try: validate_json(json_data, schemas) @@ -115,7 +117,8 @@ def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: return json_data -def load_schemas(mbedtls_root): +def load_schemas(mbedtls_root: str) -> Dict[str, Any]: + """Load schemas map""" schema_file_paths = { 'transparent': os.path.join(mbedtls_root, 'scripts', @@ -130,7 +133,7 @@ def load_schemas(mbedtls_root): } driver_schema = {} for key, file_path in schema_file_paths.items(): - with open(file_path, 'r') as file: + with open(file=file_path, mode='r', encoding='UTF-8') as file: driver_schema[key] = json.load(file) return driver_schema @@ -141,10 +144,11 @@ def read_driver_descriptions(mbedtls_root: str, """ Merge driver JSON files into a single ordered JSON after validation. """ - result = [] driver_schema = load_schemas(mbedtls_root) - with open(os.path.join(json_directory, jsondriver_list), 'r') as driver_list_file: + with open(file=os.path.join(json_directory, jsondriver_list), + mode='r', + encoding='UTF-8') as driver_list_file: driver_list = json.load(driver_list_file) return [load_driver(schemas=driver_schema, From 9e6170d95e3896ea4f2eddb420fd0d8a271eff3b Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Sat, 17 Sep 2022 23:37:16 +0200 Subject: [PATCH 20/28] added some doc strings and fixed formating Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 72a8c6182f..ce801a62df 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -60,8 +60,9 @@ def render(template_path: str, driver_jsoncontext: list) -> str: return template.render(drivers=driver_jsoncontext) -def generate_driver_wrapper_file(template_dir: str, \ - output_dir: str, driver_jsoncontext: list) -> None: +def generate_driver_wrapper_file(template_dir: str, + output_dir: str, + driver_jsoncontext: list) -> None: """ Generate the file psa_crypto_driver_wrapper.c. """ @@ -108,6 +109,7 @@ def validate_json(driverjson_data: Driver, driverschema_list: dict) -> None: def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: + """loads validated json driver""" with open(file=driver_file, mode='r', encoding='UTF-8') as f: json_data = json.load(f) try: @@ -156,7 +158,8 @@ def read_driver_descriptions(mbedtls_root: str, for driver_file_name in driver_list] -def trace_exception(e, file=sys.stderr): +def trace_exception(e: Exception, file=sys.stderr) -> None: + """Prints exception trace to the given TextIO handle""" print("Exception: type: %s, message: %s, trace: %s" % ( e.__class__, str(e), format_tb(e.__traceback__) ), file) From 4ca4a930a94a751c616cae8733da715387920ef7 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Sun, 18 Sep 2022 12:37:53 +0200 Subject: [PATCH 21/28] fixed opaque schemas paths Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index ce801a62df..b808ac9c63 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -131,7 +131,7 @@ def load_schemas(mbedtls_root: str) -> Dict[str, Any]: 'scripts', 'data_files', 'driver_jsons', - 'driver_transparent_schema.json') + 'driver_opaque_schema.json') } driver_schema = {} for key, file_path in schema_file_paths.items(): From ac6f650a9f5a2ecfbc8442ff37a3183a0ae87162 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Mon, 19 Sep 2022 10:03:05 +0200 Subject: [PATCH 22/28] fixed formating Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index b808ac9c63..babba5d15b 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -120,7 +120,9 @@ def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: def load_schemas(mbedtls_root: str) -> Dict[str, Any]: - """Load schemas map""" + """ + Load schemas map + """ schema_file_paths = { 'transparent': os.path.join(mbedtls_root, 'scripts', From 6eaa75a79d5ed39632a42cd94970802c09aa24a1 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Mon, 10 Oct 2022 19:55:40 +0200 Subject: [PATCH 23/28] fixed docstring sentence Signed-off-by: Asfandyar Orakzai --- scripts/generate_driver_wrappers.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index babba5d15b..e0c479350c 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -170,7 +170,6 @@ def trace_exception(e: Exception, file=sys.stderr) -> None: def main() -> int: """ Main with command line arguments. - returns 1 when read_driver_descriptions returns False """ def_arg_mbedtls_root = build_tree.guess_mbedtls_root() From 9bd28dc1e199d79257321aee4639bea6b201f1db Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Wed, 2 Nov 2022 16:36:14 +0100 Subject: [PATCH 24/28] Update changed log Signed-off-by: Asfandyar Orakzai --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6dfb23fa6a..29428a9001 100644 --- a/ChangeLog +++ b/ChangeLog @@ -122,6 +122,11 @@ Features and hmac_demo.c, which use PSA and the md/cipher interfaces side by side in order to illustrate how the operation is performed in PSA. Addresses #5208. + * Brought in PSA code gen driver list JSON, + auto generated templating support for key management, + transparent and opaque keys ( import/export/copy ), iincluded some + general JSON validation, and more specifically for the given entry points. + Addresses ver 1.1 of #5137 Security * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage From ee2b637d03c8835dda0eb29ea0782114f80f75cd Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Wed, 2 Nov 2022 21:50:27 +0100 Subject: [PATCH 25/28] Fixed change log issue Signed-off-by: Asfandyar Orakzai --- ChangeLog | 7 +------ ChangeLog.d/psa_crypto_code_gen_1_1.txt | 6 ++++++ 2 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 ChangeLog.d/psa_crypto_code_gen_1_1.txt diff --git a/ChangeLog b/ChangeLog index 29428a9001..aedcb16bc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -122,12 +122,7 @@ Features and hmac_demo.c, which use PSA and the md/cipher interfaces side by side in order to illustrate how the operation is performed in PSA. Addresses #5208. - * Brought in PSA code gen driver list JSON, - auto generated templating support for key management, - transparent and opaque keys ( import/export/copy ), iincluded some - general JSON validation, and more specifically for the given entry points. - Addresses ver 1.1 of #5137 - + Security * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt new file mode 100644 index 0000000000..549d68ddaf --- /dev/null +++ b/ChangeLog.d/psa_crypto_code_gen_1_1.txt @@ -0,0 +1,6 @@ +Features + * Brought in PSA code geneneration JSON driver list. + Added auto generated templating support for key management. + Added Support for transparent and opaque keys (import/export/copy). + Included some general JSON validation, and more specifically for the given entry points. + Addresses version 1.1 of #5137 \ No newline at end of file From 4f63ac43582826d76111830f1bd548ff2a5f9daa Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Thu, 3 Nov 2022 10:18:05 +0100 Subject: [PATCH 26/28] fixed changelog formating Signed-off-by: Asfandyar Orakzai --- ChangeLog.d/psa_crypto_code_gen_1_1.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt index 549d68ddaf..94c9ac184e 100644 --- a/ChangeLog.d/psa_crypto_code_gen_1_1.txt +++ b/ChangeLog.d/psa_crypto_code_gen_1_1.txt @@ -2,5 +2,5 @@ Features * Brought in PSA code geneneration JSON driver list. Added auto generated templating support for key management. Added Support for transparent and opaque keys (import/export/copy). - Included some general JSON validation, and more specifically for the given entry points. - Addresses version 1.1 of #5137 \ No newline at end of file + Included some general JSON validation, and more specifically for the + given entry points. Addresses version 1.1 of #5137 \ No newline at end of file From 65cd8a4a23652474f6ec0cf95f6114269bc0647c Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Thu, 3 Nov 2022 11:16:40 +0100 Subject: [PATCH 27/28] fixed formating issues in psa_crypto_code_gen_1_1.txt Signed-off-by: Asfandyar Orakzai --- ChangeLog.d/psa_crypto_code_gen_1_1.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt index 94c9ac184e..087e4ee49b 100644 --- a/ChangeLog.d/psa_crypto_code_gen_1_1.txt +++ b/ChangeLog.d/psa_crypto_code_gen_1_1.txt @@ -1,6 +1,7 @@ Features - * Brought in PSA code geneneration JSON driver list. - Added auto generated templating support for key management. - Added Support for transparent and opaque keys (import/export/copy). - Included some general JSON validation, and more specifically for the - given entry points. Addresses version 1.1 of #5137 \ No newline at end of file + * Brought in PSA code geneneration JSON driver list. + Added auto generated templating support for key management. + Added Support for transparent and opaque keys (import/export/copy). + Included some general JSON validation for the given entry points. + Addresses version 1.1 of #5137. + From 9b656d3c80c41144019a85f54d68fc9a84d0d827 Mon Sep 17 00:00:00 2001 From: Asfandyar Orakzai Date: Thu, 3 Nov 2022 11:39:36 +0100 Subject: [PATCH 28/28] removed stray whitespaces from change logs Signed-off-by: Asfandyar Orakzai --- ChangeLog | 2 +- ChangeLog.d/psa_crypto_code_gen_1_1.txt | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index aedcb16bc0..6dfb23fa6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -122,7 +122,7 @@ Features and hmac_demo.c, which use PSA and the md/cipher interfaces side by side in order to illustrate how the operation is performed in PSA. Addresses #5208. - + Security * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt index 087e4ee49b..2c18e6f31a 100644 --- a/ChangeLog.d/psa_crypto_code_gen_1_1.txt +++ b/ChangeLog.d/psa_crypto_code_gen_1_1.txt @@ -1,7 +1,6 @@ Features * Brought in PSA code geneneration JSON driver list. - Added auto generated templating support for key management. - Added Support for transparent and opaque keys (import/export/copy). + Added auto generated templating support for key management. + Added Support for transparent and opaque keys (import/export/copy). Included some general JSON validation for the given entry points. Addresses version 1.1 of #5137. -