diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 07fc53c446..6712c331b0 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -23,8 +23,6 @@ * See README.txt for usage instructions. */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h" - /* Mbed TLS modules */ #define MBEDTLS_NET_C #define MBEDTLS_SSL_CLI_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index b805f6de52..5fb67fe4b8 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -22,8 +22,6 @@ * See README.txt for usage instructions. */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h" - /* Mbed TLS modules */ #define MBEDTLS_NET_C #define MBEDTLS_SSL_CLI_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 54da060b40..c08d5d1a6c 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -21,8 +21,6 @@ * See README.txt for usage instructions. */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h" - /* Mbed TLS feature support */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_2 diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 0377b79b75..606f4a1bf5 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -8,8 +8,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-symmetric-only.h" - /* Mbed TLS feature support */ #define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_VERSION_FEATURES diff --git a/configs/config-thread.h b/configs/config-thread.h index 47fad5b7d4..95f588eddf 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -21,8 +21,6 @@ * See README.txt for usage instructions. */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h" - /* Mbed TLS feature support */ #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index 887bb8e909..93ec7cd3b4 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -184,7 +184,7 @@ component_build_cmake_custom_config_file () { cp tf-psa-crypto/include/psa/crypto_config.h $OUT_OF_SOURCE_DIR/full_crypto_config.h cd "$OUT_OF_SOURCE_DIR" echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR" + cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=../full_crypto_config.h "$MBEDTLS_ROOT_DIR" make msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE" @@ -192,7 +192,7 @@ component_build_cmake_custom_config_file () { # that nothing else depends on). echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h "$MBEDTLS_ROOT_DIR" + cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=../full_crypto_config.h "$MBEDTLS_ROOT_DIR" make not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index a4b23232b7..4237305c78 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -16,6 +16,7 @@ support_build_tfm_armcc () { component_build_tfm_armcc () { # test the TF-M configuration can build cleanly with various warning flags enabled cp configs/config-tfm.h "$CONFIG_H" + cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, armclang armv7-m thumb2" helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c9e56b85eb..6897038957 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -411,7 +411,8 @@ component_test_full_no_ccm_star_no_tag () { component_test_config_symmetric_only () { msg "build: configs/config-symmetric-only.h" - cp configs/config-symmetric-only.h "$CONFIG_H" + MBEDTLS_CONFIG="configs/config-symmetric-only.h" + CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h" # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake # want to re-generate generated files that depend on it, quite correctly. # However this doesn't work as the generation script expects a specific @@ -421,7 +422,7 @@ component_test_config_symmetric_only () { # whether they're on or off. So, disable cmake's (over-sensitive here) # dependency resolution for generated files and just rely on them being # present (thanks to pre_generate_files) by turning GEN_FILES off. - CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: configs/config-symmetric-only.h - unit tests" @@ -1402,8 +1403,9 @@ component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { component_test_tfm_config_as_is () { msg "build: configs/config-tfm.h" - cp configs/config-tfm.h "$CONFIG_H" - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + MBEDTLS_CONFIG="configs/config-tfm.h" + CRYPTO_CONFIG="configs/ext/crypto_config_profile_medium.h" + CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: configs/config-tfm.h - unit tests" @@ -1416,14 +1418,13 @@ component_test_tfm_config_as_is () { common_tfm_config () { # Enable TF-M config cp configs/config-tfm.h "$CONFIG_H" - echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H" cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" # Config adjustment for better test coverage in our environment. # This is not needed just to build and pass tests. # # Enable filesystem I/O for the benefit of PK parse/write tests. - echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" + sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #define MBEDTLS_FS_IO' "$CRYPTO_CONFIG_H" } # Keep this in sync with component_test_tfm_config() as they are both meant @@ -1465,7 +1466,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H" + sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index b522419beb..701a42c33c 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -11,7 +11,8 @@ component_test_config_suite_b () { msg "build: configs/config-suite-b.h" - cp configs/config-suite-b.h "$CONFIG_H" + MBEDTLS_CONFIG="configs/config-suite-b.h" + CRYPTO_CONFIG="configs/crypto-config-suite-b.h" # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake # want to re-generate generated files that depend on it, quite correctly. # However this doesn't work as the generation script expects a specific @@ -21,7 +22,7 @@ component_test_config_suite_b () { # whether they're on or off. So, disable cmake's (over-sensitive here) # dependency resolution for generated files and just rely on them being # present (thanks to pre_generate_files) by turning GEN_FILES off. - CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: configs/config-suite-b.h - unit tests" @@ -33,8 +34,8 @@ component_test_config_suite_b () { msg "build: configs/config-suite-b.h + DEBUG" MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" make clean - scripts/config.py set MBEDTLS_DEBUG_C - scripts/config.py set MBEDTLS_ERROR_C + scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C + scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C make ssl-opt msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh" @@ -158,7 +159,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { component_test_config_thread () { msg "build: configs/config-thread.h" - cp configs/config-thread.h "$CONFIG_H" + MBEDTLS_CONFIG="configs/config-thread.h" + CRYPTO_CONFIG="configs/crypto-config-thread.h" # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake # want to re-generate generated files that depend on it, quite correctly. # However this doesn't work as the generation script expects a specific @@ -168,7 +170,7 @@ component_test_config_thread () { # whether they're on or off. So, disable cmake's (over-sensitive here) # dependency resolution for generated files and just rely on them being # present (thanks to pre_generate_files) by turning GEN_FILES off. - CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: configs/config-thread.h - unit tests" @@ -180,7 +182,8 @@ component_test_config_thread () { component_test_tls1_2_ccm_psk () { msg "build: configs/config-ccm-psk-tls1_2.h" - cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H" + MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h" + CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake # want to re-generate generated files that depend on it, quite correctly. # However this doesn't work as the generation script expects a specific @@ -190,7 +193,7 @@ component_test_tls1_2_ccm_psk () { # whether they're on or off. So, disable cmake's (over-sensitive here) # dependency resolution for generated files and just rely on them being # present (thanks to pre_generate_files) by turning GEN_FILES off. - CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: configs/config-ccm-psk-tls1_2.h - unit tests" @@ -202,7 +205,8 @@ component_test_tls1_2_ccm_psk () { component_test_tls1_2_ccm_psk_dtls () { msg "build: configs/config-ccm-psk-dtls1_2.h" - cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H" + MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" + CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake # want to re-generate generated files that depend on it, quite correctly. # However this doesn't work as the generation script expects a specific @@ -212,7 +216,7 @@ component_test_tls1_2_ccm_psk_dtls () { # whether they're on or off. So, disable cmake's (over-sensitive here) # dependency resolution for generated files and just rely on them being # present (thanks to pre_generate_files) by turning GEN_FILES off. - CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests" @@ -224,8 +228,8 @@ component_test_tls1_2_ccm_psk_dtls () { msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG" MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" make clean - scripts/config.py set MBEDTLS_DEBUG_C - scripts/config.py set MBEDTLS_ERROR_C + scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C + scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C make ssl-opt msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh" diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 2210b09609..6d1f2a8879 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -236,6 +236,7 @@ component_build_tfm () { # the configuration that works on mainstream platforms is in # configs/config-tfm.h, tested via test-ref-configs.pl. cp configs/config-tfm.h "$CONFIG_H" + cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"