From 5da58e5c1860da195b0fe21063063198e4063c2c Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 7 Nov 2024 15:35:33 +0000
Subject: [PATCH] tests/configs: Adjusted for migration of
 MBEDTLS_PSA_CRYPTO_CONFIG_FILE.

Moving forward the MBEDTLS_PSA_CRYPTO_CONFIG_FILE now resides in the
ts-psa/crypto configuration. This patch removes it from the library
configuration files, and updates the tests to explicitely use it.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 configs/config-ccm-psk-dtls1_2.h              |  2 --
 configs/config-ccm-psk-tls1_2.h               |  2 --
 configs/config-suite-b.h                      |  2 --
 configs/config-symmetric-only.h               |  2 --
 configs/config-thread.h                       |  2 --
 tests/scripts/components-build-system.sh      |  4 +--
 tests/scripts/components-compiler.sh          |  1 +
 .../components-configuration-crypto.sh        | 15 +++++-----
 tests/scripts/components-configuration-tls.sh | 28 +++++++++++--------
 tests/scripts/components-configuration.sh     |  1 +
 10 files changed, 28 insertions(+), 31 deletions(-)

diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h
index 07fc53c446..6712c331b0 100644
--- a/configs/config-ccm-psk-dtls1_2.h
+++ b/configs/config-ccm-psk-dtls1_2.h
@@ -23,8 +23,6 @@
  * See README.txt for usage instructions.
  */
 
-#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
-
 /* Mbed TLS modules */
 #define MBEDTLS_NET_C
 #define MBEDTLS_SSL_CLI_C
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index b805f6de52..5fb67fe4b8 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -22,8 +22,6 @@
  * See README.txt for usage instructions.
  */
 
-#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
-
 /* Mbed TLS modules */
 #define MBEDTLS_NET_C
 #define MBEDTLS_SSL_CLI_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 54da060b40..c08d5d1a6c 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -21,8 +21,6 @@
  * See README.txt for usage instructions.
  */
 
-#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h"
-
 /* Mbed TLS feature support */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_SSL_PROTO_TLS1_2
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index 0377b79b75..606f4a1bf5 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -8,8 +8,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-symmetric-only.h"
-
 /* Mbed TLS feature support */
 #define MBEDTLS_ERROR_STRERROR_DUMMY
 #define MBEDTLS_VERSION_FEATURES
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 47fad5b7d4..95f588eddf 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -21,8 +21,6 @@
  * See README.txt for usage instructions.
  */
 
-#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h"
-
 /* Mbed TLS feature support */
 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index 887bb8e909..93ec7cd3b4 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -184,7 +184,7 @@ component_build_cmake_custom_config_file () {
     cp tf-psa-crypto/include/psa/crypto_config.h $OUT_OF_SOURCE_DIR/full_crypto_config.h
     cd "$OUT_OF_SOURCE_DIR"
     echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
-    cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
+    cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=../full_crypto_config.h "$MBEDTLS_ROOT_DIR"
     make
 
     msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
@@ -192,7 +192,7 @@ component_build_cmake_custom_config_file () {
     # that nothing else depends on).
     echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h
 
-    cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h "$MBEDTLS_ROOT_DIR"
+    cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=../full_crypto_config.h "$MBEDTLS_ROOT_DIR"
     make
     not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES
 
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index a4b23232b7..4237305c78 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -16,6 +16,7 @@ support_build_tfm_armcc () {
 component_build_tfm_armcc () {
     # test the TF-M configuration can build cleanly with various warning flags enabled
     cp configs/config-tfm.h "$CONFIG_H"
+    cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
 
     msg "build: TF-M config, armclang armv7-m thumb2"
     helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index c9e56b85eb..6897038957 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -411,7 +411,8 @@ component_test_full_no_ccm_star_no_tag () {
 
 component_test_config_symmetric_only () {
     msg "build: configs/config-symmetric-only.h"
-    cp configs/config-symmetric-only.h "$CONFIG_H"
+    MBEDTLS_CONFIG="configs/config-symmetric-only.h"
+    CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h"
     # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
     # want to re-generate generated files that depend on it, quite correctly.
     # However this doesn't work as the generation script expects a specific
@@ -421,7 +422,7 @@ component_test_config_symmetric_only () {
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
     # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-symmetric-only.h - unit tests"
@@ -1402,8 +1403,9 @@ component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
 
 component_test_tfm_config_as_is () {
     msg "build: configs/config-tfm.h"
-    cp configs/config-tfm.h "$CONFIG_H"
-    CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    MBEDTLS_CONFIG="configs/config-tfm.h"
+    CRYPTO_CONFIG="configs/ext/crypto_config_profile_medium.h"
+    CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-tfm.h - unit tests"
@@ -1416,14 +1418,13 @@ component_test_tfm_config_as_is () {
 common_tfm_config () {
     # Enable TF-M config
     cp configs/config-tfm.h "$CONFIG_H"
-    echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H"
     cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
 
     # Config adjustment for better test coverage in our environment.
     # This is not needed just to build and pass tests.
     #
     # Enable filesystem I/O for the benefit of PK parse/write tests.
-    echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
+    sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #define MBEDTLS_FS_IO' "$CRYPTO_CONFIG_H"
 }
 
 # Keep this in sync with component_test_tfm_config() as they are both meant
@@ -1465,7 +1466,7 @@ component_test_tfm_config_no_p256m () {
 
     # Disable P256M driver, which is on by default, so that analyze_outcomes
     # can compare this test with test_tfm_config_p256m_driver_accel_ec
-    echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
+    sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H"
 
     msg "build: TF-M config without p256m"
     make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index b522419beb..701a42c33c 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -11,7 +11,8 @@
 
 component_test_config_suite_b () {
     msg "build: configs/config-suite-b.h"
-    cp configs/config-suite-b.h "$CONFIG_H"
+    MBEDTLS_CONFIG="configs/config-suite-b.h"
+    CRYPTO_CONFIG="configs/crypto-config-suite-b.h"
     # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
     # want to re-generate generated files that depend on it, quite correctly.
     # However this doesn't work as the generation script expects a specific
@@ -21,7 +22,7 @@ component_test_config_suite_b () {
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
     # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-suite-b.h - unit tests"
@@ -33,8 +34,8 @@ component_test_config_suite_b () {
     msg "build: configs/config-suite-b.h + DEBUG"
     MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
     make clean
-    scripts/config.py set MBEDTLS_DEBUG_C
-    scripts/config.py set MBEDTLS_ERROR_C
+    scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C
+    scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C
     make ssl-opt
 
     msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh"
@@ -158,7 +159,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
 
 component_test_config_thread () {
     msg "build: configs/config-thread.h"
-    cp configs/config-thread.h "$CONFIG_H"
+    MBEDTLS_CONFIG="configs/config-thread.h"
+    CRYPTO_CONFIG="configs/crypto-config-thread.h"
     # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
     # want to re-generate generated files that depend on it, quite correctly.
     # However this doesn't work as the generation script expects a specific
@@ -168,7 +170,7 @@ component_test_config_thread () {
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
     # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-thread.h - unit tests"
@@ -180,7 +182,8 @@ component_test_config_thread () {
 
 component_test_tls1_2_ccm_psk () {
     msg "build: configs/config-ccm-psk-tls1_2.h"
-    cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"
+    MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h"
+    CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
     # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
     # want to re-generate generated files that depend on it, quite correctly.
     # However this doesn't work as the generation script expects a specific
@@ -190,7 +193,7 @@ component_test_tls1_2_ccm_psk () {
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
     # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-ccm-psk-tls1_2.h - unit tests"
@@ -202,7 +205,8 @@ component_test_tls1_2_ccm_psk () {
 
 component_test_tls1_2_ccm_psk_dtls () {
     msg "build: configs/config-ccm-psk-dtls1_2.h"
-    cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H"
+    MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h"
+    CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
     # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
     # want to re-generate generated files that depend on it, quite correctly.
     # However this doesn't work as the generation script expects a specific
@@ -212,7 +216,7 @@ component_test_tls1_2_ccm_psk_dtls () {
     # whether they're on or off. So, disable cmake's (over-sensitive here)
     # dependency resolution for generated files and just rely on them being
     # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests"
@@ -224,8 +228,8 @@ component_test_tls1_2_ccm_psk_dtls () {
     msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG"
     MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
     make clean
-    scripts/config.py set MBEDTLS_DEBUG_C
-    scripts/config.py set MBEDTLS_ERROR_C
+    scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C
+    scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C
     make ssl-opt
 
     msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh"
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 2210b09609..6d1f2a8879 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -236,6 +236,7 @@ component_build_tfm () {
     # the configuration that works on mainstream platforms is in
     # configs/config-tfm.h, tested via test-ref-configs.pl.
     cp configs/config-tfm.h "$CONFIG_H"
+    cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
 
     msg "build: TF-M config, clang, armv7-m thumb2"
     make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"