crypto-client: simplify build of mbedtls static libraries

Instead of copying the entire library & include folders twice
to build libraries for client and server:

- change the main config file (mbedtls_config.h)
- build in the root library folder
- move the generated library in the psasim folder
- use those library for linking the client/server binaries

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

tests/Makefile

@@ -247,17 +247,3 @@ include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
 	echo "  Gen  $@"
 	sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
 endif
-
-libpsaclient libpsaserver:
-	# Clone the library and include folder for client and server builds.
-	rm -Rf ./$@
-	mkdir ./$@
-	cp -Rf ../library ./$@
-	cp -Rf ../include ./$@
-	cp -Rf ../scripts ./$@
-	mkdir ./$@/3rdparty
-	touch ./$@/3rdparty/Makefile.inc
-	cp ./psa-client-server/psasim/include/crypto_spe.h ./$@/include/psa/
-
-	# Build the libraries.
-	$(MAKE) -C ./$@/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a

tests/psa-client-server/psasim/Makefile

@@ -4,16 +4,11 @@ ifeq ($(DEBUG),1)
 	CFLAGS += -DDEBUG
 endif
 
-LIBPSACLIENT_PATH := ../../libpsaclient
-LIBPSASERVER_PATH := ../../libpsaserver
+LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls
+LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto
 
-LIBPSACLIENT := -L$(LIBPSACLIENT_PATH)/library -lmbedcrypto -lmbedx509 -lmbedtls
-LIBPSASERVER := -L$(LIBPSASERVER_PATH)/library -lmbedcrypto
-
-LIBPSACLIENT_H := -I$(LIBPSACLIENT_PATH)/include
-LIBPSASERVER_H := -I$(LIBPSASERVER_PATH)/include
-
-COMMON_INCLUDE := -I./include
+MBEDTLS_ROOT_PATH = ../../..
+COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include
 
 TEST_BIN = 	test/psa_client \
 			test/psa_partition
@@ -30,22 +25,34 @@ PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c
 PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \
 				 src/psa_ff_server.c
 
-.PHONY: all clean
+.PHONY: all clean libpsaclient libpsaserver
 
 all: $(TEST_BIN)
 
 test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES)
-	$(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
+	$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
 
 test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES)
-	$(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@
+	$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@
 
 $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c
 	tools/psa_autogen.py src/manifest.json
 
+# Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to
+# build client/server applications.
+#
+# Note: these rules assume that mbedtls_config.h is already configured by all.sh.
+# If not using all.sh then the user must do it manually.
+libpsaclient libpsaserver:
+	$(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a
+	mkdir -p $@
+	cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/
+	$(MAKE) -C $(MBEDTLS_ROOT_PATH) clean
+
 clean:
 	rm -f $(TEST_BIN)
 	rm -f $(PARTITION_SERVER_BOOTSTRAP)
+	rm -rf libpsaclient libpsaserver
 	rm -rf include/psa_manifest
 	rm -f test/psa_service_* test/psa_notify_*
 

tests/psa-client-server/psasim/include/crypto_spe.h

@@ -1,131 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- */
-
-/**
- * \file crypto_spe.h
- *
- * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
- *        enabled, this header is included by all .c files in Mbed TLS that
- *        use PSA Crypto function names. This avoids duplication of symbols
- *        between TF-M and Mbed TLS.
- *
- * \note  This file should be included before including any PSA Crypto headers
- *        from Mbed TLS.
- */
-
-#ifndef CRYPTO_SPE_H
-#define CRYPTO_SPE_H
-
-#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
-
-#define psa_crypto_init \
-    PSA_FUNCTION_NAME(psa_crypto_init)
-#define psa_key_derivation_get_capacity \
-    PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
-#define psa_key_derivation_set_capacity \
-    PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
-#define psa_key_derivation_input_bytes \
-    PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
-#define psa_key_derivation_output_bytes \
-    PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
-#define psa_key_derivation_input_key \
-    PSA_FUNCTION_NAME(psa_key_derivation_input_key)
-#define psa_key_derivation_output_key \
-    PSA_FUNCTION_NAME(psa_key_derivation_output_key)
-#define psa_key_derivation_setup \
-    PSA_FUNCTION_NAME(psa_key_derivation_setup)
-#define psa_key_derivation_abort \
-    PSA_FUNCTION_NAME(psa_key_derivation_abort)
-#define psa_key_derivation_key_agreement \
-    PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
-#define psa_raw_key_agreement \
-    PSA_FUNCTION_NAME(psa_raw_key_agreement)
-#define psa_generate_random \
-    PSA_FUNCTION_NAME(psa_generate_random)
-#define psa_aead_encrypt \
-    PSA_FUNCTION_NAME(psa_aead_encrypt)
-#define psa_aead_decrypt \
-    PSA_FUNCTION_NAME(psa_aead_decrypt)
-#define psa_open_key \
-    PSA_FUNCTION_NAME(psa_open_key)
-#define psa_close_key \
-    PSA_FUNCTION_NAME(psa_close_key)
-#define psa_import_key \
-    PSA_FUNCTION_NAME(psa_import_key)
-#define psa_destroy_key \
-    PSA_FUNCTION_NAME(psa_destroy_key)
-#define psa_get_key_attributes \
-    PSA_FUNCTION_NAME(psa_get_key_attributes)
-#define psa_reset_key_attributes \
-    PSA_FUNCTION_NAME(psa_reset_key_attributes)
-#define psa_export_key \
-    PSA_FUNCTION_NAME(psa_export_key)
-#define psa_export_public_key \
-    PSA_FUNCTION_NAME(psa_export_public_key)
-#define psa_purge_key \
-    PSA_FUNCTION_NAME(psa_purge_key)
-#define psa_copy_key \
-    PSA_FUNCTION_NAME(psa_copy_key)
-#define psa_cipher_operation_init \
-    PSA_FUNCTION_NAME(psa_cipher_operation_init)
-#define psa_cipher_generate_iv \
-    PSA_FUNCTION_NAME(psa_cipher_generate_iv)
-#define psa_cipher_set_iv \
-    PSA_FUNCTION_NAME(psa_cipher_set_iv)
-#define psa_cipher_encrypt_setup \
-    PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
-#define psa_cipher_decrypt_setup \
-    PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
-#define psa_cipher_update \
-    PSA_FUNCTION_NAME(psa_cipher_update)
-#define psa_cipher_finish \
-    PSA_FUNCTION_NAME(psa_cipher_finish)
-#define psa_cipher_abort \
-    PSA_FUNCTION_NAME(psa_cipher_abort)
-#define psa_hash_operation_init \
-    PSA_FUNCTION_NAME(psa_hash_operation_init)
-#define psa_hash_setup \
-    PSA_FUNCTION_NAME(psa_hash_setup)
-#define psa_hash_update \
-    PSA_FUNCTION_NAME(psa_hash_update)
-#define psa_hash_finish \
-    PSA_FUNCTION_NAME(psa_hash_finish)
-#define psa_hash_verify \
-    PSA_FUNCTION_NAME(psa_hash_verify)
-#define psa_hash_abort \
-    PSA_FUNCTION_NAME(psa_hash_abort)
-#define psa_hash_clone \
-    PSA_FUNCTION_NAME(psa_hash_clone)
-#define psa_hash_compute \
-    PSA_FUNCTION_NAME(psa_hash_compute)
-#define psa_hash_compare \
-    PSA_FUNCTION_NAME(psa_hash_compare)
-#define psa_mac_operation_init \
-    PSA_FUNCTION_NAME(psa_mac_operation_init)
-#define psa_mac_sign_setup \
-    PSA_FUNCTION_NAME(psa_mac_sign_setup)
-#define psa_mac_verify_setup \
-    PSA_FUNCTION_NAME(psa_mac_verify_setup)
-#define psa_mac_update \
-    PSA_FUNCTION_NAME(psa_mac_update)
-#define psa_mac_sign_finish \
-    PSA_FUNCTION_NAME(psa_mac_sign_finish)
-#define psa_mac_verify_finish \
-    PSA_FUNCTION_NAME(psa_mac_verify_finish)
-#define psa_mac_abort \
-    PSA_FUNCTION_NAME(psa_mac_abort)
-#define psa_sign_hash \
-    PSA_FUNCTION_NAME(psa_sign_hash)
-#define psa_verify_hash \
-    PSA_FUNCTION_NAME(psa_verify_hash)
-#define psa_asymmetric_encrypt \
-    PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
-#define psa_asymmetric_decrypt \
-    PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
-#define psa_generate_key \
-    PSA_FUNCTION_NAME(psa_generate_key)
-
-#endif /* CRYPTO_SPE_H */

tests/scripts/all.sh

@@ -969,7 +969,7 @@ helper_crypto_client_build() {
         scripts/config.py crypto_full
         scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
         scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-        scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
+        # scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
         # Disable NV_SEED as the MBEDTLS_PLATFORM_STD_NV_SEED_FILE is not in
         # right path for mbedtls_platform_std_nv_seed_read(). Just rely on
         # mbedtls_platform_entropy_poll() as entropy source().
@@ -977,7 +977,7 @@ helper_crypto_client_build() {
         scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     fi
 
-    make -C tests CC="$ASAN_CC" CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB
+    make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB
 
     rm $CONFIG_H
     mv $CONFIG_H.bak $CONFIG_H