Merge pull request #9806 from ronald-cron-arm/finalize-split-preparation-1

Finalize split preparation-1

CMakeLists.txt

@@ -413,9 +413,30 @@ add_subdirectory(pkgconfig)
 #
 if(ENABLE_TESTING OR ENABLE_PROGRAMS)
     file(GLOB MBEDTLS_TEST_HELPER_FILES
+         ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
          ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
     add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
     set_base_compile_options(mbedtls_test_helpers)
+
+    if(GEN_FILES)
+        add_custom_command(
+            OUTPUT
+                ${MBEDTLS_DIR}/tests/src/test_certs.h
+            WORKING_DIRECTORY
+                ${MBEDTLS_DIR}/tests
+            COMMAND
+                "${MBEDTLS_PYTHON_EXECUTABLE}"
+                "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
+                "--output"
+                "${MBEDTLS_DIR}/tests/src/test_certs.h"
+            DEPENDS
+                ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
+        )
+        add_custom_target(mbedtls_test_certs_header
+            DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
+        add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header)
+    endif()
+
     target_include_directories(mbedtls_test_helpers
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include

docs/psa-driver-example-and-guide.md

@@ -43,7 +43,7 @@ There are three deliverables for creating such a driver. These are:
  - C header files defining the types required by the driver description. The names of these header files are declared in the driver description file.
  - An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled.
 
-The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/framework/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`.
+The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/tf-psa-crypto/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/framework/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`.
 
 ### Process for Entry Points where auto-generation is not implemented
 

library/CMakeLists.txt

@@ -30,6 +30,7 @@ set(src_tls
     ssl_tls13_server.c
     ssl_tls13_client.c
     ssl_tls13_generic.c
+    timing.c
     version.c
     version_features.c
 )

library/Makefile

@@ -186,7 +186,6 @@ OBJS_CRYPTO= \
 	     $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \
 	     $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \
 	     $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \
-	     $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/timing.o \
 	     # This line is intentionally left blank
 
 THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers
@@ -227,6 +226,7 @@ OBJS_TLS= \
 	  ssl_tls13_client.o \
 	  ssl_tls13_server.o \
 	  ssl_tls13_generic.o \
+	  timing.o \
 	  version.o \
 	  version_features.o \
 	  # This line is intentionally left blank
@@ -389,12 +389,12 @@ version_features.c:
 GENERATED_WRAPPER_FILES = \
                     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
                     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
-$(GENERATED_WRAPPER_FILES): ../scripts/generate_driver_wrappers.py
-$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
-$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
+$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py
+$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
 $(GENERATED_WRAPPER_FILES):
 	echo "  Gen   $(GENERATED_WRAPPER_FILES)"
-	$(PYTHON) ../scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
+	$(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
 
 $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
 

library/ssl_tls.c

@@ -2452,6 +2452,17 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 
+const mbedtls_error_pair_t psa_to_ssl_errors[] =
+{
+    { PSA_SUCCESS,                     0 },
+    { PSA_ERROR_INSUFFICIENT_MEMORY,   MBEDTLS_ERR_SSL_ALLOC_FAILED },
+    { PSA_ERROR_NOT_SUPPORTED,         MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE },
+    { PSA_ERROR_INVALID_SIGNATURE,     MBEDTLS_ERR_SSL_INVALID_MAC },
+    { PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_SSL_BAD_INPUT_DATA },
+    { PSA_ERROR_BAD_STATE,             MBEDTLS_ERR_SSL_INTERNAL_ERROR },
+    { PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL }
+};
+
 psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type,
                                        size_t taglen,
                                        psa_algorithm_t *alg,

library/ssl_tls13_keys.c

@@ -12,7 +12,6 @@
 #include <stdint.h>
 #include <string.h>
 
-#include "mbedtls/hkdf.h"
 #include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"

library/timing.c

@@ -5,7 +5,7 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#include "common.h"
+#include "ssl_misc.h"
 
 #if defined(MBEDTLS_TIMING_C)
 

programs/fuzz/CMakeLists.txt

@@ -28,7 +28,10 @@ add_dependencies(${programs_target} ${executables_with_common_c})
 
 foreach(exe IN LISTS executables_no_common_c executables_with_common_c)
 
-    set(exe_sources ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    set(exe_sources
+        ${exe}.c
+        $<TARGET_OBJECTS:mbedtls_test_helpers>
+        $<TARGET_OBJECTS:tf_psa_crypto_test>)
     if(NOT FUZZINGENGINE_LIB)
         list(APPEND exe_sources onefile.c)
     endif()

programs/pkey/gen_key.c

@@ -22,11 +22,9 @@ int main(void)
 }
 #else
 
-#include "mbedtls/error.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/rsa.h"
-#include "mbedtls/error.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 

programs/pkey/key_app.c

@@ -12,7 +12,6 @@
 #if defined(MBEDTLS_BIGNUM_C) && \
     defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/error.h"
 #include "mbedtls/rsa.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/entropy.h"

programs/pkey/key_app_writer.c

@@ -24,9 +24,7 @@ int main(void)
 }
 #else
 
-#include "mbedtls/error.h"
 #include "mbedtls/pk.h"
-#include "mbedtls/error.h"
 
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"

programs/pkey/pk_decrypt.c

@@ -12,7 +12,6 @@
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/error.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"

programs/pkey/pk_encrypt.c

@@ -12,7 +12,6 @@
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
     defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/error.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"

programs/pkey/pk_sign.c

@@ -25,7 +25,6 @@ int main(void)
 }
 #else
 
-#include "mbedtls/error.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/pk.h"

programs/pkey/pk_verify.c

@@ -23,7 +23,6 @@ int main(void)
 }
 #else
 
-#include "mbedtls/error.h"
 #include "mbedtls/pk.h"
 
 #include <stdio.h>

programs/ssl/CMakeLists.txt

@@ -38,7 +38,10 @@ foreach(exe IN LISTS executables)
             ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h
             ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c)
     endif()
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>
+    add_executable(${exe}
+        ${exe}.c
+        $<TARGET_OBJECTS:mbedtls_test_helpers>
+        $<TARGET_OBJECTS:tf_psa_crypto_test>
         ${extra_sources})
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
@@ -54,7 +57,10 @@ foreach(exe IN LISTS executables)
 endforeach()
 
 if(THREADS_FOUND)
-    add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(ssl_pthread_server
+        ssl_pthread_server.c
+        $<TARGET_OBJECTS:mbedtls_test_helpers>
+        $<TARGET_OBJECTS:tf_psa_crypto_test>)
     set_base_compile_options(ssl_pthread_server)
     target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
                                                           ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)

programs/test/CMakeLists.txt

@@ -4,6 +4,7 @@ set(libs
 
 set(executables_libs
     metatest
+    query_compile_time_config
     query_included_headers
     selftest
     udp_proxy
@@ -13,7 +14,6 @@ add_dependencies(${ssl_opt_target} udp_proxy)
 
 set(executables_mbedcrypto
     benchmark
-    query_compile_time_config
     zeroize
 )
 add_dependencies(${programs_target} ${executables_mbedcrypto})

programs/test/benchmark.c

@@ -46,7 +46,7 @@ int main(void)
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/ecdh.h"
 
-#include "mbedtls/error.h"
+#include "mbedtls/error_common.h"
 
 /* *INDENT-OFF* */
 #ifndef asm

programs/x509/CMakeLists.txt

@@ -20,6 +20,8 @@ foreach(exe IN LISTS executables)
 endforeach()
 
 target_link_libraries(cert_app ${mbedtls_target})
+# For mbedtls_timing_get_timer()
+target_link_libraries(load_roots ${mbedtls_target})
 
 install(TARGETS ${executables}
         DESTINATION "bin"

scripts/config.py

@@ -220,6 +220,7 @@ def include_in_crypto(name):
             'MBEDTLS_DEBUG_C', # part of libmbedtls
             'MBEDTLS_NET_C', # part of libmbedtls
             'MBEDTLS_PKCS7_C', # part of libmbedx509
+            'MBEDTLS_TIMING_C', # part of libmbedtls
             'MBEDTLS_ERROR_C', # part of libmbedx509
             'MBEDTLS_ERROR_STRERROR_DUMMY', # part of libmbedx509
     ]:

scripts/make_generated_files.bat

@@ -9,7 +9,7 @@
 @rem @@@@ library\** @@@@
 @rem psa_crypto_driver_wrappers.h needs to be generated prior to
 @rem generate_visualc_files.pl being invoked.
-python scripts\generate_driver_wrappers.py || exit /b 1
+python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1
 perl scripts\generate_errors.pl || exit /b 1
 perl scripts\generate_query_config.pl || exit /b 1
 perl scripts\generate_features.pl || exit /b 1

tests/Makefile

@@ -310,7 +310,6 @@ test: check
 define libtestdriver1_rewrite :=
 	s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \
 	s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \
-	s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_legacy_crypto.h!$${1}libtestdriver1/include/mbedtls/config_adjust_legacy_crypto.h!; \
 	s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \
 	s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \
 	s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \
@@ -333,10 +332,11 @@ libtestdriver1.a:
 	cp -Rf ../framework ./libtestdriver1
 	cp -Rf ../library ./libtestdriver1
 	cp -Rf ../include ./libtestdriver1
+	cp -Rf ../scripts ./libtestdriver1
 	cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto
 	cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto
 	cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers
-	cp -Rf ../scripts ./libtestdriver1
+	cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto
 
 	# Set the test driver base (minimal) configuration.
 	cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h

tests/scripts/check-generated-files.sh

@@ -145,6 +145,8 @@ if [ -d tf-psa-crypto ]; then
     check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list)
     check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list)
     cd ..
+    check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
+                                                            ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
     check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data
 else
     check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
@@ -155,12 +157,12 @@ else
     fi
     check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
     check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
+    check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
+                                              ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
 fi
 
 check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
 check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h
-check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
-                                          ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
 
 # Additional checks for Mbed TLS only
 if in_mbedtls_repo; then
@@ -179,4 +181,4 @@ fi
 # Generated files that are present in the repository even in the development
 # branch. (This is intended to be temporary, until the generator scripts are
 # fully reviewed and the build scripts support a generated header file.)
-check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
+check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c

tf-psa-crypto/CMakeLists.txt

@@ -65,7 +65,7 @@ endif()
 # Set the project, Mbed TLS and framework root directory.
 set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
 set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
-set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
+set(TF_PSA_CRYPTO_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
 
 # Put the version numbers into relevant files
 set(version_number_files
@@ -376,8 +376,8 @@ if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
     endif()
 endif()
 
-if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
-    message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+if (NOT EXISTS "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/CMakeLists.txt")
+    message(FATAL_ERROR "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
 endif()
 
 add_subdirectory(include)
@@ -401,46 +401,32 @@ add_subdirectory(pkgconfig)
 #
 if(ENABLE_TESTING OR ENABLE_PROGRAMS)
     file(GLOB MBEDTLS_TEST_FILES
-         ${MBEDTLS_FRAMEWORK_DIR}/tests/src/*.c
-         ${MBEDTLS_FRAMEWORK_DIR}/tests/src/drivers/*.c
-         ${MBEDTLS_DIR}/tests/src/*.c)
+         ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/*.c
+         ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/drivers/*.c
+         ${TF_PSA_CRYPTO_DIR}/tests/src/*.c)
     add_library(tf_psa_crypto_test OBJECT ${MBEDTLS_TEST_FILES})
     set_base_compile_options(tf_psa_crypto_test)
     if(GEN_FILES)
         add_custom_command(
             OUTPUT
-                ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h
+                ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h
             WORKING_DIRECTORY
                 ${MBEDTLS_DIR}/tests
             COMMAND
                 "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
-                "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
+                "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
                 "--output"
-                "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h"
+                "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h"
             DEPENDS
-                ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
+                ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_keys.py
         )
-        add_custom_target(tf_psa_crypto_test_keys_header DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h)
-
-        add_custom_command(
-            OUTPUT
-                ${MBEDTLS_DIR}/tests/src/test_certs.h
-            WORKING_DIRECTORY
-                ${MBEDTLS_DIR}/tests
-            COMMAND
-                "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
-                "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
-                "--output"
-                "${MBEDTLS_DIR}/tests/src/test_certs.h"
-            DEPENDS
-                ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
-        )
-        add_custom_target(tf_psa_crypto_test_certs_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
-        add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header tf_psa_crypto_test_certs_header)
+        add_custom_target(tf_psa_crypto_test_keys_header
+            DEPENDS ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h)
+        add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header)
     endif()
     target_include_directories(tf_psa_crypto_test
-        PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
-        PRIVATE ${MBEDTLS_DIR}/tests/include
+        PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
+        PRIVATE ${TF_PSA_CRYPTO_DIR}/tests/include
         PRIVATE ${MBEDTLS_DIR}/include
         PRIVATE include
         PRIVATE drivers/builtin/include

tf-psa-crypto/core/CMakeLists.txt

@@ -15,12 +15,12 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
         COMMAND
             ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-                ${MBEDTLS_DIR}/scripts/generate_driver_wrappers.py
+                ${TF_PSA_CRYPTO_DIR}/scripts/generate_driver_wrappers.py
                 ${CMAKE_CURRENT_BINARY_DIR}
         DEPENDS
-            ${MBEDTLS_DIR}/scripts/generate_driver_wrappers.py
-            ${MBEDTLS_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
-            ${MBEDTLS_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
+            ${TF_PSA_CRYPTO_DIR}/scripts/generate_driver_wrappers.py
+            ${TF_PSA_CRYPTO_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+            ${TF_PSA_CRYPTO_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
     )
 else()
     link_to_source(psa_crypto_driver_wrappers.h)

tf-psa-crypto/drivers/builtin/src/psa_util.c

@@ -28,10 +28,6 @@
 #if defined(MBEDTLS_LMS_C)
 #include <mbedtls/lms.h>
 #endif
-#if defined(MBEDTLS_SSL_TLS_C) && \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
-#include <mbedtls/ssl.h>
-#endif
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
 #include <mbedtls/rsa.h>
@@ -79,20 +75,6 @@ const mbedtls_error_pair_t psa_to_lms_errors[] =
 };
 #endif
 
-#if defined(MBEDTLS_SSL_TLS_C) && \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
-const mbedtls_error_pair_t psa_to_ssl_errors[] =
-{
-    { PSA_SUCCESS,                     0 },
-    { PSA_ERROR_INSUFFICIENT_MEMORY,   MBEDTLS_ERR_SSL_ALLOC_FAILED },
-    { PSA_ERROR_NOT_SUPPORTED,         MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE },
-    { PSA_ERROR_INVALID_SIGNATURE,     MBEDTLS_ERR_SSL_INVALID_MAC },
-    { PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_SSL_BAD_INPUT_DATA },
-    { PSA_ERROR_BAD_STATE,             MBEDTLS_ERR_SSL_INTERNAL_ERROR },
-    { PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL }
-};
-#endif
-
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
 const mbedtls_error_pair_t psa_to_pk_rsa_errors[] =

tf-psa-crypto/scripts/framework_scripts_path.py

@@ -0,0 +1,18 @@
+"""Add our Python library directory to the module search path.
+
+Usage:
+
+    import framework_scripts_path # pylint: disable=unused-import
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
+import os
+import sys
+
+sys.path.append(os.path.join(os.path.dirname(__file__),
+                             os.path.pardir,
+                             os.path.pardir,
+                             'framework', 'scripts'))

tf-psa-crypto/scripts/generate_driver_wrappers.py

@@ -179,6 +179,8 @@ def main() -> int:
     args = parser.parse_args()
 
     project_root = os.path.abspath(args.project_root)
+    if build_tree.looks_like_mbedtls_root(project_root):
+        project_root = os.path.join(project_root, 'tf-psa-crypto')
 
     crypto_core_directory = build_tree.crypto_core_directory(project_root)
 

tf-psa-crypto/tests/CMakeLists.txt

@@ -14,7 +14,7 @@ file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
 execute_process(
     COMMAND
         ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-        ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+        ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
         --list-for-cmake
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -26,7 +26,7 @@ string(REGEX REPLACE "[^;]*/" ""
 execute_process(
     COMMAND
         ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-        ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
+        ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_config_tests.py
         --list-for-cmake
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -45,7 +45,7 @@ endforeach()
 execute_process(
     COMMAND
         ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-        ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+        ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
         --list-for-cmake
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -57,7 +57,7 @@ string(REGEX REPLACE "[^;]*/" ""
 execute_process(
     COMMAND
         ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-        ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+        ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
         --list-for-cmake
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -98,16 +98,16 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND
             ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
             --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
         DEPENDS
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_core.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod_raw.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_core.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod_raw.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
     )
     add_custom_command(
         OUTPUT
@@ -116,11 +116,11 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND
             ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_config_tests.py
             --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
             ${config_generated_data_files}
         DEPENDS
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_config_tests.py
             # Do not declare the configuration files as dependencies: they
             # change too often in ways that don't affect the result
             # ((un)commenting some options).
@@ -132,14 +132,14 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND
             ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
             --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
         DEPENDS
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/ecp.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/ecp.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
     )
     add_custom_command(
         OUTPUT
@@ -148,17 +148,17 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_SOURCE_DIR}/..
         COMMAND
             ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
             --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
         DEPENDS
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_data_tests.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_knowledge.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/macro_collector.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_information.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_storage.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_data_tests.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_knowledge.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/macro_collector.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_information.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_storage.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
             ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
             ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
             ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
@@ -272,7 +272,7 @@ function(add_test_suite suite_name)
             test_suite_${data_name}.c
         COMMAND
             ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_code.py
             -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
             -d ${data_file}
             -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
@@ -281,7 +281,7 @@ function(add_test_suite suite_name)
             --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
             -o .
         DEPENDS
-            ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
+            ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_code.py
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
             ${data_file}
             ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
@@ -303,7 +303,7 @@ function(add_test_suite suite_name)
     # files are automatically included because the library targets declare
     # them as PUBLIC.
     target_include_directories(test_suite_${data_name}
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+        PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../core
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../drivers/builtin/src)