When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We had 4 identical copies of the check_repo_path function. Replace them by a
single copy in the build_tree module where it naturally belongs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were using absolute imports under the assumption that the /scripts
directory is in the path. This worked in normal use because every one of our
Python scripts either were in the /scripts directory, or added the /scripts
directory to the module search path in order to reference mbedtls_dev.
However, this broke things like
```
python3 -m unittest scripts/mbedtls_dev/psa_storage.py
```
Fix this by using relative imports.
Relative imports are only supposed to be used inside a package (Python
doesn't complain, but Pylint does). So make /scripts/mbedtls_dev a proper
package by creating __init__.py.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The option to --directory was intended to be relative to the current
directory when the script is invoked, which is the intuitive behavior. But
this was not implemented correctly, and it was actually interpreted relative
to the mbedtls root (which the script chdir's into). Fix this.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We have Python code both for test code generation
(tests/scripts/generate_test_code.py) and now for test data generation.
Avoid the ambiguous expression "test generation".
This commit renames the Python module and adjusts all references to it. A
subsequent commit will adjust the documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Arg parse improved to update the input params path relative to
mbedtls_root passed, if the other params are not explicitly passed.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
Workaround a MyPy error by marking the driver json Object as of type
dict and indexable.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
* JSON Schema manually updated to be more semantically valid.
* Python script improved to be more verbose with exceptions
* Templating file improved by adding an additional macro.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
jsonschema is added to the ci scripts and Dockerfile
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
Function names can be provided against entry points.
This helps to ensure easy migration for misnamed functions.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
(1) Add in driver jsons.
(2) Improve Python scripts to take JSON file directory and template
directory paths as arguments.
(3) Add in file augment template files to template common functionality
(4) render tempplates for Header files, ID generation and key
management.
(5) Changed driver ID nomenclature to be in synch with function names.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This reverts commit f156c43702bec949c80a56a993a0d5009e39ab17. Adds a
comment to explain reasoning for current implementation.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes#5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.
This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:
* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
