Merge pull request #9668 from gilles-peskine-arm/analyze_outcome-split-dev
Split check_test_cases.py and outcome_analysis.py
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f05e1e3..8372905 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -59,8 +59,9 @@
endif()
endif()
-# Set the project root directory.
+# Set the project and framework root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/framework)
option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
@@ -95,6 +96,19 @@
option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()
+option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
+
+set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto")
+if (USE_STATIC_MBEDTLS_LIBRARY)
+ set(mbedcrypto_static_target ${mbedcrypto_target})
+endif()
+if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+ string(APPEND mbedcrypto_static_target "_static")
+endif()
+
# Warning string - created as a list for compatibility with CMake 2.8
set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
@@ -300,8 +314,8 @@
set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
endif()
-if (NOT EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/framework/CMakeLists.txt")
- message(FATAL_ERROR "${CMAKE_CURRENT_SOURCE_DIR}/framework/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
+ message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
endif()
add_subdirectory(framework)
@@ -340,11 +354,11 @@
${CMAKE_CURRENT_SOURCE_DIR}/tests
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
- "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
"--output"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h"
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
)
add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h)
add_custom_command(
@@ -354,11 +368,11 @@
${CMAKE_CURRENT_SOURCE_DIR}/tests
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
- "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
"--output"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
)
add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
add_dependencies(mbedtls_test test_keys_header test_certs_header)
@@ -417,7 +431,6 @@
enable_testing()
add_subdirectory(tests)
- add_subdirectory(tf-psa-crypto/tests)
# additional convenience targets for Unix only
if(UNIX)
diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile
index 1c31464..7f5254f 100644
--- a/docs/proposed/Makefile
+++ b/docs/proposed/Makefile
@@ -3,6 +3,7 @@
default: all
all_markdown = \
+ config-split.md \
psa-conditional-inclusion-c.md \
psa-driver-developer-guide.md \
psa-driver-integration-guide.md \
diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
new file mode 100644
index 0000000..fd8a8c7
--- /dev/null
+++ b/docs/proposed/config-split.md
@@ -0,0 +1,468 @@
+Configuration file split
+========================
+
+## Why split the configuration file?
+
+The objective of the repository split is to reach the point where in Mbed TLS
+all the cryptography code and its tests are located in a `tf-psa-crypto`
+directory that just contains the TF-PSA-Crypto repository as a submodule.
+The cryptography APIs exposed by Mbed TLS are just the TF-PSA-Crypto ones.
+Mbed TLS relies solely on the TF-PSA-Crypto build system to build its
+cryptography library and its tests.
+
+The TF-PSA-Crypto configuration file `tf_psa_crypto_config.h` configures
+entirely the cryptography interface exposed by Mbed TLS through TF-PSA-Crypto.
+Mbed TLS configuration is split in two files: `mbedtls_config.h` for TLS and
+x509, `tf_psa_crypto_config.h` for the cryptography.
+
+## How do we split the configuration file?
+
+We extend the so-called PSA cryptographic configuration scheme based on
+`mbedtls_config.h` and `crypto_config.h`. The configuration file `crypto_config.h`
+is extended to become the TF-PSA-Crypto configuration file, `mbedtls_config.h`
+becomes the configuration file for the TLS and x509 libraries. All the options
+to select the cryptographic mechanisms and to configure their implementation
+are moved from `mbedtls_config.h` to `(tf_psa_)crypto_config.h`.
+
+The configuration options that are relevant to both Mbed TLS and TF-PSA-Crypto
+like platform or system ones are moved to `(tf_psa_)crypto_config.h`. That way
+they are available in both repositories (as Mbed TLS includes
+`tf_psa_crypto_config.h`) without duplication. Later, we may duplicate or
+create aliases for some of them to align with the naming conventions of the
+repositories.
+
+The cryptographic configuration options in `tf_psa_crypto_config.h` are
+organized into sections that are different from the ones in the pre-split
+`mbedtls_config.h` (see below). This is first to take into account the
+specifics of TF-PSA-Crypto, for example a specific section for the
+configuration of builtin drivers. We also get rid of the grouping of non
+boolean options into a dedicated section: related boolean and non boolean
+configuration options are rather grouped together into the same section.
+
+Finally, for consistency, the sections in `mbedtls_config.h` are reorganized
+to be better aligned with the `tf_psa_crypto_config.h` ones.
+
+
+## Configuration files and `config.py`
+
+Each repository contains a `config.py` script to create and modify
+configurations.
+
+In Mbed TLS, `config.py` handles both `mbedtls_config.h` and
+`tf_psa_crypto_config.h`. It can set or unset TLS, x509 and cryptographic
+configuration options without having to specify the configuration file the
+options belong to. Commands like full and baremetal affect both configuration
+files.
+
+In TF-PSA-Crypto, `config.py` addresses only `tf_psa_crypto_config.h`.
+
+## Sections in `tf_psa_crypto_config.h`
+
+The `tf_psa_crypto_config.h` configuration file is organized into eight
+sections.
+
+The pre-split `mbedtls_config.h` configuration file contains configuration
+options that apply to the whole code base (TLS, x509, crypto and tests) mostly
+related to the platform abstraction layer and testing. In
+`tf_psa_crypto_config.h` these configurations options are organized into two
+sections, one for the platform abstraction layer options and one for the others,
+respectively named ["Platform abstraction layer"](#section-platform-abstraction-layer)
+and ["General and test configuration options"](#section-general-and-test-configuration-options).
+
+Then, the ["Cryptographic mechanism selection (PSA API)"](#section-cryptographic-mechanism-selection-PSA-API)
+section is the equivalent of the pre-split `crypto_config.h` configuration file
+containing the PSA_WANT_ prefixed macros.
+
+The following section named
+["Cryptographic mechanism selection (extended API)"](#section-cryptographic-mechanism-selection-extended-API)
+contains the configuration options for the cryptography mechanisms that are not
+yet part of the PSA cryptography API (like LMS or PK).
+
+It is followed by the ["Data format support"](#section-data-format-support)
+section that contains configuration options of utilities related to various data
+formats (like Base64 or ASN.1 APIs). These utilities aim to facilitate the
+usage of the PSA cryptography API in other cryptography projects.
+
+Compared to Mbed TLS, the cryptography code in TF-PSA-Crypto is not located
+in a single directory but split between the PSA core (core directory) and the
+PSA builtin drivers (drivers/builtin/src directory). This is reflected in
+`tf_psa_crypto_config.h` with two sections respectively named ["PSA core"](#section-psa-core)
+and ["Builtin drivers"](#section-builtin-drivers).
+
+Finally, the last section named ["Legacy cryptography"](#section-legacy-cryptography)
+contains the configuration options that will eventually be removed as duplicates
+of PSA_WANT_\* and MBEDTLS_PSA_ACCEL_\* configuration options.
+
+## Sections in `mbedtls_config.h`
+
+The sections in `mbedtls_config.h` are reorganized to be better aligned with
+the ones in `tf_psa_crypto_config.h`. The main change is the reorganization
+of the "Mbed TLS modules", "Mbed TLS feature support" and
+"Module configuration options" sections into the
+["TLS feature selection"](#section-tls-feature-selection) and
+["X.509 feature selection"](#section-x-509-feature-selection) sections. That
+way all TLS/x509 options are grouped into one section and there is no
+section dedicated to non boolean configuration options anymore.
+
+
+## Repartition of the configuration options
+
+### In `tf_psa_crypto_config.h`, we have:
+#### SECTION Platform abstraction layer
+```
+#define MBEDTLS_FS_IO
+#define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_TIME_DATE
+//#define MBEDTLS_MEMORY_BACKTRACE
+//#define MBEDTLS_MEMORY_DEBUG
+#define MBEDTLS_PLATFORM_C
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+//#define MBEDTLS_PLATFORM_MEMORY
+//#define MBEDTLS_PLATFORM_MS_TIME_ALT
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SETBUF_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+//#define MBEDTLS_THREADING_ALT
+//#define MBEDTLS_THREADING_C
+//#define MBEDTLS_THREADING_PTHREAD
+
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc
+//#define MBEDTLS_PLATFORM_EXIT_MACRO exit
+//#define MBEDTLS_PLATFORM_FREE_MACRO free
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf
+//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf
+//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
+//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
+//#define MBEDTLS_PLATFORM_STD_EXIT exit
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0
+//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
+//#define MBEDTLS_PLATFORM_STD_FREE free
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h>
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
+//#define MBEDTLS_PLATFORM_STD_PRINTF printf
+//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf
+//#define MBEDTLS_PLATFORM_STD_TIME time
+//#define MBEDTLS_PLATFORM_TIME_MACRO time
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf
+//#define MBEDTLS_PRINTF_MS_TIME PRId64
+```
+
+#### SECTION General and test configuration options
+Note: for consistency with the configuration file name change from
+`crypto_config.h` to `tf_psa_crypto_config.h`, the configuration options
+`MBEDTLS_PSA_CRYPTO_CONFIG_FILE` and `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE` are
+respectively renamed `TF_PSA_CRYPTO_CONFIG_FILE` and
+`TF_PSA_CRYPTO_USER_CONFIG_FILE`. These are the only configuration options
+renamed by this document.
+```
+//#define MBEDTLS_CHECK_RETURN_WARNING
+//#define MBEDTLS_DEPRECATED_REMOVED
+//#define MBEDTLS_DEPRECATED_WARNING
+#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+//#define MBEDTLS_TEST_HOOKS
+
+//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
+//#define TF_PSA_CRYPTO_CONFIG_FILE "psa/tf_psa_crypto_config.h"
+//#define TF_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+```
+
+#### SECTION Cryptographic mechanism selection (PSA API)
+PSA_WANT_\* macros as in current `crypto_config.h`.
+
+
+#### SECTION Cryptographic mechanism selection (extended API)
+```
+#define MBEDTLS_LMS_C
+//#define MBEDTLS_LMS_PRIVATE
+#define MBEDTLS_MD_C
+#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#define MBEDTLS_PK_WRITE_C
+
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
+//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
+```
+
+
+#### SECTION Data format support
+```
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+```
+
+
+#### SECTION PSA core
+```
+#define MBEDTLS_ENTROPY_C
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+//#define MBEDTLS_ENTROPY_NV_SEED
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+#define MBEDTLS_PSA_CRYPTO_C
+//#define MBEDTLS_PSA_CRYPTO_CLIENT
+//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+//#define MBEDTLS_PSA_CRYPTO_SPM
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+//#define MBEDTLS_PSA_INJECT_ENTROPY
+#define MBEDTLS_PSA_ITS_FILE_C
+
+//#define MBEDTLS_ENTROPY_MAX_GATHER 128
+//#define MBEDTLS_ENTROPY_MAX_SOURCES 20
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32
+//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
+//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
+//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+```
+
+#### SECTION Builtin drivers
+```
+#define MBEDTLS_AESCE_C
+#define MBEDTLS_AESNI_C
+//#define MBEDTLS_AES_FEWER_TABLES
+//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+//#define MBEDTLS_AES_ROM_TABLES
+//#define MBEDTLS_AES_USE_HARDWARE_ONLY
+//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+#define MBEDTLS_ECP_NIST_OPTIM
+//#define MBEDTLS_ECP_RESTARTABLE
+//#define MBEDTLS_ECP_WITH_MPI_UINT
+//#define MBEDTLS_GCM_LARGE_TABLE
+#define MBEDTLS_HAVE_ASM
+//#define MBEDTLS_HAVE_SSE2
+//#define MBEDTLS_NO_UDBL_DIVISION
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
+//#define MBEDTLS_RSA_NO_CRT
+//#define MBEDTLS_SHA256_SMALLER
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+//#define MBEDTLS_SHA512_SMALLER
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
+//#define MBEDTLS_ECP_WINDOW_SIZE 4
+//#define MBEDTLS_MPI_MAX_SIZE 1024
+//#define MBEDTLS_MPI_WINDOW_SIZE 2
+//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
+```
+
+
+#### SECTION Legacy cryptography
+```
+#define MBEDTLS_AES_C
+#define MBEDTLS_ARIA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CAMELLIA_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CHACHA20_C
+#define MBEDTLS_CHACHAPOLY_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_MODE_CFB
+#define MBEDTLS_CIPHER_MODE_CTR
+#define MBEDTLS_CIPHER_MODE_OFB
+#define MBEDTLS_CIPHER_MODE_XTS
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_CTR_DRBG_C
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+#define MBEDTLS_DES_C
+#define MBEDTLS_DHM_C
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_GCM_C
+#define MBEDTLS_GENPRIME
+#define MBEDTLS_HKDF_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD5_C
+#define MBEDTLS_PADLOCK_C
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
+#define MBEDTLS_POLY1305_C
+//#define MBEDTLS_PSA_CRYPTO_CONFIG
+//#define MBEDTLS_PSA_CRYPTO_SE_C
+#define MBEDTLS_RIPEMD160_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA3_C
+#define MBEDTLS_SHA512_C
+```
+
+
+### In `mbedtls_config.h`, we have:
+#### SECTION Platform abstraction layer
+```
+#define MBEDTLS_NET_C
+//#define MBEDTLS_TIMING_ALT
+#define MBEDTLS_TIMING_C
+```
+
+
+#### SECTION General configuration options
+```
+#define MBEDTLS_ERROR_C
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+#define MBEDTLS_VERSION_C
+#define MBEDTLS_VERSION_FEATURES
+
+//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+```
+
+
+#### SECTION TLS feature selection
+```
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+#define MBEDTLS_DEBUG_C
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#define MBEDTLS_SSL_ALPN
+//#define MBEDTLS_SSL_ASYNC_PRIVATE
+#define MBEDTLS_SSL_CACHE_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
+#define MBEDTLS_SSL_COOKIE_C
+//#define MBEDTLS_SSL_DEBUG_ALL
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+//#define MBEDTLS_SSL_DTLS_SRTP
+//#define MBEDTLS_SSL_EARLY_DATA
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_TLS1_3
+//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
+#define MBEDTLS_SSL_RENEGOTIATION
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+#define MBEDTLS_SSL_SESSION_TICKETS
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TICKET_C
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+#define MBEDTLS_SSL_TLS_C
+//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+
+//#define MBEDTLS_PSK_MAX_LEN 32
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400
+//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+```
+
+
+#### SECTION X.509 feature selection
+```
+#define MBEDTLS_PKCS7_C
+#define MBEDTLS_X509_CREATE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRT_WRITE_C
+#define MBEDTLS_X509_CSR_PARSE_C
+#define MBEDTLS_X509_CSR_WRITE_C
+//#define MBEDTLS_X509_REMOVE_INFO
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+#define MBEDTLS_X509_USE_C
+
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
+```
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/version.h b/include/mbedtls/version.h
similarity index 100%
rename from tf-psa-crypto/drivers/builtin/include/mbedtls/version.h
rename to include/mbedtls/version.h
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 0f75822..ca48a75 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,8 +1,3 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
-
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
# including the top level CMakeLists.txt.
@@ -10,92 +5,6 @@
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
-set(TF_PSA_CRYPTO_CORE_DIR ../tf-psa-crypto/core)
-set(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR ../tf-psa-crypto/drivers/builtin/src)
-
-set(src_crypto
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aes.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aesni.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aesce.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aria.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/asn1parse.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/asn1write.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/base64.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_core.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_mod.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_mod_raw.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/block_cipher.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/camellia.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ccm.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/chacha20.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/chachapoly.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cipher.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cipher_wrap.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/constant_time.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cmac.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ctr_drbg.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/des.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/dhm.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecdh.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecdsa.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecjpake.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp_curves.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp_curves_new.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/entropy.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/entropy_poll.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/gcm.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/hkdf.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/hmac_drbg.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/lmots.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/lms.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/md.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/md5.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/memory_buffer_alloc.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/nist_kw.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/oid.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pem.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk_ecc.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk_wrap.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkcs12.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkcs5.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkparse.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkwrite.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/platform.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/platform_util.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/poly1305.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_aead.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_cipher.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_client.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_ecp.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_ffdh.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_hash.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_mac.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_pake.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_rsa.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_se.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_slot_management.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_storage.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_its_file.c
- ${TF_PSA_CRYPTO_CORE_DIR}/psa_util.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ripemd160.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/rsa.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/rsa_alt_helpers.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha1.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha256.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha512.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha3.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/threading.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/timing.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version.c
- ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
-)
-
set(src_x509
pkcs7.c
x509.c
@@ -127,39 +36,20 @@
ssl_tls13_server.c
ssl_tls13_client.c
ssl_tls13_generic.c
+ version.c
+ version_features.c
)
if(GEN_FILES)
- find_package(Perl REQUIRED)
-
- file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls/*.h)
- file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
- COMMAND
- ${PERL_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
- ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls
- ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
- DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
- ${crypto_error_headers}
- ${tls_error_headers}
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
- )
-
- add_custom_command(
- OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
+ ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
+ ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
@@ -178,26 +68,9 @@
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
${tls_error_headers}
)
-
- add_custom_command(
- OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers.h
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c
- COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
- ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}
- DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
- )
else()
- link_to_source(${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c)
- link_to_source(${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c)
+ link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
- link_to_source(${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers.h)
- link_to_source(${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
@@ -220,10 +93,6 @@
endif()
endif()
-if(WIN32)
- set(libs ${libs} ws2_32 bcrypt)
-endif(WIN32)
-
if(CMAKE_C_COMPILER_ID MATCHES "AppleClang")
set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
@@ -241,57 +110,33 @@
set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT})
endif()
-if(LINK_WITH_TRUSTED_STORAGE)
- set(libs ${libs} trusted_storage)
-endif()
-
if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
set(mbedtls_target "${MBEDTLS_TARGET_PREFIX}mbedtls")
set(mbedx509_target "${MBEDTLS_TARGET_PREFIX}mbedx509")
-set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto")
set(mbedtls_target ${mbedtls_target} PARENT_SCOPE)
set(mbedx509_target ${mbedx509_target} PARENT_SCOPE)
-set(mbedcrypto_target ${mbedcrypto_target} PARENT_SCOPE)
if (USE_STATIC_MBEDTLS_LIBRARY)
- set(mbedtls_static_target ${mbedtls_target})
- set(mbedx509_static_target ${mbedx509_target})
- set(mbedcrypto_static_target ${mbedcrypto_target})
+ set(mbedtls_static_target ${mbedtls_target})
+ set(mbedx509_static_target ${mbedx509_target})
endif()
-set(target_libraries ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
+set(target_libraries ${mbedx509_target} ${mbedtls_target})
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
string(APPEND mbedtls_static_target "_static")
string(APPEND mbedx509_static_target "_static")
- string(APPEND mbedcrypto_static_target "_static")
list(APPEND target_libraries
- ${mbedcrypto_static_target}
${mbedx509_static_target}
${mbedtls_static_target})
endif()
-set(p256m_target "${MBEDTLS_TARGET_PREFIX}p256m")
-set(everest_target "${MBEDTLS_TARGET_PREFIX}everest")
-
if(USE_STATIC_MBEDTLS_LIBRARY)
- add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
-
- if(TARGET ${everest_target})
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${everest_target})
- endif()
-
- if(TARGET ${p256m_target})
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${p256m_target})
- endif()
-
add_library(${mbedx509_static_target} STATIC ${src_x509})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
@@ -302,19 +147,6 @@
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
- set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
- add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16)
- target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
-
- if(TARGET ${everest_target})
- target_link_libraries(${mbedcrypto_target} PUBLIC ${everest_target})
- endif()
-
- if(TARGET ${p256m_target})
- target_link_libraries(${mbedcrypto_target} PUBLIC ${p256m_target})
- endif()
-
add_library(${mbedx509_target} SHARED ${src_x509})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
@@ -336,9 +168,7 @@
$<INSTALL_INTERFACE:include/>
PRIVATE ${MBEDTLS_DIR}/library/
${MBEDTLS_DIR}/tf-psa-crypto/core
- ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src
- # Needed to include psa_crypto_driver_wrappers.h
- ${CMAKE_CURRENT_BINARY_DIR}/../tf-psa-crypto/core)
+ ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
if(MBEDTLS_CONFIG_FILE)
target_compile_definitions(${target}
@@ -359,7 +189,7 @@
set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
-add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
+add_custom_target(${lib_target} DEPENDS ${mbedx509_target} ${mbedtls_target})
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
- add_dependencies(${lib_target} ${mbedcrypto_static_target} ${mbedx509_static_target} ${mbedtls_static_target})
+ add_dependencies(${lib_target} ${mbedx509_static_target} ${mbedtls_static_target})
endif()
diff --git a/library/Makefile b/library/Makefile
index e965158..9490aa7 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -7,7 +7,7 @@
GENERATED_FILES := \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c \
+ version_features.c \
ssl_debug_helpers_generated.c \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
@@ -111,21 +111,12 @@
OBJS_CRYPTO= \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_aead.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_cipher.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_ecp.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_ffdh.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_hash.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_mac.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_pake.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_rsa.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \
- $(TF_PSA_CRYPTO_CORE_PATH)/psa_util.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aes.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesni.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesce.o \
@@ -179,6 +170,15 @@
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform_util.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/poly1305.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_aead.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_cipher.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ecp.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ffdh.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_hash.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_mac.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_pake.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_rsa.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_util.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ripemd160.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa_alt_helpers.o \
@@ -188,8 +188,6 @@
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \
$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/timing.o \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version.o \
- $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.o \
# This line is intentionally left blank
THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers
@@ -229,6 +227,8 @@
ssl_tls13_client.o \
ssl_tls13_server.o \
ssl_tls13_generic.o \
+ version.o \
+ version_features.o \
# This line is intentionally left blank
.SILENT:
@@ -370,15 +370,15 @@
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
-$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
-$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
+version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
+version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
#version_features.c: ../include/mbedtls/mbedtls_config.h
-$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c:
+version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
diff --git a/tf-psa-crypto/drivers/builtin/src/version.c b/library/version.c
similarity index 100%
rename from tf-psa-crypto/drivers/builtin/src/version.c
rename to library/version.c
diff --git a/scripts/config.py b/scripts/config.py
index 580a4bb..beeb5e2 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -210,6 +210,7 @@
def include_in_crypto(name):
"""Rules for symbols in a crypto configuration."""
if name.startswith('MBEDTLS_X509_') or \
+ name.startswith('MBEDTLS_VERSION_') or \
name.startswith('MBEDTLS_SSL_') or \
name.startswith('MBEDTLS_KEY_EXCHANGE_'):
return False
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 6972682..cea8c11 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -16,7 +16,7 @@
} else {
$include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
- $feature_file = 'tf-psa-crypto/drivers/builtin/src/version_features.c';
+ $feature_file = 'library/version_features.c';
unless( -d $include_dir && -d $data_dir ) {
chdir '..' or die;
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 4a42efe..5b68503 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -21,7 +21,7 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -55,11 +55,11 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
${config_generated_data_files}
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
# Do not declare the configuration files as dependencies: they
# change too often in ways that don't affect the result
# ((un)commenting some options).
@@ -140,7 +140,7 @@
test_suite_${data_name}.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_test_code.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
-f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
-d ${data_file}
-t ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/main_test.function
@@ -149,7 +149,7 @@
--helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/helpers.function
-o .
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_test_code.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
${data_file}
${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/main_test.function
diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c
index 10ab5a2..44939f1 100644
--- a/tests/psa-client-server/psasim/src/server.c
+++ b/tests/psa-client-server/psasim/src/server.c
@@ -52,12 +52,14 @@
psa_msg_t msg = { -1 };
const int magic_num = 66;
int client_disconnected = 0;
- char mbedtls_version[18];
extern psa_status_t psa_crypto_call(psa_msg_t msg);
extern psa_status_t psa_crypto_close(void);
+#if defined(MBEDTLS_VERSION_C)
+ char mbedtls_version[18];
mbedtls_version_get_string_full(mbedtls_version);
SERVER_PRINT("%s", mbedtls_version);
+#endif
parse_input_args(argc, argv);
SERVER_PRINT("Starting");
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index c57ff04..2a11207 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -172,7 +172,7 @@
if in_mbedtls_repo; then
check scripts/generate_errors.pl ${builtin_drivers_dir}/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
- check scripts/generate_features.pl ${builtin_drivers_dir}/version_features.c
+ check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check tests/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index 2c2d460..a2c32f7 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -85,6 +85,26 @@
rm -rf "$OUT_OF_SOURCE_DIR"
}
+component_test_cmake_tf_psa_crypto_out_of_source () {
+ # Remove existing generated files so that we use the ones cmake
+ # generates
+ make neat
+ msg "build: cmake tf-psa-crypto 'out-of-source' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+ cd tf-psa-crypto
+ TF_PSA_CRYPTO_ROOT_DIR="$PWD"
+ mkdir "$OUT_OF_SOURCE_DIR"
+ cd "$OUT_OF_SOURCE_DIR"
+ # Note: Explicitly generate files as these are turned off in releases
+ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$TF_PSA_CRYPTO_ROOT_DIR"
+ make
+ msg "test: cmake tf-psa-crypto 'out-of-source' build"
+ make test
+ cd "$TF_PSA_CRYPTO_ROOT_DIR"
+ rm -rf "$OUT_OF_SOURCE_DIR"
+ cd "$MBEDTLS_ROOT_DIR"
+}
+
component_test_cmake_as_subdirectory () {
# Remove existing generated files so that we use the ones CMake
# generates
diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh
index 8b51f10..16a306d 100644
--- a/tests/scripts/components-compliance.sh
+++ b/tests/scripts/components-compliance.sh
@@ -15,7 +15,7 @@
CC=gcc make -C library libmbedcrypto.a
msg "unit test: test_psa_compliance.py"
- CC=gcc ./tests/scripts/test_psa_compliance.py
+ CC=gcc ./tests/scripts/test_psa_compliance.py --build-dir="."
}
support_test_psa_compliance () {
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index 2416ba8..5d938ea 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -13,7 +13,7 @@
#include "test/drivers/hash.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
#endif
mbedtls_test_driver_hash_hooks_t
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 080b4db..9c0677a 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -16,7 +16,7 @@
#include "mbedtls/constant_time.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_aead.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h"
#endif
mbedtls_test_driver_aead_hooks_t
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
index 55e09b2..3264400 100644
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -16,7 +16,7 @@
#include "test/drivers/key_management.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#endif
#define PSA_RSA_KEY_PAIR_MAX_SIZE \
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index ace0ed3..136610b 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -19,7 +19,7 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_cipher.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h"
#endif
#include <string.h>
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index 8a8e3a8..b99d7cd 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -21,8 +21,8 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
#endif
mbedtls_test_driver_key_agreement_hooks_t
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index c0869f1..337c254 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -23,9 +23,9 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
#endif
#include <string.h>
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index de43e49..9b671b8 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -13,7 +13,7 @@
#include "test/drivers/mac.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_mac.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h"
#endif
mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index 9631101..bcef6b5 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -14,7 +14,7 @@
#include "string.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_pake.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h"
#endif
mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 02c6298..92ec93b 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -26,9 +26,9 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h"
-#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
+#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#endif
#include <string.h>
diff --git a/tf-psa-crypto/tests/suites/test_suite_constant_time_hmac.data b/tests/suites/test_suite_constant_time_hmac.data
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_constant_time_hmac.data
rename to tests/suites/test_suite_constant_time_hmac.data
diff --git a/tf-psa-crypto/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_constant_time_hmac.function
rename to tests/suites/test_suite_constant_time_hmac.function
diff --git a/tf-psa-crypto/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_version.data
rename to tests/suites/test_suite_version.data
diff --git a/tf-psa-crypto/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
similarity index 100%
rename from tf-psa-crypto/tests/suites/test_suite_version.function
rename to tests/suites/test_suite_version.function
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index 1dc9f9f..63a71fc 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -31,10 +31,44 @@
# is deprecated and will be removed in future versions.
cmake_policy(SET CMP0012 NEW)
+if(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
+
if(LIB_INSTALL_DIR)
set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
endif()
+set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${MBEDTLS_PYTHON_EXECUTABLE})
+set(USE_STATIC_TF_PSA_CRYPTO_LIBRARY ${USE_STATIC_MBEDTLS_LIBRARY})
+set(USE_SHARED_TF_PSA_CRYPTO_LIBRARY ${USE_SHARED_MBEDTLS_LIBRARY})
+set(TF_PSA_CRYPTO_TARGET_PREFIX ${MBEDTLS_TARGET_PREFIX})
+option(INSTALL_TF_PSA_CRYPTO_HEADERS "Install TF-PSA-Crypto headers." ${INSTALL_MBEDTLS_HEADERS})
+
+# Set the project root directory.
+set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+
add_subdirectory(include)
add_subdirectory(core)
add_subdirectory(drivers)
+
+if(ENABLE_TESTING)
+ enable_testing()
+ add_subdirectory(tests)
+endif()
+
+else(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
+
+if(TEST_CPP)
+ project("TF-PSA-Crypto"
+ LANGUAGES C CXX
+ VERSION 0.1.0
+ )
+else()
+ project("TF-PSA-Crypto"
+ LANGUAGES C
+ VERSION 0.1.0
+ )
+endif()
+
+include(TF-PSA-Crypto.cmake)
+
+endif(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
diff --git a/tf-psa-crypto/DartConfiguration.tcl b/tf-psa-crypto/DartConfiguration.tcl
new file mode 100644
index 0000000..af0578a
--- /dev/null
+++ b/tf-psa-crypto/DartConfiguration.tcl
@@ -0,0 +1,4 @@
+Site: localhost
+BuildName: Mbed TLS-test
+CoverageCommand: /usr/bin/gcov
+MemoryCheckCommand: /usr/bin/valgrind
diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake
new file mode 100644
index 0000000..e520ad1
--- /dev/null
+++ b/tf-psa-crypto/TF-PSA-Crypto.cmake
@@ -0,0 +1,376 @@
+include(GNUInstallDirs)
+
+# Determine if TF-PSA-Crypto is being built as a subproject using add_subdirectory()
+if(NOT DEFINED TF_PSA_CRYPTO_AS_SUBPROJECT)
+ set(TF_PSA_CRYPTO_AS_SUBPROJECT ON)
+ if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
+ set(TF_PSA_CRYPTO_AS_SUBPROJECT OFF)
+ endif()
+endif()
+
+# Set the project, Mbed TLS and framework root directory.
+set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
+set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
+
+option(ENABLE_PROGRAMS "Build TF-PSA-Crypto programs." ON)
+
+option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
+option(TF_PSA_CRYPTO_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
+if(CMAKE_HOST_WIN32)
+ # N.B. The comment on the next line is significant! If you change it,
+ # edit the sed command in prepare_release.sh that modifies
+ # CMakeLists.txt.
+ option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development
+else()
+ option(GEN_FILES "Generate the auto-generated files as needed" ON)
+endif()
+
+# Support for package config and install to be added later.
+option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ON)
+
+if (CMAKE_C_SIMULATE_ID)
+ set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
+else()
+ set(COMPILER_ID ${CMAKE_C_COMPILER_ID})
+endif(CMAKE_C_SIMULATE_ID)
+
+string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}")
+string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}")
+string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}")
+string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}")
+
+# the test suites currently have compile errors with MSVC
+if(CMAKE_COMPILER_IS_MSVC)
+ option(ENABLE_TESTING "Build TF-PSA-Crypto tests." OFF)
+else()
+ option(ENABLE_TESTING "Build TF-PSA-Crypto tests." ON)
+endif()
+
+option(USE_STATIC_TF_PSA_CRYPTO_LIBRARY "Build TF-PSA-Crypto static library." ON)
+option(USE_SHARED_TF_PSA_CRYPTO_LIBRARY "Build TF-PSA-Crypto shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
+
+set(mbedcrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}mbedcrypto")
+if (USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ set(mbedcrypto_static_target ${mbedcrypto_target})
+endif()
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ string(APPEND mbedcrypto_static_target "_static")
+endif()
+
+# Warning string - created as a list for compatibility with CMake 2.8
+set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n")
+
+set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
+ "${WARNING_BORDER}")
+
+# Python 3 is only needed here to check for configuration warnings.
+if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
+ set(Python3_FIND_STRATEGY LOCATION)
+ find_package(Python3 COMPONENTS Interpreter)
+ if(Python3_Interpreter_FOUND)
+ set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${Python3_EXECUTABLE})
+ endif()
+else()
+ find_package(PythonInterp 3)
+ if(PYTHONINTERP_FOUND)
+ set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
+ endif()
+endif()
+if(TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
+
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ execute_process(COMMAND ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE} ${MBEDTLS_DIR}/scripts/config.py -f ${MBEDTLS_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ RESULT_VARIABLE result)
+ if(${result} EQUAL 0)
+ message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
+ endif()
+
+endif()
+
+# We now potentially need to link all executables against PThreads, if available
+set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
+set(THREADS_PREFER_PTHREAD_FLAG TRUE)
+find_package(Threads)
+
+# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
+if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
+ set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
+ CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg"
+ FORCE)
+endif()
+
+# Make TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE into PATHs
+set(TF_PSA_CRYPTO_CONFIG_FILE "" CACHE FILEPATH "TF-PSA-Crypto config file (overrides default).")
+set(TF_PSA_CRYPTO_USER_CONFIG_FILE "" CACHE FILEPATH "TF-PSA-Crypto user config file (appended to default).")
+
+# Create a symbolic link from ${base_name} in the binary directory
+# to the corresponding path in the source directory.
+# Note: Copies the file(s) on Windows.
+function(link_to_source base_name)
+ set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
+
+ # Linking to non-existent file is not desirable. At best you will have a
+ # dangling link, but when building in tree, this can create a symbolic link
+ # to itself.
+ if (EXISTS ${target} AND NOT EXISTS ${link})
+ if (CMAKE_HOST_UNIX)
+ execute_process(COMMAND ln -s ${target} ${link}
+ RESULT_VARIABLE result
+ ERROR_VARIABLE output)
+
+ if (NOT ${result} EQUAL 0)
+ message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
+ endif()
+ else()
+ if (IS_DIRECTORY ${target})
+ file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*")
+ foreach(file IN LISTS files)
+ configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
+ endforeach(file)
+ else()
+ configure_file(${target} ${link} COPYONLY)
+ endif()
+ endif()
+ endif()
+endfunction(link_to_source)
+
+# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b")
+function(get_name_without_last_ext dest_var full_name)
+ # Split into a list on '.' (but a cmake list is just a ';'-separated string)
+ string(REPLACE "." ";" ext_parts "${full_name}")
+ # Remove the last item if there are more than one
+ list(LENGTH ext_parts ext_parts_len)
+ if (${ext_parts_len} GREATER "1")
+ math(EXPR ext_parts_last_item "${ext_parts_len} - 1")
+ list(REMOVE_AT ext_parts ${ext_parts_last_item})
+ endif()
+ # Convert back to a string by replacing separators with '.'
+ string(REPLACE ";" "." no_ext_name "${ext_parts}")
+ # Copy into the desired variable
+ set(${dest_var} ${no_ext_name} PARENT_SCOPE)
+endfunction(get_name_without_last_ext)
+
+include(CheckCCompilerFlag)
+
+set(CMAKE_C_EXTENSIONS OFF)
+set(CMAKE_C_STANDARD 99)
+
+if(CMAKE_COMPILER_IS_GNU)
+ # some warnings we want are not available with old GCC versions
+ # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
+ execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
+ OUTPUT_VARIABLE GCC_VERSION)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes")
+ if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
+ endif()
+ if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
+ endif()
+ if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
+ endif()
+ if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
+ endif()
+ if (GCC_VERSION VERSION_GREATER 5.0)
+ CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
+ if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
+ endif()
+ endif()
+ if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation")
+ endif()
+ set(CMAKE_C_FLAGS_RELEASE "-O2")
+ set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
+ set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
+ set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_CHECK "-Os")
+ set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
+endif(CMAKE_COMPILER_IS_GNU)
+
+if(CMAKE_COMPILER_IS_CLANG)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
+ set(CMAKE_C_FLAGS_RELEASE "-O2")
+ set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
+ set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3")
+ set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
+ set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
+ set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_CHECK "-Os")
+endif(CMAKE_COMPILER_IS_CLANG)
+
+if(CMAKE_COMPILER_IS_IAR)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
+ set(CMAKE_C_FLAGS_RELEASE "-Ohz")
+ set(CMAKE_C_FLAGS_DEBUG "--debug -On")
+endif(CMAKE_COMPILER_IS_IAR)
+
+if(CMAKE_COMPILER_IS_MSVC)
+ # Strictest warnings, UTF-8 source and execution charset
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8")
+endif(CMAKE_COMPILER_IS_MSVC)
+
+if(TF_PSA_CRYPTO_FATAL_WARNINGS)
+ if(CMAKE_COMPILER_IS_MSVC)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
+ endif(CMAKE_COMPILER_IS_MSVC)
+
+ if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
+ if(UNSAFE_BUILD)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp")
+ set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp")
+ set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp")
+ endif(UNSAFE_BUILD)
+ endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+
+ if (CMAKE_COMPILER_IS_IAR)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors")
+ endif(CMAKE_COMPILER_IS_IAR)
+endif(TF_PSA_CRYPTO_FATAL_WARNINGS)
+
+if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
+ set(CMAKE_CXX_STANDARD 11)
+ set(CMAKE_CXX_STANDARD_REQUIRED ON)
+ set(CMAKE_CXX_EXTENSIONS OFF)
+ if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pedantic")
+ endif()
+endif()
+
+if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
+ if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
+ set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
+ endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
+endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
+
+if(LIB_INSTALL_DIR)
+ set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
+endif()
+
+if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
+ message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+endif()
+
+add_subdirectory(include)
+add_subdirectory(core)
+add_subdirectory(drivers)
+
+#
+# The C files in tests/src directory contain test code shared among test suites
+# and programs. This shared test code is compiled and linked to test suites and
+# programs objects as a set of compiled objects. The compiled objects are NOT
+# built into a library that the test suite and program objects would link
+# against as they link against the tfpsacrypto library. The reason is that such
+# library is expected to have mutual dependencies with the aforementioned
+# library and that there is as of today no portable way of handling such
+# dependencies (only toolchain specific solutions).
+#
+# Thus the below definition of the `mbedtls_test` CMake library of objects
+# target. This library of objects is used by tests and programs CMake files
+# to define the test executables.
+#
+if(ENABLE_TESTING OR ENABLE_PROGRAMS)
+ file(GLOB MBEDTLS_TEST_FILES
+ ${MBEDTLS_DIR}/tests/src/*.c
+ ${MBEDTLS_DIR}/tests/src/drivers/*.c)
+ add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
+ if(GEN_FILES)
+ add_custom_command(
+ OUTPUT
+ ${MBEDTLS_DIR}/tests/src/test_keys.h
+ WORKING_DIRECTORY
+ ${MBEDTLS_DIR}/tests
+ COMMAND
+ "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
+ "--output"
+ "${MBEDTLS_DIR}/tests/src/test_keys.h"
+ DEPENDS
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
+ )
+ add_custom_target(test_keys_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_keys.h)
+
+ add_custom_command(
+ OUTPUT
+ ${MBEDTLS_DIR}/tests/src/test_certs.h
+ WORKING_DIRECTORY
+ ${MBEDTLS_DIR}/tests
+ COMMAND
+ "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
+ "--output"
+ "${MBEDTLS_DIR}/tests/src/test_certs.h"
+ DEPENDS
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
+ )
+ add_custom_target(test_certs_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
+ add_dependencies(mbedtls_test test_keys_header test_certs_header)
+ endif()
+ target_include_directories(mbedtls_test
+ PRIVATE ${MBEDTLS_DIR}/tests/include
+ PRIVATE ${MBEDTLS_DIR}/include
+ PRIVATE include
+ PRIVATE drivers/builtin/include
+ PRIVATE core
+ PRIVATE drivers/builtin/src)
+ # Request C11, needed for memory poisoning tests
+ set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
+
+ # Pass-through TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE
+ if(TF_PSA_CRYPTO_CONFIG_FILE)
+ target_compile_definitions(mbedtls_test
+ PUBLIC TF_PSA_CRYPTO_CONFIG_FILE="${TF_PSA_CRYPTO_CONFIG_FILE}")
+ endif()
+ if(TF_PSA_CRYPTO_USER_CONFIG_FILE)
+ target_compile_definitions(mbedtls_test
+ PUBLIC TF_PSA_CRYPTO_USER_CONFIG_FILE="${TF_PSA_CRYPTO_USER_CONFIG_FILE}")
+ endif()
+endif()
+
+if(ENABLE_PROGRAMS)
+ add_subdirectory(programs)
+endif()
+
+if(ENABLE_TESTING)
+ enable_testing()
+
+ add_subdirectory(tests)
+
+ # additional convenience targets for Unix only
+ if(UNIX)
+ ADD_CUSTOM_TARGET(memcheck
+ COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
+ COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
+ COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
+ COMMAND rm -f memcheck.log
+ COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
+ )
+ endif(UNIX)
+
+ # Make scripts needed for testing available in an out-of-source build.
+ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(scripts)
+ # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
+ # keep things simple with the sed commands in the memcheck target.
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
+ ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+ endif()
+endif()
diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt
index e69de29..0917cae 100644
--- a/tf-psa-crypto/core/CMakeLists.txt
+++ b/tf-psa-crypto/core/CMakeLists.txt
@@ -0,0 +1,178 @@
+set(src_crypto
+ psa_crypto.c
+ psa_crypto_client.c
+ psa_crypto_driver_wrappers_no_static.c
+ psa_crypto_se.c
+ psa_crypto_slot_management.c
+ psa_crypto_storage.c
+ psa_its_file.c
+)
+
+if(GEN_FILES)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.h
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
+ COMMAND
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_DIR}/scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_BINARY_DIR}
+ DEPENDS
+ ${MBEDTLS_DIR}/scripts/generate_driver_wrappers.py
+ ${MBEDTLS_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+ ${MBEDTLS_DIR}/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
+ )
+else()
+ link_to_source(psa_crypto_driver_wrappers.h)
+ link_to_source(psa_crypto_driver_wrappers_no_static.c)
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCC)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
+endif(CMAKE_COMPILER_IS_GNUCC)
+
+if(CMAKE_COMPILER_IS_CLANG)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+endif(CMAKE_COMPILER_IS_CLANG)
+
+if(CMAKE_COMPILER_IS_MSVC)
+ option(MSVC_STATIC_RUNTIME "Build the libraries with /MT compiler flag" OFF)
+ if(MSVC_STATIC_RUNTIME)
+ foreach(flag_var
+ CMAKE_C_FLAGS CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELEASE
+ CMAKE_C_FLAGS_MINSIZEREL CMAKE_C_FLAGS_RELWITHDEBINFO
+ CMAKE_C_FLAGS_CHECK)
+ string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")
+ endforeach(flag_var)
+ endif()
+endif()
+
+if(CMAKE_C_COMPILER_ID MATCHES "AppleClang")
+ set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+ set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif()
+if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang")
+ set(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+ set(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif()
+
+if(LINK_WITH_PTHREAD)
+ set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT})
+endif()
+
+if(LINK_WITH_TRUSTED_STORAGE)
+ set(libs ${libs} trusted_storage)
+endif()
+
+if (NOT USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND NOT USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ message(FATAL_ERROR "Need to choose static or shared TF-PSA-Crypto build!")
+endif(NOT USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND NOT USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+
+set(mbedcrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}mbedcrypto")
+set(builtin_target "${TF_PSA_CRYPTO_TARGET_PREFIX}builtin")
+
+if (USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ set(mbedcrypto_static_target ${mbedcrypto_target})
+ set(builtin_static_target ${builtin_target})
+endif()
+
+set(target_libraries ${mbedcrypto_target})
+
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ string(APPEND mbedcrypto_static_target "_static")
+ string(APPEND builtin_static_target "_static")
+
+ list(APPEND target_libraries
+ ${mbedcrypto_static_target})
+endif()
+
+set(p256m_target "${TF_PSA_CRYPTO_TARGET_PREFIX}p256m")
+set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest")
+
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+ set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
+
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${builtin_static_target})
+
+ if(TARGET ${everest_target})
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${everest_target})
+ endif()
+
+ if(TARGET ${p256m_target})
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${p256m_target})
+ endif()
+endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+
+if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
+ add_library(${mbedcrypto_target} SHARED ${src_crypto})
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16)
+ target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
+
+ target_link_libraries(${mbedcrypto_target} PUBLIC ${builtin_target})
+
+ if(TARGET ${everest_target})
+ target_link_libraries(${mbedcrypto_target} PUBLIC ${everest_target})
+ endif()
+
+ if(TARGET ${p256m_target})
+ target_link_libraries(${mbedcrypto_target} PUBLIC ${p256m_target})
+ endif()
+endif(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+
+foreach(target IN LISTS target_libraries)
+ add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support
+ # Include public header files include/, drivers/builtin/include/ and
+ # ${MBEDTLS_DIR}/include/ as we still need it. Include private header files
+ # from core/ and drivers/builtin/src/.
+ target_include_directories(${target}
+ PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include/>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/builtin/include/>
+ $<INSTALL_INTERFACE:include/>
+ PRIVATE ${TF_PSA_CRYPTO_DIR}/core
+ ${TF_PSA_CRYPTO_DIR}/drivers/builtin/src
+ # Needed to include psa_crypto_driver_wrappers.h
+ ${CMAKE_CURRENT_BINARY_DIR})
+ # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
+ if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ endif()
+ if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ endif()
+ install(
+ TARGETS ${target}
+ EXPORT MbedTLSTargets
+ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+endforeach(target)
+
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ add_custom_command(
+ TARGET ${mbedcrypto_static_target}
+ POST_BUILD
+ COMMAND ${CMAKE_COMMAND}
+ ARGS -E copy $<TARGET_FILE:${mbedcrypto_static_target}> ${CMAKE_BINARY_DIR}/library)
+endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+
+if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ add_custom_command(
+ TARGET ${mbedcrypto_target}
+ POST_BUILD
+ COMMAND ${CMAKE_COMMAND}
+ ARGS -E copy $<TARGET_FILE:${mbedcrypto_target}>
+ ${CMAKE_BINARY_DIR}/library/$<TARGET_FILE_NAME:${mbedcrypto_target}>)
+ add_custom_command(
+ TARGET ${mbedcrypto_target}
+ POST_BUILD
+ COMMAND ${CMAKE_COMMAND}
+ ARGS -E copy $<TARGET_LINKER_FILE:${mbedcrypto_target}>
+ ${CMAKE_BINARY_DIR}/library/$<TARGET_LINKER_FILE_NAME:${mbedcrypto_target}>)
+endif(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
diff --git a/tf-psa-crypto/drivers/CMakeLists.txt b/tf-psa-crypto/drivers/CMakeLists.txt
index 517b6df..3642e02 100644
--- a/tf-psa-crypto/drivers/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/CMakeLists.txt
@@ -1,3 +1,3 @@
-add_subdirectory(builtin)
add_subdirectory(everest)
add_subdirectory(p256-m)
+add_subdirectory(builtin)
diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
index febd4f0..5cbdbbc 100644
--- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
@@ -1 +1,143 @@
add_subdirectory(src)
+
+file(GLOB src_builtin RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} src/*.c)
+if(NOT "src/error.c" IN_LIST "${src_builtin}")
+ list(APPEND src_builtin src/error.c)
+endif()
+
+if(GEN_FILES)
+ find_package(Perl REQUIRED)
+
+ file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/*.h)
+ file(GLOB tls_error_headers ${MBEDTLS_DIR}/include/mbedtls/*.h)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/src/error.c
+ COMMAND
+ ${PERL_EXECUTABLE}
+ ${MBEDTLS_DIR}/scripts/generate_errors.pl
+ ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls
+ ${MBEDTLS_DIR}/include/mbedtls
+ ${MBEDTLS_DIR}/scripts/data_files
+ ${CMAKE_CURRENT_BINARY_DIR}/src/error.c
+ DEPENDS
+ ${MBEDTLS_DIR}/scripts/generate_errors.pl
+ ${crypto_error_headers}
+ ${tls_error_headers}
+ ${MBEDTLS_DIR}/scripts/data_files/error.fmt
+ )
+else()
+ link_to_source(src/error.c)
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCC)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
+endif(CMAKE_COMPILER_IS_GNUCC)
+
+if(CMAKE_COMPILER_IS_CLANG)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+endif(CMAKE_COMPILER_IS_CLANG)
+
+if(CMAKE_COMPILER_IS_MSVC)
+ option(MSVC_STATIC_RUNTIME "Build the libraries with /MT compiler flag" OFF)
+ if(MSVC_STATIC_RUNTIME)
+ foreach(flag_var
+ CMAKE_C_FLAGS CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELEASE
+ CMAKE_C_FLAGS_MINSIZEREL CMAKE_C_FLAGS_RELWITHDEBINFO
+ CMAKE_C_FLAGS_CHECK)
+ string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")
+ endforeach(flag_var)
+ endif()
+endif()
+
+if(WIN32)
+ set(libs ${libs} ws2_32 bcrypt)
+endif(WIN32)
+
+if(CMAKE_C_COMPILER_ID MATCHES "AppleClang")
+ set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+ set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif()
+if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang")
+ set(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+ set(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif()
+
+if(LINK_WITH_PTHREAD)
+ set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT})
+endif()
+
+set(builtin_target ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin)
+if (USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ set(builtin_static_target ${builtin_target})
+endif()
+set(target_libraries ${builtin_target})
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ string(APPEND builtin_static_target "_static")
+ list(APPEND target_libraries ${builtin_static_target})
+endif()
+
+set(p256m_target "${TF_PSA_CRYPTO_TARGET_PREFIX}p256m")
+set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest")
+
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ add_library(${builtin_static_target} STATIC ${src_builtin})
+ target_link_libraries(${builtin_static_target} PUBLIC ${libs})
+ if(TARGET ${everest_target})
+ target_link_libraries(${builtin_static_target} PUBLIC ${everest_target})
+ endif()
+
+ if(TARGET ${p256m_target})
+ target_link_libraries(${builtin_static_target} PUBLIC ${p256m_target})
+ endif()
+endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+
+if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ add_library(${builtin_target} SHARED ${src_builtin})
+ target_link_libraries(${builtin_target} PUBLIC ${libs})
+ if(TARGET ${everest_target})
+ target_link_libraries(${builtin_target} PUBLIC ${everest_target})
+ endif()
+
+ if(TARGET ${p256m_target})
+ target_link_libraries(${builtin_target} PUBLIC ${p256m_target})
+ endif()
+endif(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+
+foreach (target IN LISTS target_libraries)
+ target_include_directories(${target}
+ PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/src>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
+ PRIVATE ${TF_PSA_CRYPTO_DIR}/core)
+
+ # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
+ # This must be duplicated from library/CMakeLists.txt because
+ # everest is not directly linked against any mbedtls targets
+ # so does not inherit the compile definitions.
+ if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ endif()
+ if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ endif()
+
+ if(INSTALL_TF_PSA_CRYPTO_HEADERS)
+
+ install(DIRECTORY include/mbedtls
+ DESTINATION include
+ FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+ DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ
+ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+ FILES_MATCHING PATTERN "*.h")
+
+ endif(INSTALL_TF_PSA_CRYPTO_HEADERS)
+
+ install(TARGETS ${target}
+ EXPORT MbedTLSTargets
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+endforeach(target)
diff --git a/tf-psa-crypto/drivers/builtin/src/.gitignore b/tf-psa-crypto/drivers/builtin/src/.gitignore
index f3923b1..9e36d25 100644
--- a/tf-psa-crypto/drivers/builtin/src/.gitignore
+++ b/tf-psa-crypto/drivers/builtin/src/.gitignore
@@ -1,4 +1,3 @@
###START_GENERATED_FILES###
/error.c
-/version_features.c
###END_GENERATED_FILES###
diff --git a/tf-psa-crypto/core/psa_crypto_aead.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_aead.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.c
diff --git a/tf-psa-crypto/core/psa_crypto_aead.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_aead.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h
diff --git a/tf-psa-crypto/core/psa_crypto_cipher.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_cipher.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.c
diff --git a/tf-psa-crypto/core/psa_crypto_cipher.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_cipher.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h
diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_ecp.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
diff --git a/tf-psa-crypto/core/psa_crypto_ecp.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_ecp.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h
diff --git a/tf-psa-crypto/core/psa_crypto_ffdh.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_ffdh.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.c
diff --git a/tf-psa-crypto/core/psa_crypto_ffdh.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_ffdh.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h
diff --git a/tf-psa-crypto/core/psa_crypto_hash.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_hash.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.c
diff --git a/tf-psa-crypto/core/psa_crypto_hash.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_hash.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h
diff --git a/tf-psa-crypto/core/psa_crypto_mac.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_mac.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.c
diff --git a/tf-psa-crypto/core/psa_crypto_mac.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_mac.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h
diff --git a/tf-psa-crypto/core/psa_crypto_pake.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_pake.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.c
diff --git a/tf-psa-crypto/core/psa_crypto_pake.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_pake.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h
diff --git a/tf-psa-crypto/core/psa_crypto_rsa.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.c
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_rsa.c
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.c
diff --git a/tf-psa-crypto/core/psa_crypto_rsa.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h
similarity index 100%
rename from tf-psa-crypto/core/psa_crypto_rsa.h
rename to tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h
diff --git a/tf-psa-crypto/core/psa_util.c b/tf-psa-crypto/drivers/builtin/src/psa_util.c
similarity index 100%
rename from tf-psa-crypto/core/psa_util.c
rename to tf-psa-crypto/drivers/builtin/src/psa_util.c
diff --git a/tf-psa-crypto/core/psa_util_internal.h b/tf-psa-crypto/drivers/builtin/src/psa_util_internal.h
similarity index 100%
rename from tf-psa-crypto/core/psa_util_internal.h
rename to tf-psa-crypto/drivers/builtin/src/psa_util_internal.h
diff --git a/tf-psa-crypto/drivers/everest/CMakeLists.txt b/tf-psa-crypto/drivers/everest/CMakeLists.txt
index 4958a79..e704859 100644
--- a/tf-psa-crypto/drivers/everest/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/everest/CMakeLists.txt
@@ -1,4 +1,4 @@
-set(everest_target "${MBEDTLS_TARGET_PREFIX}everest")
+set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest")
add_library(${everest_target}
library/everest.c
@@ -8,13 +8,13 @@
target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE include/everest
include/everest/kremlib
${MBEDTLS_DIR}/library
- ${MBEDTLS_DIR}/tf-psa-crypto/core)
+ ${TF_PSA_CRYPTO_DIR}/core)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
# This must be duplicated from library/CMakeLists.txt because
@@ -29,7 +29,7 @@
PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
endif()
-if(INSTALL_MBEDTLS_HEADERS)
+if(INSTALL_TF_PSA_CRYPTO_HEADERS)
install(DIRECTORY include/everest
DESTINATION include
@@ -37,7 +37,7 @@
DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
FILES_MATCHING PATTERN "*.h")
-endif(INSTALL_MBEDTLS_HEADERS)
+endif(INSTALL_TF_PSA_CRYPTO_HEADERS)
install(TARGETS ${everest_target}
EXPORT MbedTLSTargets
diff --git a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
index f097ed1..bc53a5e 100644
--- a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
@@ -1,4 +1,4 @@
-set(p256m_target ${MBEDTLS_TARGET_PREFIX}p256m)
+set(p256m_target ${TF_PSA_CRYPTO_TARGET_PREFIX}p256m)
add_library(${p256m_target}
p256-m_driver_entrypoints.c
@@ -8,11 +8,11 @@
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
+ $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE ${MBEDTLS_DIR}/library/
- ${MBEDTLS_DIR}/tf-psa-crypto/core)
+ ${TF_PSA_CRYPTO_DIR}/core)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
# This must be duplicated from library/CMakeLists.txt because
@@ -27,7 +27,7 @@
PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
endif()
-if(INSTALL_MBEDTLS_HEADERS)
+if(INSTALL_TF_PSA_CRYPTO_HEADERS)
install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
DESTINATION include
@@ -35,7 +35,7 @@
DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
FILES_MATCHING PATTERN "*.h")
-endif(INSTALL_MBEDTLS_HEADERS)
+endif(INSTALL_TF_PSA_CRYPTO_HEADERS)
install(TARGETS ${p256m_target}
EXPORT MbedTLSTargets
diff --git a/tf-psa-crypto/framework/.gitignore b/tf-psa-crypto/framework/.gitignore
new file mode 100644
index 0000000..182ce94
--- /dev/null
+++ b/tf-psa-crypto/framework/.gitignore
@@ -0,0 +1 @@
+data_files
diff --git a/tf-psa-crypto/programs/CMakeLists.txt b/tf-psa-crypto/programs/CMakeLists.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tf-psa-crypto/programs/CMakeLists.txt
diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt
index 6224e5f..862d862 100644
--- a/tf-psa-crypto/tests/CMakeLists.txt
+++ b/tf-psa-crypto/tests/CMakeLists.txt
@@ -1,5 +1,5 @@
set(libs
- ${mbedtls_target}
+ ${mbedcrypto_target}
${CMAKE_THREAD_LIBS_INIT}
)
@@ -10,7 +10,7 @@
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
-if(NOT MBEDTLS_PYTHON_EXECUTABLE)
+if(NOT TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
message(FATAL_ERROR "Cannot build test suites without Python 3")
endif()
@@ -20,8 +20,8 @@
# Get base names for generated files
execute_process(
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_bignum_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -32,8 +32,8 @@
execute_process(
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_config_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -51,8 +51,8 @@
execute_process(
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_ecp_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -63,8 +63,8 @@
execute_process(
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_psa_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -104,17 +104,17 @@
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_bignum_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_bignum_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/bignum_common.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/bignum_core.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/bignum_mod_raw.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/bignum_mod.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/test_case.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/test_data_generation.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_bignum_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_core.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod_raw.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_mod.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
)
add_custom_command(
OUTPUT
@@ -122,12 +122,12 @@
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_config_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
${config_generated_data_files}
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_config_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
# Do not declare the configuration files as dependencies: they
# change too often in ways that don't affect the result
# ((un)commenting some options).
@@ -138,15 +138,15 @@
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_ecp_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_ecp_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/bignum_common.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/ecp.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/test_case.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/test_data_generation.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_ecp_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/bignum_common.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/ecp.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
)
add_custom_command(
OUTPUT
@@ -154,18 +154,18 @@
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_psa_tests.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_psa_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/crypto_data_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/crypto_knowledge.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/macro_collector.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/psa_information.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/psa_storage.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/test_case.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/mbedtls_framework/test_data_generation.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_psa_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_data_tests.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/crypto_knowledge.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/macro_collector.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_information.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/psa_storage.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_case.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/test_data_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
@@ -278,8 +278,8 @@
# input argument.
test_suite_${data_name}.c
COMMAND
- ${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_test_code.py
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
-f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
-d ${data_file}
-t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
@@ -288,20 +288,19 @@
--helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
-o .
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/scripts/generate_test_code.py
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
${data_file}
${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
- ${mbedtls_target}
+ ${mbedcrypto_target}
BYPRODUCTS
test_suite_${data_name}.datax
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c
- $<TARGET_OBJECTS:mbedtls_test>
- $<TARGET_OBJECTS:mbedtls_test_helpers>)
+ $<TARGET_OBJECTS:mbedtls_test>)
add_dependencies(test_suite_${data_name} ${dependency})
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header