lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-28 23:14:56 +03:00
Code Activity

Merge pull request #9769 from mpg/move-all-core-dev

Browse Source 
Move all-core and all-helpers to the framework
This commit is contained in:
Manuel Pégourié-Gonnard
2024-11-14 09:51:24 +00:00
committed by GitHub
parent 241b9012a0 845cc54d69
commit 824a8dcde3
5 changed files with 10 additions and 1364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework

Submodule framework updated: 5560984550...3867faaaaa

1031
tests/scripts/all-core.sh
View File

File diff suppressed because it is too large Load Diff

327
tests/scripts/all-helpers.sh
View File

@@ -1,327 +0,0 @@
# all-helpers.sh
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# This file contains helpers for test components that are executed by all.sh.
# See "Files structure" in all-core.sh for other files used by all.sh.
#
# This file is the right place for helpers:
# - that are used by more than one component living in more than one file;
# - or (inclusive) that we want to share accross repos or branches.
#
# Helpers that are used in a single component file that is
# repo&branch-specific can be defined in the file where they are used.
################################################################
#### Helpers for components using libtestdriver1
################################################################
# How to use libtestdriver1
# -------------------------
#
# 1. Define the list algorithms and key types to accelerate,
# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
# Examples:
# - loc_accel_list="ALG_JPAKE"
# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
# 2. Make configurations changes for the driver and/or main libraries.
# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
# can be either "default" to start with the default config, or a name
# supported by scripts/config.py (for example, "full"). This selects
# the base to use, and makes common adjustments.
# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
# These changes affect both the driver and the main libraries.
# (Note: they need to have the same set of PSA_WANT symbols, as that
# determines the ABI between them.)
# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
# main libraries. Typically, you want to disable the module(s) that are
# being accelerated. You may need to also disable modules that depend
# on them or options that are not supported with drivers.
# 2d. On top of psa/crypto_config.h, the driver library uses its own config
# file: tests/include/test/drivers/config_test_driver.h. You usually
# don't need to edit it: using loc_extra_list (see below) is preferred.
# However, when there's no PSA symbol for what you want to enable,
# calling scripts/config.py on this file remains the only option.
# 3. Build the driver library, then the main libraries, test, and programs.
# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
# need to enable more algorithms here, typically hash algorithms when
# accelerating some signature algorithms (ECDSA, RSAv2). This is done
# by passing a 2nd argument listing the extra algorithms.
# Example:
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
# additional arguments will be passed to make: this can be useful if
# you don't want to build everything when iterating during development.
# Example:
# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
# 4. Run the tests you want.
# Adjust the configuration - for both libtestdriver1 and main library,
# as they should have the same PSA_WANT macros.
helper_libtestdriver1_adjust_config() {
base_config=$1
# Select the base configuration
if [ "$base_config" != "default" ]; then
scripts/config.py "$base_config"
fi
# Enable PSA-based config (necessary to use drivers)
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
# If threading is enabled on the normal build, then we need to enable it in the drivers as well,
# otherwise we will end up running multithreaded tests without mutexes to protect them.
if scripts/config.py get MBEDTLS_THREADING_C; then
scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
fi
if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
fi
}
# Build the drivers library libtestdriver1.a (with ASan).
#
# Parameters:
# 1. a space-separated list of things to accelerate;
# 2. optional: a space-separate list of things to also support.
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
helper_libtestdriver1_make_drivers() {
loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
}
# Build the main libraries, programs and tests,
# linking to the drivers library (with ASan).
#
# Parameters:
# 1. a space-separated list of things to accelerate;
# *. remaining arguments if any are passed directly to make
# (examples: lib, -C tests test_suite_xxx, etc.)
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
helper_libtestdriver1_make_main() {
loc_accel_list=$1
shift
# we need flags both with and without the LIBTESTDRIVER1_ prefix
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
}
################################################################
#### Helpers for components using psasim
################################################################
# Set some default values $CONFIG_H in order to build server or client sides
# in PSASIM. There is only 1 mandatory parameter:
# - $1: target which can be "client" or "server"
helper_psasim_config() {
TARGET=$1
if [ "$TARGET" == "client" ]; then
scripts/config.py full
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
# Dynamic secure element support is a deprecated feature and it is not
# available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
# Disable potentially problematic features
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
else
scripts/config.py crypto_full
scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
# We need to match the client with MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
# Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
fi
}
# This is a helper function to be used in psasim builds. It is meant to clean
# up the library's workspace after the server build and before the client
# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
# already copied to psasim folder at this point.
helper_psasim_cleanup_before_client() {
# Clean up library files
make -C library clean
# Restore files that were backup before building library files. This
# includes $CONFIG_H and $CRYPTO_CONFIG_H.
restore_backed_up_files
}
# Helper to build the libraries for client/server in PSASIM. If the server is
# being built, then it builds also the final executable.
# There is only 1 mandatory parameter:
# - $1: target which can be "client" or "server"
helper_psasim_build() {
TARGET=$1
shift
TARGET_LIB=${TARGET}_libs
make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
# Build also the server application after its libraries have been built.
if [ "$TARGET" == "server" ]; then
make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
fi
}
################################################################
#### Configuration helpers
################################################################
# When called with no parameter this function disables all builtin curves.
# The function optionally accepts 1 parameter: a space-separated list of the
# curves that should be kept enabled.
helper_disable_builtin_curves() {
allowed_list="${1:-}"
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
for curve in $allowed_list; do
scripts/config.py set $curve
done
}
# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
# in the following helpers.
helper_get_psa_curve_list () {
loc_list=""
for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
loc_list="$loc_list $item"
done
echo "$loc_list"
}
# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
# in the following helpers.
helper_get_psa_dh_group_list () {
loc_list=""
for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
loc_list="$loc_list $item"
done
echo "$loc_list"
}
# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
# is useful to easily get a list of key type symbols to accelerate.
# The function accepts a single argument which is the key type: ECC, DH, RSA.
helper_get_psa_key_type_list() {
key_type="$1"
loc_list=""
for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
# Skip DERIVE for elliptic keys since there is no driver dispatch for
# it so it cannot be accelerated.
if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
loc_list="$loc_list $item"
fi
done
echo "$loc_list"
}
################################################################
#### Misc. helpers for components
################################################################
helper_armc6_build_test()
{
FLAGS="$1"
msg "build: ARM Compiler 6 ($FLAGS)"
make clean
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
WARNING_CFLAGS='-Werror -xc -std=c99' make lib
msg "size: ARM Compiler 6 ($FLAGS)"
"$ARMC6_FROMELF" -z library/*.o
if [ -n "${PSA_CORE_PATH}" ]; then
"$ARMC6_FROMELF" -z ${PSA_CORE_PATH}/*.o
fi
if [ -n "${BUILTIN_SRC_PATH}" ]; then
"$ARMC6_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
fi
}
clang_version() {
if command -v clang > /dev/null ; then
clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
else
echo 0 # report version 0 for "no clang"
fi
}
gcc_version() {
gcc="$1"
if command -v "$gcc" > /dev/null ; then
"$gcc" --version | sed -En '1s/^[^ ]* \([^)]*\) ([0-9]+).*/\1/p'
else
echo 0 # report version 0 for "no gcc"
fi
}
can_run_cc_output() {
cc="$1"
result=false
if type "$cc" >/dev/null 2>&1; then
testbin=$(mktemp)
if echo 'int main(void){return 0;}' | "$cc" -o "$testbin" -x c -; then
if "$testbin" 2>/dev/null; then
result=true
fi
fi
rm -f "$testbin"
fi
$result
}
can_run_arm_linux_gnueabi=
can_run_arm_linux_gnueabi () {
if [ -z "$can_run_arm_linux_gnueabi" ]; then
if can_run_cc_output "${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc"; then
can_run_arm_linux_gnueabi=true
else
can_run_arm_linux_gnueabi=false
fi
fi
$can_run_arm_linux_gnueabi
}
can_run_arm_linux_gnueabihf=
can_run_arm_linux_gnueabihf () {
if [ -z "$can_run_arm_linux_gnueabihf" ]; then
if can_run_cc_output "${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc"; then
can_run_arm_linux_gnueabihf=true
else
can_run_arm_linux_gnueabihf=false
fi
fi
$can_run_arm_linux_gnueabihf
}
can_run_aarch64_linux_gnu=
can_run_aarch64_linux_gnu () {
if [ -z "$can_run_aarch64_linux_gnu" ]; then
if can_run_cc_output "${AARCH64_LINUX_GNU_GCC_PREFIX}gcc"; then
can_run_aarch64_linux_gnu=true
else
can_run_aarch64_linux_gnu=false
fi
fi
$can_run_aarch64_linux_gnu
}

3
tests/scripts/mbedtls-all.sh
View File

@@ -10,7 +10,6 @@
# This script must be invoked from the project's root.
# The path is going to change when this is moved to the framework
source tests/scripts/all-core.sh
source framework/scripts/all-core.sh
main "$@"

11
tf-psa-crypto/tests/scripts/all.sh
View File

@@ -11,13 +11,18 @@
# This script must be invoked from the project's root.
# Prevent silly mistakes when people would invoke this from mbedtls
if [ -d tf-psa-crypto -a -d library ]; then
if [ -d tf-psa-crypto -a -d include/mbedtls ]; then
echo "When invoking this script from an mbedtls checkout," >&2
echo "you must change the working directory to tf-psa-crypto." >&2
exit 255
fi
# The path is going to change when this is moved to the framework
source ../tests/scripts/all-core.sh
if [ -d ../include/mbedtls -a -d ../framework ]; then
# Running inside an mbedtls checkout: get the framework from mbedtls.
source ../framework/scripts/all-core.sh
else
# Running standalone: use our own framework.
source framework/scripts/all-core.sh
fi
main "$@"