Mbed-TLS/mbedtls-framework
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls-framework.git synced 2026-06-05 21:15:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #236 from gilles-peskine-arm/build_info-cleanup-1.0-framework

Browse Source 
Clean up after 1.0: generate_config_checks.py, tf-psa-crypto/build_info.h
This commit is contained in:
Ronald Cron
2025-11-20 17:28:44 +01:00
committed by GitHub
parent 6c9076eef1 d6f03a4329
commit 1726775ccc
6 changed files with 78 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files
history/config-adjust-tfpsacrypto-1.0.txt
-26
View File
@@ -32,9 +32,7 @@ MBEDTLS_CIPHER_PADDING_PKCS7
MBEDTLS_CMAC_C
MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
MBEDTLS_DES_C
MBEDTLS_ECDH_C
MBEDTLS_ECDSA_C
MBEDTLS_ECDSA_DETERMINISTIC
@@ -127,7 +125,6 @@ MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -211,7 +208,6 @@ MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA
MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA
MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -235,7 +231,6 @@ MBEDTLS_PSA_CRYPTO_RNG_STRENGTH
MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS
MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS
MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES
MBEDTLS_PSA_DRIVER_GET_ENTROPY
MBEDTLS_PSA_DRIVER_GET_ENTROPY_DEFINED
MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
@@ -247,8 +242,6 @@ MBEDTLS_RSA_C
MBEDTLS_SHA1_C
MBEDTLS_SHA224_C
MBEDTLS_SHA256_C
MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
MBEDTLS_SHA384_C
MBEDTLS_SHA512_C
MBEDTLS_SSL_HAVE_AEAD
@@ -266,7 +259,6 @@ PSA_HAVE_SOFT_BLOCK_MODE
PSA_HAVE_SOFT_KEY_TYPE_AES
PSA_HAVE_SOFT_KEY_TYPE_ARIA
PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA
PSA_HAVE_SOFT_KEY_TYPE_DES
PSA_HAVE_SOFT_PBKDF2
PSA_HAVE_SOFT_PBKDF2_CMAC
PSA_HAVE_SOFT_PBKDF2_HMAC
@@ -275,29 +267,11 @@ PSA_WANT_ALG_ECB_NO_PADDING
PSA_WANT_ALG_ECDSA
PSA_WANT_ALG_ECDSA_ANY
PSA_WANT_ALG_HMAC
PSA_WANT_ALG_MD5
PSA_WANT_ALG_RIPEMD160
PSA_WANT_ALG_RSA_PKCS1V15_SIGN
PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
PSA_WANT_ALG_RSA_PSS
PSA_WANT_ALG_RSA_PSS_ANY_SALT
PSA_WANT_ALG_SHA_1
PSA_WANT_ALG_SHA_224
PSA_WANT_ALG_SHA_256
PSA_WANT_ALG_SHA_384
PSA_WANT_ALG_SHA_512
PSA_WANT_ALG_SOME_PAKE
PSA_WANT_ECC_BRAINPOOL_P_R1_256
PSA_WANT_ECC_BRAINPOOL_P_R1_384
PSA_WANT_ECC_BRAINPOOL_P_R1_512
PSA_WANT_ECC_MONTGOMERY_255
PSA_WANT_ECC_MONTGOMERY_448
PSA_WANT_ECC_SECP_K1_192
PSA_WANT_ECC_SECP_K1_256
PSA_WANT_ECC_SECP_R1_192
PSA_WANT_ECC_SECP_R1_256
PSA_WANT_ECC_SECP_R1_384
PSA_WANT_ECC_SECP_R1_521
PSA_WANT_KEY_TYPE_AES
PSA_WANT_KEY_TYPE_DERIVE
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
history/config-options-mbedtls-4.0.txt
+1
View File
@@ -40,6 +40,7 @@ MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
MBEDTLS_SSL_NULL_CIPHERSUITES
MBEDTLS_SSL_OUT_CONTENT_LEN
MBEDTLS_SSL_PROTO_DTLS
MBEDTLS_SSL_PROTO_TLS1_2
history/config-options-tfpsacrypto-1.0.txt
+2 -23
View File
@@ -7,31 +7,14 @@ MBEDTLS_AES_USE_HARDWARE_ONLY
MBEDTLS_ASN1_PARSE_C
MBEDTLS_ASN1_WRITE_C
MBEDTLS_BASE64_C
MBEDTLS_BIGNUM_C
MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
MBEDTLS_CAMELLIA_SMALL_MEMORY
MBEDTLS_CHECK_RETURN
MBEDTLS_CHECK_RETURN_WARNING
MBEDTLS_CIPHER_NULL_CIPHER
MBEDTLS_CTR_DRBG_C
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_DEPRECATED_WARNING
MBEDTLS_ECDH_C
MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
MBEDTLS_ECDSA_C
MBEDTLS_ECJPAKE_C
MBEDTLS_ECP_C
MBEDTLS_ECP_DP_BP256R1_ENABLED
MBEDTLS_ECP_DP_BP384R1_ENABLED
MBEDTLS_ECP_DP_BP512R1_ENABLED
MBEDTLS_ECP_DP_CURVE25519_ENABLED
MBEDTLS_ECP_DP_CURVE448_ENABLED
MBEDTLS_ECP_DP_SECP192K1_ENABLED
MBEDTLS_ECP_DP_SECP192R1_ENABLED
MBEDTLS_ECP_DP_SECP256K1_ENABLED
MBEDTLS_ECP_DP_SECP256R1_ENABLED
MBEDTLS_ECP_DP_SECP384R1_ENABLED
MBEDTLS_ECP_DP_SECP521R1_ENABLED
MBEDTLS_ECP_FIXED_POINT_OPTIM
MBEDTLS_ECP_NIST_OPTIM
MBEDTLS_ECP_RESTARTABLE
@@ -74,7 +57,6 @@ MBEDTLS_PLATFORM_EXIT_MACRO
MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_FPRINTF_MACRO
MBEDTLS_PLATFORM_FREE_MACRO
MBEDTLS_PLATFORM_GET_ENTROPY_ALT
MBEDTLS_PLATFORM_GMTIME_R_ALT
MBEDTLS_PLATFORM_MEMORY
MBEDTLS_PLATFORM_MS_TIME_ALT
@@ -136,8 +118,6 @@ MBEDTLS_RSA_GEN_KEY_MIN_BITS
MBEDTLS_RSA_NO_CRT
MBEDTLS_SELF_TEST
MBEDTLS_SHA256_SMALLER
MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
MBEDTLS_SHA512_SMALLER
@@ -212,14 +192,12 @@ PSA_WANT_KEY_TYPE_ARIA
PSA_WANT_KEY_TYPE_CAMELLIA
PSA_WANT_KEY_TYPE_CHACHA20
PSA_WANT_KEY_TYPE_DERIVE
PSA_WANT_KEY_TYPE_DES
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
@@ -230,13 +208,14 @@ PSA_WANT_KEY_TYPE_HMAC
PSA_WANT_KEY_TYPE_PASSWORD
PSA_WANT_KEY_TYPE_PASSWORD_HASH
PSA_WANT_KEY_TYPE_RAW_DATA
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS
TF_PSA_CRYPTO_CONFIG_FILE
TF_PSA_CRYPTO_CONFIG_VERSION
TF_PSA_CRYPTO_USER_CONFIG_FILE
TF_PSA_CRYPTO_VERSION
scripts/check_names.py
+64 -77
View File
@@ -99,7 +99,8 @@ class Problem(abc.ABC): # pylint: disable=too-few-public-methods
# Class variable to control the quietness of all problems
quiet = False
def __init__(self):
self.textwrapper = textwrap.TextWrapper()
self.textwrapper = textwrap.TextWrapper(break_on_hyphens=False,
break_long_words=False)
self.textwrapper.width = 80
self.textwrapper.initial_indent = " > "
self.textwrapper.subsequent_indent = " "
@@ -288,7 +289,16 @@ class CodeParser():
Args:
* include_wildcards: a List of shell-style wildcards to match filepaths.
- "*" does not match a directory separator, e.g. "*/a.h"
matches "somedir/a.h" but not "somedir/subdir/a.h".
- "**" matches zero or more directory levels, e.g. "**/a.h"
matches "a.h", "somedir/a.h", "somedir/subdir/a.h", etc.
- The matching is case-insensitive.
* exclude_wildcards: a List of shell-style wildcards to exclude.
- "*" matches every character including separators, e.g. "*/a.h"
matches "somedir/a.h" and "somedir/subdir/a.h" but not "a.h".
- "**" is equivalent to "*".
- The matching is case-sensitive.
Returns:
* inc_files: A List of relative filepaths for included files.
@@ -297,7 +307,7 @@ class CodeParser():
accumulator = set()
all_wildcards = include_wildcards + (exclude_wildcards or [])
for wildcard in all_wildcards:
accumulator = accumulator.union(glob.iglob(wildcard))
accumulator = accumulator.union(glob.iglob(wildcard, recursive=True))
inc_files = []
exc_files = []
@@ -306,7 +316,7 @@ class CodeParser():
exc_files.append(path)
else:
inc_files.append(path)
return (inc_files, exc_files)
return (sorted(inc_files), sorted(exc_files))
def get_included_files(self, include_wildcards, exclude_wildcards):
"""
@@ -324,10 +334,11 @@ class CodeParser():
accumulator = set()
for include_wildcard in include_wildcards:
accumulator = accumulator.union(glob.iglob(include_wildcard))
accumulator = accumulator.union(glob.iglob(include_wildcard,
recursive=True))
return list(path for path in accumulator
if not self.is_file_excluded(path, exclude_wildcards))
return sorted(path for path in accumulator
if not self.is_file_excluded(path, exclude_wildcards))
def parse_macros(self, include, exclude=None):
"""
@@ -349,6 +360,7 @@ class CodeParser():
macros = []
for header_file in files:
self.log.debug("Parsing macros in " + header_file)
with open(header_file, "r", encoding="utf-8") as header:
for line_no, line in enumerate(header):
for macro in macro_regex.finditer(line):
@@ -387,6 +399,7 @@ class CodeParser():
mbed_psa_words = []
for filename in files:
self.log.debug("Parsing words in " + filename)
with open(filename, "r", encoding="utf-8") as fp:
for line_no, line in enumerate(fp):
if exclusions.search(line):
@@ -423,6 +436,7 @@ class CodeParser():
enum_consts = []
for header_file in files:
state = states.OUTSIDE_KEYWORD
self.log.debug("Parsing enums in " + header_file)
with open(header_file, "r", encoding="utf-8") as header:
for line_no, line in enumerate(header):
# Match typedefs and brackets only when they are at the
@@ -539,6 +553,7 @@ class CodeParser():
Append found matches to the list ``identifiers``.
"""
self.log.debug("Parsing identifier declarations in " + header_file)
with open(header_file, "r", encoding="utf-8") as header:
in_block_comment = False
# The previous line variable is used for concatenating lines
@@ -614,11 +629,13 @@ class CodeParser():
self.log.debug("Looking for included identifiers in {} files".format \
(len(included_files)))
included_identifiers = []
excluded_identifiers = []
for header_file in included_files:
self.parse_identifiers_in_file(header_file, included_identifiers)
self.log.debug("Looking for excluded identifiers in {} files".format \
(len(excluded_files)))
excluded_identifiers = []
for header_file in excluded_files:
self.parse_identifiers_in_file(header_file, excluded_identifiers)
@@ -690,6 +707,31 @@ class TFPSACryptoCodeParser(CodeParser):
if not build_tree.looks_like_tf_psa_crypto_root(os.getcwd()):
raise Exception("This script must be run from TF-PSA-Crypto root.")
H_PUBLIC = [
"include/**/*.h",
"drivers/*/include/**/*.h",
]
H_PUBLIC_EXCLUDE = [
'drivers/everest/include/tf-psa-crypto/private/everest/[HhKk]*.h',
'drivers/everest/include/tf-psa-crypto/private/everest/k*/*.h',
'drivers/everest/include/tf-psa-crypto/private/everest/vs*/*.h',
]
H_INTERNAL = [
"core/*.h",
"drivers/*/src/*.h",
]
H_TEST_DRIVERS = [
"framework/tests/include/test/drivers/*.h",
]
C_INTERNAL = [
"core/*.c",
"drivers/*/library/*.c",
"drivers/*/src/*.c",
]
def comprehensive_parse(self):
"""
Comprehensive ("default") function to call each parsing function and
@@ -698,75 +740,20 @@ class TFPSACryptoCodeParser(CodeParser):
Returns a dict of parsed item key to the corresponding List of Matches.
"""
all_macros = {"public": [], "internal": [], "private":[]}
all_macros["public"] = self.parse_macros([
"include/psa/*.h",
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"drivers/everest/include/everest/everest.h",
"drivers/everest/include/everest/x25519.h",
"drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
"drivers/everest/include/tf-psa-crypto/private/everest/x25519.h"
])
all_macros["internal"] = self.parse_macros([
"core/*.h",
"drivers/builtin/src/*.h",
"framework/tests/include/test/drivers/*.h",
])
all_macros["private"] = self.parse_macros([
"core/*.c",
"drivers/builtin/src/*.c",
])
enum_consts = self.parse_enum_consts([
"include/psa/*.h",
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"core/*.h",
"drivers/builtin/src/*.h",
"core/*.c",
"drivers/builtin/src/*.c",
"drivers/everest/include/everest/everest.h",
"drivers/everest/include/everest/x25519.h",
"drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
"drivers/everest/include/tf-psa-crypto/private/everest/x25519.h"
])
identifiers, excluded_identifiers = self.parse_identifiers([
"include/psa/*.h",
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"core/*.h",
"drivers/builtin/src/*.h",
"drivers/everest/include/everest/everest.h",
"drivers/everest/include/everest/x25519.h",
"drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
"drivers/everest/include/tf-psa-crypto/private/everest/x25519.h"
], ["drivers/p256-m/p256-m/p256-m.h"])
mbed_psa_words = self.parse_mbed_psa_words([
"include/psa/*.h",
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"core/*.h",
"drivers/builtin/src/*.h",
"drivers/everest/include/everest/everest.h",
"drivers/everest/include/everest/x25519.h",
"drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
"drivers/everest/include/tf-psa-crypto/private/everest/x25519.h",
"core/*.c",
"drivers/builtin/src/*.c",
"drivers/everest/library/everest.c",
"drivers/everest/library/x25519.c"
], ["core/psa_crypto_driver_wrappers.h"])
all_macros["public"] = self.parse_macros(self.H_PUBLIC,
self.H_PUBLIC_EXCLUDE)
all_macros["internal"] = self.parse_macros(self.H_INTERNAL +
self.H_TEST_DRIVERS)
all_macros["private"] = self.parse_macros(self.C_INTERNAL)
enum_consts = self.parse_enum_consts(
self.H_PUBLIC + self.H_INTERNAL + self.C_INTERNAL,
self.H_PUBLIC_EXCLUDE)
identifiers, excluded_identifiers = self.parse_identifiers(
self.H_PUBLIC + self.H_INTERNAL,
self.H_PUBLIC_EXCLUDE + ["drivers/p256-m/p256-m/p256-m.h"])
mbed_psa_words = self.parse_mbed_psa_words(
self.H_PUBLIC + self.H_INTERNAL + self.C_INTERNAL,
self.H_PUBLIC_EXCLUDE + ["core/psa_crypto_driver_wrappers.h"])
symbols = self.parse_symbols()
return self._parse(all_macros, enum_consts, identifiers,
scripts/make_generated_files.py
+3 -9
View File
@@ -10,7 +10,6 @@ Generate the TF-PSA-Crypto generated files
"""
import argparse
import filecmp
import os
import shutil
import subprocess
import sys
@@ -75,17 +74,12 @@ def get_generation_script_files(generation_script: str):
return files
COMMON_GENERATION_SCRIPTS = [
]
# Once the script has been added to both Mbed TLS and TF-PSA-Crypto,
# we can include this unconditionally.
# https://github.com/Mbed-TLS/mbedtls/issues/10305
if os.path.exists("scripts/generate_config_checks.py"):
COMMON_GENERATION_SCRIPTS.append(GenerationScript(
GenerationScript(
Path("scripts/generate_config_checks.py"),
get_generation_script_files("scripts/generate_config_checks.py"),
output_dir_option="",
optional=True))
optional=True)
]
if build_tree.looks_like_tf_psa_crypto_root("."):
TF_PSA_CRYPTO_GENERATION_SCRIPTS = [
scripts/mbedtls_framework/psa_test_case.py
+8 -3
View File
@@ -47,10 +47,15 @@ def find_dependencies_not_implemented(dependencies: List[str]) -> List[str]:
acc = set() #type: Set[str]
for filename in [
os.path.join(include_dir, 'psa/crypto_config.h'),
os.path.join(include_dir, 'psa/crypto_adjust_config_synonyms.h'),
'psa/crypto_config.h',
'psa/crypto_adjust_config_synonyms.h',
'tf-psa-crypto/private/crypto_adjust_config_synonyms.h',
]:
read_implemented_dependencies(acc, filename)
path = os.path.join(build_tree.guess_project_root(),
include_dir,
filename)
if os.path.exists(path):
read_implemented_dependencies(acc, path)
_implemented_dependencies = frozenset(acc)
return [dep
for dep in dependencies