Merge pull request #276 from gilles-peskine-arm/psasim-generate-wrappers-dynamically

psasim: generate wrappers dynamically

psasim/.gitignore

@@ -1,12 +1,20 @@
-bin/*
-*.o
+# Intermediate generated files
+/include/psa_manifest/manifest.h
+/include/psa_manifest/pid.h
+/include/psa_manifest/sid.h
+/src/psa_functions_codes.h
+/src/psa_sim_crypto_client.c
+/src/psa_sim_crypto_server.c
+/src/psa_sim_serialise.c
+/src/psa_sim_serialise.h
+
+# Build products
+/test/psa_manifest/*
+/test/client
+/test/partition
 *.so
-test/psa_ff_bootstrap.c
-test/psa_manifest/*
-test/client
-test/partition
-cscope.out
-*.orig
+*psa_ff_bootstrap_*
+
+# Local files from editors and indexing tools
 *.swp
 *.DS_Store
-*psa_ff_bootstrap_*

psasim/Makefile

@@ -20,9 +20,22 @@ SERVER_LIBS := -Lserver_libs -lmbedcrypto
 COMMON_INCLUDE := -I./include -I$(MBEDTLS_PATH)/include \
 	$(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE)
 
-GENERATED_H_FILES =	include/psa_manifest/manifest.h \
-					include/psa_manifest/pid.h \
-					include/psa_manifest/sid.h
+GENERATED_MANIFEST_H_FILES = \
+	include/psa_manifest/manifest.h \
+	include/psa_manifest/pid.h \
+	include/psa_manifest/sid.h
+
+GENERATED_WRAPPER_H_FILES = \
+	src/psa_sim_serialise.h \
+	src/psa_functions_codes.h
+
+GENERATED_H_FILES = $(GENERATED_MANIFEST_H_FILES) $(GENERATED_WRAPPER_H_FILES)
+
+GENERATED_C_FILES = \
+	src/psa_sim_serialise.c \
+	src/psa_sim_crypto_client.c src/psa_sim_crypto_server.c
+
+PSASIM_GENERATED_FILES = $(GENERATED_H_FILES) $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_C_FILES)
 
 LIBPSACLIENT_SRC = src/psa_ff_client.c \
 		 		src/psa_sim_crypto_client.c \
@@ -45,6 +58,8 @@ PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \
 
 all:
 
+generated_files: $(PSASIM_GENERATED_FILES)
+
 test/seedfile:
 	dd if=/dev/urandom of=./test/seedfile bs=64 count=1
 
@@ -64,9 +79,20 @@ test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile
 test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES)
 	$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@
 
-$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c
+$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_MANIFEST_H_FILES): src/manifest.json src/server.c
 	tools/psa_autogen.py src/manifest.json
 
+src/psa_sim_serialise.h: src/psa_sim_serialise.pl
+	cd src && ./psa_sim_serialise.pl h >$(@F)
+
+src/psa_sim_serialise.c: src/psa_sim_serialise.pl
+	cd src && ./psa_sim_serialise.pl c >$(@F)
+
+src/psa_functions_codes.h src/psa_sim_crypto_client.c src/psa_sim_crypto_server.c: $(TF_PSA_CRYPTO_PATH)/include/psa/crypto.h
+src/psa_functions_codes.h src/psa_sim_crypto_client.c src/psa_sim_crypto_server.c: $(TF_PSA_CRYPTO_PATH)/include/psa/crypto_extra.h
+src/psa_functions_codes.h src/psa_sim_crypto_client.c src/psa_sim_crypto_server.c: src/psa_sim_generate.pl
+	cd $(TF_PSA_CRYPTO_PATH) && $(abspath src/psa_sim_generate.pl)
+
 # Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to
 # build client/server applications.
 #
@@ -87,3 +113,6 @@ clean: clean_server_intermediate_files
 	rm -rf client_libs server_libs
 	rm -f test/psa_service_* test/psa_notify_* test/*.log
 	rm -f test/seedfile
+
+neat: clean
+	rm -f $(PSASIM_GENERATED_FILES)

psasim/README.md

@@ -4,6 +4,7 @@ PSASIM holds necessary C source and header files which allows to test Mbed TLS i
 In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations.
 
 The goal of PSASIM is _not_ to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see [Limitations](#limitations) for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS.
+
 ## Limitations
 
 In the current implementation:
@@ -13,30 +14,33 @@ In the current implementation:
 - Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest.
 - Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped.
 
-## Testing
+## Building
 
-Please refer to `tests/scripts/components-psasim.sh` for guidance on how to build & test PSASIM:
+### Build tooling
+
+Building PSASIM requires the following tools:
+
+* GNU make.
+* A C compiler.
+* Perl.
+* The JSON package for Perl (`cpain -i JSON` or `apt install libjson-perl`).
+
+### Build instructions
+
+The build instructions are in `framework/psasim/Makefile`, with the assistance of `scripts/crypto-common.make` in TF-PSA-Crypto. The main targets are:
+
+* `client_libs`: builds object files to be linked with a client. The client code is expected to include TF-PSA-Crypto with `MBEDTLS_PSA_CRYPTO_CLIENT` enabled and `MBEDTLS_PSA_CRYPTO_C` disabled, with no local cryptographic primitives.
+* `test/psa_server`: builds a server, including the crypto partition. This requires TF-PSA-Crypto compiled with the PSA core (`MBEDTLS_PSA_CRYPTO_C`) and cryptographic primitives.
+
+Note in particular that the client and the server require different builds of `libtfpsacrypto`, since they must have different configurations.
+
+Note that at the time of writing, building PSASIM only officially works from an Mbed TLS tree. It might not work from a standalone TF-PSA-Crypto tree.
+
+Some C files are generated from JSON data and from parsing TF-PSA-Crypto header files, using the scripts `src/psa_sim_generate.pl` and `src/psa_sim_serialise.pl`. They are not committed into version control, but rather generated during the build of the client or the server, according to the instructions in the makefile.
+
+### Testing
+
+Please refer to [`tests/scripts/components-psasim.sh` in Mbed TLS](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/scripts/components-psasim.sh) and the `helper_psasim_xxx` auxiliary functions in [`framework/scripts/all-helpers.sh`](../scripts/all-helpers.sh) for guidance on how to build & test PSASIM:
 
 - `component_test_psasim()`: builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands.
 - `component_test_suite_with_psasim()`: builds the server and _all_ the usual test suites (those found under the `<mbedtls-root>/tests/suites/*` folder) which are used by the CI and runs them. A small subset of test suites (`test_suite_constant_time_hmac`,`test_suite_lmots`,`test_suite_lms`) are being skipped, for CI turnover time optimization. They can be run locally if required.
-
-## How to update automatically generated files
-
-A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular:
-
-- `psa_sim_serialise.[c|h]`:
-    - Generated by `psa_sim_serialise.pl`.
-    - These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server.
-- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`:
-    - Generated by `psa_sim_generate.pl`.
-    - `psa_sim_crypto_[client|server].c` provide interfaces for PSA Crypto APIs on client and server sides, while `psa_functions_codes.h` simply enumerates all PSA Crypto APIs.
-
-These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows:
-
-- `psa_sim_serialise.[c|h]`:
-    - go to `<mbedtls-root>/tests/psa-client-server/psasim/src/`
-    - run `./psa_sim_serialise.pl h > psa_sim_serialise.h`
-    - run `./psa_sim_serialise.pl c > psa_sim_serialise.c`
-- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`:
-    - go to Mbed TLS' root folder
-    - run `./tests/psa-client-server/psasim/src/psa_sim_generate.pl`

psasim/src/psa_functions_codes.h

@@ -1,107 +0,0 @@
-/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef _PSA_FUNCTIONS_CODES_H_
-#define  _PSA_FUNCTIONS_CODES_H_
-
-enum {
-    /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT
-     * and VERSION_REQUEST */
-    PSA_CRYPTO_INIT = 100,
-    PSA_AEAD_ABORT,
-    PSA_AEAD_DECRYPT,
-    PSA_AEAD_DECRYPT_SETUP,
-    PSA_AEAD_ENCRYPT,
-    PSA_AEAD_ENCRYPT_SETUP,
-    PSA_AEAD_FINISH,
-    PSA_AEAD_GENERATE_NONCE,
-    PSA_AEAD_SET_LENGTHS,
-    PSA_AEAD_SET_NONCE,
-    PSA_AEAD_UPDATE,
-    PSA_AEAD_UPDATE_AD,
-    PSA_AEAD_VERIFY,
-    PSA_ASYMMETRIC_DECRYPT,
-    PSA_ASYMMETRIC_ENCRYPT,
-    PSA_CAN_DO_HASH,
-    PSA_CIPHER_ABORT,
-    PSA_CIPHER_DECRYPT,
-    PSA_CIPHER_DECRYPT_SETUP,
-    PSA_CIPHER_ENCRYPT,
-    PSA_CIPHER_ENCRYPT_SETUP,
-    PSA_CIPHER_FINISH,
-    PSA_CIPHER_GENERATE_IV,
-    PSA_CIPHER_SET_IV,
-    PSA_CIPHER_UPDATE,
-    PSA_COPY_KEY,
-    PSA_DESTROY_KEY,
-    PSA_EXPORT_KEY,
-    PSA_EXPORT_PUBLIC_KEY,
-    PSA_EXPORT_PUBLIC_KEY_IOP_ABORT,
-    PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE,
-    PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS,
-    PSA_EXPORT_PUBLIC_KEY_IOP_SETUP,
-    PSA_GENERATE_KEY,
-    PSA_GENERATE_KEY_CUSTOM,
-    PSA_GENERATE_KEY_IOP_ABORT,
-    PSA_GENERATE_KEY_IOP_COMPLETE,
-    PSA_GENERATE_KEY_IOP_GET_NUM_OPS,
-    PSA_GENERATE_KEY_IOP_SETUP,
-    PSA_GENERATE_RANDOM,
-    PSA_GET_KEY_ATTRIBUTES,
-    PSA_HASH_ABORT,
-    PSA_HASH_CLONE,
-    PSA_HASH_COMPARE,
-    PSA_HASH_COMPUTE,
-    PSA_HASH_FINISH,
-    PSA_HASH_SETUP,
-    PSA_HASH_UPDATE,
-    PSA_HASH_VERIFY,
-    PSA_IMPORT_KEY,
-    PSA_INTERRUPTIBLE_GET_MAX_OPS,
-    PSA_INTERRUPTIBLE_SET_MAX_OPS,
-    PSA_KEY_AGREEMENT,
-    PSA_KEY_AGREEMENT_IOP_ABORT,
-    PSA_KEY_AGREEMENT_IOP_COMPLETE,
-    PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS,
-    PSA_KEY_AGREEMENT_IOP_SETUP,
-    PSA_KEY_DERIVATION_ABORT,
-    PSA_KEY_DERIVATION_GET_CAPACITY,
-    PSA_KEY_DERIVATION_INPUT_BYTES,
-    PSA_KEY_DERIVATION_INPUT_INTEGER,
-    PSA_KEY_DERIVATION_INPUT_KEY,
-    PSA_KEY_DERIVATION_KEY_AGREEMENT,
-    PSA_KEY_DERIVATION_OUTPUT_BYTES,
-    PSA_KEY_DERIVATION_OUTPUT_KEY,
-    PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM,
-    PSA_KEY_DERIVATION_SET_CAPACITY,
-    PSA_KEY_DERIVATION_SETUP,
-    PSA_MAC_ABORT,
-    PSA_MAC_COMPUTE,
-    PSA_MAC_SIGN_FINISH,
-    PSA_MAC_SIGN_SETUP,
-    PSA_MAC_UPDATE,
-    PSA_MAC_VERIFY,
-    PSA_MAC_VERIFY_FINISH,
-    PSA_MAC_VERIFY_SETUP,
-    PSA_PURGE_KEY,
-    PSA_RAW_KEY_AGREEMENT,
-    PSA_RESET_KEY_ATTRIBUTES,
-    PSA_SIGN_HASH,
-    PSA_SIGN_HASH_ABORT,
-    PSA_SIGN_HASH_COMPLETE,
-    PSA_SIGN_HASH_GET_NUM_OPS,
-    PSA_SIGN_HASH_START,
-    PSA_SIGN_MESSAGE,
-    PSA_VERIFY_HASH,
-    PSA_VERIFY_HASH_ABORT,
-    PSA_VERIFY_HASH_COMPLETE,
-    PSA_VERIFY_HASH_GET_NUM_OPS,
-    PSA_VERIFY_HASH_START,
-    PSA_VERIFY_MESSAGE,
-};
-
-#endif /*  _PSA_FUNCTIONS_CODES_H_ */

psasim/src/psa_sim_generate.pl

@@ -1052,7 +1052,7 @@ sub output_signature
 
 sub get_functions
 {
-    my $header_dir = 'tf-psa-crypto/include';
+    my $header_dir = 'include';
     my $src = "";
     for my $header_file ('psa/crypto.h', 'psa/crypto_extra.h') {
         local *HEADER;