From 72b25da82b2dbf810422dc85a69b2908860d372a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 Apr 2021 18:29:24 +0200 Subject: [PATCH] tests: Add build of a PSA test driver library PR #3959 has proven that by adding a prefix (LIBTESTDRIVER1/libtestdriver1_ in this commit) to all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy of the Mbed TLS library, we can build a library that can be linked with the Mbed TLS library. This commit leverages this to build a PSA test driver library based on the Mbed TLS library code. The cryptographic features supported by the test library are defined by: . a minimal configuration (in the sense of config.h), see config_test_driver.h . PSA_WANT_* and PSA_ACCEL_* defined macros. The PSA_WANT_* macros have to be the same as the ones used to build the Mbed TLS library the test driver library is supposed to be linked to as the PSA_WANT_* macros are used in the definition of structures and macros that are shared by the PSA crypto core, Mbed TLS drivers and the driver test library. The PSA_ACCEL_* macros are intended to define the cryptographic features that have to be removed from the Mbed TLS library and thus supported by the test library in test scenarios. The PSA_ACCEL_* macros to build the test library are thus mirrored from the ones to build the Mbed TLS library by extended the crypto_config.h: see crypto_config_test_driver_entension.h. Signed-off-by: Ronald Cron --- tests/.gitignore | 2 + tests/Makefile | 46 ++++ .../include/test/drivers/config_test_driver.h | 59 +++++ .../crypto_config_test_driver_extension.h | 237 ++++++++++++++++++ 4 files changed, 344 insertions(+) create mode 100644 tests/include/test/drivers/config_test_driver.h create mode 100644 tests/include/test/drivers/crypto_config_test_driver_extension.h diff --git a/tests/.gitignore b/tests/.gitignore index fa901cbe5..15fce6888 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -18,3 +18,5 @@ include/test/instrument_record_status.h src/*.o src/drivers/*.o src/libmbed* + +libtestdriver1/* diff --git a/tests/Makefile b/tests/Makefile index 77a31720f..94a834ef8 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -176,6 +176,7 @@ ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/libmbed* rm -f include/test/instrument_record_status.h + rm -rf libtestdriver1 else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe @@ -199,6 +200,51 @@ check: $(BINARIES) test: check +# Generate test library + +# Perl code that is executed to transform each original line from a library +# source file into the corresponding line in the test driver copy of the +# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx +# symbols. +define libtestdriver1_rewrite := + s!^(\s*#\s*include\s*[\"<])(mbedtls|psa)/!$${1}libtestdriver1/include/$${2}/!; \ + next if /^\s*#\s*include/; \ + s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \ + s/\b(?=mbedtls_|psa_)/libtestdriver1_/g; +endef + +libtestdriver1.a: + # Copy the library and fake a 3rdparty Makefile include. + rm -Rf ./libtestdriver1 + mkdir ./libtestdriver1 + cp -Rf ../library ./libtestdriver1 + cp -Rf ../include ./libtestdriver1 + cp -Rf ../scripts ./libtestdriver1 + mkdir ./libtestdriver1/3rdparty + touch ./libtestdriver1/3rdparty/Makefile.inc + + # Set the test driver base (minimal) configuration. + cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h + + # Set the PSA cryptography configuration for the test library. + # It is set from the copied include/psa/crypto_config.h of the Mbed TLS + # library the test library is intended to be linked with extended by + # ./include/test/drivers/crypto_config_test_driver_extension.h to + # mirror the PSA_ACCEL_* macros. + mv ./libtestdriver1/include/psa/crypto_config.h ./libtestdriver1/include/psa/crypto_config.h.bak + head -n -1 ./libtestdriver1/include/psa/crypto_config.h.bak > ./libtestdriver1/include/psa/crypto_config.h + cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h + echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/include/psa/crypto_config.h + + # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as + # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash + # when this test driver library is linked with the Mbed TLS library. + perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] + perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h + + $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a + cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a + ifdef RECORD_PSA_STATUS_COVERAGE_LOG include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile echo " Gen $@" diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h new file mode 100644 index 000000000..6dcefd7a9 --- /dev/null +++ b/tests/include/test/drivers/config_test_driver.h @@ -0,0 +1,59 @@ +/** + * \file config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#define MBEDTLS_PSA_CRYPTO_C +#define MBEDTLS_PSA_CRYPTO_CONFIG + +/* PSA core mandatory configuration options */ +#define MBEDTLS_CIPHER_C +#define MBEDTLS_AES_C +#define MBEDTLS_SHA224_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C + +/* + * Configuration options that may need to be additionally enabled for the + * purpose of a specific set of tests. + */ +//#define MBEDTLS_SHA1_C +//#define MBEDTLS_SHA384_C +//#define MBEDTLS_SHA512_C +//#define MBEDTLS_PEM_PARSE_C +//#define MBEDTLS_BASE64_C + +#include "mbedtls/config_psa.h" +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h new file mode 100644 index 000000000..51ad4ab67 --- /dev/null +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -0,0 +1,237 @@ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + */ + +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CBC_PKCS7) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CFB) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB) +#undef MBEDTLS_PSA_ACCEL_ALG_CFB +#else +#define MBEDTLS_PSA_ACCEL_ALG_CFB 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CTR) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) +#undef MBEDTLS_PSA_ACCEL_ALG_CTR +#else +#define MBEDTLS_PSA_ACCEL_ALG_CTR 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#else +#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA +#else +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD2) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2) +#undef MBEDTLS_PSA_ACCEL_ALG_MD2 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD2 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD4) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4) +#undef MBEDTLS_PSA_ACCEL_ALG_MD4 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD4 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD5) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#undef MBEDTLS_PSA_ACCEL_ALG_MD5 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD5 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_OFB) +#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB) +#undef MBEDTLS_PSA_ACCEL_ALG_OFB +#else +#define MBEDTLS_PSA_ACCEL_ALG_OFB 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 +#else +#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PSS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_1) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_224) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_256) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_384) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_512) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_XTS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) +#undef MBEDTLS_PSA_ACCEL_ALG_XTS +#else +#define MBEDTLS_PSA_ACCEL_ALG_XTS 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_AES) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_ARIA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR 1 +#endif +#endif + +#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 +#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 +#define MBEDTLS_PSA_ACCEL_ALG_GCM 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 + +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 +#endif + +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1