Merge pull request #7955 from davidhorstmann-arm/psa-crypto-script-changes

Miscellaneous changes to scripts for PSA-Crypto enablement

scripts/mbedtls_dev/build_tree.py

@@ -19,12 +19,19 @@
 import os
 import inspect
 
+def looks_like_psa_crypto_root(path: str) -> bool:
+    """Whether the given directory looks like the root of the PSA Crypto source tree."""
+    return all(os.path.isdir(os.path.join(path, subdir))
+               for subdir in ['include', 'core', 'drivers', 'programs', 'tests'])
 
 def looks_like_mbedtls_root(path: str) -> bool:
     """Whether the given directory looks like the root of the Mbed TLS source tree."""
     return all(os.path.isdir(os.path.join(path, subdir))
                for subdir in ['include', 'library', 'programs', 'tests'])
 
+def looks_like_root(path: str) -> bool:
+    return looks_like_psa_crypto_root(path) or looks_like_mbedtls_root(path)
+
 def check_repo_path():
     """
     Check that the current working directory is the project root, and throw
@@ -42,7 +49,7 @@ def chdir_to_root() -> None:
     for d in [os.path.curdir,
               os.path.pardir,
               os.path.join(os.path.pardir, os.path.pardir)]:
-        if looks_like_mbedtls_root(d):
+        if looks_like_root(d):
             os.chdir(d)
             return
     raise Exception('Mbed TLS source tree not found')
@@ -62,6 +69,6 @@ def guess_mbedtls_root():
             if d in dirs:
                 continue
             dirs.add(d)
-            if looks_like_mbedtls_root(d):
+            if looks_like_root(d):
                 return d
     raise Exception('Mbed TLS source tree not found')

scripts/mbedtls_dev/psa_storage.py

@@ -27,6 +27,7 @@ from typing import Dict, List, Optional, Set, Union
 import unittest
 
 from . import c_build_helper
+from . import build_tree
 
 
 class Expr:
@@ -51,13 +52,16 @@ class Expr:
     def update_cache(self) -> None:
         """Update `value_cache` for expressions registered in `unknown_values`."""
         expressions = sorted(self.unknown_values)
+        includes = ['include']
+        if build_tree.looks_like_psa_crypto_root('.'):
+            includes.append('drivers/builtin/include')
         values = c_build_helper.get_c_expression_values(
             'unsigned long', '%lu',
             expressions,
             header="""
             #include <psa/crypto.h>
             """,
-            include_path=['include']) #type: List[str]
+            include_path=includes) #type: List[str]
         for e, v in zip(expressions, values):
             self.value_cache[e] = int(v, 0)
         self.unknown_values.clear()

tests/scripts/all.sh

@@ -123,15 +123,27 @@ set -e -o pipefail -u
 # Enable ksh/bash extended file matching patterns
 shopt -s extglob
 
+in_mbedtls_repo () {
+    test -d include -a -d library -a -d programs -a -d tests
+}
+
+in_psa_crypto_repo () {
+    test -d include -a -d core -a -d drivers -a -d programs -a -d tests
+}
+
 pre_check_environment () {
-    if [ -d library -a -d include -a -d tests ]; then :; else
+    if in_mbedtls_repo || in_psa_crypto_repo; then :; else
-        echo "Must be run from mbed TLS root" >&2
+        echo "Must be run from Mbed TLS / psa-crypto root" >&2
         exit 1
     fi
 }
 
 pre_initialize_variables () {
+    if in_mbedtls_repo; then
         CONFIG_H='include/mbedtls/mbedtls_config.h'
+    else
+        CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+    fi
     CRYPTO_CONFIG_H='include/psa/crypto_config.h'
     CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
 
@@ -141,8 +153,10 @@ pre_initialize_variables () {
     backup_suffix='.all.bak'
     # Files clobbered by config.py
     files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
+    if in_mbedtls_repo; then
         # Files clobbered by in-tree cmake
         files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+    fi
 
     append_outcome=0
     MEMORY=0
@@ -299,7 +313,9 @@ EOF
 # Does not remove generated source files.
 cleanup()
 {
+    if in_mbedtls_repo; then
         command make clean
+    fi
 
     # Remove CMake artefacts
     find . -name .git -prune -o \
@@ -556,7 +572,7 @@ pre_check_git () {
         fi
 
         if ! git diff --quiet "$CONFIG_H"; then
-            err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
+            err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
             echo "You can either delete or preserve your work, or force the test by rerunning the"
             echo "script as: $0 --force"
             exit 1
@@ -5284,7 +5300,9 @@ pre_prepare_outcome_file
 pre_print_configuration
 pre_check_tools
 cleanup
-pre_generate_files
+if in_mbedtls_repo; then
+    pre_generate_files
+fi
 
 # Run the requested tests.
 for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do

tests/scripts/test_psa_compliance.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python3
 """Run the PSA Crypto API compliance test suite.
 Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
+then compile and run the test suite. The clone is stored at <repository root>/psa-arch-tests.
-Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
+Known defects in either the test suite or mbedtls / psa-crypto - identified by their test
-while unexpected failures AND successes are reported as errors,
+number - are ignored, while unexpected failures AND successes are reported as errors, to help
-to help keep the list of known defects as up to date as possible.
+keep the list of known defects as up to date as possible.
 """
 
 # Copyright The Mbed TLS Contributors
@@ -22,13 +22,20 @@ to help keep the list of known defects as up to date as possible.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import argparse
 import os
 import re
 import shutil
 import subprocess
 import sys
+from typing import List
 
-# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite)
+#pylint: disable=unused-import
+import scripts_path
+from mbedtls_dev import build_tree
+
+# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / PSA Crypto
+# (or the test suite).
 # The test numbers correspond to the numbers used by the console output of the test suite.
 # Test number 2xx corresponds to the files in the folder
 # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
@@ -49,12 +56,32 @@ EXPECTED_FAILURES = {
 PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
 PSA_ARCH_TESTS_REF = 'fix-pr-5736'
 
-#pylint: disable=too-many-branches,too-many-statements
+#pylint: disable=too-many-branches,too-many-statements,too-many-locals
-def main():
+def main(library_build_dir: str):
-    mbedtls_dir = os.getcwd()
+    root_dir = os.getcwd()
 
-    if not os.path.exists('library/libmbedcrypto.a'):
+    in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir)
-        subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a'])
+
+    if in_psa_crypto_repo:
+        crypto_name = 'psacrypto'
+        library_subdir = 'core'
+    else:
+        crypto_name = 'mbedcrypto'
+        library_subdir = 'library'
+
+    crypto_lib_filename = (library_build_dir + '/' +
+                           library_subdir + '/' +
+                           'lib' + crypto_name + '.a')
+
+    if not os.path.exists(crypto_lib_filename):
+        #pylint: disable=bad-continuation
+        subprocess.check_call([
+            'cmake', '.',
+                     '-GUnix Makefiles',
+                     '-B' + library_build_dir
+        ])
+        subprocess.check_call(['cmake', '--build', library_build_dir,
+                               '--target', crypto_name])
 
     psa_arch_tests_dir = 'psa-arch-tests'
     os.makedirs(psa_arch_tests_dir, exist_ok=True)
@@ -74,6 +101,9 @@ def main():
         os.mkdir(build_dir)
         os.chdir(build_dir)
 
+        extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
+                          if in_psa_crypto_repo else '')
+
         #pylint: disable=bad-continuation
         subprocess.check_call([
             'cmake', '..',
@@ -81,8 +111,9 @@ def main():
                      '-DTARGET=tgt_dev_apis_stdc',
                      '-DTOOLCHAIN=HOST_GCC',
                      '-DSUITE=CRYPTO',
-                     '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
+                     '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir,
-                     '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
+                                                              crypto_lib_filename),
+                     ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir)
         ])
         subprocess.check_call(['cmake', '--build', '.'])
 
@@ -95,8 +126,11 @@ def main():
         )
         test = -1
         unexpected_successes = set(EXPECTED_FAILURES)
-        expected_failures = []
+        expected_failures = [] # type: List[int]
-        unexpected_failures = []
+        unexpected_failures = [] # type: List[int]
+        if proc.stdout is None:
+            return 1
+
         for line in proc.stdout:
             print(line, end='')
             match = test_re.match(line)
@@ -136,7 +170,18 @@ def main():
             print('SUCCESS')
             return 0
     finally:
-        os.chdir(mbedtls_dir)
+        os.chdir(root_dir)
 
 if __name__ == '__main__':
-    sys.exit(main())
+    BUILD_DIR = 'out_of_source_build'
+
+    # pylint: disable=invalid-name
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--build-dir', nargs=1,
+                        help='path to Mbed TLS / PSA Crypto build directory')
+    args = parser.parse_args()
+
+    if args.build_dir is not None:
+        BUILD_DIR = args.build_dir[0]
+
+    sys.exit(main(BUILD_DIR))