Merge pull request #236 from gilles-peskine-arm/build_info-cleanup-1.0-framework

Clean up after 1.0: generate_config_checks.py, tf-psa-crypto/build_info.h

Author: ronald-cron-arm

history/config-adjust-tfpsacrypto-1.0.txt

@@ -32,9 +32,7 @@ MBEDTLS_CIPHER_PADDING_PKCS7
 MBEDTLS_CMAC_C
 MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
 MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
-MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
 MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
-MBEDTLS_DES_C
 MBEDTLS_ECDH_C
 MBEDTLS_ECDSA_C
 MBEDTLS_ECDSA_DETERMINISTIC
@@ -127,7 +125,6 @@ MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
 MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
 MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
-MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -211,7 +208,6 @@ MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20
-MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -235,7 +231,6 @@ MBEDTLS_PSA_CRYPTO_RNG_STRENGTH
 MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS
 MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS
 MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES
-MBEDTLS_PSA_DRIVER_GET_ENTROPY
 MBEDTLS_PSA_DRIVER_GET_ENTROPY_DEFINED
 MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
 MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
@@ -247,8 +242,6 @@ MBEDTLS_RSA_C
 MBEDTLS_SHA1_C
 MBEDTLS_SHA224_C
 MBEDTLS_SHA256_C
-MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
-MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
 MBEDTLS_SHA384_C
 MBEDTLS_SHA512_C
 MBEDTLS_SSL_HAVE_AEAD
@@ -266,7 +259,6 @@ PSA_HAVE_SOFT_BLOCK_MODE
 PSA_HAVE_SOFT_KEY_TYPE_AES
 PSA_HAVE_SOFT_KEY_TYPE_ARIA
 PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA
-PSA_HAVE_SOFT_KEY_TYPE_DES
 PSA_HAVE_SOFT_PBKDF2
 PSA_HAVE_SOFT_PBKDF2_CMAC
 PSA_HAVE_SOFT_PBKDF2_HMAC
@@ -275,29 +267,11 @@ PSA_WANT_ALG_ECB_NO_PADDING
 PSA_WANT_ALG_ECDSA
 PSA_WANT_ALG_ECDSA_ANY
 PSA_WANT_ALG_HMAC
-PSA_WANT_ALG_MD5
-PSA_WANT_ALG_RIPEMD160
 PSA_WANT_ALG_RSA_PKCS1V15_SIGN
 PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
 PSA_WANT_ALG_RSA_PSS
 PSA_WANT_ALG_RSA_PSS_ANY_SALT
-PSA_WANT_ALG_SHA_1
-PSA_WANT_ALG_SHA_224
-PSA_WANT_ALG_SHA_256
-PSA_WANT_ALG_SHA_384
-PSA_WANT_ALG_SHA_512
 PSA_WANT_ALG_SOME_PAKE
-PSA_WANT_ECC_BRAINPOOL_P_R1_256
-PSA_WANT_ECC_BRAINPOOL_P_R1_384
-PSA_WANT_ECC_BRAINPOOL_P_R1_512
-PSA_WANT_ECC_MONTGOMERY_255
-PSA_WANT_ECC_MONTGOMERY_448
-PSA_WANT_ECC_SECP_K1_192
-PSA_WANT_ECC_SECP_K1_256
-PSA_WANT_ECC_SECP_R1_192
-PSA_WANT_ECC_SECP_R1_256
-PSA_WANT_ECC_SECP_R1_384
-PSA_WANT_ECC_SECP_R1_521
 PSA_WANT_KEY_TYPE_AES
 PSA_WANT_KEY_TYPE_DERIVE
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC

history/config-options-mbedtls-4.0.txt

@@ -40,6 +40,7 @@ MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
 MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
 MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+MBEDTLS_SSL_NULL_CIPHERSUITES
 MBEDTLS_SSL_OUT_CONTENT_LEN
 MBEDTLS_SSL_PROTO_DTLS
 MBEDTLS_SSL_PROTO_TLS1_2

history/config-options-tfpsacrypto-1.0.txt

@@ -7,31 +7,14 @@ MBEDTLS_AES_USE_HARDWARE_ONLY
 MBEDTLS_ASN1_PARSE_C
 MBEDTLS_ASN1_WRITE_C
 MBEDTLS_BASE64_C
-MBEDTLS_BIGNUM_C
 MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
 MBEDTLS_CAMELLIA_SMALL_MEMORY
 MBEDTLS_CHECK_RETURN
 MBEDTLS_CHECK_RETURN_WARNING
-MBEDTLS_CIPHER_NULL_CIPHER
 MBEDTLS_CTR_DRBG_C
 MBEDTLS_DEPRECATED_REMOVED
 MBEDTLS_DEPRECATED_WARNING
-MBEDTLS_ECDH_C
 MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-MBEDTLS_ECDSA_C
-MBEDTLS_ECJPAKE_C
-MBEDTLS_ECP_C
-MBEDTLS_ECP_DP_BP256R1_ENABLED
-MBEDTLS_ECP_DP_BP384R1_ENABLED
-MBEDTLS_ECP_DP_BP512R1_ENABLED
-MBEDTLS_ECP_DP_CURVE25519_ENABLED
-MBEDTLS_ECP_DP_CURVE448_ENABLED
-MBEDTLS_ECP_DP_SECP192K1_ENABLED
-MBEDTLS_ECP_DP_SECP192R1_ENABLED
-MBEDTLS_ECP_DP_SECP256K1_ENABLED
-MBEDTLS_ECP_DP_SECP256R1_ENABLED
-MBEDTLS_ECP_DP_SECP384R1_ENABLED
-MBEDTLS_ECP_DP_SECP521R1_ENABLED
 MBEDTLS_ECP_FIXED_POINT_OPTIM
 MBEDTLS_ECP_NIST_OPTIM
 MBEDTLS_ECP_RESTARTABLE
@@ -74,7 +57,6 @@ MBEDTLS_PLATFORM_EXIT_MACRO
 MBEDTLS_PLATFORM_FPRINTF_ALT
 MBEDTLS_PLATFORM_FPRINTF_MACRO
 MBEDTLS_PLATFORM_FREE_MACRO
-MBEDTLS_PLATFORM_GET_ENTROPY_ALT
 MBEDTLS_PLATFORM_GMTIME_R_ALT
 MBEDTLS_PLATFORM_MEMORY
 MBEDTLS_PLATFORM_MS_TIME_ALT
@@ -136,8 +118,6 @@ MBEDTLS_RSA_GEN_KEY_MIN_BITS
 MBEDTLS_RSA_NO_CRT
 MBEDTLS_SELF_TEST
 MBEDTLS_SHA256_SMALLER
-MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
 MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
 MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
 MBEDTLS_SHA512_SMALLER
@@ -212,14 +192,12 @@ PSA_WANT_KEY_TYPE_ARIA
 PSA_WANT_KEY_TYPE_CAMELLIA
 PSA_WANT_KEY_TYPE_CHACHA20
 PSA_WANT_KEY_TYPE_DERIVE
-PSA_WANT_KEY_TYPE_DES
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
 PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
-PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
 PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
@@ -230,13 +208,14 @@ PSA_WANT_KEY_TYPE_HMAC
 PSA_WANT_KEY_TYPE_PASSWORD
 PSA_WANT_KEY_TYPE_PASSWORD_HASH
 PSA_WANT_KEY_TYPE_RAW_DATA
-PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
 PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS
 TF_PSA_CRYPTO_CONFIG_FILE
+TF_PSA_CRYPTO_CONFIG_VERSION
 TF_PSA_CRYPTO_USER_CONFIG_FILE
 TF_PSA_CRYPTO_VERSION

scripts/check_names.py

@@ -99,7 +99,8 @@ class Problem(abc.ABC): # pylint: disable=too-few-public-methods
     # Class variable to control the quietness of all problems
     quiet = False
     def __init__(self):
-        self.textwrapper = textwrap.TextWrapper()
+        self.textwrapper = textwrap.TextWrapper(break_on_hyphens=False,
+                                                break_long_words=False)
         self.textwrapper.width = 80
         self.textwrapper.initial_indent = "    > "
         self.textwrapper.subsequent_indent = "      "
@@ -288,7 +289,16 @@ def get_all_files(self, include_wildcards, exclude_wildcards):
 
         Args:
         * include_wildcards: a List of shell-style wildcards to match filepaths.
+          - "*" does not match a directory separator, e.g. "*/a.h"
+            matches "somedir/a.h" but not "somedir/subdir/a.h".
+          - "**" matches zero or more directory levels, e.g. "**/a.h"
+            matches "a.h", "somedir/a.h", "somedir/subdir/a.h", etc.
+          - The matching is case-insensitive.
         * exclude_wildcards: a List of shell-style wildcards to exclude.
+          - "*" matches every character including separators, e.g. "*/a.h"
+            matches "somedir/a.h" and "somedir/subdir/a.h" but not "a.h".
+          - "**" is equivalent to "*".
+          - The matching is case-sensitive.
 
         Returns:
         * inc_files: A List of relative filepaths for included files.
@@ -297,7 +307,7 @@ def get_all_files(self, include_wildcards, exclude_wildcards):
         accumulator = set()
         all_wildcards = include_wildcards + (exclude_wildcards or [])
         for wildcard in all_wildcards:
-            accumulator = accumulator.union(glob.iglob(wildcard))
+            accumulator = accumulator.union(glob.iglob(wildcard, recursive=True))
 
         inc_files = []
         exc_files = []
@@ -306,7 +316,7 @@ def get_all_files(self, include_wildcards, exclude_wildcards):
                 exc_files.append(path)
             else:
                 inc_files.append(path)
-        return (inc_files, exc_files)
+        return (sorted(inc_files), sorted(exc_files))
 
     def get_included_files(self, include_wildcards, exclude_wildcards):
         """
@@ -324,10 +334,11 @@ def get_included_files(self, include_wildcards, exclude_wildcards):
         accumulator = set()
 
         for include_wildcard in include_wildcards:
-            accumulator = accumulator.union(glob.iglob(include_wildcard))
+            accumulator = accumulator.union(glob.iglob(include_wildcard,
+                                                       recursive=True))
 
-        return list(path for path in accumulator
-                    if not self.is_file_excluded(path, exclude_wildcards))
+        return sorted(path for path in accumulator
+                      if not self.is_file_excluded(path, exclude_wildcards))
 
     def parse_macros(self, include, exclude=None):
         """
@@ -349,6 +360,7 @@ def parse_macros(self, include, exclude=None):
 
         macros = []
         for header_file in files:
+            self.log.debug("Parsing macros in " + header_file)
             with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     for macro in macro_regex.finditer(line):
@@ -387,6 +399,7 @@ def parse_mbed_psa_words(self, include, exclude=None):
 
         mbed_psa_words = []
         for filename in files:
+            self.log.debug("Parsing words in " + filename)
             with open(filename, "r", encoding="utf-8") as fp:
                 for line_no, line in enumerate(fp):
                     if exclusions.search(line):
@@ -423,6 +436,7 @@ def parse_enum_consts(self, include, exclude=None):
         enum_consts = []
         for header_file in files:
             state = states.OUTSIDE_KEYWORD
+            self.log.debug("Parsing enums in " + header_file)
             with open(header_file, "r", encoding="utf-8") as header:
                 for line_no, line in enumerate(header):
                     # Match typedefs and brackets only when they are at the
@@ -539,6 +553,7 @@ def parse_identifiers_in_file(self, header_file, identifiers):
         Append found matches to the list ``identifiers``.
         """
 
+        self.log.debug("Parsing identifier declarations in " + header_file)
         with open(header_file, "r", encoding="utf-8") as header:
             in_block_comment = False
             # The previous line variable is used for concatenating lines
@@ -614,11 +629,13 @@ def parse_identifiers(self, include, exclude=None):
 
         self.log.debug("Looking for included identifiers in {} files".format \
             (len(included_files)))
-
         included_identifiers = []
-        excluded_identifiers = []
         for header_file in included_files:
             self.parse_identifiers_in_file(header_file, included_identifiers)
+
+        self.log.debug("Looking for excluded identifiers in {} files".format \
+            (len(excluded_files)))
+        excluded_identifiers = []
         for header_file in excluded_files:
             self.parse_identifiers_in_file(header_file, excluded_identifiers)
 
@@ -690,6 +707,31 @@ def __init__(self, log):
         if not build_tree.looks_like_tf_psa_crypto_root(os.getcwd()):
             raise Exception("This script must be run from TF-PSA-Crypto root.")
 
+    H_PUBLIC = [
+        "include/**/*.h",
+        "drivers/*/include/**/*.h",
+    ]
+    H_PUBLIC_EXCLUDE = [
+        'drivers/everest/include/tf-psa-crypto/private/everest/[HhKk]*.h',
+        'drivers/everest/include/tf-psa-crypto/private/everest/k*/*.h',
+        'drivers/everest/include/tf-psa-crypto/private/everest/vs*/*.h',
+    ]
+
+    H_INTERNAL = [
+        "core/*.h",
+        "drivers/*/src/*.h",
+    ]
+
+    H_TEST_DRIVERS = [
+        "framework/tests/include/test/drivers/*.h",
+    ]
+
+    C_INTERNAL = [
+        "core/*.c",
+        "drivers/*/library/*.c",
+        "drivers/*/src/*.c",
+    ]
+
     def comprehensive_parse(self):
         """
         Comprehensive ("default") function to call each parsing function and
@@ -698,75 +740,20 @@ def comprehensive_parse(self):
         Returns a dict of parsed item key to the corresponding List of Matches.
         """
         all_macros = {"public": [], "internal": [], "private":[]}
-        all_macros["public"] = self.parse_macros([
-            "include/psa/*.h",
-            "include/tf-psa-crypto/*.h",
-            "include/mbedtls/*.h",
-            "drivers/builtin/include/mbedtls/*.h",
-            "include/mbedtls/private/*.h",
-            "drivers/builtin/include/mbedtls/private/*.h",
-            "drivers/everest/include/everest/everest.h",
-            "drivers/everest/include/everest/x25519.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/x25519.h"
-        ])
-        all_macros["internal"] = self.parse_macros([
-            "core/*.h",
-            "drivers/builtin/src/*.h",
-            "framework/tests/include/test/drivers/*.h",
-        ])
-        all_macros["private"] = self.parse_macros([
-            "core/*.c",
-            "drivers/builtin/src/*.c",
-        ])
-        enum_consts = self.parse_enum_consts([
-            "include/psa/*.h",
-            "include/tf-psa-crypto/*.h",
-            "include/mbedtls/*.h",
-            "drivers/builtin/include/mbedtls/*.h",
-            "include/mbedtls/private/*.h",
-            "drivers/builtin/include/mbedtls/private/*.h",
-            "core/*.h",
-            "drivers/builtin/src/*.h",
-            "core/*.c",
-            "drivers/builtin/src/*.c",
-            "drivers/everest/include/everest/everest.h",
-            "drivers/everest/include/everest/x25519.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/x25519.h"
-        ])
-        identifiers, excluded_identifiers = self.parse_identifiers([
-            "include/psa/*.h",
-            "include/tf-psa-crypto/*.h",
-            "include/mbedtls/*.h",
-            "drivers/builtin/include/mbedtls/*.h",
-            "include/mbedtls/private/*.h",
-            "drivers/builtin/include/mbedtls/private/*.h",
-            "core/*.h",
-            "drivers/builtin/src/*.h",
-            "drivers/everest/include/everest/everest.h",
-            "drivers/everest/include/everest/x25519.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/x25519.h"
-        ], ["drivers/p256-m/p256-m/p256-m.h"])
-        mbed_psa_words = self.parse_mbed_psa_words([
-            "include/psa/*.h",
-            "include/tf-psa-crypto/*.h",
-            "include/mbedtls/*.h",
-            "drivers/builtin/include/mbedtls/*.h",
-            "include/mbedtls/private/*.h",
-            "drivers/builtin/include/mbedtls/private/*.h",
-            "core/*.h",
-            "drivers/builtin/src/*.h",
-            "drivers/everest/include/everest/everest.h",
-            "drivers/everest/include/everest/x25519.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
-            "drivers/everest/include/tf-psa-crypto/private/everest/x25519.h",
-            "core/*.c",
-            "drivers/builtin/src/*.c",
-            "drivers/everest/library/everest.c",
-            "drivers/everest/library/x25519.c"
-        ], ["core/psa_crypto_driver_wrappers.h"])
+        all_macros["public"] = self.parse_macros(self.H_PUBLIC,
+                                                 self.H_PUBLIC_EXCLUDE)
+        all_macros["internal"] = self.parse_macros(self.H_INTERNAL +
+                                                   self.H_TEST_DRIVERS)
+        all_macros["private"] = self.parse_macros(self.C_INTERNAL)
+        enum_consts = self.parse_enum_consts(
+            self.H_PUBLIC + self.H_INTERNAL + self.C_INTERNAL,
+            self.H_PUBLIC_EXCLUDE)
+        identifiers, excluded_identifiers = self.parse_identifiers(
+            self.H_PUBLIC + self.H_INTERNAL,
+            self.H_PUBLIC_EXCLUDE + ["drivers/p256-m/p256-m/p256-m.h"])
+        mbed_psa_words = self.parse_mbed_psa_words(
+            self.H_PUBLIC + self.H_INTERNAL + self.C_INTERNAL,
+            self.H_PUBLIC_EXCLUDE + ["core/psa_crypto_driver_wrappers.h"])
         symbols = self.parse_symbols()
 
         return self._parse(all_macros, enum_consts, identifiers,