From b5cf455bb75ba7306abff3ad65a6cac6103f0267 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 22 Jan 2019 16:09:24 +0000 Subject: [PATCH] tls/crypto: Make mbed-crypto importer independent Obtain the version of Mbed Crypto to use not from the Mbed TLS submodule, but independently through the Mbed Crypto importer instead. --- features/mbedtls/importer/Makefile | 44 ------- features/mbedtls/importer/adjust-config.sh | 2 +- .../mbedtls/mbed-crypto/importer/Makefile | 115 ++++++++++++++++++ .../importer/TARGET_IGNORE/.gitignore | 1 + 4 files changed, 117 insertions(+), 45 deletions(-) create mode 100644 features/mbedtls/mbed-crypto/importer/Makefile create mode 100644 features/mbedtls/mbed-crypto/importer/TARGET_IGNORE/.gitignore diff --git a/features/mbedtls/importer/Makefile b/features/mbedtls/importer/Makefile index a9adff62d3..046e86405e 100644 --- a/features/mbedtls/importer/Makefile +++ b/features/mbedtls/importer/Makefile @@ -32,34 +32,15 @@ MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git # Translate between mbed TLS namespace and mbed namespace TARGET_PREFIX:=../ -TARGET_PREFIX_CRYPTO:=../mbed-crypto/ TARGET_SRC:=$(TARGET_PREFIX)src TARGET_INC:=$(TARGET_PREFIX)inc TARGET_TESTS:=$(TARGET_PREFIX)TESTS -# New folder structure is introduced here for targets with Secured-Partition-Environment -# and Non-Secured-Partition-Environment, below documentation for each folder: -# COMPONENT_PSA_SRV_IMPL - include secure service business logic implementation -# code. For example Mbed Crypto or secure time core logic -TARGET_SRV_IMPL:=$(TARGET_PREFIX_CRYPTO)/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL -# COMPONENT_SPE - include code that compiles ONLY to secure image and never -# compiles to non-secure image -TARGET_SPE:=$(TARGET_PREFIX_CRYPTO)/platform/TARGET_PSA/COMPONENT_SPE -# The folder contain specific target implementation using hardware. -TARGET_PSA_DRIVERS:=$(TARGET_PREFIX_CRYPTO)/targets -# COMPONENT_NSPE - include code that compiles ONLY to non-secure image and -# never compiles to secure image -TARGET_NSPE:=$(TARGET_SRV_IMPL)/COMPONENT_NSPE - # mbed TLS source directory - hidden from mbed via TARGET_IGNORE MBED_TLS_DIR:=TARGET_IGNORE/mbedtls MBED_TLS_API:=$(MBED_TLS_DIR)/include/mbedtls MBED_TLS_GIT_CFG=$(MBED_TLS_DIR)/.git/config -# Mbed Crypto directory - hidden from mbed via TARGET_IGNORE -MBED_CRYPTO_DIR:=$(MBED_TLS_DIR)/crypto -MBED_CRYPTO_API:=$(MBED_CRYPTO_DIR)/include/psa - .PHONY: all deploy deploy-tests rsync mbedtls clean update all: mbedtls @@ -81,23 +62,6 @@ rsync: cp $(MBED_TLS_DIR)/LICENSE $(TARGET_PREFIX) cp $(MBED_TLS_DIR)/apache-2.0.txt $(TARGET_PREFIX) # - # Create Mbed Crypto target folder - mkdir -p $(TARGET_PREFIX_CRYPTO) - # - # Copying Mbed Crypto into Mbed OS.. - rm -rf $(TARGET_SRV_IMPL) - rm -rf $(TARGET_SPE) - - mkdir -p $(TARGET_SRV_IMPL) - mkdir -p $(TARGET_SPE) - mkdir -p $(TARGET_NSPE) - mkdir -p $(TARGET_PSA_DRIVERS) - - rsync -a --delete --exclude='crypto_struct.h' $(MBED_CRYPTO_API) $(TARGET_INC) - rsync -a --delete $(MBED_CRYPTO_API)/crypto_struct.h $(TARGET_NSPE) - rsync -a --delete $(MBED_CRYPTO_API)/crypto_struct.h $(TARGET_SPE)/crypto_struct_spe.h - rsync -a --delete $(MBED_CRYPTO_DIR)/library/psa_*.c $(TARGET_SRV_IMPL) - rsync -a --delete $(MBED_CRYPTO_DIR)/library/psa_*.h $(TARGET_SRV_IMPL) deploy: rsync # @@ -128,14 +92,8 @@ update: $(MBED_TLS_GIT_CFG) $(MBED_TLS_HA_GIT_CFG) # Checking out the required release git -C $(MBED_TLS_DIR) checkout $(MBED_TLS_RELEASE) # - # Update and checkout git submodules - git -C $(MBED_TLS_DIR) submodule update --init --recursive - # # Updating checked out version tag echo $(MBED_TLS_RELEASE) > $(TARGET_PREFIX)VERSION.txt - # - # Updating Mbed Crypto checked out version tag - git -C $(MBED_CRYPTO_DIR) describe --tags --abbrev=12 --dirty --always >> $(TARGET_PREFIX)VERSION.txt $(MBED_TLS_GIT_CFG): rm -rf $(MBED_TLS_DIR) @@ -149,5 +107,3 @@ clean: rm -rf $(TARGET_SRC) rm -rf $(TARGET_INC) rm -rf $(MBED_TLS_DIR) - rm -rf $(TARGET_SRV_IMPL) - rm -rf $(TARGET_SPE) diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh index 347ca5c155..4d9bb1b30d 100755 --- a/features/mbedtls/importer/adjust-config.sh +++ b/features/mbedtls/importer/adjust-config.sh @@ -146,7 +146,7 @@ conf unset MBEDTLS_PLATFORM_TIME_TYPE_MACRO # which should fit RSA 4096 bit keys. conf set MBEDTLS_MPI_MAX_SIZE 512 -# The following configurations are a needed for Mbed Crypto submodule. +# The following configurations are needed for Mbed Crypto. # They are related to the persistent key storage feature. conf set MBEDTLS_PSA_CRYPTO_STORAGE_C conf set MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C diff --git a/features/mbedtls/mbed-crypto/importer/Makefile b/features/mbedtls/mbed-crypto/importer/Makefile new file mode 100644 index 0000000000..d83e8b8f8d --- /dev/null +++ b/features/mbedtls/mbed-crypto/importer/Makefile @@ -0,0 +1,115 @@ +########################################################################### +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +########################################################################### + +# +# Use this file to import an Mbed Crypto release into Mbed OS as follows: +# +# 1) Set the CRYPTO_RELEASE variable to the required Mbed Crypto release +# tag +# 2) make update +# 3) make +# 4) commit and push changes via git +# + +# Set the Mbed Crypto release to import (this can/should be edited before +# import) +CRYPTO_RELEASE ?= mbedcrypto-0.1.0b2 +CRYPTO_REPO_URL ?= git@github.com:ARMmbed/mbed-crypto.git + +# Translate between Mbed Crypto namespace and Mbed OS namespace +TARGET_PREFIX:=.. +TARGET_INC:=$(TARGET_PREFIX)/inc + +# A folder structure is introduced here for targets that have both a Secure +# Processing Environment (SPE) targets and Non-secure Processing Environment +# (NSPE). Documentation for each folder as follows: +# COMPONENT_PSA_SRV_IMPL - Include secure service implementation code. For +# example PSA Crypto or PSA Secure Time implementations +TARGET_SRV_IMPL:=$(TARGET_PREFIX)/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL +# COMPONENT_SPE - Include code that compiles ONLY to the SPE image and never +# compiles to the NSPE image +TARGET_SPE:=$(TARGET_PREFIX)/platform/TARGET_PSA/COMPONENT_SPE +# COMPONENT_NSPE - Include code that compiles ONLY to the NSPE image and never +# compiles to the SPE image +TARGET_NSPE:=$(TARGET_SRV_IMPL)/COMPONENT_NSPE + +# Mbed Crypto source directory - hidden from mbed via TARGET_IGNORE +CRYPTO_DIR:=TARGET_IGNORE/mbed-crypto +CRYPTO_API:=$(CRYPTO_DIR)/include/psa +CRYPTO_GIT_CFG=$(CRYPTO_DIR)/.git/config + + +.PHONY: all rsync clean update + +all: rsync + +rsync: + # + # Copying Mbed Crypto headers to includes... + rm -rf $(TARGET_INC) + mkdir -p $(TARGET_INC) + rsync -a --delete --exclude='crypto_struct.h' $(CRYPTO_API) $(TARGET_INC)/ + # + # Copying licenses + cp $(CRYPTO_DIR)/LICENSE $(TARGET_PREFIX)/ + cp $(CRYPTO_DIR)/apache-2.0.txt $(TARGET_PREFIX)/ + # + # Copying Mbed Crypto into Mbed OS... + rm -rf $(TARGET_SRV_IMPL) + rm -rf $(TARGET_SPE) + + mkdir -p $(TARGET_SRV_IMPL) + mkdir -p $(TARGET_SPE) + mkdir -p $(TARGET_NSPE) + + rsync -a --delete $(CRYPTO_API)/crypto_struct.h $(TARGET_NSPE)/ + rsync -a --delete $(CRYPTO_API)/crypto_struct.h $(TARGET_SPE)/crypto_struct_spe.h + rsync -a --delete $(CRYPTO_DIR)/library/psa_*.c $(TARGET_SRV_IMPL)/ + rsync -a --delete $(CRYPTO_DIR)/library/psa_*.h $(TARGET_SRV_IMPL)/ + +update: $(CRYPTO_GIT_CFG) + # + # Updating to the specified Mbed Crypto library version + # (If it is not an initial checkout we will start with the repository + # being in a detached head state) + git -C $(CRYPTO_DIR) checkout development + git -C $(CRYPTO_DIR) pull --rebase origin development + # + # Checking out the required release + git -C $(CRYPTO_DIR) checkout $(CRYPTO_RELEASE) + # + # Update and checkout git submodules + git -C $(CRYPTO_DIR) submodule update --init --recursive + # + # Updating Mbed Crypto checked out version tag + git -C $(CRYPTO_DIR) describe --tags --abbrev=12 --dirty --always > $(TARGET_PREFIX)/VERSION.txt + +$(CRYPTO_GIT_CFG): + rm -rf $(CRYPTO_DIR) + git clone $(CRYPTO_REPO_URL) $(CRYPTO_DIR) + +clean: + rm -f $(TARGET_PREFIX)/LICENSE + rm -f $(TARGET_PREFIX)/apache-2.0.txt + rm -f $(TARGET_PREFIX)/VERSION.txt + rm -f $(TARGET_PREFIX)/AUTHORS.txt + rm -rf $(TARGET_INC) + rm -rf $(CRYPTO_DIR) + rm -rf $(TARGET_SRV_IMPL) + rm -rf $(TARGET_SPE) diff --git a/features/mbedtls/mbed-crypto/importer/TARGET_IGNORE/.gitignore b/features/mbedtls/mbed-crypto/importer/TARGET_IGNORE/.gitignore new file mode 100644 index 0000000000..05fd348e28 --- /dev/null +++ b/features/mbedtls/mbed-crypto/importer/TARGET_IGNORE/.gitignore @@ -0,0 +1 @@ +mbed-crypto