diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc
deleted file mode 100644
index 70f316b0c8..0000000000
--- a/3rdparty/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-THIRDPARTY_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
-include $(THIRDPARTY_DIR)/everest/Makefile.inc
-include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 28d4b832a9..e1bfbb5335 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -294,12 +294,10 @@ add_subdirectory(framework)
add_subdirectory(include)
-add_subdirectory(3rdparty)
+add_subdirectory(tf-psa-crypto)
add_subdirectory(library)
-add_subdirectory(tf-psa-crypto)
-
add_subdirectory(pkgconfig)
#
@@ -357,7 +355,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src)
# Request C11, needed for memory poisoning tests
set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
@@ -370,7 +370,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/everest/include)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
if(MBEDTLS_CONFIG_FILE)
diff --git a/Makefile b/Makefile
index 74e328af49..b63880487e 100644
--- a/Makefile
+++ b/Makefile
@@ -200,12 +200,18 @@ endif
## Editor navigation files
C_SOURCE_FILES = $(wildcard \
- 3rdparty/*/include/*/*.h 3rdparty/*/include/*/*/*.h 3rdparty/*/include/*/*/*/*.h \
- 3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \
include/*/*.h \
library/*.[hc] \
+ tf-psa-crypto/core/*.[hc] \
tf-psa-crypto/include/*/*.h \
- tf-psa-crypto/drivers/builtin/include/*/*.h \
+ tf-psa-crypto/drivers/*/include/*/*.h \
+ tf-psa-crypto/drivers/*/include/*/*/*.h \
+ tf-psa-crypto/drivers/*/include/*/*/*/*.h \
+ tf-psa-crypto/drivers/builtin/src/*.[hc] \
+ tf-psa-crypto/drivers/*/*.c \
+ tf-psa-crypto/drivers/*/*/*.c \
+ tf-psa-crypto/drivers/*/*/*/*.c \
+ tf-psa-crypto/drivers/*/*/*/*/*.c \
programs/*/*.[hc] \
tests/include/*/*.h tests/include/*/*/*.h \
tests/src/*.c tests/src/*/*.c \
@@ -222,7 +228,8 @@ GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
cscope: cscope.in.out cscope.po.out cscope.out
cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
- cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include \
- -Itf-psa-crypto/drivers/builtin/include \
- $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
+ cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \
+ -Itf-psa-crypto/include \
+ -Itf-psa-crypto/drivers/builtin/src \
+ $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Itests/include $(C_SOURCE_FILES)
.PHONY: cscope global
diff --git a/README.md b/README.md
index b70c67e030..966b276647 100644
--- a/README.md
+++ b/README.md
@@ -315,10 +315,10 @@ Unless specifically indicated otherwise in a file, Mbed TLS files are provided u
### Third-party code included in Mbed TLS
-This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below:
+This project contains code from other projects. This code is located within the `tf-psa-crypto/drivers/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below:
-* `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
-* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author.
+* `drivers/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
+* `drivers/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author.
Contributing
------------
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
index aa825adcdd..a5e9b16d99 100644
--- a/docs/psa-driver-example-and-guide.md
+++ b/docs/psa-driver-example-and-guide.md
@@ -138,7 +138,7 @@ This guide assumes you are building Mbed TLS from source alongside your project.
### Example: Manually integrating a software accelerator alongside Mbed TLS
-[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done.
+[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `drivers/p256-m`. In this section, we will look at how this integration was done.
The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_PSA_P256M_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:
diff --git a/framework b/framework
index 8853c84712..9eeacb7125 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 8853c8471200e62448413d1f40d6801a19796a83
+Subproject commit 9eeacb7125d6630a11e29d8a7aab5873b3638b6d
diff --git a/library/.gitignore b/library/.gitignore
index c6a39f5c0a..9794129d94 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -6,6 +6,4 @@ libmbed*
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
-/psa_crypto_driver_wrappers.h
-/psa_crypto_driver_wrappers_no_static.c
###END_GENERATED_FILES###
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index e2562df998..da109dc1bc 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -10,87 +10,90 @@ if(NOT DEFINED MBEDTLS_DIR)
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
+set(TF_PSA_CRYPTO_CORE_DIR ../tf-psa-crypto/core)
+set(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR ../tf-psa-crypto/drivers/builtin/src)
+
set(src_crypto
- aes.c
- aesni.c
- aesce.c
- aria.c
- asn1parse.c
- asn1write.c
- base64.c
- bignum.c
- bignum_core.c
- bignum_mod.c
- bignum_mod_raw.c
- block_cipher.c
- camellia.c
- ccm.c
- chacha20.c
- chachapoly.c
- cipher.c
- cipher_wrap.c
- constant_time.c
- cmac.c
- ctr_drbg.c
- des.c
- dhm.c
- ecdh.c
- ecdsa.c
- ecjpake.c
- ecp.c
- ecp_curves.c
- ecp_curves_new.c
- entropy.c
- entropy_poll.c
- error.c
- gcm.c
- hkdf.c
- hmac_drbg.c
- lmots.c
- lms.c
- md.c
- md5.c
- memory_buffer_alloc.c
- nist_kw.c
- oid.c
- pem.c
- pk.c
- pk_ecc.c
- pk_wrap.c
- pkcs12.c
- pkcs5.c
- pkparse.c
- pkwrite.c
- platform.c
- platform_util.c
- poly1305.c
- psa_crypto.c
- psa_crypto_aead.c
- psa_crypto_cipher.c
- psa_crypto_client.c
- psa_crypto_driver_wrappers_no_static.c
- psa_crypto_ecp.c
- psa_crypto_ffdh.c
- psa_crypto_hash.c
- psa_crypto_mac.c
- psa_crypto_pake.c
- psa_crypto_rsa.c
- psa_crypto_se.c
- psa_crypto_slot_management.c
- psa_crypto_storage.c
- psa_its_file.c
- psa_util.c
- ripemd160.c
- rsa.c
- rsa_alt_helpers.c
- sha1.c
- sha256.c
- sha512.c
- sha3.c
- threading.c
- timing.c
- version.c
- version_features.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aes.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aesni.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aesce.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/aria.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/asn1parse.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/asn1write.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/base64.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_core.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_mod.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/bignum_mod_raw.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/block_cipher.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/camellia.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ccm.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/chacha20.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/chachapoly.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cipher.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cipher_wrap.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/constant_time.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/cmac.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ctr_drbg.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/des.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/dhm.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecdh.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecdsa.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecjpake.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp_curves.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ecp_curves_new.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/entropy.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/entropy_poll.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/gcm.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/hkdf.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/hmac_drbg.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/lmots.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/lms.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/md.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/md5.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/memory_buffer_alloc.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/nist_kw.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/oid.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pem.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk_ecc.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pk_wrap.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkcs12.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkcs5.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkparse.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/pkwrite.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/platform.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/platform_util.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/poly1305.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_aead.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_cipher.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_client.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_ecp.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_ffdh.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_hash.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_mac.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_pake.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_rsa.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_se.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_slot_management.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_storage.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_its_file.c
+ ${TF_PSA_CRYPTO_CORE_DIR}/psa_util.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/ripemd160.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/rsa.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/rsa_alt_helpers.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha1.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha256.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha512.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/sha3.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/threading.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/timing.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version.c
+ ${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
)
set(src_x509
@@ -133,14 +136,14 @@ if(GEN_FILES)
file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/error.c
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
- ${CMAKE_CURRENT_BINARY_DIR}/error.c
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${crypto_error_headers}
@@ -150,13 +153,13 @@ if(GEN_FILES)
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
- ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
@@ -178,24 +181,23 @@ if(GEN_FILES)
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.h
- ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers.h
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
- ${CMAKE_CURRENT_BINARY_DIR}
+ ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_CORE_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
)
-
-
else()
- link_to_source(error.c)
- link_to_source(version_features.c)
+ link_to_source(${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c)
+ link_to_source(${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
- link_to_source(psa_crypto_driver_wrappers_no_static.c)
+ link_to_source(${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers.h)
+ link_to_source(${TF_PSA_CRYPTO_CORE_DIR}/psa_crypto_driver_wrappers_no_static.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
@@ -324,19 +326,19 @@ endif(USE_SHARED_MBEDTLS_LIBRARY)
foreach(target IN LISTS target_libraries)
add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support
- # Include public header files from /include and other directories
- # declared by /3rdparty/**/CMakeLists.txt. Include private header files
- # from /library and others declared by /3rdparty/**/CMakeLists.txt.
- # /library needs to be listed explicitly when building .c files outside
- # of /library (which currently means: under /3rdparty).
+ # Include public header files from /include, /tf-psa-crypto/include/ and
+ # tf-psa-crypto/drivers/builtin/include/. Include private header files
+ # from /library, tf-psa-crypto/core/ and tf-psa-crypto/drivers/builtin/src/.
target_include_directories(${target}
PUBLIC $
$
$
$
PRIVATE ${MBEDTLS_DIR}/library/
+ ${MBEDTLS_DIR}/tf-psa-crypto/core
+ ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src
# Needed to include psa_crypto_driver_wrappers.h
- ${CMAKE_CURRENT_BINARY_DIR})
+ ${CMAKE_CURRENT_BINARY_DIR}/../tf-psa-crypto/core)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
if(MBEDTLS_CONFIG_FILE)
target_compile_definitions(${target}
diff --git a/library/Makefile b/library/Makefile
index e4fb643ec2..f7c4898171 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -2,11 +2,15 @@ ifndef MBEDTLS_PATH
MBEDTLS_PATH := ..
endif
+TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core
+TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src
+
GENERATED_FILES := \
- error.c version_features.c \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c \
ssl_debug_helpers_generated.c \
- psa_crypto_driver_wrappers.h \
- psa_crypto_driver_wrappers_no_static.c
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES)))
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
@@ -29,11 +33,12 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
# Include ../include, ../tf-psa-crypto/include and
-# ../tf-psa-crypto/drivers/builtin/include for public headers and . for
-# private headers. Note that . needs to be included explicitly for the sake of
-# library files that are not in the /library directory (which currently means
-# under /3rdparty).
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include \
+# ../tf-psa-crypto/drivers/builtin/include for public headers and .,
+# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for
+# private headers.
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \
+ -I../tf-psa-crypto/drivers/builtin/src \
+ -I../include -I../tf-psa-crypto/include \
-I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
@@ -105,89 +110,91 @@ endif
endif
OBJS_CRYPTO= \
- aes.o \
- aesni.o \
- aesce.o \
- aria.o \
- asn1parse.o \
- asn1write.o \
- base64.o \
- bignum.o \
- bignum_core.o \
- bignum_mod.o \
- bignum_mod_raw.o \
- block_cipher.o \
- camellia.o \
- ccm.o \
- chacha20.o \
- chachapoly.o \
- cipher.o \
- cipher_wrap.o \
- cmac.o \
- constant_time.o \
- ctr_drbg.o \
- des.o \
- dhm.o \
- ecdh.o \
- ecdsa.o \
- ecjpake.o \
- ecp.o \
- ecp_curves.o \
- ecp_curves_new.o \
- entropy.o \
- entropy_poll.o \
- error.o \
- gcm.o \
- hkdf.o \
- hmac_drbg.o \
- lmots.o \
- lms.o \
- md.o \
- md5.o \
- memory_buffer_alloc.o \
- nist_kw.o \
- oid.o \
- pem.o \
- pk.o \
- pk_ecc.o \
- pk_wrap.o \
- pkcs12.o \
- pkcs5.o \
- pkparse.o \
- pkwrite.o \
- platform.o \
- platform_util.o \
- poly1305.o \
- psa_crypto.o \
- psa_crypto_aead.o \
- psa_crypto_cipher.o \
- psa_crypto_client.o \
- psa_crypto_driver_wrappers_no_static.o \
- psa_crypto_ecp.o \
- psa_crypto_ffdh.o \
- psa_crypto_hash.o \
- psa_crypto_mac.o \
- psa_crypto_pake.o \
- psa_crypto_rsa.o \
- psa_crypto_se.o \
- psa_crypto_slot_management.o \
- psa_crypto_storage.o \
- psa_its_file.o \
- psa_util.o \
- ripemd160.o \
- rsa.o \
- rsa_alt_helpers.o \
- sha1.o \
- sha256.o \
- sha512.o \
- sha3.o \
- threading.o \
- timing.o \
- version.o \
- version_features.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_aead.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_cipher.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_ecp.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_ffdh.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_hash.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_mac.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_pake.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_rsa.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_util.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aes.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesni.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesce.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aria.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1parse.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1write.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/base64.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_core.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod_raw.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/block_cipher.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/camellia.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ccm.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chacha20.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chachapoly.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher_wrap.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cmac.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/dhm.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves_new.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy_poll.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/gcm.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hkdf.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hmac_drbg.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lmots.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lms.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md5.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/memory_buffer_alloc.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/nist_kw.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/oid.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pem.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_ecc.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_wrap.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs12.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs5.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkparse.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkwrite.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform_util.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/poly1305.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ripemd160.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa_alt_helpers.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha1.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha256.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/timing.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version.o \
+ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.o \
# This line is intentionally left blank
-include ../3rdparty/Makefile.inc
+THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers
+include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc
+include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
@@ -349,10 +356,10 @@ else
gen_file_dep = |
endif
-error.c: $(gen_file_dep) ../scripts/generate_errors.pl
-error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
-error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
-error.c:
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c: $(gen_file_dep) ../scripts/generate_errors.pl
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/error.c:
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
@@ -362,33 +369,34 @@ ssl_debug_helpers_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
-version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
-version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
#version_features.c: ../include/mbedtls/mbedtls_config.h
-version_features.c:
+$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
GENERATED_WRAPPER_FILES = \
- psa_crypto_driver_wrappers.h \
- psa_crypto_driver_wrappers_no_static.c
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
+ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c
$(GENERATED_WRAPPER_FILES): ../scripts/generate_driver_wrappers.py
$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
$(GENERATED_WRAPPER_FILES):
echo " Gen $(GENERATED_WRAPPER_FILES)"
- $(PYTHON) ../scripts/generate_driver_wrappers.py
+ $(PYTHON) ../scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH)
-psa_crypto.o:psa_crypto_driver_wrappers.h
+$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
clean:
ifndef WINDOWS
rm -f *.o libmbed*
+ rm -f $(OBJS_CRYPTO)
rm -f $(THIRDPARTY_CRYPTO_OBJECTS)
else
if exist *.o del /Q /F *.o
diff --git a/programs/Makefile b/programs/Makefile
index 9b48cc0f05..1f2d7198c8 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -356,7 +356,7 @@ endif
test/metatest$(EXEXT): test/metatest.c $(DEP)
echo " CC test/metatest.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/query_config.o: test/query_config.c test/query_config.h $(DEP)
echo " CC test/query_config.c"
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 20cdf41890..0c9b11a4b0 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -78,8 +78,11 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto)
endif()
add_executable(${exe} ${exe}.c $
${extra_sources})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library)
+ target_include_directories(${exe}
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe}
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core)
if(exe STREQUAL "query_compile_time_config")
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
endif()
diff --git a/scripts/code_style.py b/scripts/code_style.py
index d3f89d9130..26de730709 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -66,7 +66,7 @@ def get_src_files(since: Optional[str]) -> List[str]:
that have changed since that commit. Without this argument, list all
files known to git.
- Only C files are included, and certain files (generated, or 3rdparty)
+ Only C files are included, and certain files (generated, or third party)
are excluded.
"""
file_patterns = ["*.[hc]",
@@ -130,7 +130,8 @@ def get_src_files(since: Optional[str]) -> List[str]:
# companion files in the same subtree), or for automatically
# generated files (we're correcting the templates instead).
src_files = [filename for filename in src_files
- if not (filename.startswith("3rdparty/") or
+ if not (filename.startswith("tf-psa-crypto/drivers/everest/") or
+ filename.startswith("tf-psa-crypto/drivers/p256-m/") or
filename in generated_files or
is_file_autogenerated(filename))]
return src_files
diff --git a/scripts/common.make b/scripts/common.make
index 077ac6f310..d102a97a56 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -44,7 +44,9 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-lmbedcrypto$(SHARED_SUFFIX)
endif
-include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
+THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers
+include $(THIRDPARTY_DIR)/everest/Makefile.inc
+include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
ifdef PSASIM
diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json
index 7d2aabfb3a..4794074756 100644
--- a/scripts/data_files/driver_jsons/p256_transparent_driver.json
+++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json
@@ -2,7 +2,7 @@
"prefix": "p256",
"type": "transparent",
"mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
- "headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"],
+ "headers": ["../tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.h"],
"capabilities": [
{
"mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
index 0f0c8c7be1..9579764045 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/scripts/generate_driver_wrappers.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
-"""Generate library/psa_crypto_driver_wrappers.h
- library/psa_crypto_driver_wrappers_no_static.c
+"""Generate psa_crypto_driver_wrappers.h
+ psa_crypto_driver_wrappers_no_static.c
This module is invoked by the build scripts to auto generate the
psa_crypto_driver_wrappers.h and psa_crypto_driver_wrappers_no_static
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index fb95c0d2ca..df546d7d6e 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -24,7 +24,7 @@ if( @ARGV ) {
$crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
$tls_include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
- $error_file = 'library/error.c';
+ $error_file = 'tf-psa-crypto/drivers/builtin/src/error.c';
unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) {
chdir '..' or die;
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index cea8c115a7..6972682cd2 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -16,7 +16,7 @@ if( @ARGV ) {
} else {
$include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
- $feature_file = 'library/version_features.c';
+ $feature_file = 'tf-psa-crypto/drivers/builtin/src/version_features.c';
unless( -d $include_dir && -d $data_dir ) {
chdir '..' or die;
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index e9267eb450..d48b2b26cf 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -25,19 +25,21 @@ my $programs_dir = 'programs';
my $mbedtls_header_dir = 'include/mbedtls';
my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
my $psa_header_dir = 'tf-psa-crypto/include/psa';
-my $source_dir = 'library';
+my $tls_source_dir = 'library';
+my $crypto_core_source_dir = 'tf-psa-crypto/core';
+my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src';
my $test_source_dir = 'tests/src';
my $test_header_dir = 'tests/include/test';
my $test_drivers_header_dir = 'tests/include/test/drivers';
my $test_drivers_source_dir = 'tests/src/drivers';
my @thirdparty_header_dirs = qw(
- 3rdparty/everest/include/everest
+ tf-psa-crypto/drivers/everest/include/everest
);
my @thirdparty_source_dirs = qw(
- 3rdparty/everest/library
- 3rdparty/everest/library/kremlib
- 3rdparty/everest/library/legacy
+ tf-psa-crypto/drivers/everest/library
+ tf-psa-crypto/drivers/everest/library/kremlib
+ tf-psa-crypto/drivers/everest/library/legacy
);
# Directories to add to the include path.
@@ -47,25 +49,27 @@ my @include_directories = qw(
include
tf-psa-crypto/include
tf-psa-crypto/drivers/builtin/include
- 3rdparty/everest/include/
- 3rdparty/everest/include/everest
- 3rdparty/everest/include/everest/vs2013
- 3rdparty/everest/include/everest/kremlib
+ tf-psa-crypto/drivers/everest/include/
+ tf-psa-crypto/drivers/everest/include/everest
+ tf-psa-crypto/drivers/everest/include/everest/vs2013
+ tf-psa-crypto/drivers/everest/include/everest/kremlib
tests/include
);
my $include_directories = join(';', map {"../../$_"} @include_directories);
-# Directories to add to the include path when building the library, but not
+# Directories to add to the include path when building the libraries, but not
# when building tests or applications.
my @library_include_directories = qw(
library
+ tf-psa-crypto/core
+ tf-psa-crypto/drivers/builtin/src
);
my $library_include_directories =
join(';', map {"../../$_"} (@library_include_directories,
@include_directories));
my @excluded_files = qw(
- 3rdparty/everest/library/Hacl_Curve25519.c
+ tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c
);
my %excluded_files = ();
foreach (@excluded_files) { $excluded_files{$_} = 1 }
@@ -106,7 +110,9 @@ sub check_dirs {
&& -d $mbedtls_header_dir
&& -d $drivers_builtin_header_dir
&& -d $psa_header_dir
- && -d $source_dir
+ && -d $tls_source_dir
+ && -d $crypto_core_source_dir
+ && -d $crypto_source_dir
&& -d $test_source_dir
&& -d $test_drivers_source_dir
&& -d $test_header_dir
@@ -265,12 +271,16 @@ sub main {
$psa_header_dir,
$test_header_dir,
$test_drivers_header_dir,
- $source_dir,
+ $tls_source_dir,
+ $crypto_core_source_dir,
+ $crypto_source_dir,
@thirdparty_header_dirs,
);
my @headers = (map { <$_/*.h> } @header_dirs);
my @source_dirs = (
- $source_dir,
+ $tls_source_dir,
+ $crypto_core_source_dir,
+ $crypto_source_dir,
$test_source_dir,
$test_drivers_source_dir,
@thirdparty_source_dirs,
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 760a4e6bc5..fd15a5f25f 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -291,7 +291,9 @@ function(add_test_suite suite_name)
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library)
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src)
# Request C11, which is needed for memory poisoning tests
set_target_properties(test_suite_${data_name} PROPERTIES C_STANDARD 11)
diff --git a/tests/Makefile b/tests/Makefile
index 21ddf13745..95cd4613e4 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -4,8 +4,8 @@ include ../scripts/common.make
# Set this to -v to see the details of failing test cases
TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,)
-# Also include library headers, for the sake of invasive tests.
-LOCAL_CFLAGS += -I../library
+# Also include private headers, for the sake of invasive tests.
+LOCAL_CFLAGS += -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/src
# Enable definition of various functions used throughout the testsuite
@@ -268,17 +268,22 @@ define libtestdriver1_rewrite :=
s/\b(?=mbedtls_|psa_)/libtestdriver1_/g;
endef
-libtestdriver1.a: export MBEDTLS_PATH := $(patsubst ../..//%,/%,../../$(MBEDTLS_PATH))
libtestdriver1.a:
- # Copy the library and fake a 3rdparty Makefile include.
rm -Rf ./libtestdriver1
mkdir ./libtestdriver1
+ mkdir ./libtestdriver1/tf-psa-crypto
+ mkdir ./libtestdriver1/tf-psa-crypto/drivers
+ mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest
+ mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m
+ touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc
+ touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc
+ cp -Rf ../framework ./libtestdriver1
cp -Rf ../library ./libtestdriver1
cp -Rf ../include ./libtestdriver1
- cp -Rf ../tf-psa-crypto ./libtestdriver1
+ cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto
+ cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto
+ cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers
cp -Rf ../scripts ./libtestdriver1
- mkdir ./libtestdriver1/3rdparty
- touch ./libtestdriver1/3rdparty/Makefile.inc
# Set the test driver base (minimal) configuration.
cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
@@ -298,8 +303,10 @@ libtestdriver1.a:
# when this test driver library is linked with the Mbed TLS library.
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h
+ perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/core/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h
+ perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch]
$(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6b439aa8b8..b2f6bf2a4a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -133,10 +133,18 @@ pre_check_environment () {
pre_initialize_variables () {
if in_mbedtls_repo; then
CONFIG_H='include/mbedtls/mbedtls_config.h'
- CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
+ if [ -d tf-psa-crypto ]; then
+ CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
+ PSA_CORE_PATH='tf-psa-crypto/core'
+ BUILTIN_SRC_PATH='tf-psa-crypto/drivers/builtin/src'
+ else
+ CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ fi
else
CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ PSA_CORE_PATH='core'
+ BUILTIN_SRC_PATH='drivers/builtin/src'
fi
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
@@ -331,9 +339,14 @@ cleanup()
-iname CMakeCache.txt -o \
-path './cmake/*.cmake' \) -exec rm -f {} \+
# Remove Makefiles generated by in-tree CMake builds
- rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile
+ rm -f pkgconfig/Makefile framework/Makefile
rm -f include/Makefile programs/!(fuzz)/Makefile
rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile
+ rm -f tf-psa-crypto/core/Makefile tf-psa-crypto/drivers/Makefile
+ rm -f tf-psa-crypto/drivers/everest/Makefile
+ rm -f tf-psa-crypto/drivers/p256-m/Makefile
+ rm -f tf-psa-crypto/drivers/builtin/Makefile
+ rm -f tf-psa-crypto/drivers/builtin/src/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
@@ -444,6 +457,12 @@ armc6_build_test()
msg "size: ARM Compiler 6 ($FLAGS)"
"$ARMC6_FROMELF" -z library/*.o
+ if [ -n ${PSA_CORE_PATH} ]; then
+ "$ARMC6_FROMELF" -z ${PSA_CORE_PATH}/*.o
+ fi
+ if [ -n ${BUILTIN_SRC_PATH} ]; then
+ "$ARMC6_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
+ fi
}
err_msg()
@@ -1108,6 +1127,8 @@ helper_psasim_server() {
component_check_recursion () {
msg "Check: recursion.pl" # < 1s
tests/scripts/recursion.pl library/*.c
+ tests/scripts/recursion.pl ${PSA_CORE_PATH}/*.c
+ tests/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c
}
component_check_generated_files () {
@@ -1670,8 +1691,8 @@ component_full_no_pkparse_pkwrite() {
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
# Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
- not grep mbedtls_pk_parse_key library/pkparse.o
- not grep mbedtls_pk_write_key_der library/pkwrite.o
+ not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o
+ not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o
msg "test: full without pkparse and pkwrite"
make test
@@ -1698,8 +1719,8 @@ component_test_crypto_full_md_light_only () {
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
# Make sure we don't have the HMAC functions, but the hashing functions
- not grep mbedtls_md_hmac library/md.o
- grep mbedtls_md library/md.o
+ not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
+ grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o
msg "test: crypto_full with only the light subset of MD"
make test
@@ -1734,7 +1755,7 @@ component_test_full_no_cipher () {
make
# Ensure that CIPHER_C was not re-enabled
- not grep mbedtls_cipher_init library/cipher.o
+ not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o
msg "test: full no CIPHER"
make test
@@ -1787,7 +1808,7 @@ component_test_full_no_ccm_star_no_tag() {
make
# Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled
- not grep mbedtls_psa_cipher library/psa_crypto_cipher.o
+ not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o
msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
make test
@@ -2524,7 +2545,7 @@ component_test_psa_crypto_config_accel_ecdsa () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
# Run the tests
# -------------
@@ -2565,7 +2586,7 @@ component_test_psa_crypto_config_accel_ecdh () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
# Run the tests
# -------------
@@ -2603,7 +2624,7 @@ component_test_psa_crypto_config_accel_ffdh () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_dhm_ library/dhm.o
+ not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
# Run the tests
# -------------
@@ -2657,7 +2678,7 @@ component_test_psa_crypto_config_accel_pake() {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_ecjpake_init library/ecjpake.o
+ not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o
# Run the tests
# -------------
@@ -2714,10 +2735,10 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
helper_libtestdriver1_make_main "$loc_accel_list"
# ECP should be re-enabled but not the others
- not grep mbedtls_ecdh_ library/ecdh.o
- not grep mbedtls_ecdsa library/ecdsa.o
- not grep mbedtls_ecjpake library/ecjpake.o
- grep mbedtls_ecp library/ecp.o
+ not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
+ not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
+ not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
+ grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o
# Run the tests
# -------------
@@ -2808,27 +2829,27 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
helper_libtestdriver1_make_main "$loc_accel_list"
# We expect ECDH to be re-enabled for the missing curves
- grep mbedtls_ecdh_ library/ecdh.o
+ grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
# We expect ECP to be re-enabled, however the parts specific to the
# families of curves that are accelerated should be ommited.
# - functions with mxz in the name are specific to Montgomery curves
# - ecp_muladd is specific to Weierstrass curves
- ##nm library/ecp.o | tee ecp.syms
+ ##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms
if [ $weierstrass -eq 1 ]; then
- not grep mbedtls_ecp_muladd library/ecp.o
- grep mxz library/ecp.o
+ not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
+ grep mxz ${BUILTIN_SRC_PATH}/ecp.o
else
- grep mbedtls_ecp_muladd library/ecp.o
- not grep mxz library/ecp.o
+ grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o
+ not grep mxz ${BUILTIN_SRC_PATH}/ecp.o
fi
# We expect ECDSA and ECJPAKE to be re-enabled only when
# Weierstrass curves are not accelerated
if [ $weierstrass -eq 1 ]; then
- not grep mbedtls_ecdsa library/ecdsa.o
- not grep mbedtls_ecjpake library/ecjpake.o
+ not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
+ not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
else
- grep mbedtls_ecdsa library/ecdsa.o
- grep mbedtls_ecjpake library/ecjpake.o
+ grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o
+ grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o
fi
# Run the tests
@@ -2907,10 +2928,10 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
- not grep mbedtls_ecdsa_ library/ecdsa.o
- not grep mbedtls_ecdh_ library/ecdh.o
- not grep mbedtls_ecjpake_ library/ecjpake.o
- not grep mbedtls_ecp_mul library/ecp.o
+ not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
+ not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
+ not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
+ not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o
# Run the tests
# -------------
@@ -3011,11 +3032,11 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
- not grep mbedtls_ecdsa_ library/ecdsa.o
- not grep mbedtls_ecdh_ library/ecdh.o
- not grep mbedtls_ecjpake_ library/ecjpake.o
+ not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
+ not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
+ not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
# Also ensure that ECP module was not re-enabled
- not grep mbedtls_ecp_ library/ecp.o
+ not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
# Run the tests
# -------------
@@ -3186,14 +3207,14 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
- not grep mbedtls_ecdsa_ library/ecdsa.o
- not grep mbedtls_ecdh_ library/ecdh.o
- not grep mbedtls_ecjpake_ library/ecjpake.o
+ not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
+ not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
+ not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
# Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
- not grep mbedtls_ecp_ library/ecp.o
- not grep mbedtls_rsa_ library/rsa.o
- not grep mbedtls_mpi_ library/bignum.o
- not grep mbedtls_dhm_ library/dhm.o
+ not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
+ not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
+ not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
+ not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
# Run the tests
# -------------
@@ -3289,20 +3310,20 @@ component_test_tfm_config_p256m_driver_accel_ec () {
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
- not grep mbedtls_ecdsa_ library/ecdsa.o
- not grep mbedtls_ecdh_ library/ecdh.o
- not grep mbedtls_ecjpake_ library/ecjpake.o
+ not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
+ not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o
+ not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o
# Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
- not grep mbedtls_ecp_ library/ecp.o
- not grep mbedtls_rsa_ library/rsa.o
- not grep mbedtls_dhm_ library/dhm.o
- not grep mbedtls_mpi_ library/bignum.o
+ not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o
+ not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o
+ not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o
+ not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o
# Check that p256m was built
grep -q p256_ecdsa_ library/libmbedcrypto.a
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
# files, so we want to ensure that it has not be re-enabled accidentally.
- not grep mbedtls_cipher library/cipher.o
+ not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
# Run the tests
msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
@@ -3327,7 +3348,7 @@ component_test_tfm_config() {
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
# files, so we want to ensure that it has not be re-enabled accidentally.
- not grep mbedtls_cipher library/cipher.o
+ not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
msg "test: TF-M config"
make test
@@ -3449,7 +3470,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_rsa library/rsa.o
+ not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o
# Run the tests
# -------------
@@ -3559,11 +3580,11 @@ component_test_psa_crypto_config_accel_hash () {
# There's a risk of something getting re-enabled via config_psa.h;
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
- not grep mbedtls_md5 library/md5.o
- not grep mbedtls_sha1 library/sha1.o
- not grep mbedtls_sha256 library/sha256.o
- not grep mbedtls_sha512 library/sha512.o
- not grep mbedtls_ripemd160 library/ripemd160.o
+ not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
+ not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
+ not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
+ not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
+ not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
# Run the tests
# -------------
@@ -3616,11 +3637,11 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
# There's a risk of something getting re-enabled via config_psa.h;
# make sure it did not happen. Note: it's OK for MD_C to be enabled.
- not grep mbedtls_md5 library/md5.o
- not grep mbedtls_sha1 library/sha1.o
- not grep mbedtls_sha256 library/sha256.o
- not grep mbedtls_sha512 library/sha512.o
- not grep mbedtls_ripemd160 library/ripemd160.o
+ not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o
+ not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o
+ not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o
+ not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o
+ not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o
# Run the tests
# -------------
@@ -3707,7 +3728,7 @@ component_test_psa_crypto_config_accel_hmac() {
helper_libtestdriver1_make_main "$loc_accel_list"
# Ensure that built-in support for HMAC is disabled.
- not grep mbedtls_md_hmac library/md.o
+ not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
# Run the tests
# -------------
@@ -3765,7 +3786,7 @@ component_test_psa_crypto_config_accel_des () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_des* library/des.o
+ not grep mbedtls_des* ${BUILTIN_SRC_PATH}/des.o
# Run the tests
# -------------
@@ -3802,9 +3823,9 @@ component_test_psa_crypto_config_accel_aead () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_ccm library/ccm.o
- not grep mbedtls_gcm library/gcm.o
- not grep mbedtls_chachapoly library/chachapoly.o
+ not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
+ not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
+ not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
# Run the tests
# -------------
@@ -3870,15 +3891,15 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () {
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_cipher library/cipher.o
- not grep mbedtls_des library/des.o
- not grep mbedtls_aes library/aes.o
- not grep mbedtls_aria library/aria.o
- not grep mbedtls_camellia library/camellia.o
- not grep mbedtls_ccm library/ccm.o
- not grep mbedtls_gcm library/gcm.o
- not grep mbedtls_chachapoly library/chachapoly.o
- not grep mbedtls_cmac library/cmac.o
+ not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
+ not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
+ not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
+ not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
+ not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
+ not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o
+ not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
+ not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
+ not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o
# Run the tests
# -------------
@@ -3967,9 +3988,9 @@ component_test_full_block_cipher_psa_dispatch () {
# Make sure disabled components were not re-enabled by accident (additive
# config)
- not grep mbedtls_aes_ library/aes.o
- not grep mbedtls_aria_ library/aria.o
- not grep mbedtls_camellia_ library/camellia.o
+ not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o
+ not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o
+ not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o
# Run the tests
# -------------
@@ -4074,9 +4095,8 @@ build_test_config_combos() {
./scripts/config.py unset ${opt}
done
- # enter the directory containing the target file & strip the dir from the filename
- cd $(dirname ${file})
- file=$(basename ${file})
+ # enter the library directory
+ cd library
# The most common issue is unused variables/functions, so ensure -Wunused is set.
warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
@@ -4091,7 +4111,7 @@ build_test_config_combos() {
deps=""
len=${#options[@]}
- source_file=${file%.o}.c
+ source_file=../${file%.o}.c
targets=0
echo 'include Makefile' >${makefile}
@@ -4148,7 +4168,7 @@ component_build_aes_variations() {
MBEDTLS_ROOT_DIR="$PWD"
msg "build: aes.o for all combinations of relevant config options"
- build_test_config_combos library/aes.o validate_aes_config_variations \
+ build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
@@ -4165,7 +4185,7 @@ component_build_aes_variations() {
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
scripts/config.py unset MBEDTLS_NIST_KW_C
- build_test_config_combos library/aes.o validate_aes_config_variations \
+ build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
@@ -4597,49 +4617,49 @@ component_build_aes_armce () {
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
# test for presence of AES instructions
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "clang, test A32 crypto instructions built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test T32 crypto instructions built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test aarch64 crypto instructions built"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
# test for absence of AES instructions
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py unset MBEDTLS_AESCE_C
msg "clang, test A32 crypto instructions not built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test T32 crypto instructions not built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
msg "clang, test aarch64 crypto instructions not built"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+ make -B library/../${BUILTIN_SRC_PATH}/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ not grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.o
}
support_build_sha_armce() {
@@ -4654,30 +4674,30 @@ component_build_sha_armce () {
# Test variations of SHA256 Armv8 crypto extensions
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
# test the deprecated form of the config option
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
# test the deprecated form of the config option
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
@@ -4685,32 +4705,32 @@ component_build_sha_armce () {
for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
scripts/config.py set ${opt}
msg "${opt} clang, test A32 crypto instructions built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "${opt} clang, test T32 crypto instructions built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "${opt} clang, test aarch64 crypto instructions built"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
scripts/config.py unset ${opt}
done
# examine the disassembly for absence of SHA instructions
msg "clang, test A32 crypto instructions not built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "clang, test T32 crypto instructions not built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
msg "clang, test aarch64 crypto instructions not built"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+ make -B library/../${BUILTIN_SRC_PATH}/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.o
}
support_build_aes_aesce_armcc () {
@@ -4832,13 +4852,13 @@ helper_block_cipher_no_decrypt_build_test () {
make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
- not grep mbedtls_aes_setkey_dec library/aes.o
- not grep mbedtls_aria_setkey_dec library/aria.o
- not grep mbedtls_camellia_setkey_dec library/camellia.o
+ not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
+ not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
+ not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
# Make sure we don't have mbedtls_internal_aes_decrypt in AES
- not grep mbedtls_internal_aes_decrypt library/aes.o
+ not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
# Make sure we don't have mbedtls_aesni_inverse_key in AESNI
- not grep mbedtls_aesni_inverse_key library/aesni.o
+ not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o
msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
make test
@@ -4939,14 +4959,14 @@ component_test_block_cipher_no_decrypt_aesce_armcc () {
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
- not grep mbedtls_aes_setkey_dec library/aes.o
- not grep mbedtls_aria_setkey_dec library/aria.o
- not grep mbedtls_camellia_setkey_dec library/camellia.o
+ not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
+ not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o
+ not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o
# Make sure we don't have mbedtls_internal_aes_decrypt in AES
- not grep mbedtls_internal_aes_decrypt library/aes.o
+ not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o
# Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
- not grep mbedtls_aesce_inverse_key library/aesce.o
- not grep aesce_decrypt_block library/aesce.o
+ not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o
+ not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o
}
component_test_ctr_drbg_aes_256_sha_256 () {
@@ -5319,6 +5339,8 @@ component_build_arm_none_eabi_gcc () {
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_linux_gnueabi_gcc_arm5vte () {
@@ -5333,6 +5355,8 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () {
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
+ ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
+ ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
@@ -5348,6 +5372,8 @@ component_build_arm_none_eabi_gcc_arm5vte () {
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_none_eabi_gcc_m0plus () {
@@ -5357,6 +5383,8 @@ component_build_arm_none_eabi_gcc_m0plus () {
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o
for lib in library/*.a; do
echo "$lib:"
${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS
@@ -5370,6 +5398,8 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
not grep __aeabi_uldiv library/*.o
+ not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o
+ not grep __aeabi_uldiv ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
@@ -5379,6 +5409,8 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
not grep __aeabi_lmul library/*.o
+ not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o
+ not grep __aeabi_lmul ${BUILTIN_SRC_PATH}/*.o
}
component_build_arm_clang_thumb () {
@@ -5423,6 +5455,8 @@ component_build_armcc () {
msg "size: ARM Compiler 5"
"$ARMC5_FROMELF" -z library/*.o
+ "$ARMC5_FROMELF" -z ${PSA_CORE_PATH}/*.o
+ "$ARMC5_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 09c850af7a..56d4884c50 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -31,9 +31,16 @@ in_tf_psa_crypto_repo () {
}
if in_mbedtls_repo; then
- library_dir='library'
+ if [ -d tf-psa-crypto ]; then
+ crypto_core_dir='tf-psa-crypto/core'
+ builtin_drivers_dir='tf-psa-crypto/drivers/builtin/src'
+ else
+ crypto_core_dir='library'
+ builtin_drivers_dir='library'
+ fi
elif in_tf_psa_crypto_repo; then
- library_dir='core'
+ crypto_core_dir='core'
+ builtin_drivers_dir='drivers/builtin/src/'
else
echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2
exit 1
@@ -133,13 +140,14 @@ check framework/scripts/generate_config_tests.py $(framework/scripts/generate_co
check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
check framework/scripts/generate_test_keys.py tests/src/test_keys.h
-check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
+check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
+ ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
# Additional checks for Mbed TLS only
if in_mbedtls_repo; then
- check scripts/generate_errors.pl library/error.c
+ check scripts/generate_errors.pl ${builtin_drivers_dir}/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
- check scripts/generate_features.pl library/version_features.c
+ check scripts/generate_features.pl ${builtin_drivers_dir}/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index 2a5d64b79f..e9372028a0 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -368,9 +368,8 @@ class LicenseIssueTracker(LineIssueTracker):
heading = "License issue:"
LICENSE_EXEMPTION_RE_LIST = [
- # Third-party code, other than whitelisted third-party modules,
- # may be under a different license.
- r'3rdparty/(?!(p256-m)/.*)',
+ # Exempt third-party drivers which may be under a different license
+ r'tf-psa-crypto/drivers/(?=(everest)/.*)',
# Documentation explaining the license may have accidental
# false positives.
r'(ChangeLog|LICENSE|framework\/LICENSE|[-0-9A-Z_a-z]+\.md)\Z',
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 142233c6b3..4f503e4e7a 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -240,15 +240,19 @@ class CodeParser():
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
- "3rdparty/everest/include/everest/everest.h",
- "3rdparty/everest/include/everest/x25519.h"
+ "tf-psa-crypto/drivers/everest/include/everest/everest.h",
+ "tf-psa-crypto/drivers/everest/include/everest/x25519.h"
])
all_macros["internal"] = self.parse_macros([
"library/*.h",
+ "tf-psa-crypto/core/*.h",
+ "tf-psa-crypto/drivers/builtin/src/*.h",
"tests/include/test/drivers/*.h",
])
all_macros["private"] = self.parse_macros([
"library/*.c",
+ "tf-psa-crypto/core/*.c",
+ "tf-psa-crypto/drivers/builtin/src/*.c",
])
enum_consts = self.parse_enum_consts([
"include/mbedtls/*.h",
@@ -256,9 +260,13 @@ class CodeParser():
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
+ "tf-psa-crypto/core/*.h",
+ "tf-psa-crypto/drivers/builtin/src/*.h",
"library/*.c",
- "3rdparty/everest/include/everest/everest.h",
- "3rdparty/everest/include/everest/x25519.h"
+ "tf-psa-crypto/core/*.c",
+ "tf-psa-crypto/drivers/builtin/src/*.c",
+ "tf-psa-crypto/drivers/everest/include/everest/everest.h",
+ "tf-psa-crypto/drivers/everest/include/everest/x25519.h"
])
identifiers, excluded_identifiers = self.parse_identifiers([
"include/mbedtls/*.h",
@@ -266,21 +274,27 @@ class CodeParser():
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
- "3rdparty/everest/include/everest/everest.h",
- "3rdparty/everest/include/everest/x25519.h"
- ], ["3rdparty/p256-m/p256-m/p256-m.h"])
+ "tf-psa-crypto/core/*.h",
+ "tf-psa-crypto/drivers/builtin/src/*.h",
+ "tf-psa-crypto/drivers/everest/include/everest/everest.h",
+ "tf-psa-crypto/drivers/everest/include/everest/x25519.h"
+ ], ["tf-psa-crypto/drivers/p256-m/p256-m/p256-m.h"])
mbed_psa_words = self.parse_mbed_psa_words([
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
- "3rdparty/everest/include/everest/everest.h",
- "3rdparty/everest/include/everest/x25519.h",
+ "tf-psa-crypto/core/*.h",
+ "tf-psa-crypto/drivers/builtin/src/*.h",
+ "tf-psa-crypto/drivers/everest/include/everest/everest.h",
+ "tf-psa-crypto/drivers/everest/include/everest/x25519.h",
"library/*.c",
- "3rdparty/everest/library/everest.c",
- "3rdparty/everest/library/x25519.c"
- ], ["library/psa_crypto_driver_wrappers.h"])
+ "tf-psa-crypto/core/*.c",
+ "tf-psa-crypto/drivers/builtin/src/*.c",
+ "tf-psa-crypto/drivers/everest/library/everest.c",
+ "tf-psa-crypto/drivers/everest/library/x25519.c"
+ ], ["tf-psa-crypto/core/psa_crypto_driver_wrappers.h"])
symbols = self.parse_symbols()
# Remove identifier macros like mbedtls_printf or mbedtls_calloc
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index b648ce24f2..052feca568 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -33,7 +33,9 @@ def main():
name_check = CodeParser(logging.getLogger())
result = name_check.parse_identifiers([
"include/mbedtls/*_internal.h",
- "library/*.h"
+ "library/*.h",
+ "tf-psa-crypto/core/*.h",
+ "tf-psa-crypto/drivers/builtin/src/*.h"
])[0]
result.sort(key=lambda x: x.name)
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index d4e4979890..7c09afc19c 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -39,7 +39,14 @@ def main(library_build_dir: str):
in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir)
crypto_name = build_tree.crypto_library_filename(root_dir)
- library_subdir = build_tree.crypto_core_directory(root_dir, relative=True)
+
+ # Temporary, while the crypto library is still located in the library
+ # directory. This will not be the case anymore when it will be built by
+ # the TF-PSA-Crypto build system.
+ if in_tf_psa_crypto_repo:
+ library_subdir = build_tree.crypto_core_directory(root_dir, relative=True)
+ else:
+ library_subdir = 'library'
crypto_lib_filename = (library_build_dir + '/' +
library_subdir + '/' +
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index 76ec12a22f..2416ba8123 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -13,7 +13,7 @@
#include "test/drivers/hash.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_hash.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h"
#endif
mbedtls_test_driver_hash_hooks_t
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 314ce83a25..080b4dba81 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -16,7 +16,7 @@
#include "mbedtls/constant_time.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_aead.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_aead.h"
#endif
mbedtls_test_driver_aead_hooks_t
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
index 4fc8c9d34b..55e09b2f34 100644
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -16,7 +16,7 @@
#include "test/drivers/key_management.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_rsa.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
#endif
#define PSA_RSA_KEY_PAIR_MAX_SIZE \
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index 2bc751a8a2..ace0ed313d 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -19,7 +19,7 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_cipher.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_cipher.h"
#endif
#include
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index 594fcd51d4..8a8e3a8074 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -21,8 +21,8 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_ffdh.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h"
#endif
mbedtls_test_driver_key_agreement_hooks_t
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 2a878994c2..c0869f1291 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -23,9 +23,9 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#include "libtestdriver1/library/psa_crypto_ffdh.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h"
#endif
#include
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index 9f8120bd4a..de43e49074 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -13,7 +13,7 @@
#include "test/drivers/mac.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_mac.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_mac.h"
#endif
mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index 52395e4d0e..963110109a 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -14,7 +14,7 @@
#include "string.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_pake.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_pake.h"
#endif
mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 4fca5d178d..02c6298a29 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -26,9 +26,9 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_hash.h"
-#include "libtestdriver1/library/psa_crypto_rsa.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h"
+#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h"
#endif
#include
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index 1425abb4c6..1dc9f9f0db 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -36,3 +36,5 @@ if(LIB_INSTALL_DIR)
endif()
add_subdirectory(include)
+add_subdirectory(core)
+add_subdirectory(drivers)
diff --git a/tf-psa-crypto/core/.gitignore b/tf-psa-crypto/core/.gitignore
new file mode 100644
index 0000000000..70d9d04ec5
--- /dev/null
+++ b/tf-psa-crypto/core/.gitignore
@@ -0,0 +1,4 @@
+###START_GENERATED_FILES###
+/psa_crypto_driver_wrappers.h
+/psa_crypto_driver_wrappers_no_static.c
+###END_GENERATED_FILES###
diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/library/alignment.h b/tf-psa-crypto/core/alignment.h
similarity index 100%
rename from library/alignment.h
rename to tf-psa-crypto/core/alignment.h
diff --git a/tf-psa-crypto/core/common.h b/tf-psa-crypto/core/common.h
new file mode 100644
index 0000000000..3936ffdfe1
--- /dev/null
+++ b/tf-psa-crypto/core/common.h
@@ -0,0 +1,435 @@
+/**
+ * \file common.h
+ *
+ * \brief Utility macros for internal use in the library
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_LIBRARY_COMMON_H
+#define MBEDTLS_LIBRARY_COMMON_H
+
+#include "mbedtls/build_info.h"
+#include "alignment.h"
+
+#include
+#include
+#include
+#include
+
+#if defined(__ARM_NEON)
+#include
+#define MBEDTLS_HAVE_NEON_INTRINSICS
+#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
+#include
+#define MBEDTLS_HAVE_NEON_INTRINSICS
+#endif
+
+/** Helper to define a function as static except when building invasive tests.
+ *
+ * If a function is only used inside its own source file and should be
+ * declared `static` to allow the compiler to optimize for code size,
+ * but that function has unit tests, define it with
+ * ```
+ * MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... }
+ * ```
+ * and declare it in a header in the `library/` directory with
+ * ```
+ * #if defined(MBEDTLS_TEST_HOOKS)
+ * int mbedtls_foo(...);
+ * #endif
+ * ```
+ */
+#if defined(MBEDTLS_TEST_HOOKS)
+#define MBEDTLS_STATIC_TESTABLE
+#else
+#define MBEDTLS_STATIC_TESTABLE static
+#endif
+
+#if defined(MBEDTLS_TEST_HOOKS)
+extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const char *file);
+#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) \
+ do { \
+ if ((!(TEST)) && ((*mbedtls_test_hook_test_fail) != NULL)) \
+ { \
+ (*mbedtls_test_hook_test_fail)( #TEST, __LINE__, __FILE__); \
+ } \
+ } while (0)
+#else
+#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
+#endif /* defined(MBEDTLS_TEST_HOOKS) */
+
+/** \def ARRAY_LENGTH
+ * Return the number of elements of a static or stack array.
+ *
+ * \param array A value of array (not pointer) type.
+ *
+ * \return The number of elements of the array.
+ */
+/* A correct implementation of ARRAY_LENGTH, but which silently gives
+ * a nonsensical result if called with a pointer rather than an array. */
+#define ARRAY_LENGTH_UNSAFE(array) \
+ (sizeof(array) / sizeof(*(array)))
+
+#if defined(__GNUC__)
+/* Test if arg and &(arg)[0] have the same type. This is true if arg is
+ * an array but not if it's a pointer. */
+#define IS_ARRAY_NOT_POINTER(arg) \
+ (!__builtin_types_compatible_p(__typeof__(arg), \
+ __typeof__(&(arg)[0])))
+/* A compile-time constant with the value 0. If `const_expr` is not a
+ * compile-time constant with a nonzero value, cause a compile-time error. */
+#define STATIC_ASSERT_EXPR(const_expr) \
+ (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
+
+/* Return the scalar value `value` (possibly promoted). This is a compile-time
+ * constant if `value` is. `condition` must be a compile-time constant.
+ * If `condition` is false, arrange to cause a compile-time error. */
+#define STATIC_ASSERT_THEN_RETURN(condition, value) \
+ (STATIC_ASSERT_EXPR(condition) ? 0 : (value))
+
+#define ARRAY_LENGTH(array) \
+ (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
+ ARRAY_LENGTH_UNSAFE(array)))
+
+#else
+/* If we aren't sure the compiler supports our non-standard tricks,
+ * fall back to the unsafe implementation. */
+#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
+#endif
+/** Allow library to access its structs' private members.
+ *
+ * Although structs defined in header files are publicly available,
+ * their members are private and should not be accessed by the user.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+/**
+ * \brief Securely zeroize a buffer then free it.
+ *
+ * Similar to making consecutive calls to
+ * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has
+ * code size savings, and potential for optimisation in the future.
+ *
+ * Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0.
+ *
+ * \param buf Buffer to be zeroized then freed.
+ * \param len Length of the buffer in bytes
+ */
+void mbedtls_zeroize_and_free(void *buf, size_t len);
+
+/** Return an offset into a buffer.
+ *
+ * This is just the addition of an offset to a pointer, except that this
+ * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
+ *
+ * \param p Pointer to a buffer of at least n bytes.
+ * This may be \p NULL if \p n is zero.
+ * \param n An offset in bytes.
+ * \return Pointer to offset \p n in the buffer \p p.
+ * Note that this is only a valid pointer if the size of the
+ * buffer is at least \p n + 1.
+ */
+static inline unsigned char *mbedtls_buffer_offset(
+ unsigned char *p, size_t n)
+{
+ return p == NULL ? NULL : p + n;
+}
+
+/** Return an offset into a read-only buffer.
+ *
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
+ *
+ * \param p Pointer to a buffer of at least n bytes.
+ * This may be \p NULL if \p n is zero.
+ * \param n An offset in bytes.
+ * \return Pointer to offset \p n in the buffer \p p.
+ * Note that this is only a valid pointer if the size of the
+ * buffer is at least \p n + 1.
+ */
+static inline const unsigned char *mbedtls_buffer_offset_const(
+ const unsigned char *p, size_t n)
+{
+ return p == NULL ? NULL : p + n;
+}
+
+/* Always inline mbedtls_xor() for similar reasons as mbedtls_xor_no_simd(). */
+#if defined(__IAR_SYSTEMS_ICC__)
+#pragma inline = forced
+#elif defined(__GNUC__)
+__attribute__((always_inline))
+#endif
+/**
+ * Perform a fast block XOR operation, such that
+ * r[i] = a[i] ^ b[i] where 0 <= i < n
+ *
+ * \param r Pointer to result (buffer of at least \p n bytes). \p r
+ * may be equal to either \p a or \p b, but behaviour when
+ * it overlaps in other ways is undefined.
+ * \param a Pointer to input (buffer of at least \p n bytes)
+ * \param b Pointer to input (buffer of at least \p n bytes)
+ * \param n Number of bytes to process.
+ *
+ * \note Depending on the situation, it may be faster to use either mbedtls_xor() or
+ * mbedtls_xor_no_simd() (these are functionally equivalent).
+ * If the result is used immediately after the xor operation in non-SIMD code (e.g, in
+ * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar
+ * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where
+ * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster.
+ * For targets without SIMD support, they will behave the same.
+ */
+static inline void mbedtls_xor(unsigned char *r,
+ const unsigned char *a,
+ const unsigned char *b,
+ size_t n)
+{
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \
+ (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300))
+ /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */
+ for (; (i + 16) <= n; i += 16) {
+ uint8x16_t v1 = vld1q_u8(a + i);
+ uint8x16_t v2 = vld1q_u8(b + i);
+ uint8x16_t x = veorq_u8(v1, v2);
+ vst1q_u8(r + i, x);
+ }
+#if defined(__IAR_SYSTEMS_ICC__)
+ /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
+ * where n is a constant multiple of 16.
+ * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
+ * constant, and is a very small perf regression if n is not a compile-time constant. */
+ if (n % 16 == 0) {
+ return;
+ }
+#endif
+#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
+ /* This codepath probably only makes sense on architectures with 64-bit registers */
+ for (; (i + 8) <= n; i += 8) {
+ uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
+ mbedtls_put_unaligned_uint64(r + i, x);
+ }
+#if defined(__IAR_SYSTEMS_ICC__)
+ if (n % 8 == 0) {
+ return;
+ }
+#endif
+#else
+ for (; (i + 4) <= n; i += 4) {
+ uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
+ mbedtls_put_unaligned_uint32(r + i, x);
+ }
+#if defined(__IAR_SYSTEMS_ICC__)
+ if (n % 4 == 0) {
+ return;
+ }
+#endif
+#endif
+#endif
+ for (; i < n; i++) {
+ r[i] = a[i] ^ b[i];
+ }
+}
+
+/* Always inline mbedtls_xor_no_simd() as we see significant perf regressions when it does not get
+ * inlined (e.g., observed about 3x perf difference in gcm_mult_largetable with gcc 7 - 12) */
+#if defined(__IAR_SYSTEMS_ICC__)
+#pragma inline = forced
+#elif defined(__GNUC__)
+__attribute__((always_inline))
+#endif
+/**
+ * Perform a fast block XOR operation, such that
+ * r[i] = a[i] ^ b[i] where 0 <= i < n
+ *
+ * In some situations, this can perform better than mbedtls_xor() (e.g., it's about 5%
+ * better in AES-CBC).
+ *
+ * \param r Pointer to result (buffer of at least \p n bytes). \p r
+ * may be equal to either \p a or \p b, but behaviour when
+ * it overlaps in other ways is undefined.
+ * \param a Pointer to input (buffer of at least \p n bytes)
+ * \param b Pointer to input (buffer of at least \p n bytes)
+ * \param n Number of bytes to process.
+ *
+ * \note Depending on the situation, it may be faster to use either mbedtls_xor() or
+ * mbedtls_xor_no_simd() (these are functionally equivalent).
+ * If the result is used immediately after the xor operation in non-SIMD code (e.g, in
+ * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar
+ * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where
+ * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster.
+ * For targets without SIMD support, they will behave the same.
+ */
+static inline void mbedtls_xor_no_simd(unsigned char *r,
+ const unsigned char *a,
+ const unsigned char *b,
+ size_t n)
+{
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+#if defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
+ /* This codepath probably only makes sense on architectures with 64-bit registers */
+ for (; (i + 8) <= n; i += 8) {
+ uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
+ mbedtls_put_unaligned_uint64(r + i, x);
+ }
+#if defined(__IAR_SYSTEMS_ICC__)
+ /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
+ * where n is a constant multiple of 8.
+ * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
+ * constant, and is a very small perf regression if n is not a compile-time constant. */
+ if (n % 8 == 0) {
+ return;
+ }
+#endif
+#else
+ for (; (i + 4) <= n; i += 4) {
+ uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
+ mbedtls_put_unaligned_uint32(r + i, x);
+ }
+#if defined(__IAR_SYSTEMS_ICC__)
+ if (n % 4 == 0) {
+ return;
+ }
+#endif
+#endif
+#endif
+ for (; i < n; i++) {
+ r[i] = a[i] ^ b[i];
+ }
+}
+
+/* Fix MSVC C99 compatible issue
+ * MSVC support __func__ from visual studio 2015( 1900 )
+ * Use MSVC predefine macro to avoid name check fail.
+ */
+#if (defined(_MSC_VER) && (_MSC_VER <= 1900))
+#define /*no-check-names*/ __func__ __FUNCTION__
+#endif
+
+/* Define `asm` for compilers which don't define it. */
+/* *INDENT-OFF* */
+#ifndef asm
+#if defined(__IAR_SYSTEMS_ICC__)
+#define asm __asm
+#else
+#define asm __asm__
+#endif
+#endif
+/* *INDENT-ON* */
+
+/*
+ * Define the constraint used for read-only pointer operands to aarch64 asm.
+ *
+ * This is normally the usual "r", but for aarch64_32 (aka ILP32,
+ * as found in watchos), "p" is required to avoid warnings from clang.
+ *
+ * Note that clang does not recognise '+p' or '=p', and armclang
+ * does not recognise 'p' at all. Therefore, to update a pointer from
+ * aarch64 assembly, it is necessary to use something like:
+ *
+ * uintptr_t uptr = (uintptr_t) ptr;
+ * asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : )
+ * ptr = (void*) uptr;
+ *
+ * Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings.
+ */
+#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM)
+#if UINTPTR_MAX == 0xfffffffful
+/* ILP32: Specify the pointer operand slightly differently, as per #7787. */
+#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p"
+#elif UINTPTR_MAX == 0xfffffffffffffffful
+/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
+#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
+#else
+#error "Unrecognised pointer size for aarch64"
+#endif
+#endif
+
+/* Always provide a static assert macro, so it can be used unconditionally.
+ * It will expand to nothing on some systems.
+ * Can be used outside functions (but don't add a trailing ';' in that case:
+ * the semicolon is included here to avoid triggering -Wextra-semi when
+ * MBEDTLS_STATIC_ASSERT() expands to nothing).
+ * Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
+ * defines static_assert even with -std=c99, but then complains about it.
+ */
+#if defined(static_assert) && !defined(__FreeBSD__)
+#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg);
+#else
+#define MBEDTLS_STATIC_ASSERT(expr, msg)
+#endif
+
+#if defined(__has_builtin)
+#define MBEDTLS_HAS_BUILTIN(x) __has_builtin(x)
+#else
+#define MBEDTLS_HAS_BUILTIN(x) 0
+#endif
+
+/* Define compiler branch hints */
+#if MBEDTLS_HAS_BUILTIN(__builtin_expect)
+#define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1)
+#define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0)
+#else
+#define MBEDTLS_LIKELY(x) x
+#define MBEDTLS_UNLIKELY(x) x
+#endif
+
+/* MBEDTLS_ASSUME may be used to provide additional information to the compiler
+ * which can result in smaller code-size. */
+#if MBEDTLS_HAS_BUILTIN(__builtin_assume)
+/* clang provides __builtin_assume */
+#define MBEDTLS_ASSUME(x) __builtin_assume(x)
+#elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable)
+/* gcc and IAR can use __builtin_unreachable */
+#define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0)
+#elif defined(_MSC_VER)
+/* Supported by MSVC since VS 2005 */
+#define MBEDTLS_ASSUME(x) __assume(x)
+#else
+#define MBEDTLS_ASSUME(x) do { } while (0)
+#endif
+
+/* For gcc -Os, override with -O2 for a given function.
+ *
+ * This will not affect behaviour for other optimisation settings, e.g. -O0.
+ */
+#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__OPTIMIZE_SIZE__)
+#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE __attribute__((optimize("-O2")))
+#else
+#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE
+#endif
+
+/* Suppress compiler warnings for unused functions and variables. */
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
+# if __has_attribute(unused)
+# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
+# endif
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
+# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
+/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support)
+ * is given; the pragma always works.
+ * Unfortunately the pragma affects the rest of the file where it is used, but this is harmless.
+ * Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't
+ * able to find documentation).
+ */
+# if (__VER__ >= 5020000)
+# define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177")
+# endif
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
+# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED)
+# define MBEDTLS_MAYBE_UNUSED
+#endif
+
+#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
similarity index 100%
rename from library/psa_crypto.c
rename to tf-psa-crypto/core/psa_crypto.c
diff --git a/library/psa_crypto_aead.c b/tf-psa-crypto/core/psa_crypto_aead.c
similarity index 100%
rename from library/psa_crypto_aead.c
rename to tf-psa-crypto/core/psa_crypto_aead.c
diff --git a/library/psa_crypto_aead.h b/tf-psa-crypto/core/psa_crypto_aead.h
similarity index 100%
rename from library/psa_crypto_aead.h
rename to tf-psa-crypto/core/psa_crypto_aead.h
diff --git a/library/psa_crypto_cipher.c b/tf-psa-crypto/core/psa_crypto_cipher.c
similarity index 100%
rename from library/psa_crypto_cipher.c
rename to tf-psa-crypto/core/psa_crypto_cipher.c
diff --git a/library/psa_crypto_cipher.h b/tf-psa-crypto/core/psa_crypto_cipher.h
similarity index 100%
rename from library/psa_crypto_cipher.h
rename to tf-psa-crypto/core/psa_crypto_cipher.h
diff --git a/library/psa_crypto_client.c b/tf-psa-crypto/core/psa_crypto_client.c
similarity index 100%
rename from library/psa_crypto_client.c
rename to tf-psa-crypto/core/psa_crypto_client.c
diff --git a/library/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h
similarity index 100%
rename from library/psa_crypto_core.h
rename to tf-psa-crypto/core/psa_crypto_core.h
diff --git a/library/psa_crypto_core_common.h b/tf-psa-crypto/core/psa_crypto_core_common.h
similarity index 100%
rename from library/psa_crypto_core_common.h
rename to tf-psa-crypto/core/psa_crypto_core_common.h
diff --git a/library/psa_crypto_driver_wrappers_no_static.h b/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.h
similarity index 100%
rename from library/psa_crypto_driver_wrappers_no_static.h
rename to tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.h
diff --git a/library/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c
similarity index 100%
rename from library/psa_crypto_ecp.c
rename to tf-psa-crypto/core/psa_crypto_ecp.c
diff --git a/library/psa_crypto_ecp.h b/tf-psa-crypto/core/psa_crypto_ecp.h
similarity index 100%
rename from library/psa_crypto_ecp.h
rename to tf-psa-crypto/core/psa_crypto_ecp.h
diff --git a/library/psa_crypto_ffdh.c b/tf-psa-crypto/core/psa_crypto_ffdh.c
similarity index 100%
rename from library/psa_crypto_ffdh.c
rename to tf-psa-crypto/core/psa_crypto_ffdh.c
diff --git a/library/psa_crypto_ffdh.h b/tf-psa-crypto/core/psa_crypto_ffdh.h
similarity index 100%
rename from library/psa_crypto_ffdh.h
rename to tf-psa-crypto/core/psa_crypto_ffdh.h
diff --git a/library/psa_crypto_hash.c b/tf-psa-crypto/core/psa_crypto_hash.c
similarity index 100%
rename from library/psa_crypto_hash.c
rename to tf-psa-crypto/core/psa_crypto_hash.c
diff --git a/library/psa_crypto_hash.h b/tf-psa-crypto/core/psa_crypto_hash.h
similarity index 100%
rename from library/psa_crypto_hash.h
rename to tf-psa-crypto/core/psa_crypto_hash.h
diff --git a/library/psa_crypto_invasive.h b/tf-psa-crypto/core/psa_crypto_invasive.h
similarity index 100%
rename from library/psa_crypto_invasive.h
rename to tf-psa-crypto/core/psa_crypto_invasive.h
diff --git a/library/psa_crypto_its.h b/tf-psa-crypto/core/psa_crypto_its.h
similarity index 100%
rename from library/psa_crypto_its.h
rename to tf-psa-crypto/core/psa_crypto_its.h
diff --git a/library/psa_crypto_mac.c b/tf-psa-crypto/core/psa_crypto_mac.c
similarity index 100%
rename from library/psa_crypto_mac.c
rename to tf-psa-crypto/core/psa_crypto_mac.c
diff --git a/library/psa_crypto_mac.h b/tf-psa-crypto/core/psa_crypto_mac.h
similarity index 100%
rename from library/psa_crypto_mac.h
rename to tf-psa-crypto/core/psa_crypto_mac.h
diff --git a/library/psa_crypto_pake.c b/tf-psa-crypto/core/psa_crypto_pake.c
similarity index 100%
rename from library/psa_crypto_pake.c
rename to tf-psa-crypto/core/psa_crypto_pake.c
diff --git a/library/psa_crypto_pake.h b/tf-psa-crypto/core/psa_crypto_pake.h
similarity index 100%
rename from library/psa_crypto_pake.h
rename to tf-psa-crypto/core/psa_crypto_pake.h
diff --git a/library/psa_crypto_random_impl.h b/tf-psa-crypto/core/psa_crypto_random_impl.h
similarity index 100%
rename from library/psa_crypto_random_impl.h
rename to tf-psa-crypto/core/psa_crypto_random_impl.h
diff --git a/library/psa_crypto_rsa.c b/tf-psa-crypto/core/psa_crypto_rsa.c
similarity index 100%
rename from library/psa_crypto_rsa.c
rename to tf-psa-crypto/core/psa_crypto_rsa.c
diff --git a/library/psa_crypto_rsa.h b/tf-psa-crypto/core/psa_crypto_rsa.h
similarity index 100%
rename from library/psa_crypto_rsa.h
rename to tf-psa-crypto/core/psa_crypto_rsa.h
diff --git a/library/psa_crypto_se.c b/tf-psa-crypto/core/psa_crypto_se.c
similarity index 100%
rename from library/psa_crypto_se.c
rename to tf-psa-crypto/core/psa_crypto_se.c
diff --git a/library/psa_crypto_se.h b/tf-psa-crypto/core/psa_crypto_se.h
similarity index 100%
rename from library/psa_crypto_se.h
rename to tf-psa-crypto/core/psa_crypto_se.h
diff --git a/library/psa_crypto_slot_management.c b/tf-psa-crypto/core/psa_crypto_slot_management.c
similarity index 100%
rename from library/psa_crypto_slot_management.c
rename to tf-psa-crypto/core/psa_crypto_slot_management.c
diff --git a/library/psa_crypto_slot_management.h b/tf-psa-crypto/core/psa_crypto_slot_management.h
similarity index 100%
rename from library/psa_crypto_slot_management.h
rename to tf-psa-crypto/core/psa_crypto_slot_management.h
diff --git a/library/psa_crypto_storage.c b/tf-psa-crypto/core/psa_crypto_storage.c
similarity index 100%
rename from library/psa_crypto_storage.c
rename to tf-psa-crypto/core/psa_crypto_storage.c
diff --git a/library/psa_crypto_storage.h b/tf-psa-crypto/core/psa_crypto_storage.h
similarity index 100%
rename from library/psa_crypto_storage.h
rename to tf-psa-crypto/core/psa_crypto_storage.h
diff --git a/library/psa_its_file.c b/tf-psa-crypto/core/psa_its_file.c
similarity index 100%
rename from library/psa_its_file.c
rename to tf-psa-crypto/core/psa_its_file.c
diff --git a/library/psa_util.c b/tf-psa-crypto/core/psa_util.c
similarity index 100%
rename from library/psa_util.c
rename to tf-psa-crypto/core/psa_util.c
diff --git a/library/psa_util_internal.h b/tf-psa-crypto/core/psa_util_internal.h
similarity index 100%
rename from library/psa_util_internal.h
rename to tf-psa-crypto/core/psa_util_internal.h
diff --git a/3rdparty/CMakeLists.txt b/tf-psa-crypto/drivers/CMakeLists.txt
similarity index 66%
rename from 3rdparty/CMakeLists.txt
rename to tf-psa-crypto/drivers/CMakeLists.txt
index fa149bdecf..517b6dfd9f 100644
--- a/3rdparty/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(builtin)
add_subdirectory(everest)
add_subdirectory(p256-m)
diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
new file mode 100644
index 0000000000..febd4f0ab6
--- /dev/null
+++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
@@ -0,0 +1 @@
+add_subdirectory(src)
diff --git a/tf-psa-crypto/drivers/builtin/src/.gitignore b/tf-psa-crypto/drivers/builtin/src/.gitignore
new file mode 100644
index 0000000000..f3923b14f1
--- /dev/null
+++ b/tf-psa-crypto/drivers/builtin/src/.gitignore
@@ -0,0 +1,4 @@
+###START_GENERATED_FILES###
+/error.c
+/version_features.c
+###END_GENERATED_FILES###
diff --git a/tf-psa-crypto/drivers/builtin/src/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/src/CMakeLists.txt
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/library/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c
similarity index 100%
rename from library/aes.c
rename to tf-psa-crypto/drivers/builtin/src/aes.c
diff --git a/library/aesce.c b/tf-psa-crypto/drivers/builtin/src/aesce.c
similarity index 100%
rename from library/aesce.c
rename to tf-psa-crypto/drivers/builtin/src/aesce.c
diff --git a/library/aesce.h b/tf-psa-crypto/drivers/builtin/src/aesce.h
similarity index 100%
rename from library/aesce.h
rename to tf-psa-crypto/drivers/builtin/src/aesce.h
diff --git a/library/aesni.c b/tf-psa-crypto/drivers/builtin/src/aesni.c
similarity index 100%
rename from library/aesni.c
rename to tf-psa-crypto/drivers/builtin/src/aesni.c
diff --git a/library/aesni.h b/tf-psa-crypto/drivers/builtin/src/aesni.h
similarity index 100%
rename from library/aesni.h
rename to tf-psa-crypto/drivers/builtin/src/aesni.h
diff --git a/library/aria.c b/tf-psa-crypto/drivers/builtin/src/aria.c
similarity index 100%
rename from library/aria.c
rename to tf-psa-crypto/drivers/builtin/src/aria.c
diff --git a/library/asn1parse.c b/tf-psa-crypto/drivers/builtin/src/asn1parse.c
similarity index 100%
rename from library/asn1parse.c
rename to tf-psa-crypto/drivers/builtin/src/asn1parse.c
diff --git a/library/asn1write.c b/tf-psa-crypto/drivers/builtin/src/asn1write.c
similarity index 100%
rename from library/asn1write.c
rename to tf-psa-crypto/drivers/builtin/src/asn1write.c
diff --git a/library/base64.c b/tf-psa-crypto/drivers/builtin/src/base64.c
similarity index 100%
rename from library/base64.c
rename to tf-psa-crypto/drivers/builtin/src/base64.c
diff --git a/library/base64_internal.h b/tf-psa-crypto/drivers/builtin/src/base64_internal.h
similarity index 100%
rename from library/base64_internal.h
rename to tf-psa-crypto/drivers/builtin/src/base64_internal.h
diff --git a/library/bignum.c b/tf-psa-crypto/drivers/builtin/src/bignum.c
similarity index 100%
rename from library/bignum.c
rename to tf-psa-crypto/drivers/builtin/src/bignum.c
diff --git a/library/bignum_core.c b/tf-psa-crypto/drivers/builtin/src/bignum_core.c
similarity index 100%
rename from library/bignum_core.c
rename to tf-psa-crypto/drivers/builtin/src/bignum_core.c
diff --git a/library/bignum_core.h b/tf-psa-crypto/drivers/builtin/src/bignum_core.h
similarity index 100%
rename from library/bignum_core.h
rename to tf-psa-crypto/drivers/builtin/src/bignum_core.h
diff --git a/library/bignum_mod.c b/tf-psa-crypto/drivers/builtin/src/bignum_mod.c
similarity index 100%
rename from library/bignum_mod.c
rename to tf-psa-crypto/drivers/builtin/src/bignum_mod.c
diff --git a/library/bignum_mod.h b/tf-psa-crypto/drivers/builtin/src/bignum_mod.h
similarity index 100%
rename from library/bignum_mod.h
rename to tf-psa-crypto/drivers/builtin/src/bignum_mod.h
diff --git a/library/bignum_mod_raw.c b/tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.c
similarity index 100%
rename from library/bignum_mod_raw.c
rename to tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.c
diff --git a/library/bignum_mod_raw.h b/tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.h
similarity index 100%
rename from library/bignum_mod_raw.h
rename to tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.h
diff --git a/library/bignum_mod_raw_invasive.h b/tf-psa-crypto/drivers/builtin/src/bignum_mod_raw_invasive.h
similarity index 100%
rename from library/bignum_mod_raw_invasive.h
rename to tf-psa-crypto/drivers/builtin/src/bignum_mod_raw_invasive.h
diff --git a/library/block_cipher.c b/tf-psa-crypto/drivers/builtin/src/block_cipher.c
similarity index 100%
rename from library/block_cipher.c
rename to tf-psa-crypto/drivers/builtin/src/block_cipher.c
diff --git a/library/block_cipher_internal.h b/tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h
similarity index 100%
rename from library/block_cipher_internal.h
rename to tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h
diff --git a/library/bn_mul.h b/tf-psa-crypto/drivers/builtin/src/bn_mul.h
similarity index 100%
rename from library/bn_mul.h
rename to tf-psa-crypto/drivers/builtin/src/bn_mul.h
diff --git a/library/camellia.c b/tf-psa-crypto/drivers/builtin/src/camellia.c
similarity index 100%
rename from library/camellia.c
rename to tf-psa-crypto/drivers/builtin/src/camellia.c
diff --git a/library/ccm.c b/tf-psa-crypto/drivers/builtin/src/ccm.c
similarity index 100%
rename from library/ccm.c
rename to tf-psa-crypto/drivers/builtin/src/ccm.c
diff --git a/library/chacha20.c b/tf-psa-crypto/drivers/builtin/src/chacha20.c
similarity index 100%
rename from library/chacha20.c
rename to tf-psa-crypto/drivers/builtin/src/chacha20.c
diff --git a/library/chachapoly.c b/tf-psa-crypto/drivers/builtin/src/chachapoly.c
similarity index 100%
rename from library/chachapoly.c
rename to tf-psa-crypto/drivers/builtin/src/chachapoly.c
diff --git a/library/check_crypto_config.h b/tf-psa-crypto/drivers/builtin/src/check_crypto_config.h
similarity index 100%
rename from library/check_crypto_config.h
rename to tf-psa-crypto/drivers/builtin/src/check_crypto_config.h
diff --git a/library/cipher.c b/tf-psa-crypto/drivers/builtin/src/cipher.c
similarity index 100%
rename from library/cipher.c
rename to tf-psa-crypto/drivers/builtin/src/cipher.c
diff --git a/library/cipher_wrap.c b/tf-psa-crypto/drivers/builtin/src/cipher_wrap.c
similarity index 100%
rename from library/cipher_wrap.c
rename to tf-psa-crypto/drivers/builtin/src/cipher_wrap.c
diff --git a/library/cipher_wrap.h b/tf-psa-crypto/drivers/builtin/src/cipher_wrap.h
similarity index 100%
rename from library/cipher_wrap.h
rename to tf-psa-crypto/drivers/builtin/src/cipher_wrap.h
diff --git a/library/cmac.c b/tf-psa-crypto/drivers/builtin/src/cmac.c
similarity index 100%
rename from library/cmac.c
rename to tf-psa-crypto/drivers/builtin/src/cmac.c
diff --git a/library/constant_time.c b/tf-psa-crypto/drivers/builtin/src/constant_time.c
similarity index 100%
rename from library/constant_time.c
rename to tf-psa-crypto/drivers/builtin/src/constant_time.c
diff --git a/library/constant_time_impl.h b/tf-psa-crypto/drivers/builtin/src/constant_time_impl.h
similarity index 100%
rename from library/constant_time_impl.h
rename to tf-psa-crypto/drivers/builtin/src/constant_time_impl.h
diff --git a/library/constant_time_internal.h b/tf-psa-crypto/drivers/builtin/src/constant_time_internal.h
similarity index 100%
rename from library/constant_time_internal.h
rename to tf-psa-crypto/drivers/builtin/src/constant_time_internal.h
diff --git a/library/ctr.h b/tf-psa-crypto/drivers/builtin/src/ctr.h
similarity index 100%
rename from library/ctr.h
rename to tf-psa-crypto/drivers/builtin/src/ctr.h
diff --git a/library/ctr_drbg.c b/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c
similarity index 100%
rename from library/ctr_drbg.c
rename to tf-psa-crypto/drivers/builtin/src/ctr_drbg.c
diff --git a/library/des.c b/tf-psa-crypto/drivers/builtin/src/des.c
similarity index 100%
rename from library/des.c
rename to tf-psa-crypto/drivers/builtin/src/des.c
diff --git a/library/dhm.c b/tf-psa-crypto/drivers/builtin/src/dhm.c
similarity index 100%
rename from library/dhm.c
rename to tf-psa-crypto/drivers/builtin/src/dhm.c
diff --git a/library/ecdh.c b/tf-psa-crypto/drivers/builtin/src/ecdh.c
similarity index 100%
rename from library/ecdh.c
rename to tf-psa-crypto/drivers/builtin/src/ecdh.c
diff --git a/library/ecdsa.c b/tf-psa-crypto/drivers/builtin/src/ecdsa.c
similarity index 100%
rename from library/ecdsa.c
rename to tf-psa-crypto/drivers/builtin/src/ecdsa.c
diff --git a/library/ecjpake.c b/tf-psa-crypto/drivers/builtin/src/ecjpake.c
similarity index 100%
rename from library/ecjpake.c
rename to tf-psa-crypto/drivers/builtin/src/ecjpake.c
diff --git a/library/ecp.c b/tf-psa-crypto/drivers/builtin/src/ecp.c
similarity index 100%
rename from library/ecp.c
rename to tf-psa-crypto/drivers/builtin/src/ecp.c
diff --git a/library/ecp_curves.c b/tf-psa-crypto/drivers/builtin/src/ecp_curves.c
similarity index 100%
rename from library/ecp_curves.c
rename to tf-psa-crypto/drivers/builtin/src/ecp_curves.c
diff --git a/library/ecp_curves_new.c b/tf-psa-crypto/drivers/builtin/src/ecp_curves_new.c
similarity index 100%
rename from library/ecp_curves_new.c
rename to tf-psa-crypto/drivers/builtin/src/ecp_curves_new.c
diff --git a/library/ecp_invasive.h b/tf-psa-crypto/drivers/builtin/src/ecp_invasive.h
similarity index 100%
rename from library/ecp_invasive.h
rename to tf-psa-crypto/drivers/builtin/src/ecp_invasive.h
diff --git a/library/entropy.c b/tf-psa-crypto/drivers/builtin/src/entropy.c
similarity index 100%
rename from library/entropy.c
rename to tf-psa-crypto/drivers/builtin/src/entropy.c
diff --git a/library/entropy_poll.c b/tf-psa-crypto/drivers/builtin/src/entropy_poll.c
similarity index 100%
rename from library/entropy_poll.c
rename to tf-psa-crypto/drivers/builtin/src/entropy_poll.c
diff --git a/library/entropy_poll.h b/tf-psa-crypto/drivers/builtin/src/entropy_poll.h
similarity index 100%
rename from library/entropy_poll.h
rename to tf-psa-crypto/drivers/builtin/src/entropy_poll.h
diff --git a/library/gcm.c b/tf-psa-crypto/drivers/builtin/src/gcm.c
similarity index 100%
rename from library/gcm.c
rename to tf-psa-crypto/drivers/builtin/src/gcm.c
diff --git a/library/hkdf.c b/tf-psa-crypto/drivers/builtin/src/hkdf.c
similarity index 100%
rename from library/hkdf.c
rename to tf-psa-crypto/drivers/builtin/src/hkdf.c
diff --git a/library/hmac_drbg.c b/tf-psa-crypto/drivers/builtin/src/hmac_drbg.c
similarity index 100%
rename from library/hmac_drbg.c
rename to tf-psa-crypto/drivers/builtin/src/hmac_drbg.c
diff --git a/library/lmots.c b/tf-psa-crypto/drivers/builtin/src/lmots.c
similarity index 100%
rename from library/lmots.c
rename to tf-psa-crypto/drivers/builtin/src/lmots.c
diff --git a/library/lmots.h b/tf-psa-crypto/drivers/builtin/src/lmots.h
similarity index 100%
rename from library/lmots.h
rename to tf-psa-crypto/drivers/builtin/src/lmots.h
diff --git a/library/lms.c b/tf-psa-crypto/drivers/builtin/src/lms.c
similarity index 100%
rename from library/lms.c
rename to tf-psa-crypto/drivers/builtin/src/lms.c
diff --git a/library/md.c b/tf-psa-crypto/drivers/builtin/src/md.c
similarity index 100%
rename from library/md.c
rename to tf-psa-crypto/drivers/builtin/src/md.c
diff --git a/library/md5.c b/tf-psa-crypto/drivers/builtin/src/md5.c
similarity index 100%
rename from library/md5.c
rename to tf-psa-crypto/drivers/builtin/src/md5.c
diff --git a/library/md_psa.h b/tf-psa-crypto/drivers/builtin/src/md_psa.h
similarity index 100%
rename from library/md_psa.h
rename to tf-psa-crypto/drivers/builtin/src/md_psa.h
diff --git a/library/md_wrap.h b/tf-psa-crypto/drivers/builtin/src/md_wrap.h
similarity index 100%
rename from library/md_wrap.h
rename to tf-psa-crypto/drivers/builtin/src/md_wrap.h
diff --git a/library/memory_buffer_alloc.c b/tf-psa-crypto/drivers/builtin/src/memory_buffer_alloc.c
similarity index 100%
rename from library/memory_buffer_alloc.c
rename to tf-psa-crypto/drivers/builtin/src/memory_buffer_alloc.c
diff --git a/library/nist_kw.c b/tf-psa-crypto/drivers/builtin/src/nist_kw.c
similarity index 100%
rename from library/nist_kw.c
rename to tf-psa-crypto/drivers/builtin/src/nist_kw.c
diff --git a/library/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c
similarity index 100%
rename from library/oid.c
rename to tf-psa-crypto/drivers/builtin/src/oid.c
diff --git a/library/pem.c b/tf-psa-crypto/drivers/builtin/src/pem.c
similarity index 100%
rename from library/pem.c
rename to tf-psa-crypto/drivers/builtin/src/pem.c
diff --git a/library/pk.c b/tf-psa-crypto/drivers/builtin/src/pk.c
similarity index 100%
rename from library/pk.c
rename to tf-psa-crypto/drivers/builtin/src/pk.c
diff --git a/library/pk_ecc.c b/tf-psa-crypto/drivers/builtin/src/pk_ecc.c
similarity index 100%
rename from library/pk_ecc.c
rename to tf-psa-crypto/drivers/builtin/src/pk_ecc.c
diff --git a/library/pk_internal.h b/tf-psa-crypto/drivers/builtin/src/pk_internal.h
similarity index 100%
rename from library/pk_internal.h
rename to tf-psa-crypto/drivers/builtin/src/pk_internal.h
diff --git a/library/pk_wrap.c b/tf-psa-crypto/drivers/builtin/src/pk_wrap.c
similarity index 100%
rename from library/pk_wrap.c
rename to tf-psa-crypto/drivers/builtin/src/pk_wrap.c
diff --git a/library/pk_wrap.h b/tf-psa-crypto/drivers/builtin/src/pk_wrap.h
similarity index 100%
rename from library/pk_wrap.h
rename to tf-psa-crypto/drivers/builtin/src/pk_wrap.h
diff --git a/library/pkcs12.c b/tf-psa-crypto/drivers/builtin/src/pkcs12.c
similarity index 100%
rename from library/pkcs12.c
rename to tf-psa-crypto/drivers/builtin/src/pkcs12.c
diff --git a/library/pkcs5.c b/tf-psa-crypto/drivers/builtin/src/pkcs5.c
similarity index 100%
rename from library/pkcs5.c
rename to tf-psa-crypto/drivers/builtin/src/pkcs5.c
diff --git a/library/pkparse.c b/tf-psa-crypto/drivers/builtin/src/pkparse.c
similarity index 100%
rename from library/pkparse.c
rename to tf-psa-crypto/drivers/builtin/src/pkparse.c
diff --git a/library/pkwrite.c b/tf-psa-crypto/drivers/builtin/src/pkwrite.c
similarity index 100%
rename from library/pkwrite.c
rename to tf-psa-crypto/drivers/builtin/src/pkwrite.c
diff --git a/library/pkwrite.h b/tf-psa-crypto/drivers/builtin/src/pkwrite.h
similarity index 100%
rename from library/pkwrite.h
rename to tf-psa-crypto/drivers/builtin/src/pkwrite.h
diff --git a/library/platform.c b/tf-psa-crypto/drivers/builtin/src/platform.c
similarity index 100%
rename from library/platform.c
rename to tf-psa-crypto/drivers/builtin/src/platform.c
diff --git a/library/platform_util.c b/tf-psa-crypto/drivers/builtin/src/platform_util.c
similarity index 100%
rename from library/platform_util.c
rename to tf-psa-crypto/drivers/builtin/src/platform_util.c
diff --git a/library/poly1305.c b/tf-psa-crypto/drivers/builtin/src/poly1305.c
similarity index 100%
rename from library/poly1305.c
rename to tf-psa-crypto/drivers/builtin/src/poly1305.c
diff --git a/library/ripemd160.c b/tf-psa-crypto/drivers/builtin/src/ripemd160.c
similarity index 100%
rename from library/ripemd160.c
rename to tf-psa-crypto/drivers/builtin/src/ripemd160.c
diff --git a/library/rsa.c b/tf-psa-crypto/drivers/builtin/src/rsa.c
similarity index 100%
rename from library/rsa.c
rename to tf-psa-crypto/drivers/builtin/src/rsa.c
diff --git a/library/rsa_alt_helpers.c b/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.c
similarity index 100%
rename from library/rsa_alt_helpers.c
rename to tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.c
diff --git a/library/rsa_alt_helpers.h b/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.h
similarity index 100%
rename from library/rsa_alt_helpers.h
rename to tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.h
diff --git a/library/rsa_internal.h b/tf-psa-crypto/drivers/builtin/src/rsa_internal.h
similarity index 100%
rename from library/rsa_internal.h
rename to tf-psa-crypto/drivers/builtin/src/rsa_internal.h
diff --git a/library/sha1.c b/tf-psa-crypto/drivers/builtin/src/sha1.c
similarity index 100%
rename from library/sha1.c
rename to tf-psa-crypto/drivers/builtin/src/sha1.c
diff --git a/library/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c
similarity index 100%
rename from library/sha256.c
rename to tf-psa-crypto/drivers/builtin/src/sha256.c
diff --git a/library/sha3.c b/tf-psa-crypto/drivers/builtin/src/sha3.c
similarity index 100%
rename from library/sha3.c
rename to tf-psa-crypto/drivers/builtin/src/sha3.c
diff --git a/library/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c
similarity index 100%
rename from library/sha512.c
rename to tf-psa-crypto/drivers/builtin/src/sha512.c
diff --git a/library/threading.c b/tf-psa-crypto/drivers/builtin/src/threading.c
similarity index 100%
rename from library/threading.c
rename to tf-psa-crypto/drivers/builtin/src/threading.c
diff --git a/library/timing.c b/tf-psa-crypto/drivers/builtin/src/timing.c
similarity index 100%
rename from library/timing.c
rename to tf-psa-crypto/drivers/builtin/src/timing.c
diff --git a/library/version.c b/tf-psa-crypto/drivers/builtin/src/version.c
similarity index 100%
rename from library/version.c
rename to tf-psa-crypto/drivers/builtin/src/version.c
diff --git a/3rdparty/everest/.gitignore b/tf-psa-crypto/drivers/everest/.gitignore
similarity index 100%
rename from 3rdparty/everest/.gitignore
rename to tf-psa-crypto/drivers/everest/.gitignore
diff --git a/3rdparty/everest/CMakeLists.txt b/tf-psa-crypto/drivers/everest/CMakeLists.txt
similarity index 95%
rename from 3rdparty/everest/CMakeLists.txt
rename to tf-psa-crypto/drivers/everest/CMakeLists.txt
index 356931e05f..4958a79162 100644
--- a/3rdparty/everest/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/everest/CMakeLists.txt
@@ -13,7 +13,8 @@ target_include_directories(${everest_target}
$
PRIVATE include/everest
include/everest/kremlib
- ${MBEDTLS_DIR}/library/)
+ ${MBEDTLS_DIR}/library
+ ${MBEDTLS_DIR}/tf-psa-crypto/core)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
# This must be duplicated from library/CMakeLists.txt because
diff --git a/3rdparty/everest/Makefile.inc b/tf-psa-crypto/drivers/everest/Makefile.inc
similarity index 100%
rename from 3rdparty/everest/Makefile.inc
rename to tf-psa-crypto/drivers/everest/Makefile.inc
diff --git a/3rdparty/everest/README.md b/tf-psa-crypto/drivers/everest/README.md
similarity index 100%
rename from 3rdparty/everest/README.md
rename to tf-psa-crypto/drivers/everest/README.md
diff --git a/3rdparty/everest/include/everest/Hacl_Curve25519.h b/tf-psa-crypto/drivers/everest/include/everest/Hacl_Curve25519.h
similarity index 100%
rename from 3rdparty/everest/include/everest/Hacl_Curve25519.h
rename to tf-psa-crypto/drivers/everest/include/everest/Hacl_Curve25519.h
diff --git a/3rdparty/everest/include/everest/everest.h b/tf-psa-crypto/drivers/everest/include/everest/everest.h
similarity index 100%
rename from 3rdparty/everest/include/everest/everest.h
rename to tf-psa-crypto/drivers/everest/include/everest/everest.h
diff --git a/3rdparty/everest/include/everest/kremlib.h b/tf-psa-crypto/drivers/everest/include/everest/kremlib.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlib.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlib.h
diff --git a/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h b/tf-psa-crypto/drivers/everest/include/everest/kremlib/FStar_UInt128.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlib/FStar_UInt128.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlib/FStar_UInt128.h
diff --git a/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h b/tf-psa-crypto/drivers/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
diff --git a/3rdparty/everest/include/everest/kremlin/c_endianness.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/c_endianness.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/c_endianness.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/c_endianness.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/builtin.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/builtin.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/builtin.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/builtin.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/callconv.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/callconv.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/callconv.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/callconv.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/compat.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/compat.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/compat.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/compat.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/debug.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/debug.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/debug.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/debug.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/target.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/target.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/target.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/target.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/types.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/types.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/types.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/types.h
diff --git a/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h b/tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/wasmsupport.h
similarity index 100%
rename from 3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h
rename to tf-psa-crypto/drivers/everest/include/everest/kremlin/internal/wasmsupport.h
diff --git a/3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h b/tf-psa-crypto/drivers/everest/include/everest/vs2013/Hacl_Curve25519.h
similarity index 100%
rename from 3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h
rename to tf-psa-crypto/drivers/everest/include/everest/vs2013/Hacl_Curve25519.h
diff --git a/3rdparty/everest/include/everest/vs2013/inttypes.h b/tf-psa-crypto/drivers/everest/include/everest/vs2013/inttypes.h
similarity index 100%
rename from 3rdparty/everest/include/everest/vs2013/inttypes.h
rename to tf-psa-crypto/drivers/everest/include/everest/vs2013/inttypes.h
diff --git a/3rdparty/everest/include/everest/vs2013/stdbool.h b/tf-psa-crypto/drivers/everest/include/everest/vs2013/stdbool.h
similarity index 100%
rename from 3rdparty/everest/include/everest/vs2013/stdbool.h
rename to tf-psa-crypto/drivers/everest/include/everest/vs2013/stdbool.h
diff --git a/3rdparty/everest/include/everest/x25519.h b/tf-psa-crypto/drivers/everest/include/everest/x25519.h
similarity index 100%
rename from 3rdparty/everest/include/everest/x25519.h
rename to tf-psa-crypto/drivers/everest/include/everest/x25519.h
diff --git a/3rdparty/everest/library/Hacl_Curve25519.c b/tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c
similarity index 100%
rename from 3rdparty/everest/library/Hacl_Curve25519.c
rename to tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/tf-psa-crypto/drivers/everest/library/Hacl_Curve25519_joined.c
similarity index 100%
rename from 3rdparty/everest/library/Hacl_Curve25519_joined.c
rename to tf-psa-crypto/drivers/everest/library/Hacl_Curve25519_joined.c
diff --git a/3rdparty/everest/library/everest.c b/tf-psa-crypto/drivers/everest/library/everest.c
similarity index 100%
rename from 3rdparty/everest/library/everest.c
rename to tf-psa-crypto/drivers/everest/library/everest.c
diff --git a/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c b/tf-psa-crypto/drivers/everest/library/kremlib/FStar_UInt128_extracted.c
similarity index 100%
rename from 3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c
rename to tf-psa-crypto/drivers/everest/library/kremlib/FStar_UInt128_extracted.c
diff --git a/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c b/tf-psa-crypto/drivers/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c
similarity index 100%
rename from 3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c
rename to tf-psa-crypto/drivers/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c
diff --git a/3rdparty/everest/library/legacy/Hacl_Curve25519.c b/tf-psa-crypto/drivers/everest/library/legacy/Hacl_Curve25519.c
similarity index 100%
rename from 3rdparty/everest/library/legacy/Hacl_Curve25519.c
rename to tf-psa-crypto/drivers/everest/library/legacy/Hacl_Curve25519.c
diff --git a/3rdparty/everest/library/x25519.c b/tf-psa-crypto/drivers/everest/library/x25519.c
similarity index 100%
rename from 3rdparty/everest/library/x25519.c
rename to tf-psa-crypto/drivers/everest/library/x25519.c
diff --git a/3rdparty/p256-m/.gitignore b/tf-psa-crypto/drivers/p256-m/.gitignore
similarity index 100%
rename from 3rdparty/p256-m/.gitignore
rename to tf-psa-crypto/drivers/p256-m/.gitignore
diff --git a/3rdparty/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
similarity index 95%
rename from 3rdparty/p256-m/CMakeLists.txt
rename to tf-psa-crypto/drivers/p256-m/CMakeLists.txt
index d3dc81328e..f097ed13a5 100644
--- a/3rdparty/p256-m/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
@@ -11,7 +11,8 @@ target_include_directories(${p256m_target}
$
$
$
- PRIVATE ${MBEDTLS_DIR}/library/)
+ PRIVATE ${MBEDTLS_DIR}/library/
+ ${MBEDTLS_DIR}/tf-psa-crypto/core)
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
# This must be duplicated from library/CMakeLists.txt because
diff --git a/3rdparty/p256-m/Makefile.inc b/tf-psa-crypto/drivers/p256-m/Makefile.inc
similarity index 100%
rename from 3rdparty/p256-m/Makefile.inc
rename to tf-psa-crypto/drivers/p256-m/Makefile.inc
diff --git a/3rdparty/p256-m/README.md b/tf-psa-crypto/drivers/p256-m/README.md
similarity index 100%
rename from 3rdparty/p256-m/README.md
rename to tf-psa-crypto/drivers/p256-m/README.md
diff --git a/3rdparty/p256-m/p256-m/README.md b/tf-psa-crypto/drivers/p256-m/p256-m/README.md
similarity index 100%
rename from 3rdparty/p256-m/p256-m/README.md
rename to tf-psa-crypto/drivers/p256-m/p256-m/README.md
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/tf-psa-crypto/drivers/p256-m/p256-m/p256-m.c
similarity index 100%
rename from 3rdparty/p256-m/p256-m/p256-m.c
rename to tf-psa-crypto/drivers/p256-m/p256-m/p256-m.c
diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/tf-psa-crypto/drivers/p256-m/p256-m/p256-m.h
similarity index 100%
rename from 3rdparty/p256-m/p256-m/p256-m.h
rename to tf-psa-crypto/drivers/p256-m/p256-m/p256-m.h
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.c
similarity index 100%
rename from 3rdparty/p256-m/p256-m_driver_entrypoints.c
rename to tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.c
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.h
similarity index 100%
rename from 3rdparty/p256-m/p256-m_driver_entrypoints.h
rename to tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.h