wolfHSM/test/Makefile at 4a42e8fb7bce6488a14d5abd9b39f1206add8c8c · wolfSSL/wolfHSM · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
## Makefile for wolfHSM tests using POSIX port

## Project name
# Sets output filenames
BIN = wh_test

## Important directories
# Base directory for additional project files
PROJECT_DIR			?= .
CONFIG_DIR			?= $(PROJECT_DIR)/config
# wolfSSL and wolfHSM directories
WOLFSSL_DIR			?= ../../wolfssl
WOLFHSM_DIR			?= ../
WOLFHSM_PORT_DIR	?= $(WOLFHSM_DIR)/port/posix

# Output directory for build files
BUILD_DIR			?= $(PROJECT_DIR)/Build

# Includes
INC =	-I$(PROJECT_DIR) \
		-I$(CONFIG_DIR) \
		-I$(WOLFSSL_DIR) \
		-I$(WOLFHSM_DIR) \
		-I$(WOLFHSM_PORT_DIR)

# POSIX requires C source be defined before any header
DEF += -D_POSIX_C_SOURCE=200809L

# Library configuration defines for user-supplied settings
DEF += -DWOLFSSL_USER_SETTINGS -DWOLFHSM_CFG

# Ensure this build uses POSIX test features
DEF += -DWOLFHSM_CFG_TEST_POSIX

# Architecture flags for assembler, C compiler and linker
ARCHFLAGS ?=

# Enable extra C compiler warnings
CFLAGS_EXTRA = -Werror -Wall -Wextra
# Place functions / data into separate sections to allow unused code removal
CFLAGS_EXTRA += -ffunction-sections -fdata-sections
# Auto-generate header dependency files (.d) alongside object files
CFLAGS_EXTRA += -MMD -MP

# C standard to use (default to c90 if not specified)
CSTD 		?= -std=c90

ASFLAGS		?= $(ARCHFLAGS)
CFLAGS		?= $(ARCHFLAGS) $(CSTD) $(CFLAGS_EXTRA)
LDFLAGS		?= $(ARCHFLAGS)

# Enable garbage collection.  Inexact handling of dead_strip
OS_NAME := $(shell uname -s | tr A-Z a-z)
ifeq ($(OS_NAME),darwin)
	LDFLAGS += -Wl,-dead_strip
else
	LDFLAGS += -Wl,--gc-sections
endif

# LD: generate map
#LDFLAGS += -Wl,-map,$(BUILD_DIR)/$(BIN).map
#LDFLAGS += -Wl,-Map=$(BUILD_DIR)/$(BIN).map

## Makefile options

# Set to @ if you want to suppress command echo
CMD_ECHO ?=

# Check if DEBUG is set to 1 and append debug flags
ifeq ($(DEBUG),1)
	DBGFLAGS = -ggdb -g3
	CFLAGS += $(DBGFLAGS)
	LDFLAGS += $(DBGFLAGS)
	DEF += -DWOLFHSM_CFG_DEBUG
endif

# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output
# Note: DEBUG_VERBOSE implies DEBUG
ifeq ($(DEBUG_VERBOSE),1)
	DBGFLAGS = -ggdb -g3
	CFLAGS += $(DBGFLAGS)
	LDFLAGS += $(DBGFLAGS)
	DEF += -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE
endif

# Add address sanitizer option
ifeq ($(ASAN),1)
	CFLAGS += -fsanitize=address
	LDFLAGS += -fsanitize=address
endif

# Add code coverage option
ifeq ($(COVERAGE),1)
	CFLAGS += --coverage
	LDFLAGS += --coverage
endif

# Enable threadsafe mode, adding lock protection to shared structures
ifeq ($(THREADSAFE),1)
    DEF += -DWOLFHSM_CFG_THREADSAFE
endif

# Add thread sanitizer option (mutually exclusive with ASAN)
ifeq ($(TSAN),1)
    ifeq ($(ASAN),1)
    	$(error TSAN and ASAN cannot be used together)
    endif
    CFLAGS += -fsanitize=thread -fPIE
    DEF += -DWOLFSSL_NO_FENCE
    ifeq ($(STRESS),1)
	    # Force TSAN annotations on in stress test
        DEF += -DWOLFHSM_CFG_TEST_STRESS_TSAN
    endif
    LDFLAGS += -fsanitize=thread -pie
endif

## wolfSSL defines
ifeq ($(DEBUG_WOLFSSL),1)
	DEF += -DDEBUG_WOLFSSL
endif

## wolfHSM defines
ifeq ($(NOCRYPTO),1)
	DEF += -DWOLFHSM_CFG_NO_CRYPTO
endif

# Enable scan-build
ifeq ($(SCAN),1)
	SCAN_LOG = scan_test.log
	# Default target
	.DEFAULT_GOAL := scan
endif

# Support a DMA-capable build
ifeq ($(DMA),1)
	DEF += -DWOLFHSM_CFG_DMA
endif

# Support a SHE-capable build
ifeq ($(SHE),1)
	DEF += -DWOLFHSM_CFG_SHE_EXTENSION
endif

# Support a TLS-capable build
ifeq ($(TLS),1)
	DEF += -DWOLFHSM_CFG_TLS
endif

# Support stress test mode (only runs thread safety stress test)
ifeq ($(STRESS),1)
    ifneq ($(THREADSAFE),1)
        $(error Stress test requires building with THREADSAFE=1)
    endif
	DEF += -DWOLFHSM_CFG_TEST_STRESS
endif

# Support an authentication-capable build
ifeq ($(AUTH),1)
	DEF += -DWOLFHSM_CFG_ENABLE_AUTHENTICATION
endif

# Build the STM32 TZ NSC bridge transport plus its host unit test
ifeq ($(STM32_TZ_NSC),1)
	DEF += -DWOLFHSM_CFG_PORT_STM32_TZ_NSC
	WOLFHSM_STM32_TZ_DIR := $(WOLFHSM_DIR)/port/stmicro/stm32-tz
	INC += -I$(WOLFHSM_STM32_TZ_DIR)
	SRC_C += $(wildcard $(WOLFHSM_STM32_TZ_DIR)/*.c)
endif

## Project defines
# Option to build wolfcrypt tests
ifeq ($(TESTWOLFCRYPT),1)
	DEF += -DWOLFHSM_CFG_TEST_WOLFCRYPTTEST
endif

ifeq ($(CLIENT_ONLY),1)
# Build a client-only test driver to connect to a remote server
    DEF += -DWOLFHSM_CFG_ENABLE_CLIENT
	DEF += -DWOLFHSM_CFG_TEST_CLIENT_ONLY
else
# Build both and client server
    DEF += -DWOLFHSM_CFG_ENABLE_CLIENT
	DEF += -DWOLFHSM_CFG_ENABLE_SERVER
	DEF += -DWOLFHSM_CFG_IS_TEST_SERVER
endif


## Source files
# Assembly source files
SRC_ASM +=

ifneq ($(NOCRYPTO),1)
# wolfCrypt source files
SRC_C +=  $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c)

# wolfSSL source files
SRC_C +=  $(wildcard $(WOLFSSL_DIR)/src/*.c)

ifeq ($(TESTWOLFCRYPT),1)

    TESTWOLFCRYPT_DEFAULT_DEVID = 0x5748534D

    # If TESTWOLFCRYPT_DMA is defined but DMA is not, error
    ifneq ($(TESTWOLFCRYPT_DMA),)
        ifeq ($(DMA),)
            $(error "TESTWOLFCRYPT_DMA=1 requires DMA=1 to be set")
        endif
    endif

    # TESTWOLFCRYPT_DEVID and TESTWOLFCRYPT_DMA are mutually exclusive
    ifneq ($(TESTWOLFCRYPT_DMA),)
        ifneq ($(TESTWOLFCRYPT_DEVID),)
            $(error "Cannot set both TESTWOLFCRYPT_DEVID and TESTWOLFCRYPT_DMA. Please choose one.")
        endif
        # Set TESTWOLFCRYPT_DEVID to a hardcoded value when TESTWOLFCRYPT_DMA
        TESTWOLFCRYPT_DEVID = 0x57444D41
    endif

    # Set default TESTWOLFCRYPT_DEVID if not defined by the user
    TESTWOLFCRYPT_DEVID ?= $(TESTWOLFCRYPT_DEFAULT_DEVID)

    # Set the defines for WC_USE_DEVID
    DEF += -DWC_USE_DEVID=$(TESTWOLFCRYPT_DEVID)

	# wolfCrypt test source files
    SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/test/*.c)
endif

# End of NOCRYPTO
endif


# wolfHSM source files
SRC_C +=  $(wildcard $(WOLFHSM_DIR)/src/*.c)

# wolfHSM port/HAL code
SRC_C +=  $(wildcard $(WOLFHSM_PORT_DIR)/*.c)

# Test source files
SRC_C +=  $(wildcard $(PROJECT_DIR)/*.c)


## Automated processing below

FILENAMES_C = $(notdir $(SRC_C))
OBJS_C = $(addprefix $(BUILD_DIR)/, $(FILENAMES_C:.c=.o))
vpath %.c $(dir $(SRC_C))

OBJS_ASM = $(addprefix $(BUILD_DIR)/, $(notdir $(SRC_ASM:.s=.o)))
vpath %.s $(dir $(SRC_ASM))


## Makefile Targets

.PHONY: build_app build_hex build_static clean run coverage

build_app: $(BUILD_DIR) $(BUILD_DIR)/$(BIN).elf
	@echo Build complete.

build_hex: $(BUILD_DIR) $(BUILD_DIR)/$(BIN).hex
	@echo ""
	$(CMD_ECHO) $(SIZE) $(BUILD_DIR)/$(BIN).elf

build_static: $(BUILD_DIR) $(BUILD_DIR)/$(BIN).a
	@echo ""
	$(CMD_ECHO) $(SIZE) $(BUILD_DIR)/$(BIN).a

analyze:$(OBJS_ASM) $(OBJS_C)

scan:$(BUILD_DIR)
	@echo "Running scan-build static analysis"
	@mkdir -p $(WOLFHSM_DIR)/scan_out/
	@scan-build --exclude $(WOLFSSL_DIR)/wolfcrypt \
	            --exclude $(WOLFSSL_DIR)/src \
	            --status-bugs $(MAKE) analyze 2> $(WOLFHSM_DIR)/scan_out/$(SCAN_LOG)

$(BUILD_DIR):
	$(CMD_ECHO) mkdir -p $(BUILD_DIR)

$(BUILD_DIR)/$(BIN).hex: $(BUILD_DIR)/$(BIN).elf
	@echo "Generating HEX binary: $(notdir $@)"
	$(CMD_ECHO) $(OBJCOPY) -O ihex $< $@

$(BUILD_DIR)/%.o: %.s
	@echo "Compiling ASM file: $(notdir $<)"
	$(CMD_ECHO) $(AS) $(ASFLAGS) $(DEF) $(INC) -c -o $@ $<

# Add additional flag here to avoid pragma
$(BUILD_DIR)/wh_test_check_struct_padding.o: CFLAGS+=-Wpadded -DWOLFHSM_CFG_NO_CRYPTO

$(BUILD_DIR)/%.o: %.c
	@echo "Compiling C file: $(notdir $<)"
	$(CMD_ECHO) $(CC) $(CFLAGS) $(DEF) $(INC) -c -o $@ $<

# Include auto-generated dependency files (if they exist)
-include $(OBJS_C:.o=.d)

$(BUILD_DIR)/$(BIN).elf: $(OBJS_ASM) $(OBJS_C)
	@echo "Linking ELF binary: $(notdir $@)"
	$(CMD_ECHO) $(CC) $(LDFLAGS) $(SRC_LD) -o $@ $^ $(LIBS)

$(BUILD_DIR)/$(BIN).a: $(OBJS_ASM) $(OBJS_C)
	@echo "Building static library: $(notdir $@)"
	$(CMD_ECHO) $(AR) -r $@ $^

clean:
	@echo "Cleaning build files"
	@rm -f 	\
			$(BUILD_DIR)/*.elf \
			$(BUILD_DIR)/*.hex \
			$(BUILD_DIR)/*.map \
			$(BUILD_DIR)/*.o \
			$(BUILD_DIR)/*.d \
			$(BUILD_DIR)/*.a \
			$(BUILD_DIR)/*.sym \
			$(BUILD_DIR)/*.disasm \
			$(BUILD_DIR)/*.gcda \
			$(BUILD_DIR)/*.gcno

# Rebuild if sources or flags changed before running
run: build_app
ifeq ($(TSAN),1)
	# TSAN options:
	# - fail fast on first data race detected
	# - non-zero exit code if races are detected to ensure CI fails
	# - use our custom suppressions file to ignore wolfCrypt and SHM transport
	TSAN_OPTIONS="halt_on_error=1:exitcode=66:suppressions=$(PROJECT_DIR)/tsan.supp" $(BUILD_DIR)/$(BIN).elf
else
	$(BUILD_DIR)/$(BIN).elf
endif

# Coverage target: build with coverage, run tests, and generate report
coverage:
	@echo "Building with coverage enabled..."
	$(MAKE) clean
	$(eval COVERAGE_TARGETS := $(filter-out coverage,$(MAKECMDGOALS)))
	$(MAKE) COVERAGE=1 $(if $(COVERAGE_TARGETS),$(COVERAGE_TARGETS),build_app)
	@echo "Running tests..."
	@if [ ! -f $(BUILD_DIR)/$(BIN).elf ]; then \
		echo "Error: $(BUILD_DIR)/$(BIN).elf not found. Build failed."; \
		exit 1; \
	fi
	$(BUILD_DIR)/$(BIN).elf
	@echo "Generating coverage report..."
	mkdir -p ../coverage && gcovr Build \
		--gcov-ignore-parse-errors="negative_hits.warn" \
		--root .. \
		--gcov-executable gcov \
		--gcov-ignore-parse-errors=negative_hits.warn_once_per_file \
		--filter '\.\./src/.*' \
		--filter '\.\./wolfhsm/.*' \
		--html-details ../coverage/index.html \
		--print-summary
	@echo "Coverage report generated at ../coverage/index.html"

# Prevent make from trying to build these as targets
%:
	@: