2023-08-29 19:27:27 +02:00
|
|
|
# This has to be the absolute path to the RIOT base directory:
|
|
|
|
RIOTBASE ?= $(CURDIR)/../..
|
|
|
|
|
|
|
|
APPLICATION = example_psa_crypto
|
|
|
|
|
|
|
|
BOARD ?= native
|
|
|
|
|
2024-05-10 16:52:46 +02:00
|
|
|
DOCKER_ENV_VARS += SECURE_ELEMENT
|
|
|
|
|
2024-03-26 10:45:16 +01:00
|
|
|
ifeq (2, $(SECURE_ELEMENT))
|
|
|
|
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
|
|
|
|
CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
|
|
|
|
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
|
|
|
|
INCLUDES += -I$(APPDIR)
|
|
|
|
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.multi_se
|
2023-08-29 19:27:27 +02:00
|
|
|
else
|
2024-03-26 10:45:16 +01:00
|
|
|
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.base
|
|
|
|
endif
|
2023-08-29 19:27:27 +02:00
|
|
|
|
2024-03-26 10:45:16 +01:00
|
|
|
USEMODULE += ztimer
|
|
|
|
USEMODULE += ztimer_usec
|
2023-08-29 19:27:27 +02:00
|
|
|
|
2024-03-26 10:45:16 +01:00
|
|
|
USEMODULE += psa_crypto
|
2023-08-29 19:27:27 +02:00
|
|
|
|
2024-03-26 10:45:16 +01:00
|
|
|
# Hashes are needed for ECDSA operations (including secure elements), which
|
|
|
|
# is why we always build them
|
|
|
|
USEMODULE += psa_hash
|
|
|
|
USEMODULE += psa_hash_sha_256
|
2023-08-29 19:27:27 +02:00
|
|
|
|
2024-03-26 10:45:16 +01:00
|
|
|
ifeq (1, $(SECURE_ELEMENT))
|
|
|
|
# When using a secure element, the type is required.
|
|
|
|
# Also you can specify the number of key slots required to store keys.
|
|
|
|
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
|
|
|
|
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
|
|
|
|
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
|
|
|
|
ifneq (1, $(SHOULD_RUN_KCONFIG))
|
2023-08-29 19:27:27 +02:00
|
|
|
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=4
|
|
|
|
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
2024-03-26 10:45:16 +01:00
|
|
|
else
|
|
|
|
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.se
|
|
|
|
endif
|
|
|
|
USEMODULE += psa_secure_element
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
|
|
|
|
else ifeq (2, $(SECURE_ELEMENT))
|
|
|
|
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
|
|
|
|
CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
|
|
|
|
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
|
|
|
|
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
|
|
|
|
ifneq (1, $(SHOULD_RUN_KCONFIG))
|
2023-08-29 19:27:27 +02:00
|
|
|
CFLAGS += -DCONFIG_PSA_MAX_SE_COUNT=2
|
|
|
|
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=8
|
|
|
|
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=2
|
|
|
|
else
|
2024-03-26 10:45:16 +01:00
|
|
|
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.multi_se
|
2023-08-29 19:27:27 +02:00
|
|
|
endif
|
2024-03-26 10:45:16 +01:00
|
|
|
USEMODULE += psa_secure_element
|
|
|
|
USEMODULE += psa_secure_element_multiple
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
|
|
|
|
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
|
|
|
|
else ifdef CUSTOM_BACKEND
|
|
|
|
# Necessary configuration when using Make dependency resolution
|
|
|
|
# This first part chooses the operation. If nothing else is specified,
|
|
|
|
# a default backend is built depending on the platform capabilities.
|
|
|
|
USEMODULE += psa_cipher
|
|
|
|
USEMODULE += psa_cipher_aes_128_cbc
|
|
|
|
|
|
|
|
USEMODULE += psa_mac
|
|
|
|
USEMODULE += psa_mac_hmac_sha_256
|
|
|
|
|
|
|
|
USEMODULE += psa_asymmetric
|
|
|
|
USEMODULE += psa_asymmetric_ecc_p256r1
|
|
|
|
USEMODULE += psa_asymmetric_ecc_ed25519
|
|
|
|
|
|
|
|
# If you want to use a custom backend, you need to do it this way.
|
|
|
|
USEMODULE += psa_cipher_aes_128_cbc_custom_backend
|
|
|
|
USEMODULE += psa_cipher_aes_128_cbc_backend_riot # force custom backend
|
|
|
|
|
|
|
|
USEMODULE += psa_mac_hmac_sha_256_custom_backend
|
|
|
|
USEMODULE += psa_mac_hmac_sha_256_backend_riot # force custom backend
|
|
|
|
|
|
|
|
USEMODULE += psa_hash_sha_256_custom_backend
|
|
|
|
USEMODULE += psa_hash_sha_256_backend_riot
|
|
|
|
|
|
|
|
USEMODULE += psa_asymmetric_ecc_p256r1_custom_backend
|
|
|
|
USEMODULE += psa_asymmetric_ecc_p256r1_backend_microecc # force custom backend
|
|
|
|
|
|
|
|
USEMODULE += psa_asymmetric_ecc_ed25519_custom_backend
|
|
|
|
USEMODULE += psa_asymmetric_ecc_ed25519_backend_c25519 # force custom backend
|
|
|
|
else
|
|
|
|
# Necessary configuration when using Make dependency resolution
|
|
|
|
# This part only chooses the operation. If nothing else es specified,
|
|
|
|
# a default backend is built depending on the platform capabilities.
|
|
|
|
USEMODULE += psa_cipher
|
|
|
|
USEMODULE += psa_cipher_aes_128_cbc
|
|
|
|
|
2024-01-02 13:53:54 +01:00
|
|
|
USEMODULE += psa_hash
|
|
|
|
USEMODULE += psa_hash_sha_224
|
|
|
|
USEMODULE += psa_hash_sha_256
|
|
|
|
USEMODULE += psa_hash_sha_384
|
|
|
|
USEMODULE += psa_hash_sha_512
|
|
|
|
USEMODULE += psa_hash_sha_512_224
|
|
|
|
USEMODULE += psa_hash_sha_512_256
|
|
|
|
|
2024-03-26 10:45:16 +01:00
|
|
|
USEMODULE += psa_mac
|
|
|
|
USEMODULE += psa_mac_hmac_sha_256
|
|
|
|
|
|
|
|
USEMODULE += psa_asymmetric
|
|
|
|
USEMODULE += psa_asymmetric_ecc_p256r1
|
|
|
|
USEMODULE += psa_asymmetric_ecc_ed25519
|
2023-08-29 19:27:27 +02:00
|
|
|
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifndef SECURE_ELEMENT
|
|
|
|
# The software implementations need a larger stack, so we increase the stack size.
|
|
|
|
CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(12*THREAD_STACKSIZE_DEFAULT\)
|
2024-03-26 10:45:16 +01:00
|
|
|
ifneq (1, $(SHOULD_RUN_KCONFIG))
|
|
|
|
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
|
|
|
|
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=4
|
|
|
|
else
|
|
|
|
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.base
|
|
|
|
endif
|
2023-08-29 19:27:27 +02:00
|
|
|
endif
|
|
|
|
|
|
|
|
include $(RIOTBASE)/Makefile.include
|