*psa_crypto: Adapt tests/examples with removed Kconfig

2024-12-29 04:50:03 +01:00 · 2024-03-26 10:45:16 +01:00 · 2024-03-26 10:45:16 +01:00 · 9c9cc379a9
commit 9c9cc379a9
parent be8a2c84a1
13 changed files with 117 additions and 155 deletions
--- a/examples/psa_crypto/Makefile
+++ b/examples/psa_crypto/Makefile
@ -5,121 +5,115 @@ APPLICATION = example_psa_crypto

 BOARD ?= native

-# Necessary configurations when using Kconfig dependency resolution
-# The file `app.config.test` is always used for the build configuration.
-# The config files below are only added if needed.
-ifeq (1, $(TEST_KCONFIG))
-  ifeq (1, $(SECURE_ELEMENT))
-    CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
-    CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
-    INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
-    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.se
-  else ifeq (2, $(SECURE_ELEMENT))
-    CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
-    CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
-    CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
-    INCLUDES += -I$(APPDIR)
-    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.multi_se
-  else ifdef CUSTOM_BACKEND
-    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.base
-    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.custom
-  else
-    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.base
-  endif
+ifeq (2, $(SECURE_ELEMENT))
+  CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
+  CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
+  CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
+  INCLUDES += -I$(APPDIR)
+  KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.multi_se
 else
-  USEMODULE += ztimer
-  USEMODULE += ztimer_usec
+  KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.base
+endif

-  USEMODULE += psa_crypto
+USEMODULE += ztimer
+USEMODULE += ztimer_usec

-  # Hashes are needed for ECDSA operations (including secure elements), which
-  # is why we always build them
-  USEMODULE += psa_hash
-  USEMODULE += psa_hash_sha_256
+USEMODULE += psa_crypto

-  ifeq (1, $(SECURE_ELEMENT))
-    # When using a secure element, the type is required.
-    # Also you can specify the number of key slots required to store keys.
-    CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
-    CFLAGS += -DCUSTOM_ATCA_PARAMS  # Application specific (not needed by PSA)
-    INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
+# Hashes are needed for ECDSA operations (including secure elements), which
+# is why we always build them
+USEMODULE += psa_hash
+USEMODULE += psa_hash_sha_256

+ifeq (1, $(SECURE_ELEMENT))
+  # When using a secure element, the type is required.
+  # Also you can specify the number of key slots required to store keys.
+  CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
+  CFLAGS += -DCUSTOM_ATCA_PARAMS  # Application specific (not needed by PSA)
+  INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
+  ifneq (1, $(SHOULD_RUN_KCONFIG))
    CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=4
    CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
-    USEMODULE += psa_secure_element
-    USEMODULE += psa_secure_element_ateccx08a
-    USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
-    USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
-    USEMODULE += psa_secure_element_ateccx08a_ecc_p256
-  else ifeq (2, $(SECURE_ELEMENT))
-    CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
-    CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
-    CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
-    INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
+  else
+    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.se
+  endif
+  USEMODULE += psa_secure_element
+  USEMODULE += psa_secure_element_ateccx08a
+  USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
+  USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
+  USEMODULE += psa_secure_element_ateccx08a_ecc_p256
+else ifeq (2, $(SECURE_ELEMENT))
+  CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
+  CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
+  CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
+  INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
+  ifneq (1, $(SHOULD_RUN_KCONFIG))
    CFLAGS += -DCONFIG_PSA_MAX_SE_COUNT=2
    CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=8
    CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=2
-    USEMODULE += psa_secure_element
-    USEMODULE += psa_secure_element_multiple
-    USEMODULE += psa_secure_element_ateccx08a
-    USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
-    USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
-    USEMODULE += psa_secure_element_ateccx08a_ecc_p256
-  else ifdef CUSTOM_BACKEND
-    # Necessary configuration when using Make dependency resolution
-    # This first part chooses the operation. If nothing else is specified,
-    # a default backend is built depending on the platform capabilities.
-    USEMODULE += psa_cipher
-    USEMODULE += psa_cipher_aes_128_cbc
-
-    USEMODULE += psa_mac
-    USEMODULE += psa_mac_hmac_sha_256
-
-    USEMODULE += psa_asymmetric
-    USEMODULE += psa_asymmetric_ecc_p256r1
-    USEMODULE += psa_asymmetric_ecc_ed25519
-
-    # If you want to use a custom backend, you need to do it this way.
-    USEMODULE += psa_cipher_aes_128_cbc_custom_backend
-    USEMODULE += psa_cipher_aes_128_cbc_backend_riot # force custom backend
-
-    USEMODULE += psa_mac_hmac_sha_256_custom_backend
-    USEMODULE += psa_mac_hmac_sha_256_backend_riot # force custom backend
-
-    USEMODULE += psa_hash_sha_256_custom_backend
-    USEMODULE += psa_hash_sha_256_backend_riot
-
-    USEMODULE += psa_asymmetric_ecc_p256r1_custom_backend
-    USEMODULE += psa_asymmetric_ecc_p256r1_backend_microecc # force custom backend
-
-    USEMODULE += psa_asymmetric_ecc_ed25519_custom_backend
-    USEMODULE += psa_asymmetric_ecc_ed25519_backend_c25519 # force custom backend
  else
-    # Necessary configuration when using Make dependency resolution
-    # This part only chooses the operation. If nothing else es specified,
-    # a default backend is built depending on the platform capabilities.
-    USEMODULE += psa_cipher
-    USEMODULE += psa_cipher_aes_128_cbc
-
-    USEMODULE += psa_mac
-    USEMODULE += psa_mac_hmac_sha_256
-
-    USEMODULE += psa_asymmetric
-    USEMODULE += psa_asymmetric_ecc_p256r1
-    USEMODULE += psa_asymmetric_ecc_ed25519
+    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.multi_se
  endif
+  USEMODULE += psa_secure_element
+  USEMODULE += psa_secure_element_multiple
+  USEMODULE += psa_secure_element_ateccx08a
+  USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
+  USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
+  USEMODULE += psa_secure_element_ateccx08a_ecc_p256
+else ifdef CUSTOM_BACKEND
+  # Necessary configuration when using Make dependency resolution
+  # This first part chooses the operation. If nothing else is specified,
+  # a default backend is built depending on the platform capabilities.
+  USEMODULE += psa_cipher
+  USEMODULE += psa_cipher_aes_128_cbc
+
+  USEMODULE += psa_mac
+  USEMODULE += psa_mac_hmac_sha_256
+
+  USEMODULE += psa_asymmetric
+  USEMODULE += psa_asymmetric_ecc_p256r1
+  USEMODULE += psa_asymmetric_ecc_ed25519
+
+  # If you want to use a custom backend, you need to do it this way.
+  USEMODULE += psa_cipher_aes_128_cbc_custom_backend
+  USEMODULE += psa_cipher_aes_128_cbc_backend_riot # force custom backend
+
+  USEMODULE += psa_mac_hmac_sha_256_custom_backend
+  USEMODULE += psa_mac_hmac_sha_256_backend_riot # force custom backend
+
+  USEMODULE += psa_hash_sha_256_custom_backend
+  USEMODULE += psa_hash_sha_256_backend_riot
+
+  USEMODULE += psa_asymmetric_ecc_p256r1_custom_backend
+  USEMODULE += psa_asymmetric_ecc_p256r1_backend_microecc # force custom backend
+
+  USEMODULE += psa_asymmetric_ecc_ed25519_custom_backend
+  USEMODULE += psa_asymmetric_ecc_ed25519_backend_c25519 # force custom backend
+else
+  # Necessary configuration when using Make dependency resolution
+  # This part only chooses the operation. If nothing else es specified,
+  # a default backend is built depending on the platform capabilities.
+  USEMODULE += psa_cipher
+  USEMODULE += psa_cipher_aes_128_cbc
+
+  USEMODULE += psa_mac
+  USEMODULE += psa_mac_hmac_sha_256
+
+  USEMODULE += psa_asymmetric
+  USEMODULE += psa_asymmetric_ecc_p256r1
+  USEMODULE += psa_asymmetric_ecc_ed25519

-  ifndef SECURE_ELEMENT
-    CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
-    CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=4
-  endif
 endif

 ifndef SECURE_ELEMENT
  # The software implementations need a larger stack, so we increase the stack size.
  CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(12*THREAD_STACKSIZE_DEFAULT\)
+  ifneq (1, $(SHOULD_RUN_KCONFIG))
+    CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
+    CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=4
+  else
+    KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.base
+  endif
 endif

-SHOULD_RUN_KCONFIG :=
-
 include $(RIOTBASE)/Makefile.include
--- a/examples/psa_crypto/README.md
+++ b/examples/psa_crypto/README.md
@ -29,48 +29,23 @@ for software and hardware backends as well as secure elements, measured on the n


 ## Configuration of the API
-There are two ways to configure the API: module selection via Kconfig and module selection
-via Makefiles.
+The module selection must be done with Make but the compile-time configuration
+settings can be done with Kconfig and `menuconfig`.

-To see which modules should be chosen for each configuration, please read the Makefile and
-the `app.config.test.*` files.
-
-### Kconfig
-> **NOTE:** In this application all the configurations are in separate app.config files
-> for demonstration purposes. You can also write all configs into one file or choose them
-> via `menuconfig`.
-> To access the GUI, run `TEST_KCONFIG=1 BOARD=<your board> make menuconfig`.
-
-When building the application with the `TEST_KCONFIG=1` option, the first config file parsed by the build system is `app.config.test`. This selects the PSA Crypto module and other modules our application needs (e.g. ztimer). If you need cryptographic keys, you can specify the number of key slots needed for key storage (the default is set to 5).
-The graph below shows how the `app.config` files in this application are included.
-Selections in `app.config.test` are always applied.
-The others are only added, if you specify the corresponding build option.
-
-```mermaid
-    flowchart TD;
-        app.config.test -- default --> app.config.test.base;
-        app.config.test.base -- CUSTOM_BACKEND=1 --> app.config.test.custom;
-        app.config.test -- SECURE_ELEMENT=1 --> app.config.test.se;
-        app.config.test -- SECURE_ELEMENT=2 --> app.config.test.multi_se;
-```
-If you build this without specifying anything else, the symbols in `app.config.test.base`
-are added and PSA Crypto will automatically choose a default crypto backend depending on the platform you're building for.
+If you build this without specifying anything, PSA Crypto will automatically
+choose a default crypto backend depending on the platform you're building for.
 For example when your platform is `native`, software implementations are built.
-When you specify `BOARD=nrf52840dk`, the hardware accelerator of the board will be built.
+When you specify `BOARD=nrf52840dk`, the hardware accelerator of the board will
+be built.

-If you want to force a custom backend, you can specify that in the Kconfig file. This application already contains the configuration for a custom backend (see `app.config.test.custom`), which will be added to the application build when you define `CUSTOM_BACKEND=1`.
-
-Instead of or in addition to the default and custom implementations you can use a secure element as a backend (see Section [Using Secure Elements](#using-secure-elements]).
+Instead of or in addition to the default and custom implementations you can use
+a secure element as a backend (see Section [Using Secure Elements](#using-secure-elements]).
 Secure elements are independent of the other backends. In this application, when you
 choose secure elements, they are built instead of the other backends.

-Please note that the build options `CUSTOM_BACKEND` and `SECURE_ELEMENT` only apply to this specific application and have nothing to do with the PSA implementation.
-
-### Make
-All the configurations in the Kconfig files can also be applied using Make dependency resolution. The Makefile contains all the modules that must be selected when building the different configurations.
-They can all be built as described above, but *without* defining TEST_KCONFIG.
-
-To prevent conflicts when building this application multiple times with different backends, it is best to remove the `bin` directory in between builds.
+Please note that the build options `CUSTOM_BACKEND` and `SECURE_ELEMENT` only
+apply to this specific application and have nothing to do with the PSA
+implementation.

 ## Using Secure Elements
 > **NOTE:**
--- a/examples/psa_crypto/app.config.base
+++ b/examples/psa_crypto/app.config.base
@ -0,0 +1,2 @@
+CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
+CONFIG_PSA_SINGLE_KEY_COUNT=4
--- a/examples/psa_crypto/app.config.multi_se
+++ b/examples/psa_crypto/app.config.multi_se
@ -0,0 +1,3 @@
+CONFIG_PSA_MAX_SE_COUNT=2
+CONFIG_PSA_PROTECTED_KEY_COUNT=8
+CONFIG_PSA_SINGLE_KEY_COUNT=2
--- a/examples/psa_crypto/app.config.se
+++ b/examples/psa_crypto/app.config.se
@ -0,0 +1,2 @@
+CONFIG_PSA_PROTECTED_KEY_COUNT=4
+CONFIG_PSA_SINGLE_KEY_COUNT=1
--- a/tests/sys/psa_crypto_cipher/Makefile
+++ b/tests/sys/psa_crypto_cipher/Makefile
@ -8,10 +8,8 @@ USEMODULE += psa_crypto
 USEMODULE += psa_cipher
 USEMODULE += psa_cipher_aes_128_cbc

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 endif

-SHOULD_RUN_KCONFIG :=
-
 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_ecdsa/Makefile
+++ b/tests/sys/psa_crypto_ecdsa/Makefile
@ -10,13 +10,11 @@ USEMODULE += psa_hash_sha_256
 USEMODULE += psa_asymmetric
 USEMODULE += psa_asymmetric_ecc_p256r1

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 endif

-SHOULD_RUN_KCONFIG :=
-
 CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096

 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_eddsa/Makefile
+++ b/tests/sys/psa_crypto_eddsa/Makefile
@ -8,13 +8,11 @@ USEMODULE += psa_crypto
 USEMODULE += psa_asymmetric
 USEMODULE += psa_asymmetric_ecc_ed25519

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 endif

-SHOULD_RUN_KCONFIG :=
-
 CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096

 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_mac/Makefile
+++ b/tests/sys/psa_crypto_mac/Makefile
@ -8,10 +8,8 @@ USEMODULE += psa_crypto
 USEMODULE += psa_mac
 USEMODULE += psa_mac_hmac_sha_256

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 endif

-SHOULD_RUN_KCONFIG :=
-
 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_se/Makefile
+++ b/tests/sys/psa_crypto_se/Makefile
@ -15,7 +15,7 @@ USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
 USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
 USEMODULE += psa_secure_element_ateccx08a_ecc_p256

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 endif
@ -25,6 +25,4 @@ CFLAGS += -DCUSTOM_ATCA_PARAMS

 INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)

-SHOULD_RUN_KCONFIG :=
-
 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_se_cipher/Makefile
+++ b/tests/sys/psa_crypto_se_cipher/Makefile
@ -11,8 +11,7 @@ USEMODULE += psa_secure_element
 USEMODULE += psa_secure_element_ateccx08a
 USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128

-
-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
 endif

@ -21,6 +20,4 @@ CFLAGS += -DCUSTOM_ATCA_PARAMS

 INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)

-SHOULD_RUN_KCONFIG :=
-
 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_se_ecdsa/Makefile
+++ b/tests/sys/psa_crypto_se_ecdsa/Makefile
@ -13,7 +13,7 @@ USEMODULE += psa_secure_element
 USEMODULE += psa_secure_element_ateccx08a
 USEMODULE += psa_secure_element_ateccx08a_ecc_p256

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
  CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
 endif
@ -23,6 +23,5 @@ CFLAGS += -DCUSTOM_ATCA_PARAMS

 INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)

-SHOULD_RUN_KCONFIG :=

 include $(RIOTBASE)/Makefile.include
--- a/tests/sys/psa_crypto_se_mac/Makefile
+++ b/tests/sys/psa_crypto_se_mac/Makefile
@ -11,7 +11,7 @@ USEMODULE += psa_secure_element
 USEMODULE += psa_secure_element_ateccx08a
 USEMODULE += psa_secure_element_ateccx08a_hmac_sha256

-ifneq (1, $(TEST_KCONFIG))
+ifneq (1, $(SHOULD_RUN_KCONFIG))
  CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
 endif