1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00

*psa_crypto: Adapt tests/examples with removed Kconfig

This commit is contained in:
MrKevinWeiss 2024-03-26 10:45:16 +01:00
parent be8a2c84a1
commit 9c9cc379a9
No known key found for this signature in database
GPG Key ID: C26684F1C0767FFF
13 changed files with 117 additions and 155 deletions

View File

@ -5,121 +5,115 @@ APPLICATION = example_psa_crypto
BOARD ?= native BOARD ?= native
# Necessary configurations when using Kconfig dependency resolution ifeq (2, $(SECURE_ELEMENT))
# The file `app.config.test` is always used for the build configuration. CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
# The config files below are only added if needed. CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
ifeq (1, $(TEST_KCONFIG)) CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
ifeq (1, $(SECURE_ELEMENT)) INCLUDES += -I$(APPDIR)
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA) KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.multi_se
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.se
else ifeq (2, $(SECURE_ELEMENT))
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
INCLUDES += -I$(APPDIR)
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.multi_se
else ifdef CUSTOM_BACKEND
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.base
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.custom
else
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.test.base
endif
else else
USEMODULE += ztimer KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.base
USEMODULE += ztimer_usec endif
USEMODULE += psa_crypto USEMODULE += ztimer
USEMODULE += ztimer_usec
# Hashes are needed for ECDSA operations (including secure elements), which USEMODULE += psa_crypto
# is why we always build them
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
ifeq (1, $(SECURE_ELEMENT)) # Hashes are needed for ECDSA operations (including secure elements), which
# When using a secure element, the type is required. # is why we always build them
# Also you can specify the number of key slots required to store keys. USEMODULE += psa_hash
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA) USEMODULE += psa_hash_sha_256
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
ifeq (1, $(SECURE_ELEMENT))
# When using a secure element, the type is required.
# Also you can specify the number of key slots required to store keys.
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=4 CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=4
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
USEMODULE += psa_secure_element else
USEMODULE += psa_secure_element_ateccx08a KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.se
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 endif
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a_ecc_p256 USEMODULE += psa_secure_element_ateccx08a
else ifeq (2, $(SECURE_ELEMENT)) USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA) USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA) USEMODULE += psa_secure_element_ateccx08a_ecc_p256
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA) else ifeq (2, $(SECURE_ELEMENT))
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
CFLAGS += -DMULTIPLE_SE # Application specific (not needed by PSA)
CFLAGS += -DCUSTOM_ATCA_PARAMS # Application specific (not needed by PSA)
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_MAX_SE_COUNT=2 CFLAGS += -DCONFIG_PSA_MAX_SE_COUNT=2
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=8 CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=8
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=2 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=2
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_multiple
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifdef CUSTOM_BACKEND
# Necessary configuration when using Make dependency resolution
# This first part chooses the operation. If nothing else is specified,
# a default backend is built depending on the platform capabilities.
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1
USEMODULE += psa_asymmetric_ecc_ed25519
# If you want to use a custom backend, you need to do it this way.
USEMODULE += psa_cipher_aes_128_cbc_custom_backend
USEMODULE += psa_cipher_aes_128_cbc_backend_riot # force custom backend
USEMODULE += psa_mac_hmac_sha_256_custom_backend
USEMODULE += psa_mac_hmac_sha_256_backend_riot # force custom backend
USEMODULE += psa_hash_sha_256_custom_backend
USEMODULE += psa_hash_sha_256_backend_riot
USEMODULE += psa_asymmetric_ecc_p256r1_custom_backend
USEMODULE += psa_asymmetric_ecc_p256r1_backend_microecc # force custom backend
USEMODULE += psa_asymmetric_ecc_ed25519_custom_backend
USEMODULE += psa_asymmetric_ecc_ed25519_backend_c25519 # force custom backend
else else
# Necessary configuration when using Make dependency resolution KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.multi_se
# This part only chooses the operation. If nothing else es specified,
# a default backend is built depending on the platform capabilities.
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1
USEMODULE += psa_asymmetric_ecc_ed25519
endif endif
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_multiple
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifdef CUSTOM_BACKEND
# Necessary configuration when using Make dependency resolution
# This first part chooses the operation. If nothing else is specified,
# a default backend is built depending on the platform capabilities.
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1
USEMODULE += psa_asymmetric_ecc_ed25519
# If you want to use a custom backend, you need to do it this way.
USEMODULE += psa_cipher_aes_128_cbc_custom_backend
USEMODULE += psa_cipher_aes_128_cbc_backend_riot # force custom backend
USEMODULE += psa_mac_hmac_sha_256_custom_backend
USEMODULE += psa_mac_hmac_sha_256_backend_riot # force custom backend
USEMODULE += psa_hash_sha_256_custom_backend
USEMODULE += psa_hash_sha_256_backend_riot
USEMODULE += psa_asymmetric_ecc_p256r1_custom_backend
USEMODULE += psa_asymmetric_ecc_p256r1_backend_microecc # force custom backend
USEMODULE += psa_asymmetric_ecc_ed25519_custom_backend
USEMODULE += psa_asymmetric_ecc_ed25519_backend_c25519 # force custom backend
else
# Necessary configuration when using Make dependency resolution
# This part only chooses the operation. If nothing else es specified,
# a default backend is built depending on the platform capabilities.
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1
USEMODULE += psa_asymmetric_ecc_ed25519
ifndef SECURE_ELEMENT
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=4
endif
endif endif
ifndef SECURE_ELEMENT ifndef SECURE_ELEMENT
# The software implementations need a larger stack, so we increase the stack size. # The software implementations need a larger stack, so we increase the stack size.
CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(12*THREAD_STACKSIZE_DEFAULT\) CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(12*THREAD_STACKSIZE_DEFAULT\)
ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=4
else
KCONFIG_ADD_CONFIG += $(APPDIR)/app.config.base
endif
endif endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -29,48 +29,23 @@ for software and hardware backends as well as secure elements, measured on the n
## Configuration of the API ## Configuration of the API
There are two ways to configure the API: module selection via Kconfig and module selection The module selection must be done with Make but the compile-time configuration
via Makefiles. settings can be done with Kconfig and `menuconfig`.
To see which modules should be chosen for each configuration, please read the Makefile and If you build this without specifying anything, PSA Crypto will automatically
the `app.config.test.*` files. choose a default crypto backend depending on the platform you're building for.
### Kconfig
> **NOTE:** In this application all the configurations are in separate app.config files
> for demonstration purposes. You can also write all configs into one file or choose them
> via `menuconfig`.
> To access the GUI, run `TEST_KCONFIG=1 BOARD=<your board> make menuconfig`.
When building the application with the `TEST_KCONFIG=1` option, the first config file parsed by the build system is `app.config.test`. This selects the PSA Crypto module and other modules our application needs (e.g. ztimer). If you need cryptographic keys, you can specify the number of key slots needed for key storage (the default is set to 5).
The graph below shows how the `app.config` files in this application are included.
Selections in `app.config.test` are always applied.
The others are only added, if you specify the corresponding build option.
```mermaid
flowchart TD;
app.config.test -- default --> app.config.test.base;
app.config.test.base -- CUSTOM_BACKEND=1 --> app.config.test.custom;
app.config.test -- SECURE_ELEMENT=1 --> app.config.test.se;
app.config.test -- SECURE_ELEMENT=2 --> app.config.test.multi_se;
```
If you build this without specifying anything else, the symbols in `app.config.test.base`
are added and PSA Crypto will automatically choose a default crypto backend depending on the platform you're building for.
For example when your platform is `native`, software implementations are built. For example when your platform is `native`, software implementations are built.
When you specify `BOARD=nrf52840dk`, the hardware accelerator of the board will be built. When you specify `BOARD=nrf52840dk`, the hardware accelerator of the board will
be built.
If you want to force a custom backend, you can specify that in the Kconfig file. This application already contains the configuration for a custom backend (see `app.config.test.custom`), which will be added to the application build when you define `CUSTOM_BACKEND=1`. Instead of or in addition to the default and custom implementations you can use
a secure element as a backend (see Section [Using Secure Elements](#using-secure-elements]).
Instead of or in addition to the default and custom implementations you can use a secure element as a backend (see Section [Using Secure Elements](#using-secure-elements]).
Secure elements are independent of the other backends. In this application, when you Secure elements are independent of the other backends. In this application, when you
choose secure elements, they are built instead of the other backends. choose secure elements, they are built instead of the other backends.
Please note that the build options `CUSTOM_BACKEND` and `SECURE_ELEMENT` only apply to this specific application and have nothing to do with the PSA implementation. Please note that the build options `CUSTOM_BACKEND` and `SECURE_ELEMENT` only
apply to this specific application and have nothing to do with the PSA
### Make implementation.
All the configurations in the Kconfig files can also be applied using Make dependency resolution. The Makefile contains all the modules that must be selected when building the different configurations.
They can all be built as described above, but *without* defining TEST_KCONFIG.
To prevent conflicts when building this application multiple times with different backends, it is best to remove the `bin` directory in between builds.
## Using Secure Elements ## Using Secure Elements
> **NOTE:** > **NOTE:**

View File

@ -0,0 +1,2 @@
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=2
CONFIG_PSA_SINGLE_KEY_COUNT=4

View File

@ -0,0 +1,3 @@
CONFIG_PSA_MAX_SE_COUNT=2
CONFIG_PSA_PROTECTED_KEY_COUNT=8
CONFIG_PSA_SINGLE_KEY_COUNT=2

View File

@ -0,0 +1,2 @@
CONFIG_PSA_PROTECTED_KEY_COUNT=4
CONFIG_PSA_SINGLE_KEY_COUNT=1

View File

@ -8,10 +8,8 @@ USEMODULE += psa_crypto
USEMODULE += psa_cipher USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc USEMODULE += psa_cipher_aes_128_cbc
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -10,13 +10,11 @@ USEMODULE += psa_hash_sha_256
USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1 USEMODULE += psa_asymmetric_ecc_p256r1
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif endif
SHOULD_RUN_KCONFIG :=
CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096 CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -8,13 +8,11 @@ USEMODULE += psa_crypto
USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_ed25519 USEMODULE += psa_asymmetric_ecc_ed25519
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif endif
SHOULD_RUN_KCONFIG :=
CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096 CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -8,10 +8,8 @@ USEMODULE += psa_crypto
USEMODULE += psa_mac USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256 USEMODULE += psa_mac_hmac_sha_256
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -15,7 +15,7 @@ USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3 CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif endif
@ -25,6 +25,4 @@ CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -11,8 +11,7 @@ USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
ifneq (1, $(SHOULD_RUN_KCONFIG))
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif endif
@ -21,6 +20,4 @@ CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -13,7 +13,7 @@ USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_ecc_p256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif endif
@ -23,6 +23,5 @@ CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include

View File

@ -11,7 +11,7 @@ USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
ifneq (1, $(TEST_KCONFIG)) ifneq (1, $(SHOULD_RUN_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif endif