From 7479728200c51d840363421d07f090d8b426b053 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= <mikolai.guetschow@tu-dresden.de>
Date: Tue, 17 Oct 2023 17:17:33 +0200
Subject: [PATCH 1/4] sys/psa_crypto: add test for double initialization

---
 tests/sys/psa_crypto/Makefile        | 14 ++++++
 tests/sys/psa_crypto/main.c          | 70 ++++++++++++++++++++++++++++
 tests/sys/psa_crypto/tests/01-run.py | 14 ++++++
 3 files changed, 98 insertions(+)
 create mode 100644 tests/sys/psa_crypto/Makefile
 create mode 100644 tests/sys/psa_crypto/main.c
 create mode 100755 tests/sys/psa_crypto/tests/01-run.py

diff --git a/tests/sys/psa_crypto/Makefile b/tests/sys/psa_crypto/Makefile
new file mode 100644
index 0000000000..4d3a999a0c
--- /dev/null
+++ b/tests/sys/psa_crypto/Makefile
@@ -0,0 +1,14 @@
+include ../Makefile.sys_common
+
+USEMODULE += embunit
+
+USEMODULE += psa_crypto
+
+# FIXME: currently only needed for build to succeed
+USEMODULE += psa_cipher
+USEMODULE += psa_cipher_aes_128_cbc
+
+USEMODULE += psa_asymmetric
+USEMODULE += psa_asymmetric_ecc_ed25519
+
+include $(RIOTBASE)/Makefile.include
diff --git a/tests/sys/psa_crypto/main.c b/tests/sys/psa_crypto/main.c
new file mode 100644
index 0000000000..dfbe20237d
--- /dev/null
+++ b/tests/sys/psa_crypto/main.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     tests
+ * @{
+ *
+ * @file
+ * @brief       Test application for the PSA Cryptography API
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include "embUnit.h"
+#include "psa/crypto.h"
+
+#define TEST_ASSERT_PSA(func_) TEST_ASSERT_MESSAGE(func_ == PSA_SUCCESS, #func_ " failed");
+
+/*
+ * A second call to psa_crypto_init() should not reset key data.
+ */
+static void test_init_twice(void)
+{
+    TEST_ASSERT_PSA(psa_crypto_init());
+
+
+    psa_key_id_t key_id = PSA_KEY_ID_NULL;
+    psa_key_attributes_t key_attr = psa_key_attributes_init();
+    psa_set_key_algorithm(&key_attr, PSA_ALG_PURE_EDDSA);
+    psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+    psa_set_key_bits(&key_attr, 255);
+    psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS));
+    TEST_ASSERT_PSA(psa_generate_key(&key_attr, &key_id));
+
+    uint8_t key_data[PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(psa_get_key_type(&key_attr), psa_get_key_bits(&key_attr))];
+    size_t key_data_len;
+
+    TEST_ASSERT_PSA(psa_export_public_key(key_id, key_data, sizeof(key_data), &key_data_len));
+    TEST_ASSERT_PSA(psa_crypto_init());
+    TEST_ASSERT_PSA(psa_export_public_key(key_id, key_data, sizeof(key_data), &key_data_len));
+
+}
+
+static Test *tests_psa_crypto(void)
+{
+    EMB_UNIT_TESTFIXTURES(fixtures) {
+        new_TestFixture(test_init_twice),
+    };
+
+    EMB_UNIT_TESTCALLER(tests, NULL, NULL, fixtures);
+    return (Test *)&tests;
+}
+
+int main(void)
+{
+    puts("psa_crypto test");
+    TESTS_START();
+    TESTS_RUN(tests_psa_crypto());
+    TESTS_END();
+
+    return 0;
+}
diff --git a/tests/sys/psa_crypto/tests/01-run.py b/tests/sys/psa_crypto/tests/01-run.py
new file mode 100755
index 0000000000..dc56107fc3
--- /dev/null
+++ b/tests/sys/psa_crypto/tests/01-run.py
@@ -0,0 +1,14 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2023 TU Dresden
+#
+# This file is subject to the terms and conditions of the GNU Lesser
+# General Public License v2.1. See the file LICENSE in the top level
+# directory for more details.
+
+import sys
+from testrunner import run_check_unittests
+
+
+if __name__ == "__main__":
+    sys.exit(run_check_unittests())

From 6ad2f052c52fb92da34adc09a4c58f2c8a154eb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= <mikolai.guetschow@tu-dresden.de>
Date: Thu, 19 Oct 2023 11:21:03 +0200
Subject: [PATCH 2/4] sys/psa_crypto: remove unused variable

---
 sys/crypto/psa_riot_cipher/aes_128_cbc.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sys/crypto/psa_riot_cipher/aes_128_cbc.c b/sys/crypto/psa_riot_cipher/aes_128_cbc.c
index 09cf654322..0c9d0eb4b4 100644
--- a/sys/crypto/psa_riot_cipher/aes_128_cbc.c
+++ b/sys/crypto/psa_riot_cipher/aes_128_cbc.c
@@ -71,7 +71,6 @@ psa_status_t psa_cipher_cbc_aes_128_decrypt(const psa_key_attributes_t *attribut
                                             size_t *output_length)
 {
     DEBUG("RIOT AES 128 Cipher");
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_cipher_operation_t operation = psa_cipher_operation_init();
     size_t required_output_buf_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES,
                                         PSA_ALG_CBC_NO_PADDING, input_length);

From 25aa2167f692210f2f47dede5c9bc5d79e42ecf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= <mikolai.guetschow@tu-dresden.de>
Date: Tue, 17 Oct 2023 17:40:19 +0200
Subject: [PATCH 3/4] sys/psa_crypto: allow repeated calls to psa_crypto_init()

as defined per https://armmbed.github.io/mbed-crypto/html/api/library/library.html?highlight=psa_crypto_init#c.psa_crypto_init
---
 sys/psa_crypto/psa_crypto.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c
index af0a9dab4c..a780593f33 100644
--- a/sys/psa_crypto/psa_crypto.c
+++ b/sys/psa_crypto/psa_crypto.c
@@ -113,6 +113,10 @@ const char *psa_status_to_humanly_readable(psa_status_t status)
 
 psa_status_t psa_crypto_init(void)
 {
+    if (lib_initialized) {
+        return PSA_SUCCESS;
+    }
+
     lib_initialized = 1;
 
 #if (IS_USED(MODULE_PSA_KEY_SLOT_MGMT))

From ceda440031406c8462d864c18eea0f03af1b64c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= <mikolai.guetschow@tu-dresden.de>
Date: Mon, 23 Oct 2023 14:18:21 +0200
Subject: [PATCH 4/4] add Makefile.ci

---
 tests/sys/psa_crypto/Makefile.ci | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 tests/sys/psa_crypto/Makefile.ci

diff --git a/tests/sys/psa_crypto/Makefile.ci b/tests/sys/psa_crypto/Makefile.ci
new file mode 100644
index 0000000000..54417567ab
--- /dev/null
+++ b/tests/sys/psa_crypto/Makefile.ci
@@ -0,0 +1,10 @@
+BOARD_INSUFFICIENT_MEMORY := \
+    arduino-duemilanove \
+    arduino-leonardo \
+    arduino-nano \
+    arduino-uno \
+    atmega328p \
+    atmega328p-xplained-mini \
+    atmega8 \
+    nucleo-l011k4 \
+    #