RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-28 22:49:47 +01:00
Code Releases Activity

sys/psa_crypto: Build PSA Crypto functions based on module selection

Browse Source
This commit is contained in:
Lena Boeckmann 2023-10-19 14:23:35 +02:00 committed by MrKevinWeiss
parent d73ef09d5c
commit de09b2a0b4
No known key found for this signature in database
GPG Key ID: C26684F1C0767FFF
98 changed files with 899 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/psa_crypto/Makefile
View File

@ -48,6 +48,8 @@ else
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifeq (2, $(SECURE_ELEMENT))
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
@ -60,6 +62,8 @@ else
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_multiple
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifdef CUSTOM_BACKEND
# Necessary configuration when using Make dependency resolution

2
examples/psa_crypto/app.config.test.multi_se
View File

@ -2,6 +2,8 @@
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y
CONFIG_PSA_MAX_SE_COUNT=2

2
examples/psa_crypto/app.config.test.se
View File

@ -1,6 +1,8 @@
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_PSA_PROTECTED_KEY_COUNT=4
CONFIG_PSA_SINGLE_KEY_COUNT=1

52
examples/psa_crypto/main.c
View File

@ -21,22 +21,36 @@
#include "psa/crypto.h"
#include "ztimer.h"
#if IS_USED(MODULE_PSA_CIPHER)
extern psa_status_t example_cipher_aes_128(void);
#endif
#if IS_USED(MODULE_PSA_MAC)
extern psa_status_t example_hmac_sha256(void);
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
extern psa_status_t example_ecdsa_p256(void);
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
#ifndef SECURE_ELEMENT
extern psa_status_t example_eddsa(void);
#endif
#endif
#ifdef MULTIPLE_SE
#if IS_USED(MODULE_PSA_CIPHER)
extern psa_status_t example_cipher_aes_128_sec_se(void);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
extern psa_status_t example_hmac_sha256_sec_se(void);
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
extern psa_status_t example_ecdsa_p256_sec_se(void);
#endif
#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
#endif /* MULTIPLE_SE */
int main(void)
{
bool failed = false;
psa_status_t status;
psa_crypto_init();
@ -44,60 +58,88 @@ int main(void)
ztimer_acquire(ZTIMER_USEC);
ztimer_now_t start = ztimer_now(ZTIMER_USEC);
/* Needed in case only hashes are tested */
(void)status;
(void)start;
#if IS_USED(MODULE_PSA_MAC)
status = example_hmac_sha256();
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif
#if IS_USED(MODULE_PSA_CIPHER)
start = ztimer_now(ZTIMER_USEC);
status = example_cipher_aes_128();
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
start = ztimer_now(ZTIMER_USEC);
status = example_ecdsa_p256();
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif
#ifndef SECURE_ELEMENT
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
start = ztimer_now(ZTIMER_USEC);
status = example_eddsa();
printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif
#ifdef MULTIPLE_SE
#if IS_USED(MODULE_PSA_MAC)
puts("Running Examples with secondary SE:");
status = example_hmac_sha256_sec_se();
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_CIPHER)
start = ztimer_now(ZTIMER_USEC);
status = example_cipher_aes_128_sec_se();
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
start = ztimer_now(ZTIMER_USEC);
status = example_ecdsa_p256_sec_se();
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif
#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
#endif /* MULTIPLE_SE */
ztimer_release(ZTIMER_USEC);
puts("All Done");
if (failed) {
puts("Tests failed...");
}
else {
puts("All Done");
}
return 0;
}

10
pkg/cryptoauthlib/Makefile.dep
View File

@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE)))
endif
ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE)))
USEMODULE += psa_secure_element_asymmetric
USEMODULE += psa_asymmetric
endif
ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE)))
USEMODULE += psa_cipher
endif
ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE)))
USEMODULE += psa_mac
endif

8
pkg/cryptoauthlib/Makefile.include
View File

@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE)))
INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity
endif
ifneq (,$(filter psa_crypto,$(USEMODULE)))
PSEUDOMODULES += psa_secure_element_ateccx08a
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
endif
PSEUDOMODULES += psa_secure_element_ateccx08a
PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256

5
pkg/micro-ecc/Makefile.include
View File

@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable
TOOLCHAINS_BLACKLIST += llvm
ifneq (,$(filter psa_uecc_%, $(USEMODULE)))
PSEUDOMODULES += psa_uecc_p192
PSEUDOMODULES += psa_uecc_p256
DIRS += $(RIOTPKG)/micro-ecc/psa_uecc
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
endif
PSEUDOMODULES += psa_uecc_p192
PSEUDOMODULES += psa_uecc_p256

2
sys/auto_init/security/auto_init_atca.c
View File

@ -50,7 +50,7 @@ void auto_init_atca(void)
}
atca_devs_ptr[i] = &atca_devs[i];
DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc);
DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc);
status = psa_register_secure_element(atca_params[i].atca_loc,
&atca_methods,
&atca_config_list[i],

25
sys/include/psa_crypto/psa/crypto.h
View File

@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status);
*/
psa_status_t psa_crypto_init(void);
#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
/**
* @brief Process an authenticated encryption operation.
*
@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
* initialize results in this error code.
*/
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
/**
* @brief Encrypt a short message with a public key.
*
@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
/**
* @brief Abort a cipher operation.
*
@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Make a copy of a key.
*
@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui
*/
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
psa_key_id_t *key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
/**
* @brief Built-in function for random number generation.
@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output,
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Declare the permitted algorithm policy for a key.
*
@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
*/
psa_status_t psa_get_key_attributes(psa_key_id_t key,
psa_key_attributes_t *attributes);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
/**
* @brief Abort a hash operation.
*
@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length);
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Built-in key import function.
*
@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
psa_key_id_t *key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
/**
* @brief Abort a key derivation operation.
*
@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope
*/
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
psa_key_id_t expected);
#endif /* PSA_CRYPTO_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
/**
* @brief Abort a MAC operation.
*
@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_id_t key,
psa_algorithm_t alg);
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Remove non-essential copies of key material from memory.
*
@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
* @return @ref PSA_ERROR_DATA_INVALID
*/
psa_status_t psa_purge_key(psa_key_id_t key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
/**
* @brief Perform a key agreement and return the raw shared secret.
*
@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_KEY_AGREEMENT */
#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
/**
* @brief Sign an already-calculated hash with a private key.
*
@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
size_t input_length,
const uint8_t *signature,
size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#ifdef __cplusplus
}

18
sys/include/psa_crypto/psa/crypto_sizes.h
View File

@ -79,29 +79,21 @@ extern "C" {
* @brief Number of required allocated asymmetric key pair slots.
*
* @details These should be defined by the developer to
* fit their requirements. The default number is 5.
* fit their requirements. The default number is 0.
*/
#ifndef CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT
#if (IS_USED(MODULE_PSA_ASYMMETRIC))
#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 5
#else
#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 0
#endif
#endif
/**
* @brief Number of required allocated single key slots.
*
* @details These should be defined by the developer to
* fit their requirements. The default number is 5.
* fit their requirements. The default number is 0.
*/
#ifndef CONFIG_PSA_SINGLE_KEY_COUNT
#if (IS_USED(MODULE_PSA_KEY_SLOT_MGMT))
#define CONFIG_PSA_SINGLE_KEY_COUNT 5
#else
#define CONFIG_PSA_SINGLE_KEY_COUNT 0
#endif
#endif
/**
* @brief Number of required allocated protected key slots.
@ -110,8 +102,8 @@ extern "C" {
* fit their requirements. The default number is 5.
*/
#ifndef CONFIG_PSA_PROTECTED_KEY_COUNT
#if (IS_USED(MODULE_PSA_SE_MGMT))
#define CONFIG_PSA_PROTECTED_KEY_COUNT 5
#if (IS_USED(MODULE_PSA_SECURE_ELEMENT))
#define CONFIG_PSA_PROTECTED_KEY_COUNT 5
#else
#define CONFIG_PSA_PROTECTED_KEY_COUNT 0
#endif
@ -991,7 +983,7 @@ extern "C" {
/**
* @brief The maximum size of the used key data.
*/
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) || IS_USED(MODULE_PSA_ASYMMETRIC)
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#define PSA_MAX_KEY_DATA_SIZE (PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
#else
#define PSA_MAX_KEY_DATA_SIZE (CONFIG_PSA_MAX_KEY_SIZE)

70
sys/include/psa_crypto/psa/crypto_struct.h
View File

@ -28,34 +28,7 @@ extern "C" {
#include "crypto_sizes.h"
#include "crypto_contexts.h"
/**
* @brief Structure containing a hash context and algorithm
*/
struct psa_hash_operation_s {
psa_algorithm_t alg; /**< Operation algorithm */
#if IS_USED(MODULE_PSA_HASH)
psa_hash_context_t ctx; /**< Operation hash context */
#endif
};
/**
* @brief This macro returns a suitable initializer for a hash operation object of type
* @ref psa_hash_operation_t.
*/
#define PSA_HASH_OPERATION_INIT { 0 }
/**
* @brief Return an initial value for a hash operation object.
*
* @return struct psa_hash_operation_s
*/
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return v;
}
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Structure storing the key usage policies
*/
@ -97,7 +70,9 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void)
return v;
}
#endif /*(MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
/**
* @brief Structure storing an AEAD operation context
*
@ -124,7 +99,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void)
return v;
}
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
/**
* @brief Structure storing a cipher operation context
*/
@ -135,9 +112,7 @@ struct psa_cipher_operation_s {
psa_algorithm_t alg; /**< Operation algorithm*/
/** Union containing cipher contexts for the executing backend */
union cipher_context {
#if IS_USED(MODULE_PSA_CIPHER)
psa_cipher_context_t cipher_ctx; /**< Cipher context */
#endif
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A) || defined(DOXYGEN)
psa_se_cipher_context_t se_ctx; /**< SE Cipher context */
#endif
@ -161,7 +136,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
return v;
}
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
/**
* @brief This macro returns a suitable initializer for a key derivation operation object of
* type @ref psa_key_derivation_operation_t.
@ -188,7 +165,39 @@ static inline struct psa_key_derivation_operation_s psa_key_derivation_operation
return v;
}
#endif /* MODULE_PSA_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
/**
* @brief Structure containing a hash context and algorithm
*/
struct psa_hash_operation_s {
psa_algorithm_t alg; /**< Operation algorithm */
#if IS_USED(MODULE_PSA_HASH)
psa_hash_context_t ctx; /**< Operation hash context */
#endif
};
/**
* @brief This macro returns a suitable initializer for a hash operation object of type
* @ref psa_hash_operation_t.
*/
#define PSA_HASH_OPERATION_INIT { 0 }
/**
* @brief Return an initial value for a hash operation object.
*
* @return struct psa_hash_operation_s
*/
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return v;
}
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
/**
* @brief This macro returns a suitable initializer for a MAC operation object of type
* @ref psa_mac_operation_t.
@ -215,6 +224,7 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void)
return v;
}
#endif /* MODULE_PSA_MAC */
#ifdef __cplusplus
}

3
sys/psa_crypto/Kconfig.asymmetric
View File

@ -7,8 +7,7 @@
menuconfig MODULE_PSA_ASYMMETRIC
bool "PSA Asymmetric Crypto"
select PSA_KEY_CONFIG
select MODULE_PSA_KEY_SLOT_MGMT
select MODULE_PSA_KEY_MANAGEMENT
if MODULE_PSA_ASYMMETRIC

3
sys/psa_crypto/Kconfig.ciphers
View File

@ -7,8 +7,7 @@
menuconfig MODULE_PSA_CIPHER
bool "PSA Ciphers"
select PSA_KEY_CONFIG
select MODULE_PSA_KEY_SLOT_MGMT
select MODULE_PSA_KEY_MANAGEMENT
if MODULE_PSA_CIPHER

1
sys/psa_crypto/Kconfig.hashes
View File

@ -7,7 +7,6 @@
menuconfig MODULE_PSA_HASH
bool "PSA Hashes"
select PSA_KEY_CONFIG
if MODULE_PSA_HASH

8
sys/psa_crypto/Kconfig.keys
View File

@ -7,6 +7,12 @@
menu "PSA Key Management Configuration"
config MODULE_PSA_KEY_MANAGEMENT
bool
select MODULE_PSA_KEY_SLOT_MGMT
help
Activates the PSA Key Management Module
config PSA_KEY_SIZE_128
bool "Application uses key of size 128 Bits"
help
@ -44,12 +50,10 @@ config PSA_PROTECTED_KEY_COUNT
config PSA_ASYMMETRIC_KEYPAIR_COUNT
int "Specifies number of allocated key pair slots"
default 5 if MODULE_PSA_ASYMMETRIC
default 0
config PSA_SINGLE_KEY_COUNT
int "Specifies number of allocated single key slots"
default 5 if PSA_MAX_KEY_SIZE != 0
default 0
endmenu # PSA Key Management Configuration

3
sys/psa_crypto/Kconfig.mac
View File

@ -7,8 +7,7 @@
menuconfig MODULE_PSA_MAC
bool "PSA Message Authenticated Ciphers"
select PSA_KEY_CONFIG
select MODULE_PSA_KEY_SLOT_MGMT
select MODULE_PSA_KEY_MANAGEMENT
if MODULE_PSA_MAC

14
sys/psa_crypto/Makefile.dep
View File

@ -5,7 +5,7 @@ endif
# Asymmetric
ifneq (,$(filter psa_asymmetric,$(USEMODULE)))
USEMODULE += psa_key_slot_mgmt
USEMODULE += psa_key_management
endif
## ECC_P192R1 backend
@ -82,7 +82,7 @@ endif
# Cipher
ifneq (,$(filter psa_cipher,$(USEMODULE)))
USEMODULE += psa_key_slot_mgmt
USEMODULE += psa_key_management
endif
## AES-128-ECB backend
@ -242,8 +242,16 @@ ifneq (,$(filter psa_hash_sha_512_backend_riot,$(USEMODULE)))
USEMODULE += psa_riot_hashes
USEMODULE += psa_riot_hashes_sha_512
endif
# Key Management
ifneq (,$(filter psa_key_management,$(USEMODULE)))
USEMODULE += psa_key_slot_mgmt
endif
# MAC
ifneq (,$(filter psa_mac,$(USEMODULE)))
USEMODULE += psa_key_management
endif
## HMAC SHA-256
ifneq (,$(filter psa_mac_hmac_sha_256,$(USEMODULE)))
ifeq (,$(filter psa_mac_hmac_sha_256_custom_backend,$(USEMODULE)))
@ -271,7 +279,7 @@ endif
# Secure Elements
ifneq (,$(filter psa_secure_element,$(USEMODULE)))
USEMODULE += psa_se_mgmt
USEMODULE += psa_key_slot_mgmt
USEMODULE += psa_key_management
endif
ifneq (,$(filter psa_secure_element_ateccx08a, $(USEMODULE)))

4
sys/psa_crypto/Makefile.include
View File

@ -146,6 +146,9 @@ ifneq (,$(filter psa_hash_sha_512,$(USEMODULE)))
endif
endif
## Key Management
PSEUDOMODULES += psa_key_management
## MAC
PSEUDOMODULES += psa_mac
PSEUDOMODULES += psa_mac_hmac_sha_256
@ -162,6 +165,5 @@ endif
## Secure Elements
PSEUDOMODULES += psa_secure_element
PSEUDOMODULES += psa_secure_element_asymmetric
PSEUDOMODULES += psa_secure_element_config
PSEUDOMODULES += psa_secure_element_multiple

28
sys/psa_crypto/doc.txt
View File

@ -316,13 +316,14 @@
*
* ### Secure Elements
* Base:
*
* - psa_secure_element
* - psa_secure_element_multiple
*
* #### SE Types
* - psa_secure_element_ateccx08a
* - psa_secure_element_ateccx08a_cipher_aes_128
* - psa_secure_element_ateccx08a_ecc_p256
* - psa_secure_element_ateccx08a_hmac_sha256
*
* Random Number Generation {#rng}
* ===
@ -372,7 +373,7 @@
* @code
* CONFIG_PSA_SECURE_ELEMENT=y
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y // device example
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC=y
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
* @endcode
*
* or added to the the Makefile:
@ -439,10 +440,10 @@
* In RIOT, module names are generated from path names, so if you create a directory for
* your sourcefiles, the module name will be the same as the directory name. It is possible
* to change that by declaring a new module name in the Makefile by adding the line
* your_module_name`.
* `MODULE := your_module_name`.
*
* If you leave it like this, all sourcefiles in the path corresponding to the module name will be
* built (e.g. if you choose to module `hashes`, all files in `sys/hashes` will be included).
* built (e.g. if you choose the module `hashes`, all files in `sys/hashes` will be included).
* For better configurability it is possible to add submodules (see
* `sys/hashes/psa_riot_hashes` for example).
* In that case the base module name will be the directory name and each file inside the directory
@ -960,17 +961,20 @@
* key, which requires a lot less memory space.
*
* **BUT:** If your secure element supports asymmetric cryptography and exports a public key part
* during key generation, that key part must be stored somewhere. This is why there needs to be
* an option to tell PSA Crypto that an application is going to perform asymmetric operations.
* Only if that option is selected, the protected key slots will have the space to store a public
* during key generation, that key part must be stored somewhere. So when you choose an
* asymmetric operation, the protected key slots will have the space to store a public
* key.
*
* #### Dependencies
* Secure Element operations also depend on the PSA modules. E.g. when you want to use an ECC
* operation, you need to make sure that you also build the asymmetric PSA functions.
*
* For this we need to add the following to the `superSE` menu:
* @code
* config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256
* bool "Our Vendor's Elliptic Curve P256"
* select PSA_KEY_SIZE_256
* select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
* select MODULE_PSA_ASYMMETRIC
* depends on MODULE_PSA_SECURE_ELEMENT_SUPERSE
* @endcode
* This tells us, what size a key slot should have to store the public key. If your SE supports
@ -995,9 +999,11 @@
* endif
*
* ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE)))
* USEMODULE += psa_secure_element_asymmetric
* USEMODULE += psa_asymmetric
* endif
*
* Now the secure element should be available for use with PSA Crypto.
* @endcode
* This needs to be done for all other supported operations (e.g. ATECCX08 operations in
* `pkg/cryptoauthlib/Makefile.include`, `pkg/cryptoauthlib/Makefile.dep` and
* `sys/psa_crypto/psa_se_mgmt/Kconfig`. Now the secure element should be available for use
* with PSA Crypto.
*/

15
sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h
View File

@ -28,8 +28,12 @@ extern "C" {
#include <stdlib.h>
#include "kernel_defines.h"
#include "psa/crypto.h"
#include "psa_crypto_slot_management.h"
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_slot_management.h"
#endif
#if IS_USED(MODULE_PSA_HASH)
/**
* @brief Dispatch a hash setup function to a specific backend.
* See @ref psa_hash_setup()
@ -68,7 +72,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
/**
* @brief Dispatch a hash signature function to a specific backend.
* See @ref psa_sign_hash()
@ -156,7 +162,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t *
size_t input_length,
const uint8_t *signature,
size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/**
* @brief Dispatch the key generation function to a specific backend.
* See @ref psa_generate_key()
@ -167,7 +175,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t *
*/
psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot);
#endif
#if IS_USED(MODULE_PSA_CIPHER)
/**
* @brief Dispatch a cipher encrypt function to a specific backend.
* See @ref psa_cipher_encrypt()
@ -213,7 +223,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t *
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
/**
* @brief Dispatch a mac computation function to a specific backend.
* See @ref psa_mac_compute()
@ -236,6 +248,7 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
#endif
#ifdef __cplusplus
}

8
sys/psa_crypto/include/psa_crypto_location_dispatch.h
View File

@ -29,6 +29,7 @@ extern "C" {
#include "kernel_defines.h"
#include "psa/crypto.h"
#if IS_USED(MODULE_PSA_ASYMMETRIC)
/**
* @brief Dispatch call of a hash signature function to a location specific backend.
* See psa_sign_hash()
@ -116,7 +117,9 @@ psa_status_t psa_location_dispatch_verify_message(const psa_key_attributes_t *at
size_t input_length,
const uint8_t *signature,
size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_MAC)
/**
* @brief Dispatch call of a mac computation function to a location specific backend.
* See psa_mac_compute()
@ -139,7 +142,9 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
#endif
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/**
* @brief Dispatch call of the key generation function to a location specific backend.
* See psa_generate_key()
@ -165,7 +170,9 @@ psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attr
psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
psa_key_slot_t *slot, size_t *bits);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
/**
* @brief Dispatch call of a cipher encrypt setup function to a location specific backend.
* See psa_cipher_setup()
@ -254,6 +261,7 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t *
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_CIPHER */
/**
* @brief Dispatch call of a random number generator to a specific backend.

2
sys/psa_crypto/include/psa_crypto_slot_management.h
View File

@ -78,10 +78,12 @@ typedef struct {
size_t lock_count; /**< Number of entities accessing the slot */
psa_key_attributes_t attr; /**< Attributes associated with the stored key */
/** Structure containing key data */
#if PSA_SINGLE_KEY_COUNT
struct key_data {
uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */
size_t data_len; /**< Size of actual key data in bytes */
} key; /**< Key data structure */
#endif /* PSA_SINGLE_KEY_COUNT */
} psa_key_slot_t;
/**

83
sys/psa_crypto/psa_crypto.c
View File

@ -20,9 +20,13 @@
#include <stdio.h>
#include "psa/crypto.h"
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_slot_management.h"
#endif
#include "psa_crypto_se_driver.h"
#include "psa_crypto_se_management.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_location_dispatch.h"
#include "psa_crypto_algorithm_dispatch.h"
@ -38,6 +42,7 @@
*/
static uint8_t lib_initialized = 0;
#if IS_USED(MODULE_PSA_HASH)
/**
* @brief Compares the content of two same-sized buffers while maintaining
* constant processing time
@ -60,6 +65,7 @@ static inline int constant_time_memcmp(const uint8_t *a, const uint8_t *b, size_
return diff;
}
#endif /* MODULE_PSA_HASH */
const char *psa_status_to_humanly_readable(psa_status_t status)
{
@ -126,6 +132,7 @@ psa_status_t psa_crypto_init(void)
return PSA_SUCCESS;
}
#if IS_USED(MODULE_PSA_AEAD)
psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
{
(void)operation;
@ -295,7 +302,9 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
(void)tag_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@ -339,7 +348,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
(void)output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/**
* @brief Checks whether a key's policy permits the usage of a given algorithm
*
@ -418,7 +429,9 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_key_id_t id,
}
return PSA_SUCCESS;
}
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{
if (!lib_initialized) {
@ -694,6 +707,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_HASH)
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
@ -921,8 +937,36 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
return PSA_SUCCESS;
}
#endif /* MODULE_PSA_HASH */
psa_status_t psa_builtin_generate_random(uint8_t *output,
size_t output_size)
{
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
/* TODO: Should point to a CSPRNG API in the future */
random_bytes(output, output_size);
return PSA_SUCCESS;
}
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_generate_random(output, output_size);
}
/* Key Management */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/**
* @brief Check whether the key policy is valid
*
@ -994,7 +1038,7 @@ static psa_status_t psa_validate_key_for_key_generation(psa_key_type_t type, siz
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
return psa_validate_unstructured_key_size(type, bits);
}
#if IS_USED(MODULE_PSA_ASYMMETRIC) || IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC)
#if IS_USED(MODULE_PSA_ASYMMETRIC)
else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
return PSA_ECC_KEY_SIZE_IS_VALID(type, bits) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT;
}
@ -1351,32 +1395,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
return status;
}
psa_status_t psa_builtin_generate_random( uint8_t *output,
size_t output_size)
{
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
/* TODO: Should point to a CSPRNG API in the future */
random_bytes(output, output_size);
return PSA_SUCCESS;
}
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_generate_random(output, output_size);
}
psa_status_t psa_get_key_attributes(psa_key_id_t key,
psa_key_attributes_t *attributes)
{
@ -1500,7 +1518,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
return status;
}
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_KEY_DERIVATION)
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{
(void)operation;
@ -1586,7 +1606,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
(void)alg;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MODULE_PSA_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
if (!lib_initialized) {
@ -1763,7 +1785,9 @@ psa_status_t psa_purge_key(psa_key_id_t key)
(void)key;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_KEY_AGREEMENT)
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
psa_key_id_t private_key,
const uint8_t *peer_key,
@ -1781,7 +1805,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
(void)output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MODULE_PSA_KEY_AGREEMENT */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_sign_hash(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
@ -2000,3 +2026,4 @@ psa_status_t psa_verify_message(psa_key_id_t key,
unlock_status = psa_unlock_key_slot(slot);
return ((status == PSA_SUCCESS) ? unlock_status : status);
}
#endif /* MODULE_PSA_ASYMMETRIC */

35
sys/psa_crypto/psa_crypto_algorithm_dispatch.c
View File

@ -21,12 +21,28 @@
#include <stdio.h>
#include "kernel_defines.h"
#include "psa/crypto.h"
#include "psa_mac.h"
#include "psa_hashes.h"
#include "psa_ecc.h"
#include "psa_ciphers.h"
#include "psa_crypto_operation_encoder.h"
#if IS_USED(MODULE_PSA_MAC)
#include "psa_mac.h"
#endif
#if IS_USED(MODULE_PSA_HASH)
#include "psa_hashes.h"
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#include "psa_ecc.h"
#endif
#if IS_USED(MODULE_PSA_CIPHER)
#include "psa_ciphers.h"
#endif
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_operation_encoder.h"
#endif
#if IS_USED(MODULE_PSA_HASH)
psa_status_t psa_algorithm_dispatch_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
@ -150,7 +166,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED;
}
}
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
@ -353,7 +371,9 @@ psa_status_t psa_algorithm_dispatch_verify_message(const psa_key_attributes_t *a
return PSA_ERROR_NOT_SUPPORTED;
}
}
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot)
{
@ -407,7 +427,9 @@ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *
return psa_builtin_generate_key(attributes, key_data, *key_bytes, key_bytes);
}
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
psa_status_t psa_algorithm_dispatch_cipher_encrypt( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
@ -499,7 +521,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t *
return PSA_ERROR_NOT_SUPPORTED;
}
}
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
@ -538,3 +562,4 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
(void)mac_length;
return PSA_SUCCESS;
}
#endif /* MODULE_PSA_MAC */

12
sys/psa_crypto/psa_crypto_location_dispatch.c
View File

@ -22,10 +22,12 @@
#include "kernel_defines.h"
#include "psa/crypto.h"
#include "psa_crypto_algorithm_dispatch.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_se_management.h"
#include "psa_crypto_se_driver.h"
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_slot_management.h"
psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attributes,
psa_key_slot_t *slot)
{
@ -104,7 +106,9 @@ psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attri
return PSA_ERROR_NOT_SUPPORTED;
}
}
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot,
@ -335,6 +339,9 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t *
output, output_size, output_length);
}
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_location_dispatch_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
@ -428,7 +435,9 @@ psa_status_t psa_location_dispatch_verify_message( const psa_key_attributes_t *
return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature,
signature_length);
}
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const psa_key_slot_t *slot,
@ -462,6 +471,7 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac,
mac_size, mac_length);
}
#endif /* MODULE_PSA_MAC */
psa_status_t psa_location_dispatch_generate_random(uint8_t *output,
size_t output_size)

3
sys/psa_crypto/psa_key_slot_mgmt/Kconfig
View File

@ -7,4 +7,5 @@
config MODULE_PSA_KEY_SLOT_MGMT
bool
default y if PACKAGE_PSA_ARCH_TESTS
help
Enable PSA key slot management module

1
sys/psa_crypto/psa_key_slot_mgmt/Makefile
View File

@ -1,4 +1,3 @@
MODULE := psa_key_slot_mgmt
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
include $(RIOTBASE)/Makefile.base

61
sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c
View File

@ -24,7 +24,7 @@
#define ENABLE_DEBUG 0
#include "debug.h"
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
#if PSA_PROTECTED_KEY_COUNT
/**
* @brief Structure for a protected key slot.
*
@ -37,7 +37,7 @@ typedef struct {
psa_key_attributes_t attr;
struct prot_key_data {
psa_key_slot_number_t slot_number;
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC)
#if IS_USED(MODULE_PSA_ASYMMETRIC)
uint8_t pubkey_data[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
size_t pubkey_data_len;
#endif
@ -53,9 +53,9 @@ static psa_prot_key_slot_t protected_key_slots[PSA_PROTECTED_KEY_COUNT];
* @brief List pointing to empty protected key slots
*/
static clist_node_t protected_list_empty;
#endif /* MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC */
#endif /* PSA_PROTECTED_KEY_COUNT */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
/**
* @brief Structure for asymmetric key pairs.
*
@ -87,8 +87,9 @@ static psa_key_pair_slot_t key_pair_slots[PSA_ASYMMETRIC_KEYPAIR_COUNT];
* @brief List pointing to empty asymmetric key slots
*/
static clist_node_t key_pair_list_empty;
#endif /* MODULE_PSA_ASYMMETRIC */
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
#if PSA_SINGLE_KEY_COUNT
/**
* @brief Array containing the single key slots
*/
@ -98,6 +99,7 @@ static psa_key_slot_t single_key_slots[PSA_SINGLE_KEY_COUNT];
* @brief List pointing to empty single key slots
*/
static clist_node_t single_key_list_empty;
#endif
/**
* @brief Global list of used key slots
@ -119,61 +121,61 @@ static psa_key_id_t key_id_count = PSA_KEY_ID_VOLATILE_MIN;
static clist_node_t * psa_get_empty_key_slot_list(const psa_key_attributes_t *attr)
{
if (!psa_key_lifetime_is_external(attr->lifetime)) {
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
if (PSA_KEY_TYPE_IS_KEY_PAIR(attr->type)) {
return &key_pair_list_empty;
}
#endif /* MODULE_PSA_ASYMMETRIC */
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
#if PSA_SINGLE_KEY_COUNT
return &single_key_list_empty;
#endif /* PSA_SINGLE_KEY_COUNT */
}
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
#if PSA_PROTECTED_KEY_COUNT
return &protected_list_empty;
#else
return NULL;
#endif /* MODULE_PSA_SECURE_ELEMENT */
#endif /* PSA_PROTECTED_KEY_COUNT */
}
void psa_init_key_slots(void)
{
DEBUG("List Node Size: %d\n", sizeof(clist_node_t));
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
#if PSA_PROTECTED_KEY_COUNT
memset(protected_key_slots, 0, sizeof(protected_key_slots));
#if PSA_PROTECTED_KEY_COUNT
for (size_t i = 0; i < PSA_PROTECTED_KEY_COUNT; i++) {
clist_rpush(&protected_list_empty, &protected_key_slots[i].node);
}
#endif /* PSA_PROTECTED_KEY_COUNT */
DEBUG("Protected Slot Count: %d, Size: %d\n", PSA_PROTECTED_KEY_COUNT,
sizeof(psa_prot_key_slot_t));
DEBUG("Protected Slot Array Size: %d\n", sizeof(protected_key_slots));
DEBUG("Protected Slot Empty List Size: %d\n", clist_count(&protected_list_empty));
#endif /* MODULE_PSA_SECURE_ELEMENT */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
memset(key_pair_slots, 0, sizeof(key_pair_slots));
#endif /* PSA_PROTECTED_KEY_COUNT */
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
memset(key_pair_slots, 0, sizeof(key_pair_slots));
for (size_t i = 0; i < PSA_ASYMMETRIC_KEYPAIR_COUNT; i++) {
clist_rpush(&key_pair_list_empty, &key_pair_slots[i].node);
}
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
DEBUG("Asymmetric Slot Count: %d, Size: %d\n", PSA_ASYMMETRIC_KEYPAIR_COUNT,
sizeof(psa_key_pair_slot_t));
DEBUG("Asymmetric Slot Array Size: %d\n", sizeof(key_pair_slots));
DEBUG("Asymmetric Slot Empty List Size: %d\n", clist_count(&key_pair_list_empty));
#endif /* MODULE_PSA_ASYMMETRIC */
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
memset(single_key_slots, 0, sizeof(single_key_slots));
#if PSA_SINGLE_KEY_COUNT
memset(single_key_slots, 0, sizeof(single_key_slots));
for (size_t i = 0; i < PSA_SINGLE_KEY_COUNT; i++) {
clist_rpush(&single_key_list_empty, &single_key_slots[i].node);
}
#endif
DEBUG("Single Key Slot Count: %d, Size: %d\n", PSA_SINGLE_KEY_COUNT, sizeof(psa_key_slot_t));
DEBUG("Single Key Slot Array Size: %d\n", sizeof(single_key_slots));
DEBUG("Single Key Slot Empty List Size: %d\n", clist_count(&single_key_list_empty));
#endif /* PSA_SINGLE_KEY_COUNT */
}
/**
@ -189,14 +191,14 @@ static void psa_wipe_real_slot_type(psa_key_slot_t *slot)
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
memset(slot, 0, sizeof(psa_key_slot_t));
}
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
else {
memset((psa_key_pair_slot_t *)slot, 0, sizeof(psa_key_pair_slot_t));
}
#endif
}
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
#if PSA_PROTECTED_KEY_COUNT
else {
memset((psa_prot_key_slot_t *)slot, 0, sizeof(psa_prot_key_slot_t));
}
@ -483,12 +485,15 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_
if (!psa_key_lifetime_is_external(attr.lifetime)) {
#if PSA_SINGLE_KEY_COUNT
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
*key_data = (uint8_t *)slot->key.data;
*key_bytes = (size_t *)&slot->key.data_len;
key_data_size = sizeof(slot->key.data);
}
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#endif /* PSA_SINGLE_KEY_COUNT */
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
else {
*key_data = ((psa_key_pair_slot_t *)slot)->key.privkey_data;
*key_bytes = &((psa_key_pair_slot_t *)slot)->key.privkey_data_len;
@ -499,7 +504,7 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_
return key_data_size;
}
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
#if IS_USED(MODULE_PSA_SECURE_ELEMENT) && PSA_PROTECTED_KEY_COUNT
psa_key_slot_number_t * psa_key_slot_get_slot_number(const psa_key_slot_t *slot)
{
return &(((psa_prot_key_slot_t *)slot)->key.slot_number);
@ -519,12 +524,14 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t *
}
if (!psa_key_lifetime_is_external(attr.lifetime)) {
#if PSA_SINGLE_KEY_COUNT
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
*pubkey_data = ((psa_key_slot_t *)slot)->key.data;
*pubkey_data_len = &((psa_key_slot_t *)slot)->key.data_len;
return;
}
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#endif /* PSA_SINGLE_KEY_COUNT */
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
else {
*pubkey_data = ((psa_key_pair_slot_t *)slot)->key.pubkey_data;
*pubkey_data_len = &((psa_key_pair_slot_t *)slot)->key.pubkey_data_len;
@ -532,7 +539,7 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t *
}
#endif
}
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC)
#if PSA_PROTECTED_KEY_COUNT && IS_USED(MODULE_PSA_ASYMMETRIC)
*pubkey_data = ((psa_prot_key_slot_t *)slot)->key.pubkey_data;
*pubkey_data_len = &((psa_prot_key_slot_t *)slot)->key.pubkey_data_len;
#endif

21
sys/psa_crypto/psa_se_mgmt/Kconfig
View File

@ -7,7 +7,7 @@
menuconfig MODULE_PSA_SECURE_ELEMENT
bool "PSA Secure Elements"
select MODULE_PSA_KEY_SLOT_MGMT
select MODULE_PSA_KEY_MANAGEMENT
select MODULE_PSA_SE_MGMT
if MODULE_PSA_SECURE_ELEMENT
@ -33,17 +33,24 @@ menuconfig MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256
bool "Microchip ATECCX08A Elliptic Curve P256"
select PSA_KEY_SIZE_256
select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
select MODULE_PSA_ASYMMETRIC
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128
bool "Microchip ATECCX08A Cipher AES 128"
select PSA_KEY_SIZE_128
select MODULE_PSA_CIPHER
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256
bool "Microchip ATECCX08A HMAC SHA-256"
select PSA_KEY_SIZE_128
select MODULE_PSA_MAC
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SE_MGMT
bool
config MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
bool
help
Indicates that an asymmetric operation is used with secure elements.
config MODULE_PSA_SECURE_ELEMENT_CONFIG
bool
help

5
tests/sys/psa_crypto/Makefile
View File

@ -4,9 +4,8 @@ USEMODULE += embunit
USEMODULE += psa_crypto
# FIXME: currently only needed for build to succeed
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_ed25519

17
tests/sys/psa_crypto_cipher/Makefile Normal file
View File

@ -0,0 +1,17 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

11
tests/sys/psa_crypto_cipher/Makefile.ci Normal file
View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

4
tests/sys/psa_crypto_cipher/README.md Normal file
View File

@ -0,0 +1,4 @@
# PSA Crypto Cipher Test
This is a configuration test for only the cipher of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

8
tests/sys/psa_crypto_cipher/app.config.test Normal file
View File

@ -0,0 +1,8 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_CIPHER=y
CONFIG_MODULE_PSA_CIPHER_AES_128_CBC=y
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_cipher/example_cipher_aes_128.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_cipher_aes_128.c

1
tests/sys/psa_crypto_cipher/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_cipher/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

20
tests/sys/psa_crypto_ecdsa/Makefile Normal file
View File

@ -0,0 +1,20 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

11
tests/sys/psa_crypto_ecdsa/Makefile.ci Normal file
View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

4
tests/sys/psa_crypto_ecdsa/README.md Normal file
View File

@ -0,0 +1,4 @@
# PSA Crypto ECDSA Test
This is a configuration test for only the ecdsa of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

10
tests/sys/psa_crypto_ecdsa/app.config.test Normal file
View File

@ -0,0 +1,10 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_MODULE_PSA_ASYMMETRIC=y
CONFIG_MODULE_PSA_ASYMMETRIC_ECC_P256R1=y
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_ecdsa_p256.c

1
tests/sys/psa_crypto_ecdsa/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_ecdsa/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

18
tests/sys/psa_crypto_eddsa/Makefile Normal file
View File

@ -0,0 +1,18 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_ed25519
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

12
tests/sys/psa_crypto_eddsa/Makefile.ci Normal file
View File

@ -0,0 +1,12 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
stm32f030f4-demo \
#

4
tests/sys/psa_crypto_eddsa/README.md Normal file
View File

@ -0,0 +1,4 @@
# PSA Crypto EDDSA Test
This is a configuration test for only the eddsa of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

8
tests/sys/psa_crypto_eddsa/app.config.test Normal file
View File

@ -0,0 +1,8 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_ASYMMETRIC=y
CONFIG_MODULE_PSA_ASYMMETRIC_ECC_ED25519=y
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_eddsa/example_eddsa.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_eddsa.c

1
tests/sys/psa_crypto_eddsa/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_eddsa/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

13
tests/sys/psa_crypto_hashes/Makefile Normal file
View File

@ -0,0 +1,13 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

3
tests/sys/psa_crypto_hashes/Makefile.ci Normal file
View File

@ -0,0 +1,3 @@
BOARD_INSUFFICIENT_MEMORY := \
atmega8
#

4
tests/sys/psa_crypto_hashes/README.md Normal file
View File

@ -0,0 +1,4 @@
# PSA Crypto Hashes Test
This is a configuration test for only the hashes of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

6
tests/sys/psa_crypto_hashes/app.config.test Normal file
View File

@ -0,0 +1,6 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_hashes/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_hashes/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

17
tests/sys/psa_crypto_mac/Makefile Normal file
View File

@ -0,0 +1,17 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

9
tests/sys/psa_crypto_mac/Makefile.ci Normal file
View File

@ -0,0 +1,9 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
#

4
tests/sys/psa_crypto_mac/README.md Normal file
View File

@ -0,0 +1,4 @@
# PSA Crypto Mac Test
This is a configuration test for only the mac of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

8
tests/sys/psa_crypto_mac/app.config.test Normal file
View File

@ -0,0 +1,8 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_MAC=y
CONFIG_MODULE_PSA_MAC_HMAC_SHA_256=y
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_mac/example_hmac_sha256.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_hmac_sha256.c

1
tests/sys/psa_crypto_mac/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_mac/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

30
tests/sys/psa_crypto_se/Makefile Normal file
View File

@ -0,0 +1,30 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

10
tests/sys/psa_crypto_se/Makefile.ci Normal file
View File

@ -0,0 +1,10 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
#

4
tests/sys/psa_crypto_se/README.md Normal file
View File

@ -0,0 +1,4 @@
# PSA Crypto Secure Element Test
This is a configuration test for all PSA crypto modules using a secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

14
tests/sys/psa_crypto_se/app.config.test Normal file
View File

@ -0,0 +1,14 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_PSA_PROTECTED_KEY_COUNT=3
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_se/custom_atca_params.h Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

1
tests/sys/psa_crypto_se/example_cipher_aes_128.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_cipher_aes_128.c

1
tests/sys/psa_crypto_se/example_ecdsa_p256.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_ecdsa_p256.c

1
tests/sys/psa_crypto_se/example_hmac_sha256.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_hmac_sha256.c

1
tests/sys/psa_crypto_se/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_se/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

26
tests/sys/psa_crypto_se_cipher/Makefile Normal file
View File

@ -0,0 +1,26 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

11
tests/sys/psa_crypto_se_cipher/Makefile.ci Normal file
View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

5
tests/sys/psa_crypto_se_cipher/README.md Normal file
View File

@ -0,0 +1,5 @@
# PSA Crypto Cipher Test
This is a configuration test for only the cipher of the PSA crypto module using
secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

9
tests/sys/psa_crypto_se_cipher/app.config.test Normal file
View File

@ -0,0 +1,9 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_PSA_PROTECTED_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_se_cipher/custom_atca_params.h Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

1
tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_cipher_aes_128.c

1
tests/sys/psa_crypto_se_cipher/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_se_cipher/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

28
tests/sys/psa_crypto_se_ecdsa/Makefile Normal file
View File

@ -0,0 +1,28 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

10
tests/sys/psa_crypto_se_ecdsa/Makefile.ci Normal file
View File

@ -0,0 +1,10 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

5
tests/sys/psa_crypto_se_ecdsa/README.md Normal file
View File

@ -0,0 +1,5 @@
# PSA Crypto Secure Element ECDSA Test
This is a configuration test for only the ecdsa of the PSA crypto module using
secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

12
tests/sys/psa_crypto_se_ecdsa/app.config.test Normal file
View File

@ -0,0 +1,12 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_PSA_PROTECTED_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

1
tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_ecdsa_p256.c

1
tests/sys/psa_crypto_se_ecdsa/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_se_ecdsa/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

25
tests/sys/psa_crypto_se_mac/Makefile Normal file
View File

@ -0,0 +1,25 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

11
tests/sys/psa_crypto_se_mac/Makefile.ci Normal file
View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

5
tests/sys/psa_crypto_se_mac/README.md Normal file
View File

@ -0,0 +1,5 @@
# PSA Crypto Mac Test
This is a configuration test for only the mac of the PSA crypto module using
secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

9
tests/sys/psa_crypto_se_mac/app.config.test Normal file
View File

@ -0,0 +1,9 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_PSA_PROTECTED_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

1
tests/sys/psa_crypto_se_mac/custom_atca_params.h Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

1
tests/sys/psa_crypto_se_mac/example_hmac_sha256.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_hmac_sha256.c

1
tests/sys/psa_crypto_se_mac/main.c Symbolic link
View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

13
tests/sys/psa_crypto_se_mac/tests/01-run.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))