1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00

sys/psa_crypto: Build PSA Crypto functions based on module selection

This commit is contained in:
Lena Boeckmann 2023-10-19 14:23:35 +02:00 committed by MrKevinWeiss
parent d73ef09d5c
commit de09b2a0b4
No known key found for this signature in database
GPG Key ID: C26684F1C0767FFF
98 changed files with 899 additions and 154 deletions

View File

@ -48,6 +48,8 @@ else
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
USEMODULE += psa_secure_element USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifeq (2, $(SECURE_ELEMENT)) else ifeq (2, $(SECURE_ELEMENT))
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA) CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
@ -60,6 +62,8 @@ else
USEMODULE += psa_secure_element USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_multiple USEMODULE += psa_secure_element_multiple
USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifdef CUSTOM_BACKEND else ifdef CUSTOM_BACKEND
# Necessary configuration when using Make dependency resolution # Necessary configuration when using Make dependency resolution

View File

@ -2,6 +2,8 @@
CONFIG_MODULE_PSA_SECURE_ELEMENT=y CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y
CONFIG_PSA_MAX_SE_COUNT=2 CONFIG_PSA_MAX_SE_COUNT=2

View File

@ -1,6 +1,8 @@
CONFIG_MODULE_PSA_SECURE_ELEMENT=y CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_PSA_PROTECTED_KEY_COUNT=4 CONFIG_PSA_PROTECTED_KEY_COUNT=4
CONFIG_PSA_SINGLE_KEY_COUNT=1 CONFIG_PSA_SINGLE_KEY_COUNT=1

View File

@ -21,22 +21,36 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "ztimer.h" #include "ztimer.h"
#if IS_USED(MODULE_PSA_CIPHER)
extern psa_status_t example_cipher_aes_128(void); extern psa_status_t example_cipher_aes_128(void);
#endif
#if IS_USED(MODULE_PSA_MAC)
extern psa_status_t example_hmac_sha256(void); extern psa_status_t example_hmac_sha256(void);
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
extern psa_status_t example_ecdsa_p256(void); extern psa_status_t example_ecdsa_p256(void);
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
#ifndef SECURE_ELEMENT #ifndef SECURE_ELEMENT
extern psa_status_t example_eddsa(void); extern psa_status_t example_eddsa(void);
#endif #endif
#endif
#ifdef MULTIPLE_SE #ifdef MULTIPLE_SE
#if IS_USED(MODULE_PSA_CIPHER)
extern psa_status_t example_cipher_aes_128_sec_se(void); extern psa_status_t example_cipher_aes_128_sec_se(void);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
extern psa_status_t example_hmac_sha256_sec_se(void); extern psa_status_t example_hmac_sha256_sec_se(void);
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
extern psa_status_t example_ecdsa_p256_sec_se(void); extern psa_status_t example_ecdsa_p256_sec_se(void);
#endif #endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
#endif /* MULTIPLE_SE */
int main(void) int main(void)
{ {
bool failed = false;
psa_status_t status; psa_status_t status;
psa_crypto_init(); psa_crypto_init();
@ -44,60 +58,88 @@ int main(void)
ztimer_acquire(ZTIMER_USEC); ztimer_acquire(ZTIMER_USEC);
ztimer_now_t start = ztimer_now(ZTIMER_USEC); ztimer_now_t start = ztimer_now(ZTIMER_USEC);
/* Needed in case only hashes are tested */
(void)status;
(void)start;
#if IS_USED(MODULE_PSA_MAC)
status = example_hmac_sha256(); status = example_hmac_sha256();
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif
#if IS_USED(MODULE_PSA_CIPHER)
start = ztimer_now(ZTIMER_USEC); start = ztimer_now(ZTIMER_USEC);
status = example_cipher_aes_128(); status = example_cipher_aes_128();
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
start = ztimer_now(ZTIMER_USEC); start = ztimer_now(ZTIMER_USEC);
status = example_ecdsa_p256(); status = example_ecdsa_p256();
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif
#ifndef SECURE_ELEMENT #if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
start = ztimer_now(ZTIMER_USEC); start = ztimer_now(ZTIMER_USEC);
status = example_eddsa(); status = example_eddsa();
printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status)); printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif #endif
#ifdef MULTIPLE_SE #ifdef MULTIPLE_SE
#if IS_USED(MODULE_PSA_MAC)
puts("Running Examples with secondary SE:"); puts("Running Examples with secondary SE:");
status = example_hmac_sha256_sec_se(); status = example_hmac_sha256_sec_se();
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_CIPHER)
start = ztimer_now(ZTIMER_USEC); start = ztimer_now(ZTIMER_USEC);
status = example_cipher_aes_128_sec_se(); status = example_cipher_aes_128_sec_se();
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
start = ztimer_now(ZTIMER_USEC); start = ztimer_now(ZTIMER_USEC);
status = example_ecdsa_p256_sec_se(); status = example_ecdsa_p256_sec_se();
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
failed = true;
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
} }
#endif #endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
#endif /* MULTIPLE_SE */
ztimer_release(ZTIMER_USEC); ztimer_release(ZTIMER_USEC);
if (failed) {
puts("Tests failed...");
}
else {
puts("All Done"); puts("All Done");
}
return 0; return 0;
} }

View File

@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE)))
endif endif
ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE))) ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE)))
USEMODULE += psa_secure_element_asymmetric USEMODULE += psa_asymmetric
endif
ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE)))
USEMODULE += psa_cipher
endif
ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE)))
USEMODULE += psa_mac
endif endif

View File

@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE)))
INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity
endif endif
ifneq (,$(filter psa_crypto,$(USEMODULE)))
PSEUDOMODULES += psa_secure_element_ateccx08a PSEUDOMODULES += psa_secure_element_ateccx08a
PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256 PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
endif PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256

View File

@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable
TOOLCHAINS_BLACKLIST += llvm TOOLCHAINS_BLACKLIST += llvm
ifneq (,$(filter psa_uecc_%, $(USEMODULE))) ifneq (,$(filter psa_uecc_%, $(USEMODULE)))
PSEUDOMODULES += psa_uecc_p192
PSEUDOMODULES += psa_uecc_p256
DIRS += $(RIOTPKG)/micro-ecc/psa_uecc DIRS += $(RIOTPKG)/micro-ecc/psa_uecc
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
endif endif
PSEUDOMODULES += psa_uecc_p192
PSEUDOMODULES += psa_uecc_p256

View File

@ -50,7 +50,7 @@ void auto_init_atca(void)
} }
atca_devs_ptr[i] = &atca_devs[i]; atca_devs_ptr[i] = &atca_devs[i];
DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc); DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc);
status = psa_register_secure_element(atca_params[i].atca_loc, status = psa_register_secure_element(atca_params[i].atca_loc,
&atca_methods, &atca_methods,
&atca_config_list[i], &atca_config_list[i],

View File

@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status);
*/ */
psa_status_t psa_crypto_init(void); psa_status_t psa_crypto_init(void);
#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
/** /**
* @brief Process an authenticated encryption operation. * @brief Process an authenticated encryption operation.
* *
@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
* initialize results in this error code. * initialize results in this error code.
*/ */
psa_status_t psa_aead_abort(psa_aead_operation_t *operation); psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
/** /**
* @brief Encrypt a short message with a public key. * @brief Encrypt a short message with a public key.
* *
@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
uint8_t *output, uint8_t *output,
size_t output_size, size_t output_size,
size_t *output_length); size_t *output_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
/** /**
* @brief Abort a cipher operation. * @brief Abort a cipher operation.
* *
@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
uint8_t *output, uint8_t *output,
size_t output_size, size_t output_size,
size_t *output_length); size_t *output_length);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/** /**
* @brief Make a copy of a key. * @brief Make a copy of a key.
* *
@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui
*/ */
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
psa_key_id_t *key); psa_key_id_t *key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
/** /**
* @brief Built-in function for random number generation. * @brief Built-in function for random number generation.
@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output,
psa_status_t psa_generate_random(uint8_t *output, psa_status_t psa_generate_random(uint8_t *output,
size_t output_size); size_t output_size);
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/** /**
* @brief Declare the permitted algorithm policy for a key. * @brief Declare the permitted algorithm policy for a key.
* *
@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
*/ */
psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_status_t psa_get_key_attributes(psa_key_id_t key,
psa_key_attributes_t *attributes); psa_key_attributes_t *attributes);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
/** /**
* @brief Abort a hash operation. * @brief Abort a hash operation.
* *
@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
psa_status_t psa_hash_verify(psa_hash_operation_t *operation, psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash, const uint8_t *hash,
size_t hash_length); size_t hash_length);
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/** /**
* @brief Built-in key import function. * @brief Built-in key import function.
* *
@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data, const uint8_t *data,
size_t data_length, size_t data_length,
psa_key_id_t *key); psa_key_id_t *key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
/** /**
* @brief Abort a key derivation operation. * @brief Abort a key derivation operation.
* *
@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope
*/ */
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation, psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
psa_key_id_t expected); psa_key_id_t expected);
#endif /* PSA_CRYPTO_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
/** /**
* @brief Abort a MAC operation. * @brief Abort a MAC operation.
* *
@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_id_t key, psa_key_id_t key,
psa_algorithm_t alg); psa_algorithm_t alg);
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/** /**
* @brief Remove non-essential copies of key material from memory. * @brief Remove non-essential copies of key material from memory.
* *
@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
* @return @ref PSA_ERROR_DATA_INVALID * @return @ref PSA_ERROR_DATA_INVALID
*/ */
psa_status_t psa_purge_key(psa_key_id_t key); psa_status_t psa_purge_key(psa_key_id_t key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
/** /**
* @brief Perform a key agreement and return the raw shared secret. * @brief Perform a key agreement and return the raw shared secret.
* *
@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
uint8_t *output, uint8_t *output,
size_t output_size, size_t output_size,
size_t *output_length); size_t *output_length);
#endif /* MODULE_PSA_KEY_AGREEMENT */
#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
/** /**
* @brief Sign an already-calculated hash with a private key. * @brief Sign an already-calculated hash with a private key.
* *
@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
size_t input_length, size_t input_length,
const uint8_t *signature, const uint8_t *signature,
size_t signature_length); size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -79,29 +79,21 @@ extern "C" {
* @brief Number of required allocated asymmetric key pair slots. * @brief Number of required allocated asymmetric key pair slots.
* *
* @details These should be defined by the developer to * @details These should be defined by the developer to
* fit their requirements. The default number is 5. * fit their requirements. The default number is 0.
*/ */
#ifndef CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT #ifndef CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT
#if (IS_USED(MODULE_PSA_ASYMMETRIC))
#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 5
#else
#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 0 #define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 0
#endif #endif
#endif
/** /**
* @brief Number of required allocated single key slots. * @brief Number of required allocated single key slots.
* *
* @details These should be defined by the developer to * @details These should be defined by the developer to
* fit their requirements. The default number is 5. * fit their requirements. The default number is 0.
*/ */
#ifndef CONFIG_PSA_SINGLE_KEY_COUNT #ifndef CONFIG_PSA_SINGLE_KEY_COUNT
#if (IS_USED(MODULE_PSA_KEY_SLOT_MGMT))
#define CONFIG_PSA_SINGLE_KEY_COUNT 5
#else
#define CONFIG_PSA_SINGLE_KEY_COUNT 0 #define CONFIG_PSA_SINGLE_KEY_COUNT 0
#endif #endif
#endif
/** /**
* @brief Number of required allocated protected key slots. * @brief Number of required allocated protected key slots.
@ -110,7 +102,7 @@ extern "C" {
* fit their requirements. The default number is 5. * fit their requirements. The default number is 5.
*/ */
#ifndef CONFIG_PSA_PROTECTED_KEY_COUNT #ifndef CONFIG_PSA_PROTECTED_KEY_COUNT
#if (IS_USED(MODULE_PSA_SE_MGMT)) #if (IS_USED(MODULE_PSA_SECURE_ELEMENT))
#define CONFIG_PSA_PROTECTED_KEY_COUNT 5 #define CONFIG_PSA_PROTECTED_KEY_COUNT 5
#else #else
#define CONFIG_PSA_PROTECTED_KEY_COUNT 0 #define CONFIG_PSA_PROTECTED_KEY_COUNT 0
@ -991,7 +983,7 @@ extern "C" {
/** /**
* @brief The maximum size of the used key data. * @brief The maximum size of the used key data.
*/ */
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) || IS_USED(MODULE_PSA_ASYMMETRIC) #if IS_USED(MODULE_PSA_ASYMMETRIC)
#define PSA_MAX_KEY_DATA_SIZE (PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) #define PSA_MAX_KEY_DATA_SIZE (PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
#else #else
#define PSA_MAX_KEY_DATA_SIZE (CONFIG_PSA_MAX_KEY_SIZE) #define PSA_MAX_KEY_DATA_SIZE (CONFIG_PSA_MAX_KEY_SIZE)

View File

@ -28,34 +28,7 @@ extern "C" {
#include "crypto_sizes.h" #include "crypto_sizes.h"
#include "crypto_contexts.h" #include "crypto_contexts.h"
/** #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
* @brief Structure containing a hash context and algorithm
*/
struct psa_hash_operation_s {
psa_algorithm_t alg; /**< Operation algorithm */
#if IS_USED(MODULE_PSA_HASH)
psa_hash_context_t ctx; /**< Operation hash context */
#endif
};
/**
* @brief This macro returns a suitable initializer for a hash operation object of type
* @ref psa_hash_operation_t.
*/
#define PSA_HASH_OPERATION_INIT { 0 }
/**
* @brief Return an initial value for a hash operation object.
*
* @return struct psa_hash_operation_s
*/
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return v;
}
/** /**
* @brief Structure storing the key usage policies * @brief Structure storing the key usage policies
*/ */
@ -97,7 +70,9 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void)
return v; return v;
} }
#endif /*(MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
/** /**
* @brief Structure storing an AEAD operation context * @brief Structure storing an AEAD operation context
* *
@ -124,7 +99,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void)
return v; return v;
} }
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
/** /**
* @brief Structure storing a cipher operation context * @brief Structure storing a cipher operation context
*/ */
@ -135,9 +112,7 @@ struct psa_cipher_operation_s {
psa_algorithm_t alg; /**< Operation algorithm*/ psa_algorithm_t alg; /**< Operation algorithm*/
/** Union containing cipher contexts for the executing backend */ /** Union containing cipher contexts for the executing backend */
union cipher_context { union cipher_context {
#if IS_USED(MODULE_PSA_CIPHER)
psa_cipher_context_t cipher_ctx; /**< Cipher context */ psa_cipher_context_t cipher_ctx; /**< Cipher context */
#endif
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A) || defined(DOXYGEN) #if IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A) || defined(DOXYGEN)
psa_se_cipher_context_t se_ctx; /**< SE Cipher context */ psa_se_cipher_context_t se_ctx; /**< SE Cipher context */
#endif #endif
@ -161,7 +136,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
return v; return v;
} }
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
/** /**
* @brief This macro returns a suitable initializer for a key derivation operation object of * @brief This macro returns a suitable initializer for a key derivation operation object of
* type @ref psa_key_derivation_operation_t. * type @ref psa_key_derivation_operation_t.
@ -188,7 +165,39 @@ static inline struct psa_key_derivation_operation_s psa_key_derivation_operation
return v; return v;
} }
#endif /* MODULE_PSA_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
/**
* @brief Structure containing a hash context and algorithm
*/
struct psa_hash_operation_s {
psa_algorithm_t alg; /**< Operation algorithm */
#if IS_USED(MODULE_PSA_HASH)
psa_hash_context_t ctx; /**< Operation hash context */
#endif
};
/**
* @brief This macro returns a suitable initializer for a hash operation object of type
* @ref psa_hash_operation_t.
*/
#define PSA_HASH_OPERATION_INIT { 0 }
/**
* @brief Return an initial value for a hash operation object.
*
* @return struct psa_hash_operation_s
*/
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return v;
}
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
/** /**
* @brief This macro returns a suitable initializer for a MAC operation object of type * @brief This macro returns a suitable initializer for a MAC operation object of type
* @ref psa_mac_operation_t. * @ref psa_mac_operation_t.
@ -215,6 +224,7 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void)
return v; return v;
} }
#endif /* MODULE_PSA_MAC */
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -7,8 +7,7 @@
menuconfig MODULE_PSA_ASYMMETRIC menuconfig MODULE_PSA_ASYMMETRIC
bool "PSA Asymmetric Crypto" bool "PSA Asymmetric Crypto"
select PSA_KEY_CONFIG select MODULE_PSA_KEY_MANAGEMENT
select MODULE_PSA_KEY_SLOT_MGMT
if MODULE_PSA_ASYMMETRIC if MODULE_PSA_ASYMMETRIC

View File

@ -7,8 +7,7 @@
menuconfig MODULE_PSA_CIPHER menuconfig MODULE_PSA_CIPHER
bool "PSA Ciphers" bool "PSA Ciphers"
select PSA_KEY_CONFIG select MODULE_PSA_KEY_MANAGEMENT
select MODULE_PSA_KEY_SLOT_MGMT
if MODULE_PSA_CIPHER if MODULE_PSA_CIPHER

View File

@ -7,7 +7,6 @@
menuconfig MODULE_PSA_HASH menuconfig MODULE_PSA_HASH
bool "PSA Hashes" bool "PSA Hashes"
select PSA_KEY_CONFIG
if MODULE_PSA_HASH if MODULE_PSA_HASH

View File

@ -7,6 +7,12 @@
menu "PSA Key Management Configuration" menu "PSA Key Management Configuration"
config MODULE_PSA_KEY_MANAGEMENT
bool
select MODULE_PSA_KEY_SLOT_MGMT
help
Activates the PSA Key Management Module
config PSA_KEY_SIZE_128 config PSA_KEY_SIZE_128
bool "Application uses key of size 128 Bits" bool "Application uses key of size 128 Bits"
help help
@ -44,12 +50,10 @@ config PSA_PROTECTED_KEY_COUNT
config PSA_ASYMMETRIC_KEYPAIR_COUNT config PSA_ASYMMETRIC_KEYPAIR_COUNT
int "Specifies number of allocated key pair slots" int "Specifies number of allocated key pair slots"
default 5 if MODULE_PSA_ASYMMETRIC
default 0 default 0
config PSA_SINGLE_KEY_COUNT config PSA_SINGLE_KEY_COUNT
int "Specifies number of allocated single key slots" int "Specifies number of allocated single key slots"
default 5 if PSA_MAX_KEY_SIZE != 0
default 0 default 0
endmenu # PSA Key Management Configuration endmenu # PSA Key Management Configuration

View File

@ -7,8 +7,7 @@
menuconfig MODULE_PSA_MAC menuconfig MODULE_PSA_MAC
bool "PSA Message Authenticated Ciphers" bool "PSA Message Authenticated Ciphers"
select PSA_KEY_CONFIG select MODULE_PSA_KEY_MANAGEMENT
select MODULE_PSA_KEY_SLOT_MGMT
if MODULE_PSA_MAC if MODULE_PSA_MAC

View File

@ -5,7 +5,7 @@ endif
# Asymmetric # Asymmetric
ifneq (,$(filter psa_asymmetric,$(USEMODULE))) ifneq (,$(filter psa_asymmetric,$(USEMODULE)))
USEMODULE += psa_key_slot_mgmt USEMODULE += psa_key_management
endif endif
## ECC_P192R1 backend ## ECC_P192R1 backend
@ -82,7 +82,7 @@ endif
# Cipher # Cipher
ifneq (,$(filter psa_cipher,$(USEMODULE))) ifneq (,$(filter psa_cipher,$(USEMODULE)))
USEMODULE += psa_key_slot_mgmt USEMODULE += psa_key_management
endif endif
## AES-128-ECB backend ## AES-128-ECB backend
@ -242,8 +242,16 @@ ifneq (,$(filter psa_hash_sha_512_backend_riot,$(USEMODULE)))
USEMODULE += psa_riot_hashes USEMODULE += psa_riot_hashes
USEMODULE += psa_riot_hashes_sha_512 USEMODULE += psa_riot_hashes_sha_512
endif endif
# Key Management
ifneq (,$(filter psa_key_management,$(USEMODULE)))
USEMODULE += psa_key_slot_mgmt
endif
# MAC # MAC
ifneq (,$(filter psa_mac,$(USEMODULE)))
USEMODULE += psa_key_management
endif
## HMAC SHA-256 ## HMAC SHA-256
ifneq (,$(filter psa_mac_hmac_sha_256,$(USEMODULE))) ifneq (,$(filter psa_mac_hmac_sha_256,$(USEMODULE)))
ifeq (,$(filter psa_mac_hmac_sha_256_custom_backend,$(USEMODULE))) ifeq (,$(filter psa_mac_hmac_sha_256_custom_backend,$(USEMODULE)))
@ -271,7 +279,7 @@ endif
# Secure Elements # Secure Elements
ifneq (,$(filter psa_secure_element,$(USEMODULE))) ifneq (,$(filter psa_secure_element,$(USEMODULE)))
USEMODULE += psa_se_mgmt USEMODULE += psa_se_mgmt
USEMODULE += psa_key_slot_mgmt USEMODULE += psa_key_management
endif endif
ifneq (,$(filter psa_secure_element_ateccx08a, $(USEMODULE))) ifneq (,$(filter psa_secure_element_ateccx08a, $(USEMODULE)))

View File

@ -146,6 +146,9 @@ ifneq (,$(filter psa_hash_sha_512,$(USEMODULE)))
endif endif
endif endif
## Key Management
PSEUDOMODULES += psa_key_management
## MAC ## MAC
PSEUDOMODULES += psa_mac PSEUDOMODULES += psa_mac
PSEUDOMODULES += psa_mac_hmac_sha_256 PSEUDOMODULES += psa_mac_hmac_sha_256
@ -162,6 +165,5 @@ endif
## Secure Elements ## Secure Elements
PSEUDOMODULES += psa_secure_element PSEUDOMODULES += psa_secure_element
PSEUDOMODULES += psa_secure_element_asymmetric
PSEUDOMODULES += psa_secure_element_config PSEUDOMODULES += psa_secure_element_config
PSEUDOMODULES += psa_secure_element_multiple PSEUDOMODULES += psa_secure_element_multiple

View File

@ -316,13 +316,14 @@
* *
* ### Secure Elements * ### Secure Elements
* Base: * Base:
*
* - psa_secure_element * - psa_secure_element
* - psa_secure_element_multiple * - psa_secure_element_multiple
* *
* #### SE Types * #### SE Types
* - psa_secure_element_ateccx08a * - psa_secure_element_ateccx08a
* - psa_secure_element_ateccx08a_cipher_aes_128
* - psa_secure_element_ateccx08a_ecc_p256 * - psa_secure_element_ateccx08a_ecc_p256
* - psa_secure_element_ateccx08a_hmac_sha256
* *
* Random Number Generation {#rng} * Random Number Generation {#rng}
* === * ===
@ -372,7 +373,7 @@
* @code * @code
* CONFIG_PSA_SECURE_ELEMENT=y * CONFIG_PSA_SECURE_ELEMENT=y
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y // device example * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y // device example
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC=y * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
* @endcode * @endcode
* *
* or added to the the Makefile: * or added to the the Makefile:
@ -439,10 +440,10 @@
* In RIOT, module names are generated from path names, so if you create a directory for * In RIOT, module names are generated from path names, so if you create a directory for
* your sourcefiles, the module name will be the same as the directory name. It is possible * your sourcefiles, the module name will be the same as the directory name. It is possible
* to change that by declaring a new module name in the Makefile by adding the line * to change that by declaring a new module name in the Makefile by adding the line
* your_module_name`. * `MODULE := your_module_name`.
* *
* If you leave it like this, all sourcefiles in the path corresponding to the module name will be * If you leave it like this, all sourcefiles in the path corresponding to the module name will be
* built (e.g. if you choose to module `hashes`, all files in `sys/hashes` will be included). * built (e.g. if you choose the module `hashes`, all files in `sys/hashes` will be included).
* For better configurability it is possible to add submodules (see * For better configurability it is possible to add submodules (see
* `sys/hashes/psa_riot_hashes` for example). * `sys/hashes/psa_riot_hashes` for example).
* In that case the base module name will be the directory name and each file inside the directory * In that case the base module name will be the directory name and each file inside the directory
@ -960,17 +961,20 @@
* key, which requires a lot less memory space. * key, which requires a lot less memory space.
* *
* **BUT:** If your secure element supports asymmetric cryptography and exports a public key part * **BUT:** If your secure element supports asymmetric cryptography and exports a public key part
* during key generation, that key part must be stored somewhere. This is why there needs to be * during key generation, that key part must be stored somewhere. So when you choose an
* an option to tell PSA Crypto that an application is going to perform asymmetric operations. * asymmetric operation, the protected key slots will have the space to store a public
* Only if that option is selected, the protected key slots will have the space to store a public
* key. * key.
* *
* #### Dependencies
* Secure Element operations also depend on the PSA modules. E.g. when you want to use an ECC
* operation, you need to make sure that you also build the asymmetric PSA functions.
*
* For this we need to add the following to the `superSE` menu: * For this we need to add the following to the `superSE` menu:
* @code * @code
* config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256 * config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256
* bool "Our Vendor's Elliptic Curve P256" * bool "Our Vendor's Elliptic Curve P256"
* select PSA_KEY_SIZE_256 * select PSA_KEY_SIZE_256
* select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC * select MODULE_PSA_ASYMMETRIC
* depends on MODULE_PSA_SECURE_ELEMENT_SUPERSE * depends on MODULE_PSA_SECURE_ELEMENT_SUPERSE
* @endcode * @endcode
* This tells us, what size a key slot should have to store the public key. If your SE supports * This tells us, what size a key slot should have to store the public key. If your SE supports
@ -995,9 +999,11 @@
* endif * endif
* *
* ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE))) * ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE)))
* USEMODULE += psa_secure_element_asymmetric * USEMODULE += psa_asymmetric
* endif * endif
*
* Now the secure element should be available for use with PSA Crypto.
* @endcode * @endcode
* This needs to be done for all other supported operations (e.g. ATECCX08 operations in
* `pkg/cryptoauthlib/Makefile.include`, `pkg/cryptoauthlib/Makefile.dep` and
* `sys/psa_crypto/psa_se_mgmt/Kconfig`. Now the secure element should be available for use
* with PSA Crypto.
*/ */

View File

@ -28,8 +28,12 @@ extern "C" {
#include <stdlib.h> #include <stdlib.h>
#include "kernel_defines.h" #include "kernel_defines.h"
#include "psa/crypto.h" #include "psa/crypto.h"
#include "psa_crypto_slot_management.h"
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_slot_management.h"
#endif
#if IS_USED(MODULE_PSA_HASH)
/** /**
* @brief Dispatch a hash setup function to a specific backend. * @brief Dispatch a hash setup function to a specific backend.
* See @ref psa_hash_setup() * See @ref psa_hash_setup()
@ -68,7 +72,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash, uint8_t *hash,
size_t hash_size, size_t hash_size,
size_t *hash_length); size_t *hash_length);
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
/** /**
* @brief Dispatch a hash signature function to a specific backend. * @brief Dispatch a hash signature function to a specific backend.
* See @ref psa_sign_hash() * See @ref psa_sign_hash()
@ -156,7 +162,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t *
size_t input_length, size_t input_length,
const uint8_t *signature, const uint8_t *signature,
size_t signature_length); size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/** /**
* @brief Dispatch the key generation function to a specific backend. * @brief Dispatch the key generation function to a specific backend.
* See @ref psa_generate_key() * See @ref psa_generate_key()
@ -167,7 +175,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t *
*/ */
psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes, psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot); psa_key_slot_t *slot);
#endif
#if IS_USED(MODULE_PSA_CIPHER)
/** /**
* @brief Dispatch a cipher encrypt function to a specific backend. * @brief Dispatch a cipher encrypt function to a specific backend.
* See @ref psa_cipher_encrypt() * See @ref psa_cipher_encrypt()
@ -213,7 +223,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t *
uint8_t *output, uint8_t *output,
size_t output_size, size_t output_size,
size_t *output_length); size_t *output_length);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
/** /**
* @brief Dispatch a mac computation function to a specific backend. * @brief Dispatch a mac computation function to a specific backend.
* See @ref psa_mac_compute() * See @ref psa_mac_compute()
@ -236,6 +248,7 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
uint8_t *mac, uint8_t *mac,
size_t mac_size, size_t mac_size,
size_t *mac_length); size_t *mac_length);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -29,6 +29,7 @@ extern "C" {
#include "kernel_defines.h" #include "kernel_defines.h"
#include "psa/crypto.h" #include "psa/crypto.h"
#if IS_USED(MODULE_PSA_ASYMMETRIC)
/** /**
* @brief Dispatch call of a hash signature function to a location specific backend. * @brief Dispatch call of a hash signature function to a location specific backend.
* See psa_sign_hash() * See psa_sign_hash()
@ -116,7 +117,9 @@ psa_status_t psa_location_dispatch_verify_message(const psa_key_attributes_t *at
size_t input_length, size_t input_length,
const uint8_t *signature, const uint8_t *signature,
size_t signature_length); size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_MAC)
/** /**
* @brief Dispatch call of a mac computation function to a location specific backend. * @brief Dispatch call of a mac computation function to a location specific backend.
* See psa_mac_compute() * See psa_mac_compute()
@ -139,7 +142,9 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
uint8_t *mac, uint8_t *mac,
size_t mac_size, size_t mac_size,
size_t *mac_length); size_t *mac_length);
#endif
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/** /**
* @brief Dispatch call of the key generation function to a location specific backend. * @brief Dispatch call of the key generation function to a location specific backend.
* See psa_generate_key() * See psa_generate_key()
@ -165,7 +170,9 @@ psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attr
psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attributes, psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length, const uint8_t *data, size_t data_length,
psa_key_slot_t *slot, size_t *bits); psa_key_slot_t *slot, size_t *bits);
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
/** /**
* @brief Dispatch call of a cipher encrypt setup function to a location specific backend. * @brief Dispatch call of a cipher encrypt setup function to a location specific backend.
* See psa_cipher_setup() * See psa_cipher_setup()
@ -254,6 +261,7 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t *
uint8_t *output, uint8_t *output,
size_t output_size, size_t output_size,
size_t *output_length); size_t *output_length);
#endif /* MODULE_PSA_CIPHER */
/** /**
* @brief Dispatch call of a random number generator to a specific backend. * @brief Dispatch call of a random number generator to a specific backend.

View File

@ -78,10 +78,12 @@ typedef struct {
size_t lock_count; /**< Number of entities accessing the slot */ size_t lock_count; /**< Number of entities accessing the slot */
psa_key_attributes_t attr; /**< Attributes associated with the stored key */ psa_key_attributes_t attr; /**< Attributes associated with the stored key */
/** Structure containing key data */ /** Structure containing key data */
#if PSA_SINGLE_KEY_COUNT
struct key_data { struct key_data {
uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */ uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */
size_t data_len; /**< Size of actual key data in bytes */ size_t data_len; /**< Size of actual key data in bytes */
} key; /**< Key data structure */ } key; /**< Key data structure */
#endif /* PSA_SINGLE_KEY_COUNT */
} psa_key_slot_t; } psa_key_slot_t;
/** /**

View File

@ -20,9 +20,13 @@
#include <stdio.h> #include <stdio.h>
#include "psa/crypto.h" #include "psa/crypto.h"
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_slot_management.h"
#endif
#include "psa_crypto_se_driver.h" #include "psa_crypto_se_driver.h"
#include "psa_crypto_se_management.h" #include "psa_crypto_se_management.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_location_dispatch.h" #include "psa_crypto_location_dispatch.h"
#include "psa_crypto_algorithm_dispatch.h" #include "psa_crypto_algorithm_dispatch.h"
@ -38,6 +42,7 @@
*/ */
static uint8_t lib_initialized = 0; static uint8_t lib_initialized = 0;
#if IS_USED(MODULE_PSA_HASH)
/** /**
* @brief Compares the content of two same-sized buffers while maintaining * @brief Compares the content of two same-sized buffers while maintaining
* constant processing time * constant processing time
@ -60,6 +65,7 @@ static inline int constant_time_memcmp(const uint8_t *a, const uint8_t *b, size_
return diff; return diff;
} }
#endif /* MODULE_PSA_HASH */
const char *psa_status_to_humanly_readable(psa_status_t status) const char *psa_status_to_humanly_readable(psa_status_t status)
{ {
@ -126,6 +132,7 @@ psa_status_t psa_crypto_init(void)
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#if IS_USED(MODULE_PSA_AEAD)
psa_status_t psa_aead_abort(psa_aead_operation_t *operation) psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
{ {
(void)operation; (void)operation;
@ -295,7 +302,9 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
(void)tag_length; (void)tag_length;
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MODULE_PSA_AEAD */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *input, const uint8_t *input,
@ -339,7 +348,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
(void)output_length; (void)output_length;
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/** /**
* @brief Checks whether a key's policy permits the usage of a given algorithm * @brief Checks whether a key's policy permits the usage of a given algorithm
* *
@ -418,7 +429,9 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_key_id_t id,
} }
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{ {
if (!lib_initialized) { if (!lib_initialized) {
@ -694,6 +707,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_HASH)
psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg) psa_algorithm_t alg)
{ {
@ -921,8 +937,36 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif /* MODULE_PSA_HASH */
psa_status_t psa_builtin_generate_random(uint8_t *output,
size_t output_size)
{
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
/* TODO: Should point to a CSPRNG API in the future */
random_bytes(output, output_size);
return PSA_SUCCESS;
}
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_generate_random(output, output_size);
}
/* Key Management */ /* Key Management */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
/** /**
* @brief Check whether the key policy is valid * @brief Check whether the key policy is valid
* *
@ -994,7 +1038,7 @@ static psa_status_t psa_validate_key_for_key_generation(psa_key_type_t type, siz
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
return psa_validate_unstructured_key_size(type, bits); return psa_validate_unstructured_key_size(type, bits);
} }
#if IS_USED(MODULE_PSA_ASYMMETRIC) || IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) #if IS_USED(MODULE_PSA_ASYMMETRIC)
else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
return PSA_ECC_KEY_SIZE_IS_VALID(type, bits) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT; return PSA_ECC_KEY_SIZE_IS_VALID(type, bits) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT;
} }
@ -1351,32 +1395,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
return status; return status;
} }
psa_status_t psa_builtin_generate_random( uint8_t *output,
size_t output_size)
{
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
/* TODO: Should point to a CSPRNG API in the future */
random_bytes(output, output_size);
return PSA_SUCCESS;
}
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
if (!lib_initialized) {
return PSA_ERROR_BAD_STATE;
}
if (!output) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return psa_location_dispatch_generate_random(output, output_size);
}
psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_status_t psa_get_key_attributes(psa_key_id_t key,
psa_key_attributes_t *attributes) psa_key_attributes_t *attributes)
{ {
@ -1500,7 +1518,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
return status; return status;
} }
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_KEY_DERIVATION)
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{ {
(void)operation; (void)operation;
@ -1586,7 +1606,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
(void)alg; (void)alg;
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MODULE_PSA_KEY_DERIVATION */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_mac_abort(psa_mac_operation_t *operation) psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{ {
if (!lib_initialized) { if (!lib_initialized) {
@ -1763,7 +1785,9 @@ psa_status_t psa_purge_key(psa_key_id_t key)
(void)key; (void)key;
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_KEY_AGREEMENT)
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
psa_key_id_t private_key, psa_key_id_t private_key,
const uint8_t *peer_key, const uint8_t *peer_key,
@ -1781,7 +1805,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
(void)output_length; (void)output_length;
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MODULE_PSA_KEY_AGREEMENT */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_sign_hash(psa_key_id_t key, psa_status_t psa_sign_hash(psa_key_id_t key,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *hash, const uint8_t *hash,
@ -2000,3 +2026,4 @@ psa_status_t psa_verify_message(psa_key_id_t key,
unlock_status = psa_unlock_key_slot(slot); unlock_status = psa_unlock_key_slot(slot);
return ((status == PSA_SUCCESS) ? unlock_status : status); return ((status == PSA_SUCCESS) ? unlock_status : status);
} }
#endif /* MODULE_PSA_ASYMMETRIC */

View File

@ -21,12 +21,28 @@
#include <stdio.h> #include <stdio.h>
#include "kernel_defines.h" #include "kernel_defines.h"
#include "psa/crypto.h" #include "psa/crypto.h"
#include "psa_mac.h"
#include "psa_hashes.h"
#include "psa_ecc.h"
#include "psa_ciphers.h"
#include "psa_crypto_operation_encoder.h"
#if IS_USED(MODULE_PSA_MAC)
#include "psa_mac.h"
#endif
#if IS_USED(MODULE_PSA_HASH)
#include "psa_hashes.h"
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC)
#include "psa_ecc.h"
#endif
#if IS_USED(MODULE_PSA_CIPHER)
#include "psa_ciphers.h"
#endif
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_operation_encoder.h"
#endif
#if IS_USED(MODULE_PSA_HASH)
psa_status_t psa_algorithm_dispatch_hash_setup(psa_hash_operation_t *operation, psa_status_t psa_algorithm_dispatch_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg) psa_algorithm_t alg)
{ {
@ -150,7 +166,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
} }
#endif /* MODULE_PSA_HASH */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attributes, psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg, psa_algorithm_t alg,
const psa_key_slot_t *slot, const psa_key_slot_t *slot,
@ -353,7 +371,9 @@ psa_status_t psa_algorithm_dispatch_verify_message(const psa_key_attributes_t *a
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
} }
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes, psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot) psa_key_slot_t *slot)
{ {
@ -407,7 +427,9 @@ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *
return psa_builtin_generate_key(attributes, key_data, *key_bytes, key_bytes); return psa_builtin_generate_key(attributes, key_data, *key_bytes, key_bytes);
} }
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
psa_status_t psa_algorithm_dispatch_cipher_encrypt( const psa_key_attributes_t *attributes, psa_status_t psa_algorithm_dispatch_cipher_encrypt( const psa_key_attributes_t *attributes,
psa_algorithm_t alg, psa_algorithm_t alg,
const psa_key_slot_t *slot, const psa_key_slot_t *slot,
@ -499,7 +521,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t *
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
} }
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attributes, psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attributes,
psa_algorithm_t alg, psa_algorithm_t alg,
const psa_key_slot_t *slot, const psa_key_slot_t *slot,
@ -538,3 +562,4 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
(void)mac_length; (void)mac_length;
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif /* MODULE_PSA_MAC */

View File

@ -22,10 +22,12 @@
#include "kernel_defines.h" #include "kernel_defines.h"
#include "psa/crypto.h" #include "psa/crypto.h"
#include "psa_crypto_algorithm_dispatch.h" #include "psa_crypto_algorithm_dispatch.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_se_management.h" #include "psa_crypto_se_management.h"
#include "psa_crypto_se_driver.h" #include "psa_crypto_se_driver.h"
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
#include "psa_crypto_slot_management.h"
psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attributes, psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attributes,
psa_key_slot_t *slot) psa_key_slot_t *slot)
{ {
@ -104,7 +106,9 @@ psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attri
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
} }
#endif /* MODULE_PSA_KEY_MANAGEMENT */
#if IS_USED(MODULE_PSA_CIPHER)
psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_t *operation, psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const psa_key_slot_t *slot, const psa_key_slot_t *slot,
@ -335,6 +339,9 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t *
output, output_size, output_length); output, output_size, output_length);
} }
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
psa_status_t psa_location_dispatch_sign_hash( const psa_key_attributes_t *attributes, psa_status_t psa_location_dispatch_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg, psa_algorithm_t alg,
const psa_key_slot_t *slot, const psa_key_slot_t *slot,
@ -428,7 +435,9 @@ psa_status_t psa_location_dispatch_verify_message( const psa_key_attributes_t *
return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature, return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature,
signature_length); signature_length);
} }
#endif /* MODULE_PSA_ASYMMETRIC */
#if IS_USED(MODULE_PSA_MAC)
psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes, psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes,
psa_algorithm_t alg, psa_algorithm_t alg,
const psa_key_slot_t *slot, const psa_key_slot_t *slot,
@ -462,6 +471,7 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac, return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac,
mac_size, mac_length); mac_size, mac_length);
} }
#endif /* MODULE_PSA_MAC */
psa_status_t psa_location_dispatch_generate_random(uint8_t *output, psa_status_t psa_location_dispatch_generate_random(uint8_t *output,
size_t output_size) size_t output_size)

View File

@ -7,4 +7,5 @@
config MODULE_PSA_KEY_SLOT_MGMT config MODULE_PSA_KEY_SLOT_MGMT
bool bool
default y if PACKAGE_PSA_ARCH_TESTS help
Enable PSA key slot management module

View File

@ -1,4 +1,3 @@
MODULE := psa_key_slot_mgmt
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
include $(RIOTBASE)/Makefile.base include $(RIOTBASE)/Makefile.base

View File

@ -24,7 +24,7 @@
#define ENABLE_DEBUG 0 #define ENABLE_DEBUG 0
#include "debug.h" #include "debug.h"
#if IS_USED(MODULE_PSA_SECURE_ELEMENT) #if PSA_PROTECTED_KEY_COUNT
/** /**
* @brief Structure for a protected key slot. * @brief Structure for a protected key slot.
* *
@ -37,7 +37,7 @@ typedef struct {
psa_key_attributes_t attr; psa_key_attributes_t attr;
struct prot_key_data { struct prot_key_data {
psa_key_slot_number_t slot_number; psa_key_slot_number_t slot_number;
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) #if IS_USED(MODULE_PSA_ASYMMETRIC)
uint8_t pubkey_data[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; uint8_t pubkey_data[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
size_t pubkey_data_len; size_t pubkey_data_len;
#endif #endif
@ -53,9 +53,9 @@ static psa_prot_key_slot_t protected_key_slots[PSA_PROTECTED_KEY_COUNT];
* @brief List pointing to empty protected key slots * @brief List pointing to empty protected key slots
*/ */
static clist_node_t protected_list_empty; static clist_node_t protected_list_empty;
#endif /* MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC */ #endif /* PSA_PROTECTED_KEY_COUNT */
#if IS_USED(MODULE_PSA_ASYMMETRIC) #if PSA_ASYMMETRIC_KEYPAIR_COUNT
/** /**
* @brief Structure for asymmetric key pairs. * @brief Structure for asymmetric key pairs.
* *
@ -87,8 +87,9 @@ static psa_key_pair_slot_t key_pair_slots[PSA_ASYMMETRIC_KEYPAIR_COUNT];
* @brief List pointing to empty asymmetric key slots * @brief List pointing to empty asymmetric key slots
*/ */
static clist_node_t key_pair_list_empty; static clist_node_t key_pair_list_empty;
#endif /* MODULE_PSA_ASYMMETRIC */ #endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
#if PSA_SINGLE_KEY_COUNT
/** /**
* @brief Array containing the single key slots * @brief Array containing the single key slots
*/ */
@ -98,6 +99,7 @@ static psa_key_slot_t single_key_slots[PSA_SINGLE_KEY_COUNT];
* @brief List pointing to empty single key slots * @brief List pointing to empty single key slots
*/ */
static clist_node_t single_key_list_empty; static clist_node_t single_key_list_empty;
#endif
/** /**
* @brief Global list of used key slots * @brief Global list of used key slots
@ -119,61 +121,61 @@ static psa_key_id_t key_id_count = PSA_KEY_ID_VOLATILE_MIN;
static clist_node_t * psa_get_empty_key_slot_list(const psa_key_attributes_t *attr) static clist_node_t * psa_get_empty_key_slot_list(const psa_key_attributes_t *attr)
{ {
if (!psa_key_lifetime_is_external(attr->lifetime)) { if (!psa_key_lifetime_is_external(attr->lifetime)) {
#if IS_USED(MODULE_PSA_ASYMMETRIC) #if PSA_ASYMMETRIC_KEYPAIR_COUNT
if (PSA_KEY_TYPE_IS_KEY_PAIR(attr->type)) { if (PSA_KEY_TYPE_IS_KEY_PAIR(attr->type)) {
return &key_pair_list_empty; return &key_pair_list_empty;
} }
#endif /* MODULE_PSA_ASYMMETRIC */ #endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
#if PSA_SINGLE_KEY_COUNT
return &single_key_list_empty; return &single_key_list_empty;
#endif /* PSA_SINGLE_KEY_COUNT */
} }
#if IS_USED(MODULE_PSA_SECURE_ELEMENT) #if PSA_PROTECTED_KEY_COUNT
return &protected_list_empty; return &protected_list_empty;
#else #else
return NULL; return NULL;
#endif /* MODULE_PSA_SECURE_ELEMENT */ #endif /* PSA_PROTECTED_KEY_COUNT */
} }
void psa_init_key_slots(void) void psa_init_key_slots(void)
{ {
DEBUG("List Node Size: %d\n", sizeof(clist_node_t)); #if PSA_PROTECTED_KEY_COUNT
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
memset(protected_key_slots, 0, sizeof(protected_key_slots)); memset(protected_key_slots, 0, sizeof(protected_key_slots));
#if PSA_PROTECTED_KEY_COUNT
for (size_t i = 0; i < PSA_PROTECTED_KEY_COUNT; i++) { for (size_t i = 0; i < PSA_PROTECTED_KEY_COUNT; i++) {
clist_rpush(&protected_list_empty, &protected_key_slots[i].node); clist_rpush(&protected_list_empty, &protected_key_slots[i].node);
} }
#endif /* PSA_PROTECTED_KEY_COUNT */
DEBUG("Protected Slot Count: %d, Size: %d\n", PSA_PROTECTED_KEY_COUNT, DEBUG("Protected Slot Count: %d, Size: %d\n", PSA_PROTECTED_KEY_COUNT,
sizeof(psa_prot_key_slot_t)); sizeof(psa_prot_key_slot_t));
DEBUG("Protected Slot Array Size: %d\n", sizeof(protected_key_slots)); DEBUG("Protected Slot Array Size: %d\n", sizeof(protected_key_slots));
DEBUG("Protected Slot Empty List Size: %d\n", clist_count(&protected_list_empty)); DEBUG("Protected Slot Empty List Size: %d\n", clist_count(&protected_list_empty));
#endif /* MODULE_PSA_SECURE_ELEMENT */ #endif /* PSA_PROTECTED_KEY_COUNT */
#if IS_USED(MODULE_PSA_ASYMMETRIC)
memset(key_pair_slots, 0, sizeof(key_pair_slots));
#if PSA_ASYMMETRIC_KEYPAIR_COUNT #if PSA_ASYMMETRIC_KEYPAIR_COUNT
memset(key_pair_slots, 0, sizeof(key_pair_slots));
for (size_t i = 0; i < PSA_ASYMMETRIC_KEYPAIR_COUNT; i++) { for (size_t i = 0; i < PSA_ASYMMETRIC_KEYPAIR_COUNT; i++) {
clist_rpush(&key_pair_list_empty, &key_pair_slots[i].node); clist_rpush(&key_pair_list_empty, &key_pair_slots[i].node);
} }
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
DEBUG("Asymmetric Slot Count: %d, Size: %d\n", PSA_ASYMMETRIC_KEYPAIR_COUNT, DEBUG("Asymmetric Slot Count: %d, Size: %d\n", PSA_ASYMMETRIC_KEYPAIR_COUNT,
sizeof(psa_key_pair_slot_t)); sizeof(psa_key_pair_slot_t));
DEBUG("Asymmetric Slot Array Size: %d\n", sizeof(key_pair_slots)); DEBUG("Asymmetric Slot Array Size: %d\n", sizeof(key_pair_slots));
DEBUG("Asymmetric Slot Empty List Size: %d\n", clist_count(&key_pair_list_empty)); DEBUG("Asymmetric Slot Empty List Size: %d\n", clist_count(&key_pair_list_empty));
#endif /* MODULE_PSA_ASYMMETRIC */ #endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
memset(single_key_slots, 0, sizeof(single_key_slots));
#if PSA_SINGLE_KEY_COUNT #if PSA_SINGLE_KEY_COUNT
memset(single_key_slots, 0, sizeof(single_key_slots));
for (size_t i = 0; i < PSA_SINGLE_KEY_COUNT; i++) { for (size_t i = 0; i < PSA_SINGLE_KEY_COUNT; i++) {
clist_rpush(&single_key_list_empty, &single_key_slots[i].node); clist_rpush(&single_key_list_empty, &single_key_slots[i].node);
} }
#endif
DEBUG("Single Key Slot Count: %d, Size: %d\n", PSA_SINGLE_KEY_COUNT, sizeof(psa_key_slot_t)); DEBUG("Single Key Slot Count: %d, Size: %d\n", PSA_SINGLE_KEY_COUNT, sizeof(psa_key_slot_t));
DEBUG("Single Key Slot Array Size: %d\n", sizeof(single_key_slots)); DEBUG("Single Key Slot Array Size: %d\n", sizeof(single_key_slots));
DEBUG("Single Key Slot Empty List Size: %d\n", clist_count(&single_key_list_empty)); DEBUG("Single Key Slot Empty List Size: %d\n", clist_count(&single_key_list_empty));
#endif /* PSA_SINGLE_KEY_COUNT */
} }
/** /**
@ -189,14 +191,14 @@ static void psa_wipe_real_slot_type(psa_key_slot_t *slot)
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
memset(slot, 0, sizeof(psa_key_slot_t)); memset(slot, 0, sizeof(psa_key_slot_t));
} }
#if IS_USED(MODULE_PSA_ASYMMETRIC) #if PSA_ASYMMETRIC_KEYPAIR_COUNT
else { else {
memset((psa_key_pair_slot_t *)slot, 0, sizeof(psa_key_pair_slot_t)); memset((psa_key_pair_slot_t *)slot, 0, sizeof(psa_key_pair_slot_t));
} }
#endif #endif
} }
#if IS_USED(MODULE_PSA_SECURE_ELEMENT) #if PSA_PROTECTED_KEY_COUNT
else { else {
memset((psa_prot_key_slot_t *)slot, 0, sizeof(psa_prot_key_slot_t)); memset((psa_prot_key_slot_t *)slot, 0, sizeof(psa_prot_key_slot_t));
} }
@ -483,12 +485,15 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_
if (!psa_key_lifetime_is_external(attr.lifetime)) { if (!psa_key_lifetime_is_external(attr.lifetime)) {
#if PSA_SINGLE_KEY_COUNT
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
*key_data = (uint8_t *)slot->key.data; *key_data = (uint8_t *)slot->key.data;
*key_bytes = (size_t *)&slot->key.data_len; *key_bytes = (size_t *)&slot->key.data_len;
key_data_size = sizeof(slot->key.data); key_data_size = sizeof(slot->key.data);
} }
#if IS_USED(MODULE_PSA_ASYMMETRIC) #endif /* PSA_SINGLE_KEY_COUNT */
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
else { else {
*key_data = ((psa_key_pair_slot_t *)slot)->key.privkey_data; *key_data = ((psa_key_pair_slot_t *)slot)->key.privkey_data;
*key_bytes = &((psa_key_pair_slot_t *)slot)->key.privkey_data_len; *key_bytes = &((psa_key_pair_slot_t *)slot)->key.privkey_data_len;
@ -499,7 +504,7 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_
return key_data_size; return key_data_size;
} }
#if IS_USED(MODULE_PSA_SECURE_ELEMENT) #if IS_USED(MODULE_PSA_SECURE_ELEMENT) && PSA_PROTECTED_KEY_COUNT
psa_key_slot_number_t * psa_key_slot_get_slot_number(const psa_key_slot_t *slot) psa_key_slot_number_t * psa_key_slot_get_slot_number(const psa_key_slot_t *slot)
{ {
return &(((psa_prot_key_slot_t *)slot)->key.slot_number); return &(((psa_prot_key_slot_t *)slot)->key.slot_number);
@ -519,12 +524,14 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t *
} }
if (!psa_key_lifetime_is_external(attr.lifetime)) { if (!psa_key_lifetime_is_external(attr.lifetime)) {
#if PSA_SINGLE_KEY_COUNT
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
*pubkey_data = ((psa_key_slot_t *)slot)->key.data; *pubkey_data = ((psa_key_slot_t *)slot)->key.data;
*pubkey_data_len = &((psa_key_slot_t *)slot)->key.data_len; *pubkey_data_len = &((psa_key_slot_t *)slot)->key.data_len;
return; return;
} }
#if IS_USED(MODULE_PSA_ASYMMETRIC) #endif /* PSA_SINGLE_KEY_COUNT */
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
else { else {
*pubkey_data = ((psa_key_pair_slot_t *)slot)->key.pubkey_data; *pubkey_data = ((psa_key_pair_slot_t *)slot)->key.pubkey_data;
*pubkey_data_len = &((psa_key_pair_slot_t *)slot)->key.pubkey_data_len; *pubkey_data_len = &((psa_key_pair_slot_t *)slot)->key.pubkey_data_len;
@ -532,7 +539,7 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t *
} }
#endif #endif
} }
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) #if PSA_PROTECTED_KEY_COUNT && IS_USED(MODULE_PSA_ASYMMETRIC)
*pubkey_data = ((psa_prot_key_slot_t *)slot)->key.pubkey_data; *pubkey_data = ((psa_prot_key_slot_t *)slot)->key.pubkey_data;
*pubkey_data_len = &((psa_prot_key_slot_t *)slot)->key.pubkey_data_len; *pubkey_data_len = &((psa_prot_key_slot_t *)slot)->key.pubkey_data_len;
#endif #endif

View File

@ -7,7 +7,7 @@
menuconfig MODULE_PSA_SECURE_ELEMENT menuconfig MODULE_PSA_SECURE_ELEMENT
bool "PSA Secure Elements" bool "PSA Secure Elements"
select MODULE_PSA_KEY_SLOT_MGMT select MODULE_PSA_KEY_MANAGEMENT
select MODULE_PSA_SE_MGMT select MODULE_PSA_SE_MGMT
if MODULE_PSA_SECURE_ELEMENT if MODULE_PSA_SECURE_ELEMENT
@ -33,17 +33,24 @@ menuconfig MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256 config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256
bool "Microchip ATECCX08A Elliptic Curve P256" bool "Microchip ATECCX08A Elliptic Curve P256"
select PSA_KEY_SIZE_256 select PSA_KEY_SIZE_256
select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC select MODULE_PSA_ASYMMETRIC
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128
bool "Microchip ATECCX08A Cipher AES 128"
select PSA_KEY_SIZE_128
select MODULE_PSA_CIPHER
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256
bool "Microchip ATECCX08A HMAC SHA-256"
select PSA_KEY_SIZE_128
select MODULE_PSA_MAC
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
config MODULE_PSA_SE_MGMT config MODULE_PSA_SE_MGMT
bool bool
config MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
bool
help
Indicates that an asymmetric operation is used with secure elements.
config MODULE_PSA_SECURE_ELEMENT_CONFIG config MODULE_PSA_SECURE_ELEMENT_CONFIG
bool bool
help help

View File

@ -4,9 +4,8 @@ USEMODULE += embunit
USEMODULE += psa_crypto USEMODULE += psa_crypto
# FIXME: currently only needed for build to succeed CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
USEMODULE += psa_cipher CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
USEMODULE += psa_cipher_aes_128_cbc
USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_ed25519 USEMODULE += psa_asymmetric_ecc_ed25519

View File

@ -0,0 +1,17 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_cipher
USEMODULE += psa_cipher_aes_128_cbc
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

View File

@ -0,0 +1,4 @@
# PSA Crypto Cipher Test
This is a configuration test for only the cipher of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,8 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_CIPHER=y
CONFIG_MODULE_PSA_CIPHER_AES_128_CBC=y
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_cipher_aes_128.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,20 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_p256r1
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

View File

@ -0,0 +1,4 @@
# PSA Crypto ECDSA Test
This is a configuration test for only the ecdsa of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,10 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_MODULE_PSA_ASYMMETRIC=y
CONFIG_MODULE_PSA_ASYMMETRIC_ECC_P256R1=y
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_ecdsa_p256.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,18 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_asymmetric
USEMODULE += psa_asymmetric_ecc_ed25519
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,12 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
stm32f030f4-demo \
#

View File

@ -0,0 +1,4 @@
# PSA Crypto EDDSA Test
This is a configuration test for only the eddsa of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,8 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_ASYMMETRIC=y
CONFIG_MODULE_PSA_ASYMMETRIC_ECC_ED25519=y
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_eddsa.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,13 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,3 @@
BOARD_INSUFFICIENT_MEMORY := \
atmega8
#

View File

@ -0,0 +1,4 @@
# PSA Crypto Hashes Test
This is a configuration test for only the hashes of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,6 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,17 @@
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_mac
USEMODULE += psa_mac_hmac_sha_256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,9 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
#

View File

@ -0,0 +1,4 @@
# PSA Crypto Mac Test
This is a configuration test for only the mac of the PSA crypto module.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,8 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_MAC=y
CONFIG_MODULE_PSA_MAC_HMAC_SHA_256=y
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_hmac_sha256.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,30 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,10 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
#

View File

@ -0,0 +1,4 @@
# PSA Crypto Secure Element Test
This is a configuration test for all PSA crypto modules using a secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,14 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_PSA_PROTECTED_KEY_COUNT=3
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_cipher_aes_128.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_ecdsa_p256.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_hmac_sha256.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,26 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

View File

@ -0,0 +1,5 @@
# PSA Crypto Cipher Test
This is a configuration test for only the cipher of the PSA crypto module using
secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,9 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_PSA_PROTECTED_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_cipher_aes_128.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,28 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,10 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

View File

@ -0,0 +1,5 @@
# PSA Crypto Secure Element ECDSA Test
This is a configuration test for only the ecdsa of the PSA crypto module using
secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,12 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_HASH=y
CONFIG_MODULE_PSA_HASH_SHA_256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_PSA_SINGLE_KEY_COUNT=1
CONFIG_PSA_PROTECTED_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_ecdsa_p256.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -0,0 +1,25 @@
BOARD ?= nrf52840dk
include ../Makefile.sys_common
USEMODULE += ztimer
USEMODULE += ztimer_usec
USEMODULE += psa_crypto
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
ifneq (1, $(TEST_KCONFIG))
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
endif
CFLAGS += -DSECURE_ELEMENT
CFLAGS += -DCUSTOM_ATCA_PARAMS
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
SHOULD_RUN_KCONFIG :=
include $(RIOTBASE)/Makefile.include

View File

@ -0,0 +1,11 @@
BOARD_INSUFFICIENT_MEMORY := \
arduino-duemilanove \
arduino-leonardo \
arduino-nano \
arduino-uno \
atmega328p \
atmega328p-xplained-mini \
atmega8 \
nucleo-l011k4 \
samd10-xmini \
#

View File

@ -0,0 +1,5 @@
# PSA Crypto Mac Test
This is a configuration test for only the mac of the PSA crypto module using
secure element.
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).

View File

@ -0,0 +1,9 @@
CONFIG_MODULE_PSA_CRYPTO=y
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_PSA_PROTECTED_KEY_COUNT=1
CONFIG_ZTIMER_USEC=y

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/custom_atca_params.h

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/example_hmac_sha256.c

View File

@ -0,0 +1 @@
../../../examples/psa_crypto/main.c

View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
import sys
from testrunner import run
def testfunc(child):
child.expect_exact('All Done')
print("[TEST PASSED]")
if __name__ == "__main__":
sys.exit(run(testfunc))