mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
sys/psa_crypto: Build PSA Crypto functions based on module selection
This commit is contained in:
parent
d73ef09d5c
commit
de09b2a0b4
@ -48,6 +48,8 @@ else
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
USEMODULE += psa_secure_element
|
||||
USEMODULE += psa_secure_element_ateccx08a
|
||||
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
|
||||
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
|
||||
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
|
||||
else ifeq (2, $(SECURE_ELEMENT))
|
||||
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
|
||||
@ -60,6 +62,8 @@ else
|
||||
USEMODULE += psa_secure_element
|
||||
USEMODULE += psa_secure_element_multiple
|
||||
USEMODULE += psa_secure_element_ateccx08a
|
||||
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
|
||||
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
|
||||
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
|
||||
else ifdef CUSTOM_BACKEND
|
||||
# Necessary configuration when using Make dependency resolution
|
||||
|
@ -2,6 +2,8 @@
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y
|
||||
|
||||
CONFIG_PSA_MAX_SE_COUNT=2
|
||||
|
@ -1,6 +1,8 @@
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
|
||||
|
||||
CONFIG_PSA_PROTECTED_KEY_COUNT=4
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
@ -21,22 +21,36 @@
|
||||
#include "psa/crypto.h"
|
||||
#include "ztimer.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
extern psa_status_t example_cipher_aes_128(void);
|
||||
#endif
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
extern psa_status_t example_hmac_sha256(void);
|
||||
#endif
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
|
||||
extern psa_status_t example_ecdsa_p256(void);
|
||||
|
||||
#endif
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
|
||||
#ifndef SECURE_ELEMENT
|
||||
extern psa_status_t example_eddsa(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef MULTIPLE_SE
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
extern psa_status_t example_cipher_aes_128_sec_se(void);
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
extern psa_status_t example_hmac_sha256_sec_se(void);
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
|
||||
extern psa_status_t example_ecdsa_p256_sec_se(void);
|
||||
#endif
|
||||
#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
|
||||
#endif /* MULTIPLE_SE */
|
||||
|
||||
int main(void)
|
||||
{
|
||||
bool failed = false;
|
||||
psa_status_t status;
|
||||
|
||||
psa_crypto_init();
|
||||
@ -44,60 +58,88 @@ int main(void)
|
||||
ztimer_acquire(ZTIMER_USEC);
|
||||
ztimer_now_t start = ztimer_now(ZTIMER_USEC);
|
||||
|
||||
/* Needed in case only hashes are tested */
|
||||
(void)status;
|
||||
(void)start;
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
status = example_hmac_sha256();
|
||||
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
start = ztimer_now(ZTIMER_USEC);
|
||||
status = example_cipher_aes_128();
|
||||
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
|
||||
start = ztimer_now(ZTIMER_USEC);
|
||||
status = example_ecdsa_p256();
|
||||
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef SECURE_ELEMENT
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
|
||||
start = ztimer_now(ZTIMER_USEC);
|
||||
status = example_eddsa();
|
||||
printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MULTIPLE_SE
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
puts("Running Examples with secondary SE:");
|
||||
status = example_hmac_sha256_sec_se();
|
||||
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
start = ztimer_now(ZTIMER_USEC);
|
||||
status = example_cipher_aes_128_sec_se();
|
||||
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
|
||||
start = ztimer_now(ZTIMER_USEC);
|
||||
status = example_ecdsa_p256_sec_se();
|
||||
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
|
||||
if (status != PSA_SUCCESS) {
|
||||
failed = true;
|
||||
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
|
||||
}
|
||||
#endif
|
||||
#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
|
||||
#endif /* MULTIPLE_SE */
|
||||
|
||||
ztimer_release(ZTIMER_USEC);
|
||||
|
||||
if (failed) {
|
||||
puts("Tests failed...");
|
||||
}
|
||||
else {
|
||||
puts("All Done");
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE)))
|
||||
endif
|
||||
|
||||
ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE)))
|
||||
USEMODULE += psa_secure_element_asymmetric
|
||||
USEMODULE += psa_asymmetric
|
||||
endif
|
||||
|
||||
ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE)))
|
||||
USEMODULE += psa_cipher
|
||||
endif
|
||||
|
||||
ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE)))
|
||||
USEMODULE += psa_mac
|
||||
endif
|
||||
|
@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE)))
|
||||
INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity
|
||||
endif
|
||||
|
||||
ifneq (,$(filter psa_crypto,$(USEMODULE)))
|
||||
PSEUDOMODULES += psa_secure_element_ateccx08a
|
||||
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
|
||||
endif
|
||||
PSEUDOMODULES += psa_secure_element_ateccx08a
|
||||
PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128
|
||||
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
|
||||
PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256
|
||||
|
@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable
|
||||
TOOLCHAINS_BLACKLIST += llvm
|
||||
|
||||
ifneq (,$(filter psa_uecc_%, $(USEMODULE)))
|
||||
PSEUDOMODULES += psa_uecc_p192
|
||||
PSEUDOMODULES += psa_uecc_p256
|
||||
DIRS += $(RIOTPKG)/micro-ecc/psa_uecc
|
||||
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
|
||||
endif
|
||||
|
||||
PSEUDOMODULES += psa_uecc_p192
|
||||
PSEUDOMODULES += psa_uecc_p256
|
||||
|
@ -50,7 +50,7 @@ void auto_init_atca(void)
|
||||
}
|
||||
atca_devs_ptr[i] = &atca_devs[i];
|
||||
|
||||
DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc);
|
||||
DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc);
|
||||
status = psa_register_secure_element(atca_params[i].atca_loc,
|
||||
&atca_methods,
|
||||
&atca_config_list[i],
|
||||
|
@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status);
|
||||
*/
|
||||
psa_status_t psa_crypto_init(void);
|
||||
|
||||
#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Process an authenticated encryption operation.
|
||||
*
|
||||
@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
|
||||
* initialize results in this error code.
|
||||
*/
|
||||
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
|
||||
#endif /* MODULE_PSA_AEAD */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Encrypt a short message with a public key.
|
||||
*
|
||||
@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length);
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Abort a cipher operation.
|
||||
*
|
||||
@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length);
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Make a copy of a key.
|
||||
*
|
||||
@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui
|
||||
*/
|
||||
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
|
||||
psa_key_id_t *key);
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
/**
|
||||
* @brief Built-in function for random number generation.
|
||||
@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output,
|
||||
psa_status_t psa_generate_random(uint8_t *output,
|
||||
size_t output_size);
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Declare the permitted algorithm policy for a key.
|
||||
*
|
||||
@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
|
||||
*/
|
||||
psa_status_t psa_get_key_attributes(psa_key_id_t key,
|
||||
psa_key_attributes_t *attributes);
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Abort a hash operation.
|
||||
*
|
||||
@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
|
||||
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
|
||||
const uint8_t *hash,
|
||||
size_t hash_length);
|
||||
#endif /* MODULE_PSA_HASH */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Built-in key import function.
|
||||
*
|
||||
@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data,
|
||||
size_t data_length,
|
||||
psa_key_id_t *key);
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Abort a key derivation operation.
|
||||
*
|
||||
@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope
|
||||
*/
|
||||
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
|
||||
psa_key_id_t expected);
|
||||
#endif /* PSA_CRYPTO_KEY_DERIVATION */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Abort a MAC operation.
|
||||
*
|
||||
@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
|
||||
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
|
||||
psa_key_id_t key,
|
||||
psa_algorithm_t alg);
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Remove non-essential copies of key material from memory.
|
||||
*
|
||||
@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
|
||||
* @return @ref PSA_ERROR_DATA_INVALID
|
||||
*/
|
||||
psa_status_t psa_purge_key(psa_key_id_t key);
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Perform a key agreement and return the raw shared secret.
|
||||
*
|
||||
@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length);
|
||||
#endif /* MODULE_PSA_KEY_AGREEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Sign an already-calculated hash with a private key.
|
||||
*
|
||||
@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
|
||||
size_t input_length,
|
||||
const uint8_t *signature,
|
||||
size_t signature_length);
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -79,29 +79,21 @@ extern "C" {
|
||||
* @brief Number of required allocated asymmetric key pair slots.
|
||||
*
|
||||
* @details These should be defined by the developer to
|
||||
* fit their requirements. The default number is 5.
|
||||
* fit their requirements. The default number is 0.
|
||||
*/
|
||||
#ifndef CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
#if (IS_USED(MODULE_PSA_ASYMMETRIC))
|
||||
#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 5
|
||||
#else
|
||||
#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 0
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief Number of required allocated single key slots.
|
||||
*
|
||||
* @details These should be defined by the developer to
|
||||
* fit their requirements. The default number is 5.
|
||||
* fit their requirements. The default number is 0.
|
||||
*/
|
||||
#ifndef CONFIG_PSA_SINGLE_KEY_COUNT
|
||||
#if (IS_USED(MODULE_PSA_KEY_SLOT_MGMT))
|
||||
#define CONFIG_PSA_SINGLE_KEY_COUNT 5
|
||||
#else
|
||||
#define CONFIG_PSA_SINGLE_KEY_COUNT 0
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief Number of required allocated protected key slots.
|
||||
@ -110,7 +102,7 @@ extern "C" {
|
||||
* fit their requirements. The default number is 5.
|
||||
*/
|
||||
#ifndef CONFIG_PSA_PROTECTED_KEY_COUNT
|
||||
#if (IS_USED(MODULE_PSA_SE_MGMT))
|
||||
#if (IS_USED(MODULE_PSA_SECURE_ELEMENT))
|
||||
#define CONFIG_PSA_PROTECTED_KEY_COUNT 5
|
||||
#else
|
||||
#define CONFIG_PSA_PROTECTED_KEY_COUNT 0
|
||||
@ -991,7 +983,7 @@ extern "C" {
|
||||
/**
|
||||
* @brief The maximum size of the used key data.
|
||||
*/
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) || IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#define PSA_MAX_KEY_DATA_SIZE (PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
|
||||
#else
|
||||
#define PSA_MAX_KEY_DATA_SIZE (CONFIG_PSA_MAX_KEY_SIZE)
|
||||
|
@ -28,34 +28,7 @@ extern "C" {
|
||||
#include "crypto_sizes.h"
|
||||
#include "crypto_contexts.h"
|
||||
|
||||
/**
|
||||
* @brief Structure containing a hash context and algorithm
|
||||
*/
|
||||
struct psa_hash_operation_s {
|
||||
psa_algorithm_t alg; /**< Operation algorithm */
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
psa_hash_context_t ctx; /**< Operation hash context */
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief This macro returns a suitable initializer for a hash operation object of type
|
||||
* @ref psa_hash_operation_t.
|
||||
*/
|
||||
#define PSA_HASH_OPERATION_INIT { 0 }
|
||||
|
||||
/**
|
||||
* @brief Return an initial value for a hash operation object.
|
||||
*
|
||||
* @return struct psa_hash_operation_s
|
||||
*/
|
||||
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
|
||||
{
|
||||
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
|
||||
|
||||
return v;
|
||||
}
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Structure storing the key usage policies
|
||||
*/
|
||||
@ -97,7 +70,9 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void)
|
||||
|
||||
return v;
|
||||
}
|
||||
#endif /*(MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Structure storing an AEAD operation context
|
||||
*
|
||||
@ -124,7 +99,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void)
|
||||
|
||||
return v;
|
||||
}
|
||||
#endif /* MODULE_PSA_AEAD */
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Structure storing a cipher operation context
|
||||
*/
|
||||
@ -135,9 +112,7 @@ struct psa_cipher_operation_s {
|
||||
psa_algorithm_t alg; /**< Operation algorithm*/
|
||||
/** Union containing cipher contexts for the executing backend */
|
||||
union cipher_context {
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
psa_cipher_context_t cipher_ctx; /**< Cipher context */
|
||||
#endif
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A) || defined(DOXYGEN)
|
||||
psa_se_cipher_context_t se_ctx; /**< SE Cipher context */
|
||||
#endif
|
||||
@ -161,7 +136,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
|
||||
|
||||
return v;
|
||||
}
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief This macro returns a suitable initializer for a key derivation operation object of
|
||||
* type @ref psa_key_derivation_operation_t.
|
||||
@ -188,7 +165,39 @@ static inline struct psa_key_derivation_operation_s psa_key_derivation_operation
|
||||
|
||||
return v;
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_DERIVATION */
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief Structure containing a hash context and algorithm
|
||||
*/
|
||||
struct psa_hash_operation_s {
|
||||
psa_algorithm_t alg; /**< Operation algorithm */
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
psa_hash_context_t ctx; /**< Operation hash context */
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief This macro returns a suitable initializer for a hash operation object of type
|
||||
* @ref psa_hash_operation_t.
|
||||
*/
|
||||
#define PSA_HASH_OPERATION_INIT { 0 }
|
||||
|
||||
/**
|
||||
* @brief Return an initial value for a hash operation object.
|
||||
*
|
||||
* @return struct psa_hash_operation_s
|
||||
*/
|
||||
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
|
||||
{
|
||||
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
|
||||
|
||||
return v;
|
||||
}
|
||||
#endif /* MODULE_PSA_HASH */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
|
||||
/**
|
||||
* @brief This macro returns a suitable initializer for a MAC operation object of type
|
||||
* @ref psa_mac_operation_t.
|
||||
@ -215,6 +224,7 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void)
|
||||
|
||||
return v;
|
||||
}
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -7,8 +7,7 @@
|
||||
|
||||
menuconfig MODULE_PSA_ASYMMETRIC
|
||||
bool "PSA Asymmetric Crypto"
|
||||
select PSA_KEY_CONFIG
|
||||
select MODULE_PSA_KEY_SLOT_MGMT
|
||||
select MODULE_PSA_KEY_MANAGEMENT
|
||||
|
||||
if MODULE_PSA_ASYMMETRIC
|
||||
|
||||
|
@ -7,8 +7,7 @@
|
||||
|
||||
menuconfig MODULE_PSA_CIPHER
|
||||
bool "PSA Ciphers"
|
||||
select PSA_KEY_CONFIG
|
||||
select MODULE_PSA_KEY_SLOT_MGMT
|
||||
select MODULE_PSA_KEY_MANAGEMENT
|
||||
|
||||
if MODULE_PSA_CIPHER
|
||||
|
||||
|
@ -7,7 +7,6 @@
|
||||
|
||||
menuconfig MODULE_PSA_HASH
|
||||
bool "PSA Hashes"
|
||||
select PSA_KEY_CONFIG
|
||||
|
||||
if MODULE_PSA_HASH
|
||||
|
||||
|
@ -7,6 +7,12 @@
|
||||
|
||||
menu "PSA Key Management Configuration"
|
||||
|
||||
config MODULE_PSA_KEY_MANAGEMENT
|
||||
bool
|
||||
select MODULE_PSA_KEY_SLOT_MGMT
|
||||
help
|
||||
Activates the PSA Key Management Module
|
||||
|
||||
config PSA_KEY_SIZE_128
|
||||
bool "Application uses key of size 128 Bits"
|
||||
help
|
||||
@ -44,12 +50,10 @@ config PSA_PROTECTED_KEY_COUNT
|
||||
|
||||
config PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
int "Specifies number of allocated key pair slots"
|
||||
default 5 if MODULE_PSA_ASYMMETRIC
|
||||
default 0
|
||||
|
||||
config PSA_SINGLE_KEY_COUNT
|
||||
int "Specifies number of allocated single key slots"
|
||||
default 5 if PSA_MAX_KEY_SIZE != 0
|
||||
default 0
|
||||
|
||||
endmenu # PSA Key Management Configuration
|
||||
|
@ -7,8 +7,7 @@
|
||||
|
||||
menuconfig MODULE_PSA_MAC
|
||||
bool "PSA Message Authenticated Ciphers"
|
||||
select PSA_KEY_CONFIG
|
||||
select MODULE_PSA_KEY_SLOT_MGMT
|
||||
select MODULE_PSA_KEY_MANAGEMENT
|
||||
|
||||
if MODULE_PSA_MAC
|
||||
|
||||
|
@ -5,7 +5,7 @@ endif
|
||||
|
||||
# Asymmetric
|
||||
ifneq (,$(filter psa_asymmetric,$(USEMODULE)))
|
||||
USEMODULE += psa_key_slot_mgmt
|
||||
USEMODULE += psa_key_management
|
||||
endif
|
||||
|
||||
## ECC_P192R1 backend
|
||||
@ -82,7 +82,7 @@ endif
|
||||
|
||||
# Cipher
|
||||
ifneq (,$(filter psa_cipher,$(USEMODULE)))
|
||||
USEMODULE += psa_key_slot_mgmt
|
||||
USEMODULE += psa_key_management
|
||||
endif
|
||||
|
||||
## AES-128-ECB backend
|
||||
@ -242,8 +242,16 @@ ifneq (,$(filter psa_hash_sha_512_backend_riot,$(USEMODULE)))
|
||||
USEMODULE += psa_riot_hashes
|
||||
USEMODULE += psa_riot_hashes_sha_512
|
||||
endif
|
||||
# Key Management
|
||||
ifneq (,$(filter psa_key_management,$(USEMODULE)))
|
||||
USEMODULE += psa_key_slot_mgmt
|
||||
endif
|
||||
|
||||
# MAC
|
||||
ifneq (,$(filter psa_mac,$(USEMODULE)))
|
||||
USEMODULE += psa_key_management
|
||||
endif
|
||||
|
||||
## HMAC SHA-256
|
||||
ifneq (,$(filter psa_mac_hmac_sha_256,$(USEMODULE)))
|
||||
ifeq (,$(filter psa_mac_hmac_sha_256_custom_backend,$(USEMODULE)))
|
||||
@ -271,7 +279,7 @@ endif
|
||||
# Secure Elements
|
||||
ifneq (,$(filter psa_secure_element,$(USEMODULE)))
|
||||
USEMODULE += psa_se_mgmt
|
||||
USEMODULE += psa_key_slot_mgmt
|
||||
USEMODULE += psa_key_management
|
||||
endif
|
||||
|
||||
ifneq (,$(filter psa_secure_element_ateccx08a, $(USEMODULE)))
|
||||
|
@ -146,6 +146,9 @@ ifneq (,$(filter psa_hash_sha_512,$(USEMODULE)))
|
||||
endif
|
||||
endif
|
||||
|
||||
## Key Management
|
||||
PSEUDOMODULES += psa_key_management
|
||||
|
||||
## MAC
|
||||
PSEUDOMODULES += psa_mac
|
||||
PSEUDOMODULES += psa_mac_hmac_sha_256
|
||||
@ -162,6 +165,5 @@ endif
|
||||
|
||||
## Secure Elements
|
||||
PSEUDOMODULES += psa_secure_element
|
||||
PSEUDOMODULES += psa_secure_element_asymmetric
|
||||
PSEUDOMODULES += psa_secure_element_config
|
||||
PSEUDOMODULES += psa_secure_element_multiple
|
||||
|
@ -316,13 +316,14 @@
|
||||
*
|
||||
* ### Secure Elements
|
||||
* Base:
|
||||
*
|
||||
* - psa_secure_element
|
||||
* - psa_secure_element_multiple
|
||||
*
|
||||
* #### SE Types
|
||||
* - psa_secure_element_ateccx08a
|
||||
* - psa_secure_element_ateccx08a_cipher_aes_128
|
||||
* - psa_secure_element_ateccx08a_ecc_p256
|
||||
* - psa_secure_element_ateccx08a_hmac_sha256
|
||||
*
|
||||
* Random Number Generation {#rng}
|
||||
* ===
|
||||
@ -372,7 +373,7 @@
|
||||
* @code
|
||||
* CONFIG_PSA_SECURE_ELEMENT=y
|
||||
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y // device example
|
||||
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC=y
|
||||
* CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
|
||||
* @endcode
|
||||
*
|
||||
* or added to the the Makefile:
|
||||
@ -439,10 +440,10 @@
|
||||
* In RIOT, module names are generated from path names, so if you create a directory for
|
||||
* your sourcefiles, the module name will be the same as the directory name. It is possible
|
||||
* to change that by declaring a new module name in the Makefile by adding the line
|
||||
* your_module_name`.
|
||||
* `MODULE := your_module_name`.
|
||||
*
|
||||
* If you leave it like this, all sourcefiles in the path corresponding to the module name will be
|
||||
* built (e.g. if you choose to module `hashes`, all files in `sys/hashes` will be included).
|
||||
* built (e.g. if you choose the module `hashes`, all files in `sys/hashes` will be included).
|
||||
* For better configurability it is possible to add submodules (see
|
||||
* `sys/hashes/psa_riot_hashes` for example).
|
||||
* In that case the base module name will be the directory name and each file inside the directory
|
||||
@ -960,17 +961,20 @@
|
||||
* key, which requires a lot less memory space.
|
||||
*
|
||||
* **BUT:** If your secure element supports asymmetric cryptography and exports a public key part
|
||||
* during key generation, that key part must be stored somewhere. This is why there needs to be
|
||||
* an option to tell PSA Crypto that an application is going to perform asymmetric operations.
|
||||
* Only if that option is selected, the protected key slots will have the space to store a public
|
||||
* during key generation, that key part must be stored somewhere. So when you choose an
|
||||
* asymmetric operation, the protected key slots will have the space to store a public
|
||||
* key.
|
||||
*
|
||||
* #### Dependencies
|
||||
* Secure Element operations also depend on the PSA modules. E.g. when you want to use an ECC
|
||||
* operation, you need to make sure that you also build the asymmetric PSA functions.
|
||||
*
|
||||
* For this we need to add the following to the `superSE` menu:
|
||||
* @code
|
||||
* config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256
|
||||
* bool "Our Vendor's Elliptic Curve P256"
|
||||
* select PSA_KEY_SIZE_256
|
||||
* select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
|
||||
* select MODULE_PSA_ASYMMETRIC
|
||||
* depends on MODULE_PSA_SECURE_ELEMENT_SUPERSE
|
||||
* @endcode
|
||||
* This tells us, what size a key slot should have to store the public key. If your SE supports
|
||||
@ -995,9 +999,11 @@
|
||||
* endif
|
||||
*
|
||||
* ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE)))
|
||||
* USEMODULE += psa_secure_element_asymmetric
|
||||
* USEMODULE += psa_asymmetric
|
||||
* endif
|
||||
*
|
||||
* Now the secure element should be available for use with PSA Crypto.
|
||||
* @endcode
|
||||
* This needs to be done for all other supported operations (e.g. ATECCX08 operations in
|
||||
* `pkg/cryptoauthlib/Makefile.include`, `pkg/cryptoauthlib/Makefile.dep` and
|
||||
* `sys/psa_crypto/psa_se_mgmt/Kconfig`. Now the secure element should be available for use
|
||||
* with PSA Crypto.
|
||||
*/
|
||||
|
@ -28,8 +28,12 @@ extern "C" {
|
||||
#include <stdlib.h>
|
||||
#include "kernel_defines.h"
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_slot_management.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
#include "psa_crypto_slot_management.h"
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
/**
|
||||
* @brief Dispatch a hash setup function to a specific backend.
|
||||
* See @ref psa_hash_setup()
|
||||
@ -68,7 +72,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation,
|
||||
uint8_t *hash,
|
||||
size_t hash_size,
|
||||
size_t *hash_length);
|
||||
#endif /* MODULE_PSA_HASH */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
/**
|
||||
* @brief Dispatch a hash signature function to a specific backend.
|
||||
* See @ref psa_sign_hash()
|
||||
@ -156,7 +162,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t *
|
||||
size_t input_length,
|
||||
const uint8_t *signature,
|
||||
size_t signature_length);
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
/**
|
||||
* @brief Dispatch the key generation function to a specific backend.
|
||||
* See @ref psa_generate_key()
|
||||
@ -167,7 +175,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t *
|
||||
*/
|
||||
psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes,
|
||||
psa_key_slot_t *slot);
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
/**
|
||||
* @brief Dispatch a cipher encrypt function to a specific backend.
|
||||
* See @ref psa_cipher_encrypt()
|
||||
@ -213,7 +223,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t *
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length);
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
/**
|
||||
* @brief Dispatch a mac computation function to a specific backend.
|
||||
* See @ref psa_mac_compute()
|
||||
@ -236,6 +248,7 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
|
||||
uint8_t *mac,
|
||||
size_t mac_size,
|
||||
size_t *mac_length);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -29,6 +29,7 @@ extern "C" {
|
||||
#include "kernel_defines.h"
|
||||
#include "psa/crypto.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
/**
|
||||
* @brief Dispatch call of a hash signature function to a location specific backend.
|
||||
* See psa_sign_hash()
|
||||
@ -116,7 +117,9 @@ psa_status_t psa_location_dispatch_verify_message(const psa_key_attributes_t *at
|
||||
size_t input_length,
|
||||
const uint8_t *signature,
|
||||
size_t signature_length);
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
/**
|
||||
* @brief Dispatch call of a mac computation function to a location specific backend.
|
||||
* See psa_mac_compute()
|
||||
@ -139,7 +142,9 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
|
||||
uint8_t *mac,
|
||||
size_t mac_size,
|
||||
size_t *mac_length);
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
/**
|
||||
* @brief Dispatch call of the key generation function to a location specific backend.
|
||||
* See psa_generate_key()
|
||||
@ -165,7 +170,9 @@ psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attr
|
||||
psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data, size_t data_length,
|
||||
psa_key_slot_t *slot, size_t *bits);
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
/**
|
||||
* @brief Dispatch call of a cipher encrypt setup function to a location specific backend.
|
||||
* See psa_cipher_setup()
|
||||
@ -254,6 +261,7 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t *
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length);
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
/**
|
||||
* @brief Dispatch call of a random number generator to a specific backend.
|
||||
|
@ -78,10 +78,12 @@ typedef struct {
|
||||
size_t lock_count; /**< Number of entities accessing the slot */
|
||||
psa_key_attributes_t attr; /**< Attributes associated with the stored key */
|
||||
/** Structure containing key data */
|
||||
#if PSA_SINGLE_KEY_COUNT
|
||||
struct key_data {
|
||||
uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */
|
||||
size_t data_len; /**< Size of actual key data in bytes */
|
||||
} key; /**< Key data structure */
|
||||
#endif /* PSA_SINGLE_KEY_COUNT */
|
||||
} psa_key_slot_t;
|
||||
|
||||
/**
|
||||
|
@ -20,9 +20,13 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include "psa/crypto.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
#include "psa_crypto_slot_management.h"
|
||||
#endif
|
||||
|
||||
#include "psa_crypto_se_driver.h"
|
||||
#include "psa_crypto_se_management.h"
|
||||
#include "psa_crypto_slot_management.h"
|
||||
#include "psa_crypto_location_dispatch.h"
|
||||
#include "psa_crypto_algorithm_dispatch.h"
|
||||
|
||||
@ -38,6 +42,7 @@
|
||||
*/
|
||||
static uint8_t lib_initialized = 0;
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
/**
|
||||
* @brief Compares the content of two same-sized buffers while maintaining
|
||||
* constant processing time
|
||||
@ -60,6 +65,7 @@ static inline int constant_time_memcmp(const uint8_t *a, const uint8_t *b, size_
|
||||
|
||||
return diff;
|
||||
}
|
||||
#endif /* MODULE_PSA_HASH */
|
||||
|
||||
const char *psa_status_to_humanly_readable(psa_status_t status)
|
||||
{
|
||||
@ -126,6 +132,7 @@ psa_status_t psa_crypto_init(void)
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
#if IS_USED(MODULE_PSA_AEAD)
|
||||
psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
|
||||
{
|
||||
(void)operation;
|
||||
@ -295,7 +302,9 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
|
||||
(void)tag_length;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
#endif /* MODULE_PSA_AEAD */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *input,
|
||||
@ -339,7 +348,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
|
||||
(void)output_length;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
/**
|
||||
* @brief Checks whether a key's policy permits the usage of a given algorithm
|
||||
*
|
||||
@ -418,7 +429,9 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_key_id_t id,
|
||||
}
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
|
||||
{
|
||||
if (!lib_initialized) {
|
||||
@ -694,6 +707,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
|
||||
psa_algorithm_t alg)
|
||||
{
|
||||
@ -921,8 +937,36 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
|
||||
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
#endif /* MODULE_PSA_HASH */
|
||||
|
||||
psa_status_t psa_builtin_generate_random(uint8_t *output,
|
||||
size_t output_size)
|
||||
{
|
||||
if (!output) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
/* TODO: Should point to a CSPRNG API in the future */
|
||||
random_bytes(output, output_size);
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_random(uint8_t *output,
|
||||
size_t output_size)
|
||||
{
|
||||
if (!lib_initialized) {
|
||||
return PSA_ERROR_BAD_STATE;
|
||||
}
|
||||
|
||||
if (!output) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
return psa_location_dispatch_generate_random(output, output_size);
|
||||
}
|
||||
|
||||
/* Key Management */
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
/**
|
||||
* @brief Check whether the key policy is valid
|
||||
*
|
||||
@ -994,7 +1038,7 @@ static psa_status_t psa_validate_key_for_key_generation(psa_key_type_t type, siz
|
||||
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
|
||||
return psa_validate_unstructured_key_size(type, bits);
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC) || IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC)
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
|
||||
return PSA_ECC_KEY_SIZE_IS_VALID(type, bits) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
@ -1351,32 +1395,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_status_t psa_builtin_generate_random( uint8_t *output,
|
||||
size_t output_size)
|
||||
{
|
||||
if (!output) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
/* TODO: Should point to a CSPRNG API in the future */
|
||||
random_bytes(output, output_size);
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_random(uint8_t *output,
|
||||
size_t output_size)
|
||||
{
|
||||
if (!lib_initialized) {
|
||||
return PSA_ERROR_BAD_STATE;
|
||||
}
|
||||
|
||||
if (!output) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
return psa_location_dispatch_generate_random(output, output_size);
|
||||
}
|
||||
|
||||
psa_status_t psa_get_key_attributes(psa_key_id_t key,
|
||||
psa_key_attributes_t *attributes)
|
||||
{
|
||||
@ -1500,7 +1518,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
|
||||
|
||||
return status;
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_DERIVATION)
|
||||
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
|
||||
{
|
||||
(void)operation;
|
||||
@ -1586,7 +1606,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
|
||||
(void)alg;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_DERIVATION */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
|
||||
{
|
||||
if (!lib_initialized) {
|
||||
@ -1763,7 +1785,9 @@ psa_status_t psa_purge_key(psa_key_id_t key)
|
||||
(void)key;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_AGREEMENT)
|
||||
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
|
||||
psa_key_id_t private_key,
|
||||
const uint8_t *peer_key,
|
||||
@ -1781,7 +1805,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
|
||||
(void)output_length;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_AGREEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
psa_status_t psa_sign_hash(psa_key_id_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *hash,
|
||||
@ -2000,3 +2026,4 @@ psa_status_t psa_verify_message(psa_key_id_t key,
|
||||
unlock_status = psa_unlock_key_slot(slot);
|
||||
return ((status == PSA_SUCCESS) ? unlock_status : status);
|
||||
}
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
@ -21,12 +21,28 @@
|
||||
#include <stdio.h>
|
||||
#include "kernel_defines.h"
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_mac.h"
|
||||
#include "psa_hashes.h"
|
||||
#include "psa_ecc.h"
|
||||
#include "psa_ciphers.h"
|
||||
#include "psa_crypto_operation_encoder.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
#include "psa_mac.h"
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
#include "psa_hashes.h"
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#include "psa_ecc.h"
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
#include "psa_ciphers.h"
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
#include "psa_crypto_operation_encoder.h"
|
||||
#endif
|
||||
|
||||
#if IS_USED(MODULE_PSA_HASH)
|
||||
psa_status_t psa_algorithm_dispatch_hash_setup(psa_hash_operation_t *operation,
|
||||
psa_algorithm_t alg)
|
||||
{
|
||||
@ -150,7 +166,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation,
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
#endif /* MODULE_PSA_HASH */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg,
|
||||
const psa_key_slot_t *slot,
|
||||
@ -353,7 +371,9 @@ psa_status_t psa_algorithm_dispatch_verify_message(const psa_key_attributes_t *a
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes,
|
||||
psa_key_slot_t *slot)
|
||||
{
|
||||
@ -407,7 +427,9 @@ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *
|
||||
|
||||
return psa_builtin_generate_key(attributes, key_data, *key_bytes, key_bytes);
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
psa_status_t psa_algorithm_dispatch_cipher_encrypt( const psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg,
|
||||
const psa_key_slot_t *slot,
|
||||
@ -499,7 +521,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t *
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg,
|
||||
const psa_key_slot_t *slot,
|
||||
@ -538,3 +562,4 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr
|
||||
(void)mac_length;
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
|
@ -22,10 +22,12 @@
|
||||
#include "kernel_defines.h"
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_algorithm_dispatch.h"
|
||||
#include "psa_crypto_slot_management.h"
|
||||
#include "psa_crypto_se_management.h"
|
||||
#include "psa_crypto_se_driver.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_KEY_MANAGEMENT)
|
||||
#include "psa_crypto_slot_management.h"
|
||||
|
||||
psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attributes,
|
||||
psa_key_slot_t *slot)
|
||||
{
|
||||
@ -104,7 +106,9 @@ psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attri
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
#endif /* MODULE_PSA_KEY_MANAGEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_CIPHER)
|
||||
psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_slot_t *slot,
|
||||
@ -335,6 +339,9 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t *
|
||||
output, output_size, output_length);
|
||||
}
|
||||
|
||||
#endif /* MODULE_PSA_CIPHER */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
psa_status_t psa_location_dispatch_sign_hash( const psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg,
|
||||
const psa_key_slot_t *slot,
|
||||
@ -428,7 +435,9 @@ psa_status_t psa_location_dispatch_verify_message( const psa_key_attributes_t *
|
||||
return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature,
|
||||
signature_length);
|
||||
}
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
|
||||
#if IS_USED(MODULE_PSA_MAC)
|
||||
psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg,
|
||||
const psa_key_slot_t *slot,
|
||||
@ -462,6 +471,7 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri
|
||||
return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac,
|
||||
mac_size, mac_length);
|
||||
}
|
||||
#endif /* MODULE_PSA_MAC */
|
||||
|
||||
psa_status_t psa_location_dispatch_generate_random(uint8_t *output,
|
||||
size_t output_size)
|
||||
|
@ -7,4 +7,5 @@
|
||||
|
||||
config MODULE_PSA_KEY_SLOT_MGMT
|
||||
bool
|
||||
default y if PACKAGE_PSA_ARCH_TESTS
|
||||
help
|
||||
Enable PSA key slot management module
|
||||
|
@ -1,4 +1,3 @@
|
||||
MODULE := psa_key_slot_mgmt
|
||||
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
|
||||
|
||||
include $(RIOTBASE)/Makefile.base
|
||||
|
@ -24,7 +24,7 @@
|
||||
#define ENABLE_DEBUG 0
|
||||
#include "debug.h"
|
||||
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
|
||||
#if PSA_PROTECTED_KEY_COUNT
|
||||
/**
|
||||
* @brief Structure for a protected key slot.
|
||||
*
|
||||
@ -37,7 +37,7 @@ typedef struct {
|
||||
psa_key_attributes_t attr;
|
||||
struct prot_key_data {
|
||||
psa_key_slot_number_t slot_number;
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC)
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
uint8_t pubkey_data[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
|
||||
size_t pubkey_data_len;
|
||||
#endif
|
||||
@ -53,9 +53,9 @@ static psa_prot_key_slot_t protected_key_slots[PSA_PROTECTED_KEY_COUNT];
|
||||
* @brief List pointing to empty protected key slots
|
||||
*/
|
||||
static clist_node_t protected_list_empty;
|
||||
#endif /* MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC */
|
||||
#endif /* PSA_PROTECTED_KEY_COUNT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
/**
|
||||
* @brief Structure for asymmetric key pairs.
|
||||
*
|
||||
@ -87,8 +87,9 @@ static psa_key_pair_slot_t key_pair_slots[PSA_ASYMMETRIC_KEYPAIR_COUNT];
|
||||
* @brief List pointing to empty asymmetric key slots
|
||||
*/
|
||||
static clist_node_t key_pair_list_empty;
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
|
||||
|
||||
#if PSA_SINGLE_KEY_COUNT
|
||||
/**
|
||||
* @brief Array containing the single key slots
|
||||
*/
|
||||
@ -98,6 +99,7 @@ static psa_key_slot_t single_key_slots[PSA_SINGLE_KEY_COUNT];
|
||||
* @brief List pointing to empty single key slots
|
||||
*/
|
||||
static clist_node_t single_key_list_empty;
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief Global list of used key slots
|
||||
@ -119,61 +121,61 @@ static psa_key_id_t key_id_count = PSA_KEY_ID_VOLATILE_MIN;
|
||||
static clist_node_t * psa_get_empty_key_slot_list(const psa_key_attributes_t *attr)
|
||||
{
|
||||
if (!psa_key_lifetime_is_external(attr->lifetime)) {
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
if (PSA_KEY_TYPE_IS_KEY_PAIR(attr->type)) {
|
||||
return &key_pair_list_empty;
|
||||
}
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
|
||||
#if PSA_SINGLE_KEY_COUNT
|
||||
return &single_key_list_empty;
|
||||
#endif /* PSA_SINGLE_KEY_COUNT */
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
|
||||
#if PSA_PROTECTED_KEY_COUNT
|
||||
return &protected_list_empty;
|
||||
#else
|
||||
return NULL;
|
||||
#endif /* MODULE_PSA_SECURE_ELEMENT */
|
||||
#endif /* PSA_PROTECTED_KEY_COUNT */
|
||||
}
|
||||
|
||||
void psa_init_key_slots(void)
|
||||
{
|
||||
DEBUG("List Node Size: %d\n", sizeof(clist_node_t));
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
|
||||
#if PSA_PROTECTED_KEY_COUNT
|
||||
memset(protected_key_slots, 0, sizeof(protected_key_slots));
|
||||
|
||||
#if PSA_PROTECTED_KEY_COUNT
|
||||
for (size_t i = 0; i < PSA_PROTECTED_KEY_COUNT; i++) {
|
||||
clist_rpush(&protected_list_empty, &protected_key_slots[i].node);
|
||||
}
|
||||
#endif /* PSA_PROTECTED_KEY_COUNT */
|
||||
|
||||
DEBUG("Protected Slot Count: %d, Size: %d\n", PSA_PROTECTED_KEY_COUNT,
|
||||
sizeof(psa_prot_key_slot_t));
|
||||
DEBUG("Protected Slot Array Size: %d\n", sizeof(protected_key_slots));
|
||||
DEBUG("Protected Slot Empty List Size: %d\n", clist_count(&protected_list_empty));
|
||||
#endif /* MODULE_PSA_SECURE_ELEMENT */
|
||||
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
memset(key_pair_slots, 0, sizeof(key_pair_slots));
|
||||
#endif /* PSA_PROTECTED_KEY_COUNT */
|
||||
|
||||
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
memset(key_pair_slots, 0, sizeof(key_pair_slots));
|
||||
|
||||
for (size_t i = 0; i < PSA_ASYMMETRIC_KEYPAIR_COUNT; i++) {
|
||||
clist_rpush(&key_pair_list_empty, &key_pair_slots[i].node);
|
||||
}
|
||||
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
|
||||
|
||||
DEBUG("Asymmetric Slot Count: %d, Size: %d\n", PSA_ASYMMETRIC_KEYPAIR_COUNT,
|
||||
sizeof(psa_key_pair_slot_t));
|
||||
DEBUG("Asymmetric Slot Array Size: %d\n", sizeof(key_pair_slots));
|
||||
DEBUG("Asymmetric Slot Empty List Size: %d\n", clist_count(&key_pair_list_empty));
|
||||
#endif /* MODULE_PSA_ASYMMETRIC */
|
||||
#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */
|
||||
|
||||
memset(single_key_slots, 0, sizeof(single_key_slots));
|
||||
#if PSA_SINGLE_KEY_COUNT
|
||||
memset(single_key_slots, 0, sizeof(single_key_slots));
|
||||
|
||||
for (size_t i = 0; i < PSA_SINGLE_KEY_COUNT; i++) {
|
||||
clist_rpush(&single_key_list_empty, &single_key_slots[i].node);
|
||||
}
|
||||
#endif
|
||||
|
||||
DEBUG("Single Key Slot Count: %d, Size: %d\n", PSA_SINGLE_KEY_COUNT, sizeof(psa_key_slot_t));
|
||||
DEBUG("Single Key Slot Array Size: %d\n", sizeof(single_key_slots));
|
||||
DEBUG("Single Key Slot Empty List Size: %d\n", clist_count(&single_key_list_empty));
|
||||
#endif /* PSA_SINGLE_KEY_COUNT */
|
||||
}
|
||||
|
||||
/**
|
||||
@ -189,14 +191,14 @@ static void psa_wipe_real_slot_type(psa_key_slot_t *slot)
|
||||
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
|
||||
memset(slot, 0, sizeof(psa_key_slot_t));
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
else {
|
||||
|
||||
memset((psa_key_pair_slot_t *)slot, 0, sizeof(psa_key_pair_slot_t));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
|
||||
#if PSA_PROTECTED_KEY_COUNT
|
||||
else {
|
||||
memset((psa_prot_key_slot_t *)slot, 0, sizeof(psa_prot_key_slot_t));
|
||||
}
|
||||
@ -483,12 +485,15 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_
|
||||
|
||||
|
||||
if (!psa_key_lifetime_is_external(attr.lifetime)) {
|
||||
#if PSA_SINGLE_KEY_COUNT
|
||||
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
|
||||
*key_data = (uint8_t *)slot->key.data;
|
||||
*key_bytes = (size_t *)&slot->key.data_len;
|
||||
key_data_size = sizeof(slot->key.data);
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#endif /* PSA_SINGLE_KEY_COUNT */
|
||||
|
||||
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
else {
|
||||
*key_data = ((psa_key_pair_slot_t *)slot)->key.privkey_data;
|
||||
*key_bytes = &((psa_key_pair_slot_t *)slot)->key.privkey_data_len;
|
||||
@ -499,7 +504,7 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_
|
||||
return key_data_size;
|
||||
}
|
||||
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT)
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT) && PSA_PROTECTED_KEY_COUNT
|
||||
psa_key_slot_number_t * psa_key_slot_get_slot_number(const psa_key_slot_t *slot)
|
||||
{
|
||||
return &(((psa_prot_key_slot_t *)slot)->key.slot_number);
|
||||
@ -519,12 +524,14 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t *
|
||||
}
|
||||
|
||||
if (!psa_key_lifetime_is_external(attr.lifetime)) {
|
||||
#if PSA_SINGLE_KEY_COUNT
|
||||
if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) {
|
||||
*pubkey_data = ((psa_key_slot_t *)slot)->key.data;
|
||||
*pubkey_data_len = &((psa_key_slot_t *)slot)->key.data_len;
|
||||
return;
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
#endif /* PSA_SINGLE_KEY_COUNT */
|
||||
#if PSA_ASYMMETRIC_KEYPAIR_COUNT
|
||||
else {
|
||||
*pubkey_data = ((psa_key_pair_slot_t *)slot)->key.pubkey_data;
|
||||
*pubkey_data_len = &((psa_key_pair_slot_t *)slot)->key.pubkey_data_len;
|
||||
@ -532,7 +539,7 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t *
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC)
|
||||
#if PSA_PROTECTED_KEY_COUNT && IS_USED(MODULE_PSA_ASYMMETRIC)
|
||||
*pubkey_data = ((psa_prot_key_slot_t *)slot)->key.pubkey_data;
|
||||
*pubkey_data_len = &((psa_prot_key_slot_t *)slot)->key.pubkey_data_len;
|
||||
#endif
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
menuconfig MODULE_PSA_SECURE_ELEMENT
|
||||
bool "PSA Secure Elements"
|
||||
select MODULE_PSA_KEY_SLOT_MGMT
|
||||
select MODULE_PSA_KEY_MANAGEMENT
|
||||
select MODULE_PSA_SE_MGMT
|
||||
|
||||
if MODULE_PSA_SECURE_ELEMENT
|
||||
@ -33,17 +33,24 @@ menuconfig MODULE_PSA_SECURE_ELEMENT_ATECCX08A
|
||||
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256
|
||||
bool "Microchip ATECCX08A Elliptic Curve P256"
|
||||
select PSA_KEY_SIZE_256
|
||||
select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
|
||||
select MODULE_PSA_ASYMMETRIC
|
||||
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
|
||||
|
||||
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128
|
||||
bool "Microchip ATECCX08A Cipher AES 128"
|
||||
select PSA_KEY_SIZE_128
|
||||
select MODULE_PSA_CIPHER
|
||||
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
|
||||
|
||||
config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256
|
||||
bool "Microchip ATECCX08A HMAC SHA-256"
|
||||
select PSA_KEY_SIZE_128
|
||||
select MODULE_PSA_MAC
|
||||
depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A
|
||||
|
||||
config MODULE_PSA_SE_MGMT
|
||||
bool
|
||||
|
||||
config MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC
|
||||
bool
|
||||
help
|
||||
Indicates that an asymmetric operation is used with secure elements.
|
||||
|
||||
config MODULE_PSA_SECURE_ELEMENT_CONFIG
|
||||
bool
|
||||
help
|
||||
|
@ -4,9 +4,8 @@ USEMODULE += embunit
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
# FIXME: currently only needed for build to succeed
|
||||
USEMODULE += psa_cipher
|
||||
USEMODULE += psa_cipher_aes_128_cbc
|
||||
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
||||
USEMODULE += psa_asymmetric
|
||||
USEMODULE += psa_asymmetric_ecc_ed25519
|
||||
|
17
tests/sys/psa_crypto_cipher/Makefile
Normal file
17
tests/sys/psa_crypto_cipher/Makefile
Normal file
@ -0,0 +1,17 @@
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_cipher
|
||||
USEMODULE += psa_cipher_aes_128_cbc
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
11
tests/sys/psa_crypto_cipher/Makefile.ci
Normal file
11
tests/sys/psa_crypto_cipher/Makefile.ci
Normal file
@ -0,0 +1,11 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-leonardo \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
samd10-xmini \
|
||||
#
|
4
tests/sys/psa_crypto_cipher/README.md
Normal file
4
tests/sys/psa_crypto_cipher/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
# PSA Crypto Cipher Test
|
||||
|
||||
This is a configuration test for only the cipher of the PSA crypto module.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
8
tests/sys/psa_crypto_cipher/app.config.test
Normal file
8
tests/sys/psa_crypto_cipher/app.config.test
Normal file
@ -0,0 +1,8 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_CIPHER=y
|
||||
CONFIG_MODULE_PSA_CIPHER_AES_128_CBC=y
|
||||
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_cipher/example_cipher_aes_128.c
Symbolic link
1
tests/sys/psa_crypto_cipher/example_cipher_aes_128.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_cipher_aes_128.c
|
1
tests/sys/psa_crypto_cipher/main.c
Symbolic link
1
tests/sys/psa_crypto_cipher/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_cipher/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_cipher/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
20
tests/sys/psa_crypto_ecdsa/Makefile
Normal file
20
tests/sys/psa_crypto_ecdsa/Makefile
Normal file
@ -0,0 +1,20 @@
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_hash
|
||||
USEMODULE += psa_hash_sha_256
|
||||
USEMODULE += psa_asymmetric
|
||||
USEMODULE += psa_asymmetric_ecc_p256r1
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
11
tests/sys/psa_crypto_ecdsa/Makefile.ci
Normal file
11
tests/sys/psa_crypto_ecdsa/Makefile.ci
Normal file
@ -0,0 +1,11 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-leonardo \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
samd10-xmini \
|
||||
#
|
4
tests/sys/psa_crypto_ecdsa/README.md
Normal file
4
tests/sys/psa_crypto_ecdsa/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
# PSA Crypto ECDSA Test
|
||||
|
||||
This is a configuration test for only the ecdsa of the PSA crypto module.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
10
tests/sys/psa_crypto_ecdsa/app.config.test
Normal file
10
tests/sys/psa_crypto_ecdsa/app.config.test
Normal file
@ -0,0 +1,10 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_HASH=y
|
||||
CONFIG_MODULE_PSA_HASH_SHA_256=y
|
||||
CONFIG_MODULE_PSA_ASYMMETRIC=y
|
||||
CONFIG_MODULE_PSA_ASYMMETRIC_ECC_P256R1=y
|
||||
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c
Symbolic link
1
tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_ecdsa_p256.c
|
1
tests/sys/psa_crypto_ecdsa/main.c
Symbolic link
1
tests/sys/psa_crypto_ecdsa/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_ecdsa/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_ecdsa/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
18
tests/sys/psa_crypto_eddsa/Makefile
Normal file
18
tests/sys/psa_crypto_eddsa/Makefile
Normal file
@ -0,0 +1,18 @@
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_asymmetric
|
||||
USEMODULE += psa_asymmetric_ecc_ed25519
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
12
tests/sys/psa_crypto_eddsa/Makefile.ci
Normal file
12
tests/sys/psa_crypto_eddsa/Makefile.ci
Normal file
@ -0,0 +1,12 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-leonardo \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
samd10-xmini \
|
||||
stm32f030f4-demo \
|
||||
#
|
4
tests/sys/psa_crypto_eddsa/README.md
Normal file
4
tests/sys/psa_crypto_eddsa/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
# PSA Crypto EDDSA Test
|
||||
|
||||
This is a configuration test for only the eddsa of the PSA crypto module.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
8
tests/sys/psa_crypto_eddsa/app.config.test
Normal file
8
tests/sys/psa_crypto_eddsa/app.config.test
Normal file
@ -0,0 +1,8 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_ASYMMETRIC=y
|
||||
CONFIG_MODULE_PSA_ASYMMETRIC_ECC_ED25519=y
|
||||
CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_eddsa/example_eddsa.c
Symbolic link
1
tests/sys/psa_crypto_eddsa/example_eddsa.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_eddsa.c
|
1
tests/sys/psa_crypto_eddsa/main.c
Symbolic link
1
tests/sys/psa_crypto_eddsa/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_eddsa/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_eddsa/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
13
tests/sys/psa_crypto_hashes/Makefile
Normal file
13
tests/sys/psa_crypto_hashes/Makefile
Normal file
@ -0,0 +1,13 @@
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_hash
|
||||
USEMODULE += psa_hash_sha_256
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
3
tests/sys/psa_crypto_hashes/Makefile.ci
Normal file
3
tests/sys/psa_crypto_hashes/Makefile.ci
Normal file
@ -0,0 +1,3 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
atmega8
|
||||
#
|
4
tests/sys/psa_crypto_hashes/README.md
Normal file
4
tests/sys/psa_crypto_hashes/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
# PSA Crypto Hashes Test
|
||||
|
||||
This is a configuration test for only the hashes of the PSA crypto module.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
6
tests/sys/psa_crypto_hashes/app.config.test
Normal file
6
tests/sys/psa_crypto_hashes/app.config.test
Normal file
@ -0,0 +1,6 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_HASH=y
|
||||
CONFIG_MODULE_PSA_HASH_SHA_256=y
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_hashes/main.c
Symbolic link
1
tests/sys/psa_crypto_hashes/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_hashes/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_hashes/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
17
tests/sys/psa_crypto_mac/Makefile
Normal file
17
tests/sys/psa_crypto_mac/Makefile
Normal file
@ -0,0 +1,17 @@
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_mac
|
||||
USEMODULE += psa_mac_hmac_sha_256
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
9
tests/sys/psa_crypto_mac/Makefile.ci
Normal file
9
tests/sys/psa_crypto_mac/Makefile.ci
Normal file
@ -0,0 +1,9 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
#
|
4
tests/sys/psa_crypto_mac/README.md
Normal file
4
tests/sys/psa_crypto_mac/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
# PSA Crypto Mac Test
|
||||
|
||||
This is a configuration test for only the mac of the PSA crypto module.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
8
tests/sys/psa_crypto_mac/app.config.test
Normal file
8
tests/sys/psa_crypto_mac/app.config.test
Normal file
@ -0,0 +1,8 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_MAC=y
|
||||
CONFIG_MODULE_PSA_MAC_HMAC_SHA_256=y
|
||||
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_mac/example_hmac_sha256.c
Symbolic link
1
tests/sys/psa_crypto_mac/example_hmac_sha256.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_hmac_sha256.c
|
1
tests/sys/psa_crypto_mac/main.c
Symbolic link
1
tests/sys/psa_crypto_mac/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_mac/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_mac/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
30
tests/sys/psa_crypto_se/Makefile
Normal file
30
tests/sys/psa_crypto_se/Makefile
Normal file
@ -0,0 +1,30 @@
|
||||
BOARD ?= nrf52840dk
|
||||
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_hash
|
||||
USEMODULE += psa_hash_sha_256
|
||||
USEMODULE += psa_secure_element
|
||||
USEMODULE += psa_secure_element_ateccx08a
|
||||
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
|
||||
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
|
||||
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
CFLAGS += -DSECURE_ELEMENT
|
||||
CFLAGS += -DCUSTOM_ATCA_PARAMS
|
||||
|
||||
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
10
tests/sys/psa_crypto_se/Makefile.ci
Normal file
10
tests/sys/psa_crypto_se/Makefile.ci
Normal file
@ -0,0 +1,10 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-leonardo \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
#
|
4
tests/sys/psa_crypto_se/README.md
Normal file
4
tests/sys/psa_crypto_se/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
# PSA Crypto Secure Element Test
|
||||
|
||||
This is a configuration test for all PSA crypto modules using a secure element.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
14
tests/sys/psa_crypto_se/app.config.test
Normal file
14
tests/sys/psa_crypto_se/app.config.test
Normal file
@ -0,0 +1,14 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_HASH=y
|
||||
CONFIG_MODULE_PSA_HASH_SHA_256=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
|
||||
|
||||
CONFIG_PSA_PROTECTED_KEY_COUNT=3
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_se/custom_atca_params.h
Symbolic link
1
tests/sys/psa_crypto_se/custom_atca_params.h
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/custom_atca_params.h
|
1
tests/sys/psa_crypto_se/example_cipher_aes_128.c
Symbolic link
1
tests/sys/psa_crypto_se/example_cipher_aes_128.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_cipher_aes_128.c
|
1
tests/sys/psa_crypto_se/example_ecdsa_p256.c
Symbolic link
1
tests/sys/psa_crypto_se/example_ecdsa_p256.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_ecdsa_p256.c
|
1
tests/sys/psa_crypto_se/example_hmac_sha256.c
Symbolic link
1
tests/sys/psa_crypto_se/example_hmac_sha256.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_hmac_sha256.c
|
1
tests/sys/psa_crypto_se/main.c
Symbolic link
1
tests/sys/psa_crypto_se/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_se/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_se/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
26
tests/sys/psa_crypto_se_cipher/Makefile
Normal file
26
tests/sys/psa_crypto_se_cipher/Makefile
Normal file
@ -0,0 +1,26 @@
|
||||
BOARD ?= nrf52840dk
|
||||
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_secure_element
|
||||
USEMODULE += psa_secure_element_ateccx08a
|
||||
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
|
||||
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
CFLAGS += -DSECURE_ELEMENT
|
||||
CFLAGS += -DCUSTOM_ATCA_PARAMS
|
||||
|
||||
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
11
tests/sys/psa_crypto_se_cipher/Makefile.ci
Normal file
11
tests/sys/psa_crypto_se_cipher/Makefile.ci
Normal file
@ -0,0 +1,11 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-leonardo \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
samd10-xmini \
|
||||
#
|
5
tests/sys/psa_crypto_se_cipher/README.md
Normal file
5
tests/sys/psa_crypto_se_cipher/README.md
Normal file
@ -0,0 +1,5 @@
|
||||
# PSA Crypto Cipher Test
|
||||
|
||||
This is a configuration test for only the cipher of the PSA crypto module using
|
||||
secure element.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
9
tests/sys/psa_crypto_se_cipher/app.config.test
Normal file
9
tests/sys/psa_crypto_se_cipher/app.config.test
Normal file
@ -0,0 +1,9 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
|
||||
|
||||
CONFIG_PSA_PROTECTED_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_se_cipher/custom_atca_params.h
Symbolic link
1
tests/sys/psa_crypto_se_cipher/custom_atca_params.h
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/custom_atca_params.h
|
1
tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c
Symbolic link
1
tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_cipher_aes_128.c
|
1
tests/sys/psa_crypto_se_cipher/main.c
Symbolic link
1
tests/sys/psa_crypto_se_cipher/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_se_cipher/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_se_cipher/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
28
tests/sys/psa_crypto_se_ecdsa/Makefile
Normal file
28
tests/sys/psa_crypto_se_ecdsa/Makefile
Normal file
@ -0,0 +1,28 @@
|
||||
BOARD ?= nrf52840dk
|
||||
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_hash
|
||||
USEMODULE += psa_hash_sha_256
|
||||
USEMODULE += psa_secure_element
|
||||
USEMODULE += psa_secure_element_ateccx08a
|
||||
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
CFLAGS += -DSECURE_ELEMENT
|
||||
CFLAGS += -DCUSTOM_ATCA_PARAMS
|
||||
|
||||
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
10
tests/sys/psa_crypto_se_ecdsa/Makefile.ci
Normal file
10
tests/sys/psa_crypto_se_ecdsa/Makefile.ci
Normal file
@ -0,0 +1,10 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
samd10-xmini \
|
||||
#
|
5
tests/sys/psa_crypto_se_ecdsa/README.md
Normal file
5
tests/sys/psa_crypto_se_ecdsa/README.md
Normal file
@ -0,0 +1,5 @@
|
||||
# PSA Crypto Secure Element ECDSA Test
|
||||
|
||||
This is a configuration test for only the ecdsa of the PSA crypto module using
|
||||
secure element.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
12
tests/sys/psa_crypto_se_ecdsa/app.config.test
Normal file
12
tests/sys/psa_crypto_se_ecdsa/app.config.test
Normal file
@ -0,0 +1,12 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_HASH=y
|
||||
CONFIG_MODULE_PSA_HASH_SHA_256=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
|
||||
|
||||
CONFIG_PSA_SINGLE_KEY_COUNT=1
|
||||
CONFIG_PSA_PROTECTED_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h
Symbolic link
1
tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/custom_atca_params.h
|
1
tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c
Symbolic link
1
tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_ecdsa_p256.c
|
1
tests/sys/psa_crypto_se_ecdsa/main.c
Symbolic link
1
tests/sys/psa_crypto_se_ecdsa/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_se_ecdsa/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_se_ecdsa/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
25
tests/sys/psa_crypto_se_mac/Makefile
Normal file
25
tests/sys/psa_crypto_se_mac/Makefile
Normal file
@ -0,0 +1,25 @@
|
||||
BOARD ?= nrf52840dk
|
||||
|
||||
include ../Makefile.sys_common
|
||||
|
||||
USEMODULE += ztimer
|
||||
USEMODULE += ztimer_usec
|
||||
|
||||
USEMODULE += psa_crypto
|
||||
|
||||
USEMODULE += psa_secure_element
|
||||
USEMODULE += psa_secure_element_ateccx08a
|
||||
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
|
||||
|
||||
ifneq (1, $(TEST_KCONFIG))
|
||||
CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1
|
||||
endif
|
||||
|
||||
CFLAGS += -DSECURE_ELEMENT
|
||||
CFLAGS += -DCUSTOM_ATCA_PARAMS
|
||||
|
||||
INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA)
|
||||
|
||||
SHOULD_RUN_KCONFIG :=
|
||||
|
||||
include $(RIOTBASE)/Makefile.include
|
11
tests/sys/psa_crypto_se_mac/Makefile.ci
Normal file
11
tests/sys/psa_crypto_se_mac/Makefile.ci
Normal file
@ -0,0 +1,11 @@
|
||||
BOARD_INSUFFICIENT_MEMORY := \
|
||||
arduino-duemilanove \
|
||||
arduino-leonardo \
|
||||
arduino-nano \
|
||||
arduino-uno \
|
||||
atmega328p \
|
||||
atmega328p-xplained-mini \
|
||||
atmega8 \
|
||||
nucleo-l011k4 \
|
||||
samd10-xmini \
|
||||
#
|
5
tests/sys/psa_crypto_se_mac/README.md
Normal file
5
tests/sys/psa_crypto_se_mac/README.md
Normal file
@ -0,0 +1,5 @@
|
||||
# PSA Crypto Mac Test
|
||||
|
||||
This is a configuration test for only the mac of the PSA crypto module using
|
||||
secure element.
|
||||
It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md).
|
9
tests/sys/psa_crypto_se_mac/app.config.test
Normal file
9
tests/sys/psa_crypto_se_mac/app.config.test
Normal file
@ -0,0 +1,9 @@
|
||||
CONFIG_MODULE_PSA_CRYPTO=y
|
||||
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
|
||||
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
|
||||
|
||||
CONFIG_PSA_PROTECTED_KEY_COUNT=1
|
||||
|
||||
CONFIG_ZTIMER_USEC=y
|
1
tests/sys/psa_crypto_se_mac/custom_atca_params.h
Symbolic link
1
tests/sys/psa_crypto_se_mac/custom_atca_params.h
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/custom_atca_params.h
|
1
tests/sys/psa_crypto_se_mac/example_hmac_sha256.c
Symbolic link
1
tests/sys/psa_crypto_se_mac/example_hmac_sha256.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/example_hmac_sha256.c
|
1
tests/sys/psa_crypto_se_mac/main.c
Symbolic link
1
tests/sys/psa_crypto_se_mac/main.c
Symbolic link
@ -0,0 +1 @@
|
||||
../../../examples/psa_crypto/main.c
|
13
tests/sys/psa_crypto_se_mac/tests/01-run.py
Executable file
13
tests/sys/psa_crypto_se_mac/tests/01-run.py
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import sys
|
||||
from testrunner import run
|
||||
|
||||
|
||||
def testfunc(child):
|
||||
child.expect_exact('All Done')
|
||||
print("[TEST PASSED]")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(run(testfunc))
|
Loading…
Reference in New Issue
Block a user