Skip to content

Commit

Permalink
Merge #19992 #20042
Browse files Browse the repository at this point in the history
19992: sys/psa_crypto: Fix build problems r=MrKevinWeiss a=Einhornhool

### Contribution description
This fixes several problems:

#### 1. Empty union in cipher context when `MODULE_PSA_CIPHER` is not selected.
PSA operations are now separated into modules. Functions and contexts are only built when the corresponding module is selected. This way there won't be problems with missing or unitialized structures in unused modules anymore.

#### 2. Zero-size array when using secure elements and `PSA_MAX_KEY_DATA_SIZE == 0`
I added a condition to the `psa_key_slot_t` structure in `psa_key_slot_management.h`.
Also the existence of key slot management functions and key slot structures now depends on the number of allocated key slots instead of selected modules.
This way key structures will not exist unless they are used.

### Testing procedure
Add the following to `examples/hello_world/Makefile` and call make : 
```
USEMODULE += psa_crypto
USEMODULE += psa_hash
USEMODULE += psa_hash_sha_256
USEMODULE += psa_secure_element
```
Output on Master:
```
"make" -C /home/lena/work/RIOT/boards/common/init
"make" -C /home/lena/work/RIOT/boards/native
"make" -C /home/lena/work/RIOT/boards/native/drivers
"make" -C /home/lena/work/RIOT/core
"make" -C /home/lena/work/RIOT/core/lib
"make" -C /home/lena/work/RIOT/cpu/native
"make" -C /home/lena/work/RIOT/cpu/native/periph
"make" -C /home/lena/work/RIOT/cpu/native/stdio_native
"make" -C /home/lena/work/RIOT/drivers
"make" -C /home/lena/work/RIOT/drivers/periph_common
"make" -C /home/lena/work/RIOT/sys
"make" -C /home/lena/work/RIOT/sys/auto_init
"make" -C /home/lena/work/RIOT/sys/libc
"make" -C /home/lena/work/RIOT/sys/luid
"make" -C /home/lena/work/RIOT/sys/preprocessor
"make" -C /home/lena/work/RIOT/sys/psa_crypto
In file included from /home/lena/work/RIOT/sys/include/psa_crypto/psa/crypto.h:39,
                 from /home/lena/work/RIOT/sys/psa_crypto/psa_crypto_algorithm_dispatch.c:23:
/home/lena/work/RIOT/sys/include/psa_crypto/psa/crypto_struct.h:137:11: error: union has no members [-Werror=pedantic]
  137 |     union cipher_context {
      |           ^~~~~~~~~~~~~~
In file included from /home/lena/work/RIOT/sys/psa_crypto/include/psa_crypto_operation_encoder.h:32,
                 from /home/lena/work/RIOT/sys/psa_crypto/psa_crypto_algorithm_dispatch.c:28:
/home/lena/work/RIOT/sys/psa_crypto/include/psa_crypto_slot_management.h:82:17: error: ISO C forbids zero-size array ‘data’ [-Werror=pedantic]
   82 |         uint8_t data[PSA_MAX_KEY_DATA_SIZE];    /**< Key data buffer */
      |                 ^~~~
cc1: all warnings being treated as errors
make[3]: *** [/home/lena/work/RIOT/Makefile.base:146: /home/lena/work/RIOT/examples/hello-world/bin/native/psa_crypto/psa_crypto_algorithm_dispatch.o] Error 1
make[2]: *** [/home/lena/work/RIOT/Makefile.base:31: ALL--/home/lena/work/RIOT/sys/psa_crypto] Error 2
make[1]: *** [/home/lena/work/RIOT/Makefile.base:31: ALL--/home/lena/work/RIOT/sys] Error 2
make: *** [/home/lena/work/RIOT/examples/hello-world/../../Makefile.include:761: application_hello-world.module] Error 2
```
Output with fixes:
```
"make" -C /home/lena/work/RIOT/boards/common/init
"make" -C /home/lena/work/RIOT/boards/native
"make" -C /home/lena/work/RIOT/boards/native/drivers
"make" -C /home/lena/work/RIOT/core
"make" -C /home/lena/work/RIOT/core/lib
"make" -C /home/lena/work/RIOT/cpu/native
"make" -C /home/lena/work/RIOT/cpu/native/periph
"make" -C /home/lena/work/RIOT/cpu/native/stdio_native
"make" -C /home/lena/work/RIOT/drivers
"make" -C /home/lena/work/RIOT/drivers/periph_common
"make" -C /home/lena/work/RIOT/sys
"make" -C /home/lena/work/RIOT/sys/auto_init
"make" -C /home/lena/work/RIOT/sys/libc
"make" -C /home/lena/work/RIOT/sys/luid
"make" -C /home/lena/work/RIOT/sys/preprocessor
"make" -C /home/lena/work/RIOT/sys/psa_crypto
"make" -C /home/lena/work/RIOT/sys/psa_crypto/psa_key_slot_mgmt
"make" -C /home/lena/work/RIOT/sys/psa_crypto/psa_se_mgmt
"make" -C /home/lena/work/RIOT/sys/random
/usr/bin/ld: warning: /home/lena/work/RIOT/examples/hello-world/bin/native/hello-world.elf has a LOAD segment with RWX permissions
   text	   data	    bss	    dec	    hex	filename
  29764	    584	  47856	  78204	  1317c	/home/lena/work/RIOT/examples/hello-world/bin/native/hello-world.elf
```

20042: dist/tools/uf2: add target to also copy families.json file r=MrKevinWeiss a=MichelRottleuthner

### Contribution description

The updated UF2 pkg (#20035) stores the family ID in an external .json file. I overlooked that and flashing fails if this file is not present. This PR fixes it by also copying the json into the tool folder.

### Testing procedure
Check if the `feather-nrf52840-sense` can be flashed when the new UF2 pkg is cloned freshly.


### Issues/PRs references
 Fixes a regression introduced with #20035 


Co-authored-by: Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
Co-authored-by: Michel Rottleuthner <michel.rottleuthner@haw-hamburg.de>
  • Loading branch information
3 people authored Nov 3, 2023
3 parents c0ae75b + 74d3647 + 1e6ac1f commit adc0bc6
Show file tree
Hide file tree
Showing 90 changed files with 809 additions and 148 deletions.
5 changes: 4 additions & 1 deletion dist/tools/uf2/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,11 @@ PKG_LICENSE=MIT

include $(RIOTBASE)/pkg/pkg.mk

all: $(CURDIR)/uf2conv.py
all: $(CURDIR)/uf2conv.py $(CURDIR)/uf2families.json

$(CURDIR)/uf2conv.py:
cp $(PKG_SOURCE_DIR)/utils/uf2conv.py .
chmod a+x uf2conv.py

$(CURDIR)/uf2families.json:
cp $(PKG_SOURCE_DIR)/utils/uf2families.json .
4 changes: 4 additions & 0 deletions examples/psa_crypto/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ else
CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifeq (2, $(SECURE_ELEMENT))
CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
Expand All @@ -60,6 +62,8 @@ else
USEMODULE += psa_secure_element
USEMODULE += psa_secure_element_multiple
USEMODULE += psa_secure_element_ateccx08a
USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
USEMODULE += psa_secure_element_ateccx08a_ecc_p256
else ifdef CUSTOM_BACKEND
# Necessary configuration when using Make dependency resolution
Expand Down
2 changes: 2 additions & 0 deletions examples/psa_crypto/app.config.test.multi_se
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y

CONFIG_PSA_MAX_SE_COUNT=2
Expand Down
2 changes: 2 additions & 0 deletions examples/psa_crypto/app.config.test.se
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
CONFIG_MODULE_PSA_SECURE_ELEMENT=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y

CONFIG_PSA_PROTECTED_KEY_COUNT=4
CONFIG_PSA_SINGLE_KEY_COUNT=1
52 changes: 47 additions & 5 deletions examples/psa_crypto/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -21,83 +21,125 @@
#include "psa/crypto.h"
#include "ztimer.h"

#if IS_USED(MODULE_PSA_CIPHER)
extern psa_status_t example_cipher_aes_128(void);
#endif
#if IS_USED(MODULE_PSA_MAC)
extern psa_status_t example_hmac_sha256(void);
#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
extern psa_status_t example_ecdsa_p256(void);

#endif
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
#ifndef SECURE_ELEMENT
extern psa_status_t example_eddsa(void);
#endif
#endif

#ifdef MULTIPLE_SE
#if IS_USED(MODULE_PSA_CIPHER)
extern psa_status_t example_cipher_aes_128_sec_se(void);
#endif /* MODULE_PSA_CIPHER */
#if IS_USED(MODULE_PSA_MAC)
extern psa_status_t example_hmac_sha256_sec_se(void);
#endif /* MODULE_PSA_MAC */
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
extern psa_status_t example_ecdsa_p256_sec_se(void);
#endif
#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
#endif /* MULTIPLE_SE */

int main(void)
{
bool failed = false;
psa_status_t status;

psa_crypto_init();

ztimer_acquire(ZTIMER_USEC);
ztimer_now_t start = ztimer_now(ZTIMER_USEC);

/* Needed in case only hashes are tested */
(void)status;
(void)start;

#if IS_USED(MODULE_PSA_MAC)
status = example_hmac_sha256();
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif

#if IS_USED(MODULE_PSA_CIPHER)
start = ztimer_now(ZTIMER_USEC);
status = example_cipher_aes_128();
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif

#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
start = ztimer_now(ZTIMER_USEC);
status = example_ecdsa_p256();
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif

#ifndef SECURE_ELEMENT
#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
start = ztimer_now(ZTIMER_USEC);
status = example_eddsa();
printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif

#ifdef MULTIPLE_SE
#if IS_USED(MODULE_PSA_MAC)
puts("Running Examples with secondary SE:");
status = example_hmac_sha256_sec_se();
printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif /* MODULE_PSA_MAC */

#if IS_USED(MODULE_PSA_CIPHER)
start = ztimer_now(ZTIMER_USEC);
status = example_cipher_aes_128_sec_se();
printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif /* MODULE_PSA_CIPHER */

#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
start = ztimer_now(ZTIMER_USEC);
status = example_ecdsa_p256_sec_se();
printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
if (status != PSA_SUCCESS) {
failed = true;
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
}
#endif
#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
#endif /* MULTIPLE_SE */

ztimer_release(ZTIMER_USEC);

puts("All Done");
if (failed) {
puts("Tests failed...");
}
else {
puts("All Done");
}
return 0;
}
10 changes: 9 additions & 1 deletion pkg/cryptoauthlib/Makefile.dep
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE)))
endif

ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE)))
USEMODULE += psa_secure_element_asymmetric
USEMODULE += psa_asymmetric
endif

ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE)))
USEMODULE += psa_cipher
endif

ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE)))
USEMODULE += psa_mac
endif
8 changes: 4 additions & 4 deletions pkg/cryptoauthlib/Makefile.include
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE)))
INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity
endif

ifneq (,$(filter psa_crypto,$(USEMODULE)))
PSEUDOMODULES += psa_secure_element_ateccx08a
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
endif
PSEUDOMODULES += psa_secure_element_ateccx08a
PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128
PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256
5 changes: 3 additions & 2 deletions pkg/micro-ecc/Makefile.include
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable
TOOLCHAINS_BLACKLIST += llvm

ifneq (,$(filter psa_uecc_%, $(USEMODULE)))
PSEUDOMODULES += psa_uecc_p192
PSEUDOMODULES += psa_uecc_p256
DIRS += $(RIOTPKG)/micro-ecc/psa_uecc
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
endif

PSEUDOMODULES += psa_uecc_p192
PSEUDOMODULES += psa_uecc_p256
2 changes: 1 addition & 1 deletion sys/auto_init/security/auto_init_atca.c
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ void auto_init_atca(void)
}
atca_devs_ptr[i] = &atca_devs[i];

DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc);
DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc);
status = psa_register_secure_element(atca_params[i].atca_loc,
&atca_methods,
&atca_config_list[i],
Expand Down
25 changes: 25 additions & 0 deletions sys/include/psa_crypto/psa/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status);
*/
psa_status_t psa_crypto_init(void);

#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
/**
* @brief Process an authenticated encryption operation.
*
Expand Down Expand Up @@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
* initialize results in this error code.
*/
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
#endif /* MODULE_PSA_AEAD */

#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
/**
* @brief Encrypt a short message with a public key.
*
Expand Down Expand Up @@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_ASYMMETRIC */


#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
/**
* @brief Abort a cipher operation.
*
Expand Down Expand Up @@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_CIPHER */

#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Make a copy of a key.
*
Expand Down Expand Up @@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui
*/
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
psa_key_id_t *key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */

/**
* @brief Built-in function for random number generation.
Expand Down Expand Up @@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output,
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);

#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Declare the permitted algorithm policy for a key.
*
Expand Down Expand Up @@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
*/
psa_status_t psa_get_key_attributes(psa_key_id_t key,
psa_key_attributes_t *attributes);
#endif /* MODULE_PSA_KEY_MANAGEMENT */

#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
/**
* @brief Abort a hash operation.
*
Expand Down Expand Up @@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length);
#endif /* MODULE_PSA_HASH */

#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Built-in key import function.
*
Expand Down Expand Up @@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
psa_key_id_t *key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */

#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
/**
* @brief Abort a key derivation operation.
*
Expand Down Expand Up @@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope
*/
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
psa_key_id_t expected);
#endif /* PSA_CRYPTO_KEY_DERIVATION */

#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
/**
* @brief Abort a MAC operation.
*
Expand Down Expand Up @@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_id_t key,
psa_algorithm_t alg);
#endif /* MODULE_PSA_MAC */

#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
/**
* @brief Remove non-essential copies of key material from memory.
*
Expand Down Expand Up @@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
* @return @ref PSA_ERROR_DATA_INVALID
*/
psa_status_t psa_purge_key(psa_key_id_t key);
#endif /* MODULE_PSA_KEY_MANAGEMENT */

#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
/**
* @brief Perform a key agreement and return the raw shared secret.
*
Expand Down Expand Up @@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MODULE_PSA_KEY_AGREEMENT */

#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
/**
* @brief Sign an already-calculated hash with a private key.
*
Expand Down Expand Up @@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
size_t input_length,
const uint8_t *signature,
size_t signature_length);
#endif /* MODULE_PSA_ASYMMETRIC */

#ifdef __cplusplus
}
Expand Down
Loading

0 comments on commit adc0bc6

Please sign in to comment.