diff --git a/dist/tools/uf2/Makefile b/dist/tools/uf2/Makefile index 36195ea553b79..23f45d18e350d 100644 --- a/dist/tools/uf2/Makefile +++ b/dist/tools/uf2/Makefile @@ -5,8 +5,11 @@ PKG_LICENSE=MIT include $(RIOTBASE)/pkg/pkg.mk -all: $(CURDIR)/uf2conv.py +all: $(CURDIR)/uf2conv.py $(CURDIR)/uf2families.json $(CURDIR)/uf2conv.py: cp $(PKG_SOURCE_DIR)/utils/uf2conv.py . chmod a+x uf2conv.py + +$(CURDIR)/uf2families.json: + cp $(PKG_SOURCE_DIR)/utils/uf2families.json . diff --git a/examples/psa_crypto/Makefile b/examples/psa_crypto/Makefile index d9780f4c300d3..9c38666bffe84 100644 --- a/examples/psa_crypto/Makefile +++ b/examples/psa_crypto/Makefile @@ -48,6 +48,8 @@ else CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 USEMODULE += psa_secure_element USEMODULE += psa_secure_element_ateccx08a + USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 + USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256 else ifeq (2, $(SECURE_ELEMENT)) CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA) @@ -60,6 +62,8 @@ else USEMODULE += psa_secure_element USEMODULE += psa_secure_element_multiple USEMODULE += psa_secure_element_ateccx08a + USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 + USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256 else ifdef CUSTOM_BACKEND # Necessary configuration when using Make dependency resolution diff --git a/examples/psa_crypto/app.config.test.multi_se b/examples/psa_crypto/app.config.test.multi_se index 4d22339308e54..57ed135f8eb49 100644 --- a/examples/psa_crypto/app.config.test.multi_se +++ b/examples/psa_crypto/app.config.test.multi_se @@ -2,6 +2,8 @@ CONFIG_MODULE_PSA_SECURE_ELEMENT=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y CONFIG_PSA_MAX_SE_COUNT=2 diff --git a/examples/psa_crypto/app.config.test.se b/examples/psa_crypto/app.config.test.se index 939fb1055b923..0fc0d8fd38e38 100644 --- a/examples/psa_crypto/app.config.test.se +++ b/examples/psa_crypto/app.config.test.se @@ -1,6 +1,8 @@ CONFIG_MODULE_PSA_SECURE_ELEMENT=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y CONFIG_PSA_PROTECTED_KEY_COUNT=4 CONFIG_PSA_SINGLE_KEY_COUNT=1 diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c index a45e27220b21d..b7f48b76a1020 100644 --- a/examples/psa_crypto/main.c +++ b/examples/psa_crypto/main.c @@ -21,22 +21,36 @@ #include "psa/crypto.h" #include "ztimer.h" +#if IS_USED(MODULE_PSA_CIPHER) extern psa_status_t example_cipher_aes_128(void); +#endif +#if IS_USED(MODULE_PSA_MAC) extern psa_status_t example_hmac_sha256(void); +#endif +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) extern psa_status_t example_ecdsa_p256(void); - +#endif +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) #ifndef SECURE_ELEMENT extern psa_status_t example_eddsa(void); #endif +#endif #ifdef MULTIPLE_SE +#if IS_USED(MODULE_PSA_CIPHER) extern psa_status_t example_cipher_aes_128_sec_se(void); +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_MAC) extern psa_status_t example_hmac_sha256_sec_se(void); +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) extern psa_status_t example_ecdsa_p256_sec_se(void); -#endif +#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */ +#endif /* MULTIPLE_SE */ int main(void) { + bool failed = false; psa_status_t status; psa_crypto_init(); @@ -44,60 +58,88 @@ int main(void) ztimer_acquire(ZTIMER_USEC); ztimer_now_t start = ztimer_now(ZTIMER_USEC); + /* Needed in case only hashes are tested */ + (void)status; + (void)start; + +#if IS_USED(MODULE_PSA_MAC) status = example_hmac_sha256(); printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif +#if IS_USED(MODULE_PSA_CIPHER) start = ztimer_now(ZTIMER_USEC); status = example_cipher_aes_128(); printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) start = ztimer_now(ZTIMER_USEC); status = example_ecdsa_p256(); printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif -#ifndef SECURE_ELEMENT +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) start = ztimer_now(ZTIMER_USEC); status = example_eddsa(); printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status)); } #endif #ifdef MULTIPLE_SE +#if IS_USED(MODULE_PSA_MAC) puts("Running Examples with secondary SE:"); status = example_hmac_sha256_sec_se(); printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_CIPHER) start = ztimer_now(ZTIMER_USEC); status = example_cipher_aes_128_sec_se(); printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) start = ztimer_now(ZTIMER_USEC); status = example_ecdsa_p256_sec_se(); printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); } -#endif +#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */ +#endif /* MULTIPLE_SE */ ztimer_release(ZTIMER_USEC); - puts("All Done"); + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } return 0; } diff --git a/pkg/cryptoauthlib/Makefile.dep b/pkg/cryptoauthlib/Makefile.dep index 207d4f5b09836..a7d7845a7b486 100644 --- a/pkg/cryptoauthlib/Makefile.dep +++ b/pkg/cryptoauthlib/Makefile.dep @@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE))) endif ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE))) - USEMODULE += psa_secure_element_asymmetric + USEMODULE += psa_asymmetric +endif + +ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE))) + USEMODULE += psa_cipher +endif + +ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE))) + USEMODULE += psa_mac endif diff --git a/pkg/cryptoauthlib/Makefile.include b/pkg/cryptoauthlib/Makefile.include index dbeadf22bba26..2acafea0c67c5 100644 --- a/pkg/cryptoauthlib/Makefile.include +++ b/pkg/cryptoauthlib/Makefile.include @@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE))) INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity endif -ifneq (,$(filter psa_crypto,$(USEMODULE))) - PSEUDOMODULES += psa_secure_element_ateccx08a - PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256 -endif +PSEUDOMODULES += psa_secure_element_ateccx08a +PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128 +PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256 +PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256 diff --git a/pkg/micro-ecc/Makefile.include b/pkg/micro-ecc/Makefile.include index 377bc7317d0c7..fc994fb4f9940 100644 --- a/pkg/micro-ecc/Makefile.include +++ b/pkg/micro-ecc/Makefile.include @@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable TOOLCHAINS_BLACKLIST += llvm ifneq (,$(filter psa_uecc_%, $(USEMODULE))) - PSEUDOMODULES += psa_uecc_p192 - PSEUDOMODULES += psa_uecc_p256 DIRS += $(RIOTPKG)/micro-ecc/psa_uecc INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include endif + +PSEUDOMODULES += psa_uecc_p192 +PSEUDOMODULES += psa_uecc_p256 diff --git a/sys/auto_init/security/auto_init_atca.c b/sys/auto_init/security/auto_init_atca.c index a9a8fdf4287d2..3e7a368d907f9 100644 --- a/sys/auto_init/security/auto_init_atca.c +++ b/sys/auto_init/security/auto_init_atca.c @@ -50,7 +50,7 @@ void auto_init_atca(void) } atca_devs_ptr[i] = &atca_devs[i]; - DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc); + DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc); status = psa_register_secure_element(atca_params[i].atca_loc, &atca_methods, &atca_config_list[i], diff --git a/sys/include/psa_crypto/psa/crypto.h b/sys/include/psa_crypto/psa/crypto.h index 19f8fe718e505..7ccc494f9ed26 100644 --- a/sys/include/psa_crypto/psa/crypto.h +++ b/sys/include/psa_crypto/psa/crypto.h @@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status); */ psa_status_t psa_crypto_init(void); +#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN) /** * @brief Process an authenticated encryption operation. * @@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, * initialize results in this error code. */ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); +#endif /* MODULE_PSA_AEAD */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN) /** * @brief Encrypt a short message with a public key. * @@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_ASYMMETRIC */ + +#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN) /** * @brief Abort a cipher operation. * @@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Make a copy of a key. * @@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui */ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, psa_key_id_t *key); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ /** * @brief Built-in function for random number generation. @@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output, psa_status_t psa_generate_random(uint8_t *output, size_t output_size); +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Declare the permitted algorithm policy for a key. * @@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes) */ psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_key_attributes_t *attributes); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN) /** * @brief Abort a hash operation. * @@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length); +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Built-in key import function. * @@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, psa_key_id_t *key); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN) /** * @brief Abort a key derivation operation. * @@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope */ psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation, psa_key_id_t expected); +#endif /* PSA_CRYPTO_KEY_DERIVATION */ +#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN) /** * @brief Abort a MAC operation. * @@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg); +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Remove non-essential copies of key material from memory. * @@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, * @return @ref PSA_ERROR_DATA_INVALID */ psa_status_t psa_purge_key(psa_key_id_t key); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN) /** * @brief Perform a key agreement and return the raw shared secret. * @@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_KEY_AGREEMENT */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN) /** * @brief Sign an already-calculated hash with a private key. * @@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key, size_t input_length, const uint8_t *signature, size_t signature_length); +#endif /* MODULE_PSA_ASYMMETRIC */ #ifdef __cplusplus } diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h index ecf4f7fa60669..1d3177faa8f8a 100644 --- a/sys/include/psa_crypto/psa/crypto_sizes.h +++ b/sys/include/psa_crypto/psa/crypto_sizes.h @@ -79,29 +79,21 @@ extern "C" { * @brief Number of required allocated asymmetric key pair slots. * * @details These should be defined by the developer to - * fit their requirements. The default number is 5. + * fit their requirements. The default number is 0. */ #ifndef CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT -#if (IS_USED(MODULE_PSA_ASYMMETRIC)) -#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 5 -#else #define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 0 #endif -#endif /** * @brief Number of required allocated single key slots. * * @details These should be defined by the developer to - * fit their requirements. The default number is 5. + * fit their requirements. The default number is 0. */ #ifndef CONFIG_PSA_SINGLE_KEY_COUNT -#if (IS_USED(MODULE_PSA_KEY_SLOT_MGMT)) -#define CONFIG_PSA_SINGLE_KEY_COUNT 5 -#else #define CONFIG_PSA_SINGLE_KEY_COUNT 0 #endif -#endif /** * @brief Number of required allocated protected key slots. @@ -110,8 +102,8 @@ extern "C" { * fit their requirements. The default number is 5. */ #ifndef CONFIG_PSA_PROTECTED_KEY_COUNT -#if (IS_USED(MODULE_PSA_SE_MGMT)) -#define CONFIG_PSA_PROTECTED_KEY_COUNT 5 +#if (IS_USED(MODULE_PSA_SECURE_ELEMENT)) +#define CONFIG_PSA_PROTECTED_KEY_COUNT 5 #else #define CONFIG_PSA_PROTECTED_KEY_COUNT 0 #endif @@ -991,7 +983,7 @@ extern "C" { /** * @brief The maximum size of the used key data. */ -#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) || IS_USED(MODULE_PSA_ASYMMETRIC) +#if IS_USED(MODULE_PSA_ASYMMETRIC) #define PSA_MAX_KEY_DATA_SIZE (PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) #else #define PSA_MAX_KEY_DATA_SIZE (CONFIG_PSA_MAX_KEY_SIZE) diff --git a/sys/include/psa_crypto/psa/crypto_struct.h b/sys/include/psa_crypto/psa/crypto_struct.h index 830c9722b0fc3..342877eb4e02c 100644 --- a/sys/include/psa_crypto/psa/crypto_struct.h +++ b/sys/include/psa_crypto/psa/crypto_struct.h @@ -28,34 +28,7 @@ extern "C" { #include "crypto_sizes.h" #include "crypto_contexts.h" -/** - * @brief Structure containing a hash context and algorithm - */ -struct psa_hash_operation_s { - psa_algorithm_t alg; /**< Operation algorithm */ -#if IS_USED(MODULE_PSA_HASH) - psa_hash_context_t ctx; /**< Operation hash context */ -#endif -}; - -/** - * @brief This macro returns a suitable initializer for a hash operation object of type - * @ref psa_hash_operation_t. - */ -#define PSA_HASH_OPERATION_INIT { 0 } - -/** - * @brief Return an initial value for a hash operation object. - * - * @return struct psa_hash_operation_s - */ -static inline struct psa_hash_operation_s psa_hash_operation_init(void) -{ - const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; - - return v; -} - +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Structure storing the key usage policies */ @@ -97,7 +70,9 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void) return v; } +#endif /*(MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN) /** * @brief Structure storing an AEAD operation context * @@ -124,7 +99,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void) return v; } +#endif /* MODULE_PSA_AEAD */ +#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN) /** * @brief Structure storing a cipher operation context */ @@ -135,9 +112,7 @@ struct psa_cipher_operation_s { psa_algorithm_t alg; /**< Operation algorithm*/ /** Union containing cipher contexts for the executing backend */ union cipher_context { -#if IS_USED(MODULE_PSA_CIPHER) psa_cipher_context_t cipher_ctx; /**< Cipher context */ -#endif #if IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A) || defined(DOXYGEN) psa_se_cipher_context_t se_ctx; /**< SE Cipher context */ #endif @@ -161,7 +136,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) return v; } +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN) /** * @brief This macro returns a suitable initializer for a key derivation operation object of * type @ref psa_key_derivation_operation_t. @@ -188,7 +165,39 @@ static inline struct psa_key_derivation_operation_s psa_key_derivation_operation return v; } +#endif /* MODULE_PSA_KEY_DERIVATION */ + +#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN) +/** + * @brief Structure containing a hash context and algorithm + */ +struct psa_hash_operation_s { + psa_algorithm_t alg; /**< Operation algorithm */ +#if IS_USED(MODULE_PSA_HASH) + psa_hash_context_t ctx; /**< Operation hash context */ +#endif +}; + +/** + * @brief This macro returns a suitable initializer for a hash operation object of type + * @ref psa_hash_operation_t. + */ +#define PSA_HASH_OPERATION_INIT { 0 } + +/** + * @brief Return an initial value for a hash operation object. + * + * @return struct psa_hash_operation_s + */ +static inline struct psa_hash_operation_s psa_hash_operation_init(void) +{ + const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; + + return v; +} +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN) /** * @brief This macro returns a suitable initializer for a MAC operation object of type * @ref psa_mac_operation_t. @@ -215,6 +224,7 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void) return v; } +#endif /* MODULE_PSA_MAC */ #ifdef __cplusplus } diff --git a/sys/psa_crypto/Kconfig.asymmetric b/sys/psa_crypto/Kconfig.asymmetric index 358ba6af4e8c6..081d40a6c2add 100644 --- a/sys/psa_crypto/Kconfig.asymmetric +++ b/sys/psa_crypto/Kconfig.asymmetric @@ -7,8 +7,7 @@ menuconfig MODULE_PSA_ASYMMETRIC bool "PSA Asymmetric Crypto" - select PSA_KEY_CONFIG - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT if MODULE_PSA_ASYMMETRIC diff --git a/sys/psa_crypto/Kconfig.ciphers b/sys/psa_crypto/Kconfig.ciphers index e7d5303a9b25b..b6c2104864c48 100644 --- a/sys/psa_crypto/Kconfig.ciphers +++ b/sys/psa_crypto/Kconfig.ciphers @@ -7,8 +7,7 @@ menuconfig MODULE_PSA_CIPHER bool "PSA Ciphers" - select PSA_KEY_CONFIG - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT if MODULE_PSA_CIPHER diff --git a/sys/psa_crypto/Kconfig.hashes b/sys/psa_crypto/Kconfig.hashes index 6abf34ad9f357..8de33d66e3efb 100644 --- a/sys/psa_crypto/Kconfig.hashes +++ b/sys/psa_crypto/Kconfig.hashes @@ -7,7 +7,6 @@ menuconfig MODULE_PSA_HASH bool "PSA Hashes" - select PSA_KEY_CONFIG if MODULE_PSA_HASH diff --git a/sys/psa_crypto/Kconfig.keys b/sys/psa_crypto/Kconfig.keys index 21cff30403ae4..fe50ef332142e 100644 --- a/sys/psa_crypto/Kconfig.keys +++ b/sys/psa_crypto/Kconfig.keys @@ -7,6 +7,12 @@ menu "PSA Key Management Configuration" +config MODULE_PSA_KEY_MANAGEMENT + bool + select MODULE_PSA_KEY_SLOT_MGMT + help + Activates the PSA Key Management Module + config PSA_KEY_SIZE_128 bool "Application uses key of size 128 Bits" help @@ -44,12 +50,10 @@ config PSA_PROTECTED_KEY_COUNT config PSA_ASYMMETRIC_KEYPAIR_COUNT int "Specifies number of allocated key pair slots" - default 5 if MODULE_PSA_ASYMMETRIC default 0 config PSA_SINGLE_KEY_COUNT int "Specifies number of allocated single key slots" - default 5 if PSA_MAX_KEY_SIZE != 0 default 0 endmenu # PSA Key Management Configuration diff --git a/sys/psa_crypto/Kconfig.mac b/sys/psa_crypto/Kconfig.mac index fcca459f10fbe..8cc8b8b1464f0 100644 --- a/sys/psa_crypto/Kconfig.mac +++ b/sys/psa_crypto/Kconfig.mac @@ -7,8 +7,7 @@ menuconfig MODULE_PSA_MAC bool "PSA Message Authenticated Ciphers" - select PSA_KEY_CONFIG - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT if MODULE_PSA_MAC diff --git a/sys/psa_crypto/Makefile.dep b/sys/psa_crypto/Makefile.dep index be403cae6a6d1..f187c498b0611 100644 --- a/sys/psa_crypto/Makefile.dep +++ b/sys/psa_crypto/Makefile.dep @@ -5,7 +5,7 @@ endif # Asymmetric ifneq (,$(filter psa_asymmetric,$(USEMODULE))) - USEMODULE += psa_key_slot_mgmt + USEMODULE += psa_key_management endif ## ECC_P192R1 backend @@ -82,7 +82,7 @@ endif # Cipher ifneq (,$(filter psa_cipher,$(USEMODULE))) - USEMODULE += psa_key_slot_mgmt + USEMODULE += psa_key_management endif ## AES-128-ECB backend @@ -228,7 +228,16 @@ ifneq (,$(filter psa_hash_sha_512_backend_periph,$(USEMODULE))) FEATURES_REQUIRED += periph_hash_sha_512 endif +# Key Management +ifneq (,$(filter psa_key_management,$(USEMODULE))) + USEMODULE += psa_key_slot_mgmt +endif + # MAC +ifneq (,$(filter psa_mac,$(USEMODULE))) + USEMODULE += psa_key_management +endif + ## HMAC SHA-256 ifneq (,$(filter psa_mac_hmac_sha_256,$(USEMODULE))) ifeq (,$(filter psa_mac_hmac_sha_256_custom_backend,$(USEMODULE))) @@ -256,7 +265,7 @@ endif # Secure Elements ifneq (,$(filter psa_secure_element,$(USEMODULE))) USEMODULE += psa_se_mgmt - USEMODULE += psa_key_slot_mgmt + USEMODULE += psa_key_management endif ifneq (,$(filter psa_secure_element_ateccx08a, $(USEMODULE))) diff --git a/sys/psa_crypto/Makefile.include b/sys/psa_crypto/Makefile.include index 9c64f712fde93..91a601da687ed 100644 --- a/sys/psa_crypto/Makefile.include +++ b/sys/psa_crypto/Makefile.include @@ -145,6 +145,9 @@ ifneq (,$(filter psa_hash_sha_512,$(USEMODULE))) endif endif +## Key Management +PSEUDOMODULES += psa_key_management + ## MAC PSEUDOMODULES += psa_mac PSEUDOMODULES += psa_mac_hmac_sha_256 @@ -161,6 +164,5 @@ endif ## Secure Elements PSEUDOMODULES += psa_secure_element -PSEUDOMODULES += psa_secure_element_asymmetric PSEUDOMODULES += psa_secure_element_config PSEUDOMODULES += psa_secure_element_multiple diff --git a/sys/psa_crypto/doc.txt b/sys/psa_crypto/doc.txt index 20624055595f7..de5e9765cc2f6 100644 --- a/sys/psa_crypto/doc.txt +++ b/sys/psa_crypto/doc.txt @@ -315,13 +315,14 @@ * * ### Secure Elements * Base: - * * - psa_secure_element * - psa_secure_element_multiple * * #### SE Types * - psa_secure_element_ateccx08a + * - psa_secure_element_ateccx08a_cipher_aes_128 * - psa_secure_element_ateccx08a_ecc_p256 + * - psa_secure_element_ateccx08a_hmac_sha256 * * Random Number Generation {#rng} * === @@ -371,7 +372,7 @@ * @code * CONFIG_PSA_SECURE_ELEMENT=y * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y // device example - * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC=y + * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y * @endcode * * or added to the the Makefile: @@ -438,10 +439,10 @@ * In RIOT, module names are generated from path names, so if you create a directory for * your sourcefiles, the module name will be the same as the directory name. It is possible * to change that by declaring a new module name in the Makefile by adding the line - * your_module_name`. + * `MODULE := your_module_name`. * * If you leave it like this, all sourcefiles in the path corresponding to the module name will be - * built (e.g. if you choose to module `hashes`, all files in `sys/hashes` will be included). + * built (e.g. if you choose the module `hashes`, all files in `sys/hashes` will be included). * For better configurability it is possible to add submodules (see * `sys/hashes/psa_riot_hashes` for example). * In that case the base module name will be the directory name and each file inside the directory @@ -959,17 +960,20 @@ * key, which requires a lot less memory space. * * **BUT:** If your secure element supports asymmetric cryptography and exports a public key part - * during key generation, that key part must be stored somewhere. This is why there needs to be - * an option to tell PSA Crypto that an application is going to perform asymmetric operations. - * Only if that option is selected, the protected key slots will have the space to store a public + * during key generation, that key part must be stored somewhere. So when you choose an + * asymmetric operation, the protected key slots will have the space to store a public * key. * + * #### Dependencies + * Secure Element operations also depend on the PSA modules. E.g. when you want to use an ECC + * operation, you need to make sure that you also build the asymmetric PSA functions. + * * For this we need to add the following to the `superSE` menu: * @code * config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256 * bool "Our Vendor's Elliptic Curve P256" * select PSA_KEY_SIZE_256 - * select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC + * select MODULE_PSA_ASYMMETRIC * depends on MODULE_PSA_SECURE_ELEMENT_SUPERSE * @endcode * This tells us, what size a key slot should have to store the public key. If your SE supports @@ -994,9 +998,11 @@ * endif * * ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE))) - * USEMODULE += psa_secure_element_asymmetric + * USEMODULE += psa_asymmetric * endif - * - * Now the secure element should be available for use with PSA Crypto. * @endcode + * This needs to be done for all other supported operations (e.g. ATECCX08 operations in + * `pkg/cryptoauthlib/Makefile.include`, `pkg/cryptoauthlib/Makefile.dep` and + * `sys/psa_crypto/psa_se_mgmt/Kconfig`. Now the secure element should be available for use + * with PSA Crypto. */ diff --git a/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h b/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h index e17be73419643..dd0e16085d954 100644 --- a/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h +++ b/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h @@ -28,8 +28,12 @@ extern "C" { #include #include "kernel_defines.h" #include "psa/crypto.h" + +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) #include "psa_crypto_slot_management.h" +#endif +#if IS_USED(MODULE_PSA_HASH) /** * @brief Dispatch a hash setup function to a specific backend. * See @ref psa_hash_setup() @@ -68,7 +72,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length); +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) /** * @brief Dispatch a hash signature function to a specific backend. * See @ref psa_sign_hash() @@ -156,7 +162,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t * size_t input_length, const uint8_t *signature, size_t signature_length); +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Dispatch the key generation function to a specific backend. * See @ref psa_generate_key() @@ -167,7 +175,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t * */ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot); +#endif +#if IS_USED(MODULE_PSA_CIPHER) /** * @brief Dispatch a cipher encrypt function to a specific backend. * See @ref psa_cipher_encrypt() @@ -213,7 +223,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t * uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_MAC) /** * @brief Dispatch a mac computation function to a specific backend. * See @ref psa_mac_compute() @@ -236,6 +248,7 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr uint8_t *mac, size_t mac_size, size_t *mac_length); +#endif #ifdef __cplusplus } diff --git a/sys/psa_crypto/include/psa_crypto_location_dispatch.h b/sys/psa_crypto/include/psa_crypto_location_dispatch.h index 4ec493fd01e91..5190bb3a77ffb 100644 --- a/sys/psa_crypto/include/psa_crypto_location_dispatch.h +++ b/sys/psa_crypto/include/psa_crypto_location_dispatch.h @@ -29,6 +29,7 @@ extern "C" { #include "kernel_defines.h" #include "psa/crypto.h" +#if IS_USED(MODULE_PSA_ASYMMETRIC) /** * @brief Dispatch call of a hash signature function to a location specific backend. * See psa_sign_hash() @@ -116,7 +117,9 @@ psa_status_t psa_location_dispatch_verify_message(const psa_key_attributes_t *at size_t input_length, const uint8_t *signature, size_t signature_length); +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_MAC) /** * @brief Dispatch call of a mac computation function to a location specific backend. * See psa_mac_compute() @@ -139,7 +142,9 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri uint8_t *mac, size_t mac_size, size_t *mac_length); +#endif +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Dispatch call of the key generation function to a location specific backend. * See psa_generate_key() @@ -165,7 +170,9 @@ psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attr psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, psa_key_slot_t *slot, size_t *bits); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) /** * @brief Dispatch call of a cipher encrypt setup function to a location specific backend. * See psa_cipher_setup() @@ -254,6 +261,7 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t * uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_CIPHER */ /** * @brief Dispatch call of a random number generator to a specific backend. diff --git a/sys/psa_crypto/include/psa_crypto_slot_management.h b/sys/psa_crypto/include/psa_crypto_slot_management.h index 169faf2d6f9e1..1f84b545ae24e 100644 --- a/sys/psa_crypto/include/psa_crypto_slot_management.h +++ b/sys/psa_crypto/include/psa_crypto_slot_management.h @@ -78,10 +78,12 @@ typedef struct { size_t lock_count; /**< Number of entities accessing the slot */ psa_key_attributes_t attr; /**< Attributes associated with the stored key */ /** Structure containing key data */ +#if PSA_SINGLE_KEY_COUNT struct key_data { uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */ size_t data_len; /**< Size of actual key data in bytes */ } key; /**< Key data structure */ +#endif /* PSA_SINGLE_KEY_COUNT */ } psa_key_slot_t; /** diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c index a780593f33087..ae53ac1e0b37c 100644 --- a/sys/psa_crypto/psa_crypto.c +++ b/sys/psa_crypto/psa_crypto.c @@ -20,9 +20,13 @@ #include #include "psa/crypto.h" + +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) +#include "psa_crypto_slot_management.h" +#endif + #include "psa_crypto_se_driver.h" #include "psa_crypto_se_management.h" -#include "psa_crypto_slot_management.h" #include "psa_crypto_location_dispatch.h" #include "psa_crypto_algorithm_dispatch.h" @@ -38,6 +42,7 @@ */ static uint8_t lib_initialized = 0; +#if IS_USED(MODULE_PSA_HASH) /** * @brief Compares the content of two same-sized buffers while maintaining * constant processing time @@ -60,6 +65,7 @@ static inline int constant_time_memcmp(const uint8_t *a, const uint8_t *b, size_ return diff; } +#endif /* MODULE_PSA_HASH */ const char *psa_status_to_humanly_readable(psa_status_t status) { @@ -126,6 +132,7 @@ psa_status_t psa_crypto_init(void) return PSA_SUCCESS; } +#if IS_USED(MODULE_PSA_AEAD) psa_status_t psa_aead_abort(psa_aead_operation_t *operation) { (void)operation; @@ -295,7 +302,9 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, (void)tag_length; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_AEAD */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, @@ -339,7 +348,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key, (void)output_length; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Checks whether a key's policy permits the usage of a given algorithm * @@ -418,7 +429,9 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_key_id_t id, } return PSA_SUCCESS; } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) { if (!lib_initialized) { @@ -694,6 +707,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_CIPHER */ + +#if IS_USED(MODULE_PSA_HASH) psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg) { @@ -921,8 +937,36 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, return PSA_SUCCESS; } +#endif /* MODULE_PSA_HASH */ + +psa_status_t psa_builtin_generate_random(uint8_t *output, + size_t output_size) +{ + if (!output) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* TODO: Should point to a CSPRNG API in the future */ + random_bytes(output, output_size); + return PSA_SUCCESS; +} + +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size) +{ + if (!lib_initialized) { + return PSA_ERROR_BAD_STATE; + } + + if (!output) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + return psa_location_dispatch_generate_random(output, output_size); +} /* Key Management */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Check whether the key policy is valid * @@ -994,7 +1038,7 @@ static psa_status_t psa_validate_key_for_key_generation(psa_key_type_t type, siz if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { return psa_validate_unstructured_key_size(type, bits); } -#if IS_USED(MODULE_PSA_ASYMMETRIC) || IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) +#if IS_USED(MODULE_PSA_ASYMMETRIC) else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { return PSA_ECC_KEY_SIZE_IS_VALID(type, bits) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT; } @@ -1351,32 +1395,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, return status; } -psa_status_t psa_builtin_generate_random( uint8_t *output, - size_t output_size) -{ - if (!output) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* TODO: Should point to a CSPRNG API in the future */ - random_bytes(output, output_size); - return PSA_SUCCESS; -} - -psa_status_t psa_generate_random(uint8_t *output, - size_t output_size) -{ - if (!lib_initialized) { - return PSA_ERROR_BAD_STATE; - } - - if (!output) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - return psa_location_dispatch_generate_random(output, output_size); -} - psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_key_attributes_t *attributes) { @@ -1500,7 +1518,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, return status; } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_KEY_DERIVATION) psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) { (void)operation; @@ -1586,7 +1606,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, (void)alg; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_KEY_DERIVATION */ +#if IS_USED(MODULE_PSA_MAC) psa_status_t psa_mac_abort(psa_mac_operation_t *operation) { if (!lib_initialized) { @@ -1763,7 +1785,9 @@ psa_status_t psa_purge_key(psa_key_id_t key) (void)key; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_KEY_AGREEMENT) psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_key_id_t private_key, const uint8_t *peer_key, @@ -1781,7 +1805,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, (void)output_length; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_KEY_AGREEMENT */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_sign_hash(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, @@ -2000,3 +2026,4 @@ psa_status_t psa_verify_message(psa_key_id_t key, unlock_status = psa_unlock_key_slot(slot); return ((status == PSA_SUCCESS) ? unlock_status : status); } +#endif /* MODULE_PSA_ASYMMETRIC */ diff --git a/sys/psa_crypto/psa_crypto_algorithm_dispatch.c b/sys/psa_crypto/psa_crypto_algorithm_dispatch.c index 44c2f0532ddb8..3a247f857a8fe 100644 --- a/sys/psa_crypto/psa_crypto_algorithm_dispatch.c +++ b/sys/psa_crypto/psa_crypto_algorithm_dispatch.c @@ -21,12 +21,28 @@ #include #include "kernel_defines.h" #include "psa/crypto.h" + +#if IS_USED(MODULE_PSA_MAC) #include "psa_mac.h" +#endif + +#if IS_USED(MODULE_PSA_HASH) #include "psa_hashes.h" +#endif + +#if IS_USED(MODULE_PSA_ASYMMETRIC) #include "psa_ecc.h" +#endif + +#if IS_USED(MODULE_PSA_CIPHER) #include "psa_ciphers.h" +#endif + +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) #include "psa_crypto_operation_encoder.h" +#endif +#if IS_USED(MODULE_PSA_HASH) psa_status_t psa_algorithm_dispatch_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg) { @@ -150,7 +166,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation, return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -353,7 +371,9 @@ psa_status_t psa_algorithm_dispatch_verify_message(const psa_key_attributes_t *a return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot) { @@ -407,7 +427,9 @@ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t * return psa_builtin_generate_key(attributes, key_data, *key_bytes, key_bytes); } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) psa_status_t psa_algorithm_dispatch_cipher_encrypt( const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -499,7 +521,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t * return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_MAC) psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -538,3 +562,4 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr (void)mac_length; return PSA_SUCCESS; } +#endif /* MODULE_PSA_MAC */ diff --git a/sys/psa_crypto/psa_crypto_location_dispatch.c b/sys/psa_crypto/psa_crypto_location_dispatch.c index 367de7afe0573..d23fde67dfb93 100644 --- a/sys/psa_crypto/psa_crypto_location_dispatch.c +++ b/sys/psa_crypto/psa_crypto_location_dispatch.c @@ -22,10 +22,12 @@ #include "kernel_defines.h" #include "psa/crypto.h" #include "psa_crypto_algorithm_dispatch.h" -#include "psa_crypto_slot_management.h" #include "psa_crypto_se_management.h" #include "psa_crypto_se_driver.h" +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) +#include "psa_crypto_slot_management.h" + psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attributes, psa_key_slot_t *slot) { @@ -104,7 +106,9 @@ psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attri return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const psa_key_slot_t *slot, @@ -335,6 +339,9 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t * output, output_size, output_length); } +#endif /* MODULE_PSA_CIPHER */ + +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_location_dispatch_sign_hash( const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -428,7 +435,9 @@ psa_status_t psa_location_dispatch_verify_message( const psa_key_attributes_t * return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature, signature_length); } +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_MAC) psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -462,6 +471,7 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac, mac_size, mac_length); } +#endif /* MODULE_PSA_MAC */ psa_status_t psa_location_dispatch_generate_random(uint8_t *output, size_t output_size) diff --git a/sys/psa_crypto/psa_key_slot_mgmt/Kconfig b/sys/psa_crypto/psa_key_slot_mgmt/Kconfig index a064bf1b2598e..ce5a387a30bd0 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/Kconfig +++ b/sys/psa_crypto/psa_key_slot_mgmt/Kconfig @@ -7,4 +7,5 @@ config MODULE_PSA_KEY_SLOT_MGMT bool - default y if PACKAGE_PSA_ARCH_TESTS + help + Enable PSA key slot management module diff --git a/sys/psa_crypto/psa_key_slot_mgmt/Makefile b/sys/psa_crypto/psa_key_slot_mgmt/Makefile index 3d213aadd633f..89e0b4a80cacd 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/Makefile +++ b/sys/psa_crypto/psa_key_slot_mgmt/Makefile @@ -1,4 +1,3 @@ -MODULE := psa_key_slot_mgmt INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include include $(RIOTBASE)/Makefile.base diff --git a/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c b/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c index e50317bde4811..0e450a08a3e69 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c +++ b/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c @@ -24,7 +24,7 @@ #define ENABLE_DEBUG 0 #include "debug.h" -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT /** * @brief Structure for a protected key slot. * @@ -37,7 +37,7 @@ typedef struct { psa_key_attributes_t attr; struct prot_key_data { psa_key_slot_number_t slot_number; -#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) +#if IS_USED(MODULE_PSA_ASYMMETRIC) uint8_t pubkey_data[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; size_t pubkey_data_len; #endif @@ -53,9 +53,9 @@ static psa_prot_key_slot_t protected_key_slots[PSA_PROTECTED_KEY_COUNT]; * @brief List pointing to empty protected key slots */ static clist_node_t protected_list_empty; -#endif /* MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC */ +#endif /* PSA_PROTECTED_KEY_COUNT */ -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT /** * @brief Structure for asymmetric key pairs. * @@ -87,8 +87,9 @@ static psa_key_pair_slot_t key_pair_slots[PSA_ASYMMETRIC_KEYPAIR_COUNT]; * @brief List pointing to empty asymmetric key slots */ static clist_node_t key_pair_list_empty; -#endif /* MODULE_PSA_ASYMMETRIC */ +#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ +#if PSA_SINGLE_KEY_COUNT /** * @brief Array containing the single key slots */ @@ -98,6 +99,7 @@ static psa_key_slot_t single_key_slots[PSA_SINGLE_KEY_COUNT]; * @brief List pointing to empty single key slots */ static clist_node_t single_key_list_empty; +#endif /** * @brief Global list of used key slots @@ -119,61 +121,61 @@ static psa_key_id_t key_id_count = PSA_KEY_ID_VOLATILE_MIN; static clist_node_t * psa_get_empty_key_slot_list(const psa_key_attributes_t *attr) { if (!psa_key_lifetime_is_external(attr->lifetime)) { -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT if (PSA_KEY_TYPE_IS_KEY_PAIR(attr->type)) { return &key_pair_list_empty; } -#endif /* MODULE_PSA_ASYMMETRIC */ +#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ +#if PSA_SINGLE_KEY_COUNT return &single_key_list_empty; +#endif /* PSA_SINGLE_KEY_COUNT */ } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT return &protected_list_empty; #else return NULL; -#endif /* MODULE_PSA_SECURE_ELEMENT */ +#endif /* PSA_PROTECTED_KEY_COUNT */ } void psa_init_key_slots(void) { - DEBUG("List Node Size: %d\n", sizeof(clist_node_t)); -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT memset(protected_key_slots, 0, sizeof(protected_key_slots)); -#if PSA_PROTECTED_KEY_COUNT for (size_t i = 0; i < PSA_PROTECTED_KEY_COUNT; i++) { clist_rpush(&protected_list_empty, &protected_key_slots[i].node); } -#endif /* PSA_PROTECTED_KEY_COUNT */ DEBUG("Protected Slot Count: %d, Size: %d\n", PSA_PROTECTED_KEY_COUNT, sizeof(psa_prot_key_slot_t)); DEBUG("Protected Slot Array Size: %d\n", sizeof(protected_key_slots)); DEBUG("Protected Slot Empty List Size: %d\n", clist_count(&protected_list_empty)); -#endif /* MODULE_PSA_SECURE_ELEMENT */ +#endif /* PSA_PROTECTED_KEY_COUNT */ -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT memset(key_pair_slots, 0, sizeof(key_pair_slots)); -#if PSA_ASYMMETRIC_KEYPAIR_COUNT for (size_t i = 0; i < PSA_ASYMMETRIC_KEYPAIR_COUNT; i++) { clist_rpush(&key_pair_list_empty, &key_pair_slots[i].node); } -#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ + DEBUG("Asymmetric Slot Count: %d, Size: %d\n", PSA_ASYMMETRIC_KEYPAIR_COUNT, sizeof(psa_key_pair_slot_t)); DEBUG("Asymmetric Slot Array Size: %d\n", sizeof(key_pair_slots)); DEBUG("Asymmetric Slot Empty List Size: %d\n", clist_count(&key_pair_list_empty)); -#endif /* MODULE_PSA_ASYMMETRIC */ +#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ - memset(single_key_slots, 0, sizeof(single_key_slots)); #if PSA_SINGLE_KEY_COUNT + memset(single_key_slots, 0, sizeof(single_key_slots)); + for (size_t i = 0; i < PSA_SINGLE_KEY_COUNT; i++) { clist_rpush(&single_key_list_empty, &single_key_slots[i].node); } -#endif + DEBUG("Single Key Slot Count: %d, Size: %d\n", PSA_SINGLE_KEY_COUNT, sizeof(psa_key_slot_t)); DEBUG("Single Key Slot Array Size: %d\n", sizeof(single_key_slots)); DEBUG("Single Key Slot Empty List Size: %d\n", clist_count(&single_key_list_empty)); +#endif /* PSA_SINGLE_KEY_COUNT */ } /** @@ -189,14 +191,14 @@ static void psa_wipe_real_slot_type(psa_key_slot_t *slot) if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { memset(slot, 0, sizeof(psa_key_slot_t)); } -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT else { memset((psa_key_pair_slot_t *)slot, 0, sizeof(psa_key_pair_slot_t)); } #endif } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT else { memset((psa_prot_key_slot_t *)slot, 0, sizeof(psa_prot_key_slot_t)); } @@ -483,12 +485,15 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_ if (!psa_key_lifetime_is_external(attr.lifetime)) { +#if PSA_SINGLE_KEY_COUNT if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { *key_data = (uint8_t *)slot->key.data; *key_bytes = (size_t *)&slot->key.data_len; key_data_size = sizeof(slot->key.data); } -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#endif /* PSA_SINGLE_KEY_COUNT */ + +#if PSA_ASYMMETRIC_KEYPAIR_COUNT else { *key_data = ((psa_key_pair_slot_t *)slot)->key.privkey_data; *key_bytes = &((psa_key_pair_slot_t *)slot)->key.privkey_data_len; @@ -499,7 +504,7 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_ return key_data_size; } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if IS_USED(MODULE_PSA_SECURE_ELEMENT) && PSA_PROTECTED_KEY_COUNT psa_key_slot_number_t * psa_key_slot_get_slot_number(const psa_key_slot_t *slot) { return &(((psa_prot_key_slot_t *)slot)->key.slot_number); @@ -519,12 +524,14 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t * } if (!psa_key_lifetime_is_external(attr.lifetime)) { +#if PSA_SINGLE_KEY_COUNT if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { *pubkey_data = ((psa_key_slot_t *)slot)->key.data; *pubkey_data_len = &((psa_key_slot_t *)slot)->key.data_len; return; } -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#endif /* PSA_SINGLE_KEY_COUNT */ +#if PSA_ASYMMETRIC_KEYPAIR_COUNT else { *pubkey_data = ((psa_key_pair_slot_t *)slot)->key.pubkey_data; *pubkey_data_len = &((psa_key_pair_slot_t *)slot)->key.pubkey_data_len; @@ -532,7 +539,7 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t * } #endif } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) +#if PSA_PROTECTED_KEY_COUNT && IS_USED(MODULE_PSA_ASYMMETRIC) *pubkey_data = ((psa_prot_key_slot_t *)slot)->key.pubkey_data; *pubkey_data_len = &((psa_prot_key_slot_t *)slot)->key.pubkey_data_len; #endif diff --git a/sys/psa_crypto/psa_se_mgmt/Kconfig b/sys/psa_crypto/psa_se_mgmt/Kconfig index 80f017ad799a3..ceefd97647912 100644 --- a/sys/psa_crypto/psa_se_mgmt/Kconfig +++ b/sys/psa_crypto/psa_se_mgmt/Kconfig @@ -7,7 +7,7 @@ menuconfig MODULE_PSA_SECURE_ELEMENT bool "PSA Secure Elements" - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT select MODULE_PSA_SE_MGMT if MODULE_PSA_SECURE_ELEMENT @@ -33,16 +33,23 @@ menuconfig MODULE_PSA_SECURE_ELEMENT_ATECCX08A config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256 bool "Microchip ATECCX08A Elliptic Curve P256" select PSA_KEY_SIZE_256 - select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC + select MODULE_PSA_ASYMMETRIC depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A -config MODULE_PSA_SE_MGMT - bool +config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128 + bool "Microchip ATECCX08A Cipher AES 128" + select PSA_KEY_SIZE_128 + select MODULE_PSA_CIPHER + depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A -config MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC +config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256 + bool "Microchip ATECCX08A HMAC SHA-256" + select PSA_KEY_SIZE_128 + select MODULE_PSA_MAC + depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A + +config MODULE_PSA_SE_MGMT bool - help - Indicates that an asymmetric operation is used with secure elements. config MODULE_PSA_SECURE_ELEMENT_CONFIG bool diff --git a/tests/sys/psa_crypto/Makefile b/tests/sys/psa_crypto/Makefile index 4d3a999a0cbc3..3396041f597fb 100644 --- a/tests/sys/psa_crypto/Makefile +++ b/tests/sys/psa_crypto/Makefile @@ -4,9 +4,8 @@ USEMODULE += embunit USEMODULE += psa_crypto -# FIXME: currently only needed for build to succeed -USEMODULE += psa_cipher -USEMODULE += psa_cipher_aes_128_cbc +CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric_ecc_ed25519 diff --git a/tests/sys/psa_crypto_cipher/Makefile b/tests/sys/psa_crypto_cipher/Makefile new file mode 100644 index 0000000000000..44b4b8f059c7c --- /dev/null +++ b/tests/sys/psa_crypto_cipher/Makefile @@ -0,0 +1,17 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_cipher +USEMODULE += psa_cipher_aes_128_cbc + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_cipher/README.md b/tests/sys/psa_crypto_cipher/README.md new file mode 100644 index 0000000000000..48b3d99f52d36 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Cipher Test + +This is a configuration test for only the cipher of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_cipher/app.config.test b/tests/sys/psa_crypto_cipher/app.config.test new file mode 100644 index 0000000000000..cada089f55db8 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/app.config.test @@ -0,0 +1,8 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_CIPHER=y +CONFIG_MODULE_PSA_CIPHER_AES_128_CBC=y + +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c new file mode 120000 index 0000000000000..3b052c133690a --- /dev/null +++ b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_cipher/main.c b/tests/sys/psa_crypto_cipher/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_cipher/tests/01-run.py b/tests/sys/psa_crypto_cipher/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_ecdsa/Makefile b/tests/sys/psa_crypto_ecdsa/Makefile new file mode 100644 index 0000000000000..12f8f1cf9a004 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/Makefile @@ -0,0 +1,20 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 +USEMODULE += psa_asymmetric +USEMODULE += psa_asymmetric_ecc_p256r1 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_ecdsa/README.md b/tests/sys/psa_crypto_ecdsa/README.md new file mode 100644 index 0000000000000..6643bec66c742 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/README.md @@ -0,0 +1,4 @@ +# PSA Crypto ECDSA Test + +This is a configuration test for only the ecdsa of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_ecdsa/app.config.test b/tests/sys/psa_crypto_ecdsa/app.config.test new file mode 100644 index 0000000000000..9e39cdbd9884c --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/app.config.test @@ -0,0 +1,10 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y +CONFIG_MODULE_PSA_ASYMMETRIC=y +CONFIG_MODULE_PSA_ASYMMETRIC_ECC_P256R1=y +CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c new file mode 120000 index 0000000000000..45df4f9cec226 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_ecdsa/main.c b/tests/sys/psa_crypto_ecdsa/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_ecdsa/tests/01-run.py b/tests/sys/psa_crypto_ecdsa/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_eddsa/Makefile b/tests/sys/psa_crypto_eddsa/Makefile new file mode 100644 index 0000000000000..92ae917a4f824 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/Makefile @@ -0,0 +1,18 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_asymmetric +USEMODULE += psa_asymmetric_ecc_ed25519 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_eddsa/README.md b/tests/sys/psa_crypto_eddsa/README.md new file mode 100644 index 0000000000000..3d2e17c40dd17 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/README.md @@ -0,0 +1,4 @@ +# PSA Crypto EDDSA Test + +This is a configuration test for only the eddsa of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_eddsa/app.config.test b/tests/sys/psa_crypto_eddsa/app.config.test new file mode 100644 index 0000000000000..4d19f22e3215f --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/app.config.test @@ -0,0 +1,8 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_ASYMMETRIC=y +CONFIG_MODULE_PSA_ASYMMETRIC_ECC_ED25519=y +CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_eddsa/example_eddsa.c b/tests/sys/psa_crypto_eddsa/example_eddsa.c new file mode 120000 index 0000000000000..adbd7d233d7fb --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/example_eddsa.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_eddsa.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_eddsa/main.c b/tests/sys/psa_crypto_eddsa/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_eddsa/tests/01-run.py b/tests/sys/psa_crypto_eddsa/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_hashes/Makefile b/tests/sys/psa_crypto_hashes/Makefile new file mode 100644 index 0000000000000..637abf14e0d13 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/Makefile @@ -0,0 +1,13 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_hashes/README.md b/tests/sys/psa_crypto_hashes/README.md new file mode 100644 index 0000000000000..aca6753f7f292 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Hashes Test + +This is a configuration test for only the hashes of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_hashes/app.config.test b/tests/sys/psa_crypto_hashes/app.config.test new file mode 100644 index 0000000000000..d5a63d3a56bf9 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/app.config.test @@ -0,0 +1,6 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_hashes/main.c b/tests/sys/psa_crypto_hashes/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_hashes/tests/01-run.py b/tests/sys/psa_crypto_hashes/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_mac/Makefile b/tests/sys/psa_crypto_mac/Makefile new file mode 100644 index 0000000000000..ee2bd15508cc0 --- /dev/null +++ b/tests/sys/psa_crypto_mac/Makefile @@ -0,0 +1,17 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_mac +USEMODULE += psa_mac_hmac_sha_256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_mac/README.md b/tests/sys/psa_crypto_mac/README.md new file mode 100644 index 0000000000000..588fade228485 --- /dev/null +++ b/tests/sys/psa_crypto_mac/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Mac Test + +This is a configuration test for only the mac of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_mac/app.config.test b/tests/sys/psa_crypto_mac/app.config.test new file mode 100644 index 0000000000000..9e44cc14155f3 --- /dev/null +++ b/tests/sys/psa_crypto_mac/app.config.test @@ -0,0 +1,8 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_MAC=y +CONFIG_MODULE_PSA_MAC_HMAC_SHA_256=y + +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_mac/example_hmac_sha256.c new file mode 120000 index 0000000000000..710efbeabcde1 --- /dev/null +++ b/tests/sys/psa_crypto_mac/example_hmac_sha256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_mac/main.c b/tests/sys/psa_crypto_mac/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_mac/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_mac/tests/01-run.py b/tests/sys/psa_crypto_mac/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_mac/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se/Makefile b/tests/sys/psa_crypto_se/Makefile new file mode 100644 index 0000000000000..4e1286028a79b --- /dev/null +++ b/tests/sys/psa_crypto_se/Makefile @@ -0,0 +1,30 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 +USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 +USEMODULE += psa_secure_element_ateccx08a_ecc_p256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3 + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se/README.md b/tests/sys/psa_crypto_se/README.md new file mode 100644 index 0000000000000..3926c8bacf279 --- /dev/null +++ b/tests/sys/psa_crypto_se/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Secure Element Test + +This is a configuration test for all PSA crypto modules using a secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se/app.config.test b/tests/sys/psa_crypto_se/app.config.test new file mode 100644 index 0000000000000..4c21b198d7501 --- /dev/null +++ b/tests/sys/psa_crypto_se/app.config.test @@ -0,0 +1,14 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y + +CONFIG_PSA_PROTECTED_KEY_COUNT=3 +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se/custom_atca_params.h b/tests/sys/psa_crypto_se/custom_atca_params.h new file mode 120000 index 0000000000000..07865241c6243 --- /dev/null +++ b/tests/sys/psa_crypto_se/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_cipher_aes_128.c b/tests/sys/psa_crypto_se/example_cipher_aes_128.c new file mode 120000 index 0000000000000..3b052c133690a --- /dev/null +++ b/tests/sys/psa_crypto_se/example_cipher_aes_128.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_ecdsa_p256.c b/tests/sys/psa_crypto_se/example_ecdsa_p256.c new file mode 120000 index 0000000000000..45df4f9cec226 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_ecdsa_p256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_hmac_sha256.c b/tests/sys/psa_crypto_se/example_hmac_sha256.c new file mode 120000 index 0000000000000..710efbeabcde1 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_hmac_sha256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/main.c b/tests/sys/psa_crypto_se/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_se/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/tests/01-run.py b/tests/sys/psa_crypto_se/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_se/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se_cipher/Makefile b/tests/sys/psa_crypto_se_cipher/Makefile new file mode 100644 index 0000000000000..61e4949d5b31f --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/Makefile @@ -0,0 +1,26 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 + + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se_cipher/README.md b/tests/sys/psa_crypto_se_cipher/README.md new file mode 100644 index 0000000000000..2666a3a85bdeb --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/README.md @@ -0,0 +1,5 @@ +# PSA Crypto Cipher Test + +This is a configuration test for only the cipher of the PSA crypto module using +secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se_cipher/app.config.test b/tests/sys/psa_crypto_se_cipher/app.config.test new file mode 100644 index 0000000000000..efff029955158 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/app.config.test @@ -0,0 +1,9 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y + +CONFIG_PSA_PROTECTED_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se_cipher/custom_atca_params.h b/tests/sys/psa_crypto_se_cipher/custom_atca_params.h new file mode 120000 index 0000000000000..07865241c6243 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c new file mode 120000 index 0000000000000..3b052c133690a --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/main.c b/tests/sys/psa_crypto_se_cipher/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/tests/01-run.py b/tests/sys/psa_crypto_se_cipher/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se_ecdsa/Makefile b/tests/sys/psa_crypto_se_ecdsa/Makefile new file mode 100644 index 0000000000000..d0f6cadc62a08 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/Makefile @@ -0,0 +1,28 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_ecc_p256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se_ecdsa/README.md b/tests/sys/psa_crypto_se_ecdsa/README.md new file mode 100644 index 0000000000000..29eb873293df2 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/README.md @@ -0,0 +1,5 @@ +# PSA Crypto Secure Element ECDSA Test + +This is a configuration test for only the ecdsa of the PSA crypto module using +secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se_ecdsa/app.config.test b/tests/sys/psa_crypto_se_ecdsa/app.config.test new file mode 100644 index 0000000000000..80906948c4af8 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/app.config.test @@ -0,0 +1,12 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y + +CONFIG_PSA_SINGLE_KEY_COUNT=1 +CONFIG_PSA_PROTECTED_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h b/tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h new file mode 120000 index 0000000000000..07865241c6243 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c new file mode 120000 index 0000000000000..45df4f9cec226 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/main.c b/tests/sys/psa_crypto_se_ecdsa/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/tests/01-run.py b/tests/sys/psa_crypto_se_ecdsa/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se_mac/Makefile b/tests/sys/psa_crypto_se_mac/Makefile new file mode 100644 index 0000000000000..5130e9acadd53 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/Makefile @@ -0,0 +1,25 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se_mac/README.md b/tests/sys/psa_crypto_se_mac/README.md new file mode 100644 index 0000000000000..27343237ee8d7 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/README.md @@ -0,0 +1,5 @@ +# PSA Crypto Mac Test + +This is a configuration test for only the mac of the PSA crypto module using +secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se_mac/app.config.test b/tests/sys/psa_crypto_se_mac/app.config.test new file mode 100644 index 0000000000000..27a58c14462ed --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/app.config.test @@ -0,0 +1,9 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y + +CONFIG_PSA_PROTECTED_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se_mac/custom_atca_params.h b/tests/sys/psa_crypto_se_mac/custom_atca_params.h new file mode 120000 index 0000000000000..07865241c6243 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c new file mode 120000 index 0000000000000..710efbeabcde1 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/main.c b/tests/sys/psa_crypto_se_mac/main.c new file mode 120000 index 0000000000000..a9fd2e2825758 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/tests/01-run.py b/tests/sys/psa_crypto_se_mac/tests/01-run.py new file mode 100755 index 0000000000000..25257b8ca8344 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc))