diff --git a/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h b/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h index ef132b5b70..fdefc83adc 100644 --- a/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h +++ b/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h @@ -18,6 +18,7 @@ #ifndef _PAL_INITIAL_ATTESTATION_H_ #define _PAL_INITIAL_ATTESTATION_H_ +#include "psa_initial_attestation_api.h" #include "pal_attestation_eat.h" enum attestation_function_code { diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c b/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c new file mode 100644 index 0000000000..51361779f8 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c @@ -0,0 +1,98 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef COMPONENT_PSA_SRV_IPC + +#include "pal_common.h" +#include "pal_client_api_intf.h" + + +/** + * @brief - Retrieve the version of the PSA Framework API that is implemented. + * This is a wrapper API for psa_framework_version API. + * @param - void + * @return - The PSA Framework API version. + */ + +uint32_t pal_ipc_framework_version(void) +{ + return 0; +} + +/** + * @brief - Retrieve the minor version of a Root of Trust Service by its SID. + * This is a wrapper API for the psa_version API. + * @param - sid The Root of Trust Service ID + * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust + * Service not present on the system. + */ + +uint32_t pal_ipc_version(uint32_t sid) +{ + return PSA_VERSION_NONE; +} + +/** + * @brief - Connect to given sid. + * This is a wrapper API for the psa_connect API. + * @param - sid : RoT service id + * @param - minor_version : minor_version of RoT service + * @return - psa_handle_t : return connection handle + */ + +psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version) +{ + return PSA_NULL_HANDLE; +} + +/** + * @brief Call a connected Root of Trust Service. + * This is a wrapper API for the psa_call API. + * The caller must provide an array of ::psa_invec_t structures as the input payload. + * + * @param -handle Handle for the connection. + * @param -in_vec Array of psa_invec structures. + * @param -in_len Number of psa_invec structures in in_vec. + * @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response. + * @param -out_len Number of psa_outvec structures in out_vec. + * @return -psa_status_t + */ + +psa_status_t pal_ipc_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + return (PSA_SUCCESS - 1); +} + +/** + * @brief Close a connection to a Root of Trust Service. + * This is a wrapper API for the psa_close API. + * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources. + * + * @param handle Handle for the connection. + * @return void + */ + +void pal_ipc_close(psa_handle_t handle) +{ + return; +} + +#endif diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c new file mode 100644 index 0000000000..16e336c045 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c @@ -0,0 +1,101 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef COMPONENT_PSA_SRV_IPC + +#include "pal_common.h" +#include "pal_client_api_intf.h" + +/** + * @brief - Retrieve the version of the PSA Framework API that is implemented. + * This is a wrapper API for psa_framework_version API. + * @param - void + * @return - The PSA Framework API version. + * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented. + */ + +uint32_t pal_ipc_framework_version(void) +{ + return (psa_framework_version()); +} + +/** + * @brief - Retrieve the minor version of a Root of Trust Service by its SID. + * This is a wrapper API for the psa_version API. + * @param - sid The Root of Trust Service ID + * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust + * Service not present on the system. + * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented. + */ + +uint32_t pal_ipc_version(uint32_t sid) +{ + return (psa_version(sid)); +} + +/** + * @brief - Connect to given sid. + * This is a wrapper API for the psa_connect API. + * @param - sid : RoT service id + * @param - minor_version : minor_version of RoT service + * @return - psa_handle_t : return connection handle + * Note - Return PSA_NULL_HANDLE if PSA IPC is not implemented. + */ + +psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version) +{ + return (psa_connect(sid, minor_version)); +} + +/** + * @brief Call a connected Root of Trust Service. + * This is a wrapper API for the psa_call API. + * The caller must provide an array of ::psa_invec_t structures as the input payload. + * + * @param -handle Handle for the connection. + * @param -in_vec Array of psa_invec structures. + * @param -in_len Number of psa_invec structures in in_vec. + * @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response. + * @param -out_len Number of psa_outvec structures in out_vec. + * @return -psa_status_t + * Note - Return -1 if PSA IPC is not implemented. + */ + +psa_status_t pal_ipc_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + return (psa_call(handle, in_vec, in_len, out_vec, out_len)); +} + +/** + * @brief Close a connection to a Root of Trust Service. + * This is a wrapper API for the psa_close API. + * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources. + * + * @param - handle Handle for the connection. + * @return - void + */ + +void pal_ipc_close(psa_handle_t handle) +{ + psa_close(handle); +} + +#endif diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h new file mode 100644 index 0000000000..cac75d27cb --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h @@ -0,0 +1,74 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_CLIENT_API_H_ +#define _PAL_CLIENT_API_H_ + +#if PSA_IPC_IMPLEMENTED +/* psa/client.h: Contains the Client API elements. Accessible to all applications */ +#include "psa/client.h" + +/* psa_manifest/sid.h: Macro definitions derived from manifest files that map from RoT Service + * names to Service IDs (SIDs). + * Partition manifest parse build tool must provide the implementation of this file. +*/ +#include "psa_manifest/sid.h" + +#else +#include "pal_common.h" + +#define PSA_VERSION_NONE (0) +#define PSA_SUCCESS (0) +#define PSA_CONNECTION_REFUSED (INT32_MIN + 1) +#define PSA_CONNECTION_BUSY (INT32_MIN + 2) +#define PSA_DROP_CONNECTION (INT32_MIN) +#define PSA_NULL_HANDLE ((psa_handle_t)0) + +typedef int32_t psa_status_t; +typedef int32_t psa_handle_t; + +typedef struct psa_invec { + const void *base; + size_t len; +} psa_invec; + +typedef struct psa_outvec { + void *base; + size_t len; +} psa_outvec; + +uint32_t psa_framework_version(void); +uint32_t psa_version(uint32_t sid); +psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version); +psa_status_t psa_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len); +void psa_close(psa_handle_t handle); +#endif /* PSA_IPC_IMPLEMENTED */ + +uint32_t pal_ipc_framework_version(void); +uint32_t pal_ipc_version(uint32_t sid); +psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version); +psa_status_t pal_ipc_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len); +void pal_ipc_close(psa_handle_t handle); +#endif /* _PAL_CLIENT_API_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_common.h b/features/frameworks/TARGET_PSA/pal/pal_common.h new file mode 100644 index 0000000000..2e905e47cc --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_common.h @@ -0,0 +1,112 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_COMMON_H_ +#define _PAL_COMMON_H_ + +#include +#include +#include +#include +#include + +#ifndef PSA_PROTECTED_STORAGE_IMPLEMENTED +#define PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED 1 /* Use ITS by default */ +#define ITS_TEST 1 +#endif + +#include "pal_crypto_config.h" +#include "internal_trusted_storage.h" + +/* typedef's */ +typedef uint8_t bool_t; +typedef uint32_t addr_t; +typedef uint32_t test_id_t; +typedef uint32_t block_id_t; +typedef char char8_t; +typedef uint32_t cfg_id_t; + +#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF + +typedef enum +{ + PAL_STATUS_SUCCESS = 0x0, + PAL_STATUS_ERROR = 0x80 +} pal_status_t; + +typedef enum { + NVMEM_READ = 0x1, + NVMEM_WRITE = 0x2, +} nvmem_fn_type_t; + +typedef struct { + nvmem_fn_type_t nvmem_fn_type; + addr_t base; + uint32_t offset; + int size; +} nvmem_param_t; + +typedef enum { + WD_INIT_SEQ = 0x1, + WD_ENABLE_SEQ = 0x2, + WD_DISABLE_SEQ = 0x3, + WD_STATUS_SEQ = 0x4, +} wd_fn_type_t; + +typedef enum { + WD_LOW_TIMEOUT = 0x1, + WD_MEDIUM_TIMEOUT = 0x2, + WD_HIGH_TIMEOUT = 0x3, + WD_CRYPTO_TIMEOUT = 0x4, +} wd_timeout_type_t; + +typedef struct { + wd_fn_type_t wd_fn_type; + addr_t wd_base_addr; + uint32_t wd_time_us; + uint32_t wd_timer_tick_us; +} wd_param_t; + +typedef enum { + UART_INIT = 0x1, + UART_PRINT = 0x2, +} uart_fn_type_t; + +/* + * Redefining some of the client.h elements for compilation to go through + * when PSA IPC APIs are not implemented. + */ +#if (PSA_IPC_IMPLEMENTED == 0) + +#ifndef PSA_VERSION_NONE +#define PSA_VERSION_NONE (0) +#endif + +#ifndef PSA_SUCCESS +#define PSA_SUCCESS (0) +typedef int32_t psa_status_t; +#endif +typedef int32_t psa_handle_t; + +#ifndef PSA_NULL_HANDLE +#define PSA_NULL_HANDLE ((psa_handle_t)0) +#endif + + +#endif /* PSA_IPC_IMPLEMENTED */ + +#endif /* _PAL_COMMON_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_config.h b/features/frameworks/TARGET_PSA/pal/pal_crypto_config.h new file mode 100644 index 0000000000..eecb6c0b8a --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_config.h @@ -0,0 +1,411 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +/* + * \file pal_crypto_config.h + * + * \brief Configuration options for crypto tests (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively for crypto test suite + */ + +#ifndef _PAL_CRYPTO_CONFIG_H_ +#define _PAL_CRYPTO_CONFIG_H_ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +/** + * \def ARCH_TEST_RSA + * + * Enable the RSA public-key cryptosystem. + * By default all supported keys are enabled. + * + * Comment macros to disable the types + */ +#ifdef MBEDTLS_RSA_C +#define ARCH_TEST_RSA +#define ARCH_TEST_RSA_1024 +#define ARCH_TEST_RSA_2048 +#define ARCH_TEST_RSA_3072 +#endif +/** + * \def ARCH_TEST_ECC + * \def ARCH_TEST_ECC_CURVE_SECPXXXR1 + * + * Enable the elliptic curve + * Enable specific curves within the Elliptic Curve + * module. By default all supported curves are enabled. + * + * Requires: ARCH_TEST_ECC + * Comment macros to disable the curve + */ +#ifdef MBEDTLS_ECP_C +#define ARCH_TEST_ECC +#ifdef MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define ARCH_TEST_ECC_CURVE_SECP192R1 +#endif +#ifdef MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define ARCH_TEST_ECC_CURVE_SECP224R1 +#endif +#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define ARCH_TEST_ECC_CURVE_SECP256R1 +#endif +#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define ARCH_TEST_ECC_CURVE_SECP384R1 +#endif +#endif +/** + * \def ARCH_TEST_AES + * + * Enable the AES block cipher. + * By default all supported keys are enabled. + * + * Comment macros to disable the types + */ +#ifdef MBEDTLS_AES_C +#define ARCH_TEST_AES +#define ARCH_TEST_AES_128 +#define ARCH_TEST_AES_192 +#define ARCH_TEST_AES_256 +#define ARCH_TEST_AES_512 +#endif + +/** + * \def ARCH_TEST_DES + * + * Enable the DES block cipher. + * By default all supported keys are enabled. + * + * Comment macros to disable the types + */ +#ifdef MBEDTLS_DES_C +#define ARCH_TEST_DES +#define ARCH_TEST_DES_1KEY +#define ARCH_TEST_DES_2KEY +#define ARCH_TEST_DES_3KEY +#endif + +/** + * \def ARCH_TEST_RAW + * + * A "key" of this type cannot be used for any cryptographic operation. + * Applications may use this type to store arbitrary data in the keystore. + */ +#define ARCH_TEST_RAW + +/** + * \def ARCH_TEST_CIPER + * + * Enable the generic cipher layer. + */ +#ifdef MBEDTLS_CIPHER_C +#define ARCH_TEST_CIPER +#endif +/** + * \def ARCH_TEST_ARC4 + * + * Enable the ARC4 key type. + */ +#ifdef MBEDTLS_ARC4_C +#define ARCH_TEST_ARC4 +#endif +/** + * \def ARCH_TEST_CIPER_MODE_CTR + * + * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. + * + * Requires: ARCH_TEST_CIPER + */ +#ifdef MBEDTLS_CIPHER_MODE_CTR +#define ARCH_TEST_CIPER_MODE_CTR +#endif + +/** + * \def ARCH_TEST_CIPER_MODE_CFB + * + * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + * + * Requires: ARCH_TEST_CIPER + */ +#ifdef MBEDTLS_CIPHER_MODE_CFB +#define ARCH_TEST_CIPER_MODE_CFB +#endif + +/** + * \def ARCH_TEST_CIPER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + * + * Requires: ARCH_TEST_CIPER + */ +#ifdef MBEDTLS_CIPHER_MODE_CBC +#define ARCH_TEST_CIPER_MODE_CBC +#endif + +/** + * \def ARCH_TEST_CTR_AES + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CTR + */ +#if defined(MBEDTLS_CIPHER_MODE_CTR) && defined(MBEDTLS_AES_C) +#define ARCH_TEST_CTR_AES +#endif +/** + * \def ARCH_TEST_CBC_AES + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CBC + * + * Comment macros to disable the types + */ +#if defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) +#define ARCH_TEST_CBC_AES +#define ARCH_TEST_CBC_AES_NO_PADDING +#endif + + +/** + * \def ARCH_TEST_CBC_NO_PADDING + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_CIPER_MODE_CBC + * + * Comment macros to disable the types + */ +#ifdef MBEDTLS_CIPHER_MODE_CBC +#define ARCH_TEST_CBC_NO_PADDING +#endif + +/** + * \def ARCH_TEST_CFB_AES + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CFB + */ +#if defined(MBEDTLS_CIPHER_MODE_CFB) && defined(MBEDTLS_AES_C) +#define ARCH_TEST_CFB_AES +#endif + +/** + * \def ARCH_TEST_PKCS1V15_* + * + * Enable support for PKCS#1 v1.5 encoding. + * Enable support for PKCS#1 v1.5 operations. + * Enable support for RSA-OAEP + * + * Requires: ARCH_TEST_RSA, ARCH_TEST_PKCS1V15 + * + * Comment macros to disable the types + */ +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) +#define ARCH_TEST_PKCS1V15 +#define ARCH_TEST_RSA_PKCS1V15_SIGN +#define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW +#define ARCH_TEST_RSA_PKCS1V15_CRYPT +#endif +#if defined(MBEDTLS_PKCS1_V21) && defined(MBEDTLS_RSA_C) +#define ARCH_TEST_RSA_OAEP +#endif + + +/** + * \def ARCH_TEST_CBC_PKCS7 + * + * Requires: ARCH_TEST_CIPER_MODE_CBC + * + * Comment macros to disable the types + */ +#if defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) +#define ARCH_TEST_CBC_PKCS7 +#endif + +/** + * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION + * + * Enable support for Asymmetric encryption algorithms + */ +#define ARCH_TEST_ASYMMETRIC_ENCRYPTION + +/** + * \def ARCH_TEST_HASH + * + * Enable the hash algorithm. + */ +#define ARCH_TEST_HASH + +/** + * \def ARCH_TEST_HMAC + * + * The key policy determines which underlying hash algorithm the key can be + * used for. + * + * Requires: ARCH_TEST_HASH + */ +#define ARCH_TEST_HMAC + +/** + * \def ARCH_TEST_MDX + * \def ARCH_TEST_SHAXXX + * + * Enable the MDX algorithm. + * Enable the SHAXXX algorithm. + * + * Requires: ARCH_TEST_HASH + * + * Comment macros to disable the types + */ +#ifdef MBEDTLS_MD_C +#ifdef MBEDTLS_MD2_C +#define ARCH_TEST_MD2 +#endif +#ifdef MBEDTLS_MD4_C +#define ARCH_TEST_MD4 +#endif +#ifdef MBEDTLS_MD5_C +#define ARCH_TEST_MD5 +#endif +#endif +#ifdef MBEDTLS_RIPEMD160_C +#define ARCH_TEST_RIPEMD160 +#endif +#ifdef MBEDTLS_SHA1_C +#define ARCH_TEST_SHA1 +#endif +#ifdef MBEDTLS_SHA224_C +#define ARCH_TEST_SHA224 +#endif +#ifdef MBEDTLS_SHA256_C +#define ARCH_TEST_SHA256 +#endif +#ifdef MBEDTLS_SHA384_C +#define ARCH_TEST_SHA384 +#endif +#ifdef MBEDTLS_SHA512_C +#define ARCH_TEST_SHA512 +#ifdef MBEDTLS_SHA512_224_C +#define ARCH_TEST_SHA512_224 +#endif +#ifdef MBEDTLS_SHA512_256_C +#define ARCH_TEST_SHA512_256 +#endif +#endif +#ifdef MBEDTLS_SHA3_C +#define ARCH_TEST_SHA3_224 +#define ARCH_TEST_SHA3_256 +#define ARCH_TEST_SHA3_384 +#define ARCH_TEST_SHA3_512 +#endif + +/** + * \def ARCH_TEST_HKDF + * + * Enable the HKDF algorithm (RFC 5869). + * + * Requires: ARCH_TEST_HASH +*/ +#ifdef MBEDTLS_HKDF_C +#define ARCH_TEST_HKDF +#endif + +/** + * \def ARCH_TEST_xMAC + * + * Enable the xMAC (Cipher/Hash/G-based Message Authentication Code) mode for block + * ciphers. + * Requires: ARCH_TEST_AES or ARCH_TEST_DES + * + * Comment macros to disable the types + */ +#ifdef MBEDTLS_CMAC_C +#define ARCH_TEST_CMAC +#endif +#ifdef MBEDTLS_GMAC_C +#define ARCH_TEST_GMAC +#endif +#define ARCH_TEST_HMAC + + +/** + * \def ARCH_TEST_CCM + * + * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. + * + * Requires: ARCH_TEST_AES + */ +#ifdef MBEDTLS_CCM_C +#define ARCH_TEST_CCM +#endif + +/** + * \def ARCH_TEST_GCM + * + * Enable the Galois/Counter Mode (GCM) for AES. + * + * Requires: ARCH_TEST_AES + * + */ +#ifdef MBEDTLS_GCM_C +#define ARCH_TEST_GCM +#endif + +/** + * \def ARCH_TEST_TRUNCATED_MAC + * + * Enable support for RFC 6066 truncated HMAC in SSL. + * + * Comment this macro to disable support for truncated HMAC in SSL + */ +#ifdef MBEDTLS_SSL_TRUNCATED_HMAC +#define ARCH_TEST_TRUNCATED_MAC +#endif + + +/** + * \def ARCH_TEST_ECDH + * + * Enable the elliptic curve Diffie-Hellman library. + * + * Requires: ARCH_TEST_ECC + */ +#ifdef MBEDTLS_ECDH_C +#define ARCH_TEST_ECDH +#endif + +/** + * \def ARCH_TEST_ECDSA + * + * Enable the elliptic curve DSA library. + * Requires: ARCH_TEST_ECC + */ +#ifdef MBEDTLS_ECDSA_C +#define ARCH_TEST_ECDSA +#endif + +/** + * \def ARCH_TEST_DETERMINISTIC_ECDSA + * + * Enable deterministic ECDSA (RFC 6979). +*/ +#ifdef MBEDTLS_ECDSA_DETERMINISTIC +#define ARCH_TEST_DETERMINISTIC_ECDSA +#endif + +#include "pal_crypto_config_check.h" + +#endif /* _PAL_CRYPTO_CONFIG_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h b/features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h new file mode 100644 index 0000000000..85b225e4a3 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h @@ -0,0 +1,223 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +/** + * \file pal_crypto_config_check.h + * + * \brief Consistency checks for configuration options + * + */ + +#ifndef _PAL_CRYPTO_CONFIG_CHECK_H_ +#define _PAL_CRYPTO_CONFIG_CHECK_H_ + +#if defined(ARCH_TEST_RSA_1024) && !defined(ARCH_TEST_RSA) +#error "ARCH_TEST_RSA_1024 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_2048) && !defined(ARCH_TEST_RSA) +#error "ARCH_TEST_RSA_2048 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_3072) && !defined(ARCH_TEST_RSA) +#error "ARCH_TEST_RSA_3072 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP192R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP192R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP224R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP224R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP256R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP256R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP384R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP384R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_AES_128) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_AES_128 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_AES_256) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_AES_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_AES_512) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_AES_512 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_DES_1KEY) && !defined(ARCH_TEST_DES) +#error "ARCH_TEST_DES_1KEY defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_DES_2KEY) && !defined(ARCH_TEST_DES) +#error "ARCH_TEST_DES_2KEY defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_DES_3KEY) && !defined(ARCH_TEST_DES) +#error "ARCH_TEST_DES_3KEY defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CIPER_MODE_CTR) && !defined(ARCH_TEST_CIPER) +#error "ARCH_TEST_CIPER_MODE_CTR defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CIPER_MODE_CFB) && !defined(ARCH_TEST_CIPER) +#error "ARCH_TEST_CIPER_MODE_CFB defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CIPER_MODE_CBC) && !defined(ARCH_TEST_CIPER) +#error "ARCH_TEST_CIPER_MODE_CBC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CTR_AES) &&\ + (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CTR)) +#error "ARCH_TEST_CTR_AES defined, but not all prerequisites" +#endif + +#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\ + (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC)) +#error "ARCH_TEST_CBC_AES defined, but not all prerequisites" +#endif + +#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\ + (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC)) +#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CFB_AES) &&\ + (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CFB)) +#error "ARCH_TEST_CFB_AES defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN) &&\ + (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15)) +#error "ARCH_TEST_RSA_PKCS1V15_SIGN defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN_RAW) &&\ + (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15)) +#error "ARCH_TEST_RSA_PKCS1V15_SIGN_RAW defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_PKCS1V15_CRYPT) &&\ + (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15)) +#error "ARCH_TEST_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CBC_PKCS7) && !defined(ARCH_TEST_CIPER_MODE_CBC) +#error "ARCH_TEST_CBC_PKCS7 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_HMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_MD2) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_MD2 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_MD4) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_MD4 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_MD5) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_MD5 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RIPEMD160) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_RIPEMD160 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA1) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA224) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA224 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA256) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA512) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA512 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA512_224) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA512_224 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA512_256) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA512_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_224) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_224 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_256) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_384) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_512) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_HKDF) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_HKDF defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_CMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_GMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_GMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_HMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CCM) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_CCM defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_GCM) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_GCM defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECDH) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECDH defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECDSA) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECDSA defined, but not all prerequisites" +#endif + +#endif /* _PAL_CRYPTO_CONFIG_CHECK_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c new file mode 100644 index 0000000000..ad97e15ad1 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c @@ -0,0 +1,339 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#define PSA_CRYPTO_IMPLEMENTED 1 +#include "pal_crypto_intf.h" + +#define PAL_KEY_SLOT_COUNT 32 + +/** + @brief - This API will call the requested crypto function + @param - type : function code + valist : variable argument list + @return - error status +**/ +int32_t pal_crypto_function(int type, va_list valist) +{ +#if PSA_CRYPTO_IMPLEMENTED + int i; + size_t size, *length, salt_length, label_length, ciphertext_size; + uint8_t *buffer, *ciphertext; + const uint8_t *salt, *label, *nonce, *additional_data; + uint8_t *plaintext; + uint32_t status; + const void *extra; + size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length; + psa_key_handle_t handle, *key_handle; + psa_key_type_t key_type, *key_type_out; + psa_key_policy_t *policy; + psa_key_usage_t usage, *usage_out; + psa_key_lifetime_t *lifetime_out; + psa_algorithm_t alg, *alg_out; + psa_hash_operation_t *hash_operation; + psa_mac_operation_t *mac_operation; + psa_cipher_operation_t *cipher_operation; + psa_crypto_generator_t *generator; + + switch (type) + { + case PAL_CRYPTO_INIT: + return psa_crypto_init(); + case PAL_CRYPTO_GENERATE_RANDOM: + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, int); + return psa_generate_random(buffer, size); + case PAL_CRYPTO_IMPORT_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type = va_arg(valist, psa_key_type_t); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, int); + status = psa_import_key(handle, key_type, buffer, size); + return status; + case PAL_CRYPTO_EXPORT_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + buffer = (uint8_t *)(va_arg(valist, uint8_t*)); + size = va_arg(valist, int); + length = (size_t *)va_arg(valist, size_t*); + status = psa_export_key(handle, buffer, size, length); + return status; + case PAL_CRYPTO_EXPORT_PUBLIC_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + buffer = (uint8_t *)(va_arg(valist, uint8_t*)); + size = va_arg(valist, int); + length = (size_t *)va_arg(valist, size_t*); + status = psa_export_public_key(handle, buffer, size, length); + return status; + case PAL_CRYPTO_KEY_POLICY_INIT: + policy = va_arg(valist, psa_key_policy_t*); + memset(policy, 0, sizeof(psa_key_policy_t)); + return 0; + case PAL_CRYPTO_KEY_POLICY_SET_USAGE: + policy = va_arg(valist, psa_key_policy_t*); + usage = va_arg(valist, psa_key_usage_t); + alg = va_arg(valist, psa_algorithm_t); + psa_key_policy_set_usage(policy, usage, alg); + return 0; + case PAL_CRYPTO_SET_KEY_POLICY: + handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_set_key_policy(handle, policy); + case PAL_CRYPTO_DESTROY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + status = psa_destroy_key(handle); + return status; + case PAL_CRYPTO_GET_KEY_INFORMATION: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type_out = va_arg(valist, psa_key_type_t*); + length = (size_t *)va_arg(valist, size_t*); + status = psa_get_key_information(handle, key_type_out, length); + return status; + case PAL_CRYPTO_GET_KEY_POLICY: + handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_get_key_policy(handle, policy); + case PAL_CRYPTO_KEY_POLICY_GET_USAGE: + policy = va_arg(valist, psa_key_policy_t*); + usage_out = va_arg(valist, psa_key_usage_t*); + *usage_out = psa_key_policy_get_usage(policy); + return 0; + case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM: + policy = va_arg(valist, psa_key_policy_t*); + alg_out = va_arg(valist, psa_algorithm_t*); + *alg_out = psa_key_policy_get_algorithm(policy); + return 0; + case PAL_CRYPTO_GET_KEY_LIFETIME: + handle = (psa_key_handle_t)va_arg(valist, int); + lifetime_out = va_arg(valist, psa_key_lifetime_t*); + return psa_get_key_lifetime(handle, lifetime_out); + case PAL_CRYPTO_HASH_SETUP: + hash_operation = va_arg(valist, psa_hash_operation_t*); + alg = va_arg(valist, psa_algorithm_t); + return psa_hash_setup(hash_operation, alg); + case PAL_CRYPTO_HASH_UPDATE: + hash_operation = va_arg(valist, psa_hash_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_hash_update(hash_operation, buffer, size); + case PAL_CRYPTO_HASH_VERIFY: + hash_operation = va_arg(valist, psa_hash_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_hash_verify(hash_operation, buffer, size); + case PAL_CRYPTO_HASH_FINISH: + hash_operation = va_arg(valist, psa_hash_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_hash_finish(hash_operation, buffer, size, length); + case PAL_CRYPTO_HASH_ABORT: + hash_operation = va_arg(valist, psa_hash_operation_t*); + return psa_hash_abort(hash_operation); + case PAL_CRYPTO_GENERATE_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type = va_arg(valist, psa_key_type_t); + size = va_arg(valist, size_t); + extra = va_arg(valist, const void*); + extra_size = va_arg(valist, size_t); + return psa_generate_key(handle, key_type, size, extra, extra_size); + case PAL_CRYPTO_GENERATOR_READ: + generator = va_arg(valist, psa_crypto_generator_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, int); + return psa_generator_read(generator, buffer, size); + case PAL_CRYPTO_KEY_DERIVATION: + generator = va_arg(valist, psa_crypto_generator_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + salt = va_arg(valist, const uint8_t *); + salt_length = va_arg(valist, size_t); + label = va_arg(valist, const uint8_t *); + label_length = va_arg(valist, size_t); + capacity = va_arg(valist, size_t); + return psa_key_derivation(generator, handle, alg, salt, salt_length, label, + label_length, capacity); + case PAL_CRYPTO_GET_GENERATOR_CAPACITY: + generator = va_arg(valist, psa_crypto_generator_t*); + gen_cap = va_arg(valist, size_t*); + return psa_get_generator_capacity(generator, gen_cap); + case PAL_CRYPTO_GENERATOR_IMPORT_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type = va_arg(valist, psa_key_type_t); + size = va_arg(valist, size_t); + generator = va_arg(valist, psa_crypto_generator_t*); + return psa_generator_import_key(handle, key_type, size, generator); + case PAL_CRYPTO_GENERATOR_ABORT: + generator = va_arg(valist, psa_crypto_generator_t*); + return psa_generator_abort(generator); + case PAL_CRYPTO_AEAD_ENCRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + nonce = va_arg(valist, const uint8_t *); + nonce_length = va_arg(valist, size_t); + additional_data = va_arg(valist, const uint8_t *); + additional_data_length = va_arg(valist, size_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data, + additional_data_length, plaintext, size, ciphertext, ciphertext_size, length); + case PAL_CRYPTO_AEAD_DECRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + nonce = va_arg(valist, const uint8_t *); + nonce_length = va_arg(valist, size_t); + additional_data = va_arg(valist, const uint8_t *); + additional_data_length = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data, + additional_data_length, ciphertext, ciphertext_size, plaintext, size, length); + case PAL_CRYPTO_MAC_SIGN_SETUP: + mac_operation = va_arg(valist, psa_mac_operation_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_mac_sign_setup(mac_operation, handle, alg); + case PAL_CRYPTO_MAC_UPDATE: + mac_operation = va_arg(valist, psa_mac_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_mac_update(mac_operation, buffer, size); + case PAL_CRYPTO_MAC_SIGN_FINISH: + mac_operation = va_arg(valist, psa_mac_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + length = (size_t *)va_arg(valist, size_t*); + return psa_mac_sign_finish(mac_operation, buffer, size, length); + case PAL_CRYPTO_MAC_VERIFY_SETUP: + mac_operation = va_arg(valist, psa_mac_operation_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_mac_verify_setup(mac_operation, handle, alg); + case PAL_CRYPTO_MAC_VERIFY_FINISH: + mac_operation = va_arg(valist, psa_mac_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_mac_verify_finish(mac_operation, buffer, size); + case PAL_CRYPTO_MAC_ABORT: + mac_operation = va_arg(valist, psa_mac_operation_t*); + return psa_mac_abort(mac_operation); + case PAL_CRYPTO_ASYMMTERIC_ENCRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + salt = va_arg(valist, const uint8_t *); + salt_length = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length, + ciphertext, ciphertext_size, length); + case PAL_CRYPTO_ASYMMTERIC_DECRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + salt = va_arg(valist, const uint8_t *); + salt_length = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length, + ciphertext, ciphertext_size, length); + case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_cipher_encrypt_setup(cipher_operation, handle, alg); + case PAL_CRYPTO_CIPHER_DECRYPT_SETUP: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_cipher_decrypt_setup(cipher_operation, handle, alg); + case PAL_CRYPTO_CIPHER_GENERATE_IV: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_cipher_generate_iv(cipher_operation, buffer, size, length); + case PAL_CRYPTO_CIPHER_SET_IV: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_cipher_set_iv(cipher_operation, buffer, size); + case PAL_CRYPTO_CIPHER_UPDATE: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size, + length); + case PAL_CRYPTO_CIPHER_FINISH: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_cipher_finish(cipher_operation, ciphertext, ciphertext_size, length); + case PAL_CRYPTO_CIPHER_ABORT: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + return psa_cipher_abort(cipher_operation); + case PAL_CRYPTO_ASYMMTERIC_SIGN: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size, + length); + case PAL_CRYPTO_ASYMMTERIC_VERIFY: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size); + case PAL_CRYPTO_KEY_AGREEMENT: + generator = va_arg(valist, psa_crypto_generator_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + alg = va_arg(valist, psa_algorithm_t); + return psa_key_agreement(generator, handle, buffer, size, alg); + case PAL_CRYPTO_ALLOCATE_KEY: + key_handle = (psa_key_handle_t *)va_arg(valist, int*); + return psa_allocate_key(key_handle); + case PAL_CRYPTO_FREE: + for (i = 0; i < PAL_KEY_SLOT_COUNT; i++) + psa_destroy_key(i); + return 0; + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } +#else + return PAL_STATUS_ERROR; +#endif +} diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h new file mode 100644 index 0000000000..90c5d9d349 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h @@ -0,0 +1,84 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_CRYPTO_H_ +#define _PAL_CRYPTO_H_ + +#include +#include "pal_common.h" + +#if PSA_IPC_IMPLEMENTED +#include "psa/client.h" +#endif + +#if PSA_CRYPTO_IMPLEMENTED +#include "psa/crypto.h" +#endif + +enum crypto_function_code { + PAL_CRYPTO_INIT = 0x1, + PAL_CRYPTO_GENERATE_RANDOM = 0x2, + PAL_CRYPTO_IMPORT_KEY = 0x3, + PAL_CRYPTO_EXPORT_KEY = 0x4, + PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5, + PAL_CRYPTO_DESTROY_KEY = 0x6, + PAL_CRYPTO_GET_KEY_INFO = 0x7, + PAL_CRYPTO_KEY_POLICY_INIT = 0x8, + PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9, + PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA, + PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB, + PAL_CRYPTO_SET_KEY_POLICY = 0xC, + PAL_CRYPTO_GET_KEY_POLICY = 0xD, + PAL_CRYPTO_GET_KEY_INFORMATION = 0xE, + PAL_CRYPTO_GET_KEY_LIFETIME = 0xF, + PAL_CRYPTO_HASH_SETUP = 0x11, + PAL_CRYPTO_HASH_UPDATE = 0x12, + PAL_CRYPTO_HASH_VERIFY = 0x13, + PAL_CRYPTO_HASH_FINISH = 0x14, + PAL_CRYPTO_HASH_ABORT = 0x15, + PAL_CRYPTO_GENERATE_KEY = 0x16, + PAL_CRYPTO_GENERATOR_READ = 0x17, + PAL_CRYPTO_KEY_DERIVATION = 0x18, + PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19, + PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A, + PAL_CRYPTO_GENERATOR_ABORT = 0x1B, + PAL_CRYPTO_AEAD_ENCRYPT = 0x1C, + PAL_CRYPTO_AEAD_DECRYPT = 0x1D, + PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E, + PAL_CRYPTO_MAC_UPDATE = 0x1F, + PAL_CRYPTO_MAC_SIGN_FINISH = 0x20, + PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21, + PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22, + PAL_CRYPTO_MAC_ABORT = 0x23, + PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24, + PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25, + PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26, + PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A, + PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B, + PAL_CRYPTO_CIPHER_SET_IV = 0x2C, + PAL_CRYPTO_CIPHER_UPDATE = 0x2D, + PAL_CRYPTO_CIPHER_FINISH = 0x2E, + PAL_CRYPTO_CIPHER_ABORT = 0x2F, + PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30, + PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, + PAL_CRYPTO_KEY_AGREEMENT = 0x32, + PAL_CRYPTO_ALLOCATE_KEY = 0x33, + PAL_CRYPTO_FREE = 0xFE, +}; + +int32_t pal_crypto_function(int type, va_list valist); +#endif /* _PAL_CRYPTO_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c new file mode 100644 index 0000000000..3cf9068151 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c @@ -0,0 +1,84 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + + +#include "pal_internal_trusted_storage_intf.h" + +/** + @brief - This API will call the requested internal trusted storage function + @param - type : function code + valist : variable argument list + @return - error status +**/ +uint32_t pal_its_function(int type, va_list valist) +{ +#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED + uint32_t uid, data_length, offset; + const void *p_write_data; + void *p_read_data; + psa_storage_create_flags_t its_create_flags; + //psa_ps_create_flags_t ps_create_flags; + struct psa_its_info_t *its_p_info; + //struct psa_eps_info_t *ps_p_info; + + switch (type) + { + case PAL_ITS_SET: + uid = va_arg(valist, psa_storage_uid_t); + data_length = va_arg(valist, uint32_t); + p_write_data = va_arg(valist, const void*); + its_create_flags = va_arg(valist, psa_storage_create_flags_t); + return psa_its_set(uid, data_length, p_write_data, its_create_flags); + case PAL_ITS_GET: + uid = va_arg(valist, psa_storage_uid_t); + offset = va_arg(valist, uint32_t); + data_length = va_arg(valist, uint32_t); + p_read_data = va_arg(valist, void*); + return psa_its_get(uid, offset, data_length, p_read_data); + case PAL_ITS_GET_INFO: + uid = va_arg(valist, psa_storage_uid_t); + its_p_info = va_arg(valist, struct psa_its_info_t*); + return psa_its_get_info(uid, (struct psa_storage_info_t *)its_p_info); + case PAL_ITS_REMOVE: + uid = va_arg(valist, psa_storage_uid_t); + return psa_its_remove(uid); + /* case PAL_PS_SET: */ + /* uid = va_arg(valist, uint32_t); */ + /* data_length = va_arg(valist, uint32_t); */ + /* p_write_data = va_arg(valist, const void*); */ + /* ps_create_flags = va_arg(valist, psa_ps_create_flags_t); */ + /* return psa_ps_set(uid, data_length, p_write_data, ps_create_flags); */ + /* case PAL_PS_GET: */ + /* uid = va_arg(valist, uint32_t); */ + /* offset = va_arg(valist, uint32_t); */ + /* data_length = va_arg(valist, uint32_t); */ + /* p_read_data = va_arg(valist, void*); */ + /* return psa_ps_get(uid, offset, data_length, p_read_data); */ + /* case PAL_PS_GET_INFO: */ + /* uid = va_arg(valist, uint32_t); */ + /* ps_p_info = va_arg(valist, struct psa_eps_info_t*); */ + /* return psa_ps_get_info(uid, ps_p_info); */ + /* case PAL_PS_REMOVE: */ + /* uid = va_arg(valist, uint32_t); */ + /* return psa_ps_remove(uid); */ + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } +#else + return PAL_STATUS_ERROR; +#endif +} diff --git a/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h new file mode 100644 index 0000000000..c40aa43839 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h @@ -0,0 +1,36 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ +#define _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ + +#include +#include "pal_common.h" + +#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED +#include "psa/internal_trusted_storage.h" +#endif + +enum its_function_code { + PAL_ITS_SET = 0x1, + PAL_ITS_GET = 0x2, + PAL_ITS_GET_INFO = 0x3, + PAL_ITS_REMOVE = 0x4, +}; + +uint32_t pal_its_function(int type, va_list valist); +#endif /* _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.cpp b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.cpp new file mode 100644 index 0000000000..1a772a2c7d --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.cpp @@ -0,0 +1,69 @@ +#include "mbed.h" +#include "rtos.h" +#include "val_interfaces.h" +#include "pal_common.h" + +#include "psa/crypto.h" +#include "entropy_poll.h" + +#include "pal_mbed_os_crypto.h" + +#include "lifecycle.h" + +#define TEST_STACK_SIZE 8192 +extern val_api_t val_api; +extern psa_api_t psa_api; +#ifdef PS_TEST +extern "C" psa_status_t psa_ps_reset(); +#endif + +test_entry_f test_g = NULL; + +#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC) + +#if !defined(MAX) +#define MAX(a,b) (((a)>(b))?(a):(b)) +#endif + +#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \ + MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) + +static void inject_entropy() +{ + uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 }; + for (int i = 0; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) { + seed[i] = i; + } + mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE); +} +#endif // defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC) + + +void main_wrapper(void) +{ +#ifdef ITS_TEST + mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST); +#elif PS_TEST + psa_ps_reset(); +#endif + +#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC) + inject_entropy(); +#endif /* defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC) */ + test_g(&val_api, &psa_api); + +#ifdef ITS_TEST + mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST); +#elif PS_TEST + psa_ps_reset(); +#endif +} + +int test_start(test_entry_f test_f) +{ + test_g = test_f; + Thread thread(osPriorityNormal, TEST_STACK_SIZE, NULL); + thread.start(main_wrapper); + thread.join(); + return 0; +} diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.h b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.h new file mode 100644 index 0000000000..419565a6fa --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.h @@ -0,0 +1,17 @@ +#ifndef PAL_MBED_OS_CRYPTO_H_ +#define PAL_MBED_OS_CRYPTO_H_ + +#include "val_interfaces.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void (*test_entry_f)(val_api_t *val_api, psa_api_t *psa_api); +int test_start(test_entry_f test_f); + +#ifdef __cplusplus +} +#endif + +#endif /* PAL_MBED_OS_CRYPTO_H_ */ diff --git a/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c new file mode 100644 index 0000000000..cfabb5e8ad --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c @@ -0,0 +1,63 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + + +#include "pal_protected_storage_intf.h" + +/** + @brief - This API will call the requested protected storage function + @param - type : function code + valist : variable argument list + @return - error status +**/ +uint32_t pal_ps_function(int type, va_list valist) +{ +#if PSA_PROTECTED_STORAGE_IMPLEMENTED + uint32_t uid, data_length, offset; + const void *p_write_data; + void *p_read_data; + psa_storage_create_flags_t ps_create_flags; + struct psa_ps_info_t *ps_p_info; + + switch (type) + { + case PAL_PS_SET: + uid = va_arg(valist, psa_storage_uid_t); + data_length = va_arg(valist, uint32_t); + p_write_data = va_arg(valist, const void*); + ps_create_flags = va_arg(valist, psa_storage_create_flags_t); + return psa_ps_set(uid, data_length, p_write_data, ps_create_flags); + case PAL_PS_GET: + uid = va_arg(valist, psa_storage_uid_t); + offset = va_arg(valist, uint32_t); + data_length = va_arg(valist, uint32_t); + p_read_data = va_arg(valist, void*); + return psa_ps_get(uid, offset, data_length, p_read_data); + case PAL_PS_GET_INFO: + uid = va_arg(valist, psa_storage_uid_t); + ps_p_info = va_arg(valist, struct psa_ps_info_t*); + return psa_ps_get_info(uid, ps_p_info); + case PAL_PS_REMOVE: + uid = va_arg(valist, psa_storage_uid_t); + return psa_ps_remove(uid); + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } +#else + return PAL_STATUS_ERROR; +#endif +} diff --git a/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h new file mode 100644 index 0000000000..3ebe86ab80 --- /dev/null +++ b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h @@ -0,0 +1,36 @@ +/** @file + * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_PROTECTED_STORAGE_INTF_H_ +#define _PAL_PROTECTED_STORAGE_INTF_H_ + +#include +#include "pal_common.h" + +#if PSA_PROTECTED_STORAGE_IMPLEMENTED +#include "psa/protected_storage.h" +#endif + +enum ps_function_code { + PAL_PS_SET = 0x1, + PAL_PS_GET = 0x2, + PAL_PS_GET_INFO = 0x3, + PAL_PS_REMOVE = 0x4, +}; + +uint32_t pal_ps_function(int type, va_list valist); +#endif /* _PAL_PROTECTED_STORAGE_INTF_H_ */ diff --git a/features/frameworks/TARGET_PSA/psa_manifest/sid.h b/features/frameworks/TARGET_PSA/psa_manifest/sid.h new file mode 100644 index 0000000000..e69de29bb2 diff --git a/features/frameworks/TARGET_PSA/val.h b/features/frameworks/TARGET_PSA/val.h index b3dbcd55f3..0989f49bb5 100644 --- a/features/frameworks/TARGET_PSA/val.h +++ b/features/frameworks/TARGET_PSA/val.h @@ -41,6 +41,10 @@ #define FALSE 1 #endif +#ifndef INT_MAX +#define INT_MAX 0xFFFFFFFF +#endif + #define _CONCAT(A,B) A##B #define CONCAT(A,B) _CONCAT(A,B) @@ -78,9 +82,7 @@ /* Test Defines */ -#define TEST_PUBLISH(test_id, entry) \ - const val_test_info_t __attribute__((section(".acs_test_info"))) \ - CONCAT(acs_test_info, entry) = {test_id, entry} +#define TEST_PUBLISH(test_id, entry) #define VAL_MAX_TEST_PER_COMP 200 #define VAL_FF_BASE 0 diff --git a/features/frameworks/TARGET_PSA/val_attestation.h b/features/frameworks/TARGET_PSA/val_attestation.h index d860739b3b..532272365d 100644 --- a/features/frameworks/TARGET_PSA/val_attestation.h +++ b/features/frameworks/TARGET_PSA/val_attestation.h @@ -19,6 +19,7 @@ #define _VAL_INITIAL_ATTESTATION_H_ #include "val.h" +#include "psa_initial_attestation_api.h" #define MAX_CHALLENGE_SIZE PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 diff --git a/features/frameworks/TARGET_PSA/val_client_defs.h b/features/frameworks/TARGET_PSA/val_client_defs.h index db7825ce46..d1d18d7b6e 100644 --- a/features/frameworks/TARGET_PSA/val_client_defs.h +++ b/features/frameworks/TARGET_PSA/val_client_defs.h @@ -19,6 +19,8 @@ #define _VAL_CLIENT_H_ #include "val.h" +#include "psa/client.h" +#include "crypto_values.h" #define INVALID_SID 0x0000FA20 diff --git a/features/frameworks/TARGET_PSA/val_crypto.h b/features/frameworks/TARGET_PSA/val_crypto.h index 6cb1b2f014..644e59c787 100644 --- a/features/frameworks/TARGET_PSA/val_crypto.h +++ b/features/frameworks/TARGET_PSA/val_crypto.h @@ -19,6 +19,9 @@ #define _VAL_CRYPTO_H_ #include "val.h" +#include "psa/client.h" +#include "crypto_values.h" +#include "crypto.h" #define BYTES_TO_BITS(byte) (byte * 8) diff --git a/features/frameworks/TARGET_PSA/val_framework.h b/features/frameworks/TARGET_PSA/val_framework.h new file mode 100644 index 0000000000..e69de29bb2 diff --git a/features/frameworks/TARGET_PSA/val_greentea.cpp b/features/frameworks/TARGET_PSA/val_greentea.cpp new file mode 100644 index 0000000000..1bf2f41f30 --- /dev/null +++ b/features/frameworks/TARGET_PSA/val_greentea.cpp @@ -0,0 +1,324 @@ +#include "greentea-client/test_env.h" +#include "inttypes.h" +#include "val_greentea.h" + +extern "C" { + +/* globals */ +test_status_buffer_t g_status_buffer; + +void mbed_val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield) +{ + /*global init*/ + g_status_buffer.state = 0; + g_status_buffer.status = VAL_STATUS_INVALID; + + mbed_val_print(PRINT_ALWAYS, "\nTEST: %d | DESCRIPTION: ", test_num); + mbed_val_print(PRINT_ALWAYS, desc, 0); +#ifndef NO_GREENTEA + GREENTEA_SETUP(100, "default_auto"); +#endif + mbed_val_set_status(RESULT_START(VAL_STATUS_SUCCESS)); + return; +} + +void mbed_val_test_exit(void) +{ + uint32_t status = mbed_val_get_status(); + + /* return if test skipped or failed */ + if (IS_TEST_FAIL(status) || IS_TEST_SKIP(status)) + { + GREENTEA_TESTSUITE_RESULT(false); + return; + } + else + { + GREENTEA_TESTSUITE_RESULT(true); + mbed_val_set_status(RESULT_END(VAL_STATUS_SUCCESS)); + } +} + +/** +@brief - This function executes given list of tests from non-secure sequentially + This covers non-secure to secure IPC API scenario +@param - test_num : Test_num +@param - tests_list : list of tests to be executed +@param - server_hs : Initiate a server handshake +@return - val_status_t +**/ +val_status_t mbed_val_execute_non_secure_tests(uint32_t test_num, client_test_t *tests_list, + bool_t server_hs) +{ + val_status_t status = VAL_STATUS_SUCCESS; + int32_t test_status = VAL_STATUS_SUCCESS; + boot_t boot = {.state = BOOT_NOT_EXPECTED}; + psa_handle_t handle; + uint32_t i = 1; + test_info_t test_info; + char testcase_name[100] = ""; + bool continue_test = true; + + test_info.test_num = test_num; + if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_CRYPTO) + { + mbed_val_print(PRINT_TEST, "[Info] Executing tests from non-secure\n", 0); + while (tests_list[i] != NULL) + { + memset(testcase_name, 0, 100); + sprintf(testcase_name, "Check%d", i); + GREENTEA_TESTCASE_START(testcase_name); + if (server_hs == TRUE) + { + /* Handshake with server tests */ + test_info.block_num = i; + status = mbed_val_execute_secure_test_func(&handle, test_info, + SERVER_TEST_DISPATCHER_SID); + if (VAL_ERROR(status)) + { + mbed_val_set_status(RESULT_FAIL(status)); + mbed_val_print(PRINT_ERROR, "[Check%d] START\n", i); + return status; + } + else + { + mbed_val_print(PRINT_DEBUG, "[Check%d] START\n", i); + } + } + + /* Execute client tests */ + test_status = tests_list[i](NONSECURE); + + if (server_hs == TRUE) + { + /* Retrive Server test status */ + status = mbed_val_get_secure_test_result(&handle); + } + + if (test_status != VAL_STATUS_SUCCESS) + { + status = VAL_STATUS_ERROR; + } + + if (IS_TEST_SKIP(status)) + { + mbed_val_set_status(status); + mbed_val_print(PRINT_DEBUG, "[Check%d] SKIPPED\n", i); + GREENTEA_TESTCASE_FINISH(testcase_name, 1, 0); + continue_test = false; + } + else if (VAL_ERROR(status)) + { + mbed_val_set_status(RESULT_FAIL(status)); + if (server_hs == TRUE) + mbed_val_print(PRINT_ERROR, "[Check%d] FAILED\n", i); + GREENTEA_TESTCASE_FINISH(testcase_name, 0, 1); + continue_test = false; + } + else + { + if (server_hs == TRUE) + mbed_val_print(PRINT_DEBUG, "[Check%d] PASSED\n", i); + GREENTEA_TESTCASE_FINISH(testcase_name, 1, 0); + continue_test = true; + } + + if (!continue_test) + { + return status; + } + + i++; + } + } + else + { + /* If we are here means, we are in second run of this test */ + status = VAL_STATUS_SUCCESS; + if (boot.state != BOOT_EXPECTED_S) + { + mbed_val_print(PRINT_DEBUG, "[Check1] PASSED\n", 0); + } + } + return status; +} + +/** +@brief - Records the state and status of test +@return - val_status_t +**/ +val_status_t mbed_val_set_status(uint32_t status) +{ + g_status_buffer.state = ((status >> TEST_STATE_BIT) & TEST_STATE_MASK); + g_status_buffer.status = (status & TEST_STATUS_MASK); + + return VAL_STATUS_SUCCESS; +} + +/** +@brief - Updates the state and status for a given test +@return - test status +**/ +uint32_t mbed_val_get_status(void) +{ + return ((g_status_buffer.state) << TEST_STATE_BIT) | (g_status_buffer.status); +} + +/** +@brief - This function is used to handshake between: + - nonsecure client fn to server test fn + - secure client fn and server test fn + - nonsecure client fn to secure client test fn +@param - handle : handle returned while connecting given sid +@param - test_info : Test_num and block_num to be executed +@param - sid : RoT service to be connected. Partition dispatcher sid +@return - val_status_t +**/ +val_status_t mbed_val_execute_secure_test_func(psa_handle_t *handle, test_info_t test_info, uint32_t sid) +{ + uint32_t test_data; + val_status_t status = VAL_STATUS_SUCCESS; + psa_status_t status_of_call = PSA_SUCCESS; + + *handle = pal_ipc_connect(sid, 0); + if (*handle < 0) + { + mbed_val_print(PRINT_ERROR, "Could not connect SID. Handle=%x\n", *handle); + return VAL_STATUS_CONNECTION_FAILED; + } + + test_data = ((uint32_t)(test_info.test_num) | ((uint32_t)(test_info.block_num) << BLOCK_NUM_POS) | ((uint32_t)(TEST_EXECUTE_FUNC) << ACTION_POS)); + psa_invec data[1] = {{&test_data, sizeof(test_data)}}; + + status_of_call = pal_ipc_call(*handle, data, 1, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + status = VAL_STATUS_CALL_FAILED; + mbed_val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call); + pal_ipc_close(*handle); + } + + return status; +} + +/** +@brief - Print module. This is client interface API of secure partition + mbed_val_print_sf API for nspe world +@param - verbosity: Print verbosity level + - string : Input string + - data : Value for format specifier +@return - val_status_t +**/ +val_status_t mbed_val_print(print_verbosity_t verbosity, const char *string, uint32_t data) +{ + if (data != 0) { + printf(string, data); + } else { + printf(string); + } + + return VAL_STATUS_SUCCESS; +} + +/** +@brief - This function is used to retrive the status of previously connected test function + using mbed_val_execute_secure_test_func +@param - handle : handle of server function. Handle of Partition dispatcher sid +@return - The status of test functions +**/ +val_status_t mbed_val_get_secure_test_result(psa_handle_t *handle) +{ + uint32_t test_data; + val_status_t status = VAL_STATUS_SUCCESS; + psa_status_t status_of_call = PSA_SUCCESS; + + test_data = (TEST_RETURN_RESULT << ACTION_POS); + + psa_outvec resp = {&status, sizeof(status)}; + psa_invec data[1] = {{&test_data, sizeof(test_data)}}; + + status_of_call = pal_ipc_call(*handle, data, 1, &resp, 1); + if (status_of_call != PSA_SUCCESS) + { + status = VAL_STATUS_CALL_FAILED; + mbed_val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call); + } + + pal_ipc_close(*handle); + return status; +} + +/** + * @brief Connect to given sid + @param -sid : RoT service id + @param -minor_version : minor_version of RoT service + @param -handle - return connection handle + * @return val_status_t + */ +val_status_t mbed_val_ipc_connect(uint32_t sid, uint32_t minor_version, psa_handle_t *handle ) +{ + *handle = pal_ipc_connect(sid, minor_version); + + if (*handle < 0) + { + return VAL_STATUS_CONNECTION_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +/** + * @brief Call a connected Root of Trust Service.@n + * The caller must provide an array of ::psa_invec_t structures as the input payload. + * + * @param handle Handle for the connection. + * @param in_vec Array of psa_invec structures. + * @param in_len Number of psa_invec structures in in_vec. + * @param out_vec Array of psa_outvec structures for optional Root of Trust Service response. + * @param out_len Number of psa_outvec structures in out_vec. + * @return val_status_t + */ +val_status_t mbed_val_ipc_call(psa_handle_t handle, psa_invec *in_vec, size_t in_len, + psa_outvec *out_vec, size_t out_len) +{ + psa_status_t call_status = PSA_SUCCESS; + + call_status = pal_ipc_call(handle, in_vec, in_len, out_vec, out_len); + + if (call_status != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +/** + * @brief Close a connection to a Root of Trust Service. + * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources. + * + * @param handle Handle for the connection. + * @return void + */ +void mbed_val_ipc_close(psa_handle_t handle) +{ + pal_ipc_close(handle); +} + + +/** + * @brief reprogram the watchdog timer + * always succeeds on mbed-greentead testing. + * + * @param timeout_type type of timeout. + * @return val_status_t + */ +val_status_t mbed_val_wd_reprogram_timer(wd_timeout_type_t timeout_type) +{ + return VAL_STATUS_SUCCESS; +} + + +} + + diff --git a/features/frameworks/TARGET_PSA/val_greentea.h b/features/frameworks/TARGET_PSA/val_greentea.h new file mode 100644 index 0000000000..77edb916ed --- /dev/null +++ b/features/frameworks/TARGET_PSA/val_greentea.h @@ -0,0 +1,30 @@ +#ifndef _VAL_GREENTEA_H_ +#define _VAL_GREENTEA_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "val.h" +#include "val_interfaces.h" + +void mbed_val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield); +void mbed_val_test_exit(void); +val_status_t mbed_val_execute_non_secure_tests(uint32_t test_num, client_test_t *tests_list, bool_t server_hs); +val_status_t mbed_val_set_status(uint32_t status); +uint32_t mbed_val_get_status(void); +val_status_t mbed_val_execute_secure_test_func(psa_handle_t *handle, test_info_t test_info, uint32_t sid); +val_status_t mbed_val_print(print_verbosity_t verbosity, const char *string, uint32_t data); +val_status_t mbed_val_get_secure_test_result(psa_handle_t *handle); +val_status_t mbed_val_ipc_connect(uint32_t sid, uint32_t minor_version, psa_handle_t *handle); +val_status_t mbed_val_ipc_call(psa_handle_t handle, psa_invec *in_vec, size_t in_len, + psa_outvec *out_vec, size_t out_len); +void mbed_val_ipc_close(psa_handle_t handle); +val_status_t mbed_val_wd_reprogram_timer(wd_timeout_type_t timeout_type); + +#ifdef __cplusplus +} +#endif + +#endif // _VAL_GREENTEA_H_ diff --git a/features/frameworks/TARGET_PSA/val_interfaces.c b/features/frameworks/TARGET_PSA/val_interfaces.c index 719f4b0818..a3ba81c601 100644 --- a/features/frameworks/TARGET_PSA/val_interfaces.c +++ b/features/frameworks/TARGET_PSA/val_interfaces.c @@ -16,10 +16,8 @@ **/ -#include "val_framework.h" +#include "val_greentea.h" #include "val_interfaces.h" -#include "val_peripherals.h" -#include "val_target.h" #include "val_crypto.h" #include "val_internal_trusted_storage.h" #include "val_protected_storage.h" @@ -27,28 +25,28 @@ /*VAL APIs to be used by test */ const val_api_t val_api = { - .print = val_print, - .set_status = val_set_status, - .get_status = val_get_status, - .test_init = val_test_init, - .test_exit = val_test_exit, - .err_check_set = val_err_check_set, - .target_get_config = val_target_get_config, - .execute_non_secure_tests = val_execute_non_secure_tests, - .switch_to_secure_client = val_switch_to_secure_client, - .execute_secure_test_func = val_execute_secure_test_func, - .get_secure_test_result = val_get_secure_test_result, - .ipc_connect = val_ipc_connect, - .ipc_call = val_ipc_call, - .ipc_close = val_ipc_close, - .nvmem_read = val_nvmem_read, - .nvmem_write = val_nvmem_write, - .wd_timer_init = val_wd_timer_init, - .wd_timer_enable = val_wd_timer_enable, - .wd_timer_disable = val_wd_timer_disable, - .wd_reprogram_timer = val_wd_reprogram_timer, - .set_boot_flag = val_set_boot_flag, - .get_boot_flag = val_get_boot_flag, + .print = mbed_val_print, + .set_status = mbed_val_set_status, + .get_status = mbed_val_get_status, + .test_init = mbed_val_test_init, + .test_exit = mbed_val_test_exit, + .err_check_set = NULL, + .target_get_config = NULL, + .execute_non_secure_tests = mbed_val_execute_non_secure_tests, + .switch_to_secure_client = NULL, + .execute_secure_test_func = mbed_val_execute_secure_test_func, + .get_secure_test_result = mbed_val_get_secure_test_result, + .ipc_connect = mbed_val_ipc_connect, + .ipc_call = mbed_val_ipc_call, + .ipc_close = mbed_val_ipc_close, + .nvmem_read = NULL, + .nvmem_write = NULL, + .wd_timer_init = NULL, + .wd_timer_enable = NULL, + .wd_timer_disable = NULL, + .wd_reprogram_timer = mbed_val_wd_reprogram_timer, + .set_boot_flag = NULL, + .get_boot_flag = NULL, .crypto_function = val_crypto_function, .its_function = val_its_function, .ps_function = val_ps_function, diff --git a/features/frameworks/TARGET_PSA/val_interfaces.h b/features/frameworks/TARGET_PSA/val_interfaces.h index b41aab1b6a..80996bdb2d 100644 --- a/features/frameworks/TARGET_PSA/val_interfaces.h +++ b/features/frameworks/TARGET_PSA/val_interfaces.h @@ -25,7 +25,7 @@ /* typedef's */ typedef struct { val_status_t (*print) (print_verbosity_t verbosity, - char *string, uint32_t data); + const char *string, uint32_t data); val_status_t (*set_status) (uint32_t status); uint32_t (*get_status) (void); void (*test_init) (uint32_t test_num, char8_t *desc, @@ -79,7 +79,5 @@ typedef struct { test_fptr_t entry_addr; } val_test_info_t; -#include "test_entry_fn_declare_list.inc" - void test_entry(val_api_t *val, psa_api_t *psa); #endif