ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

changes to test infrastructure to adapt it to green-tea 

changes to test infrastructure to adapt it to green-tea
Make ITS testing default
Fix IAR build issues
pull/9312/head
Nir Sonnenschein 2019-02-28 16:01:40 +02:00
parent 22e429bdd4
commit eae1252c29
25 changed files with 2137 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h
View File

@ -18,6 +18,7 @@
#ifndef _PAL_INITIAL_ATTESTATION_H_
#define _PAL_INITIAL_ATTESTATION_H_
#include "psa_initial_attestation_api.h"
#include "pal_attestation_eat.h"
enum attestation_function_code {

98
features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c Normal file
View File

@ -0,0 +1,98 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifndef COMPONENT_PSA_SRV_IPC
#include "pal_common.h"
#include "pal_client_api_intf.h"
/**
* @brief - Retrieve the version of the PSA Framework API that is implemented.
* This is a wrapper API for psa_framework_version API.
* @param - void
* @return - The PSA Framework API version.
*/
uint32_t pal_ipc_framework_version(void)
{
return 0;
}
/**
* @brief - Retrieve the minor version of a Root of Trust Service by its SID.
* This is a wrapper API for the psa_version API.
* @param - sid The Root of Trust Service ID
* @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust
* Service not present on the system.
*/
uint32_t pal_ipc_version(uint32_t sid)
{
return PSA_VERSION_NONE;
}
/**
* @brief - Connect to given sid.
* This is a wrapper API for the psa_connect API.
* @param - sid : RoT service id
* @param - minor_version : minor_version of RoT service
* @return - psa_handle_t : return connection handle
*/
psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version)
{
return PSA_NULL_HANDLE;
}
/**
* @brief Call a connected Root of Trust Service.
* This is a wrapper API for the psa_call API.
* The caller must provide an array of ::psa_invec_t structures as the input payload.
*
* @param -handle Handle for the connection.
* @param -in_vec Array of psa_invec structures.
* @param -in_len Number of psa_invec structures in in_vec.
* @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response.
* @param -out_len Number of psa_outvec structures in out_vec.
* @return -psa_status_t
*/
psa_status_t pal_ipc_call(psa_handle_t handle,
const psa_invec *in_vec,
size_t in_len,
psa_outvec *out_vec,
size_t out_len)
{
return (PSA_SUCCESS - 1);
}
/**
* @brief Close a connection to a Root of Trust Service.
* This is a wrapper API for the psa_close API.
* Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources.
*
* @param handle Handle for the connection.
* @return void
*/
void pal_ipc_close(psa_handle_t handle)
{
return;
}
#endif

101
features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c Normal file
View File

@ -0,0 +1,101 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifdef COMPONENT_PSA_SRV_IPC
#include "pal_common.h"
#include "pal_client_api_intf.h"
/**
* @brief - Retrieve the version of the PSA Framework API that is implemented.
* This is a wrapper API for psa_framework_version API.
* @param - void
* @return - The PSA Framework API version.
* Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented.
*/
uint32_t pal_ipc_framework_version(void)
{
return (psa_framework_version());
}
/**
* @brief - Retrieve the minor version of a Root of Trust Service by its SID.
* This is a wrapper API for the psa_version API.
* @param - sid The Root of Trust Service ID
* @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust
* Service not present on the system.
* Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented.
*/
uint32_t pal_ipc_version(uint32_t sid)
{
return (psa_version(sid));
}
/**
* @brief - Connect to given sid.
* This is a wrapper API for the psa_connect API.
* @param - sid : RoT service id
* @param - minor_version : minor_version of RoT service
* @return - psa_handle_t : return connection handle
* Note - Return PSA_NULL_HANDLE if PSA IPC is not implemented.
*/
psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version)
{
return (psa_connect(sid, minor_version));
}
/**
* @brief Call a connected Root of Trust Service.
* This is a wrapper API for the psa_call API.
* The caller must provide an array of ::psa_invec_t structures as the input payload.
*
* @param -handle Handle for the connection.
* @param -in_vec Array of psa_invec structures.
* @param -in_len Number of psa_invec structures in in_vec.
* @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response.
* @param -out_len Number of psa_outvec structures in out_vec.
* @return -psa_status_t
* Note - Return -1 if PSA IPC is not implemented.
*/
psa_status_t pal_ipc_call(psa_handle_t handle,
const psa_invec *in_vec,
size_t in_len,
psa_outvec *out_vec,
size_t out_len)
{
return (psa_call(handle, in_vec, in_len, out_vec, out_len));
}
/**
* @brief Close a connection to a Root of Trust Service.
* This is a wrapper API for the psa_close API.
* Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources.
*
* @param - handle Handle for the connection.
* @return - void
*/
void pal_ipc_close(psa_handle_t handle)
{
psa_close(handle);
}
#endif

74
features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h Normal file
View File

@ -0,0 +1,74 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifndef _PAL_CLIENT_API_H_
#define _PAL_CLIENT_API_H_
#if PSA_IPC_IMPLEMENTED
/* psa/client.h: Contains the Client API elements. Accessible to all applications */
#include "psa/client.h"
/* psa_manifest/sid.h: Macro definitions derived from manifest files that map from RoT Service
* names to Service IDs (SIDs).
* Partition manifest parse build tool must provide the implementation of this file.
*/
#include "psa_manifest/sid.h"
#else
#include "pal_common.h"
#define PSA_VERSION_NONE (0)
#define PSA_SUCCESS (0)
#define PSA_CONNECTION_REFUSED (INT32_MIN + 1)
#define PSA_CONNECTION_BUSY (INT32_MIN + 2)
#define PSA_DROP_CONNECTION (INT32_MIN)
#define PSA_NULL_HANDLE ((psa_handle_t)0)
typedef int32_t psa_status_t;
typedef int32_t psa_handle_t;
typedef struct psa_invec {
const void *base;
size_t len;
} psa_invec;
typedef struct psa_outvec {
void *base;
size_t len;
} psa_outvec;
uint32_t psa_framework_version(void);
uint32_t psa_version(uint32_t sid);
psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version);
psa_status_t psa_call(psa_handle_t handle,
const psa_invec *in_vec,
size_t in_len,
psa_outvec *out_vec,
size_t out_len);
void psa_close(psa_handle_t handle);
#endif /* PSA_IPC_IMPLEMENTED */
uint32_t pal_ipc_framework_version(void);
uint32_t pal_ipc_version(uint32_t sid);
psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version);
psa_status_t pal_ipc_call(psa_handle_t handle,
const psa_invec *in_vec,
size_t in_len,
psa_outvec *out_vec,
size_t out_len);
void pal_ipc_close(psa_handle_t handle);
#endif /* _PAL_CLIENT_API_H_ */

112
features/frameworks/TARGET_PSA/pal/pal_common.h Normal file
View File

@ -0,0 +1,112 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifndef _PAL_COMMON_H_
#define _PAL_COMMON_H_
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <limits.h>
#include <stdarg.h>
#ifndef PSA_PROTECTED_STORAGE_IMPLEMENTED
#define PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED 1 /* Use ITS by default */
#define ITS_TEST 1
#endif
#include "pal_crypto_config.h"
#include "internal_trusted_storage.h"
/* typedef's */
typedef uint8_t bool_t;
typedef uint32_t addr_t;
typedef uint32_t test_id_t;
typedef uint32_t block_id_t;
typedef char char8_t;
typedef uint32_t cfg_id_t;
#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF
typedef enum
{
PAL_STATUS_SUCCESS = 0x0,
PAL_STATUS_ERROR = 0x80
} pal_status_t;
typedef enum {
NVMEM_READ = 0x1,
NVMEM_WRITE = 0x2,
} nvmem_fn_type_t;
typedef struct {
nvmem_fn_type_t nvmem_fn_type;
addr_t base;
uint32_t offset;
int size;
} nvmem_param_t;
typedef enum {
WD_INIT_SEQ = 0x1,
WD_ENABLE_SEQ = 0x2,
WD_DISABLE_SEQ = 0x3,
WD_STATUS_SEQ = 0x4,
} wd_fn_type_t;
typedef enum {
WD_LOW_TIMEOUT = 0x1,
WD_MEDIUM_TIMEOUT = 0x2,
WD_HIGH_TIMEOUT = 0x3,
WD_CRYPTO_TIMEOUT = 0x4,
} wd_timeout_type_t;
typedef struct {
wd_fn_type_t wd_fn_type;
addr_t wd_base_addr;
uint32_t wd_time_us;
uint32_t wd_timer_tick_us;
} wd_param_t;
typedef enum {
UART_INIT = 0x1,
UART_PRINT = 0x2,
} uart_fn_type_t;
/*
* Redefining some of the client.h elements for compilation to go through
* when PSA IPC APIs are not implemented.
*/
#if (PSA_IPC_IMPLEMENTED == 0)
#ifndef PSA_VERSION_NONE
#define PSA_VERSION_NONE (0)
#endif
#ifndef PSA_SUCCESS
#define PSA_SUCCESS (0)
typedef int32_t psa_status_t;
#endif
typedef int32_t psa_handle_t;
#ifndef PSA_NULL_HANDLE
#define PSA_NULL_HANDLE ((psa_handle_t)0)
#endif
#endif /* PSA_IPC_IMPLEMENTED */
#endif /* _PAL_COMMON_H_ */

411
features/frameworks/TARGET_PSA/pal/pal_crypto_config.h Normal file
View File

@ -0,0 +1,411 @@
/** @file
* Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/*
* \file pal_crypto_config.h
*
* \brief Configuration options for crypto tests (set of defines)
*
* This set of compile-time options may be used to enable
* or disable features selectively for crypto test suite
*/
#ifndef _PAL_CRYPTO_CONFIG_H_
#define _PAL_CRYPTO_CONFIG_H_
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
/**
* \def ARCH_TEST_RSA
*
* Enable the RSA public-key cryptosystem.
* By default all supported keys are enabled.
*
* Comment macros to disable the types
*/
#ifdef MBEDTLS_RSA_C
#define ARCH_TEST_RSA
#define ARCH_TEST_RSA_1024
#define ARCH_TEST_RSA_2048
#define ARCH_TEST_RSA_3072
#endif
/**
* \def ARCH_TEST_ECC
* \def ARCH_TEST_ECC_CURVE_SECPXXXR1
*
* Enable the elliptic curve
* Enable specific curves within the Elliptic Curve
* module. By default all supported curves are enabled.
*
* Requires: ARCH_TEST_ECC
* Comment macros to disable the curve
*/
#ifdef MBEDTLS_ECP_C
#define ARCH_TEST_ECC
#ifdef MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define ARCH_TEST_ECC_CURVE_SECP192R1
#endif
#ifdef MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define ARCH_TEST_ECC_CURVE_SECP224R1
#endif
#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define ARCH_TEST_ECC_CURVE_SECP256R1
#endif
#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define ARCH_TEST_ECC_CURVE_SECP384R1
#endif
#endif
/**
* \def ARCH_TEST_AES
*
* Enable the AES block cipher.
* By default all supported keys are enabled.
*
* Comment macros to disable the types
*/
#ifdef MBEDTLS_AES_C
#define ARCH_TEST_AES
#define ARCH_TEST_AES_128
#define ARCH_TEST_AES_192
#define ARCH_TEST_AES_256
#define ARCH_TEST_AES_512
#endif
/**
* \def ARCH_TEST_DES
*
* Enable the DES block cipher.
* By default all supported keys are enabled.
*
* Comment macros to disable the types
*/
#ifdef MBEDTLS_DES_C
#define ARCH_TEST_DES
#define ARCH_TEST_DES_1KEY
#define ARCH_TEST_DES_2KEY
#define ARCH_TEST_DES_3KEY
#endif
/**
* \def ARCH_TEST_RAW
*
* A "key" of this type cannot be used for any cryptographic operation.
* Applications may use this type to store arbitrary data in the keystore.
*/
#define ARCH_TEST_RAW
/**
* \def ARCH_TEST_CIPER
*
* Enable the generic cipher layer.
*/
#ifdef MBEDTLS_CIPHER_C
#define ARCH_TEST_CIPER
#endif
/**
* \def ARCH_TEST_ARC4
*
* Enable the ARC4 key type.
*/
#ifdef MBEDTLS_ARC4_C
#define ARCH_TEST_ARC4
#endif
/**
* \def ARCH_TEST_CIPER_MODE_CTR
*
* Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
*
* Requires: ARCH_TEST_CIPER
*/
#ifdef MBEDTLS_CIPHER_MODE_CTR
#define ARCH_TEST_CIPER_MODE_CTR
#endif
/**
* \def ARCH_TEST_CIPER_MODE_CFB
*
* Enable Cipher Feedback mode (CFB) for symmetric ciphers.
*
* Requires: ARCH_TEST_CIPER
*/
#ifdef MBEDTLS_CIPHER_MODE_CFB
#define ARCH_TEST_CIPER_MODE_CFB
#endif
/**
* \def ARCH_TEST_CIPER_MODE_CBC
*
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
*
* Requires: ARCH_TEST_CIPER
*/
#ifdef MBEDTLS_CIPHER_MODE_CBC
#define ARCH_TEST_CIPER_MODE_CBC
#endif
/**
* \def ARCH_TEST_CTR_AES
*
* Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CTR
*/
#if defined(MBEDTLS_CIPHER_MODE_CTR) && defined(MBEDTLS_AES_C)
#define ARCH_TEST_CTR_AES
#endif
/**
* \def ARCH_TEST_CBC_AES
*
* Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CBC
*
* Comment macros to disable the types
*/
#if defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
#define ARCH_TEST_CBC_AES
#define ARCH_TEST_CBC_AES_NO_PADDING
#endif
/**
* \def ARCH_TEST_CBC_NO_PADDING
*
* Requires: ARCH_TEST_CIPER, ARCH_TEST_CIPER_MODE_CBC
*
* Comment macros to disable the types
*/
#ifdef MBEDTLS_CIPHER_MODE_CBC
#define ARCH_TEST_CBC_NO_PADDING
#endif
/**
* \def ARCH_TEST_CFB_AES
*
* Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CFB
*/
#if defined(MBEDTLS_CIPHER_MODE_CFB) && defined(MBEDTLS_AES_C)
#define ARCH_TEST_CFB_AES
#endif
/**
* \def ARCH_TEST_PKCS1V15_*
*
* Enable support for PKCS#1 v1.5 encoding.
* Enable support for PKCS#1 v1.5 operations.
* Enable support for RSA-OAEP
*
* Requires: ARCH_TEST_RSA, ARCH_TEST_PKCS1V15
*
* Comment macros to disable the types
*/
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
#define ARCH_TEST_PKCS1V15
#define ARCH_TEST_RSA_PKCS1V15_SIGN
#define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
#define ARCH_TEST_RSA_PKCS1V15_CRYPT
#endif
#if defined(MBEDTLS_PKCS1_V21) && defined(MBEDTLS_RSA_C)
#define ARCH_TEST_RSA_OAEP
#endif
/**
* \def ARCH_TEST_CBC_PKCS7
*
* Requires: ARCH_TEST_CIPER_MODE_CBC
*
* Comment macros to disable the types
*/
#if defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
#define ARCH_TEST_CBC_PKCS7
#endif
/**
* \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
*
* Enable support for Asymmetric encryption algorithms
*/
#define ARCH_TEST_ASYMMETRIC_ENCRYPTION
/**
* \def ARCH_TEST_HASH
*
* Enable the hash algorithm.
*/
#define ARCH_TEST_HASH
/**
* \def ARCH_TEST_HMAC
*
* The key policy determines which underlying hash algorithm the key can be
* used for.
*
* Requires: ARCH_TEST_HASH
*/
#define ARCH_TEST_HMAC
/**
* \def ARCH_TEST_MDX
* \def ARCH_TEST_SHAXXX
*
* Enable the MDX algorithm.
* Enable the SHAXXX algorithm.
*
* Requires: ARCH_TEST_HASH
*
* Comment macros to disable the types
*/
#ifdef MBEDTLS_MD_C
#ifdef MBEDTLS_MD2_C
#define ARCH_TEST_MD2
#endif
#ifdef MBEDTLS_MD4_C
#define ARCH_TEST_MD4
#endif
#ifdef MBEDTLS_MD5_C
#define ARCH_TEST_MD5
#endif
#endif
#ifdef MBEDTLS_RIPEMD160_C
#define ARCH_TEST_RIPEMD160
#endif
#ifdef MBEDTLS_SHA1_C
#define ARCH_TEST_SHA1
#endif
#ifdef MBEDTLS_SHA224_C
#define ARCH_TEST_SHA224
#endif
#ifdef MBEDTLS_SHA256_C
#define ARCH_TEST_SHA256
#endif
#ifdef MBEDTLS_SHA384_C
#define ARCH_TEST_SHA384
#endif
#ifdef MBEDTLS_SHA512_C
#define ARCH_TEST_SHA512
#ifdef MBEDTLS_SHA512_224_C
#define ARCH_TEST_SHA512_224
#endif
#ifdef MBEDTLS_SHA512_256_C
#define ARCH_TEST_SHA512_256
#endif
#endif
#ifdef MBEDTLS_SHA3_C
#define ARCH_TEST_SHA3_224
#define ARCH_TEST_SHA3_256
#define ARCH_TEST_SHA3_384
#define ARCH_TEST_SHA3_512
#endif
/**
* \def ARCH_TEST_HKDF
*
* Enable the HKDF algorithm (RFC 5869).
*
* Requires: ARCH_TEST_HASH
*/
#ifdef MBEDTLS_HKDF_C
#define ARCH_TEST_HKDF
#endif
/**
* \def ARCH_TEST_xMAC
*
* Enable the xMAC (Cipher/Hash/G-based Message Authentication Code) mode for block
* ciphers.
* Requires: ARCH_TEST_AES or ARCH_TEST_DES
*
* Comment macros to disable the types
*/
#ifdef MBEDTLS_CMAC_C
#define ARCH_TEST_CMAC
#endif
#ifdef MBEDTLS_GMAC_C
#define ARCH_TEST_GMAC
#endif
#define ARCH_TEST_HMAC
/**
* \def ARCH_TEST_CCM
*
* Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
*
* Requires: ARCH_TEST_AES
*/
#ifdef MBEDTLS_CCM_C
#define ARCH_TEST_CCM
#endif
/**
* \def ARCH_TEST_GCM
*
* Enable the Galois/Counter Mode (GCM) for AES.
*
* Requires: ARCH_TEST_AES
*
*/
#ifdef MBEDTLS_GCM_C
#define ARCH_TEST_GCM
#endif
/**
* \def ARCH_TEST_TRUNCATED_MAC
*
* Enable support for RFC 6066 truncated HMAC in SSL.
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
#ifdef MBEDTLS_SSL_TRUNCATED_HMAC
#define ARCH_TEST_TRUNCATED_MAC
#endif
/**
* \def ARCH_TEST_ECDH
*
* Enable the elliptic curve Diffie-Hellman library.
*
* Requires: ARCH_TEST_ECC
*/
#ifdef MBEDTLS_ECDH_C
#define ARCH_TEST_ECDH
#endif
/**
* \def ARCH_TEST_ECDSA
*
* Enable the elliptic curve DSA library.
* Requires: ARCH_TEST_ECC
*/
#ifdef MBEDTLS_ECDSA_C
#define ARCH_TEST_ECDSA
#endif
/**
* \def ARCH_TEST_DETERMINISTIC_ECDSA
*
* Enable deterministic ECDSA (RFC 6979).
*/
#ifdef MBEDTLS_ECDSA_DETERMINISTIC
#define ARCH_TEST_DETERMINISTIC_ECDSA
#endif
#include "pal_crypto_config_check.h"
#endif /* _PAL_CRYPTO_CONFIG_H_ */

223
features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h Normal file
View File

@ -0,0 +1,223 @@
/** @file
* Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* \file pal_crypto_config_check.h
*
* \brief Consistency checks for configuration options
*
*/
#ifndef _PAL_CRYPTO_CONFIG_CHECK_H_
#define _PAL_CRYPTO_CONFIG_CHECK_H_
#if defined(ARCH_TEST_RSA_1024) && !defined(ARCH_TEST_RSA)
#error "ARCH_TEST_RSA_1024 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_RSA_2048) && !defined(ARCH_TEST_RSA)
#error "ARCH_TEST_RSA_2048 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_RSA_3072) && !defined(ARCH_TEST_RSA)
#error "ARCH_TEST_RSA_3072 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_ECC_CURVE_SECP192R1) && !defined(ARCH_TEST_ECC)
#error "ARCH_TEST_ECC_CURVE_SECP192R1 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_ECC_CURVE_SECP224R1) && !defined(ARCH_TEST_ECC)
#error "ARCH_TEST_ECC_CURVE_SECP224R1 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_ECC_CURVE_SECP256R1) && !defined(ARCH_TEST_ECC)
#error "ARCH_TEST_ECC_CURVE_SECP256R1 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_ECC_CURVE_SECP384R1) && !defined(ARCH_TEST_ECC)
#error "ARCH_TEST_ECC_CURVE_SECP384R1 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_AES_128) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_AES_128 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_AES_256) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_AES_256 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_AES_512) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_AES_512 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_DES_1KEY) && !defined(ARCH_TEST_DES)
#error "ARCH_TEST_DES_1KEY defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_DES_2KEY) && !defined(ARCH_TEST_DES)
#error "ARCH_TEST_DES_2KEY defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_DES_3KEY) && !defined(ARCH_TEST_DES)
#error "ARCH_TEST_DES_3KEY defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CIPER_MODE_CTR) && !defined(ARCH_TEST_CIPER)
#error "ARCH_TEST_CIPER_MODE_CTR defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CIPER_MODE_CFB) && !defined(ARCH_TEST_CIPER)
#error "ARCH_TEST_CIPER_MODE_CFB defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CIPER_MODE_CBC) && !defined(ARCH_TEST_CIPER)
#error "ARCH_TEST_CIPER_MODE_CBC defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CTR_AES) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CTR))
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CFB_AES) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CFB))
#error "ARCH_TEST_CFB_AES defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN) &&\
(!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15))
#error "ARCH_TEST_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN_RAW) &&\
(!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15))
#error "ARCH_TEST_RSA_PKCS1V15_SIGN_RAW defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_RSA_PKCS1V15_CRYPT) &&\
(!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15))
#error "ARCH_TEST_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CBC_PKCS7) && !defined(ARCH_TEST_CIPER_MODE_CBC)
#error "ARCH_TEST_CBC_PKCS7 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_HMAC defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_MD2) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_MD2 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_MD4) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_MD4 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_MD5) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_MD5 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_RIPEMD160) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_RIPEMD160 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA1) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA1 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA224) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA224 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA256) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA256 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA512) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA512 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA512_224) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA512_224 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA512_256) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA512_256 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA3_224) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA3_224 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA3_256) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA3_384) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_SHA3_512) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_HKDF) && !defined(ARCH_TEST_HASH)
#error "ARCH_TEST_HKDF defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_CMAC defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_GMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_GMAC defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_HMAC defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_CCM) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_CCM defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_GCM) && !defined(ARCH_TEST_AES)
#error "ARCH_TEST_GCM defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_ECDH) && !defined(ARCH_TEST_ECC)
#error "ARCH_TEST_ECDH defined, but not all prerequisites"
#endif
#if defined(ARCH_TEST_ECDSA) && !defined(ARCH_TEST_ECC)
#error "ARCH_TEST_ECDSA defined, but not all prerequisites"
#endif
#endif /* _PAL_CRYPTO_CONFIG_CHECK_H_ */

339
features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c Normal file
View File

@ -0,0 +1,339 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#define PSA_CRYPTO_IMPLEMENTED 1
#include "pal_crypto_intf.h"
#define PAL_KEY_SLOT_COUNT 32
/**
@brief - This API will call the requested crypto function
@param - type : function code
valist : variable argument list
@return - error status
**/
int32_t pal_crypto_function(int type, va_list valist)
{
#if PSA_CRYPTO_IMPLEMENTED
int i;
size_t size, *length, salt_length, label_length, ciphertext_size;
uint8_t *buffer, *ciphertext;
const uint8_t *salt, *label, *nonce, *additional_data;
uint8_t *plaintext;
uint32_t status;
const void *extra;
size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
psa_key_handle_t handle, *key_handle;
psa_key_type_t key_type, *key_type_out;
psa_key_policy_t *policy;
psa_key_usage_t usage, *usage_out;
psa_key_lifetime_t *lifetime_out;
psa_algorithm_t alg, *alg_out;
psa_hash_operation_t *hash_operation;
psa_mac_operation_t *mac_operation;
psa_cipher_operation_t *cipher_operation;
psa_crypto_generator_t *generator;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
handle = (psa_key_handle_t)va_arg(valist, int);
key_type = va_arg(valist, psa_key_type_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, int);
status = psa_import_key(handle, key_type, buffer, size);
return status;
case PAL_CRYPTO_EXPORT_KEY:
handle = (psa_key_handle_t)va_arg(valist, int);
buffer = (uint8_t *)(va_arg(valist, uint8_t*));
size = va_arg(valist, int);
length = (size_t *)va_arg(valist, size_t*);
status = psa_export_key(handle, buffer, size, length);
return status;
case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
handle = (psa_key_handle_t)va_arg(valist, int);
buffer = (uint8_t *)(va_arg(valist, uint8_t*));
size = va_arg(valist, int);
length = (size_t *)va_arg(valist, size_t*);
status = psa_export_public_key(handle, buffer, size, length);
return status;
case PAL_CRYPTO_KEY_POLICY_INIT:
policy = va_arg(valist, psa_key_policy_t*);
memset(policy, 0, sizeof(psa_key_policy_t));
return 0;
case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
policy = va_arg(valist, psa_key_policy_t*);
usage = va_arg(valist, psa_key_usage_t);
alg = va_arg(valist, psa_algorithm_t);
psa_key_policy_set_usage(policy, usage, alg);
return 0;
case PAL_CRYPTO_SET_KEY_POLICY:
handle = (psa_key_handle_t)va_arg(valist, int);
policy = va_arg(valist, psa_key_policy_t*);
return psa_set_key_policy(handle, policy);
case PAL_CRYPTO_DESTROY_KEY:
handle = (psa_key_handle_t)va_arg(valist, int);
status = psa_destroy_key(handle);
return status;
case PAL_CRYPTO_GET_KEY_INFORMATION:
handle = (psa_key_handle_t)va_arg(valist, int);
key_type_out = va_arg(valist, psa_key_type_t*);
length = (size_t *)va_arg(valist, size_t*);
status = psa_get_key_information(handle, key_type_out, length);
return status;
case PAL_CRYPTO_GET_KEY_POLICY:
handle = (psa_key_handle_t)va_arg(valist, int);
policy = va_arg(valist, psa_key_policy_t*);
return psa_get_key_policy(handle, policy);
case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
policy = va_arg(valist, psa_key_policy_t*);
usage_out = va_arg(valist, psa_key_usage_t*);
*usage_out = psa_key_policy_get_usage(policy);
return 0;
case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
policy = va_arg(valist, psa_key_policy_t*);
alg_out = va_arg(valist, psa_algorithm_t*);
*alg_out = psa_key_policy_get_algorithm(policy);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
handle = (psa_key_handle_t)va_arg(valist, int);
lifetime_out = va_arg(valist, psa_key_lifetime_t*);
return psa_get_key_lifetime(handle, lifetime_out);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
return psa_hash_setup(hash_operation, alg);
case PAL_CRYPTO_HASH_UPDATE:
hash_operation = va_arg(valist, psa_hash_operation_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
return psa_hash_update(hash_operation, buffer, size);
case PAL_CRYPTO_HASH_VERIFY:
hash_operation = va_arg(valist, psa_hash_operation_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
return psa_hash_verify(hash_operation, buffer, size);
case PAL_CRYPTO_HASH_FINISH:
hash_operation = va_arg(valist, psa_hash_operation_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_hash_finish(hash_operation, buffer, size, length);
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
case PAL_CRYPTO_GENERATE_KEY:
handle = (psa_key_handle_t)va_arg(valist, int);
key_type = va_arg(valist, psa_key_type_t);
size = va_arg(valist, size_t);
extra = va_arg(valist, const void*);
extra_size = va_arg(valist, size_t);
return psa_generate_key(handle, key_type, size, extra, extra_size);
case PAL_CRYPTO_GENERATOR_READ:
generator = va_arg(valist, psa_crypto_generator_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, int);
return psa_generator_read(generator, buffer, size);
case PAL_CRYPTO_KEY_DERIVATION:
generator = va_arg(valist, psa_crypto_generator_t*);
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
salt = va_arg(valist, const uint8_t *);
salt_length = va_arg(valist, size_t);
label = va_arg(valist, const uint8_t *);
label_length = va_arg(valist, size_t);
capacity = va_arg(valist, size_t);
return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
label_length, capacity);
case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
generator = va_arg(valist, psa_crypto_generator_t*);
gen_cap = va_arg(valist, size_t*);
return psa_get_generator_capacity(generator, gen_cap);
case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
handle = (psa_key_handle_t)va_arg(valist, int);
key_type = va_arg(valist, psa_key_type_t);
size = va_arg(valist, size_t);
generator = va_arg(valist, psa_crypto_generator_t*);
return psa_generator_import_key(handle, key_type, size, generator);
case PAL_CRYPTO_GENERATOR_ABORT:
generator = va_arg(valist, psa_crypto_generator_t*);
return psa_generator_abort(generator);
case PAL_CRYPTO_AEAD_ENCRYPT:
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
additional_data = va_arg(valist, const uint8_t *);
additional_data_length = va_arg(valist, size_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
additional_data = va_arg(valist, const uint8_t *);
additional_data_length = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
return psa_mac_sign_setup(mac_operation, handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
return psa_mac_update(mac_operation, buffer, size);
case PAL_CRYPTO_MAC_SIGN_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
length = (size_t *)va_arg(valist, size_t*);
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
return psa_mac_verify_setup(mac_operation, handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
return psa_mac_verify_finish(mac_operation, buffer, size);
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
salt = va_arg(valist, const uint8_t *);
salt_length = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
salt = va_arg(valist, const uint8_t *);
salt_length = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_generate_iv(cipher_operation, buffer, size, length);
case PAL_CRYPTO_CIPHER_SET_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
return psa_cipher_set_iv(cipher_operation, buffer, size);
case PAL_CRYPTO_CIPHER_UPDATE:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_finish(cipher_operation, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
case PAL_CRYPTO_KEY_AGREEMENT:
generator = va_arg(valist, psa_crypto_generator_t*);
handle = (psa_key_handle_t)va_arg(valist, int);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
alg = va_arg(valist, psa_algorithm_t);
return psa_key_agreement(generator, handle, buffer, size, alg);
case PAL_CRYPTO_ALLOCATE_KEY:
key_handle = (psa_key_handle_t *)va_arg(valist, int*);
return psa_allocate_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
return 0;
default:
return PAL_STATUS_UNSUPPORTED_FUNC;
}
#else
return PAL_STATUS_ERROR;
#endif
}

84
features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h Normal file
View File

@ -0,0 +1,84 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifndef _PAL_CRYPTO_H_
#define _PAL_CRYPTO_H_
#include <stdarg.h>
#include "pal_common.h"
#if PSA_IPC_IMPLEMENTED
#include "psa/client.h"
#endif
#if PSA_CRYPTO_IMPLEMENTED
#include "psa/crypto.h"
#endif
enum crypto_function_code {
PAL_CRYPTO_INIT = 0x1,
PAL_CRYPTO_GENERATE_RANDOM = 0x2,
PAL_CRYPTO_IMPORT_KEY = 0x3,
PAL_CRYPTO_EXPORT_KEY = 0x4,
PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
PAL_CRYPTO_DESTROY_KEY = 0x6,
PAL_CRYPTO_GET_KEY_INFO = 0x7,
PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
PAL_CRYPTO_SET_KEY_POLICY = 0xC,
PAL_CRYPTO_GET_KEY_POLICY = 0xD,
PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
PAL_CRYPTO_HASH_SETUP = 0x11,
PAL_CRYPTO_HASH_UPDATE = 0x12,
PAL_CRYPTO_HASH_VERIFY = 0x13,
PAL_CRYPTO_HASH_FINISH = 0x14,
PAL_CRYPTO_HASH_ABORT = 0x15,
PAL_CRYPTO_GENERATE_KEY = 0x16,
PAL_CRYPTO_GENERATOR_READ = 0x17,
PAL_CRYPTO_KEY_DERIVATION = 0x18,
PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
PAL_CRYPTO_MAC_UPDATE = 0x1F,
PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
PAL_CRYPTO_MAC_ABORT = 0x23,
PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
PAL_CRYPTO_CIPHER_FINISH = 0x2E,
PAL_CRYPTO_CIPHER_ABORT = 0x2F,
PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
PAL_CRYPTO_KEY_AGREEMENT = 0x32,
PAL_CRYPTO_ALLOCATE_KEY = 0x33,
PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
#endif /* _PAL_CRYPTO_H_ */

84
features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c Normal file
View File

@ -0,0 +1,84 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#include "pal_internal_trusted_storage_intf.h"
/**
@brief - This API will call the requested internal trusted storage function
@param - type : function code
valist : variable argument list
@return - error status
**/
uint32_t pal_its_function(int type, va_list valist)
{
#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED
uint32_t uid, data_length, offset;
const void *p_write_data;
void *p_read_data;
psa_storage_create_flags_t its_create_flags;
//psa_ps_create_flags_t ps_create_flags;
struct psa_its_info_t *its_p_info;
//struct psa_eps_info_t *ps_p_info;
switch (type)
{
case PAL_ITS_SET:
uid = va_arg(valist, psa_storage_uid_t);
data_length = va_arg(valist, uint32_t);
p_write_data = va_arg(valist, const void*);
its_create_flags = va_arg(valist, psa_storage_create_flags_t);
return psa_its_set(uid, data_length, p_write_data, its_create_flags);
case PAL_ITS_GET:
uid = va_arg(valist, psa_storage_uid_t);
offset = va_arg(valist, uint32_t);
data_length = va_arg(valist, uint32_t);
p_read_data = va_arg(valist, void*);
return psa_its_get(uid, offset, data_length, p_read_data);
case PAL_ITS_GET_INFO:
uid = va_arg(valist, psa_storage_uid_t);
its_p_info = va_arg(valist, struct psa_its_info_t*);
return psa_its_get_info(uid, (struct psa_storage_info_t *)its_p_info);
case PAL_ITS_REMOVE:
uid = va_arg(valist, psa_storage_uid_t);
return psa_its_remove(uid);
/* case PAL_PS_SET: */
/* uid = va_arg(valist, uint32_t); */
/* data_length = va_arg(valist, uint32_t); */
/* p_write_data = va_arg(valist, const void*); */
/* ps_create_flags = va_arg(valist, psa_ps_create_flags_t); */
/* return psa_ps_set(uid, data_length, p_write_data, ps_create_flags); */
/* case PAL_PS_GET: */
/* uid = va_arg(valist, uint32_t); */
/* offset = va_arg(valist, uint32_t); */
/* data_length = va_arg(valist, uint32_t); */
/* p_read_data = va_arg(valist, void*); */
/* return psa_ps_get(uid, offset, data_length, p_read_data); */
/* case PAL_PS_GET_INFO: */
/* uid = va_arg(valist, uint32_t); */
/* ps_p_info = va_arg(valist, struct psa_eps_info_t*); */
/* return psa_ps_get_info(uid, ps_p_info); */
/* case PAL_PS_REMOVE: */
/* uid = va_arg(valist, uint32_t); */
/* return psa_ps_remove(uid); */
default:
return PAL_STATUS_UNSUPPORTED_FUNC;
}
#else
return PAL_STATUS_ERROR;
#endif
}

36
features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h Normal file
View File

@ -0,0 +1,36 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifndef _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_
#define _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_
#include <stdarg.h>
#include "pal_common.h"
#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED
#include "psa/internal_trusted_storage.h"
#endif
enum its_function_code {
PAL_ITS_SET = 0x1,
PAL_ITS_GET = 0x2,
PAL_ITS_GET_INFO = 0x3,
PAL_ITS_REMOVE = 0x4,
};
uint32_t pal_its_function(int type, va_list valist);
#endif /* _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ */

69
features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.cpp Normal file
View File

@ -0,0 +1,69 @@
#include "mbed.h"
#include "rtos.h"
#include "val_interfaces.h"
#include "pal_common.h"
#include "psa/crypto.h"
#include "entropy_poll.h"
#include "pal_mbed_os_crypto.h"
#include "lifecycle.h"
#define TEST_STACK_SIZE 8192
extern val_api_t val_api;
extern psa_api_t psa_api;
#ifdef PS_TEST
extern "C" psa_status_t psa_ps_reset();
#endif
test_entry_f test_g = NULL;
#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
#if !defined(MAX)
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
static void inject_entropy()
{
uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
for (int i = 0; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
seed[i] = i;
}
mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
}
#endif // defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
void main_wrapper(void)
{
#ifdef ITS_TEST
mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
#elif PS_TEST
psa_ps_reset();
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
inject_entropy();
#endif /* defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC) */
test_g(&val_api, &psa_api);
#ifdef ITS_TEST
mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
#elif PS_TEST
psa_ps_reset();
#endif
}
int test_start(test_entry_f test_f)
{
test_g = test_f;
Thread thread(osPriorityNormal, TEST_STACK_SIZE, NULL);
thread.start(main_wrapper);
thread.join();
return 0;
}

17
features/frameworks/TARGET_PSA/pal/pal_mbed_os_crypto.h Normal file
View File

@ -0,0 +1,17 @@
#ifndef PAL_MBED_OS_CRYPTO_H_
#define PAL_MBED_OS_CRYPTO_H_
#include "val_interfaces.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef void (*test_entry_f)(val_api_t *val_api, psa_api_t *psa_api);
int test_start(test_entry_f test_f);
#ifdef __cplusplus
}
#endif
#endif /* PAL_MBED_OS_CRYPTO_H_ */

63
features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c Normal file
View File

@ -0,0 +1,63 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#include "pal_protected_storage_intf.h"
/**
@brief - This API will call the requested protected storage function
@param - type : function code
valist : variable argument list
@return - error status
**/
uint32_t pal_ps_function(int type, va_list valist)
{
#if PSA_PROTECTED_STORAGE_IMPLEMENTED
uint32_t uid, data_length, offset;
const void *p_write_data;
void *p_read_data;
psa_storage_create_flags_t ps_create_flags;
struct psa_ps_info_t *ps_p_info;
switch (type)
{
case PAL_PS_SET:
uid = va_arg(valist, psa_storage_uid_t);
data_length = va_arg(valist, uint32_t);
p_write_data = va_arg(valist, const void*);
ps_create_flags = va_arg(valist, psa_storage_create_flags_t);
return psa_ps_set(uid, data_length, p_write_data, ps_create_flags);
case PAL_PS_GET:
uid = va_arg(valist, psa_storage_uid_t);
offset = va_arg(valist, uint32_t);
data_length = va_arg(valist, uint32_t);
p_read_data = va_arg(valist, void*);
return psa_ps_get(uid, offset, data_length, p_read_data);
case PAL_PS_GET_INFO:
uid = va_arg(valist, psa_storage_uid_t);
ps_p_info = va_arg(valist, struct psa_ps_info_t*);
return psa_ps_get_info(uid, ps_p_info);
case PAL_PS_REMOVE:
uid = va_arg(valist, psa_storage_uid_t);
return psa_ps_remove(uid);
default:
return PAL_STATUS_UNSUPPORTED_FUNC;
}
#else
return PAL_STATUS_ERROR;
#endif
}

36
features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h Normal file
View File

@ -0,0 +1,36 @@
/** @file
* Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
#ifndef _PAL_PROTECTED_STORAGE_INTF_H_
#define _PAL_PROTECTED_STORAGE_INTF_H_
#include <stdarg.h>
#include "pal_common.h"
#if PSA_PROTECTED_STORAGE_IMPLEMENTED
#include "psa/protected_storage.h"
#endif
enum ps_function_code {
PAL_PS_SET = 0x1,
PAL_PS_GET = 0x2,
PAL_PS_GET_INFO = 0x3,
PAL_PS_REMOVE = 0x4,
};
uint32_t pal_ps_function(int type, va_list valist);
#endif /* _PAL_PROTECTED_STORAGE_INTF_H_ */

0
features/frameworks/TARGET_PSA/psa_manifest/sid.h Normal file
View File

8
features/frameworks/TARGET_PSA/val.h
View File

@ -41,6 +41,10 @@
#define FALSE 1
#endif
#ifndef INT_MAX
#define INT_MAX 0xFFFFFFFF
#endif
#define _CONCAT(A,B) A##B
#define CONCAT(A,B) _CONCAT(A,B)
@ -78,9 +82,7 @@
/* Test Defines */
#define TEST_PUBLISH(test_id, entry) \
const val_test_info_t __attribute__((section(".acs_test_info"))) \
CONCAT(acs_test_info, entry) = {test_id, entry}
#define TEST_PUBLISH(test_id, entry)
#define VAL_MAX_TEST_PER_COMP 200
#define VAL_FF_BASE 0

1
features/frameworks/TARGET_PSA/val_attestation.h
View File

@ -19,6 +19,7 @@
#define _VAL_INITIAL_ATTESTATION_H_
#include "val.h"
#include "psa_initial_attestation_api.h"
#define MAX_CHALLENGE_SIZE PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64

2
features/frameworks/TARGET_PSA/val_client_defs.h
View File

@ -19,6 +19,8 @@
#define _VAL_CLIENT_H_
#include "val.h"
#include "psa/client.h"
#include "crypto_values.h"
#define INVALID_SID 0x0000FA20

3
features/frameworks/TARGET_PSA/val_crypto.h
View File

@ -19,6 +19,9 @@
#define _VAL_CRYPTO_H_
#include "val.h"
#include "psa/client.h"
#include "crypto_values.h"
#include "crypto.h"
#define BYTES_TO_BITS(byte) (byte * 8)

0
features/frameworks/TARGET_PSA/val_framework.h Normal file
View File

324
features/frameworks/TARGET_PSA/val_greentea.cpp Normal file
View File

@ -0,0 +1,324 @@
#include "greentea-client/test_env.h"
#include "inttypes.h"
#include "val_greentea.h"
extern "C" {
/* globals */
test_status_buffer_t g_status_buffer;
void mbed_val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield)
{
/*global init*/
g_status_buffer.state = 0;
g_status_buffer.status = VAL_STATUS_INVALID;
mbed_val_print(PRINT_ALWAYS, "\nTEST: %d | DESCRIPTION: ", test_num);
mbed_val_print(PRINT_ALWAYS, desc, 0);
#ifndef NO_GREENTEA
GREENTEA_SETUP(100, "default_auto");
#endif
mbed_val_set_status(RESULT_START(VAL_STATUS_SUCCESS));
return;
}
void mbed_val_test_exit(void)
{
uint32_t status = mbed_val_get_status();
/* return if test skipped or failed */
if (IS_TEST_FAIL(status) || IS_TEST_SKIP(status))
{
GREENTEA_TESTSUITE_RESULT(false);
return;
}
else
{
GREENTEA_TESTSUITE_RESULT(true);
mbed_val_set_status(RESULT_END(VAL_STATUS_SUCCESS));
}
}
/**
@brief - This function executes given list of tests from non-secure sequentially
This covers non-secure to secure IPC API scenario
@param - test_num : Test_num
@param - tests_list : list of tests to be executed
@param - server_hs : Initiate a server handshake
@return - val_status_t
**/
val_status_t mbed_val_execute_non_secure_tests(uint32_t test_num, client_test_t *tests_list,
bool_t server_hs)
{
val_status_t status = VAL_STATUS_SUCCESS;
int32_t test_status = VAL_STATUS_SUCCESS;
boot_t boot = {.state = BOOT_NOT_EXPECTED};
psa_handle_t handle;
uint32_t i = 1;
test_info_t test_info;
char testcase_name[100] = "";
bool continue_test = true;
test_info.test_num = test_num;
if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_CRYPTO)
{
mbed_val_print(PRINT_TEST, "[Info] Executing tests from non-secure\n", 0);
while (tests_list[i] != NULL)
{
memset(testcase_name, 0, 100);
sprintf(testcase_name, "Check%d", i);
GREENTEA_TESTCASE_START(testcase_name);
if (server_hs == TRUE)
{
/* Handshake with server tests */
test_info.block_num = i;
status = mbed_val_execute_secure_test_func(&handle, test_info,
SERVER_TEST_DISPATCHER_SID);
if (VAL_ERROR(status))
{
mbed_val_set_status(RESULT_FAIL(status));
mbed_val_print(PRINT_ERROR, "[Check%d] START\n", i);
return status;
}
else
{
mbed_val_print(PRINT_DEBUG, "[Check%d] START\n", i);
}
}
/* Execute client tests */
test_status = tests_list[i](NONSECURE);
if (server_hs == TRUE)
{
/* Retrive Server test status */
status = mbed_val_get_secure_test_result(&handle);
}
if (test_status != VAL_STATUS_SUCCESS)
{
status = VAL_STATUS_ERROR;
}
if (IS_TEST_SKIP(status))
{
mbed_val_set_status(status);
mbed_val_print(PRINT_DEBUG, "[Check%d] SKIPPED\n", i);
GREENTEA_TESTCASE_FINISH(testcase_name, 1, 0);
continue_test = false;
}
else if (VAL_ERROR(status))
{
mbed_val_set_status(RESULT_FAIL(status));
if (server_hs == TRUE)
mbed_val_print(PRINT_ERROR, "[Check%d] FAILED\n", i);
GREENTEA_TESTCASE_FINISH(testcase_name, 0, 1);
continue_test = false;
}
else
{
if (server_hs == TRUE)
mbed_val_print(PRINT_DEBUG, "[Check%d] PASSED\n", i);
GREENTEA_TESTCASE_FINISH(testcase_name, 1, 0);
continue_test = true;
}
if (!continue_test)
{
return status;
}
i++;
}
}
else
{
/* If we are here means, we are in second run of this test */
status = VAL_STATUS_SUCCESS;
if (boot.state != BOOT_EXPECTED_S)
{
mbed_val_print(PRINT_DEBUG, "[Check1] PASSED\n", 0);
}
}
return status;
}
/**
@brief - Records the state and status of test
@return - val_status_t
**/
val_status_t mbed_val_set_status(uint32_t status)
{
g_status_buffer.state = ((status >> TEST_STATE_BIT) & TEST_STATE_MASK);
g_status_buffer.status = (status & TEST_STATUS_MASK);
return VAL_STATUS_SUCCESS;
}
/**
@brief - Updates the state and status for a given test
@return - test status
**/
uint32_t mbed_val_get_status(void)
{
return ((g_status_buffer.state) << TEST_STATE_BIT) | (g_status_buffer.status);
}
/**
@brief - This function is used to handshake between:
- nonsecure client fn to server test fn
- secure client fn and server test fn
- nonsecure client fn to secure client test fn
@param - handle : handle returned while connecting given sid
@param - test_info : Test_num and block_num to be executed
@param - sid : RoT service to be connected. Partition dispatcher sid
@return - val_status_t
**/
val_status_t mbed_val_execute_secure_test_func(psa_handle_t *handle, test_info_t test_info, uint32_t sid)
{
uint32_t test_data;
val_status_t status = VAL_STATUS_SUCCESS;
psa_status_t status_of_call = PSA_SUCCESS;
*handle = pal_ipc_connect(sid, 0);
if (*handle < 0)
{
mbed_val_print(PRINT_ERROR, "Could not connect SID. Handle=%x\n", *handle);
return VAL_STATUS_CONNECTION_FAILED;
}
test_data = ((uint32_t)(test_info.test_num) | ((uint32_t)(test_info.block_num) << BLOCK_NUM_POS) | ((uint32_t)(TEST_EXECUTE_FUNC) << ACTION_POS));
psa_invec data[1] = {{&test_data, sizeof(test_data)}};
status_of_call = pal_ipc_call(*handle, data, 1, NULL, 0);
if (status_of_call != PSA_SUCCESS)
{
status = VAL_STATUS_CALL_FAILED;
mbed_val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call);
pal_ipc_close(*handle);
}
return status;
}
/**
@brief - Print module. This is client interface API of secure partition
mbed_val_print_sf API for nspe world
@param - verbosity: Print verbosity level
- string : Input string
- data : Value for format specifier
@return - val_status_t
**/
val_status_t mbed_val_print(print_verbosity_t verbosity, const char *string, uint32_t data)
{
if (data != 0) {
printf(string, data);
} else {
printf(string);
}
return VAL_STATUS_SUCCESS;
}
/**
@brief - This function is used to retrive the status of previously connected test function
using mbed_val_execute_secure_test_func
@param - handle : handle of server function. Handle of Partition dispatcher sid
@return - The status of test functions
**/
val_status_t mbed_val_get_secure_test_result(psa_handle_t *handle)
{
uint32_t test_data;
val_status_t status = VAL_STATUS_SUCCESS;
psa_status_t status_of_call = PSA_SUCCESS;
test_data = (TEST_RETURN_RESULT << ACTION_POS);
psa_outvec resp = {&status, sizeof(status)};
psa_invec data[1] = {{&test_data, sizeof(test_data)}};
status_of_call = pal_ipc_call(*handle, data, 1, &resp, 1);
if (status_of_call != PSA_SUCCESS)
{
status = VAL_STATUS_CALL_FAILED;
mbed_val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call);
}
pal_ipc_close(*handle);
return status;
}
/**
* @brief Connect to given sid
@param -sid : RoT service id
@param -minor_version : minor_version of RoT service
@param -handle - return connection handle
* @return val_status_t
*/
val_status_t mbed_val_ipc_connect(uint32_t sid, uint32_t minor_version, psa_handle_t *handle )
{
*handle = pal_ipc_connect(sid, minor_version);
if (*handle < 0)
{
return VAL_STATUS_CONNECTION_FAILED;
}
return VAL_STATUS_SUCCESS;
}
/**
* @brief Call a connected Root of Trust Service.@n
* The caller must provide an array of ::psa_invec_t structures as the input payload.
*
* @param handle Handle for the connection.
* @param in_vec Array of psa_invec structures.
* @param in_len Number of psa_invec structures in in_vec.
* @param out_vec Array of psa_outvec structures for optional Root of Trust Service response.
* @param out_len Number of psa_outvec structures in out_vec.
* @return val_status_t
*/
val_status_t mbed_val_ipc_call(psa_handle_t handle, psa_invec *in_vec, size_t in_len,
psa_outvec *out_vec, size_t out_len)
{
psa_status_t call_status = PSA_SUCCESS;
call_status = pal_ipc_call(handle, in_vec, in_len, out_vec, out_len);
if (call_status != PSA_SUCCESS)
{
return VAL_STATUS_CALL_FAILED;
}
return VAL_STATUS_SUCCESS;
}
/**
* @brief Close a connection to a Root of Trust Service.
* Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources.
*
* @param handle Handle for the connection.
* @return void
*/
void mbed_val_ipc_close(psa_handle_t handle)
{
pal_ipc_close(handle);
}
/**
* @brief reprogram the watchdog timer
* always succeeds on mbed-greentead testing.
*
* @param timeout_type type of timeout.
* @return val_status_t
*/
val_status_t mbed_val_wd_reprogram_timer(wd_timeout_type_t timeout_type)
{
return VAL_STATUS_SUCCESS;
}
}

30
features/frameworks/TARGET_PSA/val_greentea.h Normal file
View File

@ -0,0 +1,30 @@
#ifndef _VAL_GREENTEA_H_
#define _VAL_GREENTEA_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "val.h"
#include "val_interfaces.h"
void mbed_val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield);
void mbed_val_test_exit(void);
val_status_t mbed_val_execute_non_secure_tests(uint32_t test_num, client_test_t *tests_list, bool_t server_hs);
val_status_t mbed_val_set_status(uint32_t status);
uint32_t mbed_val_get_status(void);
val_status_t mbed_val_execute_secure_test_func(psa_handle_t *handle, test_info_t test_info, uint32_t sid);
val_status_t mbed_val_print(print_verbosity_t verbosity, const char *string, uint32_t data);
val_status_t mbed_val_get_secure_test_result(psa_handle_t *handle);
val_status_t mbed_val_ipc_connect(uint32_t sid, uint32_t minor_version, psa_handle_t *handle);
val_status_t mbed_val_ipc_call(psa_handle_t handle, psa_invec *in_vec, size_t in_len,
psa_outvec *out_vec, size_t out_len);
void mbed_val_ipc_close(psa_handle_t handle);
val_status_t mbed_val_wd_reprogram_timer(wd_timeout_type_t timeout_type);
#ifdef __cplusplus
}
#endif
#endif // _VAL_GREENTEA_H_

48
features/frameworks/TARGET_PSA/val_interfaces.c
View File

@ -16,10 +16,8 @@
**/
#include "val_framework.h"
#include "val_greentea.h"
#include "val_interfaces.h"
#include "val_peripherals.h"
#include "val_target.h"
#include "val_crypto.h"
#include "val_internal_trusted_storage.h"
#include "val_protected_storage.h"
@ -27,28 +25,28 @@
/*VAL APIs to be used by test */
const val_api_t val_api = {
.print = val_print,
.set_status = val_set_status,
.get_status = val_get_status,
.test_init = val_test_init,
.test_exit = val_test_exit,
.err_check_set = val_err_check_set,
.target_get_config = val_target_get_config,
.execute_non_secure_tests = val_execute_non_secure_tests,
.switch_to_secure_client = val_switch_to_secure_client,
.execute_secure_test_func = val_execute_secure_test_func,
.get_secure_test_result = val_get_secure_test_result,
.ipc_connect = val_ipc_connect,
.ipc_call = val_ipc_call,
.ipc_close = val_ipc_close,
.nvmem_read = val_nvmem_read,
.nvmem_write = val_nvmem_write,
.wd_timer_init = val_wd_timer_init,
.wd_timer_enable = val_wd_timer_enable,
.wd_timer_disable = val_wd_timer_disable,
.wd_reprogram_timer = val_wd_reprogram_timer,
.set_boot_flag = val_set_boot_flag,
.get_boot_flag = val_get_boot_flag,
.print = mbed_val_print,
.set_status = mbed_val_set_status,
.get_status = mbed_val_get_status,
.test_init = mbed_val_test_init,
.test_exit = mbed_val_test_exit,
.err_check_set = NULL,
.target_get_config = NULL,
.execute_non_secure_tests = mbed_val_execute_non_secure_tests,
.switch_to_secure_client = NULL,
.execute_secure_test_func = mbed_val_execute_secure_test_func,
.get_secure_test_result = mbed_val_get_secure_test_result,
.ipc_connect = mbed_val_ipc_connect,
.ipc_call = mbed_val_ipc_call,
.ipc_close = mbed_val_ipc_close,
.nvmem_read = NULL,
.nvmem_write = NULL,
.wd_timer_init = NULL,
.wd_timer_enable = NULL,
.wd_timer_disable = NULL,
.wd_reprogram_timer = mbed_val_wd_reprogram_timer,
.set_boot_flag = NULL,
.get_boot_flag = NULL,
.crypto_function = val_crypto_function,
.its_function = val_its_function,
.ps_function = val_ps_function,

4
features/frameworks/TARGET_PSA/val_interfaces.h
View File

@ -25,7 +25,7 @@
/* typedef's */
typedef struct {
val_status_t (*print) (print_verbosity_t verbosity,
char *string, uint32_t data);
const char *string, uint32_t data);
val_status_t (*set_status) (uint32_t status);
uint32_t (*get_status) (void);
void (*test_init) (uint32_t test_num, char8_t *desc,
@ -79,7 +79,5 @@ typedef struct {
test_fptr_t entry_addr;
} val_test_info_t;
#include "test_entry_fn_declare_list.inc"
void test_entry(val_api_t *val, psa_api_t *psa);
#endif