From a958332f14eec125df8ef3a67945fd45a59079e7 Mon Sep 17 00:00:00 2001 From: Lena Boeckmann Date: Wed, 3 Apr 2024 18:59:37 +0200 Subject: [PATCH 1/2] tests/sys/psa_crypto*: Remove symlinks --- tests/sys/psa_crypto_cipher/Makefile | 4 +- .../example_cipher_aes_128.c | 86 +++++++++++++- tests/sys/psa_crypto_cipher/main.c | 55 ++++++++- tests/sys/psa_crypto_ecdsa/Makefile | 8 +- .../sys/psa_crypto_ecdsa/example_ecdsa_p256.c | 98 +++++++++++++++- tests/sys/psa_crypto_ecdsa/main.c | 55 ++++++++- tests/sys/psa_crypto_eddsa/Makefile | 6 +- tests/sys/psa_crypto_eddsa/example_eddsa.c | 87 ++++++++++++++- tests/sys/psa_crypto_eddsa/main.c | 55 ++++++++- tests/sys/psa_crypto_hashes/Makefile | 2 - tests/sys/psa_crypto_hashes/Makefile.ci | 5 + .../psa_crypto_hashes/example_hash_sha256.c | 37 ++++++ tests/sys/psa_crypto_hashes/main.c | 54 ++++++++- tests/sys/psa_crypto_mac/Makefile | 4 +- tests/sys/psa_crypto_mac/Makefile.ci | 2 - .../sys/psa_crypto_mac/example_hmac_sha256.c | 75 ++++++++++++- tests/sys/psa_crypto_mac/main.c | 54 ++++++++- tests/sys/psa_crypto_se/Makefile | 6 +- tests/sys/psa_crypto_se/Makefile.ci | 1 - .../psa_crypto_se/example_cipher_aes_128.c | 90 ++++++++++++++- tests/sys/psa_crypto_se/example_ecdsa_p256.c | 105 +++++++++++++++++- tests/sys/psa_crypto_se/example_hmac_sha256.c | 79 ++++++++++++- tests/sys/psa_crypto_se/main.c | 72 +++++++++++- tests/sys/psa_crypto_se_cipher/Makefile | 4 +- tests/sys/psa_crypto_se_cipher/Makefile.ci | 1 - .../example_cipher_aes_128.c | 91 ++++++++++++++- tests/sys/psa_crypto_se_cipher/main.c | 55 ++++++++- tests/sys/psa_crypto_se_ecdsa/Makefile | 5 +- tests/sys/psa_crypto_se_ecdsa/Makefile.ci | 1 - .../psa_crypto_se_ecdsa/example_ecdsa_p256.c | 105 +++++++++++++++++- tests/sys/psa_crypto_se_ecdsa/main.c | 55 ++++++++- tests/sys/psa_crypto_se_mac/Makefile | 4 +- tests/sys/psa_crypto_se_mac/Makefile.ci | 1 - .../psa_crypto_se_mac/example_hmac_sha256.c | 79 ++++++++++++- tests/sys/psa_crypto_se_mac/main.c | 54 ++++++++- 35 files changed, 1439 insertions(+), 56 deletions(-) mode change 120000 => 100644 tests/sys/psa_crypto_cipher/example_cipher_aes_128.c mode change 120000 => 100644 tests/sys/psa_crypto_cipher/main.c mode change 120000 => 100644 tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c mode change 120000 => 100644 tests/sys/psa_crypto_ecdsa/main.c mode change 120000 => 100644 tests/sys/psa_crypto_eddsa/example_eddsa.c mode change 120000 => 100644 tests/sys/psa_crypto_eddsa/main.c create mode 100644 tests/sys/psa_crypto_hashes/example_hash_sha256.c mode change 120000 => 100644 tests/sys/psa_crypto_hashes/main.c mode change 120000 => 100644 tests/sys/psa_crypto_mac/example_hmac_sha256.c mode change 120000 => 100644 tests/sys/psa_crypto_mac/main.c mode change 120000 => 100644 tests/sys/psa_crypto_se/example_cipher_aes_128.c mode change 120000 => 100644 tests/sys/psa_crypto_se/example_ecdsa_p256.c mode change 120000 => 100644 tests/sys/psa_crypto_se/example_hmac_sha256.c mode change 120000 => 100644 tests/sys/psa_crypto_se/main.c mode change 120000 => 100644 tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c mode change 120000 => 100644 tests/sys/psa_crypto_se_cipher/main.c mode change 120000 => 100644 tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c mode change 120000 => 100644 tests/sys/psa_crypto_se_ecdsa/main.c mode change 120000 => 100644 tests/sys/psa_crypto_se_mac/example_hmac_sha256.c mode change 120000 => 100644 tests/sys/psa_crypto_se_mac/main.c diff --git a/tests/sys/psa_crypto_cipher/Makefile b/tests/sys/psa_crypto_cipher/Makefile index 2e8dd0ae2ba6..59599c4fc7c6 100644 --- a/tests/sys/psa_crypto_cipher/Makefile +++ b/tests/sys/psa_crypto_cipher/Makefile @@ -8,8 +8,6 @@ USEMODULE += psa_crypto USEMODULE += psa_cipher USEMODULE += psa_cipher_aes_128_cbc -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c deleted file mode 120000 index 3b052c133690..000000000000 --- a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c new file mode 100644 index 000000000000..058d95967b83 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA cipher configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define AES_128_KEY_SIZE (16) +#define AES_256_KEY_SIZE (32) + +static const uint8_t KEY_128[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +static uint8_t PLAINTEXT[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 +}; +static uint8_t PLAINTEXT_LEN = 32; + +/** + * @brief Example function to perform an AES-128 CBC encryption and decryption + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_cipher_aes_128(void) +{ + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + psa_key_id_t key_id = 0; + psa_key_attributes_t attr = psa_key_attributes_init(); + psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; + + size_t encr_output_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, + PSA_ALG_CBC_NO_PADDING, PLAINTEXT_LEN); + + uint8_t cipher_out[encr_output_size]; + uint8_t plain_out[sizeof(PLAINTEXT)]; + size_t output_len = 0; + + psa_set_key_algorithm(&attr, PSA_ALG_CBC_NO_PADDING); + psa_set_key_usage_flags(&attr, usage); + psa_set_key_bits(&attr, 128); + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + + status = psa_import_key(&attr, KEY_128, AES_128_KEY_SIZE, &key_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_cipher_encrypt(key_id, PSA_ALG_CBC_NO_PADDING, PLAINTEXT, + PLAINTEXT_LEN, cipher_out, encr_output_size, &output_len); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_cipher_decrypt(key_id, PSA_ALG_CBC_NO_PADDING, cipher_out, + sizeof(cipher_out), plain_out, sizeof(plain_out), &output_len); + if (status == PSA_SUCCESS) { + return (memcmp(PLAINTEXT, plain_out, sizeof(plain_out)) ? -1 : 0); + } + return status; +} diff --git a/tests/sys/psa_crypto_cipher/main.c b/tests/sys/psa_crypto_cipher/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_cipher/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_cipher/main.c b/tests/sys/psa_crypto_cipher/main.c new file mode 100644 index 000000000000..acb7809962b6 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/main.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA cipher configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_cipher_aes_128(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + start = ztimer_now(ZTIMER_USEC); + status = example_cipher_aes_128(); + printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_ecdsa/Makefile b/tests/sys/psa_crypto_ecdsa/Makefile index 8b529ac2660a..0eb1e488a4bc 100644 --- a/tests/sys/psa_crypto_ecdsa/Makefile +++ b/tests/sys/psa_crypto_ecdsa/Makefile @@ -10,11 +10,9 @@ USEMODULE += psa_hash_sha_256 USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric_ecc_p256r1 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 - CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096 +CFLAGS += -DTHREAD_STACKSIZE_MAIN=7000 include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c deleted file mode 120000 index 45df4f9cec22..000000000000 --- a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c new file mode 100644 index 000000000000..c110841686ce --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA ECDSA configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define ECDSA_MESSAGE_SIZE (127) + +#define ECC_KEY_SIZE (256) +#define ECC_KEY_TYPE (PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) +#define ECC_ALG_HASH (PSA_ALG_SHA_256) +#define ECC_ALG (PSA_ALG_ECDSA(ECC_ALG_HASH)) + +/** + * @brief Example function to perform an ECDSA operation with a NIST P256 curve + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_ecdsa_p256(void) +{ + psa_key_id_t privkey_id; + psa_key_attributes_t privkey_attr = psa_key_attributes_init(); + psa_key_id_t pubkey_id; + psa_key_attributes_t pubkey_attr = psa_key_attributes_init(); + + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; + + uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE)] = { 0 }; + size_t pubkey_length; + uint8_t signature[PSA_SIGN_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE, ECC_ALG)]; + size_t sig_length; + uint8_t msg[ECDSA_MESSAGE_SIZE] = { 0x0b }; + uint8_t hash[PSA_HASH_LENGTH(ECC_ALG_HASH)]; + size_t hash_length; + + psa_set_key_algorithm(&privkey_attr, ECC_ALG); + psa_set_key_usage_flags(&privkey_attr, usage); + psa_set_key_type(&privkey_attr, ECC_KEY_TYPE); + psa_set_key_bits(&privkey_attr, ECC_KEY_SIZE); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + + status = psa_generate_key(&privkey_attr, &privkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_export_public_key(privkey_id, public_key, sizeof(public_key), &pubkey_length); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compute(ECC_ALG_HASH, msg, sizeof(msg), hash, sizeof(hash), &hash_length); + if (status != PSA_SUCCESS) { + return status; + } + + psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE); + psa_set_key_algorithm(&pubkey_attr, ECC_ALG); + psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); + + status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_sign_hash(privkey_id, ECC_ALG, hash, sizeof(hash), signature, sizeof(signature), + &sig_length); + if (status != PSA_SUCCESS) { + return status; + } + + /* verify on original message with internal hashing operation */ + return psa_verify_message(pubkey_id, ECC_ALG, msg, sizeof(msg), signature, sig_length); +} diff --git a/tests/sys/psa_crypto_ecdsa/main.c b/tests/sys/psa_crypto_ecdsa/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_ecdsa/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_ecdsa/main.c b/tests/sys/psa_crypto_ecdsa/main.c new file mode 100644 index 000000000000..3d402a596a6e --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/main.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA ECDSA configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_ecdsa_p256(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + start = ztimer_now(ZTIMER_USEC); + status = example_ecdsa_p256(); + printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_eddsa/Makefile b/tests/sys/psa_crypto_eddsa/Makefile index 578eeaf74769..caa696cb96fe 100644 --- a/tests/sys/psa_crypto_eddsa/Makefile +++ b/tests/sys/psa_crypto_eddsa/Makefile @@ -8,10 +8,8 @@ USEMODULE += psa_crypto USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric_ecc_ed25519 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 - CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096 diff --git a/tests/sys/psa_crypto_eddsa/example_eddsa.c b/tests/sys/psa_crypto_eddsa/example_eddsa.c deleted file mode 120000 index adbd7d233d7f..000000000000 --- a/tests/sys/psa_crypto_eddsa/example_eddsa.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_eddsa.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_eddsa/example_eddsa.c b/tests/sys/psa_crypto_eddsa/example_eddsa.c new file mode 100644 index 000000000000..814ec373c9e4 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/example_eddsa.c @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2023 TU Dresden + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA EDDSA configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define EDDSA_MESSAGE_SIZE (127) + +#define ECC_KEY_SIZE (255) +#define ECC_KEY_TYPE (PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) +#define ECC_ALG (PSA_ALG_PURE_EDDSA) + +/** + * @brief Example function to perform an EdDSA operation with the twisted Edwards curve Edwards25519 + * with the PSA Crypto API. + */ +psa_status_t example_eddsa(void) +{ + psa_key_id_t privkey_id; + psa_key_attributes_t privkey_attr = psa_key_attributes_init(); + psa_key_id_t pubkey_id; + psa_key_attributes_t pubkey_attr = psa_key_attributes_init(); + + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; + + uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE)] = { 0 }; + size_t pubkey_length; + uint8_t signature[PSA_SIGN_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE, ECC_ALG)]; + size_t sig_length; + uint8_t msg[EDDSA_MESSAGE_SIZE] = { 0x0b }; + + psa_set_key_algorithm(&privkey_attr, ECC_ALG); + psa_set_key_usage_flags(&privkey_attr, usage); + psa_set_key_type(&privkey_attr, ECC_KEY_TYPE); + psa_set_key_bits(&privkey_attr, ECC_KEY_SIZE); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + + status = psa_generate_key(&privkey_attr, &privkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_export_public_key(privkey_id, public_key, sizeof(public_key), &pubkey_length); + if (status != PSA_SUCCESS) { + return status; + } + + psa_set_key_algorithm(&pubkey_attr, ECC_ALG); + psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE); + psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(ECC_KEY_TYPE)); + + status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_sign_message(privkey_id, ECC_ALG, msg, sizeof(msg), signature, sizeof(signature), + &sig_length); + if (status != PSA_SUCCESS) { + return status; + } + + return psa_verify_message(pubkey_id, ECC_ALG, msg, sizeof(msg), signature, sig_length); +} diff --git a/tests/sys/psa_crypto_eddsa/main.c b/tests/sys/psa_crypto_eddsa/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_eddsa/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_eddsa/main.c b/tests/sys/psa_crypto_eddsa/main.c new file mode 100644 index 000000000000..eca0de336c1d --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/main.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA EDDSA configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_eddsa(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + start = ztimer_now(ZTIMER_USEC); + status = example_eddsa(); + printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_hashes/Makefile b/tests/sys/psa_crypto_hashes/Makefile index 637abf14e0d1..65d172acd334 100644 --- a/tests/sys/psa_crypto_hashes/Makefile +++ b/tests/sys/psa_crypto_hashes/Makefile @@ -8,6 +8,4 @@ USEMODULE += psa_crypto USEMODULE += psa_hash USEMODULE += psa_hash_sha_256 -SHOULD_RUN_KCONFIG := - include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_hashes/Makefile.ci b/tests/sys/psa_crypto_hashes/Makefile.ci index 363d4f3a79ad..824b869d3ae5 100644 --- a/tests/sys/psa_crypto_hashes/Makefile.ci +++ b/tests/sys/psa_crypto_hashes/Makefile.ci @@ -1,4 +1,9 @@ BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ atmega8 \ nucleo-l011k4 \ # diff --git a/tests/sys/psa_crypto_hashes/example_hash_sha256.c b/tests/sys/psa_crypto_hashes/example_hash_sha256.c new file mode 100644 index 000000000000..783086d59106 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/example_hash_sha256.c @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2024 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA hash configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include "psa/crypto.h" + +static const uint8_t HASH_MSG[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74, + 0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72, + 0x20, 0x68, 0x6d, 0x61, 0x63, 0x32, 0x35, 0x36 +}; + +psa_status_t example_hash_sha256(void) +{ + uint8_t hash_out[PSA_HASH_LENGTH(PSA_ALG_SHA_256)]; + size_t hash_length; + + return psa_hash_compute(PSA_ALG_SHA_256, HASH_MSG, sizeof(HASH_MSG), hash_out, sizeof(hash_out), &hash_length); +} diff --git a/tests/sys/psa_crypto_hashes/main.c b/tests/sys/psa_crypto_hashes/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_hashes/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_hashes/main.c b/tests/sys/psa_crypto_hashes/main.c new file mode 100644 index 000000000000..55205edca5c5 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/main.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2024 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Test application for PSA hash configuration + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_hash_sha256(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + status = example_hash_sha256(); + printf("Hash SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("Hash SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_mac/Makefile b/tests/sys/psa_crypto_mac/Makefile index 126d573540d3..71e7941d1e36 100644 --- a/tests/sys/psa_crypto_mac/Makefile +++ b/tests/sys/psa_crypto_mac/Makefile @@ -8,8 +8,6 @@ USEMODULE += psa_crypto USEMODULE += psa_mac USEMODULE += psa_mac_hmac_sha_256 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_mac/Makefile.ci b/tests/sys/psa_crypto_mac/Makefile.ci index 4231c2eb61e5..824b869d3ae5 100644 --- a/tests/sys/psa_crypto_mac/Makefile.ci +++ b/tests/sys/psa_crypto_mac/Makefile.ci @@ -6,6 +6,4 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega328p-xplained-mini \ atmega8 \ nucleo-l011k4 \ - samd10-xmini \ - stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_mac/example_hmac_sha256.c deleted file mode 120000 index 710efbeabcde..000000000000 --- a/tests/sys/psa_crypto_mac/example_hmac_sha256.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_mac/example_hmac_sha256.c new file mode 100644 index 000000000000..43c48c97bd2d --- /dev/null +++ b/tests/sys/psa_crypto_mac/example_hmac_sha256.c @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA HMAC SHA256 configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +static const uint8_t HMAC_KEY[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b +}; +static size_t HMAC_KEY_LEN = 32; + +static const uint8_t HMAC_MSG[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74, + 0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72, + 0x20, 0x68, 0x6d, 0x61, 0x63, 0x32, 0x35, 0x36 +}; +static size_t HMAC_MSG_LEN = 32; + +/** + * @brief Example function to perform an HMAC SHA-256 computation + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_hmac_sha256(void) +{ + psa_key_attributes_t attr = psa_key_attributes_init(); + psa_key_id_t key_id = 0; + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_MESSAGE; + + size_t digest_size = + PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, HMAC_KEY_LEN, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + uint8_t digest[digest_size]; + size_t output_len = 0; + + psa_set_key_algorithm(&attr, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + psa_set_key_usage_flags(&attr, usage); + psa_set_key_bits(&attr, PSA_BYTES_TO_BITS(HMAC_KEY_LEN)); + psa_set_key_type(&attr, PSA_KEY_TYPE_HMAC); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + status = psa_import_key(&attr, HMAC_KEY, HMAC_KEY_LEN, &key_id); + if (status != PSA_SUCCESS) { + return status; + } + + return psa_mac_compute(key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256), + HMAC_MSG, HMAC_MSG_LEN, digest, digest_size, + &output_len); +} diff --git a/tests/sys/psa_crypto_mac/main.c b/tests/sys/psa_crypto_mac/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_mac/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_mac/main.c b/tests/sys/psa_crypto_mac/main.c new file mode 100644 index 000000000000..87ec31466d14 --- /dev/null +++ b/tests/sys/psa_crypto_mac/main.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA HMAC SHA256 configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_hmac_sha256(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + status = example_hmac_sha256(); + printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_se/Makefile b/tests/sys/psa_crypto_se/Makefile index 9186bbff1142..b35e773db7d7 100644 --- a/tests/sys/psa_crypto_se/Makefile +++ b/tests/sys/psa_crypto_se/Makefile @@ -15,10 +15,8 @@ USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3 - CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=4 +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 CFLAGS += -DSECURE_ELEMENT CFLAGS += -DCUSTOM_ATCA_PARAMS diff --git a/tests/sys/psa_crypto_se/Makefile.ci b/tests/sys/psa_crypto_se/Makefile.ci index 04da97e287d4..6e784f7ec2ac 100644 --- a/tests/sys/psa_crypto_se/Makefile.ci +++ b/tests/sys/psa_crypto_se/Makefile.ci @@ -8,5 +8,4 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ - stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se/example_cipher_aes_128.c b/tests/sys/psa_crypto_se/example_cipher_aes_128.c deleted file mode 120000 index 3b052c133690..000000000000 --- a/tests/sys/psa_crypto_se/example_cipher_aes_128.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_cipher_aes_128.c b/tests/sys/psa_crypto_se/example_cipher_aes_128.c new file mode 100644 index 000000000000..b710d9bc7717 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_cipher_aes_128.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define AES_128_KEY_SIZE (16) +#define AES_256_KEY_SIZE (32) + +static const uint8_t KEY_128[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +static uint8_t PLAINTEXT[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 +}; +static uint8_t PLAINTEXT_LEN = 32; + +/** + * @brief Example function to perform an AES-128 CBC encryption and decryption + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_cipher_aes_128(void) +{ + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + psa_key_id_t key_id = 0; + psa_key_attributes_t attr = psa_key_attributes_init(); + psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; + + size_t encr_output_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, + PSA_ALG_CBC_NO_PADDING, PLAINTEXT_LEN); + + uint8_t cipher_out[encr_output_size]; + uint8_t plain_out[sizeof(PLAINTEXT)]; + size_t output_len = 0; + + psa_set_key_algorithm(&attr, PSA_ALG_CBC_NO_PADDING); + psa_set_key_usage_flags(&attr, usage); + psa_set_key_bits(&attr, 128); + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION + (PSA_KEY_LIFETIME_VOLATILE, PSA_ATCA_LOCATION_DEV0); + psa_set_key_lifetime(&attr, lifetime); + + status = psa_import_key(&attr, KEY_128, AES_128_KEY_SIZE, &key_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_cipher_encrypt(key_id, PSA_ALG_CBC_NO_PADDING, PLAINTEXT, + PLAINTEXT_LEN, cipher_out, encr_output_size, &output_len); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_cipher_decrypt(key_id, PSA_ALG_CBC_NO_PADDING, cipher_out, + sizeof(cipher_out), plain_out, sizeof(plain_out), &output_len); + if (status == PSA_SUCCESS) { + return (memcmp(PLAINTEXT, plain_out, sizeof(plain_out)) ? -1 : 0); + } + return status; +} diff --git a/tests/sys/psa_crypto_se/example_ecdsa_p256.c b/tests/sys/psa_crypto_se/example_ecdsa_p256.c deleted file mode 120000 index 45df4f9cec22..000000000000 --- a/tests/sys/psa_crypto_se/example_ecdsa_p256.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_ecdsa_p256.c b/tests/sys/psa_crypto_se/example_ecdsa_p256.c new file mode 100644 index 000000000000..abb0e4cf1b61 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_ecdsa_p256.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define ECDSA_MESSAGE_SIZE (127) + +#define ECC_KEY_SIZE (256) +#define ECC_KEY_TYPE (PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) +#define ECC_ALG_HASH (PSA_ALG_SHA_256) +#define ECC_ALG (PSA_ALG_ECDSA(ECC_ALG_HASH)) + +/** + * @brief Example function to perform an ECDSA operation with a NIST P256 curve + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_ecdsa_p256(void) +{ + psa_key_id_t privkey_id; + psa_key_attributes_t privkey_attr = psa_key_attributes_init(); + psa_key_id_t pubkey_id; + psa_key_attributes_t pubkey_attr = psa_key_attributes_init(); + + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; + + uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE)] = { 0 }; + size_t pubkey_length; + uint8_t signature[PSA_SIGN_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE, ECC_ALG)]; + size_t sig_length; + uint8_t msg[ECDSA_MESSAGE_SIZE] = { 0x0b }; + uint8_t hash[PSA_HASH_LENGTH(ECC_ALG_HASH)]; + size_t hash_length; + + psa_set_key_algorithm(&privkey_attr, ECC_ALG); + psa_set_key_usage_flags(&privkey_attr, usage); + psa_set_key_type(&privkey_attr, ECC_KEY_TYPE); + psa_set_key_bits(&privkey_attr, ECC_KEY_SIZE); + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_LIFETIME_VOLATILE, PSA_ATCA_LOCATION_DEV0); + psa_set_key_lifetime(&privkey_attr, lifetime); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + + status = psa_generate_key(&privkey_attr, &privkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_export_public_key(privkey_id, public_key, sizeof(public_key), &pubkey_length); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compute(ECC_ALG_HASH, msg, sizeof(msg), hash, sizeof(hash), &hash_length); + if (status != PSA_SUCCESS) { + return status; + } + + /* Currently there is no support for message signature and verification on secure elements */ + psa_set_key_lifetime(&pubkey_attr, lifetime); + psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&pubkey_attr, ECC_ALG); + psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); + + status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_sign_hash(privkey_id, ECC_ALG, hash, sizeof(hash), signature, sizeof(signature), + &sig_length); + if (status != PSA_SUCCESS) { + return status; + } + + /* Currently there is only support for hash signature and verification on secure elements, + so we can't verify the message, but only the hash */ + return psa_verify_hash(pubkey_id, ECC_ALG, hash, sizeof(hash), signature, sig_length); +} diff --git a/tests/sys/psa_crypto_se/example_hmac_sha256.c b/tests/sys/psa_crypto_se/example_hmac_sha256.c deleted file mode 120000 index 710efbeabcde..000000000000 --- a/tests/sys/psa_crypto_se/example_hmac_sha256.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_hmac_sha256.c b/tests/sys/psa_crypto_se/example_hmac_sha256.c new file mode 100644 index 000000000000..d43b98391b16 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_hmac_sha256.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +static const uint8_t HMAC_KEY[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b +}; +static size_t HMAC_KEY_LEN = 32; + +static const uint8_t HMAC_MSG[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74, + 0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72, + 0x20, 0x68, 0x6d, 0x61, 0x63, 0x32, 0x35, 0x36 +}; +static size_t HMAC_MSG_LEN = 32; + +/** + * @brief Example function to perform an HMAC SHA-256 computation + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_hmac_sha256(void) +{ + psa_key_attributes_t attr = psa_key_attributes_init(); + psa_key_id_t key_id = 0; + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_MESSAGE; + + size_t digest_size = + PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, HMAC_KEY_LEN, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + uint8_t digest[digest_size]; + size_t output_len = 0; + + psa_set_key_algorithm(&attr, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + psa_set_key_usage_flags(&attr, usage); + psa_set_key_bits(&attr, PSA_BYTES_TO_BITS(HMAC_KEY_LEN)); + psa_set_key_type(&attr, PSA_KEY_TYPE_HMAC); + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_LIFETIME_VOLATILE, PSA_ATCA_LOCATION_DEV0); + psa_set_key_lifetime(&attr, lifetime); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + status = psa_import_key(&attr, HMAC_KEY, HMAC_KEY_LEN, &key_id); + if (status != PSA_SUCCESS) { + return status; + } + + return psa_mac_compute(key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256), + HMAC_MSG, HMAC_MSG_LEN, digest, digest_size, + &output_len); +} diff --git a/tests/sys/psa_crypto_se/main.c b/tests/sys/psa_crypto_se/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_se/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/main.c b/tests/sys/psa_crypto_se/main.c new file mode 100644 index 000000000000..0dc7e712eefc --- /dev/null +++ b/tests/sys/psa_crypto_se/main.c @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_cipher_aes_128(void); +extern psa_status_t example_hmac_sha256(void); +extern psa_status_t example_ecdsa_p256(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + status = example_hmac_sha256(); + printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + start = ztimer_now(ZTIMER_USEC); + status = example_cipher_aes_128(); + printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + start = ztimer_now(ZTIMER_USEC); + status = example_ecdsa_p256(); + printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_se_cipher/Makefile b/tests/sys/psa_crypto_se_cipher/Makefile index f0eca74b1cef..bf9fd77b40d4 100644 --- a/tests/sys/psa_crypto_se_cipher/Makefile +++ b/tests/sys/psa_crypto_se_cipher/Makefile @@ -11,9 +11,7 @@ USEMODULE += psa_secure_element USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 CFLAGS += -DSECURE_ELEMENT CFLAGS += -DCUSTOM_ATCA_PARAMS diff --git a/tests/sys/psa_crypto_se_cipher/Makefile.ci b/tests/sys/psa_crypto_se_cipher/Makefile.ci index 04da97e287d4..6e784f7ec2ac 100644 --- a/tests/sys/psa_crypto_se_cipher/Makefile.ci +++ b/tests/sys/psa_crypto_se_cipher/Makefile.ci @@ -8,5 +8,4 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ - stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c deleted file mode 120000 index 3b052c133690..000000000000 --- a/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c new file mode 100644 index 000000000000..45575f8b5fe4 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element cipher configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define AES_128_KEY_SIZE (16) +#define AES_256_KEY_SIZE (32) + +static const uint8_t KEY_128[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +static uint8_t PLAINTEXT[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 +}; +static uint8_t PLAINTEXT_LEN = 32; + +/** + * @brief Example function to perform an AES-128 CBC encryption and decryption + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_cipher_aes_128(void) +{ + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + psa_key_id_t key_id = 0; + psa_key_attributes_t attr = psa_key_attributes_init(); + psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; + + size_t encr_output_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, + PSA_ALG_CBC_NO_PADDING, PLAINTEXT_LEN); + + uint8_t cipher_out[encr_output_size]; + uint8_t plain_out[sizeof(PLAINTEXT)]; + size_t output_len = 0; + + psa_set_key_algorithm(&attr, PSA_ALG_CBC_NO_PADDING); + psa_set_key_usage_flags(&attr, usage); + psa_set_key_bits(&attr, 128); + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION + (PSA_KEY_LIFETIME_VOLATILE, PSA_ATCA_LOCATION_DEV0); + psa_set_key_lifetime(&attr, lifetime); + + status = psa_import_key(&attr, KEY_128, AES_128_KEY_SIZE, &key_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_cipher_encrypt(key_id, PSA_ALG_CBC_NO_PADDING, PLAINTEXT, + PLAINTEXT_LEN, cipher_out, encr_output_size, &output_len); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_cipher_decrypt(key_id, PSA_ALG_CBC_NO_PADDING, cipher_out, + sizeof(cipher_out), plain_out, sizeof(plain_out), &output_len); + if (status == PSA_SUCCESS) { + return (memcmp(PLAINTEXT, plain_out, sizeof(plain_out)) ? -1 : 0); + } + return status; +} diff --git a/tests/sys/psa_crypto_se_cipher/main.c b/tests/sys/psa_crypto_se_cipher/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_se_cipher/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/main.c b/tests/sys/psa_crypto_se_cipher/main.c new file mode 100644 index 000000000000..69ca7f0e8816 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/main.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_cipher_aes_128(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + start = ztimer_now(ZTIMER_USEC); + status = example_cipher_aes_128(); + printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_se_ecdsa/Makefile b/tests/sys/psa_crypto_se_ecdsa/Makefile index afba066b1de4..339855a50007 100644 --- a/tests/sys/psa_crypto_se_ecdsa/Makefile +++ b/tests/sys/psa_crypto_se_ecdsa/Makefile @@ -13,10 +13,7 @@ USEMODULE += psa_secure_element USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a_ecc_p256 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 - CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=2 CFLAGS += -DSECURE_ELEMENT CFLAGS += -DCUSTOM_ATCA_PARAMS diff --git a/tests/sys/psa_crypto_se_ecdsa/Makefile.ci b/tests/sys/psa_crypto_se_ecdsa/Makefile.ci index 04da97e287d4..6e784f7ec2ac 100644 --- a/tests/sys/psa_crypto_se_ecdsa/Makefile.ci +++ b/tests/sys/psa_crypto_se_ecdsa/Makefile.ci @@ -8,5 +8,4 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ - stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c deleted file mode 120000 index 45df4f9cec22..000000000000 --- a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c new file mode 100644 index 000000000000..29f6e7b31d6c --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element ECDSA configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +#define ECDSA_MESSAGE_SIZE (127) + +#define ECC_KEY_SIZE (256) +#define ECC_KEY_TYPE (PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) +#define ECC_ALG_HASH (PSA_ALG_SHA_256) +#define ECC_ALG (PSA_ALG_ECDSA(ECC_ALG_HASH)) + +/** + * @brief Example function to perform an ECDSA operation with a NIST P256 curve + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_ecdsa_p256(void) +{ + psa_key_id_t privkey_id; + psa_key_attributes_t privkey_attr = psa_key_attributes_init(); + psa_key_id_t pubkey_id; + psa_key_attributes_t pubkey_attr = psa_key_attributes_init(); + + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; + + uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE)] = { 0 }; + size_t pubkey_length; + uint8_t signature[PSA_SIGN_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE, ECC_ALG)]; + size_t sig_length; + uint8_t msg[ECDSA_MESSAGE_SIZE] = { 0x0b }; + uint8_t hash[PSA_HASH_LENGTH(ECC_ALG_HASH)]; + size_t hash_length; + + psa_set_key_algorithm(&privkey_attr, ECC_ALG); + psa_set_key_usage_flags(&privkey_attr, usage); + psa_set_key_type(&privkey_attr, ECC_KEY_TYPE); + psa_set_key_bits(&privkey_attr, ECC_KEY_SIZE); + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_LIFETIME_VOLATILE, PSA_ATCA_LOCATION_DEV0); + psa_set_key_lifetime(&privkey_attr, lifetime); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + + status = psa_generate_key(&privkey_attr, &privkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_export_public_key(privkey_id, public_key, sizeof(public_key), &pubkey_length); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_hash_compute(ECC_ALG_HASH, msg, sizeof(msg), hash, sizeof(hash), &hash_length); + if (status != PSA_SUCCESS) { + return status; + } + + /* Currently there is no support for message signature and verification on secure elements */ + psa_set_key_lifetime(&pubkey_attr, lifetime); + psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&pubkey_attr, ECC_ALG); + psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); + psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); + + status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_sign_hash(privkey_id, ECC_ALG, hash, sizeof(hash), signature, sizeof(signature), + &sig_length); + if (status != PSA_SUCCESS) { + return status; + } + + /* Currently there is only support for hash signature and verification on secure elements, + so we can't verify the message, but only the hash */ + return psa_verify_hash(pubkey_id, ECC_ALG, hash, sizeof(hash), signature, sig_length); +} diff --git a/tests/sys/psa_crypto_se_ecdsa/main.c b/tests/sys/psa_crypto_se_ecdsa/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_se_ecdsa/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/main.c b/tests/sys/psa_crypto_se_ecdsa/main.c new file mode 100644 index 000000000000..cb5e55d237e4 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/main.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element ECDSA configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_ecdsa_p256(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + start = ztimer_now(ZTIMER_USEC); + status = example_ecdsa_p256(); + printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} diff --git a/tests/sys/psa_crypto_se_mac/Makefile b/tests/sys/psa_crypto_se_mac/Makefile index 3783b8062f49..f8e30e084319 100644 --- a/tests/sys/psa_crypto_se_mac/Makefile +++ b/tests/sys/psa_crypto_se_mac/Makefile @@ -11,9 +11,7 @@ USEMODULE += psa_secure_element USEMODULE += psa_secure_element_ateccx08a USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 -ifneq (1, $(SHOULD_RUN_KCONFIG)) - CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 -endif +CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 CFLAGS += -DSECURE_ELEMENT CFLAGS += -DCUSTOM_ATCA_PARAMS diff --git a/tests/sys/psa_crypto_se_mac/Makefile.ci b/tests/sys/psa_crypto_se_mac/Makefile.ci index 04da97e287d4..6e784f7ec2ac 100644 --- a/tests/sys/psa_crypto_se_mac/Makefile.ci +++ b/tests/sys/psa_crypto_se_mac/Makefile.ci @@ -8,5 +8,4 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ - stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c deleted file mode 120000 index 710efbeabcde..000000000000 --- a/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c new file mode 100644 index 000000000000..0d768349ff38 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element HMAC SHA256 configurations + * Contents have been copied from `examples/psa_crypto` + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include + +#include "psa/crypto.h" + +static const uint8_t HMAC_KEY[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b +}; +static size_t HMAC_KEY_LEN = 32; + +static const uint8_t HMAC_MSG[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x73, 0x74, + 0x72, 0x69, 0x6e, 0x67, 0x20, 0x66, 0x6f, 0x72, + 0x20, 0x68, 0x6d, 0x61, 0x63, 0x32, 0x35, 0x36 +}; +static size_t HMAC_MSG_LEN = 32; + +/** + * @brief Example function to perform an HMAC SHA-256 computation + * with the PSA Crypto API. + * + * @return psa_status_t + */ +psa_status_t example_hmac_sha256(void) +{ + psa_key_attributes_t attr = psa_key_attributes_init(); + psa_key_id_t key_id = 0; + psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_MESSAGE; + + size_t digest_size = + PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, HMAC_KEY_LEN, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + uint8_t digest[digest_size]; + size_t output_len = 0; + + psa_set_key_algorithm(&attr, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + psa_set_key_usage_flags(&attr, usage); + psa_set_key_bits(&attr, PSA_BYTES_TO_BITS(HMAC_KEY_LEN)); + psa_set_key_type(&attr, PSA_KEY_TYPE_HMAC); + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_LIFETIME_VOLATILE, PSA_ATCA_LOCATION_DEV0); + psa_set_key_lifetime(&attr, lifetime); + + psa_status_t status = PSA_ERROR_DOES_NOT_EXIST; + status = psa_import_key(&attr, HMAC_KEY, HMAC_KEY_LEN, &key_id); + if (status != PSA_SUCCESS) { + return status; + } + + return psa_mac_compute(key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256), + HMAC_MSG, HMAC_MSG_LEN, digest, digest_size, + &output_len); +} diff --git a/tests/sys/psa_crypto_se_mac/main.c b/tests/sys/psa_crypto_se_mac/main.c deleted file mode 120000 index a9fd2e282575..000000000000 --- a/tests/sys/psa_crypto_se_mac/main.c +++ /dev/null @@ -1 +0,0 @@ -../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/main.c b/tests/sys/psa_crypto_se_mac/main.c new file mode 100644 index 000000000000..351207463047 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/main.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup tests + * @{ + * + * @brief Tests the PSA secure element HMAC SHA256 configurations + * + * @author Mikolai Gütschow + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "psa/crypto.h" +#include "ztimer.h" + +extern psa_status_t example_hmac_sha256(void); + +int main(void) +{ + bool failed = false; + psa_status_t status; + + psa_crypto_init(); + + ztimer_acquire(ZTIMER_USEC); + ztimer_now_t start = ztimer_now(ZTIMER_USEC); + + status = example_hmac_sha256(); + printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); + if (status != PSA_SUCCESS) { + failed = true; + printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); + } + + ztimer_release(ZTIMER_USEC); + + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } + return 0; +} From 545a4dd5e40b5eb48ace9d8df5719353946f1a98 Mon Sep 17 00:00:00 2001 From: Lena Boeckmann Date: Mon, 13 May 2024 18:30:36 +0200 Subject: [PATCH 2/2] tests/sys/psa_crypto_ecdsa: Make stacksize backend dependent --- tests/sys/psa_crypto_ecdsa/Makefile | 8 +++++++- tests/sys/psa_crypto_ecdsa/Makefile.ci | 2 -- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/sys/psa_crypto_ecdsa/Makefile b/tests/sys/psa_crypto_ecdsa/Makefile index 0eb1e488a4bc..2f00387a9131 100644 --- a/tests/sys/psa_crypto_ecdsa/Makefile +++ b/tests/sys/psa_crypto_ecdsa/Makefile @@ -13,6 +13,12 @@ USEMODULE += psa_asymmetric_ecc_p256r1 CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 -CFLAGS += -DTHREAD_STACKSIZE_MAIN=7000 +ifneq (,$(filter psa_asymmetric_ecc_p256r1_backend_microecc,$(USEMODULE))) + CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096 +endif + +ifneq (,$(filter psa_asymmetric_ecc_p256r1_backend_periph,$(USEMODULE))) + CFLAGS += -DTHREAD_STACKSIZE_MAIN=7000 +endif include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_ecdsa/Makefile.ci b/tests/sys/psa_crypto_ecdsa/Makefile.ci index 6a2fca3cafc6..04da97e287d4 100644 --- a/tests/sys/psa_crypto_ecdsa/Makefile.ci +++ b/tests/sys/psa_crypto_ecdsa/Makefile.ci @@ -6,9 +6,7 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega328p \ atmega328p-xplained-mini \ atmega8 \ - nucleo-f031k6 \ nucleo-l011k4 \ samd10-xmini \ - stk3200 \ stm32f030f4-demo \ #