From de09b2a0b4e3f524e135a7d02b0c6043a9380845 Mon Sep 17 00:00:00 2001 From: Lena Boeckmann Date: Thu, 19 Oct 2023 14:23:35 +0200 Subject: [PATCH 1/2] sys/psa_crypto: Build PSA Crypto functions based on module selection --- examples/psa_crypto/Makefile | 4 + examples/psa_crypto/app.config.test.multi_se | 2 + examples/psa_crypto/app.config.test.se | 2 + examples/psa_crypto/main.c | 52 ++++++++++-- pkg/cryptoauthlib/Makefile.dep | 10 ++- pkg/cryptoauthlib/Makefile.include | 8 +- pkg/micro-ecc/Makefile.include | 5 +- sys/auto_init/security/auto_init_atca.c | 2 +- sys/include/psa_crypto/psa/crypto.h | 25 ++++++ sys/include/psa_crypto/psa/crypto_sizes.h | 18 ++-- sys/include/psa_crypto/psa/crypto_struct.h | 70 +++++++++------- sys/psa_crypto/Kconfig.asymmetric | 3 +- sys/psa_crypto/Kconfig.ciphers | 3 +- sys/psa_crypto/Kconfig.hashes | 1 - sys/psa_crypto/Kconfig.keys | 8 +- sys/psa_crypto/Kconfig.mac | 3 +- sys/psa_crypto/Makefile.dep | 14 +++- sys/psa_crypto/Makefile.include | 4 +- sys/psa_crypto/doc.txt | 28 ++++--- .../include/psa_crypto_algorithm_dispatch.h | 13 +++ .../include/psa_crypto_location_dispatch.h | 8 ++ .../include/psa_crypto_slot_management.h | 2 + sys/psa_crypto/psa_crypto.c | 83 ++++++++++++------- .../psa_crypto_algorithm_dispatch.c | 25 ++++++ sys/psa_crypto/psa_crypto_location_dispatch.c | 12 ++- sys/psa_crypto/psa_key_slot_mgmt/Kconfig | 3 +- sys/psa_crypto/psa_key_slot_mgmt/Makefile | 1 - .../psa_crypto_slot_management.c | 59 +++++++------ sys/psa_crypto/psa_se_mgmt/Kconfig | 21 +++-- tests/sys/psa_crypto/Makefile | 5 +- tests/sys/psa_crypto_cipher/Makefile | 17 ++++ tests/sys/psa_crypto_cipher/Makefile.ci | 11 +++ tests/sys/psa_crypto_cipher/README.md | 4 + tests/sys/psa_crypto_cipher/app.config.test | 8 ++ .../example_cipher_aes_128.c | 1 + tests/sys/psa_crypto_cipher/main.c | 1 + tests/sys/psa_crypto_cipher/tests/01-run.py | 13 +++ tests/sys/psa_crypto_ecdsa/Makefile | 20 +++++ tests/sys/psa_crypto_ecdsa/Makefile.ci | 11 +++ tests/sys/psa_crypto_ecdsa/README.md | 4 + tests/sys/psa_crypto_ecdsa/app.config.test | 10 +++ .../sys/psa_crypto_ecdsa/example_ecdsa_p256.c | 1 + tests/sys/psa_crypto_ecdsa/main.c | 1 + tests/sys/psa_crypto_ecdsa/tests/01-run.py | 13 +++ tests/sys/psa_crypto_eddsa/Makefile | 18 ++++ tests/sys/psa_crypto_eddsa/Makefile.ci | 12 +++ tests/sys/psa_crypto_eddsa/README.md | 4 + tests/sys/psa_crypto_eddsa/app.config.test | 8 ++ tests/sys/psa_crypto_eddsa/example_eddsa.c | 1 + tests/sys/psa_crypto_eddsa/main.c | 1 + tests/sys/psa_crypto_eddsa/tests/01-run.py | 13 +++ tests/sys/psa_crypto_hashes/Makefile | 13 +++ tests/sys/psa_crypto_hashes/Makefile.ci | 3 + tests/sys/psa_crypto_hashes/README.md | 4 + tests/sys/psa_crypto_hashes/app.config.test | 6 ++ tests/sys/psa_crypto_hashes/main.c | 1 + tests/sys/psa_crypto_hashes/tests/01-run.py | 13 +++ tests/sys/psa_crypto_mac/Makefile | 17 ++++ tests/sys/psa_crypto_mac/Makefile.ci | 9 ++ tests/sys/psa_crypto_mac/README.md | 4 + tests/sys/psa_crypto_mac/app.config.test | 8 ++ .../sys/psa_crypto_mac/example_hmac_sha256.c | 1 + tests/sys/psa_crypto_mac/main.c | 1 + tests/sys/psa_crypto_mac/tests/01-run.py | 13 +++ tests/sys/psa_crypto_se/Makefile | 30 +++++++ tests/sys/psa_crypto_se/Makefile.ci | 10 +++ tests/sys/psa_crypto_se/README.md | 4 + tests/sys/psa_crypto_se/app.config.test | 14 ++++ tests/sys/psa_crypto_se/custom_atca_params.h | 1 + .../psa_crypto_se/example_cipher_aes_128.c | 1 + tests/sys/psa_crypto_se/example_ecdsa_p256.c | 1 + tests/sys/psa_crypto_se/example_hmac_sha256.c | 1 + tests/sys/psa_crypto_se/main.c | 1 + tests/sys/psa_crypto_se/tests/01-run.py | 13 +++ tests/sys/psa_crypto_se_cipher/Makefile | 26 ++++++ tests/sys/psa_crypto_se_cipher/Makefile.ci | 11 +++ tests/sys/psa_crypto_se_cipher/README.md | 5 ++ .../sys/psa_crypto_se_cipher/app.config.test | 9 ++ .../psa_crypto_se_cipher/custom_atca_params.h | 1 + .../example_cipher_aes_128.c | 1 + tests/sys/psa_crypto_se_cipher/main.c | 1 + .../sys/psa_crypto_se_cipher/tests/01-run.py | 13 +++ tests/sys/psa_crypto_se_ecdsa/Makefile | 28 +++++++ tests/sys/psa_crypto_se_ecdsa/Makefile.ci | 10 +++ tests/sys/psa_crypto_se_ecdsa/README.md | 5 ++ tests/sys/psa_crypto_se_ecdsa/app.config.test | 12 +++ .../psa_crypto_se_ecdsa/custom_atca_params.h | 1 + .../psa_crypto_se_ecdsa/example_ecdsa_p256.c | 1 + tests/sys/psa_crypto_se_ecdsa/main.c | 1 + tests/sys/psa_crypto_se_ecdsa/tests/01-run.py | 13 +++ tests/sys/psa_crypto_se_mac/Makefile | 25 ++++++ tests/sys/psa_crypto_se_mac/Makefile.ci | 11 +++ tests/sys/psa_crypto_se_mac/README.md | 5 ++ tests/sys/psa_crypto_se_mac/app.config.test | 9 ++ .../psa_crypto_se_mac/custom_atca_params.h | 1 + .../psa_crypto_se_mac/example_hmac_sha256.c | 1 + tests/sys/psa_crypto_se_mac/main.c | 1 + tests/sys/psa_crypto_se_mac/tests/01-run.py | 13 +++ 98 files changed, 892 insertions(+), 147 deletions(-) create mode 100644 tests/sys/psa_crypto_cipher/Makefile create mode 100644 tests/sys/psa_crypto_cipher/Makefile.ci create mode 100644 tests/sys/psa_crypto_cipher/README.md create mode 100644 tests/sys/psa_crypto_cipher/app.config.test create mode 120000 tests/sys/psa_crypto_cipher/example_cipher_aes_128.c create mode 120000 tests/sys/psa_crypto_cipher/main.c create mode 100755 tests/sys/psa_crypto_cipher/tests/01-run.py create mode 100644 tests/sys/psa_crypto_ecdsa/Makefile create mode 100644 tests/sys/psa_crypto_ecdsa/Makefile.ci create mode 100644 tests/sys/psa_crypto_ecdsa/README.md create mode 100644 tests/sys/psa_crypto_ecdsa/app.config.test create mode 120000 tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c create mode 120000 tests/sys/psa_crypto_ecdsa/main.c create mode 100755 tests/sys/psa_crypto_ecdsa/tests/01-run.py create mode 100644 tests/sys/psa_crypto_eddsa/Makefile create mode 100644 tests/sys/psa_crypto_eddsa/Makefile.ci create mode 100644 tests/sys/psa_crypto_eddsa/README.md create mode 100644 tests/sys/psa_crypto_eddsa/app.config.test create mode 120000 tests/sys/psa_crypto_eddsa/example_eddsa.c create mode 120000 tests/sys/psa_crypto_eddsa/main.c create mode 100755 tests/sys/psa_crypto_eddsa/tests/01-run.py create mode 100644 tests/sys/psa_crypto_hashes/Makefile create mode 100644 tests/sys/psa_crypto_hashes/Makefile.ci create mode 100644 tests/sys/psa_crypto_hashes/README.md create mode 100644 tests/sys/psa_crypto_hashes/app.config.test create mode 120000 tests/sys/psa_crypto_hashes/main.c create mode 100755 tests/sys/psa_crypto_hashes/tests/01-run.py create mode 100644 tests/sys/psa_crypto_mac/Makefile create mode 100644 tests/sys/psa_crypto_mac/Makefile.ci create mode 100644 tests/sys/psa_crypto_mac/README.md create mode 100644 tests/sys/psa_crypto_mac/app.config.test create mode 120000 tests/sys/psa_crypto_mac/example_hmac_sha256.c create mode 120000 tests/sys/psa_crypto_mac/main.c create mode 100755 tests/sys/psa_crypto_mac/tests/01-run.py create mode 100644 tests/sys/psa_crypto_se/Makefile create mode 100644 tests/sys/psa_crypto_se/Makefile.ci create mode 100644 tests/sys/psa_crypto_se/README.md create mode 100644 tests/sys/psa_crypto_se/app.config.test create mode 120000 tests/sys/psa_crypto_se/custom_atca_params.h create mode 120000 tests/sys/psa_crypto_se/example_cipher_aes_128.c create mode 120000 tests/sys/psa_crypto_se/example_ecdsa_p256.c create mode 120000 tests/sys/psa_crypto_se/example_hmac_sha256.c create mode 120000 tests/sys/psa_crypto_se/main.c create mode 100755 tests/sys/psa_crypto_se/tests/01-run.py create mode 100644 tests/sys/psa_crypto_se_cipher/Makefile create mode 100644 tests/sys/psa_crypto_se_cipher/Makefile.ci create mode 100644 tests/sys/psa_crypto_se_cipher/README.md create mode 100644 tests/sys/psa_crypto_se_cipher/app.config.test create mode 120000 tests/sys/psa_crypto_se_cipher/custom_atca_params.h create mode 120000 tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c create mode 120000 tests/sys/psa_crypto_se_cipher/main.c create mode 100755 tests/sys/psa_crypto_se_cipher/tests/01-run.py create mode 100644 tests/sys/psa_crypto_se_ecdsa/Makefile create mode 100644 tests/sys/psa_crypto_se_ecdsa/Makefile.ci create mode 100644 tests/sys/psa_crypto_se_ecdsa/README.md create mode 100644 tests/sys/psa_crypto_se_ecdsa/app.config.test create mode 120000 tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h create mode 120000 tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c create mode 120000 tests/sys/psa_crypto_se_ecdsa/main.c create mode 100755 tests/sys/psa_crypto_se_ecdsa/tests/01-run.py create mode 100644 tests/sys/psa_crypto_se_mac/Makefile create mode 100644 tests/sys/psa_crypto_se_mac/Makefile.ci create mode 100644 tests/sys/psa_crypto_se_mac/README.md create mode 100644 tests/sys/psa_crypto_se_mac/app.config.test create mode 120000 tests/sys/psa_crypto_se_mac/custom_atca_params.h create mode 120000 tests/sys/psa_crypto_se_mac/example_hmac_sha256.c create mode 120000 tests/sys/psa_crypto_se_mac/main.c create mode 100755 tests/sys/psa_crypto_se_mac/tests/01-run.py diff --git a/examples/psa_crypto/Makefile b/examples/psa_crypto/Makefile index d9780f4c300d..9c38666bffe8 100644 --- a/examples/psa_crypto/Makefile +++ b/examples/psa_crypto/Makefile @@ -48,6 +48,8 @@ else CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 USEMODULE += psa_secure_element USEMODULE += psa_secure_element_ateccx08a + USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 + USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256 else ifeq (2, $(SECURE_ELEMENT)) CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA) @@ -60,6 +62,8 @@ else USEMODULE += psa_secure_element USEMODULE += psa_secure_element_multiple USEMODULE += psa_secure_element_ateccx08a + USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 + USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 USEMODULE += psa_secure_element_ateccx08a_ecc_p256 else ifdef CUSTOM_BACKEND # Necessary configuration when using Make dependency resolution diff --git a/examples/psa_crypto/app.config.test.multi_se b/examples/psa_crypto/app.config.test.multi_se index 4d22339308e5..57ed135f8eb4 100644 --- a/examples/psa_crypto/app.config.test.multi_se +++ b/examples/psa_crypto/app.config.test.multi_se @@ -2,6 +2,8 @@ CONFIG_MODULE_PSA_SECURE_ELEMENT=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y CONFIG_PSA_MAX_SE_COUNT=2 diff --git a/examples/psa_crypto/app.config.test.se b/examples/psa_crypto/app.config.test.se index 939fb1055b92..0fc0d8fd38e3 100644 --- a/examples/psa_crypto/app.config.test.se +++ b/examples/psa_crypto/app.config.test.se @@ -1,6 +1,8 @@ CONFIG_MODULE_PSA_SECURE_ELEMENT=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y CONFIG_PSA_PROTECTED_KEY_COUNT=4 CONFIG_PSA_SINGLE_KEY_COUNT=1 diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c index a45e27220b21..b7f48b76a102 100644 --- a/examples/psa_crypto/main.c +++ b/examples/psa_crypto/main.c @@ -21,22 +21,36 @@ #include "psa/crypto.h" #include "ztimer.h" +#if IS_USED(MODULE_PSA_CIPHER) extern psa_status_t example_cipher_aes_128(void); +#endif +#if IS_USED(MODULE_PSA_MAC) extern psa_status_t example_hmac_sha256(void); +#endif +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) extern psa_status_t example_ecdsa_p256(void); - +#endif +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) #ifndef SECURE_ELEMENT extern psa_status_t example_eddsa(void); #endif +#endif #ifdef MULTIPLE_SE +#if IS_USED(MODULE_PSA_CIPHER) extern psa_status_t example_cipher_aes_128_sec_se(void); +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_MAC) extern psa_status_t example_hmac_sha256_sec_se(void); +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) extern psa_status_t example_ecdsa_p256_sec_se(void); -#endif +#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */ +#endif /* MULTIPLE_SE */ int main(void) { + bool failed = false; psa_status_t status; psa_crypto_init(); @@ -44,60 +58,88 @@ int main(void) ztimer_acquire(ZTIMER_USEC); ztimer_now_t start = ztimer_now(ZTIMER_USEC); + /* Needed in case only hashes are tested */ + (void)status; + (void)start; + +#if IS_USED(MODULE_PSA_MAC) status = example_hmac_sha256(); printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif +#if IS_USED(MODULE_PSA_CIPHER) start = ztimer_now(ZTIMER_USEC); status = example_cipher_aes_128(); printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) start = ztimer_now(ZTIMER_USEC); status = example_ecdsa_p256(); printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif -#ifndef SECURE_ELEMENT +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519) start = ztimer_now(ZTIMER_USEC); status = example_eddsa(); printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status)); } #endif #ifdef MULTIPLE_SE +#if IS_USED(MODULE_PSA_MAC) puts("Running Examples with secondary SE:"); status = example_hmac_sha256_sec_se(); printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_CIPHER) start = ztimer_now(ZTIMER_USEC); status = example_cipher_aes_128_sec_se(); printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1) start = ztimer_now(ZTIMER_USEC); status = example_ecdsa_p256_sec_se(); printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { + failed = true; printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); } -#endif +#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */ +#endif /* MULTIPLE_SE */ ztimer_release(ZTIMER_USEC); - puts("All Done"); + if (failed) { + puts("Tests failed..."); + } + else { + puts("All Done"); + } return 0; } diff --git a/pkg/cryptoauthlib/Makefile.dep b/pkg/cryptoauthlib/Makefile.dep index 207d4f5b0983..a7d7845a7b48 100644 --- a/pkg/cryptoauthlib/Makefile.dep +++ b/pkg/cryptoauthlib/Makefile.dep @@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE))) endif ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE))) - USEMODULE += psa_secure_element_asymmetric + USEMODULE += psa_asymmetric +endif + +ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE))) + USEMODULE += psa_cipher +endif + +ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE))) + USEMODULE += psa_mac endif diff --git a/pkg/cryptoauthlib/Makefile.include b/pkg/cryptoauthlib/Makefile.include index dbeadf22bba2..2acafea0c67c 100644 --- a/pkg/cryptoauthlib/Makefile.include +++ b/pkg/cryptoauthlib/Makefile.include @@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE))) INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity endif -ifneq (,$(filter psa_crypto,$(USEMODULE))) - PSEUDOMODULES += psa_secure_element_ateccx08a - PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256 -endif +PSEUDOMODULES += psa_secure_element_ateccx08a +PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128 +PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256 +PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256 diff --git a/pkg/micro-ecc/Makefile.include b/pkg/micro-ecc/Makefile.include index 377bc7317d0c..fc994fb4f994 100644 --- a/pkg/micro-ecc/Makefile.include +++ b/pkg/micro-ecc/Makefile.include @@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable TOOLCHAINS_BLACKLIST += llvm ifneq (,$(filter psa_uecc_%, $(USEMODULE))) - PSEUDOMODULES += psa_uecc_p192 - PSEUDOMODULES += psa_uecc_p256 DIRS += $(RIOTPKG)/micro-ecc/psa_uecc INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include endif + +PSEUDOMODULES += psa_uecc_p192 +PSEUDOMODULES += psa_uecc_p256 diff --git a/sys/auto_init/security/auto_init_atca.c b/sys/auto_init/security/auto_init_atca.c index a9a8fdf4287d..3e7a368d907f 100644 --- a/sys/auto_init/security/auto_init_atca.c +++ b/sys/auto_init/security/auto_init_atca.c @@ -50,7 +50,7 @@ void auto_init_atca(void) } atca_devs_ptr[i] = &atca_devs[i]; - DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc); + DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc); status = psa_register_secure_element(atca_params[i].atca_loc, &atca_methods, &atca_config_list[i], diff --git a/sys/include/psa_crypto/psa/crypto.h b/sys/include/psa_crypto/psa/crypto.h index 19f8fe718e50..7ccc494f9ed2 100644 --- a/sys/include/psa_crypto/psa/crypto.h +++ b/sys/include/psa_crypto/psa/crypto.h @@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status); */ psa_status_t psa_crypto_init(void); +#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN) /** * @brief Process an authenticated encryption operation. * @@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, * initialize results in this error code. */ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); +#endif /* MODULE_PSA_AEAD */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN) /** * @brief Encrypt a short message with a public key. * @@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_ASYMMETRIC */ + +#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN) /** * @brief Abort a cipher operation. * @@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Make a copy of a key. * @@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui */ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, psa_key_id_t *key); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ /** * @brief Built-in function for random number generation. @@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output, psa_status_t psa_generate_random(uint8_t *output, size_t output_size); +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Declare the permitted algorithm policy for a key. * @@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes) */ psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_key_attributes_t *attributes); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN) /** * @brief Abort a hash operation. * @@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length); +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Built-in key import function. * @@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, psa_key_id_t *key); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN) /** * @brief Abort a key derivation operation. * @@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope */ psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation, psa_key_id_t expected); +#endif /* PSA_CRYPTO_KEY_DERIVATION */ +#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN) /** * @brief Abort a MAC operation. * @@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg); +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Remove non-essential copies of key material from memory. * @@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, * @return @ref PSA_ERROR_DATA_INVALID */ psa_status_t psa_purge_key(psa_key_id_t key); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN) /** * @brief Perform a key agreement and return the raw shared secret. * @@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_KEY_AGREEMENT */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN) /** * @brief Sign an already-calculated hash with a private key. * @@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key, size_t input_length, const uint8_t *signature, size_t signature_length); +#endif /* MODULE_PSA_ASYMMETRIC */ #ifdef __cplusplus } diff --git a/sys/include/psa_crypto/psa/crypto_sizes.h b/sys/include/psa_crypto/psa/crypto_sizes.h index ecf4f7fa6066..1d3177faa8f8 100644 --- a/sys/include/psa_crypto/psa/crypto_sizes.h +++ b/sys/include/psa_crypto/psa/crypto_sizes.h @@ -79,29 +79,21 @@ extern "C" { * @brief Number of required allocated asymmetric key pair slots. * * @details These should be defined by the developer to - * fit their requirements. The default number is 5. + * fit their requirements. The default number is 0. */ #ifndef CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT -#if (IS_USED(MODULE_PSA_ASYMMETRIC)) -#define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 5 -#else #define CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT 0 #endif -#endif /** * @brief Number of required allocated single key slots. * * @details These should be defined by the developer to - * fit their requirements. The default number is 5. + * fit their requirements. The default number is 0. */ #ifndef CONFIG_PSA_SINGLE_KEY_COUNT -#if (IS_USED(MODULE_PSA_KEY_SLOT_MGMT)) -#define CONFIG_PSA_SINGLE_KEY_COUNT 5 -#else #define CONFIG_PSA_SINGLE_KEY_COUNT 0 #endif -#endif /** * @brief Number of required allocated protected key slots. @@ -110,8 +102,8 @@ extern "C" { * fit their requirements. The default number is 5. */ #ifndef CONFIG_PSA_PROTECTED_KEY_COUNT -#if (IS_USED(MODULE_PSA_SE_MGMT)) -#define CONFIG_PSA_PROTECTED_KEY_COUNT 5 +#if (IS_USED(MODULE_PSA_SECURE_ELEMENT)) +#define CONFIG_PSA_PROTECTED_KEY_COUNT 5 #else #define CONFIG_PSA_PROTECTED_KEY_COUNT 0 #endif @@ -991,7 +983,7 @@ extern "C" { /** * @brief The maximum size of the used key data. */ -#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) || IS_USED(MODULE_PSA_ASYMMETRIC) +#if IS_USED(MODULE_PSA_ASYMMETRIC) #define PSA_MAX_KEY_DATA_SIZE (PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) #else #define PSA_MAX_KEY_DATA_SIZE (CONFIG_PSA_MAX_KEY_SIZE) diff --git a/sys/include/psa_crypto/psa/crypto_struct.h b/sys/include/psa_crypto/psa/crypto_struct.h index 830c9722b0fc..342877eb4e02 100644 --- a/sys/include/psa_crypto/psa/crypto_struct.h +++ b/sys/include/psa_crypto/psa/crypto_struct.h @@ -28,34 +28,7 @@ extern "C" { #include "crypto_sizes.h" #include "crypto_contexts.h" -/** - * @brief Structure containing a hash context and algorithm - */ -struct psa_hash_operation_s { - psa_algorithm_t alg; /**< Operation algorithm */ -#if IS_USED(MODULE_PSA_HASH) - psa_hash_context_t ctx; /**< Operation hash context */ -#endif -}; - -/** - * @brief This macro returns a suitable initializer for a hash operation object of type - * @ref psa_hash_operation_t. - */ -#define PSA_HASH_OPERATION_INIT { 0 } - -/** - * @brief Return an initial value for a hash operation object. - * - * @return struct psa_hash_operation_s - */ -static inline struct psa_hash_operation_s psa_hash_operation_init(void) -{ - const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; - - return v; -} - +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN) /** * @brief Structure storing the key usage policies */ @@ -97,7 +70,9 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void) return v; } +#endif /*(MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN) /** * @brief Structure storing an AEAD operation context * @@ -124,7 +99,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void) return v; } +#endif /* MODULE_PSA_AEAD */ +#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN) /** * @brief Structure storing a cipher operation context */ @@ -135,9 +112,7 @@ struct psa_cipher_operation_s { psa_algorithm_t alg; /**< Operation algorithm*/ /** Union containing cipher contexts for the executing backend */ union cipher_context { -#if IS_USED(MODULE_PSA_CIPHER) psa_cipher_context_t cipher_ctx; /**< Cipher context */ -#endif #if IS_USED(MODULE_PSA_SECURE_ELEMENT_ATECCX08A) || defined(DOXYGEN) psa_se_cipher_context_t se_ctx; /**< SE Cipher context */ #endif @@ -161,7 +136,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) return v; } +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN) /** * @brief This macro returns a suitable initializer for a key derivation operation object of * type @ref psa_key_derivation_operation_t. @@ -188,7 +165,39 @@ static inline struct psa_key_derivation_operation_s psa_key_derivation_operation return v; } +#endif /* MODULE_PSA_KEY_DERIVATION */ + +#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN) +/** + * @brief Structure containing a hash context and algorithm + */ +struct psa_hash_operation_s { + psa_algorithm_t alg; /**< Operation algorithm */ +#if IS_USED(MODULE_PSA_HASH) + psa_hash_context_t ctx; /**< Operation hash context */ +#endif +}; + +/** + * @brief This macro returns a suitable initializer for a hash operation object of type + * @ref psa_hash_operation_t. + */ +#define PSA_HASH_OPERATION_INIT { 0 } + +/** + * @brief Return an initial value for a hash operation object. + * + * @return struct psa_hash_operation_s + */ +static inline struct psa_hash_operation_s psa_hash_operation_init(void) +{ + const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; + + return v; +} +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN) /** * @brief This macro returns a suitable initializer for a MAC operation object of type * @ref psa_mac_operation_t. @@ -215,6 +224,7 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void) return v; } +#endif /* MODULE_PSA_MAC */ #ifdef __cplusplus } diff --git a/sys/psa_crypto/Kconfig.asymmetric b/sys/psa_crypto/Kconfig.asymmetric index 358ba6af4e8c..081d40a6c2ad 100644 --- a/sys/psa_crypto/Kconfig.asymmetric +++ b/sys/psa_crypto/Kconfig.asymmetric @@ -7,8 +7,7 @@ menuconfig MODULE_PSA_ASYMMETRIC bool "PSA Asymmetric Crypto" - select PSA_KEY_CONFIG - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT if MODULE_PSA_ASYMMETRIC diff --git a/sys/psa_crypto/Kconfig.ciphers b/sys/psa_crypto/Kconfig.ciphers index e7d5303a9b25..b6c2104864c4 100644 --- a/sys/psa_crypto/Kconfig.ciphers +++ b/sys/psa_crypto/Kconfig.ciphers @@ -7,8 +7,7 @@ menuconfig MODULE_PSA_CIPHER bool "PSA Ciphers" - select PSA_KEY_CONFIG - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT if MODULE_PSA_CIPHER diff --git a/sys/psa_crypto/Kconfig.hashes b/sys/psa_crypto/Kconfig.hashes index b4798a26a96b..0225cae24f68 100644 --- a/sys/psa_crypto/Kconfig.hashes +++ b/sys/psa_crypto/Kconfig.hashes @@ -7,7 +7,6 @@ menuconfig MODULE_PSA_HASH bool "PSA Hashes" - select PSA_KEY_CONFIG if MODULE_PSA_HASH diff --git a/sys/psa_crypto/Kconfig.keys b/sys/psa_crypto/Kconfig.keys index 21cff30403ae..fe50ef332142 100644 --- a/sys/psa_crypto/Kconfig.keys +++ b/sys/psa_crypto/Kconfig.keys @@ -7,6 +7,12 @@ menu "PSA Key Management Configuration" +config MODULE_PSA_KEY_MANAGEMENT + bool + select MODULE_PSA_KEY_SLOT_MGMT + help + Activates the PSA Key Management Module + config PSA_KEY_SIZE_128 bool "Application uses key of size 128 Bits" help @@ -44,12 +50,10 @@ config PSA_PROTECTED_KEY_COUNT config PSA_ASYMMETRIC_KEYPAIR_COUNT int "Specifies number of allocated key pair slots" - default 5 if MODULE_PSA_ASYMMETRIC default 0 config PSA_SINGLE_KEY_COUNT int "Specifies number of allocated single key slots" - default 5 if PSA_MAX_KEY_SIZE != 0 default 0 endmenu # PSA Key Management Configuration diff --git a/sys/psa_crypto/Kconfig.mac b/sys/psa_crypto/Kconfig.mac index fcca459f10fb..8cc8b8b1464f 100644 --- a/sys/psa_crypto/Kconfig.mac +++ b/sys/psa_crypto/Kconfig.mac @@ -7,8 +7,7 @@ menuconfig MODULE_PSA_MAC bool "PSA Message Authenticated Ciphers" - select PSA_KEY_CONFIG - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT if MODULE_PSA_MAC diff --git a/sys/psa_crypto/Makefile.dep b/sys/psa_crypto/Makefile.dep index 330c7e29815d..c4026a053ef7 100644 --- a/sys/psa_crypto/Makefile.dep +++ b/sys/psa_crypto/Makefile.dep @@ -5,7 +5,7 @@ endif # Asymmetric ifneq (,$(filter psa_asymmetric,$(USEMODULE))) - USEMODULE += psa_key_slot_mgmt + USEMODULE += psa_key_management endif ## ECC_P192R1 backend @@ -82,7 +82,7 @@ endif # Cipher ifneq (,$(filter psa_cipher,$(USEMODULE))) - USEMODULE += psa_key_slot_mgmt + USEMODULE += psa_key_management endif ## AES-128-ECB backend @@ -242,8 +242,16 @@ ifneq (,$(filter psa_hash_sha_512_backend_riot,$(USEMODULE))) USEMODULE += psa_riot_hashes USEMODULE += psa_riot_hashes_sha_512 endif +# Key Management +ifneq (,$(filter psa_key_management,$(USEMODULE))) + USEMODULE += psa_key_slot_mgmt +endif # MAC +ifneq (,$(filter psa_mac,$(USEMODULE))) + USEMODULE += psa_key_management +endif + ## HMAC SHA-256 ifneq (,$(filter psa_mac_hmac_sha_256,$(USEMODULE))) ifeq (,$(filter psa_mac_hmac_sha_256_custom_backend,$(USEMODULE))) @@ -271,7 +279,7 @@ endif # Secure Elements ifneq (,$(filter psa_secure_element,$(USEMODULE))) USEMODULE += psa_se_mgmt - USEMODULE += psa_key_slot_mgmt + USEMODULE += psa_key_management endif ifneq (,$(filter psa_secure_element_ateccx08a, $(USEMODULE))) diff --git a/sys/psa_crypto/Makefile.include b/sys/psa_crypto/Makefile.include index 949c29436570..569eff42bc39 100644 --- a/sys/psa_crypto/Makefile.include +++ b/sys/psa_crypto/Makefile.include @@ -146,6 +146,9 @@ ifneq (,$(filter psa_hash_sha_512,$(USEMODULE))) endif endif +## Key Management +PSEUDOMODULES += psa_key_management + ## MAC PSEUDOMODULES += psa_mac PSEUDOMODULES += psa_mac_hmac_sha_256 @@ -162,6 +165,5 @@ endif ## Secure Elements PSEUDOMODULES += psa_secure_element -PSEUDOMODULES += psa_secure_element_asymmetric PSEUDOMODULES += psa_secure_element_config PSEUDOMODULES += psa_secure_element_multiple diff --git a/sys/psa_crypto/doc.txt b/sys/psa_crypto/doc.txt index a3c4935fe48a..5a6463f7509a 100644 --- a/sys/psa_crypto/doc.txt +++ b/sys/psa_crypto/doc.txt @@ -316,13 +316,14 @@ * * ### Secure Elements * Base: - * * - psa_secure_element * - psa_secure_element_multiple * * #### SE Types * - psa_secure_element_ateccx08a + * - psa_secure_element_ateccx08a_cipher_aes_128 * - psa_secure_element_ateccx08a_ecc_p256 + * - psa_secure_element_ateccx08a_hmac_sha256 * * Random Number Generation {#rng} * === @@ -372,7 +373,7 @@ * @code * CONFIG_PSA_SECURE_ELEMENT=y * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y // device example - * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC=y + * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y * @endcode * * or added to the the Makefile: @@ -439,10 +440,10 @@ * In RIOT, module names are generated from path names, so if you create a directory for * your sourcefiles, the module name will be the same as the directory name. It is possible * to change that by declaring a new module name in the Makefile by adding the line - * your_module_name`. + * `MODULE := your_module_name`. * * If you leave it like this, all sourcefiles in the path corresponding to the module name will be - * built (e.g. if you choose to module `hashes`, all files in `sys/hashes` will be included). + * built (e.g. if you choose the module `hashes`, all files in `sys/hashes` will be included). * For better configurability it is possible to add submodules (see * `sys/hashes/psa_riot_hashes` for example). * In that case the base module name will be the directory name and each file inside the directory @@ -960,17 +961,20 @@ * key, which requires a lot less memory space. * * **BUT:** If your secure element supports asymmetric cryptography and exports a public key part - * during key generation, that key part must be stored somewhere. This is why there needs to be - * an option to tell PSA Crypto that an application is going to perform asymmetric operations. - * Only if that option is selected, the protected key slots will have the space to store a public + * during key generation, that key part must be stored somewhere. So when you choose an + * asymmetric operation, the protected key slots will have the space to store a public * key. * + * #### Dependencies + * Secure Element operations also depend on the PSA modules. E.g. when you want to use an ECC + * operation, you need to make sure that you also build the asymmetric PSA functions. + * * For this we need to add the following to the `superSE` menu: * @code * config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256 * bool "Our Vendor's Elliptic Curve P256" * select PSA_KEY_SIZE_256 - * select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC + * select MODULE_PSA_ASYMMETRIC * depends on MODULE_PSA_SECURE_ELEMENT_SUPERSE * @endcode * This tells us, what size a key slot should have to store the public key. If your SE supports @@ -995,9 +999,11 @@ * endif * * ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE))) - * USEMODULE += psa_secure_element_asymmetric + * USEMODULE += psa_asymmetric * endif - * - * Now the secure element should be available for use with PSA Crypto. * @endcode + * This needs to be done for all other supported operations (e.g. ATECCX08 operations in + * `pkg/cryptoauthlib/Makefile.include`, `pkg/cryptoauthlib/Makefile.dep` and + * `sys/psa_crypto/psa_se_mgmt/Kconfig`. Now the secure element should be available for use + * with PSA Crypto. */ diff --git a/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h b/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h index e17be7341964..dd0e16085d95 100644 --- a/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h +++ b/sys/psa_crypto/include/psa_crypto_algorithm_dispatch.h @@ -28,8 +28,12 @@ extern "C" { #include #include "kernel_defines.h" #include "psa/crypto.h" + +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) #include "psa_crypto_slot_management.h" +#endif +#if IS_USED(MODULE_PSA_HASH) /** * @brief Dispatch a hash setup function to a specific backend. * See @ref psa_hash_setup() @@ -68,7 +72,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length); +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) /** * @brief Dispatch a hash signature function to a specific backend. * See @ref psa_sign_hash() @@ -156,7 +162,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t * size_t input_length, const uint8_t *signature, size_t signature_length); +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Dispatch the key generation function to a specific backend. * See @ref psa_generate_key() @@ -167,7 +175,9 @@ psa_status_t psa_algorithm_dispatch_verify_message( const psa_key_attributes_t * */ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot); +#endif +#if IS_USED(MODULE_PSA_CIPHER) /** * @brief Dispatch a cipher encrypt function to a specific backend. * See @ref psa_cipher_encrypt() @@ -213,7 +223,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t * uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_MAC) /** * @brief Dispatch a mac computation function to a specific backend. * See @ref psa_mac_compute() @@ -236,6 +248,7 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr uint8_t *mac, size_t mac_size, size_t *mac_length); +#endif #ifdef __cplusplus } diff --git a/sys/psa_crypto/include/psa_crypto_location_dispatch.h b/sys/psa_crypto/include/psa_crypto_location_dispatch.h index 4ec493fd01e9..5190bb3a77ff 100644 --- a/sys/psa_crypto/include/psa_crypto_location_dispatch.h +++ b/sys/psa_crypto/include/psa_crypto_location_dispatch.h @@ -29,6 +29,7 @@ extern "C" { #include "kernel_defines.h" #include "psa/crypto.h" +#if IS_USED(MODULE_PSA_ASYMMETRIC) /** * @brief Dispatch call of a hash signature function to a location specific backend. * See psa_sign_hash() @@ -116,7 +117,9 @@ psa_status_t psa_location_dispatch_verify_message(const psa_key_attributes_t *at size_t input_length, const uint8_t *signature, size_t signature_length); +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_MAC) /** * @brief Dispatch call of a mac computation function to a location specific backend. * See psa_mac_compute() @@ -139,7 +142,9 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri uint8_t *mac, size_t mac_size, size_t *mac_length); +#endif +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Dispatch call of the key generation function to a location specific backend. * See psa_generate_key() @@ -165,7 +170,9 @@ psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attr psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, psa_key_slot_t *slot, size_t *bits); +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) /** * @brief Dispatch call of a cipher encrypt setup function to a location specific backend. * See psa_cipher_setup() @@ -254,6 +261,7 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t * uint8_t *output, size_t output_size, size_t *output_length); +#endif /* MODULE_PSA_CIPHER */ /** * @brief Dispatch call of a random number generator to a specific backend. diff --git a/sys/psa_crypto/include/psa_crypto_slot_management.h b/sys/psa_crypto/include/psa_crypto_slot_management.h index 169faf2d6f9e..1f84b545ae24 100644 --- a/sys/psa_crypto/include/psa_crypto_slot_management.h +++ b/sys/psa_crypto/include/psa_crypto_slot_management.h @@ -78,10 +78,12 @@ typedef struct { size_t lock_count; /**< Number of entities accessing the slot */ psa_key_attributes_t attr; /**< Attributes associated with the stored key */ /** Structure containing key data */ +#if PSA_SINGLE_KEY_COUNT struct key_data { uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */ size_t data_len; /**< Size of actual key data in bytes */ } key; /**< Key data structure */ +#endif /* PSA_SINGLE_KEY_COUNT */ } psa_key_slot_t; /** diff --git a/sys/psa_crypto/psa_crypto.c b/sys/psa_crypto/psa_crypto.c index a780593f3308..ae53ac1e0b37 100644 --- a/sys/psa_crypto/psa_crypto.c +++ b/sys/psa_crypto/psa_crypto.c @@ -20,9 +20,13 @@ #include #include "psa/crypto.h" + +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) +#include "psa_crypto_slot_management.h" +#endif + #include "psa_crypto_se_driver.h" #include "psa_crypto_se_management.h" -#include "psa_crypto_slot_management.h" #include "psa_crypto_location_dispatch.h" #include "psa_crypto_algorithm_dispatch.h" @@ -38,6 +42,7 @@ */ static uint8_t lib_initialized = 0; +#if IS_USED(MODULE_PSA_HASH) /** * @brief Compares the content of two same-sized buffers while maintaining * constant processing time @@ -60,6 +65,7 @@ static inline int constant_time_memcmp(const uint8_t *a, const uint8_t *b, size_ return diff; } +#endif /* MODULE_PSA_HASH */ const char *psa_status_to_humanly_readable(psa_status_t status) { @@ -126,6 +132,7 @@ psa_status_t psa_crypto_init(void) return PSA_SUCCESS; } +#if IS_USED(MODULE_PSA_AEAD) psa_status_t psa_aead_abort(psa_aead_operation_t *operation) { (void)operation; @@ -295,7 +302,9 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, (void)tag_length; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_AEAD */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, @@ -339,7 +348,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key, (void)output_length; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Checks whether a key's policy permits the usage of a given algorithm * @@ -418,7 +429,9 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_key_id_t id, } return PSA_SUCCESS; } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) { if (!lib_initialized) { @@ -694,6 +707,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_CIPHER */ + +#if IS_USED(MODULE_PSA_HASH) psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg) { @@ -921,8 +937,36 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, return PSA_SUCCESS; } +#endif /* MODULE_PSA_HASH */ + +psa_status_t psa_builtin_generate_random(uint8_t *output, + size_t output_size) +{ + if (!output) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* TODO: Should point to a CSPRNG API in the future */ + random_bytes(output, output_size); + return PSA_SUCCESS; +} + +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size) +{ + if (!lib_initialized) { + return PSA_ERROR_BAD_STATE; + } + + if (!output) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + return psa_location_dispatch_generate_random(output, output_size); +} /* Key Management */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) /** * @brief Check whether the key policy is valid * @@ -994,7 +1038,7 @@ static psa_status_t psa_validate_key_for_key_generation(psa_key_type_t type, siz if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { return psa_validate_unstructured_key_size(type, bits); } -#if IS_USED(MODULE_PSA_ASYMMETRIC) || IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) +#if IS_USED(MODULE_PSA_ASYMMETRIC) else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { return PSA_ECC_KEY_SIZE_IS_VALID(type, bits) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT; } @@ -1351,32 +1395,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, return status; } -psa_status_t psa_builtin_generate_random( uint8_t *output, - size_t output_size) -{ - if (!output) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* TODO: Should point to a CSPRNG API in the future */ - random_bytes(output, output_size); - return PSA_SUCCESS; -} - -psa_status_t psa_generate_random(uint8_t *output, - size_t output_size) -{ - if (!lib_initialized) { - return PSA_ERROR_BAD_STATE; - } - - if (!output) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - return psa_location_dispatch_generate_random(output, output_size); -} - psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_key_attributes_t *attributes) { @@ -1500,7 +1518,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, return status; } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_KEY_DERIVATION) psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) { (void)operation; @@ -1586,7 +1606,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, (void)alg; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_KEY_DERIVATION */ +#if IS_USED(MODULE_PSA_MAC) psa_status_t psa_mac_abort(psa_mac_operation_t *operation) { if (!lib_initialized) { @@ -1763,7 +1785,9 @@ psa_status_t psa_purge_key(psa_key_id_t key) (void)key; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_MAC */ +#if IS_USED(MODULE_PSA_KEY_AGREEMENT) psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_key_id_t private_key, const uint8_t *peer_key, @@ -1781,7 +1805,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, (void)output_length; return PSA_ERROR_NOT_SUPPORTED; } +#endif /* MODULE_PSA_KEY_AGREEMENT */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_sign_hash(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, @@ -2000,3 +2026,4 @@ psa_status_t psa_verify_message(psa_key_id_t key, unlock_status = psa_unlock_key_slot(slot); return ((status == PSA_SUCCESS) ? unlock_status : status); } +#endif /* MODULE_PSA_ASYMMETRIC */ diff --git a/sys/psa_crypto/psa_crypto_algorithm_dispatch.c b/sys/psa_crypto/psa_crypto_algorithm_dispatch.c index 44c2f0532ddb..3a247f857a8f 100644 --- a/sys/psa_crypto/psa_crypto_algorithm_dispatch.c +++ b/sys/psa_crypto/psa_crypto_algorithm_dispatch.c @@ -21,12 +21,28 @@ #include #include "kernel_defines.h" #include "psa/crypto.h" + +#if IS_USED(MODULE_PSA_MAC) #include "psa_mac.h" +#endif + +#if IS_USED(MODULE_PSA_HASH) #include "psa_hashes.h" +#endif + +#if IS_USED(MODULE_PSA_ASYMMETRIC) #include "psa_ecc.h" +#endif + +#if IS_USED(MODULE_PSA_CIPHER) #include "psa_ciphers.h" +#endif + +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) #include "psa_crypto_operation_encoder.h" +#endif +#if IS_USED(MODULE_PSA_HASH) psa_status_t psa_algorithm_dispatch_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg) { @@ -150,7 +166,9 @@ psa_status_t psa_algorithm_dispatch_hash_finish(psa_hash_operation_t *operation, return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_HASH */ +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_algorithm_dispatch_sign_hash( const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -353,7 +371,9 @@ psa_status_t psa_algorithm_dispatch_verify_message(const psa_key_attributes_t *a return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot) { @@ -407,7 +427,9 @@ psa_status_t psa_algorithm_dispatch_generate_key( const psa_key_attributes_t * return psa_builtin_generate_key(attributes, key_data, *key_bytes, key_bytes); } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) psa_status_t psa_algorithm_dispatch_cipher_encrypt( const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -499,7 +521,9 @@ psa_status_t psa_algorithm_dispatch_cipher_decrypt( const psa_key_attributes_t * return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_CIPHER */ +#if IS_USED(MODULE_PSA_MAC) psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -538,3 +562,4 @@ psa_status_t psa_algorithm_dispatch_mac_compute(const psa_key_attributes_t *attr (void)mac_length; return PSA_SUCCESS; } +#endif /* MODULE_PSA_MAC */ diff --git a/sys/psa_crypto/psa_crypto_location_dispatch.c b/sys/psa_crypto/psa_crypto_location_dispatch.c index 367de7afe057..d23fde67dfb9 100644 --- a/sys/psa_crypto/psa_crypto_location_dispatch.c +++ b/sys/psa_crypto/psa_crypto_location_dispatch.c @@ -22,10 +22,12 @@ #include "kernel_defines.h" #include "psa/crypto.h" #include "psa_crypto_algorithm_dispatch.h" -#include "psa_crypto_slot_management.h" #include "psa_crypto_se_management.h" #include "psa_crypto_se_driver.h" +#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) +#include "psa_crypto_slot_management.h" + psa_status_t psa_location_dispatch_generate_key(const psa_key_attributes_t *attributes, psa_key_slot_t *slot) { @@ -104,7 +106,9 @@ psa_status_t psa_location_dispatch_import_key( const psa_key_attributes_t *attri return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* MODULE_PSA_KEY_MANAGEMENT */ +#if IS_USED(MODULE_PSA_CIPHER) psa_status_t psa_location_dispatch_cipher_encrypt_setup( psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const psa_key_slot_t *slot, @@ -335,6 +339,9 @@ psa_status_t psa_location_dispatch_cipher_decrypt( const psa_key_attributes_t * output, output_size, output_length); } +#endif /* MODULE_PSA_CIPHER */ + +#if IS_USED(MODULE_PSA_ASYMMETRIC) psa_status_t psa_location_dispatch_sign_hash( const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -428,7 +435,9 @@ psa_status_t psa_location_dispatch_verify_message( const psa_key_attributes_t * return psa_algorithm_dispatch_verify_message(attributes, alg, slot, input, input_length, signature, signature_length); } +#endif /* MODULE_PSA_ASYMMETRIC */ +#if IS_USED(MODULE_PSA_MAC) psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attributes, psa_algorithm_t alg, const psa_key_slot_t *slot, @@ -462,6 +471,7 @@ psa_status_t psa_location_dispatch_mac_compute(const psa_key_attributes_t *attri return psa_algorithm_dispatch_mac_compute(attributes, alg, slot, input, input_length, mac, mac_size, mac_length); } +#endif /* MODULE_PSA_MAC */ psa_status_t psa_location_dispatch_generate_random(uint8_t *output, size_t output_size) diff --git a/sys/psa_crypto/psa_key_slot_mgmt/Kconfig b/sys/psa_crypto/psa_key_slot_mgmt/Kconfig index a064bf1b2598..ce5a387a30bd 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/Kconfig +++ b/sys/psa_crypto/psa_key_slot_mgmt/Kconfig @@ -7,4 +7,5 @@ config MODULE_PSA_KEY_SLOT_MGMT bool - default y if PACKAGE_PSA_ARCH_TESTS + help + Enable PSA key slot management module diff --git a/sys/psa_crypto/psa_key_slot_mgmt/Makefile b/sys/psa_crypto/psa_key_slot_mgmt/Makefile index 3d213aadd633..89e0b4a80cac 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/Makefile +++ b/sys/psa_crypto/psa_key_slot_mgmt/Makefile @@ -1,4 +1,3 @@ -MODULE := psa_key_slot_mgmt INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include include $(RIOTBASE)/Makefile.base diff --git a/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c b/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c index e50317bde481..0e450a08a3e6 100644 --- a/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c +++ b/sys/psa_crypto/psa_key_slot_mgmt/psa_crypto_slot_management.c @@ -24,7 +24,7 @@ #define ENABLE_DEBUG 0 #include "debug.h" -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT /** * @brief Structure for a protected key slot. * @@ -37,7 +37,7 @@ typedef struct { psa_key_attributes_t attr; struct prot_key_data { psa_key_slot_number_t slot_number; -#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) +#if IS_USED(MODULE_PSA_ASYMMETRIC) uint8_t pubkey_data[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; size_t pubkey_data_len; #endif @@ -53,9 +53,9 @@ static psa_prot_key_slot_t protected_key_slots[PSA_PROTECTED_KEY_COUNT]; * @brief List pointing to empty protected key slots */ static clist_node_t protected_list_empty; -#endif /* MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC */ +#endif /* PSA_PROTECTED_KEY_COUNT */ -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT /** * @brief Structure for asymmetric key pairs. * @@ -87,8 +87,9 @@ static psa_key_pair_slot_t key_pair_slots[PSA_ASYMMETRIC_KEYPAIR_COUNT]; * @brief List pointing to empty asymmetric key slots */ static clist_node_t key_pair_list_empty; -#endif /* MODULE_PSA_ASYMMETRIC */ +#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ +#if PSA_SINGLE_KEY_COUNT /** * @brief Array containing the single key slots */ @@ -98,6 +99,7 @@ static psa_key_slot_t single_key_slots[PSA_SINGLE_KEY_COUNT]; * @brief List pointing to empty single key slots */ static clist_node_t single_key_list_empty; +#endif /** * @brief Global list of used key slots @@ -119,61 +121,61 @@ static psa_key_id_t key_id_count = PSA_KEY_ID_VOLATILE_MIN; static clist_node_t * psa_get_empty_key_slot_list(const psa_key_attributes_t *attr) { if (!psa_key_lifetime_is_external(attr->lifetime)) { -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT if (PSA_KEY_TYPE_IS_KEY_PAIR(attr->type)) { return &key_pair_list_empty; } -#endif /* MODULE_PSA_ASYMMETRIC */ +#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ +#if PSA_SINGLE_KEY_COUNT return &single_key_list_empty; +#endif /* PSA_SINGLE_KEY_COUNT */ } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT return &protected_list_empty; #else return NULL; -#endif /* MODULE_PSA_SECURE_ELEMENT */ +#endif /* PSA_PROTECTED_KEY_COUNT */ } void psa_init_key_slots(void) { - DEBUG("List Node Size: %d\n", sizeof(clist_node_t)); -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT memset(protected_key_slots, 0, sizeof(protected_key_slots)); -#if PSA_PROTECTED_KEY_COUNT for (size_t i = 0; i < PSA_PROTECTED_KEY_COUNT; i++) { clist_rpush(&protected_list_empty, &protected_key_slots[i].node); } -#endif /* PSA_PROTECTED_KEY_COUNT */ DEBUG("Protected Slot Count: %d, Size: %d\n", PSA_PROTECTED_KEY_COUNT, sizeof(psa_prot_key_slot_t)); DEBUG("Protected Slot Array Size: %d\n", sizeof(protected_key_slots)); DEBUG("Protected Slot Empty List Size: %d\n", clist_count(&protected_list_empty)); -#endif /* MODULE_PSA_SECURE_ELEMENT */ +#endif /* PSA_PROTECTED_KEY_COUNT */ -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT memset(key_pair_slots, 0, sizeof(key_pair_slots)); -#if PSA_ASYMMETRIC_KEYPAIR_COUNT for (size_t i = 0; i < PSA_ASYMMETRIC_KEYPAIR_COUNT; i++) { clist_rpush(&key_pair_list_empty, &key_pair_slots[i].node); } -#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ + DEBUG("Asymmetric Slot Count: %d, Size: %d\n", PSA_ASYMMETRIC_KEYPAIR_COUNT, sizeof(psa_key_pair_slot_t)); DEBUG("Asymmetric Slot Array Size: %d\n", sizeof(key_pair_slots)); DEBUG("Asymmetric Slot Empty List Size: %d\n", clist_count(&key_pair_list_empty)); -#endif /* MODULE_PSA_ASYMMETRIC */ +#endif /* PSA_ASYMMETRIC_KEYPAIR_COUNT */ - memset(single_key_slots, 0, sizeof(single_key_slots)); #if PSA_SINGLE_KEY_COUNT + memset(single_key_slots, 0, sizeof(single_key_slots)); + for (size_t i = 0; i < PSA_SINGLE_KEY_COUNT; i++) { clist_rpush(&single_key_list_empty, &single_key_slots[i].node); } -#endif + DEBUG("Single Key Slot Count: %d, Size: %d\n", PSA_SINGLE_KEY_COUNT, sizeof(psa_key_slot_t)); DEBUG("Single Key Slot Array Size: %d\n", sizeof(single_key_slots)); DEBUG("Single Key Slot Empty List Size: %d\n", clist_count(&single_key_list_empty)); +#endif /* PSA_SINGLE_KEY_COUNT */ } /** @@ -189,14 +191,14 @@ static void psa_wipe_real_slot_type(psa_key_slot_t *slot) if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { memset(slot, 0, sizeof(psa_key_slot_t)); } -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#if PSA_ASYMMETRIC_KEYPAIR_COUNT else { memset((psa_key_pair_slot_t *)slot, 0, sizeof(psa_key_pair_slot_t)); } #endif } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if PSA_PROTECTED_KEY_COUNT else { memset((psa_prot_key_slot_t *)slot, 0, sizeof(psa_prot_key_slot_t)); } @@ -483,12 +485,15 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_ if (!psa_key_lifetime_is_external(attr.lifetime)) { +#if PSA_SINGLE_KEY_COUNT if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { *key_data = (uint8_t *)slot->key.data; *key_bytes = (size_t *)&slot->key.data_len; key_data_size = sizeof(slot->key.data); } -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#endif /* PSA_SINGLE_KEY_COUNT */ + +#if PSA_ASYMMETRIC_KEYPAIR_COUNT else { *key_data = ((psa_key_pair_slot_t *)slot)->key.privkey_data; *key_bytes = &((psa_key_pair_slot_t *)slot)->key.privkey_data_len; @@ -499,7 +504,7 @@ size_t psa_get_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t **key_ return key_data_size; } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT) +#if IS_USED(MODULE_PSA_SECURE_ELEMENT) && PSA_PROTECTED_KEY_COUNT psa_key_slot_number_t * psa_key_slot_get_slot_number(const psa_key_slot_t *slot) { return &(((psa_prot_key_slot_t *)slot)->key.slot_number); @@ -519,12 +524,14 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t * } if (!psa_key_lifetime_is_external(attr.lifetime)) { +#if PSA_SINGLE_KEY_COUNT if (!PSA_KEY_TYPE_IS_KEY_PAIR(attr.type)) { *pubkey_data = ((psa_key_slot_t *)slot)->key.data; *pubkey_data_len = &((psa_key_slot_t *)slot)->key.data_len; return; } -#if IS_USED(MODULE_PSA_ASYMMETRIC) +#endif /* PSA_SINGLE_KEY_COUNT */ +#if PSA_ASYMMETRIC_KEYPAIR_COUNT else { *pubkey_data = ((psa_key_pair_slot_t *)slot)->key.pubkey_data; *pubkey_data_len = &((psa_key_pair_slot_t *)slot)->key.pubkey_data_len; @@ -532,7 +539,7 @@ void psa_get_public_key_data_from_key_slot(const psa_key_slot_t *slot, uint8_t * } #endif } -#if IS_USED(MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC) +#if PSA_PROTECTED_KEY_COUNT && IS_USED(MODULE_PSA_ASYMMETRIC) *pubkey_data = ((psa_prot_key_slot_t *)slot)->key.pubkey_data; *pubkey_data_len = &((psa_prot_key_slot_t *)slot)->key.pubkey_data_len; #endif diff --git a/sys/psa_crypto/psa_se_mgmt/Kconfig b/sys/psa_crypto/psa_se_mgmt/Kconfig index 80f017ad799a..ceefd9764791 100644 --- a/sys/psa_crypto/psa_se_mgmt/Kconfig +++ b/sys/psa_crypto/psa_se_mgmt/Kconfig @@ -7,7 +7,7 @@ menuconfig MODULE_PSA_SECURE_ELEMENT bool "PSA Secure Elements" - select MODULE_PSA_KEY_SLOT_MGMT + select MODULE_PSA_KEY_MANAGEMENT select MODULE_PSA_SE_MGMT if MODULE_PSA_SECURE_ELEMENT @@ -33,16 +33,23 @@ menuconfig MODULE_PSA_SECURE_ELEMENT_ATECCX08A config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256 bool "Microchip ATECCX08A Elliptic Curve P256" select PSA_KEY_SIZE_256 - select MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC + select MODULE_PSA_ASYMMETRIC depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A -config MODULE_PSA_SE_MGMT - bool +config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128 + bool "Microchip ATECCX08A Cipher AES 128" + select PSA_KEY_SIZE_128 + select MODULE_PSA_CIPHER + depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A -config MODULE_PSA_SECURE_ELEMENT_ASYMMETRIC +config MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256 + bool "Microchip ATECCX08A HMAC SHA-256" + select PSA_KEY_SIZE_128 + select MODULE_PSA_MAC + depends on MODULE_PSA_SECURE_ELEMENT_ATECCX08A + +config MODULE_PSA_SE_MGMT bool - help - Indicates that an asymmetric operation is used with secure elements. config MODULE_PSA_SECURE_ELEMENT_CONFIG bool diff --git a/tests/sys/psa_crypto/Makefile b/tests/sys/psa_crypto/Makefile index 4d3a999a0cbc..3396041f597f 100644 --- a/tests/sys/psa_crypto/Makefile +++ b/tests/sys/psa_crypto/Makefile @@ -4,9 +4,8 @@ USEMODULE += embunit USEMODULE += psa_crypto -# FIXME: currently only needed for build to succeed -USEMODULE += psa_cipher -USEMODULE += psa_cipher_aes_128_cbc +CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 USEMODULE += psa_asymmetric USEMODULE += psa_asymmetric_ecc_ed25519 diff --git a/tests/sys/psa_crypto_cipher/Makefile b/tests/sys/psa_crypto_cipher/Makefile new file mode 100644 index 000000000000..44b4b8f059c7 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/Makefile @@ -0,0 +1,17 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_cipher +USEMODULE += psa_cipher_aes_128_cbc + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_cipher/Makefile.ci b/tests/sys/psa_crypto_cipher/Makefile.ci new file mode 100644 index 000000000000..6e784f7ec2ac --- /dev/null +++ b/tests/sys/psa_crypto_cipher/Makefile.ci @@ -0,0 +1,11 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-leonardo \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + samd10-xmini \ + # diff --git a/tests/sys/psa_crypto_cipher/README.md b/tests/sys/psa_crypto_cipher/README.md new file mode 100644 index 000000000000..48b3d99f52d3 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Cipher Test + +This is a configuration test for only the cipher of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_cipher/app.config.test b/tests/sys/psa_crypto_cipher/app.config.test new file mode 100644 index 000000000000..cada089f55db --- /dev/null +++ b/tests/sys/psa_crypto_cipher/app.config.test @@ -0,0 +1,8 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_CIPHER=y +CONFIG_MODULE_PSA_CIPHER_AES_128_CBC=y + +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c new file mode 120000 index 000000000000..3b052c133690 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/example_cipher_aes_128.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_cipher/main.c b/tests/sys/psa_crypto_cipher/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_cipher/tests/01-run.py b/tests/sys/psa_crypto_cipher/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_cipher/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_ecdsa/Makefile b/tests/sys/psa_crypto_ecdsa/Makefile new file mode 100644 index 000000000000..12f8f1cf9a00 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/Makefile @@ -0,0 +1,20 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 +USEMODULE += psa_asymmetric +USEMODULE += psa_asymmetric_ecc_p256r1 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_ecdsa/Makefile.ci b/tests/sys/psa_crypto_ecdsa/Makefile.ci new file mode 100644 index 000000000000..6e784f7ec2ac --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/Makefile.ci @@ -0,0 +1,11 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-leonardo \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + samd10-xmini \ + # diff --git a/tests/sys/psa_crypto_ecdsa/README.md b/tests/sys/psa_crypto_ecdsa/README.md new file mode 100644 index 000000000000..6643bec66c74 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/README.md @@ -0,0 +1,4 @@ +# PSA Crypto ECDSA Test + +This is a configuration test for only the ecdsa of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_ecdsa/app.config.test b/tests/sys/psa_crypto_ecdsa/app.config.test new file mode 100644 index 000000000000..9e39cdbd9884 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/app.config.test @@ -0,0 +1,10 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y +CONFIG_MODULE_PSA_ASYMMETRIC=y +CONFIG_MODULE_PSA_ASYMMETRIC_ECC_P256R1=y +CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c new file mode 120000 index 000000000000..45df4f9cec22 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/example_ecdsa_p256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_ecdsa/main.c b/tests/sys/psa_crypto_ecdsa/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_ecdsa/tests/01-run.py b/tests/sys/psa_crypto_ecdsa/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_ecdsa/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_eddsa/Makefile b/tests/sys/psa_crypto_eddsa/Makefile new file mode 100644 index 000000000000..92ae917a4f82 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/Makefile @@ -0,0 +1,18 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_asymmetric +USEMODULE += psa_asymmetric_ecc_ed25519 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_eddsa/Makefile.ci b/tests/sys/psa_crypto_eddsa/Makefile.ci new file mode 100644 index 000000000000..04da97e287d4 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/Makefile.ci @@ -0,0 +1,12 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-leonardo \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + samd10-xmini \ + stm32f030f4-demo \ + # diff --git a/tests/sys/psa_crypto_eddsa/README.md b/tests/sys/psa_crypto_eddsa/README.md new file mode 100644 index 000000000000..3d2e17c40dd1 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/README.md @@ -0,0 +1,4 @@ +# PSA Crypto EDDSA Test + +This is a configuration test for only the eddsa of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_eddsa/app.config.test b/tests/sys/psa_crypto_eddsa/app.config.test new file mode 100644 index 000000000000..4d19f22e3215 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/app.config.test @@ -0,0 +1,8 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_ASYMMETRIC=y +CONFIG_MODULE_PSA_ASYMMETRIC_ECC_ED25519=y +CONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1 +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_eddsa/example_eddsa.c b/tests/sys/psa_crypto_eddsa/example_eddsa.c new file mode 120000 index 000000000000..adbd7d233d7f --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/example_eddsa.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_eddsa.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_eddsa/main.c b/tests/sys/psa_crypto_eddsa/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_eddsa/tests/01-run.py b/tests/sys/psa_crypto_eddsa/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_eddsa/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_hashes/Makefile b/tests/sys/psa_crypto_hashes/Makefile new file mode 100644 index 000000000000..637abf14e0d1 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/Makefile @@ -0,0 +1,13 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_hashes/Makefile.ci b/tests/sys/psa_crypto_hashes/Makefile.ci new file mode 100644 index 000000000000..94c16ad6a1e0 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/Makefile.ci @@ -0,0 +1,3 @@ +BOARD_INSUFFICIENT_MEMORY := \ + atmega8 + # diff --git a/tests/sys/psa_crypto_hashes/README.md b/tests/sys/psa_crypto_hashes/README.md new file mode 100644 index 000000000000..aca6753f7f29 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Hashes Test + +This is a configuration test for only the hashes of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_hashes/app.config.test b/tests/sys/psa_crypto_hashes/app.config.test new file mode 100644 index 000000000000..d5a63d3a56bf --- /dev/null +++ b/tests/sys/psa_crypto_hashes/app.config.test @@ -0,0 +1,6 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_hashes/main.c b/tests/sys/psa_crypto_hashes/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_hashes/tests/01-run.py b/tests/sys/psa_crypto_hashes/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_hashes/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_mac/Makefile b/tests/sys/psa_crypto_mac/Makefile new file mode 100644 index 000000000000..ee2bd15508cc --- /dev/null +++ b/tests/sys/psa_crypto_mac/Makefile @@ -0,0 +1,17 @@ +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_mac +USEMODULE += psa_mac_hmac_sha_256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_mac/Makefile.ci b/tests/sys/psa_crypto_mac/Makefile.ci new file mode 100644 index 000000000000..824b869d3ae5 --- /dev/null +++ b/tests/sys/psa_crypto_mac/Makefile.ci @@ -0,0 +1,9 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + # diff --git a/tests/sys/psa_crypto_mac/README.md b/tests/sys/psa_crypto_mac/README.md new file mode 100644 index 000000000000..588fade22848 --- /dev/null +++ b/tests/sys/psa_crypto_mac/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Mac Test + +This is a configuration test for only the mac of the PSA crypto module. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_mac/app.config.test b/tests/sys/psa_crypto_mac/app.config.test new file mode 100644 index 000000000000..9e44cc14155f --- /dev/null +++ b/tests/sys/psa_crypto_mac/app.config.test @@ -0,0 +1,8 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_MAC=y +CONFIG_MODULE_PSA_MAC_HMAC_SHA_256=y + +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_mac/example_hmac_sha256.c new file mode 120000 index 000000000000..710efbeabcde --- /dev/null +++ b/tests/sys/psa_crypto_mac/example_hmac_sha256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_mac/main.c b/tests/sys/psa_crypto_mac/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_mac/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_mac/tests/01-run.py b/tests/sys/psa_crypto_mac/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_mac/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se/Makefile b/tests/sys/psa_crypto_se/Makefile new file mode 100644 index 000000000000..4e1286028a79 --- /dev/null +++ b/tests/sys/psa_crypto_se/Makefile @@ -0,0 +1,30 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 +USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 +USEMODULE += psa_secure_element_ateccx08a_ecc_p256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=3 + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se/Makefile.ci b/tests/sys/psa_crypto_se/Makefile.ci new file mode 100644 index 000000000000..54417567ab01 --- /dev/null +++ b/tests/sys/psa_crypto_se/Makefile.ci @@ -0,0 +1,10 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-leonardo \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + # diff --git a/tests/sys/psa_crypto_se/README.md b/tests/sys/psa_crypto_se/README.md new file mode 100644 index 000000000000..3926c8bacf27 --- /dev/null +++ b/tests/sys/psa_crypto_se/README.md @@ -0,0 +1,4 @@ +# PSA Crypto Secure Element Test + +This is a configuration test for all PSA crypto modules using a secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se/app.config.test b/tests/sys/psa_crypto_se/app.config.test new file mode 100644 index 000000000000..4c21b198d750 --- /dev/null +++ b/tests/sys/psa_crypto_se/app.config.test @@ -0,0 +1,14 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y + +CONFIG_PSA_PROTECTED_KEY_COUNT=3 +CONFIG_PSA_SINGLE_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se/custom_atca_params.h b/tests/sys/psa_crypto_se/custom_atca_params.h new file mode 120000 index 000000000000..07865241c624 --- /dev/null +++ b/tests/sys/psa_crypto_se/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_cipher_aes_128.c b/tests/sys/psa_crypto_se/example_cipher_aes_128.c new file mode 120000 index 000000000000..3b052c133690 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_cipher_aes_128.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_ecdsa_p256.c b/tests/sys/psa_crypto_se/example_ecdsa_p256.c new file mode 120000 index 000000000000..45df4f9cec22 --- /dev/null +++ b/tests/sys/psa_crypto_se/example_ecdsa_p256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/example_hmac_sha256.c b/tests/sys/psa_crypto_se/example_hmac_sha256.c new file mode 120000 index 000000000000..710efbeabcde --- /dev/null +++ b/tests/sys/psa_crypto_se/example_hmac_sha256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/main.c b/tests/sys/psa_crypto_se/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_se/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se/tests/01-run.py b/tests/sys/psa_crypto_se/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_se/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se_cipher/Makefile b/tests/sys/psa_crypto_se_cipher/Makefile new file mode 100644 index 000000000000..61e4949d5b31 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/Makefile @@ -0,0 +1,26 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128 + + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se_cipher/Makefile.ci b/tests/sys/psa_crypto_se_cipher/Makefile.ci new file mode 100644 index 000000000000..6e784f7ec2ac --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/Makefile.ci @@ -0,0 +1,11 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-leonardo \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + samd10-xmini \ + # diff --git a/tests/sys/psa_crypto_se_cipher/README.md b/tests/sys/psa_crypto_se_cipher/README.md new file mode 100644 index 000000000000..2666a3a85bde --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/README.md @@ -0,0 +1,5 @@ +# PSA Crypto Cipher Test + +This is a configuration test for only the cipher of the PSA crypto module using +secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se_cipher/app.config.test b/tests/sys/psa_crypto_se_cipher/app.config.test new file mode 100644 index 000000000000..efff02995515 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/app.config.test @@ -0,0 +1,9 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y + +CONFIG_PSA_PROTECTED_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se_cipher/custom_atca_params.h b/tests/sys/psa_crypto_se_cipher/custom_atca_params.h new file mode 120000 index 000000000000..07865241c624 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c new file mode 120000 index 000000000000..3b052c133690 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/example_cipher_aes_128.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_cipher_aes_128.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/main.c b/tests/sys/psa_crypto_se_cipher/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_cipher/tests/01-run.py b/tests/sys/psa_crypto_se_cipher/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_se_cipher/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se_ecdsa/Makefile b/tests/sys/psa_crypto_se_ecdsa/Makefile new file mode 100644 index 000000000000..d0f6cadc62a0 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/Makefile @@ -0,0 +1,28 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_hash +USEMODULE += psa_hash_sha_256 +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_ecc_p256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1 + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se_ecdsa/Makefile.ci b/tests/sys/psa_crypto_se_ecdsa/Makefile.ci new file mode 100644 index 000000000000..9d233d7cd52e --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/Makefile.ci @@ -0,0 +1,10 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + samd10-xmini \ + # diff --git a/tests/sys/psa_crypto_se_ecdsa/README.md b/tests/sys/psa_crypto_se_ecdsa/README.md new file mode 100644 index 000000000000..29eb873293df --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/README.md @@ -0,0 +1,5 @@ +# PSA Crypto Secure Element ECDSA Test + +This is a configuration test for only the ecdsa of the PSA crypto module using +secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se_ecdsa/app.config.test b/tests/sys/psa_crypto_se_ecdsa/app.config.test new file mode 100644 index 000000000000..80906948c4af --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/app.config.test @@ -0,0 +1,12 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_HASH=y +CONFIG_MODULE_PSA_HASH_SHA_256=y +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y + +CONFIG_PSA_SINGLE_KEY_COUNT=1 +CONFIG_PSA_PROTECTED_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h b/tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h new file mode 120000 index 000000000000..07865241c624 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c new file mode 120000 index 000000000000..45df4f9cec22 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/example_ecdsa_p256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_ecdsa_p256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/main.c b/tests/sys/psa_crypto_se_ecdsa/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_ecdsa/tests/01-run.py b/tests/sys/psa_crypto_se_ecdsa/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_se_ecdsa/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) diff --git a/tests/sys/psa_crypto_se_mac/Makefile b/tests/sys/psa_crypto_se_mac/Makefile new file mode 100644 index 000000000000..5130e9acadd5 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/Makefile @@ -0,0 +1,25 @@ +BOARD ?= nrf52840dk + +include ../Makefile.sys_common + +USEMODULE += ztimer +USEMODULE += ztimer_usec + +USEMODULE += psa_crypto + +USEMODULE += psa_secure_element +USEMODULE += psa_secure_element_ateccx08a +USEMODULE += psa_secure_element_ateccx08a_hmac_sha256 + +ifneq (1, $(TEST_KCONFIG)) + CFLAGS += -DCONFIG_PSA_PROTECTED_KEY_COUNT=1 +endif + +CFLAGS += -DSECURE_ELEMENT +CFLAGS += -DCUSTOM_ATCA_PARAMS + +INCLUDES += -I$(APPDIR) # Application specific (not needed by PSA) + +SHOULD_RUN_KCONFIG := + +include $(RIOTBASE)/Makefile.include diff --git a/tests/sys/psa_crypto_se_mac/Makefile.ci b/tests/sys/psa_crypto_se_mac/Makefile.ci new file mode 100644 index 000000000000..6e784f7ec2ac --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/Makefile.ci @@ -0,0 +1,11 @@ +BOARD_INSUFFICIENT_MEMORY := \ + arduino-duemilanove \ + arduino-leonardo \ + arduino-nano \ + arduino-uno \ + atmega328p \ + atmega328p-xplained-mini \ + atmega8 \ + nucleo-l011k4 \ + samd10-xmini \ + # diff --git a/tests/sys/psa_crypto_se_mac/README.md b/tests/sys/psa_crypto_se_mac/README.md new file mode 100644 index 000000000000..27343237ee8d --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/README.md @@ -0,0 +1,5 @@ +# PSA Crypto Mac Test + +This is a configuration test for only the mac of the PSA crypto module using +secure element. +It is based off the [psa_crypto example](../../../examples/psa_crypto/README.md). diff --git a/tests/sys/psa_crypto_se_mac/app.config.test b/tests/sys/psa_crypto_se_mac/app.config.test new file mode 100644 index 000000000000..27a58c14462e --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/app.config.test @@ -0,0 +1,9 @@ +CONFIG_MODULE_PSA_CRYPTO=y + +CONFIG_MODULE_PSA_SECURE_ELEMENT=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y +CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y + +CONFIG_PSA_PROTECTED_KEY_COUNT=1 + +CONFIG_ZTIMER_USEC=y diff --git a/tests/sys/psa_crypto_se_mac/custom_atca_params.h b/tests/sys/psa_crypto_se_mac/custom_atca_params.h new file mode 120000 index 000000000000..07865241c624 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/custom_atca_params.h @@ -0,0 +1 @@ +../../../examples/psa_crypto/custom_atca_params.h \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c new file mode 120000 index 000000000000..710efbeabcde --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/example_hmac_sha256.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/example_hmac_sha256.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/main.c b/tests/sys/psa_crypto_se_mac/main.c new file mode 120000 index 000000000000..a9fd2e282575 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/main.c @@ -0,0 +1 @@ +../../../examples/psa_crypto/main.c \ No newline at end of file diff --git a/tests/sys/psa_crypto_se_mac/tests/01-run.py b/tests/sys/psa_crypto_se_mac/tests/01-run.py new file mode 100755 index 000000000000..25257b8ca834 --- /dev/null +++ b/tests/sys/psa_crypto_se_mac/tests/01-run.py @@ -0,0 +1,13 @@ +#!/usr/bin/env python3 + +import sys +from testrunner import run + + +def testfunc(child): + child.expect_exact('All Done') + print("[TEST PASSED]") + + +if __name__ == "__main__": + sys.exit(run(testfunc)) From 98e9016baaf6ff72944dd0af903ca314de25f5c7 Mon Sep 17 00:00:00 2001 From: MrKevinWeiss Date: Tue, 28 Nov 2023 18:27:45 +0100 Subject: [PATCH 2/2] tests/sys/psa_crypto_*: Update BOARD_INSUFFICIENT_MEMORY --- tests/sys/psa_crypto/Makefile.ci | 1 + tests/sys/psa_crypto_cipher/Makefile.ci | 1 + tests/sys/psa_crypto_ecdsa/Makefile.ci | 1 + tests/sys/psa_crypto_mac/Makefile.ci | 2 ++ tests/sys/psa_crypto_se/Makefile.ci | 2 ++ tests/sys/psa_crypto_se_cipher/Makefile.ci | 1 + tests/sys/psa_crypto_se_ecdsa/Makefile.ci | 1 + tests/sys/psa_crypto_se_mac/Makefile.ci | 1 + 8 files changed, 10 insertions(+) diff --git a/tests/sys/psa_crypto/Makefile.ci b/tests/sys/psa_crypto/Makefile.ci index 54417567ab01..645faf5d901a 100644 --- a/tests/sys/psa_crypto/Makefile.ci +++ b/tests/sys/psa_crypto/Makefile.ci @@ -7,4 +7,5 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega328p-xplained-mini \ atmega8 \ nucleo-l011k4 \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_cipher/Makefile.ci b/tests/sys/psa_crypto_cipher/Makefile.ci index 6e784f7ec2ac..04da97e287d4 100644 --- a/tests/sys/psa_crypto_cipher/Makefile.ci +++ b/tests/sys/psa_crypto_cipher/Makefile.ci @@ -8,4 +8,5 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_ecdsa/Makefile.ci b/tests/sys/psa_crypto_ecdsa/Makefile.ci index 6e784f7ec2ac..04da97e287d4 100644 --- a/tests/sys/psa_crypto_ecdsa/Makefile.ci +++ b/tests/sys/psa_crypto_ecdsa/Makefile.ci @@ -8,4 +8,5 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_mac/Makefile.ci b/tests/sys/psa_crypto_mac/Makefile.ci index 824b869d3ae5..4231c2eb61e5 100644 --- a/tests/sys/psa_crypto_mac/Makefile.ci +++ b/tests/sys/psa_crypto_mac/Makefile.ci @@ -6,4 +6,6 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega328p-xplained-mini \ atmega8 \ nucleo-l011k4 \ + samd10-xmini \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se/Makefile.ci b/tests/sys/psa_crypto_se/Makefile.ci index 54417567ab01..04da97e287d4 100644 --- a/tests/sys/psa_crypto_se/Makefile.ci +++ b/tests/sys/psa_crypto_se/Makefile.ci @@ -7,4 +7,6 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega328p-xplained-mini \ atmega8 \ nucleo-l011k4 \ + samd10-xmini \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se_cipher/Makefile.ci b/tests/sys/psa_crypto_se_cipher/Makefile.ci index 6e784f7ec2ac..04da97e287d4 100644 --- a/tests/sys/psa_crypto_se_cipher/Makefile.ci +++ b/tests/sys/psa_crypto_se_cipher/Makefile.ci @@ -8,4 +8,5 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se_ecdsa/Makefile.ci b/tests/sys/psa_crypto_se_ecdsa/Makefile.ci index 9d233d7cd52e..4231c2eb61e5 100644 --- a/tests/sys/psa_crypto_se_ecdsa/Makefile.ci +++ b/tests/sys/psa_crypto_se_ecdsa/Makefile.ci @@ -7,4 +7,5 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ + stm32f030f4-demo \ # diff --git a/tests/sys/psa_crypto_se_mac/Makefile.ci b/tests/sys/psa_crypto_se_mac/Makefile.ci index 6e784f7ec2ac..04da97e287d4 100644 --- a/tests/sys/psa_crypto_se_mac/Makefile.ci +++ b/tests/sys/psa_crypto_se_mac/Makefile.ci @@ -8,4 +8,5 @@ BOARD_INSUFFICIENT_MEMORY := \ atmega8 \ nucleo-l011k4 \ samd10-xmini \ + stm32f030f4-demo \ #