diff options
author | Julian Hall <julian.hall@arm.com> | 2021-07-07 16:45:53 +0100 |
---|---|---|
committer | Gyorgy Szing <Gyorgy.Szing@arm.com> | 2021-10-06 00:48:11 +0200 |
commit | d407138e5147eb82d4eb933c4f6b978b3a484254 (patch) | |
tree | 5b7cd4c59baaeb63f920b54d1163bb58ddf4ecca | |
parent | 74d2fe6ef75cca3a71efcc009152b61f39211daf (diff) | |
download | trusted-services-d407138e5147eb82d4eb933c4f6b978b3a484254.tar.gz |
Add stubs for unsupported PSA Crypto API client operations
The psa-api-test/crypto deployment (formally called ts-arch-test)
is modified to use PSA API client methods instead of MbedTLS
directly. This change is the first step to adding missing
operations that the PSA arch tests exercise.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I6179c389d3176e649290e373ddfa9d9f8974770c
35 files changed, 635 insertions, 66 deletions
diff --git a/components/app/arch-test-runner/component.cmake b/components/app/arch-test-runner/component.cmake deleted file mode 100644 index 3f9959368..000000000 --- a/components/app/arch-test-runner/component.cmake +++ /dev/null @@ -1,13 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- -if (NOT DEFINED TGT) - message(FATAL_ERROR "mandatory parameter TGT is not defined.") -endif() - -target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/arch_test_runner.c" - ) diff --git a/components/service/crypto/client/psa/component.cmake b/components/service/crypto/client/psa/component.cmake index 8d7fa99fd..ca158d51c 100644 --- a/components/service/crypto/client/psa/component.cmake +++ b/components/service/crypto/client/psa/component.cmake @@ -11,9 +11,12 @@ endif() target_sources(${TGT} PRIVATE "${CMAKE_CURRENT_LIST_DIR}/psa_crypto_client.c" "${CMAKE_CURRENT_LIST_DIR}/psa_crypto_client_key_attributes.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_get_key_attributes.c" "${CMAKE_CURRENT_LIST_DIR}/psa_asymmetric_decrypt.c" "${CMAKE_CURRENT_LIST_DIR}/psa_asymmetric_encrypt.c" "${CMAKE_CURRENT_LIST_DIR}/psa_destroy_key.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_copy_key.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_purge_key.c" "${CMAKE_CURRENT_LIST_DIR}/psa_export_key.c" "${CMAKE_CURRENT_LIST_DIR}/psa_export_public_key.c" "${CMAKE_CURRENT_LIST_DIR}/psa_generate_key.c" @@ -21,4 +24,10 @@ target_sources(${TGT} PRIVATE "${CMAKE_CURRENT_LIST_DIR}/psa_import_key.c" "${CMAKE_CURRENT_LIST_DIR}/psa_sign_hash.c" "${CMAKE_CURRENT_LIST_DIR}/psa_verify_hash.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_hash.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_mac.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_key_derivation.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_key_agreement.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_cipher.c" + "${CMAKE_CURRENT_LIST_DIR}/psa_aead.c" ) diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c new file mode 100644 index 000000000..3e05ca6e0 --- /dev/null +++ b/components/service/crypto/client/psa/psa_aead.c @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <stdlib.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> +#include <common/tlv/tlv.h> + +psa_status_t psa_aead_encrypt(psa_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *plaintext, + size_t plaintext_length, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_aead_decrypt(psa_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_asymmetric_decrypt.c b/components/service/crypto/client/psa/psa_asymmetric_decrypt.c index a99705143..abd8a7c4a 100644 --- a/components/service/crypto/client/psa/psa_asymmetric_decrypt.c +++ b/components/service/crypto/client/psa/psa_asymmetric_decrypt.c @@ -26,6 +26,9 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t id, psa_algorithm_t alg, *output_length = 0; /* For failure case */ + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + req_msg.id = id; req_msg.alg = alg; diff --git a/components/service/crypto/client/psa/psa_asymmetric_encrypt.c b/components/service/crypto/client/psa/psa_asymmetric_encrypt.c index 881ef7b20..22005fb5c 100644 --- a/components/service/crypto/client/psa/psa_asymmetric_encrypt.c +++ b/components/service/crypto/client/psa/psa_asymmetric_encrypt.c @@ -26,6 +26,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t id, psa_algorithm_t alg, *output_length = 0; /* For failure case */ + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + req_msg.id = id; req_msg.alg = alg; diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c new file mode 100644 index 000000000..955e7472f --- /dev/null +++ b/components/service/crypto/client/psa/psa_cipher.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <stdlib.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> +#include <common/tlv/tlv.h> + +psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, + psa_key_id_t key, + psa_algorithm_t alg) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, + psa_key_id_t key, + psa_algorithm_t alg) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_copy_key.c b/components/service/crypto/client/psa/psa_copy_key.c new file mode 100644 index 000000000..799dc9391 --- /dev/null +++ b/components/service/crypto/client/psa/psa_copy_key.c @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> + + +psa_status_t psa_copy_key(psa_key_id_t source_key, + const psa_key_attributes_t *attributes, + psa_key_id_t *target_key) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_crypto_client.c b/components/service/crypto/client/psa/psa_crypto_client.c index 41c53b373..834b5e636 100644 --- a/components/service/crypto/client/psa/psa_crypto_client.c +++ b/components/service/crypto/client/psa/psa_crypto_client.c @@ -8,20 +8,40 @@ #include "psa_crypto_client.h" /* The singleton psa_crypto_client state */ -struct psa_crypto_client psa_crypto_client_instance; +struct psa_crypto_client psa_crypto_client_instance = { + + .caller = NULL, + + /* To conform to PSA API, psa_crypto_init needs to be called. + * This state variable is used enforces this. + */ + .init_status = PSA_ERROR_BAD_STATE +}; + +psa_status_t psa_crypto_init(void) { + + /* Must be called after psa_crypto_client_init */ + if (psa_crypto_client_instance.caller) { + + psa_crypto_client_instance.init_status = PSA_SUCCESS; + } + + return psa_crypto_client_instance.init_status; +} psa_status_t psa_crypto_client_init(struct rpc_caller *caller) { - psa_crypto_client_instance.caller = caller; - return PSA_SUCCESS; + psa_crypto_client_instance.caller = caller; + return PSA_SUCCESS; } void psa_crypto_client_deinit(void) { - psa_crypto_client_instance.caller = NULL; + psa_crypto_client_instance.caller = NULL; + psa_crypto_client_instance.init_status = PSA_ERROR_BAD_STATE; } int psa_crypto_client_rpc_status(void) { - return psa_crypto_client_instance.rpc_status; + return psa_crypto_client_instance.rpc_status; } diff --git a/components/service/crypto/client/psa/psa_crypto_client.h b/components/service/crypto/client/psa/psa_crypto_client.h index e161e8b2c..688ab8590 100644 --- a/components/service/crypto/client/psa/psa_crypto_client.h +++ b/components/service/crypto/client/psa/psa_crypto_client.h @@ -25,6 +25,7 @@ struct psa_crypto_client { struct rpc_caller *caller; int rpc_status; + psa_status_t init_status; }; extern struct psa_crypto_client psa_crypto_client_instance; diff --git a/components/service/crypto/client/psa/psa_destroy_key.c b/components/service/crypto/client/psa/psa_destroy_key.c index 62fac406c..28bd5ab1a 100644 --- a/components/service/crypto/client/psa/psa_destroy_key.c +++ b/components/service/crypto/client/psa/psa_destroy_key.c @@ -18,6 +18,9 @@ psa_status_t psa_destroy_key(psa_key_id_t id) struct ts_crypto_destroy_key_in req_msg; size_t req_len = sizeof(struct ts_crypto_destroy_key_in); + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + req_msg.id = id; rpc_call_handle call_handle; diff --git a/components/service/crypto/client/psa/psa_export_key.c b/components/service/crypto/client/psa/psa_export_key.c index 3e71a0510..d5c2181df 100644 --- a/components/service/crypto/client/psa/psa_export_key.c +++ b/components/service/crypto/client/psa/psa_export_key.c @@ -27,6 +27,9 @@ psa_status_t psa_export_key(psa_key_id_t id, *data_length = 0; /* For failure case */ + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + rpc_call_handle call_handle; uint8_t *req_buf; diff --git a/components/service/crypto/client/psa/psa_export_public_key.c b/components/service/crypto/client/psa/psa_export_public_key.c index 150a75276..7528ff96d 100644 --- a/components/service/crypto/client/psa/psa_export_public_key.c +++ b/components/service/crypto/client/psa/psa_export_public_key.c @@ -25,6 +25,9 @@ psa_status_t psa_export_public_key(psa_key_id_t id, *data_length = 0; /* For failure case */ + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + rpc_call_handle call_handle; uint8_t *req_buf; diff --git a/components/service/crypto/client/psa/psa_generate_key.c b/components/service/crypto/client/psa/psa_generate_key.c index eb94b8a14..7a7bca03b 100644 --- a/components/service/crypto/client/psa/psa_generate_key.c +++ b/components/service/crypto/client/psa/psa_generate_key.c @@ -21,6 +21,9 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, psa_key_id struct ts_crypto_generate_key_in req_msg; size_t req_len = sizeof(struct ts_crypto_generate_key_in); + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + psa_crypto_client_translate_key_attributes(&req_msg.attributes, attributes); rpc_call_handle call_handle; diff --git a/components/service/crypto/client/psa/psa_generate_random.c b/components/service/crypto/client/psa/psa_generate_random.c index 25fdbe2f5..92915dbf9 100644 --- a/components/service/crypto/client/psa/psa_generate_random.c +++ b/components/service/crypto/client/psa/psa_generate_random.c @@ -18,6 +18,9 @@ psa_status_t psa_generate_random(uint8_t *output, size_t output_size) struct ts_crypto_generate_random_in req_msg; size_t req_len = sizeof(struct ts_crypto_generate_random_in); + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + req_msg.size = output_size; rpc_call_handle call_handle; diff --git a/components/service/crypto/client/psa/psa_get_key_attributes.c b/components/service/crypto/client/psa/psa_get_key_attributes.c new file mode 100644 index 000000000..fcf70244c --- /dev/null +++ b/components/service/crypto/client/psa/psa_get_key_attributes.c @@ -0,0 +1,18 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> + + +psa_status_t psa_get_key_attributes(psa_key_id_t key, + psa_key_attributes_t *attributes) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c new file mode 100644 index 000000000..12f345c8c --- /dev/null +++ b/components/service/crypto/client/psa/psa_hash.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <stdlib.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> +#include <protocols/service/crypto/packed-c/hash.h> +#include <common/tlv/tlv.h> + +psa_status_t psa_hash_setup(psa_hash_operation_t *operation, + psa_algorithm_t alg) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_update(psa_hash_operation_t *operation, + const uint8_t *input, + size_t input_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_finish(psa_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_abort(psa_hash_operation_t *operation) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_verify(psa_hash_operation_t *operation, + const uint8_t *hash, + size_t hash_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, + psa_hash_operation_t *target_operation) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_compare(psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *hash, + size_t hash_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_hash_compute(psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_import_key.c b/components/service/crypto/client/psa/psa_import_key.c index 34f1d014c..399b1bc47 100644 --- a/components/service/crypto/client/psa/psa_import_key.c +++ b/components/service/crypto/client/psa/psa_import_key.c @@ -24,6 +24,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, size_t req_fixed_len = sizeof(struct ts_crypto_import_key_in); size_t req_len = req_fixed_len + tlv_required_space(data_length); + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + psa_crypto_client_translate_key_attributes(&req_msg.attributes, attributes); struct tlv_record key_record; diff --git a/components/service/crypto/client/psa/psa_key_agreement.c b/components/service/crypto/client/psa/psa_key_agreement.c new file mode 100644 index 000000000..5ccafb497 --- /dev/null +++ b/components/service/crypto/client/psa/psa_key_agreement.c @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <stdlib.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> +#include <common/tlv/tlv.h> + +psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, + psa_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_key_derivation.c b/components/service/crypto/client/psa/psa_key_derivation.c new file mode 100644 index 000000000..8c3100607 --- /dev/null +++ b/components/service/crypto/client/psa/psa_key_derivation.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <stdlib.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> +#include <common/tlv/tlv.h> + +psa_status_t psa_key_derivation_setup( + psa_key_derivation_operation_t *operation, + psa_algorithm_t alg) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_get_capacity( + const psa_key_derivation_operation_t *operation, + size_t *capacity) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_set_capacity( + psa_key_derivation_operation_t *operation, + size_t capacity) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_input_bytes( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_input_key( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_id_t key) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_key_agreement( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_output_bytes( + psa_key_derivation_operation_t *operation, + uint8_t *output, + size_t output_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + psa_key_id_t *key) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_key_derivation_abort( + psa_key_derivation_operation_t *operation) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c new file mode 100644 index 000000000..65cb2346e --- /dev/null +++ b/components/service/crypto/client/psa/psa_mac.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <stdlib.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> +#include <common/tlv/tlv.h> + +psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, + psa_key_id_t key, + psa_algorithm_t alg) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, + psa_key_id_t key, + psa_algorithm_t alg) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_mac_update(psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length) +{ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_mac_abort(psa_mac_operation_t *operation) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_purge_key.c b/components/service/crypto/client/psa/psa_purge_key.c new file mode 100644 index 000000000..8fa3846d7 --- /dev/null +++ b/components/service/crypto/client/psa/psa_purge_key.c @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <string.h> +#include <psa/crypto.h> +#include "psa_crypto_client.h" +#include <protocols/rpc/common/packed-c/status.h> +#include <protocols/service/crypto/packed-c/opcodes.h> + + +psa_status_t psa_purge_key(psa_key_id_t key) +{ + return PSA_ERROR_NOT_SUPPORTED; +} diff --git a/components/service/crypto/client/psa/psa_sign_hash.c b/components/service/crypto/client/psa/psa_sign_hash.c index 2c9e0c5d1..810f5f2e7 100644 --- a/components/service/crypto/client/psa/psa_sign_hash.c +++ b/components/service/crypto/client/psa/psa_sign_hash.c @@ -24,6 +24,9 @@ psa_status_t psa_sign_hash(psa_key_id_t id, psa_algorithm_t alg, *signature_length = 0; /* For failure case */ + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + req_msg.id = id; req_msg.alg = alg; diff --git a/components/service/crypto/client/psa/psa_verify_hash.c b/components/service/crypto/client/psa/psa_verify_hash.c index 66a87fd4c..4f747375a 100644 --- a/components/service/crypto/client/psa/psa_verify_hash.c +++ b/components/service/crypto/client/psa/psa_verify_hash.c @@ -24,6 +24,9 @@ psa_status_t psa_verify_hash(psa_key_id_t id, psa_algorithm_t alg, size_t req_len = req_fixed_len + tlv_required_space(hash_length) + tlv_required_space(signature_length); + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) + return psa_crypto_client_instance.init_status; + req_msg.id = id; req_msg.alg = alg; diff --git a/components/service/crypto/include/component.cmake b/components/service/crypto/include/component.cmake index 041f7d549..c49869bd4 100644 --- a/components/service/crypto/include/component.cmake +++ b/components/service/crypto/include/component.cmake @@ -12,3 +12,6 @@ target_include_directories(${TGT} PRIVATE "${CMAKE_CURRENT_LIST_DIR}" ) + +# Advertise this component as the provider of the PSA Crypto header files +set(PSA_CRYPTO_API_INCLUDE "${CMAKE_CURRENT_LIST_DIR}" CACHE STRING "PSA Crypto API include path") diff --git a/components/service/crypto/test/service/psa_crypto_api/psa_crypto_api_tests.cpp b/components/service/crypto/test/service/psa_crypto_api/psa_crypto_api_tests.cpp index dae0b721f..507005faf 100644 --- a/components/service/crypto/test/service/psa_crypto_api/psa_crypto_api_tests.cpp +++ b/components/service/crypto/test/service/psa_crypto_api/psa_crypto_api_tests.cpp @@ -5,6 +5,7 @@ */ #include "psa_crypto_api_client.h" +#include <psa/crypto.h> #include <service/crypto/client/psa/psa_crypto_client.h> #include <service/crypto/test/service/crypto_service_scenarios.h> #include <protocols/rpc/common/packed-c/encoding.h> @@ -34,6 +35,8 @@ TEST_GROUP(PsaCryptoApiTests) CHECK_TRUE(m_rpc_session_handle); psa_crypto_client_init(caller); + psa_crypto_init(); + m_scenarios = new crypto_service_scenarios(new psa_crypto_api_client()); } diff --git a/components/app/arch-test-runner/arch_test_runner.c b/deployments/psa-api-test/arch_test_runner.c index be8021460..90ca30434 100644 --- a/components/app/arch-test-runner/arch_test_runner.c +++ b/deployments/psa-api-test/arch_test_runner.c @@ -5,8 +5,9 @@ */ #include <stdint.h> -#include <psa/crypto.h> +#include <stdio.h> #include <service_locator.h> +#include "service_under_test.h" int32_t val_entry(void); @@ -14,10 +15,20 @@ int main(int argc, char *argv[]) { int rval = -1; - psa_crypto_init(); service_locator_init(); - rval = val_entry(); + rval = locate_service_under_test(); + + if (!rval) { + + rval = val_entry(); + + relinquish_service_under_test(); + } + else { + + printf("Failed to locate service under test. Error code: %d\n", rval); + } return rval; } diff --git a/deployments/ts-arch-test/crypto/arm-linux/CMakeLists.txt b/deployments/psa-api-test/crypto/arm-linux/CMakeLists.txt index 8d586435f..ea1b46053 100644 --- a/deployments/ts-arch-test/crypto/arm-linux/CMakeLists.txt +++ b/deployments/psa-api-test/crypto/arm-linux/CMakeLists.txt @@ -8,17 +8,17 @@ cmake_minimum_required(VERSION 3.16) include(../../../deployment.cmake REQUIRED) #------------------------------------------------------------------------------- -# The CMakeLists.txt for building the ts-arch-test deployment for arm-linux +# The CMakeLists.txt for building the psa-api-test deployment for arm-linux # # Used for building and running psa arch tests on an Arm based Linux device #------------------------------------------------------------------------------- include(${TS_ROOT}/environments/arm-linux/env.cmake) project(trusted-services LANGUAGES CXX C) -add_executable(ts-arch-test) -target_include_directories(ts-arch-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") +add_executable(psa-api-test) +target_include_directories(psa-api-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") #------------------------------------------------------------------------------- # Extend with components that are common across all deployments of -# ts-arch-test/crypto +# psa-api-test/crypto #------------------------------------------------------------------------------- -include(../crypto-arch-test.cmake REQUIRED) +include(../crypto-api-test.cmake REQUIRED) diff --git a/deployments/ts-arch-test/crypto/crypto-arch-test.cmake b/deployments/psa-api-test/crypto/crypto-api-test.cmake index 93ade3b7a..5ad0930b0 100644 --- a/deployments/ts-arch-test/crypto/crypto-arch-test.cmake +++ b/deployments/psa-api-test/crypto/crypto-api-test.cmake @@ -15,21 +15,23 @@ set(TS_ARCH_TEST_SUITE CRYPTO CACHE STRING "Arch test suite") # Crypto specific components # #------------------------------------------------------------------------------- +add_components( + TARGET "psa-api-test" + BASE_DIR ${TS_ROOT} + COMPONENTS + "components/service/crypto/include" + "components/service/crypto/client/psa" +) -# Configuration for mbedcrypto -set(MBEDTLS_USER_CONFIG_FILE - "${TS_ROOT}/components/service/crypto/client/cpp/config_mbedtls_user.h" - CACHE STRING "Configuration file for mbedcrypto") - -# Mbed TLS provides libmbedcrypto -include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake) -target_link_libraries(ts-arch-test PRIVATE mbedcrypto) +target_sources(psa-api-test PRIVATE + ${TS_ROOT}/deployments/psa-api-test/crypto/crypto_locator.c +) # Export psa crypto API list(APPEND PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS ${PSA_CRYPTO_API_INCLUDE}) #------------------------------------------------------------------------------- # Extend with components that are common across all deployments of -# ts-arch-test +# psa-api-test #------------------------------------------------------------------------------- -include(../../ts-arch-test.cmake REQUIRED) +include(../../psa-api-test.cmake REQUIRED) diff --git a/deployments/psa-api-test/crypto/crypto_locator.c b/deployments/psa-api-test/crypto/crypto_locator.c new file mode 100644 index 000000000..8571b23e6 --- /dev/null +++ b/deployments/psa-api-test/crypto/crypto_locator.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <stddef.h> +#include <service_locator.h> +#include <service/crypto/client/psa/psa_crypto_client.h> +#include <protocols/rpc/common/packed-c/encoding.h> +#include "../service_under_test.h" + +/* RPC context */ +static rpc_session_handle session_handle = NULL; +static struct service_context *crypto_service_context = NULL; + + +int locate_service_under_test(void) +{ + int status = -1; + + if (!session_handle && !crypto_service_context) { + + struct rpc_caller *caller; + + crypto_service_context = + service_locator_query("sn:trustedfirmware.org:crypto:0", &status); + + if (crypto_service_context) { + + session_handle = + service_context_open(crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller); + + if (session_handle) { + + psa_crypto_client_init(caller); + status = 0; + } + else { + + status = -1; + relinquish_service_under_test(); + } + } + } + + return status; +} + +void relinquish_service_under_test(void) +{ + psa_crypto_client_deinit(); + + if (crypto_service_context && session_handle) { + + service_context_close(crypto_service_context, session_handle); + session_handle = NULL; + } + + if (crypto_service_context) { + + service_context_relinquish(crypto_service_context); + crypto_service_context = NULL; + } +} diff --git a/deployments/ts-arch-test/initial_attestation/linux-pc/CMakeLists.txt b/deployments/psa-api-test/crypto/linux-pc/CMakeLists.txt index 7b0922d13..1737976e0 100644 --- a/deployments/ts-arch-test/initial_attestation/linux-pc/CMakeLists.txt +++ b/deployments/psa-api-test/crypto/linux-pc/CMakeLists.txt @@ -7,19 +7,26 @@ cmake_minimum_required(VERSION 3.16) include(../../../deployment.cmake REQUIRED) +# Prevents symbols in the psa-api-test executable overriding symbols with +# with same name in libts during dyanmic linking performed by the program +# loader. This avoid psa crypto api symbols provided by the mbedcrypto +# library from being overridden by the same symbols in the psa-api-test +# executable. +set(CMAKE_C_VISIBILITY_PRESET hidden) + #------------------------------------------------------------------------------- -# The CMakeLists.txt for building the ts-arch-test deployment for linux-pc +# The CMakeLists.txt for building the psa-api-test deployment for linux-pc # # Used for building and running psa arch tests in a native PC enviroment. -# Tests can be run by running the built executable called "ts-arch-test" +# Tests can be run by running the built executable called "psa-api-test" #------------------------------------------------------------------------------- include(${TS_ROOT}/environments/linux-pc/env.cmake) project(trusted-services LANGUAGES CXX C) -add_executable(ts-arch-test) -target_include_directories(ts-arch-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") +add_executable(psa-api-test) +target_include_directories(psa-api-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") #------------------------------------------------------------------------------- # Extend with components that are common across all deployments of -# ts-arch-test/initial_attestation +# psa-api-test/crypto #------------------------------------------------------------------------------- -include(../iat-arch-test.cmake REQUIRED) +include(../crypto-api-test.cmake REQUIRED) diff --git a/deployments/ts-arch-test/initial_attestation/iat-arch-test.cmake b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake index c672b4cde..322829a24 100644 --- a/deployments/ts-arch-test/initial_attestation/iat-arch-test.cmake +++ b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake @@ -16,7 +16,7 @@ set(TS_ARCH_TEST_SUITE INITIAL_ATTESTATION CACHE STRING "Arch test suite") # #------------------------------------------------------------------------------- add_components( - TARGET "ts-arch-test" + TARGET "psa-api-test" BASE_DIR ${TS_ROOT} COMPONENTS "components/service/attestation/include" @@ -29,13 +29,13 @@ set(MBEDTLS_USER_CONFIG_FILE # Mbed TLS provides libmbedcrypto include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake) -target_link_libraries(ts-arch-test PRIVATE mbedcrypto) +target_link_libraries(psa-api-test PRIVATE mbedcrypto) # Export psa crypto API list(APPEND PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS ${PSA_CRYPTO_API_INCLUDE}) #------------------------------------------------------------------------------- # Extend with components that are common across all deployments of -# ts-arch-test +# psa-api-test #------------------------------------------------------------------------------- -include(../../ts-arch-test.cmake REQUIRED) +include(../../psa-api-test.cmake REQUIRED) diff --git a/deployments/ts-arch-test/crypto/linux-pc/CMakeLists.txt b/deployments/psa-api-test/initial_attestation/linux-pc/CMakeLists.txt index f5b286edb..a710924f8 100644 --- a/deployments/ts-arch-test/crypto/linux-pc/CMakeLists.txt +++ b/deployments/psa-api-test/initial_attestation/linux-pc/CMakeLists.txt @@ -8,18 +8,18 @@ cmake_minimum_required(VERSION 3.16) include(../../../deployment.cmake REQUIRED) #------------------------------------------------------------------------------- -# The CMakeLists.txt for building the ts-arch-test deployment for linux-pc +# The CMakeLists.txt for building the psa-api-test deployment for linux-pc # # Used for building and running psa arch tests in a native PC enviroment. -# Tests can be run by running the built executable called "ts-arch-test" +# Tests can be run by running the built executable called "psa-api-test" #------------------------------------------------------------------------------- include(${TS_ROOT}/environments/linux-pc/env.cmake) project(trusted-services LANGUAGES CXX C) -add_executable(ts-arch-test) -target_include_directories(ts-arch-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") +add_executable(psa-api-test) +target_include_directories(psa-api-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") #------------------------------------------------------------------------------- # Extend with components that are common across all deployments of -# ts-arch-test/crypto +# psa-api-test/initial_attestation #------------------------------------------------------------------------------- -include(../crypto-arch-test.cmake REQUIRED) +include(../iat-api-test.cmake REQUIRED) diff --git a/deployments/ts-arch-test/ts-arch-test.cmake b/deployments/psa-api-test/psa-api-test.cmake index 9c2e778db..357abd131 100644 --- a/deployments/ts-arch-test/ts-arch-test.cmake +++ b/deployments/psa-api-test/psa-api-test.cmake @@ -6,8 +6,8 @@ #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- -# The base build file shared between deployments of 'ts-arch-test' for -# different environments. Used for running PSA arch tests. +# The base build file shared between deployments of 'psa-api-test' for +# different environments. Used for running PSA API tests. #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- @@ -16,25 +16,29 @@ # deployed. #------------------------------------------------------------------------------- include(${TS_ROOT}/deployments/libts/libts-import.cmake) -target_link_libraries(ts-arch-test PRIVATE libts) +target_link_libraries(psa-api-test PRIVATE libts) #------------------------------------------------------------------------------- # Components that are common accross all deployments # #------------------------------------------------------------------------------- add_components( - TARGET "ts-arch-test" + TARGET "psa-api-test" BASE_DIR ${TS_ROOT} COMPONENTS - "components/app/arch-test-runner" + "components/common/tlv" "components/service/common/include" ) +target_sources(psa-api-test PRIVATE + ${TS_ROOT}/deployments/psa-api-test/arch_test_runner.c +) + #------------------------------------------------------------------------------- # Export project header paths for arch tests # #------------------------------------------------------------------------------- -get_target_property(_include_paths ts-arch-test INCLUDE_DIRECTORIES) +get_target_property(_include_paths psa-api-test INCLUDE_DIRECTORIES) list(APPEND PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS ${_include_paths}) #------------------------------------------------------------------------------- @@ -44,7 +48,7 @@ list(APPEND PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS ${_include_paths}) # psa-arch-tests include(${TS_ROOT}/external/psa_arch_tests/psa_arch_tests.cmake) -target_link_libraries(ts-arch-test PRIVATE val_nspe test_combine pal_nspe) +target_link_libraries(psa-api-test PRIVATE val_nspe test_combine pal_nspe) #------------------------------------------------------------------------------- # Define install content. @@ -53,4 +57,4 @@ target_link_libraries(ts-arch-test PRIVATE val_nspe test_combine pal_nspe) if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "location to install build output to." FORCE) endif() -install(TARGETS ts-arch-test RUNTIME DESTINATION ${TS_ENV}/bin) +install(TARGETS psa-api-test RUNTIME DESTINATION ${TS_ENV}/bin) diff --git a/deployments/psa-api-test/service_under_test.h b/deployments/psa-api-test/service_under_test.h new file mode 100644 index 000000000..85dc81f13 --- /dev/null +++ b/deployments/psa-api-test/service_under_test.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef SERVICE_UNDER_TEST_H +#define SERVICE_UNDER_TEST_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Locate and open an RPC session for the service under test. Concrete + * implementations of this function will locate a specific service and + * associate an RPC Caller with the singleton PSA API client used by + * the API tests. + */ +int locate_service_under_test(void); + +/** + * Reliquish the RPC session when the test run is complete. + */ +void relinquish_service_under_test(void); + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* SERVICE_UNDER_TEST_H */ diff --git a/tools/b-test/test_data.yaml b/tools/b-test/test_data.yaml index adfd233cd..1abfeb77a 100644 --- a/tools/b-test/test_data.yaml +++ b/tools/b-test/test_data.yaml @@ -37,18 +37,18 @@ data: - "-GUnix Makefiles" - "-DSP_DEV_KIT_DIR=$SP_DEV_KIT_DIR" - "-DCMAKE_VERBOSE_MAKEFILE=y" - - name: "ts-arch-test-crypto-pc-linux" - src: "$TS_ROOT/deployments/ts-arch-test/crypto/linux-pc" + - name: "psa-api-test-crypto-pc-linux" + src: "$TS_ROOT/deployments/psa-api-test/crypto/linux-pc" os_id : "GNU/Linux" params: - "-GUnix Makefiles" - - name: "ts-arch-test-crypto-arm-linux" - src: "$TS_ROOT/deployments/ts-arch-test/crypto/arm-linux" + - name: "psa-api-test-crypto-arm-linux" + src: "$TS_ROOT/deployments/psa-api-test/crypto/arm-linux" os_id : "GNU/Linux" params: - "-GUnix Makefiles" - - name: "ts-arch-test-initial_attestation-pc-linux" - src: "$TS_ROOT/deployments/ts-arch-test/initial_attestation/linux-pc" + - name: "psa-api-test-initial_attestation-pc-linux" + src: "$TS_ROOT/deployments/psa-api-test/initial_attestation/linux-pc" os_id : "GNU/Linux" params: - "-GUnix Makefiles" |