psa arch test v1.3 release candidate 1
diff --git a/api-tests/CMakeLists.txt b/api-tests/CMakeLists.txt
index 31b7ef7..bc62946 100644
--- a/api-tests/CMakeLists.txt
+++ b/api-tests/CMakeLists.txt
@@ -136,6 +136,9 @@
list(APPEND PLATFORM_PSA_ISOLATION_LEVEL_OPTIONS 1 2 3)
endif()
+#list of INCLUDE_PANIC_TESTS options
+list(APPEND PSA_INCLUDE_PANIC_TESTS_OPTIONS 0 1)
+
# list of available spec version
if("${SUITE}" STREQUAL "STORAGE" OR ${SUITE} STREQUAL "INTERNAL_TRUSTED_STORAGE" OR ${SUITE} STREQUAL "PROTECTED_STORAGE")
list(APPEND PSA_SPEC_VERSION
@@ -160,7 +163,6 @@
1.0
1.1
)
-
endif()
#list of values available for connection based
@@ -168,6 +170,12 @@
list(APPEND PSA_STATELESS_ROT 0 1)
endif()
+#list of TESTS_COVERAGE available options
+list(APPEND PSA_TESTS_COVERAGE_OPTIONS
+ "ALL"
+ "PASS"
+)
+
message(STATUS "[PSA] : ----------Process input arguments- start-------------")
# Check for TARGET command line argument
@@ -386,6 +394,9 @@
set(INCLUDE_PANIC_TESTS 0 CACHE INTERNAL "Default INCLUDE_PANIC_TESTS value" FORCE)
message(STATUS "[PSA] : Defaulting INCLUDE_PANIC_TESTS to ${INCLUDE_PANIC_TESTS}")
else()
+ if(NOT ${INCLUDE_PANIC_TESTS} IN_LIST PSA_INCLUDE_PANIC_TESTS_OPTIONS)
+ message(FATAL_ERROR "[PSA] : Error: Unsupported value for -DINCLUDE_PANIC_TESTS=${INCLUDE_PANIC_TESTS}, supported values are : ${PSA_INCLUDE_PANIC_TESTS_OPTIONS}")
+ endif()
if(INCLUDE_PANIC_TESTS EQUAL 1)
message(STATUS "[PSA] : "
"INCLUDE_PANIC_TESTS set to 1, therefore including PSA APIs panic tests into the regression,\n"
@@ -486,6 +497,25 @@
endif()
endif()
+if(NOT DEFINED TESTS_COVERAGE)
+ #By default all tests are included
+ set(TESTS_COVERAGE "ALL" CACHE INTERNAL "Default TESTS_COVERAGE value" FORCE)
+ message(STATUS "[PSA] : Defaulting TESTS_COVERAGE to ${TESTS_COVERAGE}")
+else()
+ if(NOT ${TESTS_COVERAGE} IN_LIST PSA_TESTS_COVERAGE_OPTIONS)
+ message(FATAL_ERROR "[PSA] : Error: Unsupported value for -DTESTS_COVERAGE=${TESTS_COVERAGE}, supported values are : ${PSA_TESTS_COVERAGE_OPTIONS}")
+ endif()
+ if(TESTS_COVERAGE STREQUAL ALL)
+ message(STATUS "[PSA] : "
+ "TESTS_COVERAGE set to ALL, therefore all tests are included.")
+ endif()
+ if(TESTS_COVERAGE STREQUAL PASS)
+ message(STATUS "[PSA] : "
+ "TESTS_COVERAGE set to PASS, therefore known failure tests are not included.")
+ add_definitions(-DTESTS_COVERAGE)
+ endif()
+endif()
+
message(STATUS "[PSA] : ----------Process input arguments- complete-------------")
@@ -526,6 +556,7 @@
${SUITE_LOWER}
${TESTSUITE_DB}
${INCLUDE_PANIC_TESTS}
+ ${TESTS_COVERAGE}
${PSA_TESTLIST_FILE}
${PSA_TEST_ENTRY_LIST_INC}
${PSA_TEST_ENTRY_FUN_DECLARE_INC}
diff --git a/api-tests/dev_apis/README.md b/api-tests/dev_apis/README.md
index 36af1cb..24a5820 100644
--- a/api-tests/dev_apis/README.md
+++ b/api-tests/dev_apis/README.md
@@ -14,7 +14,7 @@
For more information on the architecture test suite framework and methodology to run the tests, refer to the [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf) document.
## This release
- - Code Quality : REL v1.2
+ - Code Quality : REL v1.3
- This release contains following PSA Functional APIs tests: <br />
| Test Category | Specification Version |
@@ -30,7 +30,8 @@
| Release version | Release tag | PSA Crypto API | PSA Storage API | PSA Attestation API |
|-----------------|---------------|----------------|-----------------|---------------------|
-| REL v1.2 | [v21.07_API1.2_ADAC_ALPHA](https://github.com/ARM-software/psa-arch-tests/tree//api-tests/dev_apis) | 1.0.0 | 1.0.0 | 1.0.2 |
+| REL v1.3 | [v21.10_API1.3_ADAC_ALPHA-1](https://github.com/ARM-software/psa-arch-tests/tree/v21.10_API1.3_ADAC_ALPHA-1/api-tests/dev_apis) | 1.0.0 | 1.0.0 | 1.0.2 |
+| REL v1.2 | [v21.07_API1.2_ADAC_ALPHA](https://github.com/ARM-software/psa-arch-tests/tree/v21.07_API1.2_ADAC_ALPHA/api-tests/dev_apis) | 1.0.0 | 1.0.0 | 1.0.2 |
| REL v1.1 | [v20.11_API1.1](https://github.com/ARM-software/psa-arch-tests/tree/v20.11_API1.1/api-tests/dev_apis) | 1.0-Beta3 | 1.0.0 | 1.0.0 |
| REL v1.0 | [v20.03_API1.0](https://github.com/ARM-software/psa-arch-tests/tree/v20.03_API1.0/api-tests/dev_apis) | 1.0-Beta3 | 1.0.0 | 1.0.0 |
| v0.9 | [v19.06_API0.9](https://github.com/ARM-software/psa-arch-tests/tree/v19.06_API0.9/api-tests/dev_apis) | 1.0-Beta2 | 1.0-Beta2 | 1.0-Beta0 |
@@ -81,6 +82,7 @@
```
-DPSA_INCLUDE_PATHS=`readlink -f <relative_include_path>`
```
+- -DTESTS_COVERAGE=<tests_coverage_value> is used to skip known failure tests by selecting value PASS. Supported values are ALL and PASS. ALL value will include all the tests and PASS value will skip the known failure tests and will include pass tests. Default is ALL.
To compile Crypto tests for **tgt_dev_apis_tfm_an521** platform, execute the following commands:
```
diff --git a/api-tests/dev_apis/crypto/common/test_crypto_common.c b/api-tests/dev_apis/crypto/common/test_crypto_common.c
index a97b7df..a102b21 100644
--- a/api-tests/dev_apis/crypto/common/test_crypto_common.c
+++ b/api-tests/dev_apis/crypto/common/test_crypto_common.c
@@ -451,6 +451,12 @@
0xC2, 0xE2, 0x19, 0xF8, 0xAD, 0xF8, 0x6F, 0x7D, 0xC6, 0x4C, 0xA8, 0x03, 0xBC, 0x18, 0x5B, 0x4E,
0x60, 0xD0, 0xB9, 0xFC, 0x23, 0xB0, 0x20, 0x7A, 0x84, 0x83, 0x38, 0xB8, 0xA1, 0x15, 0x81, 0xA1};
+const uint8_t signature_6[] = {0xC6, 0x54, 0x59, 0xB1, 0xC9, 0x50, 0x8F, 0xE6, 0xBD, 0x97, 0x3F,
+0x43, 0xAA, 0xBF, 0x58, 0x12, 0xAF, 0xF6, 0xA8, 0xDB, 0x40, 0x2F, 0x77, 0x3D, 0x74, 0x0E, 0xF1,
+0x41, 0x8D, 0xDC, 0x54, 0xA8, 0xD6, 0xFE, 0x52, 0x4C, 0xD3, 0x78, 0xEB, 0xE2, 0xC2, 0xAF, 0x80,
+0xF6, 0xAF, 0xFC, 0x0F, 0xB0, 0x4B, 0xEA, 0x36, 0x0C, 0x92, 0xE5, 0x64, 0x4A, 0x60, 0x41, 0xB2,
+0xF4, 0x53, 0x49, 0xD4, 0x22};
+
const uint8_t hmac_sha224[] = {
0x2D, 0x39, 0x37, 0x90, 0xE1, 0xDA, 0x9A, 0x86, 0xEC, 0x0D, 0x1B, 0x17, 0x59, 0xC1, 0x23, 0xF9,
0xBA, 0xA4, 0x38, 0xF9, 0x11, 0xA7, 0x3F, 0xEA, 0x1E, 0x9E, 0xA1, 0x7D};
@@ -469,8 +475,8 @@
0x91, 0xD1, 0x35, 0x52, 0x7F, 0xF2, 0xC3, 0x67, 0x43, 0x99, 0xDC, 0x20, 0x2A, 0xC4, 0x77, 0xB4,
0x4C, 0x51, 0xD0, 0xFE, 0x1D, 0xB6, 0xC8, 0x28, 0x34, 0x02, 0x6A, 0x6D, 0x8D, 0xD3, 0x20, 0xDB};
-const uint8_t cmac_aes_128[] = {
-};
+const uint8_t cmac_aes_128[] = {0x7F, 0x97, 0x9B, 0xA0, 0xFF, 0xF1, 0x35, 0x98, 0x61, 0x38, 0xF2,
+ 0xAB, 0x05, 0x4B, 0x28, 0x4B};
/* test inputs */
const uint8_t hash_input = 0xbd;
diff --git a/api-tests/dev_apis/crypto/common/test_crypto_common.h b/api-tests/dev_apis/crypto/common/test_crypto_common.h
index e4ae071..dd99d9a 100644
--- a/api-tests/dev_apis/crypto/common/test_crypto_common.h
+++ b/api-tests/dev_apis/crypto/common/test_crypto_common.h
@@ -38,9 +38,11 @@
#define INPUT_SEED_LEN 4
#define INPUT_LABEL_LEN 5
+#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t)-129)
+
/* min and max finding macro */
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#define MAX(a,b) (((a)>(b))?(a):(b))
+#define MIN(a, b) (((a) < (b))?(a):(b))
+#define MAX(a, b) (((a) > (b))?(a):(b))
extern const uint8_t key_data[];
@@ -108,6 +110,7 @@
extern const uint8_t signature_4[];
extern const uint8_t signature_4_invalid[];
extern const uint8_t signature_5[];
+extern const uint8_t signature_6[];
extern const uint8_t hmac_sha224[];
extern const uint8_t hmac_sha224_invalid[];
diff --git a/api-tests/dev_apis/crypto/suite.cmake b/api-tests/dev_apis/crypto/suite.cmake
index f7b13de..48e59ba 100644
--- a/api-tests/dev_apis/crypto/suite.cmake
+++ b/api-tests/dev_apis/crypto/suite.cmake
@@ -1,5 +1,5 @@
#/** @file
-# * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+# * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
# * SPDX-License-Identifier : Apache-2.0
# *
# * Licensed under the Apache License, Version 2.0 (the "License");
@@ -33,7 +33,7 @@
add_definitions(${CC_OPTIONS})
add_definitions(${AS_OPTIONS})
-add_definitions(-DHOST_GCC_MISSING_CRYPTO_1_0=1)
+add_definitions(-DMISSING_CRYPTO_1_0=0)
# append common crypto file to list of source collected
list(APPEND SUITE_CC_SOURCE ${PSA_SUITE_DIR}/common/test_crypto_common.c)
diff --git a/api-tests/dev_apis/crypto/test_c003/test_data.h b/api-tests/dev_apis/crypto/test_c003/test_data.h
index d6314c8..9fb7f4c 100644
--- a/api-tests/dev_apis/crypto/test_c003/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c003/test_data.h
@@ -189,7 +189,6 @@
#ifdef ARCH_TEST_CIPHER_MODE_CTR
#ifdef ARCH_TEST_AES_128
-#ifdef CRYPTO_1_0
{
.test_desc = "Test psa_export_key with key policy verify\n",
.type = PSA_KEY_TYPE_AES,
@@ -202,7 +201,6 @@
.expected_data_length = AES_16B_KEY_SIZE,
.expected_status = PSA_ERROR_NOT_PERMITTED
},
-#endif
{
.test_desc = "Test psa_export_key with less buffer size\n",
diff --git a/api-tests/dev_apis/crypto/test_c016/test_data.h b/api-tests/dev_apis/crypto/test_c016/test_data.h
index 23f1e2b..e6c24e0 100644
--- a/api-tests/dev_apis/crypto/test_c016/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c016/test_data.h
@@ -105,6 +105,7 @@
#ifdef ARCH_TEST_RSA
#ifdef ARCH_TEST_RSA_2048
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifndef ARCH_TEST_SKIP_RSA_2048_GEN_KEY
{
.test_desc = "Test psa_generate_key with RSA 2048 Keypair\n",
.type = PSA_KEY_TYPE_RSA_KEY_PAIR,
@@ -112,7 +113,7 @@
| PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE,
.alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
.bits = 2048,
- .expected_range = {1, BITS_TO_BYTES(MIN(PSA_EXPORT_KEY_OUTPUT_SIZE(\
+ .expected_range = {1, (MIN(PSA_EXPORT_KEY_OUTPUT_SIZE(\
PSA_KEY_TYPE_RSA_KEY_PAIR, 2048), \
PSA_EXPORT_KEY_PAIR_MAX_SIZE))},
@@ -121,6 +122,7 @@
#endif
#endif
#endif
+#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
diff --git a/api-tests/dev_apis/crypto/test_c021/test_c021.c b/api-tests/dev_apis/crypto/test_c021/test_c021.c
index 540f9fd..63760fd 100644
--- a/api-tests/dev_apis/crypto/test_c021/test_c021.c
+++ b/api-tests/dev_apis/crypto/test_c021/test_c021.c
@@ -59,9 +59,6 @@
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- //memset(&operation,0,sizeof(psa_key_derivation_operation_t));
- //attributes = PSA_KEY_ATTRIBUTES_INIT;
- //derv_attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
@@ -73,7 +70,6 @@
val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key if the derivation input is key */
- if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
{
/* Import the key data into the key slot */
status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
@@ -99,60 +95,91 @@
check1[i].step, key);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input_info,
- INPUT_INFO_LEN);
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ input_info,
+ INPUT_INFO_LEN);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
}
else
{
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
- check1[i].step, check1[i].data, check1[i].data_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ if (check1[i].step != PSA_KEY_DERIVATION_INPUT_SALT)
+ {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[0].step, key);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ check1[i].step,
+ check1[i].data,
+ check1[i].data_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ if (check1[i].step != PSA_KEY_DERIVATION_INPUT_INFO)
+ {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES,
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ input_info,
+ INPUT_INFO_LEN);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ }
+ } else {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ check1[i].step, check1[i].data,
+ check1[i].data_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[0].step, key);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ input_info,
+ INPUT_INFO_LEN);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ }
}
/* Setup the attributes for the key */
- val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &derv_attributes, check1[i].derive_key_type);
- val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &derv_attributes, check1[i].derive_key_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &derv_attributes,
+ check1[i].derive_key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &derv_attributes,
+ check1[i].derive_key_bits);
val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &derv_attributes,
- check1[i].derive_key_alg);
+ check1[i].derive_key_alg);
val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &derv_attributes,
- check1[i].derive_usage);
+ check1[i].derive_usage);
/* Derive a key from an ongoing key derivation operation */
status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY, &derv_attributes,
- &operation, &keys[SLOT_1]);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+ &operation, &keys[SLOT_1]);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(14));
- if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
{
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
-
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
}
if (check1[i].expected_status != PSA_SUCCESS)
{
status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
continue;
}
/* Read some key from a key derivation operation with no data in the operation */
status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY, &derv_attributes,
- &operation, &keys[SLOT_2]);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(12));
+ &operation, &keys[SLOT_2]);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(17));
/* Abort the derivation operation */
status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(18));
/* Expect bad state when derivation is called on an aborted operation */
status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY, &derv_attributes,
- &operation, &keys[SLOT_2]);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(14));
- }
+ &operation, &keys[SLOT_2]);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(19));
+ }
return VAL_STATUS_SUCCESS;
}
diff --git a/api-tests/dev_apis/crypto/test_c021/test_data.h b/api-tests/dev_apis/crypto/test_c021/test_data.h
index 5deaa1c..98e9d4c 100644
--- a/api-tests/dev_apis/crypto/test_c021/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c021/test_data.h
@@ -69,7 +69,7 @@
PSA_ALG_CTR,
PSA_SUCCESS
},
-
+#ifdef IS_DES_SUPPORTED
{"Test psa_key_derivation_output_key - DES key export\n", PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
@@ -80,7 +80,7 @@
PSA_ALG_CTR,
PSA_SUCCESS
},
-
+#endif
{"Test psa_key_derivation_output_key - Greater Capacity than available\n", PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
@@ -91,7 +91,6 @@
PSA_ALG_CTR,
PSA_ERROR_INSUFFICIENT_DATA
},
-
{"Test psa_key_derivation_output_key - ECC Public key\n", PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
@@ -100,7 +99,7 @@
PSA_KEY_DERIVATION_INPUT_SECRET, 256, {0}, 0,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1), 256, PSA_KEY_USAGE_EXPORT,
PSA_ALG_ECDSA_ANY,
- PSA_ERROR_NOT_SUPPORTED
+ PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_key_derivation_output_key - ECC keypair\n", PSA_KEY_TYPE_DERIVE,
@@ -111,7 +110,7 @@
PSA_KEY_DERIVATION_INPUT_SECRET, 224, {0}, 0,
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 224, PSA_KEY_USAGE_EXPORT,
PSA_ALG_ECDSA_ANY,
- PSA_SUCCESS
+ PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_key_derivation_output_key - RSA Public Key", PSA_KEY_TYPE_DERIVE,
@@ -122,7 +121,7 @@
PSA_KEY_DERIVATION_INPUT_SECRET, 256, {0}, 0,
PSA_KEY_TYPE_RSA_PUBLIC_KEY, 2048, PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_ERROR_NOT_SUPPORTED,
+ PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_key_derivation_output_key - RSA keypair\n", PSA_KEY_TYPE_DERIVE,
@@ -133,7 +132,7 @@
PSA_KEY_DERIVATION_INPUT_SECRET, 256, {0}, 0,
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 2046, PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_SUCCESS
+ PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_key_derivation_output_key - Invalid key size\n", PSA_KEY_TYPE_DERIVE,
@@ -144,6 +143,6 @@
PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0,
PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_18B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
PSA_ALG_CTR,
- PSA_ERROR_NOT_SUPPORTED
+ PSA_ERROR_INVALID_ARGUMENT
},
};
diff --git a/api-tests/dev_apis/crypto/test_c026/test_data.h b/api-tests/dev_apis/crypto/test_c026/test_data.h
index 50221af..d9c4bfe 100644
--- a/api-tests/dev_apis/crypto/test_c026/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c026/test_data.h
@@ -28,7 +28,6 @@
} test_data;
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_HMAC
#ifdef ARCH_TEST_SHA256
{
@@ -66,7 +65,7 @@
.data_length = 64,
.usage_flags = PSA_KEY_USAGE_SIGN_MESSAGE,
.alg = PSA_ALG_CMAC,
- .expected_status = PSA_ERROR_NOT_SUPPORTED
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
},
#endif
#endif
@@ -144,6 +143,5 @@
},
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c027/test_data.h b/api-tests/dev_apis/crypto/test_c027/test_data.h
index 6025948..838f28f 100644
--- a/api-tests/dev_apis/crypto/test_c027/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c027/test_data.h
@@ -31,7 +31,6 @@
} test_data;
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_HMAC
#ifdef ARCH_TEST_SHA256
{
@@ -95,5 +94,4 @@
},
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c028/test_data.h b/api-tests/dev_apis/crypto/test_c028/test_data.h
index c13a006..6387390 100644
--- a/api-tests/dev_apis/crypto/test_c028/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c028/test_data.h
@@ -34,8 +34,9 @@
psa_status_t expected_status;
} test_data;
+const unsigned char cmac_key[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c};
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_HMAC
#ifdef ARCH_TEST_SHA224
{
@@ -168,5 +169,4 @@
},
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c029/test_data.h b/api-tests/dev_apis/crypto/test_c029/test_data.h
index 10358eb..ca4bcd6 100644
--- a/api-tests/dev_apis/crypto/test_c029/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c029/test_data.h
@@ -28,7 +28,6 @@
} test_data;
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_HMAC
#ifdef ARCH_TEST_SHA256
{
@@ -66,7 +65,7 @@
.alg = PSA_ALG_CMAC,
.data = key_data,
.data_length = AES_16B_KEY_SIZE,
- .expected_status = PSA_ERROR_NOT_SUPPORTED
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
},
#endif
#endif
@@ -76,7 +75,7 @@
{
.test_desc = "Test psa_mac_verify_setup - Invalid usage flag\n",
.type = PSA_KEY_TYPE_HMAC,
- .usage_flags = PSA_KEY_USAGE_VERIFY_MESSAGE,
+ .usage_flags = PSA_KEY_USAGE_DERIVE,
.alg = PSA_ALG_HMAC(PSA_ALG_SHA_256),
.data = key_data,
.data_length = 64,
@@ -145,5 +144,4 @@
},
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c030/test_data.h b/api-tests/dev_apis/crypto/test_c030/test_data.h
index 708eb81..db8f79b 100644
--- a/api-tests/dev_apis/crypto/test_c030/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c030/test_data.h
@@ -33,7 +33,6 @@
} test_data;
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_HMAC
#ifdef ARCH_TEST_SHA224
{
@@ -167,5 +166,4 @@
},
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c039/test_c039.c b/api-tests/dev_apis/crypto/test_c039/test_c039.c
index bf4ebad..8edc6ca 100644
--- a/api-tests/dev_apis/crypto/test_c039/test_c039.c
+++ b/api-tests/dev_apis/crypto/test_c039/test_c039.c
@@ -117,8 +117,9 @@
TEST_ASSERT_EQUAL(get_output_length, check1[i].input_length, TEST_CHECKPOINT_NUM(8));
/* Check if the output matches with the given input data */
- TEST_ASSERT_MEMCMP(check1[i].output + check1[i].expected_output_length, check1[i].input,
- get_output_length, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_MEMCMP((check1[i].output + check1[i].expected_output_length),\
+ check1[i].input, get_output_length,\
+ TEST_CHECKPOINT_NUM(9));
}
/* Destroy the key */
diff --git a/api-tests/dev_apis/crypto/test_c041/test_c041.c b/api-tests/dev_apis/crypto/test_c041/test_c041.c
index ec6c47a..0fe0ef5 100644
--- a/api-tests/dev_apis/crypto/test_c041/test_c041.c
+++ b/api-tests/dev_apis/crypto/test_c041/test_c041.c
@@ -92,15 +92,35 @@
TEST_ASSERT_EQUAL(get_signature_length, check1[i].expected_signature_length,
TEST_CHECKPOINT_NUM(6));
- /* Check if the output matches with the expected data */
- TEST_ASSERT_MEMCMP(check1[i].signature, check1[i].expected_signature, get_signature_length,
- TEST_CHECKPOINT_NUM(7));
- /* Destroy the key */
+ /* Destroy a key and restore the slot to its default state */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
- if (valid_test_input_index < 0)
+ /* verify the expected signature for the hash */
+ memset(&attributes, 0, sizeof(psa_key_attributes_t));
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].data,
+ check1[i].data_length, &key);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Verify the signature a hash or short message using a public key */
+ status = val->crypto_function(VAL_CRYPTO_VERIFY_HASH,
+ key,
+ check1[i].alg,
+ check1[i].hash,
+ check1[i].hash_length,
+ check1[i].expected_signature,
+ check1[i].expected_signature_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ if (valid_test_input_index < 0)
valid_test_input_index = i;
}
diff --git a/api-tests/dev_apis/crypto/test_c048/test_c048.c b/api-tests/dev_apis/crypto/test_c048/test_c048.c
index 559c9b9..8cf24fa 100644
--- a/api-tests/dev_apis/crypto/test_c048/test_c048.c
+++ b/api-tests/dev_apis/crypto/test_c048/test_c048.c
@@ -28,7 +28,7 @@
extern uint32_t g_test_count;
-static uint8_t output[SIZE_32B];
+static uint8_t output[64];
int32_t psa_cipher_encrypt_test(caller_security_t caller __UNUSED)
{
@@ -71,6 +71,7 @@
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT, key,
check1[i].key_alg, check1[i].input, check1[i].input_length, output,
check1[i].output_size, &output_length);
+
TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
/* Destroy the key */
@@ -86,17 +87,11 @@
/* Check if the output length matches the expected length */
TEST_ASSERT_EQUAL(output_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(6));
- /* Check if the output data matches the expected data */
- TEST_ASSERT_MEMCMP(output, check1[i].expected_output, output_length,
- TEST_CHECKPOINT_NUM(7));
-
/* Encrypt a message using a symmetric cipher on an aborted key handle should be an error */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT, key,
check1[i].key_alg, check1[i].input, check1[i].input_length, output,
check1[i].output_size, &output_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
-
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
}
-
return VAL_STATUS_SUCCESS;
}
diff --git a/api-tests/dev_apis/crypto/test_c048/test_data.h b/api-tests/dev_apis/crypto/test_c048/test_data.h
index b8eea61..4eefc20 100644
--- a/api-tests/dev_apis/crypto/test_c048/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c048/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,6 +16,7 @@
**/
#include "val_crypto.h"
+#include "test_crypto_common.h"
typedef struct {
char test_desc[75];
@@ -39,18 +40,18 @@
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a}, 16, SIZE_32B,
-{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
- 0x20, 0x74, 0x3B}, 0, PSA_SUCCESS
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
+ 16, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(16),
+{0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d},
+32, PSA_SUCCESS
},
{"Test psa_cipher_encrypt - Encrypt - AES CBC_NO_PADDING (Short input)\n", PSA_KEY_TYPE_AES,
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, 16,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_ERROR_INVALID_ARGUMENT
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(5),
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 21, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -60,10 +61,10 @@
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+ 0x93, 0x17, 0x2a}, 16, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(16),
{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
- 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 16, PSA_SUCCESS
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 48, PSA_SUCCESS
},
{"Test psa_cipher_encrypt - Encrypt - AES CBC_PKCS7 (Short input)\n", PSA_KEY_TYPE_AES,
@@ -71,9 +72,9 @@
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17}, 15, SIZE_32B,
+ 0x93, 0x17}, 15, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(15),
{0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4,
- 0x27, 0x6e, 0x24}, 16, PSA_SUCCESS
+ 0x27, 0x6e, 0x24}, 32, PSA_SUCCESS
},
#endif
@@ -83,9 +84,9 @@
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+ 0x93, 0x17, 0x2a}, 16, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(16),
{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
- 0xb2, 0xbd, 0x32}, 0, PSA_SUCCESS
+ 0xb2, 0xbd, 0x32}, 32, PSA_SUCCESS
},
{"Test psa_cipher_encrypt - Encrypt - AES CTR (short input)\n", PSA_KEY_TYPE_AES,
@@ -93,9 +94,9 @@
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17}, 15, SIZE_32B,
+ 0x93, 0x17}, 15, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(15),
{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
- 0xb2, 0xbd}, 0, PSA_SUCCESS
+ 0xb2, 0xbd}, 31, PSA_SUCCESS
},
#endif
#endif
@@ -105,7 +106,7 @@
{"Test psa_cipher_encrypt - Encrypt - DES CBC (nopad)\n", PSA_KEY_TYPE_DES,
{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
-{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, SIZE_32B,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(8),
{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 0, PSA_SUCCESS
},
#endif
@@ -115,7 +116,7 @@
{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
0xcb, 0xcd, 0xce}, DES3_2B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
-{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, SIZE_32B,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(8),
{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 0, PSA_SUCCESS
},
#endif
@@ -125,7 +126,7 @@
{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
-{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, SIZE_32B,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(16),
{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 0, PSA_SUCCESS
},
#endif
@@ -152,7 +153,7 @@
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
0x20, 0x74, 0x3B},
- 16, SIZE_32B,
+ 16, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(16),
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
0x93, 0x17, 0x2a}, 0, PSA_ERROR_NOT_PERMITTED
},
diff --git a/api-tests/dev_apis/crypto/test_c049/test_c049.c b/api-tests/dev_apis/crypto/test_c049/test_c049.c
index ade6e1a..e49b800 100644
--- a/api-tests/dev_apis/crypto/test_c049/test_c049.c
+++ b/api-tests/dev_apis/crypto/test_c049/test_c049.c
@@ -86,14 +86,11 @@
/* Check if the output length matches the expected length */
TEST_ASSERT_EQUAL(output_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(6));
- /* Check if the output data matches the expected data */
- TEST_ASSERT_MEMCMP(output, check1[i].expected_output, output_length,
- TEST_CHECKPOINT_NUM(7));
status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT, key,
check1[i].key_alg, check1[i].input, check1[i].input_length, output,
check1[i].output_size, &output_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
}
diff --git a/api-tests/dev_apis/crypto/test_c049/test_data.h b/api-tests/dev_apis/crypto/test_c049/test_data.h
index e830546..46b5c75 100644
--- a/api-tests/dev_apis/crypto/test_c049/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c049/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,7 +24,7 @@
uint32_t key_length;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
- uint8_t input[32];
+ uint8_t input[64];
size_t input_length;
size_t output_size;
uint8_t expected_output[32];
@@ -39,10 +39,11 @@
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 32, SIZE_32B,
{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
- 0x20, 0x74, 0x3B}, 0, PSA_ERROR_NOT_PERMITTED
+ 0x20, 0x74, 0x3B}, 16, PSA_ERROR_NOT_PERMITTED
},
#endif
@@ -51,19 +52,19 @@
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
-{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
- 0x20, 0x74, 0x3B},
- 16, SIZE_32B,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F, 0x20, 0x74, 0x3B},
+32, SIZE_32B, {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, PSA_SUCCESS
},
{"Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING (Short input)\n", PSA_KEY_TYPE_AES,
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, 16,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_ERROR_INVALID_ARGUMENT
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 21, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING\n", PSA_KEY_TYPE_AES,
@@ -71,8 +72,9 @@
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B, 0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
0x20, 0x74, 0x3B},
- 16, 10,
+ 32, 10,
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
0x93, 0x17, 0x2a}, 0, PSA_ERROR_BUFFER_TOO_SMALL
},
@@ -83,23 +85,23 @@
{"Test psa_cipher_decrypt - Decrypt - AES CBC_PKCS7\n", PSA_KEY_TYPE_AES,
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
- PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
-{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
- 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
- 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 32, SIZE_32B,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7, {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf,
+ 0xc3, 0x57, 0x33, 0x6f, 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36,
+ 0x31, 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 48, SIZE_32B, {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f,
+0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 16, PSA_SUCCESS
},
{"Test psa_cipher_decrypt - Decrypt - AES CBC_PKCS7 (Short input)\n", PSA_KEY_TYPE_AES,
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
-{0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4,
- 0x27, 0x6e, 0x24}, 16, SIZE_32B,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17}, 15, PSA_SUCCESS
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4, 0x27, 0x6e, 0x24,
+0x62}, 32, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(32), {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f,
+0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17}, 17, PSA_ERROR_INVALID_PADDING
},
+
#endif
#ifdef ARCH_TEST_CIPHER_MODE_CTR
@@ -107,21 +109,10 @@
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
-{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
- 0xb2, 0xbd, 0x32}, 16, SIZE_32B,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17, 0x2a},
- 0, PSA_SUCCESS
-},
-
-{"Test psa_cipher_decrypt - Decrypt - AES CTR (short input)\n", PSA_KEY_TYPE_AES,
-{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
- 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
- PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
-{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
- 0xb2, 0xbd}, 15, SIZE_32B,
-{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
- 0x93, 0x17}, 0, PSA_ERROR_DATA_INVALID
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0, 0xb2, 0xbd, 0x32},
+32, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(32), {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9,
+0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, 16, PSA_SUCCESS
},
#endif
#endif
@@ -131,8 +122,9 @@
{"Test psa_cipher_decrypt - Decrypt - DES CBC (nopad)\n", PSA_KEY_TYPE_DES,
{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
-{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 8, SIZE_32B,
-{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 24, SIZE_32B, {0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc,
+0x3a, 0xc9}, 8, PSA_SUCCESS
},
#endif
diff --git a/api-tests/dev_apis/crypto/test_c050/test_data.h b/api-tests/dev_apis/crypto/test_c050/test_data.h
index 6037381..295af26 100644
--- a/api-tests/dev_apis/crypto/test_c050/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c050/test_data.h
@@ -35,7 +35,6 @@
} test_data;
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
{
@@ -52,12 +51,12 @@
.signature_size = BUFFER_SIZE,
.expected_signature = signature_4,
.expected_signature_length = 128,
- .expected_status = PSA_SUCCESS,
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT,
},
#endif
-
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
#ifdef ARCH_TEST_SHA256
+#if PSA_API_MODE_ON == 1
{
.test_desc = "Test psa_sign_message - RSA KEY_PAIR PKCS1V15 SHA-256\n",
.type = PSA_KEY_TYPE_RSA_KEY_PAIR,
@@ -72,18 +71,19 @@
.signature_size = BUFFER_SIZE,
.expected_signature = NULL,
.expected_signature_length = 128,
- .expected_status = PSA_ERROR_INVALID_ARGUMENT,
+ .expected_status = PSA_ERROR_PROGRAMMER_ERROR,
},
#endif
#endif
#endif
+#endif
#ifdef ARCH_TEST_SHA256
#ifdef ARCH_TEST_DETERMINISTIC_ECDSA
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
{
.test_desc = "Test psa_sign_message - ECDSA SECP256R1 SHA-256\n",
- .type = PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1),
+ .type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1),
.data = ec_keypair,
.data_length = 32,
.usage_flags = PSA_KEY_USAGE_SIGN_MESSAGE,
@@ -93,7 +93,7 @@
.input_length = sizeof(hash_input),
.signature = expected_output,
.signature_size = BUFFER_SIZE,
- .expected_signature = signature_5,
+ .expected_signature = signature_6,
.expected_signature_length = 64,
.expected_status = PSA_SUCCESS,
},
@@ -125,8 +125,8 @@
.data = rsa_128_key_pair,
.data_length = 610,
.usage_flags = PSA_KEY_USAGE_SIGN_MESSAGE,
- .alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- .sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ .alg = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+ .sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
.signature = expected_output,
@@ -184,8 +184,8 @@
.data = rsa_128_key_pair,
.data_length = 610,
.usage_flags = PSA_KEY_USAGE_ENCRYPT,
- .alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- .sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ .alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+ .sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
.input = NULL,
.input_length = 0,
.signature = expected_output,
@@ -236,5 +236,4 @@
#endif
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c051/test_data.h b/api-tests/dev_apis/crypto/test_c051/test_data.h
index c020bd2..87472e7 100644
--- a/api-tests/dev_apis/crypto/test_c051/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c051/test_data.h
@@ -33,7 +33,6 @@
} test_data;
static const test_data check1[] = {
-#ifdef CRYPTO_1_0
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
{
@@ -47,7 +46,7 @@
.input_length = sizeof(hash_input),
.signature = signature_4,
.signature_length = 128,
- .expected_status = PSA_SUCCESS
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
},
{
@@ -61,7 +60,7 @@
.input_length = sizeof(hash_input),
.signature = signature_4,
.signature_length = 128,
- .expected_status = PSA_SUCCESS
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -78,7 +77,7 @@
.input_length = sizeof(hash_input),
.signature = NULL,
.signature_length = 0,
- .expected_status = PSA_ERROR_INVALID_ARGUMENT
+ .expected_status = PSA_ERROR_INVALID_SIGNATURE
},
#endif
#endif
@@ -89,28 +88,28 @@
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
{
.test_desc = "Test psa_verify_message - ECDSA KEY_PAIR SECP256R1 SHA-256\n",
- .type = PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1),
+ .type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1),
.data = ec_keypair,
.data_length = 32,
.usage_flags = PSA_KEY_USAGE_VERIFY_MESSAGE,
.alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
- .signature = signature_5,
+ .signature = signature_6,
.signature_length = 64,
.expected_status = PSA_SUCCESS
},
{
.test_desc = "Test psa_verify_message - ECDSA Public Key SECP256R1 SHA-256\n",
- .type = PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1),
+ .type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1),
.data = ec_key_data,
.data_length = 65,
.usage_flags = PSA_KEY_USAGE_VERIFY_MESSAGE,
.alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
- .signature = signature_5,
+ .signature = signature_6,
.signature_length = 64,
.expected_status = PSA_SUCCESS
},
@@ -126,7 +125,7 @@
.data = rsa_128_key_pair,
.data_length = 610,
.usage_flags = PSA_KEY_USAGE_VERIFY_MESSAGE,
- .alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ .alg = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
.signature = signature_4,
@@ -162,7 +161,7 @@
.input_length = sizeof(hash_input),
.signature = signature_4,
.signature_length = 128,
- .expected_status = PSA_ERROR_NOT_SUPPORTED
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -172,7 +171,7 @@
.data = rsa_128_key_pair,
.data_length = 610,
.usage_flags = PSA_KEY_USAGE_ENCRYPT,
- .alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ .alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
.signature = signature_4,
@@ -191,7 +190,7 @@
.input_length = sizeof(hash_input)-1,
.signature = signature_4,
.signature_length = 128,
- .expected_status = PSA_ERROR_INVALID_SIGNATURE
+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
},
{
@@ -200,7 +199,7 @@
.data = rsa_128_key_pair,
.data_length = 610,
.usage_flags = PSA_KEY_USAGE_VERIFY_MESSAGE,
- .alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ .alg = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
.signature = signature_4_invalid,
@@ -214,7 +213,7 @@
.data = rsa_128_key_pair,
.data_length = 610,
.usage_flags = PSA_KEY_USAGE_VERIFY_MESSAGE,
- .alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ .alg = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
.input = &hash_input,
.input_length = sizeof(hash_input),
.signature = signature_4,
@@ -223,5 +222,4 @@
},
#endif
#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/testsuite.db b/api-tests/dev_apis/crypto/testsuite.db
index 7e4f8b4..21a20aa 100644
--- a/api-tests/dev_apis/crypto/testsuite.db
+++ b/api-tests/dev_apis/crypto/testsuite.db
@@ -21,7 +21,7 @@
(START)
test_c001
-test_c002
+test_c002, failing_test
test_c003
test_c004
test_c005
@@ -45,11 +45,11 @@
test_c023
test_c024
test_c025
-test_c026
-test_c027
-test_c028
-test_c029
-test_c030
+test_c026, failing_test
+test_c027, failing_test
+test_c028, failing_test
+test_c029, failing_test
+test_c030, failing_test
test_c031
test_c032
test_c033
@@ -71,17 +71,17 @@
test_c049
test_c050
test_c051
-test_c052
-test_c053
-test_c054
-test_c055
-test_c056
-test_c057
-test_c058
-test_c059
-test_c060
-test_c061
-test_c062
-test_c063
+test_c052, failing_test
+test_c053, failing_test
+test_c054, failing_test
+test_c055, failing_test
+test_c056, failing_test
+test_c057, failing_test
+test_c058, failing_test
+test_c059, failing_test
+test_c060, failing_test
+test_c061, failing_test
+test_c062, failing_test
+test_c063, failing_test
(END)
diff --git a/api-tests/dev_apis/storage/test_s012/test_data.h b/api-tests/dev_apis/storage/test_s012/test_data.h
index 8e8c66c..9e039f9 100644
--- a/api-tests/dev_apis/storage/test_s012/test_data.h
+++ b/api-tests/dev_apis/storage/test_s012/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -50,35 +50,31 @@
VAL_TEST_IDX6, {VAL_API_UNUSED, VAL_PS_SET_EXTENDED}, PSA_ERROR_INVALID_ARGUMENT
},
{
- /* Set_extended with invalid length */
- VAL_TEST_IDX7, {VAL_API_UNUSED, VAL_PS_SET_EXTENDED}, PSA_ERROR_INVALID_ARGUMENT
-},
-{
/* Write data using set API */
- VAL_TEST_IDX8, {VAL_API_UNUSED, VAL_PS_SET}, PSA_SUCCESS
+ VAL_TEST_IDX7, {VAL_API_UNUSED, VAL_PS_SET}, PSA_SUCCESS
},
{
/* Check data validity using get API */
- VAL_TEST_IDX9, {VAL_API_UNUSED, VAL_PS_GET}, PSA_SUCCESS
+ VAL_TEST_IDX8, {VAL_API_UNUSED, VAL_PS_GET}, PSA_SUCCESS
},
{
- VAL_TEST_IDX10, {VAL_API_UNUSED, VAL_API_UNUSED}, 0
+ VAL_TEST_IDX9, {VAL_API_UNUSED, VAL_API_UNUSED}, 0
},
{
/* Create call with UID 0 */
- VAL_TEST_IDX11, {VAL_API_UNUSED, VAL_PS_CREATE}, PSA_ERROR_INVALID_ARGUMENT
+ VAL_TEST_IDX10, {VAL_API_UNUSED, VAL_PS_CREATE}, PSA_ERROR_INVALID_ARGUMENT
},
{
/* Call set_extended with UID 0 */
- VAL_TEST_IDX12, {VAL_API_UNUSED, VAL_PS_SET_EXTENDED}, PSA_ERROR_INVALID_ARGUMENT
+ VAL_TEST_IDX11, {VAL_API_UNUSED, VAL_PS_SET_EXTENDED}, PSA_ERROR_INVALID_ARGUMENT
},
{
/* Call remove with UID 0 */
- VAL_TEST_IDX13, {VAL_API_UNUSED, VAL_PS_REMOVE}, PSA_ERROR_INVALID_ARGUMENT
+ VAL_TEST_IDX12, {VAL_API_UNUSED, VAL_PS_REMOVE}, PSA_ERROR_INVALID_ARGUMENT
},
{
/* Remove with UID */
- VAL_TEST_IDX14, {VAL_API_UNUSED, VAL_PS_REMOVE}, PSA_SUCCESS
+ VAL_TEST_IDX13, {VAL_API_UNUSED, VAL_PS_REMOVE}, PSA_SUCCESS
},
};
#endif /* _S012_TEST_DATA_H_ */
diff --git a/api-tests/dev_apis/storage/test_s012/test_s012.c b/api-tests/dev_apis/storage/test_s012/test_s012.c
index ed0d452..ddd90c6 100644
--- a/api-tests/dev_apis/storage/test_s012/test_s012.c
+++ b/api-tests/dev_apis/storage/test_s012/test_s012.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -50,7 +50,7 @@
TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX1].status, TEST_CHECKPOINT_NUM(1));
/* Set some data in the storage created */
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX2].api[fCode], p_uid, TEST_BUFF_SIZE/2, 5,
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX2].api[fCode], p_uid, 0, TEST_BUFF_SIZE/2,
write_buff);
TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX2].status, TEST_CHECKPOINT_NUM(2));
@@ -68,7 +68,7 @@
/* Try to set data at correct offset, but zero data len */
val->print(PRINT_TEST, "[Check 3] Call set_extended API with offset equals length\n", 0);
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX5].api[fCode], p_uid, TEST_BUFF_SIZE, 0,
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX5].api[fCode], p_uid, TEST_BUFF_SIZE/2, 0,
write_buff);
TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX5].status, TEST_CHECKPOINT_NUM(5));
@@ -78,24 +78,18 @@
write_buff);
TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX6].status, TEST_CHECKPOINT_NUM(6));
- /* Try to set data at invalid location with incorrect data len */
- val->print(PRINT_TEST, "[Check 5] Call set_extended API with invalid length\n", 0);
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX7].api[fCode], p_uid, 0, TEST_BUFF_SIZE + 1,
- write_buff);
+ /* Set data using set API */
+ val->print(PRINT_TEST, "[Check 5] Overwrite the whole data with set API\n", 0);
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX7].api[fCode], p_uid, TEST_BUFF_SIZE,
+ write_buff, PSA_STORAGE_FLAG_NONE);
TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX7].status, TEST_CHECKPOINT_NUM(7));
- /* Set data using set API */
- val->print(PRINT_TEST, "[Check 6] Overwrite the whole data with set API\n", 0);
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX8].api[fCode], p_uid, TEST_BUFF_SIZE,
- write_buff, PSA_STORAGE_FLAG_NONE);
- TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX8].status, TEST_CHECKPOINT_NUM(8));
-
/* Call the get function to check data is correctly overwritten */
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX9].api[fCode], p_uid, 0, TEST_BUFF_SIZE,
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX8].api[fCode], p_uid, 0, TEST_BUFF_SIZE,
read_buff, &p_data_length);
- TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX9].status, TEST_CHECKPOINT_NUM(9));
- TEST_ASSERT_MEMCMP(read_buff, write_buff, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(10));
- TEST_ASSERT_EQUAL(p_data_length, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX8].status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_MEMCMP(read_buff, write_buff, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(p_data_length, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(10));
return VAL_STATUS_SUCCESS;
}
@@ -106,25 +100,25 @@
psa_storage_uid_t uid = 0;
/* Call create API with UID value 0 */
- val->print(PRINT_TEST, "[Check 7] Call create API with UID 0\n", 0);
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX11].api[fCode], uid, 0, TEST_BUFF_SIZE,
- write_buff);
- TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX11].status, TEST_CHECKPOINT_NUM(12));
+ val->print(PRINT_TEST, "[Check 6] Call create API with UID 0\n", 0);
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX10].api[fCode], uid, TEST_BUFF_SIZE,
+ PSA_STORAGE_FLAG_NONE);
+ TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX10].status, TEST_CHECKPOINT_NUM(11));
/* Call set extended API with UID value 0 */
- val->print(PRINT_TEST, "[Check 8] Call set_extended API with UID 0\n", 0);
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX12].api[fCode], uid, 0, TEST_BUFF_SIZE,
+ val->print(PRINT_TEST, "[Check 7] Call set_extended API with UID 0\n", 0);
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX11].api[fCode], uid, 0, TEST_BUFF_SIZE,
write_buff_2);
- TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX12].status, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX11].status, TEST_CHECKPOINT_NUM(12));
/* Call remove API with UID value 0 */
- val->print(PRINT_TEST, "[Check 9] Call remove API with UID 0\n", 0);
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX13].api[fCode], uid);
- TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX13].status, TEST_CHECKPOINT_NUM(14));
+ val->print(PRINT_TEST, "[Check 8] Call remove API with UID 0\n", 0);
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX12].api[fCode], uid);
+ TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX12].status, TEST_CHECKPOINT_NUM(13));
/* Remove the UID */
- status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX14].api[fCode], p_uid);
- TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX14].status, TEST_CHECKPOINT_NUM(15));
+ status = STORAGE_FUNCTION(s012_data[VAL_TEST_IDX13].api[fCode], p_uid);
+ TEST_ASSERT_EQUAL(status, s012_data[VAL_TEST_IDX13].status, TEST_CHECKPOINT_NUM(14));
return VAL_STATUS_SUCCESS;
}
diff --git a/api-tests/dev_apis/storage/test_s017/test_data.h b/api-tests/dev_apis/storage/test_s017/test_data.h
index ab02d84..6f4dc23 100644
--- a/api-tests/dev_apis/storage/test_s017/test_data.h
+++ b/api-tests/dev_apis/storage/test_s017/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,7 +34,7 @@
},
{
/* Try to set data in noncontinous manner */
- VAL_TEST_IDX3, {VAL_API_UNUSED, VAL_PS_SET_EXTENDED}, PSA_ERROR_STORAGE_FAILURE
+ VAL_TEST_IDX3, {VAL_API_UNUSED, VAL_PS_SET_EXTENDED}, PSA_ERROR_INVALID_ARGUMENT
},
{
/* Overwrite the existing data */
diff --git a/api-tests/docs/Arm_PSA-M_Functional_API_Test_Suite_Validation_Methodology.pdf b/api-tests/docs/Arm_PSA-M_Functional_API_Test_Suite_Validation_Methodology.pdf
index 90f44d9..76bdf24 100644
--- a/api-tests/docs/Arm_PSA-M_Functional_API_Test_Suite_Validation_Methodology.pdf
+++ b/api-tests/docs/Arm_PSA-M_Functional_API_Test_Suite_Validation_Methodology.pdf
Binary files differ
diff --git a/api-tests/docs/psa_storage_testlist.md b/api-tests/docs/psa_storage_testlist.md
index 1359f52..35ff431 100644
--- a/api-tests/docs/psa_storage_testlist.md
+++ b/api-tests/docs/psa_storage_testlist.md
@@ -22,7 +22,7 @@
| test_s010 | Storage assest creation with UID value 0 | psa_its(ps)_set<br /> | PSA_ERROR_INVALID_ARGUMENT | 1. Call the SET API with UID value 0.<br />2. Check that storage creation fails.<br /> | UID value used is 0 <br />
| NA | Storage Failure | NA | PSA_ERROR_STORAGE_FAILURE | 1. The failure cause will depend on the underlying <br /> platform and vary for each implementation.<br /> It is skipped in current suite <br /> | NA <br /> |
| test_s011 | Set_extended API's call for <br /> non-existent and removed assest | psa_ps_set_extended<br /> | PSA_ERROR_DOES_NOT_EXIST | Below Steps will be run only if optional API are not supported.<br />1. Call the SET Extended API when no uid present.<br />2. Create a valid storage using set. <br /> 3. Call create api with different length for existing uid.<br /> 4. Call create api to set WRITE_ONCE flag.<br /> 5. Validate data attributes are maintained.<br />6. Remove the uid.<br /> 7. Create valid storage using create api.<br /> 8. Try to change length using create api.<br /> 9. Validate storage is empty.<br /> 10. Again call create api with original parameters.<br />11. Remove the uid.<br /> 12. Check no duplicate entry present.<br /> | UID value used is 5 <br /> |
-| test_s012 | Set_extended API's call <br /> with invalid offset | psa_ps_set_extended<br /> | PSA_ERROR_INVALID_ARGUMENT | Below Steps will be run only if optional API are not supported.<br />1. Create a valid storage using set.<br /> 2. Set data on first half of buffer.<br /> 3. Try to set data at incorrect offset +length. <br /> 4. Try to set data at incorrect offset.<br />5. Try to set at correct offset but zero length buffer.<br />6. Try to set data at incorrect length and valid offset.<br /> 7. Overwrite the storage using set api.<br /> 8. Validate data is correctly written.<br \> 9. Call set_extended with NULL write buffer.<br /> 10. Overwrite storage using set_extended api.<br /> 11. Remove the uid.<br /> | UID value used is 6 <br />
+| test_s012 | Set_extended API's call <br /> with invalid offset | psa_ps_set_extended<br /> | PSA_ERROR_INVALID_ARGUMENT | Below Steps will be run only if optional API are not supported.<br />1. Create a valid storage using create.<br /> 2. Set data on first half of buffer.<br /> 3. Try to set data at incorrect offset +length. <br /> 4. Try to set data at incorrect offset.<br />5. Try to set at correct offset but zero length buffer.<br />6. Try to set data at incorrect length and valid offset.<br /> 7. Overwrite the storage using set api.<br /> 8. Validate data is correctly written.<br /> 10. Remove the uid.<br /> | UID value used is 6 <br />
| test_s013 | Create and set_extended API call for valid assest | psa_ps_set_extended<br /> psa_ps_create | PSA_SUCCESS | Below Steps will be run only if optional API are not supported.<br />1. Create Storage of zero length using create.<br />2. Try to set some data in the storage created.<br />3. Validate the storage attributes.<br /> 4. Remove the storage.<br /> 5. Create a valid storage with non-zero length.<br /> 6. Set data in the buffer.<br /> 7. Validate the data attributes.<br /> 8. Overwrite data using set api.<br /> 9. Validate the data.<br /> 10. Call create api for existing uid with same parameters.<br /> 11. Remove the uid.<br /> 12. Check with set_extended no duplicate uid exists.<br /> | UID value used is 4
| test_s014 | Create and set_extended API call<br /> when API's not supported | psa_ps_create<br />psa_ps_set_extended<br /> | PSA_ERROR_NOT_SUPPORTED | Below Steps will be run only if optional API are not supported.<br />1. Create API call should fail.<br />2. Check the UID should not exist.<br /> 3. Create storage using set API.<br /> 4. Try to partially write using set_extended API.<br /> 5. Validate data is not modified.<br /> 6. Remove the uid.<br /> | UID value used is 5
| test_s015 | Create API call with<br /> WRITE_ONCE flag | psa_ps_create<br /> | PSA_ERROR_NOT_SUPPORTED | Below Step will be run only if optional API are supported.<br />1. Create API call with WRITE_ONCE flag should fail.<br /> | UID value used is 5 <br />
@@ -37,4 +37,4 @@
--------------
-*Copyright (c) 2019-2020, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2019-2021, Arm Limited and Contributors. All rights reserved.*
diff --git a/api-tests/docs/test_failure_analysis.md b/api-tests/docs/test_failure_analysis.md
index 81c10fc..8018152 100644
--- a/api-tests/docs/test_failure_analysis.md
+++ b/api-tests/docs/test_failure_analysis.md
@@ -3,24 +3,19 @@
This file contains list of failures identified when testing the release
on tgt_dev_apis_tfm_an521 and tgt_dev_apis_tfm_musca_b1
-targets with TFM commit Hash - d0f6ceb0559af6ef08f4624eeac079cc07a1f077.
+targets with TFM commit Hash - dd1fe44448db0f1750794cd9cf5596033f90f6f9 (tag: TF-Mv1.4.1).
The reason for each failing test is listed here in this file.
## Known Failures
| Test | Fail description | Github issue |
|------|---------------------------------------------------------------------------------| ------------ |
-|test_c021 | psa_key_derivation_output_key returns incorrect error code | https://github.com/ARMmbed/mbed-crypto/issues/175 |
-|test_c026 | psa_sign_message not supported | https://jira.arm.com/browse/IOTPSW-4100 |
-|test_c027 | psa_mac_update not supported | https://jira.arm.com/browse/IOTPSW-4100 |
-|test_c028 | PSA_KEY_USAGE_SIGN_MESSAGE not found | https://jira.arm.com/browse/IOTPSW-4100 |
-|test_c029 | PSA_KEY_USAGE_VERIFY_MESSAGE not supported | https://jira.arm.com/browse/IOTPSW-4100 |
-|test_c030 | PSA_KEY_USAGE_VERIFY_MESSAGE not supported | https://jira.arm.com/browse/IOTPSW-4100 |
-|test_c046 | psa_mac_compute is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
-|test_c047 | psa_mac_verify is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
-|test_c048 | psa_cipher_encrypt is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
-|test_c049 | psa_cipher_decrypt is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
-|test_c051 | PSA_KEY_USAGE_VERIFY_MESSAGE not supported | https://jira.arm.com/browse/IOTPSW-4100 |
+|test_c002 | reference platform implementation issue | NA |
+|test_c026 | psa_sign_message not supported | https://jira.arm.com/browse/IOTPSW-4275 |
+|test_c027 | psa_mac_update not supported | https://jira.arm.com/browse/IOTPSW-4275 |
+|test_c028 | PSA_KEY_USAGE_SIGN_MESSAGE not found | https://jira.arm.com/browse/IOTPSW-4275 |
+|test_c029 | PSA_KEY_USAGE_VERIFY_MESSAGE not supported | https://jira.arm.com/browse/IOTPSW-4275 |
+|test_c030 | PSA_KEY_USAGE_VERIFY_MESSAGE not supported | https://jira.arm.com/browse/IOTPSW-4275 |
|test_c052 | psa_aead_encrypt_setup is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
|test_c053 | psa_aead_decrypt_setup is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
|test_c054 | psa_aead_generate_nonce is unimplemented in TFM/mbed-crypto. So the test has not been verified. | https://github.com/ARMmbed/mbed-crypto/issues/381 |
diff --git a/api-tests/ff/README.md b/api-tests/ff/README.md
index 24a2813..c09cde6 100644
--- a/api-tests/ff/README.md
+++ b/api-tests/ff/README.md
@@ -23,14 +23,15 @@
For more information on architecture test suite specification, refer to the [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf) document.
## This release
- - Code Quality : REL v1.2
+ - Code Quality : REL v1.3
- This release contains the PSA-FF tests that are written for the PSA FF 1.1 Extensions specification.
## Release Tags
| Release version | Release tag | PSA FF specification version |
|-----------------|---------------|----------------|
-| REL v1.2 | [v21.07_API1.2_ADAC_ALPHA](https://github.com/ARM-software/psa-arch-tests/tree//api-tests/ff) | 1.1-Alpha0 |
+| REL v1.3 | [v21.10_API1.3_ADAC_ALPHA-1](https://github.com/ARM-software/psa-arch-tests/tree/v21.10_API1.3_ADAC_ALPHA-1/api-tests/ff) | 1.1-Alpha0 |
+| REL v1.2 | [v21.07_API1.2_ADAC_ALPHA](https://github.com/ARM-software/psa-arch-tests/tree/v21.07_API1.2_ADAC_ALPHA/api-tests/ff) | 1.1-Alpha0 |
| REL v1.1 | [v20.11_API1.1](https://github.com/ARM-software/psa-arch-tests/tree/v20.11_API1.1/api-tests/ff) | 1.0 |
| REL v1.0 | [v20.03_API1.0](https://github.com/ARM-software/psa-arch-tests/tree/v20.03_API1.0/api-tests/ff) | 1.0 |
| v0.9 | [v19.06_API0.9](https://github.com/ARM-software/psa-arch-tests/tree/v19.06_API0.9/api-tests/ff) | 1.0-Beta1 |
diff --git a/api-tests/platform/drivers/watchdog/nrf/nrf_wdt.c b/api-tests/platform/drivers/watchdog/nrf/nrf_wdt.c
index 6040265..8ba3127 100644
--- a/api-tests/platform/drivers/watchdog/nrf/nrf_wdt.c
+++ b/api-tests/platform/drivers/watchdog/nrf/nrf_wdt.c
@@ -25,36 +25,37 @@
/**
* @brief Watchdog Timer
*/
-struct NRF_WDT_Type{ /*!< (@ 0x40018000) WDT0_NS Structure */
-__OM uint32_t TASKS_START; /*!< (@ 0x00000000) Start WDT */
-__OM uint32_t TASKS_STOP; /*!< (@ 0x00000004) Stop WDT */
+struct NRF_WDT_Type{ /*!< (@ 0x40018000) WDT0_NS Structure */
+__OM uint32_t TASKS_START; /*!< (@ 0x00000000) Start WDT */
+__OM uint32_t TASKS_STOP; /*!< (@ 0x00000004) Stop WDT */
__IM uint32_t RESERVED[30];
-__IOM uint32_t SUBSCRIBE_START; /*!< (@ 0x00000080) Subscribe configuration for task START */
-__IOM uint32_t SUBSCRIBE_STOP; /*!< (@ 0x00000084) Subscribe configuration for task STOP */
+__IOM uint32_t SUBSCRIBE_START; /*!< (@ 0x00000080) Subscribe configuration for task START */
+__IOM uint32_t SUBSCRIBE_STOP; /*!< (@ 0x00000084) Subscribe configuration for task STOP */
__IM uint32_t RESERVED1[30];
-__IOM uint32_t EVENTS_TIMEOUT; /*!< (@ 0x00000100) Watchdog timeout */
-__IOM uint32_t EVENTS_STOPPED; /*!< (@ 0x00000104) Watchdog stopped */
+__IOM uint32_t EVENTS_TIMEOUT; /*!< (@ 0x00000100) Watchdog timeout */
+__IOM uint32_t EVENTS_STOPPED; /*!< (@ 0x00000104) Watchdog stopped */
__IM uint32_t RESERVED2[30];
-__IOM uint32_t PUBLISH_TIMEOUT; /*!< (@ 0x00000180) Publish configuration for event TIMEOUT */
-__IOM uint32_t PUBLISH_STOPPED; /*!< (@ 0x00000184) Publish configuration for event STOPPED */
+__IOM uint32_t PUBLISH_TIMEOUT; /*!< (@ 0x00000180) Publish configuration for event TIMEOUT */
+__IOM uint32_t PUBLISH_STOPPED; /*!< (@ 0x00000184) Publish configuration for event STOPPED */
__IM uint32_t RESERVED3[95];
-__IOM uint32_t INTENSET; /*!< (@ 0x00000304) Enable interrupt */
-__IOM uint32_t INTENCLR; /*!< (@ 0x00000308) Disable interrupt */
+__IOM uint32_t INTENSET; /*!< (@ 0x00000304) Enable interrupt */
+__IOM uint32_t INTENCLR; /*!< (@ 0x00000308) Disable interrupt */
__IM uint32_t RESERVED4[6];
-__IOM uint32_t NMIENSET; /*!< (@ 0x00000324) Enable interrupt */
-__IOM uint32_t NMIENCLR; /*!< (@ 0x00000328) Disable interrupt */
+__IOM uint32_t NMIENSET; /*!< (@ 0x00000324) Enable interrupt */
+__IOM uint32_t NMIENCLR; /*!< (@ 0x00000328) Disable interrupt */
__IM uint32_t RESERVED5[53];
-__IM uint32_t RUNSTATUS; /*!< (@ 0x00000400) Run status */
-__IM uint32_t REQSTATUS; /*!< (@ 0x00000404) Request status */
+__IM uint32_t RUNSTATUS; /*!< (@ 0x00000400) Run status */
+__IM uint32_t REQSTATUS; /*!< (@ 0x00000404) Request status */
__IM uint32_t RESERVED6[63];
-__IOM uint32_t CRV; /*!< (@ 0x00000504) Counter reload value */
-__IOM uint32_t RREN; /*!< (@ 0x00000508) Enable register for reload request registers */
-__IOM uint32_t CONFIG; /*!< (@ 0x0000050C) Configuration register */
+__IOM uint32_t CRV; /*!< (@ 0x00000504) Counter reload value */
+__IOM uint32_t RREN; /*!< (@ 0x00000508) Enable register for reload request
+ registers */
+__IOM uint32_t CONFIG; /*!< (@ 0x0000050C) Configuration register */
__IM uint32_t RESERVED7[4];
-__OM uint32_t TSEN; /*!< (@ 0x00000520) Task stop enable */
+__OM uint32_t TSEN; /*!< (@ 0x00000520) Task stop enable */
__IM uint32_t RESERVED8[55];
-__OM uint32_t RR[8]; /*!< (@ 0x00000600) Description collection: Reload request n */
-}; /*!< Size = 1568 (0x620) */
+__OM uint32_t RR[8]; /*!< (@ 0x00000600) Description collection: Reload request n*/
+}; /*!< Size = 1568 (0x620) */
/* Register: WDT_CONFIG */
/* Description: Configuration register */
@@ -69,7 +70,8 @@
/* Register: WDT_RUNSTATUS */
/* Description: Run status */
#define WDT_RUNSTATUS_RUNSTATUSWDT_Pos (0UL) /*!< Position of RUNSTATUSWDT field. */
-#define WDT_RUNSTATUS_RUNSTATUSWDT_Msk (0x1UL << WDT_RUNSTATUS_RUNSTATUSWDT_Pos) /*!< Bit mask of RUNSTATUSWDT field. */
+/*!< Bit mask of RUNSTATUSWDT field. */
+#define WDT_RUNSTATUS_RUNSTATUSWDT_Msk (0x1UL << WDT_RUNSTATUS_RUNSTATUSWDT_Pos)
#define WDT_RUNSTATUS_RUNSTATUSWDT_NotRunning (0UL) /*!< Watchdog is not running */
#define WDT_RUNSTATUS_RUNSTATUSWDT_Running (1UL) /*!< Watchdog is running */
@@ -81,7 +83,7 @@
**/
int nrf_wdt_init(addr_t base_addr, uint32_t time_us)
{
- struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type*)base_addr;
+ struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type *)base_addr;
/* From nRF53 documentation, the timeout in seconds is
* timeout [s] = (CRV + 1) / 32768
@@ -110,7 +112,7 @@
**/
int nrf_wdt_enable(addr_t base_addr)
{
- struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type*)base_addr;
+ struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type *)base_addr;
nrf_wdt->TASKS_START = 0x01UL; // Trigger start task
return PAL_STATUS_SUCCESS;
@@ -123,7 +125,7 @@
**/
int nrf_wdt_disable(addr_t base_addr)
{
- struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type*)base_addr;
+ struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type *)base_addr;
nrf_wdt->TSEN = 0x6E524635UL; // Special value to enable stop task
nrf_wdt->TASKS_STOP = 0x01UL; // Trigger stop task
@@ -137,6 +139,6 @@
**/
int nrf_wdt_is_enabled(addr_t base_addr)
{
- struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type*)base_addr;
+ struct NRF_WDT_Type *nrf_wdt = (struct NRF_WDT_Type *)base_addr;
return (nrf_wdt->RUNSTATUS & WDT_RUNSTATUS_RUNSTATUSWDT_Msk);
}
diff --git a/api-tests/platform/manifests/driver_partition_psa.json b/api-tests/platform/manifests/driver_partition_psa.json
index 2b8c70c..1cf765a 100644
--- a/api-tests/platform/manifests/driver_partition_psa.json
+++ b/api-tests/platform/manifests/driver_partition_psa.json
@@ -62,3 +62,4 @@
}
]
}
+
diff --git a/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c
index e755057..651d494 100644
--- a/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c
@@ -63,7 +63,7 @@
const uint8_t *additional_data;
size_t additional_data_length;
psa_status_t status;
-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+#if MISSING_CRYPTO_1_0 == 0
uint8_t *output1;
size_t output_size1, *p_output_length1;
#endif
@@ -119,7 +119,7 @@
output_size,
p_output_length);
break;
-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+#if MISSING_CRYPTO_1_0 == 0
case PAL_CRYPTO_AEAD_ABORT:
aead_operation = va_arg(valist, psa_aead_operation_t *);
return psa_aead_abort(aead_operation);
@@ -270,7 +270,7 @@
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
break;
-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+#if MISSING_CRYPTO_1_0 == 0
case PAL_CRYPTO_CIPHER_DECRYPT:
key = va_arg(valist, psa_key_id_t);
alg = va_arg(valist, psa_algorithm_t);
@@ -296,7 +296,7 @@
key,
alg);
break;
-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+#if MISSING_CRYPTO_1_0 == 0
case PAL_CRYPTO_CIPHER_ENCRYPT:
key = va_arg(valist, psa_key_id_t);
alg = va_arg(valist, psa_algorithm_t);
@@ -656,7 +656,6 @@
mac_operation = va_arg(valist, psa_mac_operation_t *);
return psa_mac_abort(mac_operation);
break;
-#ifdef CRYPTO_1_0
case PAL_CRYPTO_MAC_COMPUTE:
key = va_arg(valist, psa_key_id_t);
alg = va_arg(valist, psa_algorithm_t);
@@ -673,7 +672,6 @@
output_size,
p_output_length);
break;
-#endif
case PAL_CRYPTO_MAC_OPERATION_INIT:
mac_operation = va_arg(valist, psa_mac_operation_t *);
mac_operation_temp = psa_mac_operation_init();
@@ -707,7 +705,7 @@
input,
input_length);
break;
-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+#if MISSING_CRYPTO_1_0 == 0
case PAL_CRYPTO_MAC_VERIFY:
key = va_arg(valist, psa_key_id_t);
alg = va_arg(valist, psa_algorithm_t);
@@ -822,7 +820,6 @@
output_size,
p_output_length);
break;
-#ifdef CRYPTO_1_0
case PAL_CRYPTO_SIGN_MESSAGE:
key = va_arg(valist, psa_key_id_t);
alg = va_arg(valist, psa_algorithm_t);
@@ -853,7 +850,6 @@
input1,
input_length1);
break;
-#endif
case PAL_CRYPTO_VERIFY_HASH:
key = va_arg(valist, psa_key_id_t);
alg = va_arg(valist, psa_algorithm_t);
diff --git a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
index 4a25a20..d5f03cf 100644
--- a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,6 +17,11 @@
#include "pal_attestation_crypto.h"
+/* this macro is missing from the psa_crypto.h file
+ * this can be removed once the TFM fix available
+ */
+#define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002)
+
static uint32_t public_key_registered;
static psa_key_handle_t public_key_handle;
diff --git a/api-tests/platform/targets/common/nspe/pal_common.h b/api-tests/platform/targets/common/nspe/pal_common.h
index 1179ee8..c9060c9 100644
--- a/api-tests/platform/targets/common/nspe/pal_common.h
+++ b/api-tests/platform/targets/common/nspe/pal_common.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,6 +29,7 @@
/* typedef's */
#ifndef TARGET_SPECIFIC_TYPES
typedef uint8_t bool_t;
+#define addr_t undef_addr_t //To avoid addr_t name collision
typedef uint32_t addr_t;
typedef uint32_t test_id_t;
typedef uint32_t block_id_t;
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_nrf5340/nspe/pal_attestation_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_nrf5340/nspe/pal_attestation_config.h
index dc7aa2e..bdef6c5 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_nrf5340/nspe/pal_attestation_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_nrf5340/nspe/pal_attestation_config.h
@@ -42,7 +42,7 @@
* This is the size of the first part of the CBOR encoded TBS
* bytes. It is around 20 bytes. See create_tbs_hash().
*/
-#define T_COSE_SIZE_OF_TBS { \
+#define T_COSE_SIZE_OF_TBS ( \
1 + /* For opening the array */ \
sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \
2 + /* Overhead for encoding string */ \
@@ -50,7 +50,7 @@
3 * (/* 3 NULL bstrs for fields not used */ \
1 /* size of a NULL bstr */ \
) \
-}
+)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_nrf9160/nspe/pal_attestation_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_nrf9160/nspe/pal_attestation_config.h
index dc7aa2e..bdef6c5 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_nrf9160/nspe/pal_attestation_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_nrf9160/nspe/pal_attestation_config.h
@@ -42,7 +42,7 @@
* This is the size of the first part of the CBOR encoded TBS
* bytes. It is around 20 bytes. See create_tbs_hash().
*/
-#define T_COSE_SIZE_OF_TBS { \
+#define T_COSE_SIZE_OF_TBS ( \
1 + /* For opening the array */ \
sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \
2 + /* Overhead for encoding string */ \
@@ -50,7 +50,7 @@
3 * (/* 3 NULL bstrs for fields not used */ \
1 /* size of a NULL bstr */ \
) \
-}
+)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_psoc64/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_psoc64/nspe/pal_crypto_config.h
index 132240a..2f20590 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_psoc64/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_psoc64/nspe/pal_crypto_config.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -37,6 +37,7 @@
#ifndef TF_M_PROFILE_SMALL
#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_RSA
+#define ARCH_TEST_SKIP_RSA_2048_GEN_KEY
#define ARCH_TEST_RSA_1024
#define ARCH_TEST_RSA_2048
#define ARCH_TEST_RSA_3072
diff --git a/api-tests/platform/targets/tgt_ff_tfm_nrf_common/nspe/pal_driver_ipc_intf.c b/api-tests/platform/targets/tgt_ff_tfm_nrf_common/nspe/pal_driver_ipc_intf.c
index be8ae93..bfcaa07 100644
--- a/api-tests/platform/targets/tgt_ff_tfm_nrf_common/nspe/pal_driver_ipc_intf.c
+++ b/api-tests/platform/targets/tgt_ff_tfm_nrf_common/nspe/pal_driver_ipc_intf.c
@@ -47,7 +47,7 @@
psa_invec data[3] = {{&uart_fn, sizeof(uart_fn)},
{&uart_base_addr, sizeof(uart_base_addr)},
- {NULL, 0}};
+ {NULL, 0} };
#if STATELESS_ROT == 1
status_of_call = psa_call(DRIVER_UART_HANDLE, 0, data, 3, NULL, 0);
@@ -103,7 +103,7 @@
wd_param.wd_base_addr = base_addr;
wd_param.wd_time_us = time_us;
wd_param.wd_timer_tick_us = timer_tick_us;
- psa_invec invec[1] = {{&wd_param, sizeof(wd_param)}};
+ psa_invec invec[1] = { {&wd_param, sizeof(wd_param)} };
#if STATELESS_ROT == 1
status_of_call = psa_call(DRIVER_WATCHDOG_HANDLE, 0, invec, 1, NULL, 0);
@@ -145,7 +145,7 @@
wd_param.wd_base_addr = base_addr;
wd_param.wd_time_us = 0;
wd_param.wd_timer_tick_us = 0;
- psa_invec invec[1] = {{&wd_param, sizeof(wd_param)}};
+ psa_invec invec[1] = { {&wd_param, sizeof(wd_param)} };
#if STATELESS_ROT == 1
status_of_call = psa_call(DRIVER_WATCHDOG_HANDLE, 0, invec, 1, NULL, 0);
@@ -186,7 +186,7 @@
wd_param.wd_base_addr = base_addr;
wd_param.wd_time_us = 0;
wd_param.wd_timer_tick_us = 0;
- psa_invec invec[1] = {{&wd_param, sizeof(wd_param)}};
+ psa_invec invec[1] = { {&wd_param, sizeof(wd_param)} };
#if STATELESS_ROT == 1
status_of_call = psa_call(DRIVER_WATCHDOG_HANDLE, 0, invec, 1, NULL, 0);
if (status_of_call != PSA_SUCCESS)
diff --git a/api-tests/tools/cmake/compiler/HOST_GCC.cmake b/api-tests/tools/cmake/compiler/HOST_GCC.cmake
index 2071b12..0282643 100644
--- a/api-tests/tools/cmake/compiler/HOST_GCC.cmake
+++ b/api-tests/tools/cmake/compiler/HOST_GCC.cmake
@@ -50,4 +50,4 @@
set(CMAKE_C_FLAGS "-g -Wall -Werror -Werror -std=c99")
message(STATUS "[PSA] : ${_LNG} compiler used '${CMAKE_${_LNG}_COMPILER}'")
endforeach()
-add_definitions(-DHOST_GCC_MISSING_CRYPTO_1_0=1)
+add_definitions(-DMISSING_CRYPTO_1_0=1)
diff --git a/api-tests/tools/scripts/gen_tests_list.py b/api-tests/tools/scripts/gen_tests_list.py
index 22727fb..f654100 100644
--- a/api-tests/tools/scripts/gen_tests_list.py
+++ b/api-tests/tools/scripts/gen_tests_list.py
@@ -1,6 +1,6 @@
#!/usr/bin/python
#/** @file
-# * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
+# * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
# * SPDX-License-Identifier : Apache-2.0
# *
# * Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,38 +18,42 @@
import sys
-if (len(sys.argv) != 13):
+if (len(sys.argv) != 14):
print("\nScript requires following inputs")
print("\narg1 : <INPUT SUITE identifier>")
print("\narg2 : <INPUT testsuite.db file>")
print("\narg3 : <INPUT panic test>")
- print("\narg4 : <OUTPUT testlist file>")
- print("\narg5 : <OUTPUT test_entry_list>")
- print("\narg6 : <OUTPUT test_entry_fn_declare_list>")
- print("\narg7 : <OUTPUT client_tests_list_declare>")
- print("\narg8 : <OUTPUT client_tests_list>")
- print("\narg9 : <OUTPUT server_tests_list_declare>")
- print("\narg10 : <OUTPUT server_tests_list>")
- print("\narg11 : <OUTPUT Suite test start number")
- print("\narg12 : <OUTPUT Suite test end number")
+ print("\narg4 : <INPUT tests coverage>")
+ print("\narg5 : <OUTPUT testlist file>")
+ print("\narg6 : <OUTPUT test_entry_list>")
+ print("\narg7 : <OUTPUT test_entry_fn_declare_list>")
+ print("\narg8 : <OUTPUT client_tests_list_declare>")
+ print("\narg9 : <OUTPUT client_tests_list>")
+ print("\narg10 : <OUTPUT server_tests_list_declare>")
+ print("\narg11 : <OUTPUT server_tests_list>")
+ print("\narg12 : <OUTPUT Suite test start number")
+ print("\narg13 : <OUTPUT Suite test end number")
sys.exit(1)
suite = sys.argv[1]
testsuite_db_file = sys.argv[2]
panic_tests_included = int(sys.argv[3])
-testlist_file = sys.argv[4]
-test_entry_list = sys.argv[5]
-test_entry_fn_declare_list = sys.argv[6]
-client_tests_list_declare = sys.argv[7]
-client_tests_list = sys.argv[8]
-server_tests_list_declare = sys.argv[9]
-server_tests_list = sys.argv[10]
-if sys.argv[11] != "None":
- suite_test_start_number = int(sys.argv[11])
+tests_coverage = sys.argv[4]
+testlist_file = sys.argv[5]
+test_entry_list = sys.argv[6]
+test_entry_fn_declare_list = sys.argv[7]
+client_tests_list_declare = sys.argv[8]
+client_tests_list = sys.argv[9]
+server_tests_list_declare = sys.argv[10]
+server_tests_list = sys.argv[11]
+
+
+if sys.argv[12] != "None":
+ suite_test_start_number = int(sys.argv[12])
else:
suite_test_start_number = 0
-if sys.argv[12] != "None":
- suite_test_end_number = int(sys.argv[12])
+if sys.argv[13] != "None":
+ suite_test_end_number = int(sys.argv[13])
else:
suite_test_end_number = sys.maxsize
@@ -66,12 +70,26 @@
if (('test_' == line[0:5]) and
(int(line[6:9]) >= suite_test_start_number) and
(int(line[6:9]) <= suite_test_end_number)):
- if ((panic_tests_included == 1) and ("panic" not in line)):
- o_f.write(line)
- elif ((panic_tests_included == 1) and ("panic" in line)):
- o_f.write(line[0:line.find(',')]+'\n')
- elif ((panic_tests_included == 0) and ("panic" not in line)):
- o_f.write(line)
+ if (panic_tests_included == 0):
+ if (tests_coverage == "ALL"):
+ if (("panic" not in line) and ("failing" not in line)):
+ o_f.write(line)
+ if (("panic" not in line) and ("failing" in line)):
+ o_f.write(line[0:line.find(',')]+'\n')
+ if (tests_coverage == "PASS"):
+ if (("panic" not in line) and ("failing" not in line)):
+ o_f.write(line)
+ if (panic_tests_included == 1):
+ if (tests_coverage == "ALL"):
+ if (("panic" not in line) and ("failing" not in line)):
+ o_f.write(line)
+ else:
+ o_f.write(line[0:line.find(',')]+'\n')
+ if (tests_coverage == "PASS"):
+ if (("panic" not in line) and ("failing" not in line)):
+ o_f.write(line)
+ if (("panic" in line) and ("failing" not in line)):
+ o_f.write(line[0:line.find(',')]+'\n')
def gen_test_entry_info():
"""
diff --git a/api-tests/val/common/val.h b/api-tests/val/common/val.h
index 1fb6266..88bab7b 100644
--- a/api-tests/val/common/val.h
+++ b/api-tests/val/common/val.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2020, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/api-tests/val/nspe/val_crypto.h b/api-tests/val/nspe/val_crypto.h
index a11369b..a3414ee 100644
--- a/api-tests/val/nspe/val_crypto.h
+++ b/api-tests/val/nspe/val_crypto.h
@@ -55,7 +55,6 @@
#define PSA_ALG_NONE ((psa_algorithm_t)0)
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
-
#if 0
#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
((((aead_alg) & ~0x003f0000) == 0x05400100) ? PSA_ALG_CCM : \
@@ -67,7 +66,6 @@
((psa_algorithm_t) (((aead_alg) & ~0x003f0000) | (((tag_length) & 0x3f) << 16)))
#endif
-
enum crypto_function_code {
VAL_CRYPTO_AEAD_ABORT = 0x1,
VAL_CRYPTO_AEAD_DECRYPT,
diff --git a/api-tests/val/nspe/val_dispatcher.c b/api-tests/val/nspe/val_dispatcher.c
index 57de976..13a3671 100644
--- a/api-tests/val/nspe/val_dispatcher.c
+++ b/api-tests/val/nspe/val_dispatcher.c
@@ -229,6 +229,10 @@
val_print(PRINT_ALWAYS, "\nRunning.. ", 0);
val_print(PRINT_ALWAYS, val_get_comp_name(test_id), 0);
// val_print_api_version();
+#ifdef TESTS_COVERAGE
+ val_print(PRINT_ALWAYS, "\nNOTE : Known failing tests are excluded from this \
+build. For PSA functional API certification, all tests must be run.\n", 0);
+#endif
val_print(PRINT_ALWAYS, "\n******************************************\n", 0);
}
diff --git a/api-tests/val/nspe/val_entry.h b/api-tests/val/nspe/val_entry.h
index ba333ef..79646b9 100644
--- a/api-tests/val/nspe/val_entry.h
+++ b/api-tests/val/nspe/val_entry.h
@@ -21,7 +21,7 @@
#include "val_framework.h"
#define PSA_ACS_MAJOR_VER 1
-#define PSA_ACS_MINOR_VER 2
+#define PSA_ACS_MINOR_VER 3
/**
@brief - PSA Test Suite C main function, does VAL init and calls test dispatcher
diff --git a/api-tests/val/nspe/val_peripherals.c b/api-tests/val/nspe/val_peripherals.c
index 4e2d31b..4424639 100644
--- a/api-tests/val/nspe/val_peripherals.c
+++ b/api-tests/val/nspe/val_peripherals.c
@@ -157,8 +157,6 @@
val_status_t val_wd_reprogram_timer(wd_timeout_type_t timeout_type)
{
val_status_t status = VAL_STATUS_SUCCESS;
-
- (void)timeout_type; // Argument unused if WATCHDOG_AVAILABLE is not defined
#ifdef WATCHDOG_AVAILABLE
/* Disable watchdog Timer */
val_wd_timer_disable();
@@ -176,6 +174,8 @@
{
return status;
}
+#else
+ (void)timeout_type; // Argument unused if WATCHDOG_AVAILABLE is not defined
#endif
return status;
diff --git a/secure-debug/CMakeLists.txt b/secure-debug/CMakeLists.txt
index 8266ccb..85d3a42 100644
--- a/secure-debug/CMakeLists.txt
+++ b/secure-debug/CMakeLists.txt
@@ -31,11 +31,7 @@
set(CMAKE_CXX_STANDARD 14)
set(CMAKE_CXX_EXTENSIONS Off)
-if(NOT DEFINED RDDI_LIB)
- set(DEPENDS_INC_PATH ${CMAKE_SOURCE_DIR}/platform/native/include)
-else()
- set(DEPENDS_INC_PATH ${CMAKE_SOURCE_DIR}/platform/rddi/include)
-
+if(DEFINED RDDI_LIB)
if(WIN32)
set(DEPENDS_LIB_PATH ${CMAKE_SOURCE_DIR}/depends/rddi/win_32-x86_64)
else()
@@ -43,6 +39,8 @@
endif()
endif()
+set(DEPENDS_INC_PATH ${CMAKE_SOURCE_DIR}/platform/hosts/${TARGET}/include)
+
if(NOT DEFINED PSA_ADAC_ROOT)
get_filename_component(PSA_ADAC_ROOT ${CMAKE_SOURCE_DIR}/psa-adac ABSOLUTE)
endif()
@@ -92,7 +90,7 @@
string(TOLOWER ${SUITE} SUITE_LOWER)
# Check for valid targets
-_get_sub_dir_list(PSA_TARGET_LIST ${PSA_ROOT_DIR}/platform)
+_get_sub_dir_list(PSA_TARGET_LIST ${PSA_ROOT_DIR}/platform/hosts)
if(NOT ${TARGET} IN_LIST PSA_TARGET_LIST)
message(FATAL_ERROR "[PSA] : Error: Unsupported value for -DTARGET=${TARGET}, supported targets are : ${PSA_TARGET_LIST}")
else()
@@ -189,24 +187,26 @@
add_definitions(-D${TARGET})
# Build PAL LIB
-if(NOT DEFINED RDDI_LIB)
- add_subdirectory(${CMAKE_SOURCE_DIR}/platform/native)
- set(ADAC_HOST_PAL_LIB platform_native)
-else()
+include(${CMAKE_SOURCE_DIR}/platform/common/pal.cmake)
+if(DEFINED RDDI_LIB)
add_subdirectory(${CMAKE_SOURCE_DIR}/platform/csapbcom)
set(ADAC_HOST_PAL_LIB csapbcom)
+else()
+ add_subdirectory(${CMAKE_SOURCE_DIR}/platform/hosts/${TARGET} platform_stdc)
+ target_link_libraries(${ADAC_HOST_PAL_LIB} platform_stdc)
endif()
# Generate VAL LIB
include(${CMAKE_SOURCE_DIR}/val/val.cmake)
-# Build test
+# Build test suite
include(${PSA_SUITE_DIR}/suite.cmake)
-#add_dependencies(${TEST_COMBINE_LIB} ${ADAC_HOST_VAL_LIB} ${ADAC_HOST_PAL_LIB} ${ADAC_LIBS})
+#Create single executable
add_executable(${ADAC_HOST_EXE} ${SUITE_CC_SOURCE})
target_include_directories(${ADAC_HOST_EXE} PRIVATE
${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
target_link_libraries (${ADAC_HOST_EXE} ${TEST_COMBINE_LIB}
${ADAC_HOST_VAL_LIB}
diff --git a/secure-debug/README.md b/secure-debug/README.md
index 8947afa..3853c24 100644
--- a/secure-debug/README.md
+++ b/secure-debug/README.md
@@ -1,42 +1,40 @@
-# PSA Secure Debug : Arm ADAC Test Suite
+# PSA Secure Debug: Arm ADAC Test Suite
## Introduction
### ADAC Specification
-The ADAC specification defines the protocol that allows a target to securely authenticate a debug host. The specification targets software-only layers that sit above the physical debug link.
-
-The ADAC specification can be obtained at [ADAC specification](https://developer.arm.com/documentation/den0101/0000).
+The [ADAC specification](https://developer.arm.com/documentation/den0101/0001) defines the protocol that allows a target to securely authenticate a debug host. The specification targets software-only layers that are above the physical debug link.
### ADAC test suite
-The ADAC test suite checks if a device-side implementation conforms to the behavior described in the ADAC specification. The tests are self-checking, portable C-based tests with directed stimulus. The tests are expected to run on the host platform only. The tests drive the commands from the host platform via the debug link and verify the response obtained from the target platform.
+The ADAC test suite checks if a device-side implementation conforms to the behavior described in the ADAC specification. The tests are self-checking, portable C-based tests with directed stimulus. The tests are expected to run on the host platform only. The tests drive the commands from the host platform through the debug link and verify the response obtained from the target platform.
The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution.
## Release details
- - Release Version - 0.5
+ - Release Version - 0.6
- Code Quality: Alpha <br />
- The suite is in development. This indicates that the suite contains tests that has not been validated on any hardware platform. Please use this opportunity to suggest enhancements and point out errors.
+ The suite is in development. This indicates that the suite contains tests that have not been validated on any hardware platform. You can suggest enhancements and point out errors.
- - The ADAC tests are written for version Beta of the [ADAC specification](https://developer.arm.com/documentation/den0101/0000).
+ - The ADAC tests are written for version Beta of the ADAC specification.
- This test suite is not a substitute for design verification.
## Layers
ADAC tests use a layered software-stack approach to enable porting across different test platforms. The constituents of the layered stack are:
- - Test suite
- - Validation Abstraction Layer (VAL)
- - Platform Abstraction Layer (PAL)
+ - Test suite
+ - Validation Abstraction Layer (VAL)
+ - Platform Abstraction Layer (PAL)
-These tests are written on top of Validation Abstraction Layer (VAL) and Platform Abstraction Layer (PAL).
+These tests are written on top of VAL and PAL.
The abstraction layers provide platform information and runtime environment to enable execution of the tests.
-In this release, PAL implementation uses unix sockets as the link layer for sending commands and receiving responses.
+In this release, PAL implementation uses Unix sockets as the link layer for sending commands and receiving responses.
-Partners can also write their own abstraction layer implementations to allow ADAC tests to be run in other host platforms and support the debug link layer.
+You can also write your own abstraction layer implementations to allow ADAC tests to be run in other host platforms and support the debug link layer.
## Scenarios
@@ -46,17 +44,17 @@
Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests. <br />
-See User guide document to get details on the steps involved in porting the test suite to your platform.
+See [Arm Authenticated Debug Access Control Test Suite User guide](docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf) document to get details on the steps involved in porting the test suite to your platform.
This test suite is provided as a separate directory within the psa-arch-tests repository.
### Prerequisites
Before starting the test suite build, ensure that the following requirements are met:
-- Host Operating System : Ubuntu 16.04.4, RHEL 7, Windows 10
-- Scripting tools : Python 3.7.1
-- Other open-source tools : GNUARM 6.3.1, GCC 5.4.0 32-Bit (Linux Host), mingw 6.3.0 32-Bit (Windows Host)
- CMake 3.1 or later
+- Host Operating System: Ubuntu 16.04.4, RHEL 7, Windows 10
+- Scripting tools: Python 3.7.1
+- Other open-source tools: GNUARM 6.3.1, GCC 5.4.0 32-Bit (Linux Host), MinGW 6.3.0 32-Bit (Windows Host)
+ CMake 3.1 or later
## Download source
@@ -64,7 +62,7 @@
git clone https://github.com/ARM-software/psa-arch-tests.git
-To download the master branch of the psa-adac repository, type the following command:
+To download the main branch of the psa-adac repository, type the following command:
git clone git@github.com:ARMmbed/psa-adac.git
@@ -74,8 +72,8 @@
## Porting steps
-Refer to the [Porting Guide](docs/porting_guide_adac_host.md) document for porting steps for your host platform.
-Refer to the [User Guide](docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf) document in the docs folder for additional details.
+See the [Porting Guide](docs/porting_guide_adac_host.md) document for porting steps for your host platform.
+See the [User Guide](docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf) document in the docs folder for additional details.
## Build steps
@@ -83,15 +81,17 @@
~~~
cd psa-arch-tests/secure-debug
git clone git@github.com:ARMmbed/psa-adac.git --recurse-submodules
+ cp adac_ats_alpha1.patch psa-adac/.
+ cd psa-adac/
+ git apply adac_ats_alpha1.patch
+ cd ..
mkdir <host_build_dir>
cd <host_build_dir>
- cmake ../ -G<generator-name> -DTARGET=<target-name> -DCOMPILER=<compiler-selection> -DSUITE=<suite-selection>
+ cmake ../ -G<generator-name> -DTARGET=<target-name> -DSUITE=<suite-selection>
where:
- <generator-name> "Unix Makefiles" - to generate Makefiles for Linux and Cygwin
"MinGW Makefiles" - to generate Makefiles for cmd.exe on Windows
- - <target-name> target to build, as created in the platform/board directory
- - <compiler-selection> GNU
- Defaults to GNU if not specified
+ - <target-name> target to build, as created in the platform/hosts directory
- <suite-selection> ADAC - specify the ADAC suite
To build project
@@ -100,12 +100,12 @@
cmake --build . -- clean
For example:
- cmake ../ -G"Unix Makefiles" -DTARGET=native -DSUITE=ADAC
+ cmake ../ -G"Unix Makefiles" -DTARGET=hst_sdbg_stdc -DSUITE=ADAC
cmake --build .
~~~
Note:
- It is recommended to build each different build configurations in separate directories.
+ It is recommended to build different build configurations in separate directories.
### Build output
The following ADAC test suite build outputs are available under host build directory, as created.
@@ -115,7 +115,7 @@
## Test Suite Execution
-The current release provides a reference implementation of ADAC target which communicates with the host platform using unix sockets. In order to execute the test suite, please follow the steps below:
+The current release provides a reference implementation of ADAC target which communicates with the host platform using Unix sockets. To execute the test suite, follow the steps below:
cd psa-arch-tests/secure-debug/psa-adac
make native
@@ -123,21 +123,21 @@
To launch the target to run as a server instance, run the target executable in another terminal as shown:
cd psa-arch-tests/secure-debug/psa-adac
- ./build/native/Debug/psa_adac_server coms.socket tools/test/resources/chains/chain.EcdsaP256-0
+ ./build/native/Debug/psa_adac_server coms.socket tools/test/resources/chains/chain.EcdsaP256-3
To run the test suite, execute the following command from your host build directory <host_build_dir>:
- ./psa_adac_test ../psa-adac/tools/test/resources/keys/EcdsaP256Key-0.pem \../psa-adac/tools/test/resources/chains/chain.EcdsaP256-0 ../psa-adac/coms.socket
+ ./psa_adac_test ../psa-adac/tools/test/resources/keys/EcdsaP256Key-3.pem \../psa-adac/tools/test/resources/chains/chain.EcdsaP256-3 ../psa-adac/coms.socket
Note:
- - Please look at the psa-adac directory for details about other target platforms.
+ - See the psa-adac directory for information on other target platforms.
- The keys and the certificate credentials for a supported cryptosystem can be generated using the tools provided in the psa-adac repository.
- - The test suite is designed to run once per supported cryptosystem. Partners must ensure that the device must be provisioned with the correct certificates installed in the device's RoT.
+ - The test suite is designed to run once per supported cryptosystem. You must ensure that the device must be provisioned with the correct certificates installed in the device's RoT.
## Security implication
-ADAC test suite may run at higher privilege level. An attacker can utilize these tests to elevate privilege which can potentially reveal the platform secure attests. To prevent such security vulnerabilities into the production system, it is strongly recommended that ADAC test suite is run on development platforms. If it is run on production system, make sure system is scrubbed after running the test suite.
+ADAC test suite may run at higher privilege level. An attacker can utilize these tests to elevate privilege which can potentially reveal the platform Secure attests. To prevent such security vulnerabilities into the production system, it is recommended that ADAC test suite is run on development platforms. If it is run on production system, make sure system is scrubbed after running the test suite.
## License
diff --git a/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf b/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf
index 8f78f6d..0c9d96a 100644
--- a/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf
+++ b/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf
Binary files differ
diff --git a/secure-debug/docs/porting_guide_adac_host.md b/secure-debug/docs/porting_guide_adac_host.md
index 07f1c03..d84c86c 100644
--- a/secure-debug/docs/porting_guide_adac_host.md
+++ b/secure-debug/docs/porting_guide_adac_host.md
@@ -11,10 +11,10 @@
### Adding a new target
- 1. Create a new directory in **platform/<platform_name>**. For reference, see the existing platform **native** directory.
- 2. Execute `cp -rf platform/native/ platform/<platform_name>/`.
+ 1. Create a new directory in **platform/<platform_name>**. For reference, see the existing platform **hst_sdbg_stdc** directory.
+ 2. Execute `cp -rf platform/hosts/hst_sdbg_stdc/ platform/hosts/<platform_name>/`.
3. Update **platform/<platform_name>/CMakeLists.txt** appropriately to select the correct instances of PAL files for compilation.
- 4. Refer to the **List of PAL APIs** section to view the list of PAL APIs that must be ported for your target platform. These API definitions are available in **val/include/pal_interfaces.h**. These APIs are written for native target platform. You can reuse the code if it works for your platform. Otherwise, you must port them for your platform-specific peripherals.
+ 4. Refer to the **List of PAL APIs** section to view the list of PAL APIs that must be ported for your target platform. These API definitions are available in **val/include/pal_interfaces.h**. These APIs are written for the virtual target **hst_sdbg_stdc**. You can reuse the code if it works for your platform. Otherwise, you must port them for your platform-specific peripherals.
5. The main.c requires path to the key and certificate chain that point to the host credentials. This must be provided as command-line arguments. You can provide debug link layer specific parameters as additional command-line arguments.
6. If you want to use a pre-built debug communication interface, create a new directory under the depends directory and list your shared libraries within it. A placeholder for RDDI libraries is provided. You can then link these libraries to your platform.
@@ -23,10 +23,12 @@
| No | Prototype | Description | Parameters |
|----|-------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------|
-| 01 | int pal_print(char *str, int32_t data); | Parses the input string and writes bytes into the message interface | str : Input String<br/>data : Value for format specifier<br/> |
-| 02 | int request_packet_send(request_packet_t *packet); | Writes the ADAC command frame into the communication buffer for transmit | request packet<br/> |
-| 03 | response_packet_t *response_packet_receive(); | Reads the ADAC command response from the communication buffer | None<br/> |
-| 04 | int pal_system_reset(void) | Resets the system and disconnects from device | None |
+| 01 | int pal_print(char *str, int32_t data); | Parses the input string and writes bytes into the message interface | str: Input String<br/>data: Value for format specifier<br/> |
+| 02 | int pal_system_reset(void) | Resets the system and disconnects from device | None |
+| 03 | int pal_msg_interface_init(void *ctx) | Initializes the message interface for debugging information | Handle for the communication interface |
+| 04 | int pal_msg_interface_free(void *ctx) | Releases the message interface | Handle for the communication interface |
+| 05 | int pal_message_send(uint8_t buffer[], size_t size) | Sends the request data on the debug link interface to the device | buffer_ptr for payload, transfer size in bytes |
+| 06 | int pal_message_receive(uint8_t buffer[], size_t size)| Reads the response data from the device | buffer_ptr for payload, transfer size in bytes |
## License
Arm PSA test suite is distributed under Apache v2.0 License.
diff --git a/secure-debug/docs/psa_adac_scenarios.md b/secure-debug/docs/psa_adac_scenarios.md
index 8d8fcae..bc9748b 100644
--- a/secure-debug/docs/psa_adac_scenarios.md
+++ b/secure-debug/docs/psa_adac_scenarios.md
@@ -2,22 +2,26 @@
| Scenario ID | Section | Description | Test Cases |
|-------------|------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|
-| S_ADAC_001 | Commands | Verify that the following commands are recognized by the target and do not return SDP_INVALID_COMMAND status.<br />1. Discovery<br/>2. Authentication Start<br\>3. Authentication Response<br/>4. Close Session<br/>5. Lock Debug<br/> | TBD <br/> |
-| S_ADAC_002 | Commands | Send two authentication start commands back-to-back and verify that the challenge vector obtained in the response is different. | test_a001 <br/> |
-| S_ADAC_003 | Commands | Use discovery command to query the target for supported response fragment formats. Check that the following response fragments are supported: <br\>1. 0x200 token_adac<br\>2. 0x201 cert_adac<br\>| TBD <br/> |
-| S_ADAC_004 | Commands | Issue invalid response fragment as part of Authentication response and check that the target responds with SDP_FAILURE status.| TBD <br/> |
-| S_ADAC_005 | Commands | Issue a different command after starting the Authentication response command and check that the target responds with SDP_FAILURE status. | TBD <br/> |
-| S_ADAC_006 | Commands | Verify that for a multiple fragment Authentication response request, the device responds with a SDP_MORE_DATA_NEEDED status code after each response fragment.| TBD <br/> |
-| S_ADAC_007 | Commands | Check that the Close Session command always returns a SDP_SUCCESS status.| TBD <br/> |
-| S_ADAC_008 | Constraints| Provide a leaf certificate before a root certificate and verify that an error response is generated by the target.| TBD <br/> |
-| S_ADAC_009 | Constraints| Check that a certificate is rejected due to each of the following scope-limiting feature:1. Role<br/>2. Lifecycle<br/>| TBD <br/> |
-| S_ADAC_010 | Constraints| Check that if two or more distinct non-neutral values are present in the certificate chain, a failure response is obtained.| TBD <br/> |
-| S_ADAC_011 | Constraints| Request a permission value (perm_req) via authentication token which is denied due to a restrictive perm_mask field. Check that the authentication response is successful.| TBD <br/> |
-| S_ADAC_012 | Constraints| Request access to software partition with no software partition ID listed in the certificate chain. Check that success status is reported.| TBD <br/> |
+| S_ADAC_001 | Commands | Verify that the following commands are recognized by the target and do not return SDP_INVALID_COMMAND status.<br />1. Discovery<br/>2. Authentication Start<br/>3. Authentication Response<br/>4. Close Session<br/>5. Lock Debug<br/> | test_a002 <br/> |
+| S_ADAC_002 | Commands | Send two authentication-start commands back-to-back and verify that the challenge vector obtained in the response is different. | test_a001 <br/> |
+| S_ADAC_003 | Commands | Use discovery command to query the target for supported response fragment formats. Check the following constraints for the response: <br/>1. token_formats (Type ID 0x0100) TLV enlists token_adac (Type ID 0x200)<br/>2. cert_formats (Type ID 0x0101) TLV enlists cert_adac (Type ID 0x201)<br/>3. psa_lifecyle TLV indicates only one state.<br/>| test_a003 <br/> |
+| S_ADAC_004 | Commands | Send discovery command with list of specified TLV entries, both in increasing and decreasing order. Verify that the target responds with SDP_SUCCESS status. | test_a004 <br/> |
+| S_ADAC_005 | Commands | Send invalid response fragment as part of Authentication response command sequence and check that the target responds with SDP_FAILURE status.| test_a005 <br/> |
+| S_ADAC_006 | Commands | Request two challenge sequences back-to-back. Send the ADAC token signed with the older challenge and verify that the target rejects the token by responding with SDP_FAILURE. Send the ADAC token with the latest issued challenge and check that the target rejects the updated token as well by responding with SDP_FAILURE status. | test_a005 <br/> |
+| S_ADAC_007 | Commands | Send an authentication response command with a NULL payload and verify that the target responds with SDP_FAILURE status. | test_a006 <br/> |
+| S_ADAC_008 | Commands | Verify that the target responds to an unrecognized ADAC command with SDP_INVALID_COMMAND status. | test_a007 <br/> |
+| S_ADAC_009 | Commands | Verify that for a multiple fragment Authentication response request, the device responds with a SDP_MORE_DATA_NEEDED status code after each response fragment. | test_a001, test_a005 <br/> |
+| S_ADAC_010 | Commands | Check that the Close Session command always returns an SDP_SUCCESS status. | test_a001 <br/> |
+| S_ADAC_011 | Constraints| In a certificate chain, provide a leaf certificate before a root certificate and verify that the target responds with an error. | test_a008 <br/> |
+| S_ADAC_012 | Constraints| Check that a certificate is rejected due to each of the following scope-limiting feature:<br/>1. Role<br/>2. Lifecycle<br/>| test_a008 <br/> |
+| S_ADAC_013 | Constraints| Check that if two or more distinct non-neutral values are present in the certificate chain, a failure response is obtained.| test_a009 <br/> |
+| S_ADAC_014 | Constraints| Request a permission value (perm_req) via authentication token which is denied due to a restrictive perm_mask field. Check that the authentication response is successful.| test_a002 <br/> |
+| S_ADAC_015 | Constraints| Request access to software partition with no software partition ID listed in the certificate chain. Check that success status is reported.| test_a010 <br/> |
+| S_ADAC_016 | Constraints| Verify that the reserved fields of TLV sequences read as 0 for ADAC version 1.0 implementation.| test_a011 <br/> |
## Note
-1. The list of identified scenarios are not exhaustive and is subject to change.<br/>
+1. The list of identified scenarios is not exhaustive and is subject to change.<br/>
2. Some of the listed scenarios could be descoped or classified as testing limitation.<br />
# License
diff --git a/secure-debug/docs/test_failure_analysis.md b/secure-debug/docs/test_failure_analysis.md
new file mode 100644
index 0000000..a1d3532
--- /dev/null
+++ b/secure-debug/docs/test_failure_analysis.md
@@ -0,0 +1,22 @@
+
+# Test failure analysis document
+-----------------------------------------------------
+
+This file contains list of failures identified when testing the release of Alpha1 quality ADAC Test suite.
+PSA-ADAC repository commit Hash - e91ebc4c06351e860b5c50dbdc2901a8260979a1
+along with the patch file adac_ats_alpha1.patch
+The reason for each failing test is listed here in this file.
+
+## Known Failures
+
+| Test | Fail description | Github issue |
+|------|---------------------------------------------------------------------------------| ------------ |
+|test_a010 | Token extension hash signing check failed | https://github.com/ARM-software/psa-adac/issues/5 |
+
+## License
+
+Arm PSA test suite is distributed under Apache v2.0 License.
+
+--------------
+
+*Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.*
diff --git a/secure-debug/platform/common/include/adac_util.h b/secure-debug/platform/common/include/adac_util.h
new file mode 100644
index 0000000..14af7ac
--- /dev/null
+++ b/secure-debug/platform/common/include/adac_util.h
@@ -0,0 +1,130 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PSA_ADAC_UTIL_H_
+#define _PSA_ADAC_UTIL_H_
+#include <psa_adac.h>
+
+#define PSA_LIFECYCLE_MAJOR_STATE 0xFF00u
+/** \brief Token header
+ *
+ */
+typedef struct {
+ uint16_t type;
+ uint8_t *data;
+ size_t size;
+} adac_command_frame_t;
+
+typedef enum {
+ NULL_TYPE = 0x0000,
+ ADAC_AUTH_VERSION = 0x0001,
+ VENDOR_ID = 0x0002,
+ SOC_CLASS = 0x0003,
+ SOC_ID = 0x0004,
+ TARGET_IDENTITY = 0x0005,
+ HW_PERMISSIONS_FIXED = 0x0006,
+ HW_PERMISSIONS_MASK = 0x0007,
+ PSA_LIFECYCLE = 0x0008,
+ SW_PARTITION_ID = 0x0009,
+ SDA_ID = 0x000a,
+ TOKEN_FORMATS = 0x0100,
+ CERT_FORMATS = 0x0101,
+ CRYPTOSYSTEMS = 0x0102,
+ TOKEN_ADAC = 0x0200,
+ CERT_ADAC = 0x0201,
+ ROT_META = 0x0202,
+ VENDOR_TYPE_ID0 = 0x8000
+} adac_type_id_t;
+
+typedef enum {
+ UNKNOWN = 0x0000,
+ ASSEMBLY_AND_TEST = 0x1000,
+ PSA_ROT_AND_PROVISIONING = 0x2000,
+ SECURED = 0x3000,
+ NON_PSA_ROT_DEBUG = 0x4000,
+ RECOVERABLE_PSA_ROT_DEBUG = 0x5000,
+ DECOMMISSIONED = 0x6000
+} psa_lifecycle_major_state_t;
+
+void psa_adac_host_init(void);
+psa_status_t psa_adac_load_certificate_chain(const char *chain_file, uint8_t **chain,
+ size_t *chain_size);
+psa_status_t psa_adac_read_extensions(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
+ size_t *extns_count);
+uint8_t detect_cryptosystem(psa_tlv_t **extns_list, size_t extns_count);
+uint8_t get_certificate_role(psa_tlv_t **extns_list, size_t extns_count);
+psa_status_t psa_adac_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
+ uint8_t **key_ptr, size_t *size);
+psa_status_t psa_adac_issue_command(uint32_t command, request_packet_t *packet,
+ uint8_t *data, size_t data_size);
+response_packet_t *psa_adac_await_response(void);
+psa_status_t psa_adac_parse_response(uint32_t command, response_packet_t *packet);
+
+psa_status_t psa_adac_send_certificate(psa_tlv_t **extns_list, size_t extns_count);
+psa_status_t psa_adac_construct_token(uint8_t challenge[], size_t challenge_size,
+ uint8_t sign_type, uint8_t exts[], size_t exts_size,
+ uint8_t *fragment[], size_t *fragment_size, uint8_t *perm,
+ psa_key_handle_t handle, uint8_t *key, size_t key_size);
+psa_status_t psa_adac_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system);
+
+request_packet_t *request_packet_lock(size_t *max_data_size);
+
+/**
+ * @brief - Reserve the communication buffer memory for receive packet.
+ * @param - max_data_size Valid size of command frame
+ * @return - Pointer to the command frame to be read
+**/
+response_packet_t *response_packet_lock(size_t *max_data_size);
+
+/**
+ * @brief - Release the lock held by transmit packet.
+ * @param - packet Most recent command frame sent
+ * @return - SUCCESS/FAILURE
+**/
+int request_packet_release(request_packet_t *packet);
+
+/**
+ * @brief - Release the lock held by receive packet.
+ * @param - packet Most recent response packet received
+ * @return - SUCCESS/FAILURE
+**/
+int response_packet_release(response_packet_t *packet);
+
+/**
+ * @brief - Construct the Request packet for the specified ADAC command.
+ * @param - command ADAC command
+ * data Pointer to payload
+ * data_size Size of the command payload
+ * @return - Pointer to the command frame to be written
+**/
+request_packet_t *request_packet_build(uint16_t command, uint8_t *data, size_t data_size);
+
+/**
+ * @brief - Write the Request packet into the communication buffer for transmit.
+ * @param - packet Request packet built for dispatch
+ * @return - SUCCESS/FAILURE
+**/
+int request_packet_send(request_packet_t *packet);
+
+/**
+ * @brief - Read the Response packet from the communication buffer.
+ * @param - None
+ * @return - Response packet received from target.
+**/
+response_packet_t *response_packet_receive();
+
+#endif /* _PSA_ADAC_UTIL_H_ */
diff --git a/secure-debug/platform/common/include/pal_interfaces.h b/secure-debug/platform/common/include/pal_interfaces.h
new file mode 100644
index 0000000..d8d30b1
--- /dev/null
+++ b/secure-debug/platform/common/include/pal_interfaces.h
@@ -0,0 +1,71 @@
+/** @file
+ * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _PAL_INTERFACES_H_
+#define _PAL_INTERFACES_H_
+
+#include <stdarg.h>
+#include <stdint.h>
+
+/**
+ * @brief - This function parses the input string and writes bytes into logger TX FIFO
+ * @param - str : Input String
+ * - data : Value for format specifier
+ * @return - SUCCESS/FAILURE
+**/
+
+int pal_print(const char *str, int32_t data);
+
+/**
+ * @brief - Terminates the simulation at the end of all tests completion.
+ * By default, it put cpus into power down mode.
+ * @param - void
+ * @return - void
+**/
+void pal_terminate_simulation(void);
+
+/**
+ * @brief - Resets the system.
+ * @param - void
+ * @return - SUCCESS/FAILURE
+**/
+int pal_system_reset(void);
+
+/**
+ * @brief - Initialise the host-side channel for communication with device.
+ * @param - ctx Hook for platform-specific descriptor
+ * buffer Pointer to memory used for TX/RX
+ * buffer_size Size of allocated memory for TX/RX
+ * @return - SUCCESS/FAILURE
+**/
+int msg_interface_init(void *ctx, uint8_t buffer[], size_t size);
+
+/**
+ * @brief - Release the host-side channel for communication with device.
+ * @param - ctx Hook for platform-specific descriptor
+ * @return - SUCCESS/FAILURE
+**/
+int msg_interface_free(void *ctx);
+
+int pal_msg_interface_init(void *ctx);
+
+int pal_msg_interface_free(void *ctx);
+
+int pal_message_send(uint8_t buffer[], size_t size);
+
+int pal_message_receive(uint8_t buffer[], size_t size);
+
+#endif /*_PAL_INTERFACES_H_ */
diff --git a/secure-debug/platform/common/pal.cmake b/secure-debug/platform/common/pal.cmake
new file mode 100644
index 0000000..6dd9507
--- /dev/null
+++ b/secure-debug/platform/common/pal.cmake
@@ -0,0 +1,38 @@
+#/** @file
+# * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+if(NOT DEFINED PSA_ADAC_ROOT)
+ get_filename_component(PSA_ADAC_ROOT ${CMAKE_SOURCE_DIR}/psa-adac ABSOLUTE)
+endif()
+
+# Listing all the sources from pal
+list(APPEND PAL_SRC_C
+ ${CMAKE_SOURCE_DIR}/platform/common/src/adac_command_util.c
+ ${CMAKE_SOURCE_DIR}/platform/common/src/adac_packet_util.c
+)
+
+# Create PAL library
+add_library(${ADAC_HOST_PAL_LIB} STATIC ${PAL_SRC_C})
+
+target_include_directories(${ADAC_HOST_PAL_LIB} PRIVATE
+ ${CMAKE_SOURCE_DIR}/platform/common/include
+ ${PSA_ADAC_ROOT}/psa-adac/core/include
+ ${PSA_ADAC_ROOT}/psa-adac/sdm/include
+ ${PSA_ADAC_ROOT}/external/mbed-tls/include
+ )
+
+target_link_libraries(${ADAC_HOST_PAL_LIB} ${ADAC_LIBS})
diff --git a/secure-debug/platform/common/src/adac_command_util.c b/secure-debug/platform/common/src/adac_command_util.c
new file mode 100644
index 0000000..2439102
--- /dev/null
+++ b/secure-debug/platform/common/src/adac_command_util.c
@@ -0,0 +1,334 @@
+/** @file
+ * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <adac_util.h>
+#include <psa_adac_cryptosystems.h>
+#include <psa_adac_sdm.h>
+#include <psa_adac_debug.h>
+
+void psa_adac_host_init(void)
+{
+ psa_crypto_init();
+}
+
+psa_status_t psa_adac_load_certificate_chain(const char *chain_file, uint8_t **chain,
+ size_t *chain_size)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+
+ if (chain_file == NULL) {
+ PSA_ADAC_LOG_ERR("file", "chain file path not found\n");
+ r = PSA_ERROR_INVALID_ARGUMENT;
+ return r;
+ }
+ ret_val = load_trust_chain(chain_file, chain, chain_size);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("loader", "Certificate chain cannot be loaded\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ }
+ return r;
+}
+
+psa_status_t psa_adac_read_extensions(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
+ size_t *extns_count)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+ size_t count;
+
+ ret_val = split_tlv_static(chain, chain_size, extns_list, MAX_EXTENSIONS, extns_count);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("host", "Error parsing trust chain\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+ count = *extns_count;
+ if (count > MAX_EXTENSIONS) {
+ PSA_ADAC_LOG_ERR("certificate", "Extension count exceeded maximum allowed\n");
+ r = PSA_ERROR_NOT_PERMITTED;
+ return r;
+ }
+
+ PSA_ADAC_LOG_INFO("host", "Found %zu certificates\n", count);
+ return r;
+}
+
+uint8_t detect_cryptosystem(psa_tlv_t *extns_list[], size_t extn_count)
+{
+ size_t i;
+ psa_tlv_t *current_extn;
+ uint8_t key_type;
+
+ for (i = 0; i < extn_count; i++) {
+ current_extn = extns_list[i];
+ if ((current_extn)->type_id == CERT_ADAC)
+ key_type = ((certificate_header_t *) current_extn->value)->key_type;
+ }
+ PSA_ADAC_LOG_INFO("host", "Cryptosystem detected: %d\n", key_type);
+ return key_type;
+}
+
+uint8_t get_certificate_role(psa_tlv_t *extns_list[], size_t extn_count)
+{
+ size_t i;
+ psa_tlv_t *current_extn;
+ uint8_t role_type;
+
+ for (i = 0; i < extn_count; i++) {
+ current_extn = extns_list[i];
+ if ((current_extn)->type_id == CERT_ADAC)
+ role_type = ((certificate_header_t *) current_extn->value)->role;
+ }
+ PSA_ADAC_LOG_INFO("host", "Certificate role: %d\n", role_type);
+ return role_type;
+}
+
+psa_status_t psa_adac_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
+ uint8_t **key_ptr, size_t *size)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+ uint8_t key_type = *type;
+
+ if (key_file == NULL) {
+ PSA_ADAC_LOG_ERR("file", "key file path not found\n");
+ r = PSA_ERROR_INVALID_ARGUMENT;
+ return r;
+ }
+
+ switch (key_type) {
+ case ECDSA_P256_SHA256:
+ case ECDSA_P521_SHA512:
+ case RSA_3072_SHA256:
+ case RSA_4096_SHA256:
+ case ED_25519_SHA512:
+ case ED_448_SHAKE256:
+ case SM_SM2_SM3:
+ ret_val = import_private_key(key_file, type, handle);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("loader", "Could not import private key (%s)\n", key_file);
+ r = PSA_ERROR_GENERIC_ERROR;
+ } else {
+ key_ptr = NULL;
+ size = 0;
+ }
+ break;
+
+ case CMAC_AES:
+ case HMAC_SHA256:
+ ret_val = load_secret_key(key_file, key_type, key_ptr, size);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("loader", "Could not import secret key (%s)\n", key_file);
+ r = PSA_ERROR_GENERIC_ERROR;
+ } else {
+ handle = NULL;
+ }
+ break;
+
+ default:
+ PSA_ADAC_LOG_INFO("host", "Unsupported key type (0x%x)\n", key_type);
+ r = PSA_ERROR_NOT_SUPPORTED;
+ }
+ return r;
+}
+
+psa_status_t psa_adac_issue_command(uint32_t command, request_packet_t *packet,
+ uint8_t *data, size_t data_size)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+
+ packet = request_packet_build((uint16_t)command, data, data_size);
+
+ if (packet == NULL) {
+ PSA_ADAC_LOG_ERR("host", "Command construction failed\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+
+ switch (command) {
+ case SDP_DISCOVERY_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending discovery request\n");
+ break;
+ case SDP_AUTH_START_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending challenge request\n");
+ break;
+ case SDP_AUTH_RESPONSE_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending authentication response\n");
+ break;
+ case SDP_RESUME_BOOT_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending close session command\n");
+ break;
+ case SDP_LOCK_DEBUG_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending lock debug request\n");
+ break;
+ default:
+ if (command & 0x8000u)
+ PSA_ADAC_LOG_INFO("host", "Vendor specific command provided. ID=(0x%x)\n", command);
+ else {
+ PSA_ADAC_LOG_INFO("host", "Unrecognized command. ID=(0x%x)\n", command);
+ r = PSA_ERROR_NOT_SUPPORTED;
+ }
+ }
+ ret_val = request_packet_send(packet);
+ if (ret_val < 0)
+ r = PSA_ERROR_GENERIC_ERROR;
+
+ request_packet_release(packet);
+ return r;
+}
+
+response_packet_t *psa_adac_await_response(void)
+{
+ return response_packet_receive();
+}
+
+psa_status_t psa_adac_parse_response(uint32_t command, response_packet_t *packet)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+ size_t i;
+ psa_tlv_t *tlv;
+ psa_auth_challenge_t *challenge;
+
+ if (packet == NULL) {
+ PSA_ADAC_LOG_ERR("host", "Target response not obtained\n");
+ r = PSA_ERROR_COMMUNICATION_FAILURE;
+ return r;
+ } else {
+ PSA_ADAC_LOG_DEBUG("host", "status = 0x%04x, data_count = %d\n",
+ packet->status, packet->data_count);
+ }
+
+ switch (command) {
+ case SDP_DISCOVERY_CMD:
+ PSA_ADAC_LOG_INFO("host", "Receiving discovery response...\n");
+ for (i = 0; (i + 4) < (packet->data_count * 4);) {
+ tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
+ //PSA_ADAC_LOG_DEBUG("host", "discovery @+%zu, type_id: 0x%04x, length: %d\n",
+ // i, tlv->type_id, tlv->length_in_bytes);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ break;
+ case SDP_AUTH_START_CMD:
+ PSA_ADAC_LOG_INFO("host", "Receiving challenge..\n");
+ if (packet->data_count * 4 != sizeof(psa_auth_challenge_t)) {
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+ challenge = (psa_auth_challenge_t *) packet->data;
+ break;
+ case SDP_AUTH_RESPONSE_CMD:
+ case SDP_RESUME_BOOT_CMD:
+ case SDP_LOCK_DEBUG_CMD:
+ break;
+ default:
+ r = PSA_ERROR_NOT_SUPPORTED;
+ PSA_ADAC_LOG_INFO("host", "Unrecognized command. ID=(0x%x)\n", command);
+ }
+ return r;
+}
+
+psa_status_t psa_adac_send_certificate(psa_tlv_t **extns_list, size_t extns_count)
+{
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_status_t r;
+ uint8_t *payload;
+ size_t i, payload_size;
+ psa_tlv_t *current_extn;
+
+ for (size_t i = 0; i < extns_count; i++) {
+ current_extn = extns_list[i];
+ if (current_extn->type_id == 0x0201) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ PSA_ADAC_LOG_INFO("host", "Sending Certificate..\n");
+ r = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (r != PSA_SUCCESS)
+ return r;
+
+ response = psa_adac_await_response();
+ r = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (r != PSA_SUCCESS)
+ return r;
+
+ if (response->status == SDP_NEED_MORE_DATA)
+ response_packet_release(response);
+ }
+ }
+ if (response->status != SDP_NEED_MORE_DATA) {
+ PSA_ADAC_LOG_ERR("host", "Unexpected response status %x\n", response->status);
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+ response_packet_release(response);
+ return r;
+}
+
+psa_status_t psa_adac_construct_token(uint8_t challenge[], size_t challenge_size,
+ uint8_t sign_type, uint8_t exts[], size_t exts_size,
+ uint8_t *fragment[], size_t *fragment_size, uint8_t *perm,
+ psa_key_handle_t handle, uint8_t *key, size_t key_size)
+{
+ psa_status_t r;
+
+ r = psa_adac_sign_token(challenge, challenge_size, sign_type, exts, exts_size,
+ fragment, fragment_size, perm, handle, key, key_size);
+ if (r != PSA_SUCCESS) {
+ PSA_ADAC_LOG_ERR("host", "Error signing token\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ }
+ return r;
+}
+
+psa_status_t psa_adac_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system)
+{
+ int found = 0, j;
+ size_t i = 0;
+ psa_status_t r;
+ psa_tlv_t *tlv;
+ uint8_t *key_support_types = NULL;
+
+ while ((i + 4) < (packet->data_count * 4)) {
+ tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
+ if (tlv->type_id == 0x0102) {
+ key_support_types = tlv->value;
+ for (j = 0; j < (tlv->length_in_bytes); j++) {
+ if (*(key_support_types+j) == key_system) {
+ found = 1;
+ break;
+ }
+ }
+ }
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ if (key_support_types == NULL) {
+ PSA_ADAC_LOG_ERR("host", "Cryptosystem Type ID not specified\n");
+ r = PSA_ERROR_DOES_NOT_EXIST;
+ } else if (!found) {
+ PSA_ADAC_LOG_ERR("host", "Cryptosystem not supported by target\n");
+ r = PSA_ERROR_NOT_SUPPORTED;
+ } else {
+ PSA_ADAC_LOG_INFO("host", "Cryptosystem supported by target\n");
+ r = PSA_SUCCESS;
+ }
+ return r;
+}
diff --git a/secure-debug/platform/native/src/pal_interfaces.c b/secure-debug/platform/common/src/adac_packet_util.c
similarity index 67%
rename from secure-debug/platform/native/src/pal_interfaces.c
rename to secure-debug/platform/common/src/adac_packet_util.c
index 9c33a5a..d9244fb 100644
--- a/secure-debug/platform/native/src/pal_interfaces.c
+++ b/secure-debug/platform/common/src/adac_packet_util.c
@@ -17,31 +17,10 @@
#include <psa_adac.h>
#include <psa_adac_debug.h>
-#include "unix_msg.h"
-
-#include <stdio.h>
-#include <stdlib.h>
+#include <adac_util.h>
+#include <pal_interfaces.h>
#include <string.h>
-#if !defined(_MSC_VER)
- #include <unistd.h>
-#else // !defined(_MSC_VER)
- #include <io.h>
-
- // Disable warning about POSIX function names.
- #pragma warning(disable : 4996)
-#endif // !defined(_MSC_VER)
-
-int static_buffer_msg_init(uint8_t *buffer, size_t size);
-int static_buffer_msg_release(void);
-
-#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF
-
-typedef enum {
- PAL_STATUS_SUCCESS = 0x0,
- PAL_STATUS_ERROR = 0x80
-} pal_status_t;
-
enum {
BUFFER_UNINITIALIZED = 0,
BUFFER_EMPTY,
@@ -51,27 +30,6 @@
static size_t static_buffer_size;
static uint8_t *static_buffer_pointer;
static uint8_t static_buffer_status = BUFFER_UNINITIALIZED;
-static int _fd;
-
-
-int pal_print(const char *str, int32_t data)
-{
- if (printf(str, data) < 0)
- {
- return PAL_STATUS_ERROR;
- }
- return PAL_STATUS_SUCCESS;
-}
-
-void pal_terminate_simulation(void)
-{
- ;
-}
-
-int pal_system_reset(void)
-{
- return PAL_STATUS_UNSUPPORTED_FUNC;
-}
int static_buffer_msg_init(uint8_t *buffer, size_t size)
{
@@ -166,51 +124,20 @@
int msg_interface_init(void *ctx, uint8_t buffer[], size_t buffer_size)
{
- unix_socket_init();
-
if (ctx == NULL)
return -1;
+ else
+ pal_msg_interface_init(ctx);
- _fd = *((int *) ctx);
return static_buffer_msg_init(buffer, buffer_size);
}
int msg_interface_free(void *ctx)
{
- unix_socket_close(_fd);
- _fd = -1;
+ pal_msg_interface_free(ctx);
return static_buffer_msg_release();
}
-static int message_receive(int fd, uint8_t buffer[], size_t max, size_t *size)
-{
- if (nread(fd, buffer, sizeof(request_packet_t)) != sizeof(request_packet_t)) {
- PSA_ADAC_LOG_ERR("transport_unix", "Error receiving message header\n");
- return -1;
- }
- request_packet_t *p = (request_packet_t *) buffer;
-
- if (4 + p->data_count * 4 > max) {
- PSA_ADAC_LOG_ERR("transport_unix", "Message would overflow buffer (%d > %d)\n",
- 4 + p->data_count * 4, (int) max);
- return -1;
- }
- if (p->data_count) {
- if (nread(fd, (uint8_t *) p->data, p->data_count * 4) != p->data_count * 4) {
- PSA_ADAC_LOG_ERR("transport_unix", "Error receiving message body\n");
- return -1;
- }
- }
- //PSA_ADAC_LOG_DUMP("msg", "receive", buffer, 4 + p->data_count * 4);
- return 0;
-}
-
-static int message_send(int fd, uint8_t buffer[], size_t size)
-{
- //PSA_ADAC_LOG_DUMP("msg", "send", buffer, size);
- return nwrite(fd, (uint8_t *) buffer, size) == size ? 0 : -1;
-}
-
int request_packet_send(request_packet_t *packet)
{
if (packet == NULL)
@@ -218,7 +145,39 @@
size_t size = sizeof(request_packet_t) + 4 * packet->data_count;
- return message_send(_fd, (uint8_t *) packet, size);
+ //PSA_ADAC_LOG_DUMP("msg", "send", (uint8_t *) packet, size);
+ return pal_message_send((uint8_t *) packet, size);
+}
+
+static int message_receive(uint8_t buffer[], size_t max, size_t *size)
+{
+ size_t length;
+
+ length = sizeof(response_packet_t);
+ if (pal_message_receive(buffer, length) != length)
+ {
+ PSA_ADAC_LOG_ERR("transport", "Error receiving message header\n");
+ return -1;
+ }
+ response_packet_t *p = (response_packet_t *) buffer;
+
+ if (4 + p->data_count * 4 > max)
+ {
+ PSA_ADAC_LOG_ERR("transport", "Message would overflow buffer (%d > %d)\n",
+ 4 + p->data_count * 4, (int) max);
+ return -1;
+ }
+ if (p->data_count)
+ {
+ length = p->data_count * 4;
+ if (pal_message_receive((uint8_t *) p->data, length) != length)
+ {
+ PSA_ADAC_LOG_ERR("transport", "Error receiving message body\n");
+ return -1;
+ }
+ }
+ //PSA_ADAC_LOG_DUMP("msg", "receive", buffer, sizeof(response_packet_t) + p->data_count * 4);
+ return 0;
}
response_packet_t *response_packet_receive()
@@ -227,17 +186,18 @@
response_packet_t *r = response_packet_lock(&max);
if (r != NULL) {
- if (message_receive(_fd, (uint8_t *) r, max, NULL) == 0)
+ if (message_receive((uint8_t *) r, max, NULL) == 0)
return r;
- PSA_ADAC_LOG_ERR("transport_unix", "Error Receiving Response");
+ PSA_ADAC_LOG_ERR("transport", "Error Receiving Response");
response_packet_release(r);
} else {
- PSA_ADAC_LOG_ERR("transport_unix", "Error Locking Response");
+ PSA_ADAC_LOG_ERR("transport", "Error Locking Response");
}
return NULL;
}
+// Not used by test. Required for building dependent ADAC crypto libraries
void psa_adac_platform_init(void)
{
;
diff --git a/secure-debug/platform/native/CMakeLists.txt b/secure-debug/platform/hosts/hst_sdbg_stdc/CMakeLists.txt
similarity index 64%
rename from secure-debug/platform/native/CMakeLists.txt
rename to secure-debug/platform/hosts/hst_sdbg_stdc/CMakeLists.txt
index a517d01..f462094 100644
--- a/secure-debug/platform/native/CMakeLists.txt
+++ b/secure-debug/platform/hosts/hst_sdbg_stdc/CMakeLists.txt
@@ -16,16 +16,18 @@
# Set the minimum required version of CMake for the project
cmake_minimum_required(VERSION 3.10)
-PROJECT (platform_native)
+PROJECT (platform_stdc)
include_directories(
- ${CMAKE_SOURCE_DIR}/platform/native/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/include
)
-add_library(platform_native STATIC)
-target_sources(platform_native PUBLIC
- ${CMAKE_SOURCE_DIR}/platform/native/src/pal_interfaces.c
- ${CMAKE_SOURCE_DIR}/platform/native/src/unix_msg.c
- ${CMAKE_SOURCE_DIR}/platform/native/src/main.c
+add_library(platform_stdc STATIC)
+target_sources(platform_stdc PUBLIC
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/src/unix_msg.c
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/src/main.c
)
-target_link_libraries(platform_native mbedcrypto)
+
+target_link_libraries(platform_stdc)
diff --git a/secure-debug/platform/native/include/platform.h b/secure-debug/platform/hosts/hst_sdbg_stdc/include/platform.h
similarity index 100%
rename from secure-debug/platform/native/include/platform.h
rename to secure-debug/platform/hosts/hst_sdbg_stdc/include/platform.h
diff --git a/secure-debug/platform/native/include/psa_adac_platform.h b/secure-debug/platform/hosts/hst_sdbg_stdc/include/psa_adac_platform.h
similarity index 100%
rename from secure-debug/platform/native/include/psa_adac_platform.h
rename to secure-debug/platform/hosts/hst_sdbg_stdc/include/psa_adac_platform.h
diff --git a/secure-debug/platform/native/include/unix_msg.h b/secure-debug/platform/hosts/hst_sdbg_stdc/include/unix_msg.h
similarity index 100%
rename from secure-debug/platform/native/include/unix_msg.h
rename to secure-debug/platform/hosts/hst_sdbg_stdc/include/unix_msg.h
diff --git a/secure-debug/platform/native/src/main.c b/secure-debug/platform/hosts/hst_sdbg_stdc/src/main.c
similarity index 97%
rename from secure-debug/platform/native/src/main.c
rename to secure-debug/platform/hosts/hst_sdbg_stdc/src/main.c
index 86c563f..cae5882 100644
--- a/secure-debug/platform/native/src/main.c
+++ b/secure-debug/platform/hosts/hst_sdbg_stdc/src/main.c
@@ -17,7 +17,7 @@
#include <stdio.h>
#include <stdlib.h>
-#include "pal_common.h"
+#include "pal_interfaces.h"
#include "unix_msg.h"
int32_t val_entry(void);
diff --git a/secure-debug/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c b/secure-debug/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c
new file mode 100644
index 0000000..5c14d08
--- /dev/null
+++ b/secure-debug/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c
@@ -0,0 +1,89 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "unix_msg.h"
+#include <pal_interfaces.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_MSC_VER)
+ #include <unistd.h>
+#else // !defined(_MSC_VER)
+ #include <io.h>
+
+ // Disable warning about POSIX function names.
+ #pragma warning(disable : 4996)
+#endif // !defined(_MSC_VER)
+
+#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF
+
+typedef enum {
+ PAL_STATUS_SUCCESS = 0x0,
+ PAL_STATUS_ERROR = 0x80
+} pal_status_t;
+
+static int _fd;
+
+int pal_print(const char *str, int32_t data)
+{
+ if (printf(str, data) < 0)
+ {
+ return PAL_STATUS_ERROR;
+ }
+ return PAL_STATUS_SUCCESS;
+}
+
+void pal_terminate_simulation(void)
+{
+ ;
+}
+
+int pal_system_reset(void)
+{
+ return PAL_STATUS_UNSUPPORTED_FUNC;
+}
+
+int pal_msg_interface_init(void *ctx)
+{
+ unix_socket_init();
+
+ if (ctx == NULL)
+ return -1;
+
+ _fd = *((int *) ctx);
+ return 0;
+}
+
+int pal_msg_interface_free(void *ctx)
+{
+ unix_socket_close(_fd);
+ _fd = -1;
+ return 0;
+}
+
+int pal_message_send(uint8_t buffer[], size_t size)
+{
+ return (nwrite(_fd, (uint8_t *) buffer, size) == size ? 0 : -1);
+}
+
+int pal_message_receive(uint8_t buffer[], size_t size)
+{
+ return nread(_fd, buffer, size);
+}
+
diff --git a/secure-debug/platform/native/src/unix_msg.c b/secure-debug/platform/hosts/hst_sdbg_stdc/src/unix_msg.c
similarity index 100%
rename from secure-debug/platform/native/src/unix_msg.c
rename to secure-debug/platform/hosts/hst_sdbg_stdc/src/unix_msg.c
diff --git a/secure-debug/platform/native/include/pal_common.h b/secure-debug/platform/native/include/pal_common.h
deleted file mode 100644
index c88dcf5..0000000
--- a/secure-debug/platform/native/include/pal_common.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/** @file
- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-#ifndef _PAL_COMMON_H_
-#define _PAL_COMMON_H_
-#include <platform.h>
-#include <stddef.h>
-/**
- * @brief - Initialise the host-side channel for communication with device.
- * @param - ctx Hook for platform-specific descriptor
- * buffer Pointer to memory used for TX/RX
- * buffer_size Size of allocated memory for TX/RX
- * @return - SUCCESS/FAILURE
-**/
-int msg_interface_init(void *ctx, uint8_t buffer[], size_t size);
-
-/**
- * @brief - Release the host-side channel for communication with device.
- * @param - ctx Hook for platform-specific descriptor
- * @return - SUCCESS/FAILURE
-**/
-int msg_interface_free(void *ctx);
-
-#endif
diff --git a/secure-debug/tests/adac/suite.cmake b/secure-debug/tests/adac/suite.cmake
index 167d305..df04e08 100644
--- a/secure-debug/tests/adac/suite.cmake
+++ b/secure-debug/tests/adac/suite.cmake
@@ -35,7 +35,7 @@
target_include_directories(${TEST_COMBINE_LIB} PRIVATE
${CMAKE_BINARY_DIR}
- ${PSA_ROOT_DIR}/val/include
- ${PSA_ROOT_DIR}/platform/${TARGET}/include
+ ${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
-target_link_libraries(${TEST_COMBINE_LIB} mbedcrypto)
+target_link_libraries(${TEST_COMBINE_LIB} ${ADAC_HOST_VAL_LIB})
diff --git a/secure-debug/tests/adac/test_a001/test_a001.c b/secure-debug/tests/adac/test_a001/test_a001.c
index 66f878e..d6ce71f 100644
--- a/secure-debug/tests/adac/test_a001/test_a001.c
+++ b/secure-debug/tests/adac/test_a001/test_a001.c
@@ -16,7 +16,7 @@
**/
#include <psa_adac.h>
-#include <val_adac.h>
+#include <adac_util.h>
#include "val_interfaces.h"
#include "test_a001.h"
@@ -27,60 +27,71 @@
void test_entry(val_api_t *val_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ psa_status_t ret;
val_api_t *val = NULL;
-
val = val_api;
/* test init */
val->test_init(TEST_NUM, TEST_DESC);
- val_adac_host_init();
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
- uint8_t challenge1[CHALLENGE_SIZE], challenge2[CHALLENGE_SIZE], i;
-
+ uint8_t challenge1[CHALLENGE_SIZE], i;
+ uint8_t *vect;
request_packet_t *request;
response_packet_t *response;
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
-
- *challenge1 = (uint8_t)(challenge->challenge_vector);
+ vect = (challenge->challenge_vector);
response_packet_release(response);
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ for (i = 0; i < CHALLENGE_SIZE; i++)
+ challenge1[i] = *(vect+i);
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
challenge = (psa_auth_challenge_t *) response->data;
-
- *challenge2 = (uint8_t)(challenge->challenge_vector);
response_packet_release(response);
for (i = 0; i < CHALLENGE_SIZE; i++) {
- if (challenge1[i] != challenge2[i])
+ if (challenge1[i] != *(vect+i))
break;
}
if (i == CHALLENGE_SIZE) {
val->print(PRINT_ERROR, "Challenge response obtained is not unique\n", 0);
- goto test_fail_exit;
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_ERROR);
} else {
val->print(PRINT_INFO, "Challenge response obtained is unique\n", 0);
- goto test_end;
}
-test_fail_exit:
- val_set_status(RESULT_FAIL(VAL_STATUS_TEST_FAILED));
test_end:
val->test_exit();
}
-
diff --git a/secure-debug/tests/adac/test_a002/test_a002.c b/secure-debug/tests/adac/test_a002/test_a002.c
index dabbc34..9aeec89 100644
--- a/secure-debug/tests/adac/test_a002/test_a002.c
+++ b/secure-debug/tests/adac/test_a002/test_a002.c
@@ -16,7 +16,7 @@
**/
#include <psa_adac.h>
-#include <val_adac.h>
+#include <adac_util.h>
#include "val_interfaces.h"
#include "test_a002.h"
@@ -27,43 +27,79 @@
void test_entry(val_api_t *val_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ psa_status_t ret;
val_api_t *val = NULL;
-
val = val_api;
/* test init */
val->test_init(TEST_NUM, TEST_DESC);
- val_adac_host_init();
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
uint8_t *chain = NULL;
size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
- if (PSA_SUCCESS != val_load_certificate_chain(chain_file, &chain, &chain_size))
- goto test_fail_exit;
+ // Ensure device is locked before starting unlock sequence.
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if ((response->status != SDP_SUCCESS) && (response->status != SDP_UNSUPPORTED)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
psa_tlv_t *exts[MAX_EXTENSIONS];
size_t exts_count = 0;
uint8_t key_type;
- if (PSA_SUCCESS != val_infer_cryptosystem((uint32_t *) chain, chain_size, exts,
- &exts_count, &key_type)) {
- goto test_fail_exit;
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
- request_packet_t *request;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
- if (PSA_SUCCESS != val_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0))
- goto test_fail_exit;
-
- response_packet_t *response;
-
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_DISCOVERY_CMD, response))
- goto test_fail_exit;
-
- if (!val_check_cryptosystem_support(response, key_type))
- goto test_fail_exit;
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
response_packet_release(response);
@@ -71,54 +107,117 @@
uint8_t *key = NULL;
size_t key_size = 0;
- if (PSA_SUCCESS != val_get_private_key(key_file, &key_type, &handle, &key, &key_size))
- goto test_fail_exit;
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
uint8_t *token = NULL;
size_t token_size = 0;
+ uint8_t perm_req[32], i;
- if (PSA_SUCCESS != val_sign_token(challenge->challenge_vector,
- sizeof(challenge->challenge_vector),
- key_type, NULL, 0, &token, &token_size,
- handle, key, key_size)) {
- goto test_fail_exit;
+ // Set the permission request for the debug token.
+ for (i = 0; i < 32; i++)
+ perm_req[i] = (0xFF ^ i);
+
+ ret = psa_adac_construct_token(challenge->challenge_vector, sizeof(challenge->challenge_vector),
+ key_type, NULL, 0, &token, &token_size, perm_req,
+ handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
response_packet_release(response);
- if (PSA_SUCCESS != val_send_certificate(exts, exts_count))
- goto test_fail_exit;
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
val->print(PRINT_INFO, "Sending token\n", 0);
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_RESPONSE_CMD, request,
- (uint8_t *)token, token_size)) {
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token, token_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(13), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_RESPONSE_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(14), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
if (response->status == SDP_SUCCESS)
val->print(PRINT_INFO, "Target unlocked successfully\n", 0);
else
- goto test_fail_exit;
+ val->err_check_set(TEST_CHECKPOINT_NUM(15), VAL_STATUS_ERROR);
response_packet_release(response);
- goto test_end;
-test_fail_exit:
- val_set_status(RESULT_FAIL(VAL_STATUS_TEST_FAILED));
+ val->print(PRINT_INFO, "Closing debug session\n", 0);
+ ret = psa_adac_issue_command(SDP_RESUME_BOOT_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(16), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_RESUME_BOOT_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(17), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(18), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ // Set device in locked state.
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(19), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(20), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Debug access is locked\n", 0);
+ else if (response->status == SDP_UNSUPPORTED)
+ val->print(PRINT_INFO, "Debug access cannot be locked\n", 0);
+ else {
+ val->print(PRINT_ERROR, "Invalid response\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(21), VAL_STATUS_ERROR);
+ }
+
+ response_packet_release(response);
+
test_end:
val->test_exit();
}
-
diff --git a/secure-debug/tests/adac/test_a003/test.cmake b/secure-debug/tests/adac/test_a003/test.cmake
new file mode 100644
index 0000000..dc23e77
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a003.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a003/test_a003.c b/secure-debug/tests/adac/test_a003/test_a003.c
new file mode 100644
index 0000000..865db6f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test_a003.c
@@ -0,0 +1,176 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a003.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 3)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_discovery_tlv_response\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_status_t status;
+
+ val_api_t *val = NULL;
+ val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *tlv = NULL, *current_tlv = NULL, **tlv_seq = NULL;
+ uint16_t *type_id_list;
+ size_t type_id_size, i, j;
+
+ // Send discovery packet with no requested type ID.
+ request = request_packet_build(SDP_DISCOVERY_CMD, NULL, 0);
+ if (request == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+ request_packet_send(request);
+ request_packet_release(request);
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Variable to collect the reference to each TLV in the response sequence.
+ tlv_seq = (psa_tlv_t **)malloc((response->data_count) * sizeof(psa_tlv_t *));
+ if (tlv_seq == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Variable to collect the type ID from each TLV entry.
+ type_id_list = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ if (type_id_list == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence.
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ tlv_seq[j] = tlv;
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ j = 0;
+ while (tlv_seq[j] != tlv)
+ {
+ current_tlv = tlv_seq[j];
+ type_id_list[j] = current_tlv->type_id;
+
+ if (type_id_list[j] == PSA_LIFECYCLE)
+ status = check_lifecycle_major_state(current_tlv->value, current_tlv->length_in_bytes);
+ else if (type_id_list[j] == TOKEN_FORMATS)
+ status = check_adac_token_support(current_tlv->value, current_tlv->length_in_bytes);
+ else if (type_id_list[j] == CERT_FORMATS)
+ status = check_adac_cert_support(current_tlv->value, current_tlv->length_in_bytes);
+ else
+ status = VAL_STATUS_SUCCESS;
+
+ j++;
+ }
+
+ if (status != VAL_STATUS_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), status);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+test_end:
+ if (tlv_seq != NULL)
+ free(tlv_seq);
+
+ if (type_id_list != NULL)
+ free(type_id_list);
+
+ val->test_exit();
+}
+
+static val_status_t check_lifecycle_major_state(uint8_t *value, size_t size)
+{
+ uint16_t state;
+
+ // Device cannot have multiple lifecycle states.
+ if (size != 0x2)
+ return VAL_STATUS_INVALID_SIZE;
+
+ state = (*(uint16_t *)value) & PSA_LIFECYCLE_MAJOR_STATE;
+
+ switch (state) {
+ case UNKNOWN:
+ case ASSEMBLY_AND_TEST:
+ case PSA_ROT_AND_PROVISIONING:
+ case SECURED:
+ case NON_PSA_ROT_DEBUG:
+ case RECOVERABLE_PSA_ROT_DEBUG:
+ case DECOMMISSIONED:
+ return VAL_STATUS_SUCCESS;
+ default:
+ return VAL_STATUS_DATA_MISMATCH;
+ break;
+ }
+}
+
+static val_status_t check_adac_token_support(uint8_t *value, size_t size)
+{
+ uint16_t payload;
+ uint8_t payload_bytes = (uint8_t)size;
+ uint8_t i;
+
+ for (i = 0; i < payload_bytes; i += 2)
+ {
+ payload = (*(uint16_t *)(value + i));
+ if (payload == TOKEN_ADAC)
+ return VAL_STATUS_SUCCESS;
+ }
+
+ return VAL_STATUS_DATA_MISMATCH;
+}
+
+static val_status_t check_adac_cert_support(uint8_t *value, size_t size)
+{
+ uint16_t payload;
+ uint8_t payload_bytes = (uint8_t)size;
+ uint8_t i;
+
+ for (i = 0; i < payload_bytes; i += 2)
+ {
+ payload = (*(uint16_t *)(value + i));
+ if (payload == CERT_ADAC)
+ return VAL_STATUS_SUCCESS;
+ }
+
+ return VAL_STATUS_DATA_MISMATCH;
+}
diff --git a/secure-debug/tests/adac/test_a003/test_a003.h b/secure-debug/tests/adac/test_a003/test_a003.h
new file mode 100644
index 0000000..a6a47dc
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test_a003.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A003_TESTS_H_
+#define _TEST_A003_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a003)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static val_status_t check_lifecycle_major_state(uint8_t *value, size_t size);
+static val_status_t check_adac_token_support(uint8_t *value, size_t size);
+static val_status_t check_adac_cert_support(uint8_t *value, size_t size);
+
+#endif /* _TEST_A003_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a004/test.cmake b/secure-debug/tests/adac/test_a004/test.cmake
new file mode 100644
index 0000000..15ea303
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a004.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a004/test_a004.c b/secure-debug/tests/adac/test_a004/test_a004.c
new file mode 100644
index 0000000..4b8be6a
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test_a004.c
@@ -0,0 +1,147 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a004.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 4)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_discovery_tlv_request\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_status_t status;
+ val_api_t *val = NULL;
+ val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *tlv = NULL;
+ uint16_t *type_id_list, *type_id_list_rev;
+ uint8_t *type_id_ptr;
+ size_t type_id_size, i, j, tlv_entries;
+
+ // Send discovery packet with no requested type ID.
+ type_id_ptr = NULL;
+ type_id_size = 0;
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Variable to collect the type ID from each TLV entry.
+ type_id_list = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ type_id_list_rev = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ if ((type_id_list == NULL) || (type_id_list_rev == NULL)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence.
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ type_id_list[j] = tlv->type_id;
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ tlv_entries = j;
+ response_packet_release(response);
+
+ // Create a list of type ID in decreasing ID value.
+ j = 0;
+ while (j < tlv_entries) {
+ type_id_list_rev[j] = type_id_list[tlv_entries-1-j];
+ j++;
+ }
+
+ // Send discovery request packet with a subset of requested type ID.
+ type_id_ptr = (uint8_t *)type_id_list;
+ type_id_size = (tlv_entries/2) * sizeof(uint16_t);
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS) {
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ // Response must contain at least as many type IDs as requested.
+ if (j < tlv_entries/2) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+ } else {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ // Send discovery packet with a reverse order of requested type ID.
+ type_id_ptr = (uint8_t *)type_id_list_rev;
+ type_id_size = tlv_entries * sizeof(uint16_t);
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_SUCCESS)
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ if ((type_id_list != NULL) || (type_id_list_rev != NULL)) {
+ free(type_id_list);
+ free(type_id_list_rev);
+ }
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a004/test_a004.h b/secure-debug/tests/adac/test_a004/test_a004.h
new file mode 100644
index 0000000..a4fd46d
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test_a004.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A004_TESTS_H_
+#define _TEST_A004_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a004)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A004_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a005/test.cmake b/secure-debug/tests/adac/test_a005/test.cmake
new file mode 100644
index 0000000..3152266
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a005.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a005/test_a005.c b/secure-debug/tests/adac/test_a005/test_a005.c
new file mode 100644
index 0000000..612a882
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test_a005.c
@@ -0,0 +1,219 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a005.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 5)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_replay\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Target is locked\n", 0);
+ else
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ psa_key_handle_t handle;
+ uint8_t *key = NULL;
+ size_t key_size = 0;
+
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge1 = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token1 = NULL;
+ size_t token1_size = 0;
+
+ ret = psa_adac_construct_token(challenge1->challenge_vector,
+ sizeof(challenge1->challenge_vector), key_type, NULL, 0,
+ &token1, &token1_size, NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(13), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(14), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge2 = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token2 = NULL;
+ size_t token2_size = 0;
+
+ ret = psa_adac_construct_token(challenge2->challenge_vector,
+ sizeof(challenge2->challenge_vector), key_type, NULL, 0,
+ &token2, &token2_size, NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(15), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(16), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Sending older token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token1, token1_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(17), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(18), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(19), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ val->print(PRINT_INFO, "Sending new token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token2, token2_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(20), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(21), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(22), VAL_STATUS_INVALID);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
diff --git a/secure-debug/tests/adac/test_a005/test_a005.h b/secure-debug/tests/adac/test_a005/test_a005.h
new file mode 100644
index 0000000..9ca8109
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test_a005.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A005_TESTS_H_
+#define _TEST_A005_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a005)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A005_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a006/test.cmake b/secure-debug/tests/adac/test_a006/test.cmake
new file mode 100644
index 0000000..681a50c
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a006.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a006/test_a006.c b/secure-debug/tests/adac/test_a006/test_a006.c
new file mode 100644
index 0000000..bb63679
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test_a006.c
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a006.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 6)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_auth_resp_null\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+
+ // Send authentication response command with no payload.
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a006/test_a006.h b/secure-debug/tests/adac/test_a006/test_a006.h
new file mode 100644
index 0000000..bbe8d86
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test_a006.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A006_TESTS_H_
+#define _TEST_A006_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a006)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A006_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a007/test.cmake b/secure-debug/tests/adac/test_a007/test.cmake
new file mode 100644
index 0000000..530f69d
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a007.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a007/test_a007.c b/secure-debug/tests/adac/test_a007/test_a007.c
new file mode 100644
index 0000000..a9ee125
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test_a007.c
@@ -0,0 +1,71 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a007.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 7)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_invalid_command\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ uint16_t command[] = { 0x0, 0x100, 0xBAD, 0x7FFF};
+ uint32_t i, cmd_list_size;
+
+ cmd_list_size = sizeof(command)/sizeof(command[0]);
+
+ for (i = 0; i < cmd_list_size; i++) {
+ request = request_packet_build(command[i], NULL, 0);
+ if (request != NULL) {
+ val->print(PRINT_INFO, "Sending command 0x%x\n", command[i]);
+ if (request_packet_send(request) < 0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM((1*i)), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ request_packet_release(request);
+ }
+
+ response = response_packet_receive();
+ if (response->status != SDP_INVALID_COMMAND)
+ val->err_check_set(TEST_CHECKPOINT_NUM((2*i)), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+ }
+
+ if (i != cmd_list_size)
+ val->err_check_set(TEST_CHECKPOINT_NUM((2*i-1)), VAL_STATUS_ERROR);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a007/test_a007.h b/secure-debug/tests/adac/test_a007/test_a007.h
new file mode 100644
index 0000000..35a3834
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test_a007.h
@@ -0,0 +1,24 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A007_TESTS_H_
+#define _TEST_A007_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a007)
+
+extern val_api_t *val;
+
+#endif /* _TEST_A007_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a008/test.cmake b/secure-debug/tests/adac/test_a008/test.cmake
new file mode 100644
index 0000000..af078b4
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a008.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a008/test_a008.c b/secure-debug/tests/adac/test_a008/test_a008.c
new file mode 100644
index 0000000..7b362e6
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test_a008.c
@@ -0,0 +1,151 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a008.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 8)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_cert_order\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ uint8_t *payload = NULL, *leaf_cert = NULL;
+ size_t payload_size, leaf_cert_size, i;
+ psa_tlv_t *current_extn;
+
+ for (i = 0; i < exts_count; i++) {
+ current_extn = exts[i];
+ if (current_extn->type_id == CERT_ADAC) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ certificate_header_t *header = (certificate_header_t *) (current_extn->value);
+
+ if (header->role == SDP_CRT_ROLE_LEAF) {
+ leaf_cert = current_extn->value;
+ leaf_cert_size = current_extn->length_in_bytes;
+ break;
+ }
+ }
+ }
+
+ if (leaf_cert == NULL) {
+ val->print(PRINT_ERROR, "Leaf certificate not found\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_NOT_FOUND);
+ goto test_end;
+ }
+
+ if (leaf_cert_size < sizeof(certificate_header_t)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_INVALID_SIZE);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a008/test_a008.h b/secure-debug/tests/adac/test_a008/test_a008.h
new file mode 100644
index 0000000..fb92be8
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test_a008.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A008_TESTS_H_
+#define _TEST_A008_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a008)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A008_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a009/test.cmake b/secure-debug/tests/adac/test_a009/test.cmake
new file mode 100644
index 0000000..eb94a50
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a009.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a009/test_a009.c b/secure-debug/tests/adac/test_a009/test_a009.c
new file mode 100644
index 0000000..e117e5f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test_a009.c
@@ -0,0 +1,167 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a009.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 9)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_scope_limit\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ uint8_t *payload = NULL;
+ size_t payload_size, i;
+ psa_tlv_t *current_extn;
+ certificate_header_t *header = NULL;
+ uint8_t *leaf_cert = NULL;
+
+ // Modify scope limit constraints at host-side for soc_class
+ for (i = 0; i < exts_count; i++) {
+ current_extn = exts[i];
+ if (current_extn->type_id == CERT_ADAC) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ header = (certificate_header_t *) (current_extn->value);
+ if (header->role != SDP_CRT_ROLE_ROOT) {
+ leaf_cert = current_extn->value;
+ modify_soc_class_neutral(header, i);
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ // Restore the tampered certificate value
+ if (header->role == SDP_CRT_ROLE_ROOT)
+ modify_soc_class_neutral(header, i);
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_NEED_MORE_DATA) {
+ response_packet_release(response);
+ } else if (response->status == SDP_FAILURE) {
+ val->print(PRINT_INFO, "Inconsistent certificate chain rejected by target\n", 0);
+ break;
+ } else {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_INVALID);
+ break;
+ }
+ }
+ }
+
+ if (leaf_cert == NULL) {
+ val->print(PRINT_ERROR, "Leaf certificate not found\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_NOT_FOUND);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
+static void modify_soc_class_neutral(certificate_header_t *h, size_t chain_count)
+{
+ // Change the values to create non-neutral fields for soc_class for non-root certificates.
+ h->soc_class = h->soc_class ^ (uint32_t)(~chain_count);
+}
diff --git a/secure-debug/tests/adac/test_a009/test_a009.h b/secure-debug/tests/adac/test_a009/test_a009.h
new file mode 100644
index 0000000..b89c10b
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test_a009.h
@@ -0,0 +1,27 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A009_TESTS_H_
+#define _TEST_A009_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a009)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static void modify_soc_class_neutral(certificate_header_t *header, size_t chain_count);
+#endif /* _TEST_A009_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a010/test.cmake b/secure-debug/tests/adac/test_a010/test.cmake
new file mode 100644
index 0000000..514ddf9
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a010.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a010/test_a010.c b/secure-debug/tests/adac/test_a010/test_a010.c
new file mode 100644
index 0000000..45b7158
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test_a010.c
@@ -0,0 +1,180 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a010.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 10)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_sw_partition\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS], *tk_exts[MAX_EXTENSIONS];
+ size_t exts_count = 0, tk_exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ psa_key_handle_t handle;
+ uint8_t *key = NULL;
+ size_t key_size = 0;
+
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token = NULL;
+ size_t token_size = 0;
+
+ set_sw_partitions((uint8_t *)tk_exts, &tk_exts_count, 2);
+
+ ret = psa_adac_construct_token(challenge->challenge_vector, sizeof(challenge->challenge_vector),
+ key_type, (uint8_t *)tk_exts, tk_exts_count, &token, &token_size,
+ NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Sending token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token, token_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Target unlocked successfully\n", 0);
+ else
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
+static void set_sw_partitions(uint8_t *token_exts, size_t *token_exts_len, size_t num_tlv_entries)
+{
+ psa_tlv_t *tlv = NULL;
+ size_t i = 0;
+ uint8_t j, k, tlv_value_size;
+
+ for (j = 0; j < num_tlv_entries; j++) {
+ tlv = (psa_tlv_t *)(token_exts + i);
+ tlv->type_id = SW_PARTITION_ID;
+ tlv->length_in_bytes = 0x6;
+ tlv_value_size = ROUND_TO_WORD(tlv->length_in_bytes);
+
+ // Arbitrary scheme of software partitions IDs
+ for (k = 0; k < tlv->length_in_bytes; k++)
+ (tlv->value)[k] = j*4 + k;
+
+ // Pad with 0x0 for a 32 bit aligned TLV
+ while ((k % 4 != 0) && (k < tlv_value_size)) {
+ (tlv->value)[k] = 0x0;
+ k++;
+ }
+
+ i += sizeof(psa_tlv_t) + tlv_value_size;
+ }
+ *token_exts_len = i;
+}
diff --git a/secure-debug/tests/adac/test_a010/test_a010.h b/secure-debug/tests/adac/test_a010/test_a010.h
new file mode 100644
index 0000000..130640f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test_a010.h
@@ -0,0 +1,28 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A010_TESTS_H_
+#define _TEST_A010_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a010)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static void set_sw_partitions(uint8_t *token_exts, size_t *token_exts_len, size_t num_tlv_entries);
+
+#endif /* _TEST_A010_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a011/test.cmake b/secure-debug/tests/adac/test_a011/test.cmake
new file mode 100644
index 0000000..96b4df9
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a011.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a011/test_a011.c b/secure-debug/tests/adac/test_a011/test_a011.c
new file mode 100644
index 0000000..09d33ba
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test_a011.c
@@ -0,0 +1,101 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a011.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 11)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_tlv_reserved\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *exts[MAX_EXTENSIONS], *tlv = NULL;
+ uint8_t *chain = NULL;
+ size_t chain_size = 0, exts_count = 0, i, err_count;
+
+ // Send discovery packet with no requested type ID.
+ request = request_packet_build(SDP_DISCOVERY_CMD, NULL, 0);
+ if (request == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+ request_packet_send(request);
+ request_packet_release(request);
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence in the discovery response.
+ err_count = 0;
+ for (i = 0; (i + 4) < (response->data_count * 4);) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ err_count += (tlv->_reserved != 0x0);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ response_packet_release(response);
+
+ if (err_count != 0x0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ err_count = 0;
+ for (i = 0; i < exts_count; i++) {
+ tlv = exts[i];
+ err_count += (tlv->_reserved != 0x0);
+ }
+
+ if (err_count != 0x0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a011/test_a011.h b/secure-debug/tests/adac/test_a011/test_a011.h
new file mode 100644
index 0000000..df8eecc
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test_a011.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A011_TESTS_H_
+#define _TEST_A011_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a011)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A011_TESTS_H_ */
diff --git a/secure-debug/tests/adac/testsuite.db b/secure-debug/tests/adac/testsuite.db
index 9695860..ce2e642 100644
--- a/secure-debug/tests/adac/testsuite.db
+++ b/secure-debug/tests/adac/testsuite.db
@@ -22,5 +22,14 @@
test_a001
test_a002
+test_a003
+test_a004
+test_a005
+test_a006
+test_a007
+test_a008
+test_a009
+test_a010
+test_a011
(END)
diff --git a/secure-debug/val/include/pal_interfaces.h b/secure-debug/val/include/pal_interfaces.h
deleted file mode 100644
index 9f7390f..0000000
--- a/secure-debug/val/include/pal_interfaces.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/** @file
- * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-#ifndef _PAL_INTERFACES_H_
-#define _PAL_INTERFACES_H_
-
-#include <stdarg.h>
-#include <psa_adac.h>
-
-/**
- * @brief - This function parses the input string and writes bytes into logger TX FIFO
- * @param - str : Input String
- * - data : Value for format specifier
- * @return - SUCCESS/FAILURE
-**/
-
-int pal_print(const char *str, int32_t data);
-
-/**
- * @brief - Terminates the simulation at the end of all tests completion.
- * By default, it put cpus into power down mode.
- * @param - void
- * @return - void
-**/
-void pal_terminate_simulation(void);
-
-/**
- * @brief - Resets the system.
- * @param - void
- * @return - SUCCESS/FAILURE
-**/
-int pal_system_reset(void);
-
-request_packet_t *request_packet_lock(size_t *max_data_size);
-
-/**
- * @brief - Reserve the communication buffer memory for receive packet.
- * @param - max_data_size Valid size of command frame
- * @return - Pointer to the command frame to be read
-**/
-response_packet_t *response_packet_lock(size_t *max_data_size);
-
-/**
- * @brief - Release the lock held by transmit packet.
- * @param - packet Most recent command frame sent
- * @return - SUCCESS/FAILURE
-**/
-int request_packet_release(request_packet_t *packet);
-
-/**
- * @brief - Release the lock held by receive packet.
- * @param - packet Most recent response packet received
- * @return - SUCCESS/FAILURE
-**/
-int response_packet_release(response_packet_t *packet);
-
-/**
- * @brief - Construct the Request packet for the specified ADAC command.
- * @param - command ADAC command
- * data Pointer to payload
- * data_size Size of the command payload
- * @return - Pointer to the command frame to be written
-**/
-request_packet_t *request_packet_build(uint16_t command, uint8_t *data, size_t data_size);
-
-/**
- * @brief - Write the Request packet into the communication buffer for transmit.
- * @param - packet Request packet built for dispatch
- * @return - SUCCESS/FAILURE
-**/
-int request_packet_send(request_packet_t *packet);
-
-/**
- * @brief - Read the Response packet from the communication buffer.
- * @param - None
- * @return - Response packet received from target.
-**/
-response_packet_t *response_packet_receive();
-
-#endif
diff --git a/secure-debug/val/include/val.h b/secure-debug/val/include/val.h
index 8ac9a98..4082c5c 100644
--- a/secure-debug/val/include/val.h
+++ b/secure-debug/val/include/val.h
@@ -36,12 +36,6 @@
#define VERBOSE 9
#endif
-#ifndef VAL_NSPE_BUILD
-#define STATIC_DECLARE static
-#else
-#define STATIC_DECLARE
-#endif
-
#ifndef __WEAK
#define __WEAK __attribute__((weak))
#endif
@@ -91,8 +85,6 @@
#define IS_TEST_END(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_END)
#define VAL_ERROR(status) ((status & TEST_STATUS_MASK) ? 1 : 0)
-
-
/* Test Defines */
#define TEST_PUBLISH(test_id, entry) \
const val_test_info_t __attribute__((section(".acs_test_info"))) \
@@ -101,15 +93,12 @@
#define VAL_MAX_TEST_PER_COMP 200
#define VAL_SECURE_DEBUG_BASE 4
-
#define VAL_GET_COMP_NUM(test_id) \
((test_id - (test_id % VAL_MAX_TEST_PER_COMP)) / VAL_MAX_TEST_PER_COMP)
#define VAL_GET_TEST_NUM(test_id) (test_id % VAL_MAX_TEST_PER_COMP)
#define VAL_CREATE_TEST_ID(comp, num) ((comp*VAL_MAX_TEST_PER_COMP) + num)
#define TEST_FIELD(num1, num2) (num2 << 8 | num1)
-#define GET_TEST_ISOLATION_LEVEL(num) (num & 0x3)
-#define GET_WD_TIMOUT_TYPE(num) ((num >> 8) & 0x7)
#define TEST_CHECKPOINT_NUM(n) n
#define TEST(n) n
@@ -125,9 +114,6 @@
#define TEST_RETURN_RESULT 2
#define INVALID_HANDLE 0x1234DEAD
-#define VAL_NVMEM_BLOCK_SIZE 4
-#define VAL_NVMEM_OFFSET(nvmem_idx) (nvmem_idx * VAL_NVMEM_BLOCK_SIZE)
-
#define UART_INIT_SIGN 0xff
#define UART_PRINT_SIGN 0xfe
@@ -191,53 +177,6 @@
} while (0)
/* enums */
-typedef enum {
- CALLER_NONSECURE = 0x0,
- CALLER_SECURE = 0x1,
-} caller_security_t;
-
-typedef enum {
- TEST_ISOLATION_L1 = 0x1,
- TEST_ISOLATION_L2 = 0x2,
- TEST_ISOLATION_L3 = 0x3,
-} test_isolation_level_t;
-
-typedef enum {
- LEVEL1 = 0x1,
- LEVEL2,
- LEVEL3,
-} isolation_level_t;
-
-typedef enum {
- /* VAL uses this boot flag to mark first time boot of the system */
- BOOT_UNKNOWN = 0x1,
- /* VAL/Test uses this boot flag to catch any unwanted system reboot - SIM ERROR Cases*/
- BOOT_NOT_EXPECTED = 0x2,
- /* Test performs panic check for non-secure test run and expect reboot */
- BOOT_EXPECTED_NS = 0x3,
- /* Test performs panic check for secure test run and expect reboot */
- BOOT_EXPECTED_S = 0x4,
- /* Test expects reboot but it didn't happen */
- BOOT_EXPECTED_BUT_FAILED = 0x5,
- /* Test expects reboot for secure/non-secure test run. If reboot happens,
- * re-enter the same test and execute the next check function
- */
- BOOT_EXPECTED_REENTER_TEST = 0x6,
- /* Test expect reboot for the test run. If reboot happens,
- * re-enter the same test and continue executing the same check function
- */
- BOOT_EXPECTED_CONT_TEST_EXEC = 0x7,
-} boot_state_t;
-
-typedef enum {
- NV_BOOT = 0x0,
- NV_TEST_ID_PREVIOUS = 0x1,
- NV_TEST_ID_CURRENT = 0x2,
- NV_TEST_CNT = 0x3,
- NV_TEST_DATA1 = 0x4,
- NV_TEST_DATA2 = 0x5,
- NV_TEST_DATA3 = 0x6,
-} nvmem_index_t;
/* enums to report test sub-state */
typedef enum {
@@ -286,26 +225,7 @@
PRINT_ALWAYS = 9
} print_verbosity_t;
-/* Driver test function id enums */
-typedef enum {
- TEST_PSA_EOI_WITH_NON_INTR_SIGNAL = 1,
- TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS = 2,
- TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL = 3,
- TEST_INTR_SERVICE = 4,
- TEST_ISOLATION_PSA_ROT_DATA_RD = 5,
- TEST_ISOLATION_PSA_ROT_DATA_WR = 6,
- TEST_ISOLATION_PSA_ROT_STACK_RD = 7,
- TEST_ISOLATION_PSA_ROT_STACK_WR = 8,
- TEST_ISOLATION_PSA_ROT_HEAP_RD = 9,
- TEST_ISOLATION_PSA_ROT_HEAP_WR = 10,
- TEST_ISOLATION_PSA_ROT_MMIO_RD = 11,
- TEST_ISOLATION_PSA_ROT_MMIO_WR = 12,
-} driver_test_fn_id_t;
-
/* typedef's */
-typedef struct {
- boot_state_t state;
-} boot_t;
typedef struct {
uint32_t pass_cnt:8;
@@ -327,6 +247,4 @@
uint8_t status;
} test_status_buffer_t;
-typedef int32_t (*client_test_t)(caller_security_t caller);
-typedef int32_t (*server_test_t)(void);
#endif /* VAL_COMMON_H */
diff --git a/secure-debug/val/include/val_adac.h b/secure-debug/val/include/val_adac.h
deleted file mode 100644
index 6086df9..0000000
--- a/secure-debug/val/include/val_adac.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/** @file
- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-
-#ifndef _VAL_ADAC_H_
-#define _VAL_ADAC_H_
-#include <psa_adac.h>
-
-/** \brief Token header
- *
- */
-typedef struct {
- uint16_t type;
- uint8_t *data;
- size_t size;
-} adac_command_frame_t;
-
-void val_adac_host_init(void);
-psa_status_t val_load_certificate_chain(const char *chain_file, uint8_t **chain,
- size_t *chain_size);
-psa_status_t val_infer_cryptosystem(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
- size_t *extns_count, uint8_t *key_system);
-psa_status_t val_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
- uint8_t **key_ptr, size_t *size);
-request_packet_t *val_construct_command(uint16_t command, uint8_t *data, size_t data_size);
-psa_status_t val_issue_command(uint32_t command, request_packet_t *packet,
- uint8_t *data, size_t data_size);
-response_packet_t *val_await_response(void);
-psa_status_t val_parse_response(uint32_t command, response_packet_t *packet);
-
-psa_status_t val_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type,
- uint8_t exts[], size_t exts_size, uint8_t *fragment[],
- size_t *fragment_size, psa_key_handle_t handle,
- uint8_t *key, size_t key_size);
-psa_status_t val_send_certificate(psa_tlv_t **extns_list, size_t extns_count);
-int val_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system);
-
-#endif /* _VAL_ADAC_H_ */
diff --git a/secure-debug/val/include/val_entry.h b/secure-debug/val/include/val_entry.h
index f4d173f..6484dc6 100644
--- a/secure-debug/val/include/val_entry.h
+++ b/secure-debug/val/include/val_entry.h
@@ -18,10 +18,10 @@
#ifndef _VAL_ENTRY_H_
#define _VAL_ENTRY_H_
-#include "val_framework.h"
+#include "val.h"
-#define PSA_ACS_MAJOR_VER 1
-#define PSA_ACS_MINOR_VER 2
+#define PSA_ACS_MAJOR_VER 0
+#define PSA_ACS_MINOR_VER 6
/**
@brief - PSA Test Suite C main function, does VAL init and calls test dispatcher
diff --git a/secure-debug/val/include/val_framework.h b/secure-debug/val/include/val_framework.h
index 5d53cbb..6aa0edf 100644
--- a/secure-debug/val/include/val_framework.h
+++ b/secure-debug/val/include/val_framework.h
@@ -20,7 +20,6 @@
#define _VAL_INFRA_H_
#include "val.h"
-#include "val_interfaces.h"
/* prototypes */
uint32_t val_report_status(void);
diff --git a/secure-debug/val/include/val_interfaces.h b/secure-debug/val/include/val_interfaces.h
index eca9a63..b52ba6e 100644
--- a/secure-debug/val/include/val_interfaces.h
+++ b/secure-debug/val/include/val_interfaces.h
@@ -19,7 +19,6 @@
#define _VAL_INTERFACES_H_
#include "val.h"
-#include "pal_interfaces.h"
/* typedef's */
typedef struct {
diff --git a/secure-debug/val/src/val_adac.c b/secure-debug/val/src/val_adac.c
deleted file mode 100644
index 53f02d1..0000000
--- a/secure-debug/val/src/val_adac.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/** @file
- * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-
-#include <val_adac.h>
-#include <psa_adac_cryptosystems.h>
-#include <psa_adac_sdm.h>
-#include <psa_adac_debug.h>
-#include <pal_interfaces.h>
-
-void val_adac_host_init(void)
-{
- psa_adac_platform_init();
- psa_crypto_init();
-}
-
-psa_status_t val_load_certificate_chain(const char *chain_file, uint8_t **chain, size_t *chain_size)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
-
- if (chain_file == NULL) {
- printf("Error:Path not found\n");
- r = PSA_ERROR_INVALID_ARGUMENT;
- return r;
- }
- ret_val = load_trust_chain(chain_file, chain, chain_size);
- if (ret_val != 0) {
- printf("Error loading trust chain (%s)\n", chain_file);
- r = PSA_ERROR_GENERIC_ERROR;
- }
- return r;
-}
-
-psa_status_t val_infer_cryptosystem(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
- size_t *extns_count, uint8_t *key_system)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
- uint8_t key_type;
- size_t count, i;
- psa_tlv_t *current_extn;
-
- ret_val = split_tlv_static(chain, chain_size, extns_list, MAX_EXTENSIONS, extns_count);
- if (ret_val != 0) {
- PSA_ADAC_LOG_ERR("host", "Error parsing trust chain\n");
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
- count = *extns_count;
- if (count > MAX_EXTENSIONS) {
- printf("Error:Extension count exceeded maximum allowed\n");
- r = PSA_ERROR_NOT_PERMITTED;
- return r;
- }
-
- PSA_ADAC_LOG_INFO("host", "Found %zu certificates\n", count);
- for (i = 0; i < count; i++) {
- current_extn = extns_list[i];
- if ((current_extn)->type_id == 0x0201)
- key_type = ((certificate_header_t *) current_extn->value)->key_type;
- }
- *key_system = key_type;
- PSA_ADAC_LOG_INFO("host", "Cryptosystem detected: %d\n", key_type);
- return r;
-}
-
-psa_status_t val_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
- uint8_t **key_ptr, size_t *size)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
- uint8_t key_type = *type;
-
- if (key_file == NULL) {
- printf("Error:Path not found\n");
- r = PSA_ERROR_INVALID_ARGUMENT;
- return r;
- }
-
- switch (key_type) {
- case ECDSA_P256_SHA256:
- case ECDSA_P521_SHA512:
- case RSA_3072_SHA256:
- case RSA_4096_SHA256:
- case ED_25519_SHA512:
- case ED_448_SHAKE256:
- case SM_SM2_SM3:
- ret_val = import_private_key(key_file, type, handle);
- if (ret_val != 0) {
- printf("Error importing private key (%s)\n", key_file);
- r = PSA_ERROR_GENERIC_ERROR;
- } else {
- key_ptr = NULL;
- size = 0;
- }
- break;
-
- case CMAC_AES:
- case HMAC_SHA256:
- ret_val = load_secret_key(key_file, key_type, key_ptr, size);
- if (ret_val != 0) {
- printf("Error importing secret key (%s)\n", key_file);
- r = PSA_ERROR_GENERIC_ERROR;
- } else {
- handle = NULL;
- }
- break;
-
- default:
- printf("Error: unsupported key type (0x%x)\n", key_type);
- r = PSA_ERROR_NOT_SUPPORTED;
- }
- return r;
-}
-
-request_packet_t *val_construct_command(uint16_t cmd_type, uint8_t *data, size_t data_size)
-{
- request_packet_t *packet = NULL;
-
- switch (cmd_type) {
- case SDP_RESUME_BOOT_CMD:
- case SDP_LOCK_DEBUG_CMD:
- case SDP_DISCOVERY_CMD:
- case SDP_AUTH_START_CMD:
- packet = request_packet_build(cmd_type, NULL, 0);
- break;
- case SDP_AUTH_RESPONSE_CMD:
- if (data == NULL || data_size == 0) {
- printf("Error: No payload specified\n");
- break;
- }
- packet = request_packet_build((uint16_t)cmd_type, data, data_size);
- break;
- default:
- //TO DO: Callback for vendor specific command construction
- printf("Error: Unrecognized command. ID=(0x%x)\n", cmd_type);
- }
- return packet;
-}
-
-psa_status_t val_issue_command(uint32_t command, request_packet_t *packet,
- uint8_t *data, size_t data_size)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
-
- packet = val_construct_command((uint16_t)command, data, data_size);
-
- if (packet == NULL) {
- printf("Command construction failed\n");
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
-
- switch (command) {
- case SDP_DISCOVERY_CMD:
- printf("Sending discovery request\n");
- break;
- case SDP_AUTH_START_CMD:
- printf("Sending challenge request\n");
- break;
- case SDP_AUTH_RESPONSE_CMD:
- printf("Sending authentication response\n");
- break;
- case SDP_RESUME_BOOT_CMD:
- printf("Sending close session command\n");
- break;
- case SDP_LOCK_DEBUG_CMD:
- printf("Sending lock debug request\n");
- default:
- //TO DO: Vendor specific message
- printf("Error: Unrecognized command. ID=(0x%x)\n", command);
- r = PSA_ERROR_NOT_SUPPORTED;
- }
- ret_val = request_packet_send(packet);
- if (ret_val < 0)
- r = PSA_ERROR_GENERIC_ERROR;
-
- request_packet_release(packet);
- return r;
-}
-
-response_packet_t *val_await_response(void)
-{
- return response_packet_receive();
-}
-
-psa_status_t val_parse_response(uint32_t command, response_packet_t *packet)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
- size_t i;
- psa_tlv_t *tlv;
- psa_auth_challenge_t *challenge;
-
- if (packet == NULL) {
- printf("Error: Target response not obtained\n");
- r = PSA_ERROR_COMMUNICATION_FAILURE;
- return r;
- }
-
- switch (command) {
- case SDP_DISCOVERY_CMD:
- printf("Receiving discovery response...\n");
- for (i = 0; (i + 4) < (packet->data_count * 4);) {
- tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
- i += sizeof(psa_tlv_t) + tlv->length_in_bytes;
- }
- break;
- case SDP_AUTH_START_CMD:
- printf("Receiving challenge\n");
- printf("status = 0x%04x, data_count = %d\n", packet->status, packet->data_count);
- if (packet->data_count * 4 != sizeof(psa_auth_challenge_t)) {
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
- challenge = (psa_auth_challenge_t *) packet->data;
- PSA_ADAC_LOG_DUMP("host", "challenge", challenge->challenge_vector,
- sizeof(challenge->challenge_vector));
- break;
- case SDP_AUTH_RESPONSE_CMD:
- case SDP_RESUME_BOOT_CMD:
- case SDP_LOCK_DEBUG_CMD:
- printf("status = 0x%04x, data_count = %d\n", packet->status, packet->data_count);
- break;
- default:
- r = PSA_ERROR_NOT_SUPPORTED;
- }
- return r;
-}
-
-psa_status_t val_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type,
- uint8_t exts[], size_t exts_size, uint8_t *fragment[],
- size_t *fragment_size, psa_key_handle_t handle,
- uint8_t *key, size_t key_size)
-{
- psa_status_t r;
-
- r = psa_adac_sign_token(challenge, challenge_size, signature_type, exts, exts_size,
- fragment, fragment_size, handle, key, key_size);
- if (r == PSA_SUCCESS) {
- PSA_ADAC_LOG_DUMP("host", "token", *fragment, *fragment_size);
- } else {
- PSA_ADAC_LOG_ERR("host", "Error signing token\n");
- r = PSA_ERROR_GENERIC_ERROR;
- }
- return r;
-}
-
-psa_status_t val_send_certificate(psa_tlv_t **extns_list, size_t extns_count)
-{
- request_packet_t *request;
- response_packet_t *response;
- psa_status_t r;
- uint8_t *payload;
- size_t i, payload_size;
- psa_tlv_t *current_extn;
-
- for (size_t i = 0; i < extns_count; i++) {
- current_extn = extns_list[i];
- if (current_extn->type_id == 0x0201) {
- payload = (uint8_t *)current_extn;
- payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
-
- printf("Sending Certificate\n");
- r = val_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
- if (r != PSA_SUCCESS)
- return r;
-
- printf("Receiving token_authentication response\n");
- response = val_await_response();
- r = val_parse_response(SDP_AUTH_RESPONSE_CMD, response);
- if (r != PSA_SUCCESS)
- return r;
-
- if (response->status == SDP_NEED_MORE_DATA)
- response_packet_release(response);
- }
- }
- if (response->status != SDP_NEED_MORE_DATA) {
- PSA_ADAC_LOG_ERR("host", "Unexpected response status %x\n", response->status);
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
- response_packet_release(response);
- return r;
-}
-
-int val_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system)
-{
- int found = 0, j;
- size_t i = 0;
- psa_tlv_t *tlv;
- uint8_t *key_support_types = NULL;
-
- while ((i + 4) < (packet->data_count * 4)) {
- tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
- if (tlv->type_id == 0x0102) {
- key_support_types = tlv->value;
- for (j = 0; j < (tlv->length_in_bytes); j++) {
- if (*(key_support_types+j) == key_system) {
- found = 1;
- break;
- }
- }
- }
- i += sizeof(psa_tlv_t) + tlv->length_in_bytes;
- }
-
- if (key_support_types == NULL)
- printf("Cryptosystem Type ID not found in target's response\n");
- else if (!found)
- printf("Cryptosystem not supported by target\n");
- else
- printf("Cryptosystem supported by target\n");
-
- return found;
-}
diff --git a/secure-debug/val/src/val_dispatcher.c b/secure-debug/val/src/val_dispatcher.c
index 86426cc..020c91c 100644
--- a/secure-debug/val/src/val_dispatcher.c
+++ b/secure-debug/val/src/val_dispatcher.c
@@ -20,10 +20,9 @@
#include "val_interfaces.h"
#include "val_peripherals.h"
-
extern val_api_t val_api;
-/* gloabls */
+/* globals */
addr_t g_test_info_addr;
/**
@@ -151,10 +150,8 @@
**/
int32_t val_dispatcher(test_id_t test_id_prev)
{
-
test_id_t test_id;
val_status_t status;
- boot_t boot;
test_count_t test_count = {0,};
uint32_t test_result;
@@ -214,9 +211,3 @@
return (test_count.fail_cnt > 0) ? VAL_STATUS_TEST_FAILED : VAL_STATUS_SUCCESS;
}
-
-
-
-
-
-
diff --git a/secure-debug/val/src/val_entry.c b/secure-debug/val/src/val_entry.c
index 1d13bcb..fdfbcc9 100644
--- a/secure-debug/val/src/val_entry.c
+++ b/secure-debug/val/src/val_entry.c
@@ -19,8 +19,7 @@
#include "val_framework.h"
#include "val_peripherals.h"
#include "val_dispatcher.h"
-
-int32_t val_entry(void);
+#include "pal_interfaces.h"
/**
@brief - PSA C main function, does VAL init and calls test dispatcher
diff --git a/secure-debug/val/src/val_framework.c b/secure-debug/val/src/val_framework.c
index 2a700b4..bf7af91 100644
--- a/secure-debug/val/src/val_framework.c
+++ b/secure-debug/val/src/val_framework.c
@@ -19,12 +19,9 @@
#include "val_interfaces.h"
#include "val_dispatcher.h"
#include "val_peripherals.h"
-#include "pal_interfaces.h"
-
extern val_api_t val_api;
-
/* globals */
test_status_buffer_t g_status_buffer;
@@ -72,7 +69,6 @@
state = TEST_FAIL;
val_print(PRINT_ALWAYS, "\nTEST RESULT: FAILED(Error Code=0x%x)\n", VAL_STATUS_INVALID);
break;
-
}
val_print(PRINT_ALWAYS, "\n******************************************\n", 0);
@@ -119,9 +115,8 @@
if (VAL_ERROR(status)) {
val_print(PRINT_ERROR, "\tCheckpoint %d : ", checkpoint);
val_print(PRINT_ERROR, "Error Code=0x%x \n", status);
- } else {
+ } else
val_print(PRINT_DEBUG, "\tCheckpoint %d \n", checkpoint);
- }
}
return status;
}
diff --git a/secure-debug/val/src/val_interfaces.c b/secure-debug/val/src/val_interfaces.c
index 63c041d..133c679 100644
--- a/secure-debug/val/src/val_interfaces.c
+++ b/secure-debug/val/src/val_interfaces.c
@@ -15,7 +15,6 @@
* limitations under the License.
**/
-
#include "val_framework.h"
#include "val_interfaces.h"
#include "val_peripherals.h"
diff --git a/secure-debug/val/src/val_peripherals.c b/secure-debug/val/src/val_peripherals.c
index e804485..4114a3e 100644
--- a/secure-debug/val/src/val_peripherals.c
+++ b/secure-debug/val/src/val_peripherals.c
@@ -17,7 +17,6 @@
#include "val_peripherals.h"
#include "pal_interfaces.h"
-#include "val_framework.h"
/* Global */
uint32_t is_logger_init_done = 0;
diff --git a/secure-debug/val/val.cmake b/secure-debug/val/val.cmake
index 665db48..c42975b 100644
--- a/secure-debug/val/val.cmake
+++ b/secure-debug/val/val.cmake
@@ -15,14 +15,9 @@
# * limitations under the License.
#**/
-if(NOT DEFINED PSA_ADAC_ROOT)
- get_filename_component(PSA_ADAC_ROOT ${CMAKE_SOURCE_DIR}/psa-adac ABSOLUTE)
-endif()
-
# Listing all the sources from val
list(APPEND VAL_SRC_C
${CMAKE_SOURCE_DIR}/val/src/val_entry.c
- ${CMAKE_SOURCE_DIR}/val/src/val_adac.c
${CMAKE_SOURCE_DIR}/val/src/val_dispatcher.c
${CMAKE_SOURCE_DIR}/val/src/val_framework.c
${CMAKE_SOURCE_DIR}/val/src/val_interfaces.c
@@ -33,10 +28,9 @@
add_library(${ADAC_HOST_VAL_LIB} STATIC ${VAL_SRC_C})
target_include_directories(${ADAC_HOST_VAL_LIB} PRIVATE
- ${CMAKE_SOURCE_DIR}/val/include
${CMAKE_BINARY_DIR}
- ${PSA_ADAC_ROOT}/psa-adac/core/include
- ${PSA_ADAC_ROOT}/psa-adac/sdm/include
+ ${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
-target_link_libraries(${ADAC_HOST_VAL_LIB} mbedcrypto)
+target_link_libraries(${ADAC_HOST_VAL_LIB} ${ADAC_HOST_PAL_LIB})