RIOT-OS · mguetschow · May 14, 2024 · Apr 3, 2024 · May 13, 2024
@@ -8,8 +8,6 @@ USEMODULE += psa_crypto
 USEMODULE += psa_cipher
 USEMODULE += psa_cipher_aes_128_cbc
 
-ifneq (1, $(SHOULD_RUN_KCONFIG))
- CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
-endif
+CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 
 include $(RIOTBASE)/Makefile.include
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2022 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup tests
+ * @{
+ *
+ * @brief Tests the PSA cipher configurations
+ * Contents have been copied from `examples/psa_crypto`
+ *
+ * @author Mikolai Gütschow <[email protected]>
+ * @author Lena Boeckmann <[email protected]>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+
+#include "psa/crypto.h"
+
+#define AES_128_KEY_SIZE (16)
+#define AES_256_KEY_SIZE (32)
+
+static const uint8_t KEY_128[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+};
+
+static uint8_t PLAINTEXT[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
+};
+static uint8_t PLAINTEXT_LEN = 32;
+
+/**
+ * @brief Example function to perform an AES-128 CBC encryption and decryption
+ * with the PSA Crypto API.
+ *
+ * @return psa_status_t
+ */
+psa_status_t example_cipher_aes_128(void)
+{
+ psa_status_t status = PSA_ERROR_DOES_NOT_EXIST;
+ psa_key_id_t key_id = 0;
+ psa_key_attributes_t attr = psa_key_attributes_init();
+ psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+
+ size_t encr_output_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES,
+ PSA_ALG_CBC_NO_PADDING, PLAINTEXT_LEN);
+
+ uint8_t cipher_out[encr_output_size];
+ uint8_t plain_out[sizeof(PLAINTEXT)];
+ size_t output_len = 0;
+
+ psa_set_key_algorithm(&attr, PSA_ALG_CBC_NO_PADDING);
+ psa_set_key_usage_flags(&attr, usage);
+ psa_set_key_bits(&attr, 128);
+ psa_set_key_type(&attr, PSA_KEY_TYPE_AES);
+
+ status = psa_import_key(&attr, KEY_128, AES_128_KEY_SIZE, &key_id);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_cipher_encrypt(key_id, PSA_ALG_CBC_NO_PADDING, PLAINTEXT,
+ PLAINTEXT_LEN, cipher_out, encr_output_size, &output_len);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_cipher_decrypt(key_id, PSA_ALG_CBC_NO_PADDING, cipher_out,
+ sizeof(cipher_out), plain_out, sizeof(plain_out), &output_len);
+ if (status == PSA_SUCCESS) {
+ return (memcmp(PLAINTEXT, plain_out, sizeof(plain_out)) ? -1 : 0);
+ }
+ return status;
+}
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2022 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup tests
+ * @{
+ *
+ * @brief Tests the PSA cipher configurations
+ *
+ * @author Mikolai Gütschow <[email protected]>
+ * @author Lena Boeckmann <[email protected]>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include "psa/crypto.h"
+#include "ztimer.h"
+
+extern psa_status_t example_cipher_aes_128(void);
+
+int main(void)
+{
+ bool failed = false;
+ psa_status_t status;
+
+ psa_crypto_init();
+
+ ztimer_acquire(ZTIMER_USEC);
+ ztimer_now_t start = ztimer_now(ZTIMER_USEC);
+
+ start = ztimer_now(ZTIMER_USEC);
+ status = example_cipher_aes_128();
+ printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
+ if (status != PSA_SUCCESS) {
+ failed = true;
+ printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
+ }
+
+ ztimer_release(ZTIMER_USEC);
+
+ if (failed) {
+ puts("Tests failed...");
+ }
+ else {
+ puts("All Done");
+ }
+ return 0;
+}
@@ -10,11 +10,15 @@ USEMODULE += psa_hash_sha_256
 USEMODULE += psa_asymmetric
 USEMODULE += psa_asymmetric_ecc_p256r1
 
-ifneq (1, $(SHOULD_RUN_KCONFIG))
- CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
- CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
+CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
+CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
+
+ifneq (,$(filter psa_asymmetric_ecc_p256r1_backend_microecc,$(USEMODULE)))
+ CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096
 endif
 
-CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096
+ifneq (,$(filter psa_asymmetric_ecc_p256r1_backend_periph,$(USEMODULE)))
+ CFLAGS += -DTHREAD_STACKSIZE_MAIN=7000
+endif
 
 include $(RIOTBASE)/Makefile.include
@@ -6,9 +6,7 @@ BOARD_INSUFFICIENT_MEMORY := \
  atmega328p \
  atmega328p-xplained-mini \
  atmega8 \
- nucleo-f031k6 \
  nucleo-l011k4 \
  samd10-xmini \
- stk3200 \
  stm32f030f4-demo \
  #
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2022 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup tests
+ * @{
+ *
+ * @brief Tests the PSA ECDSA configurations
+ * Contents have been copied from `examples/psa_crypto`
+ *
+ * @author Mikolai Gütschow <[email protected]>
+ * @author Lena Boeckmann <[email protected]>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+
+#include "psa/crypto.h"
+
+#define ECDSA_MESSAGE_SIZE (127)
+
+#define ECC_KEY_SIZE (256)
+#define ECC_KEY_TYPE (PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1))
+#define ECC_ALG_HASH (PSA_ALG_SHA_256)
+#define ECC_ALG (PSA_ALG_ECDSA(ECC_ALG_HASH))
+
+/**
+ * @brief Example function to perform an ECDSA operation with a NIST P256 curve
+ * with the PSA Crypto API.
+ *
+ * @return psa_status_t
+ */
+psa_status_t example_ecdsa_p256(void)
+{
+ psa_key_id_t privkey_id;
+ psa_key_attributes_t privkey_attr = psa_key_attributes_init();
+ psa_key_id_t pubkey_id;
+ psa_key_attributes_t pubkey_attr = psa_key_attributes_init();
+
+ psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
+
+ uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE)] = { 0 };
+ size_t pubkey_length;
+ uint8_t signature[PSA_SIGN_OUTPUT_SIZE(ECC_KEY_TYPE, ECC_KEY_SIZE, ECC_ALG)];
+ size_t sig_length;
+ uint8_t msg[ECDSA_MESSAGE_SIZE] = { 0x0b };
+ uint8_t hash[PSA_HASH_LENGTH(ECC_ALG_HASH)];
+ size_t hash_length;
+
+ psa_set_key_algorithm(&privkey_attr, ECC_ALG);
+ psa_set_key_usage_flags(&privkey_attr, usage);
+ psa_set_key_type(&privkey_attr, ECC_KEY_TYPE);
+ psa_set_key_bits(&privkey_attr, ECC_KEY_SIZE);
+
+ psa_status_t status = PSA_ERROR_DOES_NOT_EXIST;
+
+ status = psa_generate_key(&privkey_attr, &privkey_id);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_export_public_key(privkey_id, public_key, sizeof(public_key), &pubkey_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_hash_compute(ECC_ALG_HASH, msg, sizeof(msg), hash, sizeof(hash), &hash_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
+ psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
+ psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
+
+ status = psa_import_key(&pubkey_attr, public_key, pubkey_length, &pubkey_id);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_sign_hash(privkey_id, ECC_ALG, hash, sizeof(hash), signature, sizeof(signature),
+ &sig_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ /* verify on original message with internal hashing operation */
+ return psa_verify_message(pubkey_id, ECC_ALG, msg, sizeof(msg), signature, sig_length);
+}
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2022 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup tests
+ * @{
+ *
+ * @brief Tests the PSA ECDSA configurations
+ *
+ * @author Mikolai Gütschow <[email protected]>
+ * @author Lena Boeckmann <[email protected]>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include "psa/crypto.h"
+#include "ztimer.h"
+
+extern psa_status_t example_ecdsa_p256(void);
+
+int main(void)
+{
+ bool failed = false;
+ psa_status_t status;
+
+ psa_crypto_init();
+
+ ztimer_acquire(ZTIMER_USEC);
+ ztimer_now_t start = ztimer_now(ZTIMER_USEC);
+
+ start = ztimer_now(ZTIMER_USEC);
+ status = example_ecdsa_p256();
+ printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
+ if (status != PSA_SUCCESS) {
+ failed = true;
+ printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
+ }
+
+ ztimer_release(ZTIMER_USEC);
+
+ if (failed) {
+ puts("Tests failed...");
+ }
+ else {
+ puts("All Done");
+ }
+ return 0;
+}
@@ -8,10 +8,8 @@ USEMODULE += psa_crypto
 USEMODULE += psa_asymmetric
 USEMODULE += psa_asymmetric_ecc_ed25519
 
-ifneq (1, $(SHOULD_RUN_KCONFIG))
- CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
- CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
-endif
+CFLAGS += -DCONFIG_PSA_ASYMMETRIC_KEYPAIR_COUNT=1
+CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
 
 CFLAGS += -DTHREAD_STACKSIZE_MAIN=4096