Merge #19932 #19992 #20042

19932: tests/periph: Add test using the Peripheral Selftest Shield r=MrKevinWeiss a=maribu ### Contribution description This adds a test that makes use of the peripheral selftesting shield. #### ToDo - [x] Add doc ### Testing procedure - grab an Arduino UNO compatible board that has the Arduino pin map feature - connect it to the testing shield - configure the testing shield - make sure the VCC selector matches the logic level of the board (3.3V and 5V are the only options) - enabled all the "loops" needed for testing on SW1 - it could be that the UART on D0, D1 is used for stdio. In that case, do *NOT* close the loop - flash and run the test application ### Issues/PRs references none 19992: sys/psa_crypto: Fix build problems r=MrKevinWeiss a=Einhornhool ### Contribution description This fixes several problems: #### 1. Empty union in cipher context when `MODULE_PSA_CIPHER` is not selected. PSA operations are now separated into modules. Functions and contexts are only built when the corresponding module is selected. This way there won't be problems with missing or unitialized structures in unused modules anymore. #### 2. Zero-size array when using secure elements and `PSA_MAX_KEY_DATA_SIZE == 0` I added a condition to the `psa_key_slot_t` structure in `psa_key_slot_management.h`. Also the existence of key slot management functions and key slot structures now depends on the number of allocated key slots instead of selected modules. This way key structures will not exist unless they are used. ### Testing procedure Add the following to `examples/hello_world/Makefile` and call make : ``` USEMODULE += psa_crypto USEMODULE += psa_hash USEMODULE += psa_hash_sha_256 USEMODULE += psa_secure_element ``` Output on Master: ``` "make" -C /home/lena/work/RIOT/boards/common/init "make" -C /home/lena/work/RIOT/boards/native "make" -C /home/lena/work/RIOT/boards/native/drivers "make" -C /home/lena/work/RIOT/core "make" -C /home/lena/work/RIOT/core/lib "make" -C /home/lena/work/RIOT/cpu/native "make" -C /home/lena/work/RIOT/cpu/native/periph "make" -C /home/lena/work/RIOT/cpu/native/stdio_native "make" -C /home/lena/work/RIOT/drivers "make" -C /home/lena/work/RIOT/drivers/periph_common "make" -C /home/lena/work/RIOT/sys "make" -C /home/lena/work/RIOT/sys/auto_init "make" -C /home/lena/work/RIOT/sys/libc "make" -C /home/lena/work/RIOT/sys/luid "make" -C /home/lena/work/RIOT/sys/preprocessor "make" -C /home/lena/work/RIOT/sys/psa_crypto In file included from /home/lena/work/RIOT/sys/include/psa_crypto/psa/crypto.h:39, from /home/lena/work/RIOT/sys/psa_crypto/psa_crypto_algorithm_dispatch.c:23: /home/lena/work/RIOT/sys/include/psa_crypto/psa/crypto_struct.h:137:11: error: union has no members [-Werror=pedantic] 137 | union cipher_context { | ^~~~~~~~~~~~~~ In file included from /home/lena/work/RIOT/sys/psa_crypto/include/psa_crypto_operation_encoder.h:32, from /home/lena/work/RIOT/sys/psa_crypto/psa_crypto_algorithm_dispatch.c:28: /home/lena/work/RIOT/sys/psa_crypto/include/psa_crypto_slot_management.h:82:17: error: ISO C forbids zero-size array ‘data’ [-Werror=pedantic] 82 | uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */ | ^~~~ cc1: all warnings being treated as errors make[3]: *** [/home/lena/work/RIOT/Makefile.base:146: /home/lena/work/RIOT/examples/hello-world/bin/native/psa_crypto/psa_crypto_algorithm_dispatch.o] Error 1 make[2]: *** [/home/lena/work/RIOT/Makefile.base:31: ALL--/home/lena/work/RIOT/sys/psa_crypto] Error 2 make[1]: *** [/home/lena/work/RIOT/Makefile.base:31: ALL--/home/lena/work/RIOT/sys] Error 2 make: *** [/home/lena/work/RIOT/examples/hello-world/../../Makefile.include:761: application_hello-world.module] Error 2 ``` Output with fixes: ``` "make" -C /home/lena/work/RIOT/boards/common/init "make" -C /home/lena/work/RIOT/boards/native "make" -C /home/lena/work/RIOT/boards/native/drivers "make" -C /home/lena/work/RIOT/core "make" -C /home/lena/work/RIOT/core/lib "make" -C /home/lena/work/RIOT/cpu/native "make" -C /home/lena/work/RIOT/cpu/native/periph "make" -C /home/lena/work/RIOT/cpu/native/stdio_native "make" -C /home/lena/work/RIOT/drivers "make" -C /home/lena/work/RIOT/drivers/periph_common "make" -C /home/lena/work/RIOT/sys "make" -C /home/lena/work/RIOT/sys/auto_init "make" -C /home/lena/work/RIOT/sys/libc "make" -C /home/lena/work/RIOT/sys/luid "make" -C /home/lena/work/RIOT/sys/preprocessor "make" -C /home/lena/work/RIOT/sys/psa_crypto "make" -C /home/lena/work/RIOT/sys/psa_crypto/psa_key_slot_mgmt "make" -C /home/lena/work/RIOT/sys/psa_crypto/psa_se_mgmt "make" -C /home/lena/work/RIOT/sys/random /usr/bin/ld: warning: /home/lena/work/RIOT/examples/hello-world/bin/native/hello-world.elf has a LOAD segment with RWX permissions text data bss dec hex filename 29764 584 47856 78204 1317c /home/lena/work/RIOT/examples/hello-world/bin/native/hello-world.elf ``` 20042: dist/tools/uf2: add target to also copy families.json file r=MrKevinWeiss a=MichelRottleuthner ### Contribution description The updated UF2 pkg (#20035) stores the family ID in an external .json file. I overlooked that and flashing fails if this file is not present. This PR fixes it by also copying the json into the tool folder. ### Testing procedure Check if the `feather-nrf52840-sense` can be flashed when the new UF2 pkg is cloned freshly. ### Issues/PRs references Fixes a regression introduced with #20035 Co-authored-by: Marian Buschsieweke <marian.buschsieweke@posteo.net> Co-authored-by: Lena Boeckmann <lena.boeckmann@haw-hamburg.de> Co-authored-by: Michel Rottleuthner <michel.rottleuthner@haw-hamburg.de>
RIOT-OS · Nov 2, 2023 · 6738e9e · 6738e9e
4 parents c0ae75b + 730d2bf + 74d3647 + 1e6ac1f
commit 6738e9e
Show file tree

Hide file tree

Showing 96 changed files with 2,079 additions and 148 deletions.
diff --git a/dist/tools/uf2/Makefile b/dist/tools/uf2/Makefile
@@ -5,8 +5,11 @@ PKG_LICENSE=MIT
 
 include $(RIOTBASE)/pkg/pkg.mk
 
-all: $(CURDIR)/uf2conv.py
+all: $(CURDIR)/uf2conv.py $(CURDIR)/uf2families.json
 
 $(CURDIR)/uf2conv.py:
 	cp $(PKG_SOURCE_DIR)/utils/uf2conv.py .
 	chmod a+x uf2conv.py
+
+$(CURDIR)/uf2families.json:
+	cp $(PKG_SOURCE_DIR)/utils/uf2families.json .
diff --git a/examples/psa_crypto/Makefile b/examples/psa_crypto/Makefile
@@ -48,6 +48,8 @@ else
     CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
     USEMODULE += psa_secure_element
     USEMODULE += psa_secure_element_ateccx08a
+    USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
+    USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
     USEMODULE += psa_secure_element_ateccx08a_ecc_p256
   else ifeq (2, $(SECURE_ELEMENT))
     CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
@@ -60,6 +62,8 @@ else
     USEMODULE += psa_secure_element
     USEMODULE += psa_secure_element_multiple
     USEMODULE += psa_secure_element_ateccx08a
+    USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
+    USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
     USEMODULE += psa_secure_element_ateccx08a_ecc_p256
   else ifdef CUSTOM_BACKEND
     # Necessary configuration when using Make dependency resolution

diff --git a/examples/psa_crypto/app.config.test.multi_se b/examples/psa_crypto/app.config.test.multi_se
@@ -2,6 +2,8 @@
 CONFIG_MODULE_PSA_SECURE_ELEMENT=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y
 
 CONFIG_PSA_MAX_SE_COUNT=2

diff --git a/examples/psa_crypto/app.config.test.se b/examples/psa_crypto/app.config.test.se
@@ -1,6 +1,8 @@
 CONFIG_MODULE_PSA_SECURE_ELEMENT=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
 
 CONFIG_PSA_PROTECTED_KEY_COUNT=4
 CONFIG_PSA_SINGLE_KEY_COUNT=1
diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c
@@ -21,83 +21,125 @@
 #include "psa/crypto.h"
 #include "ztimer.h"
 
+#if IS_USED(MODULE_PSA_CIPHER)
 extern psa_status_t example_cipher_aes_128(void);
+#endif
+#if IS_USED(MODULE_PSA_MAC)
 extern psa_status_t example_hmac_sha256(void);
+#endif
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
 extern psa_status_t example_ecdsa_p256(void);
-
+#endif
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
 #ifndef SECURE_ELEMENT
 extern psa_status_t example_eddsa(void);
 #endif
+#endif
 
 #ifdef MULTIPLE_SE
+#if IS_USED(MODULE_PSA_CIPHER)
 extern psa_status_t example_cipher_aes_128_sec_se(void);
+#endif /* MODULE_PSA_CIPHER */
+#if IS_USED(MODULE_PSA_MAC)
 extern psa_status_t example_hmac_sha256_sec_se(void);
+#endif /* MODULE_PSA_MAC */
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
 extern psa_status_t example_ecdsa_p256_sec_se(void);
-#endif
+#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
+#endif /* MULTIPLE_SE */
 
 int main(void)
 {
+    bool failed = false;
     psa_status_t status;
 
     psa_crypto_init();
 
     ztimer_acquire(ZTIMER_USEC);
     ztimer_now_t start = ztimer_now(ZTIMER_USEC);
 
+    /* Needed in case only hashes are tested */
+    (void)status;
+    (void)start;
+
+#if IS_USED(MODULE_PSA_MAC)
     status = example_hmac_sha256();
     printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
     }
+#endif
 
+#if IS_USED(MODULE_PSA_CIPHER)
     start = ztimer_now(ZTIMER_USEC);
     status = example_cipher_aes_128();
     printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
     }
+#endif
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
     start = ztimer_now(ZTIMER_USEC);
     status = example_ecdsa_p256();
     printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
     }
+#endif
 
-#ifndef SECURE_ELEMENT
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
     start = ztimer_now(ZTIMER_USEC);
     status = example_eddsa();
     printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
     }
 #endif
 
 #ifdef MULTIPLE_SE
+#if IS_USED(MODULE_PSA_MAC)
     puts("Running Examples with secondary SE:");
     status = example_hmac_sha256_sec_se();
     printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
     }
+#endif /* MODULE_PSA_MAC */
 
+#if IS_USED(MODULE_PSA_CIPHER)
     start = ztimer_now(ZTIMER_USEC);
     status = example_cipher_aes_128_sec_se();
     printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
     }
+#endif /* MODULE_PSA_CIPHER */
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
     start = ztimer_now(ZTIMER_USEC);
     status = example_ecdsa_p256_sec_se();
     printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
     if (status != PSA_SUCCESS) {
+        failed = true;
         printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
     }
-#endif
+#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
+#endif /* MULTIPLE_SE */
 
     ztimer_release(ZTIMER_USEC);
 
-    puts("All Done");
+    if (failed) {
+        puts("Tests failed...");
+    }
+    else {
+        puts("All Done");
+    }
     return 0;
 }
diff --git a/pkg/cryptoauthlib/Makefile.dep b/pkg/cryptoauthlib/Makefile.dep
@@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE)))
 endif
 
 ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE)))
-  USEMODULE += psa_secure_element_asymmetric
+  USEMODULE += psa_asymmetric
+endif
+
+ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE)))
+  USEMODULE += psa_cipher
+endif
+
+ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE)))
+  USEMODULE += psa_mac
 endif
diff --git a/pkg/cryptoauthlib/Makefile.include b/pkg/cryptoauthlib/Makefile.include
@@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE)))
   INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity
 endif
 
-ifneq (,$(filter psa_crypto,$(USEMODULE)))
-  PSEUDOMODULES += psa_secure_element_ateccx08a
-  PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
-endif
+PSEUDOMODULES += psa_secure_element_ateccx08a
+PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128
+PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
+PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256
diff --git a/pkg/micro-ecc/Makefile.include b/pkg/micro-ecc/Makefile.include
@@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable
 TOOLCHAINS_BLACKLIST += llvm
 
 ifneq (,$(filter psa_uecc_%, $(USEMODULE)))
-  PSEUDOMODULES += psa_uecc_p192
-  PSEUDOMODULES += psa_uecc_p256
   DIRS += $(RIOTPKG)/micro-ecc/psa_uecc
   INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
 endif
+
+PSEUDOMODULES += psa_uecc_p192
+PSEUDOMODULES += psa_uecc_p256
diff --git a/sys/auto_init/security/auto_init_atca.c b/sys/auto_init/security/auto_init_atca.c
@@ -50,7 +50,7 @@ void auto_init_atca(void)
         }
         atca_devs_ptr[i] = &atca_devs[i];
 
-        DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc);
+        DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc);
         status = psa_register_secure_element(atca_params[i].atca_loc,
                                             &atca_methods,
                                             &atca_config_list[i],

diff --git a/sys/include/psa_crypto/psa/crypto.h b/sys/include/psa_crypto/psa/crypto.h
@@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status);
  */
 psa_status_t psa_crypto_init(void);
 
+#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
 /**
  * @brief   Process an authenticated encryption operation.
  *
@@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
  *                                                  initialize results in this error code.
  */
 psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
+#endif /* MODULE_PSA_AEAD */
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
 /**
  * @brief   Encrypt a short message with a public key.
  *
@@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
                                     uint8_t *output,
                                     size_t output_size,
                                     size_t *output_length);
+#endif /* MODULE_PSA_ASYMMETRIC */
 
+
+#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
 /**
  * @brief   Abort a cipher operation.
  *
@@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
                                uint8_t *output,
                                size_t output_size,
                                size_t *output_length);
+#endif /* MODULE_PSA_CIPHER */
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief   Make a copy of a key.
  *
@@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui
  */
 psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
                               psa_key_id_t *key);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
 /**
  * @brief   Built-in function for random number generation.
@@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random(   uint8_t *output,
 psa_status_t psa_generate_random(uint8_t *output,
                                  size_t output_size);
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief   Declare the permitted algorithm policy for a key.
  *
@@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
  */
 psa_status_t psa_get_key_attributes(psa_key_id_t key,
                                     psa_key_attributes_t *attributes);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
+#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
 /**
  * @brief   Abort a hash operation.
  *
@@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
 psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
                              const uint8_t *hash,
                              size_t hash_length);
+#endif /* MODULE_PSA_HASH */
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief   Built-in key import function.
  *
@@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
                             const uint8_t *data,
                             size_t data_length,
                             psa_key_id_t *key);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
+#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
 /**
  * @brief   Abort a key derivation operation.
  *
@@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope
  */
 psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
                                            psa_key_id_t expected);
+#endif /* PSA_CRYPTO_KEY_DERIVATION */
 
+#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
 /**
  * @brief   Abort a MAC operation.
  *
@@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
 psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
                                   psa_key_id_t key,
                                   psa_algorithm_t alg);
+#endif /* MODULE_PSA_MAC */
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief   Remove non-essential copies of key material from memory.
  *
@@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  * @return  @ref PSA_ERROR_DATA_INVALID
  */
 psa_status_t psa_purge_key(psa_key_id_t key);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
+#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
 /**
  * @brief   Perform a key agreement and return the raw shared secret.
  *
@@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
                                    uint8_t *output,
                                    size_t output_size,
                                    size_t *output_length);
+#endif /* MODULE_PSA_KEY_AGREEMENT */
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
 /**
  * @brief   Sign an already-calculated hash with a private key.
  *
@@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
                                 size_t input_length,
                                 const uint8_t *signature,
                                 size_t signature_length);
+#endif /* MODULE_PSA_ASYMMETRIC */
 
 #ifdef __cplusplus
 }