Merge #19992 #20042

19992: sys/psa_crypto: Fix build problems r=MrKevinWeiss a=Einhornhool ### Contribution description This fixes several problems: #### 1. Empty union in cipher context when `MODULE_PSA_CIPHER` is not selected. PSA operations are now separated into modules. Functions and contexts are only built when the corresponding module is selected. This way there won't be problems with missing or unitialized structures in unused modules anymore. #### 2. Zero-size array when using secure elements and `PSA_MAX_KEY_DATA_SIZE == 0` I added a condition to the `psa_key_slot_t` structure in `psa_key_slot_management.h`. Also the existence of key slot management functions and key slot structures now depends on the number of allocated key slots instead of selected modules. This way key structures will not exist unless they are used. ### Testing procedure Add the following to `examples/hello_world/Makefile` and call make : ``` USEMODULE += psa_crypto USEMODULE += psa_hash USEMODULE += psa_hash_sha_256 USEMODULE += psa_secure_element ``` Output on Master: ``` "make" -C /home/lena/work/RIOT/boards/common/init "make" -C /home/lena/work/RIOT/boards/native "make" -C /home/lena/work/RIOT/boards/native/drivers "make" -C /home/lena/work/RIOT/core "make" -C /home/lena/work/RIOT/core/lib "make" -C /home/lena/work/RIOT/cpu/native "make" -C /home/lena/work/RIOT/cpu/native/periph "make" -C /home/lena/work/RIOT/cpu/native/stdio_native "make" -C /home/lena/work/RIOT/drivers "make" -C /home/lena/work/RIOT/drivers/periph_common "make" -C /home/lena/work/RIOT/sys "make" -C /home/lena/work/RIOT/sys/auto_init "make" -C /home/lena/work/RIOT/sys/libc "make" -C /home/lena/work/RIOT/sys/luid "make" -C /home/lena/work/RIOT/sys/preprocessor "make" -C /home/lena/work/RIOT/sys/psa_crypto In file included from /home/lena/work/RIOT/sys/include/psa_crypto/psa/crypto.h:39, from /home/lena/work/RIOT/sys/psa_crypto/psa_crypto_algorithm_dispatch.c:23: /home/lena/work/RIOT/sys/include/psa_crypto/psa/crypto_struct.h:137:11: error: union has no members [-Werror=pedantic] 137 | union cipher_context { | ^~~~~~~~~~~~~~ In file included from /home/lena/work/RIOT/sys/psa_crypto/include/psa_crypto_operation_encoder.h:32, from /home/lena/work/RIOT/sys/psa_crypto/psa_crypto_algorithm_dispatch.c:28: /home/lena/work/RIOT/sys/psa_crypto/include/psa_crypto_slot_management.h:82:17: error: ISO C forbids zero-size array ‘data’ [-Werror=pedantic] 82 | uint8_t data[PSA_MAX_KEY_DATA_SIZE]; /**< Key data buffer */ | ^~~~ cc1: all warnings being treated as errors make[3]: *** [/home/lena/work/RIOT/Makefile.base:146: /home/lena/work/RIOT/examples/hello-world/bin/native/psa_crypto/psa_crypto_algorithm_dispatch.o] Error 1 make[2]: *** [/home/lena/work/RIOT/Makefile.base:31: ALL--/home/lena/work/RIOT/sys/psa_crypto] Error 2 make[1]: *** [/home/lena/work/RIOT/Makefile.base:31: ALL--/home/lena/work/RIOT/sys] Error 2 make: *** [/home/lena/work/RIOT/examples/hello-world/../../Makefile.include:761: application_hello-world.module] Error 2 ``` Output with fixes: ``` "make" -C /home/lena/work/RIOT/boards/common/init "make" -C /home/lena/work/RIOT/boards/native "make" -C /home/lena/work/RIOT/boards/native/drivers "make" -C /home/lena/work/RIOT/core "make" -C /home/lena/work/RIOT/core/lib "make" -C /home/lena/work/RIOT/cpu/native "make" -C /home/lena/work/RIOT/cpu/native/periph "make" -C /home/lena/work/RIOT/cpu/native/stdio_native "make" -C /home/lena/work/RIOT/drivers "make" -C /home/lena/work/RIOT/drivers/periph_common "make" -C /home/lena/work/RIOT/sys "make" -C /home/lena/work/RIOT/sys/auto_init "make" -C /home/lena/work/RIOT/sys/libc "make" -C /home/lena/work/RIOT/sys/luid "make" -C /home/lena/work/RIOT/sys/preprocessor "make" -C /home/lena/work/RIOT/sys/psa_crypto "make" -C /home/lena/work/RIOT/sys/psa_crypto/psa_key_slot_mgmt "make" -C /home/lena/work/RIOT/sys/psa_crypto/psa_se_mgmt "make" -C /home/lena/work/RIOT/sys/random /usr/bin/ld: warning: /home/lena/work/RIOT/examples/hello-world/bin/native/hello-world.elf has a LOAD segment with RWX permissions text data bss dec hex filename 29764 584 47856 78204 1317c /home/lena/work/RIOT/examples/hello-world/bin/native/hello-world.elf ``` 20042: dist/tools/uf2: add target to also copy families.json file r=MrKevinWeiss a=MichelRottleuthner ### Contribution description The updated UF2 pkg (#20035) stores the family ID in an external .json file. I overlooked that and flashing fails if this file is not present. This PR fixes it by also copying the json into the tool folder. ### Testing procedure Check if the `feather-nrf52840-sense` can be flashed when the new UF2 pkg is cloned freshly. ### Issues/PRs references Fixes a regression introduced with #20035 Co-authored-by: Lena Boeckmann <lena.boeckmann@haw-hamburg.de> Co-authored-by: Michel Rottleuthner <michel.rottleuthner@haw-hamburg.de>
RIOT-OS · Nov 3, 2023 · adc0bc6 · adc0bc6
3 parents c0ae75b + 74d3647 + 1e6ac1f
commit adc0bc6
Show file tree

Hide file tree

Showing 90 changed files with 809 additions and 148 deletions.
diff --git a/dist/tools/uf2/Makefile b/dist/tools/uf2/Makefile
@@ -5,8 +5,11 @@ PKG_LICENSE=MIT
 
 include $(RIOTBASE)/pkg/pkg.mk
 
-all: $(CURDIR)/uf2conv.py
+all: $(CURDIR)/uf2conv.py $(CURDIR)/uf2families.json
 
 $(CURDIR)/uf2conv.py:
  cp $(PKG_SOURCE_DIR)/utils/uf2conv.py .
  chmod a+x uf2conv.py
+
+$(CURDIR)/uf2families.json:
+ cp $(PKG_SOURCE_DIR)/utils/uf2families.json .
diff --git a/examples/psa_crypto/Makefile b/examples/psa_crypto/Makefile
@@ -48,6 +48,8 @@ else
  CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=1
  USEMODULE += psa_secure_element
  USEMODULE += psa_secure_element_ateccx08a
+ USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
+ USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
  USEMODULE += psa_secure_element_ateccx08a_ecc_p256
  else ifeq (2, $(SECURE_ELEMENT))
  CFLAGS += -DSECURE_ELEMENT # Application specific (not needed by PSA)
@@ -60,6 +62,8 @@ else
  USEMODULE += psa_secure_element
  USEMODULE += psa_secure_element_multiple
  USEMODULE += psa_secure_element_ateccx08a
+ USEMODULE += psa_secure_element_ateccx08a_cipher_aes_128
+ USEMODULE += psa_secure_element_ateccx08a_hmac_sha256
  USEMODULE += psa_secure_element_ateccx08a_ecc_p256
  else ifdef CUSTOM_BACKEND
  # Necessary configuration when using Make dependency resolution

diff --git a/examples/psa_crypto/app.config.test.multi_se b/examples/psa_crypto/app.config.test.multi_se
@@ -2,6 +2,8 @@
 CONFIG_MODULE_PSA_SECURE_ELEMENT=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_MULTIPLE=y
 
 CONFIG_PSA_MAX_SE_COUNT=2

diff --git a/examples/psa_crypto/app.config.test.se b/examples/psa_crypto/app.config.test.se
@@ -1,6 +1,8 @@
 CONFIG_MODULE_PSA_SECURE_ELEMENT=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A=y
 CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_CIPHER_AES_128=y
+CONFIG_MODULE_PSA_SECURE_ELEMENT_ATECCX08A_HMAC_SHA256=y
 
 CONFIG_PSA_PROTECTED_KEY_COUNT=4
 CONFIG_PSA_SINGLE_KEY_COUNT=1
diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c
@@ -21,83 +21,125 @@
 #include "psa/crypto.h"
 #include "ztimer.h"
 
+#if IS_USED(MODULE_PSA_CIPHER)
 extern psa_status_t example_cipher_aes_128(void);
+#endif
+#if IS_USED(MODULE_PSA_MAC)
 extern psa_status_t example_hmac_sha256(void);
+#endif
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
 extern psa_status_t example_ecdsa_p256(void);
-
+#endif
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
 #ifndef SECURE_ELEMENT
 extern psa_status_t example_eddsa(void);
 #endif
+#endif
 
 #ifdef MULTIPLE_SE
+#if IS_USED(MODULE_PSA_CIPHER)
 extern psa_status_t example_cipher_aes_128_sec_se(void);
+#endif /* MODULE_PSA_CIPHER */
+#if IS_USED(MODULE_PSA_MAC)
 extern psa_status_t example_hmac_sha256_sec_se(void);
+#endif /* MODULE_PSA_MAC */
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
 extern psa_status_t example_ecdsa_p256_sec_se(void);
-#endif
+#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
+#endif /* MULTIPLE_SE */
 
 int main(void)
 {
+ bool failed = false;
  psa_status_t status;
 
  psa_crypto_init();
 
  ztimer_acquire(ZTIMER_USEC);
  ztimer_now_t start = ztimer_now(ZTIMER_USEC);
 
+ /* Needed in case only hashes are tested */
+ (void)status;
+ (void)start;
+
+#if IS_USED(MODULE_PSA_MAC)
  status = example_hmac_sha256();
  printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
  }
+#endif
 
+#if IS_USED(MODULE_PSA_CIPHER)
  start = ztimer_now(ZTIMER_USEC);
  status = example_cipher_aes_128();
  printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
  }
+#endif
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
  start = ztimer_now(ZTIMER_USEC);
  status = example_ecdsa_p256();
  printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
  }
+#endif
 
-#ifndef SECURE_ELEMENT
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_ED25519)
  start = ztimer_now(ZTIMER_USEC);
  status = example_eddsa();
  printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
  }
 #endif
 
 #ifdef MULTIPLE_SE
+#if IS_USED(MODULE_PSA_MAC)
  puts("Running Examples with secondary SE:");
  status = example_hmac_sha256_sec_se();
  printf("HMAC SHA256 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("HMAC SHA256 failed: %s\n", psa_status_to_humanly_readable(status));
  }
+#endif /* MODULE_PSA_MAC */
 
+#if IS_USED(MODULE_PSA_CIPHER)
  start = ztimer_now(ZTIMER_USEC);
  status = example_cipher_aes_128_sec_se();
  printf("Cipher AES 128 took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("Cipher AES 128 failed: %s\n", psa_status_to_humanly_readable(status));
  }
+#endif /* MODULE_PSA_CIPHER */
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC_ECC_P256R1)
  start = ztimer_now(ZTIMER_USEC);
  status = example_ecdsa_p256_sec_se();
  printf("ECDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
  if (status != PSA_SUCCESS) {
+ failed = true;
  printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
  }
-#endif
+#endif /* MODULE_PSA_ASYMMETRIC_ECC_P256R1 */
+#endif /* MULTIPLE_SE */
 
  ztimer_release(ZTIMER_USEC);
 
- puts("All Done");
+ if (failed) {
+ puts("Tests failed...");
+ }
+ else {
+ puts("All Done");
+ }
  return 0;
 }
diff --git a/pkg/cryptoauthlib/Makefile.dep b/pkg/cryptoauthlib/Makefile.dep
@@ -25,5 +25,13 @@ ifneq (,$(filter psa_crypto,$(USEMODULE)))
 endif
 
 ifneq (,$(filter psa_secure_element_ateccx08a_ecc_p256, $(USEMODULE)))
- USEMODULE += psa_secure_element_asymmetric
+ USEMODULE += psa_asymmetric
+endif
+
+ifneq (,$(filter psa_secure_element_ateccx08a_cipher_aes_128, $(USEMODULE)))
+ USEMODULE += psa_cipher
+endif
+
+ifneq (,$(filter psa_secure_element_ateccx08a_hmac_sha256, $(USEMODULE)))
+ USEMODULE += psa_mac
 endif
diff --git a/pkg/cryptoauthlib/Makefile.include b/pkg/cryptoauthlib/Makefile.include
@@ -27,7 +27,7 @@ ifneq (,$(filter cryptoauthlib_test,$(USEMODULE)))
  INCLUDES += -I$(PKG_SOURCE_DIR)/third_party/unity
 endif
 
-ifneq (,$(filter psa_crypto,$(USEMODULE)))
- PSEUDOMODULES += psa_secure_element_ateccx08a
- PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
-endif
+PSEUDOMODULES += psa_secure_element_ateccx08a
+PSEUDOMODULES += psa_secure_element_ateccx08a_cipher_aes_128
+PSEUDOMODULES += psa_secure_element_ateccx08a_ecc_p256
+PSEUDOMODULES += psa_secure_element_ateccx08a_hmac_sha256
diff --git a/pkg/micro-ecc/Makefile.include b/pkg/micro-ecc/Makefile.include
@@ -8,8 +8,9 @@ CFLAGS += -Wno-unused-variable
 TOOLCHAINS_BLACKLIST += llvm
 
 ifneq (,$(filter psa_uecc_%, $(USEMODULE)))
- PSEUDOMODULES += psa_uecc_p192
- PSEUDOMODULES += psa_uecc_p256
  DIRS += $(RIOTPKG)/micro-ecc/psa_uecc
  INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
 endif
+
+PSEUDOMODULES += psa_uecc_p192
+PSEUDOMODULES += psa_uecc_p256
diff --git a/sys/auto_init/security/auto_init_atca.c b/sys/auto_init/security/auto_init_atca.c
@@ -50,7 +50,7 @@ void auto_init_atca(void)
  }
  atca_devs_ptr[i] = &atca_devs[i];
 
- DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, atca_params[i].atca_loc);
+ DEBUG("[auto_init_atca] Registering Driver with address: %x and location: %lx\n", atca_params[i].cfg.atcai2c.address, (unsigned long) atca_params[i].atca_loc);
  status = psa_register_secure_element(atca_params[i].atca_loc,
  &atca_methods,
  &atca_config_list[i],

diff --git a/sys/include/psa_crypto/psa/crypto.h b/sys/include/psa_crypto/psa/crypto.h
@@ -83,6 +83,7 @@ const char *psa_status_to_humanly_readable(psa_status_t status);
  */
 psa_status_t psa_crypto_init(void);
 
+#if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
 /**
  * @brief Process an authenticated encryption operation.
  *
@@ -767,7 +768,9 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
  * initialize results in this error code.
  */
 psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
+#endif /* MODULE_PSA_AEAD */
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
 /**
  * @brief Encrypt a short message with a public key.
  *
@@ -890,7 +893,10 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
  uint8_t *output,
  size_t output_size,
  size_t *output_length);
+#endif /* MODULE_PSA_ASYMMETRIC */
 
+
+#if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
 /**
  * @brief Abort a cipher operation.
  *
@@ -1385,7 +1391,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
  uint8_t *output,
  size_t output_size,
  size_t *output_length);
+#endif /* MODULE_PSA_CIPHER */
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief Make a copy of a key.
  *
@@ -1799,6 +1807,7 @@ psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, ui
  */
 psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
  psa_key_id_t *key);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
 /**
  * @brief Built-in function for random number generation.
@@ -1840,6 +1849,7 @@ psa_status_t psa_builtin_generate_random( uint8_t *output,
 psa_status_t psa_generate_random(uint8_t *output,
  size_t output_size);
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief Declare the permitted algorithm policy for a key.
  *
@@ -2070,7 +2080,9 @@ static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
  */
 psa_status_t psa_get_key_attributes(psa_key_id_t key,
  psa_key_attributes_t *attributes);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
+#if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
 /**
  * @brief Abort a hash operation.
  *
@@ -2476,7 +2488,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
 psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
  const uint8_t *hash,
  size_t hash_length);
+#endif /* MODULE_PSA_HASH */
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief Built-in key import function.
  *
@@ -2619,7 +2633,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
  const uint8_t *data,
  size_t data_length,
  psa_key_id_t *key);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
+#if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
 /**
  * @brief Abort a key derivation operation.
  *
@@ -3309,7 +3325,9 @@ psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *ope
  */
 psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
  psa_key_id_t expected);
+#endif /* PSA_CRYPTO_KEY_DERIVATION */
 
+#if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
 /**
  * @brief Abort a MAC operation.
  *
@@ -3679,7 +3697,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
 psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  psa_key_id_t key,
  psa_algorithm_t alg);
+#endif /* MODULE_PSA_MAC */
 
+#if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
 /**
  * @brief Remove non-essential copies of key material from memory.
  *
@@ -3707,7 +3727,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
  * @return @ref PSA_ERROR_DATA_INVALID
  */
 psa_status_t psa_purge_key(psa_key_id_t key);
+#endif /* MODULE_PSA_KEY_MANAGEMENT */
 
+#if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
 /**
  * @brief Perform a key agreement and return the raw shared secret.
  *
@@ -3778,7 +3800,9 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
  uint8_t *output,
  size_t output_size,
  size_t *output_length);
+#endif /* MODULE_PSA_KEY_AGREEMENT */
 
+#if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
 /**
  * @brief Sign an already-calculated hash with a private key.
  *
@@ -4044,6 +4068,7 @@ psa_status_t psa_verify_message(psa_key_id_t key,
  size_t input_length,
  const uint8_t *signature,
  size_t signature_length);
+#endif /* MODULE_PSA_ASYMMETRIC */
 
 #ifdef __cplusplus
 }