psa arch test v1.3 release candidate 1
diff --git a/secure-debug/CMakeLists.txt b/secure-debug/CMakeLists.txt
index 8266ccb..85d3a42 100644
--- a/secure-debug/CMakeLists.txt
+++ b/secure-debug/CMakeLists.txt
@@ -31,11 +31,7 @@
set(CMAKE_CXX_STANDARD 14)
set(CMAKE_CXX_EXTENSIONS Off)
-if(NOT DEFINED RDDI_LIB)
- set(DEPENDS_INC_PATH ${CMAKE_SOURCE_DIR}/platform/native/include)
-else()
- set(DEPENDS_INC_PATH ${CMAKE_SOURCE_DIR}/platform/rddi/include)
-
+if(DEFINED RDDI_LIB)
if(WIN32)
set(DEPENDS_LIB_PATH ${CMAKE_SOURCE_DIR}/depends/rddi/win_32-x86_64)
else()
@@ -43,6 +39,8 @@
endif()
endif()
+set(DEPENDS_INC_PATH ${CMAKE_SOURCE_DIR}/platform/hosts/${TARGET}/include)
+
if(NOT DEFINED PSA_ADAC_ROOT)
get_filename_component(PSA_ADAC_ROOT ${CMAKE_SOURCE_DIR}/psa-adac ABSOLUTE)
endif()
@@ -92,7 +90,7 @@
string(TOLOWER ${SUITE} SUITE_LOWER)
# Check for valid targets
-_get_sub_dir_list(PSA_TARGET_LIST ${PSA_ROOT_DIR}/platform)
+_get_sub_dir_list(PSA_TARGET_LIST ${PSA_ROOT_DIR}/platform/hosts)
if(NOT ${TARGET} IN_LIST PSA_TARGET_LIST)
message(FATAL_ERROR "[PSA] : Error: Unsupported value for -DTARGET=${TARGET}, supported targets are : ${PSA_TARGET_LIST}")
else()
@@ -189,24 +187,26 @@
add_definitions(-D${TARGET})
# Build PAL LIB
-if(NOT DEFINED RDDI_LIB)
- add_subdirectory(${CMAKE_SOURCE_DIR}/platform/native)
- set(ADAC_HOST_PAL_LIB platform_native)
-else()
+include(${CMAKE_SOURCE_DIR}/platform/common/pal.cmake)
+if(DEFINED RDDI_LIB)
add_subdirectory(${CMAKE_SOURCE_DIR}/platform/csapbcom)
set(ADAC_HOST_PAL_LIB csapbcom)
+else()
+ add_subdirectory(${CMAKE_SOURCE_DIR}/platform/hosts/${TARGET} platform_stdc)
+ target_link_libraries(${ADAC_HOST_PAL_LIB} platform_stdc)
endif()
# Generate VAL LIB
include(${CMAKE_SOURCE_DIR}/val/val.cmake)
-# Build test
+# Build test suite
include(${PSA_SUITE_DIR}/suite.cmake)
-#add_dependencies(${TEST_COMBINE_LIB} ${ADAC_HOST_VAL_LIB} ${ADAC_HOST_PAL_LIB} ${ADAC_LIBS})
+#Create single executable
add_executable(${ADAC_HOST_EXE} ${SUITE_CC_SOURCE})
target_include_directories(${ADAC_HOST_EXE} PRIVATE
${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
target_link_libraries (${ADAC_HOST_EXE} ${TEST_COMBINE_LIB}
${ADAC_HOST_VAL_LIB}
diff --git a/secure-debug/README.md b/secure-debug/README.md
index 8947afa..3853c24 100644
--- a/secure-debug/README.md
+++ b/secure-debug/README.md
@@ -1,42 +1,40 @@
-# PSA Secure Debug : Arm ADAC Test Suite
+# PSA Secure Debug: Arm ADAC Test Suite
## Introduction
### ADAC Specification
-The ADAC specification defines the protocol that allows a target to securely authenticate a debug host. The specification targets software-only layers that sit above the physical debug link.
-
-The ADAC specification can be obtained at [ADAC specification](https://developer.arm.com/documentation/den0101/0000).
+The [ADAC specification](https://developer.arm.com/documentation/den0101/0001) defines the protocol that allows a target to securely authenticate a debug host. The specification targets software-only layers that are above the physical debug link.
### ADAC test suite
-The ADAC test suite checks if a device-side implementation conforms to the behavior described in the ADAC specification. The tests are self-checking, portable C-based tests with directed stimulus. The tests are expected to run on the host platform only. The tests drive the commands from the host platform via the debug link and verify the response obtained from the target platform.
+The ADAC test suite checks if a device-side implementation conforms to the behavior described in the ADAC specification. The tests are self-checking, portable C-based tests with directed stimulus. The tests are expected to run on the host platform only. The tests drive the commands from the host platform through the debug link and verify the response obtained from the target platform.
The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution.
## Release details
- - Release Version - 0.5
+ - Release Version - 0.6
- Code Quality: Alpha <br />
- The suite is in development. This indicates that the suite contains tests that has not been validated on any hardware platform. Please use this opportunity to suggest enhancements and point out errors.
+ The suite is in development. This indicates that the suite contains tests that have not been validated on any hardware platform. You can suggest enhancements and point out errors.
- - The ADAC tests are written for version Beta of the [ADAC specification](https://developer.arm.com/documentation/den0101/0000).
+ - The ADAC tests are written for version Beta of the ADAC specification.
- This test suite is not a substitute for design verification.
## Layers
ADAC tests use a layered software-stack approach to enable porting across different test platforms. The constituents of the layered stack are:
- - Test suite
- - Validation Abstraction Layer (VAL)
- - Platform Abstraction Layer (PAL)
+ - Test suite
+ - Validation Abstraction Layer (VAL)
+ - Platform Abstraction Layer (PAL)
-These tests are written on top of Validation Abstraction Layer (VAL) and Platform Abstraction Layer (PAL).
+These tests are written on top of VAL and PAL.
The abstraction layers provide platform information and runtime environment to enable execution of the tests.
-In this release, PAL implementation uses unix sockets as the link layer for sending commands and receiving responses.
+In this release, PAL implementation uses Unix sockets as the link layer for sending commands and receiving responses.
-Partners can also write their own abstraction layer implementations to allow ADAC tests to be run in other host platforms and support the debug link layer.
+You can also write your own abstraction layer implementations to allow ADAC tests to be run in other host platforms and support the debug link layer.
## Scenarios
@@ -46,17 +44,17 @@
Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests. <br />
-See User guide document to get details on the steps involved in porting the test suite to your platform.
+See [Arm Authenticated Debug Access Control Test Suite User guide](docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf) document to get details on the steps involved in porting the test suite to your platform.
This test suite is provided as a separate directory within the psa-arch-tests repository.
### Prerequisites
Before starting the test suite build, ensure that the following requirements are met:
-- Host Operating System : Ubuntu 16.04.4, RHEL 7, Windows 10
-- Scripting tools : Python 3.7.1
-- Other open-source tools : GNUARM 6.3.1, GCC 5.4.0 32-Bit (Linux Host), mingw 6.3.0 32-Bit (Windows Host)
- CMake 3.1 or later
+- Host Operating System: Ubuntu 16.04.4, RHEL 7, Windows 10
+- Scripting tools: Python 3.7.1
+- Other open-source tools: GNUARM 6.3.1, GCC 5.4.0 32-Bit (Linux Host), MinGW 6.3.0 32-Bit (Windows Host)
+ CMake 3.1 or later
## Download source
@@ -64,7 +62,7 @@
git clone https://github.com/ARM-software/psa-arch-tests.git
-To download the master branch of the psa-adac repository, type the following command:
+To download the main branch of the psa-adac repository, type the following command:
git clone git@github.com:ARMmbed/psa-adac.git
@@ -74,8 +72,8 @@
## Porting steps
-Refer to the [Porting Guide](docs/porting_guide_adac_host.md) document for porting steps for your host platform.
-Refer to the [User Guide](docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf) document in the docs folder for additional details.
+See the [Porting Guide](docs/porting_guide_adac_host.md) document for porting steps for your host platform.
+See the [User Guide](docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf) document in the docs folder for additional details.
## Build steps
@@ -83,15 +81,17 @@
~~~
cd psa-arch-tests/secure-debug
git clone git@github.com:ARMmbed/psa-adac.git --recurse-submodules
+ cp adac_ats_alpha1.patch psa-adac/.
+ cd psa-adac/
+ git apply adac_ats_alpha1.patch
+ cd ..
mkdir <host_build_dir>
cd <host_build_dir>
- cmake ../ -G<generator-name> -DTARGET=<target-name> -DCOMPILER=<compiler-selection> -DSUITE=<suite-selection>
+ cmake ../ -G<generator-name> -DTARGET=<target-name> -DSUITE=<suite-selection>
where:
- <generator-name> "Unix Makefiles" - to generate Makefiles for Linux and Cygwin
"MinGW Makefiles" - to generate Makefiles for cmd.exe on Windows
- - <target-name> target to build, as created in the platform/board directory
- - <compiler-selection> GNU
- Defaults to GNU if not specified
+ - <target-name> target to build, as created in the platform/hosts directory
- <suite-selection> ADAC - specify the ADAC suite
To build project
@@ -100,12 +100,12 @@
cmake --build . -- clean
For example:
- cmake ../ -G"Unix Makefiles" -DTARGET=native -DSUITE=ADAC
+ cmake ../ -G"Unix Makefiles" -DTARGET=hst_sdbg_stdc -DSUITE=ADAC
cmake --build .
~~~
Note:
- It is recommended to build each different build configurations in separate directories.
+ It is recommended to build different build configurations in separate directories.
### Build output
The following ADAC test suite build outputs are available under host build directory, as created.
@@ -115,7 +115,7 @@
## Test Suite Execution
-The current release provides a reference implementation of ADAC target which communicates with the host platform using unix sockets. In order to execute the test suite, please follow the steps below:
+The current release provides a reference implementation of ADAC target which communicates with the host platform using Unix sockets. To execute the test suite, follow the steps below:
cd psa-arch-tests/secure-debug/psa-adac
make native
@@ -123,21 +123,21 @@
To launch the target to run as a server instance, run the target executable in another terminal as shown:
cd psa-arch-tests/secure-debug/psa-adac
- ./build/native/Debug/psa_adac_server coms.socket tools/test/resources/chains/chain.EcdsaP256-0
+ ./build/native/Debug/psa_adac_server coms.socket tools/test/resources/chains/chain.EcdsaP256-3
To run the test suite, execute the following command from your host build directory <host_build_dir>:
- ./psa_adac_test ../psa-adac/tools/test/resources/keys/EcdsaP256Key-0.pem \../psa-adac/tools/test/resources/chains/chain.EcdsaP256-0 ../psa-adac/coms.socket
+ ./psa_adac_test ../psa-adac/tools/test/resources/keys/EcdsaP256Key-3.pem \../psa-adac/tools/test/resources/chains/chain.EcdsaP256-3 ../psa-adac/coms.socket
Note:
- - Please look at the psa-adac directory for details about other target platforms.
+ - See the psa-adac directory for information on other target platforms.
- The keys and the certificate credentials for a supported cryptosystem can be generated using the tools provided in the psa-adac repository.
- - The test suite is designed to run once per supported cryptosystem. Partners must ensure that the device must be provisioned with the correct certificates installed in the device's RoT.
+ - The test suite is designed to run once per supported cryptosystem. You must ensure that the device must be provisioned with the correct certificates installed in the device's RoT.
## Security implication
-ADAC test suite may run at higher privilege level. An attacker can utilize these tests to elevate privilege which can potentially reveal the platform secure attests. To prevent such security vulnerabilities into the production system, it is strongly recommended that ADAC test suite is run on development platforms. If it is run on production system, make sure system is scrubbed after running the test suite.
+ADAC test suite may run at higher privilege level. An attacker can utilize these tests to elevate privilege which can potentially reveal the platform Secure attests. To prevent such security vulnerabilities into the production system, it is recommended that ADAC test suite is run on development platforms. If it is run on production system, make sure system is scrubbed after running the test suite.
## License
diff --git a/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf b/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf
index 8f78f6d..0c9d96a 100644
--- a/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf
+++ b/secure-debug/docs/Arm_Authenticated_Debug_Access_Control_Test_Suite_User_Guide.pdf
Binary files differ
diff --git a/secure-debug/docs/porting_guide_adac_host.md b/secure-debug/docs/porting_guide_adac_host.md
index 07f1c03..d84c86c 100644
--- a/secure-debug/docs/porting_guide_adac_host.md
+++ b/secure-debug/docs/porting_guide_adac_host.md
@@ -11,10 +11,10 @@
### Adding a new target
- 1. Create a new directory in **platform/<platform_name>**. For reference, see the existing platform **native** directory.
- 2. Execute `cp -rf platform/native/ platform/<platform_name>/`.
+ 1. Create a new directory in **platform/<platform_name>**. For reference, see the existing platform **hst_sdbg_stdc** directory.
+ 2. Execute `cp -rf platform/hosts/hst_sdbg_stdc/ platform/hosts/<platform_name>/`.
3. Update **platform/<platform_name>/CMakeLists.txt** appropriately to select the correct instances of PAL files for compilation.
- 4. Refer to the **List of PAL APIs** section to view the list of PAL APIs that must be ported for your target platform. These API definitions are available in **val/include/pal_interfaces.h**. These APIs are written for native target platform. You can reuse the code if it works for your platform. Otherwise, you must port them for your platform-specific peripherals.
+ 4. Refer to the **List of PAL APIs** section to view the list of PAL APIs that must be ported for your target platform. These API definitions are available in **val/include/pal_interfaces.h**. These APIs are written for the virtual target **hst_sdbg_stdc**. You can reuse the code if it works for your platform. Otherwise, you must port them for your platform-specific peripherals.
5. The main.c requires path to the key and certificate chain that point to the host credentials. This must be provided as command-line arguments. You can provide debug link layer specific parameters as additional command-line arguments.
6. If you want to use a pre-built debug communication interface, create a new directory under the depends directory and list your shared libraries within it. A placeholder for RDDI libraries is provided. You can then link these libraries to your platform.
@@ -23,10 +23,12 @@
| No | Prototype | Description | Parameters |
|----|-------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------|
-| 01 | int pal_print(char *str, int32_t data); | Parses the input string and writes bytes into the message interface | str : Input String<br/>data : Value for format specifier<br/> |
-| 02 | int request_packet_send(request_packet_t *packet); | Writes the ADAC command frame into the communication buffer for transmit | request packet<br/> |
-| 03 | response_packet_t *response_packet_receive(); | Reads the ADAC command response from the communication buffer | None<br/> |
-| 04 | int pal_system_reset(void) | Resets the system and disconnects from device | None |
+| 01 | int pal_print(char *str, int32_t data); | Parses the input string and writes bytes into the message interface | str: Input String<br/>data: Value for format specifier<br/> |
+| 02 | int pal_system_reset(void) | Resets the system and disconnects from device | None |
+| 03 | int pal_msg_interface_init(void *ctx) | Initializes the message interface for debugging information | Handle for the communication interface |
+| 04 | int pal_msg_interface_free(void *ctx) | Releases the message interface | Handle for the communication interface |
+| 05 | int pal_message_send(uint8_t buffer[], size_t size) | Sends the request data on the debug link interface to the device | buffer_ptr for payload, transfer size in bytes |
+| 06 | int pal_message_receive(uint8_t buffer[], size_t size)| Reads the response data from the device | buffer_ptr for payload, transfer size in bytes |
## License
Arm PSA test suite is distributed under Apache v2.0 License.
diff --git a/secure-debug/docs/psa_adac_scenarios.md b/secure-debug/docs/psa_adac_scenarios.md
index 8d8fcae..bc9748b 100644
--- a/secure-debug/docs/psa_adac_scenarios.md
+++ b/secure-debug/docs/psa_adac_scenarios.md
@@ -2,22 +2,26 @@
| Scenario ID | Section | Description | Test Cases |
|-------------|------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|
-| S_ADAC_001 | Commands | Verify that the following commands are recognized by the target and do not return SDP_INVALID_COMMAND status.<br />1. Discovery<br/>2. Authentication Start<br\>3. Authentication Response<br/>4. Close Session<br/>5. Lock Debug<br/> | TBD <br/> |
-| S_ADAC_002 | Commands | Send two authentication start commands back-to-back and verify that the challenge vector obtained in the response is different. | test_a001 <br/> |
-| S_ADAC_003 | Commands | Use discovery command to query the target for supported response fragment formats. Check that the following response fragments are supported: <br\>1. 0x200 token_adac<br\>2. 0x201 cert_adac<br\>| TBD <br/> |
-| S_ADAC_004 | Commands | Issue invalid response fragment as part of Authentication response and check that the target responds with SDP_FAILURE status.| TBD <br/> |
-| S_ADAC_005 | Commands | Issue a different command after starting the Authentication response command and check that the target responds with SDP_FAILURE status. | TBD <br/> |
-| S_ADAC_006 | Commands | Verify that for a multiple fragment Authentication response request, the device responds with a SDP_MORE_DATA_NEEDED status code after each response fragment.| TBD <br/> |
-| S_ADAC_007 | Commands | Check that the Close Session command always returns a SDP_SUCCESS status.| TBD <br/> |
-| S_ADAC_008 | Constraints| Provide a leaf certificate before a root certificate and verify that an error response is generated by the target.| TBD <br/> |
-| S_ADAC_009 | Constraints| Check that a certificate is rejected due to each of the following scope-limiting feature:1. Role<br/>2. Lifecycle<br/>| TBD <br/> |
-| S_ADAC_010 | Constraints| Check that if two or more distinct non-neutral values are present in the certificate chain, a failure response is obtained.| TBD <br/> |
-| S_ADAC_011 | Constraints| Request a permission value (perm_req) via authentication token which is denied due to a restrictive perm_mask field. Check that the authentication response is successful.| TBD <br/> |
-| S_ADAC_012 | Constraints| Request access to software partition with no software partition ID listed in the certificate chain. Check that success status is reported.| TBD <br/> |
+| S_ADAC_001 | Commands | Verify that the following commands are recognized by the target and do not return SDP_INVALID_COMMAND status.<br />1. Discovery<br/>2. Authentication Start<br/>3. Authentication Response<br/>4. Close Session<br/>5. Lock Debug<br/> | test_a002 <br/> |
+| S_ADAC_002 | Commands | Send two authentication-start commands back-to-back and verify that the challenge vector obtained in the response is different. | test_a001 <br/> |
+| S_ADAC_003 | Commands | Use discovery command to query the target for supported response fragment formats. Check the following constraints for the response: <br/>1. token_formats (Type ID 0x0100) TLV enlists token_adac (Type ID 0x200)<br/>2. cert_formats (Type ID 0x0101) TLV enlists cert_adac (Type ID 0x201)<br/>3. psa_lifecyle TLV indicates only one state.<br/>| test_a003 <br/> |
+| S_ADAC_004 | Commands | Send discovery command with list of specified TLV entries, both in increasing and decreasing order. Verify that the target responds with SDP_SUCCESS status. | test_a004 <br/> |
+| S_ADAC_005 | Commands | Send invalid response fragment as part of Authentication response command sequence and check that the target responds with SDP_FAILURE status.| test_a005 <br/> |
+| S_ADAC_006 | Commands | Request two challenge sequences back-to-back. Send the ADAC token signed with the older challenge and verify that the target rejects the token by responding with SDP_FAILURE. Send the ADAC token with the latest issued challenge and check that the target rejects the updated token as well by responding with SDP_FAILURE status. | test_a005 <br/> |
+| S_ADAC_007 | Commands | Send an authentication response command with a NULL payload and verify that the target responds with SDP_FAILURE status. | test_a006 <br/> |
+| S_ADAC_008 | Commands | Verify that the target responds to an unrecognized ADAC command with SDP_INVALID_COMMAND status. | test_a007 <br/> |
+| S_ADAC_009 | Commands | Verify that for a multiple fragment Authentication response request, the device responds with a SDP_MORE_DATA_NEEDED status code after each response fragment. | test_a001, test_a005 <br/> |
+| S_ADAC_010 | Commands | Check that the Close Session command always returns an SDP_SUCCESS status. | test_a001 <br/> |
+| S_ADAC_011 | Constraints| In a certificate chain, provide a leaf certificate before a root certificate and verify that the target responds with an error. | test_a008 <br/> |
+| S_ADAC_012 | Constraints| Check that a certificate is rejected due to each of the following scope-limiting feature:<br/>1. Role<br/>2. Lifecycle<br/>| test_a008 <br/> |
+| S_ADAC_013 | Constraints| Check that if two or more distinct non-neutral values are present in the certificate chain, a failure response is obtained.| test_a009 <br/> |
+| S_ADAC_014 | Constraints| Request a permission value (perm_req) via authentication token which is denied due to a restrictive perm_mask field. Check that the authentication response is successful.| test_a002 <br/> |
+| S_ADAC_015 | Constraints| Request access to software partition with no software partition ID listed in the certificate chain. Check that success status is reported.| test_a010 <br/> |
+| S_ADAC_016 | Constraints| Verify that the reserved fields of TLV sequences read as 0 for ADAC version 1.0 implementation.| test_a011 <br/> |
## Note
-1. The list of identified scenarios are not exhaustive and is subject to change.<br/>
+1. The list of identified scenarios is not exhaustive and is subject to change.<br/>
2. Some of the listed scenarios could be descoped or classified as testing limitation.<br />
# License
diff --git a/secure-debug/docs/test_failure_analysis.md b/secure-debug/docs/test_failure_analysis.md
new file mode 100644
index 0000000..a1d3532
--- /dev/null
+++ b/secure-debug/docs/test_failure_analysis.md
@@ -0,0 +1,22 @@
+
+# Test failure analysis document
+-----------------------------------------------------
+
+This file contains list of failures identified when testing the release of Alpha1 quality ADAC Test suite.
+PSA-ADAC repository commit Hash - e91ebc4c06351e860b5c50dbdc2901a8260979a1
+along with the patch file adac_ats_alpha1.patch
+The reason for each failing test is listed here in this file.
+
+## Known Failures
+
+| Test | Fail description | Github issue |
+|------|---------------------------------------------------------------------------------| ------------ |
+|test_a010 | Token extension hash signing check failed | https://github.com/ARM-software/psa-adac/issues/5 |
+
+## License
+
+Arm PSA test suite is distributed under Apache v2.0 License.
+
+--------------
+
+*Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.*
diff --git a/secure-debug/platform/common/include/adac_util.h b/secure-debug/platform/common/include/adac_util.h
new file mode 100644
index 0000000..14af7ac
--- /dev/null
+++ b/secure-debug/platform/common/include/adac_util.h
@@ -0,0 +1,130 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PSA_ADAC_UTIL_H_
+#define _PSA_ADAC_UTIL_H_
+#include <psa_adac.h>
+
+#define PSA_LIFECYCLE_MAJOR_STATE 0xFF00u
+/** \brief Token header
+ *
+ */
+typedef struct {
+ uint16_t type;
+ uint8_t *data;
+ size_t size;
+} adac_command_frame_t;
+
+typedef enum {
+ NULL_TYPE = 0x0000,
+ ADAC_AUTH_VERSION = 0x0001,
+ VENDOR_ID = 0x0002,
+ SOC_CLASS = 0x0003,
+ SOC_ID = 0x0004,
+ TARGET_IDENTITY = 0x0005,
+ HW_PERMISSIONS_FIXED = 0x0006,
+ HW_PERMISSIONS_MASK = 0x0007,
+ PSA_LIFECYCLE = 0x0008,
+ SW_PARTITION_ID = 0x0009,
+ SDA_ID = 0x000a,
+ TOKEN_FORMATS = 0x0100,
+ CERT_FORMATS = 0x0101,
+ CRYPTOSYSTEMS = 0x0102,
+ TOKEN_ADAC = 0x0200,
+ CERT_ADAC = 0x0201,
+ ROT_META = 0x0202,
+ VENDOR_TYPE_ID0 = 0x8000
+} adac_type_id_t;
+
+typedef enum {
+ UNKNOWN = 0x0000,
+ ASSEMBLY_AND_TEST = 0x1000,
+ PSA_ROT_AND_PROVISIONING = 0x2000,
+ SECURED = 0x3000,
+ NON_PSA_ROT_DEBUG = 0x4000,
+ RECOVERABLE_PSA_ROT_DEBUG = 0x5000,
+ DECOMMISSIONED = 0x6000
+} psa_lifecycle_major_state_t;
+
+void psa_adac_host_init(void);
+psa_status_t psa_adac_load_certificate_chain(const char *chain_file, uint8_t **chain,
+ size_t *chain_size);
+psa_status_t psa_adac_read_extensions(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
+ size_t *extns_count);
+uint8_t detect_cryptosystem(psa_tlv_t **extns_list, size_t extns_count);
+uint8_t get_certificate_role(psa_tlv_t **extns_list, size_t extns_count);
+psa_status_t psa_adac_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
+ uint8_t **key_ptr, size_t *size);
+psa_status_t psa_adac_issue_command(uint32_t command, request_packet_t *packet,
+ uint8_t *data, size_t data_size);
+response_packet_t *psa_adac_await_response(void);
+psa_status_t psa_adac_parse_response(uint32_t command, response_packet_t *packet);
+
+psa_status_t psa_adac_send_certificate(psa_tlv_t **extns_list, size_t extns_count);
+psa_status_t psa_adac_construct_token(uint8_t challenge[], size_t challenge_size,
+ uint8_t sign_type, uint8_t exts[], size_t exts_size,
+ uint8_t *fragment[], size_t *fragment_size, uint8_t *perm,
+ psa_key_handle_t handle, uint8_t *key, size_t key_size);
+psa_status_t psa_adac_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system);
+
+request_packet_t *request_packet_lock(size_t *max_data_size);
+
+/**
+ * @brief - Reserve the communication buffer memory for receive packet.
+ * @param - max_data_size Valid size of command frame
+ * @return - Pointer to the command frame to be read
+**/
+response_packet_t *response_packet_lock(size_t *max_data_size);
+
+/**
+ * @brief - Release the lock held by transmit packet.
+ * @param - packet Most recent command frame sent
+ * @return - SUCCESS/FAILURE
+**/
+int request_packet_release(request_packet_t *packet);
+
+/**
+ * @brief - Release the lock held by receive packet.
+ * @param - packet Most recent response packet received
+ * @return - SUCCESS/FAILURE
+**/
+int response_packet_release(response_packet_t *packet);
+
+/**
+ * @brief - Construct the Request packet for the specified ADAC command.
+ * @param - command ADAC command
+ * data Pointer to payload
+ * data_size Size of the command payload
+ * @return - Pointer to the command frame to be written
+**/
+request_packet_t *request_packet_build(uint16_t command, uint8_t *data, size_t data_size);
+
+/**
+ * @brief - Write the Request packet into the communication buffer for transmit.
+ * @param - packet Request packet built for dispatch
+ * @return - SUCCESS/FAILURE
+**/
+int request_packet_send(request_packet_t *packet);
+
+/**
+ * @brief - Read the Response packet from the communication buffer.
+ * @param - None
+ * @return - Response packet received from target.
+**/
+response_packet_t *response_packet_receive();
+
+#endif /* _PSA_ADAC_UTIL_H_ */
diff --git a/secure-debug/platform/common/include/pal_interfaces.h b/secure-debug/platform/common/include/pal_interfaces.h
new file mode 100644
index 0000000..d8d30b1
--- /dev/null
+++ b/secure-debug/platform/common/include/pal_interfaces.h
@@ -0,0 +1,71 @@
+/** @file
+ * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _PAL_INTERFACES_H_
+#define _PAL_INTERFACES_H_
+
+#include <stdarg.h>
+#include <stdint.h>
+
+/**
+ * @brief - This function parses the input string and writes bytes into logger TX FIFO
+ * @param - str : Input String
+ * - data : Value for format specifier
+ * @return - SUCCESS/FAILURE
+**/
+
+int pal_print(const char *str, int32_t data);
+
+/**
+ * @brief - Terminates the simulation at the end of all tests completion.
+ * By default, it put cpus into power down mode.
+ * @param - void
+ * @return - void
+**/
+void pal_terminate_simulation(void);
+
+/**
+ * @brief - Resets the system.
+ * @param - void
+ * @return - SUCCESS/FAILURE
+**/
+int pal_system_reset(void);
+
+/**
+ * @brief - Initialise the host-side channel for communication with device.
+ * @param - ctx Hook for platform-specific descriptor
+ * buffer Pointer to memory used for TX/RX
+ * buffer_size Size of allocated memory for TX/RX
+ * @return - SUCCESS/FAILURE
+**/
+int msg_interface_init(void *ctx, uint8_t buffer[], size_t size);
+
+/**
+ * @brief - Release the host-side channel for communication with device.
+ * @param - ctx Hook for platform-specific descriptor
+ * @return - SUCCESS/FAILURE
+**/
+int msg_interface_free(void *ctx);
+
+int pal_msg_interface_init(void *ctx);
+
+int pal_msg_interface_free(void *ctx);
+
+int pal_message_send(uint8_t buffer[], size_t size);
+
+int pal_message_receive(uint8_t buffer[], size_t size);
+
+#endif /*_PAL_INTERFACES_H_ */
diff --git a/secure-debug/platform/common/pal.cmake b/secure-debug/platform/common/pal.cmake
new file mode 100644
index 0000000..6dd9507
--- /dev/null
+++ b/secure-debug/platform/common/pal.cmake
@@ -0,0 +1,38 @@
+#/** @file
+# * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+if(NOT DEFINED PSA_ADAC_ROOT)
+ get_filename_component(PSA_ADAC_ROOT ${CMAKE_SOURCE_DIR}/psa-adac ABSOLUTE)
+endif()
+
+# Listing all the sources from pal
+list(APPEND PAL_SRC_C
+ ${CMAKE_SOURCE_DIR}/platform/common/src/adac_command_util.c
+ ${CMAKE_SOURCE_DIR}/platform/common/src/adac_packet_util.c
+)
+
+# Create PAL library
+add_library(${ADAC_HOST_PAL_LIB} STATIC ${PAL_SRC_C})
+
+target_include_directories(${ADAC_HOST_PAL_LIB} PRIVATE
+ ${CMAKE_SOURCE_DIR}/platform/common/include
+ ${PSA_ADAC_ROOT}/psa-adac/core/include
+ ${PSA_ADAC_ROOT}/psa-adac/sdm/include
+ ${PSA_ADAC_ROOT}/external/mbed-tls/include
+ )
+
+target_link_libraries(${ADAC_HOST_PAL_LIB} ${ADAC_LIBS})
diff --git a/secure-debug/platform/common/src/adac_command_util.c b/secure-debug/platform/common/src/adac_command_util.c
new file mode 100644
index 0000000..2439102
--- /dev/null
+++ b/secure-debug/platform/common/src/adac_command_util.c
@@ -0,0 +1,334 @@
+/** @file
+ * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <adac_util.h>
+#include <psa_adac_cryptosystems.h>
+#include <psa_adac_sdm.h>
+#include <psa_adac_debug.h>
+
+void psa_adac_host_init(void)
+{
+ psa_crypto_init();
+}
+
+psa_status_t psa_adac_load_certificate_chain(const char *chain_file, uint8_t **chain,
+ size_t *chain_size)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+
+ if (chain_file == NULL) {
+ PSA_ADAC_LOG_ERR("file", "chain file path not found\n");
+ r = PSA_ERROR_INVALID_ARGUMENT;
+ return r;
+ }
+ ret_val = load_trust_chain(chain_file, chain, chain_size);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("loader", "Certificate chain cannot be loaded\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ }
+ return r;
+}
+
+psa_status_t psa_adac_read_extensions(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
+ size_t *extns_count)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+ size_t count;
+
+ ret_val = split_tlv_static(chain, chain_size, extns_list, MAX_EXTENSIONS, extns_count);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("host", "Error parsing trust chain\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+ count = *extns_count;
+ if (count > MAX_EXTENSIONS) {
+ PSA_ADAC_LOG_ERR("certificate", "Extension count exceeded maximum allowed\n");
+ r = PSA_ERROR_NOT_PERMITTED;
+ return r;
+ }
+
+ PSA_ADAC_LOG_INFO("host", "Found %zu certificates\n", count);
+ return r;
+}
+
+uint8_t detect_cryptosystem(psa_tlv_t *extns_list[], size_t extn_count)
+{
+ size_t i;
+ psa_tlv_t *current_extn;
+ uint8_t key_type;
+
+ for (i = 0; i < extn_count; i++) {
+ current_extn = extns_list[i];
+ if ((current_extn)->type_id == CERT_ADAC)
+ key_type = ((certificate_header_t *) current_extn->value)->key_type;
+ }
+ PSA_ADAC_LOG_INFO("host", "Cryptosystem detected: %d\n", key_type);
+ return key_type;
+}
+
+uint8_t get_certificate_role(psa_tlv_t *extns_list[], size_t extn_count)
+{
+ size_t i;
+ psa_tlv_t *current_extn;
+ uint8_t role_type;
+
+ for (i = 0; i < extn_count; i++) {
+ current_extn = extns_list[i];
+ if ((current_extn)->type_id == CERT_ADAC)
+ role_type = ((certificate_header_t *) current_extn->value)->role;
+ }
+ PSA_ADAC_LOG_INFO("host", "Certificate role: %d\n", role_type);
+ return role_type;
+}
+
+psa_status_t psa_adac_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
+ uint8_t **key_ptr, size_t *size)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+ uint8_t key_type = *type;
+
+ if (key_file == NULL) {
+ PSA_ADAC_LOG_ERR("file", "key file path not found\n");
+ r = PSA_ERROR_INVALID_ARGUMENT;
+ return r;
+ }
+
+ switch (key_type) {
+ case ECDSA_P256_SHA256:
+ case ECDSA_P521_SHA512:
+ case RSA_3072_SHA256:
+ case RSA_4096_SHA256:
+ case ED_25519_SHA512:
+ case ED_448_SHAKE256:
+ case SM_SM2_SM3:
+ ret_val = import_private_key(key_file, type, handle);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("loader", "Could not import private key (%s)\n", key_file);
+ r = PSA_ERROR_GENERIC_ERROR;
+ } else {
+ key_ptr = NULL;
+ size = 0;
+ }
+ break;
+
+ case CMAC_AES:
+ case HMAC_SHA256:
+ ret_val = load_secret_key(key_file, key_type, key_ptr, size);
+ if (ret_val != 0) {
+ PSA_ADAC_LOG_ERR("loader", "Could not import secret key (%s)\n", key_file);
+ r = PSA_ERROR_GENERIC_ERROR;
+ } else {
+ handle = NULL;
+ }
+ break;
+
+ default:
+ PSA_ADAC_LOG_INFO("host", "Unsupported key type (0x%x)\n", key_type);
+ r = PSA_ERROR_NOT_SUPPORTED;
+ }
+ return r;
+}
+
+psa_status_t psa_adac_issue_command(uint32_t command, request_packet_t *packet,
+ uint8_t *data, size_t data_size)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+
+ packet = request_packet_build((uint16_t)command, data, data_size);
+
+ if (packet == NULL) {
+ PSA_ADAC_LOG_ERR("host", "Command construction failed\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+
+ switch (command) {
+ case SDP_DISCOVERY_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending discovery request\n");
+ break;
+ case SDP_AUTH_START_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending challenge request\n");
+ break;
+ case SDP_AUTH_RESPONSE_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending authentication response\n");
+ break;
+ case SDP_RESUME_BOOT_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending close session command\n");
+ break;
+ case SDP_LOCK_DEBUG_CMD:
+ PSA_ADAC_LOG_INFO("host", "Sending lock debug request\n");
+ break;
+ default:
+ if (command & 0x8000u)
+ PSA_ADAC_LOG_INFO("host", "Vendor specific command provided. ID=(0x%x)\n", command);
+ else {
+ PSA_ADAC_LOG_INFO("host", "Unrecognized command. ID=(0x%x)\n", command);
+ r = PSA_ERROR_NOT_SUPPORTED;
+ }
+ }
+ ret_val = request_packet_send(packet);
+ if (ret_val < 0)
+ r = PSA_ERROR_GENERIC_ERROR;
+
+ request_packet_release(packet);
+ return r;
+}
+
+response_packet_t *psa_adac_await_response(void)
+{
+ return response_packet_receive();
+}
+
+psa_status_t psa_adac_parse_response(uint32_t command, response_packet_t *packet)
+{
+ int ret_val;
+ psa_status_t r = PSA_SUCCESS;
+ size_t i;
+ psa_tlv_t *tlv;
+ psa_auth_challenge_t *challenge;
+
+ if (packet == NULL) {
+ PSA_ADAC_LOG_ERR("host", "Target response not obtained\n");
+ r = PSA_ERROR_COMMUNICATION_FAILURE;
+ return r;
+ } else {
+ PSA_ADAC_LOG_DEBUG("host", "status = 0x%04x, data_count = %d\n",
+ packet->status, packet->data_count);
+ }
+
+ switch (command) {
+ case SDP_DISCOVERY_CMD:
+ PSA_ADAC_LOG_INFO("host", "Receiving discovery response...\n");
+ for (i = 0; (i + 4) < (packet->data_count * 4);) {
+ tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
+ //PSA_ADAC_LOG_DEBUG("host", "discovery @+%zu, type_id: 0x%04x, length: %d\n",
+ // i, tlv->type_id, tlv->length_in_bytes);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ break;
+ case SDP_AUTH_START_CMD:
+ PSA_ADAC_LOG_INFO("host", "Receiving challenge..\n");
+ if (packet->data_count * 4 != sizeof(psa_auth_challenge_t)) {
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+ challenge = (psa_auth_challenge_t *) packet->data;
+ break;
+ case SDP_AUTH_RESPONSE_CMD:
+ case SDP_RESUME_BOOT_CMD:
+ case SDP_LOCK_DEBUG_CMD:
+ break;
+ default:
+ r = PSA_ERROR_NOT_SUPPORTED;
+ PSA_ADAC_LOG_INFO("host", "Unrecognized command. ID=(0x%x)\n", command);
+ }
+ return r;
+}
+
+psa_status_t psa_adac_send_certificate(psa_tlv_t **extns_list, size_t extns_count)
+{
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_status_t r;
+ uint8_t *payload;
+ size_t i, payload_size;
+ psa_tlv_t *current_extn;
+
+ for (size_t i = 0; i < extns_count; i++) {
+ current_extn = extns_list[i];
+ if (current_extn->type_id == 0x0201) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ PSA_ADAC_LOG_INFO("host", "Sending Certificate..\n");
+ r = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (r != PSA_SUCCESS)
+ return r;
+
+ response = psa_adac_await_response();
+ r = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (r != PSA_SUCCESS)
+ return r;
+
+ if (response->status == SDP_NEED_MORE_DATA)
+ response_packet_release(response);
+ }
+ }
+ if (response->status != SDP_NEED_MORE_DATA) {
+ PSA_ADAC_LOG_ERR("host", "Unexpected response status %x\n", response->status);
+ r = PSA_ERROR_GENERIC_ERROR;
+ return r;
+ }
+ response_packet_release(response);
+ return r;
+}
+
+psa_status_t psa_adac_construct_token(uint8_t challenge[], size_t challenge_size,
+ uint8_t sign_type, uint8_t exts[], size_t exts_size,
+ uint8_t *fragment[], size_t *fragment_size, uint8_t *perm,
+ psa_key_handle_t handle, uint8_t *key, size_t key_size)
+{
+ psa_status_t r;
+
+ r = psa_adac_sign_token(challenge, challenge_size, sign_type, exts, exts_size,
+ fragment, fragment_size, perm, handle, key, key_size);
+ if (r != PSA_SUCCESS) {
+ PSA_ADAC_LOG_ERR("host", "Error signing token\n");
+ r = PSA_ERROR_GENERIC_ERROR;
+ }
+ return r;
+}
+
+psa_status_t psa_adac_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system)
+{
+ int found = 0, j;
+ size_t i = 0;
+ psa_status_t r;
+ psa_tlv_t *tlv;
+ uint8_t *key_support_types = NULL;
+
+ while ((i + 4) < (packet->data_count * 4)) {
+ tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
+ if (tlv->type_id == 0x0102) {
+ key_support_types = tlv->value;
+ for (j = 0; j < (tlv->length_in_bytes); j++) {
+ if (*(key_support_types+j) == key_system) {
+ found = 1;
+ break;
+ }
+ }
+ }
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ if (key_support_types == NULL) {
+ PSA_ADAC_LOG_ERR("host", "Cryptosystem Type ID not specified\n");
+ r = PSA_ERROR_DOES_NOT_EXIST;
+ } else if (!found) {
+ PSA_ADAC_LOG_ERR("host", "Cryptosystem not supported by target\n");
+ r = PSA_ERROR_NOT_SUPPORTED;
+ } else {
+ PSA_ADAC_LOG_INFO("host", "Cryptosystem supported by target\n");
+ r = PSA_SUCCESS;
+ }
+ return r;
+}
diff --git a/secure-debug/platform/native/src/pal_interfaces.c b/secure-debug/platform/common/src/adac_packet_util.c
similarity index 67%
rename from secure-debug/platform/native/src/pal_interfaces.c
rename to secure-debug/platform/common/src/adac_packet_util.c
index 9c33a5a..d9244fb 100644
--- a/secure-debug/platform/native/src/pal_interfaces.c
+++ b/secure-debug/platform/common/src/adac_packet_util.c
@@ -17,31 +17,10 @@
#include <psa_adac.h>
#include <psa_adac_debug.h>
-#include "unix_msg.h"
-
-#include <stdio.h>
-#include <stdlib.h>
+#include <adac_util.h>
+#include <pal_interfaces.h>
#include <string.h>
-#if !defined(_MSC_VER)
- #include <unistd.h>
-#else // !defined(_MSC_VER)
- #include <io.h>
-
- // Disable warning about POSIX function names.
- #pragma warning(disable : 4996)
-#endif // !defined(_MSC_VER)
-
-int static_buffer_msg_init(uint8_t *buffer, size_t size);
-int static_buffer_msg_release(void);
-
-#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF
-
-typedef enum {
- PAL_STATUS_SUCCESS = 0x0,
- PAL_STATUS_ERROR = 0x80
-} pal_status_t;
-
enum {
BUFFER_UNINITIALIZED = 0,
BUFFER_EMPTY,
@@ -51,27 +30,6 @@
static size_t static_buffer_size;
static uint8_t *static_buffer_pointer;
static uint8_t static_buffer_status = BUFFER_UNINITIALIZED;
-static int _fd;
-
-
-int pal_print(const char *str, int32_t data)
-{
- if (printf(str, data) < 0)
- {
- return PAL_STATUS_ERROR;
- }
- return PAL_STATUS_SUCCESS;
-}
-
-void pal_terminate_simulation(void)
-{
- ;
-}
-
-int pal_system_reset(void)
-{
- return PAL_STATUS_UNSUPPORTED_FUNC;
-}
int static_buffer_msg_init(uint8_t *buffer, size_t size)
{
@@ -166,51 +124,20 @@
int msg_interface_init(void *ctx, uint8_t buffer[], size_t buffer_size)
{
- unix_socket_init();
-
if (ctx == NULL)
return -1;
+ else
+ pal_msg_interface_init(ctx);
- _fd = *((int *) ctx);
return static_buffer_msg_init(buffer, buffer_size);
}
int msg_interface_free(void *ctx)
{
- unix_socket_close(_fd);
- _fd = -1;
+ pal_msg_interface_free(ctx);
return static_buffer_msg_release();
}
-static int message_receive(int fd, uint8_t buffer[], size_t max, size_t *size)
-{
- if (nread(fd, buffer, sizeof(request_packet_t)) != sizeof(request_packet_t)) {
- PSA_ADAC_LOG_ERR("transport_unix", "Error receiving message header\n");
- return -1;
- }
- request_packet_t *p = (request_packet_t *) buffer;
-
- if (4 + p->data_count * 4 > max) {
- PSA_ADAC_LOG_ERR("transport_unix", "Message would overflow buffer (%d > %d)\n",
- 4 + p->data_count * 4, (int) max);
- return -1;
- }
- if (p->data_count) {
- if (nread(fd, (uint8_t *) p->data, p->data_count * 4) != p->data_count * 4) {
- PSA_ADAC_LOG_ERR("transport_unix", "Error receiving message body\n");
- return -1;
- }
- }
- //PSA_ADAC_LOG_DUMP("msg", "receive", buffer, 4 + p->data_count * 4);
- return 0;
-}
-
-static int message_send(int fd, uint8_t buffer[], size_t size)
-{
- //PSA_ADAC_LOG_DUMP("msg", "send", buffer, size);
- return nwrite(fd, (uint8_t *) buffer, size) == size ? 0 : -1;
-}
-
int request_packet_send(request_packet_t *packet)
{
if (packet == NULL)
@@ -218,7 +145,39 @@
size_t size = sizeof(request_packet_t) + 4 * packet->data_count;
- return message_send(_fd, (uint8_t *) packet, size);
+ //PSA_ADAC_LOG_DUMP("msg", "send", (uint8_t *) packet, size);
+ return pal_message_send((uint8_t *) packet, size);
+}
+
+static int message_receive(uint8_t buffer[], size_t max, size_t *size)
+{
+ size_t length;
+
+ length = sizeof(response_packet_t);
+ if (pal_message_receive(buffer, length) != length)
+ {
+ PSA_ADAC_LOG_ERR("transport", "Error receiving message header\n");
+ return -1;
+ }
+ response_packet_t *p = (response_packet_t *) buffer;
+
+ if (4 + p->data_count * 4 > max)
+ {
+ PSA_ADAC_LOG_ERR("transport", "Message would overflow buffer (%d > %d)\n",
+ 4 + p->data_count * 4, (int) max);
+ return -1;
+ }
+ if (p->data_count)
+ {
+ length = p->data_count * 4;
+ if (pal_message_receive((uint8_t *) p->data, length) != length)
+ {
+ PSA_ADAC_LOG_ERR("transport", "Error receiving message body\n");
+ return -1;
+ }
+ }
+ //PSA_ADAC_LOG_DUMP("msg", "receive", buffer, sizeof(response_packet_t) + p->data_count * 4);
+ return 0;
}
response_packet_t *response_packet_receive()
@@ -227,17 +186,18 @@
response_packet_t *r = response_packet_lock(&max);
if (r != NULL) {
- if (message_receive(_fd, (uint8_t *) r, max, NULL) == 0)
+ if (message_receive((uint8_t *) r, max, NULL) == 0)
return r;
- PSA_ADAC_LOG_ERR("transport_unix", "Error Receiving Response");
+ PSA_ADAC_LOG_ERR("transport", "Error Receiving Response");
response_packet_release(r);
} else {
- PSA_ADAC_LOG_ERR("transport_unix", "Error Locking Response");
+ PSA_ADAC_LOG_ERR("transport", "Error Locking Response");
}
return NULL;
}
+// Not used by test. Required for building dependent ADAC crypto libraries
void psa_adac_platform_init(void)
{
;
diff --git a/secure-debug/platform/native/CMakeLists.txt b/secure-debug/platform/hosts/hst_sdbg_stdc/CMakeLists.txt
similarity index 64%
rename from secure-debug/platform/native/CMakeLists.txt
rename to secure-debug/platform/hosts/hst_sdbg_stdc/CMakeLists.txt
index a517d01..f462094 100644
--- a/secure-debug/platform/native/CMakeLists.txt
+++ b/secure-debug/platform/hosts/hst_sdbg_stdc/CMakeLists.txt
@@ -16,16 +16,18 @@
# Set the minimum required version of CMake for the project
cmake_minimum_required(VERSION 3.10)
-PROJECT (platform_native)
+PROJECT (platform_stdc)
include_directories(
- ${CMAKE_SOURCE_DIR}/platform/native/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/include
)
-add_library(platform_native STATIC)
-target_sources(platform_native PUBLIC
- ${CMAKE_SOURCE_DIR}/platform/native/src/pal_interfaces.c
- ${CMAKE_SOURCE_DIR}/platform/native/src/unix_msg.c
- ${CMAKE_SOURCE_DIR}/platform/native/src/main.c
+add_library(platform_stdc STATIC)
+target_sources(platform_stdc PUBLIC
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/src/unix_msg.c
+ ${CMAKE_SOURCE_DIR}/platform/hosts/hst_sdbg_stdc/src/main.c
)
-target_link_libraries(platform_native mbedcrypto)
+
+target_link_libraries(platform_stdc)
diff --git a/secure-debug/platform/native/include/platform.h b/secure-debug/platform/hosts/hst_sdbg_stdc/include/platform.h
similarity index 100%
rename from secure-debug/platform/native/include/platform.h
rename to secure-debug/platform/hosts/hst_sdbg_stdc/include/platform.h
diff --git a/secure-debug/platform/native/include/psa_adac_platform.h b/secure-debug/platform/hosts/hst_sdbg_stdc/include/psa_adac_platform.h
similarity index 100%
rename from secure-debug/platform/native/include/psa_adac_platform.h
rename to secure-debug/platform/hosts/hst_sdbg_stdc/include/psa_adac_platform.h
diff --git a/secure-debug/platform/native/include/unix_msg.h b/secure-debug/platform/hosts/hst_sdbg_stdc/include/unix_msg.h
similarity index 100%
rename from secure-debug/platform/native/include/unix_msg.h
rename to secure-debug/platform/hosts/hst_sdbg_stdc/include/unix_msg.h
diff --git a/secure-debug/platform/native/src/main.c b/secure-debug/platform/hosts/hst_sdbg_stdc/src/main.c
similarity index 97%
rename from secure-debug/platform/native/src/main.c
rename to secure-debug/platform/hosts/hst_sdbg_stdc/src/main.c
index 86c563f..cae5882 100644
--- a/secure-debug/platform/native/src/main.c
+++ b/secure-debug/platform/hosts/hst_sdbg_stdc/src/main.c
@@ -17,7 +17,7 @@
#include <stdio.h>
#include <stdlib.h>
-#include "pal_common.h"
+#include "pal_interfaces.h"
#include "unix_msg.h"
int32_t val_entry(void);
diff --git a/secure-debug/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c b/secure-debug/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c
new file mode 100644
index 0000000..5c14d08
--- /dev/null
+++ b/secure-debug/platform/hosts/hst_sdbg_stdc/src/pal_interfaces.c
@@ -0,0 +1,89 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "unix_msg.h"
+#include <pal_interfaces.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_MSC_VER)
+ #include <unistd.h>
+#else // !defined(_MSC_VER)
+ #include <io.h>
+
+ // Disable warning about POSIX function names.
+ #pragma warning(disable : 4996)
+#endif // !defined(_MSC_VER)
+
+#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF
+
+typedef enum {
+ PAL_STATUS_SUCCESS = 0x0,
+ PAL_STATUS_ERROR = 0x80
+} pal_status_t;
+
+static int _fd;
+
+int pal_print(const char *str, int32_t data)
+{
+ if (printf(str, data) < 0)
+ {
+ return PAL_STATUS_ERROR;
+ }
+ return PAL_STATUS_SUCCESS;
+}
+
+void pal_terminate_simulation(void)
+{
+ ;
+}
+
+int pal_system_reset(void)
+{
+ return PAL_STATUS_UNSUPPORTED_FUNC;
+}
+
+int pal_msg_interface_init(void *ctx)
+{
+ unix_socket_init();
+
+ if (ctx == NULL)
+ return -1;
+
+ _fd = *((int *) ctx);
+ return 0;
+}
+
+int pal_msg_interface_free(void *ctx)
+{
+ unix_socket_close(_fd);
+ _fd = -1;
+ return 0;
+}
+
+int pal_message_send(uint8_t buffer[], size_t size)
+{
+ return (nwrite(_fd, (uint8_t *) buffer, size) == size ? 0 : -1);
+}
+
+int pal_message_receive(uint8_t buffer[], size_t size)
+{
+ return nread(_fd, buffer, size);
+}
+
diff --git a/secure-debug/platform/native/src/unix_msg.c b/secure-debug/platform/hosts/hst_sdbg_stdc/src/unix_msg.c
similarity index 100%
rename from secure-debug/platform/native/src/unix_msg.c
rename to secure-debug/platform/hosts/hst_sdbg_stdc/src/unix_msg.c
diff --git a/secure-debug/platform/native/include/pal_common.h b/secure-debug/platform/native/include/pal_common.h
deleted file mode 100644
index c88dcf5..0000000
--- a/secure-debug/platform/native/include/pal_common.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/** @file
- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-#ifndef _PAL_COMMON_H_
-#define _PAL_COMMON_H_
-#include <platform.h>
-#include <stddef.h>
-/**
- * @brief - Initialise the host-side channel for communication with device.
- * @param - ctx Hook for platform-specific descriptor
- * buffer Pointer to memory used for TX/RX
- * buffer_size Size of allocated memory for TX/RX
- * @return - SUCCESS/FAILURE
-**/
-int msg_interface_init(void *ctx, uint8_t buffer[], size_t size);
-
-/**
- * @brief - Release the host-side channel for communication with device.
- * @param - ctx Hook for platform-specific descriptor
- * @return - SUCCESS/FAILURE
-**/
-int msg_interface_free(void *ctx);
-
-#endif
diff --git a/secure-debug/tests/adac/suite.cmake b/secure-debug/tests/adac/suite.cmake
index 167d305..df04e08 100644
--- a/secure-debug/tests/adac/suite.cmake
+++ b/secure-debug/tests/adac/suite.cmake
@@ -35,7 +35,7 @@
target_include_directories(${TEST_COMBINE_LIB} PRIVATE
${CMAKE_BINARY_DIR}
- ${PSA_ROOT_DIR}/val/include
- ${PSA_ROOT_DIR}/platform/${TARGET}/include
+ ${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
-target_link_libraries(${TEST_COMBINE_LIB} mbedcrypto)
+target_link_libraries(${TEST_COMBINE_LIB} ${ADAC_HOST_VAL_LIB})
diff --git a/secure-debug/tests/adac/test_a001/test_a001.c b/secure-debug/tests/adac/test_a001/test_a001.c
index 66f878e..d6ce71f 100644
--- a/secure-debug/tests/adac/test_a001/test_a001.c
+++ b/secure-debug/tests/adac/test_a001/test_a001.c
@@ -16,7 +16,7 @@
**/
#include <psa_adac.h>
-#include <val_adac.h>
+#include <adac_util.h>
#include "val_interfaces.h"
#include "test_a001.h"
@@ -27,60 +27,71 @@
void test_entry(val_api_t *val_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ psa_status_t ret;
val_api_t *val = NULL;
-
val = val_api;
/* test init */
val->test_init(TEST_NUM, TEST_DESC);
- val_adac_host_init();
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
- uint8_t challenge1[CHALLENGE_SIZE], challenge2[CHALLENGE_SIZE], i;
-
+ uint8_t challenge1[CHALLENGE_SIZE], i;
+ uint8_t *vect;
request_packet_t *request;
response_packet_t *response;
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
-
- *challenge1 = (uint8_t)(challenge->challenge_vector);
+ vect = (challenge->challenge_vector);
response_packet_release(response);
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ for (i = 0; i < CHALLENGE_SIZE; i++)
+ challenge1[i] = *(vect+i);
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
challenge = (psa_auth_challenge_t *) response->data;
-
- *challenge2 = (uint8_t)(challenge->challenge_vector);
response_packet_release(response);
for (i = 0; i < CHALLENGE_SIZE; i++) {
- if (challenge1[i] != challenge2[i])
+ if (challenge1[i] != *(vect+i))
break;
}
if (i == CHALLENGE_SIZE) {
val->print(PRINT_ERROR, "Challenge response obtained is not unique\n", 0);
- goto test_fail_exit;
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_ERROR);
} else {
val->print(PRINT_INFO, "Challenge response obtained is unique\n", 0);
- goto test_end;
}
-test_fail_exit:
- val_set_status(RESULT_FAIL(VAL_STATUS_TEST_FAILED));
test_end:
val->test_exit();
}
-
diff --git a/secure-debug/tests/adac/test_a002/test_a002.c b/secure-debug/tests/adac/test_a002/test_a002.c
index dabbc34..9aeec89 100644
--- a/secure-debug/tests/adac/test_a002/test_a002.c
+++ b/secure-debug/tests/adac/test_a002/test_a002.c
@@ -16,7 +16,7 @@
**/
#include <psa_adac.h>
-#include <val_adac.h>
+#include <adac_util.h>
#include "val_interfaces.h"
#include "test_a002.h"
@@ -27,43 +27,79 @@
void test_entry(val_api_t *val_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ psa_status_t ret;
val_api_t *val = NULL;
-
val = val_api;
/* test init */
val->test_init(TEST_NUM, TEST_DESC);
- val_adac_host_init();
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
uint8_t *chain = NULL;
size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
- if (PSA_SUCCESS != val_load_certificate_chain(chain_file, &chain, &chain_size))
- goto test_fail_exit;
+ // Ensure device is locked before starting unlock sequence.
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if ((response->status != SDP_SUCCESS) && (response->status != SDP_UNSUPPORTED)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
psa_tlv_t *exts[MAX_EXTENSIONS];
size_t exts_count = 0;
uint8_t key_type;
- if (PSA_SUCCESS != val_infer_cryptosystem((uint32_t *) chain, chain_size, exts,
- &exts_count, &key_type)) {
- goto test_fail_exit;
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
- request_packet_t *request;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
- if (PSA_SUCCESS != val_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0))
- goto test_fail_exit;
-
- response_packet_t *response;
-
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_DISCOVERY_CMD, response))
- goto test_fail_exit;
-
- if (!val_check_cryptosystem_support(response, key_type))
- goto test_fail_exit;
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
response_packet_release(response);
@@ -71,54 +107,117 @@
uint8_t *key = NULL;
size_t key_size = 0;
- if (PSA_SUCCESS != val_get_private_key(key_file, &key_type, &handle, &key, &key_size))
- goto test_fail_exit;
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
uint8_t *token = NULL;
size_t token_size = 0;
+ uint8_t perm_req[32], i;
- if (PSA_SUCCESS != val_sign_token(challenge->challenge_vector,
- sizeof(challenge->challenge_vector),
- key_type, NULL, 0, &token, &token_size,
- handle, key, key_size)) {
- goto test_fail_exit;
+ // Set the permission request for the debug token.
+ for (i = 0; i < 32; i++)
+ perm_req[i] = (0xFF ^ i);
+
+ ret = psa_adac_construct_token(challenge->challenge_vector, sizeof(challenge->challenge_vector),
+ key_type, NULL, 0, &token, &token_size, perm_req,
+ handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
response_packet_release(response);
- if (PSA_SUCCESS != val_send_certificate(exts, exts_count))
- goto test_fail_exit;
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
val->print(PRINT_INFO, "Sending token\n", 0);
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_RESPONSE_CMD, request,
- (uint8_t *)token, token_size)) {
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token, token_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(13), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_RESPONSE_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(14), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
if (response->status == SDP_SUCCESS)
val->print(PRINT_INFO, "Target unlocked successfully\n", 0);
else
- goto test_fail_exit;
+ val->err_check_set(TEST_CHECKPOINT_NUM(15), VAL_STATUS_ERROR);
response_packet_release(response);
- goto test_end;
-test_fail_exit:
- val_set_status(RESULT_FAIL(VAL_STATUS_TEST_FAILED));
+ val->print(PRINT_INFO, "Closing debug session\n", 0);
+ ret = psa_adac_issue_command(SDP_RESUME_BOOT_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(16), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_RESUME_BOOT_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(17), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(18), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ // Set device in locked state.
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(19), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(20), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Debug access is locked\n", 0);
+ else if (response->status == SDP_UNSUPPORTED)
+ val->print(PRINT_INFO, "Debug access cannot be locked\n", 0);
+ else {
+ val->print(PRINT_ERROR, "Invalid response\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(21), VAL_STATUS_ERROR);
+ }
+
+ response_packet_release(response);
+
test_end:
val->test_exit();
}
-
diff --git a/secure-debug/tests/adac/test_a003/test.cmake b/secure-debug/tests/adac/test_a003/test.cmake
new file mode 100644
index 0000000..dc23e77
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a003.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a003/test_a003.c b/secure-debug/tests/adac/test_a003/test_a003.c
new file mode 100644
index 0000000..865db6f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test_a003.c
@@ -0,0 +1,176 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a003.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 3)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_discovery_tlv_response\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_status_t status;
+
+ val_api_t *val = NULL;
+ val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *tlv = NULL, *current_tlv = NULL, **tlv_seq = NULL;
+ uint16_t *type_id_list;
+ size_t type_id_size, i, j;
+
+ // Send discovery packet with no requested type ID.
+ request = request_packet_build(SDP_DISCOVERY_CMD, NULL, 0);
+ if (request == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+ request_packet_send(request);
+ request_packet_release(request);
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Variable to collect the reference to each TLV in the response sequence.
+ tlv_seq = (psa_tlv_t **)malloc((response->data_count) * sizeof(psa_tlv_t *));
+ if (tlv_seq == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Variable to collect the type ID from each TLV entry.
+ type_id_list = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ if (type_id_list == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence.
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ tlv_seq[j] = tlv;
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ j = 0;
+ while (tlv_seq[j] != tlv)
+ {
+ current_tlv = tlv_seq[j];
+ type_id_list[j] = current_tlv->type_id;
+
+ if (type_id_list[j] == PSA_LIFECYCLE)
+ status = check_lifecycle_major_state(current_tlv->value, current_tlv->length_in_bytes);
+ else if (type_id_list[j] == TOKEN_FORMATS)
+ status = check_adac_token_support(current_tlv->value, current_tlv->length_in_bytes);
+ else if (type_id_list[j] == CERT_FORMATS)
+ status = check_adac_cert_support(current_tlv->value, current_tlv->length_in_bytes);
+ else
+ status = VAL_STATUS_SUCCESS;
+
+ j++;
+ }
+
+ if (status != VAL_STATUS_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), status);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+test_end:
+ if (tlv_seq != NULL)
+ free(tlv_seq);
+
+ if (type_id_list != NULL)
+ free(type_id_list);
+
+ val->test_exit();
+}
+
+static val_status_t check_lifecycle_major_state(uint8_t *value, size_t size)
+{
+ uint16_t state;
+
+ // Device cannot have multiple lifecycle states.
+ if (size != 0x2)
+ return VAL_STATUS_INVALID_SIZE;
+
+ state = (*(uint16_t *)value) & PSA_LIFECYCLE_MAJOR_STATE;
+
+ switch (state) {
+ case UNKNOWN:
+ case ASSEMBLY_AND_TEST:
+ case PSA_ROT_AND_PROVISIONING:
+ case SECURED:
+ case NON_PSA_ROT_DEBUG:
+ case RECOVERABLE_PSA_ROT_DEBUG:
+ case DECOMMISSIONED:
+ return VAL_STATUS_SUCCESS;
+ default:
+ return VAL_STATUS_DATA_MISMATCH;
+ break;
+ }
+}
+
+static val_status_t check_adac_token_support(uint8_t *value, size_t size)
+{
+ uint16_t payload;
+ uint8_t payload_bytes = (uint8_t)size;
+ uint8_t i;
+
+ for (i = 0; i < payload_bytes; i += 2)
+ {
+ payload = (*(uint16_t *)(value + i));
+ if (payload == TOKEN_ADAC)
+ return VAL_STATUS_SUCCESS;
+ }
+
+ return VAL_STATUS_DATA_MISMATCH;
+}
+
+static val_status_t check_adac_cert_support(uint8_t *value, size_t size)
+{
+ uint16_t payload;
+ uint8_t payload_bytes = (uint8_t)size;
+ uint8_t i;
+
+ for (i = 0; i < payload_bytes; i += 2)
+ {
+ payload = (*(uint16_t *)(value + i));
+ if (payload == CERT_ADAC)
+ return VAL_STATUS_SUCCESS;
+ }
+
+ return VAL_STATUS_DATA_MISMATCH;
+}
diff --git a/secure-debug/tests/adac/test_a003/test_a003.h b/secure-debug/tests/adac/test_a003/test_a003.h
new file mode 100644
index 0000000..a6a47dc
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test_a003.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A003_TESTS_H_
+#define _TEST_A003_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a003)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static val_status_t check_lifecycle_major_state(uint8_t *value, size_t size);
+static val_status_t check_adac_token_support(uint8_t *value, size_t size);
+static val_status_t check_adac_cert_support(uint8_t *value, size_t size);
+
+#endif /* _TEST_A003_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a004/test.cmake b/secure-debug/tests/adac/test_a004/test.cmake
new file mode 100644
index 0000000..15ea303
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a004.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a004/test_a004.c b/secure-debug/tests/adac/test_a004/test_a004.c
new file mode 100644
index 0000000..4b8be6a
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test_a004.c
@@ -0,0 +1,147 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a004.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 4)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_discovery_tlv_request\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_status_t status;
+ val_api_t *val = NULL;
+ val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *tlv = NULL;
+ uint16_t *type_id_list, *type_id_list_rev;
+ uint8_t *type_id_ptr;
+ size_t type_id_size, i, j, tlv_entries;
+
+ // Send discovery packet with no requested type ID.
+ type_id_ptr = NULL;
+ type_id_size = 0;
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Variable to collect the type ID from each TLV entry.
+ type_id_list = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ type_id_list_rev = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ if ((type_id_list == NULL) || (type_id_list_rev == NULL)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence.
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ type_id_list[j] = tlv->type_id;
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ tlv_entries = j;
+ response_packet_release(response);
+
+ // Create a list of type ID in decreasing ID value.
+ j = 0;
+ while (j < tlv_entries) {
+ type_id_list_rev[j] = type_id_list[tlv_entries-1-j];
+ j++;
+ }
+
+ // Send discovery request packet with a subset of requested type ID.
+ type_id_ptr = (uint8_t *)type_id_list;
+ type_id_size = (tlv_entries/2) * sizeof(uint16_t);
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS) {
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ // Response must contain at least as many type IDs as requested.
+ if (j < tlv_entries/2) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+ } else {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ // Send discovery packet with a reverse order of requested type ID.
+ type_id_ptr = (uint8_t *)type_id_list_rev;
+ type_id_size = tlv_entries * sizeof(uint16_t);
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_SUCCESS)
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ if ((type_id_list != NULL) || (type_id_list_rev != NULL)) {
+ free(type_id_list);
+ free(type_id_list_rev);
+ }
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a004/test_a004.h b/secure-debug/tests/adac/test_a004/test_a004.h
new file mode 100644
index 0000000..a4fd46d
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test_a004.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A004_TESTS_H_
+#define _TEST_A004_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a004)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A004_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a005/test.cmake b/secure-debug/tests/adac/test_a005/test.cmake
new file mode 100644
index 0000000..3152266
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a005.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a005/test_a005.c b/secure-debug/tests/adac/test_a005/test_a005.c
new file mode 100644
index 0000000..612a882
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test_a005.c
@@ -0,0 +1,219 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a005.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 5)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_replay\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Target is locked\n", 0);
+ else
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ psa_key_handle_t handle;
+ uint8_t *key = NULL;
+ size_t key_size = 0;
+
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge1 = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token1 = NULL;
+ size_t token1_size = 0;
+
+ ret = psa_adac_construct_token(challenge1->challenge_vector,
+ sizeof(challenge1->challenge_vector), key_type, NULL, 0,
+ &token1, &token1_size, NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(13), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(14), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge2 = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token2 = NULL;
+ size_t token2_size = 0;
+
+ ret = psa_adac_construct_token(challenge2->challenge_vector,
+ sizeof(challenge2->challenge_vector), key_type, NULL, 0,
+ &token2, &token2_size, NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(15), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(16), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Sending older token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token1, token1_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(17), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(18), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(19), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ val->print(PRINT_INFO, "Sending new token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token2, token2_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(20), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(21), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(22), VAL_STATUS_INVALID);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
diff --git a/secure-debug/tests/adac/test_a005/test_a005.h b/secure-debug/tests/adac/test_a005/test_a005.h
new file mode 100644
index 0000000..9ca8109
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test_a005.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A005_TESTS_H_
+#define _TEST_A005_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a005)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A005_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a006/test.cmake b/secure-debug/tests/adac/test_a006/test.cmake
new file mode 100644
index 0000000..681a50c
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a006.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a006/test_a006.c b/secure-debug/tests/adac/test_a006/test_a006.c
new file mode 100644
index 0000000..bb63679
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test_a006.c
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a006.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 6)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_auth_resp_null\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+
+ // Send authentication response command with no payload.
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a006/test_a006.h b/secure-debug/tests/adac/test_a006/test_a006.h
new file mode 100644
index 0000000..bbe8d86
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test_a006.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A006_TESTS_H_
+#define _TEST_A006_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a006)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A006_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a007/test.cmake b/secure-debug/tests/adac/test_a007/test.cmake
new file mode 100644
index 0000000..530f69d
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a007.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a007/test_a007.c b/secure-debug/tests/adac/test_a007/test_a007.c
new file mode 100644
index 0000000..a9ee125
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test_a007.c
@@ -0,0 +1,71 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a007.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 7)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_invalid_command\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ uint16_t command[] = { 0x0, 0x100, 0xBAD, 0x7FFF};
+ uint32_t i, cmd_list_size;
+
+ cmd_list_size = sizeof(command)/sizeof(command[0]);
+
+ for (i = 0; i < cmd_list_size; i++) {
+ request = request_packet_build(command[i], NULL, 0);
+ if (request != NULL) {
+ val->print(PRINT_INFO, "Sending command 0x%x\n", command[i]);
+ if (request_packet_send(request) < 0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM((1*i)), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ request_packet_release(request);
+ }
+
+ response = response_packet_receive();
+ if (response->status != SDP_INVALID_COMMAND)
+ val->err_check_set(TEST_CHECKPOINT_NUM((2*i)), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+ }
+
+ if (i != cmd_list_size)
+ val->err_check_set(TEST_CHECKPOINT_NUM((2*i-1)), VAL_STATUS_ERROR);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a007/test_a007.h b/secure-debug/tests/adac/test_a007/test_a007.h
new file mode 100644
index 0000000..35a3834
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test_a007.h
@@ -0,0 +1,24 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A007_TESTS_H_
+#define _TEST_A007_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a007)
+
+extern val_api_t *val;
+
+#endif /* _TEST_A007_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a008/test.cmake b/secure-debug/tests/adac/test_a008/test.cmake
new file mode 100644
index 0000000..af078b4
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a008.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a008/test_a008.c b/secure-debug/tests/adac/test_a008/test_a008.c
new file mode 100644
index 0000000..7b362e6
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test_a008.c
@@ -0,0 +1,151 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a008.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 8)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_cert_order\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ uint8_t *payload = NULL, *leaf_cert = NULL;
+ size_t payload_size, leaf_cert_size, i;
+ psa_tlv_t *current_extn;
+
+ for (i = 0; i < exts_count; i++) {
+ current_extn = exts[i];
+ if (current_extn->type_id == CERT_ADAC) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ certificate_header_t *header = (certificate_header_t *) (current_extn->value);
+
+ if (header->role == SDP_CRT_ROLE_LEAF) {
+ leaf_cert = current_extn->value;
+ leaf_cert_size = current_extn->length_in_bytes;
+ break;
+ }
+ }
+ }
+
+ if (leaf_cert == NULL) {
+ val->print(PRINT_ERROR, "Leaf certificate not found\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_NOT_FOUND);
+ goto test_end;
+ }
+
+ if (leaf_cert_size < sizeof(certificate_header_t)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_INVALID_SIZE);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a008/test_a008.h b/secure-debug/tests/adac/test_a008/test_a008.h
new file mode 100644
index 0000000..fb92be8
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test_a008.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A008_TESTS_H_
+#define _TEST_A008_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a008)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A008_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a009/test.cmake b/secure-debug/tests/adac/test_a009/test.cmake
new file mode 100644
index 0000000..eb94a50
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a009.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a009/test_a009.c b/secure-debug/tests/adac/test_a009/test_a009.c
new file mode 100644
index 0000000..e117e5f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test_a009.c
@@ -0,0 +1,167 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a009.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 9)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_scope_limit\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ uint8_t *payload = NULL;
+ size_t payload_size, i;
+ psa_tlv_t *current_extn;
+ certificate_header_t *header = NULL;
+ uint8_t *leaf_cert = NULL;
+
+ // Modify scope limit constraints at host-side for soc_class
+ for (i = 0; i < exts_count; i++) {
+ current_extn = exts[i];
+ if (current_extn->type_id == CERT_ADAC) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ header = (certificate_header_t *) (current_extn->value);
+ if (header->role != SDP_CRT_ROLE_ROOT) {
+ leaf_cert = current_extn->value;
+ modify_soc_class_neutral(header, i);
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ // Restore the tampered certificate value
+ if (header->role == SDP_CRT_ROLE_ROOT)
+ modify_soc_class_neutral(header, i);
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_NEED_MORE_DATA) {
+ response_packet_release(response);
+ } else if (response->status == SDP_FAILURE) {
+ val->print(PRINT_INFO, "Inconsistent certificate chain rejected by target\n", 0);
+ break;
+ } else {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_INVALID);
+ break;
+ }
+ }
+ }
+
+ if (leaf_cert == NULL) {
+ val->print(PRINT_ERROR, "Leaf certificate not found\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_NOT_FOUND);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
+static void modify_soc_class_neutral(certificate_header_t *h, size_t chain_count)
+{
+ // Change the values to create non-neutral fields for soc_class for non-root certificates.
+ h->soc_class = h->soc_class ^ (uint32_t)(~chain_count);
+}
diff --git a/secure-debug/tests/adac/test_a009/test_a009.h b/secure-debug/tests/adac/test_a009/test_a009.h
new file mode 100644
index 0000000..b89c10b
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test_a009.h
@@ -0,0 +1,27 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A009_TESTS_H_
+#define _TEST_A009_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a009)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static void modify_soc_class_neutral(certificate_header_t *header, size_t chain_count);
+#endif /* _TEST_A009_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a010/test.cmake b/secure-debug/tests/adac/test_a010/test.cmake
new file mode 100644
index 0000000..514ddf9
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a010.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a010/test_a010.c b/secure-debug/tests/adac/test_a010/test_a010.c
new file mode 100644
index 0000000..45b7158
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test_a010.c
@@ -0,0 +1,180 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a010.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 10)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_sw_partition\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS], *tk_exts[MAX_EXTENSIONS];
+ size_t exts_count = 0, tk_exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ psa_key_handle_t handle;
+ uint8_t *key = NULL;
+ size_t key_size = 0;
+
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token = NULL;
+ size_t token_size = 0;
+
+ set_sw_partitions((uint8_t *)tk_exts, &tk_exts_count, 2);
+
+ ret = psa_adac_construct_token(challenge->challenge_vector, sizeof(challenge->challenge_vector),
+ key_type, (uint8_t *)tk_exts, tk_exts_count, &token, &token_size,
+ NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Sending token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token, token_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Target unlocked successfully\n", 0);
+ else
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
+static void set_sw_partitions(uint8_t *token_exts, size_t *token_exts_len, size_t num_tlv_entries)
+{
+ psa_tlv_t *tlv = NULL;
+ size_t i = 0;
+ uint8_t j, k, tlv_value_size;
+
+ for (j = 0; j < num_tlv_entries; j++) {
+ tlv = (psa_tlv_t *)(token_exts + i);
+ tlv->type_id = SW_PARTITION_ID;
+ tlv->length_in_bytes = 0x6;
+ tlv_value_size = ROUND_TO_WORD(tlv->length_in_bytes);
+
+ // Arbitrary scheme of software partitions IDs
+ for (k = 0; k < tlv->length_in_bytes; k++)
+ (tlv->value)[k] = j*4 + k;
+
+ // Pad with 0x0 for a 32 bit aligned TLV
+ while ((k % 4 != 0) && (k < tlv_value_size)) {
+ (tlv->value)[k] = 0x0;
+ k++;
+ }
+
+ i += sizeof(psa_tlv_t) + tlv_value_size;
+ }
+ *token_exts_len = i;
+}
diff --git a/secure-debug/tests/adac/test_a010/test_a010.h b/secure-debug/tests/adac/test_a010/test_a010.h
new file mode 100644
index 0000000..130640f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test_a010.h
@@ -0,0 +1,28 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A010_TESTS_H_
+#define _TEST_A010_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a010)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static void set_sw_partitions(uint8_t *token_exts, size_t *token_exts_len, size_t num_tlv_entries);
+
+#endif /* _TEST_A010_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a011/test.cmake b/secure-debug/tests/adac/test_a011/test.cmake
new file mode 100644
index 0000000..96b4df9
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a011.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a011/test_a011.c b/secure-debug/tests/adac/test_a011/test_a011.c
new file mode 100644
index 0000000..09d33ba
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test_a011.c
@@ -0,0 +1,101 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a011.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 11)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_tlv_reserved\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *exts[MAX_EXTENSIONS], *tlv = NULL;
+ uint8_t *chain = NULL;
+ size_t chain_size = 0, exts_count = 0, i, err_count;
+
+ // Send discovery packet with no requested type ID.
+ request = request_packet_build(SDP_DISCOVERY_CMD, NULL, 0);
+ if (request == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+ request_packet_send(request);
+ request_packet_release(request);
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence in the discovery response.
+ err_count = 0;
+ for (i = 0; (i + 4) < (response->data_count * 4);) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ err_count += (tlv->_reserved != 0x0);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ response_packet_release(response);
+
+ if (err_count != 0x0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ err_count = 0;
+ for (i = 0; i < exts_count; i++) {
+ tlv = exts[i];
+ err_count += (tlv->_reserved != 0x0);
+ }
+
+ if (err_count != 0x0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a011/test_a011.h b/secure-debug/tests/adac/test_a011/test_a011.h
new file mode 100644
index 0000000..df8eecc
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test_a011.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A011_TESTS_H_
+#define _TEST_A011_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a011)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A011_TESTS_H_ */
diff --git a/secure-debug/tests/adac/testsuite.db b/secure-debug/tests/adac/testsuite.db
index 9695860..ce2e642 100644
--- a/secure-debug/tests/adac/testsuite.db
+++ b/secure-debug/tests/adac/testsuite.db
@@ -22,5 +22,14 @@
test_a001
test_a002
+test_a003
+test_a004
+test_a005
+test_a006
+test_a007
+test_a008
+test_a009
+test_a010
+test_a011
(END)
diff --git a/secure-debug/val/include/pal_interfaces.h b/secure-debug/val/include/pal_interfaces.h
deleted file mode 100644
index 9f7390f..0000000
--- a/secure-debug/val/include/pal_interfaces.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/** @file
- * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-#ifndef _PAL_INTERFACES_H_
-#define _PAL_INTERFACES_H_
-
-#include <stdarg.h>
-#include <psa_adac.h>
-
-/**
- * @brief - This function parses the input string and writes bytes into logger TX FIFO
- * @param - str : Input String
- * - data : Value for format specifier
- * @return - SUCCESS/FAILURE
-**/
-
-int pal_print(const char *str, int32_t data);
-
-/**
- * @brief - Terminates the simulation at the end of all tests completion.
- * By default, it put cpus into power down mode.
- * @param - void
- * @return - void
-**/
-void pal_terminate_simulation(void);
-
-/**
- * @brief - Resets the system.
- * @param - void
- * @return - SUCCESS/FAILURE
-**/
-int pal_system_reset(void);
-
-request_packet_t *request_packet_lock(size_t *max_data_size);
-
-/**
- * @brief - Reserve the communication buffer memory for receive packet.
- * @param - max_data_size Valid size of command frame
- * @return - Pointer to the command frame to be read
-**/
-response_packet_t *response_packet_lock(size_t *max_data_size);
-
-/**
- * @brief - Release the lock held by transmit packet.
- * @param - packet Most recent command frame sent
- * @return - SUCCESS/FAILURE
-**/
-int request_packet_release(request_packet_t *packet);
-
-/**
- * @brief - Release the lock held by receive packet.
- * @param - packet Most recent response packet received
- * @return - SUCCESS/FAILURE
-**/
-int response_packet_release(response_packet_t *packet);
-
-/**
- * @brief - Construct the Request packet for the specified ADAC command.
- * @param - command ADAC command
- * data Pointer to payload
- * data_size Size of the command payload
- * @return - Pointer to the command frame to be written
-**/
-request_packet_t *request_packet_build(uint16_t command, uint8_t *data, size_t data_size);
-
-/**
- * @brief - Write the Request packet into the communication buffer for transmit.
- * @param - packet Request packet built for dispatch
- * @return - SUCCESS/FAILURE
-**/
-int request_packet_send(request_packet_t *packet);
-
-/**
- * @brief - Read the Response packet from the communication buffer.
- * @param - None
- * @return - Response packet received from target.
-**/
-response_packet_t *response_packet_receive();
-
-#endif
diff --git a/secure-debug/val/include/val.h b/secure-debug/val/include/val.h
index 8ac9a98..4082c5c 100644
--- a/secure-debug/val/include/val.h
+++ b/secure-debug/val/include/val.h
@@ -36,12 +36,6 @@
#define VERBOSE 9
#endif
-#ifndef VAL_NSPE_BUILD
-#define STATIC_DECLARE static
-#else
-#define STATIC_DECLARE
-#endif
-
#ifndef __WEAK
#define __WEAK __attribute__((weak))
#endif
@@ -91,8 +85,6 @@
#define IS_TEST_END(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_END)
#define VAL_ERROR(status) ((status & TEST_STATUS_MASK) ? 1 : 0)
-
-
/* Test Defines */
#define TEST_PUBLISH(test_id, entry) \
const val_test_info_t __attribute__((section(".acs_test_info"))) \
@@ -101,15 +93,12 @@
#define VAL_MAX_TEST_PER_COMP 200
#define VAL_SECURE_DEBUG_BASE 4
-
#define VAL_GET_COMP_NUM(test_id) \
((test_id - (test_id % VAL_MAX_TEST_PER_COMP)) / VAL_MAX_TEST_PER_COMP)
#define VAL_GET_TEST_NUM(test_id) (test_id % VAL_MAX_TEST_PER_COMP)
#define VAL_CREATE_TEST_ID(comp, num) ((comp*VAL_MAX_TEST_PER_COMP) + num)
#define TEST_FIELD(num1, num2) (num2 << 8 | num1)
-#define GET_TEST_ISOLATION_LEVEL(num) (num & 0x3)
-#define GET_WD_TIMOUT_TYPE(num) ((num >> 8) & 0x7)
#define TEST_CHECKPOINT_NUM(n) n
#define TEST(n) n
@@ -125,9 +114,6 @@
#define TEST_RETURN_RESULT 2
#define INVALID_HANDLE 0x1234DEAD
-#define VAL_NVMEM_BLOCK_SIZE 4
-#define VAL_NVMEM_OFFSET(nvmem_idx) (nvmem_idx * VAL_NVMEM_BLOCK_SIZE)
-
#define UART_INIT_SIGN 0xff
#define UART_PRINT_SIGN 0xfe
@@ -191,53 +177,6 @@
} while (0)
/* enums */
-typedef enum {
- CALLER_NONSECURE = 0x0,
- CALLER_SECURE = 0x1,
-} caller_security_t;
-
-typedef enum {
- TEST_ISOLATION_L1 = 0x1,
- TEST_ISOLATION_L2 = 0x2,
- TEST_ISOLATION_L3 = 0x3,
-} test_isolation_level_t;
-
-typedef enum {
- LEVEL1 = 0x1,
- LEVEL2,
- LEVEL3,
-} isolation_level_t;
-
-typedef enum {
- /* VAL uses this boot flag to mark first time boot of the system */
- BOOT_UNKNOWN = 0x1,
- /* VAL/Test uses this boot flag to catch any unwanted system reboot - SIM ERROR Cases*/
- BOOT_NOT_EXPECTED = 0x2,
- /* Test performs panic check for non-secure test run and expect reboot */
- BOOT_EXPECTED_NS = 0x3,
- /* Test performs panic check for secure test run and expect reboot */
- BOOT_EXPECTED_S = 0x4,
- /* Test expects reboot but it didn't happen */
- BOOT_EXPECTED_BUT_FAILED = 0x5,
- /* Test expects reboot for secure/non-secure test run. If reboot happens,
- * re-enter the same test and execute the next check function
- */
- BOOT_EXPECTED_REENTER_TEST = 0x6,
- /* Test expect reboot for the test run. If reboot happens,
- * re-enter the same test and continue executing the same check function
- */
- BOOT_EXPECTED_CONT_TEST_EXEC = 0x7,
-} boot_state_t;
-
-typedef enum {
- NV_BOOT = 0x0,
- NV_TEST_ID_PREVIOUS = 0x1,
- NV_TEST_ID_CURRENT = 0x2,
- NV_TEST_CNT = 0x3,
- NV_TEST_DATA1 = 0x4,
- NV_TEST_DATA2 = 0x5,
- NV_TEST_DATA3 = 0x6,
-} nvmem_index_t;
/* enums to report test sub-state */
typedef enum {
@@ -286,26 +225,7 @@
PRINT_ALWAYS = 9
} print_verbosity_t;
-/* Driver test function id enums */
-typedef enum {
- TEST_PSA_EOI_WITH_NON_INTR_SIGNAL = 1,
- TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS = 2,
- TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL = 3,
- TEST_INTR_SERVICE = 4,
- TEST_ISOLATION_PSA_ROT_DATA_RD = 5,
- TEST_ISOLATION_PSA_ROT_DATA_WR = 6,
- TEST_ISOLATION_PSA_ROT_STACK_RD = 7,
- TEST_ISOLATION_PSA_ROT_STACK_WR = 8,
- TEST_ISOLATION_PSA_ROT_HEAP_RD = 9,
- TEST_ISOLATION_PSA_ROT_HEAP_WR = 10,
- TEST_ISOLATION_PSA_ROT_MMIO_RD = 11,
- TEST_ISOLATION_PSA_ROT_MMIO_WR = 12,
-} driver_test_fn_id_t;
-
/* typedef's */
-typedef struct {
- boot_state_t state;
-} boot_t;
typedef struct {
uint32_t pass_cnt:8;
@@ -327,6 +247,4 @@
uint8_t status;
} test_status_buffer_t;
-typedef int32_t (*client_test_t)(caller_security_t caller);
-typedef int32_t (*server_test_t)(void);
#endif /* VAL_COMMON_H */
diff --git a/secure-debug/val/include/val_adac.h b/secure-debug/val/include/val_adac.h
deleted file mode 100644
index 6086df9..0000000
--- a/secure-debug/val/include/val_adac.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/** @file
- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-
-#ifndef _VAL_ADAC_H_
-#define _VAL_ADAC_H_
-#include <psa_adac.h>
-
-/** \brief Token header
- *
- */
-typedef struct {
- uint16_t type;
- uint8_t *data;
- size_t size;
-} adac_command_frame_t;
-
-void val_adac_host_init(void);
-psa_status_t val_load_certificate_chain(const char *chain_file, uint8_t **chain,
- size_t *chain_size);
-psa_status_t val_infer_cryptosystem(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
- size_t *extns_count, uint8_t *key_system);
-psa_status_t val_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
- uint8_t **key_ptr, size_t *size);
-request_packet_t *val_construct_command(uint16_t command, uint8_t *data, size_t data_size);
-psa_status_t val_issue_command(uint32_t command, request_packet_t *packet,
- uint8_t *data, size_t data_size);
-response_packet_t *val_await_response(void);
-psa_status_t val_parse_response(uint32_t command, response_packet_t *packet);
-
-psa_status_t val_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type,
- uint8_t exts[], size_t exts_size, uint8_t *fragment[],
- size_t *fragment_size, psa_key_handle_t handle,
- uint8_t *key, size_t key_size);
-psa_status_t val_send_certificate(psa_tlv_t **extns_list, size_t extns_count);
-int val_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system);
-
-#endif /* _VAL_ADAC_H_ */
diff --git a/secure-debug/val/include/val_entry.h b/secure-debug/val/include/val_entry.h
index f4d173f..6484dc6 100644
--- a/secure-debug/val/include/val_entry.h
+++ b/secure-debug/val/include/val_entry.h
@@ -18,10 +18,10 @@
#ifndef _VAL_ENTRY_H_
#define _VAL_ENTRY_H_
-#include "val_framework.h"
+#include "val.h"
-#define PSA_ACS_MAJOR_VER 1
-#define PSA_ACS_MINOR_VER 2
+#define PSA_ACS_MAJOR_VER 0
+#define PSA_ACS_MINOR_VER 6
/**
@brief - PSA Test Suite C main function, does VAL init and calls test dispatcher
diff --git a/secure-debug/val/include/val_framework.h b/secure-debug/val/include/val_framework.h
index 5d53cbb..6aa0edf 100644
--- a/secure-debug/val/include/val_framework.h
+++ b/secure-debug/val/include/val_framework.h
@@ -20,7 +20,6 @@
#define _VAL_INFRA_H_
#include "val.h"
-#include "val_interfaces.h"
/* prototypes */
uint32_t val_report_status(void);
diff --git a/secure-debug/val/include/val_interfaces.h b/secure-debug/val/include/val_interfaces.h
index eca9a63..b52ba6e 100644
--- a/secure-debug/val/include/val_interfaces.h
+++ b/secure-debug/val/include/val_interfaces.h
@@ -19,7 +19,6 @@
#define _VAL_INTERFACES_H_
#include "val.h"
-#include "pal_interfaces.h"
/* typedef's */
typedef struct {
diff --git a/secure-debug/val/src/val_adac.c b/secure-debug/val/src/val_adac.c
deleted file mode 100644
index 53f02d1..0000000
--- a/secure-debug/val/src/val_adac.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/** @file
- * Copyright (c) 2021 Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-**/
-
-#include <val_adac.h>
-#include <psa_adac_cryptosystems.h>
-#include <psa_adac_sdm.h>
-#include <psa_adac_debug.h>
-#include <pal_interfaces.h>
-
-void val_adac_host_init(void)
-{
- psa_adac_platform_init();
- psa_crypto_init();
-}
-
-psa_status_t val_load_certificate_chain(const char *chain_file, uint8_t **chain, size_t *chain_size)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
-
- if (chain_file == NULL) {
- printf("Error:Path not found\n");
- r = PSA_ERROR_INVALID_ARGUMENT;
- return r;
- }
- ret_val = load_trust_chain(chain_file, chain, chain_size);
- if (ret_val != 0) {
- printf("Error loading trust chain (%s)\n", chain_file);
- r = PSA_ERROR_GENERIC_ERROR;
- }
- return r;
-}
-
-psa_status_t val_infer_cryptosystem(uint32_t *chain, size_t chain_size, psa_tlv_t **extns_list,
- size_t *extns_count, uint8_t *key_system)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
- uint8_t key_type;
- size_t count, i;
- psa_tlv_t *current_extn;
-
- ret_val = split_tlv_static(chain, chain_size, extns_list, MAX_EXTENSIONS, extns_count);
- if (ret_val != 0) {
- PSA_ADAC_LOG_ERR("host", "Error parsing trust chain\n");
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
- count = *extns_count;
- if (count > MAX_EXTENSIONS) {
- printf("Error:Extension count exceeded maximum allowed\n");
- r = PSA_ERROR_NOT_PERMITTED;
- return r;
- }
-
- PSA_ADAC_LOG_INFO("host", "Found %zu certificates\n", count);
- for (i = 0; i < count; i++) {
- current_extn = extns_list[i];
- if ((current_extn)->type_id == 0x0201)
- key_type = ((certificate_header_t *) current_extn->value)->key_type;
- }
- *key_system = key_type;
- PSA_ADAC_LOG_INFO("host", "Cryptosystem detected: %d\n", key_type);
- return r;
-}
-
-psa_status_t val_get_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle,
- uint8_t **key_ptr, size_t *size)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
- uint8_t key_type = *type;
-
- if (key_file == NULL) {
- printf("Error:Path not found\n");
- r = PSA_ERROR_INVALID_ARGUMENT;
- return r;
- }
-
- switch (key_type) {
- case ECDSA_P256_SHA256:
- case ECDSA_P521_SHA512:
- case RSA_3072_SHA256:
- case RSA_4096_SHA256:
- case ED_25519_SHA512:
- case ED_448_SHAKE256:
- case SM_SM2_SM3:
- ret_val = import_private_key(key_file, type, handle);
- if (ret_val != 0) {
- printf("Error importing private key (%s)\n", key_file);
- r = PSA_ERROR_GENERIC_ERROR;
- } else {
- key_ptr = NULL;
- size = 0;
- }
- break;
-
- case CMAC_AES:
- case HMAC_SHA256:
- ret_val = load_secret_key(key_file, key_type, key_ptr, size);
- if (ret_val != 0) {
- printf("Error importing secret key (%s)\n", key_file);
- r = PSA_ERROR_GENERIC_ERROR;
- } else {
- handle = NULL;
- }
- break;
-
- default:
- printf("Error: unsupported key type (0x%x)\n", key_type);
- r = PSA_ERROR_NOT_SUPPORTED;
- }
- return r;
-}
-
-request_packet_t *val_construct_command(uint16_t cmd_type, uint8_t *data, size_t data_size)
-{
- request_packet_t *packet = NULL;
-
- switch (cmd_type) {
- case SDP_RESUME_BOOT_CMD:
- case SDP_LOCK_DEBUG_CMD:
- case SDP_DISCOVERY_CMD:
- case SDP_AUTH_START_CMD:
- packet = request_packet_build(cmd_type, NULL, 0);
- break;
- case SDP_AUTH_RESPONSE_CMD:
- if (data == NULL || data_size == 0) {
- printf("Error: No payload specified\n");
- break;
- }
- packet = request_packet_build((uint16_t)cmd_type, data, data_size);
- break;
- default:
- //TO DO: Callback for vendor specific command construction
- printf("Error: Unrecognized command. ID=(0x%x)\n", cmd_type);
- }
- return packet;
-}
-
-psa_status_t val_issue_command(uint32_t command, request_packet_t *packet,
- uint8_t *data, size_t data_size)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
-
- packet = val_construct_command((uint16_t)command, data, data_size);
-
- if (packet == NULL) {
- printf("Command construction failed\n");
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
-
- switch (command) {
- case SDP_DISCOVERY_CMD:
- printf("Sending discovery request\n");
- break;
- case SDP_AUTH_START_CMD:
- printf("Sending challenge request\n");
- break;
- case SDP_AUTH_RESPONSE_CMD:
- printf("Sending authentication response\n");
- break;
- case SDP_RESUME_BOOT_CMD:
- printf("Sending close session command\n");
- break;
- case SDP_LOCK_DEBUG_CMD:
- printf("Sending lock debug request\n");
- default:
- //TO DO: Vendor specific message
- printf("Error: Unrecognized command. ID=(0x%x)\n", command);
- r = PSA_ERROR_NOT_SUPPORTED;
- }
- ret_val = request_packet_send(packet);
- if (ret_val < 0)
- r = PSA_ERROR_GENERIC_ERROR;
-
- request_packet_release(packet);
- return r;
-}
-
-response_packet_t *val_await_response(void)
-{
- return response_packet_receive();
-}
-
-psa_status_t val_parse_response(uint32_t command, response_packet_t *packet)
-{
- int ret_val;
- psa_status_t r = PSA_SUCCESS;
- size_t i;
- psa_tlv_t *tlv;
- psa_auth_challenge_t *challenge;
-
- if (packet == NULL) {
- printf("Error: Target response not obtained\n");
- r = PSA_ERROR_COMMUNICATION_FAILURE;
- return r;
- }
-
- switch (command) {
- case SDP_DISCOVERY_CMD:
- printf("Receiving discovery response...\n");
- for (i = 0; (i + 4) < (packet->data_count * 4);) {
- tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
- i += sizeof(psa_tlv_t) + tlv->length_in_bytes;
- }
- break;
- case SDP_AUTH_START_CMD:
- printf("Receiving challenge\n");
- printf("status = 0x%04x, data_count = %d\n", packet->status, packet->data_count);
- if (packet->data_count * 4 != sizeof(psa_auth_challenge_t)) {
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
- challenge = (psa_auth_challenge_t *) packet->data;
- PSA_ADAC_LOG_DUMP("host", "challenge", challenge->challenge_vector,
- sizeof(challenge->challenge_vector));
- break;
- case SDP_AUTH_RESPONSE_CMD:
- case SDP_RESUME_BOOT_CMD:
- case SDP_LOCK_DEBUG_CMD:
- printf("status = 0x%04x, data_count = %d\n", packet->status, packet->data_count);
- break;
- default:
- r = PSA_ERROR_NOT_SUPPORTED;
- }
- return r;
-}
-
-psa_status_t val_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type,
- uint8_t exts[], size_t exts_size, uint8_t *fragment[],
- size_t *fragment_size, psa_key_handle_t handle,
- uint8_t *key, size_t key_size)
-{
- psa_status_t r;
-
- r = psa_adac_sign_token(challenge, challenge_size, signature_type, exts, exts_size,
- fragment, fragment_size, handle, key, key_size);
- if (r == PSA_SUCCESS) {
- PSA_ADAC_LOG_DUMP("host", "token", *fragment, *fragment_size);
- } else {
- PSA_ADAC_LOG_ERR("host", "Error signing token\n");
- r = PSA_ERROR_GENERIC_ERROR;
- }
- return r;
-}
-
-psa_status_t val_send_certificate(psa_tlv_t **extns_list, size_t extns_count)
-{
- request_packet_t *request;
- response_packet_t *response;
- psa_status_t r;
- uint8_t *payload;
- size_t i, payload_size;
- psa_tlv_t *current_extn;
-
- for (size_t i = 0; i < extns_count; i++) {
- current_extn = extns_list[i];
- if (current_extn->type_id == 0x0201) {
- payload = (uint8_t *)current_extn;
- payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
-
- printf("Sending Certificate\n");
- r = val_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
- if (r != PSA_SUCCESS)
- return r;
-
- printf("Receiving token_authentication response\n");
- response = val_await_response();
- r = val_parse_response(SDP_AUTH_RESPONSE_CMD, response);
- if (r != PSA_SUCCESS)
- return r;
-
- if (response->status == SDP_NEED_MORE_DATA)
- response_packet_release(response);
- }
- }
- if (response->status != SDP_NEED_MORE_DATA) {
- PSA_ADAC_LOG_ERR("host", "Unexpected response status %x\n", response->status);
- r = PSA_ERROR_GENERIC_ERROR;
- return r;
- }
- response_packet_release(response);
- return r;
-}
-
-int val_check_cryptosystem_support(response_packet_t *packet, uint8_t key_system)
-{
- int found = 0, j;
- size_t i = 0;
- psa_tlv_t *tlv;
- uint8_t *key_support_types = NULL;
-
- while ((i + 4) < (packet->data_count * 4)) {
- tlv = (psa_tlv_t *) (((uint8_t *)packet->data) + i);
- if (tlv->type_id == 0x0102) {
- key_support_types = tlv->value;
- for (j = 0; j < (tlv->length_in_bytes); j++) {
- if (*(key_support_types+j) == key_system) {
- found = 1;
- break;
- }
- }
- }
- i += sizeof(psa_tlv_t) + tlv->length_in_bytes;
- }
-
- if (key_support_types == NULL)
- printf("Cryptosystem Type ID not found in target's response\n");
- else if (!found)
- printf("Cryptosystem not supported by target\n");
- else
- printf("Cryptosystem supported by target\n");
-
- return found;
-}
diff --git a/secure-debug/val/src/val_dispatcher.c b/secure-debug/val/src/val_dispatcher.c
index 86426cc..020c91c 100644
--- a/secure-debug/val/src/val_dispatcher.c
+++ b/secure-debug/val/src/val_dispatcher.c
@@ -20,10 +20,9 @@
#include "val_interfaces.h"
#include "val_peripherals.h"
-
extern val_api_t val_api;
-/* gloabls */
+/* globals */
addr_t g_test_info_addr;
/**
@@ -151,10 +150,8 @@
**/
int32_t val_dispatcher(test_id_t test_id_prev)
{
-
test_id_t test_id;
val_status_t status;
- boot_t boot;
test_count_t test_count = {0,};
uint32_t test_result;
@@ -214,9 +211,3 @@
return (test_count.fail_cnt > 0) ? VAL_STATUS_TEST_FAILED : VAL_STATUS_SUCCESS;
}
-
-
-
-
-
-
diff --git a/secure-debug/val/src/val_entry.c b/secure-debug/val/src/val_entry.c
index 1d13bcb..fdfbcc9 100644
--- a/secure-debug/val/src/val_entry.c
+++ b/secure-debug/val/src/val_entry.c
@@ -19,8 +19,7 @@
#include "val_framework.h"
#include "val_peripherals.h"
#include "val_dispatcher.h"
-
-int32_t val_entry(void);
+#include "pal_interfaces.h"
/**
@brief - PSA C main function, does VAL init and calls test dispatcher
diff --git a/secure-debug/val/src/val_framework.c b/secure-debug/val/src/val_framework.c
index 2a700b4..bf7af91 100644
--- a/secure-debug/val/src/val_framework.c
+++ b/secure-debug/val/src/val_framework.c
@@ -19,12 +19,9 @@
#include "val_interfaces.h"
#include "val_dispatcher.h"
#include "val_peripherals.h"
-#include "pal_interfaces.h"
-
extern val_api_t val_api;
-
/* globals */
test_status_buffer_t g_status_buffer;
@@ -72,7 +69,6 @@
state = TEST_FAIL;
val_print(PRINT_ALWAYS, "\nTEST RESULT: FAILED(Error Code=0x%x)\n", VAL_STATUS_INVALID);
break;
-
}
val_print(PRINT_ALWAYS, "\n******************************************\n", 0);
@@ -119,9 +115,8 @@
if (VAL_ERROR(status)) {
val_print(PRINT_ERROR, "\tCheckpoint %d : ", checkpoint);
val_print(PRINT_ERROR, "Error Code=0x%x \n", status);
- } else {
+ } else
val_print(PRINT_DEBUG, "\tCheckpoint %d \n", checkpoint);
- }
}
return status;
}
diff --git a/secure-debug/val/src/val_interfaces.c b/secure-debug/val/src/val_interfaces.c
index 63c041d..133c679 100644
--- a/secure-debug/val/src/val_interfaces.c
+++ b/secure-debug/val/src/val_interfaces.c
@@ -15,7 +15,6 @@
* limitations under the License.
**/
-
#include "val_framework.h"
#include "val_interfaces.h"
#include "val_peripherals.h"
diff --git a/secure-debug/val/src/val_peripherals.c b/secure-debug/val/src/val_peripherals.c
index e804485..4114a3e 100644
--- a/secure-debug/val/src/val_peripherals.c
+++ b/secure-debug/val/src/val_peripherals.c
@@ -17,7 +17,6 @@
#include "val_peripherals.h"
#include "pal_interfaces.h"
-#include "val_framework.h"
/* Global */
uint32_t is_logger_init_done = 0;
diff --git a/secure-debug/val/val.cmake b/secure-debug/val/val.cmake
index 665db48..c42975b 100644
--- a/secure-debug/val/val.cmake
+++ b/secure-debug/val/val.cmake
@@ -15,14 +15,9 @@
# * limitations under the License.
#**/
-if(NOT DEFINED PSA_ADAC_ROOT)
- get_filename_component(PSA_ADAC_ROOT ${CMAKE_SOURCE_DIR}/psa-adac ABSOLUTE)
-endif()
-
# Listing all the sources from val
list(APPEND VAL_SRC_C
${CMAKE_SOURCE_DIR}/val/src/val_entry.c
- ${CMAKE_SOURCE_DIR}/val/src/val_adac.c
${CMAKE_SOURCE_DIR}/val/src/val_dispatcher.c
${CMAKE_SOURCE_DIR}/val/src/val_framework.c
${CMAKE_SOURCE_DIR}/val/src/val_interfaces.c
@@ -33,10 +28,9 @@
add_library(${ADAC_HOST_VAL_LIB} STATIC ${VAL_SRC_C})
target_include_directories(${ADAC_HOST_VAL_LIB} PRIVATE
- ${CMAKE_SOURCE_DIR}/val/include
${CMAKE_BINARY_DIR}
- ${PSA_ADAC_ROOT}/psa-adac/core/include
- ${PSA_ADAC_ROOT}/psa-adac/sdm/include
+ ${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
-target_link_libraries(${ADAC_HOST_VAL_LIB} mbedcrypto)
+target_link_libraries(${ADAC_HOST_VAL_LIB} ${ADAC_HOST_PAL_LIB})