psa arch test v1.3 release candidate 1
diff --git a/secure-debug/tests/adac/suite.cmake b/secure-debug/tests/adac/suite.cmake
index 167d305..df04e08 100644
--- a/secure-debug/tests/adac/suite.cmake
+++ b/secure-debug/tests/adac/suite.cmake
@@ -35,7 +35,7 @@
target_include_directories(${TEST_COMBINE_LIB} PRIVATE
${CMAKE_BINARY_DIR}
- ${PSA_ROOT_DIR}/val/include
- ${PSA_ROOT_DIR}/platform/${TARGET}/include
+ ${CMAKE_SOURCE_DIR}/val/include
+ ${CMAKE_SOURCE_DIR}/platform/common/include
)
-target_link_libraries(${TEST_COMBINE_LIB} mbedcrypto)
+target_link_libraries(${TEST_COMBINE_LIB} ${ADAC_HOST_VAL_LIB})
diff --git a/secure-debug/tests/adac/test_a001/test_a001.c b/secure-debug/tests/adac/test_a001/test_a001.c
index 66f878e..d6ce71f 100644
--- a/secure-debug/tests/adac/test_a001/test_a001.c
+++ b/secure-debug/tests/adac/test_a001/test_a001.c
@@ -16,7 +16,7 @@
**/
#include <psa_adac.h>
-#include <val_adac.h>
+#include <adac_util.h>
#include "val_interfaces.h"
#include "test_a001.h"
@@ -27,60 +27,71 @@
void test_entry(val_api_t *val_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ psa_status_t ret;
val_api_t *val = NULL;
-
val = val_api;
/* test init */
val->test_init(TEST_NUM, TEST_DESC);
- val_adac_host_init();
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
- uint8_t challenge1[CHALLENGE_SIZE], challenge2[CHALLENGE_SIZE], i;
-
+ uint8_t challenge1[CHALLENGE_SIZE], i;
+ uint8_t *vect;
request_packet_t *request;
response_packet_t *response;
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
-
- *challenge1 = (uint8_t)(challenge->challenge_vector);
+ vect = (challenge->challenge_vector);
response_packet_release(response);
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ for (i = 0; i < CHALLENGE_SIZE; i++)
+ challenge1[i] = *(vect+i);
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
challenge = (psa_auth_challenge_t *) response->data;
-
- *challenge2 = (uint8_t)(challenge->challenge_vector);
response_packet_release(response);
for (i = 0; i < CHALLENGE_SIZE; i++) {
- if (challenge1[i] != challenge2[i])
+ if (challenge1[i] != *(vect+i))
break;
}
if (i == CHALLENGE_SIZE) {
val->print(PRINT_ERROR, "Challenge response obtained is not unique\n", 0);
- goto test_fail_exit;
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_ERROR);
} else {
val->print(PRINT_INFO, "Challenge response obtained is unique\n", 0);
- goto test_end;
}
-test_fail_exit:
- val_set_status(RESULT_FAIL(VAL_STATUS_TEST_FAILED));
test_end:
val->test_exit();
}
-
diff --git a/secure-debug/tests/adac/test_a002/test_a002.c b/secure-debug/tests/adac/test_a002/test_a002.c
index dabbc34..9aeec89 100644
--- a/secure-debug/tests/adac/test_a002/test_a002.c
+++ b/secure-debug/tests/adac/test_a002/test_a002.c
@@ -16,7 +16,7 @@
**/
#include <psa_adac.h>
-#include <val_adac.h>
+#include <adac_util.h>
#include "val_interfaces.h"
#include "test_a002.h"
@@ -27,43 +27,79 @@
void test_entry(val_api_t *val_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ psa_status_t ret;
val_api_t *val = NULL;
-
val = val_api;
/* test init */
val->test_init(TEST_NUM, TEST_DESC);
- val_adac_host_init();
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
uint8_t *chain = NULL;
size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
- if (PSA_SUCCESS != val_load_certificate_chain(chain_file, &chain, &chain_size))
- goto test_fail_exit;
+ // Ensure device is locked before starting unlock sequence.
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if ((response->status != SDP_SUCCESS) && (response->status != SDP_UNSUPPORTED)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
psa_tlv_t *exts[MAX_EXTENSIONS];
size_t exts_count = 0;
uint8_t key_type;
- if (PSA_SUCCESS != val_infer_cryptosystem((uint32_t *) chain, chain_size, exts,
- &exts_count, &key_type)) {
- goto test_fail_exit;
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
- request_packet_t *request;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
- if (PSA_SUCCESS != val_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0))
- goto test_fail_exit;
-
- response_packet_t *response;
-
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_DISCOVERY_CMD, response))
- goto test_fail_exit;
-
- if (!val_check_cryptosystem_support(response, key_type))
- goto test_fail_exit;
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
response_packet_release(response);
@@ -71,54 +107,117 @@
uint8_t *key = NULL;
size_t key_size = 0;
- if (PSA_SUCCESS != val_get_private_key(key_file, &key_type, &handle, &key, &key_size))
- goto test_fail_exit;
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_START_CMD, request, NULL, 0))
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_START_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
uint8_t *token = NULL;
size_t token_size = 0;
+ uint8_t perm_req[32], i;
- if (PSA_SUCCESS != val_sign_token(challenge->challenge_vector,
- sizeof(challenge->challenge_vector),
- key_type, NULL, 0, &token, &token_size,
- handle, key, key_size)) {
- goto test_fail_exit;
+ // Set the permission request for the debug token.
+ for (i = 0; i < 32; i++)
+ perm_req[i] = (0xFF ^ i);
+
+ ret = psa_adac_construct_token(challenge->challenge_vector, sizeof(challenge->challenge_vector),
+ key_type, NULL, 0, &token, &token_size, perm_req,
+ handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
response_packet_release(response);
- if (PSA_SUCCESS != val_send_certificate(exts, exts_count))
- goto test_fail_exit;
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
val->print(PRINT_INFO, "Sending token\n", 0);
- if (PSA_SUCCESS != val_issue_command(SDP_AUTH_RESPONSE_CMD, request,
- (uint8_t *)token, token_size)) {
- goto test_fail_exit;
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token, token_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(13), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
}
val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
- response = val_await_response();
- if (PSA_SUCCESS != val_parse_response(SDP_AUTH_RESPONSE_CMD, response))
- goto test_fail_exit;
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(14), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
if (response->status == SDP_SUCCESS)
val->print(PRINT_INFO, "Target unlocked successfully\n", 0);
else
- goto test_fail_exit;
+ val->err_check_set(TEST_CHECKPOINT_NUM(15), VAL_STATUS_ERROR);
response_packet_release(response);
- goto test_end;
-test_fail_exit:
- val_set_status(RESULT_FAIL(VAL_STATUS_TEST_FAILED));
+ val->print(PRINT_INFO, "Closing debug session\n", 0);
+ ret = psa_adac_issue_command(SDP_RESUME_BOOT_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(16), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_RESUME_BOOT_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(17), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(18), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ // Set device in locked state.
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(19), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(20), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Debug access is locked\n", 0);
+ else if (response->status == SDP_UNSUPPORTED)
+ val->print(PRINT_INFO, "Debug access cannot be locked\n", 0);
+ else {
+ val->print(PRINT_ERROR, "Invalid response\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(21), VAL_STATUS_ERROR);
+ }
+
+ response_packet_release(response);
+
test_end:
val->test_exit();
}
-
diff --git a/secure-debug/tests/adac/test_a003/test.cmake b/secure-debug/tests/adac/test_a003/test.cmake
new file mode 100644
index 0000000..dc23e77
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a003.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a003/test_a003.c b/secure-debug/tests/adac/test_a003/test_a003.c
new file mode 100644
index 0000000..865db6f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test_a003.c
@@ -0,0 +1,176 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a003.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 3)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_discovery_tlv_response\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_status_t status;
+
+ val_api_t *val = NULL;
+ val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *tlv = NULL, *current_tlv = NULL, **tlv_seq = NULL;
+ uint16_t *type_id_list;
+ size_t type_id_size, i, j;
+
+ // Send discovery packet with no requested type ID.
+ request = request_packet_build(SDP_DISCOVERY_CMD, NULL, 0);
+ if (request == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+ request_packet_send(request);
+ request_packet_release(request);
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Variable to collect the reference to each TLV in the response sequence.
+ tlv_seq = (psa_tlv_t **)malloc((response->data_count) * sizeof(psa_tlv_t *));
+ if (tlv_seq == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Variable to collect the type ID from each TLV entry.
+ type_id_list = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ if (type_id_list == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence.
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ tlv_seq[j] = tlv;
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ j = 0;
+ while (tlv_seq[j] != tlv)
+ {
+ current_tlv = tlv_seq[j];
+ type_id_list[j] = current_tlv->type_id;
+
+ if (type_id_list[j] == PSA_LIFECYCLE)
+ status = check_lifecycle_major_state(current_tlv->value, current_tlv->length_in_bytes);
+ else if (type_id_list[j] == TOKEN_FORMATS)
+ status = check_adac_token_support(current_tlv->value, current_tlv->length_in_bytes);
+ else if (type_id_list[j] == CERT_FORMATS)
+ status = check_adac_cert_support(current_tlv->value, current_tlv->length_in_bytes);
+ else
+ status = VAL_STATUS_SUCCESS;
+
+ j++;
+ }
+
+ if (status != VAL_STATUS_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), status);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+test_end:
+ if (tlv_seq != NULL)
+ free(tlv_seq);
+
+ if (type_id_list != NULL)
+ free(type_id_list);
+
+ val->test_exit();
+}
+
+static val_status_t check_lifecycle_major_state(uint8_t *value, size_t size)
+{
+ uint16_t state;
+
+ // Device cannot have multiple lifecycle states.
+ if (size != 0x2)
+ return VAL_STATUS_INVALID_SIZE;
+
+ state = (*(uint16_t *)value) & PSA_LIFECYCLE_MAJOR_STATE;
+
+ switch (state) {
+ case UNKNOWN:
+ case ASSEMBLY_AND_TEST:
+ case PSA_ROT_AND_PROVISIONING:
+ case SECURED:
+ case NON_PSA_ROT_DEBUG:
+ case RECOVERABLE_PSA_ROT_DEBUG:
+ case DECOMMISSIONED:
+ return VAL_STATUS_SUCCESS;
+ default:
+ return VAL_STATUS_DATA_MISMATCH;
+ break;
+ }
+}
+
+static val_status_t check_adac_token_support(uint8_t *value, size_t size)
+{
+ uint16_t payload;
+ uint8_t payload_bytes = (uint8_t)size;
+ uint8_t i;
+
+ for (i = 0; i < payload_bytes; i += 2)
+ {
+ payload = (*(uint16_t *)(value + i));
+ if (payload == TOKEN_ADAC)
+ return VAL_STATUS_SUCCESS;
+ }
+
+ return VAL_STATUS_DATA_MISMATCH;
+}
+
+static val_status_t check_adac_cert_support(uint8_t *value, size_t size)
+{
+ uint16_t payload;
+ uint8_t payload_bytes = (uint8_t)size;
+ uint8_t i;
+
+ for (i = 0; i < payload_bytes; i += 2)
+ {
+ payload = (*(uint16_t *)(value + i));
+ if (payload == CERT_ADAC)
+ return VAL_STATUS_SUCCESS;
+ }
+
+ return VAL_STATUS_DATA_MISMATCH;
+}
diff --git a/secure-debug/tests/adac/test_a003/test_a003.h b/secure-debug/tests/adac/test_a003/test_a003.h
new file mode 100644
index 0000000..a6a47dc
--- /dev/null
+++ b/secure-debug/tests/adac/test_a003/test_a003.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A003_TESTS_H_
+#define _TEST_A003_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a003)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static val_status_t check_lifecycle_major_state(uint8_t *value, size_t size);
+static val_status_t check_adac_token_support(uint8_t *value, size_t size);
+static val_status_t check_adac_cert_support(uint8_t *value, size_t size);
+
+#endif /* _TEST_A003_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a004/test.cmake b/secure-debug/tests/adac/test_a004/test.cmake
new file mode 100644
index 0000000..15ea303
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a004.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a004/test_a004.c b/secure-debug/tests/adac/test_a004/test_a004.c
new file mode 100644
index 0000000..4b8be6a
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test_a004.c
@@ -0,0 +1,147 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a004.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 4)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_discovery_tlv_request\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_status_t status;
+ val_api_t *val = NULL;
+ val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *tlv = NULL;
+ uint16_t *type_id_list, *type_id_list_rev;
+ uint8_t *type_id_ptr;
+ size_t type_id_size, i, j, tlv_entries;
+
+ // Send discovery packet with no requested type ID.
+ type_id_ptr = NULL;
+ type_id_size = 0;
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Variable to collect the type ID from each TLV entry.
+ type_id_list = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ type_id_list_rev = (uint16_t *)malloc((response->data_count) * sizeof(uint16_t));
+ if ((type_id_list == NULL) || (type_id_list_rev == NULL)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INSUFFICIENT_SIZE);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence.
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ type_id_list[j] = tlv->type_id;
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ tlv_entries = j;
+ response_packet_release(response);
+
+ // Create a list of type ID in decreasing ID value.
+ j = 0;
+ while (j < tlv_entries) {
+ type_id_list_rev[j] = type_id_list[tlv_entries-1-j];
+ j++;
+ }
+
+ // Send discovery request packet with a subset of requested type ID.
+ type_id_ptr = (uint8_t *)type_id_list;
+ type_id_size = (tlv_entries/2) * sizeof(uint16_t);
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS) {
+ for (i = 0, j = 0; (i + 4) < (response->data_count * 4); j++) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+
+ // Response must contain at least as many type IDs as requested.
+ if (j < tlv_entries/2) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+ } else {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ // Send discovery packet with a reverse order of requested type ID.
+ type_id_ptr = (uint8_t *)type_id_list_rev;
+ type_id_size = tlv_entries * sizeof(uint16_t);
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, type_id_ptr, type_id_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_SUCCESS)
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ if ((type_id_list != NULL) || (type_id_list_rev != NULL)) {
+ free(type_id_list);
+ free(type_id_list_rev);
+ }
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a004/test_a004.h b/secure-debug/tests/adac/test_a004/test_a004.h
new file mode 100644
index 0000000..a4fd46d
--- /dev/null
+++ b/secure-debug/tests/adac/test_a004/test_a004.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A004_TESTS_H_
+#define _TEST_A004_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a004)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A004_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a005/test.cmake b/secure-debug/tests/adac/test_a005/test.cmake
new file mode 100644
index 0000000..3152266
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a005.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a005/test_a005.c b/secure-debug/tests/adac/test_a005/test_a005.c
new file mode 100644
index 0000000..612a882
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test_a005.c
@@ -0,0 +1,219 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a005.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 5)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_replay\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_issue_command(SDP_LOCK_DEBUG_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_LOCK_DEBUG_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Target is locked\n", 0);
+ else
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ psa_key_handle_t handle;
+ uint8_t *key = NULL;
+ size_t key_size = 0;
+
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge1 = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token1 = NULL;
+ size_t token1_size = 0;
+
+ ret = psa_adac_construct_token(challenge1->challenge_vector,
+ sizeof(challenge1->challenge_vector), key_type, NULL, 0,
+ &token1, &token1_size, NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(13), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(14), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge2 = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token2 = NULL;
+ size_t token2_size = 0;
+
+ ret = psa_adac_construct_token(challenge2->challenge_vector,
+ sizeof(challenge2->challenge_vector), key_type, NULL, 0,
+ &token2, &token2_size, NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(15), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(16), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Sending older token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token1, token1_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(17), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(18), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(19), VAL_STATUS_ERROR);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ val->print(PRINT_INFO, "Sending new token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token2, token2_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(20), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(21), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(22), VAL_STATUS_INVALID);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
diff --git a/secure-debug/tests/adac/test_a005/test_a005.h b/secure-debug/tests/adac/test_a005/test_a005.h
new file mode 100644
index 0000000..9ca8109
--- /dev/null
+++ b/secure-debug/tests/adac/test_a005/test_a005.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A005_TESTS_H_
+#define _TEST_A005_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a005)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A005_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a006/test.cmake b/secure-debug/tests/adac/test_a006/test.cmake
new file mode 100644
index 0000000..681a50c
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a006.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a006/test_a006.c b/secure-debug/tests/adac/test_a006/test_a006.c
new file mode 100644
index 0000000..bb63679
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test_a006.c
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a006.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 6)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_auth_resp_null\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+
+ // Send authentication response command with no payload.
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a006/test_a006.h b/secure-debug/tests/adac/test_a006/test_a006.h
new file mode 100644
index 0000000..bbe8d86
--- /dev/null
+++ b/secure-debug/tests/adac/test_a006/test_a006.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A006_TESTS_H_
+#define _TEST_A006_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a006)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A006_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a007/test.cmake b/secure-debug/tests/adac/test_a007/test.cmake
new file mode 100644
index 0000000..530f69d
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a007.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a007/test_a007.c b/secure-debug/tests/adac/test_a007/test_a007.c
new file mode 100644
index 0000000..a9ee125
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test_a007.c
@@ -0,0 +1,71 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a007.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 7)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_invalid_command\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ uint16_t command[] = { 0x0, 0x100, 0xBAD, 0x7FFF};
+ uint32_t i, cmd_list_size;
+
+ cmd_list_size = sizeof(command)/sizeof(command[0]);
+
+ for (i = 0; i < cmd_list_size; i++) {
+ request = request_packet_build(command[i], NULL, 0);
+ if (request != NULL) {
+ val->print(PRINT_INFO, "Sending command 0x%x\n", command[i]);
+ if (request_packet_send(request) < 0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM((1*i)), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ request_packet_release(request);
+ }
+
+ response = response_packet_receive();
+ if (response->status != SDP_INVALID_COMMAND)
+ val->err_check_set(TEST_CHECKPOINT_NUM((2*i)), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+ }
+
+ if (i != cmd_list_size)
+ val->err_check_set(TEST_CHECKPOINT_NUM((2*i-1)), VAL_STATUS_ERROR);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a007/test_a007.h b/secure-debug/tests/adac/test_a007/test_a007.h
new file mode 100644
index 0000000..35a3834
--- /dev/null
+++ b/secure-debug/tests/adac/test_a007/test_a007.h
@@ -0,0 +1,24 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A007_TESTS_H_
+#define _TEST_A007_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a007)
+
+extern val_api_t *val;
+
+#endif /* _TEST_A007_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a008/test.cmake b/secure-debug/tests/adac/test_a008/test.cmake
new file mode 100644
index 0000000..af078b4
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a008.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a008/test_a008.c b/secure-debug/tests/adac/test_a008/test_a008.c
new file mode 100644
index 0000000..7b362e6
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test_a008.c
@@ -0,0 +1,151 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a008.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 8)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_cert_order\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ uint8_t *payload = NULL, *leaf_cert = NULL;
+ size_t payload_size, leaf_cert_size, i;
+ psa_tlv_t *current_extn;
+
+ for (i = 0; i < exts_count; i++) {
+ current_extn = exts[i];
+ if (current_extn->type_id == CERT_ADAC) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ certificate_header_t *header = (certificate_header_t *) (current_extn->value);
+
+ if (header->role == SDP_CRT_ROLE_LEAF) {
+ leaf_cert = current_extn->value;
+ leaf_cert_size = current_extn->length_in_bytes;
+ break;
+ }
+ }
+ }
+
+ if (leaf_cert == NULL) {
+ val->print(PRINT_ERROR, "Leaf certificate not found\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_NOT_FOUND);
+ goto test_end;
+ }
+
+ if (leaf_cert_size < sizeof(certificate_header_t)) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_INVALID_SIZE);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a008/test_a008.h b/secure-debug/tests/adac/test_a008/test_a008.h
new file mode 100644
index 0000000..fb92be8
--- /dev/null
+++ b/secure-debug/tests/adac/test_a008/test_a008.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A008_TESTS_H_
+#define _TEST_A008_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a008)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A008_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a009/test.cmake b/secure-debug/tests/adac/test_a009/test.cmake
new file mode 100644
index 0000000..eb94a50
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a009.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a009/test_a009.c b/secure-debug/tests/adac/test_a009/test_a009.c
new file mode 100644
index 0000000..e117e5f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test_a009.c
@@ -0,0 +1,167 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a009.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 9)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_scope_limit\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS];
+ size_t exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ uint8_t *payload = NULL;
+ size_t payload_size, i;
+ psa_tlv_t *current_extn;
+ certificate_header_t *header = NULL;
+ uint8_t *leaf_cert = NULL;
+
+ // Modify scope limit constraints at host-side for soc_class
+ for (i = 0; i < exts_count; i++) {
+ current_extn = exts[i];
+ if (current_extn->type_id == CERT_ADAC) {
+ payload = (uint8_t *)current_extn;
+ payload_size = current_extn->length_in_bytes + sizeof(psa_tlv_t);
+
+ header = (certificate_header_t *) (current_extn->value);
+ if (header->role != SDP_CRT_ROLE_ROOT) {
+ leaf_cert = current_extn->value;
+ modify_soc_class_neutral(header, i);
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, payload, payload_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ // Restore the tampered certificate value
+ if (header->role == SDP_CRT_ROLE_ROOT)
+ modify_soc_class_neutral(header, i);
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_NEED_MORE_DATA) {
+ response_packet_release(response);
+ } else if (response->status == SDP_FAILURE) {
+ val->print(PRINT_INFO, "Inconsistent certificate chain rejected by target\n", 0);
+ break;
+ } else {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_INVALID);
+ break;
+ }
+ }
+ }
+
+ if (leaf_cert == NULL) {
+ val->print(PRINT_ERROR, "Leaf certificate not found\n", 0);
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_NOT_FOUND);
+ goto test_end;
+ }
+
+ if (response->status != SDP_FAILURE)
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
+static void modify_soc_class_neutral(certificate_header_t *h, size_t chain_count)
+{
+ // Change the values to create non-neutral fields for soc_class for non-root certificates.
+ h->soc_class = h->soc_class ^ (uint32_t)(~chain_count);
+}
diff --git a/secure-debug/tests/adac/test_a009/test_a009.h b/secure-debug/tests/adac/test_a009/test_a009.h
new file mode 100644
index 0000000..b89c10b
--- /dev/null
+++ b/secure-debug/tests/adac/test_a009/test_a009.h
@@ -0,0 +1,27 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A009_TESTS_H_
+#define _TEST_A009_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a009)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static void modify_soc_class_neutral(certificate_header_t *header, size_t chain_count);
+#endif /* _TEST_A009_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a010/test.cmake b/secure-debug/tests/adac/test_a010/test.cmake
new file mode 100644
index 0000000..514ddf9
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a010.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a010/test_a010.c b/secure-debug/tests/adac/test_a010/test_a010.c
new file mode 100644
index 0000000..45b7158
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test_a010.c
@@ -0,0 +1,180 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a010.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 10)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_sw_partition\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ uint8_t *chain = NULL;
+ size_t chain_size = 0;
+ request_packet_t *request;
+ response_packet_t *response;
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ psa_tlv_t *exts[MAX_EXTENSIONS], *tk_exts[MAX_EXTENSIONS];
+ size_t exts_count = 0, tk_exts_count = 0;
+ uint8_t key_type;
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+ key_type = detect_cryptosystem(exts, exts_count);
+
+ ret = psa_adac_issue_command(SDP_DISCOVERY_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_DISCOVERY_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_check_cryptosystem_support(response, key_type);
+ if (ret == PSA_ERROR_NOT_SUPPORTED) {
+ val->set_status(RESULT_SKIP(key_type));
+ goto test_end;
+ }
+
+ response_packet_release(response);
+
+ psa_key_handle_t handle;
+ uint8_t *key = NULL;
+ size_t key_size = 0;
+
+ ret = psa_adac_get_private_key(key_file, &key_type, &handle, &key, &key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ ret = psa_adac_issue_command(SDP_AUTH_START_CMD, request, NULL, 0);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_START_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(7), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ psa_auth_challenge_t *challenge = (psa_auth_challenge_t *) response->data;
+
+ uint8_t *token = NULL;
+ size_t token_size = 0;
+
+ set_sw_partitions((uint8_t *)tk_exts, &tk_exts_count, 2);
+
+ ret = psa_adac_construct_token(challenge->challenge_vector, sizeof(challenge->challenge_vector),
+ key_type, (uint8_t *)tk_exts, tk_exts_count, &token, &token_size,
+ NULL, handle, key, key_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(8), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+ response_packet_release(response);
+
+ ret = psa_adac_send_certificate(exts, exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(9), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Sending token\n", 0);
+ ret = psa_adac_issue_command(SDP_AUTH_RESPONSE_CMD, request, (uint8_t *)token, token_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(10), VAL_STATUS_WRITE_FAILED);
+ goto test_end;
+ }
+
+ val->print(PRINT_INFO, "Receiving token_authentication response\n", 0);
+ response = psa_adac_await_response();
+ ret = psa_adac_parse_response(SDP_AUTH_RESPONSE_CMD, response);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(11), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ if (response->status == SDP_SUCCESS)
+ val->print(PRINT_INFO, "Target unlocked successfully\n", 0);
+ else
+ val->err_check_set(TEST_CHECKPOINT_NUM(12), VAL_STATUS_ERROR);
+
+ response_packet_release(response);
+
+test_end:
+ val->test_exit();
+}
+
+static void set_sw_partitions(uint8_t *token_exts, size_t *token_exts_len, size_t num_tlv_entries)
+{
+ psa_tlv_t *tlv = NULL;
+ size_t i = 0;
+ uint8_t j, k, tlv_value_size;
+
+ for (j = 0; j < num_tlv_entries; j++) {
+ tlv = (psa_tlv_t *)(token_exts + i);
+ tlv->type_id = SW_PARTITION_ID;
+ tlv->length_in_bytes = 0x6;
+ tlv_value_size = ROUND_TO_WORD(tlv->length_in_bytes);
+
+ // Arbitrary scheme of software partitions IDs
+ for (k = 0; k < tlv->length_in_bytes; k++)
+ (tlv->value)[k] = j*4 + k;
+
+ // Pad with 0x0 for a 32 bit aligned TLV
+ while ((k % 4 != 0) && (k < tlv_value_size)) {
+ (tlv->value)[k] = 0x0;
+ k++;
+ }
+
+ i += sizeof(psa_tlv_t) + tlv_value_size;
+ }
+ *token_exts_len = i;
+}
diff --git a/secure-debug/tests/adac/test_a010/test_a010.h b/secure-debug/tests/adac/test_a010/test_a010.h
new file mode 100644
index 0000000..130640f
--- /dev/null
+++ b/secure-debug/tests/adac/test_a010/test_a010.h
@@ -0,0 +1,28 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A010_TESTS_H_
+#define _TEST_A010_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a010)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+static void set_sw_partitions(uint8_t *token_exts, size_t *token_exts_len, size_t num_tlv_entries);
+
+#endif /* _TEST_A010_TESTS_H_ */
diff --git a/secure-debug/tests/adac/test_a011/test.cmake b/secure-debug/tests/adac/test_a011/test.cmake
new file mode 100644
index 0000000..96b4df9
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test.cmake
@@ -0,0 +1,21 @@
+#/** @file
+# * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_a011.c
+)
+list(APPEND CC_OPTIONS )
diff --git a/secure-debug/tests/adac/test_a011/test_a011.c b/secure-debug/tests/adac/test_a011/test_a011.c
new file mode 100644
index 0000000..09d33ba
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test_a011.c
@@ -0,0 +1,101 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include <psa_adac.h>
+#include <adac_util.h>
+#include "val_interfaces.h"
+
+#include "test_a011.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_SECURE_DEBUG_BASE, 11)
+#define TEST_DESC "Testing ADAC Protocol Host API| UT: psa_tlv_reserved\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+
+void test_entry(val_api_t *val_api)
+{
+ psa_status_t ret;
+ val_api_t *val = val_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC);
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_end;
+ }
+ psa_adac_host_init();
+
+ request_packet_t *request;
+ response_packet_t *response;
+ psa_tlv_t *exts[MAX_EXTENSIONS], *tlv = NULL;
+ uint8_t *chain = NULL;
+ size_t chain_size = 0, exts_count = 0, i, err_count;
+
+ // Send discovery packet with no requested type ID.
+ request = request_packet_build(SDP_DISCOVERY_CMD, NULL, 0);
+ if (request == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(1), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+ request_packet_send(request);
+ request_packet_release(request);
+
+ response = psa_adac_await_response();
+ if (response == NULL) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(2), VAL_STATUS_CONNECTION_FAILED);
+ goto test_end;
+ }
+
+ // Parse the TLV sequence in the discovery response.
+ err_count = 0;
+ for (i = 0; (i + 4) < (response->data_count * 4);) {
+ tlv = (psa_tlv_t *) (((uint8_t *)response->data) + i);
+ err_count += (tlv->_reserved != 0x0);
+ i += sizeof(psa_tlv_t) + ROUND_TO_WORD(tlv->length_in_bytes);
+ }
+ response_packet_release(response);
+
+ if (err_count != 0x0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(3), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+ ret = psa_adac_load_certificate_chain(chain_file, &chain, &chain_size);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(4), VAL_STATUS_LOAD_ERROR);
+ goto test_end;
+ }
+
+ ret = psa_adac_read_extensions((uint32_t *)chain, chain_size, exts, &exts_count);
+ if (ret != PSA_SUCCESS) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(5), VAL_STATUS_READ_FAILED);
+ goto test_end;
+ }
+
+ err_count = 0;
+ for (i = 0; i < exts_count; i++) {
+ tlv = exts[i];
+ err_count += (tlv->_reserved != 0x0);
+ }
+
+ if (err_count != 0x0) {
+ val->err_check_set(TEST_CHECKPOINT_NUM(6), VAL_STATUS_INVALID);
+ goto test_end;
+ }
+
+test_end:
+ val->test_exit();
+}
diff --git a/secure-debug/tests/adac/test_a011/test_a011.h b/secure-debug/tests/adac/test_a011/test_a011.h
new file mode 100644
index 0000000..df8eecc
--- /dev/null
+++ b/secure-debug/tests/adac/test_a011/test_a011.h
@@ -0,0 +1,26 @@
+/** @file
+ * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A011_TESTS_H_
+#define _TEST_A011_TESTS_H_
+
+#define test_entry CONCAT(test_entry_, a011)
+
+extern val_api_t *val;
+extern char *key_file;
+extern char *chain_file;
+
+#endif /* _TEST_A011_TESTS_H_ */
diff --git a/secure-debug/tests/adac/testsuite.db b/secure-debug/tests/adac/testsuite.db
index 9695860..ce2e642 100644
--- a/secure-debug/tests/adac/testsuite.db
+++ b/secure-debug/tests/adac/testsuite.db
@@ -22,5 +22,14 @@
test_a001
test_a002
+test_a003
+test_a004
+test_a005
+test_a006
+test_a007
+test_a008
+test_a009
+test_a010
+test_a011
(END)