Updated the framework with additional test suites
Signed-off-by: Gowtham Siddarth <gowtham.siddarth@arm.com>
diff --git a/api-tests/val/common/val.h b/api-tests/val/common/val.h
index de9cd8c..3e9a9d7 100644
--- a/api-tests/val/common/val.h
+++ b/api-tests/val/common/val.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,18 +18,7 @@
#ifndef _VAL_COMMON_H_
#define _VAL_COMMON_H_
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-/* typedef's */
-typedef uint8_t bool_t;
-typedef uint32_t addr_t;
-typedef uint32_t test_id_t;
-typedef uint32_t block_id_t;
-typedef char char8_t;
-typedef uint32_t cfg_id_t;
-
+#include "pal_common.h"
#ifndef VAL_NSPE_BUILD
#define STATIC_DECLARE static
@@ -84,17 +73,22 @@
#define IS_TEST_PENDING(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_PENDING)
#define IS_TEST_START(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_START)
#define IS_TEST_END(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_END)
-#define VAL_ERROR(status) (status?1:0)
+#define VAL_ERROR(status) ((status & TEST_STATUS_MASK) ? 1 : 0)
/* Test Defines */
#define TEST_PUBLISH(test_id, entry) \
- const val_test_info_t __attribute__((section(".acs_test_info"))) CONCAT(acs_test_info, entry) = {test_id, entry}
+ const val_test_info_t __attribute__((section(".acs_test_info"))) \
+ CONCAT(acs_test_info, entry) = {test_id, entry}
-#define VAL_MAX_TEST_PER_COMP 200
-#define VAL_FF_BASE 0
-#define VAL_CRYPTO_BASE 1
+#define VAL_MAX_TEST_PER_COMP 200
+#define VAL_FF_BASE 0
+#define VAL_CRYPTO_BASE 1
+#define VAL_PROTECTED_STORAGE_BASE 2
+#define VAL_INTERNAL_TRUSTED_STORAGE_BASE 3
+#define VAL_INITIAL_ATTESTATION_BASE 4
+
#define VAL_GET_COMP_NUM(test_id) \
((test_id - (test_id % VAL_MAX_TEST_PER_COMP)) / VAL_MAX_TEST_PER_COMP)
#define VAL_GET_TEST_NUM(test_id) (test_id % VAL_MAX_TEST_PER_COMP)
@@ -102,7 +96,7 @@
#define TEST_FIELD(num1,num2) (num2 << 8 | num1)
#define GET_TEST_ISOLATION_LEVEL(num) (num & 0x3)
-#define GET_WD_TIMOUT_TYPE(num) ((num >> 8) & 0x3)
+#define GET_WD_TIMOUT_TYPE(num) ((num >> 8) & 0x7)
#define TEST_CHECKPOINT_NUM(n) n
#define TEST(n) n
@@ -121,9 +115,56 @@
#define VAL_NVMEM_BLOCK_SIZE 4
#define VAL_NVMEM_OFFSET(nvmem_idx) (nvmem_idx * VAL_NVMEM_BLOCK_SIZE)
-#define UART_INIT_SIGN 0xff
+#define UART_INIT_SIGN 0xff
#define UART_PRINT_SIGN 0xfe
+#define TEST_PANIC() \
+ do { \
+ } while(1)
+
+#define TEST_ASSERT_EQUAL(arg1, arg2, checkpoint) \
+ do { \
+ if ((arg1) != arg2) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d\n", checkpoint); \
+ val->print(PRINT_ERROR, "\tActual: %d\n", arg1); \
+ val->print(PRINT_ERROR, "\tExpected: %d\n", arg2); \
+ return 1; \
+ } \
+ } while (0)
+
+#define TEST_ASSERT_DUAL(arg1, status1, status2, checkpoint) \
+ do { \
+ if ((arg1) != status1 && (arg1) != status2) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d\n", checkpoint); \
+ val->print(PRINT_ERROR, "\tActual: %d\n", arg1); \
+ val->print(PRINT_ERROR, "\tExpected: %d", status1); \
+ val->print(PRINT_ERROR, "or %d\n", status2); \
+ return 1; \
+ } \
+ } while (0)
+
+#define TEST_ASSERT_NOT_EQUAL(arg1, arg2, checkpoint) \
+ do { \
+ if ((arg1) == arg2) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d\n", checkpoint); \
+ val->print(PRINT_ERROR, "\tValue: %d\n", arg1); \
+ return 1; \
+ } \
+ } while (0)
+
+#define TEST_ASSERT_MEMCMP(buf1, buf2, size, checkpoint) \
+ do { \
+ if (memcmp(buf1, buf2, size)) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d : ", checkpoint); \
+ val->print(PRINT_ERROR, "Unequal data in compared buffers\n", 0); \
+ return 1; \
+ } \
+ } while (0)
+
/* enums */
typedef enum {
NONSECURE = 0x0,
@@ -152,29 +193,6 @@
NV_TEST_CNT = 0x3,
} nvmem_index_t;
-typedef enum {
- WD_INIT_SEQ = 0x1,
- WD_ENABLE_SEQ = 0x2,
- WD_DISABLE_SEQ = 0x3,
- WD_STATUS_SEQ = 0x4,
-} wd_fn_type_t;
-
-typedef enum {
- WD_LOW_TIMEOUT = 0x1,
- WD_MEDIUM_TIMEOUT = 0x2,
- WD_HIGH_TIMEOUT = 0x3,
-} wd_timeout_type_t;
-
-typedef enum {
- NVMEM_READ = 0x1,
- NVMEM_WRITE = 0x2,
-} nvmem_fn_type_t;
-
-typedef enum {
- UART_INIT = 0x1,
- UART_PRINT = 0x2,
-} uart_fn_type_t;
-
/* enums to report test sub-state */
typedef enum {
VAL_STATUS_SUCCESS = 0x0,
@@ -203,6 +221,9 @@
VAL_STATUS_INVALID_SIZE = 0x26,
VAL_STATUS_DATA_MISMATCH = 0x27,
VAL_STATUS_BOOT_EXPECTED_BUT_FAILED = 0x28,
+ VAL_STATUS_INIT_ALREADY_DONE = 0x29,
+ VAL_STATUS_HEAP_NOT_AVAILABLE = 0x2A,
+ VAL_STATUS_ERROR_MAX = INT_MAX,
} val_status_t;
/* verbosity enums */
@@ -215,6 +236,14 @@
PRINT_ALWAYS = 9
} print_verbosity_t;
+/* Interrupt test function id enums */
+typedef enum {
+ TEST_PSA_EOI_WITH_NON_INTR_SIGNAL = 1,
+ TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS = 2,
+ TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL = 3,
+ TEST_INTR_SERVICE = 4,
+} test_intr_fn_id_t;
+
/* typedef's */
typedef struct {
boot_state_t state;
@@ -228,20 +257,6 @@
} test_count_t;
typedef struct {
- wd_fn_type_t wd_fn_type;
- addr_t wd_base_addr;
- uint32_t wd_time_us;
- uint32_t wd_timer_tick_us;
-} wd_param_t;
-
-typedef struct {
- nvmem_fn_type_t nvmem_fn_type;
- addr_t base;
- uint32_t offset;
- int size;
-} nvmem_param_t;
-
-typedef struct {
uint16_t test_num;
uint8_t block_num;
} test_info_t;
diff --git a/api-tests/val/common/val_client_defs.h b/api-tests/val/common/val_client_defs.h
index 714b7a6..db7825c 100644
--- a/api-tests/val/common/val_client_defs.h
+++ b/api-tests/val/common/val_client_defs.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,51 +18,15 @@
#ifndef _VAL_CLIENT_H_
#define _VAL_CLIENT_H_
-/****************** PSA Client API *****************/
-
-/* Note - This header file containts the declaration of PSA defined client API elements.
- * Ideally, These elements must be defined in a header file <psa_client.h> by SPM implemented
- * library and provided to clients operation in NSPE and SPE as per the specification.
- * If this is available in the platform, the elements declared as part of this
- * file can be overwritten by passing --include <path_to_psa_client_h> to setup.sh script.
- */
-
-#if PSA_IPC_IMPLEMENTED
-/* psa/client.h: Contains the Client API elements. Accessible to all applications */
-#include "psa/client.h"
-
-/* psa_manifest/sid.h: Macro definitions derived from manifest files that map from RoT Service
- * names to Service IDs (SIDs).
- * Partition manifest parse build tool must provide the implementation of this file.
-*/
-#include "psa_manifest/sid.h"
-
-#else
-
-#include "pal_sid.h"
#include "val.h"
-#define PSA_FRAMEWORK_VERSION (0x0100)
-#define PSA_VERSION_NONE (0)
-#define PSA_SUCCESS (0)
-#define PSA_CONNECTION_REFUSED (INT32_MIN + 1)
-#define PSA_CONNECTION_BUSY (INT32_MIN + 2)
-#define PSA_DROP_CONNECTION (INT32_MIN)
-#define PSA_NULL_HANDLE ((psa_handle_t)0)
-
-typedef int32_t psa_status_t;
-typedef int32_t psa_handle_t;
-
-typedef struct psa_invec {
- const void *base;
- size_t len;
-} psa_invec;
-
-typedef struct psa_outvec {
- void *base;
- size_t len;
-} psa_outvec;
-
-#endif /* #if PSA_IPC_IMPLEMENTED */
#define INVALID_SID 0x0000FA20
+
+#ifndef CLIENT_TEST_DISPATCHER_SID
+#define CLIENT_TEST_DISPATCHER_SID 0x0
+#endif
+
+#ifndef SERVER_TEST_DISPATCHER_SID
+#define SERVER_TEST_DISPATCHER_SID 0x0
+#endif
#endif /* _VAL_CLIENT_H_ */
diff --git a/api-tests/val/common/val_target.c b/api-tests/val/common/val_target.c
index bd40eb2..e3b2980 100644
--- a/api-tests/val/common/val_target.c
+++ b/api-tests/val/common/val_target.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,8 +18,17 @@
#include "val_target.h"
#include "target_database.h"
+#ifdef USE_RAW_PRINT_FOR_DRIVER_PARTITION
+#define val_print(x, y, z) \
+ do { \
+ if (x >= VERBOSE) \
+ val_print_sf(y,z); \
+ } while(0)
+#else
__UNUSED STATIC_DECLARE val_status_t val_print
(print_verbosity_t verbosity, char *string, uint32_t data);
+#endif
+
/**
@brief - Returns the base address of target configuration block database.
@param - blob : Populates the base address
diff --git a/api-tests/val/common/val_target.h b/api-tests/val/common/val_target.h
index 55d4556..c32f0a5 100644
--- a/api-tests/val/common/val_target.h
+++ b/api-tests/val/common/val_target.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -62,7 +62,10 @@
} soc_peripheral_cfg_id_t;
typedef enum _MEMORY_CONFIG_ID_ {
- MEMORY_NVMEM = 0x2
+ MEMORY_NVMEM = 0x2,
+ MEMORY_NSPE_MMIO = 0x3,
+ MEMORY_CLIENT_PARTITION_MMIO = 0x4,
+ MEMORY_DRIVER_PARTITION_MMIO = 0x5,
} memory_cfg_id_t;
typedef enum _MISCELLANEOUS_CONFIG_ID_ {
@@ -74,12 +77,15 @@
Assign group type to each system component
**/
typedef enum _COMPONENT_GROUPING_{
- UART = GROUP_SOC_PERIPHERAL,
- TIMER = GROUP_SOC_PERIPHERAL,
- WATCHDOG = GROUP_SOC_PERIPHERAL,
- NVMEM = GROUP_MEMORY,
- BOOT = GROUP_MISCELLANEOUS,
- DUT = GROUP_MISCELLANEOUS,
+ UART = GROUP_SOC_PERIPHERAL,
+ TIMER = GROUP_SOC_PERIPHERAL,
+ WATCHDOG = GROUP_SOC_PERIPHERAL,
+ NVMEM = GROUP_MEMORY,
+ NSPE_MMIO = GROUP_MEMORY,
+ CLIENT_PARTITION_MMIO = GROUP_MEMORY,
+ DRIVER_PARTITION_MMIO = GROUP_MEMORY,
+ BOOT = GROUP_MISCELLANEOUS,
+ DUT = GROUP_MISCELLANEOUS,
} comp_group_assign_t;
/**
@@ -169,6 +175,7 @@
uint32_t timeout_in_micro_sec_low;
uint32_t timeout_in_micro_sec_medium;
uint32_t timeout_in_micro_sec_high;
+ uint32_t timeout_in_micro_sec_crypto;
uint32_t num_of_tick_per_micro_sec;
dev_attr_t attribute;
} soc_peripheral_desc_t;
diff --git a/api-tests/val/nspe/pal_interfaces_ns.h b/api-tests/val/nspe/pal_interfaces_ns.h
index 4e3ba03..186a5fc 100644
--- a/api-tests/val/nspe/pal_interfaces_ns.h
+++ b/api-tests/val/nspe/pal_interfaces_ns.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -151,5 +151,37 @@
* valist : variable argument list
* @return - error status
**/
-uint32_t pal_crypto_function(int type, va_list valist);
+int32_t pal_crypto_function(int type, va_list valist);
+
+/**
+ * @brief - This API will call the requested internal trusted storage function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+uint32_t pal_its_function(int type, va_list valist);
+
+/**
+ * @brief - This API will call the requested protected storage function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+uint32_t pal_ps_function(int type, va_list valist);
+
+/**
+ * @brief - This API will call the requested attestation function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+int32_t pal_attestation_function(int type, va_list valist);
+
+/**
+ * @brief - Terminates the simulation at the end of all tests completion.
+ * By default, it put cpus into power down mode.
+ * @param - void
+ * @return - void
+**/
+void pal_terminate_simulation(void);
#endif
diff --git a/api-tests/val/nspe/val_attestation.c b/api-tests/val/nspe/val_attestation.c
new file mode 100644
index 0000000..cd8069a
--- /dev/null
+++ b/api-tests/val/nspe/val_attestation.c
@@ -0,0 +1,40 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_attestation.h"
+
+/**
+ @brief - This API will call the requested attestation function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+
+int32_t val_attestation_function(int type, ...)
+{
+ va_list valist;
+ val_status_t status;
+
+ va_start(valist, type);
+ status = pal_attestation_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/api-tests/val/nspe/val_attestation.h b/api-tests/val/nspe/val_attestation.h
new file mode 100644
index 0000000..172b94e
--- /dev/null
+++ b/api-tests/val/nspe/val_attestation.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_INITIAL_ATTESTATION_H_
+#define _VAL_INITIAL_ATTESTATION_H_
+
+#include "val.h"
+
+#define TOO_SMALL_TOKEN_BUFFER 16
+#define CHALLENGE_SIZE 16
+#define MAX_CHALLENGE_SIZE 64
+
+enum attestation_function_code {
+ VAL_INITIAL_ATTEST_GET_TOKEN = 0x1,
+};
+
+int32_t val_attestation_function(int type, ...);
+#endif /* _VAL_INITIAL_ATTESTATION_H_ */
diff --git a/api-tests/val/nspe/val_crypto.c b/api-tests/val/nspe/val_crypto.c
index 4f6e968..764b44a 100644
--- a/api-tests/val/nspe/val_crypto.c
+++ b/api-tests/val/nspe/val_crypto.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -27,7 +27,7 @@
... : variable number of arguments
@return - Error status
**/
-val_status_t val_crypto_function(int type, ...)
+int32_t val_crypto_function(int type, ...)
{
va_list valist;
val_status_t status;
@@ -37,17 +37,3 @@
va_end(valist);
return status;
}
-
-/**
- @brief - Checks if the key type is of raw bits
- @param - type : type of the key
- @return - True : If key type is raw bits
- False: If key type is not raw bits
-**/
-int32_t val_crypto_key_type_is_raw(psa_key_type_t type)
-{
- psa_key_type_t category = type & PSA_KEY_TYPE_CATEGORY_MASK;
-
- return (category == PSA_KEY_TYPE_RAW_DATA ||
- category == PSA_KEY_TYPE_CATEGORY_SYMMETRIC);
-}
diff --git a/api-tests/val/nspe/val_crypto.h b/api-tests/val/nspe/val_crypto.h
index 366bce7..6cb1b2f 100644
--- a/api-tests/val/nspe/val_crypto.h
+++ b/api-tests/val/nspe/val_crypto.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,15 +19,9 @@
#define _VAL_CRYPTO_H_
#include "val.h"
-#include <stdarg.h>
-
-#if PSA_IPC_IMPLEMENTED
-#include "psa/client.h"
-#else
-typedef int32_t psa_status_t;
-#endif
#define BYTES_TO_BITS(byte) (byte * 8)
+
/* Size */
#define AES_16B_KEY_SIZE 16
#define AES_24B_KEY_SIZE 24
@@ -37,11 +31,14 @@
#define DES_8B_KEY_SIZE 8
#define DES3_2KEY_SIZE 16
#define DES3_3KEY_SIZE 24
+#define SIZE_32B 32
+#define SIZE_50B 50
#define SIZE_128B 128
#define SIZE_256B 256
#define SIZE_512B 512
#define BUFFER_SIZE 1200
#define HASH_64B 64
+#define BUFFER_SIZE_HIGH 5130
/* Key Slot */
#define INVALID_KEY_SLOT 0xDEAD
@@ -49,181 +46,9 @@
#define OCCUPIED_KEY_SLOT 1
#define MAX_KEY_SLOT 32
-/* Key Type */
-#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x50000001)
-#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
-#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x70000000)
-#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x40000000)
-#define PSA_KEY_TYPE_PAIR_FLAG ((psa_key_type_t)0x10000000)
-#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x40000001)
-#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x40000002)
-#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000)
-#define PSA_KEY_TYPE_RSA_KEYPAIR ((psa_key_type_t)0x70010000)
-#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x80000000)
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
-#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000)
-#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
-
-/* Key Lifetime */
-#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
-#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
-#define PSA_KEY_LIFETIME_WRITE_ONCE ((psa_key_lifetime_t)0x7fffffff)
-#define PSA_KEY_LIFETIME_INVALID ((psa_key_lifetime_t)0xffffffff)
-
-/* Algorithm */
-#define PSA_ALG_BLOCK_CIPHER_PAD_NONE ((psa_algorithm_t)0x00000000)
-#define PSA_ALG_BLOCK_CIPHER_BASE ((psa_algorithm_t)0x04000000)
-#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
-#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
-#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
-#define PSA_KEY_USAGE_SIGN ((psa_key_usage_t)0x00000400)
-#define PSA_KEY_USAGE_VERIFY ((psa_key_usage_t)0x00000800)
-#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00001000)
-#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x10020000)
-#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x10060000)
-#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000)
-#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x12020000)
-#define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x02800000)
-#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000)
-#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001)
-#define PSA_ALG_CMAC ((psa_algorithm_t)0x02c00002)
-#define PSA_ALG_GMAC ((psa_algorithm_t)0x02c00003)
-#define PSA_ALG_CFB ((psa_algorithm_t)0x04c00002)
-#define PSA_ALG_CCM ((psa_algorithm_t)0x06001001)
-#define PSA_ALG_GCM ((psa_algorithm_t)0x06001002)
-#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
-#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100)
-#define PSA_KEY_USAGE_INVALID 0xFFFFFFFF
-#define PSA_ALG_INVALID 0xFFFFFFFF
-
-/* Hash Algorithm */
-#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x01000000)
-#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
-#define PSA_ALG_MD2 ((psa_algorithm_t)0x01000001)
-#define PSA_ALG_MD4 ((psa_algorithm_t)0x01000002)
-#define PSA_ALG_MD5 ((psa_algorithm_t)0x01000003)
-#define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x01000004)
-#define PSA_ALG_SHA_1 ((psa_algorithm_t)0x01000005)
-#define PSA_ALG_SHA_224 ((psa_algorithm_t)0x01000008)
-#define PSA_ALG_SHA_256 ((psa_algorithm_t)0x01000009)
-#define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0100000a)
-#define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0100000b)
-#define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0100000c)
-#define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0100000d)
-#define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x01000010)
-#define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x01000011)
-#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x01000012)
-#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013)
-
-/* Error codes */
-#define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1)
-#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2)
-#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3)
-#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4)
-#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5)
-#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6)
-#define PSA_ERROR_BAD_STATE ((psa_status_t)7)
-#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8)
-#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9)
-#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10)
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)
-#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12)
-#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13)
-#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14)
-#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15)
-#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16)
-#define PSA_ERROR_INVALID_PADDING ((psa_status_t)17)
-#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)
-
-/* Encoding of curve identifiers */
-#define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001)
-#define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002)
-#define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003)
-#define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x0004)
-#define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x0005)
-#define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x0006)
-#define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x0007)
-#define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x0008)
-#define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x0009)
-#define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x000a)
-#define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x000b)
-#define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x000c)
-#define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x000d)
-#define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x000e)
-#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x000f)
-#define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x0010)
-#define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x0011)
-#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x0012)
-#define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x0013)
-#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x0014)
-#define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x0015)
-#define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x0016)
-#define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x0017)
-#define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x0018)
-#define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x0019)
-#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
-#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
-#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
-#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
-#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
-#define PSA_ECC_CURVE_FFDHE_2048 ((psa_ecc_curve_t) 0x0100)
-#define PSA_ECC_CURVE_FFDHE_3072 ((psa_ecc_curve_t) 0x0101)
-#define PSA_ECC_CURVE_FFDHE_4096 ((psa_ecc_curve_t) 0x0102)
-#define PSA_ECC_CURVE_FFDHE_6144 ((psa_ecc_curve_t) 0x0103)
-#define PSA_ECC_CURVE_FFDHE_8192 ((psa_ecc_curve_t) 0x0104)
-
-#define PSA_ALG_HMAC_HASH(hmac_alg) \
- (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
-
-/* The size of the output hash */
-#define PSA_HASH_SIZE(alg) \
- ( \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD2 ? 16 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD4 ? 16 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD5 ? 16 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
- PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
- 0)
-
-/** The public key type corresponding to a key pair type. */
-#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) \
- ((type) & ~PSA_KEY_TYPE_PAIR_FLAG)
-
-/** Whether a key type is an RSA key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_RSA(type) \
- (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-
-/** Whether a key type is an elliptic curve key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_ECC(type) \
- ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) & \
- ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
-#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type) \
- (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
- PSA_KEY_TYPE_ECC_KEYPAIR_BASE)
-#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
- (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
- PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
-
-/*Macro to build an HMAC algorithm */
-#define PSA_ALG_HKDF(hash_alg) \
- (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-
-typedef uint16_t psa_ecc_curve_t;
-typedef uint32_t psa_key_usage_t;
-typedef uint32_t psa_algorithm_t;
-typedef uint32_t psa_key_type_t;
-typedef uint32_t psa_key_slot_t;
-typedef uint32_t psa_key_lifetime_t;
+#define PSA_KEY_LIFETIME_INVALID 0xFFFFFFFF
+#define PSA_KEY_USAGE_INVALID 0xFFFFFFFF
+#define PSA_ALG_INVALID 0xFFFFFFFF
enum crypto_function_code {
VAL_CRYPTO_INIT = 0x1,
@@ -241,7 +66,6 @@
VAL_CRYPTO_GET_KEY_POLICY = 0xD,
VAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
VAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- VAL_CRYPTO_SET_KEY_LIFETIME = 0x10,
VAL_CRYPTO_HASH_SETUP = 0x11,
VAL_CRYPTO_HASH_UPDATE = 0x12,
VAL_CRYPTO_HASH_VERIFY = 0x13,
@@ -251,314 +75,31 @@
VAL_CRYPTO_GENERATOR_READ = 0x17,
VAL_CRYPTO_KEY_DERIVATION = 0x18,
VAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- VAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x20,
- VAL_CRYPTO_GENERATOR_ABORT = 0x21,
- VAL_CRYPTO_AEAD_ENCRYPT = 0x22,
- VAL_CRYPTO_MAC_SIGN_SETUP,
+ VAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
+ VAL_CRYPTO_GENERATOR_ABORT = 0x1B,
+ VAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
+ VAL_CRYPTO_AEAD_DECRYPT = 0x1D,
+ VAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
+ VAL_CRYPTO_MAC_UPDATE = 0x1F,
+ VAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
+ VAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
+ VAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
+ VAL_CRYPTO_MAC_ABORT = 0x23,
+ VAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
+ VAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
+ VAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
+ VAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
+ VAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
+ VAL_CRYPTO_CIPHER_SET_IV = 0x2C,
+ VAL_CRYPTO_CIPHER_UPDATE = 0x2D,
+ VAL_CRYPTO_CIPHER_FINISH = 0x2E,
+ VAL_CRYPTO_CIPHER_ABORT = 0x2F,
+ VAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
+ VAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
+ VAL_CRYPTO_KEY_AGREEMENT = 0x32,
+ VAL_CRYPTO_ALLOCATE_KEY = 0x33,
VAL_CRYPTO_FREE = 0xFE,
};
-struct psa_key_policy_s {
- psa_key_usage_t usage;
- psa_algorithm_t alg;
-};
-
-typedef struct {
- unsigned char cksum[16]; /*!< checksum of the data block */
- unsigned char state[48]; /*!< intermediate digest state */
- unsigned char buffer[16]; /*!< data block being processed */
- size_t left; /*!< amount of data in buffer */
-} mbedtls_md2_context;
-
-typedef struct {
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
-} mbedtls_md4_context;
-
-typedef struct {
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
-} mbedtls_md5_context;
-
-typedef struct {
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[5]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
-} mbedtls_ripemd160_context;
-
-typedef struct {
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[5]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
-} mbedtls_sha1_context;
-
-typedef struct {
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
- int is224; /*!< Determines which function to use:
- 0: Use SHA-256, or 1: Use SHA-224. */
-} mbedtls_sha256_context;
-
-typedef struct {
- uint64_t total[2]; /*!< The number of Bytes processed. */
- uint64_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[128]; /*!< The data block being processed. */
- int is384; /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
-} mbedtls_sha512_context;
-
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * \brief Supported {cipher type, cipher mode} pairs.
- *
- * \warning RC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. Arm recommends considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
- MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
- MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
- MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
- MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
- MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
- MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
- MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
- MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
- MBEDTLS_MODE_NONE = 0, /**< None. */
- MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
- MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
- MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
- MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */
- MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
- MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
- MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
- MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
-} mbedtls_cipher_mode_t;
-
-struct psa_hash_operation_s {
- psa_algorithm_t alg;
- union
- {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
- mbedtls_md2_context md2;
- mbedtls_md4_context md4;
- mbedtls_md5_context md5;
- mbedtls_ripemd160_context ripemd160;
- mbedtls_sha1_context sha1;
- mbedtls_sha256_context sha256;
- mbedtls_sha512_context sha512;
- } ctx;
-};
-
-typedef struct {
- /** Full cipher identifier. For example,
- * MBEDTLS_CIPHER_AES_256_CBC.
- */
- mbedtls_cipher_type_t type;
-
- /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
- mbedtls_cipher_mode_t mode;
-
- /** The cipher key length, in bits. This is the
- * default length for variable sized ciphers.
- * Includes parity bits for ciphers like DES.
- */
- unsigned int key_bitlen;
-
- /** Name of the cipher. */
- const char *name;
-
- /** IV or nonce size, in Bytes.
- * For ciphers that accept variable IV sizes,
- * this is the recommended size.
- */
- unsigned int iv_size;
-
- /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
- * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
- * cipher supports variable IV or variable key sizes, respectively.
- */
- int flags;
-
- /** The block size, in Bytes. */
- unsigned int block_size;
-
- /** Struct for base cipher information and functions. */
- const mbedtls_cipher_base_t *base;
-
-} mbedtls_cipher_info_t;
-
-/** Type of operation. */
-typedef enum {
- MBEDTLS_OPERATION_NONE = -1,
- MBEDTLS_DECRYPT = 0,
- MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-/** Maximum length of any IV, in Bytes. */
-#define MBEDTLS_MAX_IV_LENGTH 16
-/** Maximum block size of any cipher, in Bytes. */
-#define MBEDTLS_MAX_BLOCK_LENGTH 16
-
-#if defined(MBEDTLS_SHA512_C)
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
-#define PSA_HASH_MAX_SIZE 32
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
-#endif
-
-/**
- * Generic cipher context.
- */
-typedef struct {
- /** Information about the associated cipher. */
- const mbedtls_cipher_info_t *cipher_info;
-
- /** Key length to use. */
- int key_bitlen;
-
- /** Operation that the key of the context has been
- * initialized for.
- */
- mbedtls_operation_t operation;
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /** Padding functions to use, if relevant for
- * the specific cipher mode.
- */
- void (*add_padding)(unsigned char *output, size_t olen, size_t data_len);
- int (*get_padding)(unsigned char *input, size_t ilen, size_t *data_len);
-#endif
-
- /** Buffer for input that has not been processed yet. */
- unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
-
- /** Number of Bytes that have not been processed yet. */
- size_t unprocessed_len;
-
- /** Current IV or NONCE_COUNTER for CTR-mode. */
- unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
-
- /** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t iv_size;
-
- /** The cipher-specific context. */
- void *cipher_ctx;
-
-#if defined(MBEDTLS_CMAC_C)
- /** CMAC-specific context. */
- mbedtls_cmac_context_t *cmac_ctx;
-#endif
-} mbedtls_cipher_context_t;
-
-typedef struct {
- /** The hash context. */
- struct psa_hash_operation_s hash_ctx;
- /** The HMAC part of the context. */
- uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
-} psa_hmac_internal_data;
-
-struct psa_mac_operation_s {
- psa_algorithm_t alg;
- unsigned int key_set : 1;
- unsigned int iv_required : 1;
- unsigned int iv_set : 1;
- unsigned int has_input : 1;
- unsigned int is_sign : 1;
- uint8_t mac_size;
- union {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_MD_C)
- psa_hmac_internal_data hmac;
-#endif
-#if defined(MBEDTLS_CMAC_C)
- mbedtls_cipher_context_t cmac;
-#endif
- } ctx;
-};
-
-typedef struct {
- uint8_t *info;
- size_t info_length;
- psa_hmac_internal_data hmac;
- uint8_t prk[PSA_HASH_MAX_SIZE];
- uint8_t output_block[PSA_HASH_MAX_SIZE];
-#if PSA_HASH_MAX_SIZE > 0xff
-#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
-#endif
- uint8_t offset_in_block;
- uint8_t block_number;
-} psa_hkdf_generator_t;
-
-struct psa_crypto_generator_s {
- psa_algorithm_t alg;
- size_t capacity;
- union {
- struct {
- uint8_t *data;
- size_t size;
- } buffer;
-#if defined(MBEDTLS_MD_C)
- psa_hkdf_generator_t hkdf;
-#endif
- } ctx;
-};
-
-typedef struct psa_hash_operation_s psa_hash_operation_t;
-typedef struct psa_key_policy_s psa_key_policy_t;
-typedef struct psa_mac_operation_s psa_mac_operation_t;
-typedef struct psa_crypto_generator_s psa_crypto_generator_t;
-
-val_status_t val_crypto_function(int type, ...);
-int32_t val_crypto_key_type_is_raw(psa_key_type_t type);
+int32_t val_crypto_function(int type, ...);
#endif /* _VAL_CRYPTO_H_ */
diff --git a/api-tests/val/nspe/val_dispatcher.c b/api-tests/val/nspe/val_dispatcher.c
index bfa74bb..29c72dc 100644
--- a/api-tests/val/nspe/val_dispatcher.c
+++ b/api-tests/val/nspe/val_dispatcher.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -164,7 +164,7 @@
if (test_header.start_marker == VAL_TEST_END_MARKER)
{
- val_print(PRINT_ERROR, "\n\nNo more valid tests found. Exiting..", 0);
+ val_print(PRINT_DEBUG, "\n\nNo more valid tests found. Exiting..", 0);
*test_id = VAL_INVALID_TEST_ID;
return VAL_STATUS_SUCCESS;
}
@@ -194,14 +194,14 @@
if (test_header.start_marker == VAL_TEST_END_MARKER)
{
- val_print(PRINT_ERROR, "\n\nNo more valid tests found. Exiting.", 0);
+ val_print(PRINT_DEBUG, "\n\nNo more valid tests found. Exiting.", 0);
*test_id = VAL_INVALID_TEST_ID;
return VAL_STATUS_SUCCESS;
}
if (test_header.start_marker != VAL_TEST_START_MARKER)
{
- val_print(PRINT_ERROR, "\n\nNo valid test binary found. Exiting.", 0);
+ val_print(PRINT_ERROR, "\n\nError: No valid test binary found. Exiting.", 0);
*test_id = VAL_INVALID_TEST_ID;
return VAL_STATUS_LOAD_ERROR;
}
@@ -293,11 +293,17 @@
switch (VAL_GET_COMP_NUM(test_id))
{
case VAL_FF_BASE:
- return "\nRunning... IPC Suite";
+ return "IPC Suite";
case VAL_CRYPTO_BASE:
- return "\nRunning... Crypto Suite";
+ return "Crypto Suite";
+ case VAL_PROTECTED_STORAGE_BASE:
+ return "Protected Storage Suite";
+ case VAL_INTERNAL_TRUSTED_STORAGE_BASE:
+ return "Internal Trusted Storage Suite";
+ case VAL_INITIAL_ATTESTATION_BASE:
+ return "Attestation Suite";
default:
- return "No Component";
+ return "Unknown Suite";
}
}
@@ -334,7 +340,7 @@
status = val_get_boot_flag(&boot.state);
if (VAL_ERROR(status))
{
- break;
+ return;
}
/* Did last run test hang and system re-booted due to watchdog timeout and
@@ -348,6 +354,7 @@
if (VAL_ERROR(status))
{
val_print(PRINT_ERROR, "\n\tNVMEM read error", 0);
+ return;
}
}
/* Did last run test hang and system reset due to watchdog timeout but
@@ -363,13 +370,18 @@
if (VAL_ERROR(status))
{
val_print(PRINT_ERROR, "\n\tNVMEM read error", 0);
+ return;
}
}
else
{
status = val_test_load(&test_id, test_id_prev);
- if (test_id == VAL_INVALID_TEST_ID || VAL_ERROR(status))
+ if (VAL_ERROR(status))
+ {
+ return;
+ }
+ else if (test_id == VAL_INVALID_TEST_ID)
{
break;
}
@@ -379,11 +391,12 @@
if (VAL_ERROR(status))
{
val_print(PRINT_ERROR, "\n\tNVMEM write error", 0);
- break;
+ return;
}
if (VAL_GET_COMP_NUM(test_id_prev) != VAL_GET_COMP_NUM(test_id))
{
+ val_print(PRINT_ALWAYS, "\nRunning.. ", 0);
val_print(PRINT_ALWAYS, val_get_comp_name(test_id), 0);
val_print(PRINT_ALWAYS, "\n******************************************\n", 0);
}
@@ -394,7 +407,7 @@
status = val_set_boot_flag(BOOT_NOT_EXPECTED);
if (VAL_ERROR(status))
{
- break;
+ return;
}
}
val_execute_test_fn();
@@ -406,7 +419,7 @@
status = val_set_boot_flag(BOOT_UNKNOWN);
if (VAL_ERROR(status))
{
- break;
+ return;
}
/* Prepare suite summary data structure */
@@ -414,7 +427,7 @@
if (VAL_ERROR(status))
{
val_print(PRINT_ERROR, "\n\tNVMEM read error", 0);
- break;
+ return;
}
switch (test_result)
@@ -437,7 +450,7 @@
if (VAL_ERROR(status))
{
val_print(PRINT_ERROR, "\n\tNVMEM write error", 0);
- break;
+ return;
}
test_id_prev = test_id;
@@ -446,7 +459,7 @@
if (VAL_ERROR(status))
{
val_print(PRINT_ERROR, "\n\tNVMEM write error", 0);
- break;
+ return;
}
} while(1);
@@ -458,14 +471,16 @@
return;
}
- val_print(PRINT_ALWAYS, "\n\n************ REGRESSION SUMMARY **********\n", 0);
+ val_print(PRINT_ALWAYS, "\n************ ", 0);
+ val_print(PRINT_ALWAYS, val_get_comp_name(test_id_prev), 0);
+ val_print(PRINT_ALWAYS, " Report **********\n", 0);
val_print(PRINT_ALWAYS, "TOTAL TESTS : %d\n", test_count.pass_cnt + test_count.fail_cnt
+ test_count.skip_cnt + test_count.sim_error_cnt);
val_print(PRINT_ALWAYS, "TOTAL PASSED : %d\n", test_count.pass_cnt);
val_print(PRINT_ALWAYS, "TOTAL SIM ERROR : %d\n", test_count.sim_error_cnt);
val_print(PRINT_ALWAYS, "TOTAL FAILED : %d\n", test_count.fail_cnt);
val_print(PRINT_ALWAYS, "TOTAL SKIPPED : %d\n", test_count.skip_cnt);
- val_print(PRINT_ALWAYS, "\n******************************************\n", 0);
+ val_print(PRINT_ALWAYS, "******************************************\n", 0);
}
diff --git a/api-tests/val/nspe/val_entry.c b/api-tests/val/nspe/val_entry.c
index 616af07..cff5ded 100644
--- a/api-tests/val/nspe/val_entry.c
+++ b/api-tests/val/nspe/val_entry.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -42,7 +42,8 @@
/* Compliance header print */
if (test_id == VAL_INVALID_TEST_ID)
{
- val_print(PRINT_ALWAYS, "\n***** PSA Compliance Suite - Version %d.", PSA_ACS_MAJOR_VER);
+ val_print(PRINT_ALWAYS, "\n***** PSA Architecture Test Suite - Version %d.",
+ PSA_ACS_MAJOR_VER);
val_print(PRINT_ALWAYS, "%d *****\n", PSA_ACS_MINOR_VER);
}
@@ -50,9 +51,7 @@
val_dispatcher(test_id);
exit:
- val_print(PRINT_ALWAYS, "\n\nEntering standby\n", 0);
- while(1)
- {
- asm volatile("WFI");
- }
+ val_print(PRINT_ALWAYS, "\nEntering standby.. \n", 0);
+
+ pal_terminate_simulation();
}
diff --git a/api-tests/val/nspe/val_entry.h b/api-tests/val/nspe/val_entry.h
index 0293113..4903457 100644
--- a/api-tests/val/nspe/val_entry.h
+++ b/api-tests/val/nspe/val_entry.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,10 +21,10 @@
#include "val_framework.h"
#define PSA_ACS_MAJOR_VER 0
-#define PSA_ACS_MINOR_VER 5
+#define PSA_ACS_MINOR_VER 7
/**
- @brief - PSA C main function, does VAL init and calls test dispatcher
+ @brief - PSA Test Suite C main function, does VAL init and calls test dispatcher
@param - None
@return - void
**/
diff --git a/api-tests/val/nspe/val_framework.c b/api-tests/val/nspe/val_framework.c
index 0248adc..bbd459e 100644
--- a/api-tests/val/nspe/val_framework.c
+++ b/api-tests/val/nspe/val_framework.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -113,7 +113,7 @@
if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_CRYPTO)
{
- val_print(PRINT_TEST,"[Info] Executing tests form non-secure\n", 0);
+ val_print(PRINT_TEST,"[Info] Executing tests from non-secure\n", 0);
while (tests_list[i] != NULL)
{
if (server_hs == TRUE)
@@ -125,7 +125,7 @@
if (VAL_ERROR(status))
{
val_set_status(RESULT_FAIL(status));
- val_print(PRINT_ERROR,"[Check%d] START\n", i);
+ val_print(PRINT_DEBUG,"[Check%d] START\n", i);
return status;
}
else
@@ -144,18 +144,27 @@
}
status = test_status ? test_status:status;
- if (VAL_ERROR(status))
+ if (IS_TEST_SKIP(status))
+ {
+ val_set_status(status);
+ if (server_hs == TRUE)
+ val_print(PRINT_DEBUG, "[Check%d] SKIPPED\n", i);
+ return status;
+ }
+ else if (VAL_ERROR(status))
{
val_set_status(RESULT_FAIL(status));
if (server_hs == TRUE)
- val_print(PRINT_ERROR,"[Check%d] FAILED\n", i);
+ val_print(PRINT_DEBUG, "[Check%d] FAILED\n", i);
+
return status;
}
else
{
if (server_hs == TRUE)
- val_print(PRINT_DEBUG,"[Check%d] PASSED\n", i);
+ val_print(PRINT_DEBUG, "[Check%d] PASSED\n", i);
}
+
i++;
}
}
@@ -165,7 +174,7 @@
status = VAL_STATUS_SUCCESS;
if (boot.state != BOOT_EXPECTED_S)
{
- val_print(PRINT_DEBUG,"[Check1] PASSED\n", 0);
+ val_print(PRINT_DEBUG, "[Check1] PASSED\n", 0);
}
}
return status;
@@ -210,6 +219,11 @@
/* Retrive secure client test status */
status = val_get_secure_test_result(&handle);
+ if (IS_TEST_SKIP(status))
+ {
+ val_set_status(status);
+ return status;
+ }
if (VAL_ERROR(status))
{
goto exit;
@@ -219,7 +233,7 @@
else
{
/* If we are here means, we are in third run of this test */
- val_print(PRINT_DEBUG,"[Check1] PASSED\n", 0);
+ val_print(PRINT_DEBUG, "[Check1] PASSED\n", 0);
return VAL_STATUS_SUCCESS;
}
@@ -245,7 +259,6 @@
psa_status_t status_of_call = PSA_SUCCESS;
*handle = pal_ipc_connect(sid, 0);
-
if (*handle < 0)
{
val_print(PRINT_ERROR, "Could not connect SID. Handle=%x\n", *handle);
@@ -257,13 +270,13 @@
psa_invec data[1] = {{&test_data, sizeof(test_data)}};
status_of_call = pal_ipc_call(*handle, data, 1, NULL, 0);
-
if (status_of_call != PSA_SUCCESS)
{
status = VAL_STATUS_CALL_FAILED;
val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call);
pal_ipc_close(*handle);
}
+
return status;
}
@@ -328,6 +341,7 @@
break;
case TEST_SKIP:
+ state = TEST_SKIP;
val_print(PRINT_ALWAYS, "TEST RESULT: SKIPPED (Skip Code=0x%x)\n", status);
break;
@@ -429,6 +443,7 @@
(uint32_t *)sizeof(miscellaneous_desc_t));
if (VAL_ERROR(status))
{
+ val_print(PRINT_ERROR, "val_target_get_config failed Error=0x%x\n", status);
return;
}
@@ -468,14 +483,19 @@
void val_test_exit(void)
{
- val_wd_timer_disable();
+ val_status_t status;
+ val_wd_timer_disable();
+ status = val_get_status();
/* return if test skipped or failed */
- if (IS_TEST_SKIP(val_get_status()) || IS_TEST_FAIL(val_get_status()))
+ if (IS_TEST_FAIL(status) || IS_TEST_SKIP(status))
{
- return;
+ return;
}
- val_set_status(RESULT_END(VAL_STATUS_SUCCESS));
+ else
+ {
+ val_set_status(RESULT_END(VAL_STATUS_SUCCESS));
+ }
}
/**
diff --git a/api-tests/val/nspe/val_interfaces.c b/api-tests/val/nspe/val_interfaces.c
index 36ad173..719f4b0 100644
--- a/api-tests/val/nspe/val_interfaces.c
+++ b/api-tests/val/nspe/val_interfaces.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,6 +21,9 @@
#include "val_peripherals.h"
#include "val_target.h"
#include "val_crypto.h"
+#include "val_internal_trusted_storage.h"
+#include "val_protected_storage.h"
+#include "val_attestation.h"
/*VAL APIs to be used by test */
const val_api_t val_api = {
@@ -43,10 +46,13 @@
.wd_timer_init = val_wd_timer_init,
.wd_timer_enable = val_wd_timer_enable,
.wd_timer_disable = val_wd_timer_disable,
+ .wd_reprogram_timer = val_wd_reprogram_timer,
.set_boot_flag = val_set_boot_flag,
.get_boot_flag = val_get_boot_flag,
.crypto_function = val_crypto_function,
- .crypto_key_type_is_raw = val_crypto_key_type_is_raw,
+ .its_function = val_its_function,
+ .ps_function = val_ps_function,
+ .attestation_function = val_attestation_function,
};
const psa_api_t psa_api = {
diff --git a/api-tests/val/nspe/val_interfaces.h b/api-tests/val/nspe/val_interfaces.h
index ce9b3a1..b41aab1 100644
--- a/api-tests/val/nspe/val_interfaces.h
+++ b/api-tests/val/nspe/val_interfaces.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -50,10 +50,13 @@
val_status_t (*wd_timer_init) (wd_timeout_type_t timeout_type);
val_status_t (*wd_timer_enable) (void);
val_status_t (*wd_timer_disable) (void);
+ val_status_t (*wd_reprogram_timer) (wd_timeout_type_t timeout_type);
val_status_t (*set_boot_flag) (boot_state_t state);
val_status_t (*get_boot_flag) (boot_state_t *state);
- val_status_t (*crypto_function) (int type, ...);
- int32_t (*crypto_key_type_is_raw) (uint32_t type);
+ int32_t (*crypto_function) (int type, ...);
+ uint32_t (*its_function) (int type, ...);
+ uint32_t (*ps_function) (int type, ...);
+ int32_t (*attestation_function) (int type, ...);
} val_api_t;
typedef struct {
@@ -66,7 +69,7 @@
psa_outvec *out_vec,
size_t out_len
);
- void (*close) (psa_handle_t handle);
+ void (*close) (psa_handle_t handle);
} psa_api_t;
typedef void (*test_fptr_t)(val_api_t *val, psa_api_t *psa);
@@ -77,7 +80,6 @@
} val_test_info_t;
#include "test_entry_fn_declare_list.inc"
-void test_entry(val_api_t *val, psa_api_t *psa);
-void test_payload(val_api_t *val, psa_api_t *psa);
+void test_entry(val_api_t *val, psa_api_t *psa);
#endif
diff --git a/api-tests/val/nspe/val_internal_trusted_storage.c b/api-tests/val/nspe/val_internal_trusted_storage.c
new file mode 100644
index 0000000..e79e9c0
--- /dev/null
+++ b/api-tests/val/nspe/val_internal_trusted_storage.c
@@ -0,0 +1,39 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_internal_trusted_storage.h"
+
+/**
+ @brief - This API will call the requested internal trusted storage function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+uint32_t val_its_function(int type, ...)
+{
+ va_list valist;
+ uint32_t status;
+
+ va_start(valist, type);
+ status = pal_its_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/api-tests/val/nspe/val_internal_trusted_storage.h b/api-tests/val/nspe/val_internal_trusted_storage.h
new file mode 100644
index 0000000..e74a701
--- /dev/null
+++ b/api-tests/val/nspe/val_internal_trusted_storage.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_INTERNAL_TRUSTED_STORAGE_H_
+#define _VAL_INTERNAL_TRUSTED_STORAGE_H_
+
+#include "val.h"
+
+#define UID_BASE_VALUE 0
+#define UID_MAX_VALUE 15
+#define BYTES_TO_BITS(byte) (byte * 8)
+
+enum its_function_code {
+ VAL_ITS_SET = 0x1,
+ VAL_ITS_GET = 0x2,
+ VAL_ITS_GET_INFO = 0x3,
+ VAL_ITS_REMOVE = 0x4,
+};
+
+uint32_t val_its_function(int type, ...);
+#endif /* _VAL_INTERNAL_TRUSTED_STORAGE_H_ */
diff --git a/api-tests/val/nspe/val_peripherals.c b/api-tests/val/nspe/val_peripherals.c
index 1ac33c6..9f153e0 100644
--- a/api-tests/val/nspe/val_peripherals.c
+++ b/api-tests/val/nspe/val_peripherals.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -100,7 +100,11 @@
return status;
}
- if (timeout_type == WD_LOW_TIMEOUT)
+ if (timeout_type == WD_CRYPTO_TIMEOUT)
+ {
+ time_us = soc_per_desc->timeout_in_micro_sec_crypto;
+ }
+ else if (timeout_type == WD_LOW_TIMEOUT)
{
time_us = soc_per_desc->timeout_in_micro_sec_low;
}
@@ -162,6 +166,31 @@
return pal_wd_timer_disable_ns(soc_per_desc->base);
}
+val_status_t val_wd_reprogram_timer(wd_timeout_type_t timeout_type)
+{
+ val_status_t status = VAL_STATUS_SUCCESS;
+
+ /* Disable watchdog Timer */
+ val_wd_timer_disable();
+
+ /* Initialise watchdog */
+ status = val_wd_timer_init(timeout_type);
+ if (VAL_ERROR(status))
+ {
+ return status;
+ }
+
+ /* Enable watchdog Timer */
+ status = val_wd_timer_enable();
+ if (VAL_ERROR(status))
+ {
+ return status;
+ }
+
+ return status;
+}
+
+
/*
@brief - Reads 'size' bytes from Non-volatile memory at a given. This is client interface
API of secure partition val_nvmem_read_sf API for nspe world.
diff --git a/api-tests/val/nspe/val_peripherals.h b/api-tests/val/nspe/val_peripherals.h
index 86147c1..dfea143 100644
--- a/api-tests/val/nspe/val_peripherals.h
+++ b/api-tests/val/nspe/val_peripherals.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,4 +28,5 @@
val_status_t val_wd_timer_init(wd_timeout_type_t timeout_type);
val_status_t val_wd_timer_enable(void);
val_status_t val_wd_timer_disable(void);
+val_status_t val_wd_reprogram_timer(wd_timeout_type_t timeout_type);
#endif
diff --git a/api-tests/val/nspe/val_protected_storage.c b/api-tests/val/nspe/val_protected_storage.c
new file mode 100644
index 0000000..06c1f50
--- /dev/null
+++ b/api-tests/val/nspe/val_protected_storage.c
@@ -0,0 +1,39 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_protected_storage.h"
+
+/**
+ @brief - This API will call the requested protected storage function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+uint32_t val_ps_function(int type, ...)
+{
+ va_list valist;
+ uint32_t status;
+
+ va_start(valist, type);
+ status = pal_ps_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/api-tests/val/nspe/val_protected_storage.h b/api-tests/val/nspe/val_protected_storage.h
new file mode 100644
index 0000000..5d2df21
--- /dev/null
+++ b/api-tests/val/nspe/val_protected_storage.h
@@ -0,0 +1,37 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_PROTECTED_STORAGE_H_
+#define _VAL_PROTECTED_STORAGE_H_
+
+#include "val.h"
+
+#define UID_BASE_VALUE 0
+#define UID_MAX_VALUE 15
+#define BYTES_TO_BITS(byte) (byte * 8)
+
+enum ps_function_code {
+ VAL_PS_SET = 0x1,
+ VAL_PS_GET = 0x2,
+ VAL_PS_GET_INFO = 0x3,
+ VAL_PS_REMOVE = 0x4,
+ VAL_PS_CREATE = 0x5,
+ VAL_PS_SET_EXTENDED = 0x6,
+};
+
+uint32_t val_ps_function(int type, ...);
+#endif /* _VAL_PROTECTED_STORAGE_H_ */
diff --git a/api-tests/val/spe/val_driver_service_apis.c b/api-tests/val/spe/val_driver_service_apis.c
index b29de14..46a3162 100644
--- a/api-tests/val/spe/val_driver_service_apis.c
+++ b/api-tests/val/spe/val_driver_service_apis.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,8 +17,10 @@
#include "val_driver_service_apis.h"
+#include "val/common/val_target.c"
print_verbosity_t g_print_level = PRINT_INFO;
+static int is_uart_init_done = 0;
/* UART APIs */
/*
@@ -30,6 +32,7 @@
val_status_t val_uart_init_sf(addr_t uart_base_addr)
{
pal_uart_init(uart_base_addr);
+ is_uart_init_done = 1;
return VAL_STATUS_SUCCESS;
}
/*
@@ -41,7 +44,11 @@
*/
val_status_t val_print_sf(char *string, uint32_t data)
{
- pal_print(string, data);
+ if (is_uart_init_done == 1)
+ {
+ /* Do not print until uart_init is complete */
+ pal_print(string, data);
+ }
return VAL_STATUS_SUCCESS;
}
@@ -133,3 +140,62 @@
return VAL_STATUS_ERROR;
}
}
+
+/**
+ @brief - This function sets the given boot.state value to corresponding
+ boot NVMEM location
+ @param - state: boot_state_t
+ @return - val_status_t
+**/
+val_status_t val_driver_private_set_boot_flag_fn(boot_state_t state)
+{
+ boot_t boot;
+ val_status_t status;
+ memory_desc_t *memory_desc;
+
+ status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, MEMORY_NVMEM, 0),
+ (uint8_t **)&memory_desc,
+ (uint32_t *)sizeof(memory_desc_t));
+
+ if (VAL_ERROR(status))
+ {
+ return status;
+ }
+
+ boot.state = state;
+ status = val_nvmem_write_sf(memory_desc->start,
+ VAL_NVMEM_OFFSET(NV_BOOT),
+ &boot,
+ sizeof(boot_t));
+ if (VAL_ERROR(status))
+ {
+ val_print_sf("val_nvmem_write_sf failed Error=0x%x\n", status);
+ return status;
+ }
+ return status;
+}
+
+/**
+ @brief - This function initialises the driver reserved mmio region
+ @param - void
+ @return - val_status_t
+**/
+val_status_t val_init_driver_memory(void)
+{
+ val_status_t status;
+ memory_desc_t *memory_desc;
+
+ status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY,
+ MEMORY_DRIVER_PARTITION_MMIO, 0),
+ (uint8_t **)&memory_desc,
+ (uint32_t *)sizeof(memory_desc_t));
+ if (VAL_ERROR(status))
+ {
+ return status;
+ }
+
+ /* Init driver mmio space to 0 to avoid uninit access */
+ memset((uint32_t *)memory_desc->start, 0, (memory_desc->end - memory_desc->start + 1));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/val/spe/val_driver_service_apis.h b/api-tests/val/spe/val_driver_service_apis.h
index a045d57..9614e35 100644
--- a/api-tests/val/spe/val_driver_service_apis.h
+++ b/api-tests/val/spe/val_driver_service_apis.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,8 +18,8 @@
#ifndef _VAL_DRIVER_PARTITION_APIS_H_
#define _VAL_DRIVER_PARTITION_APIS_H_
-#include "val/common/val.h"
-#include "val/common/val_client_defs.h"
+#include "val.h"
+#include "val_client_defs.h"
#include "val_service_defs.h"
#include "pal_interfaces_s.h"
@@ -30,6 +30,8 @@
*/
#include "psa_manifest/driver_partition_psa.h"
+#define USE_RAW_PRINT_FOR_DRIVER_PARTITION 1
+
val_status_t val_uart_init_sf(addr_t uart_base_addr);
val_status_t val_print_sf(char *string, uint32_t data);
val_status_t val_wd_timer_init_sf(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us);
@@ -38,4 +40,6 @@
val_status_t val_is_wd_timer_enabled_sf(addr_t base_addr);
val_status_t val_nvmem_read_sf(addr_t base, uint32_t offset, void *buffer, int size);
val_status_t val_nvmem_write_sf(addr_t base, uint32_t offset, void *buffer, int size);
+val_status_t val_driver_private_set_boot_flag_fn(boot_state_t state);
+val_status_t val_init_driver_memory(void);
#endif
diff --git a/api-tests/val/spe/val_partition_common.h b/api-tests/val/spe/val_partition_common.h
index 7648116..df36402 100644
--- a/api-tests/val/spe/val_partition_common.h
+++ b/api-tests/val/spe/val_partition_common.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,8 +26,8 @@
#ifndef _VAL_COMMON_SP_APIS_H_
#define _VAL_COMMON_SP_APIS_H_
-#include "val/common/val.h"
-#include "val/common/val_target.c"
+#include "val.h"
+#include "val_target.c"
#include "val_service_defs.h"
/* "psa_manifest/<manifestfilename>.h" Manifest definitions. Only accessible to Secure Partition.
@@ -206,7 +206,7 @@
if ((msg->type != PSA_IPC_CONNECT) || (msg->handle <= 0))
{
- val_print(PRINT_ERROR, "\npsa_get failed for PSA_IPC_CONNECT", 0);
+ val_print(PRINT_ERROR, "\tpsa_get failed for PSA_IPC_CONNECT\n", 0);
res = VAL_STATUS_ERROR;
}
else
@@ -216,7 +216,7 @@
}
else
{
- val_print(PRINT_ERROR, "\npsa_wait returned with invalid signal value = 0x%x", signals);
+ val_print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals);
res = VAL_STATUS_ERROR;
}
return res;
@@ -244,7 +244,7 @@
if ((msg->type != PSA_IPC_CALL) || (msg->handle <= 0))
{
- val_print(PRINT_ERROR, "\npsa_get failed for PSA_IPC_CALL", 0);
+ val_print(PRINT_ERROR, "\tpsa_get failed for PSA_IPC_CALL\n", 0);
res = VAL_STATUS_ERROR;
}
else
@@ -254,7 +254,7 @@
}
else
{
- val_print(PRINT_ERROR, "\npsa_wait returned with invalid signal value = 0x%x", signals);
+ val_print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals);
res = VAL_STATUS_ERROR;
}
return res;
@@ -282,7 +282,7 @@
if ((msg->type != PSA_IPC_DISCONNECT) || (msg->handle <= 0))
{
- val_print(PRINT_ERROR, "\npsa_get failed for PSA_IPC_DISCONNECT", 0);
+ val_print(PRINT_ERROR, "\tpsa_get failed for PSA_IPC_DISCONNECT\n", 0);
res = VAL_STATUS_ERROR;
}
else
@@ -292,7 +292,7 @@
}
else
{
- val_print(PRINT_ERROR, "\npsa_wait returned with invalid signal value = 0x%x", signals);
+ val_print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals);
res = VAL_STATUS_ERROR;
}
return res;
@@ -314,7 +314,7 @@
test_info_t test_info;
test_info.test_num = test_num;
- val_print(PRINT_TEST, "[Info] Executing tests form secure\n", 0);
+ val_print(PRINT_TEST, "[Info] Executing tests from secure\n", 0);
while (tests_list[i] != NULL)
{
@@ -339,9 +339,14 @@
status = val_get_secure_test_result(&handle);
status = test_status ? test_status:status;
+ if (IS_TEST_SKIP(status))
+ {
+ val_print(PRINT_DEBUG, "[Check%d] SKIPPED\n", i);
+ return status;
+ }
if (VAL_ERROR(status))
{
- val_print(PRINT_ERROR,"[Check%d] FAILED\n", i);
+ val_print(PRINT_DEBUG,"[Check%d] FAILED\n", i);
return status;
}
else