diff --git a/api-specs/include/psa/crypto.h b/api-specs/include/psa/crypto.h index 4c5c3495..c8a1c18f 100644 --- a/api-specs/include/psa/crypto.h +++ b/api-specs/include/psa/crypto.h @@ -193,7 +193,7 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy); * the policy has been saved to persistent storage. Implementations * may defer saving the policy until the key material is created. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -285,7 +285,7 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle); * Success. The application can now use the value of `*handle` * to access the newly allocated key slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -322,7 +322,7 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime, * to access the newly allocated key slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key with the identifier \p id in the storage * area designated by \p lifetime. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -348,9 +348,6 @@ psa_status_t psa_create_key(psa_key_lifetime_t lifetime, * with the key in volatile memory. The key slot in persistent storage is * not affected and can be opened again later with psa_open_key(). * - * If the key is currently in use in a multipart operation, - * the multipart operation is aborted. - * * \param handle The key handle to close. * * \retval #PSA_SUCCESS @@ -404,7 +401,7 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * \retval #PSA_ERROR_INVALID_ARGUMENT * The key slot is invalid, * or the key data is not correctly formatted. - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -433,9 +430,6 @@ psa_status_t psa_import_key(psa_key_handle_t handle, * This function also erases any metadata such as policies and frees all * resources associated with the key. * - * If the key is currently in use in a multipart operation, - * the multipart operation is aborted. - * * \param handle Handle to the key slot to erase. * * \retval #PSA_SUCCESS @@ -476,7 +470,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * The handle is to a key slot which does not contain key material yet. * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -490,106 +484,6 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle, psa_key_type_t *type, size_t *bits); -/** - * \brief Set domain parameters for a key. - * - * Some key types require additional domain parameters to be set before import - * or generation of the key. The domain parameters can be set with this - * function or, for key generation, through the \c extra parameter of - * psa_generate_key(). - * - * The format for the required domain parameters varies by the key type. - * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY), - * the `Dss-Parms` format as defined by RFC 3279 §2.3.2. - * ``` - * Dss-Parms ::= SEQUENCE { - * p INTEGER, - * q INTEGER, - * g INTEGER - * } - * ``` - * - For Diffie-Hellman key exchange keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY), the - * `DomainParameters` format as defined by RFC 3279 §2.3.3. - * ``` - * DomainParameters ::= SEQUENCE { - * p INTEGER, -- odd prime, p=jq +1 - * g INTEGER, -- generator, g - * q INTEGER, -- factor of p-1 - * j INTEGER OPTIONAL, -- subgroup factor - * validationParms ValidationParms OPTIONAL - * } - * ValidationParms ::= SEQUENCE { - * seed BIT STRING, - * pgenCounter INTEGER - * } - * ``` - * - * \param handle Handle to the slot where the key will be stored. - * This must be a valid slot for a key of the chosen - * type: it must have been obtained by calling - * psa_allocate_key() or psa_create_key() with the - * correct \p type and with a maximum size that is - * compatible with \p data. It must not contain - * key material yet. - * \param type Key type (a \c PSA_KEY_TYPE_XXX value). When - * subsequently creating key material into \p handle, - * the type must be compatible. - * \param[in] data Buffer containing the key domain parameters. The content - * of this buffer is interpreted according to \p type. of - * psa_export_key() or psa_export_public_key() for the - * chosen type. - * \param data_length Size of the \p data buffer in bytes. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT - * There is already a key in the specified slot. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_set_key_domain_parameters(psa_key_handle_t handle, - psa_key_type_t type, - const uint8_t *data, - size_t data_length); - -/** - * \brief Get domain parameters for a key. - * - * Get the domain parameters for a key with this function, if any. The format - * of the domain parameters written to \p data is specified in the - * documentation for psa_set_key_domain_parameters(). - * - * \param handle Handle to the key to get domain parameters from. - * \param[out] data On success, the key domain parameters. - * \param data_size Size of the \p data buffer in bytes. - * \param[out] data_length On success, the number of bytes - * that make up the key domain parameters data. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * There is no key in the specified slot. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, - uint8_t *data, - size_t data_size, - size_t *data_length); - /** * \brief Export a key in binary format. * @@ -625,10 +519,19 @@ psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, * coefficient INTEGER, -- (inverse of q) mod p * } * ``` - * - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format is the - * representation of the private key `x` as a big-endian byte string. The - * length of the byte string is the private key size in bytes (leading zeroes - * are not stripped). + * - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format + * is the non-encrypted DER encoding of the representation used by + * OpenSSL and OpenSSH, whose structure is described in ASN.1 as follows: + * ``` + * DSAPrivateKey ::= SEQUENCE { + * version INTEGER, -- must be 0 + * prime INTEGER, -- p + * subprime INTEGER, -- q + * generator INTEGER, -- g + * public INTEGER, -- y + * private INTEGER, -- x + * } + * ``` * - For elliptic curve key pairs (key types for which * #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is * a representation of the private value as a `ceiling(m/8)`-byte string @@ -640,10 +543,6 @@ psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, * and `PSA_ECC_CURVE_BRAINPOOL_PXXX`). * This is the content of the `privateKey` field of the `ECPrivateKey` * format defined by RFC 5915. - * - For Diffie-Hellman key exchange key pairs (#PSA_KEY_TYPE_DH_KEYPAIR), the - * format is the representation of the private key `x` as a big-endian byte - * string. The length of the byte string is the private key size in bytes - * (leading zeroes are not stripped). * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is * true), the format is the same as for psa_export_public_key(). * @@ -655,7 +554,7 @@ psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -700,20 +599,39 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * ``` * - For elliptic curve public keys (key types for which * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed - * representation defined by SEC1 §2.3.3 as the content of an ECPoint. + * representation defined by SEC1 §2.3.3 as the content of an ECPoint: * Let `m` be the bit size associated with the curve, i.e. the bit size of * `q` for a curve over `F_q`. The representation consists of: * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY), the format is the - * representation of the public key `y = g^x mod p` as a big-endian byte - * string. The length of the byte string is the length of the base prime `p` - * in bytes. - * - For Diffie-Hellman key exchange public keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY), - * the format is the representation of the public key `y = g^x mod p` as a - * big-endian byte string. The length of the byte string is the length of the - * base prime `p` in bytes. + * + * For other public key types, the format is the DER representation defined by + * RFC 5280 as `SubjectPublicKeyInfo`, with the `subjectPublicKey` format + * specified below. + * ``` + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + * AlgorithmIdentifier ::= SEQUENCE { + * algorithm OBJECT IDENTIFIER, + * parameters ANY DEFINED BY algorithm OPTIONAL } + * ``` + * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY), + * the `subjectPublicKey` format is defined by RFC 3279 §2.3.2 as + * `DSAPublicKey`, + * with the OID `id-dsa`, + * and with the parameters `DSS-Parms`. + * ``` + * id-dsa OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 } + * + * Dss-Parms ::= SEQUENCE { + * p INTEGER, + * q INTEGER, + * g INTEGER } + * DSAPublicKey ::= INTEGER -- public key, Y + * ``` * * \param handle Handle to the key to export. * \param[out] data Buffer where the key data is to be written. @@ -723,7 +641,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is neither a public key nor a key pair. * \retval #PSA_ERROR_NOT_SUPPORTED @@ -750,11 +668,12 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, * * Copy key material from one location to another. * - * This function is primarily useful to copy a key from one lifetime - * to another. The target key retains its lifetime and location. + * This function is primarily useful to copy a key from one location + * to another, since it populates a key using the material from + * another key which may have a different lifetime. * * In an implementation where slots have different ownerships, - * this functin may be used to share a key with a different party, + * this function may be used to share a key with a different party, * subject to implementation-defined restrictions on key sharing. * In this case \p constraint would typically prevent the recipient * from exporting the key. @@ -791,9 +710,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * \p target already contains key material. - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \p source does not contain key material. * \retval #PSA_ERROR_INVALID_ARGUMENT * The policy constraints on the source, on the target and @@ -817,66 +736,6 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * @{ */ -/** Calculate the hash (digest) of a message. - * - * \note To verify the hash of a message against an - * expected value, use psa_hash_compare() instead. - * - * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value - * such that #PSA_ALG_IS_HASH(\p alg) is true). - * \param[in] input Buffer containing the message to hash. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] hash Buffer where the hash is to be written. - * \param hash_size Size of the \p hash buffer in bytes. - * \param[out] hash_length On success, the number of bytes - * that make up the hash value. This is always - * #PSA_HASH_SIZE(\c alg) where \c alg is the - * hash algorithm that is calculated. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a hash algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_hash_compute(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -/** Calculate the hash (digest) of a message and compare it with a - * reference value. - * - * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value - * such that #PSA_ALG_IS_HASH(\p alg) is true). - * \param[in] input Buffer containing the message to hash. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] hash Buffer containing the expected hash value. - * \param hash_length Size of the \p hash buffer in bytes. - * - * \retval #PSA_SUCCESS - * The expected hash is identical to the actual hash of the input. - * \retval #PSA_ERROR_INVALID_SIGNATURE - * The hash of the message was calculated successfully, but it - * differs from the expected hash. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a hash algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_hash_compare(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *hash, - const size_t hash_length); - /** The type of the state data structure for multipart hash operations. * * Before calling any function on a hash operation object, the application must @@ -957,6 +816,9 @@ static psa_hash_operation_t psa_hash_operation_init(void); * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a hash algorithm. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (already set up and not + * subsequently completed). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -1127,88 +989,6 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * @{ */ -/** Calculate the MAC (message authentication code) of a message. - * - * \note To verify the MAC of a message against an - * expected value, use psa_mac_verify() instead. - * Beware that comparing integrity or authenticity data such as - * MAC values with a function such as \c memcmp is risky - * because the time taken by the comparison may leak information - * about the MAC value which could allow an attacker to guess - * a valid MAC and thereby bypass security controls. - * - * \param handle Handle to the key to use for the operation. - * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value - * such that #PSA_ALG_IS_MAC(alg) is true). - * \param[in] input Buffer containing the input message. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] mac Buffer where the MAC value is to be written. - * \param mac_size Size of the \p mac buffer in bytes. - * \param[out] mac_length On success, the number of bytes - * that make up the mac value. This is always - * #PSA_HASH_SIZE(\c alg) where \c alg is the - * hash algorithm that is calculated. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a MAC algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_mac_compute(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -/** Calculate the MAC of a message and compare it with a reference value. - * - * \param handle Handle to the key to use for the operation. - * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value - * such that #PSA_ALG_IS_MAC(alg) is true). - * \param[in] input Buffer containing the input message. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] mac Buffer containing the expected MAC value. - * \param mac_length Size of the \p mac buffer in bytes. - * - * \retval #PSA_SUCCESS - * The expected MAC is identical to the actual MAC of the input. - * \retval #PSA_ERROR_INVALID_SIGNATURE - * The MAC of the message was calculated successfully, but it - * differs from the expected value. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a MAC algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_mac_verify(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *mac, - const size_t mac_length); - /** The type of the state data structure for multipart MAC operations. * * Before calling any function on a MAC operation object, the application must @@ -1268,6 +1048,8 @@ static psa_mac_operation_t psa_mac_operation_init(void); * -# Initialize the operation object with one of the methods described in the * documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT. * -# Call psa_mac_sign_setup() to specify the algorithm and key. + * The key remains associated with the operation even if the content + * of the key slot changes. * -# Call psa_mac_update() zero, one or more times, passing a fragment * of the message each time. The MAC that is calculated is the MAC * of the concatenation of these messages in order. @@ -1286,15 +1068,13 @@ static psa_mac_operation_t psa_mac_operation_init(void); * been initialized as per the documentation for * #psa_mac_operation_t and not yet in use. * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1305,6 +1085,9 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (already set up and not + * subsequently completed). + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1324,6 +1107,8 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * -# Initialize the operation object with one of the methods described in the * documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT. * -# Call psa_mac_verify_setup() to specify the algorithm and key. + * The key remains associated with the operation even if the content + * of the key slot changes. * -# Call psa_mac_update() zero, one or more times, passing a fragment * of the message each time. The MAC that is calculated is the MAC * of the concatenation of these messages in order. @@ -1343,15 +1128,13 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * been initialized as per the documentation for * #psa_mac_operation_t and not yet in use. * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg. @@ -1362,6 +1145,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (already set up and not + * subsequently completed). + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1509,91 +1295,6 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * @{ */ -/** Encrypt a message using a symmetric cipher. - * - * This function encrypts a message with a random IV (initialization - * vector). - * - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. - * \param alg The cipher algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_CIPHER(\p alg) is true). - * \param[in] input Buffer containing the message to encrypt. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] output Buffer where the output is to be written. - * The output contains the IV followed by - * the ciphertext proper. - * \param output_size Size of the \p output buffer in bytes. - * \param[out] output_length On success, the number of bytes - * that make up the output. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a cipher algorithm. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); - -/** Decrypt a message using a symmetric cipher. - * - * This function decrypts a message encrypted with a symmetric cipher. - * - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. - * \param alg The cipher algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_CIPHER(\p alg) is true). - * \param[in] input Buffer containing the message to decrypt. - * This consists of the IV followed by the - * ciphertext proper. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] output Buffer where the plaintext is to be written. - * \param output_size Size of the \p output buffer in bytes. - * \param[out] output_length On success, the number of bytes - * that make up the output. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a cipher algorithm. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); - /** The type of the state data structure for multipart cipher operations. * * Before calling any function on a cipher operation object, the application @@ -1650,6 +1351,8 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * documentation for #psa_cipher_operation_t, e.g. * PSA_CIPHER_OPERATION_INIT. * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key. + * The key remains associated with the operation even if the content + * of the key slot changes. * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to * generate or set the IV (initialization vector). You should use * psa_cipher_generate_iv() unless the protocol you are implementing @@ -1664,15 +1367,14 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * After a successful call to psa_cipher_encrypt_setup(), the application must * eventually terminate the operation. The following events terminate an * operation: - * - A failed call to any of the \c psa_cipher_xxx functions. + * - A failed call to psa_cipher_generate_iv(), psa_cipher_set_iv() + * or psa_cipher_update(). * - A call to psa_cipher_finish() or psa_cipher_abort(). * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_cipher_operation_t and not yet in use. * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1680,7 +1382,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1691,6 +1393,9 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (already set up and not + * subsequently completed). + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1709,7 +1414,9 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * documentation for #psa_cipher_operation_t, e.g. * PSA_CIPHER_OPERATION_INIT. * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key. - * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the + * The key remains associated with the operation even if the content + * of the key slot changes. + * -# Call psa_cipher_update() with the IV (initialization vector) for the * decryption. If the IV is prepended to the ciphertext, you can call * psa_cipher_update() on a buffer containing the IV followed by the * beginning of the message. @@ -1723,15 +1430,13 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * After a successful call to psa_cipher_decrypt_setup(), the application must * eventually terminate the operation. The following events terminate an * operation: - * - A failed call to any of the \c psa_cipher_xxx functions. + * - A failed call to psa_cipher_update(). * - A call to psa_cipher_finish() or psa_cipher_abort(). * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_cipher_operation_t and not yet in use. * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1739,7 +1444,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -1750,6 +1455,9 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (already set up and not + * subsequently completed). + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. @@ -1793,7 +1501,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, /** Set the IV for a symmetric encryption or decryption operation. * - * This function sets the IV (initialization vector), nonce + * This function sets the random IV (initialization vector), nonce * or initial counter value for the encryption or decryption operation. * * The application must call psa_cipher_encrypt_setup() before @@ -1967,7 +1675,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -2023,7 +1731,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_INVALID_SIGNATURE * The ciphertext is not authentic. * \retval #PSA_ERROR_NOT_PERMITTED @@ -2052,529 +1760,20 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle, size_t plaintext_size, size_t *plaintext_length); -/** The type of the state data structure for multipart AEAD operations. - * - * Before calling any function on an AEAD operation object, the application - * must initialize it by any of the following means: - * - Set the structure to all-bits-zero, for example: - * \code - * psa_aead_operation_t operation; - * memset(&operation, 0, sizeof(operation)); - * \endcode - * - Initialize the structure to logical zero values, for example: - * \code - * psa_aead_operation_t operation = {0}; - * \endcode - * - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT, - * for example: - * \code - * psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; - * \endcode - * - Assign the result of the function psa_aead_operation_init() - * to the structure, for example: - * \code - * psa_aead_operation_t operation; - * operation = psa_aead_operation_init(); - * \endcode - * - * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ -typedef struct psa_aead_operation_s psa_aead_operation_t; - -/** \def PSA_AEAD_OPERATION_INIT - * - * This macro returns a suitable initializer for an AEAD operation object of - * type #psa_aead_operation_t. - */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_AEAD_OPERATION_INIT {0} -#endif +/**@}*/ -/** Return an initial value for an AEAD operation object. +/** \defgroup asymmetric Asymmetric cryptography + * @{ */ -static psa_aead_operation_t psa_aead_operation_init(void); -/** Set the key for a multipart authenticated encryption operation. - * - * The sequence of operations to encrypt a message with authentication - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Initialize the operation object with one of the methods described in the - * documentation for #psa_aead_operation_t, e.g. - * PSA_AEAD_OPERATION_INIT. - * -# Call psa_aead_encrypt_setup() to specify the algorithm and key. - * -# If needed, call psa_aead_set_lengths() to specify the length of the - * inputs to the subsequent calls to psa_aead_update_ad() and - * psa_aead_update(). See the documentation of psa_aead_set_lengths() - * for details. - * -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to - * generate or set the nonce. You should use - * psa_aead_generate_nonce() unless the protocol you are implementing - * requires a specific nonce value. - * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment - * of the non-encrypted additional authenticated data each time. - * -# Call psa_aead_update() zero, one or more times, passing a fragment - * of the message to encrypt each time. - * -# Call psa_aead_finish(). - * - * The application may call psa_aead_abort() at any time after the operation - * has been initialized. +/** + * \brief Sign a hash or short message with a private key. * - * After a successful call to psa_aead_encrypt_setup(), the application must - * eventually terminate the operation. The following events terminate an - * operation: - * - A failed call to any of the \c psa_aead_xxx functions. - * - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort(). - * - * \param[in,out] operation The operation object to set up. It must have - * been initialized as per the documentation for - * #psa_aead_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. - * \param alg The AEAD algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(\p alg) is true). - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not an AEAD algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg); - -/** Set the key for a multipart authenticated decryption operation. - * - * The sequence of operations to decrypt a message with authentication - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Initialize the operation object with one of the methods described in the - * documentation for #psa_aead_operation_t, e.g. - * PSA_AEAD_OPERATION_INIT. - * -# Call psa_aead_decrypt_setup() to specify the algorithm and key. - * -# If needed, call psa_aead_set_lengths() to specify the length of the - * inputs to the subsequent calls to psa_aead_update_ad() and - * psa_aead_update(). See the documentation of psa_aead_set_lengths() - * for details. - * -# Call psa_aead_set_nonce() with the nonce for the decryption. - * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment - * of the non-encrypted additional authenticated data each time. - * -# Call psa_aead_update() zero, one or more times, passing a fragment - * of the ciphertext to decrypt each time. - * -# Call psa_aead_verify(). - * - * The application may call psa_aead_abort() at any time after the operation - * has been initialized. - * - * After a successful call to psa_aead_decrypt_setup(), the application must - * eventually terminate the operation. The following events terminate an - * operation: - * - A failed call to any of the \c psa_aead_xxx functions. - * - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort(). - * - * \param[in,out] operation The operation object to set up. It must have - * been initialized as per the documentation for - * #psa_aead_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. - * \param alg The AEAD algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(\p alg) is true). - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not an AEAD algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg); - -/** Generate a random nonce for an authenticated encryption operation. - * - * This function generates a random nonce for the authenticated encryption - * operation with an appropriate size for the chosen algorithm, key type - * and key size. - * - * The application must call psa_aead_encrypt_setup() before - * calling this function. - * - * If this function returns an error status, the operation becomes inactive. - * - * \param[in,out] operation Active AEAD operation. - * \param[out] nonce Buffer where the generated nonce is to be - * written. - * \param nonce_size Size of the \p nonce buffer in bytes. - * \param[out] nonce_length On success, the number of bytes of the - * generated nonce. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, or nonce already set). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p nonce buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, - unsigned char *nonce, - size_t nonce_size, - size_t *nonce_length); - -/** Set the nonce for an authenticated encryption or decryption operation. - * - * This function sets the nonce for the authenticated - * encryption or decryption operation. - * - * The application must call psa_aead_encrypt_setup() before - * calling this function. - * - * If this function returns an error status, the operation becomes inactive. - * - * \note When encrypting, applications should use psa_aead_generate_nonce() - * instead of this function, unless implementing a protocol that requires - * a non-random IV. - * - * \param[in,out] operation Active AEAD operation. - * \param[in] nonce Buffer containing the nonce to use. - * \param nonce_length Size of the nonce in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, or nonce already set). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The size of \p nonce is not acceptable for the chosen algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, - const unsigned char *nonce, - size_t nonce_length); - -/** Declare the lengths of the message and additional data for AEAD. - * - * The application must call this function before calling - * psa_aead_update_ad() or psa_aead_update() if the algorithm for - * the operation requires it. If the algorithm does not require it, - * calling this function is optional, but if this function is called - * then the implementation must enforce the lengths. - * - * You may call this function before or after setting the nonce with - * psa_aead_set_nonce() or psa_aead_generate_nonce(). - * - * - For #PSA_ALG_CCM, calling this function is required. - * - For the other AEAD algorithms defined in this specification, calling - * this function is not required. - * - For vendor-defined algorithm, refer to the vendor documentation. - * - * \param[in,out] operation Active AEAD operation. - * \param ad_length Size of the non-encrypted additional - * authenticated data in bytes. - * \param plaintext_length Size of the plaintext to encrypt in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, already completed, - * or psa_aead_update_ad() or psa_aead_update() already called). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * At least one of the lengths is not acceptable for the chosen - * algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length); - -/** Pass additional data to an active AEAD operation. - * - * Additional data is authenticated, but not encrypted. - * - * You may call this function multiple times to pass successive fragments - * of the additional data. You may not call this function after passing - * data to encrypt or decrypt with psa_aead_update(). - * - * Before calling this function, you must: - * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup(). - * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce(). - * - * If this function returns an error status, the operation becomes inactive. - * - * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS, - * there is no guarantee that the input is valid. Therefore, until - * you have called psa_aead_verify() and it has returned #PSA_SUCCESS, - * treat the input as untrusted and prepare to undo any action that - * depends on the input if psa_aead_verify() returns an error status. - * - * \param[in,out] operation Active AEAD operation. - * \param[in] input Buffer containing the fragment of - * additional data. - * \param input_length Size of the \p input buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, nonce not set, - * psa_aead_update() already called, or operation already completed). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total input length overflows the additional data length that - * was previously specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length); - -/** Encrypt or decrypt a message fragment in an active AEAD operation. - * - * Before calling this function, you must: - * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup(). - * The choice of setup function determines whether this function - * encrypts or decrypts its input. - * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce(). - * 3. Call psa_aead_update_ad() to pass all the additional data. - * - * If this function returns an error status, the operation becomes inactive. - * - * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS, - * there is no guarantee that the input is valid. Therefore, until - * you have called psa_aead_verify() and it has returned #PSA_SUCCESS: - * - Do not use the output in any way other than storing it in a - * confidential location. If you take any action that depends - * on the tentative decrypted data, this action will need to be - * undone if the input turns out not to be valid. Furthermore, - * if an adversary can observe that this action took place - * (for example through timing), they may be able to use this - * fact as an oracle to decrypt any message encrypted with the - * same key. - * - In particular, do not copy the output anywhere but to a - * memory or storage space that you have exclusive access to. - * - * \param[in,out] operation Active AEAD operation. - * \param[in] input Buffer containing the message fragment to - * encrypt or decrypt. - * \param input_length Size of the \p input buffer in bytes. - * \param[out] output Buffer where the output is to be written. - * \param output_size Size of the \p output buffer in bytes. - * \param[out] output_length On success, the number of bytes - * that make up the returned output. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, nonce not set - * or already completed). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update_ad() so far is - * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total input length overflows the plaintext length that - * was previously specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_update(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - unsigned char *output, - size_t output_size, - size_t *output_length); - -/** Finish encrypting a message in an AEAD operation. - * - * The operation must have been set up with psa_aead_encrypt_setup(). - * - * This function finishes the authentication of the additional data - * formed by concatenating the inputs passed to preceding calls to - * psa_aead_update_ad() with the plaintext formed by concatenating the - * inputs passed to preceding calls to psa_aead_update(). - * - * This function has two output buffers: - * - \p ciphertext contains trailing ciphertext that was buffered from - * preceding calls to psa_aead_update(). For all standard AEAD algorithms, - * psa_aead_update() does not buffer any output and therefore \p ciphertext - * will not contain any output and can be a 0-sized buffer. - * - \p tag contains the authentication tag. Its length is always - * #PSA_AEAD_TAG_LENGTH(\p alg) where \p alg is the AEAD algorithm - * that the operation performs. - * - * When this function returns, the operation becomes inactive. - * - * \param[in,out] operation Active AEAD operation. - * \param[out] ciphertext Buffer where the last part of the ciphertext - * is to be written. - * \param ciphertext_size Size of the \p ciphertext buffer in bytes. - * \param[out] ciphertext_length On success, the number of bytes of - * returned ciphertext. - * \param[out] tag Buffer where the authentication tag is - * to be written. - * \param tag_size Size of the \p tag buffer in bytes. - * \param[out] tag_length On success, the number of bytes - * that make up the returned tag. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, nonce not set, - * decryption, or already completed). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update_ad() so far is - * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update() so far is - * less than the plaintext length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_finish(psa_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length); - -/** Finish authenticating and decrypting a message in an AEAD operation. - * - * The operation must have been set up with psa_aead_decrypt_setup(). - * - * This function finishes the authentication of the additional data - * formed by concatenating the inputs passed to preceding calls to - * psa_aead_update_ad() with the ciphertext formed by concatenating the - * inputs passed to preceding calls to psa_aead_update(). - * - * When this function returns, the operation becomes inactive. - * - * \param[in,out] operation Active AEAD operation. - * \param[in] tag Buffer containing the authentication tag. - * \param tag_length Size of the \p tag buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (not set up, nonce not set, - * encryption, or already completed). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update_ad() so far is - * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update() so far is - * less than the plaintext length that was previously - * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_verify(psa_aead_operation_t *operation, - const uint8_t *tag, - size_t tag_length); - -/** Abort an AEAD operation. - * - * Aborting an operation frees all associated resources except for the - * \p operation structure itself. Once aborted, the operation object - * can be reused for another operation by calling - * psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again. - * - * You may call this function any time after the operation object has - * been initialized by any of the following methods: - * - A call to psa_aead_encrypt_setup() or psa_aead_decrypt_setup(), - * whether it succeeds or not. - * - Initializing the \c struct to all-bits-zero. - * - Initializing the \c struct to logical zeros, e.g. - * `psa_aead_operation_t operation = {0}`. - * - * In particular, calling psa_aead_abort() after the operation has been - * terminated by a call to psa_aead_abort() or psa_aead_finish() - * is safe and has no effect. - * - * \param[in,out] operation Initialized AEAD operation. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_BAD_STATE - * \p operation is not an active AEAD operation. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_abort(psa_aead_operation_t *operation); - -/**@}*/ - -/** \defgroup asymmetric Asymmetric cryptography - * @{ - */ - -/** - * \brief Sign a hash or short message with a private key. - * - * Note that to perform a hash-and-sign signature algorithm, you must - * first calculate the hash by calling psa_hash_setup(), psa_hash_update() - * and psa_hash_finish(). Then pass the resulting hash as the \p hash - * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) - * to determine the hash algorithm to use. + * Note that to perform a hash-and-sign signature algorithm, you must + * first calculate the hash by calling psa_hash_setup(), psa_hash_update() + * and psa_hash_finish(). Then pass the resulting hash as the \p hash + * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) + * to determine the hash algorithm to use. * * \param handle Handle to the key to use for the operation. * It must be an asymmetric key pair. @@ -2838,22 +2037,6 @@ static psa_crypto_generator_t psa_crypto_generator_init(void); psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, size_t *capacity); -/** Set the maximum capacity of a generator. - * - * \param[in,out] generator The generator object to modify. - * \param capacity The new capacity of the generator. - * It must be less or equal to the generator's - * current capacity. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p capacity is larger than the generator's current capacity. - * \retval #PSA_ERROR_BAD_STATE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - */ -psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, - size_t capacity); - /** Read some data from a generator. * * This function reads and returns a sequence of bytes from a generator. @@ -2866,7 +2049,7 @@ psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, * \param output_length Number of bytes to output. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY + * \retval #PSA_ERROR_INSUFFICIENT_DATA * There were fewer than \p output_length bytes * in the generator. Note that in this case, no * output is written to the output buffer. @@ -2908,7 +2091,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * Success. * If the key is persistent, the key material and the key's metadata * have been saved to persistent storage. - * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY + * \retval #PSA_ERROR_INSUFFICIENT_DATA * There were fewer than \p output_length bytes * in the generator. Note that in this case, no * output is written to the output buffer. @@ -2920,7 +2103,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * implementation in general or in this particular slot. * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE @@ -2978,172 +2161,94 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); /** Set up a key derivation operation. * - * A key derivation algorithm takes some inputs and uses them to create - * a byte generator which can be used to produce keys and other - * cryptographic material. - * - * To use a generator for key derivation: - * - Start with an initialized object of type #psa_crypto_generator_t. - * - Call psa_key_derivation_setup() to select the algorithm. - * - Provide the inputs for the key derivation by calling - * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() - * as appropriate. Which inputs are needed, in what order, and whether - * they may be keys and if so of what type depends on the algorithm. - * - Optionally set the generator's maximum capacity with - * psa_set_generator_capacity(). You may do this before, in the middle of - * or after providing inputs. For some algorithms, this step is mandatory - * because the output depends on the maximum capacity. - * - Generate output with psa_generator_read() or - * psa_generator_import_key(). Successive calls to these functions - * use successive output bytes from the generator. - * - Clean up the generator object with psa_generator_abort(). - * - * \param[in,out] generator The generator object to set up. It must - * have been initialized but not set up yet. + * A key derivation algorithm takes three inputs: a secret input \p key and + * two non-secret inputs \p label and p salt. + * The result of this function is a byte generator which can + * be used to produce keys and other cryptographic material. + * + * The role of \p label and \p salt is as follows: + * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step + * and \p label is the info string used in the "expand" step. + * + * \param[in,out] generator The generator object to set up. It must have + * been initialized as per the documentation for + * #psa_crypto_generator_t and not yet in use. + * \param handle Handle to the secret key. * \param alg The key derivation algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c alg is not a key derivation algorithm. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - */ -psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator, - psa_algorithm_t alg); - -/** Provide an input for key derivation or key agreement. - * - * Which inputs are required and in what order depends on the algorithm. - * Refer to the documentation of each key derivation or key agreement - * algorithm for information. - * - * This function passes direct inputs. Some inputs must be passed as keys - * using psa_key_derivation_input_key() instead of this function. Refer to - * the documentation of individual step types for information. - * - * \param[in,out] generator The generator object to use. It must - * have been set up with - * psa_key_derivation_setup() and must not - * have produced any output yet. - * \param step Which step the input data is for. - * \param[in] data Input data to use. - * \param data_length Size of the \p data buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the generator's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step does not allow direct inputs. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The value of \p step is not valid given the state of \p generator. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length); - -/** Provide an input for key derivation in the form of a key. - * - * Which inputs are required and in what order depends on the algorithm. - * Refer to the documentation of each key derivation or key agreement - * algorithm for information. - * - * This function passes key inputs. Some inputs must be passed as keys - * of the appropriate type using this function, while others must be - * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to - * the documentation of individual step types for information. - * - * \param[in,out] generator The generator object to use. It must - * have been set up with - * psa_key_derivation_setup() and must not - * have produced any output yet. - * \param step Which step the input data is for. - * \param handle Handle to the key. It must have an - * appropriate type for \p step and must - * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param[in] salt Salt to use. + * \param salt_length Size of the \p salt buffer in bytes. + * \param[in] label Label to use. + * \param label_length Size of the \p label buffer in bytes. + * \param capacity The maximum number of bytes that the + * generator will be able to provide. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the generator's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step does not allow key inputs. + * \c key is not compatible with \c alg, + * or \p capacity is too large for the specified algorithm and key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a key derivation algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The value of \p step is not valid given the state of \p generator. - * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, - psa_key_derivation_step_t step, - psa_key_handle_t handle); +psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, + psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *salt, + size_t salt_length, + const uint8_t *label, + size_t label_length, + size_t capacity); -/** Perform a key agreement and use the shared secret as input to a key - * derivation. +/** Set up a key agreement operation. * * A key agreement algorithm takes two inputs: a private key \p private_key * a public key \p peer_key. - * The result of this function is passed as input to a key derivation. - * The output of this key derivation can be extracted by reading from the - * resulting generator to produce keys and other cryptographic material. - * - * \param[in,out] generator The generator object to use. It must - * have been set up with - * psa_key_derivation_setup() with a - * key agreement and derivation algorithm - * \c alg (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true - * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) - * is false). - * The generator must be ready for an - * input of the type given by \p step. - * \param step Which step the input data is for. - * \param private_key Handle to the private key to use. + * The result of this function is a byte generator which can + * be used to produce keys and other cryptographic material. + * + * The resulting generator always has the maximum capacity permitted by + * the algorithm. + * + * \param[in,out] generator The generator object to set up. It must have been + * initialized as per the documentation for + * #psa_crypto_generator_t and not yet in use. + * \param private_key Handle to the private key to use. * \param[in] peer_key Public key of the peer. The peer key must be in the * same format that psa_import_key() accepts for the * public key type corresponding to the type of - * private_key. That is, this function performs the + * \p private_key. That is, this function performs the * equivalent of * `psa_import_key(internal_public_key_handle, * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(private_key_type), * peer_key, peer_key_length)` where - * `private_key_type` is the type of `private_key`. - * For example, for EC keys, this means that peer_key - * is interpreted as a point on the curve that the - * private key is on. The standard formats for public - * keys are documented in the documentation of - * psa_export_public_key(). - * \param peer_key_length Size of \p peer_key in bytes. + * `private_key_type` is the type of \p private_key. + * For example, for EC keys, this means that \p + * peer_key is interpreted as a point on the curve + * that the private key is associated with. The + * standard formats for public keys are documented in + * the documentation of psa_export_public_key(). + * \param peer_key_length Size of \p peer_key in bytes. + * \param alg The key agreement algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true). * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \c private_key is not compatible with \c alg, @@ -3157,62 +2262,10 @@ psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, * \retval #PSA_ERROR_TAMPERING_DETECTED */ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, - psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, - size_t peer_key_length); - -/** Perform a key agreement and use the shared secret as input to a key - * derivation. - * - * A key agreement algorithm takes two inputs: a private key \p private_key - * a public key \p peer_key. - * - * \warning The raw result of a key agreement algorithm such as finite-field - * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should - * not be used directly as key material. It should instead be passed as - * input to a key derivation algorithm. To chain a key agreement with - * a key derivation, use psa_key_agreement() and other functions from - * the key derivation and generator interface. - * - * \param private_key Handle to the private key to use. - * \param[in] peer_key Public key of the peer. It must be - * in the same format that psa_import_key() - * accepts. The standard formats for public - * keys are documented in the documentation - * of psa_export_public_key(). - * \param peer_key_length Size of \p peer_key in bytes. - * \param[out] output Buffer where the decrypted message is to - * be written. - * \param output_size Size of the \c output buffer in bytes. - * \param[out] output_length On success, the number of bytes - * that make up the returned output. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p alg is not a key agreement algorithm - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p private_key is not compatible with \p alg, - * or \p peer_key is not valid for \p alg or not compatible with - * \p private_key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not a supported key agreement algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + size_t peer_key_length, + psa_algorithm_t alg); /**@}*/ @@ -3285,18 +2338,6 @@ typedef struct { * specifying the public exponent. The * default public exponent used when \p extra * is \c NULL is 65537. - * - For an DSA key (\p type is - * #PSA_KEY_TYPE_DSA_KEYPAIR), \p extra is an - * optional structure specifying the key domain - * parameters. The key domain parameters can also be - * provided by psa_set_key_domain_parameters(), - * which documents the format of the structure. - * - For a DH key (\p type is - * #PSA_KEY_TYPE_DH_KEYPAIR), the \p extra is an - * optional structure specifying the key domain - * parameters. The key domain parameters can also be - * provided by psa_set_key_domain_parameters(), - * which documents the format of the structure. * \param extra_size Size of the buffer that \p extra * points to, in bytes. Note that if \p extra is * \c NULL then \p extra_size must be zero. @@ -3306,7 +2347,7 @@ typedef struct { * If the key is persistent, the key material and the key's metadata * have been saved to persistent storage. * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_OCCUPIED_SLOT + * \retval #PSA_ERROR_ALREADY_EXISTS * There is already a key in the specified slot. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT diff --git a/api-specs/include/psa/crypto_extra.h b/api-specs/include/psa/crypto_extra.h index 6711860c..1e330aca 100644 --- a/api-specs/include/psa/crypto_extra.h +++ b/api-specs/include/psa/crypto_extra.h @@ -1,7 +1,7 @@ /** * \file psa/crypto_extra.h * - * \brief PSA cryptography module: vendor extensions + * \brief PSA cryptography module: Mbed TLS vendor extensions * * \note This file may not be included directly. Applications must * include psa/crypto.h. @@ -30,11 +30,120 @@ #ifndef PSA_CRYPTO_EXTRA_H #define PSA_CRYPTO_EXTRA_H +#include "mbedtls/platform_util.h" + #ifdef __cplusplus extern "C" { #endif -/* Add vendor extensions here. */ +/* UID for secure storage seed */ +#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 + +/* + * Deprecated PSA Crypto error code definitions + */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define PSA_ERROR_UNKNOWN_ERROR \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR ) +#endif + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define PSA_ERROR_OCCUPIED_SLOT \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS ) +#endif + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define PSA_ERROR_EMPTY_SLOT \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST ) +#endif + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define PSA_ERROR_INSUFFICIENT_CAPACITY \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA ) +#endif + +/** + * \brief Library deinitialization. + * + * This function clears all data associated with the PSA layer, + * including the whole key store. + * + * This is an Mbed TLS extension. + */ +void mbedtls_psa_crypto_free( void ); + + +/** + * \brief Inject an initial entropy seed for the random generator into + * secure storage. + * + * This function injects data to be used as a seed for the random generator + * used by the PSA Crypto implementation. On devices that lack a trusted + * entropy source (preferably a hardware random number generator), + * the Mbed PSA Crypto implementation uses this value to seed its + * random generator. + * + * On devices without a trusted entropy source, this function must be + * called exactly once in the lifetime of the device. On devices with + * a trusted entropy source, calling this function is optional. + * In all cases, this function may only be called before calling any + * other function in the PSA Crypto API, including psa_crypto_init(). + * + * When this function returns successfully, it populates a file in + * persistent storage. Once the file has been created, this function + * can no longer succeed. + * + * If any error occurs, this function does not change the system state. + * You can call this function again after correcting the reason for the + * error if possible. + * + * \warning This function **can** fail! Callers MUST check the return status. + * + * \warning If you use this function, you should use it as part of a + * factory provisioning process. The value of the injected seed + * is critical to the security of the device. It must be + * *secret*, *unpredictable* and (statistically) *unique per device*. + * You should be generate it randomly using a cryptographically + * secure random generator seeded from trusted entropy sources. + * You should transmit it securely to the device and ensure + * that its value is not leaked or stored anywhere beyond the + * needs of transmitting it from the point of generation to + * the call of this function, and erase all copies of the value + * once this function returns. + * + * This is an Mbed TLS extension. + * + * \note This function is only available on the following platforms: + * * If the compile-time options MBEDTLS_ENTROPY_NV_SEED and + * MBEDTLS_PSA_HAS_ITS_IO are both enabled. Note that you + * must provide compatible implementations of mbedtls_nv_seed_read + * and mbedtls_nv_seed_write. + * * In a client-server integration of PSA Cryptography, on the client side, + * if the server supports this feature. + * \param[in] seed Buffer containing the seed value to inject. + * \param[in] seed_size Size of the \p seed buffer. + * The size of the seed in bytes must be greater + * or equal to both #MBEDTLS_ENTROPY_MIN_PLATFORM + * and #MBEDTLS_ENTROPY_BLOCK_SIZE. + * It must be less or equal to + * #MBEDTLS_ENTROPY_MAX_SEED_SIZE. + * + * \retval #PSA_SUCCESS + * The seed value was injected successfully. The random generator + * of the PSA Crypto implementation is now ready for use. + * You may now call psa_crypto_init() and use the PSA Crypto + * implementation. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p seed_size is out of range. + * \retval #PSA_ERROR_STORAGE_FAILURE + * There was a failure reading or writing from storage. + * \retval #PSA_ERROR_NOT_PERMITTED + * The library has already been initialized. It is no longer + * possible to call this function. + */ +psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, + size_t seed_size); + #ifdef __cplusplus } diff --git a/api-specs/include/psa/crypto_platform.h b/api-specs/include/psa/crypto_platform.h index ea60c959..52ee822e 100644 --- a/api-specs/include/psa/crypto_platform.h +++ b/api-specs/include/psa/crypto_platform.h @@ -1,7 +1,7 @@ /** * \file psa/crypto_platform.h * - * \brief PSA cryptography module: Platfom-specific definitions + * \brief PSA cryptography module: Mbed TLS platfom definitions * * \note This file may not be included directly. Applications must * include psa/crypto.h. @@ -35,11 +35,67 @@ #ifndef PSA_CRYPTO_PLATFORM_H #define PSA_CRYPTO_PLATFORM_H +/* Include the Mbed TLS configuration file, the way Mbed TLS does it + * in each of its header files. */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "../mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + /* PSA requires several types which C99 provides in stdint.h. */ #include -/* Integral type representing a key handle. The choice of integral - * type is implementation-dependent. */ +/* Integral type representing a key handle. */ typedef uint16_t psa_key_handle_t; +/* This implementation distinguishes *application key identifiers*, which + * are the key identifiers specified by the application, from + * *key file identifiers*, which are the key identifiers that the library + * sees internally. The two types can be different if there is a remote + * call layer between the application and the library which supports + * multiple client applications that do not have access to each others' + * keys. The point of having different types is that the key file + * identifier may encode not only the key identifier specified by the + * application, but also the the identity of the application. + * + * Note that this is an internal concept of the library and the remote + * call layer. The application itself never sees anything other than + * #psa_app_key_id_t with its standard definition. + */ + +/* The application key identifier is always what the application sees as + * #psa_key_id_t. */ +typedef uint32_t psa_app_key_id_t; + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) + +#if defined(PSA_CRYPTO_SECURE) +/* Building for the PSA Crypto service on a PSA platform. */ +/* A key owner is a PSA partition identifier. */ +typedef int32_t psa_key_owner_id_t; +#endif + +typedef struct +{ + uint32_t key_id; + psa_key_owner_id_t owner; +} psa_key_file_id_t; +#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) + +/* Since crypto.h is used as part of the PSA Cryptography API specification, + * it must use standard types for things like the argument of psa_open_key(). + * If it wasn't for that constraint, psa_open_key() would take a + * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an + * alias for `psa_key_file_id_t` when building for a multi-client service. */ +typedef psa_key_file_id_t psa_key_id_t; + +#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ + +/* By default, a key file identifier is just the application key identifier. */ +typedef psa_app_key_id_t psa_key_file_id_t; +#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) + +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ + #endif /* PSA_CRYPTO_PLATFORM_H */ diff --git a/api-specs/include/psa/crypto_sizes.h b/api-specs/include/psa/crypto_sizes.h index 046b5246..7967a290 100644 --- a/api-specs/include/psa/crypto_sizes.h +++ b/api-specs/include/psa/crypto_sizes.h @@ -268,27 +268,6 @@ (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \ 0) -/** The maximum size of the output of psa_aead_finish(), in bytes. - * - * If the size of the ciphertext buffer is at least this large, it is - * guaranteed that psa_aead_finish() will not fail due to an - * insufficient buffer size. Depending on the algorithm, the actual size of - * the ciphertext may be smaller. - * - * \param alg An AEAD algorithm - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(alg) is true). - * - * \return The maximum trailing ciphertext size for the - * specified algorithm. - * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. - */ -#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg, plaintext_length) \ - ((size_t)0) - /** The maximum size of the output of psa_aead_decrypt(), in bytes. * * If the size of the plaintext buffer is at least this large, it is @@ -313,9 +292,9 @@ (plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) : \ 0) -#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ - (PSA_ALG_IS_RSA_OAEP(alg) ? \ - 2 * PSA_HASH_FINAL_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \ +#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ + (PSA_ALG_IS_RSA_OAEP(alg) ? \ + 2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \ 11 /*PKCS#1v1.5*/) /** @@ -438,25 +417,16 @@ /* Maximum size of the export encoding of an RSA public key. * Assumes that the public exponent is less than 2^32. * - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } -- contains RSAPublicKey - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters NULL } * RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e * - * - 3 * 4 bytes of SEQUENCE overhead; - * - 1 + 1 + 9 bytes of algorithm (RSA OID); - * - 2 bytes of NULL; - * - 4 bytes of BIT STRING overhead; + * - 4 bytes of SEQUENCE overhead; * - n : INTEGER; * - 7 bytes for the public exponent. */ #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11) /* Maximum size of the export encoding of an RSA key pair. * Assumes thatthe public exponent is less than 2^32 and that the size @@ -523,26 +493,16 @@ /* Maximum size of the export encoding of an ECC public key. * - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } -- contains ECPoint - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters OBJECT IDENTIFIER } -- namedCurve - * ECPoint ::= ... - * -- first 8 bits: 0x04; - * -- then x_P as a `ceiling(m/8)`-byte string, big endian; - * -- then y_P as a `ceiling(m/8)`-byte string, big endian; - * -- where `m` is the bit size associated with the curve. - * - * - 2 * 4 bytes of SEQUENCE overhead; - * - 1 + 1 + 7 bytes of algorithm (id-ecPublicKey OID); - * - 1 + 1 + 12 bytes of namedCurve OID; - * - 4 bytes of BIT STRING overhead; - * - 1 byte + 2 * point size in ECPoint. + * The representation of an ECC public key is: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; + * - where m is the bit size associated with the curve. + * + * - 1 byte + 2 * point size. */ #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (2 * PSA_BITS_TO_BYTES(key_bits) + 36) + (2 * PSA_BITS_TO_BYTES(key_bits) + 1) /* Maximum size of the export encoding of an ECC key pair. * diff --git a/api-specs/include/psa/crypto_struct.h b/api-specs/include/psa/crypto_struct.h index df09fcb0..18b37ef2 100644 --- a/api-specs/include/psa/crypto_struct.h +++ b/api-specs/include/psa/crypto_struct.h @@ -1,11 +1,7 @@ /** * \file psa/crypto_struct.h * - * \brief PSA cryptography module: structured type implementations - * - * This file contains a list of structures that each implementation - * of the PSA Crypto API must define, as well as sample definitions - * for initializers. + * \brief PSA cryptography module: Mbed TLS structured type implementations * * \note This file may not be included directly. Applications must * include psa/crypto.h. @@ -39,40 +35,189 @@ #ifndef PSA_CRYPTO_STRUCT_H #define PSA_CRYPTO_STRUCT_H -struct psa_hash_operation_s; -#define PSA_HASH_OPERATION_INIT {0} +/* Include the Mbed TLS configuration file, the way Mbed TLS does it + * in each of its header files. */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "../mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/cipher.h" +#include "mbedtls/cmac.h" +#include "mbedtls/gcm.h" +#include "mbedtls/md.h" +#include "mbedtls/md2.h" +#include "mbedtls/md4.h" +#include "mbedtls/md5.h" +#include "mbedtls/ripemd160.h" +#include "mbedtls/sha1.h" +#include "mbedtls/sha256.h" +#include "mbedtls/sha512.h" + +struct psa_hash_operation_s +{ + psa_algorithm_t alg; + union + { + unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ +#if defined(MBEDTLS_MD2_C) + mbedtls_md2_context md2; +#endif +#if defined(MBEDTLS_MD4_C) + mbedtls_md4_context md4; +#endif +#if defined(MBEDTLS_MD5_C) + mbedtls_md5_context md5; +#endif +#if defined(MBEDTLS_RIPEMD160_C) + mbedtls_ripemd160_context ripemd160; +#endif +#if defined(MBEDTLS_SHA1_C) + mbedtls_sha1_context sha1; +#endif +#if defined(MBEDTLS_SHA256_C) + mbedtls_sha256_context sha256; +#endif +#if defined(MBEDTLS_SHA512_C) + mbedtls_sha512_context sha512; +#endif + } ctx; +}; + +#define PSA_HASH_OPERATION_INIT {0, {0}} static inline struct psa_hash_operation_s psa_hash_operation_init( void ) { const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; return( v ); } -struct psa_mac_operation_s; -#define PSA_MAC_OPERATION_INIT {0} +#if defined(MBEDTLS_MD_C) +typedef struct +{ + /** The hash context. */ + struct psa_hash_operation_s hash_ctx; + /** The HMAC part of the context. */ + uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; +} psa_hmac_internal_data; +#endif /* MBEDTLS_MD_C */ + +struct psa_mac_operation_s +{ + psa_algorithm_t alg; + unsigned int key_set : 1; + unsigned int iv_required : 1; + unsigned int iv_set : 1; + unsigned int has_input : 1; + unsigned int is_sign : 1; + uint8_t mac_size; + union + { + unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ +#if defined(MBEDTLS_MD_C) + psa_hmac_internal_data hmac; +#endif +#if defined(MBEDTLS_CMAC_C) + mbedtls_cipher_context_t cmac; +#endif + } ctx; +}; + +#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_mac_operation_s psa_mac_operation_init( void ) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; return( v ); } -struct psa_cipher_operation_s; -#define PSA_CIPHER_OPERATION_INIT {0} +struct psa_cipher_operation_s +{ + psa_algorithm_t alg; + unsigned int key_set : 1; + unsigned int iv_required : 1; + unsigned int iv_set : 1; + uint8_t iv_size; + uint8_t block_size; + union + { + unsigned dummy; /* Enable easier initializing of the union. */ + mbedtls_cipher_context_t cipher; + } ctx; +}; + +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}} static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; return( v ); } -struct psa_aead_operation_s; -#define PSA_AEAD_OPERATION_INIT {0} -static inline struct psa_aead_operation_s psa_aead_operation_init( void ) +#if defined(MBEDTLS_MD_C) +typedef struct { - const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; - return( v ); -} + uint8_t *info; + size_t info_length; + psa_hmac_internal_data hmac; + uint8_t prk[PSA_HASH_MAX_SIZE]; + uint8_t output_block[PSA_HASH_MAX_SIZE]; +#if PSA_HASH_MAX_SIZE > 0xff +#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" +#endif + uint8_t offset_in_block; + uint8_t block_number; +} psa_hkdf_generator_t; +#endif /* MBEDTLS_MD_C */ + +#if defined(MBEDTLS_MD_C) +typedef struct psa_tls12_prf_generator_s +{ + /* The TLS 1.2 PRF uses the key for each HMAC iteration, + * hence we must store it for the lifetime of the generator. + * This is different from HKDF, where the key is only used + * in the extraction phase, but not during expansion. */ + unsigned char *key; + size_t key_len; + + /* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */ + uint8_t *Ai_with_seed; + size_t Ai_with_seed_len; + + /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ + uint8_t output_block[PSA_HASH_MAX_SIZE]; + +#if PSA_HASH_MAX_SIZE > 0xff +#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" +#endif -struct psa_crypto_generator_s; -#define PSA_CRYPTO_GENERATOR_INIT {0} + /* Indicates how many bytes in the current HMAC block have + * already been read by the user. */ + uint8_t offset_in_block; + + /* The 1-based number of the block. */ + uint8_t block_number; + +} psa_tls12_prf_generator_t; +#endif /* MBEDTLS_MD_C */ + +struct psa_crypto_generator_s +{ + psa_algorithm_t alg; + size_t capacity; + union + { + struct + { + uint8_t *data; + size_t size; + } buffer; +#if defined(MBEDTLS_MD_C) + psa_hkdf_generator_t hkdf; + psa_tls12_prf_generator_t tls12_prf; +#endif + } ctx; +}; + +#define PSA_CRYPTO_GENERATOR_INIT {0, 0, {{0, 0}}} static inline struct psa_crypto_generator_s psa_crypto_generator_init( void ) { const struct psa_crypto_generator_s v = PSA_CRYPTO_GENERATOR_INIT; @@ -84,6 +229,7 @@ struct psa_key_policy_s psa_key_usage_t usage; psa_algorithm_t alg; }; + #define PSA_KEY_POLICY_INIT {0, 0} static inline struct psa_key_policy_s psa_key_policy_init( void ) { diff --git a/api-specs/include/psa/crypto_types.h b/api-specs/include/psa/crypto_types.h index 99d73f61..b8717e35 100644 --- a/api-specs/include/psa/crypto_types.h +++ b/api-specs/include/psa/crypto_types.h @@ -47,8 +47,13 @@ * This is either #PSA_SUCCESS (which is zero), indicating success, * or a nonzero value indicating that an error occurred. Errors are * encoded as one of the \c PSA_ERROR_xxx values defined here. + * If #PSA_SUCCESS is already defined, it means that #psa_status_t + * is also defined in an external header, so prevent its multiple + * definition. */ +#ifndef PSA_SUCCESS typedef int32_t psa_status_t; +#endif /**@}*/ @@ -85,7 +90,14 @@ typedef uint32_t psa_key_lifetime_t; /** Encoding of identifiers of persistent keys. */ +/* Implementation-specific quirk: The Mbed Crypto library can be built as + * part of a multi-client service that exposes the PSA Crypto API in each + * client and encodes the client identity in the key id argument of functions + * such as psa_open_key(). In this build configuration, we define + * psa_key_id_t in crypto_platform.h instead of here. */ +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) typedef uint32_t psa_key_id_t; +#endif /**@}*/ @@ -98,13 +110,4 @@ typedef uint32_t psa_key_usage_t; /**@}*/ -/** \defgroup derivation Key derivation - * @{ - */ - -/** \brief Encoding of the step of a key derivation. */ -typedef uint16_t psa_key_derivation_step_t; - -/**@}*/ - #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/api-specs/include/psa/crypto_values.h b/api-specs/include/psa/crypto_values.h index 88eaff65..2ce2de65 100644 --- a/api-specs/include/psa/crypto_values.h +++ b/api-specs/include/psa/crypto_values.h @@ -40,25 +40,17 @@ * @{ */ -#if !defined(PSA_SUCCESS) -/* If PSA_SUCCESS is defined, assume that PSA crypto is being used - * together with PSA IPC, which also defines the identifier - * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case; - * the other error code names don't clash. This is a temporary hack - * until we unify error reporting in PSA IPC and PSA crypto. - * - * Note that psa_defs.h must be included before this header! - */ +/* PSA error codes */ + /** The action was completed successfully. */ #define PSA_SUCCESS ((psa_status_t)0) -#endif /* !defined(PSA_SUCCESS) */ /** An error occurred that does not correspond to any defined * failure cause. * * Implementations may use this error code if none of the other standard * error codes are applicable. */ -#define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1) +#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132) /** The requested operation or a parameter is not supported * by this implementation. @@ -67,7 +59,7 @@ * parameter such as a key type, algorithm, etc. is not recognized. * If a combination of parameters is recognized and identified as * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */ -#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2) +#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) /** The requested action is denied by a policy. * @@ -80,7 +72,7 @@ * not valid or not supported, it is unspecified whether the function * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or * #PSA_ERROR_INVALID_ARGUMENT. */ -#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3) +#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) /** An output buffer is too small. * @@ -92,23 +84,19 @@ * buffer would succeed. However implementations may return this * error if a function has invalid or unsupported parameters in addition * to the parameters that determine the necessary output buffer size. */ -#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4) +#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) -/** A slot is occupied, but must be empty to carry out the - * requested action. +/** Asking for an item that already exists * - * If a handle is invalid, it does not designate an occupied slot. - * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE. - */ -#define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5) + * Implementations should return this error, when attempting + * to write an item (like a key) that already exists. */ +#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139) -/** A slot is empty, but must be occupied to carry out the - * requested action. +/** Asking for an item that doesn't exist * - * If a handle is invalid, it does not designate an empty slot. - * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE. - */ -#define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6) + * Implementations should return this error, if a requested item (like + * a key) does not exist. */ +#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140) /** The requested action cannot be performed in the current state. * @@ -118,9 +106,9 @@ * * Implementations shall not return this error code to indicate * that a key slot is occupied when it needs to be free or vice versa, - * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT + * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST * as applicable. */ -#define PSA_ERROR_BAD_STATE ((psa_status_t)7) +#define PSA_ERROR_BAD_STATE ((psa_status_t)-137) /** The parameters passed to the function are invalid. * @@ -129,20 +117,20 @@ * * Implementations shall not return this error code to indicate * that a key slot is occupied when it needs to be free or vice versa, - * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT + * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST * as applicable. * * Implementation shall not return this error code to indicate that a * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ -#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8) +#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) /** There is not enough runtime memory. * * If the action is carried out across multiple security realms, this * error can refer to available memory in any of the security realms. */ -#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9) +#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) /** There is not enough persistent storage. * @@ -151,7 +139,7 @@ * many functions that do not otherwise access storage may return this * error code if the implementation requires a mandatory log entry for * the requested action and the log storage space is full. */ -#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10) +#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142) /** There was a communication failure inside the implementation. * @@ -168,7 +156,7 @@ * cryptoprocessor but there was a breakdown of communication before * the cryptoprocessor could report the status to the application. */ -#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11) +#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145) /** There was a storage failure that may have led to data loss. * @@ -193,13 +181,13 @@ * permanent storage corruption. However application writers should * keep in mind that transient errors while reading the storage may be * reported using this error code. */ -#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12) +#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) /** A hardware failure was detected. * * A hardware failure may be transient or permanent depending on the * cause. */ -#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13) +#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) /** A tampering attempt was detected. * @@ -230,7 +218,7 @@ * This error indicates an attack against the application. Implementations * shall not return this error code as a consequence of the behavior of * the application itself. */ -#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14) +#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151) /** There is not enough entropy to generate random data needed * for the requested action. @@ -249,7 +237,7 @@ * secure pseudorandom generator (PRNG). However implementations may return * this error at any time if a policy requires the PRNG to be reseeded * during normal operation. */ -#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15) +#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148) /** The signature, MAC or hash is incorrect. * @@ -259,7 +247,7 @@ * * If the value to verify has an invalid size, implementations may return * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */ -#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16) +#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) /** The decrypted padding is incorrect. * @@ -275,17 +263,15 @@ * as close as possible to indistinguishable to an external observer. * In particular, the timing of a decryption operation should not * depend on the validity of the padding. */ -#define PSA_ERROR_INVALID_PADDING ((psa_status_t)17) +#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150) -/** The generator has insufficient capacity left. - * - * Once a function returns this error, attempts to read from the - * generator will always return this error. */ -#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18) +/** Return this error when there's insufficient data when attempting + * to read from a resource. */ +#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) /** The key handle is not valid. */ -#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)19) +#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) /**@}*/ @@ -497,15 +483,6 @@ #define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d) #define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e) -/** Diffie-Hellman key exchange public key. */ -#define PSA_KEY_TYPE_DH_PUBLIC_KEY ((psa_key_type_t)0x60040000) -/** Diffie-Hellman key exchange key pair (private and public key). */ -#define PSA_KEY_TYPE_DH_KEYPAIR ((psa_key_type_t)0x70040000) -/** Whether a key type is a Diffie-Hellman key exchange key (pair or - * public-only). */ -#define PSA_KEY_TYPE_IS_DH(type) \ - (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DH_PUBLIC_KEY) - /** The block size of a block cipher. * * \param type A cipher key type (value of type #psa_key_type_t). @@ -540,8 +517,9 @@ #define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000) #define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000) #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000) -#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000) -#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000) +#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x22000000) +#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x30000000) +#define PSA_ALG_CATEGORY_KEY_SELECTION ((psa_algorithm_t)0x31000000) #define PSA_ALG_IS_VENDOR_DEFINED(alg) \ (((alg) & PSA_ALG_VENDOR_FLAG) != 0) @@ -676,15 +654,18 @@ /** SHA3-512 */ #define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013) -/** Allow any hash algorithm. +/** In a hash-and-sign algorithm policy, allow any hash algorithm. + * + * This value may be used to form the algorithm usage field of a policy + * for a signature algorithm that is parametrized by a hash. The key + * may then be used to perform operations using the same signature + * algorithm parametrized with any supported hash. * - * This value may only be used to form the algorithm usage field of a policy - * for a signature algorithm that is parametrized by a hash. That is, - * suppose that `PSA_xxx_SIGNATURE` is one of the following macros: + * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros: * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, * - #PSA_ALG_DSA, #PSA_ALG_DETERMINISTIC_DSA, * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA. - * Then you may create a key as follows: + * Then you may create and use a key as follows: * - Set the key usage field using #PSA_ALG_ANY_HASH, for example: * ``` * psa_key_policy_set_usage(&policy, @@ -771,7 +752,7 @@ * algorithm is considered identical to the untruncated algorithm * for policy comparison purposes. * - * \param alg A MAC algorithm identifier (value of type + * \param mac_alg A MAC algorithm identifier (value of type * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg) * is true). This may be a truncated or untruncated * MAC algorithm. @@ -787,14 +768,14 @@ * MAC algorithm or if \p mac_length is too small or * too large for the specified MAC algorithm. */ -#define PSA_ALG_TRUNCATED_MAC(alg, mac_length) \ - (((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \ +#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \ + (((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \ ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK)) /** Macro to build the base MAC algorithm corresponding to a truncated * MAC algorithm. * - * \param alg A MAC algorithm identifier (value of type + * \param mac_alg A MAC algorithm identifier (value of type * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg) * is true). This may be a truncated or untruncated * MAC algorithm. @@ -803,12 +784,12 @@ * \return Unspecified if \p alg is not a supported * MAC algorithm. */ -#define PSA_ALG_FULL_LENGTH_MAC(alg) \ - ((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) +#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \ + ((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) /** Length to which a MAC algorithm is truncated. * - * \param alg A MAC algorithm identifier (value of type + * \param mac_alg A MAC algorithm identifier (value of type * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg) * is true). * @@ -817,8 +798,8 @@ * \return Unspecified if \p alg is not a supported * MAC algorithm. */ -#define PSA_MAC_TRUNCATED_LENGTH(alg) \ - (((alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET) +#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \ + (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET) #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000) #define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001) @@ -915,7 +896,7 @@ * Depending on the algorithm, the tag length may affect the calculation * of the ciphertext. * - * \param alg A AEAD algorithm identifier (value of type + * \param aead_alg An AEAD algorithm identifier (value of type * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg) * is true). * \param tag_length Desired length of the authentication tag in bytes. @@ -926,26 +907,26 @@ * AEAD algorithm or if \p tag_length is not valid * for the specified AEAD algorithm. */ -#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length) \ - (((alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \ +#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \ + (((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \ ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \ PSA_ALG_AEAD_TAG_LENGTH_MASK)) /** Calculate the corresponding AEAD algorithm with the default tag length. * - * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(\p alg) is true). + * \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). * - * \return The corresponding AEAD algorithm with the default tag length - * for that algorithm. + * \return The corresponding AEAD algorithm with the default + * tag length for that algorithm. */ -#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) \ +#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \ ( \ - PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM) \ - PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM) \ + PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \ + PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \ 0) -#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \ - PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \ +#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref) \ + PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \ PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \ ref : @@ -1169,20 +1150,11 @@ ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \ 0) -#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x20000100) +#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100) /** Macro to build an HKDF algorithm. * * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256. * - * This key derivation algorithm uses the following inputs: - * - #PSA_KDF_STEP_SALT is the salt used in the "extract" step. - * It is optional; if omitted, the derivation uses an empty salt. - * - #PSA_KDF_STEP_SECRET is the secret key used in the "extract" step. - * - #PSA_KDF_STEP_INFO is the info string used in the "expand" step. - * You must pass #PSA_KDF_STEP_SALT before #PSA_KDF_STEP_SECRET. - * You may pass #PSA_KDF_STEP_INFO at any time after steup and before - * starting to generate output. - * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). * @@ -1208,7 +1180,7 @@ #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x20000200) +#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200) /** Macro to build a TLS-1.2 PRF algorithm. * * TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, @@ -1247,7 +1219,7 @@ #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x20000300) +#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300) /** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm. * * In a pure-PSK handshake in TLS 1.2, the master secret is derived @@ -1287,48 +1259,51 @@ #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x080fffff) -#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0x10f00000) +#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff) -/** Macro to build a combined algorithm that chains a key agreement with - * a key derivation. +/** Use a shared secret as is. * - * \param ka_alg A key agreement algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_KEY_AGREEMENT(\p ka_alg) is true). - * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_KEY_DERIVATION(\p kdf_alg) is true). + * Specify this algorithm as the selection component of a key agreement + * to use the raw result of the key agreement as key material. * - * \return The corresponding key agreement and derivation - * algorithm. - * \return Unspecified if \p ka_alg is not a supported - * key agreement algorithm or \p kdf_alg is not a - * supported key derivation algorithm. + * \warning The raw result of a key agreement algorithm such as finite-field + * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should + * not be used directly as key material. It can however be used as the secret + * input in a key derivation algorithm. */ -#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \ - ((ka_alg) | (kdf_alg)) +#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001) #define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \ (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION) -#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \ - (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT) - -#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \ - (PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION) +#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \ + ((alg) & ~PSA_ALG_KEY_DERIVATION_MASK) -#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \ - ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg))) - -/** The finite-field Diffie-Hellman (DH) key agreement algorithm. +#define PSA_ALG_FFDH_BASE ((psa_algorithm_t)0x22100000) +/** The Diffie-Hellman key agreement algorithm. + * + * This algorithm combines the finite-field Diffie-Hellman (DH) key + * agreement, also known as Diffie-Hellman-Merkle (DHM) key agreement, + * to produce a shared secret from a private key and the peer's + * public key, with a key selection or key derivation algorithm to produce + * one or more shared keys and other shared cryptographic material. * * The shared secret produced by key agreement and passed as input to the * derivation or selection algorithm \p kdf_alg is the shared secret * `g^{ab}` in big-endian format. * It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p` * in bits. + * + * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such + * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true) + * or a key selection algorithm (\c PSA_ALG_XXX value such + * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true). + * + * \return The Diffie-Hellman algorithm with the specified + * selection or derivation algorithm. */ -#define PSA_ALG_FFDH ((psa_algorithm_t)0x30100000) - +#define PSA_ALG_FFDH(kdf_alg) \ + (PSA_ALG_FFDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK)) /** Whether the specified algorithm is a finite field Diffie-Hellman algorithm. * * This includes every supported key selection or key agreement algorithm @@ -1341,11 +1316,18 @@ * key agreement algorithm identifier. */ #define PSA_ALG_IS_FFDH(alg) \ - (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH) + (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE) +#define PSA_ALG_ECDH_BASE ((psa_algorithm_t)0x22200000) /** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm. * - * The shared secret produced by key agreement is the x-coordinate of + * This algorithm combines the elliptic curve Diffie-Hellman key + * agreement to produce a shared secret from a private key and the peer's + * public key, with a key selection or key derivation algorithm to produce + * one or more shared keys and other shared cryptographic material. + * + * The shared secret produced by key agreement and passed as input to the + * derivation or selection algorithm \p kdf_alg is the x-coordinate of * the shared secret point. It is always `ceiling(m / 8)` bytes long where * `m` is the bit size associated with the curve, i.e. the bit size of the * order of the curve's coordinate field. When `m` is not a multiple of 8, @@ -1367,9 +1349,17 @@ * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` * in big-endian byte order. * The bit size is `m` for the field `F_{2^m}`. + * + * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such + * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true) + * or a selection algorithm (\c PSA_ALG_XXX value such + * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true). + * + * \return The Diffie-Hellman algorithm with the specified + * selection or derivation algorithm. */ -#define PSA_ALG_ECDH ((psa_algorithm_t)0x30200000) - +#define PSA_ALG_ECDH(kdf_alg) \ + (PSA_ALG_ECDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK)) /** Whether the specified algorithm is an elliptic curve Diffie-Hellman * algorithm. * @@ -1384,25 +1374,7 @@ * key agreement algorithm identifier. */ #define PSA_ALG_IS_ECDH(alg) \ - (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH) - -/** Whether the specified algorithm encoding is a wildcard. - * - * Wildcard values may only be used to set the usage algorithm field in - * a policy, not to perform an operation. - * - * \param alg An algorithm identifier (value of type #psa_algorithm_t). - * - * \return 1 if \c alg is a wildcard algorithm encoding. - * \return 0 if \c alg is a non-wildcard algorithm encoding (suitable for - * an operation). - * \return This macro may return either 0 or 1 if \c alg is not a supported - * algorithm identifier. - */ -#define PSA_ALG_IS_WILDCARD(alg) \ - (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \ - PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \ - (alg) == PSA_ALG_ANY_HASH) + (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE) /** Whether the specified algorithm encoding is a wildcard. * @@ -1514,34 +1486,4 @@ /**@}*/ -/** \defgroup derivation Key derivation - * @{ - */ - -/** A secret input for key derivation. - * - * This must be a key of type #PSA_KEY_TYPE_DERIVE. - */ -#define PSA_KDF_STEP_SECRET ((psa_key_derivation_step_t)0x0101) - -/** A label for key derivation. - * - * This must be a direct input. - */ -#define PSA_KDF_STEP_LABEL ((psa_key_derivation_step_t)0x0201) - -/** A salt for key derivation. - * - * This must be a direct input. - */ -#define PSA_KDF_STEP_SALT ((psa_key_derivation_step_t)0x0202) - -/** An information string for key derivation. - * - * This must be a direct input. - */ -#define PSA_KDF_STEP_INFO ((psa_key_derivation_step_t)0x0203) - -/**@}*/ - #endif /* PSA_CRYPTO_VALUES_H */ diff --git a/api-tests/README.md b/api-tests/README.md index 98f1bcd5..cb664216 100644 --- a/api-tests/README.md +++ b/api-tests/README.md @@ -1,38 +1,37 @@ -# PSA APIs : Architecture Test Suite +# PSA APIs Architecture Test Suite ## Introduction -Arm Platform Security Architecture (PSA) is a holistic set of threat models, security analysis, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. One of the PSA goals is to make IoT security easier and quicker for everyone. This means having reliable, consistent APIs and useful built-in security functions for device manufacturers and the developer community. These PSA APIs provides a consistent developer experience hiding the underlying complexity of the security system. +Arm *Platform Security Architecture* (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. One of the PSA goals is to make IoT security easier and quicker for everyone. This means having reliable, consistent APIs and useful built-in security functions for device manufacturers and the developer community. These PSA APIs provides a consistent developer experience, hiding the underlying complexity of the security system. -For more information, visit the PSA webpage [here](https://developer.arm.com/products/architecture/platform-security-architecture) +For more information, visit the [PSA Webpage](https://developer.arm.com/products/architecture/platform-security-architecture). ## Architecture test suite -The current implementation of the Architecture test suite contains tests for following PSA APIs specifications. - -The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2 license allowing for external contribution. +The current implementation of the architecture test suite contains tests for PSA Firmware Framework and PSA Developer APIs specifications. The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license, allowing external contribution. ### PSA Firmware Framework (PSA-FF) -The test suite for this specification is located in the ff directory of this repository. See [PSA Firmware Framework Readme](ff/README.md) file for more details. +The test suite for this specification is located in the **ff** directory of this repository. See the [PSA Firmware Framework README](ff/README.md) file for more details. ### PSA Developer APIs -The test suite for this specification is located in the dev_apis directory of this repository. See [PSA Developer APIs Readme](dev_apis/README.md) file for more details. +The test suite for this specification is located in the **dev_apis** directory of this repository. See the [PSA Developer APIs README](dev_apis/README.md) file for more details. ## Release Update - - Release Version - 0.8 - - Code Quality: Please use this opportunity to suggest enhancements and point out errors. - - Current release contains following tests: - 1. Developer APIs test list: + - Release Version: 0.9 + - Code quality: Arm welcomes suggestions for enhancements and error corrections. + - This release contains following tests:
+ +1. Developer APIs test list: | Test Category | Specification Version | Header File | |--------------------------|--------------------------------------|-----------------------------------------------------------------------------------| -| Crypto | PSA Crypto API 1.0 Beta-1 | [crypto.h](../api-specs/include/psa/crypto.h) | -| Protected Storage | PSA Protected Storage API 1.0 | [protected_storage.h](../api-specs/include/psa/protected_storage.h) | -| Internal Trusted Storage | PSA Internal Trusted Storage API 1.0 | [internal_trusted_storage.h](../api-specs/include/psa/internal_trusted_storage.h) | -| Initial Attestation | PSA Initial Attestation API 1.0 Beta-0 | [initial_attestation.h](../api-specs/include/psa/initial_attestation.h) | +| Crypto | PSA Crypto API 1.0-Beta([mbedcrypto-1.0.0](https://github.com/ARMmbed/mbed-crypto/tree/mbedcrypto-1.0.0)) | [crypto.h](../api-specs/include/psa/crypto.h) | +| Protected Storage | PSA Protected Storage API 1.0-Beta2 | [protected_storage.h](../api-specs/include/psa/protected_storage.h) | +| Internal Trusted Storage | PSA Internal Trusted Storage API 1.0-Beta2 | [internal_trusted_storage.h](../api-specs/include/psa/internal_trusted_storage.h) | +| Initial Attestation | PSA Initial Attestation API 1.0-Beta0 | [initial_attestation.h](../api-specs/include/psa/initial_attestation.h) | -2. PSA-FF **IPC tests** that are written for version 1.0-Beta-0 of the PSA FF specification. +2. PSA-FF tests that are written for version 1.0-Beta1 of the PSA FF specification. ## License diff --git a/api-tests/dev_apis/README.md b/api-tests/dev_apis/README.md index 4ada39ed..518fe60e 100644 --- a/api-tests/dev_apis/README.md +++ b/api-tests/dev_apis/README.md @@ -1,34 +1,26 @@ -# PSA Developer APIs : Architecture Test Suite +# PSA Developer APIs Architecture Test Suite -## Introduction +## PSA Developer APIs -### PSA Developer APIs +PSA defines security service APIs for application developers. Some of these services are Crypto, Attestation, and Secure storage. For more information on API specifications, refer to the [PSA Developer APIs Specifications](../../api-specs/). -PSA defines security service APIs for application developers. Some of these services are Crypto Services, Attestation Services, and Secure Storage Services. For more information on API specification, refer the [PSA Developer facing APIs specifications](../../api-specs/) +## Architecture test suite -### Architecture Test Suite +The architecture test suite is a set of examples of the invariant behaviors that are specified in the PSA Developer APIs specifications. Use this suite to verify whether these behaviors are implemented correctly in your system. This suite contains self-checking and portable C-based tests with directed stimulus. These tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license, allowing external contribution. -The Architecture Test Suite is a set of examples of the invariant behaviours that are specified by the PSA Developer APIs Specifications. Use this suite to verify that these behaviours are implemented correctly in your system. +This test suite is not a substitute for design verification. To review the test logs, Arm licensees can contact Arm directly through their partner managers. -The Architecture Test Suite contains the tests that are self-checking, portable C-based tests with directed stimulus. +For more information on the architecture test suite framework and methodology to run the tests, refer to the [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf) document. -The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution. This test suite is not a substitute for design verification. To review the test logs, Arm licensees can contact Arm directly through their partner managers. +## Test scenarios -For more information on Architecture Test Suite specification, refer the [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf) document. +The mapping of the rules in the specification to the test cases and the steps followed in the tests are mentioned in the [Scenario Document](../docs/) that is present in the **docs/** folder. -## Tests Scenarios -The mapping of the rules in the specification to the test cases and the steps followed in the tests are mentioned in the [Scenario document](../docs/) present in the docs/ folder. +## Getting started - -## Getting Started - -Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests.
- -### Prerequisite - -Please make sure you have all required software installed as explained in the [software requirements](../docs/sw_requirements.md). +Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests. Make sure you have all required software installed as explained in the [Software Requirements Document](../docs/sw_requirements.md). ### Porting steps @@ -36,49 +28,51 @@ Refer to the [PSA Developer APIs Test Suite Porting Guide](../docs/porting_guide ### Build steps -To build test suite for a given platform, execute the following commands: +To build the test suite for your target platform, execute the following commands: ``` cd api-tests -./tools/scripts/setup.sh --target --cpu_arch --suite --build --include +./tools/scripts/setup.sh --target --cpu_arch --suite --build --include --archive_tests ```
where: -- is the same as the name of the target specific directory created in the platform/targets/ directory.
-- is the Arm Architecture version name for which test binaries should be compiled. For example, Armv7M, Armv8M-Baseline and Armv8M-Mainline Architecture.
-- is the suite name and it is same as the suite name available in test_suites/ directory.
-- is an additional directory to be included into compiler search path. Note- You must provide Developer APIs header file implementation to Test Suite build system using this option. For example - To compiler Crypto tests, include path must point to path where "psa/crypto.h" is located in your build system.
-- is an output directory to keep build files. +- is the same as the name of the target-specific directory created in the **platform/targets/** directory.
+- is the Arm Architecture version name for which the tests should be compiled. For example, Armv7M, Armv8M-Baseline and Armv8M-Mainline Architecture.
+- is the suite name that is the same as the suite name available in **dev_apis/** directory.
+- is a directory to store build output files.
+- is an additional directory to be included into the compiler search path.
+Note: You must provide Developer APIs header file implementation to the test suite build system using this option. For example, to compile Crypto tests, the include path must point to the path where **psa/crypto.h** is located in your build system.
+- Use **--archive_tests** option to create a combined test archive (**test_combine.a**) file by combining available test object files. Absence of this option creates a combined test binary (**test_elf_combine.bin**) by combining the available test ELF files. -Refer ./tools/scripts/setup.sh --help to know more about options. +For details about options, refer to **./tools/scripts/setup.sh --help**. -*To compile crypto tests for tgt_dev_apis_mbedos_fvp_mps2_m4 platform* +To compile Crypto tests for **tgt_dev_apis_mbedos_fvp_mps2_m4** platform, execute the following commands: ``` cd api-tests -./tools/scripts/setup.sh --target tgt_dev_apis_mbedos_fvp_mps2_m4 --cpu_arch armv7m --suite crypto --build BUILD_CRYPTO --include +./tools/scripts/setup.sh --target tgt_dev_apis_mbedos_fvp_mps2_m4 --cpu_arch armv7m --suite crypto --build BUILD_CRYPTO --include --archive_tests ``` ### Build output -Test suite build generates following binaries:
+Building the test suite generates the following NSPE binaries:
+- **/BUILD/val/val_nspe.a** +- **/BUILD/platform/pal_nspe.a** +- **/BUILD/dev_apis//test_combine.a** -NSPE libraries:
-1. /BUILD/val/val_nspe.a -2. /BUILD/platform/pal_nspe.a -3. /BUILD/dev_apis//test_elf_combine.bin +### Integrating the libraries into your target platform -### Binaries integration into your platform +1. Integrate **val_nspe.a**, **pal_nspe.a**, and **test_combine.a** libraries with your Non-secure OS so that these libraries get access to the PSA Developer APIs. For example, Crypto tests require access to PSA Crypto APIs. This forms an NSPE binary. +2. Load the NSPE binary to the Non-secure memory. +3. Build your SPE binary and load into the Secure memory. -1. Integrate val_nspe.a and pal_nspe.a libraries with your non-secure OS so that these libraries get access to PSA Developer APIs. For example, Crypto tests would require to get access to PSA Crypto APIs. This will form a NSPE binary. -2. Load NSPE binary and test_elf_combine.bin to NS memory -3. Build your SPE binary and load into S memory +## Test suite execution +The following steps describe the execution flow before the test execution:
-## Test Suite Execution -The following steps describe the execution flow prior to the start of test execution:
- -1. The target platform must load above binaries into appropriate memory.
-3. Upon booting firmware and non-secure OS, the SUT - boot software would give control to the test suite entry point- *void val_entry(void);* as an non-secure application entry point.
+1. The target platform must load the above binaries into appropriate memory.
+3. Upon booting firmware and Non-secure OS, the SUT boot software gives control to the test suite entry point void **val_entry(void);** as an Non-secure application entry point.
4. The tests are executed sequentially in a loop in the test_dispatcher function.
+For details on test suite integration, refer to the **Integrating the test suite with the SUT** section of [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf). + ## License Arm PSA test suite is distributed under Apache v2.0 License. @@ -94,4 +88,3 @@ Arm PSA test suite is distributed under Apache v2.0 License. -------------- *Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* - diff --git a/api-tests/dev_apis/crypto/test_c002/test_c002.c b/api-tests/dev_apis/crypto/test_c002/test_c002.c index 19e1c44f..e5c15a5e 100644 --- a/api-tests/dev_apis/crypto/test_c002/test_c002.c +++ b/api-tests/dev_apis/crypto/test_c002/test_c002.c @@ -139,6 +139,10 @@ int32_t psa_import_key_test(security_t caller) { return VAL_STATUS_INVALID; } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); } return VAL_STATUS_SUCCESS; @@ -185,7 +189,7 @@ int32_t psa_import_key_negative_test(security_t caller) /* Import the key data into the occupied key slot */ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle, check2[i].key_type, check2[i].key_data, check2[i].key_length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(5)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(5)); val->print(PRINT_TEST, "[Check %d] Test psa_import_key with zero as key handle\n", g_test_count++); diff --git a/api-tests/dev_apis/crypto/test_c002/test_data.h b/api-tests/dev_apis/crypto/test_c002/test_data.h index aaa6840b..0b2faea1 100644 --- a/api-tests/dev_apis/crypto/test_c002/test_data.h +++ b/api-tests/dev_apis/crypto/test_c002/test_data.h @@ -166,7 +166,7 @@ static test_data check1[] = { #ifdef ARCH_TEST_AES_128 {"Test psa_import_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, - 0x5F, 0xC9}, + 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS }, @@ -175,7 +175,7 @@ static test_data check1[] = { #ifdef ARCH_TEST_AES_192 {"Test psa_import_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES, {0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87, - 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, + 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05}, AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS }, @@ -269,7 +269,7 @@ static test_data check1[] = { {"Test psa_import_key with incorrect key data size\n", 12, PSA_KEY_TYPE_AES, {0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87, - 0x40, 0xAC, 0xA3, 0x90}, + 0x40, 0xAC, 0xA3, 0x90, 0x77}, AES_18B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_18B_KEY_SIZE), AES_18B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT }, @@ -277,7 +277,7 @@ BYTES_TO_BITS(AES_18B_KEY_SIZE), AES_18B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT {"Test psa_import_key with incorrect key type\n", 13, PSA_KEY_TYPE_VENDOR_FLAG, {0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87, - 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, + 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05}, AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_ERROR_NOT_SUPPORTED, }, @@ -289,9 +289,9 @@ static test_data check2[] = { #ifdef ARCH_TEST_AES_128 {"Test psa_import_key negative cases\n", 1, PSA_KEY_TYPE_AES, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, - 0x5F, 0xC9}, + 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, -BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_OCCUPIED_SLOT +BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_ALREADY_EXISTS }, #endif #endif diff --git a/api-tests/dev_apis/crypto/test_c003/test_c003.c b/api-tests/dev_apis/crypto/test_c003/test_c003.c index e25d80dd..1968cb15 100644 --- a/api-tests/dev_apis/crypto/test_c003/test_c003.c +++ b/api-tests/dev_apis/crypto/test_c003/test_c003.c @@ -112,8 +112,8 @@ int32_t psa_export_key_test(security_t caller) &key_type, &bits); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + /* Make sure the metada matches with the given data */ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7)); - TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8)); /* Export a key in binary format */ @@ -124,6 +124,7 @@ int32_t psa_export_key_test(security_t caller) if (check1[i].expected_status != PSA_SUCCESS) continue; + /* Check if the key length matches with the given length */ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10)); /* Check if original key data matches with the exported data */ @@ -177,7 +178,7 @@ int32_t psa_export_key_negative_test(security_t caller) /* Export a key in binary format */ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data, check2[i].key_length, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(5)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(5)); val->print(PRINT_TEST, "[Check %d] Test psa_export_key with zero as key handle\n", g_test_count++); diff --git a/api-tests/dev_apis/crypto/test_c003/test_data.h b/api-tests/dev_apis/crypto/test_c003/test_data.h index c5832c7d..dfe0a0b6 100644 --- a/api-tests/dev_apis/crypto/test_c003/test_data.h +++ b/api-tests/dev_apis/crypto/test_c003/test_data.h @@ -165,7 +165,7 @@ static test_data check1[] = { #ifdef ARCH_TEST_AES_128 {"Test psa_export_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, - 0x5F, 0xC9}, + 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS }, @@ -174,7 +174,7 @@ static test_data check1[] = { #ifdef ARCH_TEST_AES_192 {"Test psa_export_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES, {0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87, - 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, + 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05}, AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE, BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS }, @@ -260,14 +260,14 @@ static test_data check1[] = { #ifdef ARCH_TEST_AES_128 {"Test psa_export_key with key policy verify\n", 11, PSA_KEY_TYPE_AES, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, - 0x5F, 0xC9}, + 0x5F, 0xC9, 0x05}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CTR, BUFFER_SIZE, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_NOT_PERMITTED }, {"Test psa_export_key with less buffer size\n", 12, PSA_KEY_TYPE_AES, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, - 0x5F, 0xC9}, + 0x5F, 0xC9, 0x05}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, 14, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_BUFFER_TOO_SMALL }, @@ -280,7 +280,7 @@ static test_data check2[] = { #ifdef ARCH_TEST_AES_128 {"Test psa_export_key negative case\n", 13, PSA_KEY_TYPE_AES, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, - 0x5F, 0xC9}, + 0x5F, 0xC9, 0x05}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS }, diff --git a/api-tests/dev_apis/crypto/test_c004/test_c004.c b/api-tests/dev_apis/crypto/test_c004/test_c004.c index fceade54..d99c4837 100644 --- a/api-tests/dev_apis/crypto/test_c004/test_c004.c +++ b/api-tests/dev_apis/crypto/test_c004/test_c004.c @@ -185,7 +185,7 @@ int32_t test_psa_export_public_key_handle(security_t caller) /* Export a key in binary format */ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data, check2[i].key_length, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(5)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(5)); val->print(PRINT_TEST, "[Check %d] Test psa_export_key with zero as key handle\n", g_test_count++); diff --git a/api-tests/dev_apis/crypto/test_c005/test_c005.c b/api-tests/dev_apis/crypto/test_c005/test_c005.c index f5881929..1af6b369 100644 --- a/api-tests/dev_apis/crypto/test_c005/test_c005.c +++ b/api-tests/dev_apis/crypto/test_c005/test_c005.c @@ -115,8 +115,8 @@ int32_t psa_destroy_key_test(security_t caller) PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + /* Check that metadata matches with given data */ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7)); - TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8)); /* Destroy a key and restore the slot to its default state */ diff --git a/api-tests/dev_apis/crypto/test_c006/test_c006.c b/api-tests/dev_apis/crypto/test_c006/test_c006.c index ca6d5258..a18aaa79 100644 --- a/api-tests/dev_apis/crypto/test_c006/test_c006.c +++ b/api-tests/dev_apis/crypto/test_c006/test_c006.c @@ -113,8 +113,8 @@ int32_t psa_get_key_information_test(security_t caller) if (check1[i].expected_status != PSA_SUCCESS) continue; + /* Check that it matches with given data */ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7)); - TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8)); } @@ -159,7 +159,7 @@ int32_t psa_get_key_information_invalid_test(security_t caller) /* Get basic metadata about a key */ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle, &check2[i].key_type, &check2[i].key_length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(6)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(6)); val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with destroyed" " key handle\n", g_test_count++); diff --git a/api-tests/dev_apis/crypto/test_c006/test_data.h b/api-tests/dev_apis/crypto/test_c006/test_data.h index e4ae0774..ccc52e2c 100644 --- a/api-tests/dev_apis/crypto/test_c006/test_data.h +++ b/api-tests/dev_apis/crypto/test_c006/test_data.h @@ -255,10 +255,9 @@ static test_data check1[] = { 224, 28, PSA_SUCCESS }, #endif -#endif +#endif }; - static test_data check2[] = { #ifdef ARCH_TEST_CIPER_MODE_CTR #ifdef ARCH_TEST_AES_128 diff --git a/api-tests/dev_apis/crypto/test_c007/test_c007.c b/api-tests/dev_apis/crypto/test_c007/test_c007.c index 82a77c27..9b3371fc 100644 --- a/api-tests/dev_apis/crypto/test_c007/test_c007.c +++ b/api-tests/dev_apis/crypto/test_c007/test_c007.c @@ -181,7 +181,7 @@ int32_t psa_set_key_policy_negative_test(security_t caller) /* Set the usage policy on a key slot */ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy); - TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(8)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c007/test_data.h b/api-tests/dev_apis/crypto/test_c007/test_data.h index 183c3b56..75726963 100644 --- a/api-tests/dev_apis/crypto/test_c007/test_data.h +++ b/api-tests/dev_apis/crypto/test_c007/test_data.h @@ -277,7 +277,7 @@ static test_data check2[] = { {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, -BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_OCCUPIED_SLOT +BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_ALREADY_EXISTS }, #endif #endif diff --git a/api-tests/dev_apis/crypto/test_c008/test_c008.c b/api-tests/dev_apis/crypto/test_c008/test_c008.c index 05ce0f81..363d5c76 100644 --- a/api-tests/dev_apis/crypto/test_c008/test_c008.c +++ b/api-tests/dev_apis/crypto/test_c008/test_c008.c @@ -53,6 +53,8 @@ int32_t psa_get_key_policy_test(security_t caller) * usage of the key */ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy); + memset(&expected_usage, 0, sizeof(psa_key_usage_t)); + memset(&expected_alg, 0, sizeof(psa_algorithm_t)); /* Setting up the watchdog timer for each check */ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT); diff --git a/api-tests/dev_apis/crypto/test_c009/test_c009.c b/api-tests/dev_apis/crypto/test_c009/test_c009.c index aa4af152..9b252b88 100644 --- a/api-tests/dev_apis/crypto/test_c009/test_c009.c +++ b/api-tests/dev_apis/crypto/test_c009/test_c009.c @@ -55,6 +55,9 @@ int32_t psa_allocate_key_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3)); + /* Destroy a key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4)); } return VAL_STATUS_SUCCESS; @@ -62,7 +65,7 @@ int32_t psa_allocate_key_test(security_t caller) int32_t psa_allocate_key_negative_test(security_t caller) { - int32_t i, status; + int32_t i, j, status; psa_key_handle_t key_handle[MAX_KEYS]; /* Initialize the PSA crypto library*/ @@ -76,10 +79,18 @@ int32_t psa_allocate_key_negative_test(security_t caller) /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle[i]); if (status != PSA_SUCCESS) + { + TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY, TEST_CHECKPOINT_NUM(2)); break; + } } - TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY, TEST_CHECKPOINT_NUM(2)); + for (j = 0; j < i; j++) + { + /* Destroy a key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key_handle[j]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + } return VAL_STATUS_SUCCESS; } diff --git a/api-tests/dev_apis/crypto/test_c009/test_data.h b/api-tests/dev_apis/crypto/test_c009/test_data.h index 4a859864..fd4be3c2 100644 --- a/api-tests/dev_apis/crypto/test_c009/test_data.h +++ b/api-tests/dev_apis/crypto/test_c009/test_data.h @@ -20,67 +20,53 @@ typedef struct { char test_desc[75]; psa_key_handle_t key_handle; - psa_key_type_t key_type; - size_t key_length; psa_status_t expected_status; } test_data; static test_data check1[] = { #ifdef ARCH_TEST_AES_128 -{"Test psa_allocate_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES, - AES_16B_KEY_SIZE, PSA_SUCCESS +{"Test psa_allocate_key 16 Byte AES\n", 1, PSA_SUCCESS }, #endif #ifdef ARCH_TEST_AES_192 -{"Test psa_allocate_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES, - AES_24B_KEY_SIZE, PSA_SUCCESS +{"Test psa_allocate_key 24 Byte AES\n", 2, PSA_SUCCESS }, #endif #ifdef ARCH_TEST_AES_256 -{"Test psa_allocate_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES, - AES_32B_KEY_SIZE, PSA_SUCCESS +{"Test psa_allocate_key 32 Byte AES\n", 3, PSA_SUCCESS }, #endif #ifdef ARCH_TEST_RSA_2048 -{"Test psa_allocate_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY, - 294, PSA_SUCCESS +{"Test psa_allocate_key 2048 RSA public key\n", 4, PSA_SUCCESS }, -{"Test psa_allocate_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR, - 1193, PSA_SUCCESS +{"Test psa_allocate_key with RSA 2048 keypair\n", 5, PSA_SUCCESS, }, #endif #ifdef ARCH_TEST_DES_1KEY -{"Test psa_allocate_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES, - DES_8B_KEY_SIZE, PSA_SUCCESS +{"Test psa_allocate_key with DES 64 bit key\n", 6, PSA_SUCCESS, }, #endif #ifdef ARCH_TEST_DES_2KEY -{"Test psa_allocate_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES, - DES3_2KEY_SIZE, PSA_SUCCESS +{"Test psa_allocate_key with Triple DES 2-Key\n", 7, PSA_SUCCESS, }, #endif #ifdef ARCH_TEST_DES_3KEY -{"Test psa_allocate_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES, - DES3_3KEY_SIZE, PSA_SUCCESS +{"Test psa_allocate_key with Triple DES 3-Key\n", 8, PSA_SUCCESS, }, #endif #ifdef ARCH_TEST_ECC_CURVE_SECP192R1 -{"Test psa_allocate_key with EC Public key\n", 9, - PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_ECC_CURVE_SECP192R1, - 75, PSA_SUCCESS +{"Test psa_allocate_key with EC Public key\n", 9, PSA_SUCCESS, }, -{"Test psa_allocate_key with EC keypair\n", 10, - PSA_KEY_TYPE_ECC_KEYPAIR_BASE | PSA_ECC_CURVE_SECP192R1, - 97, PSA_SUCCESS +{"Test psa_allocate_key with EC keypair\n", 10, PSA_SUCCESS }, #endif }; diff --git a/api-tests/dev_apis/crypto/test_c011/test_c011.c b/api-tests/dev_apis/crypto/test_c011/test_c011.c index 7e4b4dff..13176a2e 100644 --- a/api-tests/dev_apis/crypto/test_c011/test_c011.c +++ b/api-tests/dev_apis/crypto/test_c011/test_c011.c @@ -43,6 +43,8 @@ int32_t psa_hash_setup_test(security_t caller) { val->print(PRINT_TEST, "[Check %d] ", g_test_count++); val->print(PRINT_TEST, check1[i].test_desc, 0); + + /* Initialize the structure */ memset(&operation, 0, sizeof(operation)); /* Setting up the watchdog timer for each check */ @@ -53,9 +55,16 @@ int32_t psa_hash_setup_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3)); - /*Abort the hash operation */ - status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4)); + if (check1[i].expected_status == PSA_SUCCESS) + { + /* Start a multipart hash operation */ + status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(4)); + + /*Abort the hash operation */ + status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); + } } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c011/test_data.h b/api-tests/dev_apis/crypto/test_c011/test_data.h index fab7bd59..64b233b7 100644 --- a/api-tests/dev_apis/crypto/test_c011/test_data.h +++ b/api-tests/dev_apis/crypto/test_c011/test_data.h @@ -114,7 +114,16 @@ static test_data check1[] = { }, #endif +{"Test psa_hash_setup with Invalid hash algorithm\n", + PSA_HASH_ALG_INVALID, PSA_ERROR_NOT_SUPPORTED, +}, + {"Test psa_hash_setup with Invalid algorithm\n", PSA_ALG_INVALID, PSA_ERROR_INVALID_ARGUMENT, }, + +{"Test psa_hash_setup with CTR algorithm\n", + PSA_ALG_CTR, PSA_ERROR_INVALID_ARGUMENT, +}, + }; diff --git a/api-tests/dev_apis/crypto/test_c012/test_c012.c b/api-tests/dev_apis/crypto/test_c012/test_c012.c index 5a3181cb..a02f8ada 100644 --- a/api-tests/dev_apis/crypto/test_c012/test_c012.c +++ b/api-tests/dev_apis/crypto/test_c012/test_c012.c @@ -45,6 +45,8 @@ int32_t psa_hash_update_test(security_t caller) { val->print(PRINT_TEST, "[Check %d] ", g_test_count++); val->print(PRINT_TEST, check1[i].test_desc, 0); + + /* Initialize the hash structure */ memset(&operation, 0, sizeof(operation)); /* Setting up the watchdog timer for each check */ @@ -72,7 +74,7 @@ int32_t psa_hash_update_invalid_handle(security_t caller) { psa_hash_operation_t operation; uint8_t input[] = "Hello World"; - size_t input_length = sizeof(input)/sizeof(input[0]); + size_t input_length = sizeof(input); int32_t status; /* Initialize the PSA crypto library*/ @@ -81,6 +83,8 @@ int32_t psa_hash_update_invalid_handle(security_t caller) val->print(PRINT_TEST, "[Check %d] ", g_test_count++); val->print(PRINT_TEST, "Test psa_hash_update without hash setup\n", 0); + + /* Initialize the hash structure */ memset(&operation, 0, sizeof(operation)); /* Setting up the watchdog timer for each check */ @@ -102,13 +106,13 @@ int32_t psa_hash_update_with_completed_handle(security_t caller) { psa_hash_operation_t operation; uint8_t input[] = {0xbd}; - size_t input_length = sizeof(input)/sizeof(input[0]); + size_t input_length = sizeof(input); psa_algorithm_t alg = PSA_ALG_SHA_256; uint8_t hash[] = {0x68, 0x32, 0x57, 0x20, 0xAA, 0xBD, 0x7C, 0x82, 0xF3, 0x0F, 0x55, 0x4B, 0x31, 0x3D, 0x05, 0x70, 0xC9, 0x5A, 0xCC, 0xBB, 0x7D, 0xC4, 0xB5, 0xAA, 0xE1, 0x12, 0x04, 0xC0, 0x8F, 0xFE, 0x73, 0x2B}; - size_t hash_length = sizeof(hash)/sizeof(hash[0]); + size_t hash_length = sizeof(hash); int32_t status; /* Initialize the PSA crypto library*/ diff --git a/api-tests/dev_apis/crypto/test_c014/test_c014.c b/api-tests/dev_apis/crypto/test_c014/test_c014.c index 48e3c5ab..272e0e0f 100644 --- a/api-tests/dev_apis/crypto/test_c014/test_c014.c +++ b/api-tests/dev_apis/crypto/test_c014/test_c014.c @@ -38,7 +38,7 @@ int32_t psa_hash_finish_test(security_t caller) psa_hash_operation_t operation; const char *expected_hash; char hash[HASH_64B]; - size_t hash_length, hash_size = sizeof(hash)/sizeof(hash[0]); + size_t hash_length, hash_size = sizeof(hash); /* Initialize the PSA crypto library*/ status = val->crypto_function(VAL_CRYPTO_INIT); @@ -77,14 +77,10 @@ int32_t psa_hash_finish_test(security_t caller) if (check1[i].expected_status != PSA_SUCCESS) { - /*Abort the hash operation */ - status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); continue; } TEST_ASSERT_EQUAL(hash_length, PSA_HASH_SIZE(check1[i].alg), TEST_CHECKPOINT_NUM(7)); - TEST_ASSERT_MEMCMP(hash, expected_hash, hash_length, TEST_CHECKPOINT_NUM(8)); /*Abort the hash operation */ @@ -102,7 +98,7 @@ int32_t psa_hash_finish_inactive_operation_handle(security_t caller) size_t input_length = 1; psa_algorithm_t alg = PSA_ALG_SHA_256; char hash[HASH_64B]; - size_t hash_length, hash_size = sizeof(hash)/sizeof(hash[0]); + size_t hash_length, hash_size = sizeof(hash); int32_t status; /* Initialize the PSA crypto library*/ diff --git a/api-tests/dev_apis/crypto/test_c015/test_c015.c b/api-tests/dev_apis/crypto/test_c015/test_c015.c index 208d7b56..8f725f3e 100644 --- a/api-tests/dev_apis/crypto/test_c015/test_c015.c +++ b/api-tests/dev_apis/crypto/test_c015/test_c015.c @@ -74,7 +74,7 @@ int32_t psa_hash_abort_before_operation_finish(security_t caller) size_t input_length = 1; psa_algorithm_t alg = PSA_ALG_SHA_256; char hash[HASH_64B]; - size_t hash_length, hash_size = sizeof(hash)/sizeof(hash[0]); + size_t hash_length, hash_size = sizeof(hash); int32_t status; /* Initialize the PSA crypto library*/ diff --git a/api-tests/dev_apis/crypto/test_c016/test_c016.c b/api-tests/dev_apis/crypto/test_c016/test_c016.c index 5862ba56..9781827a 100644 --- a/api-tests/dev_apis/crypto/test_c016/test_c016.c +++ b/api-tests/dev_apis/crypto/test_c016/test_c016.c @@ -76,23 +76,33 @@ int32_t psa_generate_key_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5)); if (check1[i].expected_status != PSA_SUCCESS) + { + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + continue; + } /* Get basic metadata about a key */ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle, &key_type, &bits); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); - TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(8)); - TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(9)); /* Export a key in binary format */ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data, BUFFER_SIZE, &length); - TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(10)); + + TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(11)); - TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10)); + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); } return VAL_STATUS_SUCCESS; @@ -156,7 +166,7 @@ int32_t psa_generate_key_negative_test(security_t caller) /* Generate a key or key pair */ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle, check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size); - TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(8)); val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with destroyed key handle\n", g_test_count++); diff --git a/api-tests/dev_apis/crypto/test_c017/test_c017.c b/api-tests/dev_apis/crypto/test_c017/test_c017.c index 10387b8d..8aeab9c9 100644 --- a/api-tests/dev_apis/crypto/test_c017/test_c017.c +++ b/api-tests/dev_apis/crypto/test_c017/test_c017.c @@ -28,13 +28,14 @@ client_test_t test_c017_crypto_list[] = { }; static int g_test_count = 1; +static uint8_t data[BUFFER_SIZE], changed[BUFFER_SIZE]; int32_t psa_generate_random_test(security_t caller) { - int num_checks = sizeof(check1)/sizeof(check1[0]); - uint32_t i, j, data_sum; - uint8_t data[BUFFER_SIZE] = {0}; - int32_t status; + int num_checks = sizeof(check1)/sizeof(check1[0]); + uint32_t i, j, run; + uint8_t trail[] = "don't overwrite me"; + int32_t status; /* Initialize the PSA crypto library*/ status = val->crypto_function(VAL_CRYPTO_INIT); @@ -45,29 +46,44 @@ int32_t psa_generate_random_test(security_t caller) val->print(PRINT_TEST, "[Check %d] ", g_test_count++); val->print(PRINT_TEST, check1[i].test_desc, 0); + memset(data, 0, sizeof(data)); + memcpy(data + check1[i].size, trail, sizeof(trail)); + /* Setting up the watchdog timer for each check */ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT); TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2)); - /* Generate random bytes */ - status = val->crypto_function(VAL_CRYPTO_GENERATE_RANDOM, data, check1[i].size); - TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3)); + /* Run several times, to ensure that every output byte will be + * nonzero at least once with overwhelming probability + * (2^(-8*number_of_runs)). + */ + for (run = 0; run < 10; run++) + { + memset(data, 0, check1[i].size); + + /* Generate random bytes */ + status = val->crypto_function(VAL_CRYPTO_GENERATE_RANDOM, data, check1[i].size); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3)); - if (check1[i].expected_status != PSA_SUCCESS) - continue; + /* Check that no more than bytes have been overwritten */ + status = memcmp(data + check1[i].size, trail, sizeof(trail)); + TEST_ASSERT_EQUAL(status, 0, TEST_CHECKPOINT_NUM(4)); - data_sum = 0; - /* Check that if generated data are zero */ + for (j = 0; j < check1[i].size; j++) + { + if (data[j] != 0) + ++changed[j]; + } + } + + /* Check that every byte was changed to nonzero at least once. This + * validates that psa_generate_random is overwriting every byte of + * the output buffer. + */ for (j = 0; j < check1[i].size; j++) { - data_sum += data[j]; - data[j] = 0; + TEST_ASSERT_NOT_EQUAL(changed[j], 0, TEST_CHECKPOINT_NUM(5)); } - - if (check1[i].size != 0) - TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(4)); - else - TEST_ASSERT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(5)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c017/test_data.h b/api-tests/dev_apis/crypto/test_c017/test_data.h index 4e0c46cf..53a7c24f 100644 --- a/api-tests/dev_apis/crypto/test_c017/test_data.h +++ b/api-tests/dev_apis/crypto/test_c017/test_data.h @@ -50,7 +50,4 @@ static test_data check1[] = { {"Test psa_generate_random to get 1000 Byte data\n", 100, PSA_SUCCESS }, - -{"Test psa_generate_random to get 1024 Byte data\n", 1024, PSA_SUCCESS -}, }; diff --git a/api-tests/dev_apis/crypto/test_c018/test_c018.c b/api-tests/dev_apis/crypto/test_c018/test_c018.c index 971c6de3..0bdf91a7 100644 --- a/api-tests/dev_apis/crypto/test_c018/test_c018.c +++ b/api-tests/dev_apis/crypto/test_c018/test_c018.c @@ -24,6 +24,7 @@ client_test_t test_c018_crypto_list[] = { NULL, psa_generator_read_test, + psa_generator_read_negative_test, NULL, }; @@ -95,6 +96,11 @@ int32_t psa_generator_read_test(security_t caller) /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + continue; } @@ -106,7 +112,7 @@ int32_t psa_generator_read_test(security_t caller) } memset(data, 0, sizeof(data)); - TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(10)); remaining_size = check1[i].capacity - check1[i].size; if (remaining_size > 0) @@ -114,7 +120,7 @@ int32_t psa_generator_read_test(security_t caller) /* Read some data from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data, remaining_size); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); data_sum = 0; /* Check that if generated data are zero */ @@ -124,23 +130,52 @@ int32_t psa_generator_read_test(security_t caller) } memset(data, 0, sizeof(data)); - TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(12)); /* Read some data from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data, check1[i].size); - TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_CAPACITY, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(13)); } - /* Read data using invalid generator handle */ - status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &invalid_generator, - data, 1); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13)); - /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15)); + } + + return VAL_STATUS_SUCCESS; +} + +int32_t psa_generator_read_negative_test(security_t caller) +{ + uint32_t i; + psa_crypto_generator_t generator[] = {psa_crypto_generator_init(), + PSA_CRYPTO_GENERATOR_INIT, {0} }; + uint32_t generator_count = sizeof(generator)/sizeof(generator[0]); + int32_t status; + + val->print(PRINT_TEST, "[Check %d] ", g_test_count++); + val->print(PRINT_TEST, "Test psa_generator_read without setup\n", 0); + + /* Initialize the PSA crypto library*/ + status = val->crypto_function(VAL_CRYPTO_INIT); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1)); + + memset(data, 0, sizeof(data)); + + for (i = 0; i < generator_count; i++) + { + status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator[i], data, 1); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2)); + + status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator[i]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); } return VAL_STATUS_SUCCESS; } + diff --git a/api-tests/dev_apis/crypto/test_c018/test_c018.h b/api-tests/dev_apis/crypto/test_c018/test_c018.h index 34f72c8d..bd196511 100644 --- a/api-tests/dev_apis/crypto/test_c018/test_c018.h +++ b/api-tests/dev_apis/crypto/test_c018/test_c018.h @@ -27,4 +27,5 @@ extern psa_api_t *psa; extern client_test_t test_c018_crypto_list[]; int32_t psa_generator_read_test(security_t caller); +int32_t psa_generator_read_negative_test(security_t caller); #endif /* _TEST_C018_CLIENT_TESTS_H_ */ diff --git a/api-tests/dev_apis/crypto/test_c018/test_data.h b/api-tests/dev_apis/crypto/test_c018/test_data.h index 9506e173..f2c136e1 100644 --- a/api-tests/dev_apis/crypto/test_c018/test_data.h +++ b/api-tests/dev_apis/crypto/test_c018/test_data.h @@ -76,7 +76,7 @@ static test_data check1[] = { {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1), {0}, 0, {0}, 0, 64, - 70, PSA_ERROR_INSUFFICIENT_CAPACITY + 70, PSA_ERROR_INSUFFICIENT_DATA }, {"Test psa_generator_read to request maximum capacity\n", 4, PSA_KEY_TYPE_DERIVE, @@ -90,7 +90,7 @@ static test_data check1[] = { {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1), {0}, 0, {0}, 0, (255 * 20), - ((255 * 20) + 1), PSA_ERROR_INSUFFICIENT_CAPACITY + ((255 * 20) + 1), PSA_ERROR_INSUFFICIENT_DATA }, #endif #endif diff --git a/api-tests/dev_apis/crypto/test_c019/test_c019.c b/api-tests/dev_apis/crypto/test_c019/test_c019.c index c110892c..3f0a670c 100644 --- a/api-tests/dev_apis/crypto/test_c019/test_c019.c +++ b/api-tests/dev_apis/crypto/test_c019/test_c019.c @@ -24,6 +24,7 @@ client_test_t test_c019_crypto_list[] = { NULL, psa_get_generator_capacity_test, + psa_get_generator_capacity_negative_test, NULL, }; @@ -94,27 +95,66 @@ int32_t psa_get_generator_capacity_test(security_t caller) /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + continue; } - TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(10)); /* Generate random bytes */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data, check1[i].size); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); remaining_size = check1[i].capacity - check1[i].size; /* Retrieve the current capacity of a generator */ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); - TEST_ASSERT_EQUAL(capacity, remaining_size, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(capacity, remaining_size, TEST_CHECKPOINT_NUM(13)); /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15)); + } + + return VAL_STATUS_SUCCESS; +} + +int32_t psa_get_generator_capacity_negative_test(security_t caller) +{ + uint32_t i; + size_t capacity; + psa_crypto_generator_t generator[] = {psa_crypto_generator_init(), + PSA_CRYPTO_GENERATOR_INIT, {0} }; + uint32_t generator_count = sizeof(generator)/sizeof(generator[0]); + int32_t status; + + /* Initialize the PSA crypto library*/ + status = val->crypto_function(VAL_CRYPTO_INIT); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1)); + + val->print(PRINT_TEST, "[Check %d] ", g_test_count++); + val->print(PRINT_TEST, "Test psa_get_generator_capacity without setup\n", 0); + + for (i = 0; i < generator_count; i++) + { + /* Retrieve the current capacity of a generator */ + status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator[i], &capacity); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2)); + + /* Abort a generator */ + status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator[i]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c019/test_c019.h b/api-tests/dev_apis/crypto/test_c019/test_c019.h index da29369c..d8924d3a 100644 --- a/api-tests/dev_apis/crypto/test_c019/test_c019.h +++ b/api-tests/dev_apis/crypto/test_c019/test_c019.h @@ -27,4 +27,5 @@ extern psa_api_t *psa; extern client_test_t test_c019_crypto_list[]; int32_t psa_get_generator_capacity_test(security_t caller); +int32_t psa_get_generator_capacity_negative_test(security_t caller); #endif /* _TEST_C019_CLIENT_TESTS_H_ */ diff --git a/api-tests/dev_apis/crypto/test_c020/test_c020.c b/api-tests/dev_apis/crypto/test_c020/test_c020.c index 700c3de0..0363d03f 100644 --- a/api-tests/dev_apis/crypto/test_c020/test_c020.c +++ b/api-tests/dev_apis/crypto/test_c020/test_c020.c @@ -78,12 +78,12 @@ int32_t psa_generator_import_key_test(security_t caller) /* Set the usage policy on a key slot */ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_1], &policy); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4)); /* Import the key data into the key slot */ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle[SLOT_1], check1[i].key_type[SLOT_1], check1[i].key_data, check1[i].key_length); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); /* Set up a key derivation operation. Using this function to initialize the generate as * XOR or PRNG generator initialization is not implemented. @@ -91,7 +91,7 @@ int32_t psa_generator_import_key_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle[SLOT_1], check1[i].key_alg[SLOT_1], &salt, salt_length, &label, label_length, check1[i].capacity); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); /* Initialize a key policy structure to a default that forbids all * usage of the key @@ -104,32 +104,40 @@ int32_t psa_generator_import_key_test(security_t caller) /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_2]); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); /* Set the usage policy on a key slot */ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_2], &policy); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); /* Create a symmetric key from data read from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check1[i].key_handle[SLOT_2], check1[i].key_type[SLOT_2], BYTES_TO_BITS(check1[i].size), &generator); - TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9)); if (check1[i].expected_status != PSA_SUCCESS) { /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_1]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_2]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + continue; } /* Export a key in binary format */ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle[SLOT_2], data, BUFFER_SIZE, &length); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); - TEST_ASSERT_EQUAL(length, check1[i].size, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(length, check1[i].size, TEST_CHECKPOINT_NUM(14)); data_sum = 0; /* Check that if generated data are zero */ @@ -139,7 +147,7 @@ int32_t psa_generator_import_key_test(security_t caller) } memset(data, 0, sizeof(data)); - TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(15)); remaining_size = check1[i].capacity - check1[i].size; if (remaining_size > 0) @@ -156,25 +164,25 @@ int32_t psa_generator_import_key_test(security_t caller) /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_3]); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16)); /* Set the usage policy on a key slot */ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_3], &policy); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17)); /* Create a symmetric key from data read from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check1[i].key_handle[SLOT_3], check1[i].key_type[SLOT_2], BYTES_TO_BITS(check1[i].size), &generator); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(18)); /* Export a key in binary format */ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle[SLOT_3], data, BUFFER_SIZE, &length); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(19)); - TEST_ASSERT_EQUAL(length, remaining_size, TEST_CHECKPOINT_NUM(15)); + TEST_ASSERT_EQUAL(length, remaining_size, TEST_CHECKPOINT_NUM(20)); data_sum = 0; /* Check that if generated data are zero */ @@ -184,7 +192,7 @@ int32_t psa_generator_import_key_test(security_t caller) } memset(data, 0, sizeof(data)); - TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(16)); + TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(21)); /* Initialize a key policy structure to a default that forbids all * usage of the key @@ -197,23 +205,37 @@ int32_t psa_generator_import_key_test(security_t caller) /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_4]); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(22)); /* Set the usage policy on a key slot */ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_4], &policy); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(23)); /* Create a symmetric key from data read from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check1[i].key_handle[SLOT_4], check1[i].key_type[SLOT_2], BYTES_TO_BITS(check1[i].size), &generator); - TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_CAPACITY, TEST_CHECKPOINT_NUM(18)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(24)); + + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_3]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(25)); + + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_4]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(26)); + } /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(19)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(27)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_1]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(28)); + + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_2]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(29)); } return VAL_STATUS_SUCCESS; @@ -291,11 +313,16 @@ int32_t psa_generator_import_key_negative_test(security_t caller) /* Create a symmetric key from data read from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check2[i].key_handle[SLOT_1], check2[i].key_type[SLOT_2], check2[i].size, &generator); - TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(9)); /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle[SLOT_1]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c020/test_data.h b/api-tests/dev_apis/crypto/test_c020/test_data.h index 95fe77b7..512625dc 100644 --- a/api-tests/dev_apis/crypto/test_c020/test_data.h +++ b/api-tests/dev_apis/crypto/test_c020/test_data.h @@ -67,7 +67,7 @@ static test_data check1[] = { {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT}, {PSA_ALG_HKDF(PSA_ALG_SHA_1), PSA_ALG_CTR}, - 64, 80, PSA_ERROR_INSUFFICIENT_CAPACITY + 64, 80, PSA_ERROR_INSUFFICIENT_DATA }, #endif #endif diff --git a/api-tests/dev_apis/crypto/test_c021/test_c021.c b/api-tests/dev_apis/crypto/test_c021/test_c021.c index 64619d1c..7a3c39ca 100644 --- a/api-tests/dev_apis/crypto/test_c021/test_c021.c +++ b/api-tests/dev_apis/crypto/test_c021/test_c021.c @@ -105,6 +105,10 @@ int32_t psa_generator_abort_test(security_t caller) /* Abort the generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c022/test_c022.c b/api-tests/dev_apis/crypto/test_c022/test_c022.c index 8f8ac601..049e8d1d 100644 --- a/api-tests/dev_apis/crypto/test_c022/test_c022.c +++ b/api-tests/dev_apis/crypto/test_c022/test_c022.c @@ -94,18 +94,27 @@ int32_t psa_key_derivation_test(security_t caller) /* Abort the generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + continue; } /* Retrieve the current capacity of a generator */ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); - TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(9)); /* Abort the generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); } return VAL_STATUS_SUCCESS; @@ -141,7 +150,7 @@ int32_t psa_key_derivation_negative_test(security_t caller) val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage, check2[i].key_alg); - val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with invalid key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with Invalid key handle\n", g_test_count++); /* Set up a key derivation operation. Using this function to initialize the generate as * XOR or PRNG generator initialization is not implemented. @@ -152,7 +161,7 @@ int32_t psa_key_derivation_negative_test(security_t caller) check2[i].capacity); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6)); - val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with zero as key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with Zero as key handle\n", g_test_count++); /* Set up a key derivation operation. Using this function to initialize the generate as * XOR or PRNG generator initialization is not implemented. @@ -163,7 +172,7 @@ int32_t psa_key_derivation_negative_test(security_t caller) check2[i].capacity); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7)); - val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with empty key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with Empty key handle\n", g_test_count++); /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &empty_key_handle); @@ -181,7 +190,7 @@ int32_t psa_key_derivation_negative_test(security_t caller) empty_key_handle, check2[i].key_alg, check2[i].salt, check2[i].salt_length, check2[i].label, check2[i].label_length, check2[i].capacity); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c022/test_data.h b/api-tests/dev_apis/crypto/test_c022/test_data.h index ecd5cded..7dcc94f0 100644 --- a/api-tests/dev_apis/crypto/test_c022/test_data.h +++ b/api-tests/dev_apis/crypto/test_c022/test_data.h @@ -104,6 +104,14 @@ static test_data check1[] = { PSA_ERROR_NOT_PERMITTED }, #endif + +{"Test psa_key_derivation with unsupported key derivation algorithm\n", 14, PSA_KEY_TYPE_DERIVE, +{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, + 0x5F, 0xC9}, + AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_CATEGORY_HASH), + {0}, 0, {0}, 0, 32, + PSA_ERROR_NOT_SUPPORTED +}, #endif #ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT @@ -116,7 +124,6 @@ static test_data check1[] = { PSA_ERROR_INVALID_ARGUMENT }, #endif - }; static test_data check2[] = { @@ -132,5 +139,4 @@ static test_data check2[] = { }, #endif #endif - }; diff --git a/api-tests/dev_apis/crypto/test_c024/test_c024.c b/api-tests/dev_apis/crypto/test_c024/test_c024.c index a375efee..16b52e66 100644 --- a/api-tests/dev_apis/crypto/test_c024/test_c024.c +++ b/api-tests/dev_apis/crypto/test_c024/test_c024.c @@ -90,12 +90,18 @@ int32_t psa_aead_encrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); if (is_buffer_empty(check1[i].nonce, check1[i].nonce_length) == TRUE) + { nonce = NULL; + check1[i].nonce_length = 0; + } else nonce = check1[i].nonce; if (is_buffer_empty(check1[i].additional_data, check1[i].additional_data_length) == TRUE) + { additional_data = NULL; + check1[i].additional_data_length = 0; + } else additional_data = check1[i].additional_data; @@ -108,16 +114,25 @@ int32_t psa_aead_encrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); if (check1[i].expected_status != PSA_SUCCESS) + { + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + } continue; /* Check if the length matches */ TEST_ASSERT_EQUAL(ciphertext_length, check1[i].expected_ciphertext_length, - TEST_CHECKPOINT_NUM(7)); + TEST_CHECKPOINT_NUM(8)); /* Check if the data matches */ TEST_ASSERT_MEMCMP(ciphertext, check1[i].expected_ciphertext, ciphertext_length, - TEST_CHECKPOINT_NUM(8)); + TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; @@ -152,16 +167,22 @@ int32_t psa_aead_encrypt_negative_test(security_t caller) check2[i].key_alg); if (is_buffer_empty(check2[i].nonce, check2[i].nonce_length) == TRUE) + { nonce = NULL; + check2[i].nonce_length = 0; + } else nonce = check2[i].nonce; if (is_buffer_empty(check2[i].additional_data, check2[i].additional_data_length) == TRUE) + { additional_data = NULL; + check2[i].additional_data_length = 0; + } else additional_data = check2[i].additional_data; - val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - invalid key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - Invalid key handle\n", g_test_count++); /* Process an authenticated encryption operation */ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check2[i].key_handle, @@ -171,7 +192,7 @@ int32_t psa_aead_encrypt_negative_test(security_t caller) &ciphertext_length); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3)); - val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - zero as key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - Zero as key handle\n", g_test_count++); /* Process an authenticated encryption operation */ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, 0, @@ -181,7 +202,7 @@ int32_t psa_aead_encrypt_negative_test(security_t caller) &ciphertext_length); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4)); - val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - empty key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - Empty key handle\n", g_test_count++); /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle); @@ -198,7 +219,7 @@ int32_t psa_aead_encrypt_negative_test(security_t caller) check2[i].additional_data_length, check2[i].plaintext, check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size, &ciphertext_length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c024/test_data.h b/api-tests/dev_apis/crypto/test_c024/test_data.h index 9f52ecb8..f2800024 100644 --- a/api-tests/dev_apis/crypto/test_c024/test_data.h +++ b/api-tests/dev_apis/crypto/test_c024/test_data.h @@ -173,7 +173,7 @@ static test_data check2[] = { {0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7, 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB, 0x4E}, - BUFFER_SIZE, 27, PSA_ERROR_EMPTY_SLOT + BUFFER_SIZE, 27, PSA_ERROR_DOES_NOT_EXIST }, #endif #endif diff --git a/api-tests/dev_apis/crypto/test_c025/test_c025.c b/api-tests/dev_apis/crypto/test_c025/test_c025.c index f1bcc5c2..f9dc3fd5 100644 --- a/api-tests/dev_apis/crypto/test_c025/test_c025.c +++ b/api-tests/dev_apis/crypto/test_c025/test_c025.c @@ -89,12 +89,18 @@ int32_t psa_aead_decrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); if (is_buffer_empty(check1[i].nonce, check1[i].nonce_length) == TRUE) + { nonce = NULL; + check1[i].nonce_length = 0; + } else nonce = check1[i].nonce; if (is_buffer_empty(check1[i].additional_data, check1[i].additional_data_length) == TRUE) + { additional_data = NULL; + check1[i].additional_data_length = 0; + } else additional_data = check1[i].additional_data; @@ -106,15 +112,25 @@ int32_t psa_aead_decrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); if (check1[i].expected_status != PSA_SUCCESS) + { + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + continue; + } /* Check if the length matches */ TEST_ASSERT_EQUAL(plaintext_length, check1[i].expected_plaintext_length, - TEST_CHECKPOINT_NUM(7)); + TEST_CHECKPOINT_NUM(8)); /* Check if the data matches */ TEST_ASSERT_MEMCMP(plaintext, check1[i].expected_plaintext, plaintext_length, - TEST_CHECKPOINT_NUM(8)); + TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; @@ -149,16 +165,22 @@ int32_t psa_aead_decrypt_negative_test(security_t caller) check2[i].key_alg); if (is_buffer_empty(check2[i].nonce, check2[i].nonce_length) == TRUE) + { nonce = NULL; + check2[i].nonce_length = 0; + } else nonce = check2[i].nonce; if (is_buffer_empty(check2[i].additional_data, check2[i].additional_data_length) == TRUE) + { additional_data = NULL; + check2[i].additional_data_length = 0; + } else additional_data = check2[i].additional_data; - val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - invalid key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - Invalid key handle\n", g_test_count++); /* Process an authenticated decryption operation */ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check2[i].key_handle, @@ -167,7 +189,7 @@ int32_t psa_aead_decrypt_negative_test(security_t caller) plaintext, check2[i].plaintext_size, &plaintext_length); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3)); - val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - zero as key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - Zero as key handle\n", g_test_count++); /* Process an authenticated decryption operation */ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, 0, @@ -176,7 +198,7 @@ int32_t psa_aead_decrypt_negative_test(security_t caller) plaintext, check2[i].plaintext_size, &plaintext_length); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4)); - val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - empty key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - Empty key handle\n", g_test_count++); /* Allocate a key slot for a transient key */ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle); @@ -192,7 +214,7 @@ int32_t psa_aead_decrypt_negative_test(security_t caller) check2[i].key_alg, nonce, check2[i].nonce_length, additional_data, check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size, plaintext, check2[i].plaintext_size, &plaintext_length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c025/test_data.h b/api-tests/dev_apis/crypto/test_c025/test_data.h index 4ad0e17d..44ce513f 100644 --- a/api-tests/dev_apis/crypto/test_c025/test_data.h +++ b/api-tests/dev_apis/crypto/test_c025/test_data.h @@ -188,6 +188,23 @@ static test_data check1[] = { 0xD1, 0xFC, 0xB6, 0x91, 0xF3, 0x40, 0x6C, 0xBF, 0x53, 0x1F, 0x83, 0xA4}, 38, 23, PSA_ERROR_INVALID_SIGNATURE }, + +{"Test psa_aead_decrypt - Invalid tag length 0\n", 11, PSA_KEY_TYPE_AES, +{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, + 0x93, 0xCC, 0x6B}, + AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 0), +{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72}, + 13, +{0x40, 0xa2, 0x7c, 0x1d, 0x1e, 0x23, 0xea, 0x3d, 0xbe, 0x80, 0x56, 0xb2, 0x77, + 0x48, 0x61, 0xa4, 0xa2, 0x01, 0xcc, 0xe4, 0x9f, 0x19, 0x99, 0x7d, 0x19, 0x20, + 0x6d, 0x8c, 0x8a, 0x34, 0x39, 0x51}, 32, +{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8, + 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef}, BUFFER_SIZE, +{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6, + 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0xd8, 0x0e, + 0x8b, 0xf8, 0x0f, 0x4a, 0x46, 0xca, 0xb0, 0x6d, 0x43, 0x13, 0xf0, 0xdb, 0x9b, + 0xe9}, 40, 24, PSA_ERROR_INVALID_ARGUMENT +}, #endif #endif }; diff --git a/api-tests/dev_apis/crypto/test_c026/test_c026.c b/api-tests/dev_apis/crypto/test_c026/test_c026.c index 9f43a7ab..03d9def5 100644 --- a/api-tests/dev_apis/crypto/test_c026/test_c026.c +++ b/api-tests/dev_apis/crypto/test_c026/test_c026.c @@ -79,9 +79,25 @@ int32_t psa_mac_sign_setup_test(security_t caller) check1[i].key_handle, check1[i].key_alg); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); - /* Abort a MAC operation */ + /* Whether setup succeeded or failed, abort must succeed. + Abort a MAC operation + */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + /* If setup failed, reproduce the failure, so that the caller can + * test the resulting state of the operation object. + */ + if (check1[i].expected_status != PSA_SUCCESS) + { + status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation, + check1[i].key_handle, check1[i].key_alg); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8)); + } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); } return VAL_STATUS_SUCCESS; @@ -141,7 +157,7 @@ int32_t psa_mac_sign_setup_negative_test(security_t caller) /* Start a multipart MAC calculation operation */ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation, check2[i].key_handle, check2[i].key_alg); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c027/test_c027.c b/api-tests/dev_apis/crypto/test_c027/test_c027.c index e761848f..b6e32889 100644 --- a/api-tests/dev_apis/crypto/test_c027/test_c027.c +++ b/api-tests/dev_apis/crypto/test_c027/test_c027.c @@ -90,22 +90,31 @@ int32_t psa_mac_update_test(security_t caller) /* Abort a MAC operation */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + continue; } /* Finish the calculation of the MAC of a message */ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data, - sizeof(data)/sizeof(data[0]), &length); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + sizeof(data), &length); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); /* Add a message fragment to the same multipart MAC operation*/ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data, check1[i].data_size); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11)); /* Abort a MAC operation */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); } return VAL_STATUS_SUCCESS; @@ -113,11 +122,11 @@ int32_t psa_mac_update_test(security_t caller) int32_t psa_mac_update_invalid_operator_test(security_t caller) { - psa_mac_operation_t operation; - int32_t status; + int32_t i, status; + psa_mac_operation_t operation[] = {psa_mac_operation_init(), PSA_MAC_OPERATION_INIT, {0} }; + uint32_t operation_count = sizeof(operation)/sizeof(operation[0]); memset(data, 0, sizeof(data)); - memset(&operation, 0, sizeof(operation)); val->print(PRINT_TEST, "[Check %d] ", g_test_count++); val->print(PRINT_TEST, "Test psa_mac_update without mac setup\n", 0); @@ -125,14 +134,18 @@ int32_t psa_mac_update_invalid_operator_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_INIT); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1)); - /* Start a multipart MAC calculation operation */ - status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, data, - sizeof(data)/sizeof(data[0])); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2)); + for (i = 0; i < operation_count; i++) + { + + /* Start a multipart MAC calculation for each operation */ + status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation[i], data, + sizeof(data)/sizeof(data[0])); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2)); - /* Abort a MAC operation */ - status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + /* Abort the MAC operations */ + status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation[i]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + } return VAL_STATUS_SUCCESS; } diff --git a/api-tests/dev_apis/crypto/test_c028/test_c028.c b/api-tests/dev_apis/crypto/test_c028/test_c028.c index 08982786..475feb77 100644 --- a/api-tests/dev_apis/crypto/test_c028/test_c028.c +++ b/api-tests/dev_apis/crypto/test_c028/test_c028.c @@ -96,27 +96,37 @@ int32_t psa_mac_sign_finish_test(security_t caller) /* Abort a MAC operation */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + continue; } /* Check if the MAC length matches with the expected length */ - TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(11)); /* Check if the MAC data matches with the expected data */ - TEST_ASSERT_MEMCMP(check1[i].expected_data, data, length, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_MEMCMP(check1[i].expected_data, data, length, TEST_CHECKPOINT_NUM(12)); memset(data, 0, sizeof(data)); - /* Finish the calculation of the MAC of a message using same operation + /* Calling mac finish twice in a row. + * Finish the calculation of the MAC of a message using same operation * should return error */ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data, check1[i].mac_size, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13)); /* Abort a MAC operation */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c029/test_c029.c b/api-tests/dev_apis/crypto/test_c029/test_c029.c index d732d920..53be0dbf 100644 --- a/api-tests/dev_apis/crypto/test_c029/test_c029.c +++ b/api-tests/dev_apis/crypto/test_c029/test_c029.c @@ -79,9 +79,25 @@ int32_t psa_mac_verify_setup_test(security_t caller) check1[i].key_handle, check1[i].key_alg); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); - /* Abort a MAC operation */ + /* Whether setup succeeded or failed, abort must succeed. + * Abort a MAC operation + */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + /* If setup failed, reproduce the failure, so that the caller can + * test the resulting state of the operation object. + */ + if (check1[i].expected_status != PSA_SUCCESS) + { + status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation, + check1[i].key_handle, check1[i].key_alg); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8)); + } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); } return VAL_STATUS_SUCCESS; @@ -136,7 +152,7 @@ int32_t psa_mac_verify_setup_negative_test(security_t caller) /* Start a multipart MAC verification operation */ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation, check2[i].key_handle, check2[i].key_alg); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(6)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(6)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c030/test_c030.c b/api-tests/dev_apis/crypto/test_c030/test_c030.c index ad14048c..177b0f0e 100644 --- a/api-tests/dev_apis/crypto/test_c030/test_c030.c +++ b/api-tests/dev_apis/crypto/test_c030/test_c030.c @@ -94,19 +94,28 @@ int32_t psa_mac_verify_finish_test(security_t caller) /* Abort a MAC operation */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); continue; } - /* Finish the calculation of the MAC of a message using same operation + /* Calling mac finish twice in a row. + * Finish the calculation of the MAC of a message using same operation * should return error */ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_FINISH, &operation, check1[i].expected_mac, check1[i].mac_size); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11)); /* Abort a MAC operation */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c031/test_c031.c b/api-tests/dev_apis/crypto/test_c031/test_c031.c index 9988fae8..040e8a86 100644 --- a/api-tests/dev_apis/crypto/test_c031/test_c031.c +++ b/api-tests/dev_apis/crypto/test_c031/test_c031.c @@ -86,6 +86,10 @@ int32_t psa_mac_abort_test(security_t caller) /* Multiple Abort a MAC operation should succeed */ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); } return VAL_STATUS_SUCCESS; @@ -103,8 +107,8 @@ int32_t psa_mac_abort_before_finish_test(security_t caller) uint8_t key_data[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; uint8_t input_data[] = {0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}; - size_t key_length = sizeof(key_data)/sizeof(key_data[0]); - size_t inputdata_size = sizeof(input_data)/sizeof(input_data[0]); + size_t key_length = sizeof(key_data); + size_t inputdata_size = sizeof(input_data); int32_t status; memset(data, 0, sizeof(data)); @@ -159,5 +163,9 @@ int32_t psa_mac_abort_before_finish_test(security_t caller) BUFFER_SIZE, &length); TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9)); + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + return VAL_STATUS_SUCCESS; } diff --git a/api-tests/dev_apis/crypto/test_c032/test_c032.c b/api-tests/dev_apis/crypto/test_c032/test_c032.c index de4dcf78..44e4682b 100644 --- a/api-tests/dev_apis/crypto/test_c032/test_c032.c +++ b/api-tests/dev_apis/crypto/test_c032/test_c032.c @@ -111,9 +111,22 @@ int32_t psa_cipher_encrypt_setup_test(security_t caller) check1[i].key_handle, check1[i].key_alg); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); - /* Abort a cipher operation */ + /* Whether setup succeeded or failed, abort must succeed. + * Abort a cipher operation + */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + if (check1[i].expected_status != PSA_SUCCESS) + { + status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation, + check1[i].key_handle, check1[i].key_alg); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8)); + } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); } return VAL_STATUS_SUCCESS; @@ -173,7 +186,7 @@ int32_t psa_cipher_encrypt_setup_negative_test(security_t caller) /* Set the key for a multipart symmetric encryption operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation, check2[i].key_handle, check2[i].key_alg); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c033/test_c033.c b/api-tests/dev_apis/crypto/test_c033/test_c033.c index 45d5b15f..c3b60096 100644 --- a/api-tests/dev_apis/crypto/test_c033/test_c033.c +++ b/api-tests/dev_apis/crypto/test_c033/test_c033.c @@ -111,9 +111,23 @@ int32_t psa_cipher_decrypt_setup_test(security_t caller) check1[i].key_handle, check1[i].key_alg); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); - /* Abort a cipher operation */ + /* Whether setup succeeded or failed, abort must succeed. + * Abort a cipher operation + */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + if (check1[i].expected_status != PSA_SUCCESS) + { + status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation, + check1[i].key_handle, check1[i].key_alg); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8)); + } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + } return VAL_STATUS_SUCCESS; @@ -173,7 +187,7 @@ int32_t psa_cipher_decrypt_setup_negative_test(security_t caller) /* Set the key for a multipart symmetric decryption operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation, check2[i].key_handle, check2[i].key_alg); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c034/test_c034.c b/api-tests/dev_apis/crypto/test_c034/test_c034.c index 65b680c3..97c5bee7 100644 --- a/api-tests/dev_apis/crypto/test_c034/test_c034.c +++ b/api-tests/dev_apis/crypto/test_c034/test_c034.c @@ -92,11 +92,16 @@ int32_t psa_cipher_generate_iv_test(security_t caller) /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + continue; } /* Check that if generated iv length match the expected length */ - TEST_ASSERT_EQUAL(iv_length, check1[i].expected_iv_length, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(iv_length, check1[i].expected_iv_length, TEST_CHECKPOINT_NUM(10)); iv_sum = 0; for (j = 0; j < iv_length; j++) @@ -105,18 +110,22 @@ int32_t psa_cipher_generate_iv_test(security_t caller) } /* Check that if generated iv are zero */ - TEST_ASSERT_NOT_EQUAL(iv_sum, 0, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_NOT_EQUAL(iv_sum, 0, TEST_CHECKPOINT_NUM(11)); /* Generating an IV for a symmetric encryption operation using the same operator * should fail */ status = val->crypto_function(VAL_CRYPTO_CIPHER_GENERATE_IV, &operation, iv, check1[i].iv_size, &iv_length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12)); /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c035/test_c035.c b/api-tests/dev_apis/crypto/test_c035/test_c035.c index 368b699c..010b2756 100644 --- a/api-tests/dev_apis/crypto/test_c035/test_c035.c +++ b/api-tests/dev_apis/crypto/test_c035/test_c035.c @@ -85,7 +85,7 @@ int32_t psa_cipher_set_iv_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7)); /* Setting an IV for a symmetric encryption operation using the same operator - * should fail + * should fail for both previous success and failure cases */ status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv, check1[i].iv_size); @@ -94,6 +94,10 @@ int32_t psa_cipher_set_iv_test(security_t caller) /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c036/test_c036.c b/api-tests/dev_apis/crypto/test_c036/test_c036.c index 4a917c48..bf5969a9 100644 --- a/api-tests/dev_apis/crypto/test_c036/test_c036.c +++ b/api-tests/dev_apis/crypto/test_c036/test_c036.c @@ -25,10 +25,12 @@ client_test_t test_c036_crypto_list[] = { NULL, psa_cipher_update_test, + psa_cipher_update_negative_test, NULL, }; static int g_test_count = 1; +static uint8_t input[SIZE_32B]; static uint8_t output[SIZE_32B]; static psa_cipher_operation_t operation; @@ -107,25 +109,64 @@ int32_t psa_cipher_update_test(security_t caller) /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); continue; } /* Check if the output length matches the expected length */ - TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(11)); + TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(12)); /* Check if the output data matches the expected data */ - TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(13)); /* Encrypt or decrypt a message fragment in an invalid cipher operation should fail */ status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &invalid_operation, check1[i].input, check1[i].input_length, output, check1[i].output_size, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(14)); /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16)); } return VAL_STATUS_SUCCESS; } + +int32_t psa_cipher_update_negative_test(security_t caller) +{ + int32_t i, status; + psa_cipher_operation_t operations[] = {psa_cipher_operation_init(), + PSA_CIPHER_OPERATION_INIT, {0} }; + uint32_t operation_count = sizeof(operations)/sizeof(operations[0]); + size_t length; + + memset(output, 0, sizeof(output)); + val->print(PRINT_TEST, "[Check %d] ", g_test_count++); + val->print(PRINT_TEST, "Test psa_cipher_update without cipher setup\n", 0); + + /* Initialize the PSA crypto library*/ + status = val->crypto_function(VAL_CRYPTO_INIT); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1)); + + for (i = 0; i < operation_count; i++) + { + status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operations[i], input, + sizeof(input), output, sizeof(output), &length); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2)); + + /* Abort a cipher operation */ + status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operations[i]); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + } + + return VAL_STATUS_SUCCESS; +} + diff --git a/api-tests/dev_apis/crypto/test_c036/test_c036.h b/api-tests/dev_apis/crypto/test_c036/test_c036.h index 045271a0..61fe7e53 100644 --- a/api-tests/dev_apis/crypto/test_c036/test_c036.h +++ b/api-tests/dev_apis/crypto/test_c036/test_c036.h @@ -27,4 +27,5 @@ extern psa_api_t *psa; extern client_test_t test_c036_crypto_list[]; int32_t psa_cipher_update_test(security_t caller); +int32_t psa_cipher_update_negative_test(security_t caller); #endif /* _TEST_C036_CLIENT_TESTS_H_ */ diff --git a/api-tests/dev_apis/crypto/test_c036/test_data.h b/api-tests/dev_apis/crypto/test_c036/test_data.h index 17f9bf01..c5e4fbe8 100644 --- a/api-tests/dev_apis/crypto/test_c036/test_data.h +++ b/api-tests/dev_apis/crypto/test_c036/test_data.h @@ -101,6 +101,7 @@ static test_data check1[] = { #endif #ifdef ARCH_TEST_CBC_NO_PADDING +#ifdef ARCH_TEST_DES_1KEY {"Test psa_cipher_update - Encrypt - DES CBC (nopad)\n", 6, PSA_KEY_TYPE_DES, {0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, @@ -110,6 +111,7 @@ static test_data check1[] = { }, #endif #endif +#endif #ifdef ARCH_TEST_CBC_NO_PADDING #ifdef ARCH_TEST_DES_2KEY diff --git a/api-tests/dev_apis/crypto/test_c037/test_c037.c b/api-tests/dev_apis/crypto/test_c037/test_c037.c index fa2ab6c5..8a7fdc88 100644 --- a/api-tests/dev_apis/crypto/test_c037/test_c037.c +++ b/api-tests/dev_apis/crypto/test_c037/test_c037.c @@ -114,29 +114,37 @@ int32_t psa_cipher_finish_test(security_t caller) /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); continue; } /* Check if the output length matches the expected length */ - TEST_ASSERT_EQUAL(finish_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(finish_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(13)); /* Check if the output data matches the expected data */ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, (update_length + finish_length), - TEST_CHECKPOINT_NUM(13)); + TEST_CHECKPOINT_NUM(14)); /* Finish encrypting or decrypting a message using an invalid operation should fail */ status = val->crypto_function(VAL_CRYPTO_CIPHER_FINISH, &invalid_operation, output, check1[i].output_size[SLOT_2], &finish_length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(14)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(15)); /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16)); /* Abort a cipher operation */ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &invalid_operation); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(18)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c038/test_c038.c b/api-tests/dev_apis/crypto/test_c038/test_c038.c index b8d8840c..54b4b7d5 100644 --- a/api-tests/dev_apis/crypto/test_c038/test_c038.c +++ b/api-tests/dev_apis/crypto/test_c038/test_c038.c @@ -97,6 +97,10 @@ int32_t psa_cipher_abort_test(security_t caller) /* Multiple abort cipher operation should return success*/ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; @@ -117,9 +121,9 @@ int32_t psa_cipher_abort_before_update_test(security_t caller) 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}; uint8_t iv[] = {0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}; - size_t key_length = sizeof(key_data)/sizeof(key_data[0]); - size_t input_length = sizeof(input)/sizeof(input[0]); - size_t iv_size = sizeof(iv)/sizeof(iv[0]); + size_t key_length = sizeof(key_data); + size_t input_length = sizeof(input); + size_t iv_size = sizeof(iv); int32_t status; /* Initialize the PSA crypto library*/ @@ -173,5 +177,9 @@ int32_t psa_cipher_abort_before_update_test(security_t caller) input_length, output, SIZE_32B, &length); TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9)); + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + return VAL_STATUS_SUCCESS; } diff --git a/api-tests/dev_apis/crypto/test_c039/test_c039.c b/api-tests/dev_apis/crypto/test_c039/test_c039.c index 0053fdd1..30a833e1 100644 --- a/api-tests/dev_apis/crypto/test_c039/test_c039.c +++ b/api-tests/dev_apis/crypto/test_c039/test_c039.c @@ -128,7 +128,10 @@ int32_t psa_asymmetric_encrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE) + { salt = NULL; + check1[i].salt_length = 0; + } else salt = check1[i].salt; @@ -139,10 +142,16 @@ int32_t psa_asymmetric_encrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); if (check1[i].expected_status != PSA_SUCCESS) + { + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + continue; + } /* Check if the output length matches with the expected output length */ - TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(8)); /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random @@ -152,14 +161,18 @@ int32_t psa_asymmetric_encrypt_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, check1[i].key_handle, check1[i].key_alg, output, length, salt, check1[i].salt_length, output, check1[i].output_size, &length); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); /* Check if the output length matches with the input length */ - TEST_ASSERT_EQUAL(length, check1[i].input_length, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(length, check1[i].input_length, TEST_CHECKPOINT_NUM(10)); /* Check if the output matches with the given input data */ - TEST_ASSERT_MEMCMP(output, check1[i].input, length, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_MEMCMP(output, check1[i].input, length, TEST_CHECKPOINT_NUM(11)); } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); } return VAL_STATUS_SUCCESS; @@ -179,9 +192,6 @@ int32_t psa_asymmetric_encrypt_negative_test(security_t caller) for (i = 0; i < num_checks; i++) { - val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Invalid key handle\n", - g_test_count++); - /* Initialize a key policy structure to a default that forbids all * usage of the key */ @@ -223,7 +233,10 @@ int32_t psa_asymmetric_encrypt_negative_test(security_t caller) TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE) + { salt = NULL; + check1[i].salt_length = 0; + } else salt = check1[i].salt; @@ -231,7 +244,7 @@ int32_t psa_asymmetric_encrypt_negative_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, check2[i].key_handle, check2[i].key_alg, check2[i].input, check2[i].input_length, salt, check2[i].salt_length, output, check2[i].output_size, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c039/test_data.h b/api-tests/dev_apis/crypto/test_c039/test_data.h index 48538253..5bb5109c 100644 --- a/api-tests/dev_apis/crypto/test_c039/test_data.h +++ b/api-tests/dev_apis/crypto/test_c039/test_data.h @@ -167,13 +167,13 @@ static test_data check1[] = { 128, 1024, PSA_SUCCESS }, -{"Test psa_asymmetric_encrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_PUBLIC_KEY, -{0}, 162, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT, +{"Test psa_asymmetric_encrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR, +{0}, 610, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT, {0}, 0, {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, - 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 110, - 128, 1024, PSA_ERROR_INVALID_ARGUMENT + 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 120, + 128, 1024, PSA_ERROR_BUFFER_TOO_SMALL }, #endif diff --git a/api-tests/dev_apis/crypto/test_c040/test_c040.c b/api-tests/dev_apis/crypto/test_c040/test_c040.c index 69dc7ef0..760ab197 100644 --- a/api-tests/dev_apis/crypto/test_c040/test_c040.c +++ b/api-tests/dev_apis/crypto/test_c040/test_c040.c @@ -128,7 +128,10 @@ int32_t psa_asymmetric_decrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE) + { salt = NULL; + check1[i].salt_length = 0; + } else salt = check1[i].salt; @@ -139,13 +142,23 @@ int32_t psa_asymmetric_decrypt_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); if (check1[i].expected_status != PSA_SUCCESS) + { + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + continue; + } /* Check if the output length matches with the expected length */ - TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(8)); /* Check if the output matches with the expected data */ - TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; @@ -165,9 +178,6 @@ int32_t psa_asymmetric_decrypt_negative_test(security_t caller) for (i = 0; i < num_checks; i++) { - val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Invalid key handle\n", - g_test_count++); - /* Initialize a key policy structure to a default that forbids all * usage of the key */ @@ -209,7 +219,10 @@ int32_t psa_asymmetric_decrypt_negative_test(security_t caller) TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE) + { salt = NULL; + check1[i].salt_length = 0; + } else salt = check1[i].salt; @@ -217,7 +230,7 @@ int32_t psa_asymmetric_decrypt_negative_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, check2[i].key_handle, check2[i].key_alg, check2[i].input, check2[i].input_length, salt, check2[i].salt_length, output, check2[i].output_size, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c041/test_c041.c b/api-tests/dev_apis/crypto/test_c041/test_c041.c index 55106f72..101e16a0 100644 --- a/api-tests/dev_apis/crypto/test_c041/test_c041.c +++ b/api-tests/dev_apis/crypto/test_c041/test_c041.c @@ -120,13 +120,23 @@ int32_t psa_asymmetric_sign_test(security_t caller) TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); if (check1[i].expected_status != PSA_SUCCESS) + { + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + continue; + } /* Check if the output length matches with the expected length */ - TEST_ASSERT_EQUAL(length, check1[i].expected_signature_length, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(length, check1[i].expected_signature_length, TEST_CHECKPOINT_NUM(8)); /* Check if the output matches with the expected data */ - TEST_ASSERT_MEMCMP(signature, check1[i].expected_signature, length, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_MEMCMP(signature, check1[i].expected_signature, length, TEST_CHECKPOINT_NUM(9)); + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); } return VAL_STATUS_SUCCESS; @@ -145,8 +155,6 @@ int32_t psa_asymmetric_sign_negative_test(security_t caller) for (i = 0; i < num_checks; i++) { - val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Invalid key handle\n", - g_test_count++); /* Initialize a key policy structure to a default that forbids all * usage of the key */ @@ -168,7 +176,7 @@ int32_t psa_asymmetric_sign_negative_test(security_t caller) signature, check2[i].signature_size, &length); TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3)); - val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - zero as key handle\n", + val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Zero as key handle\n", g_test_count++); /* Sign a hash or short message with a private key */ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, 0, @@ -191,7 +199,7 @@ int32_t psa_asymmetric_sign_negative_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, check2[i].key_handle, check2[i].key_alg, check2[i].input, check2[i].input_length, signature, check2[i].signature_size, &length); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c042/test_c042.c b/api-tests/dev_apis/crypto/test_c042/test_c042.c index 97f3be99..43ed5ecd 100644 --- a/api-tests/dev_apis/crypto/test_c042/test_c042.c +++ b/api-tests/dev_apis/crypto/test_c042/test_c042.c @@ -114,6 +114,10 @@ int32_t psa_asymmetric_verify_test(security_t caller) check1[i].key_alg, check1[i].input, check1[i].input_length, check1[i].signature, check1[i].signature_size); TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6)); + + /* Destroy a key and restore the slot to its default state */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; @@ -178,7 +182,7 @@ int32_t psa_asymmetric_verify_negative_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check2[i].key_handle, check2[i].key_alg, check2[i].input, check2[i].input_length, check2[i].signature, check2[i].signature_size); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c043/test_c043.c b/api-tests/dev_apis/crypto/test_c043/test_c043.c index 2d665746..c61aad40 100644 --- a/api-tests/dev_apis/crypto/test_c043/test_c043.c +++ b/api-tests/dev_apis/crypto/test_c043/test_c043.c @@ -86,28 +86,36 @@ int32_t psa_key_agreement_test(security_t caller) /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + /* Destroy a key and restore the slot to its default state */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); continue; } /* Retrieve the current capacity of a generator */ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9)); /* Check if the generator capacity matches with the expected capacity */ - TEST_ASSERT_EQUAL(capacity, check1[i].expected_capacity, TEST_CHECKPOINT_NUM(9)); + TEST_ASSERT_EQUAL(capacity, check1[i].expected_capacity, TEST_CHECKPOINT_NUM(10)); /* Read some data from a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, output, check1[i].expected_output_length); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); /* Check if the output matches with the expected data */ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, check1[i].expected_output_length, - TEST_CHECKPOINT_NUM(11)); + TEST_CHECKPOINT_NUM(12)); /* Abort a generator */ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator); - TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); + + /* Destroy a key and restore the slot to its default state */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); } return VAL_STATUS_SUCCESS; @@ -172,7 +180,7 @@ int32_t psa_key_agreement_negative_test(security_t caller) status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator, check2[i].key_handle, check2[i].peer_key, check2[i].peer_key_length, check2[i].key_alg); - TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7)); } return VAL_STATUS_SUCCESS; diff --git a/api-tests/dev_apis/crypto/test_c044/source.mk b/api-tests/dev_apis/crypto/test_c044/source.mk new file mode 100644 index 00000000..3e694cc3 --- /dev/null +++ b/api-tests/dev_apis/crypto/test_c044/source.mk @@ -0,0 +1,20 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_c044.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = diff --git a/api-tests/dev_apis/crypto/test_c044/test_c044.c b/api-tests/dev_apis/crypto/test_c044/test_c044.c new file mode 100644 index 00000000..aa597895 --- /dev/null +++ b/api-tests/dev_apis/crypto/test_c044/test_c044.c @@ -0,0 +1,302 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_c044.h" +#include "test_data.h" +#include "val_crypto.h" + +client_test_t test_c044_crypto_list[] = { + NULL, + psa_copy_key_test, + psa_copy_key_negative_test, + NULL, +}; + +static int g_test_count = 1; +static uint8_t data[BUFFER_SIZE]; + +int32_t psa_copy_key_test(security_t caller) +{ + uint32_t length, i; + const uint8_t *key_data; + psa_key_policy_t policy, target_policy, constraint; + psa_key_handle_t target_handle = 0; + psa_key_type_t key_type, target_type; + psa_algorithm_t expected_key_alg; + psa_key_usage_t expected_usage; + size_t bits, target_bits; + int num_checks = sizeof(check1)/sizeof(check1[0]); + int32_t status, export_status; + + /* Initialize the PSA crypto library*/ + status = val->crypto_function(VAL_CRYPTO_INIT); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1)); + + /* Set the key data buffer to the input base on algorithm */ + for (i = 0; i < num_checks; i++) + { + val->print(PRINT_TEST, "[Check %d] ", g_test_count++); + val->print(PRINT_TEST, check1[i].test_desc, 0); + + /* Setting up the watchdog timer for each check */ + status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT); + TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2)); + + /* Initialize a key policy structure to a default that forbids all + * usage of the key + */ + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy); + + if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type)) + { + if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR) + { + if (check1[i].expected_bit_length == BYTES_TO_BITS(384)) + key_data = rsa_384_keypair; + else if (check1[i].expected_bit_length == BYTES_TO_BITS(256)) + key_data = rsa_256_keypair; + else + return VAL_STATUS_INVALID; + } + else + { + if (check1[i].expected_bit_length == BYTES_TO_BITS(384)) + key_data = rsa_384_keydata; + else if (check1[i].expected_bit_length == BYTES_TO_BITS(256)) + key_data = rsa_256_keydata; + else + return VAL_STATUS_INVALID; + } + } + else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type)) + { + if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type)) + key_data = ec_keypair; + else + key_data = ec_keydata; + } + else + key_data = check1[i].key_data; + + /* Set the standard fields of a policy structure */ + val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage, + check1[i].key_alg); + + /* Allocate a key slot for a transient key */ + status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + + /* Set the usage policy on a key slot */ + status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4)); + + /* Import the key data into the key slot */ + status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle, + check1[i].key_type, key_data, check1[i].key_length); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5)); + + /* Get basic metadata about a key */ + status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle, + &key_type, &bits); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &target_policy); + + /* Allocate a key slot for a transient key */ + status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &target_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + /* Set the standard fields of a policy structure */ + val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &target_policy, + check1[i].target_usage, check1[i].target_key_alg); + + /* Set the usage policy on a key slot */ + status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, target_handle, &target_policy); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &target_policy); + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &constraint); + + val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &constraint, + check1[i].constraint_usage, check1[i].constraint_key_alg); + /* Make a copy of a key */ + status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check1[i].key_handle, target_handle, + &constraint); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9)); + + if (check1[i].expected_status != PSA_SUCCESS) + continue; + + /* Destroy the source to ensure that this doesn't affect the target */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + + /* Get basic metadata about a key */ + status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, target_handle, + &target_type, &target_bits); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + + TEST_ASSERT_EQUAL(target_type, key_type, TEST_CHECKPOINT_NUM(12)); + TEST_ASSERT_EQUAL(target_bits, bits, TEST_CHECKPOINT_NUM(13)); + + status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, target_handle, &target_policy); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14)); + + val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_USAGE, &target_policy, &expected_usage); + val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_ALGORITHM, &target_policy, + &expected_key_alg); + + TEST_ASSERT_EQUAL(expected_usage, check1[i].expected_usage, TEST_CHECKPOINT_NUM(15)); + TEST_ASSERT_EQUAL(expected_key_alg, check1[i].expected_key_alg, TEST_CHECKPOINT_NUM(16)); + + if (expected_usage & PSA_KEY_USAGE_EXPORT) + export_status = PSA_SUCCESS; + else + export_status = PSA_ERROR_NOT_PERMITTED; + + /* Export a key in binary format */ + status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, target_handle, data, + BUFFER_SIZE, &length); + TEST_ASSERT_EQUAL(status, export_status, TEST_CHECKPOINT_NUM(17)); + + if (export_status != PSA_SUCCESS) + continue; + + TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(18)); + + if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type)) + { + TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(19)); + } + else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type)) + { + TEST_ASSERT_MEMCMP(data, key_data, length, TEST_CHECKPOINT_NUM(20)); + } + else + { + return VAL_STATUS_INVALID; + } + + /* Destroy the key */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, target_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(21)); + } + + return VAL_STATUS_SUCCESS; +} + +int32_t psa_copy_key_negative_test(security_t caller) +{ + int num_checks = sizeof(check2)/sizeof(check2[0]); + int32_t i, status; + psa_key_policy_t policy, target_policy, constraint; + psa_key_handle_t target_handle; + + /* Initialize the PSA crypto library*/ + status = val->crypto_function(VAL_CRYPTO_INIT); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1)); + + for (i = 0; i < num_checks; i++) + { + val->print(PRINT_TEST, "[Check %d] Test psa_copy_key with unallocated target key slot\n", + g_test_count++); + + /* Setting up the watchdog timer for each check */ + status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT); + TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2)); + + /* Allocate a key slot for a transient key */ + status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3)); + + /* Initialize a key policy structure to a default that forbids all + * usage of the key + */ + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy); + memset(&target_handle, 0xDEADDEAD, sizeof(target_handle)); + + /* Set the usage policy on a key slot */ + val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage, + check2[i].key_alg); + + /* Import the key data into the key slot */ + status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle, + check2[i].key_type, check2[i].key_data, check2[i].key_length); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4)); + + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &constraint); + val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &constraint, + check2[i].constraint_usage, check2[i].constraint_key_alg); + + /* Make a copy of a key with unallocated target handle*/ + status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle, + &constraint); + TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(5)); + + val->print(PRINT_TEST, "[Check %d] Test psa_copy_key with target containing key material\n", + g_test_count++); + val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &target_policy); + + /* Allocate a key slot for a target key */ + status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &target_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6)); + + /* Set the standard fields of a policy structure */ + val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &target_policy, + check2[i].target_usage, check2[i].target_key_alg); + + /* Set the usage policy on a key slot */ + status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, target_handle, &target_policy); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7)); + + /* Make a copy of a key */ + status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle, + &constraint); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + + /* Make a copy of a key in the existing target slot*/ + status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle, + &constraint); + TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(9)); + + val->print(PRINT_TEST, "[Check %d] Test psa_copy_key with no source handle\n", + g_test_count++); + /* Destroy the contents of source and target slots */ + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10)); + + status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, target_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11)); + + /* Allocate a key slot for a target key */ + status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &target_handle); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12)); + + /* Set the usage policy on a key slot */ + status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, target_handle, &target_policy); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13)); + + /* Make a copy of a key with no source material*/ + status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle, + &constraint); + TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(14)); + } + + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/dev_apis/crypto/test_c044/test_c044.h b/api-tests/dev_apis/crypto/test_c044/test_c044.h new file mode 100644 index 00000000..f187d3b0 --- /dev/null +++ b/api-tests/dev_apis/crypto/test_c044/test_c044.h @@ -0,0 +1,31 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_C044_CLIENT_TESTS_H_ +#define _TEST_C044_CLIENT_TESTS_H_ + +#include "val_crypto.h" +#define test_entry CONCAT(test_entry_, c044) +#define val CONCAT(val, test_entry) +#define psa CONCAT(psa, test_entry) + +extern val_api_t *val; +extern psa_api_t *psa; +extern client_test_t test_c044_crypto_list[]; + +int32_t psa_copy_key_test(security_t caller); +int32_t psa_copy_key_negative_test(security_t caller); +#endif /* _TEST_C044_CLIENT_TESTS_H_ */ diff --git a/api-tests/dev_apis/crypto/test_c044/test_data.h b/api-tests/dev_apis/crypto/test_c044/test_data.h new file mode 100644 index 00000000..47786db8 --- /dev/null +++ b/api-tests/dev_apis/crypto/test_c044/test_data.h @@ -0,0 +1,348 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_crypto.h" + +typedef struct { + char test_desc[75]; + psa_key_handle_t key_handle; + psa_key_type_t key_type; + uint8_t key_data[34]; + uint32_t key_length; + psa_key_usage_t usage; + psa_key_usage_t target_usage; + psa_key_usage_t constraint_usage; + psa_key_usage_t expected_usage; + psa_algorithm_t key_alg; + psa_algorithm_t target_key_alg; + psa_algorithm_t constraint_key_alg; + psa_algorithm_t expected_key_alg; + uint32_t expected_bit_length; + uint32_t expected_key_length; + psa_status_t expected_status; +} test_data; + +static const uint8_t rsa_384_keypair[1]; +static const uint8_t rsa_384_keydata[1]; + +static const uint8_t rsa_256_keypair[] = { + 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0, + 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, + 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, + 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE, + 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, + 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, + 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA, + 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, + 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, + 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, + 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10, + 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, + 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, + 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23, + 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, + 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, + 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77, + 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, + 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, + 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, + 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, + 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, + 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79, + 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A, + 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, + 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB, + 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A, + 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, + 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4, + 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F, + 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, + 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, + 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3, + 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6, + 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, + 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41, + 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F, + 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, + 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A, + 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58, + 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, + 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, + 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC, + 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1, + 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, + 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD, + 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C, + 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, + 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0, + 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53, + 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, + 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, + 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B, + 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1, + 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, + 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED, + 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB, + 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, + 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3, + 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4, + 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, + 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, + 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA, + 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77, + 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, + 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F, + 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22, + 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, + 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39, + 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE, + 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, + 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, + 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C, + 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED, + 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, + 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5, + 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8, + 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, + 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC, + 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63, + 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, + 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, + 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A, + 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76, + 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, + 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43, + 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC, + 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, + 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2, + 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F, + 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0}; + +static const uint8_t rsa_256_keydata[] = { + 0x30, 0x82, 0x01, 0x0A, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1, + 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44, + 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1, + 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1, + 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11, + 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB, + 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F, + 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49, + 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0, + 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53, + 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF, + 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE, + 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99, + 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6, + 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7, + 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89, + 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1, + 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0, + 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01}; + +static const uint8_t ec_keydata[] = { + 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f, + 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0, + 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, + 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98, + 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20}; + +static const uint8_t ec_keypair[] = { + 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38, + 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42}; + +static test_data check1[] = { +#ifdef ARCH_TEST_CIPER_MODE_CTR +#ifdef ARCH_TEST_AES_128 +{"Test psa_copy_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES, +{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, + 0x5F, 0xC9, 0x77}, + AES_16B_KEY_SIZE, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS +}, +#endif + +#ifdef ARCH_TEST_AES_192 +{"Test psa_copy_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES, +{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87, + 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05}, + AES_24B_KEY_SIZE, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS +}, +#endif + +#ifdef ARCH_TEST_AES_256 +{"Test psa_copy_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES, +{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2, + 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED, + 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, + AES_32B_KEY_SIZE, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS +}, +#endif +#endif + +#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW +#ifdef ARCH_TEST_RSA_2048 +{"Test psa_copy_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY, + {0}, + 270, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + 2048, 270, PSA_SUCCESS +}, + +{"Test psa_copy_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR, + {0}, + 1193, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_EXPORT, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + 2048, 1193, PSA_SUCCESS +}, + +{"Test psa_copy_key with Incompatible target policy(source and target)\n", + 12, PSA_KEY_TYPE_RSA_KEYPAIR, + {0}, + 1193, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH), + -1, -1, + 2048, 1193, PSA_ERROR_INVALID_ARGUMENT +}, + +{"Test psa_copy_key with Incompatible constraint\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR, + {0}, + 1193, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), + PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH), -1, + 2048, 1193, PSA_ERROR_INVALID_ARGUMENT +}, + +{"Test psa_copy_key with unexport source key usage\n", 7, PSA_KEY_TYPE_RSA_KEYPAIR, + {0}, + 1193, + PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_EXPORT, + PSA_KEY_USAGE_EXPORT, 0, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + 2048, 1193, PSA_SUCCESS +}, + +#endif +#endif + +#ifdef ARCH_TEST_CIPER_MODE_CTR +#ifdef ARCH_TEST_DES_1KEY +{"Test psa_copy_key with DES 64 bit key\n", 8, PSA_KEY_TYPE_DES, + {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, + DES_8B_KEY_SIZE, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS +}, +#endif + +#ifdef ARCH_TEST_DES_2KEY +{"Test psa_copy_key with Triple DES 2-Key\n", 9, PSA_KEY_TYPE_DES, +{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + DES3_2KEY_SIZE, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS +}, +#endif + +#ifdef ARCH_TEST_DES_3KEY +{"Test psa_copy_key with Triple DES 3-Key\n", 10, PSA_KEY_TYPE_DES, +{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, + DES3_3KEY_SIZE, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS +}, +#endif +#endif + +#ifdef ARCH_TEST_ECDSA +#ifdef ARCH_TEST_ECC_CURVE_SECP256R1 +{"Test psa_copy_key with EC Public key\n", 11, + PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1), + {0}, + 65, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, + 256, 65, PSA_SUCCESS +}, +#endif + +#ifdef ARCH_TEST_ECC_CURVE_SECP224R1 +{"Test psa_copy_key with EC keypair\n", 12, + PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1), + {0}, + 28, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, + 224, 28, PSA_SUCCESS +}, +#endif +#endif + +#ifdef ARCH_TEST_CIPER_MODE_CTR +#ifdef ARCH_TEST_AES +{"Test psa_copy_key with Incompatible target policy\n", 13, PSA_KEY_TYPE_AES, +{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, + 0x5F, 0xC9, 0x77}, + AES_16B_KEY_SIZE, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CBC_NO_PADDING, PSA_ALG_CBC_NO_PADDING, PSA_ALG_CBC_NO_PADDING, + BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT +}, +#endif +#endif +}; + +static test_data check2[] = { +#ifdef ARCH_TEST_CIPER_MODE_CTR +#ifdef ARCH_TEST_AES_128 +{"Test psa_copy_key negative cases\n", 14, PSA_KEY_TYPE_AES, +{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, + 0x5F, 0xC9, 0x77}, + AES_16B_KEY_SIZE, + PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, + PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, + BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS +}, +#endif +#endif +}; diff --git a/api-tests/dev_apis/crypto/test_c044/test_entry.c b/api-tests/dev_apis/crypto/test_c044/test_entry.c new file mode 100644 index 00000000..7eebc5c4 --- /dev/null +++ b/api-tests/dev_apis/crypto/test_c044/test_entry.c @@ -0,0 +1,53 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_c044.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 44) +#define TEST_DESC "Testing crypto key management APIs\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_c044_crypto_list, FALSE); + + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->crypto_function(VAL_CRYPTO_FREE); + val->test_exit(); +} diff --git a/api-tests/dev_apis/crypto/testsuite.db b/api-tests/dev_apis/crypto/testsuite.db index 66170eea..ebe6839a 100644 --- a/api-tests/dev_apis/crypto/testsuite.db +++ b/api-tests/dev_apis/crypto/testsuite.db @@ -63,5 +63,6 @@ test_c040 test_c041 test_c042 test_c043 +test_c044 (END) diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s002/test_its_data.h b/api-tests/dev_apis/internal_trusted_storage/test_s002/test_its_data.h index 325e862e..303b25fd 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s002/test_its_data.h +++ b/api-tests/dev_apis/internal_trusted_storage/test_s002/test_its_data.h @@ -118,6 +118,9 @@ static const test_data s002_data[] = { { VAL_ITS_SET, PSA_ITS_ERROR_WRITE_ONCE /* Setting flag to zero for UID should fail */ }, +{ + VAL_ITS_REMOVE, PSA_ITS_ERROR_WRITE_ONCE /* Storage should not be removed */ +}, { VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Check that the WRITE_ONCE flag is preserved */ }, diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s004/test_s004.c b/api-tests/dev_apis/internal_trusted_storage/test_s004/test_s004.c index 00f42451..9db24a79 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s004/test_s004.c +++ b/api-tests/dev_apis/internal_trusted_storage/test_s004/test_s004.c @@ -42,11 +42,11 @@ int32_t psa_sst_get_data_check(security_t caller) uint32_t status,j; /* Set data for UID */ - status = SST_FUNCTION(s004_data[1].api, uid + 1, TEST_BUFF_SIZE, write_buff,0); + status = SST_FUNCTION(s004_data[1].api, uid, TEST_BUFF_SIZE, write_buff,0); TEST_ASSERT_EQUAL(status, s004_data[1].status, TEST_CHECKPOINT_NUM(1)); /* Call get function and check the data consistency */ - status = SST_FUNCTION(s004_data[2].api, uid + 1, 0, TEST_BUFF_SIZE, read_buff); + status = SST_FUNCTION(s004_data[2].api, uid, 0, TEST_BUFF_SIZE, read_buff); TEST_ASSERT_EQUAL(status, s004_data[2].status, TEST_CHECKPOINT_NUM(2)); TEST_ASSERT_MEMCMP(read_buff, write_buff, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(3)); diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s006/test_s006.c b/api-tests/dev_apis/internal_trusted_storage/test_s006/test_s006.c index 1c7066b0..d1d81bc7 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s006/test_s006.c +++ b/api-tests/dev_apis/internal_trusted_storage/test_s006/test_s006.c @@ -73,7 +73,7 @@ int32_t psa_sst_flags_not_supported(security_t caller) { test_status = psa_sst_remove_api(uid, TEST_BUFF_SIZE, write_buff, (flag & (~PSA_SST_FLAG_WRITE_ONCE))); - if (test_status != VAL_STATUS_SUCCESS) + if (test_status != VAL_STATUS_SUCCESS) return test_status; } else if (status == s006_data[0].status) diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_its_data.h b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_its_data.h index a4f0b7e1..80e7fb1a 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_its_data.h +++ b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_its_data.h @@ -33,25 +33,31 @@ static const test_data s009_data[] = { 0, 0 /* This is dummy for index0 */ }, { - VAL_ITS_SET, PSA_ITS_ERROR_INVALID_ARGUMENTS /* Call set API with 0 write buffer */ + VAL_ITS_SET, PSA_ITS_SUCCESS /* Call set API with NULL write buffer and 0 length */ }, { - VAL_ITS_GET_INFO, PSA_ITS_ERROR_UID_NOT_FOUND /* Call to get_info API should fail */ + VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Verify UID is created */ }, { - VAL_ITS_SET, PSA_ITS_SUCCESS /* Create storage of zero size */ + VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with NULL write buffer and 0 length */ }, { - VAL_ITS_SET, PSA_ITS_ERROR_INVALID_ARGUMENTS /* Try to set 0 buffer for previous created storage */ + VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the storage entity */ +}, +{ + VAL_ITS_GET_INFO, PSA_ITS_ERROR_UID_NOT_FOUND /* Verify UID is removed */ +}, +{ + VAL_ITS_SET, PSA_ITS_SUCCESS /* Create storage of zero size and valid write buffer */ }, { VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Call get_info API to check data size */ }, { - 0, 0 /* This is dummy for index6 */ + 0, 0 /* This is dummy for index8 */ }, { - VAL_ITS_GET, PSA_ITS_ERROR_INVALID_ARGUMENTS /* Call get API with 0 read buffer */ + VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with 0 length and NULL read buffer */ }, { VAL_ITS_SET, PSA_ITS_SUCCESS /* Increase the asset size */ diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_ps_data.h b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_ps_data.h index 982561c8..129bca08 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_ps_data.h +++ b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_ps_data.h @@ -33,25 +33,31 @@ static const test_data s009_data[] = { 0, 0 /* This is dummy for index0 */ }, { - VAL_PS_SET, PSA_PS_ERROR_INVALID_ARGUMENT /* Call set API with 0 write buffer */ + VAL_PS_SET, PSA_PS_SUCCESS /* Call set API with NULL write buffer and 0 length */ }, { - VAL_PS_GET_INFO, PSA_PS_ERROR_UID_NOT_FOUND /* Call to get_info API should fail */ + VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Verify UID is created */ }, { - VAL_PS_SET, PSA_PS_SUCCESS /* Create storage of zero size */ + VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with NULL write buffer and 0 length */ }, { - VAL_PS_SET, PSA_PS_ERROR_INVALID_ARGUMENT /* Try to set 0 buffer for previous created storage */ + VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the storage entity */ +}, +{ + VAL_PS_GET_INFO, PSA_PS_ERROR_UID_NOT_FOUND /* Verify UID is removed */ +}, +{ + VAL_PS_SET, PSA_PS_SUCCESS /* Create storage of zero size and valid write buffer */ }, { VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Call get_info API to check data size */ }, { - 0, 0 /* This is dummy for index6 */ + 0, 0 /* This is dummy for index8 */ }, { - VAL_PS_GET, PSA_PS_ERROR_INVALID_ARGUMENT /* Call get API with 0 read buffer */ + VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with 0 length and NULL read buffer */ }, { VAL_PS_SET, PSA_PS_SUCCESS /* Increase the asset size */ diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.c b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.c index a1b54246..4567c666 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.c +++ b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.c @@ -28,7 +28,7 @@ client_test_t test_s009_sst_list[] = { NULL, - psa_sst_invalid_arguments_check, + psa_sst_zero_length_check, NULL, }; @@ -36,7 +36,7 @@ static psa_sst_uid_t uid = UID_BASE_VALUE + 5; static uint8_t write_buff[TEST_BUFF_SIZE] = {0x99, 0x01, 0x02, 0x03, 0x04, 0x23, 0xF6, 0x07, 0x08, \ 0x0D, 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD}; -int32_t psa_sst_invalid_arguments_check(security_t caller) +int32_t psa_sst_zero_length_check(security_t caller) { uint32_t status; @@ -45,38 +45,48 @@ int32_t psa_sst_invalid_arguments_check(security_t caller) status = SST_FUNCTION(s009_data[1].api, uid, 0, NULL, 0); TEST_ASSERT_EQUAL(status, s009_data[1].status, TEST_CHECKPOINT_NUM(1)); - /* Call the get_info function and match the attributes */ + /* Call the get_info function to verify UID created */ status = SST_FUNCTION(s009_data[2].api, uid, &info); TEST_ASSERT_EQUAL(status, s009_data[2].status, TEST_CHECKPOINT_NUM(2)); - /* Set data for UID with length 0 and valid write buffer */ - val->print(PRINT_TEST, "[Check 2] Create UID with zero data length\n", 0); - status = SST_FUNCTION(s009_data[3].api, uid, 0, write_buff, 0); + /* Call get API with NULL read buffer */ + val->print(PRINT_TEST, "[Check 2] Call get API with NULL read buffer and data length 0\n", 0); + status = SST_FUNCTION(s009_data[3].api, uid, 0, 0, NULL); TEST_ASSERT_EQUAL(status, s009_data[3].status, TEST_CHECKPOINT_NUM(3)); - /* Set data for UID with length 0 and NULL pointer */ - val->print(PRINT_TEST, "[Check 3] Try to set NULL buffer for existing UID\n", 0); - status = SST_FUNCTION(s009_data[4].api, uid, 0, NULL, 0); + /* Remove the UID */ + val->print(PRINT_TEST, "[Check 3] Remove the UID\n", 0); + status = SST_FUNCTION(s009_data[4].api, uid); TEST_ASSERT_EQUAL(status, s009_data[4].status, TEST_CHECKPOINT_NUM(4)); - /* Call the get_info function and match the attributes */ + /* Call the get_info function to verify UID is removed */ + val->print(PRINT_TEST, "[Check 4] Call get_info API to verify UID removed\n", 0); status = SST_FUNCTION(s009_data[5].api, uid, &info); TEST_ASSERT_EQUAL(status, s009_data[5].status, TEST_CHECKPOINT_NUM(5)); - TEST_ASSERT_EQUAL(info.size, 0, TEST_CHECKPOINT_NUM(6)); - /* Call get API with NULL read buffer and valid UID */ - val->print(PRINT_TEST, "[Check 4] Call get API with NULL read buffer and data length 0\n", 0); - status = SST_FUNCTION(s009_data[7].api, uid, 0, 0, NULL); + /* Create UID with length 0 and valid write buffer */ + val->print(PRINT_TEST, "[Check 5] Create UID with zero data_len and valid write buffer\n", 0); + status = SST_FUNCTION(s009_data[6].api, uid, 0, write_buff, 0); + TEST_ASSERT_EQUAL(status, s009_data[6].status, TEST_CHECKPOINT_NUM(6)); + + /* Call the get_info function and match the attributes */ + status = SST_FUNCTION(s009_data[7].api, uid, &info); TEST_ASSERT_EQUAL(status, s009_data[7].status, TEST_CHECKPOINT_NUM(7)); + TEST_ASSERT_EQUAL(info.size, 0, TEST_CHECKPOINT_NUM(8)); + + /* Call get API with NULL read buffer and valid UID */ + val->print(PRINT_TEST, "[Check 8] Call get API with NULL read buffer and data length 0\n", 0); + status = SST_FUNCTION(s009_data[9].api, uid, 0, 0, NULL); + TEST_ASSERT_EQUAL(status, s009_data[9].status, TEST_CHECKPOINT_NUM(9)); /* Change the length to test_buff_size */ - val->print(PRINT_TEST, "[Check 5] Increase the length\n", 0); - status = SST_FUNCTION(s009_data[8].api, uid, TEST_BUFF_SIZE, write_buff, 0); - TEST_ASSERT_EQUAL(status, s009_data[8].status, TEST_CHECKPOINT_NUM(8)); + val->print(PRINT_TEST, "[Check 9] Increase the length\n", 0); + status = SST_FUNCTION(s009_data[10].api, uid, TEST_BUFF_SIZE, write_buff, 0); + TEST_ASSERT_EQUAL(status, s009_data[10].status, TEST_CHECKPOINT_NUM(10)); /* Remove the UID */ - status = SST_FUNCTION(s009_data[9].api, uid); - TEST_ASSERT_EQUAL(status, s009_data[9].status, TEST_CHECKPOINT_NUM(9)); + status = SST_FUNCTION(s009_data[11].api, uid); + TEST_ASSERT_EQUAL(status, s009_data[11].status, TEST_CHECKPOINT_NUM(11)); return VAL_STATUS_SUCCESS; } diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.h b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.h index db084cfc..11b32d17 100755 --- a/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.h +++ b/api-tests/dev_apis/internal_trusted_storage/test_s009/test_s009.h @@ -31,6 +31,6 @@ extern val_api_t *val; extern psa_api_t *psa; extern client_test_t test_s009_sst_list[]; -int32_t psa_sst_invalid_arguments_check(security_t caller); +int32_t psa_sst_zero_length_check(security_t caller); #endif /* _TEST_S009_CLIENT_TESTS_H_ */ diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s010/test_its_data.h b/api-tests/dev_apis/internal_trusted_storage/test_s010/test_its_data.h index 7b1b6d37..1a811b11 100644 --- a/api-tests/dev_apis/internal_trusted_storage/test_s010/test_its_data.h +++ b/api-tests/dev_apis/internal_trusted_storage/test_s010/test_its_data.h @@ -29,7 +29,7 @@ typedef struct { static const test_data s010_data[] = { { - VAL_ITS_SET, PSA_ITS_SUCCESS /* Create with UID value zero should fail */ + VAL_ITS_SET, PSA_ITS_ERROR_INVALID_ARGUMENTS /* Create with UID value zero should fail */ }, }; #endif /* _TEST_S010_ITS_DATA_TESTS_H_ */ diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s010/test_ps_data.h b/api-tests/dev_apis/internal_trusted_storage/test_s010/test_ps_data.h index e88ed9b4..fb06deb9 100644 --- a/api-tests/dev_apis/internal_trusted_storage/test_s010/test_ps_data.h +++ b/api-tests/dev_apis/internal_trusted_storage/test_s010/test_ps_data.h @@ -29,7 +29,7 @@ typedef struct { static const test_data s010_data[] = { { - VAL_PS_SET, PSA_PS_SUCCESS /* Create with UID value zero should fail */ + VAL_PS_SET, PSA_PS_ERROR_INVALID_ARGUMENT /* Create with UID value zero should fail */ }, }; #endif /* _TEST_S010_PS_DATA_TESTS_H_ */ diff --git a/api-tests/dev_apis/internal_trusted_storage/test_s010/test_s010.c b/api-tests/dev_apis/internal_trusted_storage/test_s010/test_s010.c index c74bad3f..8e556ce1 100644 --- a/api-tests/dev_apis/internal_trusted_storage/test_s010/test_s010.c +++ b/api-tests/dev_apis/internal_trusted_storage/test_s010/test_s010.c @@ -42,7 +42,7 @@ int32_t psa_sst_uid_value_zero_check(security_t caller) /* Set with UID value zero should fail */ val->print(PRINT_TEST, "[Check 1] Creating storage with UID 0 should fail\n", 0 ); status = SST_FUNCTION(s010_data[0].api, uid, TEST_BUFF_SIZE, write_buff, 0); - TEST_ASSERT_NOT_EQUAL(status, s010_data[0].status, TEST_CHECKPOINT_NUM(1)); + TEST_ASSERT_EQUAL(status, s010_data[0].status, TEST_CHECKPOINT_NUM(1)); return VAL_STATUS_SUCCESS; } diff --git a/api-tests/docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf b/api-tests/docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf old mode 100644 new mode 100755 index 1ec5b796..b22a7242 Binary files a/api-tests/docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf and b/api-tests/docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf differ diff --git a/api-tests/docs/porting_guide_dev_apis.md b/api-tests/docs/porting_guide_dev_apis.md index 55e536ff..83491235 100644 --- a/api-tests/docs/porting_guide_dev_apis.md +++ b/api-tests/docs/porting_guide_dev_apis.md @@ -1,21 +1,19 @@ -# Porting Guide - Developer APIs Architecture Test Suite +# Porting Guide: Developer APIs Architecture Test Suite ----------------------------------------------------- ## Introduction -The Architecture test suite contains a platform abstraction layer (PAL) which abstracts platform specific information from the tests. - - The PAL layer interface functions need to be implemented/ported to the target platform. - - The target config file must be created/updated to match the details of the target platform. +The architecture test suite contains the *Platform Abstraction Layer* (PAL) which abstracts platform-specific information from the tests. You must implement and port the PAL interface functions to your target platform. Create and update the target configuration file to match the details of this target platform. -This document provides details on the porting steps and the PAL APIs. +This document provides the porting steps and the list of PAL APIs. ## Porting steps ### Target configuration -You must populate your system configuration and provide it as an input to test suite. This is captured in a single static input configuration file that is named as target.cfg. This file is available at api-tests/platform/targets//.
+You must populate your system configuration and provide it as an input to the test suite. The system configuration is captured in a single static input configuration file called **target.cfg**, available at **api-tests/platform/targets//**.
-An example of the input configuration file is as shown. +An example input configuration file is as shown. // UART device info uart.num=1; @@ -31,42 +29,42 @@ An example of the input configuration file is as shown. watchdog.0.intr_id = 0xFF; watchdog.0.permission = TYPE_READ_WRITE; - More details on the structure of the input can be obtained from val/common/val_target.h. + For details on the structure of the input, refer to **val/common/val_target.h**. ### Adding a new target - - Create a new directory in platform/targets/. For reference, see the existing platform tgt_dev_apis_mbedos_fvp_mps2_m4 directory. - - cp -rf platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/ platform/targets// - - Update platform/targets//target.cfg with your platform detail. Refer val/common/val_target.h for structure details. - - Update platform/targets//Makefile appropriately to select correct instances of PAL files for compilation. To compile dev_apis suites, you must set PSA_IPC_IMPLEMENTED to 0. This selects the non-secure PAL instances for the driver services and eliminates IPC dependency for dev_apis tests. - - Refer "PAL API list" section to view list of PAL APIs that must be ported for your target platform. These APIs definitions are available in nspe//pal_\*\_intf.c. These APIs are written for tgt_dev_apis_mbedos_fvp_mps2_m4 platform. You can reuse the code if it works for your platform. Otherwise you must port them for your platform specific peripherals. - - Update Crypto configuration file - nspe/crypto/pal_crypto_config.h to enable/disable crypto features selectively for crypto test suite - - The platform make file is invoked as part of test suite build tool(./setup.sh) step and it creates /BUILD/platform/pal_nspe.a archive. + 1. Create a new directory in **platform/targets/**. For reference, see the existing platform **tgt_dev_apis_mbedos_fvp_mps2_m4** directory. + 2. Execute `cp -rf platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/ platform/targets//`. + 3. Update **platform/targets//target.cfg** with your platform details. Refer to **val/common/val_target.h** for structure details. + 4. Update **platform/targets//Makefile** appropriately to select the correct instances of PAL files for compilation. To compile **dev_apis** suites, you must set **PSA_IPC_IMPLEMENTED** to 0. This selects the Non-secure PAL instances for the driver services and eliminates IPC dependency for dev_apis tests. + 5. Refer to the **List of PAL APIs** section to view the list of PAL APIs that must be ported for your target platform. These API definitions are available in **nspe//pal_\*\_intf.c**. These APIs are written for tgt_dev_apis_mbedos_fvp_mps2_m4 platform. You can reuse the code if it works for your platform. Otherwise, you must port them for your platform-specific peripherals. + 6. Update Crypto configuration file **nspe/crypto/pal_crypto_config.h** to enable or disable Crypto features selectively for the Crypto test suite. **Note**: -Test suite needs access to the following peripherals:
- - One UART to print nspe and spe messages - - One Watchdog timer to help recovery from any fatal error conditions +- The platform makefile is invoked as part of test suite build tool (**./setup.sh**) step and it creates **/BUILD/platform/pal_nspe.a** archive. +- The test suite requires access the following peripherals: + - One UART to print NSPE and SPE messages + - One Watchdog timer to help recover from any fatal error conditions - Non-volatile memory support to preserve test status over watchdog timer reset -## PAL API list -Since test suite is agnostic to various system targets, before building the tests, you must port below PAL NSPE APIs. These functions will require implementation for your target platform.
+## List of PAL APIs +Since the test suite is agnostic to various system targets, you must port the following PAL NSPE APIs before building the tests. Implement these functions for your target platform.
| No | Prototype | Description | Parameters | |----|-----------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------|----------------------------------------------------------| -| 01 | int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len); | This function will read peripherals using SPI commands | addr : address of the peripheral
data : read buffer
len : length of the read buffer in bytes
| -| 02 | int pal_uart_init_ns(uint32_t uart_base_addr); | This function initializes the UART | uart base addr
| -| 03 | int pal_print_ns(char *str, uint32_t data); | This function parses the input string and writes bytes into UART TX FIFO| str : Input String
data : Value for format specifier
| -| 04 | int pal_wd_timer_init_ns(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); | Initializes an hardware watchdog timer | base_addr : Base address of the watchdog module
time_us : Time in micro seconds
timer_tick_us : Number of ticks per micro second
| +| 01 | int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len); | Reads peripherals using SPI commands | addr : Address of the peripheral
data : Read buffer
len : Length of the read buffer in bytes
| +| 02 | int pal_uart_init_ns(uint32_t uart_base_addr); | Initializes the UART | UART base address
| +| 03 | int pal_print_ns(char *str, int32_t data); | Parses the input string and writes bytes into UART TX FIFO| str : Input String
data : Value for format specifier
| +| 04 | int pal_wd_timer_init_ns(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); | Initializes a hardware watchdog timer | base_addr : Base address of the watchdog module
time_us : Time in micro seconds
timer_tick_us : Number of ticks per micro second
| | 05 | int pal_wd_timer_enable_ns(addr_t base_addr); | Enables a hardware watchdog timer | base_addr : Base address of the watchdog module
| | 06 | int pal_wd_timer_disable_ns(addr_t base_addr); | Disables a hardware watchdog timer | base_addr : Base address of the watchdog module
| -| 07 | int pal_nvmem_read_ns(addr_t base, uint32_t offset, void *buffer, int size); | Reads from given non-volatile address. | base : Base address of nvmem
offset : Offset
buffer : Pointer to source address
size : Number of bytes
| +| 07 | int pal_nvmem_read_ns(addr_t base, uint32_t offset, void *buffer, int size); | Reads from the given non-volatile address. | base : Base address of nvmem
offset : Offset
buffer : Pointer to source address
size : Number of bytes
| | 08 | int pal_nvmem_write_ns(addr_t base, uint32_t offset, void *buffer, int size); | Writes into given non-volatile address. | base : Base address of nvmem
offset : Offset
buffer : Pointer to source address
size : Number of bytes
| -| 09 | int32_t pal_crypto_function(int type, va_list valist); | This API will call the requested crypto function | type : function code
valist : variable argument list
| -| 10 | uint32_t pal_its_function(int type, va_list valist); | This API will call the requested internal trusted storage function | type : function code
valist : variable argument list
| -| 11 | uint32_t pal_ps_function(int type, va_list valist); | This API will call the requested protected storage function | type : function code
valist : variable argument list
| -| 12 | int32_t pal_attestation_function(int type, va_list valist); | This API will call the requested initial attestation function | type : function code
valist : variable argument list
| +| 09 | int32_t pal_crypto_function(int type, va_list valist); | Calls the requested Crypto function | type : Function code
valist : variable argument list
| +| 10 | uint32_t pal_its_function(int type, va_list valist); | Calls the requested Internal Trusted Storage function | type : Function code
valist : Variable argument list
| +| 11 | uint32_t pal_ps_function(int type, va_list valist); | Calls the requested Protected Storage function | type : Function code
valist : Variable argument list
| +| 12 | int32_t pal_attestation_function(int type, va_list valist); | Calls the requested Initial Attestation function | type : Function code
valist : Variable argument list
| ## License Arm PSA test suite is distributed under Apache v2.0 License. diff --git a/api-tests/docs/porting_guide_ff.md b/api-tests/docs/porting_guide_ff.md index 7f6f9f05..adceb371 100644 --- a/api-tests/docs/porting_guide_ff.md +++ b/api-tests/docs/porting_guide_ff.md @@ -1,21 +1,19 @@ -# Porting Guide - PSA-FF Architecture Test Suite +# Porting Guide: PSA-FF Architecture Test Suite ----------------------------------------------------- ## Introduction -The Architecture test suite contains a platform abstraction layer (PAL) which abstracts platform specific information from the tests. - - The PAL layer interface functions need to be implemented/ported to the target platform. - - The target config file must be created/updated to match the details of the target platform. +The architecture test suite contains a *Platform Abstraction Layer* (PAL) which abstracts platform-specific information from the tests. You must implement and port the PAL interface functions to your target platform. Create and update the target configuration file to match the details of this target platform. -This document provides details on the porting steps and the PAL APIs. +This document provides the porting steps and the list of PAL APIs. ## Porting steps ### Target configuration -You must populate your system configuration and provide it as an input to test suite. This is captured in a single static input configuration file that is named as target.cfg. This file is available at api-tests/platform/targets//.
+You must populate your system configuration and provide it as an input to test suite. The system configuration is captured in a single static input configuration file called **target.cfg**, available at **api-tests/platform/targets//**.
-An example of the input configuration file is as shown. +An example input configuration file is as shown. // UART device info uart.num=1; @@ -31,50 +29,52 @@ An example of the input configuration file is as shown. watchdog.0.intr_id = 0xFF; watchdog.0.permission = TYPE_READ_WRITE; - More details on the structure of the input can be obtained from val/common/val_target.h. + For details on the structure of the input, refer to **val/common/val_target.h**. ### Adding a new target - - Create a new directory in platform/targets/. For reference, see the existing platform tgt_ff_mbedos_fvp_mps2_m4 directory. - - cp -rf platform/targets/tgt_ff_mbedos_fvp_mps2_m4/ platform/targets// - - Update platform/targets//target.cfg with your platform detail. Refer val/common/val_target.h for structure details. - - Update the platform information available in manifest files located in platform/targets//manifests/ directory with your platform information. The platform detail must match with device detail provided in the target.cfg file. - - Update platform/targets//Makefile appropriately to select correct instances of PAL files for compilation. To compile IPC tests, you must set PSA_IPC_IMPLEMENTED to 1 and remaining Developer APIs related variables to 0. This selects the secure PAL instances for the driver services and eliminates dev_apis dependency for IPC tests. - - Refer "PAL API list" section to view list of PAL APIs that must be ported for your target platform. These APIs definitions are available in nspe//pal_\*\_intf.c and spe/pal_\*_intf.c files. These APIs are written for tgt_ff_mbedos_fvp_mps2_m4 platform. You can reuse the code if it works for your platform. Otherwise you must port them for your platform specific peripherals. - - The platform make file is invoked as part of test suite build tool(./setup.sh) step and it creates /BUILD/platform/pal_nspe.a archive for NPSE files and respective object for SPE files at /BUILD/platform/spe/\*\_driver_sp.o. Later, these SPE objects are used by spbuild.mk to create appropriate SPE partition archive file. + 1. Create a new directory in **platform/targets/**. For reference, see the existing platform tgt_ff_mbedos_fvp_mps2_m4 directory. + 2. Execute `cp -rf platform/targets/tgt_ff_mbedos_fvp_mps2_m4/ platform/targets//`. + 3. Update **platform/targets//target.cfg** with your target platform details. Refer to **val/common/val_target.h** for structure details. + 4. Update the platform information available in manifest files located in **platform/targets//manifests/** directory with your platform information. The platform details must match the device details provided in the target.cfg file. + 5. Update **platform/targets//Makefile** appropriately to select the correct instances of PAL files for compilation. To compile IPC tests, you must set PSA_IPC_IMPLEMENTED to 1 and the remaining Developer APIs related variables to 0. This selects the Secure PAL instances for the driver services and eliminates dev_apis dependency for IPC tests. + 6. Refer to the **List of PAL APIs** section to view the list of PAL APIs that must be ported for your target platform. These API definitions are available in **nspe//pal_\*\_intf.c** and **spe/pal_\*\_intf.c** files. These APIs are written for **tgt_ff_mbedos_fvp_mps2_m4** platform. You can reuse the code if it works for your platform. Otherwise, you must port them for your platform-specific peripherals. **Note**: - Test suite needs access to the following peripherals. When PSA_IPC_IMPLEMENTED is set to 1, driver functionalities are implemented as RoT-services in driver partition. Other Secure partitions and non-secure code calls to these RoT-services to get appropriate driver services. - - One UART to print nspe and spe messages - - One Watchdog timer to help recovery from any fatal error conditions +- The platform makefile is invoked as part of test suite build tool (**./setup.sh**) step and it creates **/BUILD/platform/pal_nspe.a** archive for NPSE files and respective object for SPE files at **/BUILD/platform/spe/\*\_driver_sp.o**. These SPE objects are used by **spbuild.mk** to create the appropriate SPE partition archive file. +- The test suite requires access to the peripherals mentioned below. When PSA_IPC_IMPLEMENTED is set to 1, driver functionalities are implemented as RoT-services in driver partition. Other Secure partitions and Non-secure code calls to these RoT-services to get appropriate driver services. + - One UART to print NSPE or SPE messages and to cover secure partition interrupt handling scenarios + - One Watchdog timer to help recover from any fatal error conditions - Non-volatile memory support to preserve test status over watchdog timer reset +## List of PAL APIs -## PAL API list -Since Test suite is agnostic to various system targets, before building the tests, you must port below PAL APIs. These functions will require implementation for your target platform.
+Since the test suite is agnostic to various system targets, you must port the following PAL NSPE APIs before building the tests. Implement these functions for your target platform.
-- Following are the list of PAL APIs used in NSPE:
+The following is the list of PAL APIs used in NSPE:
| No | Prototype | Description | Parameters | |----|-----------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------|----------------------------------------------------------| -| 01 | int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len); | This function will read peripherals using SPI commands | addr : address of the peripheral
data : read buffer
len : length of the read buffer in bytes
| +| 01 | int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len); | Reads peripherals using SPI commands | addr : Address of the peripheral
data : Read buffer
len : Length of the read buffer in bytes
| -- Following are the list of PAL APIs used in SPE:
+The following is the list of PAL APIs used in SPE:
| No | Prototype | Description | Parameters | |----|-----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|----------------------------------------------------------| -| 01 | void pal_uart_init(addr_t uart_base_addr); | This function initializes the uart | uart_base_addr : Base address of the UART
| -| 02 | void pal_print(char *str, uint32_t data); | This function parses the input string and writes byte by byte to print | str : Input String
data : Value for Format specifier
| -| 03 | int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us);| Initializes an hardware watchdog timer | base_addr : Base address of the watchdog module
time_us : Time in micro seconds
timer_tick_us : Number of ticks per micro second
| +| 01 | void pal_uart_init(addr_t uart_base_addr); | Initializes the UART | uart_base_addr : Base address of the UART
| +| 02 | void pal_print(char *str, int32_t data); | Parses the input string and writes byte by byte to print | str : Input String
data : Value for Format specifier
| +| 03 | int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us);| Initializes a hardware watchdog timer | base_addr : Base address of the watchdog module
time_us : Time in micro seconds
timer_tick_us : Number of ticks per micro second
| | 04 | int pal_wd_timer_enable(addr_t base_addr); | Enables a hardware watchdog timer | base_addr : Base address of the watchdog module
| | 05 | int pal_wd_timer_disable(addr_t base_addr); | Disables a hardware watchdog timer | base_addr : Base address of the watchdog module
| | 06 | int pal_wd_timer_is_enabled(addr_t base_addr); | Checks whether hardware watchdog timer is enabled | base_addr : Base address of the watchdog module
| -| 07 | int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); | Writes 'size' bytes from buffer into non-volatile memory at a given 'base + offset'| base : Base address of NV MEM
offset : Offset
buffer : Pointer to source address
size : Number of bytes
| +| 07 | int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); | Writes 'size bytes from buffer into non-volatile memory at a given 'base + offset'| base : Base address of NV MEM
offset : Offset
buffer : Pointer to source address
size : Number of bytes
| | 08 | int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); | Reads 'size' bytes from non-volatile memory at a given | base : Base address of NV MEM
offset : Offset
buffer : Pointer to source address
size : Number of bytes
| +| 09 | void pal_generate_interrupt(void); | Trigger interrupt for IRQ signal assigned to driver partition | None | +| 10 | void pal_disable_interrupt(void); | Disable the interrupt that was generated using pal_generate_interrupt API. | None | ## License Arm PSA test suite is distributed under Apache v2.0 License. -------------- -*Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* diff --git a/api-tests/docs/psa_attestation_testlist.md b/api-tests/docs/psa_attestation_testlist.md index d8d7f105..478b494e 100644 --- a/api-tests/docs/psa_attestation_testlist.md +++ b/api-tests/docs/psa_attestation_testlist.md @@ -4,7 +4,7 @@ |-----------|--------------------------------------|-------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | test_a001 | PSA_ATTEST_ERR_SUCCESS | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | 1. Provide correct inputs to API with described challenge sizes
2. Expect API to return this define as return value each time
3. Verify the token | 1. Challenge_size = 32
2. Challenge_size = 48
3. Challenge_size = 64 | | | PSA_ATTEST_ERR_INVALID_INPUT | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | 1. Provide described challenge sizes to the API along with other valid parameters
2. Expect API to return this define as return value each time | 1. Challenge_size is zero
2. Invalid challenge size between 0 and 32
3. Invalid challenge size between 32 and 64
4. Challenge_size is greater than MAX_CHALLENGE_SIZE | -| | PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW | psa_initial_attest_get_token() | 1. Provide described taken size to the API along with other valid parameters
2. Expect API to return this define as return value each time | Pass the token_size which less than actual/required token size | +| | PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW | psa_initial_attest_get_token() | 1. Provide described taken size to the API along with other valid parameters
2. Expect API to return this define as return value each time | 1. Token_size as zero
2. Token_size less than challenge size | | | PSA_ATTEST_ERR_INIT_FAILED | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where attestation initialisation fails | | | | PSA_ATTEST_ERR_CLAIM_UNAVAILABLE | psa_initial_attest_get_token() | Can't simulate. Test can't generate stimulus where claim can unavailable | | | | PSA_ATTEST_ERR_GENERAL | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where unexpected error happened during API operation | | diff --git a/api-tests/docs/psa_crypto_testlist.md b/api-tests/docs/psa_crypto_testlist.md index 12def99d..983ba367 100644 --- a/api-tests/docs/psa_crypto_testlist.md +++ b/api-tests/docs/psa_crypto_testlist.md @@ -24,8 +24,8 @@ | | | | | | | 2. Incorrect key data size | | | | | | | | | | | | | | | | | -| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Invalid key slot
2. Zero key slot | -| | | | | PSA_ERROR_OCCUPIED_SLOT | Pass the key slot to store data which is already occupied | Already occupied key slot | +| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Destroyed key handle
2. Zero as key handle
3. Unallocated key handle | +| | | | | PSA_ERROR_ALREADY_EXISTS | Pass the key slot to store data which is already occupied | Already occupied key slot | | | test_c003 | psa_export_key | Export a key in binary format | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | | | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES | | | | | | | | | @@ -38,10 +38,12 @@ | | | | | | | 9. EC Public key | | | | | | | | 10. EC keypair | | | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size | +| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with with key policy as verify should return this error | Key policy as PSA_KEY_USAGE_VERIFY | | | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot | -| | | | | | | 2. Invalid key slot | +| | | | | | | 2. Unallocated key slot | +| | | | | | | 3. Destroyed key slot | | | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage | -| | | | | PSA_ERROR_EMPTY_SLOT | Calling this function with empty key slot | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot | Empty key slot | | | test_c004 | psa_export_public_key | Export a public key or the public part of a key pair in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 2048 RSA public key | | | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 2048 RSA keypair | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. EC Public key | @@ -50,18 +52,16 @@ | | | | | | 6. Get basic metadata about a key | | | | | | | | 7. Export a key in binary format | | | | | | | | 8. Check if original key data matches with the exported data | | -| | | | | PSA_ERROR_INVALID_ARGUMENT | 1. Initialize the PSA crypto library | 1. 16 Byte AES | -| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES | -| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES | -| | | | | | 4. Set the usage policy on a key slot | 4. DES 64 bit key | -| | | | | | 5. Import the key data into the key slot | 5. Triple DES 2-Key | -| | | | | | 6. Get basic metadata about a key | 6. Triple DES 3-Key | -| | | | | | 7. Export a key in binary format | | -| | | | | | 8. Check if original key data matches with the exported data | | | | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size | -| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot | -| | | | | | | 2. Invalid key slot | +| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. DES 64 bit key | +| | | | | | | 2. Triple DES 2-Key | +| | | | | | | 3. Triple DES 3-Key | +| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with with key policy as verify should return this error | Key policy as PSA_KEY_USAGE_VERIFY | +| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Zero key slot | +| | | | | | | 2. Unallocated key slot | +| | | | | | | 3. Destroyed key slot | | | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage | +| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot | Empty key slot | | | test_c005 | psa_destroy_key | Destroy a key and restore the slot to its default state. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | | | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES | @@ -86,8 +86,9 @@ | | | | | | | 9. EC Public key | | | | | | | | 10. EC keypair | | | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot | -| | | | | | | 2. Invalid key slot | -| | | | | PSA_ERROR_EMPTY_SLOT | Pass the key slot number which has the key type as none | Empty key slot | +| | | | | | | 2. Unallocated key slot | +| | | | | | | 2. Destroyed key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | Pass the key slot number which has the key type as none | Empty key slot | | | NO TEST | psa_key_policy_set_usage | Set the standard fields of a policy structure. | void | Void function. Covered as part of other cases | | | | | | | | | | | Key Policies | test_c007 | psa_set_key_policy | Set the usage policy on a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | @@ -100,10 +101,10 @@ | | | | | | | 8. Triple DES 3-Key | | | | | | | | 9. EC Public key | | | | | | | | 10. EC keypair | -| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Invalid key policy | +| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Unallocated key slot | | | | | | | | 2. Zero key slot | -| | | | | | | 3. Invalid key slot | -| | | | | PSA_ERROR_OCCUPIED_SLOT | Pass the key slot to store data which is already occupied | Already occupied key slot | +| | | | | | | 3. Destroyed key slot | +| | | | | PSA_ERROR_ALREADY_EXISTS | Pass the key slot to store data which is already occupied | Already occupied key slot | | | test_c008 | psa_get_key_policy | Get the usage policy for a key slot | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | | | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES | @@ -115,7 +116,7 @@ | | | | | | 9. Retrieve the algorithm field of a policy structure | 9. EC Public key | | | | | | | 10. Make sure they match the original value | 10. EC keypair | | | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot | -| | | | | | | 2. Invalid key slot | +| | | | | | | 2. Destroyed key slot | | | test_c009 | psa_allocate_key | Allocate a key slot for a transient key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Volatile keys | | | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | | | | | | | | 3. Allocate a key slot for a transient key | | @@ -127,7 +128,7 @@ | | | | | PSA_ERROR_INSUFFICIENT_MEMORY | Calling this function with multiple time | | | | | | | | | | | | | | | | | | -| | test_c010 | psa_get_key_lifetime | Retrieve the lifetime of a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | Testing only volatile keys as other key types are currently not supported | +| | test_c010 | psa_get_key_lifetime | Retrieve the lifetime of a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | Testing only volatile keys and persistance key types will be supported in future release | | | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | | | | | | | | 4. Set the usage policy on a key slot | | @@ -136,7 +137,6 @@ | | | | | | 7. Get the lifetime of a key slot | | | | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero key slot | | | | | | | | 2. Invalid key slot | -| | | | | | | 3. Empty key slot | | | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key policy | | Message Authentication Codes | test_c011 | psa_hash_start | Start a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | | | | | | | 2. Start a multipart hash operation | 2. MD4 | @@ -162,8 +162,8 @@ | | | | | | | 7. SHA256 | | | | | | | | 8. SHA384 | | | | | | | | 9. SHA512 | -| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function without calling the psa_hash_start() should return error | Inactive operation handle | -| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with completed operation handle should return error | Completed operation handle | +| | | | | PSA_ERROR_BAD_STATE | 1. Calling this function without calling the psa_hash_start() should return error | Inactive operation handle | +| | | | | | 2. Calling this function with completed operation handle should return error | Completed operation handle | | | test_c013 | psa_hash_verify | Finish the calculation of the hash of a message and compare it with an expected value. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | | | | | | | 2. Start a multipart hash operation | 2. MD4 | | | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 | @@ -173,7 +173,8 @@ | | | | | | | 7. SHA256 | | | | | | | | 8. SHA384 | | | | | | | | 9. SHA512 | -| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with inactive operation handle should return error | Inactive operation handle | +| | | | | PSA_ERROR_BAD_STATE | Calling this function with inactive operation handle should return error | 1. Inactive operation handle | +| | | | | | Calling this function with invalid operation handle should return error | 2. Invalid operation handle | | | | | | PSA_ERROR_INVALID_SIGNATURE | Calling this function with incorrect expected value should return error | 1. Incorrect expected hash value | | | | | | | | 2. Incorrect expected hash length | | | test_c014 | psa_hash_finish | Finish the calculation of the hash of a message. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | @@ -206,15 +207,16 @@ | | | | | | 7. Check if key type and key length matches | | | | | | | | 8. Export a key in binary format | | | | | | | | 9. Check if the metadata matches | | -| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key slot should return this error | Invalid key slot | +| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with unallocated key slot should return this error | Unallocated key slot | | | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with zero as key slot should return this error | Zero as key slot | +| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with destroyed key slot should return this error | Destroyed as key slot | | | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with Null extra and Non-Zero extra size should return this error | Null extra and Non-Zero extra size | -| | | | | PSA_ERROR_OCCUPIED_SLOT | Calling this function with pre-occupied key slot should return this error | Pre-occupied key slot | +| | | | | PSA_ERROR_ALREADY_EXISTS | Calling this function with pre-occupied key slot should return this error | Pre-occupied key slot | | | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function to generate only public key should return this error | Key type as public key | | | test_c017 | psa_generate_random | Generate random bytes | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte data | -| | | | | | 2. Generate random bytes | 2. 24 Byte data | -| | | | | | 3. Check that if generated data are Non-Zero | 3. 32 Byte data | -| | | | | | | 4. 64 Byte data | +| | | | | | 2. Generate random bytes Run several times, to ensure that every output byte will be nonzero at least once | 2. 24 Byte data | +| | | | | | 3. Check that no more than bytes have been overwritten | 3. 32 Byte data | +| | | | | | 4. Check that every byte was changed to nonzero at least once. | 4. 64 Byte data | | | | | | | | 5. 128 Byte data | | | | | | | | 6. 256 Byte data | | | | | | | | 7. 512 Byte data | @@ -231,9 +233,10 @@ | | | | | | 9. Generate random bytes for remaining capacity | 9. Request maximum capacity | | | | | | | 10. Check that if generated data are non-zero | | | | | | | | 11. Generate random bytes and check that it fails | | -| | | | | PSA_ERROR_INSUFFICIENT_CAPACITY | Calling this function with output size greater than the current capacity should return this error | output size greater than the current capacity | -| | | | | PSA_ERROR_INSUFFICIENT_CAPACITY | Calling this function with capacity greater than the allowed capacity should return this error | request maximum capacity +1 | -| | test_c019 | psa_generator_get_capacity | Retrieve the current capacity of a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Output size less than generator capacity | +| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with output size greater than the current capacity should return this error | Output size greater than the current capacity | +| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with capacity greater than the allowed capacity should return this error | Request maximum capacity +1 | +| | | | | PSA_ERROR_BAD_STATE | Calling this function without setup should return this error | | +| | test_c019 | psa_get_generator_capacity | Retrieve the current capacity of a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Output size less than generator capacity | | | | | | | 2. Initialize a key policy structure | 2. Output size equal to generator capacity | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | | | | | | | | 4. Set the usage policy on a key slot | | @@ -244,6 +247,7 @@ | | | | | | 9. Generate random bytes | | | | | | | | 10. Retrieve the current capacity of a generator | | | | | | | | 11. Check that it is equal to the remaining capacity | | +| | | | | PSA_ERROR_BAD_STATE | Calling this function without setup should return this error | | | | test_c020 | psa_generator_import_key | Create a symmetric key from data read from a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | | | | | | | 2. Initialize a key policy structure | 2. 32 Byte AES | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | | @@ -269,12 +273,12 @@ | | | | | | 23. Set the usage policy on a new key slot | | | | | | | | 24. Create a symmetric key from data read from a generator for the some size | | | | | | | | Check that it fails | | -| | | | | PSA_ERROR_INSUFFICIENT_CAPACITY | Calling this function with output greater than capacity should return this error | Output greater than capacity | +| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with output greater than capacity should return this error | Output greater than capacity | | | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with public key algorithm should return this error | 1. RSA public key
2.Invalid key size | | | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid arguments should return this error | 1. Invalid key slot | | | | | | | | 2. Zero as key slot | | | | | | | | | -| | | | | PSA_ERROR_OCCUPIED_SLOT | Calling this function with already occupied key slot should return this error | Pre-occupied key slot | +| | | | | PSA_ERROR_ALREADY_EXISTS | Calling this function with already occupied key slot should return this error | Pre-occupied key slot | | | test_c021 | psa_generator_abort | Abort a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Abort | | | | | | | 2. Initialize a key policy structure | 2. Multiple | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Calling generator functions after abort should fail | @@ -290,10 +294,13 @@ | | | | | | 5. Set up a key derivation operation | | | | | | | | 6. Retrieve the current capacity of a generator | | | | | | | | 7. Make sure that the capacity is same as input capacity | | -| | | | | PSA_INVALID_ARGUMENT | Calling this function with invalid argument should return this error | 1. Invalid algorithm 2. Unsupported generator capacity | +| | | | | PSA_INVALID_ARGUMENT | Calling this function with invalid argument should return this error | 1. Invalid algorithm | +| | | | | | | 2. Unsupported generator capacity | | | | | | | | 3. Unsupported key type | +| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with incorrect usage should return this error | 1. Incorrect usage | +| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported key derivation algorithm should return this error | 1. Unsupported key derivation algorithm | | | | | | PSA_ERROR_INVALID_HANDLE | Calling this functoin wih incorrect key handle | 1. Invalid key handle
2. Zero as key slot | -| | | | | PSA_ERROR_EMPTY_SLOT | Calling this function with empty key slot should return this error | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot should return this error | Empty key slot | | Key policies | test_c023 | psa_key_policy_get_usage | Retrieve the usage field of a policy structure | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Encrypt | | | | | | | 2. Initialize a key policy structure | 2. Decrypt | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Export | @@ -310,7 +317,7 @@ | | | | | | 8. Check if the cipher text is expected length | | | | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key | | | | | | | | 2. Unsupported algorithm | -| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | | | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot | | | | | | | | 2. Invalid key slot | | | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size | @@ -325,7 +332,8 @@ | | | | | | 8. Check if the plain text is expected length | | | | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key | | | | | | | | 2. Unsupported algorithm | -| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | +| | | | | PSA_ERROR_INVALID_ARGUMENT | | Invalid tag length | | | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot | | | | | | | | 2. Invalid key slot | | | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size | @@ -338,12 +346,15 @@ | | | | | | 6. Start a multipart MAC calculation operation | | | | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte AES - GMAC | | | | | | | | 2. Incompatible HMAC for CMAC | -| | | | | | | 3. Bad algorithm (unknown MAC algorithm)
2. Zero key slot | | | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | -| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | +| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | +| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated key handle | +| | | | | | | 2. Zero as key handle | | | test_c040 | psa_asymmetric_decrypt | Decrypt a short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 | | | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR OAEP SHA256 | | | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. RSA KEYPAIR OAEP SHA256 with label | @@ -529,7 +550,7 @@ | | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type (RSA public key) | | | | | | | | 2. Invalid algorithm | | | | | | | | 3. Invalid key type (AES Key) | -| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | | | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | | | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot
2. Zero key slot | | | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | @@ -546,7 +567,7 @@ | | | | | | | 3. Invalid key type (AES Key) | | | | | | | | 4. Wrong hash size | | | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot
2. Zero key slot | -| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | | | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | | | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | | | test_c042 | psa_asymmetric_verify | Verify the signature a hash or short message using a public key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW | @@ -561,10 +582,46 @@ | | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot
2. Zero key slot | | | | | | PSA_ERROR_INVALID_SIGNATURE | | Wrong signature size | | | | | | | | Wrong signature | -| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | | | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | | | | | | PSA_ERROR_NOT_SUPPORTED | | Invalid key type (AES Key) | | | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | +| | test_c043 | psa_key_agreement | Set up a key agreement operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. ECDH SECP256R1 | +| | | | | | 2. Initialize a key policy structure | 2. ECDH SECP384R1 | +| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | | +| | | | | | 4. Set the key data based on key type | | +| | | | | | 5. Set the usage policy on a key slot | | +| | | | | | 6. Import the key data into the key slot | | +| | | | | | 7. Set up a key agreement operation | | +| | | | | | 8. Retrieve the current capacity of a generator | | +| | | | | | 9. Check if the generator capacity matches with the expected capacity | | +| | | | | | 10. Read some data from a generator | | +| | | | | | 11. Check if the output matches with the expected data | | +| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a key agreement alg | +| | | | | | | 2. Public key on different curve | +| | | | | | | 2. Public key instead of private key | +| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot
2. Zero key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | +| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | +| | | | | PSA_ERROR_NOT_SUPPORTED | | Invalid key type (AES Key) | +| | test_c044 | psa_copy_key | Copy key material from one location to another | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | +| | | | | | 2. Initialize a key policy structure | 2. 24 Byte AES | +| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES with constraints | +| | | | | | 4. Set the key data based on key type | 4. 2048 RSA public key | +| | | | | | 5. Set the usage policy on a key slot | 5. 2048 RSA key pair | +| | | | | | 6. Import the key data into the key slot | 6. DES 64 bit key | +| | | | | | 7. Allocate a key slot for the target key | 7. Triple DES 2-Key | +| | | | | | 8. Set the usage policy on a key slot | 8. Triple DES 3-Key | +| | | | | | 9. Make a copy of a key | 9. EC Public key | +| | | | | | 10. Destroy the source to ensure that this doesn't affect the target | 10. EC key pair | +| | | | | | 11. Export a key in binary format and check if it matches with source material | 11. Incompatible target polic | +| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Incompatible target policy(source and target) | +| | | | | | | 2. Incompatible constraint | +| | | | | PSA_SUCCESS | | 1. Unexport source key usage | +| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated target key slot | +| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty source handle | +| | | | | PSA_ERROR_ALREADY_EXISTS | | Target already containing key material | + ## License Arm PSA test suite is distributed under Apache v2.0 License. diff --git a/api-tests/docs/psa_ipc_testlist.md b/api-tests/docs/psa_ipc_testlist.md index fd324253..2313422c 100644 --- a/api-tests/docs/psa_ipc_testlist.md +++ b/api-tests/docs/psa_ipc_testlist.md @@ -1,106 +1,122 @@ # PSA FF IPC Testcase checklist -| Tests | Scenario Rules | Client- Server Test Functions Pair | Test Algorithm/Comments/Test Limitation | PSA API Crosses | Is scenario implemented in this release? | -|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|------------------------------------------| -| test_i001 | 1. psa_framework_version(): Retrieve the version of the PSA Framework API that is implemented. Manifest field- psa_framework_version: Version of the PSA Firmware Framework specification this manifest conforms to. | [client/server]_test_psa_framework_version() | Call the psa_framework_version() API at both side SPE and NSPE and compare the return value with PSA_FRAMEWORK_VERSION. | psa_framework_version | Yes | -| | 1. psa_version() returns PSA_VERSION_NONE when the RoT Service is not implemented, or the caller is not permitted to access the service OR return > 0 with the minor version of the implemented RoT Service. | [client/server]_test_psa_version() | 1. Pass un-implemented SID and expects PSA_VERSION_NONE as return value.
2. Call to API from NSPE with a SID who doesn't provide service to NSPE and expects PSA_VERSION_NONE as return value.
3. Pass SID who is implemented and provides service to NSPE and expect minor number(>0) of given RoT service as return.
Perform all above checks from SPE too. | psa_version | Yes | -| test_i002 | 1. psa_connect() returns the PSA_CONNECTION_BUSY when RoT Service cannot make the connection at the moment (transient error).
2. psa_connect() returns the PSA_CONNECTION_REFUSED when RoT Service has refused the connection
3. psa_wait() returns the Secure Partition interrupt signals that have been asserted from a subset of signals provided by the caller. Returns > 0 when at least one signal is asserted
4. psa_get():Get the message which corresponds to a given RoT Service signal and remove the message from the queue.
5. psa_get() returns PSA_SUCCESS when *msg will contain the delivered message.
6. The type member of the psa_msg_t object should return PSA_IPC_CONNECT for a new connection request following a psa_get() call to psa_connect() and msg.handle must be positive.
7. psa_reply(): If the message type is PSA_IPC_CONNECT then server can reject the connection by sending PSA_CONNECTION_REFUSED (permanent error) or PSA_CONNECTION_BUSY (transient error) status code.
| [client/server]_test_connection_busy_and_reject() | 1. Client tries to connect to ROT service using psa_connect()
2. RoT service checks the delivery of PSA_IPC_CONNECT message type and positive handle value returned by psa_get()
3. RoT service rejects the connection by executing psa_reply(handle,PSA_CONNECTION_BUSY)
4. Client tries to connect to same ROT service using psa_connect() again
5. This time, RoT service rejects the connection by executing psa_reply(handle,PSA_CONNECTION_REFUSED)
Perform all above steps from NSPE and SPE both. | psa_connect,psa_wait,psa_get,psa_reply | Yes | -| | 1. psa_connect(): When SID is implemented and client is permitted to access the service, SPM delivers a PSA_IPC_CONNECT message from the client to the Secure Partition that implements the RoT Service and positive handle is returned to client.
2. psa_get():Get the message which corresponds to a given RoT Service signal and remove the message from the queue.
3. psa_get() returns PSA_SUCCESS when *msg will contain the delivered message
4. psa_get():The type member of the psa_msg_t object should return PSA_IPC_CONNECT for a new connection request following a psa_get() call to psa_connect() and msg.handle must be positive.
5. psa_get(): The type member of the psa_msg_t object should return PSA_IPC_DISCONNECT for a new connection request following a psa_get() call to psa_close() and msg.handle must be positive.
6. psa_reply(): If the message type is PSA_IPC_CONNECT then server can accept the connection by sending PSA_SUCCESS status code. If the message type is PSA_IPC_DISCONNECT then the status code is ignored.
7. psa_close(): Closes a connection to a RoT Service. Sends the PSA_IPC_DISCONNECT message to the RoT Service. This function will have no effect if called with the null handle.
| [client/server]_test_accept_and_close_connect() | 1.Client tries to connect to ROT service
2. RoT service checks the delivery of PSA_IPC_CONNECT message type and positive handle value return by psa_get()
3. RoT service accepts the connection by executing psa_reply(.., PSA_CONNECTION_ACCEPTED).
4. Client calls the psa_close with PSA_NULL_HANDLE and later it closes the connection using psa_close() with actual handle value
5. RoT service checks the delivery of PSA_IPC_DISCONNECT message type, checks handle value eqaul to NULL returned by psa_get() and completes the PSA_IPC_DISCONNECT by executing psa_reply() .
Perform all above steps from NSPE and SPE both. | psa_connect,psa_wait,psa_get,psa_reply,psa_close | Yes | -| | Following are allowed minor version condition to psa_connect():
1. Version policy is not mentioned and requested version is 1 which is default minimum version
2. Version policy is STRICT and requested version equals minimum version
3. Version policy is relaxed and requested version is smaller than the minimum version
4. Version policy is relaxed and requested version is euqal to the minimum version
| [client/server]_test_connect_with_allowed_minor_version_policy() | Client tries connecting ROT service of following properties and expects connection to establish:
- Version policy is not mentioned and requested version is 1 which is default minimum version
- Version policy is STRICT and requested version equals minimum version
- Version policy is relaxed and requested version is smaller than the minimum version
- Version policy is relaxed and requested version is equal to the minimum version
Perform all above steps from NSPE and SPE both. | psa_connect | Yes | -| | 1. psa_call(): The valid psa_call, make SPM to send PSA_IPC_CALL msg.type to the RoT servicee partition and the successful call should return >=0 handle value.
2. psa_call() receives return value >= 0 for RoT-specific return code
3. psa_call() receive return value < 0 for RoT-specific error code
4. psa_reply(): If the message type is PSA_IPC_CALL and ROT service want to end call with success then the return code must be PSA_SUCCESS or and positive integers are used to indicate RoT Service specific result values(this must be reported to client). All other return codes (INT32_MIN+128 to -1) are reported to the client. | [client/server]_test_psa_call_with_allowed_status_code() | 1. Client connects to RoT service
2. Client sends message using psa_call()
3. RoT service checks the delivery of PSA_IPC_CALL message type and positive handle value return by psa_get()
4. RoT service ends the call using psa_reply(status_code)
5. Client checks the return value of psa_call() and Client closes the connectionRepeat (1) to (5) for different status code, SUCCESS, +ve, -ve..
Perform all above steps from NSPE and SPE both. | psa_call,psa_reply | Yes | -| | 1. A msg.client_id that has a positive value indicates that the client is in the SPE and this the Secure Partition ID of the client. A negative client_id indicates that the client is in the NSPE.
2. Client_id is valid during PSA_IPC_CONNECT, PSA_IPC_CALL and PSA_IPC_DISCONNECT msg type.
3. Manifest Parameter- name (required, unique)
A Partition must have an alphanumeric name for source code to directly refer to a specific Partition. The format of the name must follow the rules of a C macro.
4. Manifest Parameter - id (required, unique)
It must be represented by a hexadecimal string. The Secure Partition ID can be referenced in Secure Partition source code via the symbolic name specified as name attribute. The symbol must have the value of the Secure Partition ID.
| [client/server]_test_identity() | - Check the value returned by msg.client_id during PSA_IPC_CONNECT, PSA_IPC_CALL and PSA_IPC_DISCONNECT. For NSPE connection, client_id should be <0 and for SPE, it should be >0.
Perform all above steps from NSPE and SPE both.
- Access the Partition ID of client partition and compare the value with expected ID value. | psa_get | Yes | -| | 1. psa_connect() will return the PSA_CONNECTION_REFUSED OR PSA_CONNECTION_BUSY when the SPM has reached the limit of concurrent connections | [client/server]_test_spm_concurrent_connect_limit() | Execute psa_connect() API in a loop until it returns PSA_CONNECTION_REFUSED or PSA_CONNECTION_BUSY
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| | 1. psa_wait(): When MODE(PSA_BLOCK) is one, the function will block the caller until one of the requested signals is asserted.
2. psa_wait(): Callers must set RES to zero, implementations must ignore the value of RES.
| [client/server]_test_psa_block_behave() | 1. Client connects to a RoT service mutilpe times.
2. RoT service psa_wait(PSA_BLOCK|(Non-zero value for timeout[30:0])) API is executed without while(1) loop.
3. RoT service serves the connections by rejecting them.
This is a sanity check, a successful handshaking between client and server for requested connection represents check pass.
Perform above steps from NSPE and SPE both. | psa_wait | Yes | -| | 1. psa_wait(): When MODE is zero, the function will return immediately with the current signal state, which can be zero if no signals are active. | [client/server]_test_psa_poll_behave() | 1. Client connects to a RoT service mutilpe times.
2. RoT service executes psa_wait(PSA_POLL) in a while loop and checks the API's polling behaviour.
3. Call psa_wait(PSA_POLL) when no request is made by client and checks the return value.
Perform above steps from NSPE and SPE both. | psa_wait | Yes | -| test_i003 | 1. The reverse handle for a connection is NULL until psa_set_rhandle() is used. psa_set_rhandle() can be used to associate some caller-provided private data with a specified client connection. And SPM must provide same rhandle for msg.rhandle with all subsequent messages delivered on this connection. On success the rhandle is retained by the implementation and provided in all future messages on that connection as part of the psa_msg_t structure.
2. Setting the rhandle for a connection during disconnection has no observable effect. | [client/server]_test_psa_set_rhandle() | 1. Client connects to RoT service and RoT service checks the value of msg.rhanlde value duing PSA_IPC_CONNECT2. Client send call msg to RoT service and RoT service checks the value of msg.rhanlde value duing PSA_IPC_CONNECT
3. ROT service sets the rhandle with known value.
4. Client send call msg to RoT service and RoT service now compare the value of msg.rhanndle with previously set value
5. ROT service sets the rhandle with known value other than previously set value
6. Client send call msg to RoT service and RoT service now compare the value of msg.rhanndle with last set value
7. The reverse handle for a connection is NULL until psa_set_rhandle() is used
Perform above steps from NSPE and SPE both. | psa_set_rhandle,psa_get | Yes | -| | 1. psa_call():The caller can optionally provide one or more buffers to receive a response (out_vec).
2. psa_get(): The array in_size provides the size of each client input vector in bytes. The array out_size provides the size of each client output vector in bytes.
3. psa_read(): parameter from the client input vector. Streams up to the next num_bytes bytes of client input vector invec_idx in the message identified by msg_handle to the Secure Partition buffer. Returns the number of bytes copied.
4. psa_read(): If num_bytes is less than or equal to the available data in the input vector then num_bytes are copied to buffer, and the remaining data in the input vector can be read by subsequent calls to psa_read() with the same msg_handle and invec_idx.
5. psa_read(): RoT Services can determine how much data is available to read from the message based on the in_size[] attribute of the psa_msg_t message returned from psa_get(). If an input vector has not been passed by the client then the corresponding in_size[] for that vector is zero.
6. psa_read(): If num_bytes is greater than the remaining data in the input vector then the remaining input bytes are copied to buffer and the call returns the number of bytes copied. Any space after this in buffer is not modified. Subsequent calls of psa_read() or psa_skip() with the same message input vector will report that there is no more data in the vector.
7. psa_skip(): Skip over part of a client input vector. Advances the current read offset by skipping up to num_bytes bytes for input vector invec_idx in the message identified by msg_handle. psa_skip(): When psa_skip returns, it returns with the number of bytes skipped
8. psa_skip(): If There was no remaining data in this input vector, return zero
9.psa_skip(): If num_bytes is greater than the remaining size of the input vector then the remaining size of the input vector is returned. Subsequent calls of psa_read() or psa_skip() with the same message input vector will report that there is no more data in the vector.
| [client/server]_test_call_read_and_skip() | 1.Client connects to RoT service
2.Client sends four input vectors to RoT service using psa_call
3. RoT service checks following:
- Reporting of input vectors size through msg.in_size
- Input vectors content reading through psa_read
-Inbound /Outbound offset reading
-Inbound/Outbound offset skipping
-Zero byte read and skip
-out_len=0 check
4. Client recieves the status of RoT service checks and closes the connection
Perform above steps from NSPE and SPE both. | psa_call,psa_read,psa_skip,psa_get, | Yes | -| | 1. psa_call(): The caller can optionally provide one or more buffers to receive a response (out_vec). On return from psa_call() the len value will have been updated to indicate the number of bytes of data written to the buffer by the RoT Service.
2. psa_write(): Appends num_bytes of data from buffer to the client output vector outvec_idx in the message identified by msg_handle. Sequential calls using the same msg_handle and outvec_idx will be concatenated in the output vector | [client/server]_test_call_and_write() | 1. Client connects to RoT service
2. Client sends four output vectors to RoT service using psa_call
3. RoT service checks following:
- Reporting of output vectors size through msg.out_size
- in_len=0 check
- zero byte write
- Out vector writes using psa_write
- Vector write concatenation
4. Client recieves the status of RoT service checks, cross check the content of out vectors and closes the connection
Perform above steps from NSPE and SPE both. | psa_call,psa_get,psa_write | Yes | -| | 1. psa_call(): Any I/O vector of length zero is permitted and will be treated as an empty or non-existent vector by the framework. When less than four vectors are provided to psa_call() for either input or output, then the remaining vectors have zero length and the in_size and out_size elements for these vectors will be zero.A memory reference contains a start address and an associated length. A zero-length memory reference is one where the length is zero. The start address of a zero-length memory reference can safely take any value and must be ignored by the implementation.
2. psa_call(): If in_len is zero then in_vec is ignored
3. sa_call(): If out_len is zero then out_vec is ignored
4. psa_get(): If an input and output vector has not been passed by the client then the corresponding in_size[] and out_size[] for that vector is zero. | [client/server]_test_zero_length_invec()[client/server]_test_zero_length_outvec() | Test zero lenth input vector:
1. Client connects to RoT service
2. Client sends three input and one outvec vectors to RoT service using psa_call - invec 0 as zero length vector, invec 1 as NULL and invec 2 and outvec 0 as non-zero length vector
3. RoT service checks size of each vectors reported through msg.in_size and msg.out_size
4. Client recieves the status of checks and closes the connection
Test zero lenth output vector:
1. Client connects to RoT service
2. Client sends one input and three outvec vectorsto RoT service using psa_call - outvec 0 as zero length vector, outvec 0 as NULL and invec 0 and outvec 2 as non-zero length vector
3. RoT service checks size of each vectors reported through msg.in_size and msg.out_size
4. Client recieves the status of checks and closes the connection
Perform above steps from NSPE and SPE both. | psa_call,psa_get | Yes | -| | 1. When client provides an input and output vectors which are referencing to same memory location, a psa_read after psa_write to the same memory location can return original or modified value.
2. When client provides an input and output vectors which are referencing to same memory location, a psa_write(s) to both memory vectors can return either the 1st or the 2nd value written. | [client/server]_test_overlapping_vectors | 1. Client provides one input and 2 output vectors which are pointing to same location.
2. RoT service performs read after write operation on to outvec-0 and expects return value either modified one or the original
3. RoT service performs write operation to outvec-1 and unblock the connection. The write performed is to mimic write after write operatio to the overlapping vector.
4. Client check the value of outvec. The value should be either the value written by first psa_write or the second psa_write. | psa_call,psa_write,psa_read | Yes | -| test_i004 | psa_connect() does not return if RoT Service does not exist on platform | [client/server]_test_sid_does_not_exists() | Call psa_connect with SID which does not exist on a platform
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i005 | psa_connect() does not return if Version policy is STRICT and requested version is HIGHER than minimum version | [client/server]_test_strict_policy_higher_minor_version() | call psa_connect with SID whose Version policy is STRICT and requested minor version is HIGHER than minimum version.
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i006 | psa_connect() does not return if Version policy is STRICT and requested version lower than minimum version | [client/server]_test_strict_policy_lower_minor_version() | call psa_connect with SID whose Version policy is STRICT and requested minor version is Lower than minimum version.
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i007 | psa_connect() does not return if Version policy is RELAXED and requested version is bigger than minimum version | [client/server]_test_relax_policy_higher_minor_version() | call psa_connect with SID whose Version policy is RELAXED and requested minor version is HIGHER than minimum version.
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i008 | 1. psa_connect() does not return if Service to non_secure_client is not available
2. Manifest parameter - The non_secure_clients field contains a boolean to indicate if it is accessible to NSPE clients. RoT Services are always accessible to SPE clients. | [client/server]_test_secure_access_only_connection() | Call psa_connect with SID which allow secure only connection.
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i009 | 1. psa_connect() does not return if SID is not mentioned in dependencies field.
2. Manifest parameter- dependencies (optional)
If access between a Secure Partition (acting as client) and a RoT Service (acting as server) is not specified in the manifest, then the client is not permitted to connect to the RoT Service. | [client/server]_test_unextern_sid_connection() | Call psa_connect with SID which is not mentioned as external SID in manifest. | psa_connect | Yes | -| test_i010 | It is not required for the minor_version or minor_policy attributes to be specified. If they are not specified in the manifest, the RoT Service will have default attributes of minor_version=1 and minor_policy="STRICT". psa_connect() does not return if requested version higher than minimum version | [client/server]_test_unspecified_policy_with_higher_minor_ver() | Call psa_connect with SID whose Version policy is not mentioned and requested minor version is HIGHER than minimum version.
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i011 | It is not required for the minor_version or minor_policy attributes to be specified. If they are not specified in the manifest, the RoT Service will have default attributes of minor_version=1 and minor_policy="STRICT". psa_connect() does not return if requested version lower than minimum version | [client/server]_test_unspecified_policy_with_lower_minor_ver() | Call psa_connect with SID whose Version policy is not mentioned and requested minor version is lower than minimum version.
Perform above step from NSPE and SPE both. | psa_connect | Yes | -| test_i012 | psa_close() does not return if an invalid handle was provided that is not the null handle | [client/server]_test_psa_close_with_invalid_handle() | Call psa_close with INVALID_HANDLE which is not NULL.
Perform above step from NSPE and SPE both. | psa_close | Yes | -| test_i013 | psa_get() does not return if signal has more than a single bit set | [client/server]_test_psa_get_with_more_than_one_signal() | Call psa_get with a signal who has more than a single bit set | psa_get | Yes | -| test_i014 | After a RoT Service message is signaled, psa_get() function is used to retrieve the message details. Each message can only be retrieved once. | [client/server]_test_psa_get_called_twice() | Call psa_get with a valid signal back to back. | psa_get | Yes | -| test_i015 | psa_get() does not return if signal does not correspond to a RoT Service | [client/server]_test_psa_get_with_non_rot_signal() | Call psa_get with DOORBELL signal | psa_get | Yes | -| test_i016 | psa_get() does not return if The RoT Service signal is not currently asserted | [client/server]_test_psa_get_with_unasserted_signal() | Call psa_get with singal which is currently not asserted | psa_get | Yes | -| test_i017 | Each RoT Service listed creates a dependency from the client Partition to a server Partition. Within the resulting network of dependencies, there must be no circular dependencies between Secure Partitions. This would result in deadlock because the Service requests are always synchronous.For the same reason, a Secure Partition must not use a RoT Service that is defined within itself. Direct function calls must be used instead of IPC where there is a dependency between RoT Services within a single Secure Partition. | [client/server]_test_partition_calling_its_own_rot_service() | Partition calling its own ROT service using psa_connect. | psa_connect | Yes | -| test_i018 | psa_set_rhandle() does not return if an invalid message handle was provided | [client/server]_test_psa_set_rhandle_with_invalid_handle() | Call psa_set_rhanlde with an INVALID_HANDLE which is not NULL | psa_set_rhandle | Yes | -| test_i019 | psa_set_rhandle() does not return if Null handle was passed | [client/server]_test_psa_set_rhandle_with_null_handle() | Call psa_set_rhanlde with NULL handle | psa_set_rhandle | Yes | -| test_i020 | If messgae type if is PSA_IPC_CONNECT then use of status values in psa_reply() other than PSA_SUCCESS or PSA_CONNECTION_REFUSED is a fatal programming error | [client/server]_test_psa_reply_with_invalid_connect_status_code() | Call to psa_reply during PSA_IPC_CONNECT with status code other than PSA_SUCCESS and PSA_CONNECTION_REFUSED | psa_reply | Yes | -| test_i021 | If message type if PSA_IPC_CALL , the use of other reserved status codes in the range INT32_MIN+1 to INT32_MIN+127 for psa_reply() is a fatal programming error. | [client/server]_test_psa_reply_with_invalid_call_status_code() | Call to psa_reply during PSA_IPC_CALL with status code other than allowed code | psa_reply | Yes | -| test_i022 | psa_reply() does not return if the message handle is invalid | [client/server]_test_psa_reply_with_invalid_handle() | Call psa_reply with an INVALID_HANDLE which is not NULL | psa_reply | Yes | -| test_i023 | psa_reply() does not return if the message handle is Null handle | [client/server]_test_psa_reply_with_null_handle() | Call psa_reply with a NULL HANDLE | psa_reply | Yes | -| test_i024 | psa_call() does not return if an invalid handle was passed | [client/server]_test_psa_call_with_invalid_handle() | Call psa_call with an INVALID_HANDLE which is not NULL.Perform this step from NSPE and SPE both. | psa_call | Yes | -| test_i025 | psa_call() does not return if an null handle was passed | [client/server]_test_psa_call_with_null_handle() | Call psa_call with a NULL HANDLE.
Perform this step from NSPE and SPE both. | psa_call | Yes | -| test_i026 | psa_call() does not return if in_len + out_len > PSA_MAX_IOVEC | [client/server]_test_psa_call_with_iovec_more_than_max_limit() | Call psa_call with more than four IOVECs.
Perform this step from NSPE and SPE both. | psa_call | Yes | -| test_i027 | 1. psa_call() returns PSA_DROP_CONNECTION when the connection has been dropped by the RoT Service. This indicates that either this or a previous message was invalid(The SPM will implement one of the following behaviors in this situation:¿ this is a client fatal error and psa_call() will not return¿ psa_call() returning PSA_DROP_CONNECTION. In this case, all subsequent calls to psa_call() on this connection will immediately return PSA_DROP_CONNECTION and the connection must be closed)
2. psa_reply(): If the message type is PSA_IPC_CALL and the client has made an invalid request, then the RoT Service can request for the connection to be terminated by calling psa_reply() with return value PSA_DROP_CONNECTION. After this, the RoT Service will receive no further PSA_IPC_CALL messages on that connection. The SPM will deliver a PSA_IPC_DISCONNECT to the RoT Service to release any resources associated with that connection. | [client/server]_test_psa_drop_connection() | RoT service executes psa_reply with status code eqaul to PSA_DROP_CONNECTION during PSA_IPC_CALL.Client expects either PSA_DROP_CONNECTION as returned status code or does not return condition for psa_call.
Perform above steps from NSPE and SPE both. | psa_call | Yes | -| test_i028 | psa_read() does not return if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_read_at_ipc_connect() | Call psa_read during PSA_IPC_CONNECT | psa_read | Yes | -| test_i029 | psa_read() does not return if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_read_at_ipc_disconnect() | Call psa_read during PSA_IPC_DISCONNECT | psa_read | Yes | -| test_i030 | psa_read() does not return if Null handle was passed | [client/server]_test_psa_read_with_null_handle() | Call psa_read with NULL handle | psa_read | Yes | -| test_i031 | psa_read() does not return if Invalid handle was passed | [client/server]_test_psa_read_with_invalid_handle() | Calll psa_read with INVALID_HANDLE which is not NULL | psa_read | Yes | -| test_i032 | psa_read() does not return if invec_idx is equal to PSA_MAX_IOVEC | [client/server]_test_psa_read_with_invec_equal_to_max_iovec() | Call psa_read with invec_idx=PSA_MAX_IOVEC | psa_read | Yes | -| test_i033 | psa_read() does not return if invec_idx is greater than PSA_MAX_IOVEC | [client/server]_test_psa_read_with_invec_greater_than_max_iovec() | Call psa_read with invec_idx>PSA_MAX_IOVEC | psa_read | Yes | -| test_i034 | psa_skip() does not return if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_skip_at_ipc_connect() | Call psa_skip during PSA_IPC_CONNECT | psa_skip | Yes | -| test_i035 | psa_skip() does not return if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_skip_at_ipc_disconnect() | Call psa_skip during PSA_IPC_DISCONNECT | psa_skip | Yes | -| test_i036 | psa_skip() does not return if Null handle was passed | [client/server]_test_psa_skip_with_null_handle() | Call psa_skipwith NULL handle | psa_skip | Yes | -| test_i037 | psa_skip() does not return if Invalid handle was passed | [client/server]_test_psa_skip_with_invalid_handle() | Calll psa_skip with INVALID_HANDLE which is not NULL | psa_skip | Yes | -| test_i038 | psa_skip() does not return if invec_idx is equal to PSA_MAX_IOVEC | [client/server]_test_psa_skip_with_invec_equal_to_max_iovec() | Call psa_skip with invec_idx=PSA_MAX_IOVEC | psa_skip | Yes | -| test_i039 | psa_skip() does not return if invec_idx is greater than PSA_MAX_IOVEC | [client/server]_test_psa_skip_with_invec_greater_than_max_iovec() | Call psa_skip with invec_idx>PSA_MAX_IOVEC | psa_skip | Yes | -| test_i040 | psa_write() does not return if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_write_at_ipc_connect() | Call psa_write during PSA_IPC_CONNECT | psa_write | Yes | -| test_i041 | psa_write() does not return if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_write_at_ipc_disconnect() | Call psa_write during PSA_IPC_DISCONNECT | psa_write | Yes | -| test_i042 | psa_write() does not return if Null handle was passed | [client/server]_test_psa_write_with_null_handle() | Call psa_write with NULL handle | psa_write | Yes | -| test_i043 | psa_write() does not return if Invalid handle was passed | [client/server]_test_psa_write_with_invalid_handle() | Calll psa_write with INVALID_HANDLE which is not NULL | psa_write | Yes | -| test_i044 | psa_write() does not return if invec_idx is equal to PSA_MAX_IOVEC | [client/server]_test_psa_write_with_invec_equal_to_max_iovec() | Call psa_write with invec_idx=PSA_MAX_IOVEC | psa_write | Yes | -| test_i045 | psa_write() does not return if invec_idx is greater than PSA_MAX_IOVEC | [client/server]_test_psa_write_with_invec_greater_than_max_iovec() | Call psa_write with invec_idx>PSA_MAX_IOVEC | psa_write | Yes | -| test_i046 | psa_write() does not return if the call attempts to write data past the end of the client output vector | [client/server]_test_psa_write_with_size_overflow() | Call psa_write with a size input one byte bigger than allowed size | psa_write | Yes | -| test_i047 | psa_get does not return if The msg pointer provided is not a valid memory reference | [client/server]_test_psa_get_with_invalid_msg_pointer() | Call psa_get with invalid msg pointer.
Selection of invalid pointer is as below:
if (ISOLATION_LEVEL > 1)
// PSA RoT Pointer
psa_get(msg_pointer = driver_mmio_base);
else
psa_get(msg_pointer = NULL);
| psa_get | Yes | -| test_i048 | psa_call does not return if address of in_vec is invalid for client | [client/server]_test_psa_call_with_invalid_invec_pointer | Call psa_call with invalid address for invec
Selection of invalid invec pointer is as below:
if caller == NONSECURE
// PSA RoT pointer
invec_pointer = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
invec_pointer = driver_mmio_base;
else
invec_pointer = NULL; | psa_call | Yes | -| test_i049 | psa_call does not return if address of out_vec is invalid for client | [client/server]_test_psa_call_with_invalid_outvec_pointer() | Call psa_call with invalid address for outvec
Selection of invalid outvec pointer is as below:
if caller == NONSECURE
// PSA RoT pointer
outvec_pointer = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
outvec_pointer = driver_mmio_base;
else
outvec_pointer = NULL; | psa_call | Yes | -| test_i050 | psa_call does not return if psa_invec.base address is invalid for client | [client/server]_test_psa_call_with_invalid_invec_base() | Call psa_call with invalid address for psa_invec.base
Selection of invalid base is as below:
if caller == NONSECURE
// PSA RoT pointer
invalid_base = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
invalid_base = driver_mmio_base;
else
invalid_base = NULL; | psa_call | Yes | -| test_i051 | psa_call does not return if psa_outvec.base address is invalid for client | [client/server]_test_psa_call_with_invalid_outvec_base() | Call psa_call with invalid address for psa_outvec.base
Selection of invalid base is as below:
if caller == NONSECURE
// PSA RoT pointer
invalid_base = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
invalid_base = driver_mmio_base;
else
invalid_base = NULL; | psa_call | Yes | -| test_i052 | psa_call does not return if psa_invec.base addr is valid but psa_invec.base+size address is invalid for client | [client/server]_test_psa_call_with_invalid_invec_end_addr() | Call psa_call with valid address for psa_invec.base but (psa_invec.base + psa_invec.size) pointing to invalid address
Selection of base and size are as below:
if caller == NONSECURE
valid_base = nspe_mmio_region_base;
invalid_size = (driver_mmio_region_base - nspe_mmio_region_base + 1);

else

if (ISOLATION_LEVEL > 1)
valid_base = client_mmio_region_base;
invalid_size = (driver_mmio_region_base - client_mmio_region_base + 1);
| psa_call | Yes | -| test_i053 | psa_call does not return if psa_outvec.base addr is valid but psa_invec.base+sizeaddress is invalid for client | [client/server]_test_psa_call_with_invalid_outvec_end_addr() | Call psa_call with valid address for psa_outvec.base but (psa_outvec.base + psa_outvec.size) pointing to invalid address
Selection of base and size are as below:
if caller == NONSECURE
valid_base = nspe_mmio_region_base;
invalid_size = (driver_mmio_region_base - nspe_mmio_region_base + 1);

else

if (ISOLATION_LEVEL > 1)
valid_base = client_mmio_region_base;
invalid_size = (driver_mmio_region_base - client_mmio_region_base + 1);
| psa_call | Yes | -| test_i054 | psa_call does not return if psa_outvec.base is not writable | [client/server]_test_psa_call_with_not_writable_outvec_base() | Call psa_call with not writable (function address - code memory) psa_outvec.base | psa_call | Yes | -| test_i055 | psa_read does not return if the memory reference for buffer is invalid | [client/server]_test_psa_read_with_invalid_buffer_addr() | Call psa_read with invalid buffer addr.
Selection of buffer address is as below:
if (ISOLATION_LEVEL > 1)
buffer = driver_mmio_region_base;
else
buffer = NULL;
| psa_read | Yes | -| test_i056 | psa_read does not return if the memory reference for buffer is not writable | [client/server]_test_psa_read_with_not_writable_buffer_addr() | Call psa_read with not writable (function address- code memory) | psa_read | Yes | -| test_i057 | psa_write does not return if the memory reference for buffer is invalid | [client/server]_test_psa_write_with_invalid_buffer_addr() | Call psa_write with invalid buffer addr.
Selection of buffer address is as below:
if (ISOLATION_LEVEL > 1)
buffer = driver_mmio_region_base;
else
buffer = NULL;
| psa_write | Yes | -| test_i058 | 1. psa_notify() is used to asynchronously wake up another Secure Partition. The receiving partition uses psa_wait() to detect, or wait for, assertion of its PSA_DOORBELL signal. The value of partition_id must be greater than zero as the target of notification must be a Secure Partition.
2. psa_clear() clears the PSA_DOORBELL signal.
3. psa_clear(): The target Partition doorbell will remain asserted until it calls psa_clear(). | [client/server]_test_psa_doorbell_signal() | 1. Client connects to RoT service.
2. RoT services executes asserts PSA_DOORBELL singal back to client after accepting the connection.
3. Client checks the delivery of PSA_DOORBELL singal using psa_wait().
4. Client clears the doorbell and closes the connection.
5. RoT service receives the closing connection request.
| psa_notify,psa_wait,psa_clear | Yes | -| test_i059 | psa_notify does not return if Partition ID does not correspond to a Secure Partition | [client/server]_test_psa_notify_with_neg_part_id() | Call psa_notify with negative partition id | psa_notify | Yes | -| test_i060 | psa_notify does not return if Partition ID does not correspond to a Secure Partition | [client/server]_test_psa_notify_with_invalid_pos_part_id() | Call psa_notify with positive partition id which does not exist in the platform | psa_notify | Yes | -| test_i061 | psa_clear does not return if The Secure Partition¿s doorbell signal is not currently asserted | [client/server]_test_psa_clear_at_unasserted_doorbell_sig() | Call psa_clear when doorbell signal is not asserted | psa_clear | Yes | -| test_i062 | psa_wait() does not return signal_mask does not include any assigned signals. | [client/server_test_psa_wait_with_unassigned_signal() | Call psa_wait with signal mask that doesn't include any assigned signal | psa_wait | Yes | -| test_i063 | psa_wait() returns the Secure Partition interrupt signals that have been asserted from the subset of signals indicated in the bitmask provided. The mask must contain the set of signals the caller is interested in handling. Signals that are not in signal_mask should be ignored. | [client/server]_test_psa_wait_signal_mask() | 1. Select signal_mask = (SERVER_UNSPECIFED_MINOR_V_SIG | SERVER_RELAX_MINOR_VERSION_SIG);
2. Server partition requests the client partition to make connection using sid=SERVER_SECURE_CONNECT_ONLY_SID. This connection request act as irritator to psa_wait(signal_mask) call and it is used to cover the rule - Signals that are not in signal_mask should be ignored by psa_wait.
3. NSPE client connects to a server partition using SID whose signal are part of signal_mask
4. Server partition executes psa_wait with necessary signal_mask. RoT service checks that returned signal value is subset of signals indicated in the signal_mask
5. At the end, server partition completes the starved (irritator) connection request of SERVER_SECURE_CONNECT_ONLY_SID. | psa_wait | Yes | -| test_i064 | psa_eoi does not return if irq_signal is not an interrupt signal | driver_test_psa_eoi_with_non_intr_signal() | Call to psa_eoi with non-interrupt signal(PSA_DOORBELL).
Note: The interrupt related test check is captured in driver_partition.c as this is the only partition in test suite that holds the interrupt line. | psa_eoi | Yes | -| test_i065 | psa_eoi does not return if irq_signal is not currently asserted | driver_test_psa_eoi_with_unasserted_signal() | Call to psa_eoi with interrupt signal which is currently not asserted.
Note: The interrupt related test check is captured in driver_partition.c as this is the only partition in test suite that holds the interrupt line. | psa_eoi | Yes | -| test_i066 | psa_eoi does not return if irq_signal indicates more than one signal | driver_test_psa_eoi_with_multiple_signals() | Call to psa_eoi with irq_signal provided with multiple signals.
Note: The interrupt related test check is captured in driver_partition.c as this is the only partition in test suite that holds the interrupt line. | psa_eoi | Yes | -| | 1. psa_wait() returns the Secure Partition interrupt signals that have been asserted from the subset of signals indicated in the bitmask provided. (psa_wait API to recieve interrupt signal)
2. psa_eoi():Informs the SPM that an interrupt has been handled (end of interrupt). This will re-enable the interrupt line.
3.psa_eoi(): A signal remains active until it is processed by psa_eoi
4. Manifest- irqs (optional, unique)This attribute is a list of IRQ lines which are assigned to the Secure Partition.A Secure Partition always has exclusive access to an assigned IRQ. Secure Partitions are not allowed to share IRQs with other Secure Partitions.Each IRQ specified must provide a signal field. This field contains a symbolic name for the signal, used by the SPM to indicate when the interrupt is asserted. Each IRQ line is declared as either of the following:¿ line_num: A valid IRQ number for the platform.¿ line_name: A named IRQ, represented by a string identifier. | | The test for this scenario will be implemented in future release for PSA Test suite. Test Limitation:
1. Rules around sharing of irq lines can't be tested as specifiying it can result into build error.
2. Test suite partition manifests are rely on only line_num for specifying irq line number as line_name is subject to resolved in Implementation defined manner. | psa_wait,psa_eoi | No | -| | Only Code is executable in secure partition | | The test for this scenario will be implemented in future release for PSA Test suite. Checks:
1. Execute instruction from writable memory
2. Execute instruction from read-only data | | No | -| | Only Private data is writable in secure partition | | The test for this scenario will be implemented in future release for PSA Test suite. Checks:
1. Write to code space
2. Write to constant data space | | No | -| | Isolation Level-1 rules:
I3: If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B. From B access below asserts of A:
- Variables
- Execution stacks
- Allocation heap
- Memory-mapped I/O regions

Where, A & B combination are:
A=Application RoT & B=NSPE
A=PSA RoT & B=NSPE
A=SPM & B=NSPE | | The test for this scenario will be implemented in future release for PSA Test suite. | | No | -| | Isolation Level-2 rules- In addition to the Level 1 requirements, Level 2 firmware isolation must follow below rule:
I3: If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B. From B access below asserts of A:
- Variables
- Execution stacks
- Allocation heap
- Memory-mapped I/O regions

Where, A & B combination are:
A=PSA RoT partition & B=Application RoT partition
A=SPM & B=Application RoT partition | | The test for this scenario will be implemented in future release for PSA Test suite. | | No | -| | Isolation Level-3 rules- In addition to the Level 2 requirements, Level 3 firmware isolation must follow below rule:
I3: If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B. From B access below asserts of A:
- Variables
- Execution stacks
- Allocation heap
- Memory-mapped I/O regions

Where, A & B combination are:
A=Secure Partition & B= Other Secure Partition
A=SPM & B=Secure Partition | | The test for this scenario will be implemented in future release for PSA Test suite. | | No | -| | A Secure Partition is guaranteed to be able to read and write its private heap regions.
Manifest Parameter- heap_size. Properties: Optional.This attribute indicates the Secure Partition¿s heap size in bytes.The size value is represented either as a positive integer or as a hexadecimal string.If this field is specified in the manifest then the value must be greater than 0. If this field is not specified in the manifest then the SPM can assume the size is 0.If the framework does not implement the dynamic memory allocation API, then a manifest which specifies a heap_size must produce a build error. | | The test for this scenario will be implemented in future release for PSA Test suite. Check that specified heap memory is writable using malloc function. | | No | -| NO_EXPLICIT_TEST | A Secure Partition is guaranteed to be able to read and write its private stack.
Manifest Parameter- stack_size (required)
Partition's stack size in bytes. The size value must be represented either as a positive integer or as a hexadecimal string. | N/A | No explicit test written to cover this rule. PSA IPC tests manifests are provided with tests partition required stack_size. A successful execution of tests partition code without stack access related faults, indirectly verify this field. | N/A | Yes | -| NO_EXPLICIT_TEST | mmio_regions (optional, unique):
List of memory-mapped I/O region objects which the Secure Partition needs access to. A Secure Partition always has exclusive access to an MMIO region. Secure Partitions are not permitted to share MMIO regions with other Secure Partitions.
An MMIO region can be defined either as a:
numbered_region
named_region
A numbered region consists of a base address and a size. The size must be represented either as a positive integer or as a hexadecimal string. The base address must be represented as a hexadecimal string.
MMIO regions must not overlap.
An MMIO region must include a permission attribute. The following permissions are available:
READ-ONLY
READ-WRITE | N/A | Comments:
1. PSA IPC tests device driver partition manifests are provided with these fields. A successful compilation and run of device driver partition code indirectly verify this field.
2. Rules around sharing of MMIO regions is covered as part of isolation tests.
3. Rules around overlapping of MMIO regions can't be tested as specifying that into manifest results into compilation fail.
4. Test suite partition manifests are rely on numbered_region only as named_region is subject to resolved in Implementation defined manner. | N/A | Yes | -| NO_EXPLICIT_TEST | Manifest Parameter - id (required, unique):A Secure Partition ID must be a non-zero positive 32-bit value. | N/A | PSA IPC tests partitions are provided with unique Partition ID (which is non-zero positive) and name field compliant to manifest rules. | N/A | Yes | -| NO_EXPLICIT_TEST | Manifest Parameter- type (required)
Whether the Partition is a part of the PSA Root of Trust Services or is part of the Application Root of Trust Services.Type must be assigned one of the following values:- APPLICATION-ROT- PSA-ROT | N/A | PSA IPC tests partition files are provided with these fields. Access permission behaviour related to these fields will be verified as part of tests covering isolation level rules. | N/A | Yes | -| NO_EXPLICIT_TEST | Manifest Parameter - description (optional)
This attribute contains a human-readable description and comments for the Secure Partition. | N/A | Test suite manifests are provided with these field with adhere to manifest rules. Manifest build tool parser must parse this field without any compilation fail. | N/A | Yes | -| NO_EXPLICIT_TEST | Manifest Parameter -entry_point (required, unique)
The Partition entry point in the form of an C function symbol. A single entry point must be provided. | N/A | No explicit test written to cover this rule. Test suite manifests are provided with tests partition entry_point. A successful launch and run of tests partition code indirectly verify this field. | N/A | Yes | -| NO_EXPLICIT_TEST | Manifest Parameter- linker_pattern(Required)
This attribute contains the minimum information required to link a Secure Partition¿s compiled static objects. It contains a mandatory sub attribute called object_list.The object_list is an explicit list of the expected binary objects of a Secure Partition once it is compiled. For example, this list may contain the names of the main entry-point binary and any other static library objects that the Secure Partition contains. | N/A | No explicit test written to cover this rule. Test suite manifests are provided with linker_pattern filled with required tests partition object archives. A successful use of this field to launch the partitions and fullfilling the PSA defined isolation requirement which are also being verified in isolation tests, indirectly verify this field. | N/A | Yes | -| NO_EXPLICIT_TEST | The SPM must eventually deliver all signals and IPC messages. | N/A | No explicit test written to cover this rule. However all PSA IPC tests are written with the expectation that the SPM delivers all requested signals and IPC message in a timely fashion. Failure to provide this will result in simulation time out.
This rule is unbounded and cannot have full coverage. It is good to that things are delivered in a timely manner, however failure will not break compliance. | N/A | Yes | -| NO_EXPLICIT_TEST | A Secure Partition is guaranteed to be able to execute and read its own code regions and read its own read-only data regions. | N/A | No explicit test written to cover this rule. This is a minimum requirement to able to launch and run secure partition. Failing to provide this, will not be able to run IPC test suite. | N/A | Yes | -| NOT_COVERED | psa_get returns PSA_ERR_NOMSG if the SPM cannot deliver a message to the Secure Partition following the assertion of the RoT Service signal. | N/A | This scenario cannot be simulated as test can't generate stimulus where psa_get() API returns PSA_ERR_NOMSG. However every instances of psa_get() API call in test suite checks the API return value and re-waits for signal delivery if return value is PSA_ERR_NOMSG. | psa_get | No | -| NOT_COVERED | psa_call does not return if the connection is already handling a request. | N/A | This rule is not verified beacuse of following reasons:
- There is no common infrastructure to test this rule as this needs two OS specific tasks where one task interrupted during execution of psa_call or psa_close and second task scheduled to execute psa_call using same handle.
- It is hard to write test stimulus where this rule is always hit as it is highly dependent of platform software scheduling policy.
| psa_call | No | -| NOT_COVERED | psa_close does not return if the connection is already handling a request | N/A | This rule is not verified beacuse of following reasons:
- There is no common infrastructure to test this rule as this needs two OS specific tasks where one task interrupted during execution of psa_call or psa_close and second task scheduled to execute psa_close using same handle.
- It is hard to write test stimulus where this rule is always hit as it is highly dependent of platform software scheduling policy.
| psa_close | No | -| NOT_COVERED | Manifest Parameter - priority (required)
Partitions must be assigned one of the following priority groups:¿ HIGH¿ NORMAL¿ LOWLOW is the lowest priority. Priority is ignored by SPMs that do not implement any priority-based scheduling. | N/A | Use of these fields are highly dependent on type of SPM scheduling policy, hence can't test the behavious of this field. And test suite partition manifests are provided with priority field equal to LOW. | N/A | No | -| NOT_COVERED | Secure Partition IDs must be fixed across updates | N/A | Checking for Partition IDs across SPM updates is out of scope for PSA IPC tests. | N/A | No | +| Tests | Scenario Rules | Client- Server Test Functions Pair | Test Algorithm/Comments/Test Limitation | Rule optional for API compliance? | Is scenario implemented in this release? | +|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------|------------------------------------------| +| test_i001 | 1. psa_framework_version(): Retrieve the version of the PSA Framework API that is implemented. Manifest field- psa_framework_version: Version of the PSA Firmware Framework specification this manifest conforms to. | [client/server]_test_psa_framework_version() | Call the psa_framework_version() API from both SPE and NSPE side and compare the return value with PSA_FRAMEWORK_VERSION. | Mandatory | Yes | +| | 1. psa_version() returns PSA_VERSION_NONE when the RoT Service is not implemented, or the caller is not permitted to access the service OR return > 0 with the minor version of the implemented RoT Service. | [client/server]_test_psa_version() | 1. Pass un-implemented SID and expects PSA_VERSION_NONE as return value.
2. Call to API from NSPE with a SID who doesn't provide service to NSPE and expects PSA_VERSION_NONE as return value.
3. Pass SID who is implemented and provides service to NSPE and expect minor number(>0) of given RoT service as return.
Perform all above checks from SPE too. | Mandatory | Yes | +| test_i002 | 1. psa_connect() returns the PSA_ERROR_CONNECTION_BUSY when RoT Service cannot make the connection at the moment (transient error).
2. psa_connect() returns the PSA_ERROR_CONNECTION_REFUSED when RoT Service has refused the connection
3. psa_wait() returns the Secure Partition interrupt signals that have been asserted from a subset of signals provided by the caller. Returns > 0 when at least one signal is asserted
4. psa_get():Get the message which corresponds to a given RoT Service signal and remove the message from the queue.
5. psa_get() returns PSA_SUCCESS when *msg will contain the delivered message.
6. The type member of the psa_msg_t object should return PSA_IPC_CONNECT for a new connection request following a psa_get() call to psa_connect() and msg.handle must be positive.
7. psa_reply(): If the message type is PSA_IPC_CONNECT then server can reject the connection by sending PSA_ERROR_CONNECTION_REFUSED (permanent error) or PSA_ERROR_CONNECTION_BUSY (transient error) status code.
| [client/server]_test_connection_busy_and_reject() | 1. Client tries to connect to ROT service using psa_connect()
2. RoT service checks the delivery of PSA_IPC_CONNECT message type and positive handle value returned by psa_get()
3. RoT service rejects the connection by executing psa_reply(handle,PSA_ERROR_CONNECTION_BUSY)
4. Client tries to connect to same ROT service using psa_connect() again
5. This time, RoT service rejects the connection by executing psa_reply(handle,PSA_ERROR_CONNECTION_REFUSED)
Perform all above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_connect(): When SID is implemented and client is permitted to access the service, SPM delivers a PSA_IPC_CONNECT message from the client to the Secure Partition that implements the RoT Service and positive handle is returned to client.
2. psa_get():Get the message which corresponds to a given RoT Service signal and remove the message from the queue.
3. psa_get() returns PSA_SUCCESS when *msg will contain the delivered message
4. psa_get():The type member of the psa_msg_t object should return PSA_IPC_CONNECT for a new connection request following a psa_get() call to psa_connect() and msg.handle must be positive.
5. psa_get(): The type member of the psa_msg_t object should return PSA_IPC_DISCONNECT for a new connection request following a psa_get() call to psa_close() and msg.handle must be positive.
6. psa_reply(): If the message type is PSA_IPC_CONNECT then server can accept the connection by sending PSA_SUCCESS status code. If the message type is PSA_IPC_DISCONNECT then the status code is ignored.
7. psa_close(): Closes a connection to a RoT Service. Sends the PSA_IPC_DISCONNECT message to the RoT Service. This function will have no effect if called with the null handle.
| [client/server]_test_accept_and_close_connect() | 1.Client tries to connect to ROT service
2. RoT service checks the delivery of PSA_IPC_CONNECT message type and positive handle value return by psa_get()
3. RoT service accepts the connection by executing psa_reply(.., PSA_CONNECTION_ACCEPTED).
4. Client calls the psa_close with PSA_NULL_HANDLE and later it closes the connection using psa_close() with actual handle value
5. RoT service checks the delivery of PSA_IPC_DISCONNECT message type, checks handle value eqaul to NULL returned by psa_get() and completes the PSA_IPC_DISCONNECT by executing psa_reply() .
Perform all above steps from NSPE and SPE both. | Mandatory | Yes | +| | Following are allowed minor version condition to psa_connect():
1. Version policy is not mentioned and requested version is 1 which is default minimum version
2. Version policy is STRICT and requested version equals minimum version
3. Version policy is relaxed and requested version is smaller than the minimum version
4. Version policy is relaxed and requested version is euqal to the minimum version
| [client/server]_test_connect_with_allowed_minor_version_policy() | Client tries connecting ROT service of following properties and expects connection to establish:
- Version policy is not mentioned and requested version is 1 which is default minimum version
- Version policy is STRICT and requested version equals minimum version
- Version policy is relaxed and requested version is smaller than the minimum version
- Version policy is relaxed and requested version is equal to the minimum version
Perform all above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_call(): The valid psa_call, make SPM to send PSA_IPC_CALL msg.type to the RoT servicee partition and the successful call should return >=0 handle value.
2. psa_call() receives return value >= 0 for RoT-specific return code
3. psa_call() receive return value < 0 for RoT-specific error code
4. psa_reply(): If the message type is PSA_IPC_CALL, all status codes other than PSA_ERROR_PROGRAMMER_ERROR must be reported to the client. | [client/server]_test_psa_call_with_allowed_status_code() | 1. Client connects to RoT service
2. Client sends message using psa_call()
3. RoT service checks the delivery of PSA_IPC_CALL message type and positive handle value return by psa_get()
4. RoT service ends the call using psa_reply(status_code)
5. Client checks the return value of psa_call() and Client closes the connectionRepeat (1) to (5) for different status code, SUCCESS, +ve, -ve..
Perform all above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. A msg.client_id that has a positive value indicates that the client is in the SPE and this the Secure Partition ID of the client. A negative client_id indicates that the client is in the NSPE.
2. Client_id is valid during PSA_IPC_CONNECT, PSA_IPC_CALL and PSA_IPC_DISCONNECT msg type.
3. Manifest Parameter- name (required, unique)
A Partition must have an alphanumeric name for source code to directly refer to a specific Partition. The format of the name must follow the rules of a C macro. | [client/server]_test_identity() | - Check the value returned by msg.client_id during PSA_IPC_CONNECT, PSA_IPC_CALL and PSA_IPC_DISCONNECT. For NSPE connection, client_id should be <0 and for SPE, it should be >0.
Perform all above steps from NSPE and SPE both.
- Access the Partition ID of client partition and compare the value with expected ID value. | Mandatory | Yes | +| | 1. psa_connect() will return the PSA_ERROR_CONNECTION_REFUSED OR PSA_ERROR_CONNECTION_BUSY when the SPM has reached the limit of concurrent connections | [client/server]_test_spm_concurrent_connect_limit() | Execute psa_connect() API in a loop until it returns PSA_CONNECTION_REFUSED or PSA_CONNECTION_BUSY to indicate end of concurrent connections limit.
Perform above step from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_wait(): When MODE(PSA_BLOCK) is one, the function will block the caller until one of the requested signals is asserted.
2. psa_wait(): Callers must set RES to zero, implementations must ignore the value of RES.
| [client/server]_test_psa_block_behave() | 1. Client connects to a RoT service mutilpe times.
2. RoT service psa_wait(PSA_BLOCK|(Non-zero value for timeout[30:0])) API is executed without while(1) loop.
3. RoT service serves the connections by rejecting them.
This is a sanity check, a successful handshaking between client and server for requested connection represents check pass.
Perform above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_wait(): When MODE is zero, the function will return immediately with the current signal state, which can be zero if no signals are active. | [client/server]_test_psa_poll_behave() | 1. Client connects to a RoT service mutilpe times.
2. RoT service executes psa_wait(PSA_POLL) in a while loop and checks the API's polling behaviour.
3. Call psa_wait(PSA_POLL) when no request is made by client and checks the return value.
Perform above steps from NSPE and SPE both. | Mandatory | Yes | +| test_i003 | 1. The reverse handle for a connection is NULL until psa_set_rhandle() is used. psa_set_rhandle() can be used to associate some caller-provided private data with a specified client connection. And SPM must provide same rhandle for msg.rhandle with all subsequent messages delivered on this connection. On success the rhandle is retained by the implementation and provided in all future messages on that connection as part of the psa_msg_t structure.
2. Setting the rhandle for a connection during disconnection has no observable effect. | [client/server]_test_psa_set_rhandle() | 1. Client connects to RoT service and RoT service checks the value of msg.rhanlde value duing PSA_IPC_CONNECT2. Client send call msg to RoT service and RoT service checks the value of msg.rhanlde value duing PSA_IPC_CONNECT
3. ROT service sets the rhandle with known value.
4. Client send call msg to RoT service and RoT service now compare the value of msg.rhanndle with previously set value
5. ROT service sets the rhandle with known value other than previously set value
6. Client send call msg to RoT service and RoT service now compare the value of msg.rhanndle with last set value
7. The reverse handle for a connection is NULL until psa_set_rhandle() is used
Perform above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_call():The caller can optionally provide one or more buffers to receive a response (out_vec).
2. psa_get(): The array in_size provides the size of each client input vector in bytes. The array out_size provides the size of each client output vector in bytes.
3. psa_read(): parameter from the client input vector. Streams up to the next num_bytes bytes of client input vector invec_idx in the message identified by msg_handle to the Secure Partition buffer. Returns the number of bytes copied.
4. psa_read(): If num_bytes is less than or equal to the available data in the input vector then num_bytes are copied to buffer, and the remaining data in the input vector can be read by subsequent calls to psa_read() with the same msg_handle and invec_idx.
5. psa_read(): RoT Services can determine how much data is available to read from the message based on the in_size[] attribute of the psa_msg_t message returned from psa_get(). If an input vector has not been passed by the client then the corresponding in_size[] for that vector is zero.
6. psa_read(): If num_bytes is greater than the remaining data in the input vector then the remaining input bytes are copied to buffer and the call returns the number of bytes copied. Any space after this in buffer is not modified. Subsequent calls of psa_read() or psa_skip() with the same message input vector will report that there is no more data in the vector.
7. psa_skip(): Skip over part of a client input vector. Advances the current read offset by skipping up to num_bytes bytes for input vector invec_idx in the message identified by msg_handle. psa_skip(): When psa_skip returns, it returns with the number of bytes skipped
8. psa_skip(): If There was no remaining data in this input vector, return zero
9.psa_skip(): If num_bytes is greater than the remaining size of the input vector then the remaining size of the input vector is returned. Subsequent calls of psa_read() or psa_skip() with the same message input vector will report that there is no more data in the vector.
| [client/server]_test_call_read_and_skip() | 1.Client connects to RoT service
2.Client sends four input vectors to RoT service using psa_call
3. RoT service checks following:
- Reporting of input vectors size through msg.in_size
- Input vectors content reading through psa_read
-Inbound /Outbound offset reading
-Inbound/Outbound offset skipping
-Zero byte read and skip
-out_len=0 check
4. Client recieves the status of RoT service checks and closes the connection
Perform above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_call(): The caller can optionally provide one or more buffers to receive a response (out_vec). On return from psa_call() the len value will have been updated to indicate the number of bytes of data written to the buffer by the RoT Service.
2. psa_write(): Appends num_bytes of data from buffer to the client output vector outvec_idx in the message identified by msg_handle. Sequential calls using the same msg_handle and outvec_idx will be concatenated in the output vector | [client/server]_test_call_and_write() | 1. Client connects to RoT service
2. Client sends four output vectors to RoT service using psa_call
3. RoT service checks following:
- Reporting of output vectors size through msg.out_size
- in_len=0 check
- zero byte write
- Out vector writes using psa_write
- Vector write concatenation
4. Client recieves the status of RoT service checks, cross check the content of out vectors and closes the connection
Perform above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. psa_call(): Any I/O vector of length zero is permitted and will be treated as an empty or non-existent vector by the framework. When less than four vectors are provided to psa_call() for either input or output, then the remaining vectors have zero length and the in_size and out_size elements for these vectors will be zero.A memory reference contains a start address and an associated length. A zero-length memory reference is one where the length is zero. The start address of a zero-length memory reference can safely take any value and must be ignored by the implementation.
2. psa_call(): If in_len is zero then in_vec is ignored
3. sa_call(): If out_len is zero then out_vec is ignored
4. psa_get(): If an input and output vector has not been passed by the client then the corresponding in_size[] and out_size[] for that vector is zero. | [client/server]_test_zero_length_invec()[client/server]_test_zero_length_outvec() | Test zero lenth input vector:
1. Client connects to RoT service
2. Client sends three input and one outvec vectors to RoT service using psa_call - invec 0 as zero length vector, invec 1 as NULL and invec 2 and outvec 0 as non-zero length vector
3. RoT service checks size of each vectors reported through msg.in_size and msg.out_size
4. Client recieves the status of checks and closes the connection
Test zero lenth output vector:
1. Client connects to RoT service
2. Client sends one input and three outvec vectorsto RoT service using psa_call - outvec 0 as zero length vector, outvec 0 as NULL and invec 0 and outvec 2 as non-zero length vector
3. RoT service checks size of each vectors reported through msg.in_size and msg.out_size
4. Client recieves the status of checks and closes the connection
Perform above steps from NSPE and SPE both. | Mandatory | Yes | +| | 1. When client provides an input and output vectors which are referencing to same memory location, a psa_read after psa_write to the same memory location can return original or modified value.
2. When client provides an input and output vectors which are referencing to same memory location, a psa_write(s) to both memory vectors can return either the 1st or the 2nd value written. | [client/server]_test_overlapping_vectors | 1. Client provides one input and 2 output vectors which are pointing to same location.
2. RoT service performs read after write operation on to outvec-0 and expects return value either modified one or the original
3. RoT service performs write operation to outvec-1 and unblock the connection. The write performed is to mimic write after write operatio to the overlapping vector.
4. Client check the value of outvec. The value should be either the value written by first psa_write or the second psa_write. | Mandatory | Yes | +| test_i004 | The call to psa_connect() is PROGRAMMER ERROR if RoT Service does not exist on platform | [client/server]_test_sid_does_not_exists() | Call psa_connect with SID which does not exist on a platform and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i005 | The call to psa_connect() is PROGRAMMER ERROR if Version policy is STRICT and requested version is HIGHER than minimum version | [client/server]_test_strict_policy_higher_minor_version() | call psa_connect with SID whose Version policy is STRICT and requested minor version is HIGHER than minimum version and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i006 | The call to psa_connect() is PROGRAMMER ERROR if Version policy is STRICT and requested version lower than minimum version | [client/server]_test_strict_policy_lower_minor_version() | call psa_connect with SID whose Version policy is STRICT and requested minor version is Lower than minimum version.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i007 | The call to psa_connect() is PROGRAMMER ERROR if Version policy is RELAXED and requested version is bigger than minimum version | [client/server]_test_relax_policy_higher_minor_version() | call psa_connect with SID whose Version policy is RELAXED and requested minor version is HIGHER than minimum version and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i008 | 1. The call to psa_connect() is PROGRAMMER ERROR if service to non_secure_client is not available
2. Manifest parameter - The non_secure_clients field contains a boolean to indicate if it is accessible to NSPE clients. RoT Services are always accessible to SPE clients. | [client/server]_test_secure_access_only_connection() | Call psa_connect with SID which allow secure only connection and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i009 | 1. The call to psa_connect() is PROGRAMMER ERROR if SID is not mentioned in dependencies field.
2. Manifest parameter- dependencies (optional)
If access between a Secure Partition (acting as client) and a RoT Service (acting as server) is not specified in the manifest, then the client is not permitted to connect to the RoT Service. | [client/server]_test_unextern_sid_connection() | Call psa_connect with SID which is not mentioned as external SID in manifest and expect PROGRAMMER ERROR behaviour. | Optional | Yes | +| test_i010 | It is not required for the minor_version or minor_policy attributes to be specified. If they are not specified in the manifest, the RoT Service will have default attributes of minor_version=1 and minor_policy="STRICT". In this case, the call to psa_connect() is PROGRAMMER ERROR if requested version higher than minimum version. | [client/server]_test_unspecified_policy_with_higher_minor_ver() | Call psa_connect with SID whose Version policy is not mentioned and requested minor version is HIGHER than minimum version and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i011 | It is not required for the minor_version or minor_policy attributes to be specified. If they are not specified in the manifest, the RoT Service will have default attributes of minor_version=1 and minor_policy="STRICT". In this case, the call to psa_connect() is PROGRAMMER ERROR if requested version lower than minimum version | [client/server]_test_unspecified_policy_with_lower_minor_ver() | Call psa_connect with SID whose Version policy is not mentioned and requested minor version is lower than minimum version and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i012 | The call to psa_close() is PROGRAMMER ERROR if an invalid handle was provided that is not the null handle | [client/server]_test_psa_close_with_invalid_handle() | Call psa_close with INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour.
Perform above step from NSPE and SPE both. | Optional | Yes | +| test_i013 | The call to psa_get() is PROGRAMMER ERROR if signal has more than a single bit set | [client/server]_test_psa_get_with_more_than_one_signal() | Call psa_get with a signal who has more than a single bit set and expect PROGRAMMER ERROR behaviour. | Optional | Yes | +| test_i014 | After a RoT Service message is signaled, psa_get() function is used to retrieve the message details. Each message can only be retrieved once. | [client/server]_test_psa_get_called_twice() | Call psa_get with a valid signal back to back and expect PROGRAMMER ERROR behaviour. | Optional | Yes | +| test_i015 | The call to psa_get() is PROGRAMMER ERROR if signal does not correspond to a RoT Service | [client/server]_test_psa_get_with_non_rot_signal() | Call psa_get with DOORBELL signal and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i016 | The call to psa_get() is PROGRAMMER ERROR if The RoT Service signal is not currently asserted | [client/server]_test_psa_get_with_unasserted_signal() | Call psa_get with singal which is currently not asserted and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i017 | Each RoT Service listed creates a dependency from the client Partition to a server Partition. Within the resulting network of dependencies, there must be no circular dependencies between Secure Partitions. This would result in deadlock because the Service requests are always synchronous.For the same reason, a Secure Partition must not use a RoT Service that is defined within itself. Direct function calls must be used instead of IPC where there is a dependency between RoT Services within a single Secure Partition. | [client/server]_test_partition_calling_its_own_rot_service() | Partition calling its own ROT service using psa_connect and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i018 | The call to psa_set_rhandle() is PROGRAMMER ERROR if an invalid message handle was provided | [client/server]_test_psa_set_rhandle_with_invalid_handle() | Call psa_set_rhanlde with an INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour for API call | Optional | Yes | +| test_i019 | The call to psa_set_rhandle() is PROGRAMMER ERROR if Null handle was passed | [client/server]_test_psa_set_rhandle_with_null_handle() | Call psa_set_rhanlde with NULL handle and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i020 | If messgae type if is PSA_IPC_CONNECT then use of status values in psa_reply() other than PSA_SUCCESS, PSA_ERROR_CONNECTION_BUSY and PSA_ERROR_CONNECTION_REFUSED is a PROGRAMMER ERROR. | [client/server]_test_psa_reply_with_invalid_connect_status_code() | Call to psa_reply during PSA_IPC_CONNECT with status code other than PSA_SUCCESS and PSA_CONNECTION_REFUSED and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i021 | 1. psa_wait() returns the Secure Partition interrupt signals that have been asserted from the subset of signals indicated in the bitmask provided. (psa_wait API to recieve interrupt signal)
2. psa_eoi():Informs the SPM that an interrupt has been handled (end of interrupt). This will re-enable the interrupt line.
3.psa_eoi(): A signal remains active until it is processed by psa_eoi
4. Manifest- irqs (optional, unique)This attribute is a list of IRQ lines which are assigned to the Secure Partition.A Secure Partition always has exclusive access to an assigned IRQ. Secure Partitions are not allowed to share IRQs with other Secure Partitions.Each IRQ specified must provide a signal field. This field contains a symbolic name for the signal, used by the SPM to indicate when the interrupt is asserted. Each IRQ line is declared as either of the following:¿ line_num: A valid IRQ number for the platform.¿ line_name: A named IRQ, represented by a string identifier. | | Generate interrupt for driver partition assigned irq number and checks that:
- interrupt is routed to driver patition
- psa_wait returns the required irq_signal value
- end of interrupt using psa_eoi
Test Limitation:
1. Rules around sharing of irq lines can't be tested as specifiying it can result into build error.
2. Test suite partition manifests are rely on only line_num for specifying irq line number as line_name is subject to resolved in Implementation defined manner. | Mandatory | Yes | +| test_i022 | The call to psa_reply() is PROGRAMMER ERROR if the message handle is invalid | [client/server]_test_psa_reply_with_invalid_handle() | Call psa_reply with an INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i023 | The call to psa_reply() is PROGRAMMER ERROR if the message handle is Null handle | [client/server]_test_psa_reply_with_null_handle() | Call psa_reply with a NULL HANDLE | Optional | Yes | +| test_i024 | The call to psa_call() is PROGRAMMER ERROR if an invalid handle was passed | [client/server]_test_psa_call_with_invalid_handle() | Call psa_call with an INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour for API call.Perform this step from NSPE and SPE both. | Optional | Yes | +| test_i025 | The call to psa_call() is PROGRAMMER ERROR if an null handle was passed | [client/server]_test_psa_call_with_null_handle() | Call psa_call with a NULL HANDLE and expect PROGRAMMER ERROR behaviour for API call.
Perform this step from NSPE and SPE both. | Optional | Yes | +| test_i026 | The call to psa_call() is PROGRAMMER ERROR if in_len + out_len > PSA_MAX_IOVEC | [client/server]_test_psa_call_with_iovec_more_than_max_limit() | Call psa_call with more than four IOVECs and expect PROGRAMMER ERROR behaviour for API call.
Perform this step from NSPE and SPE both. | Optional | Yes | +| test_i027 | If the message type is PSA_IPC_CALL and the client has made an invalid request, then the RoT Service can request for the connection to be terminated by calling psa_reply() with return value PSA_ERROR_PROGRAMMER_ERROR. After this, the RoT Service will receive no further PSA_IPC_CALL messages on that connection. The SPM will deliver a PSA_IPC_DISCONNECT to the RoT Service to release any resources associated with that connection.
If the SPM does not restart the system in response to the above PROGRAMMER ERROR, then termination of the connection has the following effects:
- No further PSA_IPC_CALL messages will be received by the RoT Service for the connection.
- The RoT Service will receive a PSA_IPC_DISCONNECT message for the connection to release resources and reset state associated with the connection.
- The failing call to psa_call() will return PSA_ERROR_PROGRAMMER_ERROR.
- Subsequent calls to psa_call() on the same connection will immediately return PSA_ERROR_PROGRAMMER_ERROR.
- The client must call psa_close() to close the connection. | [client/server]_test_psa_drop_connection() | RoT service executes psa_reply with status code equal to PSA_ERROR_PROGRAMMER_ERROR during PSA_IPC_CALL.Client expects either PSA_ERROR_PROGRAMMER_ERROR as returned status code for psa_call or system to get paniced
Perform above steps from NSPE and SPE both. | Optional | Yes | +| test_i028 | The call to psa_read() is PROGRAMMER ERROR if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_read_at_ipc_connect() | Call psa_read during PSA_IPC_CONNECT and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i029 | The call to psa_read() is PROGRAMMER ERROR if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_read_at_ipc_disconnect() | Call psa_read during PSA_IPC_DISCONNECT and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i030 | The call to psa_read() is PROGRAMMER ERROR if Null handle was passed | [client/server]_test_psa_read_with_null_handle() | Call psa_read with NULL handle and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i031 | The call to psa_read() is PROGRAMMER ERROR if Invalid handle was passed | [client/server]_test_psa_read_with_invalid_handle() | Calll psa_read with INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i032 | The call to psa_read() is PROGRAMMER ERROR if invec_idx is equal to PSA_MAX_IOVEC | [client/server]_test_psa_read_with_invec_equal_to_max_iovec() | Call psa_read with invec_idx=PSA_MAX_IOVEC and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i033 | The call to psa_read() is PROGRAMMER ERROR if invec_idx is greater than PSA_MAX_IOVEC | [client/server]_test_psa_read_with_invec_greater_than_max_iovec() | Call psa_read with invec_idx>PSA_MAX_IOVEC and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i034 | The call to psa_skip() is PROGRAMMER ERROR if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_skip_at_ipc_connect() | Call psa_skip during PSA_IPC_CONNECT and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i035 | The call to psa_skip() is PROGRAMMER ERROR if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_skip_at_ipc_disconnect() | Call psa_skip during PSA_IPC_DISCONNECT and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i036 | The call to psa_skip() is PROGRAMMER ERROR if Null handle was passed | [client/server]_test_psa_skip_with_null_handle() | Call psa_skipwith NULL handle and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i037 | The call to psa_skip() is PROGRAMMER ERROR if Invalid handle was passed | [client/server]_test_psa_skip_with_invalid_handle() | Calll psa_skip with INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i038 | The call to psa_skip() is PROGRAMMER ERROR if invec_idx is equal to PSA_MAX_IOVEC | [client/server]_test_psa_skip_with_invec_equal_to_max_iovec() | Call psa_skip with invec_idx=PSA_MAX_IOVEC and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i039 | The call to psa_skip() is PROGRAMMER ERROR if invec_idx is greater than PSA_MAX_IOVEC | [client/server]_test_psa_skip_with_invec_greater_than_max_iovec() | Call psa_skip with invec_idx>PSA_MAX_IOVEC and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i040 | The call to psa_write() is PROGRAMMER ERROR if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_write_at_ipc_connect() | Call psa_write during PSA_IPC_CONNECT and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i041 | The call to psa_write() is PROGRAMMER ERROR if msg_handle does not refer to a PSA_IPC_CALL message | [client/server]_test_psa_write_at_ipc_disconnect() | Call psa_write during PSA_IPC_DISCONNECT and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i042 | The call to psa_write() is PROGRAMMER ERROR if Null handle was passed | [client/server]_test_psa_write_with_null_handle() | Call psa_write with NULL handle and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i043 | The call to psa_write() is PROGRAMMER ERROR if Invalid handle was passed | [client/server]_test_psa_write_with_invalid_handle() | Calll psa_write with INVALID_HANDLE which is not NULL and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i044 | The call to psa_write() is PROGRAMMER ERROR if invec_idx is equal to PSA_MAX_IOVEC | [client/server]_test_psa_write_with_invec_equal_to_max_iovec() | Call psa_write with invec_idx=PSA_MAX_IOVEC and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i045 | The call to psa_write() is PROGRAMMER ERROR if invec_idx is greater than PSA_MAX_IOVEC | [client/server]_test_psa_write_with_invec_greater_than_max_iovec() | Call psa_write with invec_idx>PSA_MAX_IOVEC and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i046 | The call to psa_write() is PROGRAMMER ERROR if the call attempts to write data past the end of the client output vector | [client/server]_test_psa_write_with_size_overflow() | Call psa_write with a size input one byte bigger than allowed size and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i047 | The call to psa_get() is PROGRAMMER ERROR if The msg pointer provided is not a valid memory reference | [client/server]_test_psa_get_with_invalid_msg_pointer() | Call psa_get with invalid msg pointer and expect PROGRAMMER ERROR behaviour for API call.
Selection of invalid pointer is as below:
if (ISOLATION_LEVEL > 1)
// PSA RoT Pointer
psa_get(msg_pointer = driver_mmio_base);
else
psa_get(msg_pointer = NULL);
| Optional | Yes | +| test_i048 | The call to psa_call() is PROGRAMMER ERROR if address of in_vec is invalid for client | [client/server]_test_psa_call_with_invalid_invec_pointer | Call psa_call with invalid address for invec and expect PROGRAMMER ERROR behaviour for API call.
Selection of invalid invec pointer is as below:
if caller == NONSECURE
// PSA RoT pointer
invec_pointer = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
invec_pointer = driver_mmio_base;
else
invec_pointer = NULL; | Optional | Yes | +| test_i049 | The call to psa_call() is PROGRAMMER ERROR if address of out_vec is invalid for client | [client/server]_test_psa_call_with_invalid_outvec_pointer() | Call psa_call with invalid address for outvec and expect PROGRAMMER ERROR behaviour for API call.
Selection of invalid outvec pointer is as below:
if caller == NONSECURE
// PSA RoT pointer
outvec_pointer = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
outvec_pointer = driver_mmio_base;
else
outvec_pointer = NULL; | Optional | Yes | +| test_i050 | The call to psa_call() is PROGRAMMER ERROR if psa_invec.base address is invalid for client | [client/server]_test_psa_call_with_invalid_invec_base() | Call psa_call with invalid address for psa_invec.base and expect PROGRAMMER ERROR behaviour for API call.
Selection of invalid base is as below:
if caller == NONSECURE
// PSA RoT pointer
invalid_base = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
invalid_base = driver_mmio_base;
else
invalid_base = NULL; | Optional | Yes | +| test_i051 | The call to psa_call() is PROGRAMMER ERROR if psa_outvec.base address is invalid for client | [client/server]_test_psa_call_with_invalid_outvec_base() | Call psa_call with invalid address for psa_outvec.base and expect PROGRAMMER ERROR behaviour for API call.
Selection of invalid base is as below:
if caller == NONSECURE
// PSA RoT pointer
invalid_base = driver_mmio_base;

else

if (ISOLATION_LEVEL > 1)
invalid_base = driver_mmio_base;
else
invalid_base = NULL; | Optional | Yes | +| test_i052 | The call to psa_call() is PROGRAMMER ERROR if psa_invec.base addr is valid but psa_invec.base+size address is invalid for client | [client/server]_test_psa_call_with_invalid_invec_end_addr() | Call psa_call with valid address for psa_invec.base but (psa_invec.base + psa_invec.size) pointing to invalid address and expect PROGRAMMER ERROR behaviour for API call.
Selection of base and size are as below:
if caller == NONSECURE
valid_base = nspe_mmio_region_base;
invalid_size = (driver_mmio_region_base - nspe_mmio_region_base + 1);

else

if (ISOLATION_LEVEL > 1)
valid_base = server_mmio_region_base;
invalid_size = (driver_mmio_region_base - server_mmio_region_base + 1);
| Optional | Yes | +| test_i053 | The call to psa_call() is PROGRAMMER ERROR if psa_outvec.base addr is valid but psa_invec.base+sizeaddress is invalid for client | [client/server]_test_psa_call_with_invalid_outvec_end_addr() | Call psa_call with valid address for psa_outvec.base but (psa_outvec.base + psa_outvec.size) pointing to invalid address and expect PROGRAMMER ERROR behaviour for API call.
Selection of base and size are as below:
if caller == NONSECURE
valid_base = nspe_mmio_region_base;
invalid_size = (driver_mmio_region_base - nspe_mmio_region_base + 1);

else

if (ISOLATION_LEVEL > 1)
valid_base = server_mmio_region_base;
invalid_size = (driver_mmio_region_base - server_mmio_region_base + 1);
| Optional | Yes | +| test_i054 | The call to psa_call() is PROGRAMMER ERROR if psa_outvec.base is not writable | [client/server]_test_psa_call_with_not_writable_outvec_base() | Call psa_call with not writable (code address) psa_outvec.base and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i055 | The call to psa_read() is PROGRAMMER ERROR if the memory reference for buffer is invalid | [client/server]_test_psa_read_with_invalid_buffer_addr() | Call psa_read with invalid buffer addr and expect PROGRAMMER ERROR behaviour for API call.
Selection of buffer address is as below:
if (ISOLATION_LEVEL > 1)
buffer = driver_mmio_region_base;
else
buffer = NULL;
| Optional | Yes | +| test_i056 | The call to psa_read() is PROGRAMMER ERROR if the memory reference for buffer is not writable | [client/server]_test_psa_read_with_not_writable_buffer_addr() | Call psa_read with not writable address (function address- code memory) and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i057 | The call to psa_write() is PROGRAMMER ERROR if the memory reference for buffer is invalid | [client/server]_test_psa_write_with_invalid_buffer_addr() | Call psa_write with invalid buffer addr and expect PROGRAMMER ERROR behaviour for API call.
Selection of buffer address is as below:
if (ISOLATION_LEVEL > 1)
buffer = driver_mmio_region_base;
else
buffer = NULL;
| Optional | Yes | +| test_i058 | 1. psa_notify() is used to asynchronously wake up another Secure Partition. The receiving partition uses psa_wait() to detect, or wait for, assertion of its PSA_DOORBELL signal. The value of partition_id must be greater than zero as the target of notification must be a Secure Partition.
2. psa_clear() clears the PSA_DOORBELL signal.
3. psa_clear(): The target Partition doorbell will remain asserted until it calls psa_clear(). | [client/server]_test_psa_doorbell_signal() | 1. Client connects to RoT service.
2. RoT services executes asserts PSA_DOORBELL singal back to client after accepting the connection.
3. Client checks the delivery of PSA_DOORBELL singal using psa_wait().
4. Client clears the doorbell and closes the connection.
5. RoT service receives the closing connection request.
| Mandatory | Yes | +| test_i059 | The call to psa_notify() is PROGRAMMER ERROR if Partition ID does not correspond to a Secure Partition | [client/server]_test_psa_notify_with_neg_part_id() | Call psa_notify with negative partition id and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i060 | The call to psa_notify() is PROGRAMMER ERROR if Partition ID does not correspond to a Secure Partition | [client/server]_test_psa_notify_with_invalid_pos_part_id() | Call psa_notify with positive partition id which does not exist in the platform and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i061 | The call to psa_clear() is PROGRAMMER ERROR if The Secure Partition¿s doorbell signal is not currently asserted | [client/server]_test_psa_clear_at_unasserted_doorbell_sig() | Call psa_clear when doorbell signal is not asserted and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i062 | The call to psa_wait() is PROGRAMMER ERROR if signal_mask does not include any assigned signals. | [client/server_test_psa_wait_with_unassigned_signal() | Call psa_wait with signal mask that doesn't include any assigned signal and expect PROGRAMMER ERROR behaviour for API call. | Optional | Yes | +| test_i063 | psa_wait() returns the Secure Partition interrupt signals that have been asserted from the subset of signals indicated in the bitmask provided. The mask must contain the set of signals the caller is interested in handling. Signals that are not in signal_mask should be ignored. | [client/server]_test_psa_wait_signal_mask() | 1. Select signal_mask = (SERVER_UNSPECIFED_MINOR_V_SIG | SERVER_RELAX_MINOR_VERSION_SIG);
2. Server partition requests the client partition to make connection using sid=SERVER_SECURE_CONNECT_ONLY_SID. This connection request act as irritator to psa_wait(signal_mask) call and it is used to cover the rule - Signals that are not in signal_mask should be ignored by psa_wait.
3. NSPE client connects to a server partition using SID whose signal are part of signal_mask
4. Server partition executes psa_wait with necessary signal_mask. RoT service checks that returned signal value is subset of signals indicated in the signal_mask
5. At the end, server partition completes the starved (irritator) connection request of SERVER_SECURE_CONNECT_ONLY_SID. | Mandatory | Yes | +| test_i064 | The call to psa_eoi() is PROGRAMMER ERROR if irq_signal is not an interrupt signal | driver_test_psa_eoi_with_non_intr_signal() | Call to psa_eoi with non-interrupt signal(PSA_DOORBELL) and expect PROGRAMMER ERROR behaviour for API call.
Note: The interrupt related test check is captured in driver_partition.c as this is the only partition in test suite that holds the interrupt line. | Optional | Yes | +| test_i065 | The call to psa_eoi() is PROGRAMMER ERROR if irq_signal is not currently asserted | driver_test_psa_eoi_with_unasserted_signal() | Call to psa_eoi with interrupt signal which is currently not asserted and expect PROGRAMMER ERROR behaviour for API call.
Note: The interrupt related test check is captured in driver_partition.c as this is the only partition in test suite that holds the interrupt line. | Optional | Yes | +| test_i066 | The call to psa_eoi() is PROGRAMMER ERROR if irq_signal indicates more than one signal | driver_test_psa_eoi_with_multiple_signals() | Call to psa_eoi with irq_signal provided with multiple signals and expect PROGRAMMER ERROR behaviour for API call.
Note: The interrupt related test check is captured in driver_partition.c as this is the only partition in test suite that holds the interrupt line. | Optional | Yes | +| test_i067 | A Secure Partition is guaranteed to be able to read and write its private heap regions.
Manifest Parameter- heap_size. Properties: Optional.
This attribute indicates the Secure Partition¿s heap size in bytes.The size value is represented either as a positive integer or as a hexadecimal string.If this field is specified in the manifest then the value must be greater than 0. If this field is not specified in the manifest then the SPM can assume the size is 0. | [client/server]_test_dynamic_mem_alloc_fn() | Test dynamic memory service functions-malloc(), free() and realloc behaviour defined in the specification if these APIs are available to secure partition. Otherwise skip the test.
| Mandatory | Yes | +| test_i068 | Only Code is executable in secure partition. Writable region must not be executable. | client_test_instr_exec_from_writable_mem() | Execute set of instructions from writable memory and expect internal fault. | Optional | Yes | +| test_i069 | Only Private data is writable in secure partition. Code space must not be writable. | client_test_write_to_code_space() | Write to code space from secure partition and expect internal fault | Optional | Yes | +| test_i070 | Only Private data is writable in secure partition. Constant data space must not be writable. | client_test_write_to_const_data() | Write to constant data space and expect internal fault | Optional | Yes | +| test_i071 | The following memory manipulation functions from must be implemented with standard C99 definitions:
memcmp()
memcpy()
memmove()
memset() | client_test_mem_manipulation_fn() | 1 .Set buffer content using memset(). Check that content is set as expected.
2. Copy one buffer to another buffer using memcpy() and check that buffer is copied correctly.
3. Compare two buffers two times, once with equal data and once with unequal data.
2. Copy one buffer to another buffer using memmove() and check that buffer is copied correctly.
| Mandatory | Yes | +| test_i072 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT, B is NSPE and memory asset to be protected is Application RoT variables- Global variable. | [client/server]_test_nspe_read_app_rot_variable()
[client/server]_test_nspe_write_app_rot_variable() | Access Application RoT global variable address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i073 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT, B is NSPE and memory asset to be protected is Application RoT execution stack. | [client/server]_test_nspe_read_app_rot_stack()
[client/server]_test_nspe_write_app_rot_stack() | Access Application RoT local variable(stack region) address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i074 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT, B is NSPE and memory asset to be protected is Application RoT heap memory. | [client/server]_test_nspe_read_app_rot_heap()
[client/server]_test_nspe_write_app_rot_heap() | Access Application RoT heap memory address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i075 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT, B is NSPE and memory asset to be protected is Application RoT MMIO region. | [client/server]_test_nspe_read_app_rot_mmio()
[client/server]_test_nspe_write_app_rot_mmio() | Access Application RoT MMIO address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i076 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is NSPE and memory asset to be protected is PSA RoT variables- Global variable. | client_test_nspe_read_psa_rot_variable()
driver_test_isolation_psa_rot_data_rd()
client_test_nspe_write_psa_rot_variable()
driver_test_isolation_psa_rot_data_wr() | Access PSA RoT global variable address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i077 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is NSPE and memory asset to be protected is PSA RoT execution stack. | client_test_nspe_read_psa_rot_stack()
driver_test_isolation_psa_rot_stack_rd()
client_test_nspe_write_psa_stack_variable()
driver_test_isolation_psa_rot_stack_wr() | Access PSA RoT local variable(stack region) address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i078 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is NSPE and memory asset to be protected is PSA RoT heap memory. | client_test_nspe_read_psa_rot_heap()
driver_test_isolation_psa_rot_heap_rd()
client_test_nspe_write_psa_rot_heap()
driver_test_isolation_psa_rot_heap_wr() | Access PSA RoT partition heap memory address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i079 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is NSPE and memory asset to be protected is PSA RoT MMIO region. | client_test_nspe_read_psa_rot_mmio()
driver_test_isolation_psa_rot_mmio_rd()
client_test_nspe_write_psa_rot_mmio()
driver_test_isolation_psa_rot_mmio_wr() | Access PSA RoT partition MMIO address from NSPE and expect internal fault behavior | Optional | Yes | +| test_i080 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is Application RoT and memory asset to be protected is PSA RoT variables- Global variable. | client_test_app_rot_read_psa_rot_variable()
driver_test_isolation_psa_rot_data_rd()
client_test_app_rot_write_psa_rot_variable()
driver_test_isolation_psa_rot_data_wr() | Access PSA RoT global variable address from Application RoT and expect internal fault behavior | Optional | Yes | +| test_i081 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is Application RoT and memory asset to be protected is PSA RoT execution stack. | client_test_app_rot_read_psa_rot_stack()
driver_test_isolation_psa_rot_stack_rd()
client_test_app_rot_write_psa_stack_variable()
driver_test_isolation_psa_rot_stack_wr() | Access PSA RoT local variable(stack region) address from Application RoT and expect internal fault behavior | Optional | Yes | +| test_i082 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is Application RoT and memory asset to be protected is PSA RoT heap memory. | client_test_app_rot_read_psa_rot_heap()
driver_test_isolation_psa_rot_heap_rd()
client_test_app_rot_write_psa_rot_heap()
driver_test_isolation_psa_rot_heap_wr() | Access PSA RoT partition heap memory address from Application RoT and expect internal fault behavior | Optional | Yes | +| test_i083 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is PSA RoT, B is Application RoT and memory asset to be protected is PSA RoT MMIO region. | client_test_app_rot_read_psa_rot_mmio()
driver_test_isolation_psa_rot_mmio_rd()
client_test_app_rot_write_psa_rot_mmio()
driver_test_isolation_psa_rot_mmio_wr() | Access PSA RoT partition MMIO address from Application RoT and expect internal fault behavior | Optional | Yes | +| test_i084 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT Partition, B is other Application RoT partition and memory asset to be protected is A- Application RoT partition variables- Global variable. | [client/server]_test_sp_read_other_sp_variable()
[client/server]_test_sp_write_other_sp_variable() | Access Application RoT global variable address from other RoT and expect internal fault behavior | Optional | Yes | +| test_i085 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT Partition, B is other Application RoT partition and memory asset to be protected is A- Application RoT partition execution stack. | [client/server]_test_sp_read_other_sp_stack()
[client/server]_test_sp_write_other_sp_stack() | Access Application RoT local variable(stack region) address from other Application RoT and expect internal fault behavior | Optional | Yes | +| test_i086 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT Partition, B is other Application RoT partition and memory asset to be protected is A- Application RoT partition heap memory. | [client/server]_test_sp_read_other_sp_heap()
[client/server]_test_sp_write_other_sp_heap() | Access Application RoT partition heap memory address from other Application RoT and expect internal fault behavior | Optional | Yes | +| test_i087 | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B.
Where A is Application RoT Partition, B is other Application RoT partition and memory asset to be protected is A- Application RoT partition MMIO region. | [client/server]_test_sp_read_other_sp_mmio()
[client/server]_test_sp_write_other_sp_mmio() | Access Application RoT partition MMIO address from other Application RoT and expect internal fault behavior | Optional | Yes | +| test_l088 | psa_rot_lifecycle_state() function retrieves the current PSA RoT lifecycle state. | server_test_psa_rot_lifecycle_state() | Call psa_rot_lifecycle_state() from secure side and check that return value is within the allowed range. | Mandatory | Yes | +| | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B. From B access below asserts of A:
- Variables
- Execution stacks
- Allocation heap
- Memory-mapped I/O regions

Where, A & B combination are: A=SPM & B=NSPE | N/A | Future release of test suite will be updated to cover this rule. | N/A | No | +| | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B. From B access below asserts of A:
- Variables
- Execution stacks
- Allocation heap
- Memory-mapped I/O regions

Where, A & B combination are: A=SPM & B=Application RoT partition | N/A | Future release of test suite will be updated to cover this rule. | N/A | No | +| | If domain A needs protection from domain B, then Private data in domain A cannot be accessed by domain B. From B access below asserts of A:
- Variables
- Execution stacks
- Allocation heap
- Memory-mapped I/O regions

Where, A & B combination are: A=SPM & B=PSA RoT partition | N/A | Future release of test suite will be updated to cover this rule. | N/A | No | +| NO_EXPLICIT_TEST | A Secure Partition is guaranteed to be able to read and write its private stack.
Manifest Parameter- stack_size (required)
Partition's stack size in bytes. The size value must be represented either as a positive integer or as a hexadecimal string. | N/A | No explicit test written to cover this rule. PSA IPC tests manifests are provided with tests partition required stack_size. A successful execution of tests partition code without stack access related faults, indirectly verify this field. | N/A | Yes | +| NO_EXPLICIT_TEST | mmio_regions (optional, unique):
List of memory-mapped I/O region objects which the Secure Partition needs access to. A Secure Partition always has exclusive access to an MMIO region. Secure Partitions are not permitted to share MMIO regions with other Secure Partitions.
An MMIO region can be defined either as a:
numbered_region
named_region
A numbered region consists of a base address and a size. The size must be represented either as a positive integer or as a hexadecimal string. The base address must be represented as a hexadecimal string.
MMIO regions must not overlap.
An MMIO region must include a permission attribute. The following permissions are available:
READ-ONLY
READ-WRITE | N/A | Comments:
1. PSA IPC tests device driver partition manifests are provided with these fields. A successful compilation and run of device driver partition code indirectly verify this field.
2. Rules around sharing of MMIO regions is covered as part of isolation tests.
3. Rules around overlapping of MMIO regions can't be tested as specifying that into manifest results into compilation fail.
4. Test suite partition manifests are rely on numbered_region only as named_region is subject to resolved in Implementation defined manner. | N/A | Yes | +| NO_EXPLICIT_TEST | Manifest Parameter- type (required)
Whether the Partition is a part of the PSA Root of Trust Services or is part of the Application Root of Trust Services.Type must be assigned one of the following values:- APPLICATION-ROT- PSA-ROT | N/A | PSA IPC tests partition files are provided with these fields. Access permission behaviour related to these fields will be verified as part of tests covering isolation level rules. | N/A | Yes | +| NO_EXPLICIT_TEST | Manifest Parameter - description (optional)
This attribute contains a human-readable description and comments for the Secure Partition. | N/A | Test suite manifests are provided with these field with adhere to manifest rules. Manifest build tool parser must parse this field without any compilation fail. | N/A | Yes | +| NO_EXPLICIT_TEST | Manifest Parameter -entry_point (required, unique)
The Partition entry point in the form of an C function symbol. A single entry point must be provided and it must have the following signature:
void entry_point(void); | N/A | No explicit test written to cover this rule. Test suite manifests are provided with tests partition entry_point. A successful launch and run of tests partition code indirectly verify this field. | N/A | Yes | +| NO_EXPLICIT_TEST | The SPM must eventually deliver all signals and IPC messages. | N/A | No explicit test written to cover this rule. However all PSA IPC tests are written with the expectation that the SPM delivers all requested signals and IPC message in a timely fashion. Failure to provide this will result in simulation time out.
This rule is unbounded and cannot have full coverage. It is good to that things are delivered in a timely manner, however failure will not break compliance. | N/A | Yes | +| NO_EXPLICIT_TEST | A Secure Partition is guaranteed to be able to execute and read its own code regions and read its own read-only data regions. | N/A | No explicit test written to cover this rule. This is a minimum requirement to able to launch and run secure partition. Failing to provide this, will not be able to run IPC test suite. | N/A | Yes | +| NOT_COVERED | psa_get returns PSA_ERROR_DOES_NOT_EXIST if the SPM cannot deliver a message to the Secure Partition following the assertion of the RoT Service signal. | N/A | This scenario cannot be simulated as test can't generate stimulus where psa_get() API returns PSA_ERROR_DOES_NOT_EXIST. However every instances of psa_get() API call in test suite checks the API return value and re-waits for signal delivery if return value is PSA_ERROR_DOES_NOT_EXIST. | N/A | No | +| NOT_COVERED | The call to psa_call is PROGRAMMER ERROR if the connection is already handling a request. | N/A | This rule is not verified beacuse of following reasons:
- There is no common infrastructure to test this rule as this needs two OS specific tasks where one task interrupted during execution of psa_call or psa_close and second task scheduled to execute psa_call using same handle.
- It is hard to write test stimulus where this rule is always hit as it is highly dependent of platform software scheduling policy.
| N/A | No | +| NOT_COVERED | The call to psa_close is PROGRAMMER ERROR if the connection is already handling a request | N/A | This rule is not verified beacuse of following reasons:
- There is no common infrastructure to test this rule as this needs two OS specific tasks where one task interrupted during execution of psa_call or psa_close and second task scheduled to execute psa_close using same handle.
- It is hard to write test stimulus where this rule is always hit as it is highly dependent of platform software scheduling policy.
| N/A | No | +| NOT_COVERED | Manifest Parameter - priority (required)
Partitions must be assigned one of the following priority groups:¿ HIGH¿ NORMAL¿ LOWLOW is the lowest priority. Priority is ignored by SPMs that do not implement any priority-based scheduling. | N/A | Use of these fields are highly dependent on type of SPM scheduling policy, hence can't test the behavious of this field. And test suite partition manifests are provided with priority field equal to LOW. | N/A | No | +| NOT_COVERED | Secure Partition IDs must be fixed across updates | N/A | Checking for Partition IDs across SPM updates is out of scope for PSA IPC tests. | N/A | No | ## License Arm PSA test suite is distributed under Apache v2.0 License. diff --git a/api-tests/docs/psa_its_testlist.md b/api-tests/docs/psa_its_testlist.md index 61a86d5b..f169577a 100644 --- a/api-tests/docs/psa_its_testlist.md +++ b/api-tests/docs/psa_its_testlist.md @@ -8,19 +8,19 @@ Following are the requirements of the Storage Test Suite.
2. Storage Test Cases use UID value starting from 1 onwards. These UID needs to be free for successfull test execution.
3. UID values 1 and 2 are reserved as WRITE_ONCE UID.These UID can't be free from testcase. Make sure these are free.
- -| Test | Return Value | API Verified | Test Algorithm | UID Usage | -|-----------|--------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| test_s001 | PSA_ITS_ERROR_UID_NOT_FOUND | psa_its_get
psa_its_get_info
psa_its_remove
| 1. Call get API with UID for which no UID/Data pair is created
2. Call get_info API for which no UID/Data pair is created
3. Call remove API for which no UID/Data pair is created
4. Set valid UID/Data pair with uid1
5. Set one more set of UID/Data pair, with different uid, than previous
6. Remove the uid of step 4.
7. Call get API for removed UID/data pair
8. Call get_info API for removed UID/Data pair
9. Call remove API for removed UID/Data pair
10. Set valid UID/Data pair
11. Call get API for different uid , then created
12. Call get_info API for different uid, then created
13. Call remove API for different uid, then created
14. Remove the created UID/Data pair.
15. Remove the stray uid.
| UID value used are 5,6,7 | -| test_s002 | PSA_ITS_ERROR_WRITE_ONCE | psa_its_set
psa_its_remove
| 1. Set valid UID/data value pair , with create flag value none.2. Call get and get_info API to validate the data, attributes associated with data
3. Call set API again with same uid and create flag PSA_PS_WRITE_ONCE_FLAG
4. Call get and get_info API to validate the data, attributes associated with data is not changed after second set operation
5. try to remove the UID/data pair.
6. Create new UID/data value pair, with create flag PSA_PS_WRITE_ONCE_FLAG
7. Try to remove the created UID.
8. Call get and get_info API to validate the data, attributes associated with data
9. Again call SET with same UID , create flag PSA_PS_WRITE_ONCE_FLAG but different data length
10. Try to remove the UID, PSA_ITS_ERROR_WRITE_ONCE error should be returned
11. Call get and get_info API to validate the data, attributes associated with data
| UID value used are 1 and 2 | -| test_s003 | PSA_ITS_ERROR_INSUFFICIENT_SPACE | psa_its_set
| 1. Create UID/data pairs, with data_len 256 bytes. Do this with incrementing uid values till we have INSUFFICENT_SPACE.
2. Remove all the UID/data pairs created.
3. Repeat the steps once more, to check all previous uid are removed successfully
| UID value starts from 5 and keep on incrementing till all space is exhausted | -| test_s004 | PSA_ITS_SUCCESS | psa_its_set
psa_its_get
psa_its_get_info
psa_its_remove
| 1. Set a valid uid/data pair
2. Validate the data using get api
3. Change the data length to half of previous.
4. Call GET api with original data length , error should be returned and also the return buffer should be empty
5. Call GET api with correct data_len and validate the data received.
6. Check old data cannot be accessed.
7. Call REMOVE api to delete the UID/data pair
| UID value used is 5 | -| test_s005 | PSA_ITS_SUCCESS | psa_its_set
psa_its_get
psa_its_get_info
psa_its_remove
| 1. Set valid UID/data pair with varying uid and data_len
2. Call GET api and validate the set data
3. Call GET info api and validate the data attributes
4. Call REMOVE api to delete the UID/data pair
| UID value used are 4 | -| test_s006 | PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED | psa_its_set
| 1. Call the SET_INFO with minimum flag value to max flag value
2. Call GET_INFO api and validate the flag value
3. Remove the uid/data pair
| UID value used is 5 | -| test_s007 | PSA_ITS_ERROR_INCORRECT_SIZE | psa_its_set
| 1. Create valid uid/data pair.
2. Increase the length of storage.
3. Try to access the old length using get api.
4. Try to access with valid length less than stored size.
5. Decrease the length of storage.
6. Try to access the old length.
7. Remove the uid
| UID value used is 5 | -| test_s008 | PSA_ITS_ERROR_OFFSET_INVALID | psa_its_get
| 1. Set valid UID/data pair
2. Call GET api with valid offset and offset + data_len equal to stored data size.
3. Call GET api with valid offset and offset + data_len less than stored data size.
4. Call get api with invalid offset.
5. Call get api with zero offset , but data len greater than data size.
6. Remove the uid.
| UID value used is 5 | -| test_s009 | PSA_ITS_ERROR_INVALID_ARGUMENTS | psa_its_get
psa_its_set
psa_its_get_info
| 1. Call the SET API with NULL pointer and data_len zero
2. Validate using get_info api storage should not be present.
3. Set storage entity with valid write_buffer , but length zero.
4. Again try to set for same uid with NULL write_buffer.
5. Call get and get_info api with NULL pointer and valid uid.
6. Remove the uid
| UID value used is 5
| -| test_s010 | PSA_ITS_ERROR_STORAGE_FAILURE
| psa_its_set
| 1. Call the SET API with UID value 0.
2. Check that storage creation fails.
| UID value used is 0
| +| Test | Test Scenario | API Verified | Return Value | Test Algorithm | UID Usage | +|-----------|--------------------------------------|-------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| test_s001 | Get,get_info and remove API's call for
non-existent and removed assest | psa_its_get
psa_its_get_info
psa_its_remove
| PSA_ITS_ERROR_UID_NOT_FOUND | 1. Call get API with UID for which no UID/Data pair is created
2. Call get_info API for which no UID/Data pair is created
3. Call remove API for which no UID/Data pair is created
4. Set valid UID/Data pair with uid1
5. Set one more set of UID/Data pair, with different uid, than previous
6. Remove the uid of step 4.
7. Call get API for removed UID/data pair
8. Call get_info API for removed UID/Data pair
9. Call remove API for removed UID/Data pair
10. Set valid UID/Data pair
11. Call get API for different uid , then created
12. Call get_info API for different uid, then created
13. Call remove API for different uid, then created
14. Remove the created UID/Data pair.
15. Remove the stray uid.
| UID value used are 5,6,7 | +| test_s002 | Overwriting data for asset created with
WRITE_ONCE flag | psa_its_set
psa_its_remove
| PSA_ITS_ERROR_WRITE_ONCE | 1. Set valid UID/data value pair , with create flag value none.
2. Call get and get_info API to validate the data, attributes associated with data
3. Call set API again with same uid and create flag PSA_PS_WRITE_ONCE_FLAG
4. Call get and get_info API to validate the data, attributes associated with data
is not changed after second set operation
5. try to remove the UID/data pair.
6. Create new UID/data value pair, with create flag PSA_PS_WRITE_ONCE_FLAG
7. Try to remove the created UID.
8. Call get and get_info API to validate the data, attributes associated with data
9. Again call SET with same UID , create flag PSA_PS_WRITE_ONCE_FLAG but
different data length
10. Try to remove the UID, PSA_ITS_ERROR_WRITE_ONCE error should be returned
11. Call get and get_info API to validate the data, attributes associated with data
| UID value used are 1 and 2 | +| test_s003 | Exhaust storage space | psa_its_set
|PSA_ITS_ERROR_INSUFFICIENT_SPACE | 1. Create UID/data pairs, with data_len 256 bytes. Do this with incrementing
uid values till we have INSUFFICENT_SPACE.
2. Remove all the UID/data pairs created.
3. Repeat the steps once more, to check all previous uid are removed successfully
| UID value starts from 5 and keep on incrementing till all space is exhausted | +| test_s004 | Overwriting data for asset created without WRITE_ONCE flag | psa_its_set
psa_its_get
psa_its_get_info
psa_its_remove
| PSA_ITS_SUCCESS | 1. Set a valid uid/data pair
2. Validate the data using get api
3. Change the data length to half of previous.
4. Call GET api with original data length , error should be returned and also
the return buffer should be empty
5. Call GET api with correct data_len and validate the data received.
6. Check old data cannot be accessed.
7. Call REMOVE api to delete the UID/data pair
| UID value used is 5 | +| test_s005 | Get, get_info and remove API call for valid assest | psa_its_set
psa_its_get
psa_its_get_info
psa_its_remove
| PSA_ITS_SUCCESS |1. Set valid UID/data pair with varying uid and data_len
2. Call GET api and validate the set data
3. Call GET info api and validate the data attributes
4. Call REMOVE api to delete the UID/data pair
| UID value used are 4 | +| test_s006 | Storage asset creation with unsupported
create_flag value | psa_its_set
| PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED | 1. Call the SET_INFO with minimum flag value to max flag value
2. Call GET_INFO api and validate the flag value
3. Remove the uid/data pair
| UID value used is 5 | +| test_s007 | Get API call with length different than asset
data length | psa_its_set
| PSA_ITS_ERROR_INCORRECT_SIZE | 1. Create valid uid/data pair.
2. Increase the length of storage.
3. Try to access the old length using get api.
4. Try to access with valid length less than stored size.
5. Decrease the length of storage.
6. Try to access the old length.
7. Remove the uid
| UID value used is 5 | +| test_s008 | Get API call with invalid offset | psa_its_get
|PSA_ITS_ERROR_OFFSET_INVALID | 1. Set valid UID/data pair
2. Call GET api with valid offset and offset + data_len equal to stored data size.
3. Call GET api with valid offset and offset + data_len less than stored data size.
4. Call get api with invalid offset.
5. Call get api with zero offset , but data len greater than data size.
6. Remove the uid.
| UID value used is 5 | +| test_s009 | API call with NULL pointer and zero length | psa_its_get
psa_its_set
psa_its_get_info
| PSA_ITS_SUCCESS | 1. Call the SET API with NULL pointer and data_len zero
2. Validate using get_info api storage should be present.
3. Call get API with NULL pointer.
4. Remove the UID.
5. Call get_info API to validate storage is removed.
6. Set storage entity with valid write_buffer , but length zero.
7. Call get_info API to validate storage attributes.
8. Call get_info api with NULL pointer and valid uid.
9. Remove the uid
| UID value used is 5
| +| test_s010 | Storage assest creation with UID value 0
| psa_its_set
| PSA_ITS_ERROR_INVALID_ARGUMENTS | 1. Call the SET API with UID value 0.
2. Check that storage creation fails.
| UID value used is 0
+| NA | Storage Failure
| NA
| PSA_ITS_ERROR_STORAGE_FAILURE
| 1. The failure cause will depend on the underlying
platform and vary for each implementation.
It is skipped in current suite
| NA
| ## License Arm PSA test suite is distributed under Apache v2.0 License. diff --git a/api-tests/docs/psa_ps_testlist.md b/api-tests/docs/psa_ps_testlist.md index 6e10a9c2..2675c7fc 100644 --- a/api-tests/docs/psa_ps_testlist.md +++ b/api-tests/docs/psa_ps_testlist.md @@ -9,23 +9,28 @@ Following are the requirements of the Storage Test Suite.
3. UID values 1 and 2 are reserved as WRITE_ONCE UID.These UID can't be free from testcase. Make sure these are free.
-| Test | Return Value | API Verified | Test Algorithm | UID Usage | -|-----------|--------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| test_s001 | PSA_PS_ERROR_UID_NOT_FOUND | psa_ps_get
psa_ps_get_info
psa_ps_remove
| 1. Call get API with UID for which no UID/Data pair is created.
2. Call get_info API for which no UID/Data pair is created.
3. Call remove API for which no UID/Data pair is created.
4. Set valid UID/Data pair with uid1.
5. Set one more set of UID/Data pair, with different uid, than previous.
6. Remove the uid of step 4.
7. Call get API for removed UID/data pair.
8. Call get_info API for removed UID/Data pair.
9. Call remove API for removed UID/Data pair.
10. Set valid UID/Data pair.
11. Call get API for different uid , then created.
12. Call get_info API for different uid, then created.
13. Call remove API for different uid, then created.
14. Remove the created UID/Data pair.
15. Remove the stray uid.
| UID value used are 5, 6, 7 | -| test_s002 | PSA_PS_ERROR_WRITE_ONCE | psa_ps_set
psa_ps_remove
| 1. Set valid UID/data value pair , with create flag value none.
2. Call get and get_info API to validate the data, attributes associated with data.
3. Call set API again with same uid and create flag PSA_PS_WRITE_ONCE_FLAG.
4. Call get and get_info API to validate the data, attributes associated with data is not changed after second set operation
5. Try to remove the UID/data pair.
6. Create new UID/data value pair, with create flag PSA_PS_WRITE_ONCE_FLAG.
7. Try to remove the created UID.
8. Call get and get_info API to validate the data, attributes associated with data.
9. Again call SET with same UID , create flag PSA_PS_WRITE_ONCE_FLAG but different data length.
10. Try to remove the UID, PSA_PS_ERROR_WRITE_ONCE error should be returned.
11. Call get and get_info API to validate the data, attributes associated with data.
| UID value used are 1 and 2 | -| test_s003 | PSA_PS_ERROR_INSUFFICIENT_SPACE | psa_ps_set
| 1. Create UID/data pairs, with data_len 256 bytes. Do this with incrementing uid values till we have INSUFFICENT_SPACE.
2. Remove all the UID/data pairs created.
3. Repeat the steps once more, to check all previous uid are removed successfully.
| UID value starts from 5 and keep on incrementing till all space is exhausted | -| test_s004 | PSA_PS_SUCCESS | psa_ps_set
psa_ps_get
psa_ps_get_info
psa_ps_remove
| 1. Set a valid uid/data pair.
2. Validate the data using get api.
3. Change the data length to half of previous.
4. Call GET api with original data length , error should be returned and also the return buffer should be empty.
5. Call GET api with correct data_len and validate the data received.
6. Check old data cannot be accessed.
7. Call REMOVE api to delete the UID/data pair.
| UID value used is 5 | -| test_s005 | PSA_PS_SUCCESS | psa_ps_set
psa_ps_get
psa_ps_get_info
psa_ps_remove
| 1. Set valid UID/data pair with varying uid and data_len.
2. Call GET api and validate the set data.
3. Call GET info api and validate the data attributes.
4. Call REMOVE api to delete the UID/data pair.
| UID value used are 4 | -| test_s006 | PSA_PS_ERROR_FLAGS_NOT_SUPPORTED | psa_ps_set
| 1. Call the SET_INFO with minimum flag value to max flag value.
2. Call GET_INFO api and validae the flag value.
3. Remove the uid/data pair.
| UID value used is 5 | -| test_s007 | PSA_PS_ERROR_INCORRECT_SIZE | psa_ps_set
| 1. Create valid uid/data pair.
2. Increase the length of storage.
3. Try to access the old length using get api.
4. Try to access with valid length less than stored size.
5. Decrease the length of storage.
6. Try to access the old length.
7. Remove the uid.
| UID value used is 5 | -| test_s008 | PSA_PS_ERROR_OFFSET_INVALID | psa_ps_get
| 1. Set valid UID/data pair.
2. Call GET api with valid offset and offset + data_len equal to stored data size.
3. Call GET api with valid offset and offset + data_len less than stored data size.
4. Call get api with invalid offset.
5. Call get api with zero offset , but data len greater than data size.
6. Remove the uid.
| UID value used is 5 | -| test_s009 | PSA_PS_ERROR_INVALID_ARGUMENT | psa_ps_get
psa_ps_set
psa_ps_get_info
| 1. Call the SET API with NULL pointer and data_len zero.
2. Validate using get_info api storage should not be present.
3. Set storage entity with valid write_buffer , but length zero.
4. Again try to set for same uid with NULL write_buffer.
5. Call get and get_info api with NULL pointer and valid uid.
6. Remove the uid.
| UID value used is 5
| -| test_s010 | PSA_PS_ERROR_STORAGE_FAILURE
| psa_ps_set
| 1. Call the SET API with UID value 0.
2. Check that storage creation fails.
| UID value used is 0
| -| test_p011 | PSA_PS_ERROR_UID_NOT_FOUND | psa_ps_create
psa_ps_set_extended
| 1. Call the SET Extended API when no uid present.
2. Create a valid storage using set.
3. Call create api with different length for existing uid.
4. Call create api to set WRITE_ONCE flag.
5. Validate data attributes are maintained.
6. Remove the uid.
7. Create valid storage using create api.
8. Try to change length using create api.
9. Validate storage is empty.
10. Again call create api with original parameters.
11. Remove the uid.
12. Check no duplicate entry present.
| UID value used is 5
| -| test_p012 | PSA_PS_ERROR_INVALID_ARGUMENT
PSA_PS_ERROR_OFFSET_INVALID
| psa_ps_create
psa_ps_set_extended
| 1. Create a valid storage using set.
2. Set data on first half of buffer.
3. Try to set data at incorrect offset +length.
4. Try to set data at incorrect offset.
5. Try to set at correct offset but zero length buffer.
6. Try to set data at incorrect length and valid offset.
7. Overwrite the storage using set api.
8. Validate data is correctly written.
9. Call set_extended with NULL write buffer.
10. Overwrite storage using set_extended api.
11. Remove the uid.
| UID value used is 6
-| test_p013 | PSA_PS_SUCCESS | psa_ps_set_extended
| 1. Create Storage of zero length using create.
2. Try to set some data in the storage created.
3. Validate the storage attributes.
4. Remove the storage.
5. Create a valid storage with non-zero length.
6. Set data in the buffer.
7. Validate the data attributes.
8. Overwrite data using set api.
9. Validate the data.
10. Call create api for existing uid with same parameters.
11. Remove the uid.
12. Check with set_extended no duplicate uid exists.
| UID value used is 4 -| test_p014 | PSA_PS_ERROR_NOT_SUPPORTED | psa_ps_create
psa_ps_set_extended
| Below Steps will be run only if optional API are not supported.
1. Create API call should fail.
2. Check the UID should not exist.
3. Create storage using set API.
4. Try to partially write using set_extended API.
5. Validate data is not modified.
6. Remove the uid.
| UID value used is 5 -| test_p015 | PSA_PS_ERROR_FLAGS_NOT_SUPPORTED | psa_ps_create
| Below Step will be run only if optional API are supported.
1. Create API call with WRITE_ONCE flag should fail.
| UID value used is 5 +| Test | Test Scenario | API Verified | Return Value | Test Algorithm | UID Usage | +|-----------|--------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| +| test_s001 | Get,get_info and remove API's call for
non-existent and removed assest | psa_ps_get
psa_ps_get_info
psa_ps_remove
|PSA_PS_ERROR_UID_NOT_FOUND | 1. Call get API with UID for which no UID/Data pair is created.
2. Call get_info API for which no UID/Data pair is created.
3. Call remove API for which no UID/Data pair is created.
4. Set valid UID/Data pair with uid1.
5. Set one more set of UID/Data pair, with different uid, than previous.
6. Remove the uid of step 4.
7. Call get API for removed UID/data pair.
8. Call get_info API for removed UID/Data pair.
9. Call remove API for removed UID/Data pair.
10. Set valid UID/Data pair.
11. Call get API for different uid , then created.
12. Call get_info API for different uid, then created.
13. Call remove API for different uid, then created.
14. Remove the created UID/Data pair.
15. Remove the stray uid.
| UID value used are 5, 6, 7 | +| test_s002 | Overwriting data for asset created with
WRITE_ONCE flag | psa_ps_set
psa_ps_remove
| PSA_PS_ERROR_WRITE_ONCE | 1. Set valid UID/data value pair , with create flag value none.
2. Call get and get_info API to validate the data, attributes associated with data.
3. Call set API again with same uid and create flag PSA_PS_WRITE_ONCE_FLAG.
4. Call get and get_info API to validate the data, attributes associated with data is not changed after second set operation
5. Try to remove the UID/data pair.
6. Create new UID/data value pair, with create flag PSA_PS_WRITE_ONCE_FLAG.
7. Try to remove the created UID.
8. Call get and get_info API to validate the data, attributes associated with data.
9. Again call SET with same UID , create flag PSA_PS_WRITE_ONCE_FLAG but different data length.
10. Try to remove the UID, PSA_PS_ERROR_WRITE_ONCE error should be returned.
11. Call get and get_info API to validate the data, attributes associated with data.
| UID value used are 1 and 2 | +| test_s003 | Exhaust storage space | psa_ps_set
| PSA_PS_ERROR_INSUFFICIENT_SPACE | 1. Create UID/data pairs, with data_len 256 bytes. Do this with incrementing uid values till we have INSUFFICENT_SPACE.
2. Remove all the UID/data pairs created.
3. Repeat the steps once more, to check all previous uid are removed successfully.
| UID value starts from 5 and keep on incrementing till all space is exhausted | +| test_s004 | Overwriting data for asset created without
WRITE_ONCE flag | psa_ps_set
psa_ps_get
psa_ps_get_info
psa_ps_remove
| PSA_PS_SUCCESS | 1. Set a valid uid/data pair.
2. Validate the data using get api.
3. Change the data length to half of previous.
4. Call GET api with original data length , error should be returned and also the return buffer should be empty.
5. Call GET api with correct data_len and validate the data received.
6. Check old data cannot be accessed.
7. Call REMOVE api to delete the UID/data pair.
| UID value used is 5 | +| test_s005 | Get, get_info and remove API call for valid assest | psa_ps_set
psa_ps_get
psa_ps_get_info
psa_ps_remove
| PSA_PS_SUCCESS | 1. Set valid UID/data pair with varying uid and data_len.
2. Call GET api and validate the set data.
3. Call GET info api and validate the data attributes.
4. Call REMOVE api to delete the UID/data pair.
| UID value used are 4 | +| test_s006 | Storage asset creation with unsupported | psa_ps_set
| PSA_PS_ERROR_FLAGS_NOT_SUPPORTED | 1. Call the SET_INFO with minimum flag value to max flag value.
2. Call GET_INFO api and validae the flag value.
3. Remove the uid/data pair.
| UID value used is 5 | +| test_s007 | Get API call with invalid length | psa_ps_get
| PSA_PS_ERROR_INCORRECT_SIZE | 1. Create valid uid/data pair.
2. Increase the length of storage.
3. Try to access the old length using get api.
4. Try to access with valid length less than stored size.
5. Decrease the length of storage.
6. Try to access the old length.
7. Remove the uid.
| UID value used is 5 | +| test_s008 | Get API call with invalid offset | psa_ps_get
| PSA_PS_ERROR_INCORRECT_SIZE | 1. Set valid UID/data pair.
2. Call GET api with valid offset and offset + data_len equal to stored data size.
3. Call GET api with valid offset and offset + data_len less than stored data size.
4. Call get api with invalid offset.
5. Call get api with zero offset , but data len greater than data size.
6. Remove the uid.
| UID value used is 5 | +| test_s009 | API call with NULL pointer and zero length | psa_ps_get
psa_ps_set
psa_ps_get_info
| PSA_PS_SUCCESS | 1. Call the SET API with NULL pointer and data_len zero
2. Validate using get_info api storage should be present.
3. Call get API with NULL pointer.
4. Remove the UID.
5. Call get_info API to validate storage is removed.
6. Set storage entity with valid write_buffer , but length zero.
7. Call get_info API to validate storage attributes.
8. Call get_info api with NULL pointer and valid uid.
9. Remove the uid.
| UID value used is 5
| +| test_s010 | Storage assest creation with UID value 0
| psa_ps_set
| PSA_PS_ERROR_INVALID_ARGUMENTS
| 1. Call the SET API with UID value 0.
2. Check that storage creation fails.
| UID value used is 0
| +| test_p011 | Set_extended API's call for
non-existent and removed assest | psa_ps_set_extended
| PSA_PS_ERROR_UID_NOT_FOUND
| 1. Call the SET Extended API when no uid present.
2. Create a valid storage using set.
3. Call create api with different length for existing uid.
4. Call create api to set WRITE_ONCE flag.
5. Validate data attributes are maintained.
6. Remove the uid.
7. Create valid storage using create api.
8. Try to change length using create api.
9. Validate storage is empty.
10. Again call create api with original parameters.
11. Remove the uid.
12. Check no duplicate entry present.
| UID value used is 5
| +| test_p012 | Set_extended API's call
with invalid offset | psa_ps_set_extended
| PSA_PS_ERROR_OFFSET_INVALID
| 1. Create a valid storage using set.
2. Set data on first half of buffer.
3. Try to set data at incorrect offset +length.
4. Try to set data at incorrect offset.
5. Try to set at correct offset but zero length buffer.
6. Try to set data at incorrect length and valid offset.
7. Overwrite the storage using set api.
8. Validate data is correctly written.
9. Call set_extended with NULL write buffer.
10. Overwrite storage using set_extended api.
11. Remove the uid.
| UID value used is 6
+| test_p013 | Create and set_extended API call for valid assest | psa_ps_set_extended
psa_ps_create | PSA_PS_SUCCESS | 1. Create Storage of zero length using create.
2. Try to set some data in the storage created.
3. Validate the storage attributes.
4. Remove the storage.
5. Create a valid storage with non-zero length.
6. Set data in the buffer.
7. Validate the data attributes.
8. Overwrite data using set api.
9. Validate the data.
10. Call create api for existing uid with same parameters.
11. Remove the uid.
12. Check with set_extended no duplicate uid exists.
| UID value used is 4 +| test_p014 | Create and set_extended API call
when API's not supported | psa_ps_create
psa_ps_set_extended
| PSA_PS_ERROR_NOT_SUPPORTED | Below Steps will be run only if optional API are not supported.
1. Create API call should fail.
2. Check the UID should not exist.
3. Create storage using set API.
4. Try to partially write using set_extended API.
5. Validate data is not modified.
6. Remove the uid.
| UID value used is 5 +| test_p015 | Create API call with
WRITE_ONCE flag | psa_ps_create
|PSA_PS_ERROR_FLAGS_NOT_SUPPORTED | Below Step will be run only if optional API are supported.
1. Create API call with WRITE_ONCE flag should fail.
| UID value used is 5 +| NA | Storage Failure
| NA
| PSA_PS_ERROR_STORAGE_FAILURE
| 1. The failure cause will depend on the underlying
platform and vary for each implementation.
It is skipped in current suite
| NA
| +| NA | Operation Failure
| NA
| PSA_PS_ERROR_OPERATION_FAILED
| 1. The failure cause will depend on the underlying
platform and vary for each implementation.
It is skipped in current suite
| NA
| +| NA | Authentication Failure
| NA
| PSA_PS_ERROR_AUTH_FAILED
| 1. The failure cause will depend on the underlying
platform and vary for each implementation.
It is skipped in current suite
| NA
| +| NA | Data Corruption
| NA
| PSA_PS_ERROR_DATA_CORRUPT
| 1. The failure cause will depend on the underlying
platform and vary for each implementation.
It is skipped in current suite
| NA
| + ## License Arm PSA test suite is distributed under Apache v2.0 License. diff --git a/api-tests/docs/sw_requirements.md b/api-tests/docs/sw_requirements.md index 3150044d..7a747254 100644 --- a/api-tests/docs/sw_requirements.md +++ b/api-tests/docs/sw_requirements.md @@ -1,24 +1,23 @@ -# Architecture Test Suite Software requirements +# Architecture Test Suite Software Requirements -## Prerequisite Before starting the test suite build, ensure that the following requirements are met:
- Host Operating System : Ubuntu 16.04 -- Scripting tools : Perl 5.12.3 +- Scripting tools : Perl 5.12.3, Python 3.1.7 - Compiler toolchain : GNU Arm Embedded Toolchain 6.3.1, Arm Compiler v6.7 -*Note*: To compile Test Suite code, at least one of the above supported compiler toolchains - have to be available in the build environment. +**Note**: To compile the test suite code, at least one of the above supported compiler toolchains + must be available in the build environment. -### Setup a shell to enable compiler toolchain after installation +### Setting up a shell to enable compiler toolchain after installation -To import GNU Arm in your bash shell console: +To import GNU Arm in your bash shell console, execute: ~~~ export PATH=/bin:$PATH ~~~ -To import Arm Compiler in your bash shell console: +To import Arm Compiler in your bash shell console, execute: ~~~ export PATH=/bin:$PATH ~~~ @@ -30,15 +29,28 @@ To download the master branch of the repository, type the following command:
/nspe/initial_attestation/ext -cd ./platform/targets//nspe/initial_attestation/ext; git checkout 01168ef3f20e81d5db1ebd0cfa9a70055ee5b155 +cd ./platform/targets//nspe/initial_attestation/ext; git checkout da53227db1488dde0952bdff66c3d904dce270b3 +~~~ + +## To build on Cygwin(32-bit) + +To build test suite on Cygwin ensure all the above prerequisite in place. + +**Note**: Downloading the test suite in Window platform can have extra +newline chars than Unix. Therefore, it is recommended to execute the +following command to change the newline char format before running +any test suite command.
+ +~~~ +dos2unix ./tools/scripts/setup.sh ~~~ ## License diff --git a/api-tests/ff/README.md b/api-tests/ff/README.md index d24bef35..8c820865 100644 --- a/api-tests/ff/README.md +++ b/api-tests/ff/README.md @@ -1,43 +1,35 @@ -# PSA Firmware Framework : Architecture Test Suite +# PSA Firmware Framework Architecture Test Suite -## Introduction +## PSA Firmware Framework -### PSA Firmware Framework (PSA-FF) - -The PSA-FF defines a standard interface and framework, to isolate trusted functionality withinconstrained IoT devices. +*PSA Firmware Framework* (PSA-FF) defines a standard interface and framework to isolate trusted functionality within constrained IoT devices. The framework provides: - Architecture that describes isolated runtime environments (partitions) for trusted and untrusted firmware. - A standard model for describing the functionality and resources in each partition. -- A secure IPC interface to request services from other partitions. -- A model that describes how the partitions can interact with one another, as well as the hardware and the firmware framework implementation, itself. -- A standard interfaces for the PSA RoT Services. - -This specification enables the development of secure firmware functionality that can be reused on different devices that use any conforming implementation of the Firmware Framework. For more information, download the [PSA FF Specification](https://pages.arm.com/psa-resources-ff.html?_ga=2.97388575.1220230133.1540547473-1540784585.1540547382) - -### Architecture Test Suite +- A Secure IPC interface to request services from other partitions. +- A model that describes how the partitions can interact with one another, as well as the hardware and the firmware framework implementation itself. +- A standard interface for the PSA RoT services such as PSA RoT lifecycle service. -The Architecture Test Suite is a set of examples of the invariant behaviours that are specified by the PSA FF Specification. Use this suite to verify that these behaviours are implemented correctly in your system. +This specification enables the development of Secure firmware functionality which can be reused on different devices that use any conforming implementation of the Firmware Framework. For more information, download the [PSA-FF Specification](https://pages.arm.com/psa-resources-ff.html?_ga=2.97388575.1220230133.1540547473-1540784585.1540547382). -The Architecture Test Suite contains the tests that are self-checking, portable C-based tests with directed stimulus. +### Architecture test suite -The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution. This test suite is not a substitute for design verification. To review the test logs, Arm licensees can contact Arm directly through their partner managers. +The architecture test suite is a set of examples of the invariant behaviors that are specified by the PSA-FF specification. Use this suite to verify whether these behaviors are implemented correctly in your system. This suite contains self-checking and portable C-based tests with directed stimulus. The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution. -For more information on Architecture Test Suite specification, refer the [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf) document. +This test suite is not a substitute for design verification. To review the test logs, Arm licensees can contact Arm directly through their partner managers. -## Tests Scenarios +For more information on architecture test suite specification, refer to the [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf) document. -The mapping of the rules in the specification to the test cases and the steps followed in the tests are mentioned in the [Scenario document](../docs/) present in the docs/ folder. +## Tests scenarios +The mapping of the rules in the specification to the test cases and the steps followed in the tests are mentioned in the [Scenario Document](../docs/) present in the **docs/** folder. -## Getting Started -Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests.
+## Getting started -### Prerequisite - -Please make sure you have all required software installed as explained in the [software requirements](../docs/sw_requirements.md). +Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests. Make sure you have all required software installed as explained in the [Software Requirements](../docs/sw_requirements.md). ### Porting steps @@ -45,64 +37,69 @@ Refer to the [PSA-FF Test Suite Porting Guide](../docs/porting_guide_ff.md) docu ### Build steps -To build test suite for a given platform, execute the following commands: +To build the test suite for your target platform, perform the following steps. -1. cd api-tests +1. Execute `cd api-tests`. -2. Using your secure partition build tool, parse following test suite partition manifest files and generate manifest output files. The manifest parsing tool must be compliant to manifest rules defined in the PSA FF specification.
-
Test suite manifest to be parsed:
- - platform/targets//manifests/common/driver_partition_psa.json - - platform/targets//manifests/ipc/client_partition_psa.json - - platform/targets//manifests/ipc/server_partition_psa.json +2. Using your Secure partition build tool, parse the following test suite partition manifest files and generate manifest output files. The manifest parsing tool must be compliant with the manifest rules defined in the PSA FF specification.
+
The test suite manifests to be parsed are:
+ - **platform/targets//manifests/common/driver_partition_psa.json** + - **platform/targets//manifests/ipc/client_partition_psa.json** + - **platform/targets//manifests/ipc/server_partition_psa.json** -3. Compile tests
+3. Compile the tests as shown below.
``` - ./tools/scripts/setup.sh --target --cpu_arch --suite --build --include + ./tools/scripts/setup.sh --target --cpu_arch --suite --build --include --archive_tests ```
where: -- is the same as the name of the target specific directory created in the platform/targets/ directory.
-- is the Arm Architecture version name for which test binaries should be compiled. For example, Armv7M, Armv8M-Baseline and Armv8M-Mainline Architecture.
-- is the suite name and it is same as the suite name available in test_suites/ directory.
-- is an additional directory to be included into compiler search path. Note- To compile ipc tests, include path must point to path where "psa/client.h", "psa/service.h" and test partition manifest output files(``"psa_manifest/sid.h" and "psa_manifest/.h"``) are located in your build system.
-- is an output directory to keep build files. +- is the same as the name of the target specific directory created in the **platform/targets/** directory.
+- is the Arm Architecture version name for which the tests should be compiled. For example, Armv7M, Armv8M-Baseline and Armv8M-Mainline Architecture.
+- is the suite name which is the same as the suite name available in **ff/** directory.
+- is a directory to store the build output files.
+- is an additional directory to be included into the compiler search path.
+Note: To compile IPC tests, the include path must point to the path where **psa/client.h**, **psa/service.h**, **psa/lifecycle.h** and test partition manifest output files(**psa_manifest/sid.h**, **psa_manifest/pid.h** and **psa_manifest/.h**) are located in your build system.
+- Use **--archive_tests** option to create a combined test archive(test_combine.a) file by combining the available test objects files. Not using this option will create a combined test binary(test_elf_combine.bin) by combining the available test ELFs. -Refer ./tools/scripts/setup.sh --help to know more about options. +For more information about options, refer to **./tools/scripts/setup.sh --help**. -*To compile ipc tests for tgt_ff_mbedos_fvp_mps2_m4 platform* +To compile IPC tests for **tgt_ff_mbedos_fvp_mps2_m4** platform, execute the following commands: ``` cd api-tests -./tools/scripts/setup.sh --target tgt_ff_mbedos_fvp_mps2_m4 --cpu_arch armv7m --suite ipc --build BUILD_IPC --include --include +./tools/scripts/setup.sh --target tgt_ff_mbedos_fvp_mps2_m4 --cpu_arch armv7m --suite ipc --build BUILD_IPC --include --include --archive_tests ``` +**Note**: The default compilation flow includes the functional API tests to build the test suite. It does not include panic tests that check for the API's PROGRAMMER ERROR conditions as defined in the PSA-FF specification. You can include the panic tests for building the test suite just by passing **--include_panic_tests** option to script. ### Build output -Test suite build generates following binaries:
+The test suite build generates the following binaries:
NSPE libraries:
-1. /BUILD/val/val_nspe.a -2. /BUILD/platform/pal_nspe.a -3. /BUILD/ff//test_elf_combine.bin +1. **/BUILD/val/val_nspe.a** +2. **/BUILD/platform/pal_nspe.a** +3. **/BUILD/ff//test_combine.a** -SPE libraries:
-1. /BUILD/partition/driver_partition.a -2. /BUILD/partition/client_partition.a -3. /BUILD/partition/server_partition.a +SPE libraries explicitly for IPC test suite:
+1. **/BUILD/partition/driver_partition.a** +2. **/BUILD/partition/client_partition.a** +3. **/BUILD/partition/server_partition.a** -### Binaries integration into your platform +### Integrating the libraries into your target platform -1. Integrate test partition (SPE archives) with your software stack containing SPM so that partition code get access to PSA defined client and secure partition APIs. This forms a SPE binary. -2. Integrate BUILD/val/val_nspe.a and BUILD/platform/pal_nspe.a libraries with your Non-Secure OS so that these libraries get access to PSA client APIs. This will form a NSPE binary. -3. Load NSPE binary and test_elf_combine.bin to NS memory -4. Load SPE binary into S memory +1. Integrate the test partition (SPE archives) with your software stack containing SPM so that the partition code gets access to PSA-defined client and Secure partition APIs. This forms an SPE binary. +2. Integrate **val_nspe.a**, **pal_nspe.a** and **test_combine.a** libraries with your Non-secure OS so that these libraries get access to PSA client APIs. This forms an NSPE binary. +3. Load NSPE binary into Non-secure memory. +4. Load SPE binary into Secure memory. -## Test Suite Execution -The following steps describe the execution flow prior to the start of test execution:
+## Test suite execution +The following steps describe the execution flow before the test execution:
-1. The target platform must load above binaries into appropriate memory.
-2. The System Under Test (SUT) would boot to an environment which intializes SPM and test suite partitions are ready to accept requests.
-3. On the non-secure side, the SUT - boot software would give control to the test suite entry point- *void val_entry(void);* as an application entry point.
+1. The target platform must load the above binaries into appropriate memory.
+2. The *System Under Test* (SUT) boots to an environment that initializes the SPM and the test suite partitions are ready to accept requests.
+3. On the Non-secure side, the SUT boot software gives control to the test suite entry point **void val_entry(void);** as an application entry point.
4. The tests are executed sequentially in a loop in the test_dispatcher function.
+For details on test suite integration, refer to the **Integrating the test suite with the SUT** section of [Validation Methodology](../docs/Arm_PSA_APIs_Arch_Test_Validation_Methodology.pdf). + ## License Arm PSA test suite is distributed under Apache v2.0 License. @@ -118,4 +115,3 @@ Arm PSA test suite is distributed under Apache v2.0 License. -------------- *Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* - diff --git a/api-tests/ff/ipc/test_i001/test_i001.c b/api-tests/ff/ipc/test_i001/test_i001.c index d1ecc470..80185ad5 100644 --- a/api-tests/ff/ipc/test_i001/test_i001.c +++ b/api-tests/ff/ipc/test_i001/test_i001.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i001.h" @@ -36,7 +36,7 @@ int32_t client_test_psa_framework_version(security_t caller) { int32_t status = VAL_STATUS_SUCCESS; - val->print(PRINT_TEST, "[Check1] psa_framework_version\n", 0); + val->print(PRINT_TEST, "[Check 1] psa_framework_version\n", 0); /* Retrieve the version of the PSA Framework API that is implemented.*/ if (psa->framework_version() != PSA_FRAMEWORK_VERSION) @@ -54,7 +54,7 @@ int32_t client_test_psa_version(security_t caller) int32_t status = VAL_STATUS_SUCCESS; uint32_t version; - val->print(PRINT_TEST, "[Check2] psa_version\n", 0); + val->print(PRINT_TEST, "[Check 2] psa_version\n", 0); /*Return PSA_VERSION_NONE when the RoT Service is not implemented, or the caller is not permitted to access the service. Return minor version of the implemented and allowed RoT Service */ diff --git a/api-tests/ff/ipc/test_i001/test_supp_i001.c b/api-tests/ff/ipc/test_i001/test_supp_i001.c index ce6de385..2a33cfaa 100644 --- a/api-tests/ff/ipc/test_i001/test_supp_i001.c +++ b/api-tests/ff/ipc/test_i001/test_supp_i001.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_framework_version(void); int32_t server_test_psa_version(void); @@ -30,12 +35,12 @@ server_test_t test_i001_server_tests_list[] = { int32_t server_test_psa_framework_version(void) { - val_err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); return VAL_STATUS_SUCCESS; } int32_t server_test_psa_version(void) { - val_err_check_set(TEST_CHECKPOINT_NUM(202), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(202), VAL_STATUS_SUCCESS); return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i002/test_i002.c b/api-tests/ff/ipc/test_i002/test_i002.c index 705ee2b9..abd023f4 100644 --- a/api-tests/ff/ipc/test_i002/test_i002.c +++ b/api-tests/ff/ipc/test_i002/test_i002.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i002.h" @@ -43,27 +43,30 @@ int32_t client_test_connection_busy_and_reject(security_t caller) int32_t status = VAL_STATUS_SUCCESS; psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test busy and reject connect type\n", 0); + val->print(PRINT_TEST, "[Check 1] Test busy and reject connect type\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); - /* The RoT Service can't make connection at this moment. - * Expect PSA_CONNECTION_BUSY by RoT service. + /* + * The RoT Service can't make connection at this moment. It sends + * PSA_ERROR_CONNECTION_BUSY in psa_reply. */ - if (handle != PSA_CONNECTION_BUSY) + if (handle != PSA_ERROR_CONNECTION_BUSY) { - val->print(PRINT_ERROR, "Expected handle=PSA_CONNECTION_BUSY but handle=0x%x\n", handle); + val->print(PRINT_ERROR, + "Expected handle=PSA_ERROR_CONNECTION_BUSY but handle=0x%x\n", handle); return VAL_STATUS_INVALID_HANDLE; } handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* The RoT Service rejected the client because of an application-specific case - * Expect PSA_CONNECTION_REFUSED by RoT service + * Expect PSA_ERROR_CONNECTION_REFUSED as return */ - if (handle != PSA_CONNECTION_REFUSED) + if (handle != PSA_ERROR_CONNECTION_REFUSED) { - val->print(PRINT_ERROR, "Expected handle=PSA_CONNECTION_REFUSED but handle=0x%x\n", handle); + val->print(PRINT_ERROR, + "Expected handle=PSA_ERROR_CONNECTION_REFUSED but handle=0x%x\n", handle); status = VAL_STATUS_INVALID_HANDLE; } @@ -74,7 +77,7 @@ int32_t client_test_accept_and_close_connect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check2] Accept and close connection\n", 0); + val->print(PRINT_TEST, "[Check 2] Accept and close connection\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* RoT service accepts the connection. Expecting positive handle */ @@ -101,7 +104,7 @@ int32_t client_test_connect_with_allowed_minor_version_policy(security_t caller) SERVER_RELAX_MINOR_VERSION_SID}; uint32_t minor_v[] = {1, 2, 1, 2}; - val->print(PRINT_TEST, "[Check3] Test psa_connect with allowed minor version policy\n", 0); + val->print(PRINT_TEST, "[Check 3] Test psa_connect with allowed minor version policy\n", 0); /* Connect RoT service with following minor version numbers and expect positive handle for * each connection: @@ -156,7 +159,7 @@ int32_t client_test_psa_call_with_allowed_status_code(security_t caller) psa_status_t expected_status_code[] = {PSA_SUCCESS, 1, 2, INT32_MAX, -1, -2, INT32_MIN+128}; uint32_t i = 0; - val->print(PRINT_TEST, "[Check4] Test psa_call with allowed status code\n", 0); + val->print(PRINT_TEST, "[Check 4] Test psa_call with allowed status code\n", 0); for (i = 0; i < (sizeof(expected_status_code)/sizeof(expected_status_code[0])); i++) { @@ -179,7 +182,7 @@ int32_t client_test_identity(security_t caller) psa_status_t status_of_call; int id_at_connect = 0, id_at_call = 0; - val->print(PRINT_TEST, "[Check5] Test client_id\n", 0); + val->print(PRINT_TEST, "[Check 5] Test client_id\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -220,16 +223,16 @@ int32_t client_test_spm_concurrent_connect_limit(security_t caller) psa_handle_t handle[CONNECT_LIMIT] = {0}; int i= 0, signture = 0; - val->print(PRINT_TEST, "[Check6] Test connect limit\n", 0); + val->print(PRINT_TEST, "[Check 6] Test connect limit\n", 0); /* Execute psa_connect in a loop until it returns - * PSA_CONNECTION_REFUSED OR PSA_CONNECTION_BUSY + * PSA_ERROR_CONNECTION_REFUSED OR PSA_ERROR_CONNECTION_BUSY */ while (i < CONNECT_LIMIT) { handle[i] = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Compare handle value */ - if ((handle[i] == PSA_CONNECTION_REFUSED) || (handle[i] == PSA_CONNECTION_BUSY)) + if ((handle[i] == PSA_ERROR_CONNECTION_REFUSED) || (handle[i] == PSA_ERROR_CONNECTION_BUSY)) { signture = 1; break; @@ -264,7 +267,7 @@ int32_t client_test_psa_wait(void) for (i = 0; i < CONNECT_NUM; i++) { handle[i] = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); - if (handle[i] != PSA_CONNECTION_REFUSED) + if (handle[i] != PSA_ERROR_CONNECTION_REFUSED) { return VAL_STATUS_INVALID_HANDLE; } @@ -275,12 +278,12 @@ int32_t client_test_psa_wait(void) int32_t client_test_psa_block_behave(security_t caller) { - val->print(PRINT_TEST, "[Check7] Test PSA_BLOCK\n", 0); + val->print(PRINT_TEST, "[Check 7] Test PSA_BLOCK\n", 0); return (client_test_psa_wait()); } int32_t client_test_psa_poll_behave(security_t caller) { - val->print(PRINT_TEST, "[Check8] Test PSA_POLL\n", 0); + val->print(PRINT_TEST, "[Check 8] Test PSA_POLL\n", 0); return (client_test_psa_wait()); } diff --git a/api-tests/ff/ipc/test_i002/test_i002.h b/api-tests/ff/ipc/test_i002/test_i002.h index c4eb205b..a0767873 100644 --- a/api-tests/ff/ipc/test_i002/test_i002.h +++ b/api-tests/ff/ipc/test_i002/test_i002.h @@ -28,7 +28,7 @@ #define psa CONCAT(psa,_client_sp) #endif -#define CONNECT_LIMIT 20 +#define CONNECT_LIMIT 50 #define CONNECT_NUM 2 extern val_api_t *val; diff --git a/api-tests/ff/ipc/test_i002/test_supp_i002.c b/api-tests/ff/ipc/test_i002/test_supp_i002.c index 4358e240..274452b7 100644 --- a/api-tests/ff/ipc/test_i002/test_supp_i002.c +++ b/api-tests/ff/ipc/test_i002/test_supp_i002.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define CONNECT_NUM 2 @@ -47,28 +52,29 @@ int32_t server_test_connection_busy_and_reject(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - /* Checks performed: - * psa_wait()- Returns > 0 when at least one signal is asserted + /* + * Checks performed: + * psa->wait()- Returns > 0 when at least one signal is asserted * check delivery of PSA_IPC_CONNECT when psa_connect called. * And msg.handle must be positive. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { return status; } /* Rejecting connection to check behaviour of PSA_CONNECTION_BUSY */ - psa_reply(msg.handle, PSA_CONNECTION_BUSY); + psa->reply(msg.handle, PSA_CONNECTION_BUSY); - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return status; } - /* Rejecting connection to check behaviour of PSA_CONNECTION_REFUSED */ - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + /* Rejecting connection to check behaviour of PSA_ERROR_CONNECTION_REFUSED */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } @@ -77,30 +83,30 @@ int32_t server_test_accept_and_close_connect(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { /* Reject the connection if processing of connect request has failed */ - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Accepting connection to check behaviour of PSA_SUCCESS */ - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); /* Checking delivery of PSA_IPC_DISCONNECT when psa_close called * msg.handle must be positive */ - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(204), status)) + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) { return status; } /* Sanity check - if the message type is PSA_IPC_DISCONNECT then the status code is ignored.*/ - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); /* Debug print for sanity check */ - val_err_check_set(TEST_CHECKPOINT_NUM(205), status); + val->err_check_set(TEST_CHECKPOINT_NUM(205), status); return status; } @@ -116,20 +122,20 @@ int32_t server_test_connect_with_allowed_minor_version_policy(void) for (i = 0; i < 4; i++) { - status = ((val_process_connect_request(signal[i], &msg)) + status = ((val->process_connect_request(signal[i], &msg)) ? VAL_STATUS_ERROR : status); - if (val_err_check_set(TEST_CHECKPOINT_NUM(206), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(206), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = ((val_process_disconnect_request(signal[i], &msg)) + status = ((val->process_disconnect_request(signal[i], &msg)) ? VAL_STATUS_ERROR : status); - val_err_check_set(TEST_CHECKPOINT_NUM(207), status); - psa_reply(msg.handle, PSA_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(207), status); + psa->reply(msg.handle, PSA_SUCCESS); } return status; } @@ -143,33 +149,33 @@ int32_t server_test_psa_call_with_allowed_status_code(void) for (i = 0; i < (sizeof(status_code)/sizeof(status_code[0])); i++) { - status = ((val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + status = ((val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - if (val_err_check_set(TEST_CHECKPOINT_NUM(208), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(208), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(209), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(209), status)) { /* Send status code other than status_code[] to indicate failure * in processing call request */ - psa_reply(msg.handle, -3); + psa->reply(msg.handle, -3); } else { /* Send various status code available in status_code[] */ - psa_reply(msg.handle, status_code[i]); + psa->reply(msg.handle, status_code[i]); } - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); - val_err_check_set(TEST_CHECKPOINT_NUM(210), status); + psa->reply(msg.handle, PSA_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(210), status); } return status; } @@ -180,38 +186,38 @@ int32_t server_test_identity(void) psa_msg_t msg = {0}; int id_at_connect = 0, id_at_call = 0; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(211), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(211), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Client ID during connect */ id_at_connect = msg.client_id; - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(212), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(212), status)) { - psa_reply(msg.handle, -3); + psa->reply(msg.handle, -3); } else { /* Client ID during call */ id_at_call = msg.client_id; - psa_write(msg.handle, 0, &id_at_connect, msg.out_size[0]); - psa_write(msg.handle, 1, &id_at_call, msg.out_size[1]); - psa_reply(msg.handle, PSA_SUCCESS); + psa->write(msg.handle, 0, &id_at_connect, msg.out_size[0]); + psa->write(msg.handle, 1, &id_at_call, msg.out_size[1]); + psa->reply(msg.handle, PSA_SUCCESS); } - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - val_err_check_set(TEST_CHECKPOINT_NUM(213), status); + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(213), status); /* Client ID during disconnect. It should be equal to id_at_call */ if (msg.client_id != id_at_call) { - val_print(PRINT_ERROR, "\tmsg.client_id failed for IPC_DISCONNECT", 0); + val->print(PRINT_ERROR, "\tmsg.client_id failed for IPC_DISCONNECT", 0); status = VAL_STATUS_WRONG_IDENTITY; } @@ -223,10 +229,10 @@ int32_t server_test_identity(void) */ if ((msg.client_id > 0) && (msg.client_id != CLIENT_PARTITION)) { - val_print(PRINT_ERROR, "\tmsg.client_id failed for CLIENT_PARTITION", 0); + val->print(PRINT_ERROR, "\tmsg.client_id failed for CLIENT_PARTITION", 0); status = VAL_STATUS_WRONG_IDENTITY; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } @@ -239,15 +245,15 @@ int32_t server_test_spm_concurrent_connect_limit(void) while (1) { - signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); if ((signals & SERVER_UNSPECIFED_MINOR_V_SIG) == 0) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait returned with invalid signal value = 0x%x\n", signals); return VAL_STATUS_ERROR; } - if (psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) continue; switch(msg.type) @@ -255,12 +261,12 @@ int32_t server_test_spm_concurrent_connect_limit(void) case PSA_IPC_CONNECT: /* serve bulk connect cases to reach connect limit */ count++; - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); break; case PSA_IPC_DISCONNECT: /* serve bulk disconnect cases */ count--; - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); } if (count == 0) { @@ -277,39 +283,40 @@ int32_t server_test_psa_block_behave(void) psa_msg_t msg = {0}; int i = 0; - /* This is a sanity check - a successful handshaking between client and + /* + * This is a sanity check - a successful handshaking between client and * server for requested connection represents check pass. */ /* Debug print */ - val_err_check_set(TEST_CHECKPOINT_NUM(214), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(214), VAL_STATUS_SUCCESS); for (i = 0; i < CONNECT_NUM; i++) { wait: /* PSA_BLOCK ored with 0xFF to check timeout[30:0]=RES is ignored by implementation */ - signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); /* When MODE is one(PSA_BLOCK), the psa_wait must return non-zero signal value */ if ((signals & SERVER_UNSPECIFED_MINOR_V_SIG) == 0) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait returned with invalid signal value = 0x%x\n", signals); return VAL_STATUS_ERROR; } else { - if (psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) { goto wait; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } } /* Debug print */ - val_err_check_set(TEST_CHECKPOINT_NUM(215), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(215), VAL_STATUS_SUCCESS); return VAL_STATUS_SUCCESS; } @@ -323,37 +330,38 @@ int32_t server_test_psa_poll_behave(void) while (1) { /* Debug print */ - val_err_check_set(TEST_CHECKPOINT_NUM(216), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(216), VAL_STATUS_SUCCESS); /* Loop to receive client request */ while (signals == 0) { - signals = psa_wait(PSA_WAIT_ANY, PSA_POLL); + signals = psa->wait(PSA_WAIT_ANY, PSA_POLL); } - /* When MODE is zero(PSA_POLL), the psa_wait will return immediately with the current + /* + * When MODE is zero(PSA_POLL), the psa_wait will return immediately with the current * signal state, which can be zero if no signals are active. Exepecting following call to * return immediately as none of client is making request. */ - signals_temp = psa_wait(PSA_WAIT_ANY, PSA_POLL); + signals_temp = psa->wait(PSA_WAIT_ANY, PSA_POLL); if (signals_temp == 0) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait returned with invalid signals_temp = 0x%x\n", signals_temp); return VAL_STATUS_ERROR; } else if ((signals & SERVER_UNSPECIFED_MINOR_V_SIG) == 0) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait returned with invalid signal value = 0x%x\n", signals); return VAL_STATUS_ERROR; } else { - if (psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) continue; - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); count++; signals = 0; } diff --git a/api-tests/ff/ipc/test_i003/test_i003.c b/api-tests/ff/ipc/test_i003/test_i003.c index 17b1bdb9..a6ac294c 100644 --- a/api-tests/ff/ipc/test_i003/test_i003.c +++ b/api-tests/ff/ipc/test_i003/test_i003.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i003.h" @@ -43,7 +43,7 @@ int32_t client_test_zero_length_invec(security_t caller) psa_handle_t handle = 0; int data[4] = {0x11, 0x22}; - val->print(PRINT_TEST, "[Check1] Test zero length invec\n", 0); + val->print(PRINT_TEST, "[Check 1] Test zero length invec\n", 0); if (val->ipc_connect(SERVER_UNSPECIFED_MINOR_V_SID, 1, &handle)) { @@ -97,7 +97,7 @@ int32_t client_test_zero_length_outvec(security_t caller) psa_handle_t handle = 0; int data[4] = {0x11}; - val->print(PRINT_TEST, "[Check2] Test zero length outvec\n", 0); + val->print(PRINT_TEST, "[Check 2] Test zero length outvec\n", 0); if (val->ipc_connect(SERVER_UNSPECIFED_MINOR_V_SID, 1, &handle)) { @@ -155,7 +155,7 @@ int32_t client_test_call_read_and_skip(security_t caller) uint64_t data3 = 0x1020304050607080; psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check3] Test psa_write, psa_read and psa_skip\n", 0); + val->print(PRINT_TEST, "[Check 3] Test psa_write, psa_read and psa_skip\n", 0); if (val->ipc_connect(SERVER_UNSPECIFED_MINOR_V_SID, 1, &handle)) { @@ -192,7 +192,7 @@ int32_t client_test_call_and_write(security_t caller) 2}; psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check4] Test psa_call and psa_write\n", 0); + val->print(PRINT_TEST, "[Check 4] Test psa_call and psa_write\n", 0); if (val->ipc_connect(SERVER_UNSPECIFED_MINOR_V_SID, 1, &handle)) { @@ -248,7 +248,7 @@ int32_t client_test_psa_set_rhandle(security_t caller) psa_handle_t handle = 0; int i = 0; - val->print(PRINT_TEST, "[Check5] Test psa_set_rhandle API\n", 0); + val->print(PRINT_TEST, "[Check 5] Test psa_set_rhandle API\n", 0); /*rhandle value check when PSA_IPC_CONNECT */ if (val->ipc_connect(SERVER_UNSPECIFED_MINOR_V_SID, 1, &handle)) @@ -281,7 +281,7 @@ int32_t client_test_overlapping_vectors(security_t caller) psa_handle_t handle = 0; uint8_t data = 0x11, expected_data[] = {0x22, 0x33}; - val->print(PRINT_TEST, "[Check6] Test overlapping vectors\n", 0); + val->print(PRINT_TEST, "[Check 6] Test overlapping vectors\n", 0); if (val->ipc_connect(SERVER_UNSPECIFED_MINOR_V_SID, 1, &handle)) { diff --git a/api-tests/ff/ipc/test_i003/test_supp_i003.c b/api-tests/ff/ipc/test_i003/test_supp_i003.c index cf4144fa..eddefced 100644 --- a/api-tests/ff/ipc/test_i003/test_supp_i003.c +++ b/api-tests/ff/ipc/test_i003/test_supp_i003.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_set_rhandle(void); int32_t server_test_call_read_and_skip(void); @@ -43,19 +48,19 @@ static void exit_graceful(psa_handle_t msg_handle, int status_code, if (print_next_args != 0) { - val_print(PRINT_ERROR, "\tExpected data=%x\n", expected_data); - val_print(PRINT_ERROR, "\tActual data=%x\n", actual_data); + val->print(PRINT_ERROR, "\tExpected data=%x\n", expected_data); + val->print(PRINT_ERROR, "\tActual data=%x\n", actual_data); } /* Negative status_code represents check failure and each check has * uniq status_code to identify failing point */ - psa_reply(msg_handle, status_code); + psa->reply(msg_handle, status_code); - if (val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { - val_print(PRINT_ERROR, "\tdisconnect failed in exit_graceful func\n", 0); + val->print(PRINT_ERROR, "\tdisconnect failed in exit_graceful func\n", 0); } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); } int32_t server_test_zero_length_invec(void) @@ -64,14 +69,14 @@ int32_t server_test_zero_length_invec(void) psa_msg_t msg = {0}; int data[5] = {0}, actual_data = 0x22; - if (val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_CONNECTION_FAILED; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - if (val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { exit_graceful(msg.handle, -2, 0, 0, 0); return VAL_STATUS_CALL_FAILED; @@ -87,7 +92,7 @@ int32_t server_test_zero_length_invec(void) } if ((msg.in_size[2] <= sizeof(data[2])) && - (psa_read(msg.handle, 2, &data[2], msg.in_size[2]) != msg.in_size[2])) + (psa->read(msg.handle, 2, &data[2], msg.in_size[2]) != msg.in_size[2])) { exit_graceful(msg.handle, -4, 0, 0, 0); return VAL_STATUS_READ_FAILED; @@ -108,11 +113,11 @@ int32_t server_test_zero_length_invec(void) return VAL_STATUS_MSG_OUTSIZE_FAILED; } - psa_write(msg.handle, 0, &data[2], msg.out_size[0]); - psa_reply(msg.handle, PSA_SUCCESS); + psa->write(msg.handle, 0, &data[2], msg.out_size[0]); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); return status; } @@ -122,14 +127,14 @@ int32_t server_test_zero_length_outvec(void) psa_msg_t msg={0}; int data[5] ={0}, actual_data=0x11; - if (val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_CONNECTION_FAILED; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - if (val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { exit_graceful(msg.handle, -2, 0, 0, 0); return VAL_STATUS_CALL_FAILED; @@ -145,7 +150,7 @@ int32_t server_test_zero_length_outvec(void) } if ((msg.in_size[0] <= sizeof(data[0])) && - (psa_read(msg.handle, 0, &data[0], msg.in_size[0]) != msg.in_size[0])) + (psa->read(msg.handle, 0, &data[0], msg.in_size[0]) != msg.in_size[0])) { exit_graceful(msg.handle, -4, 0, 0, 0); return VAL_STATUS_READ_FAILED; @@ -165,14 +170,14 @@ int32_t server_test_zero_length_outvec(void) exit_graceful(msg.handle, -6, 0, 0, 0); return VAL_STATUS_MSG_OUTSIZE_FAILED; } - psa_write(msg.handle, 2, &data[0], msg.out_size[2]); + psa->write(msg.handle, 2, &data[0], msg.out_size[2]); /* Dummy write with zero byte. This should not overwrite previously written data */ - psa_write(msg.handle, 2, &data[0], msg.out_size[0]); - psa_reply(msg.handle, PSA_SUCCESS); + psa->write(msg.handle, 2, &data[0], msg.out_size[0]); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); return status; } @@ -184,14 +189,14 @@ int32_t server_test_call_read_and_skip(void) actual_data[4] = {0}, i; psa_msg_t msg = {0}; - if (val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_CONNECTION_FAILED; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - if (val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { exit_graceful(msg.handle, -2, 0, 0, 0); return VAL_STATUS_CALL_FAILED; @@ -211,7 +216,7 @@ int32_t server_test_call_read_and_skip(void) for (i = 0; i < 2 ; i++) { if ((msg.in_size[i] <= sizeof(actual_data[i])) && - (psa_read(msg.handle, i, &actual_data[i], msg.in_size[i]) != msg.in_size[i])) + (psa->read(msg.handle, i, &actual_data[i], msg.in_size[i]) != msg.in_size[i])) { exit_graceful(msg.handle, -4, 0, 0, 0); return VAL_STATUS_READ_FAILED; @@ -224,7 +229,7 @@ int32_t server_test_call_read_and_skip(void) } /* Inbound read of 2 bytes from invec 2 */ - if (psa_read(msg.handle, 2, &actual_data[0], 2) != 2) + if (psa->read(msg.handle, 2, &actual_data[0], 2) != 2) { exit_graceful(msg.handle, -6, 0, 0, 0); return VAL_STATUS_READ_FAILED; @@ -236,14 +241,14 @@ int32_t server_test_call_read_and_skip(void) } /* Inbound read of 3 bytes from invec 2 */ - if (psa_skip(msg.handle, 2, 3) != 3) + if (psa->skip(msg.handle, 2, 3) != 3) { exit_graceful(msg.handle, -8, 0, 0, 0); return VAL_STATUS_SKIP_FAILED; } /* Check previous psa_skip has actually skipped 3 bytes */ - if (psa_read(msg.handle, 2, &actual_data[0], 2) != 2) + if (psa->read(msg.handle, 2, &actual_data[0], 2) != 2) { exit_graceful(msg.handle, -9, 0, 0, 0); return VAL_STATUS_READ_FAILED; @@ -258,7 +263,7 @@ int32_t server_test_call_read_and_skip(void) /* Outbound read of 3 bytes from invec 2 * Only one byte should be updated in buffer. Remaining space should be untouched */ - if (psa_read(msg.handle, 2, &actual_data[0], 3) != 1) + if (psa->read(msg.handle, 2, &actual_data[0], 3) != 1) { exit_graceful(msg.handle, -11, 0, 0, 0); return VAL_STATUS_READ_FAILED; @@ -275,29 +280,29 @@ int32_t server_test_call_read_and_skip(void) /* After outbound read, subsequent read or skip to invec 2 should return 0 * and memory buffer shouldn't be updated */ - if ((psa_read(msg.handle, 2, &actual_data[0], 3) != 0) || - (psa_skip(msg.handle, 2, 3) != 0) || (actual_data[0] != 0xaa)) + if ((psa->read(msg.handle, 2, &actual_data[0], 3) != 0) || + (psa->skip(msg.handle, 2, 3) != 0) || (actual_data[0] != 0xaa)) { exit_graceful(msg.handle, -13, 0, 0, 0); return VAL_STATUS_READ_FAILED; } /* Read of zero bytes should not read anything */ - if ((psa_read(msg.handle, 3, &actual_data[0], 0) != 0) || (actual_data[0] != 0xaa)) + if ((psa->read(msg.handle, 3, &actual_data[0], 0) != 0) || (actual_data[0] != 0xaa)) { exit_graceful(msg.handle, -14, 0, 0, 0); return VAL_STATUS_READ_FAILED; } /* Skip of zero bytes should not skip anything */ - if (psa_skip(msg.handle, 3, 0) != 0) + if (psa->skip(msg.handle, 3, 0) != 0) { exit_graceful(msg.handle, -15, 0, 0, 0); return VAL_STATUS_SKIP_FAILED; } /* Check effect of previous zero byte read and skip */ - psa_read(msg.handle, 3, &actual_data[0], 4); + psa->read(msg.handle, 3, &actual_data[0], 4); if (actual_data[0] != expected_data2[3]) { exit_graceful(msg.handle, -16, 1, expected_data2[3], actual_data[0]); @@ -305,12 +310,12 @@ int32_t server_test_call_read_and_skip(void) } /* Outbound skip to invec 3 */ - if (psa_skip(msg.handle, 3, 5) != 4) + if (psa->skip(msg.handle, 3, 5) != 4) { exit_graceful(msg.handle, -17, 0, 0, 0); return VAL_STATUS_SKIP_FAILED; } - if (psa_skip(msg.handle, 3, 5) != 0) + if (psa->skip(msg.handle, 3, 5) != 0) { exit_graceful(msg.handle, -18, 0, 0, 0); return VAL_STATUS_SKIP_FAILED; @@ -325,10 +330,10 @@ int32_t server_test_call_read_and_skip(void) exit_graceful(msg.handle, -14, 0, 0, 0); return VAL_STATUS_MSG_OUTSIZE_FAILED; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); return status; } @@ -338,14 +343,14 @@ int32_t server_test_call_and_write(void) int data[5] = {0xaa, 0xbb, 0xcc, 0xdd, 0xee}, i; psa_msg_t msg = {0}; - if (val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_CONNECTION_FAILED; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - if (val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + if (val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) { exit_graceful(msg.handle, -2, 0, 0, 0); return VAL_STATUS_CALL_FAILED; @@ -374,20 +379,20 @@ int32_t server_test_call_and_write(void) for (i = 0; i < 3 ; i++) { - psa_write(msg.handle, i, &data[i], msg.out_size[i]); + psa->write(msg.handle, i, &data[i], msg.out_size[i]); } /* Zero byte write shouldn't have any effect */ - psa_write(msg.handle, 3, &data[3], 0); + psa->write(msg.handle, 3, &data[3], 0); /*Using invec 3 to test write concatenation behaviour */ - psa_write(msg.handle, 3, &data[3], 1); - psa_write(msg.handle, 3, &data[4], 1); + psa->write(msg.handle, 3, &data[3], 1); + psa->write(msg.handle, 3, &data[4], 1); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); return status; } @@ -395,45 +400,45 @@ int32_t server_test_psa_set_rhandle(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - int *num = NULL; + int num; /*rhandle value check when PSA_IPC_CONNECT */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); if (msg.rhandle != NULL) { status = VAL_STATUS_INVALID_HANDLE; } - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); /*rhandle value check when PSA_IPC_CALL */ - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); if (msg.rhandle != NULL) { status = VAL_STATUS_INVALID_HANDLE; } - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { exit_graceful(msg.handle, -2, 0, 0, 0); return status; } /*set rhandle */ - *num = 5; - psa_set_rhandle(msg.handle, num); - psa_reply(msg.handle, PSA_SUCCESS); + num = 5; + psa->set_rhandle(msg.handle, &num); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (msg.rhandle != num) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (*(int *)(msg.rhandle) != num) { status = VAL_STATUS_INVALID_HANDLE; } - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { exit_graceful(msg.handle, -3, 0, 0, 0); return status; @@ -443,37 +448,37 @@ int32_t server_test_psa_set_rhandle(void) * updated value in next msg delivery. Next msg should * return the updated value. */ - *num = 10; - psa_set_rhandle(msg.handle, num); - psa_reply(msg.handle, PSA_SUCCESS); + num = 10; + psa->set_rhandle(msg.handle, &num); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (msg.rhandle != num) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (*(int *)(msg.rhandle) != num) { status = VAL_STATUS_INVALID_HANDLE; } - if (val_err_check_set(TEST_CHECKPOINT_NUM(204), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) { exit_graceful(msg.handle, -4, 0, 0, 0); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); /* rhandle should retain the value at PSA_IPC_DISCONNECT too */ - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (msg.rhandle != num) + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (*(int *)(msg.rhandle) != num) { status = VAL_STATUS_INVALID_HANDLE; } - val_err_check_set(TEST_CHECKPOINT_NUM(205), status); + val->err_check_set(TEST_CHECKPOINT_NUM(205), status); /*Setting the rhandle for a connection during disconnection has no observable effect*/ - *num = 15; - psa_set_rhandle(msg.handle, num); + num = 15; + psa->set_rhandle(msg.handle, &num); /* Sanity check - previous call shouldn't hang */ - val_err_check_set(TEST_CHECKPOINT_NUM(206), status); - psa_reply(msg.handle, PSA_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(206), status); + psa->reply(msg.handle, PSA_SUCCESS); return status; } @@ -485,39 +490,39 @@ int32_t server_test_overlapping_vectors(void) rd_data[] = {0x0, 0x0}, expected_data[] = {0x11, 0x22}; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(207), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(207), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(208), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(208), status)) { exit_graceful(msg.handle, -1, 0, 0, 0); return status; } /* Performing read after write to overlapping vector. */ - psa_write(msg.handle, 0, &wr_data[0], 1); - psa_read(msg.handle, 0, &rd_data[0], 1); + psa->write(msg.handle, 0, &wr_data[0], 1); + psa->read(msg.handle, 0, &rd_data[0], 1); /* rd_data[0] should either be original value or modified value */ if ((rd_data[0] != expected_data[0]) && (rd_data[0] != expected_data[1])) { - val_print(PRINT_ERROR, "\tReceived invalid data=%x\n", rd_data[0]); + val->print(PRINT_ERROR, "\tReceived invalid data=%x\n", rd_data[0]); exit_graceful(msg.handle, -2, 0, 0, 0); return status; } /* Performing write after write to overlapping vector. */ - psa_write(msg.handle, 1, &wr_data[1], 1); - psa_reply(msg.handle, PSA_SUCCESS); + psa->write(msg.handle, 1, &wr_data[1], 1); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - val_err_check_set(TEST_CHECKPOINT_NUM(209), status); - psa_reply(msg.handle, PSA_SUCCESS); + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(209), status); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i004/test_i004.c b/api-tests/ff/ipc/test_i004/test_i004.c index 790e91b9..7f19bab2 100644 --- a/api-tests/ff/ipc/test_i004/test_i004.c +++ b/api-tests/ff/ipc/test_i004/test_i004.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i004.h" @@ -36,18 +36,28 @@ int32_t client_test_sid_does_not_exists(security_t caller) psa_handle_t handle = 0; boot_state_t boot_state; - val->print(PRINT_TEST, "[Check1] psa_connect with invalid sid \n", 0); + val->print(PRINT_TEST, "[Check 1] psa_connect with invalid sid\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -58,10 +68,20 @@ int32_t client_test_sid_does_not_exists(security_t caller) return VAL_STATUS_ERROR; } - /* Test check - psa_connect with INVALID_SID, call must not return */ + /* Test check - psa_connect with INVALID_SID */ handle = psa->connect(INVALID_SID, 1); - /* Control shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tpsa_connect with invalid sid should have failed but succeeded\n", 0); /* Resetting boot.state to catch unwanted reboot */ diff --git a/api-tests/ff/ipc/test_i004/test_supp_i004.c b/api-tests/ff/ipc/test_i004/test_supp_i004.c index 8d1abd28..c0f484a9 100644 --- a/api-tests/ff/ipc/test_i004/test_supp_i004.c +++ b/api-tests/ff/ipc/test_i004/test_supp_i004.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_sid_does_not_exists(); @@ -28,6 +33,6 @@ server_test_t test_i004_server_tests_list[] = { int32_t server_test_sid_does_not_exists() { - val_err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i005/test_i005.c b/api-tests/ff/ipc/test_i005/test_i005.c index 8e02e21c..2b1d22f1 100644 --- a/api-tests/ff/ipc/test_i005/test_i005.c +++ b/api-tests/ff/ipc/test_i005/test_i005.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i005.h" @@ -36,18 +36,28 @@ int32_t client_test_strict_policy_higher_minor_version(security_t caller) psa_handle_t handle = 0; boot_state_t boot_state; - val->print(PRINT_TEST, "[Check1] Test STRICT policy with higher minor version\n", 0); + val->print(PRINT_TEST, "[Check 1] Test STRICT policy with higher minor version\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -63,7 +73,17 @@ int32_t client_test_strict_policy_higher_minor_version(security_t caller) */ handle = psa->connect(SERVER_STRICT_MINOR_VERSION_SID, 3); - /* Shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tSTRICT policy with higher minor version should have failed but succeeded\n", 0); @@ -74,6 +94,5 @@ int32_t client_test_strict_policy_higher_minor_version(security_t caller) return VAL_STATUS_ERROR; } - (void)(handle); return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i005/test_supp_i005.c b/api-tests/ff/ipc/test_i005/test_supp_i005.c index b50c5489..7e819f81 100644 --- a/api-tests/ff/ipc/test_i005/test_supp_i005.c +++ b/api-tests/ff/ipc/test_i005/test_supp_i005.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_strict_policy_higher_minor_version(void); @@ -31,14 +36,21 @@ int32_t server_test_strict_policy_higher_minor_version(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_STRICT_MINOR_VERSION_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_STRICT_MINOR_VERSION_SIG, &msg); /* Shouldn't have reached here */ - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return VAL_STATUS_INVALID; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i006/test_i006.c b/api-tests/ff/ipc/test_i006/test_i006.c index 6356b9c9..3f1f6eb8 100644 --- a/api-tests/ff/ipc/test_i006/test_i006.c +++ b/api-tests/ff/ipc/test_i006/test_i006.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i006.h" @@ -36,18 +36,28 @@ int32_t client_test_strict_policy_lower_minor_version(security_t caller) psa_handle_t handle = 0; boot_state_t boot_state; - val->print(PRINT_TEST, "[Check1] Test STRICT policy with lower minor version\n", 0); + val->print(PRINT_TEST, "[Check 1] Test STRICT policy with lower minor version\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -58,10 +68,20 @@ int32_t client_test_strict_policy_lower_minor_version(security_t caller) return VAL_STATUS_ERROR; } - /*Version policy is strict and requested version is smaller than the minimum version */ + /* Version policy is strict and requested version is smaller than the minimum version */ handle = psa->connect(SERVER_STRICT_MINOR_VERSION_SID, 1); - /* Shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tSTRICT policy with lower minor version should have failed but succeeded\n", 0); @@ -72,6 +92,5 @@ int32_t client_test_strict_policy_lower_minor_version(security_t caller) return VAL_STATUS_ERROR; } - (void)(handle); return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i006/test_supp_i006.c b/api-tests/ff/ipc/test_i006/test_supp_i006.c index b1cd95e9..7831d065 100644 --- a/api-tests/ff/ipc/test_i006/test_supp_i006.c +++ b/api-tests/ff/ipc/test_i006/test_supp_i006.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_strict_policy_lower_minor_version(void); @@ -31,14 +36,21 @@ int32_t server_test_strict_policy_lower_minor_version(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_STRICT_MINOR_VERSION_SIG, &msg); /* Shouldn't have reached here */ - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return VAL_STATUS_INVALID; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i007/test_i007.c b/api-tests/ff/ipc/test_i007/test_i007.c index 518c13b3..c90dffca 100644 --- a/api-tests/ff/ipc/test_i007/test_i007.c +++ b/api-tests/ff/ipc/test_i007/test_i007.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i007.h" @@ -36,18 +36,28 @@ int32_t client_test_relax_policy_higher_minor_version(security_t caller) psa_handle_t handle = 0; boot_state_t boot_state; - val->print(PRINT_TEST, "[Check1] Test RELAX policy with higher minor version\n", 0); + val->print(PRINT_TEST, "[Check 1] Test RELAX policy with higher minor version\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -58,10 +68,20 @@ int32_t client_test_relax_policy_higher_minor_version(security_t caller) return VAL_STATUS_ERROR; } - /*Version policy is relaxed and requested version is higher than the minimum version */ + /* Version policy is relaxed and requested version is higher than the minimum version */ handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 3); - /* Shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tRELAXED policy with higher minor version should have failed but succeeded\n", 0); @@ -72,6 +92,5 @@ int32_t client_test_relax_policy_higher_minor_version(security_t caller) return VAL_STATUS_ERROR; } - (void)(handle); return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i007/test_supp_i007.c b/api-tests/ff/ipc/test_i007/test_supp_i007.c index dd703f21..e20d4254 100644 --- a/api-tests/ff/ipc/test_i007/test_supp_i007.c +++ b/api-tests/ff/ipc/test_i007/test_supp_i007.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_relax_policy_higher_minor_version(void); @@ -31,14 +36,21 @@ int32_t server_test_relax_policy_higher_minor_version(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); /* Shouldn't have reached here */ - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return VAL_STATUS_INVALID; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i008/test_i008.c b/api-tests/ff/ipc/test_i008/test_i008.c index 18907547..785026e7 100644 --- a/api-tests/ff/ipc/test_i008/test_i008.c +++ b/api-tests/ff/ipc/test_i008/test_i008.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i008.h" @@ -36,38 +36,59 @@ int32_t client_test_secure_access_only_connection(security_t caller) int32_t status = VAL_STATUS_SUCCESS; psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test secure access only connection\n", 0); + val->print(PRINT_TEST, "[Check 1] Test secure access only connection\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - /* Setting boot.state before test check for NS*/ - if(caller == NONSECURE) + /* Setting boot.state before test check for NS */ + if (caller == NONSECURE) { status = val->set_boot_flag(BOOT_EXPECTED_NS); } - if(VAL_ERROR(status)) + if (VAL_ERROR(status)) { val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return status; } - /* Below psa_connect should not return for call from nspe and - * should succeed for call from spe + + /* + * It is PROGRAMMER ERROR to connect to secure only access service from nspe. + * Whereas call should succeed if called from spe. */ handle = psa->connect(SERVER_SECURE_CONNECT_ONLY_SID, 1); - if(caller == NONSECURE) + if (caller == NONSECURE) { - /* Shouldn't have reached here for NS run*/ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + */ + if (handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tSecure access only connection test failed for NS run\n", 0); /* Resetting boot.state to catch unwanted reboot */ @@ -76,11 +97,11 @@ int32_t client_test_secure_access_only_connection(security_t caller) val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return VAL_STATUS_ERROR; } - status = VAL_STATUS_SPM_FAILED; + return VAL_STATUS_SPM_FAILED; } /* Should return positive handle for SPE connection */ - if(handle > 0) + if (handle > 0) { psa->close(handle); } diff --git a/api-tests/ff/ipc/test_i008/test_supp_i008.c b/api-tests/ff/ipc/test_i008/test_supp_i008.c index 711621e5..22868d3e 100644 --- a/api-tests/ff/ipc/test_i008/test_supp_i008.c +++ b/api-tests/ff/ipc/test_i008/test_supp_i008.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_secure_access_only_connection(void); @@ -31,20 +36,38 @@ int32_t server_test_secure_access_only_connection(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_SECURE_CONNECT_ONLY_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_SECURE_CONNECT_ONLY_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_SECURE_CONNECT_ONLY_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + if (msg.client_id < 0) + { + /* + * Control shouldn't come here. NS client should get panic. + * Resetting boot.state to catch unwanted reboot. + * */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return VAL_STATUS_SPM_FAILED; + } + else + { + psa->reply(msg.handle, PSA_SUCCESS); + } + + status = val->process_disconnect_request(SERVER_SECURE_CONNECT_ONLY_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i009/test_i009.c b/api-tests/ff/ipc/test_i009/test_i009.c index aa05a798..9bb7c5b7 100644 --- a/api-tests/ff/ipc/test_i009/test_i009.c +++ b/api-tests/ff/ipc/test_i009/test_i009.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i009.h" @@ -35,18 +35,28 @@ int32_t client_test_unextern_sid_connection(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test unextern SID connection\n", 0); + val->print(PRINT_TEST, "[Check 1] Test unextern SID connection\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -56,10 +66,14 @@ int32_t client_test_unextern_sid_connection(security_t caller) return VAL_STATUS_ERROR; } + /* + * If access between a client Secure Partition and an RoT Service is not specified in + * the manifest, then the client is not allowed to connect to the RoT Service. + */ handle = psa->connect(SERVER_UNEXTERN_SID, 2); - /* Shouldn't have reached here */ - val->print(PRINT_ERROR, "\tunextern SID connection should have failed but successed\n", 0); + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tunextern SID connection should have failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) diff --git a/api-tests/ff/ipc/test_i009/test_supp_i009.c b/api-tests/ff/ipc/test_i009/test_supp_i009.c index 864f39b8..a0f1ccaa 100644 --- a/api-tests/ff/ipc/test_i009/test_supp_i009.c +++ b/api-tests/ff/ipc/test_i009/test_supp_i009.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_unextern_sid_connection(void); @@ -31,14 +36,21 @@ int32_t server_test_unextern_sid_connection(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_UNEXTERN_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_UNEXTERN_SIG, &msg); /* Shouldn't have reached here */ - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return VAL_STATUS_INVALID; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i010/test_i010.c b/api-tests/ff/ipc/test_i010/test_i010.c index 95994859..65b06c10 100644 --- a/api-tests/ff/ipc/test_i010/test_i010.c +++ b/api-tests/ff/ipc/test_i010/test_i010.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i010.h" @@ -37,18 +37,28 @@ int32_t client_test_unspecified_policy_with_higher_minor_ver(security_t caller) boot_state_t boot_state; val->print(PRINT_TEST, - "[Check1] Test un-specified minor_policy with higher minor version\n", 0); + "[Check 1] Test un-specified minor_policy with higher minor version\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -59,9 +69,24 @@ int32_t client_test_unspecified_policy_with_higher_minor_ver(security_t caller) return VAL_STATUS_ERROR; } + /* + * The minor_version and minor_policy attributes do not need to be specified. + * If they are not specified in the manifest, the RoT Service will have + * default attributes of minor_version=1 and minor_policy="STRICT". + */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 3); - /* Shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tun-specified policy with higher minor version should have failed but succeeded\n", 0); @@ -72,6 +97,5 @@ int32_t client_test_unspecified_policy_with_higher_minor_ver(security_t caller) return VAL_STATUS_ERROR; } - (void)(handle); return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i010/test_supp_i010.c b/api-tests/ff/ipc/test_i010/test_supp_i010.c index 406760c3..6f8ffb8c 100644 --- a/api-tests/ff/ipc/test_i010/test_supp_i010.c +++ b/api-tests/ff/ipc/test_i010/test_supp_i010.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_unspecified_policy_with_higher_minor_ver(void); @@ -31,14 +36,20 @@ int32_t server_test_unspecified_policy_with_higher_minor_ver(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); /* Shouldn't have reached here */ - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return VAL_STATUS_INVALID; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i011/test_i011.c b/api-tests/ff/ipc/test_i011/test_i011.c index 6965daa4..82c5e09a 100644 --- a/api-tests/ff/ipc/test_i011/test_i011.c +++ b/api-tests/ff/ipc/test_i011/test_i011.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i011.h" @@ -37,18 +37,28 @@ int32_t client_test_unspecified_policy_with_lower_minor_ver(security_t caller) boot_state_t boot_state; val->print(PRINT_TEST, - "[Check1] Test un-specified minor_policy with higher minor version\n", 0); + "[Check 1] Test un-specified minor_policy with higher minor version\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -59,9 +69,24 @@ int32_t client_test_unspecified_policy_with_lower_minor_ver(security_t caller) return VAL_STATUS_ERROR; } + /* + * The minor_version and minor_policy attributes do not need to be specified. + * If they are not specified in the manifest, the RoT Service will have + * default attributes of minor_version=1 and minor_policy="STRICT". + */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 0); - /* Shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_CONNECTION_REFUSED. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && handle == PSA_ERROR_CONNECTION_REFUSED) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tun-specified policy with lower minor version should have failed but succeeded\n", 0); @@ -72,6 +97,5 @@ int32_t client_test_unspecified_policy_with_lower_minor_ver(security_t caller) return VAL_STATUS_ERROR; } - (void)(handle); return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i011/test_supp_i011.c b/api-tests/ff/ipc/test_i011/test_supp_i011.c index a4a5e21b..87d4a4da 100644 --- a/api-tests/ff/ipc/test_i011/test_supp_i011.c +++ b/api-tests/ff/ipc/test_i011/test_supp_i011.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_unspecified_policy_with_lower_minor_ver(void); @@ -31,14 +36,21 @@ int32_t server_test_unspecified_policy_with_lower_minor_ver(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); /* Shouldn't have reached here */ - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return VAL_STATUS_INVALID; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i012/test_i012.c b/api-tests/ff/ipc/test_i012/test_i012.c index 1623d77c..9ddb2fa0 100644 --- a/api-tests/ff/ipc/test_i012/test_i012.c +++ b/api-tests/ff/ipc/test_i012/test_i012.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i012.h" @@ -35,18 +35,28 @@ int32_t client_test_psa_close_with_invalid_handle(security_t caller) { boot_state_t boot_state; - val->print(PRINT_TEST, "[Check1] Test psa_close with invalid handle\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_close with invalid handle\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ @@ -60,7 +70,17 @@ int32_t client_test_psa_close_with_invalid_handle(security_t caller) /* psa_close() with invalid handle */ psa->close(INVALID_HANDLE); - /* Shouldn't have reached here */ + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return with no effect. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ val->print(PRINT_ERROR, "\tpsa_close(invalid_handle) should have failed but succeeded\n", 0); /* Resetting boot.state to catch unwanted reboot */ diff --git a/api-tests/ff/ipc/test_i012/test_supp_i012.c b/api-tests/ff/ipc/test_i012/test_supp_i012.c index 104552ce..f6d39b60 100644 --- a/api-tests/ff/ipc/test_i012/test_supp_i012.c +++ b/api-tests/ff/ipc/test_i012/test_supp_i012.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_close_with_invalid_handle(void); @@ -28,6 +33,6 @@ server_test_t test_i012_server_tests_list[] = { int32_t server_test_psa_close_with_invalid_handle(void) { - val_err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i013/test_i013.c b/api-tests/ff/ipc/test_i013/test_i013.c index f0088a87..5666c16a 100644 --- a/api-tests/ff/ipc/test_i013/test_i013.c +++ b/api-tests/ff/ipc/test_i013/test_i013.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i013.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_get_with_more_than_one_signal(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_get with multiple signals\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_get with multiple signals\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i013/test_supp_i013.c b/api-tests/ff/ipc/test_i013/test_supp_i013.c index 6d3c3b69..fb54c3fe 100644 --- a/api-tests/ff/ipc/test_i013/test_supp_i013.c +++ b/api-tests/ff/ipc/test_i013/test_supp_i013.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_get_with_more_than_one_signal(void); @@ -29,49 +34,56 @@ server_test_t test_i013_server_tests_list[] = { int32_t server_test_psa_get_with_more_than_one_signal(void) { psa_msg_t msg = {0}; - int32_t status = VAL_STATUS_SUCCESS; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - if ((psa_wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) + if ((psa->wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) { /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); /* Unblock client */ - if (psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) { - val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_ERROR; } /* multiple signals check */ - psa_get((SERVER_UNSPECIFED_MINOR_V_SIG | SERVER_RELAX_MINOR_VERSION_SID), &msg); + psa->get((SERVER_UNSPECIFED_MINOR_V_SIG | SERVER_RELAX_MINOR_VERSION_SIG), &msg); - /* shouldn't have reached here */ + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } - status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(203), status); - - return status; + val->err_check_set(TEST_CHECKPOINT_NUM(203), VAL_STATUS_SPM_FAILED); + return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i014/test_i014.c b/api-tests/ff/ipc/test_i014/test_i014.c index 2fde3e25..1590dd48 100644 --- a/api-tests/ff/ipc/test_i014/test_i014.c +++ b/api-tests/ff/ipc/test_i014/test_i014.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i014.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_get_called_twice(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_get called twice\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_get called twice\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i014/test_supp_i014.c b/api-tests/ff/ipc/test_i014/test_supp_i014.c index 61ed0e09..fe062f4b 100644 --- a/api-tests/ff/ipc/test_i014/test_supp_i014.c +++ b/api-tests/ff/ipc/test_i014/test_supp_i014.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_get_called_twice(void); @@ -31,51 +36,62 @@ int32_t server_test_psa_get_called_twice(void) psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ wait: - if ((psa_wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) + if ((psa->wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) { /* First psa_get call */ - if (psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) { goto wait; } + /* Debug print */ - val_err_check_set(TEST_CHECKPOINT_NUM(201), status); + val->err_check_set(TEST_CHECKPOINT_NUM(201), status); /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); /* Unblock client */ - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_ERROR; } - /* Second psa_get call. This should not return */ - psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + /* Second psa_get call. This should panic */ + psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - /* shouldn't have reached here */ + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(202), status); + val->err_check_set(TEST_CHECKPOINT_NUM(202), status); return status; } diff --git a/api-tests/ff/ipc/test_i015/test_i015.c b/api-tests/ff/ipc/test_i015/test_i015.c index 44a0887d..f4868658 100644 --- a/api-tests/ff/ipc/test_i015/test_i015.c +++ b/api-tests/ff/ipc/test_i015/test_i015.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i015.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_get_with_non_rot_signal(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_get with non-RoT signal\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_get with non-RoT signal\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i015/test_supp_i015.c b/api-tests/ff/ipc/test_i015/test_supp_i015.c index 6d49f8f6..a044796b 100644 --- a/api-tests/ff/ipc/test_i015/test_supp_i015.c +++ b/api-tests/ff/ipc/test_i015/test_supp_i015.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_get_with_non_rot_signal(void); @@ -31,44 +36,54 @@ int32_t server_test_psa_get_with_non_rot_signal(void) psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - if ((psa_wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) + if ((psa->wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Call to psa_get should not return */ - psa_get(PSA_DOORBELL, &msg); + /* Call to psa_get should panic */ + psa->get(PSA_DOORBELL, &msg); - /* shouldn't have reached here */ + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(203), status); + val->err_check_set(TEST_CHECKPOINT_NUM(203), status); return status; } diff --git a/api-tests/ff/ipc/test_i016/test_i016.c b/api-tests/ff/ipc/test_i016/test_i016.c index a99fa3fe..5cc7a362 100644 --- a/api-tests/ff/ipc/test_i016/test_i016.c +++ b/api-tests/ff/ipc/test_i016/test_i016.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i016.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_get_with_unasserted_signal(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_get with unasserted signal\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_get with unasserted signal\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i016/test_supp_i016.c b/api-tests/ff/ipc/test_i016/test_supp_i016.c index 83afe384..7b4d5e1b 100644 --- a/api-tests/ff/ipc/test_i016/test_supp_i016.c +++ b/api-tests/ff/ipc/test_i016/test_supp_i016.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_get_with_unasserted_signal(void); @@ -31,44 +36,54 @@ int32_t server_test_psa_get_with_unasserted_signal(void) psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - if ((psa_wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) + if ((psa->wait(PSA_WAIT_ANY, PSA_BLOCK)) & SERVER_UNSPECIFED_MINOR_V_SIG) { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Unasserted signal check, call to psa_get should not return */ - psa_get(SERVER_RELAX_MINOR_VERSION_SID, &msg); + /* Unasserted signal check, call to psa_get should panic */ + psa->get(SERVER_RELAX_MINOR_VERSION_SIG, &msg); /* shouldn't have reached here */ /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(203), status); + val->err_check_set(TEST_CHECKPOINT_NUM(203), status); return status; } diff --git a/api-tests/ff/ipc/test_i017/test_i017.c b/api-tests/ff/ipc/test_i017/test_i017.c index 5a0590d2..2253d56d 100644 --- a/api-tests/ff/ipc/test_i017/test_i017.c +++ b/api-tests/ff/ipc/test_i017/test_i017.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i017.h" @@ -35,12 +35,12 @@ int32_t client_test_partition_calling_its_own_rot_service(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test partition calling its own RoT service\n", 0); + val->print(PRINT_TEST, "[Check 1] Test partition calling its own RoT service\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i017/test_supp_i017.c b/api-tests/ff/ipc/test_i017/test_supp_i017.c index 50082602..6c729770 100644 --- a/api-tests/ff/ipc/test_i017/test_supp_i017.c +++ b/api-tests/ff/ipc/test_i017/test_supp_i017.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_partition_calling_its_own_rot_service(void); @@ -32,51 +37,61 @@ int32_t server_test_partition_calling_its_own_rot_service(void) int32_t status = VAL_STATUS_SUCCESS; psa_handle_t handle = 0; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Calling server partition RoT service using IPC and call should not return */ - handle = psa_connect(SERVER_RELAX_MINOR_VERSION_SID, 1); + /* Calling server partition RoT service using IPC and call should panic */ + handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); /* shouldn't have reached here */ - val_print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); (void)(handle); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } diff --git a/api-tests/ff/ipc/test_i018/test_i018.c b/api-tests/ff/ipc/test_i018/test_i018.c index d23bcc98..43521492 100644 --- a/api-tests/ff/ipc/test_i018/test_i018.c +++ b/api-tests/ff/ipc/test_i018/test_i018.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i018.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_set_rhandle_with_invalid_handle(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_set_rhandle with invalid msg handle\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_set_rhandle with invalid msg handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i018/test_supp_i018.c b/api-tests/ff/ipc/test_i018/test_supp_i018.c index e951455f..5a67aba0 100644 --- a/api-tests/ff/ipc/test_i018/test_supp_i018.c +++ b/api-tests/ff/ipc/test_i018/test_supp_i018.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_set_rhandle_with_invalid_handle(void); @@ -30,54 +35,64 @@ int32_t server_test_psa_set_rhandle_with_invalid_handle(void) { psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - int *num = NULL; + int num; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Call psa_set_rhandle with INVALID_HANLDE. Call shouldn't return */ - *num = 5; - psa_set_rhandle(INVALID_HANDLE, num); + /* Call psa_set_rhandle with INVALID_HANLDE. Call should panic */ + num = 5; + psa->set_rhandle(INVALID_HANDLE, &num); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_set_rhandle with invalid handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_set_rhandle with invalid handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return status; } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } diff --git a/api-tests/ff/ipc/test_i019/test_i019.c b/api-tests/ff/ipc/test_i019/test_i019.c index 3050ba72..35ba8b93 100644 --- a/api-tests/ff/ipc/test_i019/test_i019.c +++ b/api-tests/ff/ipc/test_i019/test_i019.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i019.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_set_rhandle_with_null_handle(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_set_rhandle with null msg handle\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_set_rhandle with null msg handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i019/test_supp_i019.c b/api-tests/ff/ipc/test_i019/test_supp_i019.c index a45d891e..af063a61 100644 --- a/api-tests/ff/ipc/test_i019/test_supp_i019.c +++ b/api-tests/ff/ipc/test_i019/test_supp_i019.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_set_rhandle_with_null_handle(void); @@ -30,43 +35,64 @@ int32_t server_test_psa_set_rhandle_with_null_handle(void) { psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - int *num = NULL; + int num; + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. + * + * If programmed timeout value isn't sufficient for your system, it can be reconfigured using + * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. + */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Set boot flag to BOOT_EXPECTED_* to indicate- test is targeting - fatal error condition and test will expect error recovery to happen */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + /* Setting boot.state before test check */ + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /*Call psa_set_rhandle with PSA_NULL_HANDLE. Call shouldn't return*/ - *num = 5; - psa_set_rhandle(PSA_NULL_HANDLE, num); + /* Call psa_set_rhandle with PSA_NULL_HANDLE. Call should panic */ + num = 5; + psa->set_rhandle(PSA_NULL_HANDLE, &num); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_set_rhandle with NULL handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_set_rhandle with NULL handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return status; } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } diff --git a/api-tests/ff/ipc/test_i020/test_i020.c b/api-tests/ff/ipc/test_i020/test_i020.c index 31f3b508..c316e3d6 100644 --- a/api-tests/ff/ipc/test_i020/test_i020.c +++ b/api-tests/ff/ipc/test_i020/test_i020.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i020.h" @@ -37,12 +37,12 @@ int32_t client_test_psa_reply_with_invalid_connect_status_code(security_t caller psa_handle_t handle = 0; val->print(PRINT_TEST, - "[Check1] Test psa_reply with invalid status code for PSA_IPC_CONNECT\n", 0); + "[Check 1] Test psa_reply with invalid status code for PSA_IPC_CONNECT\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i020/test_supp_i020.c b/api-tests/ff/ipc/test_i020/test_supp_i020.c index 17014597..816fd66b 100644 --- a/api-tests/ff/ipc/test_i020/test_supp_i020.c +++ b/api-tests/ff/ipc/test_i020/test_supp_i020.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_reply_with_invalid_connect_status_code(void); @@ -30,51 +35,61 @@ int32_t server_test_psa_reply_with_invalid_connect_status_code(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - psa_status_t invalid_status_code = PSA_CONNECTION_REFUSED + 0x10; + psa_status_t invalid_status_code = PSA_ERROR_CONNECTION_REFUSED + 0x10; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /*Call psa_reply with invalid status code for PSA_IPC_CONNECT. Call shouldn't return*/ - psa_reply(msg.handle, invalid_status_code); + /* Call psa_reply with invalid status code for PSA_IPC_CONNECT. Call should panic */ + psa->reply(msg.handle, invalid_status_code); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_reply with invalid status code for connect should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_reply with invalid status code for connect should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return status; } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); return status; } diff --git a/api-tests/ff/ipc/test_i021/test_entry.c b/api-tests/ff/ipc/test_i021/test_entry.c index 45de605d..d8650820 100644 --- a/api-tests/ff/ipc/test_i021/test_entry.c +++ b/api-tests/ff/ipc/test_i021/test_entry.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "test_i021.h" #define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 21) -#define TEST_DESC "Testing psa_reply with invalid status code for PSA_IPC_CALL\n" +#define TEST_DESC "Testing irq routing\n" TEST_PUBLISH(TEST_NUM, test_entry); val_api_t *val = NULL; psa_api_t *psa = NULL; diff --git a/api-tests/ff/ipc/test_i021/test_i021.c b/api-tests/ff/ipc/test_i021/test_i021.c index 42b611e4..8927b140 100644 --- a/api-tests/ff/ipc/test_i021/test_i021.c +++ b/api-tests/ff/ipc/test_i021/test_i021.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,42 +20,48 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i021.h" client_test_t test_i021_client_tests_list[] = { NULL, - client_test_psa_reply_with_invalid_call_status_code, + client_test_irq_routing, NULL, }; -int32_t client_test_psa_reply_with_invalid_call_status_code(security_t caller) +int32_t client_test_irq_routing(security_t caller) { - int32_t status = VAL_STATUS_SUCCESS; - psa_handle_t handle = 0; - psa_status_t status_of_call; + psa_handle_t handle; + driver_test_fn_id_t driver_test_fn_id = TEST_INTR_SERVICE; - val->print(PRINT_TEST, - "[Check1] Test psa_reply with invalid status code for PSA_IPC_CALL\n", 0); + /* + * The interrupt related test check is captured in driver_partition.c as this is the + * only partition in test suite that holds the interrupt line. The interrupt test check + * is invoked by client by calling to DRIVER_TEST_SID RoT service of driver partition that + * hold the test check. + */ - handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + val->print(PRINT_TEST, "[Check 1] Test irq routing\n", 0); + /* Connect to DRIVER_TEST_SID */ + handle = psa->connect(DRIVER_TEST_SID, 1); if (handle < 0) { - val->print(PRINT_ERROR, "\tConnection failed\n", 0); - return VAL_STATUS_INVALID_HANDLE; + val->print(PRINT_ERROR, "\t psa_connect failed. handle=0x%x\n", handle); + return VAL_STATUS_SPM_FAILED; } - status_of_call = psa->call(handle, NULL, 0, NULL, 0); + /* Execute driver function related to TEST_INTR_SERVICE */ + psa_invec invec = {&driver_test_fn_id, sizeof(driver_test_fn_id)}; - /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); - - status = VAL_STATUS_SPM_FAILED; + if (psa->call(handle, &invec, 1, NULL, 0) != PSA_SUCCESS) + { + psa->close(handle); + return VAL_STATUS_SPM_FAILED; + } psa->close(handle); - (void)(status_of_call); - return status; + return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i021/test_i021.h b/api-tests/ff/ipc/test_i021/test_i021.h index 40025635..cc76cafa 100644 --- a/api-tests/ff/ipc/test_i021/test_i021.h +++ b/api-tests/ff/ipc/test_i021/test_i021.h @@ -33,5 +33,5 @@ extern psa_api_t *psa; extern client_test_t test_i021_client_tests_list[]; -int32_t client_test_psa_reply_with_invalid_call_status_code(security_t); +int32_t client_test_irq_routing(security_t); #endif diff --git a/api-tests/ff/ipc/test_i021/test_supp_i021.c b/api-tests/ff/ipc/test_i021/test_supp_i021.c index 9e2ec16e..672f3408 100644 --- a/api-tests/ff/ipc/test_i021/test_supp_i021.c +++ b/api-tests/ff/ipc/test_i021/test_supp_i021.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,78 +15,23 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" -int32_t server_test_psa_reply_with_invalid_call_status_code(void); +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_irq_routing(void); server_test_t test_i021_server_tests_list[] = { NULL, - server_test_psa_reply_with_invalid_call_status_code, + server_test_irq_routing, NULL, }; -int32_t server_test_psa_reply_with_invalid_call_status_code(void) +int32_t server_test_irq_routing(void) { - int32_t status = VAL_STATUS_SUCCESS; - psa_msg_t msg = {0}; - psa_status_t invalid_status_code = INT32_MIN+1; - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. - * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. - * If programmed timeout value isn't sufficient for your system, it can be reconfigured using - * timeout entries available in target.cfg. - */ - - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) - { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); - return status; - } - - psa_reply(msg.handle, PSA_SUCCESS); - - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) - { - psa_reply(msg.handle, (PSA_SUCCESS - 2)); - } - else - { - /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) - { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, (PSA_SUCCESS - 3)); - } - else - { - /* Call psa_reply with invalid status code for PSA_IPC_CALL. Call shouldn't return */ - psa_reply(msg.handle, invalid_status_code); - - /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_reply with invalid status code for CALL should failed but successed\n", 0); - - /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) - { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); - } - status = VAL_STATUS_SPM_FAILED; - } - } - - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return status; + return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i022/test_i022.c b/api-tests/ff/ipc/test_i022/test_i022.c index 6fc5ac5a..09548369 100644 --- a/api-tests/ff/ipc/test_i022/test_i022.c +++ b/api-tests/ff/ipc/test_i022/test_i022.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i022.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_reply_with_invalid_handle(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Testing psa_reply with invalid handle\n", 0); + val->print(PRINT_TEST, "[Check 1] Testing psa_reply with invalid handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i022/test_supp_i022.c b/api-tests/ff/ipc/test_i022/test_supp_i022.c index 6e4f43ae..e2ba3915 100644 --- a/api-tests/ff/ipc/test_i022/test_supp_i022.c +++ b/api-tests/ff/ipc/test_i022/test_supp_i022.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_reply_with_invalid_handle(void); @@ -31,50 +36,60 @@ int32_t server_test_psa_reply_with_invalid_handle(void) psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /*Call psa_reply with INVALID_HANLDE. Call shouldn't return*/ - psa_reply(INVALID_HANDLE, PSA_CONNECTION_REFUSED); + /* Call psa_reply with INVALID_HANLDE. Call should panic */ + psa->reply(INVALID_HANDLE, PSA_ERROR_CONNECTION_REFUSED); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_reply with invalid handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_reply with invalid handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return status; } status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); return status; } diff --git a/api-tests/ff/ipc/test_i023/test_i023.c b/api-tests/ff/ipc/test_i023/test_i023.c index 164552ab..6c85db25 100644 --- a/api-tests/ff/ipc/test_i023/test_i023.c +++ b/api-tests/ff/ipc/test_i023/test_i023.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i023.h" @@ -35,12 +35,12 @@ int32_t client_test_psa_reply_with_null_handle(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Testing psa_reply with invalid handle\n", 0); + val->print(PRINT_TEST, "[Check 1] Testing psa_reply with invalid handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tConnection should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tConnection should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i023/test_supp_i023.c b/api-tests/ff/ipc/test_i023/test_supp_i023.c index d28aa448..4436e4ac 100644 --- a/api-tests/ff/ipc/test_i023/test_supp_i023.c +++ b/api-tests/ff/ipc/test_i023/test_supp_i023.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_reply_with_null_handle(void); @@ -31,52 +36,62 @@ int32_t server_test_psa_reply_with_null_handle(void) psa_msg_t msg = {0}; int32_t status = VAL_STATUS_SUCCESS; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Test check - Call psa_reply with PSA_NULL_HANDLE. Call shouldn't return */ - psa_reply(PSA_NULL_HANDLE, PSA_CONNECTION_REFUSED); + /* Test check - Call psa_reply with PSA_NULL_HANDLE. Call should panic */ + psa->reply(PSA_NULL_HANDLE, PSA_ERROR_CONNECTION_REFUSED); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_reply with NULL handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_reply with NULL handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - status = val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return status; } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); status = VAL_STATUS_SPM_FAILED; - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); return status; } diff --git a/api-tests/ff/ipc/test_i024/test_i024.c b/api-tests/ff/ipc/test_i024/test_i024.c index b8ffaaba..d589c896 100644 --- a/api-tests/ff/ipc/test_i024/test_i024.c +++ b/api-tests/ff/ipc/test_i024/test_i024.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i024.h" @@ -33,34 +33,34 @@ client_test_t test_i024_client_tests_list[] = { int32_t client_test_psa_call_with_invalid_handle(security_t caller) { - int32_t status = VAL_STATUS_SUCCESS; - psa_handle_t handle = 0; psa_status_t status_of_call; boot_state_t boot_state; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid handle\n", 0); + "[Check 1] Test psa_call with invalid handle\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); - - if (handle < 0) - { - val->print(PRINT_ERROR, "\tConnection failed\n", 0); - return VAL_STATUS_INVALID_HANDLE; - } - /* Setting boot.state before test check */ boot_state = (caller == NONSECURE) ? BOOT_EXPECTED_NS : BOOT_EXPECTED_S; if (val->set_boot_flag(boot_state)) @@ -72,8 +72,18 @@ int32_t client_test_psa_call_with_invalid_handle(security_t caller) /* Test check- psa_call with INVALID_HANDLE */ status_of_call = psa->call(INVALID_HANDLE, NULL, 0, NULL, 0); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -82,8 +92,5 @@ int32_t client_test_psa_call_with_invalid_handle(security_t caller) return VAL_STATUS_ERROR; } - status = VAL_STATUS_SPM_FAILED; - psa->close(handle); - (void)(status_of_call); - return status; + return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i024/test_supp_i024.c b/api-tests/ff/ipc/test_i024/test_supp_i024.c index d3bbbf13..60d98953 100644 --- a/api-tests/ff/ipc/test_i024/test_supp_i024.c +++ b/api-tests/ff/ipc/test_i024/test_supp_i024.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_handle(void); @@ -28,25 +33,7 @@ server_test_t test_i024_server_tests_list[] = { int32_t server_test_psa_call_with_invalid_handle(void) { - int32_t status = VAL_STATUS_SUCCESS; - psa_msg_t msg = {0}; - - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) - { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); - return status; - } - - psa_reply(msg.handle, PSA_SUCCESS); - - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + val->err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); + return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i025/test_i025.c b/api-tests/ff/ipc/test_i025/test_i025.c index 495247f7..66d69dd2 100644 --- a/api-tests/ff/ipc/test_i025/test_i025.c +++ b/api-tests/ff/ipc/test_i025/test_i025.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i025.h" @@ -33,34 +33,34 @@ client_test_t test_i025_client_tests_list[] = { int32_t client_test_psa_call_with_null_handle(security_t caller) { - int32_t status = VAL_STATUS_SUCCESS; - psa_handle_t handle = 0; psa_status_t status_of_call; boot_state_t boot_state; val->print(PRINT_TEST, - "[Check1] Test psa_call with NULL handle\n", 0); + "[Check 1] Test psa_call with NULL handle\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); - - if (handle < 0) - { - val->print(PRINT_ERROR, "\tConnection failed\n", 0); - return VAL_STATUS_INVALID_HANDLE; - } - /* Setting boot.state before test check */ boot_state = (caller == NONSECURE) ? BOOT_EXPECTED_NS : BOOT_EXPECTED_S; if (val->set_boot_flag(boot_state)) @@ -72,8 +72,18 @@ int32_t client_test_psa_call_with_null_handle(security_t caller) /* Test check- psa_call with NULL HANDLE */ status_of_call = psa->call(PSA_NULL_HANDLE, NULL, 0, NULL, 0); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -82,8 +92,5 @@ int32_t client_test_psa_call_with_null_handle(security_t caller) return VAL_STATUS_ERROR; } - status = VAL_STATUS_SPM_FAILED; - psa->close(handle); - (void)(status_of_call); - return status; + return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i025/test_supp_i025.c b/api-tests/ff/ipc/test_i025/test_supp_i025.c index 036a2c9e..20f15573 100644 --- a/api-tests/ff/ipc/test_i025/test_supp_i025.c +++ b/api-tests/ff/ipc/test_i025/test_supp_i025.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_null_handle(void); @@ -28,25 +33,6 @@ server_test_t test_i025_server_tests_list[] = { int32_t server_test_psa_call_with_null_handle(void) { - int32_t status = VAL_STATUS_SUCCESS; - psa_msg_t msg = {0}; - - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) - { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); - return status; - } - - psa_reply(msg.handle, PSA_SUCCESS); - - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); - - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + val->err_check_set(TEST_CHECKPOINT_NUM(201), VAL_STATUS_SUCCESS); + return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i026/test_i026.c b/api-tests/ff/ipc/test_i026/test_i026.c index cedc4d67..bafd8a91 100644 --- a/api-tests/ff/ipc/test_i026/test_i026.c +++ b/api-tests/ff/ipc/test_i026/test_i026.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i026.h" @@ -46,18 +46,28 @@ int32_t client_test_psa_call_with_iovec_more_than_max_limit(security_t caller) psa_outvec outvec[1] = {{&data, sizeof(data)}}; val->print(PRINT_TEST, - "[Check1] Test psa_call with IOVEC > PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_call with IOVEC > PSA_MAX_IOVEC\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -79,8 +89,19 @@ int32_t client_test_psa_call_with_iovec_more_than_max_limit(security_t caller) /* Test check- psa_call with IOVEC > PSA_MAX_IOVEC */ status_of_call = psa->call(handle, invec, PSA_MAX_IOVEC, outvec, 1); - /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -91,6 +112,5 @@ int32_t client_test_psa_call_with_iovec_more_than_max_limit(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i026/test_i026.h b/api-tests/ff/ipc/test_i026/test_i026.h index 41d14dbd..183a060e 100644 --- a/api-tests/ff/ipc/test_i026/test_i026.h +++ b/api-tests/ff/ipc/test_i026/test_i026.h @@ -28,11 +28,6 @@ #define psa CONCAT(psa,_client_sp) #endif -/* Redefining PSA_MAX_IOVEC as it is undefined for client */ -#ifndef PSA_MAX_IOVEC -#define PSA_MAX_IOVEC 4 -#endif - extern val_api_t *val; extern psa_api_t *psa; diff --git a/api-tests/ff/ipc/test_i026/test_supp_i026.c b/api-tests/ff/ipc/test_i026/test_supp_i026.c index 0e5be8f0..4b1794b7 100644 --- a/api-tests/ff/ipc/test_i026/test_supp_i026.c +++ b/api-tests/ff/ipc/test_i026/test_supp_i026.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_iovec_more_than_max_limit(); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_iovec_more_than_max_limit() { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i027/test_entry.c b/api-tests/ff/ipc/test_i027/test_entry.c index 3f09f0b9..ed921299 100644 --- a/api-tests/ff/ipc/test_i027/test_entry.c +++ b/api-tests/ff/ipc/test_i027/test_entry.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "test_i027.h" #define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 27) -#define TEST_DESC "Testing PSA_DROP_CONNECTION\n" +#define TEST_DESC "Testing connection termination at PSA_IPC_CALL\n" TEST_PUBLISH(TEST_NUM, test_entry); val_api_t *val = NULL; psa_api_t *psa = NULL; diff --git a/api-tests/ff/ipc/test_i027/test_i027.c b/api-tests/ff/ipc/test_i027/test_i027.c index 2c69f795..1f20adc4 100644 --- a/api-tests/ff/ipc/test_i027/test_i027.c +++ b/api-tests/ff/ipc/test_i027/test_i027.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i027.h" @@ -39,31 +39,29 @@ int32_t client_test_psa_drop_connection(security_t caller) boot_state_t boot_state; val->print(PRINT_TEST, - "[Check1] Test PSA_DROP_CONNECTION\n", 0); + "[Check 1] Test connection termination at PSA_IPC_CALL\n", 0); - /* Test algorithm: + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * RoT service will terminate the connection by completing the message with a call - * to psa_reply() using the status code PSA_DROP_CONNECTION. + * If programmed timeout value isn't sufficient for your system, it can be reconfigured using + * timeout entries available in target.cfg. * - * The SPM can implement the required PSA_DROP_CONNECTION behavior in different ways: - * - * 1. Return PSA_DROP_CONNECTION to the client from the faulty psa_call() and mark the - * SPM connection object so that all future calls to psa_call() on this connection are - * immediately failed with PSA_DROP_CONNECTION. And SPM must deliver a PSA_IPC_DISCONNECT - * message for the connection to the RoT Service directly after receipt of the - * PSA_DROP_CONNECTION completion to allow connection resources within the RoT Service - * to be released. - * - * 2. Terminate the client task and restart if appropriate for the system - * - * - * If SPM implementation happens to be to first case, the test will expect psa_call to return - * PSA_DROP_CONNECTION for every future call to psa_call on the connection - * - * If SPM implementation happens to be second case, test will expect does not return behaviour - * for executed psa_call API - */ + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. + */ handle = psa->connect(SERVER_CONNECTION_DROP_SID, 1); if (handle < 0) @@ -72,9 +70,7 @@ int32_t client_test_psa_drop_connection(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Setting boot flag to BOOT_EXPECTED_* to help error recovery if SPM behaviour - * matches with 2nd case - */ + /* Setting boot.state before test check */ boot_state = (caller == NONSECURE) ? BOOT_EXPECTED_NS : BOOT_EXPECTED_S; if (val->set_boot_flag(boot_state)) { @@ -84,36 +80,49 @@ int32_t client_test_psa_drop_connection(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); - /* Resetting boot.state to catch unwanted reboot */ - status = val->set_boot_flag(BOOT_NOT_EXPECTED); - if (VAL_ERROR(status)) + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) { - val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); - goto exit; - } + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_NOT_EXPECTED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } - /* Case 1 implementation */ - if (status_of_call == PSA_DROP_CONNECTION) - { - val->print(PRINT_DEBUG, "\tRecieved PSA_DROP_CONNECTION\n", 0); + val->print(PRINT_DEBUG, "\tRecieved PSA_ERROR_PROGRAMMER_ERROR\n", 0); - status_of_call = psa->call(handle, NULL, 0, NULL, 0); - if (status_of_call != PSA_DROP_CONNECTION) - { - status = VAL_STATUS_SPM_FAILED; - val->print(PRINT_ERROR, - "\tCall should have returned PSA_DROP_CONNECTION. Status = 0x%x\n", status_of_call); - } + /* If this call returns PSA_ERROR_PROGRAMMER_ERROR, + * when a valid connection handle was provided, then + * all subsequent calls to psa_call() with the same connection + * handle will immediately return PSA_ERROR_PROGRAMMER_ERROR. + */ + status_of_call = psa->call(handle, NULL, 0, NULL, 0); + if (status_of_call != PSA_ERROR_PROGRAMMER_ERROR) + { + status = VAL_STATUS_SPM_FAILED; + val->print(PRINT_ERROR, + "\tCall should have returned PSA_ERROR_PROGRAMMER_ERROR. Status = 0x%x\n", + status_of_call); + } + psa->close(handle); + return status; } - /* If implementation is case 2, control shouldn't have come here*/ - else + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - /* psa_call should hang and control shouldn't have come here */ - status = VAL_STATUS_SPM_FAILED; - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; } -exit: psa->close(handle); - return status; + return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i027/test_supp_i027.c b/api-tests/ff/ipc/test_i027/test_supp_i027.c index 4c1ac218..c2eb4d3c 100644 --- a/api-tests/ff/ipc/test_i027/test_supp_i027.c +++ b/api-tests/ff/ipc/test_i027/test_supp_i027.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_drop_connection(void); @@ -31,35 +36,37 @@ int32_t server_test_psa_drop_connection(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - status = val_process_connect_request(SERVER_CONNECTION_DROP_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_CONNECTION_DROP_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_CONNECTION_DROP_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_CONNECTION_DROP_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); goto exit; } else { - psa_reply(msg.handle, PSA_DROP_CONNECTION); + psa->reply(msg.handle, PSA_ERROR_PROGRAMMER_ERROR); } exit: - /* SPM must deliver a PSA_IPC_DISCONNECT message for the connection to the RoT Service - directly after receipt of the PSA_DROP_CONNECTION completion to allow connection resources - within the RoT Service to be released */ - status = val_process_disconnect_request(SERVER_CONNECTION_DROP_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + /* + * SPM must deliver a PSA_IPC_DISCONNECT message for the connection to the RoT Service + * directly after receipt of the PSA_ERROR_PROGRAMMER_ERROR completion to allow + * connection resources within the RoT Service to be released + */ + status = val->process_disconnect_request(SERVER_CONNECTION_DROP_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tDisconnect request failed\n", 0); + val->print(PRINT_ERROR, "\tDisconnect request failed\n", 0); } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i028/test_entry.c b/api-tests/ff/ipc/test_i028/test_entry.c index 6126f471..c259efb8 100644 --- a/api-tests/ff/ipc/test_i028/test_entry.c +++ b/api-tests/ff/ipc/test_i028/test_entry.c @@ -34,7 +34,7 @@ void test_entry(val_api_t *val_api, psa_api_t *psa_api) /* test init */ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); - if(!IS_TEST_START(val->get_status())) + if (!IS_TEST_START(val->get_status())) { goto test_exit; } diff --git a/api-tests/ff/ipc/test_i028/test_i028.c b/api-tests/ff/ipc/test_i028/test_i028.c index 0e3539fc..a5be9d35 100644 --- a/api-tests/ff/ipc/test_i028/test_i028.c +++ b/api-tests/ff/ipc/test_i028/test_i028.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i028.h" @@ -35,7 +35,7 @@ int32_t client_test_psa_read_at_ipc_connect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_read at PSA_IPC_CONNECT\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_read at PSA_IPC_CONNECT\n", 0); handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); diff --git a/api-tests/ff/ipc/test_i028/test_supp_i028.c b/api-tests/ff/ipc/test_i028/test_supp_i028.c index 88df3c59..3c571e3c 100644 --- a/api-tests/ff/ipc/test_i028/test_supp_i028.c +++ b/api-tests/ff/ipc/test_i028/test_supp_i028.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,45 +39,55 @@ int32_t server_test_psa_read_at_ipc_connect() psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /*psa_read at PSA_IPC_CONNECT */ - psa_read(msg.handle, 0, (void *)data, 0); + /* psa_read at PSA_IPC_CONNECT, call should panic */ + psa->read(msg.handle, 0, (void *)data, 0); /* Shouldn't have reached here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i029/test_i029.c b/api-tests/ff/ipc/test_i029/test_i029.c index 69f3c515..51d199bd 100644 --- a/api-tests/ff/ipc/test_i029/test_i029.c +++ b/api-tests/ff/ipc/test_i029/test_i029.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i029.h" @@ -35,17 +35,16 @@ int32_t client_test_psa_read_at_ipc_disconnect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_read at PSA_IPC_DISCONNECT\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_read at PSA_IPC_DISCONNECT\n", 0); handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); - - /* Shouldn't have reached here */ - val->print(PRINT_ERROR, "\tCheck for psa_read at PSA_IPC_DISCONNECT failed\n", 0); - if (handle > 0) { psa->close(handle); } + /* Shouldn't have reached here */ + val->print(PRINT_ERROR, "\tCheck for psa_read at PSA_IPC_DISCONNECT failed\n", 0); + return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i029/test_supp_i029.c b/api-tests/ff/ipc/test_i029/test_supp_i029.c index 1738b102..0e7aac6b 100644 --- a/api-tests/ff/ipc/test_i029/test_supp_i029.c +++ b/api-tests/ff/ipc/test_i029/test_supp_i029.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,52 +39,63 @@ int32_t server_test_psa_read_at_ipc_disconnect(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_disconnect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } - /* Test check - psa_read at PSA_IPC_DISCONNECT */ - psa_read(msg.handle, 0, (void *)data, 0); + /* Test check - psa_read at PSA_IPC_DISCONNECT, call should panic */ + psa->read(msg.handle, 0, (void *)data, 0); /* Shouldn't have reached here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_SUCCESS); + + psa->reply(msg.handle, PSA_SUCCESS); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i030/test_i030.c b/api-tests/ff/ipc/test_i030/test_i030.c index 3a4a767b..f6eef922 100644 --- a/api-tests/ff/ipc/test_i030/test_i030.c +++ b/api-tests/ff/ipc/test_i030/test_i030.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i030.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_read_with_null_handle(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_read with NULL handle\n", 0); + "[Check 1] Test psa_read with NULL handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -51,7 +51,7 @@ int32_t client_test_psa_read_with_null_handle(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i030/test_supp_i030.c b/api-tests/ff/ipc/test_i030/test_supp_i030.c index fb3afd7c..6c67a002 100644 --- a/api-tests/ff/ipc/test_i030/test_supp_i030.c +++ b/api-tests/ff/ipc/test_i030/test_supp_i030.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,64 +39,74 @@ int32_t server_test_psa_read_with_null_handle(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_read with PSA_NULL_HANDLE */ - psa_read(PSA_NULL_HANDLE, 0, (void *)data, 0); + /* Test check- psa_read with PSA_NULL_HANDLE, call should panic */ + psa->read(PSA_NULL_HANDLE, 0, (void *)data, 0); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_read with NULL handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_read with NULL handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i031/test_i031.c b/api-tests/ff/ipc/test_i031/test_i031.c index ffa5a7c4..dc221519 100644 --- a/api-tests/ff/ipc/test_i031/test_i031.c +++ b/api-tests/ff/ipc/test_i031/test_i031.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i031.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_read_with_invalid_handle(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_read with invalid handle\n", 0); + "[Check 1] Test psa_read with invalid handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_read_with_invalid_handle(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i031/test_supp_i031.c b/api-tests/ff/ipc/test_i031/test_supp_i031.c index 3b41ba16..9bac47af 100644 --- a/api-tests/ff/ipc/test_i031/test_supp_i031.c +++ b/api-tests/ff/ipc/test_i031/test_supp_i031.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,64 +39,74 @@ int32_t server_test_psa_read_with_invalid_handle(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_read with INVALID_HANDLE */ - psa_read(INVALID_HANDLE, 0, (void *)data, 0); + /* Test check- psa_read with INVALID_HANDLE, call should panic */ + psa->read(INVALID_HANDLE, 0, (void *)data, 0); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_read with invalid handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_read with invalid handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i032/test_i032.c b/api-tests/ff/ipc/test_i032/test_i032.c index 712254bd..f0527833 100644 --- a/api-tests/ff/ipc/test_i032/test_i032.c +++ b/api-tests/ff/ipc/test_i032/test_i032.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i032.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_read_with_invec_equal_to_max_iovec(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_read with invec_idx=PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_read with invec_idx=PSA_MAX_IOVEC\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_read_with_invec_equal_to_max_iovec(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i032/test_supp_i032.c b/api-tests/ff/ipc/test_i032/test_supp_i032.c index 941615c3..e45d47b9 100644 --- a/api-tests/ff/ipc/test_i032/test_supp_i032.c +++ b/api-tests/ff/ipc/test_i032/test_supp_i032.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,64 +39,74 @@ int32_t server_test_psa_read_with_invec_equal_to_max_iovec(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if(val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_read with invec_idx=PSA_MAX_IOVEC */ - psa_read(msg.handle, PSA_MAX_IOVEC, (void *)data, 0); + /* Test check- psa_read with invec_idx=PSA_MAX_IOVEC, call should panic */ + psa->read(msg.handle, PSA_MAX_IOVEC, (void *)data, 0); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_read with invec_idx=PSA_MAX_IOVEC should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_read with invec_idx=PSA_MAX_IOVEC should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i033/test_i033.c b/api-tests/ff/ipc/test_i033/test_i033.c index 68e35bcf..1792dfa7 100644 --- a/api-tests/ff/ipc/test_i033/test_i033.c +++ b/api-tests/ff/ipc/test_i033/test_i033.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i033.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_read_with_invec_greater_than_max_iovec(security_t caller psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_read with invec_idx > PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_read with invec_idx > PSA_MAX_IOVEC\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_read_with_invec_greater_than_max_iovec(security_t caller status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i033/test_supp_i033.c b/api-tests/ff/ipc/test_i033/test_supp_i033.c index 70f9308b..425c255a 100644 --- a/api-tests/ff/ipc/test_i033/test_supp_i033.c +++ b/api-tests/ff/ipc/test_i033/test_supp_i033.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,64 +39,74 @@ int32_t server_test_psa_read_with_invec_greater_than_max_iovec(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_read with invec_idx > PSA_MAX_IOVEC */ - psa_read(msg.handle, PSA_MAX_IOVEC + 1, (void *)data, 0); + /* Test check- psa_read with invec_idx > PSA_MAX_IOVEC, call should panic */ + psa->read(msg.handle, PSA_MAX_IOVEC + 1, (void *)data, 0); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_read with invec_idx > PSA_MAX_IOVEC should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_read with invec_idx > PSA_MAX_IOVEC should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i034/test_i034.c b/api-tests/ff/ipc/test_i034/test_i034.c index d57057b6..742c1aa0 100644 --- a/api-tests/ff/ipc/test_i034/test_i034.c +++ b/api-tests/ff/ipc/test_i034/test_i034.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i034.h" @@ -35,7 +35,7 @@ int32_t client_test_psa_skip_at_ipc_connect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_skip at PSA_IPC_CONNECT\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_skip at PSA_IPC_CONNECT\n", 0); handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); diff --git a/api-tests/ff/ipc/test_i034/test_supp_i034.c b/api-tests/ff/ipc/test_i034/test_supp_i034.c index 6f98c12d..2580d99f 100644 --- a/api-tests/ff/ipc/test_i034/test_supp_i034.c +++ b/api-tests/ff/ipc/test_i034/test_supp_i034.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_skip_at_ipc_connect(void); @@ -31,46 +36,56 @@ int32_t server_test_psa_skip_at_ipc_connect(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Test check- psa_skip at PSA_IPC_CONNECT */ - psa_skip(msg.handle, 0, 0); + /* Test check- psa_skip at PSA_IPC_CONNECT, call should panic */ + psa->skip(msg.handle, 0, 0); /* Shouldn't have reached here */ - val_print(PRINT_ERROR,"\tpsa_skip should failed but successed\n", 0); + val->print(PRINT_ERROR,"\tpsa_skip should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i035/test_i035.c b/api-tests/ff/ipc/test_i035/test_i035.c index 401d2929..ca89abef 100644 --- a/api-tests/ff/ipc/test_i035/test_i035.c +++ b/api-tests/ff/ipc/test_i035/test_i035.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i035.h" @@ -35,7 +35,7 @@ int32_t client_test_psa_skip_at_ipc_disconnect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_skip at PSA_IPC_DISCONNECT\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_skip at PSA_IPC_DISCONNECT\n", 0); handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); if (handle > 0) diff --git a/api-tests/ff/ipc/test_i035/test_supp_i035.c b/api-tests/ff/ipc/test_i035/test_supp_i035.c index 1bec82bf..a3551488 100644 --- a/api-tests/ff/ipc/test_i035/test_supp_i035.c +++ b/api-tests/ff/ipc/test_i035/test_supp_i035.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_skip_at_ipc_disconnect(); @@ -31,52 +36,62 @@ int32_t server_test_psa_skip_at_ipc_disconnect() int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_disconnect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_SUCCESS); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_SUCCESS); return status; } - /* Test check- psa_skip at PSA_IPC_DISCONNECT */ - psa_skip(msg.handle, 0, 0); + /* Test check- psa_skip at PSA_IPC_DISCONNECT, call should panic */ + psa->skip(msg.handle, 0, 0); /* Shouldn't have reached here */ - val_print(PRINT_ERROR,"\tpsa_skip should failed but successed\n", 0); + val->print(PRINT_ERROR,"\tpsa_skip should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i036/test_i036.c b/api-tests/ff/ipc/test_i036/test_i036.c index 0daf6352..75eea227 100644 --- a/api-tests/ff/ipc/test_i036/test_i036.c +++ b/api-tests/ff/ipc/test_i036/test_i036.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i036.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_skip_with_null_handle(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_skip with NULL handle\n", 0); + "[Check 1] Test psa_skip with NULL handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_skip_with_null_handle(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i036/test_supp_i036.c b/api-tests/ff/ipc/test_i036/test_supp_i036.c index e7039959..b61bbfe7 100644 --- a/api-tests/ff/ipc/test_i036/test_supp_i036.c +++ b/api-tests/ff/ipc/test_i036/test_supp_i036.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_skip_with_null_handle(void); @@ -31,64 +36,74 @@ int32_t server_test_psa_skip_with_null_handle(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if(val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if(val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if(val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_skip with PSA_NULL_HANDLE */ - psa_skip(PSA_NULL_HANDLE, 0, 0); + /* Test check- psa_skip with PSA_NULL_HANDLE, call should panic */ + psa->skip(PSA_NULL_HANDLE, 0, 0); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_skip with NULL handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_skip with NULL handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i037/test_i037.c b/api-tests/ff/ipc/test_i037/test_i037.c index 8a0d8211..c6765a2a 100644 --- a/api-tests/ff/ipc/test_i037/test_i037.c +++ b/api-tests/ff/ipc/test_i037/test_i037.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i037.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_skip_with_invalid_handle(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_skip with invalid handle\n", 0); + "[Check 1] Test psa_skip with invalid handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_skip_with_invalid_handle(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i037/test_supp_i037.c b/api-tests/ff/ipc/test_i037/test_supp_i037.c index 870be92c..9ed99633 100644 --- a/api-tests/ff/ipc/test_i037/test_supp_i037.c +++ b/api-tests/ff/ipc/test_i037/test_supp_i037.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_skip_with_invalid_handle(void); @@ -31,52 +36,74 @@ int32_t server_test_psa_skip_with_invalid_handle(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. + * + * If programmed timeout value isn't sufficient for your system, it can be reconfigured using + * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. + */ + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_skip with INVALID_HANDLE */ - psa_skip(INVALID_HANDLE, 0, 0); + /* Test check- psa_skip with INVALID_HANDLE, call should panic */ + psa->skip(INVALID_HANDLE, 0, 0); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_skip with invalid handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_skip with invalid handle should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i038/test_i038.c b/api-tests/ff/ipc/test_i038/test_i038.c index 98dd4a05..a2cf2b8e 100644 --- a/api-tests/ff/ipc/test_i038/test_i038.c +++ b/api-tests/ff/ipc/test_i038/test_i038.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i038.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_skip_with_invec_equal_to_max_iovec(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_skip with invec_idx=PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_skip with invec_idx=PSA_MAX_IOVEC\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_skip_with_invec_equal_to_max_iovec(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i038/test_supp_i038.c b/api-tests/ff/ipc/test_i038/test_supp_i038.c index 536af3a1..540440d1 100644 --- a/api-tests/ff/ipc/test_i038/test_supp_i038.c +++ b/api-tests/ff/ipc/test_i038/test_supp_i038.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_skip_with_invec_equal_to_max_iovec(void); @@ -31,66 +36,76 @@ int32_t server_test_psa_skip_with_invec_equal_to_max_iovec(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_skip with invec_idx=PSA_MAX_IOVEC */ - psa_skip(msg.handle, PSA_MAX_IOVEC, 0); + /* Test check- psa_skip with invec_idx=PSA_MAX_IOVEC, call should panic */ + psa->skip(msg.handle, PSA_MAX_IOVEC, 0); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_skip with invec_idx=PSA_MAX_IOVEC should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_skip with invec_idx=PSA_MAX_IOVEC should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i039/test_i039.c b/api-tests/ff/ipc/test_i039/test_i039.c index 2db39ae4..b028f365 100644 --- a/api-tests/ff/ipc/test_i039/test_i039.c +++ b/api-tests/ff/ipc/test_i039/test_i039.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i039.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_skip_with_invec_greater_than_max_iovec(security_t caller psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_skip with invec_idx > PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_skip with invec_idx > PSA_MAX_IOVEC\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_skip_with_invec_greater_than_max_iovec(security_t caller status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i039/test_supp_i039.c b/api-tests/ff/ipc/test_i039/test_supp_i039.c index 58ee41e0..9b4b3c6e 100644 --- a/api-tests/ff/ipc/test_i039/test_supp_i039.c +++ b/api-tests/ff/ipc/test_i039/test_supp_i039.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_skip_with_invec_greater_than_max_iovec(void); @@ -31,66 +36,76 @@ int32_t server_test_psa_skip_with_invec_greater_than_max_iovec(void) int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_skip with invec_idx > PSA_MAX_IOVEC */ - psa_skip(msg.handle, PSA_MAX_IOVEC + 1, 0); + /* Test check- psa_skip with invec_idx > PSA_MAX_IOVEC, call should panic */ + psa->skip(msg.handle, PSA_MAX_IOVEC + 1, 0); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_skip with invec_idx > PSA_MAX_IOVEC should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_skip with invec_idx > PSA_MAX_IOVEC should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i040/test_i040.c b/api-tests/ff/ipc/test_i040/test_i040.c index ec020670..c0746b1e 100644 --- a/api-tests/ff/ipc/test_i040/test_i040.c +++ b/api-tests/ff/ipc/test_i040/test_i040.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i040.h" @@ -35,7 +35,7 @@ int32_t client_test_psa_write_at_ipc_connect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_write at PSA_IPC_CONNECT\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_write at PSA_IPC_CONNECT\n", 0); handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); diff --git a/api-tests/ff/ipc/test_i040/test_supp_i040.c b/api-tests/ff/ipc/test_i040/test_supp_i040.c index 47433c3e..8ea608b1 100644 --- a/api-tests/ff/ipc/test_i040/test_supp_i040.c +++ b/api-tests/ff/ipc/test_i040/test_supp_i040.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,46 +39,56 @@ int32_t server_test_psa_write_at_ipc_connect(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Test check- psa_write at PSA_IPC_CONNECT */ - psa_write(msg.handle, 0, (void *)data, 0); + /* Test check- psa_write at PSA_IPC_CONNECT, call should panic */ + psa->write(msg.handle, 0, (void *)data, 0); /* Shouldn't have reached here */ - val_print(PRINT_ERROR,"\tpsa_write should failed but successed\n", 0); + val->print(PRINT_ERROR,"\tpsa_write should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i041/test_i041.c b/api-tests/ff/ipc/test_i041/test_i041.c index a4275a9f..cead0f0f 100644 --- a/api-tests/ff/ipc/test_i041/test_i041.c +++ b/api-tests/ff/ipc/test_i041/test_i041.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i041.h" @@ -35,7 +35,7 @@ int32_t client_test_psa_write_at_ipc_disconnect(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_write at PSA_IPC_DISCONNECT\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_write at PSA_IPC_DISCONNECT\n", 0); handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); if (handle > 0) diff --git a/api-tests/ff/ipc/test_i041/test_supp_i041.c b/api-tests/ff/ipc/test_i041/test_supp_i041.c index ed483778..8b3d2b31 100644 --- a/api-tests/ff/ipc/test_i041/test_supp_i041.c +++ b/api-tests/ff/ipc/test_i041/test_supp_i041.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,53 +39,63 @@ int32_t server_test_psa_write_at_ipc_disconnect(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_disconnect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_disconnect_request(SERVER_RELAX_MINOR_VERSION_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, PSA_SUCCESS); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, PSA_SUCCESS); return status; } - /* Test check- psa_write at PSA_IPC_DISCONNECT */ - psa_write(msg.handle, 0, (void *)data, 0); + /* Test check- psa_write at PSA_IPC_DISCONNECT, call should panic */ + psa->write(msg.handle, 0, (void *)data, 0); /* Shouldn't have reached here */ - val_print(PRINT_ERROR,"\tpsa_write should failed but successed\n", 0); + val->print(PRINT_ERROR,"\tpsa_write should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return VAL_STATUS_INVALID; } diff --git a/api-tests/ff/ipc/test_i042/test_i042.c b/api-tests/ff/ipc/test_i042/test_i042.c index 4c7652e8..65dc1539 100644 --- a/api-tests/ff/ipc/test_i042/test_i042.c +++ b/api-tests/ff/ipc/test_i042/test_i042.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i042.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_write_with_null_handle(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_write with NULL handle\n", 0); + "[Check 1] Test psa_write with NULL handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_write_with_null_handle(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i042/test_supp_i042.c b/api-tests/ff/ipc/test_i042/test_supp_i042.c index 712791e6..1257cdfc 100644 --- a/api-tests/ff/ipc/test_i042/test_supp_i042.c +++ b/api-tests/ff/ipc/test_i042/test_supp_i042.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_write_with_null_handle(); @@ -32,51 +37,72 @@ int32_t server_test_psa_write_with_null_handle() psa_msg_t msg = {0}; uint8_t data[4] = {0}; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if(val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. + * + * If programmed timeout value isn't sufficient for your system, it can be reconfigured using + * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. + */ + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if(val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { - /* Set boot flag to BOOT_EXPECTED_* to indicate- test is targeting - fatal error condition and test will expect error recovery to happen */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if(val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + /* Setting boot.state before test check */ + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - psa_reply(msg.handle, -3); + psa->reply(msg.handle, -3); } else { - /*psa_write with PSA_NULL_HANDLE */ - psa_write(PSA_NULL_HANDLE, 0, (void *)data, 0); + /* psa_write with PSA_NULL_HANDLE, call should panic */ + psa->write(PSA_NULL_HANDLE, 0, (void *)data, 0); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED); + val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_write with NULL handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_write with NULL handle should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i043/test_i043.c b/api-tests/ff/ipc/test_i043/test_i043.c index 6bebfe39..ea38f4c2 100644 --- a/api-tests/ff/ipc/test_i043/test_i043.c +++ b/api-tests/ff/ipc/test_i043/test_i043.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i043.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_write_with_invalid_handle(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_write with invalid handle\n", 0); + "[Check 1] Test psa_write with invalid handle\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_write_with_invalid_handle(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i043/test_supp_i043.c b/api-tests/ff/ipc/test_i043/test_supp_i043.c index 04053f20..51237539 100644 --- a/api-tests/ff/ipc/test_i043/test_supp_i043.c +++ b/api-tests/ff/ipc/test_i043/test_supp_i043.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,65 +39,75 @@ int32_t server_test_psa_write_with_invalid_handle(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_write with INVALID_HANDLE */ - psa_write(INVALID_HANDLE, 0, (void *)data, 0); + /* Test check- psa_write with INVALID_HANDLE, call should panic */ + psa->write(INVALID_HANDLE, 0, (void *)data, 0); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_write with invalid handle should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_write with invalid handle should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i044/test_i044.c b/api-tests/ff/ipc/test_i044/test_i044.c index 17289e1e..c22a18b8 100644 --- a/api-tests/ff/ipc/test_i044/test_i044.c +++ b/api-tests/ff/ipc/test_i044/test_i044.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i044.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_write_with_invec_equal_to_max_iovec(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_write with invec_idx=PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_write with invec_idx=PSA_MAX_IOVEC\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_write_with_invec_equal_to_max_iovec(security_t caller) status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i044/test_supp_i044.c b/api-tests/ff/ipc/test_i044/test_supp_i044.c index 1219b5ef..b4e4cae3 100644 --- a/api-tests/ff/ipc/test_i044/test_supp_i044.c +++ b/api-tests/ff/ipc/test_i044/test_supp_i044.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,53 +39,75 @@ int32_t server_test_psa_write_with_invec_equal_to_max_iovec(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. + * + * If programmed timeout value isn't sufficient for your system, it can be reconfigured using + * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. + */ + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_write with invec_idx=PSA_MAX_IOVEC */ - psa_write(msg.handle, PSA_MAX_IOVEC, (void *)data, 0); + /* Test check- psa_write with invec_idx=PSA_MAX_IOVEC, call should panic */ + psa->write(msg.handle, PSA_MAX_IOVEC, (void *)data, 0); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_write with invec_idx=PSA_MAX_IOVEC should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_write with invec_idx=PSA_MAX_IOVEC should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i045/test_i045.c b/api-tests/ff/ipc/test_i045/test_i045.c index 3b15f967..6448b6de 100644 --- a/api-tests/ff/ipc/test_i045/test_i045.c +++ b/api-tests/ff/ipc/test_i045/test_i045.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i045.h" @@ -38,7 +38,7 @@ int32_t client_test_psa_write_with_invec_greater_than_max_iovec(security_t calle psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_write with invec_idx > PSA_MAX_IOVEC\n", 0); + "[Check 1] Test psa_write with invec_idx > PSA_MAX_IOVEC\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -50,7 +50,7 @@ int32_t client_test_psa_write_with_invec_greater_than_max_iovec(security_t calle status_of_call = psa->call(handle, NULL, 0, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i045/test_supp_i045.c b/api-tests/ff/ipc/test_i045/test_supp_i045.c index a16d5a74..260e6ff7 100644 --- a/api-tests/ff/ipc/test_i045/test_supp_i045.c +++ b/api-tests/ff/ipc/test_i045/test_supp_i045.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,65 +39,75 @@ int32_t server_test_psa_write_with_invec_greater_than_max_iovec(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_write with invec_idx > PSA_MAX_IOVEC */ - psa_write(msg.handle, PSA_MAX_IOVEC + 1, (void *)data, 0); + /* Test check- psa_write with invec_idx > PSA_MAX_IOVEC, call should panic */ + psa->write(msg.handle, PSA_MAX_IOVEC + 1, (void *)data, 0); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_write with invec_idx > PSA_MAX_IOVEC should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_write with invec_idx > PSA_MAX_IOVEC should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i046/test_i046.c b/api-tests/ff/ipc/test_i046/test_i046.c index 06139698..f6270239 100644 --- a/api-tests/ff/ipc/test_i046/test_i046.c +++ b/api-tests/ff/ipc/test_i046/test_i046.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i046.h" @@ -39,7 +39,7 @@ int32_t client_test_psa_write_with_size_overflow(security_t caller) uint8_t data = 0; val->print(PRINT_TEST, - "[Check1] Test psa_write with size overflow\n", 0); + "[Check 1] Test psa_write with size overflow\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -53,7 +53,7 @@ int32_t client_test_psa_write_with_size_overflow(security_t caller) status_of_call = psa->call(handle, NULL, 0, &resp, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i046/test_supp_i046.c b/api-tests/ff/ipc/test_i046/test_supp_i046.c index c5db835e..8a4513a2 100644 --- a/api-tests/ff/ipc/test_i046/test_supp_i046.c +++ b/api-tests/ff/ipc/test_i046/test_supp_i046.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NUM_OF_BYTES 4 @@ -34,65 +39,75 @@ int32_t server_test_psa_write_with_size_overflow(void) psa_msg_t msg = {0}; uint8_t data[NUM_OF_BYTES] = {0}; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_write with size overflow */ - psa_write(msg.handle, 0, (void *)data, msg.out_size[0]+1); + /* Test check- psa_write with size overflow, call should panic */ + psa->write(msg.handle, 0, (void *)data, msg.out_size[0]+1); status = VAL_STATUS_SPM_FAILED; /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_write with size overflow should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_write with size overflow should failed but succeed\n", 0); - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i047/test_i047.c b/api-tests/ff/ipc/test_i047/test_i047.c index 989c6b05..ab98a951 100644 --- a/api-tests/ff/ipc/test_i047/test_i047.c +++ b/api-tests/ff/ipc/test_i047/test_i047.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i047.h" @@ -36,7 +36,7 @@ int32_t client_test_psa_get_with_invalid_msg_pointer(security_t caller) psa_handle_t handle = 0; val->print(PRINT_TEST, - "[Check1] Test psa_get with invalid msg pointer\n", 0); + "[Check 1] Test psa_get with invalid msg pointer\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle > 0) @@ -45,7 +45,7 @@ int32_t client_test_psa_get_with_invalid_msg_pointer(security_t caller) } /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_connect should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tpsa_connect should failed but succeed\n", 0); (void)(handle); return VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i047/test_supp_i047.c b/api-tests/ff/ipc/test_i047/test_supp_i047.c index b41aa97e..82e43df6 100644 --- a/api-tests/ff/ipc/test_i047/test_supp_i047.c +++ b/api-tests/ff/ipc/test_i047/test_supp_i047.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_get_with_invalid_msg_pointer(void); @@ -35,49 +40,61 @@ int32_t server_test_psa_get_with_invalid_msg_pointer(void) miscellaneous_desc_t *misc_desc; memory_desc_t *memory_desc; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - signals = psa_wait(SERVER_UNSPECIFED_MINOR_V_SIG, PSA_BLOCK); + signals = psa->wait(SERVER_UNSPECIFED_MINOR_V_SIG, PSA_BLOCK); if ((signals & SERVER_UNSPECIFED_MINOR_V_SIG) == 0) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait returned with invalid signal value = 0x%x\n", signals); return VAL_STATUS_ERROR; } - /* Selection of invalid msg pointer: + /* + * Selection of invalid msg pointer: + * * if (ISOLATION_LEVEL > 1) * msg_pointer = driver_mmio_region_base; * else * msg_pointer = NULL; */ - status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MISCELLANEOUS, + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MISCELLANEOUS, MISCELLANEOUS_DUT, 0), (uint8_t **)&misc_desc, (uint32_t *)sizeof(miscellaneous_desc_t)); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { return status; } if (misc_desc->implemented_psa_firmware_isolation_level > LEVEL1) { - status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, MEMORY_DRIVER_PARTITION_MMIO, 0), (uint8_t **)&memory_desc, (uint32_t *)sizeof(memory_desc_t)); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { return status; } @@ -86,26 +103,26 @@ int32_t server_test_psa_get_with_invalid_msg_pointer(void) } /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return VAL_STATUS_ERROR; } - /* psa_get with invalid msg pointer */ - psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, invalid_msg); + /* psa_get with invalid msg pointer, call should panic */ + psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, invalid_msg); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_get with invalid msg pointer should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_get with invalid msg pointer should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } /* Reject the connection */ - psa_reply(invalid_msg->handle, PSA_CONNECTION_REFUSED); + psa->reply(invalid_msg->handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i048/test_i048.c b/api-tests/ff/ipc/test_i048/test_i048.c index 718236f3..7e8bb6dc 100644 --- a/api-tests/ff/ipc/test_i048/test_i048.c +++ b/api-tests/ff/ipc/test_i048/test_i048.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i048.h" @@ -42,18 +42,28 @@ int32_t client_test_psa_call_with_invalid_invec_pointer(security_t caller) psa_invec *invalid_invec = NULL; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid address for in_vec\n", 0); - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + "[Check 1] Test psa_call with invalid address for in_vec\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -64,12 +74,15 @@ int32_t client_test_psa_call_with_invalid_invec_pointer(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Selection of invalid invec pointer: + /* + * Selection of invalid invec pointer: + * * if caller == NONSECURE * // PSA RoT pointer * invec_pointer = driver_mmio_region_base; * else * if (ISOLATION_LEVEL > 1) + * // PSA RoT pointer * invec_pointer = driver_mmio_region_base; * else * invec_pointer = NULL; @@ -115,8 +128,19 @@ int32_t client_test_psa_call_with_invalid_invec_pointer(security_t caller) /* Test check- psa_call with invalid address for in_vec */ status_of_call = psa->call(handle, invalid_invec, 1, NULL, 0); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -127,6 +151,5 @@ int32_t client_test_psa_call_with_invalid_invec_pointer(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i048/test_supp_i048.c b/api-tests/ff/ipc/test_i048/test_supp_i048.c index 5384990d..51b11da5 100644 --- a/api-tests/ff/ipc/test_i048/test_supp_i048.c +++ b/api-tests/ff/ipc/test_i048/test_supp_i048.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_invec_pointer(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_invalid_invec_pointer(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i049/test_i049.c b/api-tests/ff/ipc/test_i049/test_i049.c index 01999dfa..f3f16646 100644 --- a/api-tests/ff/ipc/test_i049/test_i049.c +++ b/api-tests/ff/ipc/test_i049/test_i049.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i049.h" @@ -42,18 +42,28 @@ int32_t client_test_psa_call_with_invalid_outvec_pointer(security_t caller) psa_outvec *invalid_outvec = NULL; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid address for outvec\n", 0); - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + "[Check 1] Test psa_call with invalid address for outvec\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -64,12 +74,15 @@ int32_t client_test_psa_call_with_invalid_outvec_pointer(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Selection of invalid outvec pointer: + /* + * Selection of invalid outvec pointer: + * * if caller == NONSECURE * // PSA RoT pointer * outvec_pointer = driver_mmio_region_base; * else * if (ISOLATION_LEVEL > 1) + * // PSA RoT pointer * outvec_pointer = driver_mmio_region_base; * else * outvec_pointer = NULL; @@ -115,8 +128,19 @@ int32_t client_test_psa_call_with_invalid_outvec_pointer(security_t caller) /* Test check- psa_call with invalid address for outvec */ status_of_call = psa->call(handle, NULL, 0, invalid_outvec, 1); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -127,6 +151,5 @@ int32_t client_test_psa_call_with_invalid_outvec_pointer(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i049/test_supp_i049.c b/api-tests/ff/ipc/test_i049/test_supp_i049.c index 73e5d689..23b52b8c 100644 --- a/api-tests/ff/ipc/test_i049/test_supp_i049.c +++ b/api-tests/ff/ipc/test_i049/test_supp_i049.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_outvec_pointer(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_invalid_outvec_pointer(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i050/test_i050.c b/api-tests/ff/ipc/test_i050/test_i050.c index bf5fd211..9f616b16 100644 --- a/api-tests/ff/ipc/test_i050/test_i050.c +++ b/api-tests/ff/ipc/test_i050/test_i050.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i050.h" @@ -42,18 +42,28 @@ int32_t client_test_psa_call_with_invalid_invec_base(security_t caller) addr_t *invalid_base = NULL; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid psa_invec.base\n", 0); - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + "[Check 1] Test psa_call with invalid psa_invec.base\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -64,12 +74,15 @@ int32_t client_test_psa_call_with_invalid_invec_base(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Selection of invalid invec pointer: + /* + * Selection of invalid invec pointer: + * * if caller == NONSECURE * // PSA RoT pointer * invalid_base = driver_mmio_region_base; * else * if (ISOLATION_LEVEL > 1) + * // PSA RoT pointer * invalid_base = driver_mmio_region_base; * else * invalid_base = NULL; @@ -117,8 +130,19 @@ int32_t client_test_psa_call_with_invalid_invec_base(security_t caller) /* Test check- psa_call with invalid address for psa_invec.base */ status_of_call = psa->call(handle, invec, 1, NULL, 0); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -129,6 +153,5 @@ int32_t client_test_psa_call_with_invalid_invec_base(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i050/test_supp_i050.c b/api-tests/ff/ipc/test_i050/test_supp_i050.c index e1b29792..9c09445e 100644 --- a/api-tests/ff/ipc/test_i050/test_supp_i050.c +++ b/api-tests/ff/ipc/test_i050/test_supp_i050.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_invec_base(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_invalid_invec_base(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i051/test_i051.c b/api-tests/ff/ipc/test_i051/test_i051.c index 3b4a726c..6a1f875c 100644 --- a/api-tests/ff/ipc/test_i051/test_i051.c +++ b/api-tests/ff/ipc/test_i051/test_i051.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i051.h" @@ -42,18 +42,28 @@ int32_t client_test_psa_call_with_invalid_outvec_base(security_t caller) addr_t *invalid_base = NULL; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid psa_outvec.base\n", 0); - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + "[Check 1] Test psa_call with invalid psa_outvec.base\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -64,12 +74,15 @@ int32_t client_test_psa_call_with_invalid_outvec_base(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Selection of invalid outvec pointer: + /* + * Selection of invalid outvec pointer: + * * if caller == NONSECURE * // PSA RoT pointer * invalid_base = driver_mmio_region_base; * else * if (ISOLATION_LEVEL > 1) + * // PSA RoT pointer * invalid_base = driver_mmio_region_base; * else * invalid_base = NULL; @@ -115,10 +128,21 @@ int32_t client_test_psa_call_with_invalid_outvec_base(security_t caller) psa_outvec outvec[1] = {{invalid_base, sizeof(addr_t)}}; /* Test check- psa_call with invalid address for psa_outvec.base */ - status_of_call = psa->call(handle, NULL, 0, outvec, 0); + status_of_call = psa->call(handle, NULL, 0, outvec, 1); + + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -129,6 +153,5 @@ int32_t client_test_psa_call_with_invalid_outvec_base(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i051/test_supp_i051.c b/api-tests/ff/ipc/test_i051/test_supp_i051.c index 8acb38a6..0d3be0b6 100644 --- a/api-tests/ff/ipc/test_i051/test_supp_i051.c +++ b/api-tests/ff/ipc/test_i051/test_supp_i051.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_outvec_base(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_invalid_outvec_base(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i052/test_i052.c b/api-tests/ff/ipc/test_i052/test_i052.c index 6b67f7ff..5b14c373 100644 --- a/api-tests/ff/ipc/test_i052/test_i052.c +++ b/api-tests/ff/ipc/test_i052/test_i052.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i052.h" @@ -43,18 +43,28 @@ int32_t client_test_psa_call_with_invalid_invec_end_addr(security_t caller) addr_t *valid_base = NULL; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid end_addr for psa_invec\n", 0); - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + "[Check 1] Test psa_call with invalid end_addr for psa_invec\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -65,14 +75,16 @@ int32_t client_test_psa_call_with_invalid_invec_end_addr(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Selection of invalid size for psa_invec: + /* + * Selection of invalid size for psa_invec: + * * if caller == NONSECURE * valid_base = nspe_mmio_region_base; * invalid_size = (driver_mmio_region_base - nspe_mmio_region_base + 1); * else * if (ISOLATION_LEVEL > 1) - * valid_base = client_mmio_region_base; - * invalid_size = (driver_mmio_region_base - client_mmio_region_base + 1); + * valid_base = server_mmio_region_base; + * invalid_size = (driver_mmio_region_base - server_mmio_region_base + 1); */ status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, @@ -88,7 +100,7 @@ int32_t client_test_psa_call_with_invalid_invec_end_addr(security_t caller) if (caller == NONSECURE) memory_cfg_id = MEMORY_NSPE_MMIO; else - memory_cfg_id = MEMORY_CLIENT_PARTITION_MMIO; + memory_cfg_id = MEMORY_SERVER_PARTITION_MMIO; status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, memory_cfg_id, 0), @@ -116,8 +128,19 @@ int32_t client_test_psa_call_with_invalid_invec_end_addr(security_t caller) /* Test check- psa_call with invalid end_addr for psa_invec */ status_of_call = psa->call(handle, invec, 1, NULL, 0); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -128,6 +151,5 @@ int32_t client_test_psa_call_with_invalid_invec_end_addr(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i052/test_supp_i052.c b/api-tests/ff/ipc/test_i052/test_supp_i052.c index 0eeafcef..31bc32b4 100644 --- a/api-tests/ff/ipc/test_i052/test_supp_i052.c +++ b/api-tests/ff/ipc/test_i052/test_supp_i052.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_invec_end_addr(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_invalid_invec_end_addr(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i053/test_i053.c b/api-tests/ff/ipc/test_i053/test_i053.c index 9420ba18..108c24b9 100644 --- a/api-tests/ff/ipc/test_i053/test_i053.c +++ b/api-tests/ff/ipc/test_i053/test_i053.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i053.h" @@ -43,18 +43,28 @@ int32_t client_test_psa_call_with_invalid_outvec_end_addr(security_t caller) addr_t *valid_base = NULL; val->print(PRINT_TEST, - "[Check1] Test psa_call with invalid end_addr for psa_outvec\n", 0); - - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + "[Check 1] Test psa_call with invalid end_addr for psa_outvec\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -65,14 +75,16 @@ int32_t client_test_psa_call_with_invalid_outvec_end_addr(security_t caller) return VAL_STATUS_INVALID_HANDLE; } - /* Selection of invalid size for psa_outvec: + /* + * Selection of invalid size for psa_outvec: + * * if caller == NONSECURE * valid_base = nspe_mmio_region_base; * invalid_size = (driver_mmio_region_base - nspe_mmio_region_base + 1); * else * if (ISOLATION_LEVEL > 1) - * valid_base = client_mmio_region_base; - * invalid_size = (driver_mmio_region_base - client_mmio_region_base + 1); + * valid_base = server_mmio_region_base; + * invalid_size = (driver_mmio_region_base - server_mmio_region_base + 1); */ status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, @@ -88,7 +100,7 @@ int32_t client_test_psa_call_with_invalid_outvec_end_addr(security_t caller) if (caller == NONSECURE) memory_cfg_id = MEMORY_NSPE_MMIO; else - memory_cfg_id = MEMORY_CLIENT_PARTITION_MMIO; + memory_cfg_id = MEMORY_SERVER_PARTITION_MMIO; status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, memory_cfg_id, 0), @@ -116,8 +128,19 @@ int32_t client_test_psa_call_with_invalid_outvec_end_addr(security_t caller) /* Test check- psa_call with invalid end_addr for psa_outvec */ status_of_call = psa->call(handle, NULL, 0, outvec, 1); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* + * If the caller is in the NSPE, it is IMPLEMENTATION DEFINED whether + * a PROGRAMMER ERROR will panic or return PSA_ERROR_PROGRAMMER_ERROR. + * For SPE caller, it must panic. + */ + if (caller == NONSECURE && status_of_call == PSA_ERROR_PROGRAMMER_ERROR) + { + psa->close(handle); + return VAL_STATUS_SUCCESS; + } + + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) diff --git a/api-tests/ff/ipc/test_i053/test_supp_i053.c b/api-tests/ff/ipc/test_i053/test_supp_i053.c index c2d853bd..649e3c25 100644 --- a/api-tests/ff/ipc/test_i053/test_supp_i053.c +++ b/api-tests/ff/ipc/test_i053/test_supp_i053.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_invalid_outvec_end_addr(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_invalid_outvec_end_addr(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i054/test_entry.c b/api-tests/ff/ipc/test_i054/test_entry.c index 71e93557..d431d59a 100644 --- a/api-tests/ff/ipc/test_i054/test_entry.c +++ b/api-tests/ff/ipc/test_i054/test_entry.c @@ -39,13 +39,6 @@ void test_entry(val_api_t *val_api, psa_api_t *psa_api) goto test_exit; } - /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ - status = val->execute_non_secure_tests(TEST_NUM, test_i054_client_tests_list, TRUE); - if (VAL_ERROR(status)) - { - goto test_exit; - } - /* Switch to secure side (client_partition.c) and execute list of tests available in test[num]_client_tests_list from Secure side */ status = val->switch_to_secure_client(TEST_NUM); diff --git a/api-tests/ff/ipc/test_i054/test_i054.c b/api-tests/ff/ipc/test_i054/test_i054.c index 894cb86e..80160cae 100644 --- a/api-tests/ff/ipc/test_i054/test_i054.c +++ b/api-tests/ff/ipc/test_i054/test_i054.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i054.h" @@ -35,22 +35,30 @@ int32_t client_test_psa_call_with_not_writable_outvec_base(security_t caller) { int32_t status = VAL_STATUS_SUCCESS; psa_handle_t handle = 0; - psa_status_t status_of_call; - boot_state_t boot_state; val->print(PRINT_TEST, - "[Check1] Test psa_call with not writable psa_outvec.base\n", 0); + "[Check 1] Test psa_call with not writable psa_outvec.base\n", 0); - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); @@ -61,8 +69,7 @@ int32_t client_test_psa_call_with_not_writable_outvec_base(security_t caller) } /* Setting boot.state before test check */ - boot_state = (caller == NONSECURE) ? BOOT_EXPECTED_NS : BOOT_EXPECTED_S; - if (val->set_boot_flag(boot_state)) + if (val->set_boot_flag(BOOT_EXPECTED_S)) { val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return VAL_STATUS_ERROR; @@ -71,11 +78,11 @@ int32_t client_test_psa_call_with_not_writable_outvec_base(security_t caller) /* Using function address (code) as not writable address */ psa_outvec outvec[1] = {{&client_test_psa_call_with_not_writable_outvec_base, sizeof(char)}}; - /* Test check- psa_call with not writable psa_outvec.base */ - status_of_call = psa->call(handle, NULL, 0, outvec, 0); + /* Test check- psa_call with not writable psa_outvec.base, call should panic */ + psa->call(handle, NULL, 0, outvec, 1); - /* Expectation is psa_call should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tpsa_call should failed but successed\n", 0); + /* If PROGRAMMER ERROR results into panic then control shouldn't have reached here */ + val->print(PRINT_ERROR, "\tpsa_call should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) @@ -86,6 +93,5 @@ int32_t client_test_psa_call_with_not_writable_outvec_base(security_t caller) status = VAL_STATUS_SPM_FAILED; psa->close(handle); - (void)(status_of_call); return status; } diff --git a/api-tests/ff/ipc/test_i054/test_supp_i054.c b/api-tests/ff/ipc/test_i054/test_supp_i054.c index bdaae570..75442576 100644 --- a/api-tests/ff/ipc/test_i054/test_supp_i054.c +++ b/api-tests/ff/ipc/test_i054/test_supp_i054.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_call_with_not_writable_outvec_base(void); @@ -30,23 +35,45 @@ int32_t server_test_psa_call_with_not_writable_outvec_base(void) { int32_t status = VAL_STATUS_SUCCESS; psa_msg_t msg = {0}; + psa_signal_t signals; - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); +wait: + signals = psa->wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) + { + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + { + goto wait; + } - /* Control shouldn't have come here */ - val_print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); - psa_reply(msg.handle, -2); + if (msg.type == PSA_IPC_CALL) + { + /* Control shouldn't have come here */ + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + psa->reply(msg.handle, -2); + val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + psa->reply(msg.handle, PSA_SUCCESS); + } + else if (msg.type == PSA_IPC_DISCONNECT) + { + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; + } + } + else + { + val->print(PRINT_ERROR, "\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + return VAL_STATUS_ERROR; + } - val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - psa_reply(msg.handle, PSA_SUCCESS); - return VAL_STATUS_SPM_FAILED; + return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i055/test_i055.c b/api-tests/ff/ipc/test_i055/test_i055.c index 29616aa9..033a99a2 100644 --- a/api-tests/ff/ipc/test_i055/test_i055.c +++ b/api-tests/ff/ipc/test_i055/test_i055.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i055.h" @@ -39,7 +39,7 @@ int32_t client_test_psa_read_with_invalid_buffer_addr(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_read with invalid buffer addr\n", 0); + "[Check 1] Test psa_read with invalid buffer addr\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -52,7 +52,7 @@ int32_t client_test_psa_read_with_invalid_buffer_addr(security_t caller) status_of_call = psa->call(handle, invec, 1, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i055/test_supp_i055.c b/api-tests/ff/ipc/test_i055/test_supp_i055.c index 7cc450e9..24867959 100644 --- a/api-tests/ff/ipc/test_i055/test_supp_i055.c +++ b/api-tests/ff/ipc/test_i055/test_supp_i055.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_read_with_invalid_buffer_addr(void); @@ -34,52 +39,64 @@ int32_t server_test_psa_read_with_invalid_buffer_addr(void) miscellaneous_desc_t *misc_desc; memory_desc_t *memory_desc; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Selection of invalid buffer addr: + /* + * Selection of invalid buffer addr: + * * if (ISOLATION_LEVEL > 1) * buffer = driver_mmio_region_base; * else * buffer = NULL; */ - status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MISCELLANEOUS, + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MISCELLANEOUS, MISCELLANEOUS_DUT, 0), (uint8_t **)&misc_desc, (uint32_t *)sizeof(miscellaneous_desc_t)); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } if (misc_desc->implemented_psa_firmware_isolation_level > LEVEL1) { - status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, MEMORY_DRIVER_PARTITION_MMIO, 0), (uint8_t **)&memory_desc, (uint32_t *)sizeof(memory_desc_t)); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } @@ -87,46 +104,46 @@ int32_t server_test_psa_read_with_invalid_buffer_addr(void) } /* Accept the connection */ - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); - /* Server psa_call */ - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(204), status)) + /* Serve psa_call */ + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if(val_err_check_set(TEST_CHECKPOINT_NUM(205), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(205), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_read with invalid buffer addr */ - psa_read(msg.handle, 0, (void *)buffer, msg.in_size[0]); + /* Test check- psa_read with invalid buffer addr, call should panic */ + psa->read(msg.handle, 0, (void *)buffer, msg.in_size[0]); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_read with invalid buffer should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_read with invalid buffer should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(206), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(206), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i056/test_i056.c b/api-tests/ff/ipc/test_i056/test_i056.c index bd5a7c59..7547d33e 100644 --- a/api-tests/ff/ipc/test_i056/test_i056.c +++ b/api-tests/ff/ipc/test_i056/test_i056.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i056.h" @@ -39,7 +39,7 @@ int32_t client_test_psa_read_with_not_writable_buffer_addr(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_read with invalid buffer addr\n", 0); + "[Check 1] Test psa_read with invalid buffer addr\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -52,7 +52,7 @@ int32_t client_test_psa_read_with_not_writable_buffer_addr(security_t caller) status_of_call = psa->call(handle, invec, 1, NULL, 0); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i056/test_supp_i056.c b/api-tests/ff/ipc/test_i056/test_supp_i056.c index 9a47e3bd..3a863102 100644 --- a/api-tests/ff/ipc/test_i056/test_supp_i056.c +++ b/api-tests/ff/ipc/test_i056/test_supp_i056.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_read_with_not_writable_buffer_addr(void); @@ -32,70 +37,80 @@ int32_t server_test_psa_read_with_not_writable_buffer_addr(void) psa_msg_t msg = {0}; void *buffer = NULL; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Accept the connection */ - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); /* Set buffer to point to not writable location (Code memory) */ buffer = (void *) &server_test_psa_read_with_not_writable_buffer_addr; - /* Server psa_call */ - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + /* Serve psa_call */ + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if(val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_read with not writable buffer addr */ - psa_read(msg.handle, 0, (void *)buffer, msg.in_size[0]); + /* Test check- psa_read with not writable buffer addr, call should panic */ + psa->read(msg.handle, 0, (void *)buffer, msg.in_size[0]); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_read with not writable buffer should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_read with not writable buffer should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(204), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(204), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i057/test_i057.c b/api-tests/ff/ipc/test_i057/test_i057.c index 5aef674c..05967d4e 100644 --- a/api-tests/ff/ipc/test_i057/test_i057.c +++ b/api-tests/ff/ipc/test_i057/test_i057.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i057.h" @@ -39,7 +39,7 @@ int32_t client_test_psa_write_with_invalid_buffer_addr(security_t caller) psa_status_t status_of_call; val->print(PRINT_TEST, - "[Check1] Test psa_write with invalid buffer addr\n", 0); + "[Check 1] Test psa_write with invalid buffer addr\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -52,7 +52,7 @@ int32_t client_test_psa_write_with_invalid_buffer_addr(security_t caller) status_of_call = psa->call(handle, NULL, 0, outvec, 1); /* Expectation is server test should hang and control shouldn't have come here */ - val->print(PRINT_ERROR, "\tCall should failed but successed\n", 0); + val->print(PRINT_ERROR, "\tCall should failed but succeed\n", 0); status = VAL_STATUS_SPM_FAILED; diff --git a/api-tests/ff/ipc/test_i057/test_supp_i057.c b/api-tests/ff/ipc/test_i057/test_supp_i057.c index 54d6dada..2b0510e4 100644 --- a/api-tests/ff/ipc/test_i057/test_supp_i057.c +++ b/api-tests/ff/ipc/test_i057/test_supp_i057.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_write_with_invalid_buffer_addr(void); @@ -34,52 +39,64 @@ int32_t server_test_psa_write_with_invalid_buffer_addr(void) miscellaneous_desc_t *misc_desc; memory_desc_t *memory_desc; - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } - /* Selection of invalid buffer addr: + /* + * Selection of invalid buffer addr: + * * if (ISOLATION_LEVEL > 1) * buffer = driver_mmio_region_base; * else * buffer = NULL; */ - status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MISCELLANEOUS, + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MISCELLANEOUS, MISCELLANEOUS_DUT, 0), (uint8_t **)&misc_desc, (uint32_t *)sizeof(miscellaneous_desc_t)); - if (val_err_check_set(TEST_CHECKPOINT_NUM(202), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } if (misc_desc->implemented_psa_firmware_isolation_level > LEVEL1) { - status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, MEMORY_DRIVER_PARTITION_MMIO, 0), (uint8_t **)&memory_desc, (uint32_t *)sizeof(memory_desc_t)); - if (val_err_check_set(TEST_CHECKPOINT_NUM(203), status)) + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } @@ -87,46 +104,46 @@ int32_t server_test_psa_write_with_invalid_buffer_addr(void) } /* Accept the connection */ - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); /* Server psa_call */ - status = val_process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(204), status)) + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) { - psa_reply(msg.handle, -2); + psa->reply(msg.handle, -2); } else { /* Setting boot.state before test check */ - status = val_set_boot_flag(BOOT_EXPECTED_NS); - if(val_err_check_set(TEST_CHECKPOINT_NUM(205), status)) + status = val->set_boot_flag(BOOT_EXPECTED_NS); + if (val->err_check_set(TEST_CHECKPOINT_NUM(205), status)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); - psa_reply(msg.handle, -3); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + psa->reply(msg.handle, -3); } else { - /* Test check- psa_write with invalid buffer addr */ - psa_write(msg.handle, 0, (void *)buffer, msg.in_size[0]); + /* Test check- psa_write with invalid buffer addr, call should panic */ + psa->write(msg.handle, 0, (void *)buffer, msg.out_size[0]); /* shouldn't have reached here */ - val_print(PRINT_ERROR, - "\tpsa_write with invalid buffer should failed but successed\n", 0); + val->print(PRINT_ERROR, + "\tpsa_write with invalid buffer should failed but succeed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); } status = VAL_STATUS_SPM_FAILED; - psa_reply(msg.handle, -4); + psa->reply(msg.handle, -4); } } - val_err_check_set(TEST_CHECKPOINT_NUM(206), status); - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + val->err_check_set(TEST_CHECKPOINT_NUM(206), status); + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i058/test_i058.c b/api-tests/ff/ipc/test_i058/test_i058.c index 49e2a92a..6639cd07 100644 --- a/api-tests/ff/ipc/test_i058/test_i058.c +++ b/api-tests/ff/ipc/test_i058/test_i058.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i058.h" @@ -40,7 +40,7 @@ int32_t client_test_psa_doorbell_signal(security_t caller) #endif val->print(PRINT_TEST, - "[Check1] Test PSA_DOORBELL signal\n", 0); + "[Check 1] Test PSA_DOORBELL signal\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); if (handle < 0) @@ -60,7 +60,8 @@ int32_t client_test_psa_doorbell_signal(security_t caller) val->print(PRINT_ERROR, "\tpsa_wait didn't receive doorbell signal\n", 0); } - /* Wait for doorball notification again to check - + /* + * Wait for doorball notification again to check - * Doorbell should remain asserted until psa_clear is called. */ signals = psa_wait(PSA_DOORBELL, PSA_BLOCK); diff --git a/api-tests/ff/ipc/test_i058/test_supp_i058.c b/api-tests/ff/ipc/test_i058/test_supp_i058.c index e3ed3b9e..9a01ef73 100644 --- a/api-tests/ff/ipc/test_i058/test_supp_i058.c +++ b/api-tests/ff/ipc/test_i058/test_supp_i058.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_doorbell_signal(void); @@ -32,32 +37,32 @@ int32_t server_test_psa_doorbell_signal(void) psa_msg_t msg = {0}; /* Serve psa_connect */ - status = val_process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); - if (val_err_check_set(TEST_CHECKPOINT_NUM(201), status)) + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return status; } /* Accept the connection */ - psa_reply(msg.handle, PSA_SUCCESS); + psa->reply(msg.handle, PSA_SUCCESS); if (msg.client_id > 0) { /* Doorbell signal to client partititon */ - psa_notify(msg.client_id); + psa->notify(msg.client_id); } else { status = VAL_STATUS_SPM_FAILED; - val_print(PRINT_ERROR, "Caller is from non-secure\n", 0); + val->print(PRINT_ERROR, "Caller is from non-secure\n", 0); } /* Serve psa_close */ - status = ((val_process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) + status = ((val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg)) ? VAL_STATUS_ERROR : status); - val_err_check_set(TEST_CHECKPOINT_NUM(202), status); - psa_reply(msg.handle, PSA_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(202), status); + psa->reply(msg.handle, PSA_SUCCESS); return status; } diff --git a/api-tests/ff/ipc/test_i059/test_i059.c b/api-tests/ff/ipc/test_i059/test_i059.c index 6ebebf9a..0f4c3b78 100644 --- a/api-tests/ff/ipc/test_i059/test_i059.c +++ b/api-tests/ff/ipc/test_i059/test_i059.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i059.h" diff --git a/api-tests/ff/ipc/test_i059/test_supp_i059.c b/api-tests/ff/ipc/test_i059/test_supp_i059.c index 94d629d0..ed08784c 100644 --- a/api-tests/ff/ipc/test_i059/test_supp_i059.c +++ b/api-tests/ff/ipc/test_i059/test_supp_i059.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define NEG_PART_ID -10 @@ -31,37 +36,47 @@ server_test_t test_i059_server_tests_list[] = { int32_t server_test_psa_notify_with_neg_part_id(void) { - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + val->print(PRINT_TEST, "[Check 1] Test psa_notify with neg partition id\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - val_print(PRINT_TEST, "[Check1] Test psa_notify with neg partition id\n", 0); - /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return VAL_STATUS_ERROR; } - /* psa_notify_with_neg_part_id */ - psa_notify(NEG_PART_ID); + /* psa_notify_with_neg_part_id, call should panic */ + psa->notify(NEG_PART_ID); /* shouldn't have reached here */ - val_print(PRINT_ERROR, "\tpsa_notify(-ve_part_ip) check failed\n", 0); + val->print(PRINT_ERROR, "\tpsa->notify(-ve_part_ip) check failed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i060/test_i060.c b/api-tests/ff/ipc/test_i060/test_i060.c index 3c69b4cb..d2f17a41 100644 --- a/api-tests/ff/ipc/test_i060/test_i060.c +++ b/api-tests/ff/ipc/test_i060/test_i060.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i060.h" diff --git a/api-tests/ff/ipc/test_i060/test_supp_i060.c b/api-tests/ff/ipc/test_i060/test_supp_i060.c index 9ce7886c..05b3b7fb 100644 --- a/api-tests/ff/ipc/test_i060/test_supp_i060.c +++ b/api-tests/ff/ipc/test_i060/test_supp_i060.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; #define INVALID_POSITIVE_PART_ID 200 @@ -31,37 +36,47 @@ server_test_t test_i060_server_tests_list[] = { int32_t server_test_psa_notify_with_invalid_pos_part_id(void) { - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + val->print(PRINT_TEST, "[Check 1] Test psa_notify with invalid positive part-id\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - val_print(PRINT_TEST, "[Check1] Test psa_notify with invalid positive part-id\n", 0); - /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return VAL_STATUS_ERROR; } - /* psa_notify_with_invalid_pos_part_id */ - psa_notify(INVALID_POSITIVE_PART_ID); + /* psa_notify_with_invalid_pos_part_id, call should panic */ + psa->notify(INVALID_POSITIVE_PART_ID); /* shouldn't have reached here */ - val_print(PRINT_ERROR, "\tpsa_notify(invalid_+ve__part_ip) check failed\n", 0); + val->print(PRINT_ERROR, "\tpsa->notify(invalid_+ve__part_ip) check failed\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i061/test_i061.c b/api-tests/ff/ipc/test_i061/test_i061.c index 1f9cd4e1..4be21a69 100644 --- a/api-tests/ff/ipc/test_i061/test_i061.c +++ b/api-tests/ff/ipc/test_i061/test_i061.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i061.h" diff --git a/api-tests/ff/ipc/test_i061/test_supp_i061.c b/api-tests/ff/ipc/test_i061/test_supp_i061.c index 720903f1..15421142 100644 --- a/api-tests/ff/ipc/test_i061/test_supp_i061.c +++ b/api-tests/ff/ipc/test_i061/test_supp_i061.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_clear_at_unasserted_doorbell_sig(void); @@ -29,37 +34,47 @@ server_test_t test_i061_server_tests_list[] = { int32_t server_test_psa_clear_at_unasserted_doorbell_sig(void) { - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + val->print(PRINT_TEST, "[Check 1] Test psa_clear at unasserted doorbell sig\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - val_print(PRINT_TEST, "[Check1] Test psa_clear at unasserted doorbell sig\n", 0); - /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return VAL_STATUS_ERROR; } - /* psa_clear when unasserted doorbell sig */ - psa_clear(); + /* psa_clear when unasserted doorbell sig, call should panic */ + psa->clear(); /* shouldn't have reached here */ - val_print(PRINT_ERROR, "\tpsa_clear() check failed for unasserted doorbel signal\n", 0); + val->print(PRINT_ERROR, "\tpsa->clear() check failed for unasserted doorbel signal\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i062/test_i062.c b/api-tests/ff/ipc/test_i062/test_i062.c index fb28fe17..f9ff4cb4 100644 --- a/api-tests/ff/ipc/test_i062/test_i062.c +++ b/api-tests/ff/ipc/test_i062/test_i062.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i062.h" diff --git a/api-tests/ff/ipc/test_i062/test_supp_i062.c b/api-tests/ff/ipc/test_i062/test_supp_i062.c index 8029c0a9..30e2d5d0 100644 --- a/api-tests/ff/ipc/test_i062/test_supp_i062.c +++ b/api-tests/ff/ipc/test_i062/test_supp_i062.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; /* signal bit-31 should be unassigned to server partition */ #define INVALID_SIGNAL_MASK 0x80000000 @@ -32,37 +37,47 @@ server_test_t test_i062_server_tests_list[] = { int32_t server_test_psa_wait_with_unassigned_signal(void) { - /* Test is targeting fatal error condition and it will expect an error recovery(reboot) - * to happen. To decide, a reboot happened was intended as per test scenario or it happended - * due to other reasons, test is setting a boot signature into non-volatile memory before and - * after targeted test check. After a reboot, these boot signatures are being read by the - * VAL APIs to decide test status. + val->print(PRINT_TEST, "[Check 1] Test psa_wait with unassigned signal\n", 0); + + /* + * This test checks for the PROGRAMMER ERROR condition for the PSA API. API's respond to + * PROGRAMMER ERROR could be either to return appropriate status code or panic the caller. + * When a Secure Partition panics, the SPE cannot continue normal execution, as defined + * in this specification. The behavior of the SPM following a Secure Partition panic is + * IMPLEMENTATION DEFINED- Arm recommends that the SPM causes the system to restart in + * this situation. Refer PSA-FF for more information on panic. + * For the cases where, SPM cannot capable to reboot the system (just hangs or power down), + * a watchdog timer set by val_test_init can reboot the system on timeout event. This will + * tests continuity and able to jump to next tests. Therefore, each test who checks for + * PROGRAMMER ERROR condition, expects system to get reset either by SPM or watchdog set by + * the test harness function. * - * Note: If SPM is not capable of rebooting (just hangs or power down) in fatal error condition, - * a watchdog timer enabled by val_test_init can reboot the system on timeout event. * If programmed timeout value isn't sufficient for your system, it can be reconfigured using * timeout entries available in target.cfg. + * + * To decide, a reboot happened as intended by test scenario or it happended + * due to other reasons, test is setting a boot signature into non-volatile memory before and + * after targeted test check. After a reboot, these boot signatures are being read by the + * VAL APIs to decide test status. */ - val_print(PRINT_TEST, "[Check1] Test psa_wait with unassigned signal\n", 0); - /* Setting boot.state before test check */ - if (val_set_boot_flag(BOOT_EXPECTED_NS)) + if (val->set_boot_flag(BOOT_EXPECTED_NS)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); return VAL_STATUS_ERROR; } - /* psa_wait with signal mask that doesn't include any assigned signal*/ - psa_wait(INVALID_SIGNAL_MASK, PSA_POLL); + /* psa_wait with signal mask that doesn't include any assigned signal, call should panic */ + psa->wait(INVALID_SIGNAL_MASK, PSA_POLL); /* shouldn't have reached here */ - val_print(PRINT_ERROR, "\tpsa_wait() check failed for unassigned signal\n", 0); + val->print(PRINT_ERROR, "\tpsa_wait() check failed for unassigned signal\n", 0); /* Resetting boot.state to catch unwanted reboot */ - if (val_set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) { - val_print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); return VAL_STATUS_ERROR; } diff --git a/api-tests/ff/ipc/test_i063/test_i063.c b/api-tests/ff/ipc/test_i063/test_i063.c index be8d79e6..8853f3d0 100644 --- a/api-tests/ff/ipc/test_i063/test_i063.c +++ b/api-tests/ff/ipc/test_i063/test_i063.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i063.h" @@ -35,11 +35,11 @@ int32_t client_test_psa_wait_signal_mask(security_t caller) { psa_handle_t handle = 0; - val->print(PRINT_TEST, "[Check1] Test psa_wait signal mask\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_wait signal mask\n", 0); handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); - if (handle != PSA_CONNECTION_REFUSED) + if (handle != PSA_ERROR_CONNECTION_REFUSED) { val->print(PRINT_ERROR, "psa_connect failed -1\n", 0); return VAL_STATUS_INVALID_HANDLE; @@ -47,7 +47,7 @@ int32_t client_test_psa_wait_signal_mask(security_t caller) handle = psa->connect(SERVER_RELAX_MINOR_VERSION_SID, 1); - if (handle != PSA_CONNECTION_REFUSED) + if (handle != PSA_ERROR_CONNECTION_REFUSED) { val->print(PRINT_ERROR, "psa_connect failed -2\n", 0); return VAL_STATUS_INVALID_HANDLE; diff --git a/api-tests/ff/ipc/test_i063/test_supp_i063.c b/api-tests/ff/ipc/test_i063/test_supp_i063.c index 99990e20..d7555e97 100644 --- a/api-tests/ff/ipc/test_i063/test_supp_i063.c +++ b/api-tests/ff/ipc/test_i063/test_supp_i063.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_wait_signal_mask(void); @@ -34,68 +39,70 @@ int32_t server_test_psa_wait_signal_mask(void) psa_signal_t signal_mask = (SERVER_UNSPECIFED_MINOR_V_SIG | SERVER_RELAX_MINOR_VERSION_SIG); /* Debug print */ - val_err_check_set(TEST_CHECKPOINT_NUM(211), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(211), VAL_STATUS_SUCCESS); - /* Notify client partition to make SERVER_SECURE_CONNECT_ONLY_SID connection request. - * This connection request act as irritator to psa_wait(signal_mask) call and it is used + /* + * Notify client partition to make SERVER_SECURE_CONNECT_ONLY_SID connection request. + * This connection request act as irritator to psa->wait(signal_mask) call and it is used * to cover the rule - Signals that are not in signal_mask should be ignored by psa_wait. * This means, during the following while loop, returned signal vaule should not be * SERVER_SECURE_CONNECT_ONLY_SIG as this signal is not part of signal_mask. */ - psa_notify(CLIENT_PARTITION); + psa->notify(CLIENT_PARTITION); while (loop_cnt != 0) { - signals = psa_wait(signal_mask, PSA_BLOCK); + signals = psa->wait(signal_mask, PSA_BLOCK); - /* Rule - Returned signals value must be subset signals indicated in the signal_mask. - * + /* + * Rule - Returned signals value must be subset signals indicated in the signal_mask. * This mean signal value should be either SERVER_UNSPECIFED_MINOR_V_SIG * or SERVER_RELAX_MINOR_VERSION_SIG. */ if (((signals & signal_mask) == 0) && ((signals | signal_mask) != signal_mask)) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait-1 returned with invalid signal value = 0x%x\n", signals); return VAL_STATUS_ERROR; } else if (signals & SERVER_UNSPECIFED_MINOR_V_SIG) { - if (psa_get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_UNSPECIFED_MINOR_V_SIG, &msg) != PSA_SUCCESS) continue; loop_cnt--; - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } else if (signals & SERVER_RELAX_MINOR_VERSION_SIG) { - if (psa_get(SERVER_RELAX_MINOR_VERSION_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_RELAX_MINOR_VERSION_SIG, &msg) != PSA_SUCCESS) continue; loop_cnt--; - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } } /* Debug print */ - val_err_check_set(TEST_CHECKPOINT_NUM(212), VAL_STATUS_SUCCESS); + val->err_check_set(TEST_CHECKPOINT_NUM(212), VAL_STATUS_SUCCESS); wait: - /* At the end, completes the starved connection + /* + * At the end, completes the starved connection * request of SERVER_SECURE_CONNECT_ONLY_SID. */ - signals = psa_wait(SERVER_SECURE_CONNECT_ONLY_SIG, PSA_BLOCK); + signals = psa->wait(SERVER_SECURE_CONNECT_ONLY_SIG, PSA_BLOCK); if ((signals & SERVER_SECURE_CONNECT_ONLY_SIG) == 0) { - val_print(PRINT_ERROR, + val->print(PRINT_ERROR, "psa_wait-2 returned with invalid signal value = 0x%x\n", signals); return VAL_STATUS_ERROR; } - if (psa_get(SERVER_SECURE_CONNECT_ONLY_SIG, &msg) != PSA_SUCCESS) + if (psa->get(SERVER_SECURE_CONNECT_ONLY_SIG, &msg) != PSA_SUCCESS) goto wait; - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); return VAL_STATUS_SUCCESS; } diff --git a/api-tests/ff/ipc/test_i064/test_i064.c b/api-tests/ff/ipc/test_i064/test_i064.c index 46fe3c99..f037cfa3 100644 --- a/api-tests/ff/ipc/test_i064/test_i064.c +++ b/api-tests/ff/ipc/test_i064/test_i064.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i064.h" @@ -33,20 +33,20 @@ client_test_t test_i064_client_tests_list[] = { int32_t client_test_psa_eoi_with_non_intr_signal(security_t caller) { - psa_handle_t handle; - test_intr_fn_id_t test_intr_fn_id = TEST_PSA_EOI_WITH_NON_INTR_SIGNAL; + psa_handle_t handle; + driver_test_fn_id_t driver_test_fn_id = TEST_PSA_EOI_WITH_NON_INTR_SIGNAL; /* * The interrupt related test check is captured in driver_partition.c as this is the * only partition in test suite that holds the interrupt line. The interrupt test check - * is invoked by client by calling to TEST_INTR_SID RoT service of driver partition that + * is invoked by client by calling to DRIVER_TEST_SID RoT service of driver partition that * hold the test check. */ - val->print(PRINT_TEST, "[Check1] Test psa_eoi with non-interrupt signal\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_eoi with non-interrupt signal\n", 0); - /* Connect to TEST_INTR_SID */ - handle = psa->connect(TEST_INTR_SID, 1); + /* Connect to DRIVER_TEST_SID */ + handle = psa->connect(DRIVER_TEST_SID, 1); if (handle < 0) { val->print(PRINT_ERROR, "\t psa_connect failed. handle=0x%x\n", handle); @@ -54,11 +54,11 @@ int32_t client_test_psa_eoi_with_non_intr_signal(security_t caller) } /* Execute driver function related to TEST_PSA_EOI_WITH_NON_INTR_SIGNAL */ - psa_invec invec = {&test_intr_fn_id, sizeof(test_intr_fn_id)}; + psa_invec invec = {&driver_test_fn_id, sizeof(driver_test_fn_id)}; psa->call(handle, &invec, 1, NULL, 0); psa->close(handle); - /* The expectation is that driver partition hang and control never reaches here. */ + /* The expectation is that driver partition get panic and control never reaches here. */ return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i064/test_supp_i064.c b/api-tests/ff/ipc/test_i064/test_supp_i064.c index 5eb11439..5c486a74 100644 --- a/api-tests/ff/ipc/test_i064/test_supp_i064.c +++ b/api-tests/ff/ipc/test_i064/test_supp_i064.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_eoi_with_non_intr_signal(void); diff --git a/api-tests/ff/ipc/test_i065/test_i065.c b/api-tests/ff/ipc/test_i065/test_i065.c index 92cdeda2..15081fb2 100644 --- a/api-tests/ff/ipc/test_i065/test_i065.c +++ b/api-tests/ff/ipc/test_i065/test_i065.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i065.h" @@ -33,20 +33,20 @@ client_test_t test_i065_client_tests_list[] = { int32_t client_test_psa_eoi_with_unasserted_signal(security_t caller) { - psa_handle_t handle; - test_intr_fn_id_t test_intr_fn_id = TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL; + psa_handle_t handle; + driver_test_fn_id_t driver_test_fn_id = TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL; /* * The interrupt related test check is captured in driver_partition.c as this is the * only partition in test suite that holds the interrupt line. The interrupt test check - * is invoked by client by calling to TEST_INTR_SID RoT service of driver partition that + * is invoked by client by calling to DRIVER_TEST_SID RoT service of driver partition that * hold the test check. */ - val->print(PRINT_TEST, "[Check1] Test psa_eoi with multiple signal\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_eoi with multiple signal\n", 0); - /* Connect to TEST_INTR_SID */ - handle = psa->connect(TEST_INTR_SID, 1); + /* Connect to DRIVER_TEST_SID */ + handle = psa->connect(DRIVER_TEST_SID, 1); if (handle < 0) { val->print(PRINT_ERROR, "\t psa_connect failed. handle=0x%x\n", handle); @@ -54,11 +54,11 @@ int32_t client_test_psa_eoi_with_unasserted_signal(security_t caller) } /* Execute driver function related to TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL */ - psa_invec invec = {&test_intr_fn_id, sizeof(test_intr_fn_id)}; + psa_invec invec = {&driver_test_fn_id, sizeof(driver_test_fn_id)}; psa->call(handle, &invec, 1, NULL, 0); psa->close(handle); - /* The expectation is that driver partition hang and control never reaches here. */ + /* The expectation is that driver partition get panic and control never reaches here. */ return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i065/test_supp_i065.c b/api-tests/ff/ipc/test_i065/test_supp_i065.c index 1388840c..5c1d8e03 100644 --- a/api-tests/ff/ipc/test_i065/test_supp_i065.c +++ b/api-tests/ff/ipc/test_i065/test_supp_i065.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_eoi_with_non_intr_signal(void); diff --git a/api-tests/ff/ipc/test_i066/test_i066.c b/api-tests/ff/ipc/test_i066/test_i066.c index fb110d68..c452dc0d 100644 --- a/api-tests/ff/ipc/test_i066/test_i066.c +++ b/api-tests/ff/ipc/test_i066/test_i066.c @@ -20,7 +20,7 @@ #include "val_target.h" #else #include "val_client_defs.h" -#include "val_partition_common.h" +#include "val_service_defs.h" #endif #include "test_i066.h" @@ -33,20 +33,20 @@ client_test_t test_i066_client_tests_list[] = { int32_t client_test_psa_eoi_with_multiple_signals(security_t caller) { - psa_handle_t handle; - test_intr_fn_id_t test_intr_fn_id = TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS; + psa_handle_t handle; + driver_test_fn_id_t driver_test_fn_id = TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS; /* * The interrupt related test check is captured in driver_partition.c as this is the * only partition in test suite that holds the interrupt line. The interrupt test check - * is invoked by client by calling to TEST_INTR_SID RoT service of driver partition that + * is invoked by client by calling to DRIVER_TEST_SID RoT service of driver partition that * hold the test check. */ - val->print(PRINT_TEST, "[Check1] Test psa_eoi with multiple signals\n", 0); + val->print(PRINT_TEST, "[Check 1] Test psa_eoi with multiple signals\n", 0); - /* Connect to TEST_INTR_SID */ - handle = psa->connect(TEST_INTR_SID, 1); + /* Connect to DRIVER_TEST_SID */ + handle = psa->connect(DRIVER_TEST_SID, 1); if (handle < 0) { val->print(PRINT_ERROR, "\t psa_connect failed. handle=0x%x\n", handle); @@ -54,11 +54,11 @@ int32_t client_test_psa_eoi_with_multiple_signals(security_t caller) } /* Execute driver function related to TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS */ - psa_invec invec = {&test_intr_fn_id, sizeof(test_intr_fn_id)}; + psa_invec invec = {&driver_test_fn_id, sizeof(driver_test_fn_id)}; psa->call(handle, &invec, 1, NULL, 0); psa->close(handle); - /* The expectation is that driver partition hang and control never reaches here. */ + /* The expectation is that driver partition get panic and control never reaches here. */ return VAL_STATUS_SPM_FAILED; } diff --git a/api-tests/ff/ipc/test_i066/test_supp_i066.c b/api-tests/ff/ipc/test_i066/test_supp_i066.c index 8748951e..9b64caa9 100644 --- a/api-tests/ff/ipc/test_i066/test_supp_i066.c +++ b/api-tests/ff/ipc/test_i066/test_supp_i066.c @@ -15,8 +15,13 @@ * limitations under the License. **/ -#include "val/common/val_client_defs.h" -#include "val/spe/val_partition_common.h" +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; int32_t server_test_psa_eoi_with_non_intr_signal(void); diff --git a/api-tests/ff/ipc/test_i067/source.mk b/api-tests/ff/ipc/test_i067/source.mk new file mode 100644 index 00000000..a3472640 --- /dev/null +++ b/api-tests/ff/ipc/test_i067/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i067.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i067.c test_supp_i067.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = \ No newline at end of file diff --git a/api-tests/ff/ipc/test_i067/test_entry.c b/api-tests/ff/ipc/test_i067/test_entry.c new file mode 100644 index 00000000..0d350ab7 --- /dev/null +++ b/api-tests/ff/ipc/test_i067/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i067.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 67) +#define TEST_DESC "Testing dynamic memory allocation\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val; +psa_api_t *psa; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i067/test_i067.c b/api-tests/ff/ipc/test_i067/test_i067.c new file mode 100644 index 00000000..6e6f27f8 --- /dev/null +++ b/api-tests/ff/ipc/test_i067/test_i067.c @@ -0,0 +1,65 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val/common/val_client_defs.h" +#include "val/spe/val_partition_common.h" +#endif + +#include "test_i067.h" + +#if (SP_HEAP_MEM_SUPP == 1) +void *malloc(size_t size); +void free(void *ptr); +#endif + +client_test_t test_i067_client_tests_list[] = { + NULL, + client_test_dynamic_mem_alloc_fn, + NULL, +}; + +int32_t client_test_dynamic_mem_alloc_fn(security_t caller) +{ + /* Check heap memory support available to secure partition */ +#if (SP_HEAP_MEM_SUPP == 1) + uint8_t *buffer; + + val->print(PRINT_TEST, "[Check 1] Test dynamic memory allocation\n", 0); + + /* If heap_size field is not specified in the manifest then the SPM can assume the size is 0 */ + buffer = (uint8_t *)malloc(sizeof(uint8_t) * 8); + if (buffer != NULL) + { + val->print(PRINT_ERROR, "\tmalloc failed for unspecified heap size\n", 0); + return VAL_STATUS_SPM_FAILED; + } + +#else + + val->print(PRINT_TEST, "[Check 1] Test dynamic memory allocation\n", 0); + + /* Skip the test */ + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); + +#endif + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i067/test_i067.h b/api-tests/ff/ipc/test_i067/test_i067.h new file mode 100644 index 00000000..f84da6e4 --- /dev/null +++ b/api-tests/ff/ipc/test_i067/test_i067.h @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I067_CLIENT_TESTS_H_ +#define _TEST_I067_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i067) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i067_client_tests_list[]; + +int32_t client_test_dynamic_mem_alloc_fn(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i067/test_supp_i067.c b/api-tests/ff/ipc/test_i067/test_supp_i067.c new file mode 100644 index 00000000..b6d0779b --- /dev/null +++ b/api-tests/ff/ipc/test_i067/test_supp_i067.c @@ -0,0 +1,127 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +#define SERVER_HEAP_SIZE 0x100 /* The size is same as heap_size field in manifest */ + +#if (SP_HEAP_MEM_SUPP == 1) +void *malloc(size_t size); +void free(void *ptr); +void *realloc(void *ptr, size_t size); +#endif + +int32_t server_test_dynamic_mem_alloc_fn(void); + +server_test_t test_i067_server_tests_list[] = { + NULL, + server_test_dynamic_mem_alloc_fn, + NULL, +}; + +int32_t server_test_dynamic_mem_alloc_fn(void) +{ + /* Perform checks only if heap memory support available to secure partition */ +#if (SP_HEAP_MEM_SUPP == 1) + uint8_t *buffer, *buffer1; + uint8_t cmpbuff[SERVER_HEAP_SIZE] = {0}; + + memset((uint8_t *)cmpbuff, 0, SERVER_HEAP_SIZE); + + /* Allocate whole heap memory size */ + buffer = (uint8_t *)malloc(sizeof(uint8_t) * SERVER_HEAP_SIZE); + if (buffer == NULL) + { + val->print(PRINT_ERROR, "\tmalloc failed for full memory allocation\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Check for zero init by malloc() */ + if (memcmp(buffer, cmpbuff, SERVER_HEAP_SIZE)) + { + val->print(PRINT_ERROR, "\tUnequal data in compared buffers-1\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Check for heap memory over run */ + buffer1 = (uint8_t *)malloc(sizeof(uint8_t) * 8); + if (buffer1 != NULL) + { + val->print(PRINT_ERROR, "\tmalloc failed for over mem alloc\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Set buffer to non-zero value */ + memset((uint8_t *)buffer, 1, SERVER_HEAP_SIZE); + + /* Free up the memory */ + free(buffer); + + /* Check for memory scrub by free() */ + if (*buffer == 1) + { + val->print(PRINT_ERROR, "\tUnequal data in compared buffers-2\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Allocate 32 byte memory to test relloac */ + buffer = (uint8_t *)malloc(sizeof(uint8_t) * 32); + if (buffer == NULL) + { + val->print(PRINT_ERROR, "\tmalloc failed\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Set buffer to non-zero value */ + memset((uint8_t *)buffer, 1, 32); + memset((uint8_t *)cmpbuff, 1, 32); + + /* Re-allocate the buffer, Size = 64 byte */ + buffer1 = (uint8_t *)realloc(buffer, (sizeof(uint8_t) * 64)); + + /* Check older object is deallocated */ + if (memcmp(buffer, (cmpbuff + 64), 32)) + { + val->print(PRINT_ERROR, "\tUnequal data in compared buffers-3\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Check new object has previous data of older object */ + if (memcmp(buffer1, cmpbuff, 32)) + { + val->print(PRINT_ERROR, "\tUnequal data in compared buffers-4\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Check new allocated size is zero init */ + if (memcmp((buffer1 + 32), (cmpbuff + 32), 32)) + { + val->print(PRINT_ERROR, "\tUnequal data in compared buffers-5\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + free(buffer1); + +#endif + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i068/source.mk b/api-tests/ff/ipc/test_i068/source.mk new file mode 100644 index 00000000..d6cb0d7b --- /dev/null +++ b/api-tests/ff/ipc/test_i068/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i068.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i068.c test_supp_i068.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = \ No newline at end of file diff --git a/api-tests/ff/ipc/test_i068/test_entry.c b/api-tests/ff/ipc/test_i068/test_entry.c new file mode 100644 index 00000000..c328f8e2 --- /dev/null +++ b/api-tests/ff/ipc/test_i068/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i068.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 68) +#define TEST_DESC "Testing Instr execution from writable memory\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val; +psa_api_t *psa; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i068/test_i068.c b/api-tests/ff/ipc/test_i068/test_i068.c new file mode 100644 index 00000000..0ab92dc0 --- /dev/null +++ b/api-tests/ff/ipc/test_i068/test_i068.c @@ -0,0 +1,94 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val/common/val_client_defs.h" +#include "val/spe/val_partition_common.h" +#endif + +#include "test_i068.h" + +#define NO_OF_BYTES 16 +typedef void (*fptr_t)(void); +void test_i068_dummy_func(void); +fptr_t fptr; + +char opcode[NO_OF_BYTES] = {0}; // Data memory + +client_test_t test_i068_client_tests_list[] = { + NULL, + client_test_instr_exec_from_writable_mem, + NULL, +}; + +static void copy_mem(void *addr, void *data, size_t l) +{ + int i; + char *src = (char *)data; + char *dest = (char *)addr; + + for (i = 0; i < l; i++) + { + dest[i] = src[i]; + } +} + +/* Empty function to create opcode data set */ +void test_i068_dummy_func(void) +{ +} + +int32_t client_test_instr_exec_from_writable_mem(security_t caller) +{ + val->print(PRINT_TEST, "[Check 1] Test Instr execution from writable memory\n", 0); + + /* + * Copy test_i068_dummy_func function code into data memory + * Assuming function size to be 32 bytes max + */ + copy_mem(&opcode, &test_i068_dummy_func, NO_OF_BYTES); + + /* Point function pointer to data memory */ + fptr = (fptr_t) opcode; + val->print(PRINT_DEBUG, "\t&opcode = 0x%x\n", (uint32_t) &opcode); + val->print(PRINT_DEBUG, "\tfptr = 0x%x\n",(uint32_t) fptr); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_S)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Check - Execute opcode from data memory. This should generate internal fault */ + fptr(); + + val->print(PRINT_ERROR, "\tControl shouldn't have reached here\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + return VAL_STATUS_ERROR; +} + + diff --git a/api-tests/ff/ipc/test_i068/test_i068.h b/api-tests/ff/ipc/test_i068/test_i068.h new file mode 100644 index 00000000..4426f389 --- /dev/null +++ b/api-tests/ff/ipc/test_i068/test_i068.h @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I068_CLIENT_TESTS_H_ +#define _TEST_I068_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i068) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i068_client_tests_list[]; + +int32_t client_test_instr_exec_from_writable_mem(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i068/test_supp_i068.c b/api-tests/ff/ipc/test_i068/test_supp_i068.c new file mode 100644 index 00000000..6fa87d37 --- /dev/null +++ b/api-tests/ff/ipc/test_i068/test_supp_i068.c @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_instr_exec_from_writable_mem(void); + +server_test_t test_i068_server_tests_list[] = { + NULL, + server_test_instr_exec_from_writable_mem, + NULL, +}; + +int32_t server_test_instr_exec_from_writable_mem(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i069/source.mk b/api-tests/ff/ipc/test_i069/source.mk new file mode 100644 index 00000000..1a745a51 --- /dev/null +++ b/api-tests/ff/ipc/test_i069/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i069.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i069.c test_supp_i069.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = \ No newline at end of file diff --git a/api-tests/ff/ipc/test_i069/test_entry.c b/api-tests/ff/ipc/test_i069/test_entry.c new file mode 100644 index 00000000..e1411a41 --- /dev/null +++ b/api-tests/ff/ipc/test_i069/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i069.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 69) +#define TEST_DESC "Testing write to code space\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val; +psa_api_t *psa; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i069/test_i069.c b/api-tests/ff/ipc/test_i069/test_i069.c new file mode 100644 index 00000000..53afce3a --- /dev/null +++ b/api-tests/ff/ipc/test_i069/test_i069.c @@ -0,0 +1,68 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val/common/val_client_defs.h" +#include "val/spe/val_partition_common.h" +#endif + +#include "test_i069.h" + +client_test_t test_i069_client_tests_list[] = { + NULL, + client_test_write_to_code_space, + NULL, +}; + +int32_t client_test_write_to_code_space(security_t caller) +{ + int32_t *p; + + val->print(PRINT_TEST, "[Check 1] Test write to code space\n", 0); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_S)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + p = (int32_t *)&client_test_write_to_code_space; + + /* Check - Write to code memory. This should generate internal fault */ + *p = 0x0; + + if (*p == (int32_t)client_test_write_to_code_space) + { + /* This means, write ignored */ + return VAL_STATUS_SUCCESS; + } + val->print(PRINT_ERROR, "\tWrite to code memory check failed\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + return VAL_STATUS_ERROR; +} + + diff --git a/api-tests/ff/ipc/test_i069/test_i069.h b/api-tests/ff/ipc/test_i069/test_i069.h new file mode 100644 index 00000000..fbb3e50d --- /dev/null +++ b/api-tests/ff/ipc/test_i069/test_i069.h @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I069_CLIENT_TESTS_H_ +#define _TEST_I069_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i069) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i069_client_tests_list[]; + +int32_t client_test_write_to_code_space(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i069/test_supp_i069.c b/api-tests/ff/ipc/test_i069/test_supp_i069.c new file mode 100644 index 00000000..29a3ca1e --- /dev/null +++ b/api-tests/ff/ipc/test_i069/test_supp_i069.c @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_write_to_code_space(void); + +server_test_t test_i069_server_tests_list[] = { + NULL, + server_test_write_to_code_space, + NULL, +}; + +int32_t server_test_write_to_code_space(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i070/source.mk b/api-tests/ff/ipc/test_i070/source.mk new file mode 100644 index 00000000..f399229b --- /dev/null +++ b/api-tests/ff/ipc/test_i070/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i070.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i070.c test_supp_i070.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = \ No newline at end of file diff --git a/api-tests/ff/ipc/test_i070/test_entry.c b/api-tests/ff/ipc/test_i070/test_entry.c new file mode 100644 index 00000000..7ea558cf --- /dev/null +++ b/api-tests/ff/ipc/test_i070/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i070.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 70) +#define TEST_DESC "Testing write to const data\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val; +psa_api_t *psa; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i070/test_i070.c b/api-tests/ff/ipc/test_i070/test_i070.c new file mode 100644 index 00000000..45c5dc97 --- /dev/null +++ b/api-tests/ff/ipc/test_i070/test_i070.c @@ -0,0 +1,75 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val/common/val_client_defs.h" +#include "val/spe/val_partition_common.h" +#endif + +#include "test_i070.h" + +client_test_t test_i070_client_tests_list[] = { + NULL, + client_test_write_to_const_data, + NULL, +}; + +int32_t client_test_write_to_const_data(security_t caller) +{ + const char *string = "This text should be in RO space"; + char *p; + + val->print(PRINT_TEST, "[Check 1] Test write to const data\n", 0); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_S)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + p = (char *) string; + val->print(PRINT_DEBUG, "\tstring[0] = 0x%x\n", (uint32_t) string); + val->print(PRINT_DEBUG, "\tp[0] = 0x%x\n", (uint32_t) p); + + /* + * Check - Write to const data string[0]. + * This should generate internal fault or write ignored + */ + p[0] = 'a'; + + if (p[0] == 'T') + { + /* This means, write ignored */ + return VAL_STATUS_SUCCESS; + } + + val->print(PRINT_ERROR, "\tWrite to constant data check failed\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + } + + return VAL_STATUS_ERROR; +} + + diff --git a/api-tests/ff/ipc/test_i070/test_i070.h b/api-tests/ff/ipc/test_i070/test_i070.h new file mode 100644 index 00000000..4189b898 --- /dev/null +++ b/api-tests/ff/ipc/test_i070/test_i070.h @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I070_CLIENT_TESTS_H_ +#define _TEST_I070_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i070) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i070_client_tests_list[]; + +int32_t client_test_write_to_const_data(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i070/test_supp_i070.c b/api-tests/ff/ipc/test_i070/test_supp_i070.c new file mode 100644 index 00000000..51090fad --- /dev/null +++ b/api-tests/ff/ipc/test_i070/test_supp_i070.c @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_write_to_const_data(void); + +server_test_t test_i070_server_tests_list[] = { + NULL, + server_test_write_to_const_data, + NULL, +}; + +int32_t server_test_write_to_const_data(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i071/source.mk b/api-tests/ff/ipc/test_i071/source.mk new file mode 100644 index 00000000..c6eade09 --- /dev/null +++ b/api-tests/ff/ipc/test_i071/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i071.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i071.c test_supp_i071.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i071/test_entry.c b/api-tests/ff/ipc/test_i071/test_entry.c new file mode 100644 index 00000000..26050b2a --- /dev/null +++ b/api-tests/ff/ipc/test_i071/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i071.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 71) +#define TEST_DESC "Testing memory manipulation functions\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val; +psa_api_t *psa; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i071/test_i071.c b/api-tests/ff/ipc/test_i071/test_i071.c new file mode 100644 index 00000000..1c56a022 --- /dev/null +++ b/api-tests/ff/ipc/test_i071/test_i071.c @@ -0,0 +1,120 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val/common/val_client_defs.h" +#include "val/spe/val_partition_common.h" +#endif + +#include "test_i071.h" + +#define BUFF_SIZE 32 + +client_test_t test_i071_client_tests_list[] = { + NULL, + client_test_mem_manipulation_fn, + NULL, +}; + +int32_t client_test_mem_manipulation_fn(security_t caller) +{ + uint8_t buffer[BUFF_SIZE] = {0}; + uint8_t buffer1[BUFF_SIZE] = {0}; + int i; + + val->print(PRINT_TEST, "[Check 1] Test memory manipulation functions\n", 0); + + /* Test memset()- Set all buffer elements with zero */ + memset((uint8_t *)buffer, 0, BUFF_SIZE); + for (i = 0; i < BUFF_SIZE; i++) + { + if (buffer[i] != 0) + { + val->print(PRINT_ERROR, + "\tmemset() failed, found buffer with non-zero value = %x\n", buffer[i]); + return VAL_STATUS_ERROR; + } + } + + /* Test memset()- Set all buffer elements with 0x3 */ + memset((uint8_t *)buffer, 0x3, BUFF_SIZE); + for (i = 0; i < BUFF_SIZE; i++) + { + if (buffer[i] != 0x3) + { + val->print(PRINT_ERROR, + "\tmemset() failed, found buffer with wrong value = %x\n", buffer[i]); + return VAL_STATUS_ERROR; + } + } + + /* Test memcpy(), copy buffer to buffer1 */ + memcpy((uint8_t *)buffer1, (uint8_t *)buffer, BUFF_SIZE); + for (i = 0; i < BUFF_SIZE; i++) + { + if (buffer1[i] != 0x3) + { + val->print(PRINT_ERROR, + "\tmemcpy() failed, found buffer with wrong value = %x\n", buffer1[i]); + return VAL_STATUS_ERROR; + } + } + + /* Test memcmp() with equal buffer */ + if (memcmp((uint8_t *)buffer1, (uint8_t *)buffer, BUFF_SIZE)) + { + val->print(PRINT_ERROR, + "\tmemcmp() failed for two equal buffer\n", 0); + return VAL_STATUS_ERROR; + } + + buffer1[0] = 0x4; + /* Test memcmp() with unequal buffer */ + if (!memcmp((uint8_t *)buffer1, (uint8_t *)buffer, BUFF_SIZE)) + { + val->print(PRINT_ERROR, + "\tmemcmp() failed for two unequal buffer\n", 0); + return VAL_STATUS_ERROR; + } + + /* buffer[0-4] = 1 and buffer[5-31] = 2 */ + memset((uint8_t *)buffer, 1, BUFF_SIZE); + memset((uint8_t *)buffer+5, 2, BUFF_SIZE-5); + + /* Test memmove(), expected result is buffer[0-9] = 1 and buffer[10-31] = 2 */ + memmove((uint8_t *)buffer+5, (uint8_t *)buffer, BUFF_SIZE-5); + for (i = 0; i < BUFF_SIZE; i++) + { + if ((buffer[i] != 0x1) && (i < 10)) + { + val->print(PRINT_ERROR, "\tmemmove() failed-1\n", 0); + return VAL_STATUS_ERROR; + } + else if ((buffer[i] != 0x2) && (i >10)) + { + val->print(PRINT_ERROR, "\tmemmove() failed-2\n", 0); + return VAL_STATUS_ERROR; + } + } + + return VAL_STATUS_SUCCESS; +} + + diff --git a/api-tests/ff/ipc/test_i071/test_i071.h b/api-tests/ff/ipc/test_i071/test_i071.h new file mode 100644 index 00000000..bf1bacf6 --- /dev/null +++ b/api-tests/ff/ipc/test_i071/test_i071.h @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I071_CLIENT_TESTS_H_ +#define _TEST_I071_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i071) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i071_client_tests_list[]; + +int32_t client_test_mem_manipulation_fn(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i071/test_supp_i071.c b/api-tests/ff/ipc/test_i071/test_supp_i071.c new file mode 100644 index 00000000..7ce17d89 --- /dev/null +++ b/api-tests/ff/ipc/test_i071/test_supp_i071.c @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_mem_manipulation_fn(void); + +server_test_t test_i071_server_tests_list[] = { + NULL, + server_test_mem_manipulation_fn, + NULL, +}; + +int32_t server_test_mem_manipulation_fn(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i072/source.mk b/api-tests/ff/ipc/test_i072/source.mk new file mode 100644 index 00000000..7d3e4953 --- /dev/null +++ b/api-tests/ff/ipc/test_i072/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i072.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i072.c test_supp_i072.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i072/test_entry.c b/api-tests/ff/ipc/test_i072/test_entry.c new file mode 100644 index 00000000..28e6ac4d --- /dev/null +++ b/api-tests/ff/ipc/test_i072/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i072.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 72) +#define TEST_DESC "Testing NSPE access to APP-RoT data\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i072_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i072/test_i072.c b/api-tests/ff/ipc/test_i072/test_i072.c new file mode 100644 index 00000000..aa586e70 --- /dev/null +++ b/api-tests/ff/ipc/test_i072/test_i072.c @@ -0,0 +1,125 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i072.h" + +client_test_t test_i072_client_tests_list[] = { + NULL, + client_test_nspe_read_app_rot_variable, + client_test_nspe_write_app_rot_variable, + NULL, +}; + +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_nspe_read_app_rot_variable(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading APP-RoT data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT global variable address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == 0x1234) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_app_rot_variable(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing APP-RoT data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT global variable address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)app_rot_addr = (uint32_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i072/test_i072.h b/api-tests/ff/ipc/test_i072/test_i072.h new file mode 100644 index 00000000..586f8e51 --- /dev/null +++ b/api-tests/ff/ipc/test_i072/test_i072.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I072_CLIENT_TESTS_H_ +#define _TEST_I072_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i072) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i072_client_tests_list[]; + +int32_t client_test_nspe_read_app_rot_variable(security_t); +int32_t client_test_nspe_write_app_rot_variable(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i072/test_supp_i072.c b/api-tests/ff/ipc/test_i072/test_supp_i072.c new file mode 100644 index 00000000..05cf9181 --- /dev/null +++ b/api-tests/ff/ipc/test_i072/test_supp_i072.c @@ -0,0 +1,113 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_app_rot_variable(void); +int32_t server_test_nspe_write_app_rot_variable(void); + +#define DATA_VALUE 0x5467 + +/* Application RoT data region */ +volatile uint32_t g_test_i072 = DATA_VALUE; + +server_test_t test_i072_server_tests_list[] = { + NULL, + server_test_nspe_read_app_rot_variable, + server_test_nspe_write_app_rot_variable, + NULL, +}; + +static int32_t send_secure_partition_address(void) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT data address - global variable */ + psa->write(msg.handle, 0, (void *)&g_test_i072, sizeof(g_test_i072)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_read_app_rot_variable(void) +{ + return send_secure_partition_address(); +} + +int32_t server_test_nspe_write_app_rot_variable(void) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = send_secure_partition_address(); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (g_test_i072 == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i073/source.mk b/api-tests/ff/ipc/test_i073/source.mk new file mode 100644 index 00000000..2cea6c5f --- /dev/null +++ b/api-tests/ff/ipc/test_i073/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i073.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i073.c test_supp_i073.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i073/test_entry.c b/api-tests/ff/ipc/test_i073/test_entry.c new file mode 100644 index 00000000..74b38179 --- /dev/null +++ b/api-tests/ff/ipc/test_i073/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i073.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 73) +#define TEST_DESC "Testing NSPE access to APP-RoT stack\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i073_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i073/test_i073.c b/api-tests/ff/ipc/test_i073/test_i073.c new file mode 100644 index 00000000..9172ec48 --- /dev/null +++ b/api-tests/ff/ipc/test_i073/test_i073.c @@ -0,0 +1,125 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i073.h" + +client_test_t test_i073_client_tests_list[] = { + NULL, + client_test_nspe_read_app_rot_stack, + client_test_nspe_write_app_rot_stack, + NULL, +}; + +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_nspe_read_app_rot_stack(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading APP-RoT stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT stack address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == 0x1234) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_app_rot_stack(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing APP-RoT stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT stack address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)app_rot_addr = (uint32_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i073/test_i073.h b/api-tests/ff/ipc/test_i073/test_i073.h new file mode 100644 index 00000000..1badc212 --- /dev/null +++ b/api-tests/ff/ipc/test_i073/test_i073.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I073_CLIENT_TESTS_H_ +#define _TEST_I073_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i073) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i073_client_tests_list[]; + +int32_t client_test_nspe_read_app_rot_stack(security_t); +int32_t client_test_nspe_write_app_rot_stack(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i073/test_supp_i073.c b/api-tests/ff/ipc/test_i073/test_supp_i073.c new file mode 100644 index 00000000..114b0a2a --- /dev/null +++ b/api-tests/ff/ipc/test_i073/test_supp_i073.c @@ -0,0 +1,120 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_app_rot_stack(void); +int32_t server_test_nspe_write_app_rot_stack(void); + +#define DATA_VALUE 0x5467 + +server_test_t test_i073_server_tests_list[] = { + NULL, + server_test_nspe_read_app_rot_stack, + server_test_nspe_write_app_rot_stack, + NULL, +}; + +static int32_t send_secure_partition_address(addr_t *stack) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT stack address */ + psa->write(msg.handle, 0, (void *)stack, sizeof(uint32_t)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_read_app_rot_stack(void) +{ + /* Application RoT stack - local variable */ + uint32_t l_test_i073 = DATA_VALUE; + int32_t status = VAL_STATUS_SUCCESS; + + status = send_secure_partition_address(&l_test_i073); + + /* Dummy print to avoid compiler optimisation on local variable */ + val->print(PRINT_INFO, "\tData value 0x%x\n", l_test_i073); + return status; +} + +int32_t server_test_nspe_write_app_rot_stack(void) +{ + /* Application RoT stack - local variable */ + uint32_t l_test_i073 = DATA_VALUE; + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = send_secure_partition_address(&l_test_i073); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (l_test_i073 == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i074/source.mk b/api-tests/ff/ipc/test_i074/source.mk new file mode 100644 index 00000000..e82e890e --- /dev/null +++ b/api-tests/ff/ipc/test_i074/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i074.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i074.c test_supp_i074.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i074/test_entry.c b/api-tests/ff/ipc/test_i074/test_entry.c new file mode 100644 index 00000000..5468cc8b --- /dev/null +++ b/api-tests/ff/ipc/test_i074/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i074.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 74) +#define TEST_DESC "Testing NSPE access to APP-RoT heap\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i074_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i074/test_i074.c b/api-tests/ff/ipc/test_i074/test_i074.c new file mode 100644 index 00000000..8c58ca99 --- /dev/null +++ b/api-tests/ff/ipc/test_i074/test_i074.c @@ -0,0 +1,145 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i074.h" + +#define DATA_VALUE_ORG 0x11 +#define DATA_VALUE 0x12 +#define BUFFER_SIZE 0x4 + +client_test_t test_i074_client_tests_list[] = { + NULL, + client_test_nspe_read_app_rot_heap, + client_test_nspe_write_app_rot_heap, + NULL, +}; + +#if (SP_HEAP_MEM_SUPP == 1) +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, BUFFER_SIZE}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_nspe_read_app_rot_heap(security_t caller) +{ + addr_t app_rot_addr; + uint8_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading APP-RoT heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT heap address. + * This should generate internal fault or ignore the read. + */ + data = *(uint8_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_app_rot_heap(security_t caller) +{ + addr_t app_rot_addr; + uint8_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing APP-RoT heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT heap address. + * This should generate internal fault or ignore the write. + */ + *(uint8_t *)app_rot_addr = (uint8_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} +#else +int32_t client_test_nspe_read_app_rot_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 1] Test NSPE reading APP-RoT heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} + +int32_t client_test_nspe_write_app_rot_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 2] Test NSPE writing APP-RoT heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} +#endif diff --git a/api-tests/ff/ipc/test_i074/test_i074.h b/api-tests/ff/ipc/test_i074/test_i074.h new file mode 100644 index 00000000..f6d1d8d5 --- /dev/null +++ b/api-tests/ff/ipc/test_i074/test_i074.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I074_CLIENT_TESTS_H_ +#define _TEST_I074_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i074) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i074_client_tests_list[]; + +int32_t client_test_nspe_read_app_rot_heap(security_t); +int32_t client_test_nspe_write_app_rot_heap(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i074/test_supp_i074.c b/api-tests/ff/ipc/test_i074/test_supp_i074.c new file mode 100644 index 00000000..cbc790e7 --- /dev/null +++ b/api-tests/ff/ipc/test_i074/test_supp_i074.c @@ -0,0 +1,146 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_app_rot_heap(void); +int32_t server_test_nspe_write_app_rot_heap(void); + +#if (SP_HEAP_MEM_SUPP == 1) +void *malloc(size_t size); +void free(void *ptr); +#endif + +#define DATA_VALUE_ORG 0x11 +#define BUFFER_SIZE 0x4 + +server_test_t test_i074_server_tests_list[] = { + NULL, + server_test_nspe_read_app_rot_heap, + server_test_nspe_write_app_rot_heap, + NULL, +}; + +#if (SP_HEAP_MEM_SUPP == 1) +static int32_t send_secure_partition_address(uint8_t *heap) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT heap address */ + psa->write(msg.handle, 0, (void *)heap, sizeof(BUFFER_SIZE)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_read_app_rot_heap(void) +{ + /* Application RoT heap buffer */ + uint8_t *buffer; + int32_t status = VAL_STATUS_SUCCESS; + + buffer = (uint8_t *)malloc(sizeof(uint8_t) * BUFFER_SIZE); + memset((uint8_t *)buffer, DATA_VALUE_ORG, BUFFER_SIZE); + + status = send_secure_partition_address(buffer); + free(buffer); + + return status; +} + +int32_t server_test_nspe_write_app_rot_heap(void) +{ + /* Application RoT heap buffer */ + uint8_t *buffer; + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + buffer = (uint8_t *)malloc(sizeof(uint8_t) * BUFFER_SIZE); + memset((uint8_t *)buffer, DATA_VALUE_ORG, BUFFER_SIZE); + + status = send_secure_partition_address(buffer); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (buffer[0] == DATA_VALUE_ORG) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + free(buffer); + return VAL_STATUS_SUCCESS; +} +#else + +int32_t server_test_nspe_read_app_rot_heap(void) +{ + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} + +int32_t server_test_nspe_write_app_rot_heap(void) +{ + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} +#endif diff --git a/api-tests/ff/ipc/test_i075/source.mk b/api-tests/ff/ipc/test_i075/source.mk new file mode 100644 index 00000000..db83c871 --- /dev/null +++ b/api-tests/ff/ipc/test_i075/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i075.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i075.c test_supp_i075.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i075/test_entry.c b/api-tests/ff/ipc/test_i075/test_entry.c new file mode 100644 index 00000000..1131a5ce --- /dev/null +++ b/api-tests/ff/ipc/test_i075/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i075.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 75) +#define TEST_DESC "Testing NSPE access to APP-RoT mmio\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i075_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i075/test_i075.c b/api-tests/ff/ipc/test_i075/test_i075.c new file mode 100644 index 00000000..62c7b6ab --- /dev/null +++ b/api-tests/ff/ipc/test_i075/test_i075.c @@ -0,0 +1,127 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i075.h" + +#define DATA_VALUE 0x1234 + +client_test_t test_i075_client_tests_list[] = { + NULL, + client_test_nspe_read_app_rot_mmio, + client_test_nspe_write_app_rot_mmio, + NULL, +}; + +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_nspe_read_app_rot_mmio(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading APP-RoT mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT mmio address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_app_rot_mmio(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing APP-RoT mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT mmio address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)app_rot_addr = (uint32_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i075/test_i075.h b/api-tests/ff/ipc/test_i075/test_i075.h new file mode 100644 index 00000000..5cae303d --- /dev/null +++ b/api-tests/ff/ipc/test_i075/test_i075.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I075_CLIENT_TESTS_H_ +#define _TEST_I075_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i075) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i075_client_tests_list[]; + +int32_t client_test_nspe_read_app_rot_mmio(security_t); +int32_t client_test_nspe_write_app_rot_mmio(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i075/test_supp_i075.c b/api-tests/ff/ipc/test_i075/test_supp_i075.c new file mode 100644 index 00000000..b98fffba --- /dev/null +++ b/api-tests/ff/ipc/test_i075/test_supp_i075.c @@ -0,0 +1,143 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_app_rot_mmio(void); +int32_t server_test_nspe_write_app_rot_mmio(void); + +#define DATA_VALUE 0x5467 + +server_test_t test_i075_server_tests_list[] = { + NULL, + server_test_nspe_read_app_rot_mmio, + server_test_nspe_write_app_rot_mmio, + NULL, +}; + +static int32_t get_mmio_addr(addr_t *addr) +{ + memory_desc_t *memory_desc; + int32_t status = VAL_STATUS_SUCCESS; + + /* Get APP-ROT MMIO address */ + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, + MEMORY_SERVER_PARTITION_MMIO, 0), + (uint8_t **)&memory_desc, + (uint32_t *)sizeof(memory_desc_t)); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + return status; + } + + *addr = memory_desc->start; + return VAL_STATUS_SUCCESS; +} + +static int32_t send_secure_partition_address(addr_t *stack) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT stack address */ + psa->write(msg.handle, 0, (void *)stack, sizeof(uint32_t)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_read_app_rot_mmio(void) +{ + int32_t status = VAL_STATUS_SUCCESS; + addr_t app_rot_addr; + + status = get_mmio_addr(&app_rot_addr); + if (VAL_ERROR(status)) + return status; + + return send_secure_partition_address(&app_rot_addr); +} + +int32_t server_test_nspe_write_app_rot_mmio(void) +{ + addr_t app_rot_addr; + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = get_mmio_addr(&app_rot_addr); + if (VAL_ERROR(status)) + return status; + + /* Initialise mmio address */ + *(uint32_t *)app_rot_addr = (uint32_t)DATA_VALUE; + status = send_secure_partition_address(&app_rot_addr); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (*(uint32_t *)app_rot_addr == (uint32_t)DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i076/source.mk b/api-tests/ff/ipc/test_i076/source.mk new file mode 100644 index 00000000..e98fc9db --- /dev/null +++ b/api-tests/ff/ipc/test_i076/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i076.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i076.c test_supp_i076.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i076/test_entry.c b/api-tests/ff/ipc/test_i076/test_entry.c new file mode 100644 index 00000000..f26e4f87 --- /dev/null +++ b/api-tests/ff/ipc/test_i076/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i076.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 76) +#define TEST_DESC "Testing NSPE access to PSA-RoT data\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i076_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i076/test_i076.c b/api-tests/ff/ipc/test_i076/test_i076.c new file mode 100644 index 00000000..3fc077ba --- /dev/null +++ b/api-tests/ff/ipc/test_i076/test_i076.c @@ -0,0 +1,144 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i076.h" + +#define DATA_VALUE1 0x1234 + +client_test_t test_i076_client_tests_list[] = { + NULL, + client_test_nspe_read_psa_rot_variable, + client_test_nspe_write_psa_rot_variable, + NULL, +}; + +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_* */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + +int32_t client_test_nspe_read_psa_rot_variable(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading PSA-RoT data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_DATA_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT global variable address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE1) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_psa_rot_variable(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing PSA-RoT data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_DATA_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT global variable address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)psa_rot_addr = (uint32_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i076/test_i076.h b/api-tests/ff/ipc/test_i076/test_i076.h new file mode 100644 index 00000000..1e5e11f5 --- /dev/null +++ b/api-tests/ff/ipc/test_i076/test_i076.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I076_CLIENT_TESTS_H_ +#define _TEST_I076_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i076) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i076_client_tests_list[]; + +int32_t client_test_nspe_read_psa_rot_variable(security_t); +int32_t client_test_nspe_write_psa_rot_variable(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i076/test_supp_i076.c b/api-tests/ff/ipc/test_i076/test_supp_i076.c new file mode 100644 index 00000000..c32ec2fb --- /dev/null +++ b/api-tests/ff/ipc/test_i076/test_supp_i076.c @@ -0,0 +1,44 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_psa_rot_variable(void); +int32_t server_test_nspe_write_psa_rot_variable(void); + +server_test_t test_i076_server_tests_list[] = { + NULL, + server_test_nspe_read_psa_rot_variable, + server_test_nspe_write_psa_rot_variable, + NULL, +}; + +int32_t server_test_nspe_read_psa_rot_variable(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_write_psa_rot_variable(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i077/source.mk b/api-tests/ff/ipc/test_i077/source.mk new file mode 100644 index 00000000..e1abcb0e --- /dev/null +++ b/api-tests/ff/ipc/test_i077/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i077.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i077.c test_supp_i077.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i077/test_entry.c b/api-tests/ff/ipc/test_i077/test_entry.c new file mode 100644 index 00000000..08fa84f7 --- /dev/null +++ b/api-tests/ff/ipc/test_i077/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i077.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 77) +#define TEST_DESC "Testing NSPE access to PSA-RoT stack\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i077_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i077/test_i077.c b/api-tests/ff/ipc/test_i077/test_i077.c new file mode 100644 index 00000000..5f4e4d74 --- /dev/null +++ b/api-tests/ff/ipc/test_i077/test_i077.c @@ -0,0 +1,145 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i077.h" + +#define DATA_VALUE1 0x1234 + +client_test_t test_i077_client_tests_list[] = { + NULL, + client_test_nspe_read_psa_rot_stack, + client_test_nspe_write_psa_rot_stack, + NULL, +}; + +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_DATA_RD */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + + +int32_t client_test_nspe_read_psa_rot_stack(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading PSA-RoT stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_STACK_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT stack address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE1) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_psa_rot_stack(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing PSA-RoT stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_STACK_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT stack address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)psa_rot_addr = (uint32_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i077/test_i077.h b/api-tests/ff/ipc/test_i077/test_i077.h new file mode 100644 index 00000000..57a36a86 --- /dev/null +++ b/api-tests/ff/ipc/test_i077/test_i077.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I077_CLIENT_TESTS_H_ +#define _TEST_I077_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i077) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i077_client_tests_list[]; + +int32_t client_test_nspe_read_psa_rot_stack(security_t); +int32_t client_test_nspe_write_psa_rot_stack(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i077/test_supp_i077.c b/api-tests/ff/ipc/test_i077/test_supp_i077.c new file mode 100644 index 00000000..03a42175 --- /dev/null +++ b/api-tests/ff/ipc/test_i077/test_supp_i077.c @@ -0,0 +1,44 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_psa_rot_stack(void); +int32_t server_test_nspe_write_psa_rot_stack(void); + +server_test_t test_i077_server_tests_list[] = { + NULL, + server_test_nspe_read_psa_rot_stack, + server_test_nspe_write_psa_rot_stack, + NULL, +}; + +int32_t server_test_nspe_read_psa_rot_stack(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_write_psa_rot_stack(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i078/source.mk b/api-tests/ff/ipc/test_i078/source.mk new file mode 100644 index 00000000..628a2821 --- /dev/null +++ b/api-tests/ff/ipc/test_i078/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i078.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i078.c test_supp_i078.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i078/test_entry.c b/api-tests/ff/ipc/test_i078/test_entry.c new file mode 100644 index 00000000..d0ae79a1 --- /dev/null +++ b/api-tests/ff/ipc/test_i078/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i078.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 78) +#define TEST_DESC "Testing NSPE access to PSA-RoT heap\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i078_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i078/test_i078.c b/api-tests/ff/ipc/test_i078/test_i078.c new file mode 100644 index 00000000..338b781a --- /dev/null +++ b/api-tests/ff/ipc/test_i078/test_i078.c @@ -0,0 +1,162 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i078.h" + +#define DATA_VALUE_ORG 0x11 +#define DATA_VALUE 0x12 +#define BUFFER_SIZE 0x4 + +client_test_t test_i078_client_tests_list[] = { + NULL, + client_test_nspe_read_psa_rot_heap, + client_test_nspe_write_psa_rot_heap, + NULL, +}; + +#if (SP_HEAP_MEM_SUPP == 1) +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_DATA_RD */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + +int32_t client_test_nspe_read_psa_rot_heap(security_t caller) +{ + addr_t psa_rot_addr; + uint8_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading PSA-RoT heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_HEAP_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT heap address. + * This should generate internal fault or ignore the read. + */ + data = *(uint8_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_psa_rot_heap(security_t caller) +{ + addr_t psa_rot_addr; + uint8_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing PSA-RoT heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_HEAP_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT heap address. + * This should generate internal fault or ignore the write. + */ + *(uint8_t *)psa_rot_addr = (uint8_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} +#else +int32_t client_test_nspe_read_psa_rot_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 1] Test NSPE reading PSA-RoT heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} + +int32_t client_test_nspe_write_psa_rot_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 2] Test NSPE writing PSA-RoT heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} +#endif diff --git a/api-tests/ff/ipc/test_i078/test_i078.h b/api-tests/ff/ipc/test_i078/test_i078.h new file mode 100644 index 00000000..207f8d35 --- /dev/null +++ b/api-tests/ff/ipc/test_i078/test_i078.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I078_CLIENT_TESTS_H_ +#define _TEST_I078_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i078) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i078_client_tests_list[]; + +int32_t client_test_nspe_read_psa_rot_heap(security_t); +int32_t client_test_nspe_write_psa_rot_heap(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i078/test_supp_i078.c b/api-tests/ff/ipc/test_i078/test_supp_i078.c new file mode 100644 index 00000000..0b5f67f2 --- /dev/null +++ b/api-tests/ff/ipc/test_i078/test_supp_i078.c @@ -0,0 +1,44 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_psa_rot_heap(void); +int32_t server_test_nspe_write_psa_rot_heap(void); + +server_test_t test_i078_server_tests_list[] = { + NULL, + server_test_nspe_read_psa_rot_heap, + server_test_nspe_write_psa_rot_heap, + NULL, +}; + +int32_t server_test_nspe_read_psa_rot_heap(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_write_psa_rot_heap(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i079/source.mk b/api-tests/ff/ipc/test_i079/source.mk new file mode 100644 index 00000000..09026a8a --- /dev/null +++ b/api-tests/ff/ipc/test_i079/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i079.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i079.c test_supp_i079.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i079/test_entry.c b/api-tests/ff/ipc/test_i079/test_entry.c new file mode 100644 index 00000000..131a15b6 --- /dev/null +++ b/api-tests/ff/ipc/test_i079/test_entry.c @@ -0,0 +1,51 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i079.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 79) +#define TEST_DESC "Testing NSPE access to PSA-RoT mmio\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/ + status = val->execute_non_secure_tests(TEST_NUM, test_i079_client_tests_list, TRUE); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i079/test_i079.c b/api-tests/ff/ipc/test_i079/test_i079.c new file mode 100644 index 00000000..11c66f8f --- /dev/null +++ b/api-tests/ff/ipc/test_i079/test_i079.c @@ -0,0 +1,144 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i079.h" + +#define DATA_VALUE 0x1234 + +client_test_t test_i079_client_tests_list[] = { + NULL, + client_test_nspe_read_psa_rot_mmio, + client_test_nspe_write_psa_rot_mmio, + NULL, +}; + +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_DATA_RD */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + +int32_t client_test_nspe_read_psa_rot_mmio(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test NSPE reading PSA-RoT mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_MMIO_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT mmio address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_nspe_write_psa_rot_mmio(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test NSPE writing PSA-RoT mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_MMIO_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT mmio address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)psa_rot_addr = (uint32_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i079/test_i079.h b/api-tests/ff/ipc/test_i079/test_i079.h new file mode 100644 index 00000000..c5ab49cf --- /dev/null +++ b/api-tests/ff/ipc/test_i079/test_i079.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I079_CLIENT_TESTS_H_ +#define _TEST_I079_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i079) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i079_client_tests_list[]; + +int32_t client_test_nspe_read_psa_rot_mmio(security_t); +int32_t client_test_nspe_write_psa_rot_mmio(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i079/test_supp_i079.c b/api-tests/ff/ipc/test_i079/test_supp_i079.c new file mode 100644 index 00000000..24a0f89f --- /dev/null +++ b/api-tests/ff/ipc/test_i079/test_supp_i079.c @@ -0,0 +1,46 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_nspe_read_psa_rot_mmio(void); +int32_t server_test_nspe_write_psa_rot_mmio(void); + +#define DATA_VALUE 0x5467 + +server_test_t test_i079_server_tests_list[] = { + NULL, + server_test_nspe_read_psa_rot_mmio, + server_test_nspe_write_psa_rot_mmio, + NULL, +}; + +int32_t server_test_nspe_read_psa_rot_mmio(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_nspe_write_psa_rot_mmio(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i080/source.mk b/api-tests/ff/ipc/test_i080/source.mk new file mode 100644 index 00000000..0b19b917 --- /dev/null +++ b/api-tests/ff/ipc/test_i080/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i080.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i080.c test_supp_i080.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i080/test_entry.c b/api-tests/ff/ipc/test_i080/test_entry.c new file mode 100644 index 00000000..ee50dd68 --- /dev/null +++ b/api-tests/ff/ipc/test_i080/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i080.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 80) +#define TEST_DESC "Testing APP-RoT access to PSA-RoT data\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L2, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i080/test_i080.c b/api-tests/ff/ipc/test_i080/test_i080.c new file mode 100644 index 00000000..bd1bd368 --- /dev/null +++ b/api-tests/ff/ipc/test_i080/test_i080.c @@ -0,0 +1,144 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i080.h" + +#define DATA_VALUE1 0x1234 + +client_test_t test_i080_client_tests_list[] = { + NULL, + client_test_app_rot_read_psa_rot_variable, + client_test_app_rot_write_psa_rot_variable, + NULL, +}; + +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_* */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + +int32_t client_test_app_rot_read_psa_rot_variable(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test APP-RoT reading PSA-RoT data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_DATA_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT global variable address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE1) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_app_rot_write_psa_rot_variable(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test APP-RoT writing PSA-RoT data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_DATA_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT global variable address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)psa_rot_addr = (uint32_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i080/test_i080.h b/api-tests/ff/ipc/test_i080/test_i080.h new file mode 100644 index 00000000..fdbe7e91 --- /dev/null +++ b/api-tests/ff/ipc/test_i080/test_i080.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I080_CLIENT_TESTS_H_ +#define _TEST_I080_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i080) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i080_client_tests_list[]; + +int32_t client_test_app_rot_read_psa_rot_variable(security_t); +int32_t client_test_app_rot_write_psa_rot_variable(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i080/test_supp_i080.c b/api-tests/ff/ipc/test_i080/test_supp_i080.c new file mode 100644 index 00000000..cd022639 --- /dev/null +++ b/api-tests/ff/ipc/test_i080/test_supp_i080.c @@ -0,0 +1,44 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_app_rot_read_psa_rot_variable(void); +int32_t server_test_app_rot_write_psa_rot_variable(void); + +server_test_t test_i080_server_tests_list[] = { + NULL, + server_test_app_rot_read_psa_rot_variable, + server_test_app_rot_write_psa_rot_variable, + NULL, +}; + +int32_t server_test_app_rot_read_psa_rot_variable(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_app_rot_write_psa_rot_variable(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i081/source.mk b/api-tests/ff/ipc/test_i081/source.mk new file mode 100644 index 00000000..f84c2cb6 --- /dev/null +++ b/api-tests/ff/ipc/test_i081/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i081.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i081.c test_supp_i081.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i081/test_entry.c b/api-tests/ff/ipc/test_i081/test_entry.c new file mode 100644 index 00000000..2a69daf2 --- /dev/null +++ b/api-tests/ff/ipc/test_i081/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i081.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 81) +#define TEST_DESC "Testing APP-RoT access to PSA-RoT stack\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L2, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i081/test_i081.c b/api-tests/ff/ipc/test_i081/test_i081.c new file mode 100644 index 00000000..42c07658 --- /dev/null +++ b/api-tests/ff/ipc/test_i081/test_i081.c @@ -0,0 +1,145 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i081.h" + +#define DATA_VALUE1 0x1234 + +client_test_t test_i081_client_tests_list[] = { + NULL, + client_test_app_rot_read_psa_rot_stack, + client_test_app_rot_write_psa_rot_stack, + NULL, +}; + +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_DATA_RD */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + + +int32_t client_test_app_rot_read_psa_rot_stack(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test APP-RoT reading PSA-RoT stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_STACK_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT stack address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE1) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_app_rot_write_psa_rot_stack(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE1; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test APP-RoT writing PSA-RoT stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_STACK_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT stack address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)psa_rot_addr = (uint32_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i081/test_i081.h b/api-tests/ff/ipc/test_i081/test_i081.h new file mode 100644 index 00000000..c62a89bb --- /dev/null +++ b/api-tests/ff/ipc/test_i081/test_i081.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I081_CLIENT_TESTS_H_ +#define _TEST_I081_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i081) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i081_client_tests_list[]; + +int32_t client_test_app_rot_read_psa_rot_stack(security_t); +int32_t client_test_app_rot_write_psa_rot_stack(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i081/test_supp_i081.c b/api-tests/ff/ipc/test_i081/test_supp_i081.c new file mode 100644 index 00000000..0f844163 --- /dev/null +++ b/api-tests/ff/ipc/test_i081/test_supp_i081.c @@ -0,0 +1,44 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_app_rot_read_app_rot_stack(void); +int32_t server_test_app_rot_write_app_rot_stack(void); + +server_test_t test_i081_server_tests_list[] = { + NULL, + server_test_app_rot_read_app_rot_stack, + server_test_app_rot_write_app_rot_stack, + NULL, +}; + +int32_t server_test_app_rot_read_app_rot_stack(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_app_rot_write_app_rot_stack(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i082/source.mk b/api-tests/ff/ipc/test_i082/source.mk new file mode 100644 index 00000000..af85416d --- /dev/null +++ b/api-tests/ff/ipc/test_i082/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i082.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i082.c test_supp_i082.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i082/test_entry.c b/api-tests/ff/ipc/test_i082/test_entry.c new file mode 100644 index 00000000..8a38ca72 --- /dev/null +++ b/api-tests/ff/ipc/test_i082/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i082.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 82) +#define TEST_DESC "Testing APP-RoT access to PSA-RoT heap\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L2, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i082/test_i082.c b/api-tests/ff/ipc/test_i082/test_i082.c new file mode 100644 index 00000000..6ddd6a72 --- /dev/null +++ b/api-tests/ff/ipc/test_i082/test_i082.c @@ -0,0 +1,162 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i082.h" + +#define DATA_VALUE_ORG 0x11 +#define DATA_VALUE 0x12 +#define BUFFER_SIZE 0x4 + +client_test_t test_i082_client_tests_list[] = { + NULL, + client_test_app_rot_read_psa_rot_heap, + client_test_app_rot_write_psa_rot_heap, + NULL, +}; + +#if (SP_HEAP_MEM_SUPP == 1) +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_DATA_RD */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + +int32_t client_test_app_rot_read_psa_rot_heap(security_t caller) +{ + addr_t psa_rot_addr; + uint8_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test APP-RoT reading PSA-RoT heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_HEAP_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT heap address. + * This should generate internal fault or ignore the read. + */ + data = *(uint8_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_app_rot_write_psa_rot_heap(security_t caller) +{ + addr_t psa_rot_addr; + uint8_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test APP-RoT writing PSA-RoT heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_HEAP_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT heap address. + * This should generate internal fault or ignore the write. + */ + *(uint8_t *)psa_rot_addr = (uint8_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} +#else +int32_t client_test_app_rot_read_psa_rot_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 1] Test APP-RoT reading PSA-RoT heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} + +int32_t client_test_app_rot_write_psa_rot_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 2] Test APP-RoT writing PSA-RoT heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} +#endif diff --git a/api-tests/ff/ipc/test_i082/test_i082.h b/api-tests/ff/ipc/test_i082/test_i082.h new file mode 100644 index 00000000..accc73f5 --- /dev/null +++ b/api-tests/ff/ipc/test_i082/test_i082.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I082_CLIENT_TESTS_H_ +#define _TEST_I082_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i082) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i082_client_tests_list[]; + +int32_t client_test_app_rot_read_psa_rot_heap(security_t); +int32_t client_test_app_rot_write_psa_rot_heap(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i082/test_supp_i082.c b/api-tests/ff/ipc/test_i082/test_supp_i082.c new file mode 100644 index 00000000..20a5b7a3 --- /dev/null +++ b/api-tests/ff/ipc/test_i082/test_supp_i082.c @@ -0,0 +1,44 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_app_rot_read_psa_rot_heap(void); +int32_t server_test_app_rot_write_psa_rot_heap(void); + +server_test_t test_i082_server_tests_list[] = { + NULL, + server_test_app_rot_read_psa_rot_heap, + server_test_app_rot_write_psa_rot_heap, + NULL, +}; + +int32_t server_test_app_rot_read_psa_rot_heap(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_app_rot_write_psa_rot_heap(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i083/source.mk b/api-tests/ff/ipc/test_i083/source.mk new file mode 100644 index 00000000..a0354eb0 --- /dev/null +++ b/api-tests/ff/ipc/test_i083/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i083.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i083.c test_supp_i083.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i083/test_entry.c b/api-tests/ff/ipc/test_i083/test_entry.c new file mode 100644 index 00000000..403452bc --- /dev/null +++ b/api-tests/ff/ipc/test_i083/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i083.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 83) +#define TEST_DESC "Testing APP-RoT access to PSA-RoT mmio\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L2, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i083/test_i083.c b/api-tests/ff/ipc/test_i083/test_i083.c new file mode 100644 index 00000000..9899e3ee --- /dev/null +++ b/api-tests/ff/ipc/test_i083/test_i083.c @@ -0,0 +1,144 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i083.h" + +#define DATA_VALUE 0x1234 + +client_test_t test_i083_client_tests_list[] = { + NULL, + client_test_app_rot_read_psa_rot_mmio, + client_test_app_rot_write_psa_rot_mmio, + NULL, +}; + +static int32_t get_secure_partition_address(psa_handle_t *handle, + addr_t *addr, + driver_test_fn_id_t test_fn_id) +{ + *handle = psa->connect(DRIVER_TEST_SID, 1); + if (*handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Execute driver function related to TEST_ISOLATION_PSA_ROT_DATA_RD */ + psa_invec invec[1] = {{&test_fn_id, sizeof(test_fn_id)}}; + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(*handle, invec, 1, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + return VAL_STATUS_SUCCESS; +} + +static int32_t get_driver_status(psa_handle_t *handle) +{ + if (psa->call(*handle, NULL, 0, NULL, 0) != PSA_SUCCESS) + { + return VAL_STATUS_CALL_FAILED; + } + return VAL_STATUS_SUCCESS; +} + +static void close_driver_fn(psa_handle_t *handle) +{ + psa->close(*handle); +} + +int32_t client_test_app_rot_read_psa_rot_mmio(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 1] Test APP-RoT reading PSA-RoT mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_MMIO_RD))) + return VAL_STATUS_ERROR; + + close_driver_fn(&handle); + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read PSA RoT mmio address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)psa_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_app_rot_write_psa_rot_mmio(security_t caller) +{ + addr_t psa_rot_addr; + uint32_t data = DATA_VALUE; + psa_handle_t handle = 0; + + val->print(PRINT_TEST, "[Check 2] Test APP-RoT writing PSA-RoT mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&handle, + &psa_rot_addr, + TEST_ISOLATION_PSA_ROT_MMIO_WR))) + return VAL_STATUS_ERROR; + + /* Write PSA RoT mmio address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)psa_rot_addr = (uint32_t)data; + + /* Handshake with driver to decide write status */ + if (VAL_ERROR(get_driver_status(&handle))) + { + close_driver_fn(&handle); + return VAL_STATUS_DRIVER_FN_FAILED; + } + + close_driver_fn(&handle); + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i083/test_i083.h b/api-tests/ff/ipc/test_i083/test_i083.h new file mode 100644 index 00000000..99496a87 --- /dev/null +++ b/api-tests/ff/ipc/test_i083/test_i083.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I083_CLIENT_TESTS_H_ +#define _TEST_I083_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i083) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i083_client_tests_list[]; + +int32_t client_test_app_rot_read_psa_rot_mmio(security_t); +int32_t client_test_app_rot_write_psa_rot_mmio(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i083/test_supp_i083.c b/api-tests/ff/ipc/test_i083/test_supp_i083.c new file mode 100644 index 00000000..e7bf8f51 --- /dev/null +++ b/api-tests/ff/ipc/test_i083/test_supp_i083.c @@ -0,0 +1,46 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_app_rot_read_psa_rot_mmio(void); +int32_t server_test_app_rot_write_psa_rot_mmio(void); + +#define DATA_VALUE 0x5467 + +server_test_t test_i083_server_tests_list[] = { + NULL, + server_test_app_rot_read_psa_rot_mmio, + server_test_app_rot_write_psa_rot_mmio, + NULL, +}; + +int32_t server_test_app_rot_read_psa_rot_mmio(void) +{ + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_app_rot_write_psa_rot_mmio(void) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i084/source.mk b/api-tests/ff/ipc/test_i084/source.mk new file mode 100644 index 00000000..5d162ed9 --- /dev/null +++ b/api-tests/ff/ipc/test_i084/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i084.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i084.c test_supp_i084.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i084/test_entry.c b/api-tests/ff/ipc/test_i084/test_entry.c new file mode 100644 index 00000000..e12e09a5 --- /dev/null +++ b/api-tests/ff/ipc/test_i084/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i084.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 84) +#define TEST_DESC "Testing SP access to other SP data\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L3, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i084/test_i084.c b/api-tests/ff/ipc/test_i084/test_i084.c new file mode 100644 index 00000000..933312aa --- /dev/null +++ b/api-tests/ff/ipc/test_i084/test_i084.c @@ -0,0 +1,125 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i084.h" + +client_test_t test_i084_client_tests_list[] = { + NULL, + client_test_sp_read_other_sp_variable, + client_test_sp_write_other_sp_variable, + NULL, +}; + +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_sp_read_other_sp_variable(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 1] Test SP reading other SP data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT global variable address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == 0x1234) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_sp_write_other_sp_variable(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 2] Test SP writing other SP data\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT global variable address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)app_rot_addr = (uint32_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i084/test_i084.h b/api-tests/ff/ipc/test_i084/test_i084.h new file mode 100644 index 00000000..0fa86afc --- /dev/null +++ b/api-tests/ff/ipc/test_i084/test_i084.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I084_CLIENT_TESTS_H_ +#define _TEST_I084_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i084) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i084_client_tests_list[]; + +int32_t client_test_sp_read_other_sp_variable(security_t); +int32_t client_test_sp_write_other_sp_variable(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i084/test_supp_i084.c b/api-tests/ff/ipc/test_i084/test_supp_i084.c new file mode 100644 index 00000000..3c663d34 --- /dev/null +++ b/api-tests/ff/ipc/test_i084/test_supp_i084.c @@ -0,0 +1,113 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_sp_read_other_sp_variable(void); +int32_t server_test_sp_write_other_sp_variable(void); + +#define DATA_VALUE 0x5467 + +/* Application RoT data region */ +volatile uint32_t g_test_i084 = DATA_VALUE; + +server_test_t test_i084_server_tests_list[] = { + NULL, + server_test_sp_read_other_sp_variable, + server_test_sp_write_other_sp_variable, + NULL, +}; + +static int32_t send_secure_partition_address(void) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT data address - global variable */ + psa->write(msg.handle, 0, (void *)&g_test_i084, sizeof(g_test_i084)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_sp_read_other_sp_variable(void) +{ + return send_secure_partition_address(); +} + +int32_t server_test_sp_write_other_sp_variable(void) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = send_secure_partition_address(); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (g_test_i084 == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i085/source.mk b/api-tests/ff/ipc/test_i085/source.mk new file mode 100644 index 00000000..2456cf49 --- /dev/null +++ b/api-tests/ff/ipc/test_i085/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i085.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i085.c test_supp_i085.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i085/test_entry.c b/api-tests/ff/ipc/test_i085/test_entry.c new file mode 100644 index 00000000..fadc37f4 --- /dev/null +++ b/api-tests/ff/ipc/test_i085/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i085.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 85) +#define TEST_DESC "Testing SP access other SP stack\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L3, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i085/test_i085.c b/api-tests/ff/ipc/test_i085/test_i085.c new file mode 100644 index 00000000..da19a245 --- /dev/null +++ b/api-tests/ff/ipc/test_i085/test_i085.c @@ -0,0 +1,125 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i085.h" + +client_test_t test_i085_client_tests_list[] = { + NULL, + client_test_sp_read_other_sp_stack, + client_test_sp_write_other_sp_stack, + NULL, +}; + +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_sp_read_other_sp_stack(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 1] Test SP reading other SP stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT stack address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == 0x1234) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_sp_write_other_sp_stack(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = 0x1234; + + val->print(PRINT_TEST, "[Check 2] Test SP writing other SP stack\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT stack address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)app_rot_addr = (uint32_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i085/test_i085.h b/api-tests/ff/ipc/test_i085/test_i085.h new file mode 100644 index 00000000..80d5bd6d --- /dev/null +++ b/api-tests/ff/ipc/test_i085/test_i085.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I085_CLIENT_TESTS_H_ +#define _TEST_I085_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i085) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i085_client_tests_list[]; + +int32_t client_test_sp_read_other_sp_stack(security_t); +int32_t client_test_sp_write_other_sp_stack(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i085/test_supp_i085.c b/api-tests/ff/ipc/test_i085/test_supp_i085.c new file mode 100644 index 00000000..9922716c --- /dev/null +++ b/api-tests/ff/ipc/test_i085/test_supp_i085.c @@ -0,0 +1,120 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_sp_read_other_sp_stack(void); +int32_t server_test_sp_write_other_sp_stack(void); + +#define DATA_VALUE 0x5467 + +server_test_t test_i085_server_tests_list[] = { + NULL, + server_test_sp_read_other_sp_stack, + server_test_sp_write_other_sp_stack, + NULL, +}; + +static int32_t send_secure_partition_address(addr_t *stack) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT stack address */ + psa->write(msg.handle, 0, (void *)stack, sizeof(uint32_t)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_sp_read_other_sp_stack(void) +{ + /* Application RoT stack - local variable */ + uint32_t l_test_i085 = DATA_VALUE; + int32_t status = VAL_STATUS_SUCCESS; + + status = send_secure_partition_address(&l_test_i085); + + /* Dummy print to avoid compiler optimisation on local variable */ + val->print(PRINT_INFO, "\tData value 0x%x\n", l_test_i085); + return status; +} + +int32_t server_test_sp_write_other_sp_stack(void) +{ + /* Application RoT stack - local variable */ + uint32_t l_test_i085 = DATA_VALUE; + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = send_secure_partition_address(&l_test_i085); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (l_test_i085 == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i086/source.mk b/api-tests/ff/ipc/test_i086/source.mk new file mode 100644 index 00000000..c4127af3 --- /dev/null +++ b/api-tests/ff/ipc/test_i086/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i086.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i086.c test_supp_i086.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i086/test_entry.c b/api-tests/ff/ipc/test_i086/test_entry.c new file mode 100644 index 00000000..e2c31eee --- /dev/null +++ b/api-tests/ff/ipc/test_i086/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i086.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 86) +#define TEST_DESC "Testing SP access other SP heap\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L3, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i086/test_i086.c b/api-tests/ff/ipc/test_i086/test_i086.c new file mode 100644 index 00000000..7f56cbe8 --- /dev/null +++ b/api-tests/ff/ipc/test_i086/test_i086.c @@ -0,0 +1,145 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i086.h" + +#define DATA_VALUE_ORG 0x11 +#define DATA_VALUE 0x12 +#define BUFFER_SIZE 0x4 + +client_test_t test_i086_client_tests_list[] = { + NULL, + client_test_sp_read_other_sp_heap, + client_test_sp_write_other_sp_heap, + NULL, +}; + +#if (SP_HEAP_MEM_SUPP == 1) +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, BUFFER_SIZE}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_sp_read_other_sp_heap(security_t caller) +{ + addr_t app_rot_addr; + uint8_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 1] Test SP reading other SP heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT heap address. + * This should generate internal fault or ignore the read. + */ + data = *(uint8_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_sp_write_other_sp_heap(security_t caller) +{ + addr_t app_rot_addr; + uint8_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 2] Test SP writing other SP heap\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT heap address. + * This should generate internal fault or ignore the write. + */ + *(uint8_t *)app_rot_addr = (uint8_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} +#else +int32_t client_test_sp_read_other_sp_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 1] Test SP reading other SP heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} + +int32_t client_test_sp_write_other_sp_heap(security_t caller) +{ + val->print(PRINT_TEST, "[Check 2] Test SP writing other SP heap\n", 0); + val->print(PRINT_ERROR, "\tSkipping test as heap memory not supported\n", 0); + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} +#endif diff --git a/api-tests/ff/ipc/test_i086/test_i086.h b/api-tests/ff/ipc/test_i086/test_i086.h new file mode 100644 index 00000000..eb64546d --- /dev/null +++ b/api-tests/ff/ipc/test_i086/test_i086.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I086_CLIENT_TESTS_H_ +#define _TEST_I086_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i086) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i086_client_tests_list[]; + +int32_t client_test_sp_read_other_sp_heap(security_t); +int32_t client_test_sp_write_other_sp_heap(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i086/test_supp_i086.c b/api-tests/ff/ipc/test_i086/test_supp_i086.c new file mode 100644 index 00000000..52fef112 --- /dev/null +++ b/api-tests/ff/ipc/test_i086/test_supp_i086.c @@ -0,0 +1,146 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_sp_read_other_sp_heap(void); +int32_t server_test_sp_write_other_sp_heap(void); + +#if (SP_HEAP_MEM_SUPP == 1) +void *malloc(size_t size); +void free(void *ptr); +#endif + +#define DATA_VALUE_ORG 0x11 +#define BUFFER_SIZE 0x4 + +server_test_t test_i086_server_tests_list[] = { + NULL, + server_test_sp_read_other_sp_heap, + server_test_sp_write_other_sp_heap, + NULL, +}; + +#if (SP_HEAP_MEM_SUPP == 1) +static int32_t send_secure_partition_address(uint8_t *heap) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT heap address */ + psa->write(msg.handle, 0, (void *)heap, sizeof(BUFFER_SIZE)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_sp_read_other_sp_heap(void) +{ + /* Application RoT heap buffer */ + uint8_t *buffer; + int32_t status = VAL_STATUS_SUCCESS; + + buffer = (uint8_t *)malloc(sizeof(uint8_t) * BUFFER_SIZE); + memset((uint8_t *)buffer, DATA_VALUE_ORG, BUFFER_SIZE); + + status = send_secure_partition_address(buffer); + free(buffer); + + return status; +} + +int32_t server_test_sp_write_other_sp_heap(void) +{ + /* Application RoT heap buffer */ + uint8_t *buffer; + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + buffer = (uint8_t *)malloc(sizeof(uint8_t) * BUFFER_SIZE); + memset((uint8_t *)buffer, DATA_VALUE_ORG, BUFFER_SIZE); + + status = send_secure_partition_address(buffer); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (buffer[0] == DATA_VALUE_ORG) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + free(buffer); + return VAL_STATUS_SUCCESS; +} +#else + +int32_t server_test_sp_read_other_sp_heap(void) +{ + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} + +int32_t server_test_sp_write_other_sp_heap(void) +{ + return RESULT_SKIP(VAL_STATUS_HEAP_NOT_AVAILABLE); +} +#endif diff --git a/api-tests/ff/ipc/test_i087/source.mk b/api-tests/ff/ipc/test_i087/source.mk new file mode 100644 index 00000000..492f7953 --- /dev/null +++ b/api-tests/ff/ipc/test_i087/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_i087.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_i087.c test_supp_i087.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_i087/test_entry.c b/api-tests/ff/ipc/test_i087/test_entry.c new file mode 100644 index 00000000..a5de90ad --- /dev/null +++ b/api-tests/ff/ipc/test_i087/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_i087.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 87) +#define TEST_DESC "Testing SP access other SP mmio\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L3, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_i087/test_i087.c b/api-tests/ff/ipc/test_i087/test_i087.c new file mode 100644 index 00000000..eb6cbf22 --- /dev/null +++ b/api-tests/ff/ipc/test_i087/test_i087.c @@ -0,0 +1,127 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_i087.h" + +#define DATA_VALUE 0x1234 + +client_test_t test_i087_client_tests_list[] = { + NULL, + client_test_sp_read_other_sp_mmio, + client_test_sp_write_other_sp_mmio, + NULL, +}; + +static int32_t get_secure_partition_address(addr_t *addr) +{ + psa_handle_t handle = 0; + + handle = psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1); + if (handle < 0) + { + val->print(PRINT_ERROR, "\tConnection failed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + + /* Get App-RoT address */ + psa_outvec outvec[1] = {{addr, sizeof(addr_t)}}; + if (psa->call(handle, NULL, 0, outvec, 1) != PSA_SUCCESS) + { + val->print(PRINT_ERROR, "\tmsg request failed\n", 0); + return VAL_STATUS_CALL_FAILED; + } + + psa->close(handle); + return VAL_STATUS_SUCCESS; +} + +int32_t client_test_sp_read_other_sp_mmio(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 1] Test SP reading other SP mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_REENTER_TEST)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Read Application RoT mmio address. + * This should generate internal fault or ignore the read. + */ + data = *(uint32_t *)app_rot_addr; + + /* Did read ignore? */ + if (data == DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected read to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + + return VAL_STATUS_SPM_FAILED; +} + +int32_t client_test_sp_write_other_sp_mmio(security_t caller) +{ + addr_t app_rot_addr; + uint32_t data = DATA_VALUE; + + val->print(PRINT_TEST, "[Check 2] Test SP writing other SP mmio\n", 0); + + if (VAL_ERROR(get_secure_partition_address(&app_rot_addr))) + return VAL_STATUS_ERROR; + + /* Setting boot.state before test check */ + if (val->set_boot_flag(BOOT_EXPECTED_NS)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag before check\n", 0); + return VAL_STATUS_ERROR; + } + + /* Write Application RoT mmio address. + * This should generate internal fault or ignore the write. + */ + *(uint32_t *)app_rot_addr = (uint32_t)data; + + /* Handshake with server to decide write status */ + if ((psa->connect(SERVER_UNSPECIFED_MINOR_V_SID, 1)) > 0) + { + val->print(PRINT_ERROR, "\tExpected connection to fail but succeed\n", 0); + return VAL_STATUS_INVALID_HANDLE; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_i087/test_i087.h b/api-tests/ff/ipc/test_i087/test_i087.h new file mode 100644 index 00000000..450427d2 --- /dev/null +++ b/api-tests/ff/ipc/test_i087/test_i087.h @@ -0,0 +1,38 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_I087_CLIENT_TESTS_H_ +#define _TEST_I087_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,i087) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i087_client_tests_list[]; + +int32_t client_test_sp_read_other_sp_mmio(security_t); +int32_t client_test_sp_write_other_sp_mmio(security_t); +#endif diff --git a/api-tests/ff/ipc/test_i087/test_supp_i087.c b/api-tests/ff/ipc/test_i087/test_supp_i087.c new file mode 100644 index 00000000..b59fb978 --- /dev/null +++ b/api-tests/ff/ipc/test_i087/test_supp_i087.c @@ -0,0 +1,143 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_sp_read_other_sp_mmio(void); +int32_t server_test_sp_write_other_sp_mmio(void); + +#define DATA_VALUE 0x5467 + +server_test_t test_i087_server_tests_list[] = { + NULL, + server_test_sp_read_other_sp_mmio, + server_test_sp_write_other_sp_mmio, + NULL, +}; + +static int32_t get_mmio_addr(addr_t *addr) +{ + memory_desc_t *memory_desc; + int32_t status = VAL_STATUS_SUCCESS; + + /* Get APP-ROT MMIO address */ + status = val->target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, + MEMORY_SERVER_PARTITION_MMIO, 0), + (uint8_t **)&memory_desc, + (uint32_t *)sizeof(memory_desc_t)); + if (val->err_check_set(TEST_CHECKPOINT_NUM(201), status)) + { + return status; + } + + *addr = memory_desc->start; + return VAL_STATUS_SUCCESS; +} + +static int32_t send_secure_partition_address(addr_t *stack) +{ + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(202), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_call_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(203), status)) + { + psa->reply(msg.handle, -2); + return status; + } + + /* Send Application RoT stack address */ + psa->write(msg.handle, 0, (void *)stack, sizeof(uint32_t)); + psa->reply(msg.handle, PSA_SUCCESS); + + status = val->process_disconnect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + return status; + } + psa->reply(msg.handle, PSA_SUCCESS); + return VAL_STATUS_SUCCESS; +} + +int32_t server_test_sp_read_other_sp_mmio(void) +{ + int32_t status = VAL_STATUS_SUCCESS; + addr_t app_rot_addr; + + status = get_mmio_addr(&app_rot_addr); + if (VAL_ERROR(status)) + return status; + + return send_secure_partition_address(&app_rot_addr); +} + +int32_t server_test_sp_write_other_sp_mmio(void) +{ + addr_t app_rot_addr; + int32_t status = VAL_STATUS_SUCCESS; + psa_msg_t msg = {0}; + + status = get_mmio_addr(&app_rot_addr); + if (VAL_ERROR(status)) + return status; + + /* Initialise mmio address */ + *(uint32_t *)app_rot_addr = (uint32_t)DATA_VALUE; + status = send_secure_partition_address(&app_rot_addr); + if (VAL_ERROR(status)) + return status; + + /* Wait for write to get performed by client */ + status = val->process_connect_request(SERVER_UNSPECIFED_MINOR_V_SIG, &msg); + if (val->err_check_set(TEST_CHECKPOINT_NUM(204), status)) + { + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + return status; + } + + /* Connection request is just for handshake, reject connection anyways */ + psa->reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); + + /* Reached here means there could be write succeed or ignored */ + if (*(uint32_t *)app_rot_addr == (uint32_t)DATA_VALUE) + return VAL_STATUS_SUCCESS; + + val->print(PRINT_ERROR, "\tExpected write to fault but it didn't\n", 0); + + /* Resetting boot.state to catch unwanted reboot */ + if (val->set_boot_flag(BOOT_EXPECTED_BUT_FAILED)) + { + val->print(PRINT_ERROR, "\tFailed to set boot flag after check\n", 0); + return VAL_STATUS_ERROR; + } + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_l088/source.mk b/api-tests/ff/ipc/test_l088/source.mk new file mode 100644 index 00000000..c2004628 --- /dev/null +++ b/api-tests/ff/ipc/test_l088/source.mk @@ -0,0 +1,25 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +CC_SOURCE = test_entry.c test_l088.c +CC_OPTIONS = +AS_SOURCE = +AS_OPTIONS = + +CC_SOURCE_SPE = test_l088.c test_supp_l088.c +CC_OPTIONS_SPE = +AS_SOURCE_SPE = +AS_OPTIONS_SPE = diff --git a/api-tests/ff/ipc/test_l088/test_entry.c b/api-tests/ff/ipc/test_l088/test_entry.c new file mode 100644 index 00000000..4732122f --- /dev/null +++ b/api-tests/ff/ipc/test_l088/test_entry.c @@ -0,0 +1,52 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_interfaces.h" +#include "val_target.h" +#include "test_l088.h" + +#define TEST_NUM VAL_CREATE_TEST_ID(VAL_FF_BASE, 88) +#define TEST_DESC "Testing psa_rot_lifecycle_state API\n" +TEST_PUBLISH(TEST_NUM, test_entry); +val_api_t *val = NULL; +psa_api_t *psa = NULL; + +void test_entry(val_api_t *val_api, psa_api_t *psa_api) +{ + int32_t status = VAL_STATUS_SUCCESS; + + val = val_api; + psa = psa_api; + + /* test init */ + val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT)); + if (!IS_TEST_START(val->get_status())) + { + goto test_exit; + } + + /* Switch to secure side (client_partition.c) and execute list of tests available in + test[num]_client_tests_list from Secure side */ + status = val->switch_to_secure_client(TEST_NUM); + if (VAL_ERROR(status)) + { + goto test_exit; + } + +test_exit: + val->test_exit(); +} diff --git a/api-tests/ff/ipc/test_l088/test_l088.c b/api-tests/ff/ipc/test_l088/test_l088.c new file mode 100644 index 00000000..612c9278 --- /dev/null +++ b/api-tests/ff/ipc/test_l088/test_l088.c @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifdef NONSECURE_TEST_BUILD +#include "val_interfaces.h" +#include "val_target.h" +#else +#include "val_client_defs.h" +#include "val_service_defs.h" +#endif + +#include "test_l088.h" + +client_test_t test_l088_client_tests_list[] = { + NULL, + client_test_psa_rot_lifecycle_state, + NULL, +}; + +int32_t client_test_psa_rot_lifecycle_state(security_t caller) +{ + return VAL_STATUS_SUCCESS; +} diff --git a/api-tests/ff/ipc/test_l088/test_l088.h b/api-tests/ff/ipc/test_l088/test_l088.h new file mode 100644 index 00000000..e27f8acf --- /dev/null +++ b/api-tests/ff/ipc/test_l088/test_l088.h @@ -0,0 +1,37 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ +#ifndef _TEST_L088_CLIENT_TESTS_H_ +#define _TEST_L088_CLIENT_TESTS_H_ + +#include "val_client_defs.h" + +#ifdef NONSECURE_TEST_BUILD +#define test_entry CONCAT(test_entry_,l088) +#define val CONCAT(val,test_entry) +#define psa CONCAT(psa,test_entry) +#else +#define val CONCAT(val,_client_sp) +#define psa CONCAT(psa,_client_sp) +#endif + +extern val_api_t *val; +extern psa_api_t *psa; + +extern client_test_t test_i088_client_tests_list[]; + +int32_t client_test_psa_rot_lifecycle_state(security_t); +#endif diff --git a/api-tests/ff/ipc/test_l088/test_supp_l088.c b/api-tests/ff/ipc/test_l088/test_supp_l088.c new file mode 100644 index 00000000..1ca9fe6d --- /dev/null +++ b/api-tests/ff/ipc/test_l088/test_supp_l088.c @@ -0,0 +1,59 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "val_client_defs.h" +#include "val_service_defs.h" + +#define val CONCAT(val,_server_sp) +#define psa CONCAT(psa,_server_sp) +extern val_api_t *val; +extern psa_api_t *psa; + +int32_t server_test_psa_rot_lifecycle_state(void); + +server_test_t test_l088_server_tests_list[] = { + NULL, + server_test_psa_rot_lifecycle_state, + NULL, +}; + +int32_t server_test_psa_rot_lifecycle_state(void) +{ + uint32_t state; + int32_t status = VAL_STATUS_UNSUPPORTED; + + val->print(PRINT_TEST, "[Check 1] Test calling psa_rot_lifecycle_state API\n", 0); + + state = psa->rot_lifecycle_state(); + switch (state & PSA_LIFECYCLE_PSA_STATE_MASK) + { + case PSA_LIFECYCLE_UNKNOWN: + case PSA_LIFECYCLE_ASSEMBLY_AND_TEST: + case PSA_LIFECYCLE_PSA_ROT_PROVISIONING: + case PSA_LIFECYCLE_SECURED: + case PSA_LIFECYCLE_NON_PSA_ROT_DEBUG: + case PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG: + case PSA_LIFECYCLE_DECOMMISSIONED: + status = VAL_STATUS_SUCCESS; + break; + default: + val->print(PRINT_ERROR, "\tpsa_rot_lifecycle_state API returned" + "unsupported value\n", 0); + } + + return status; +} diff --git a/api-tests/ff/ipc/testsuite.db b/api-tests/ff/ipc/testsuite.db index 4bff10ed..f8a30133 100644 --- a/api-tests/ff/ipc/testsuite.db +++ b/api-tests/ff/ipc/testsuite.db @@ -23,68 +23,90 @@ test_i001 test_i002 test_i003 -test_i004 -test_i005 -test_i006 -test_i007 -test_i008 -test_i009 -test_i010 -test_i011 -test_i012 -test_i013 -test_i014 -test_i015 -test_i016 -test_i017 -test_i018 -test_i019 -test_i020 +test_i004, panic_test +test_i005, panic_test +test_i006, panic_test +test_i007, panic_test +test_i008, panic_test +test_i009, panic_test +test_i010, panic_test +test_i011, panic_test +test_i012, panic_test +test_i013, panic_test +test_i014, panic_test +test_i015, panic_test +test_i016, panic_test +test_i017, panic_test +test_i018, panic_test +test_i019, panic_test +test_i020, panic_test test_i021 -test_i022 -test_i023 -test_i024 -test_i025 -test_i026 -test_i027 -test_i028 -test_i029 -test_i030 -test_i031 -test_i032 -test_i033 -test_i034 -test_i035 -test_i036 -test_i037 -test_i038 -test_i039 -test_i040 -test_i041 -test_i042 -test_i043 -test_i044 -test_i045 -test_i046 -test_i047 -test_i048 -test_i049 -test_i050 -test_i051 -test_i052 -test_i053 -test_i054 -test_i055 -test_i056 -test_i057 +test_i022, panic_test +test_i023, panic_test +test_i024, panic_test +test_i025, panic_test +test_i026, panic_test +test_i027, panic_test +test_i028, panic_test +test_i029, panic_test +test_i030, panic_test +test_i031, panic_test +test_i032, panic_test +test_i033, panic_test +test_i034, panic_test +test_i035, panic_test +test_i036, panic_test +test_i037, panic_test +test_i038, panic_test +test_i039, panic_test +test_i040, panic_test +test_i041, panic_test +test_i042, panic_test +test_i043, panic_test +test_i044, panic_test +test_i045, panic_test +test_i046, panic_test +test_i047, panic_test +test_i048, panic_test +test_i049, panic_test +test_i050, panic_test +test_i051, panic_test +test_i052, panic_test +test_i053, panic_test +test_i054, panic_test +test_i055, panic_test +test_i056, panic_test +test_i057, panic_test test_i058 -test_i059 -test_i060 -test_i061 -test_i062 +test_i059, panic_test +test_i060, panic_test +test_i061, panic_test +test_i062, panic_test test_i063 -test_i064 -test_i065 -test_i066 +test_i064, panic_test +test_i065, panic_test +test_i066, panic_test +test_i067 +test_i068, panic_test +test_i069, panic_test +test_i070, panic_test +test_i071 +test_i072, panic_test +test_i073, panic_test +test_i074, panic_test +test_i075, panic_test +test_i076, panic_test +test_i077, panic_test +test_i078, panic_test +test_i079, panic_test +test_i080, panic_test +test_i081, panic_test +test_i082, panic_test +test_i083, panic_test +test_i084, panic_test +test_i085, panic_test +test_i086, panic_test +test_i087, panic_test +test_l088 (END) diff --git a/api-tests/ff/partition/common/driver_partition.c b/api-tests/ff/partition/common/driver_partition.c index 6523fd58..53a6004b 100644 --- a/api-tests/ff/partition/common/driver_partition.c +++ b/api-tests/ff/partition/common/driver_partition.c @@ -17,22 +17,36 @@ #include "val/spe/val_driver_service_apis.h" +#define DATA_VALUE 0x1111 +#define BUFFER_SIZE 4 + +uint32_t g_psa_rot_data = DATA_VALUE; + int32_t driver_test_psa_eoi_with_non_intr_signal(void); int32_t driver_test_psa_eoi_with_unasserted_signal(void); int32_t driver_test_psa_eoi_with_multiple_signals(void); +int32_t driver_test_irq_routing(void); +void driver_test_isolation_psa_rot_data_rd(psa_msg_t *msg); +void driver_test_isolation_psa_rot_data_wr(psa_msg_t *msg); +void driver_test_isolation_psa_rot_stack_rd(psa_msg_t *msg); +void driver_test_isolation_psa_rot_stack_wr(psa_msg_t *msg); +void driver_test_isolation_psa_rot_heap_rd(psa_msg_t *msg); +void driver_test_isolation_psa_rot_heap_wr(psa_msg_t *msg); +void driver_test_isolation_psa_rot_mmio_rd(psa_msg_t *msg); +void driver_test_isolation_psa_rot_mmio_wr(psa_msg_t *msg); void driver_main(void) { - psa_signal_t signals = 0; - psa_msg_t msg = {0}; - uint32_t data = 0; - uart_fn_type_t uart_fn; - nvmem_param_t nvmem_param; - test_intr_fn_id_t test_intr_fn_id; - char string[256] = {0}; - uint8_t buffer[256] = {0}; - wd_param_t wd_param; - addr_t uart_base; + psa_signal_t signals = 0; + psa_msg_t msg = {0}; + int32_t data = 0; + uart_fn_type_t uart_fn; + nvmem_param_t nvmem_param; + driver_test_fn_id_t driver_test_fn_id; + char string[256] = {0}; + uint8_t buffer[256] = {0}; + wd_param_t wd_param; + addr_t uart_base; /* Initialised driver mmio space */ if (val_init_driver_memory()) @@ -206,14 +220,14 @@ void driver_main(void) break; } } - /* SID reserved for interrupt testing */ - else if (signals & TEST_INTR_SIG) + /* SID reserved for Driver test functions */ + else if (signals & DRIVER_TEST_SIG) { - psa_get(TEST_INTR_SIG, &msg); + psa_get(DRIVER_TEST_SIG, &msg); switch (msg.type) { case PSA_IPC_CALL: - if (msg.in_size[0] > sizeof(test_intr_fn_id_t)) + if (msg.in_size[0] > sizeof(driver_test_fn_id_t)) { /* buffer overflow */ psa_reply(msg.handle, VAL_STATUS_ERROR); @@ -222,10 +236,10 @@ void driver_main(void) } else { - psa_read(msg.handle, 0, &test_intr_fn_id, msg.in_size[0]); + psa_read(msg.handle, 0, &driver_test_fn_id, msg.in_size[0]); } - switch (test_intr_fn_id) + switch (driver_test_fn_id) { case TEST_PSA_EOI_WITH_NON_INTR_SIGNAL: driver_test_psa_eoi_with_non_intr_signal(); @@ -240,6 +254,34 @@ void driver_main(void) psa_reply(msg.handle, VAL_STATUS_ERROR); break; case TEST_INTR_SERVICE: + if (driver_test_irq_routing() != VAL_STATUS_SUCCESS) + psa_reply(msg.handle, VAL_STATUS_ERROR); + else + psa_reply(msg.handle, PSA_SUCCESS); + break; + case TEST_ISOLATION_PSA_ROT_DATA_RD: + driver_test_isolation_psa_rot_data_rd(&msg); + break; + case TEST_ISOLATION_PSA_ROT_DATA_WR: + driver_test_isolation_psa_rot_data_wr(&msg); + break; + case TEST_ISOLATION_PSA_ROT_STACK_RD: + driver_test_isolation_psa_rot_stack_rd(&msg); + break; + case TEST_ISOLATION_PSA_ROT_STACK_WR: + driver_test_isolation_psa_rot_stack_wr(&msg); + break; + case TEST_ISOLATION_PSA_ROT_HEAP_RD: + driver_test_isolation_psa_rot_heap_rd(&msg); + break; + case TEST_ISOLATION_PSA_ROT_HEAP_WR: + driver_test_isolation_psa_rot_heap_wr(&msg); + break; + case TEST_ISOLATION_PSA_ROT_MMIO_RD: + driver_test_isolation_psa_rot_mmio_rd(&msg); + break; + case TEST_ISOLATION_PSA_ROT_MMIO_WR: + driver_test_isolation_psa_rot_mmio_wr(&msg); break; } break; @@ -267,7 +309,7 @@ int32_t driver_test_psa_eoi_with_non_intr_signal(void) return VAL_STATUS_ERROR; } - /* psa_eoi should not return as signal is non-interrupt signal*/ + /* psa_eoi should panic as signal is non-interrupt signal*/ psa_eoi(PSA_DOORBELL); /* Control shouldn't have reached here */ @@ -292,7 +334,7 @@ int32_t driver_test_psa_eoi_with_unasserted_signal(void) return VAL_STATUS_ERROR; } - /* psa_eoi should not return as DRIVER_UART_INTR_SIG is unasserted */ + /* psa_eoi should panic as DRIVER_UART_INTR_SIG is unasserted */ psa_eoi(DRIVER_UART_INTR_SIG); /* Control shouldn't have reached here */ @@ -310,6 +352,27 @@ int32_t driver_test_psa_eoi_with_unasserted_signal(void) int32_t driver_test_psa_eoi_with_multiple_signals(void) { + /* + * To test psa_eoi for multiple signals, one of signal should asserted first. + * Otherwise, check can false pass with psa_eoi_with_unasserted_signal. + * Assert interrupt signal assigned to driver partition + */ + val_generate_interrupt(); + + /* Wait for DRIVER_UART_INTR_SIG signal */ + if (psa_wait(DRIVER_UART_INTR_SIG, PSA_BLOCK) & DRIVER_UART_INTR_SIG) + { + /* Received DRIVER_UART_INTR_SIG signal, now process it */ + val_disable_interrupt(); + } + else + { + /* didn't receive DRIVER_UART_INTR_SIG signal, however process it */ + val_disable_interrupt(); + val_print_sf("\tFailed to receive irq signal\n", 0); + return VAL_STATUS_SPM_FAILED; + } + /* Setting boot.state before test check */ if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_NS)) { @@ -317,8 +380,8 @@ int32_t driver_test_psa_eoi_with_multiple_signals(void) return VAL_STATUS_ERROR; } - /* psa_eoi should not return as irq_signal is provided with multiple signals */ - psa_eoi(DRIVER_UART_INTR_SIG|TEST_INTR_SIG); + /* psa_eoi should panic as irq_signal is provided with multiple signals */ + psa_eoi(DRIVER_UART_INTR_SIG|DRIVER_TEST_SIG); /* Control shouldn't have reached here */ val_print_sf("\tCheck for psa_eoi(multiple_signals) failed\n", 0); @@ -332,3 +395,307 @@ int32_t driver_test_psa_eoi_with_multiple_signals(void) return VAL_STATUS_SPM_FAILED; } + +int32_t driver_test_irq_routing(void) +{ + psa_signal_t signals = 0; + + /* Assert interrupt signal assigned to driver partition */ + val_generate_interrupt(); + + /* Wait for DRIVER_UART_INTR_SIG signal */ + signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); + + if (signals & DRIVER_UART_INTR_SIG) + { + /* Received DRIVER_UART_INTR_SIG signal, now process it */ + val_disable_interrupt(); + + /* A signal remains active until it is processed by psa_eoi */ + if ((psa_wait(DRIVER_UART_INTR_SIG, PSA_BLOCK) & DRIVER_UART_INTR_SIG) == 0) + { + val_print_sf("\tIrq signal got de-activate before psa_eoi()\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + /* Perform end of interrupt */ + psa_eoi(DRIVER_UART_INTR_SIG); + + /* Irq signal should be de-activated now */ + if (psa_wait(DRIVER_UART_INTR_SIG, PSA_POLL) & DRIVER_UART_INTR_SIG) + { + val_print_sf("\tIrq signal didn't get de-activate after psa_eoi()\n", 0); + return VAL_STATUS_SPM_FAILED; + } + + return VAL_STATUS_SUCCESS; + } + else + { + /* didn't receive DRIVER_UART_INTR_SIG signal, however process it */ + val_disable_interrupt(); + val_print_sf("\tFailed to receive irq signal, signals=0x%x\n", signals); + return VAL_STATUS_SPM_FAILED; + } +} + +static int32_t process_call_request(psa_signal_t sig, psa_msg_t *msg) +{ + val_status_t res = VAL_STATUS_ERROR; + psa_signal_t signals; + +wait: + signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); + if (signals & sig) + { + if (psa_get(sig, msg) != PSA_SUCCESS) + { + goto wait; + } + + if ((msg->type != PSA_IPC_CALL) || (msg->handle <= 0)) + { + val_print_sf("\tpsa_get failed for PSA_IPC_CALL\n", 0); + res = VAL_STATUS_ERROR; + } + else + { + res = VAL_STATUS_SUCCESS; + } + } + else + { + val_print_sf("\tpsa_wait returned with invalid signal value = 0x%x\n", signals); + res = VAL_STATUS_ERROR; + } + return res; +} + +void driver_test_isolation_psa_rot_data_rd(psa_msg_t *msg) +{ + /* Send PSA RoT data address - global variable */ + psa_write(msg->handle, 0, (void *) &g_psa_rot_data, sizeof(addr_t)); + psa_reply(msg->handle, PSA_SUCCESS); +} + +void driver_test_isolation_psa_rot_data_wr(psa_msg_t *msg) +{ + /* Send PSA RoT data address - global variable */ + psa_write(msg->handle, 0, (void *) &g_psa_rot_data, sizeof(addr_t)); + + /* Setting boot.state before test check */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_S)) + { + val_print_sf("\tFailed to set boot flag before check\n", 0); + psa_reply(msg->handle, -2); + } + psa_reply(msg->handle, PSA_SUCCESS); + + /* Process second call request */ + if (VAL_ERROR(process_call_request(DRIVER_TEST_SIG, msg))) + { + psa_reply(msg->handle, -2); + return; + } + + /* Resetting boot.state to catch unwanted reboot */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_BUT_FAILED)) + { + val_print_sf("\tFailed to set boot flag after check\n", 0); + psa_reply(msg->handle, -2); + return; + } + + /* Reached here means there could be write succeed or ignored */ + if (g_psa_rot_data == DATA_VALUE) + { + psa_reply(msg->handle, PSA_SUCCESS); + } + else + { + val_print_sf("\tExpected write to fault but it didn't\n", 0); + psa_reply(msg->handle, -2); + } +} + +void driver_test_isolation_psa_rot_stack_rd(psa_msg_t *msg) +{ + uint32_t l_psa_rot_data = DATA_VALUE; + + /* Send PSA RoT stack address - local variable */ + psa_write(msg->handle, 0, (void *) &l_psa_rot_data, sizeof(addr_t)); + psa_reply(msg->handle, PSA_SUCCESS); + + /* Dummy print to avoid compiler optimisation on local variable */ + val_print_sf("\tl_psa_rot_data value 0x%x\n", l_psa_rot_data); +} + +void driver_test_isolation_psa_rot_stack_wr(psa_msg_t *msg) +{ + uint32_t l_psa_rot_data = DATA_VALUE; + + /* Send PSA RoT stack address - local variable */ + psa_write(msg->handle, 0, (void *) &l_psa_rot_data, sizeof(addr_t)); + + /* Setting boot.state before test check */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_S)) + { + val_print_sf("\tFailed to set boot flag before check\n", 0); + psa_reply(msg->handle, -2); + } + psa_reply(msg->handle, PSA_SUCCESS); + + /* Process second call request */ + if (VAL_ERROR(process_call_request(DRIVER_TEST_SIG, msg))) + { + psa_reply(msg->handle, -2); + return; + } + + /* Resetting boot.state to catch unwanted reboot */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_BUT_FAILED)) + { + val_print_sf("\tFailed to set boot flag after check\n", 0); + psa_reply(msg->handle, -2); + return; + } + + /* Reached here means there could be write succeed or ignored */ + if (l_psa_rot_data == DATA_VALUE) + { + psa_reply(msg->handle, PSA_SUCCESS); + } + else + { + val_print_sf("\tExpected write to fault but it didn't\n", 0); + psa_reply(msg->handle, -2); + } +} + +void driver_test_isolation_psa_rot_heap_rd(psa_msg_t *msg) +{ +#if (SP_HEAP_MEM_SUPP == 1) + uint8_t *buffer; + + buffer = (uint8_t *)malloc(sizeof(uint8_t) * BUFFER_SIZE); + memset((uint8_t *)buffer, (uint8_t)DATA_VALUE, BUFFER_SIZE); + + /* Send PSA RoT heap address */ + psa_write(msg->handle, 0, (void *) buffer, BUFFER_SIZE); + psa_reply(msg->handle, PSA_SUCCESS); + free(buffer); +#endif +} + +void driver_test_isolation_psa_rot_heap_wr(psa_msg_t *msg) +{ +#if (SP_HEAP_MEM_SUPP == 1) + uint8_t *buffer; + + buffer = (uint8_t *)malloc(sizeof(uint8_t) * BUFFER_SIZE); + memset((uint8_t *)buffer, (uint8_t)DATA_VALUE, BUFFER_SIZE); + + /* Send PSA RoT heap address */ + psa_write(msg->handle, 0, (void *) buffer, BUFFER_SIZE); + psa_reply(msg->handle, PSA_SUCCESS); + + /* Setting boot.state before test check */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_S)) + { + val_print_sf("\tFailed to set boot flag before check\n", 0); + psa_reply(msg->handle, -2); + } + + /* Process second call request */ + if (VAL_ERROR(process_call_request(DRIVER_TEST_SIG, msg))) + { + psa_reply(msg->handle, -2); + return; + } + + /* Resetting boot.state to catch unwanted reboot */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_BUT_FAILED)) + { + val_print_sf("\tFailed to set boot flag after check\n", 0); + psa_reply(msg->handle, -2); + return; + } + + /* Reached here means there could be write succeed or ignored */ + if (buffer[0] == (uint8_t)DATA_VALUE) + { + psa_reply(msg->handle, PSA_SUCCESS); + } + else + { + val_print_sf("\tExpected write to fault but it didn't\n", 0); + psa_reply(msg->handle, -2); + } + free(buffer); +#endif +} + +void driver_test_isolation_psa_rot_mmio_rd(psa_msg_t *msg) +{ + addr_t psa_rot_mmio_addr; + + if (VAL_ERROR(val_get_driver_mmio_addr(&psa_rot_mmio_addr))) + { + psa_reply(msg->handle, -2); + return; + } + + /* Send PSA RoT mmio address */ + memset((uint8_t *)&psa_rot_mmio_addr, (uint8_t)DATA_VALUE, sizeof(addr_t)); + psa_write(msg->handle, 0, (void *) &psa_rot_mmio_addr, sizeof(addr_t)); + psa_reply(msg->handle, PSA_SUCCESS); +} + +void driver_test_isolation_psa_rot_mmio_wr(psa_msg_t *msg) +{ + addr_t psa_rot_mmio_addr; + + if (VAL_ERROR(val_get_driver_mmio_addr(&psa_rot_mmio_addr))) + { + psa_reply(msg->handle, -2); + return; + } + + /* Send PSA RoT mmio address */ + memset((uint8_t *)&psa_rot_mmio_addr, (uint8_t)DATA_VALUE, sizeof(uint32_t)); + psa_write(msg->handle, 0, (void *) &psa_rot_mmio_addr, sizeof(uint32_t)); + psa_reply(msg->handle, PSA_SUCCESS); + + /* Setting boot.state before test check */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_S)) + { + val_print_sf("\tFailed to set boot flag before check\n", 0); + psa_reply(msg->handle, -2); + } + + /* Process second call request */ + if (VAL_ERROR(process_call_request(DRIVER_TEST_SIG, msg))) + { + psa_reply(msg->handle, -2); + return; + } + + /* Resetting boot.state to catch unwanted reboot */ + if (val_driver_private_set_boot_flag_fn(BOOT_EXPECTED_BUT_FAILED)) + { + val_print_sf("\tFailed to set boot flag after check\n", 0); + psa_reply(msg->handle, -2); + return; + } + + /* Reached here means there could be write succeed or ignored */ + if (*(uint32_t *)psa_rot_mmio_addr == (uint32_t)DATA_VALUE) + { + psa_reply(msg->handle, PSA_SUCCESS); + } + else + { + val_print_sf("\tExpected write to fault but it didn't\n", 0); + psa_reply(msg->handle, -2); + } +} diff --git a/api-tests/ff/partition/ipc/client_partition.c b/api-tests/ff/partition/ipc/client_partition.c index 794f6d24..7be5a6cb 100644 --- a/api-tests/ff/partition/ipc/client_partition.c +++ b/api-tests/ff/partition/ipc/client_partition.c @@ -25,6 +25,7 @@ void client_main(void) psa_signal_t signals = 0; val_status_t status, test_status; psa_msg_t msg = {0}; + test_info_t test_info; while (1) { @@ -40,7 +41,7 @@ void client_main(void) if (test_data != 0) { val_print(PRINT_ERROR, "must clear previous dispatcher connection\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa_reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } else { @@ -56,7 +57,7 @@ void client_main(void) } if (VAL_ERROR(status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa_reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); break; } @@ -66,8 +67,10 @@ void client_main(void) val_print(PRINT_INFO, "In client part, test-id %d\n", GET_TEST_NUM(test_data)); + test_info.test_num = GET_TEST_NUM(test_data); + test_info.block_num = GET_BLOCK_NUM(test_data); /* Execute client test func from secure*/ - test_status = val_execute_secure_tests(GET_TEST_NUM(test_data), + test_status = val_execute_secure_tests(test_info, client_ipc_test_list[GET_TEST_NUM(test_data)]); } else if (GET_ACTION_NUM(test_data) == TEST_RETURN_RESULT) @@ -77,7 +80,7 @@ void client_main(void) } else { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa_reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } break; case PSA_IPC_DISCONNECT: @@ -94,7 +97,7 @@ void client_main(void) /* Server_partition requests client to connect to SERVER_SECURE_CONNECT_ONLY_SID */ else if (signals & PSA_DOORBELL) { - if (psa_connect(SERVER_SECURE_CONNECT_ONLY_SID, 2) != PSA_CONNECTION_REFUSED) + if (psa_connect(SERVER_SECURE_CONNECT_ONLY_SID, 2) != PSA_ERROR_CONNECTION_REFUSED) { val_print(PRINT_ERROR, "psa_connect failed \n", 0); } diff --git a/api-tests/ff/partition/ipc/server_partition.c b/api-tests/ff/partition/ipc/server_partition.c index 35c06418..de0e7a42 100644 --- a/api-tests/ff/partition/ipc/server_partition.c +++ b/api-tests/ff/partition/ipc/server_partition.c @@ -17,6 +17,9 @@ #include "server_partition.h" +val_api_t *val_server_sp = &val_api; +psa_api_t *psa_server_sp = &psa_api; + void server_main(void) { uint32_t test_data = 0; @@ -40,7 +43,7 @@ void server_main(void) if (test_data != 0) { val_print(PRINT_ERROR, "must clear previous dispatcher connection\n", 0); - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa_reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } else { @@ -56,7 +59,7 @@ void server_main(void) } if (VAL_ERROR(status)) { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa_reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); break; } @@ -80,7 +83,7 @@ void server_main(void) } else { - psa_reply(msg.handle, PSA_CONNECTION_REFUSED); + psa_reply(msg.handle, PSA_ERROR_CONNECTION_REFUSED); } break; case PSA_IPC_DISCONNECT: diff --git a/api-tests/platform/drivers/nvmem/pal_nvmem.c b/api-tests/platform/drivers/nvmem/pal_nvmem.c index 65a9442b..502d7010 100644 --- a/api-tests/platform/drivers/nvmem/pal_nvmem.c +++ b/api-tests/platform/drivers/nvmem/pal_nvmem.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/api-tests/platform/drivers/nvmem/pal_nvmem.h b/api-tests/platform/drivers/nvmem/pal_nvmem.h index 5a6f7be4..11443045 100644 --- a/api-tests/platform/drivers/nvmem/pal_nvmem.h +++ b/api-tests/platform/drivers/nvmem/pal_nvmem.h @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/api-tests/platform/drivers/uart/cmsdk/pal_uart.c b/api-tests/platform/drivers/uart/cmsdk/pal_uart.c index 5ccc5fcc..e55a4115 100644 --- a/api-tests/platform/drivers/uart/cmsdk/pal_uart.c +++ b/api-tests/platform/drivers/uart/cmsdk/pal_uart.c @@ -65,10 +65,10 @@ static void pal_uart_cmsdk_putc(uint8_t c) @param - str : Input String - data : Value for format specifier **/ -void pal_cmsdk_print(char *str, uint32_t data) +void pal_cmsdk_print(char *str, int32_t data) { - uint8_t j, buffer[16]; - int8_t i = 0; + int8_t j, buffer[16]; + int8_t i = 0, is_neg = 0; for (; *str != '\0'; ++str) { @@ -77,6 +77,12 @@ void pal_cmsdk_print(char *str, uint32_t data) ++str; if (*str == 'd') { + if (data < 0) + { + data = -(data); + is_neg = 1; + } + while (data != 0) { j = data % 10; @@ -84,6 +90,9 @@ void pal_cmsdk_print(char *str, uint32_t data) buffer[i] = j + 48; i += 1; } + + if (is_neg) + buffer[i++] = '-'; } else if (*str == 'x' || *str == 'X') { @@ -112,3 +121,39 @@ void pal_cmsdk_print(char *str, uint32_t data) } } } + +/** + @brief - This function checks for TX interrupt triggered or not +**/ +static int pal_uart_cmsdk_is_tx_irq_triggerd(void) +{ + return (((uart_t *) g_uart)->INTSTATUS & CMSDK_UART_INTSTATUS_TXIRQ_Msk); +} + +/** + @brief - This function triggers the UART TX interrupt +**/ +void pal_uart_cmsdk_generate_irq(void) +{ + /* Enable TX interrupt */ + ((uart_t *) g_uart)->CTRL |= CMSDK_UART_CTRL_TXIRQEN_Msk; + + /* Fill the TX buffer to generate TX IRQ */ + pal_uart_cmsdk_putc(' '); + pal_uart_cmsdk_putc(' '); + + /* Loop until TX interrupt trigger */ + while (!pal_uart_cmsdk_is_tx_irq_triggerd()); +} + +/** + @brief - This function disable the UART TX interrupt +**/ +void pal_uart_cmsdk_disable_irq(void) +{ + /* Clear TX interrupt */ + ((uart_t *) g_uart)->INTCLEAR |= CMSDK_UART_INTCLEAR_TXIRQ_Msk; + + /* Disable TX interrupt */ + ((uart_t *) g_uart)->CTRL &= ~CMSDK_UART_CTRL_TXIRQEN_Msk; +} diff --git a/api-tests/platform/drivers/uart/cmsdk/pal_uart.h b/api-tests/platform/drivers/uart/cmsdk/pal_uart.h index 7e82d417..442536f9 100644 --- a/api-tests/platform/drivers/uart/cmsdk/pal_uart.h +++ b/api-tests/platform/drivers/uart/cmsdk/pal_uart.h @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,6 +27,15 @@ /* CMSDK_UART CTRL Register Definitions */ #define CMSDK_UART_CTRL_TXEN_Pos 0 /* CMSDK_UART CTRL: TXEN Position */ #define CMSDK_UART_CTRL_TXEN_Msk (0x01UL) /* CMSDK_UART CTRL: TXEN Mask */ +#define CMSDK_UART_CTRL_TXIRQEN_Pos 2 /* CMSDK_UART CTRL: TXIRQEN Position */ +#define CMSDK_UART_CTRL_TXIRQEN_Msk (0x01ul << CMSDK_UART_CTRL_TXIRQEN_Pos) + /* CMSDK_UART CTRL: TXIRQEN Mask */ +#define CMSDK_UART_INTCLEAR_TXIRQ_Pos 0 /* CMSDK_UART CLEAR: TXIRQ Position */ +#define CMSDK_UART_INTCLEAR_TXIRQ_Msk (0x01ul << CMSDK_UART_INTCLEAR_TXIRQ_Pos) + /* CMSDK_UART CLEAR: TXIRQ Mask */ +#define CMSDK_UART_INTSTATUS_TXIRQ_Pos 0 /* CMSDK_UART STATUS: TXIRQ Position */ +#define CMSDK_UART_INTSTATUS_TXIRQ_Msk (0x01ul << CMSDK_UART_INTSTATUS_TXIRQ_Pos) + /* CMSDK_UART STATUS: TXIRQ Mask */ /* typedef's */ typedef struct { @@ -43,6 +52,8 @@ typedef struct { /* function prototypes */ void pal_uart_cmsdk_init(uint32_t uart_base_addr); -void pal_cmsdk_print(char *str, uint32_t data); +void pal_cmsdk_print(char *str, int32_t data); +void pal_uart_cmsdk_generate_irq(void); +void pal_uart_cmsdk_disable_irq(void); #endif /* _PAL_UART_CMSDK_H_ */ diff --git a/api-tests/platform/drivers/uart/pl011/pal_uart.c b/api-tests/platform/drivers/uart/pl011/pal_uart.c index b6ba1bd0..9a1095b5 100644 --- a/api-tests/platform/drivers/uart/pl011/pal_uart.c +++ b/api-tests/platform/drivers/uart/pl011/pal_uart.c @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,7 +17,7 @@ #include "pal_uart.h" -volatile uint32_t uart; +volatile uint32_t g_uart; /** @brief - This function initializes the UART @@ -25,7 +25,7 @@ volatile uint32_t uart; **/ void pal_uart_pl011_init(uint32_t uart_base_addr) { - uart = uart_base_addr; + g_uart = uart_base_addr; } /** @@ -33,11 +33,11 @@ void pal_uart_pl011_init(uint32_t uart_base_addr) **/ static int pal_uart_is_tx_empty(void) { - if ((((uart_gt *)uart)->uartcr & UART_PL011_UATRCR_EN_MASK) && + if ((((uart_t *)g_uart)->uartcr & UART_PL011_UATRCR_EN_MASK) && /* UART is enabled */ - (((uart_gt *)uart)->uartcr & UART_PL011_UARTCR_TX_EN_MASK) && + (((uart_t *)g_uart)->uartcr & UART_PL011_UARTCR_TX_EN_MASK) && /* Transmit is enabled */ - ((((uart_gt *)uart)->uartfr & UART_PL011_UARTFR_TX_FIFO_FULL) == 0)) + ((((uart_t *)g_uart)->uartfr & UART_PL011_UARTFR_TX_FIFO_FULL) == 0)) { return 1; } @@ -50,7 +50,7 @@ static int pal_uart_is_tx_empty(void) /** @brief - This function checks for empty TX FIFO and writes to FIFO register **/ -static void pal_uart_putc(uint8_t c) +void pal_uart_putc(uint8_t c) { const uint8_t pdata = (uint8_t)c; @@ -58,7 +58,7 @@ static void pal_uart_putc(uint8_t c) while(!pal_uart_is_tx_empty()); /* write the data (upper 24 bits are reserved) */ - ((uart_gt *)uart)->uartdr = pdata; + ((uart_t *)g_uart)->uartdr = pdata; } /** @@ -66,10 +66,10 @@ static void pal_uart_putc(uint8_t c) @param - str : Input String - data : Value for format specifier **/ -void pal_uart_pl011_print(char *str, uint32_t data) +void pal_uart_pl011_print(char *str, int32_t data) { uint8_t j, buffer[16]; - int8_t i = 0; + int8_t i = 0, is_neg = 0; for (; *str != '\0'; ++str) { @@ -78,6 +78,12 @@ void pal_uart_pl011_print(char *str, uint32_t data) ++str; if (*str == 'd') { + if (data < 0) + { + data = -(data); + is_neg = 1; + } + while (data != 0) { j = data % 10; @@ -85,6 +91,9 @@ void pal_uart_pl011_print(char *str, uint32_t data) buffer[i] = j + 48; i += 1; } + + if (is_neg) + buffer[i++] = '-'; } else if (*str == 'x' || *str == 'X') { @@ -119,3 +128,43 @@ void pal_uart_pl011_print(char *str, uint32_t data) } } } + +/** + @brief - This function checks for TX interrupt triggered or not +**/ +static int pal_uart_pl011_is_tx_irq_triggerd(void) +{ + return (((uart_t *) g_uart)->uartris & UART_PL011_TX_INTR_MASK); +} + +/** + @brief - This function triggers the UART TX interrupt +**/ +void pal_uart_pl011_generate_irq(void) +{ + volatile int bytecount = 32; + + /* Enable TX interrupt */ + ((uart_t *) g_uart)->uartimsc |= (uint32_t)(UART_PL011_TX_INTR_MASK); + + /* Fill the TX buffer to generate TX IRQ. TX buffer is 16x8 bit wide */ + do + { + pal_uart_putc(' '); + } while (--bytecount); + + /* Loop until TX interrupt trigger */ + while (!pal_uart_pl011_is_tx_irq_triggerd()); +} + +/** + @brief - This function disable the UART TX interrupt +**/ +void pal_uart_pl011_disable_irq(void) +{ + /* Clear TX interrupt */ + ((uart_t *) g_uart)->uarticr = (uint32_t)(UART_PL011_TX_INTR_MASK); + + /* Disable TX interrupt */ + ((uart_t *) g_uart)->uartimsc &= (uint32_t)(~UART_PL011_TX_INTR_MASK); +} diff --git a/api-tests/platform/drivers/uart/pl011/pal_uart.h b/api-tests/platform/drivers/uart/pl011/pal_uart.h index 0553013a..3b8ea8aa 100644 --- a/api-tests/platform/drivers/uart/pl011/pal_uart.h +++ b/api-tests/platform/drivers/uart/pl011/pal_uart.h @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,7 +36,13 @@ typedef struct volatile uint32_t uartfbrd; /* Offset: 0x028 (R/W) Fractional baud rate register */ volatile uint32_t uartlcr_h; /* Offset: 0x02C (R/W) Line control register */ volatile uint32_t uartcr; /* Offset: 0x030 (R/W) Control register */ -} uart_gt; + volatile uint32_t uartifls; /* Offset: 0x034 (R/W) Interrupt FIFO level select reg */ + volatile uint32_t uartimsc; /* Offset: 0x038 (R/W) Interrupt mask set/clear register */ + volatile uint32_t uartris; /* Offset: 0x03C (R/ ) Raw interrupt status register */ + volatile uint32_t uartmis; /* Offset: 0x040 (R/ ) Masked interrupt status register */ + volatile uint32_t uarticr; /* Offset: 0x044 ( /W) Interrupt clear register */ + volatile uint32_t uartdmacr; /* Offset: 0x048 (R/W) DMA control register */ +} uart_t; #define UART_PL011_UARTCR_UARTEN_OFF 0x0u #define UART_PL011_UARTCR_TXE_OFF 0x8u @@ -46,8 +52,15 @@ typedef struct #define UART_PL011_UARTCR_TX_EN_MASK (0x1u << UART_PL011_UARTCR_TXE_OFF) #define UART_PL011_UARTFR_TX_FIFO_FULL (0x1u << UART_PL011_UARTFR_TX_FIFO_FULL_OFF) +#define UART_PL011_INTR_TX_OFF 0x5u +#define UART_PL011_TX_INTR_MASK (0x1u << UART_PL011_INTR_TX_OFF) +#define UART_PL011_UARTLCR_H_FEN_OFF 0x4u +#define UART_PL011_UARTLCR_H_FEN_MASK (0x1u << UART_PL011_UARTLCR_H_FEN_OFF) + /* function prototypes */ void pal_uart_pl011_init(uint32_t uart_base_addr); -void pal_uart_pl011_print(char *str, uint32_t data); +void pal_uart_pl011_print(char *str, int32_t data); +void pal_uart_pl011_generate_irq(void); +void pal_uart_pl011_disable_irq(void); #endif /* _PAL_UART_CMSDK_H_ */ diff --git a/api-tests/platform/drivers/watchdog/cmsdk/pal_wd_cmsdk.h b/api-tests/platform/drivers/watchdog/cmsdk/pal_wd_cmsdk.h index 9bf33c66..930e1a1c 100644 --- a/api-tests/platform/drivers/watchdog/cmsdk/pal_wd_cmsdk.h +++ b/api-tests/platform/drivers/watchdog/cmsdk/pal_wd_cmsdk.h @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/Makefile b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/Makefile index a0230da2..f757e4b9 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/Makefile +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/Makefile @@ -83,6 +83,7 @@ endif ifeq (${PSA_INITIAL_ATTESTATION_IMPLEMENTED},1) SRC_C_NSPE += pal_attestation_intf.c SRC_C_NSPE += pal_attestation_eat.c +SRC_C_NSPE += pal_attestation_crypto.c else SRC_C_NSPE += pal_attestation_empty_intf.c endif @@ -98,7 +99,7 @@ INCLUDE= -I$(SOURCE)/platform/targets/$(TARGET)/nspe \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation/ext/inc \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/internal_trusted_storage \ - -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage \ VPATH=$(SOURCE)/platform/targets/$(TARGET)/: \ $(SOURCE)/platform/targets/$(TARGET)/spe: \ diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json index 5d57571c..3e2ec674 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json @@ -3,11 +3,9 @@ "name": "DRIVER_PARTITION", "type": "PSA-ROT", "priority": "NORMAL", - "id": "0x00000003", "description": "Implements device services such print, flash read/write,. etc.", "entry_point": "driver_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "DRIVER_UART_SID", "sid": "0x0000FC01", @@ -33,9 +31,9 @@ "minor_policy": "RELAXED" }, { - "name": "TEST_INTR_SID", + "name": "DRIVER_TEST_SID", "sid": "0x0000FC04", - "signal": "TEST_INTR_SIG", + "signal": "DRIVER_TEST_SIG", "non_secure_clients": true, "minor_version": 1, "minor_policy": "RELAXED" @@ -69,13 +67,9 @@ ], "irqs": [ { + "description": "Using UART TX interrupt to test psa_wait and psa_eoi for irq_signal", "signal": "DRIVER_UART_INTR_SIG", "line_num": 17 } - ], - "linker_pattern": { - "object_list": [ - "driver_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json index 081dc95d..b93377bd 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json @@ -3,11 +3,9 @@ "name": "CLIENT_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000001", "description": "Client partition executing client test func from SPE", "entry_point": "client_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "CLIENT_TEST_DISPATCHER_SID", "sid": "0x0000FA01", @@ -20,7 +18,7 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID", - "TEST_INTR_SID", + "DRIVER_TEST_SID", "SERVER_TEST_DISPATCHER_SID", "SERVER_UNSPECIFED_MINOR_V_SID", "SERVER_STRICT_MINOR_VERSION_SID", @@ -35,10 +33,5 @@ "size": "0x20", "permission": "READ-WRITE" } - ], - "linker_pattern": { - "object_list": [ - "client_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json index 3541387c..146b8fbc 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json @@ -3,7 +3,6 @@ "name": "SERVER_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000002", "description": "Server partition executing server test func", "entry_point": "server_main", "stack_size": "0x400", @@ -66,10 +65,5 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID" - ], - "linker_pattern": { - "object_list": [ - "server_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h index daa0ec5f..e3f70ad7 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h @@ -50,7 +50,7 @@ #endif #if !defined(VERBOSE) -#define VERBOSE 4 /* Print verbosity = ERROR */ +#define VERBOSE 3 /* Print verbosity = TEST */ #endif #if (!defined(VAL_NSPE_BUILD) && !defined(SPE_BUILD)) @@ -62,7 +62,15 @@ #endif #if !defined(TEST_COMBINE_ARCHIVE) -//#define TEST_COMBINE_ARCHIVE /* Test dispatcher code selection */ +#define TEST_COMBINE_ARCHIVE 0 /* Combine test archive or binary? */ +#endif + +#if !defined(WATCHDOG_AVAILABLE) +#define WATCHDOG_AVAILABLE 0 /* If zero, skip watchdog programming */ +#endif + +#if !defined(SP_HEAP_MEM_SUPP) +#define SP_HEAP_MEM_SUPP 0 /* Are Dynamic funcs available to secure partition? */ #endif /* @@ -79,6 +87,13 @@ * of this file. */ #include "psa_manifest/sid.h" + +/* + * psa_manifest/pid.h: Secure Partition IDs + * Macro definitions that map from Secure Partition names to Secure Partition IDs. + * Partition manifest parse build tool must provide the implementation of this file. +*/ +#include "psa_manifest/pid.h" #endif #if PSA_CRYPTO_IMPLEMENTED diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c index 32aef9c5..f8f773fb 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c @@ -56,7 +56,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { int string_len = 0; char *p = str; diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c index dd6b14c7..2af6fcc7 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c @@ -38,7 +38,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { pal_cmsdk_print(str, data); return PAL_STATUS_SUCCESS; diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c index ad838f91..3df6aa8d 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c @@ -36,7 +36,7 @@ int32_t pal_crypto_function(int type, va_list valist) uint32_t status; const void *extra; size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length; - psa_key_handle_t handle, *key_handle; + psa_key_handle_t handle, *key_handle, target_handle; psa_key_type_t key_type, *key_type_out; psa_key_policy_t *policy; psa_key_usage_t usage, *usage_out; @@ -325,6 +325,11 @@ int32_t pal_crypto_function(int type, va_list valist) case PAL_CRYPTO_ALLOCATE_KEY: key_handle = (psa_key_handle_t *)va_arg(valist, int*); return psa_allocate_key(key_handle); + case PAL_CRYPTO_COPY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + target_handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_copy_key(handle, target_handle, policy); case PAL_CRYPTO_FREE: for (i = 0; i < PAL_KEY_SLOT_COUNT; i++) psa_destroy_key(i); diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h index dfabee18..d1dabfa4 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h @@ -68,6 +68,7 @@ enum crypto_function_code { PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, PAL_CRYPTO_KEY_AGREEMENT = 0x32, PAL_CRYPTO_ALLOCATE_KEY = 0x33, + PAL_CRYPTO_COPY_KEY = 0x34, PAL_CRYPTO_FREE = 0xFE, }; diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c new file mode 100644 index 00000000..ae2bdba4 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c @@ -0,0 +1,346 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_attestation_crypto.h" + +static uint32_t public_key_registered = 0; + +static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf, + size_t amount) +{ + return UsefulBuf_Head(buf, amount); +} + +static uint32_t check_hash_sizes(void) +{ + if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256)) + { + return PAL_ATTEST_HASH_FAIL; + } + + return PAL_ATTEST_SUCCESS; +} + +static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve) +{ + psa_ecc_curve_t psa_curve; + + /*FixMe: Mapping is not complete, missing ones: P384, P521, ED25519, ED448 */ + switch (cose_curve) + { + case P_256: + psa_curve = PSA_ECC_CURVE_SECP256R1; + break; + default: + psa_curve = USHRT_MAX; + } + + return psa_curve; +} + +static psa_algorithm_t cose_hash_alg_id_to_psa(int32_t cose_hash_alg_id) +{ + psa_algorithm_t status; + + switch (cose_hash_alg_id) + { + case COSE_ALG_SHA256_PROPRIETARY: + status = PSA_ALG_SHA_256; + break; + default: + status = PSA_ALG_MD4; + break; + } + + return status; +} + +static int32_t hash_alg_id_from_sig_alg_id(int32_t cose_sig_alg_id) +{ + switch (cose_sig_alg_id) + { + case COSE_ALGORITHM_ES256: + return COSE_ALG_SHA256_PROPRIETARY; + default: + return INT32_MAX; + } +} + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id) +{ + int32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + cose_ret = check_hash_sizes(); + if (cose_ret) + { + goto error; + } + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + psa_hash_ctx->status = PAL_ATTEST_SUCCESS; + cose_ret = PAL_ATTEST_SUCCESS; + } + else if (psa_ret == PSA_ERROR_NOT_SUPPORTED) + { + cose_ret = PAL_ATTEST_HASH_UNSUPPORTED; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash) +{ + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + return; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + if (data_to_hash.ptr != NULL) + { + psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation, + data_to_hash.ptr, + data_to_hash.len); + } + else + { + /* Intentionally do nothing, just computing the size of the token */ + } + } +} + +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result) +{ + uint32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + psa_ret = psa_hash_finish(&psa_hash_ctx->operation, + buffer_to_hold_result.ptr, + buffer_to_hold_result.len, + &(hash_result->len)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + hash_result->ptr = buffer_to_hold_result.ptr; + cose_ret = 0; + } + else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL) + { + cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + struct pal_cose_crypto_hash hash_ctx; + + status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY); + if (status) + return status; + + pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash); + status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash); + + return status; +} + +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload) +{ + uint32_t status; + QCBOREncodeContext cbor_encode_ctx; + struct q_useful_buf_c tbs_first_part; + QCBORError qcbor_result; + struct pal_cose_crypto_hash hash_ctx = {{0}}; + int32_t hash_alg_id; + UsefulBuf_MAKE_STACK_UB (buffer_for_TBS_first_part, T_COSE_SIZE_OF_TBS); + + /* This builds the CBOR-format to-be-signed bytes */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part); + QCBOREncode_OpenArray(&cbor_encode_ctx); + /* context */ + QCBOREncode_AddSZString(&cbor_encode_ctx, + COSE_SIG_CONTEXT_STRING_SIGNATURE1); + /* body_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, + protected_headers); + /* sign_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* external_aad */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* fake payload */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + QCBOREncode_CloseArray(&cbor_encode_ctx); + + /* Get the result and convert it to struct q_useful_buf_c representation */ + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &tbs_first_part); + if (qcbor_result) + { + /* Mainly means that the protected_headers were too big + (which should never happen) */ + status = PAL_ATTEST_ERR_SIGN_STRUCT; + goto Done; + } + + /* Start the hashing */ + hash_alg_id = hash_alg_id_from_sig_alg_id(cose_alg_id); + + /* Don't check hash_alg_id for failure. pal_cose_crypto_hash_start() + * will handle it properly + */ + status = pal_cose_crypto_hash_start(&hash_ctx, hash_alg_id); + if (status) + goto Done; + + /* Hash the first part of the TBS. Take all but the last two + * bytes. The last two bytes are the fake payload from above. It + * is replaced by the real payload which is hashed next. The fake + * payload is needed so the array count is right. This is one of + * the main things that make it possible to implement with one + * buffer for the whole cose sign1. + */ + pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, + tbs_first_part.len - 2)); + + /* Hash the payload */ + pal_cose_crypto_hash_update(&hash_ctx, payload); + + /* Finish the hash and set up to return it */ + status = pal_cose_crypto_hash_finish(&hash_ctx, + buffer_for_hash, + hash); + +Done: + return status; +} + +uint32_t pal_import_attest_key(int32_t alg) +{ + psa_key_type_t attest_key_type; + size_t public_key_size; + psa_status_t status = PSA_SUCCESS; + psa_key_policy_t policy; + psa_ecc_curve_t psa_curve; + psa_key_handle_t public_key_handle; + + /* Mapping of COSE curve type to PSA curve types */ + psa_curve = attest_map_elliptic_curve_type(P_256); + if (psa_curve == USHRT_MAX) + return PAL_ATTEST_ERROR; + + /* Setup the key policy for public key */ + policy = psa_key_policy_init(); + psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg); + + status = psa_allocate_key(&public_key_handle); + if (status != PSA_SUCCESS) + return status; + + status = psa_set_key_policy(public_key_handle, &policy); + if (status != PSA_SUCCESS) + return status; + + attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve); + + /* Register public key to crypto service */ + public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size; + + status = psa_import_key(public_key_handle, + attest_key_type, + (const uint8_t *)&attest_public_key, + public_key_size + 1); + + return status; +} + + +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, + struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + + if (!public_key_registered) + { + status = pal_import_attest_key(cose_algorithm_id); + if (status != PAL_ATTEST_SUCCESS) + return status; + + public_key_registered = 1; + } + +/* + * Enable the verify function when Trusted Firmare - M Supports + + * Verify the signature a hash or short message using a public key. + status = psa_asymmetric_verify(public_key_handle, + cose_algorithm_id, token_hash.ptr, token_hash.len, + signature.ptr, signature.len); +*/ + return status; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h new file mode 100644 index 00000000..2d63ad13 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h @@ -0,0 +1,102 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_attestation_eat.h" + +#define ATTEST_PUBLIC_KEY_SLOT 4 + +typedef struct{ + uint8_t *pubx_key; + uint32_t pubx_key_size; + uint8_t *puby_key; + uint32_t puby_key_size; +} ecc_key_t; + +struct ecc_public_key_t { + const uint8_t a; + uint8_t public_key[]; /* X-coordinate || Y-coordinate */ +}; + +static const struct ecc_public_key_t attest_public_key = { + /* Constant byte */ + 0x04, + /* X-coordinate */ + {0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F, + /* Y-coordinate */ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64}, +}; + +struct pal_cose_crypto_hash { + /* Can't put the actual size here without creating dependecy on + * actual hash implementation, so this is a fairly large and + * accommodating size. + */ + uint8_t bytes[128]; +}; + +struct pal_cose_psa_crypto_hash { + psa_status_t status; + psa_hash_operation_t operation; +}; + +static const uint8_t initial_attestation_public_x_key[] = +{ + 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F +}; + +static const uint8_t initial_attestation_public_y_key[] = +{ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64 +}; + +/* Initialize the structure with given public key */ +static const ecc_key_t attest_key = { + (uint8_t *)initial_attestation_public_x_key, + sizeof(initial_attestation_public_x_key), + (uint8_t *)initial_attestation_public_y_key, + sizeof(initial_attestation_public_y_key) +}; + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id); +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash); +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result); +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash); +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload); +uint32_t pal_import_attest_key(int32_t alg); +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature); + + diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c index 262dc5dd..178fdc9c 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c @@ -15,10 +15,56 @@ * limitations under the License. **/ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" + +uint32_t mandatory_claims = 0; +uint32_t mandaroty_sw_components = 0; +bool_t sw_component_present = 0; + +static int pal_encode_cose_key(struct q_useful_buf_c *cose_key, + struct q_useful_buf buffer_for_cose_key, + struct q_useful_buf_c x_cord, struct q_useful_buf_c y_cord) +{ + uint32_t return_value; + QCBORError qcbor_result; + QCBOREncodeContext cbor_encode_ctx; + int32_t cose_curve_id = P_256; + struct q_useful_buf_c encoded_key_id; + + /* Get the public key x and y */ + /* Encode it into a COSE_Key structure */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_cose_key); + QCBOREncode_OpenMap(&cbor_encode_ctx); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_COMMON_KTY, + COSE_KEY_TYPE_EC2); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_CRV, + cose_curve_id); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_X_COORDINATE, + x_cord); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_Y_COORDINATE, + y_cord); + QCBOREncode_CloseMap(&cbor_encode_ctx); + + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &encoded_key_id); + if (qcbor_result != QCBOR_SUCCESS) + { + /* Mainly means that the COSE_Key was too big for buffer_for_cose_key */ + return_value = PAL_ATTEST_ERR_PROTECTED_HEADERS; + goto Done; + } + + /* Finish up and return */ + *cose_key = encoded_key_id; + return_value = PAL_ATTEST_SUCCESS; + +Done: + return return_value; +} -uint32_t mandatory_claims = 0, mandaroty_sw_components = 0; -bool_t sw_component_present = 0; static int get_items_in_map(QCBORDecodeContext *decode_context, struct items_to_get_t *item_list) @@ -90,7 +136,7 @@ static int get_item_in_map(QCBORDecodeContext *decode_context, } static int parse_unprotected_headers(QCBORDecodeContext *decode_context, - struct useful_buf_c *child, + struct q_useful_buf_c *child, bool *loop_back) { struct items_to_get_t item_list[3]; @@ -120,7 +166,7 @@ static int parse_unprotected_headers(QCBORDecodeContext *decode_context, return PAL_ATTEST_SUCCESS; } -static int parse_protected_headers(struct useful_buf_c protected_headers, +static int parse_protected_headers(struct q_useful_buf_c protected_headers, int32_t *alg_id) { QCBORDecodeContext decode_context; @@ -156,7 +202,7 @@ static int parse_protected_headers(struct useful_buf_c protected_headers, @return - error status **/ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, - struct useful_buf_c completed_challenge) + struct q_useful_buf_c completed_challenge) { int i, count = 0; int status = PAL_ATTEST_SUCCESS; @@ -281,16 +327,42 @@ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size, uint8_t *token, uint32_t token_size) { - int status = PAL_ATTEST_SUCCESS; + int32_t status = PAL_ATTEST_SUCCESS; bool short_circuit; int32_t cose_algorithm_id; QCBORItem item; QCBORDecodeContext decode_context; - struct useful_buf_c completed_challenge; - struct useful_buf_c completed_token; - struct useful_buf_c payload; - struct useful_buf_c protected_headers; - struct useful_buf_c kid; + struct q_useful_buf_c completed_challenge; + struct q_useful_buf_c completed_token; + struct q_useful_buf_c payload; + struct q_useful_buf_c signature; + struct q_useful_buf_c protected_headers; + struct q_useful_buf_c kid; + struct q_useful_buf_c x_cord; + struct q_useful_buf_c y_cord; + struct q_useful_buf_c cose_key_to_hash; + struct q_useful_buf_c key_hash; + struct q_useful_buf_c token_hash; + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_x_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_y_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_cose_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_encoded_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_token_hash, T_COSE_CRYPTO_SHA256_SIZE); + + kid.ptr = buffer_for_encoded_key.ptr; + + memcpy(buf_to_hold_x_coord.ptr, (const void *)attest_key.pubx_key, attest_key.pubx_key_size); + memcpy(buf_to_hold_y_coord.ptr, (const void *)attest_key.puby_key, attest_key.puby_key_size); + + /* Update size */ + buf_to_hold_x_coord.len = attest_key.pubx_key_size; + buf_to_hold_y_coord.len = attest_key.puby_key_size; + + x_cord.ptr = buf_to_hold_x_coord.ptr; + x_cord.len = buf_to_hold_x_coord.len; + y_cord.ptr = buf_to_hold_y_coord.ptr; + y_cord.len = buf_to_hold_y_coord.len; /* Construct the token buffer for validation */ completed_token.ptr = token; @@ -345,6 +417,27 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (status != PAL_ATTEST_SUCCESS) return status; + /* Encode the given public key */ + status = pal_encode_cose_key(&cose_key_to_hash, buffer_for_cose_key, x_cord, y_cord); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Create hash of the given public key */ + status = pal_create_sha256(cose_key_to_hash, buffer_for_kid, &key_hash); + if (status != PSA_SUCCESS) + return status; + + /* Compare the hash of the public key in token and hash of the given public key */ + if (kid.len != key_hash.len) + { + return PAL_ATTEST_HASH_LENGTH_MISMATCH; + } + + if (memcmp(kid.ptr, key_hash.ptr, kid.len) != 0) + { + return PAL_ATTEST_HASH_MISMATCH; + } + /* Get the payload */ QCBORDecode_GetNext(&decode_context, &item); if (item.uDataType != QCBOR_TYPE_BYTE_STRING) @@ -357,6 +450,19 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (item.uDataType != QCBOR_TYPE_BYTE_STRING) return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + signature = item.val.string; + + /* Compute the hash from the token */ + status = pal_compute_hash(cose_algorithm_id, buffer_for_token_hash, &token_hash, + protected_headers, payload); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Verify the signature */ + status = pal_crypto_pub_key_verify(cose_algorithm_id, token_hash, signature); + if (status != PAL_ATTEST_SUCCESS) + return status; + /* Initialize the Decoder and validate the payload format */ QCBORDecode_Init(&decode_context, payload, QCBOR_DECODE_MODE_NORMAL); status = QCBORDecode_GetNext(&decode_context, &item); diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h index 9f435fb3..8a0c5455 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h @@ -17,16 +17,70 @@ #include "qcbor.h" #include "pal_common.h" +#include "psa/crypto.h" #define PAL_ATTEST_MIN_ERROR 30 +/* NIST P-256 also known as secp256r1 */ +#define P_256 1 + #define COSE_HEADER_PARAM_ALG 1 #define COSE_HEADER_PARAM_KID 4 -#define MANDATORY_CLAIM_WITH_SW_COMP 862 -#define MANDATORY_CLAIM_NO_SW_COMP 926 -#define MANDATORY_SW_COMP 36 -#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 +#define COSE_KEY_COMMON_KTY 1 +#define COSE_KEY_TYPE_EC2 2 +#define COSE_KEY_PARAM_CRV -1 +#define COSE_KEY_PARAM_X_COORDINATE -2 +#define COSE_KEY_PARAM_Y_COORDINATE -3 +#define COSE_ALGORITHM_ES256 -7 +#define COSE_ALG_SHA256_PROPRIETARY -72000 + +/** + * The size of X and Y coordinate in 2 parameter style EC public + * key. Format is as defined in [COSE (RFC 8152)] + * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve + * Cryptography](http://www.secg.org/sec1-v2.pdf). + * + * This size is well-known and documented in public standards. + */ +#define T_COSE_CRYPTO_EC_P256_COORD_SIZE 32 +#define T_COSE_CRYPTO_SHA256_SIZE 32 + +#define MAX_ENCODED_COSE_KEY_SIZE \ + 1 + /* 1 byte to encode map */ \ + 2 + /* 2 bytes to encode key type */ \ + 2 + /* 2 bytes to encode curve */ \ + 2 * /* the X and Y coordinates at 32 bytes each */ \ + (T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2) +#define USEFUL_BUF_MAKE_STACK_UB UsefulBuf_MAKE_STACK_UB + +#define COSE_SIG_CONTEXT_STRING_SIGNATURE1 "Signature1" + +/* Private value. Intentionally not documented for Doxygen. + * This is the size allocated for the encoded protected headers. It + * needs to be big enough for make_protected_header() to succeed. It + * currently sized for one header with an algorithm ID up to 32 bits + * long -- one byte for the wrapping map, one byte for the label, 5 + * bytes for the ID. If this is made accidentially too small, QCBOR will + * only return an error, and not overrun any buffers. + * + * 9 extra bytes are added, rounding it up to 16 total, in case some + * other protected header is to be added. + */ +#define T_COSE_SIGN1_MAX_PROT_HEADER (1+1+5+9) + +/** + * This is the size of the first part of the CBOR encoded TBS + * bytes. It is around 20 bytes. See create_tbs_hash(). + */ +#define T_COSE_SIZE_OF_TBS \ + 1 + /* For opening the array */ \ + sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \ + 2 + /* Overhead for encoding string */ \ + T_COSE_SIGN1_MAX_PROT_HEADER + /* entire protected headers */ \ + 3 * ( /* 3 NULL bstrs for fields not used */ \ + 1 /* size of a NULL bstr */ \ + ) /* CBOR Label for proprietary header indicating short-circuit @@ -47,6 +101,8 @@ #define EAT_CBOR_ARM_LABEL_UEID (EAT_CBOR_ARM_RANGE_BASE - 9) #define EAT_CBOR_ARM_LABEL_ORIGINATION (EAT_CBOR_ARM_RANGE_BASE - 10) +#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 + #define EAT_CBOR_SW_COMPONENT_TYPE (1u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT (2u) #define EAT_CBOR_SW_COMPONENT_EPOCH (3u) @@ -54,6 +110,40 @@ #define EAT_CBOR_SW_COMPONENT_SIGNER_ID (5u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC (6u) +#define MANDATORY_CLAIM_WITH_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SW_COMPONENTS)) + +#define MANDATORY_CLAIM_NO_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS)) + +#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \ + 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID) + +#define NULL_USEFUL_BUF_C NULLUsefulBufC enum attestation_error_code { PAL_ATTEST_SUCCESS = 0, @@ -61,6 +151,13 @@ enum attestation_error_code { PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH, PAL_ATTEST_TOKEN_NOT_SUPPORTED, PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS, + PAL_ATTEST_HASH_LENGTH_MISMATCH, + PAL_ATTEST_HASH_MISMATCH, + PAL_ATTEST_HASH_FAIL, + PAL_ATTEST_HASH_UNSUPPORTED, + PAL_ATTEST_HASH_BUFFER_SIZE, + PAL_ATTEST_ERR_PROTECTED_HEADERS, + PAL_ATTEST_ERR_SIGN_STRUCT, PAL_ATTEST_ERROR, }; diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h index ef132b5b..12f6ee94 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h @@ -18,7 +18,7 @@ #ifndef _PAL_INITIAL_ATTESTATION_H_ #define _PAL_INITIAL_ATTESTATION_H_ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" enum attestation_function_code { PAL_INITIAL_ATTEST_GET_TOKEN = 0x1, diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c index cc8b5373..fd307839 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c @@ -33,7 +33,7 @@ void pal_uart_init(uint32_t uart_base_addr) - data : Value for format specifier **/ -void pal_print(char *str, uint32_t data) +void pal_print(char *str, int32_t data) { pal_cmsdk_print(str,data); @@ -110,3 +110,23 @@ int pal_wd_timer_is_enabled(addr_t base_addr) return (pal_wd_cmsdk_is_enabled(base_addr)); } +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void pal_generate_interrupt(void) +{ + pal_uart_cmsdk_generate_irq(); +} + +/** + @brief - Disable interrupt that was generated using pal_generate_interrupt API. + @param - void + @return - void +**/ +void pal_disable_interrupt(void) +{ + pal_uart_cmsdk_disable_irq(); +} diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h index da85a63e..cef34ca8 100644 --- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h @@ -23,11 +23,13 @@ #include "pal_wd_cmsdk.h" void pal_uart_init(uint32_t uart_base_addr); -void pal_print(char *str, uint32_t data); +void pal_print(char *str, int32_t data); int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); int pal_wd_timer_enable(addr_t base_addr); int pal_wd_timer_disable(addr_t base_addr); int pal_wd_timer_is_enabled(addr_t base_addr); +void pal_generate_interrupt(void); +void pal_disable_interrupt(void); #endif /* _PAL_DRIVER_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/Makefile b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/Makefile index 3bd8c232..473879d5 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/Makefile +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/Makefile @@ -83,6 +83,7 @@ endif ifeq (${PSA_INITIAL_ATTESTATION_IMPLEMENTED},1) SRC_C_NSPE += pal_attestation_intf.c SRC_C_NSPE += pal_attestation_eat.c +SRC_C_NSPE += pal_attestation_crypto.c else SRC_C_NSPE += pal_attestation_empty_intf.c endif @@ -98,7 +99,7 @@ INCLUDE= -I$(SOURCE)/platform/targets/$(TARGET)/nspe \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation/ext/inc \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/internal_trusted_storage \ - -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage \ VPATH=$(SOURCE)/platform/targets/$(TARGET)/: \ $(SOURCE)/platform/targets/$(TARGET)/spe: \ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/common/driver_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/common/driver_partition_psa.json index 5d57571c..e3cec929 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/common/driver_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/common/driver_partition_psa.json @@ -3,11 +3,9 @@ "name": "DRIVER_PARTITION", "type": "PSA-ROT", "priority": "NORMAL", - "id": "0x00000003", "description": "Implements device services such print, flash read/write,. etc.", "entry_point": "driver_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "DRIVER_UART_SID", "sid": "0x0000FC01", @@ -33,9 +31,9 @@ "minor_policy": "RELAXED" }, { - "name": "TEST_INTR_SID", + "name": "DRIVER_TEST_SID", "sid": "0x0000FC04", - "signal": "TEST_INTR_SIG", + "signal": "DRIVER_TEST_SIG", "non_secure_clients": true, "minor_version": 1, "minor_policy": "RELAXED" @@ -69,13 +67,9 @@ ], "irqs": [ { + "description": "Using UART TX interrupt to test psa_wait and psa_eoi for irq_signal", "signal": "DRIVER_UART_INTR_SIG", - "line_num": 17 + "line_num": 37 } - ], - "linker_pattern": { - "object_list": [ - "driver_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/client_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/client_partition_psa.json index 081dc95d..b93377bd 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/client_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/client_partition_psa.json @@ -3,11 +3,9 @@ "name": "CLIENT_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000001", "description": "Client partition executing client test func from SPE", "entry_point": "client_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "CLIENT_TEST_DISPATCHER_SID", "sid": "0x0000FA01", @@ -20,7 +18,7 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID", - "TEST_INTR_SID", + "DRIVER_TEST_SID", "SERVER_TEST_DISPATCHER_SID", "SERVER_UNSPECIFED_MINOR_V_SID", "SERVER_STRICT_MINOR_VERSION_SID", @@ -35,10 +33,5 @@ "size": "0x20", "permission": "READ-WRITE" } - ], - "linker_pattern": { - "object_list": [ - "client_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/server_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/server_partition_psa.json index 3541387c..146b8fbc 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/server_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/manifests/ipc/server_partition_psa.json @@ -3,7 +3,6 @@ "name": "SERVER_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000002", "description": "Server partition executing server test func", "entry_point": "server_main", "stack_size": "0x400", @@ -66,10 +65,5 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID" - ], - "linker_pattern": { - "object_list": [ - "server_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h index daa0ec5f..e3f70ad7 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h @@ -50,7 +50,7 @@ #endif #if !defined(VERBOSE) -#define VERBOSE 4 /* Print verbosity = ERROR */ +#define VERBOSE 3 /* Print verbosity = TEST */ #endif #if (!defined(VAL_NSPE_BUILD) && !defined(SPE_BUILD)) @@ -62,7 +62,15 @@ #endif #if !defined(TEST_COMBINE_ARCHIVE) -//#define TEST_COMBINE_ARCHIVE /* Test dispatcher code selection */ +#define TEST_COMBINE_ARCHIVE 0 /* Combine test archive or binary? */ +#endif + +#if !defined(WATCHDOG_AVAILABLE) +#define WATCHDOG_AVAILABLE 0 /* If zero, skip watchdog programming */ +#endif + +#if !defined(SP_HEAP_MEM_SUPP) +#define SP_HEAP_MEM_SUPP 0 /* Are Dynamic funcs available to secure partition? */ #endif /* @@ -79,6 +87,13 @@ * of this file. */ #include "psa_manifest/sid.h" + +/* + * psa_manifest/pid.h: Secure Partition IDs + * Macro definitions that map from Secure Partition names to Secure Partition IDs. + * Partition manifest parse build tool must provide the implementation of this file. +*/ +#include "psa_manifest/pid.h" #endif #if PSA_CRYPTO_IMPLEMENTED diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ipc_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ipc_intf.c index 32aef9c5..f8f773fb 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ipc_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ipc_intf.c @@ -56,7 +56,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { int string_len = 0; char *p = str; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ns_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ns_intf.c index dd6b14c7..2af6fcc7 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ns_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_driver_ns_intf.c @@ -38,7 +38,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { pal_cmsdk_print(str, data); return PAL_STATUS_SUCCESS; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config.h index 6d71d2ec..ab11fd16 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config.h @@ -78,10 +78,10 @@ * * Comment macros to disable the types */ -#define ARCH_TEST_DES -#define ARCH_TEST_DES_1KEY -#define ARCH_TEST_DES_2KEY -#define ARCH_TEST_DES_3KEY +//#define ARCH_TEST_DES +//#define ARCH_TEST_DES_1KEY +//#define ARCH_TEST_DES_2KEY +//#define ARCH_TEST_DES_3KEY /** * \def ARCH_TEST_RAW @@ -104,7 +104,7 @@ * * Enable the ARC4 key type. */ -#define ARCH_TEST_ARC4 +//#define ARCH_TEST_ARC4 /** * \def ARCH_TEST_CIPER_MODE_CTR @@ -227,21 +227,21 @@ * * Comment macros to disable the types */ -#define ARCH_TEST_MD2 -#define ARCH_TEST_MD4 -#define ARCH_TEST_MD5 -#define ARCH_TEST_RIPEMD160 +//#define ARCH_TEST_MD2 +//#define ARCH_TEST_MD4 +//#define ARCH_TEST_MD5 +//#define ARCH_TEST_RIPEMD160 #define ARCH_TEST_SHA1 #define ARCH_TEST_SHA224 #define ARCH_TEST_SHA256 #define ARCH_TEST_SHA384 #define ARCH_TEST_SHA512 -#define ARCH_TEST_SHA512_224 -#define ARCH_TEST_SHA512_256 -#define ARCH_TEST_SHA3_224 -#define ARCH_TEST_SHA3_256 -#define ARCH_TEST_SHA3_384 -#define ARCH_TEST_SHA3_512 +//#define ARCH_TEST_SHA512_224 +//#define ARCH_TEST_SHA512_256 +//#define ARCH_TEST_SHA3_224 +//#define ARCH_TEST_SHA3_256 +//#define ARCH_TEST_SHA3_384 +//#define ARCH_TEST_SHA3_512 /** * \def ARCH_TEST_HKDF diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c index ad838f91..3df6aa8d 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c @@ -36,7 +36,7 @@ int32_t pal_crypto_function(int type, va_list valist) uint32_t status; const void *extra; size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length; - psa_key_handle_t handle, *key_handle; + psa_key_handle_t handle, *key_handle, target_handle; psa_key_type_t key_type, *key_type_out; psa_key_policy_t *policy; psa_key_usage_t usage, *usage_out; @@ -325,6 +325,11 @@ int32_t pal_crypto_function(int type, va_list valist) case PAL_CRYPTO_ALLOCATE_KEY: key_handle = (psa_key_handle_t *)va_arg(valist, int*); return psa_allocate_key(key_handle); + case PAL_CRYPTO_COPY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + target_handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_copy_key(handle, target_handle, policy); case PAL_CRYPTO_FREE: for (i = 0; i < PAL_KEY_SLOT_COUNT; i++) psa_destroy_key(i); diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h index dfabee18..d1dabfa4 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h @@ -68,6 +68,7 @@ enum crypto_function_code { PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, PAL_CRYPTO_KEY_AGREEMENT = 0x32, PAL_CRYPTO_ALLOCATE_KEY = 0x33, + PAL_CRYPTO_COPY_KEY = 0x34, PAL_CRYPTO_FREE = 0xFE, }; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c new file mode 100644 index 00000000..ae2bdba4 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c @@ -0,0 +1,346 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_attestation_crypto.h" + +static uint32_t public_key_registered = 0; + +static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf, + size_t amount) +{ + return UsefulBuf_Head(buf, amount); +} + +static uint32_t check_hash_sizes(void) +{ + if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256)) + { + return PAL_ATTEST_HASH_FAIL; + } + + return PAL_ATTEST_SUCCESS; +} + +static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve) +{ + psa_ecc_curve_t psa_curve; + + /*FixMe: Mapping is not complete, missing ones: P384, P521, ED25519, ED448 */ + switch (cose_curve) + { + case P_256: + psa_curve = PSA_ECC_CURVE_SECP256R1; + break; + default: + psa_curve = USHRT_MAX; + } + + return psa_curve; +} + +static psa_algorithm_t cose_hash_alg_id_to_psa(int32_t cose_hash_alg_id) +{ + psa_algorithm_t status; + + switch (cose_hash_alg_id) + { + case COSE_ALG_SHA256_PROPRIETARY: + status = PSA_ALG_SHA_256; + break; + default: + status = PSA_ALG_MD4; + break; + } + + return status; +} + +static int32_t hash_alg_id_from_sig_alg_id(int32_t cose_sig_alg_id) +{ + switch (cose_sig_alg_id) + { + case COSE_ALGORITHM_ES256: + return COSE_ALG_SHA256_PROPRIETARY; + default: + return INT32_MAX; + } +} + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id) +{ + int32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + cose_ret = check_hash_sizes(); + if (cose_ret) + { + goto error; + } + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + psa_hash_ctx->status = PAL_ATTEST_SUCCESS; + cose_ret = PAL_ATTEST_SUCCESS; + } + else if (psa_ret == PSA_ERROR_NOT_SUPPORTED) + { + cose_ret = PAL_ATTEST_HASH_UNSUPPORTED; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash) +{ + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + return; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + if (data_to_hash.ptr != NULL) + { + psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation, + data_to_hash.ptr, + data_to_hash.len); + } + else + { + /* Intentionally do nothing, just computing the size of the token */ + } + } +} + +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result) +{ + uint32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + psa_ret = psa_hash_finish(&psa_hash_ctx->operation, + buffer_to_hold_result.ptr, + buffer_to_hold_result.len, + &(hash_result->len)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + hash_result->ptr = buffer_to_hold_result.ptr; + cose_ret = 0; + } + else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL) + { + cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + struct pal_cose_crypto_hash hash_ctx; + + status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY); + if (status) + return status; + + pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash); + status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash); + + return status; +} + +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload) +{ + uint32_t status; + QCBOREncodeContext cbor_encode_ctx; + struct q_useful_buf_c tbs_first_part; + QCBORError qcbor_result; + struct pal_cose_crypto_hash hash_ctx = {{0}}; + int32_t hash_alg_id; + UsefulBuf_MAKE_STACK_UB (buffer_for_TBS_first_part, T_COSE_SIZE_OF_TBS); + + /* This builds the CBOR-format to-be-signed bytes */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part); + QCBOREncode_OpenArray(&cbor_encode_ctx); + /* context */ + QCBOREncode_AddSZString(&cbor_encode_ctx, + COSE_SIG_CONTEXT_STRING_SIGNATURE1); + /* body_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, + protected_headers); + /* sign_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* external_aad */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* fake payload */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + QCBOREncode_CloseArray(&cbor_encode_ctx); + + /* Get the result and convert it to struct q_useful_buf_c representation */ + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &tbs_first_part); + if (qcbor_result) + { + /* Mainly means that the protected_headers were too big + (which should never happen) */ + status = PAL_ATTEST_ERR_SIGN_STRUCT; + goto Done; + } + + /* Start the hashing */ + hash_alg_id = hash_alg_id_from_sig_alg_id(cose_alg_id); + + /* Don't check hash_alg_id for failure. pal_cose_crypto_hash_start() + * will handle it properly + */ + status = pal_cose_crypto_hash_start(&hash_ctx, hash_alg_id); + if (status) + goto Done; + + /* Hash the first part of the TBS. Take all but the last two + * bytes. The last two bytes are the fake payload from above. It + * is replaced by the real payload which is hashed next. The fake + * payload is needed so the array count is right. This is one of + * the main things that make it possible to implement with one + * buffer for the whole cose sign1. + */ + pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, + tbs_first_part.len - 2)); + + /* Hash the payload */ + pal_cose_crypto_hash_update(&hash_ctx, payload); + + /* Finish the hash and set up to return it */ + status = pal_cose_crypto_hash_finish(&hash_ctx, + buffer_for_hash, + hash); + +Done: + return status; +} + +uint32_t pal_import_attest_key(int32_t alg) +{ + psa_key_type_t attest_key_type; + size_t public_key_size; + psa_status_t status = PSA_SUCCESS; + psa_key_policy_t policy; + psa_ecc_curve_t psa_curve; + psa_key_handle_t public_key_handle; + + /* Mapping of COSE curve type to PSA curve types */ + psa_curve = attest_map_elliptic_curve_type(P_256); + if (psa_curve == USHRT_MAX) + return PAL_ATTEST_ERROR; + + /* Setup the key policy for public key */ + policy = psa_key_policy_init(); + psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg); + + status = psa_allocate_key(&public_key_handle); + if (status != PSA_SUCCESS) + return status; + + status = psa_set_key_policy(public_key_handle, &policy); + if (status != PSA_SUCCESS) + return status; + + attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve); + + /* Register public key to crypto service */ + public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size; + + status = psa_import_key(public_key_handle, + attest_key_type, + (const uint8_t *)&attest_public_key, + public_key_size + 1); + + return status; +} + + +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, + struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + + if (!public_key_registered) + { + status = pal_import_attest_key(cose_algorithm_id); + if (status != PAL_ATTEST_SUCCESS) + return status; + + public_key_registered = 1; + } + +/* + * Enable the verify function when Trusted Firmare - M Supports + + * Verify the signature a hash or short message using a public key. + status = psa_asymmetric_verify(public_key_handle, + cose_algorithm_id, token_hash.ptr, token_hash.len, + signature.ptr, signature.len); +*/ + return status; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h new file mode 100644 index 00000000..2d63ad13 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h @@ -0,0 +1,102 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_attestation_eat.h" + +#define ATTEST_PUBLIC_KEY_SLOT 4 + +typedef struct{ + uint8_t *pubx_key; + uint32_t pubx_key_size; + uint8_t *puby_key; + uint32_t puby_key_size; +} ecc_key_t; + +struct ecc_public_key_t { + const uint8_t a; + uint8_t public_key[]; /* X-coordinate || Y-coordinate */ +}; + +static const struct ecc_public_key_t attest_public_key = { + /* Constant byte */ + 0x04, + /* X-coordinate */ + {0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F, + /* Y-coordinate */ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64}, +}; + +struct pal_cose_crypto_hash { + /* Can't put the actual size here without creating dependecy on + * actual hash implementation, so this is a fairly large and + * accommodating size. + */ + uint8_t bytes[128]; +}; + +struct pal_cose_psa_crypto_hash { + psa_status_t status; + psa_hash_operation_t operation; +}; + +static const uint8_t initial_attestation_public_x_key[] = +{ + 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F +}; + +static const uint8_t initial_attestation_public_y_key[] = +{ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64 +}; + +/* Initialize the structure with given public key */ +static const ecc_key_t attest_key = { + (uint8_t *)initial_attestation_public_x_key, + sizeof(initial_attestation_public_x_key), + (uint8_t *)initial_attestation_public_y_key, + sizeof(initial_attestation_public_y_key) +}; + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id); +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash); +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result); +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash); +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload); +uint32_t pal_import_attest_key(int32_t alg); +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature); + + diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c index 262dc5dd..178fdc9c 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c @@ -15,10 +15,56 @@ * limitations under the License. **/ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" + +uint32_t mandatory_claims = 0; +uint32_t mandaroty_sw_components = 0; +bool_t sw_component_present = 0; + +static int pal_encode_cose_key(struct q_useful_buf_c *cose_key, + struct q_useful_buf buffer_for_cose_key, + struct q_useful_buf_c x_cord, struct q_useful_buf_c y_cord) +{ + uint32_t return_value; + QCBORError qcbor_result; + QCBOREncodeContext cbor_encode_ctx; + int32_t cose_curve_id = P_256; + struct q_useful_buf_c encoded_key_id; + + /* Get the public key x and y */ + /* Encode it into a COSE_Key structure */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_cose_key); + QCBOREncode_OpenMap(&cbor_encode_ctx); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_COMMON_KTY, + COSE_KEY_TYPE_EC2); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_CRV, + cose_curve_id); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_X_COORDINATE, + x_cord); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_Y_COORDINATE, + y_cord); + QCBOREncode_CloseMap(&cbor_encode_ctx); + + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &encoded_key_id); + if (qcbor_result != QCBOR_SUCCESS) + { + /* Mainly means that the COSE_Key was too big for buffer_for_cose_key */ + return_value = PAL_ATTEST_ERR_PROTECTED_HEADERS; + goto Done; + } + + /* Finish up and return */ + *cose_key = encoded_key_id; + return_value = PAL_ATTEST_SUCCESS; + +Done: + return return_value; +} -uint32_t mandatory_claims = 0, mandaroty_sw_components = 0; -bool_t sw_component_present = 0; static int get_items_in_map(QCBORDecodeContext *decode_context, struct items_to_get_t *item_list) @@ -90,7 +136,7 @@ static int get_item_in_map(QCBORDecodeContext *decode_context, } static int parse_unprotected_headers(QCBORDecodeContext *decode_context, - struct useful_buf_c *child, + struct q_useful_buf_c *child, bool *loop_back) { struct items_to_get_t item_list[3]; @@ -120,7 +166,7 @@ static int parse_unprotected_headers(QCBORDecodeContext *decode_context, return PAL_ATTEST_SUCCESS; } -static int parse_protected_headers(struct useful_buf_c protected_headers, +static int parse_protected_headers(struct q_useful_buf_c protected_headers, int32_t *alg_id) { QCBORDecodeContext decode_context; @@ -156,7 +202,7 @@ static int parse_protected_headers(struct useful_buf_c protected_headers, @return - error status **/ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, - struct useful_buf_c completed_challenge) + struct q_useful_buf_c completed_challenge) { int i, count = 0; int status = PAL_ATTEST_SUCCESS; @@ -281,16 +327,42 @@ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size, uint8_t *token, uint32_t token_size) { - int status = PAL_ATTEST_SUCCESS; + int32_t status = PAL_ATTEST_SUCCESS; bool short_circuit; int32_t cose_algorithm_id; QCBORItem item; QCBORDecodeContext decode_context; - struct useful_buf_c completed_challenge; - struct useful_buf_c completed_token; - struct useful_buf_c payload; - struct useful_buf_c protected_headers; - struct useful_buf_c kid; + struct q_useful_buf_c completed_challenge; + struct q_useful_buf_c completed_token; + struct q_useful_buf_c payload; + struct q_useful_buf_c signature; + struct q_useful_buf_c protected_headers; + struct q_useful_buf_c kid; + struct q_useful_buf_c x_cord; + struct q_useful_buf_c y_cord; + struct q_useful_buf_c cose_key_to_hash; + struct q_useful_buf_c key_hash; + struct q_useful_buf_c token_hash; + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_x_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_y_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_cose_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_encoded_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_token_hash, T_COSE_CRYPTO_SHA256_SIZE); + + kid.ptr = buffer_for_encoded_key.ptr; + + memcpy(buf_to_hold_x_coord.ptr, (const void *)attest_key.pubx_key, attest_key.pubx_key_size); + memcpy(buf_to_hold_y_coord.ptr, (const void *)attest_key.puby_key, attest_key.puby_key_size); + + /* Update size */ + buf_to_hold_x_coord.len = attest_key.pubx_key_size; + buf_to_hold_y_coord.len = attest_key.puby_key_size; + + x_cord.ptr = buf_to_hold_x_coord.ptr; + x_cord.len = buf_to_hold_x_coord.len; + y_cord.ptr = buf_to_hold_y_coord.ptr; + y_cord.len = buf_to_hold_y_coord.len; /* Construct the token buffer for validation */ completed_token.ptr = token; @@ -345,6 +417,27 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (status != PAL_ATTEST_SUCCESS) return status; + /* Encode the given public key */ + status = pal_encode_cose_key(&cose_key_to_hash, buffer_for_cose_key, x_cord, y_cord); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Create hash of the given public key */ + status = pal_create_sha256(cose_key_to_hash, buffer_for_kid, &key_hash); + if (status != PSA_SUCCESS) + return status; + + /* Compare the hash of the public key in token and hash of the given public key */ + if (kid.len != key_hash.len) + { + return PAL_ATTEST_HASH_LENGTH_MISMATCH; + } + + if (memcmp(kid.ptr, key_hash.ptr, kid.len) != 0) + { + return PAL_ATTEST_HASH_MISMATCH; + } + /* Get the payload */ QCBORDecode_GetNext(&decode_context, &item); if (item.uDataType != QCBOR_TYPE_BYTE_STRING) @@ -357,6 +450,19 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (item.uDataType != QCBOR_TYPE_BYTE_STRING) return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + signature = item.val.string; + + /* Compute the hash from the token */ + status = pal_compute_hash(cose_algorithm_id, buffer_for_token_hash, &token_hash, + protected_headers, payload); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Verify the signature */ + status = pal_crypto_pub_key_verify(cose_algorithm_id, token_hash, signature); + if (status != PAL_ATTEST_SUCCESS) + return status; + /* Initialize the Decoder and validate the payload format */ QCBORDecode_Init(&decode_context, payload, QCBOR_DECODE_MODE_NORMAL); status = QCBORDecode_GetNext(&decode_context, &item); diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h index 9f435fb3..8a0c5455 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h @@ -17,16 +17,70 @@ #include "qcbor.h" #include "pal_common.h" +#include "psa/crypto.h" #define PAL_ATTEST_MIN_ERROR 30 +/* NIST P-256 also known as secp256r1 */ +#define P_256 1 + #define COSE_HEADER_PARAM_ALG 1 #define COSE_HEADER_PARAM_KID 4 -#define MANDATORY_CLAIM_WITH_SW_COMP 862 -#define MANDATORY_CLAIM_NO_SW_COMP 926 -#define MANDATORY_SW_COMP 36 -#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 +#define COSE_KEY_COMMON_KTY 1 +#define COSE_KEY_TYPE_EC2 2 +#define COSE_KEY_PARAM_CRV -1 +#define COSE_KEY_PARAM_X_COORDINATE -2 +#define COSE_KEY_PARAM_Y_COORDINATE -3 +#define COSE_ALGORITHM_ES256 -7 +#define COSE_ALG_SHA256_PROPRIETARY -72000 + +/** + * The size of X and Y coordinate in 2 parameter style EC public + * key. Format is as defined in [COSE (RFC 8152)] + * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve + * Cryptography](http://www.secg.org/sec1-v2.pdf). + * + * This size is well-known and documented in public standards. + */ +#define T_COSE_CRYPTO_EC_P256_COORD_SIZE 32 +#define T_COSE_CRYPTO_SHA256_SIZE 32 + +#define MAX_ENCODED_COSE_KEY_SIZE \ + 1 + /* 1 byte to encode map */ \ + 2 + /* 2 bytes to encode key type */ \ + 2 + /* 2 bytes to encode curve */ \ + 2 * /* the X and Y coordinates at 32 bytes each */ \ + (T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2) +#define USEFUL_BUF_MAKE_STACK_UB UsefulBuf_MAKE_STACK_UB + +#define COSE_SIG_CONTEXT_STRING_SIGNATURE1 "Signature1" + +/* Private value. Intentionally not documented for Doxygen. + * This is the size allocated for the encoded protected headers. It + * needs to be big enough for make_protected_header() to succeed. It + * currently sized for one header with an algorithm ID up to 32 bits + * long -- one byte for the wrapping map, one byte for the label, 5 + * bytes for the ID. If this is made accidentially too small, QCBOR will + * only return an error, and not overrun any buffers. + * + * 9 extra bytes are added, rounding it up to 16 total, in case some + * other protected header is to be added. + */ +#define T_COSE_SIGN1_MAX_PROT_HEADER (1+1+5+9) + +/** + * This is the size of the first part of the CBOR encoded TBS + * bytes. It is around 20 bytes. See create_tbs_hash(). + */ +#define T_COSE_SIZE_OF_TBS \ + 1 + /* For opening the array */ \ + sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \ + 2 + /* Overhead for encoding string */ \ + T_COSE_SIGN1_MAX_PROT_HEADER + /* entire protected headers */ \ + 3 * ( /* 3 NULL bstrs for fields not used */ \ + 1 /* size of a NULL bstr */ \ + ) /* CBOR Label for proprietary header indicating short-circuit @@ -47,6 +101,8 @@ #define EAT_CBOR_ARM_LABEL_UEID (EAT_CBOR_ARM_RANGE_BASE - 9) #define EAT_CBOR_ARM_LABEL_ORIGINATION (EAT_CBOR_ARM_RANGE_BASE - 10) +#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 + #define EAT_CBOR_SW_COMPONENT_TYPE (1u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT (2u) #define EAT_CBOR_SW_COMPONENT_EPOCH (3u) @@ -54,6 +110,40 @@ #define EAT_CBOR_SW_COMPONENT_SIGNER_ID (5u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC (6u) +#define MANDATORY_CLAIM_WITH_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SW_COMPONENTS)) + +#define MANDATORY_CLAIM_NO_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS)) + +#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \ + 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID) + +#define NULL_USEFUL_BUF_C NULLUsefulBufC enum attestation_error_code { PAL_ATTEST_SUCCESS = 0, @@ -61,6 +151,13 @@ enum attestation_error_code { PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH, PAL_ATTEST_TOKEN_NOT_SUPPORTED, PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS, + PAL_ATTEST_HASH_LENGTH_MISMATCH, + PAL_ATTEST_HASH_MISMATCH, + PAL_ATTEST_HASH_FAIL, + PAL_ATTEST_HASH_UNSUPPORTED, + PAL_ATTEST_HASH_BUFFER_SIZE, + PAL_ATTEST_ERR_PROTECTED_HEADERS, + PAL_ATTEST_ERR_SIGN_STRUCT, PAL_ATTEST_ERROR, }; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.h index ef132b5b..12f6ee94 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.h @@ -18,7 +18,7 @@ #ifndef _PAL_INITIAL_ATTESTATION_H_ #define _PAL_INITIAL_ATTESTATION_H_ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" enum attestation_function_code { PAL_INITIAL_ATTEST_GET_TOKEN = 0x1, diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.c index cc8b5373..fd307839 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.c @@ -33,7 +33,7 @@ void pal_uart_init(uint32_t uart_base_addr) - data : Value for format specifier **/ -void pal_print(char *str, uint32_t data) +void pal_print(char *str, int32_t data) { pal_cmsdk_print(str,data); @@ -110,3 +110,23 @@ int pal_wd_timer_is_enabled(addr_t base_addr) return (pal_wd_cmsdk_is_enabled(base_addr)); } +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void pal_generate_interrupt(void) +{ + pal_uart_cmsdk_generate_irq(); +} + +/** + @brief - Disable interrupt that was generated using pal_generate_interrupt API. + @param - void + @return - void +**/ +void pal_disable_interrupt(void) +{ + pal_uart_cmsdk_disable_irq(); +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.h index da85a63e..cef34ca8 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/spe/pal_driver_intf.h @@ -23,11 +23,13 @@ #include "pal_wd_cmsdk.h" void pal_uart_init(uint32_t uart_base_addr); -void pal_print(char *str, uint32_t data); +void pal_print(char *str, int32_t data); int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); int pal_wd_timer_enable(addr_t base_addr); int pal_wd_timer_disable(addr_t base_addr); int pal_wd_timer_is_enabled(addr_t base_addr); +void pal_generate_interrupt(void); +void pal_disable_interrupt(void); #endif /* _PAL_DRIVER_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/Makefile b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/Makefile index 00829ae7..aa7e10b7 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/Makefile +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/Makefile @@ -83,6 +83,7 @@ endif ifeq (${PSA_INITIAL_ATTESTATION_IMPLEMENTED},1) SRC_C_NSPE += pal_attestation_intf.c SRC_C_NSPE += pal_attestation_eat.c +SRC_C_NSPE += pal_attestation_crypto.c else SRC_C_NSPE += pal_attestation_empty_intf.c endif @@ -98,7 +99,7 @@ INCLUDE= -I$(SOURCE)/platform/targets/$(TARGET)/nspe \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation/ext/inc \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/internal_trusted_storage \ - -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage \ VPATH=$(SOURCE)/platform/targets/$(TARGET)/: \ $(SOURCE)/platform/targets/$(TARGET)/spe: \ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/common/driver_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/common/driver_partition_psa.json index 5d57571c..7010c9b5 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/common/driver_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/common/driver_partition_psa.json @@ -3,11 +3,9 @@ "name": "DRIVER_PARTITION", "type": "PSA-ROT", "priority": "NORMAL", - "id": "0x00000003", "description": "Implements device services such print, flash read/write,. etc.", "entry_point": "driver_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "DRIVER_UART_SID", "sid": "0x0000FC01", @@ -33,9 +31,9 @@ "minor_policy": "RELAXED" }, { - "name": "TEST_INTR_SID", + "name": "DRIVER_TEST_SID", "sid": "0x0000FC04", - "signal": "TEST_INTR_SIG", + "signal": "DRIVER_TEST_SIG", "non_secure_clients": true, "minor_version": 1, "minor_policy": "RELAXED" @@ -69,13 +67,9 @@ ], "irqs": [ { + "description": "Using UART TX interrupt to test psa_wait and psa_eoi for irq_signal", "signal": "DRIVER_UART_INTR_SIG", - "line_num": 17 + "line_num": 46 } - ], - "linker_pattern": { - "object_list": [ - "driver_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/client_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/client_partition_psa.json index 081dc95d..b93377bd 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/client_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/client_partition_psa.json @@ -3,11 +3,9 @@ "name": "CLIENT_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000001", "description": "Client partition executing client test func from SPE", "entry_point": "client_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "CLIENT_TEST_DISPATCHER_SID", "sid": "0x0000FA01", @@ -20,7 +18,7 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID", - "TEST_INTR_SID", + "DRIVER_TEST_SID", "SERVER_TEST_DISPATCHER_SID", "SERVER_UNSPECIFED_MINOR_V_SID", "SERVER_STRICT_MINOR_VERSION_SID", @@ -35,10 +33,5 @@ "size": "0x20", "permission": "READ-WRITE" } - ], - "linker_pattern": { - "object_list": [ - "client_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/server_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/server_partition_psa.json index 3541387c..146b8fbc 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/server_partition_psa.json +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/manifests/ipc/server_partition_psa.json @@ -3,7 +3,6 @@ "name": "SERVER_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000002", "description": "Server partition executing server test func", "entry_point": "server_main", "stack_size": "0x400", @@ -66,10 +65,5 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID" - ], - "linker_pattern": { - "object_list": [ - "server_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h index daa0ec5f..e3f70ad7 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h @@ -50,7 +50,7 @@ #endif #if !defined(VERBOSE) -#define VERBOSE 4 /* Print verbosity = ERROR */ +#define VERBOSE 3 /* Print verbosity = TEST */ #endif #if (!defined(VAL_NSPE_BUILD) && !defined(SPE_BUILD)) @@ -62,7 +62,15 @@ #endif #if !defined(TEST_COMBINE_ARCHIVE) -//#define TEST_COMBINE_ARCHIVE /* Test dispatcher code selection */ +#define TEST_COMBINE_ARCHIVE 0 /* Combine test archive or binary? */ +#endif + +#if !defined(WATCHDOG_AVAILABLE) +#define WATCHDOG_AVAILABLE 0 /* If zero, skip watchdog programming */ +#endif + +#if !defined(SP_HEAP_MEM_SUPP) +#define SP_HEAP_MEM_SUPP 0 /* Are Dynamic funcs available to secure partition? */ #endif /* @@ -79,6 +87,13 @@ * of this file. */ #include "psa_manifest/sid.h" + +/* + * psa_manifest/pid.h: Secure Partition IDs + * Macro definitions that map from Secure Partition names to Secure Partition IDs. + * Partition manifest parse build tool must provide the implementation of this file. +*/ +#include "psa_manifest/pid.h" #endif #if PSA_CRYPTO_IMPLEMENTED diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ipc_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ipc_intf.c index 32aef9c5..f8f773fb 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ipc_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ipc_intf.c @@ -56,7 +56,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { int string_len = 0; char *p = str; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ns_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ns_intf.c index 5985f00c..338df6cb 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ns_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_driver_ns_intf.c @@ -38,7 +38,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { pal_uart_pl011_print(str, data); return PAL_STATUS_SUCCESS; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config.h index 6d71d2ec..ab11fd16 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config.h @@ -78,10 +78,10 @@ * * Comment macros to disable the types */ -#define ARCH_TEST_DES -#define ARCH_TEST_DES_1KEY -#define ARCH_TEST_DES_2KEY -#define ARCH_TEST_DES_3KEY +//#define ARCH_TEST_DES +//#define ARCH_TEST_DES_1KEY +//#define ARCH_TEST_DES_2KEY +//#define ARCH_TEST_DES_3KEY /** * \def ARCH_TEST_RAW @@ -104,7 +104,7 @@ * * Enable the ARC4 key type. */ -#define ARCH_TEST_ARC4 +//#define ARCH_TEST_ARC4 /** * \def ARCH_TEST_CIPER_MODE_CTR @@ -227,21 +227,21 @@ * * Comment macros to disable the types */ -#define ARCH_TEST_MD2 -#define ARCH_TEST_MD4 -#define ARCH_TEST_MD5 -#define ARCH_TEST_RIPEMD160 +//#define ARCH_TEST_MD2 +//#define ARCH_TEST_MD4 +//#define ARCH_TEST_MD5 +//#define ARCH_TEST_RIPEMD160 #define ARCH_TEST_SHA1 #define ARCH_TEST_SHA224 #define ARCH_TEST_SHA256 #define ARCH_TEST_SHA384 #define ARCH_TEST_SHA512 -#define ARCH_TEST_SHA512_224 -#define ARCH_TEST_SHA512_256 -#define ARCH_TEST_SHA3_224 -#define ARCH_TEST_SHA3_256 -#define ARCH_TEST_SHA3_384 -#define ARCH_TEST_SHA3_512 +//#define ARCH_TEST_SHA512_224 +//#define ARCH_TEST_SHA512_256 +//#define ARCH_TEST_SHA3_224 +//#define ARCH_TEST_SHA3_256 +//#define ARCH_TEST_SHA3_384 +//#define ARCH_TEST_SHA3_512 /** * \def ARCH_TEST_HKDF diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c index ad838f91..3df6aa8d 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c @@ -36,7 +36,7 @@ int32_t pal_crypto_function(int type, va_list valist) uint32_t status; const void *extra; size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length; - psa_key_handle_t handle, *key_handle; + psa_key_handle_t handle, *key_handle, target_handle; psa_key_type_t key_type, *key_type_out; psa_key_policy_t *policy; psa_key_usage_t usage, *usage_out; @@ -325,6 +325,11 @@ int32_t pal_crypto_function(int type, va_list valist) case PAL_CRYPTO_ALLOCATE_KEY: key_handle = (psa_key_handle_t *)va_arg(valist, int*); return psa_allocate_key(key_handle); + case PAL_CRYPTO_COPY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + target_handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_copy_key(handle, target_handle, policy); case PAL_CRYPTO_FREE: for (i = 0; i < PAL_KEY_SLOT_COUNT; i++) psa_destroy_key(i); diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h index dfabee18..d1dabfa4 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h @@ -68,6 +68,7 @@ enum crypto_function_code { PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, PAL_CRYPTO_KEY_AGREEMENT = 0x32, PAL_CRYPTO_ALLOCATE_KEY = 0x33, + PAL_CRYPTO_COPY_KEY = 0x34, PAL_CRYPTO_FREE = 0xFE, }; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c new file mode 100644 index 00000000..ae2bdba4 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c @@ -0,0 +1,346 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_attestation_crypto.h" + +static uint32_t public_key_registered = 0; + +static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf, + size_t amount) +{ + return UsefulBuf_Head(buf, amount); +} + +static uint32_t check_hash_sizes(void) +{ + if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256)) + { + return PAL_ATTEST_HASH_FAIL; + } + + return PAL_ATTEST_SUCCESS; +} + +static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve) +{ + psa_ecc_curve_t psa_curve; + + /*FixMe: Mapping is not complete, missing ones: P384, P521, ED25519, ED448 */ + switch (cose_curve) + { + case P_256: + psa_curve = PSA_ECC_CURVE_SECP256R1; + break; + default: + psa_curve = USHRT_MAX; + } + + return psa_curve; +} + +static psa_algorithm_t cose_hash_alg_id_to_psa(int32_t cose_hash_alg_id) +{ + psa_algorithm_t status; + + switch (cose_hash_alg_id) + { + case COSE_ALG_SHA256_PROPRIETARY: + status = PSA_ALG_SHA_256; + break; + default: + status = PSA_ALG_MD4; + break; + } + + return status; +} + +static int32_t hash_alg_id_from_sig_alg_id(int32_t cose_sig_alg_id) +{ + switch (cose_sig_alg_id) + { + case COSE_ALGORITHM_ES256: + return COSE_ALG_SHA256_PROPRIETARY; + default: + return INT32_MAX; + } +} + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id) +{ + int32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + cose_ret = check_hash_sizes(); + if (cose_ret) + { + goto error; + } + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + psa_hash_ctx->status = PAL_ATTEST_SUCCESS; + cose_ret = PAL_ATTEST_SUCCESS; + } + else if (psa_ret == PSA_ERROR_NOT_SUPPORTED) + { + cose_ret = PAL_ATTEST_HASH_UNSUPPORTED; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash) +{ + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + return; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + if (data_to_hash.ptr != NULL) + { + psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation, + data_to_hash.ptr, + data_to_hash.len); + } + else + { + /* Intentionally do nothing, just computing the size of the token */ + } + } +} + +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result) +{ + uint32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + psa_ret = psa_hash_finish(&psa_hash_ctx->operation, + buffer_to_hold_result.ptr, + buffer_to_hold_result.len, + &(hash_result->len)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + hash_result->ptr = buffer_to_hold_result.ptr; + cose_ret = 0; + } + else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL) + { + cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + struct pal_cose_crypto_hash hash_ctx; + + status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY); + if (status) + return status; + + pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash); + status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash); + + return status; +} + +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload) +{ + uint32_t status; + QCBOREncodeContext cbor_encode_ctx; + struct q_useful_buf_c tbs_first_part; + QCBORError qcbor_result; + struct pal_cose_crypto_hash hash_ctx = {{0}}; + int32_t hash_alg_id; + UsefulBuf_MAKE_STACK_UB (buffer_for_TBS_first_part, T_COSE_SIZE_OF_TBS); + + /* This builds the CBOR-format to-be-signed bytes */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part); + QCBOREncode_OpenArray(&cbor_encode_ctx); + /* context */ + QCBOREncode_AddSZString(&cbor_encode_ctx, + COSE_SIG_CONTEXT_STRING_SIGNATURE1); + /* body_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, + protected_headers); + /* sign_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* external_aad */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* fake payload */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + QCBOREncode_CloseArray(&cbor_encode_ctx); + + /* Get the result and convert it to struct q_useful_buf_c representation */ + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &tbs_first_part); + if (qcbor_result) + { + /* Mainly means that the protected_headers were too big + (which should never happen) */ + status = PAL_ATTEST_ERR_SIGN_STRUCT; + goto Done; + } + + /* Start the hashing */ + hash_alg_id = hash_alg_id_from_sig_alg_id(cose_alg_id); + + /* Don't check hash_alg_id for failure. pal_cose_crypto_hash_start() + * will handle it properly + */ + status = pal_cose_crypto_hash_start(&hash_ctx, hash_alg_id); + if (status) + goto Done; + + /* Hash the first part of the TBS. Take all but the last two + * bytes. The last two bytes are the fake payload from above. It + * is replaced by the real payload which is hashed next. The fake + * payload is needed so the array count is right. This is one of + * the main things that make it possible to implement with one + * buffer for the whole cose sign1. + */ + pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, + tbs_first_part.len - 2)); + + /* Hash the payload */ + pal_cose_crypto_hash_update(&hash_ctx, payload); + + /* Finish the hash and set up to return it */ + status = pal_cose_crypto_hash_finish(&hash_ctx, + buffer_for_hash, + hash); + +Done: + return status; +} + +uint32_t pal_import_attest_key(int32_t alg) +{ + psa_key_type_t attest_key_type; + size_t public_key_size; + psa_status_t status = PSA_SUCCESS; + psa_key_policy_t policy; + psa_ecc_curve_t psa_curve; + psa_key_handle_t public_key_handle; + + /* Mapping of COSE curve type to PSA curve types */ + psa_curve = attest_map_elliptic_curve_type(P_256); + if (psa_curve == USHRT_MAX) + return PAL_ATTEST_ERROR; + + /* Setup the key policy for public key */ + policy = psa_key_policy_init(); + psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg); + + status = psa_allocate_key(&public_key_handle); + if (status != PSA_SUCCESS) + return status; + + status = psa_set_key_policy(public_key_handle, &policy); + if (status != PSA_SUCCESS) + return status; + + attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve); + + /* Register public key to crypto service */ + public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size; + + status = psa_import_key(public_key_handle, + attest_key_type, + (const uint8_t *)&attest_public_key, + public_key_size + 1); + + return status; +} + + +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, + struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + + if (!public_key_registered) + { + status = pal_import_attest_key(cose_algorithm_id); + if (status != PAL_ATTEST_SUCCESS) + return status; + + public_key_registered = 1; + } + +/* + * Enable the verify function when Trusted Firmare - M Supports + + * Verify the signature a hash or short message using a public key. + status = psa_asymmetric_verify(public_key_handle, + cose_algorithm_id, token_hash.ptr, token_hash.len, + signature.ptr, signature.len); +*/ + return status; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h new file mode 100644 index 00000000..2d63ad13 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h @@ -0,0 +1,102 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_attestation_eat.h" + +#define ATTEST_PUBLIC_KEY_SLOT 4 + +typedef struct{ + uint8_t *pubx_key; + uint32_t pubx_key_size; + uint8_t *puby_key; + uint32_t puby_key_size; +} ecc_key_t; + +struct ecc_public_key_t { + const uint8_t a; + uint8_t public_key[]; /* X-coordinate || Y-coordinate */ +}; + +static const struct ecc_public_key_t attest_public_key = { + /* Constant byte */ + 0x04, + /* X-coordinate */ + {0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F, + /* Y-coordinate */ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64}, +}; + +struct pal_cose_crypto_hash { + /* Can't put the actual size here without creating dependecy on + * actual hash implementation, so this is a fairly large and + * accommodating size. + */ + uint8_t bytes[128]; +}; + +struct pal_cose_psa_crypto_hash { + psa_status_t status; + psa_hash_operation_t operation; +}; + +static const uint8_t initial_attestation_public_x_key[] = +{ + 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F +}; + +static const uint8_t initial_attestation_public_y_key[] = +{ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64 +}; + +/* Initialize the structure with given public key */ +static const ecc_key_t attest_key = { + (uint8_t *)initial_attestation_public_x_key, + sizeof(initial_attestation_public_x_key), + (uint8_t *)initial_attestation_public_y_key, + sizeof(initial_attestation_public_y_key) +}; + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id); +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash); +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result); +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash); +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload); +uint32_t pal_import_attest_key(int32_t alg); +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature); + + diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c index 262dc5dd..178fdc9c 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c @@ -15,10 +15,56 @@ * limitations under the License. **/ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" + +uint32_t mandatory_claims = 0; +uint32_t mandaroty_sw_components = 0; +bool_t sw_component_present = 0; + +static int pal_encode_cose_key(struct q_useful_buf_c *cose_key, + struct q_useful_buf buffer_for_cose_key, + struct q_useful_buf_c x_cord, struct q_useful_buf_c y_cord) +{ + uint32_t return_value; + QCBORError qcbor_result; + QCBOREncodeContext cbor_encode_ctx; + int32_t cose_curve_id = P_256; + struct q_useful_buf_c encoded_key_id; + + /* Get the public key x and y */ + /* Encode it into a COSE_Key structure */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_cose_key); + QCBOREncode_OpenMap(&cbor_encode_ctx); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_COMMON_KTY, + COSE_KEY_TYPE_EC2); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_CRV, + cose_curve_id); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_X_COORDINATE, + x_cord); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_Y_COORDINATE, + y_cord); + QCBOREncode_CloseMap(&cbor_encode_ctx); + + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &encoded_key_id); + if (qcbor_result != QCBOR_SUCCESS) + { + /* Mainly means that the COSE_Key was too big for buffer_for_cose_key */ + return_value = PAL_ATTEST_ERR_PROTECTED_HEADERS; + goto Done; + } + + /* Finish up and return */ + *cose_key = encoded_key_id; + return_value = PAL_ATTEST_SUCCESS; + +Done: + return return_value; +} -uint32_t mandatory_claims = 0, mandaroty_sw_components = 0; -bool_t sw_component_present = 0; static int get_items_in_map(QCBORDecodeContext *decode_context, struct items_to_get_t *item_list) @@ -90,7 +136,7 @@ static int get_item_in_map(QCBORDecodeContext *decode_context, } static int parse_unprotected_headers(QCBORDecodeContext *decode_context, - struct useful_buf_c *child, + struct q_useful_buf_c *child, bool *loop_back) { struct items_to_get_t item_list[3]; @@ -120,7 +166,7 @@ static int parse_unprotected_headers(QCBORDecodeContext *decode_context, return PAL_ATTEST_SUCCESS; } -static int parse_protected_headers(struct useful_buf_c protected_headers, +static int parse_protected_headers(struct q_useful_buf_c protected_headers, int32_t *alg_id) { QCBORDecodeContext decode_context; @@ -156,7 +202,7 @@ static int parse_protected_headers(struct useful_buf_c protected_headers, @return - error status **/ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, - struct useful_buf_c completed_challenge) + struct q_useful_buf_c completed_challenge) { int i, count = 0; int status = PAL_ATTEST_SUCCESS; @@ -281,16 +327,42 @@ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size, uint8_t *token, uint32_t token_size) { - int status = PAL_ATTEST_SUCCESS; + int32_t status = PAL_ATTEST_SUCCESS; bool short_circuit; int32_t cose_algorithm_id; QCBORItem item; QCBORDecodeContext decode_context; - struct useful_buf_c completed_challenge; - struct useful_buf_c completed_token; - struct useful_buf_c payload; - struct useful_buf_c protected_headers; - struct useful_buf_c kid; + struct q_useful_buf_c completed_challenge; + struct q_useful_buf_c completed_token; + struct q_useful_buf_c payload; + struct q_useful_buf_c signature; + struct q_useful_buf_c protected_headers; + struct q_useful_buf_c kid; + struct q_useful_buf_c x_cord; + struct q_useful_buf_c y_cord; + struct q_useful_buf_c cose_key_to_hash; + struct q_useful_buf_c key_hash; + struct q_useful_buf_c token_hash; + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_x_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_y_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_cose_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_encoded_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_token_hash, T_COSE_CRYPTO_SHA256_SIZE); + + kid.ptr = buffer_for_encoded_key.ptr; + + memcpy(buf_to_hold_x_coord.ptr, (const void *)attest_key.pubx_key, attest_key.pubx_key_size); + memcpy(buf_to_hold_y_coord.ptr, (const void *)attest_key.puby_key, attest_key.puby_key_size); + + /* Update size */ + buf_to_hold_x_coord.len = attest_key.pubx_key_size; + buf_to_hold_y_coord.len = attest_key.puby_key_size; + + x_cord.ptr = buf_to_hold_x_coord.ptr; + x_cord.len = buf_to_hold_x_coord.len; + y_cord.ptr = buf_to_hold_y_coord.ptr; + y_cord.len = buf_to_hold_y_coord.len; /* Construct the token buffer for validation */ completed_token.ptr = token; @@ -345,6 +417,27 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (status != PAL_ATTEST_SUCCESS) return status; + /* Encode the given public key */ + status = pal_encode_cose_key(&cose_key_to_hash, buffer_for_cose_key, x_cord, y_cord); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Create hash of the given public key */ + status = pal_create_sha256(cose_key_to_hash, buffer_for_kid, &key_hash); + if (status != PSA_SUCCESS) + return status; + + /* Compare the hash of the public key in token and hash of the given public key */ + if (kid.len != key_hash.len) + { + return PAL_ATTEST_HASH_LENGTH_MISMATCH; + } + + if (memcmp(kid.ptr, key_hash.ptr, kid.len) != 0) + { + return PAL_ATTEST_HASH_MISMATCH; + } + /* Get the payload */ QCBORDecode_GetNext(&decode_context, &item); if (item.uDataType != QCBOR_TYPE_BYTE_STRING) @@ -357,6 +450,19 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (item.uDataType != QCBOR_TYPE_BYTE_STRING) return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + signature = item.val.string; + + /* Compute the hash from the token */ + status = pal_compute_hash(cose_algorithm_id, buffer_for_token_hash, &token_hash, + protected_headers, payload); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Verify the signature */ + status = pal_crypto_pub_key_verify(cose_algorithm_id, token_hash, signature); + if (status != PAL_ATTEST_SUCCESS) + return status; + /* Initialize the Decoder and validate the payload format */ QCBORDecode_Init(&decode_context, payload, QCBOR_DECODE_MODE_NORMAL); status = QCBORDecode_GetNext(&decode_context, &item); diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h index 9f435fb3..8a0c5455 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h @@ -17,16 +17,70 @@ #include "qcbor.h" #include "pal_common.h" +#include "psa/crypto.h" #define PAL_ATTEST_MIN_ERROR 30 +/* NIST P-256 also known as secp256r1 */ +#define P_256 1 + #define COSE_HEADER_PARAM_ALG 1 #define COSE_HEADER_PARAM_KID 4 -#define MANDATORY_CLAIM_WITH_SW_COMP 862 -#define MANDATORY_CLAIM_NO_SW_COMP 926 -#define MANDATORY_SW_COMP 36 -#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 +#define COSE_KEY_COMMON_KTY 1 +#define COSE_KEY_TYPE_EC2 2 +#define COSE_KEY_PARAM_CRV -1 +#define COSE_KEY_PARAM_X_COORDINATE -2 +#define COSE_KEY_PARAM_Y_COORDINATE -3 +#define COSE_ALGORITHM_ES256 -7 +#define COSE_ALG_SHA256_PROPRIETARY -72000 + +/** + * The size of X and Y coordinate in 2 parameter style EC public + * key. Format is as defined in [COSE (RFC 8152)] + * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve + * Cryptography](http://www.secg.org/sec1-v2.pdf). + * + * This size is well-known and documented in public standards. + */ +#define T_COSE_CRYPTO_EC_P256_COORD_SIZE 32 +#define T_COSE_CRYPTO_SHA256_SIZE 32 + +#define MAX_ENCODED_COSE_KEY_SIZE \ + 1 + /* 1 byte to encode map */ \ + 2 + /* 2 bytes to encode key type */ \ + 2 + /* 2 bytes to encode curve */ \ + 2 * /* the X and Y coordinates at 32 bytes each */ \ + (T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2) +#define USEFUL_BUF_MAKE_STACK_UB UsefulBuf_MAKE_STACK_UB + +#define COSE_SIG_CONTEXT_STRING_SIGNATURE1 "Signature1" + +/* Private value. Intentionally not documented for Doxygen. + * This is the size allocated for the encoded protected headers. It + * needs to be big enough for make_protected_header() to succeed. It + * currently sized for one header with an algorithm ID up to 32 bits + * long -- one byte for the wrapping map, one byte for the label, 5 + * bytes for the ID. If this is made accidentially too small, QCBOR will + * only return an error, and not overrun any buffers. + * + * 9 extra bytes are added, rounding it up to 16 total, in case some + * other protected header is to be added. + */ +#define T_COSE_SIGN1_MAX_PROT_HEADER (1+1+5+9) + +/** + * This is the size of the first part of the CBOR encoded TBS + * bytes. It is around 20 bytes. See create_tbs_hash(). + */ +#define T_COSE_SIZE_OF_TBS \ + 1 + /* For opening the array */ \ + sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \ + 2 + /* Overhead for encoding string */ \ + T_COSE_SIGN1_MAX_PROT_HEADER + /* entire protected headers */ \ + 3 * ( /* 3 NULL bstrs for fields not used */ \ + 1 /* size of a NULL bstr */ \ + ) /* CBOR Label for proprietary header indicating short-circuit @@ -47,6 +101,8 @@ #define EAT_CBOR_ARM_LABEL_UEID (EAT_CBOR_ARM_RANGE_BASE - 9) #define EAT_CBOR_ARM_LABEL_ORIGINATION (EAT_CBOR_ARM_RANGE_BASE - 10) +#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 + #define EAT_CBOR_SW_COMPONENT_TYPE (1u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT (2u) #define EAT_CBOR_SW_COMPONENT_EPOCH (3u) @@ -54,6 +110,40 @@ #define EAT_CBOR_SW_COMPONENT_SIGNER_ID (5u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC (6u) +#define MANDATORY_CLAIM_WITH_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SW_COMPONENTS)) + +#define MANDATORY_CLAIM_NO_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS)) + +#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \ + 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID) + +#define NULL_USEFUL_BUF_C NULLUsefulBufC enum attestation_error_code { PAL_ATTEST_SUCCESS = 0, @@ -61,6 +151,13 @@ enum attestation_error_code { PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH, PAL_ATTEST_TOKEN_NOT_SUPPORTED, PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS, + PAL_ATTEST_HASH_LENGTH_MISMATCH, + PAL_ATTEST_HASH_MISMATCH, + PAL_ATTEST_HASH_FAIL, + PAL_ATTEST_HASH_UNSUPPORTED, + PAL_ATTEST_HASH_BUFFER_SIZE, + PAL_ATTEST_ERR_PROTECTED_HEADERS, + PAL_ATTEST_ERR_SIGN_STRUCT, PAL_ATTEST_ERROR, }; diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.h index ef132b5b..12f6ee94 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.h @@ -18,7 +18,7 @@ #ifndef _PAL_INITIAL_ATTESTATION_H_ #define _PAL_INITIAL_ATTESTATION_H_ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" enum attestation_function_code { PAL_INITIAL_ATTEST_GET_TOKEN = 0x1, diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/attestation.txt b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/attestation.txt new file mode 100755 index 00000000..1e347a30 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/attestation.txt @@ -0,0 +1,36 @@ +***** PSA Architecture Test Suite - Version 0.9 ***** + +Running.. Attestation Suite +****************************************** + +TEST: 801 | DESCRIPTION: Testing initial attestation APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_initial_attestation_get_token with Challenge 32 +[Check 2] Test psa_initial_attestation_get_token with Challenge 48 +[Check 3] Test psa_initial_attestation_get_token with Challenge 64 +[Check 4] Test psa_initial_attestation_get_token with zero challenge size +[Check 5] Test psa_initial_attestation_get_token with small challenge size +[Check 6] Test psa_initial_attestation_get_token with invalid challenge size +[Check 7] Test psa_initial_attestation_get_token with large challenge size +[Check 8] Test psa_initial_attestation_get_token with zero as token size +[Check 9] Test psa_initial_attestation_get_token with small token size +[Check 10] Test psa_initial_attestation_get_token_size with Challenge 32 +[Check 11] Test psa_initial_attestation_get_token_size with Challenge 48 +[Check 12] Test psa_initial_attestation_get_token_size with Challenge 64 +[Check 13] Test psa_initial_attestation_get_token_size with zero challenge size +[Check 14] Test psa_initial_attestation_get_token_size with small challenge size +[Check 15] Test psa_initial_attestation_get_token_size with invalid challenge size +[Check 16] Test psa_initial_attestation_get_token_size with large challenge size +TEST RESULT: PASSED + +****************************************** + +************ Attestation Suite Report ********** +TOTAL TESTS : 1 +TOTAL PASSED : 1 +TOTAL SIM ERROR : 0 +TOTAL FAILED : 0 +TOTAL SKIPPED : 0 +****************************************** + +Entering standby.. diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/crypto.txt b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/crypto.txt new file mode 100644 index 00000000..a61bd671 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/crypto.txt @@ -0,0 +1,766 @@ +***** PSA Architecture Test Suite - Version 0.9 ***** + +Running.. Crypto Suite +****************************************** + +TEST: 201 | DESCRIPTION: Testing psa_crypto_init API: Basic +[Info] Executing tests from non-secure +[Check 1] Test calling crypto functions before psa_crypto_init +[Check 2] Test psa_crypto_init +[Check 3] Test multiple psa_crypto_init +TEST RESULT: PASSED + +****************************************** + +TEST: 202 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_import_key 16 Byte AES +[Check 2] Test psa_import_key 24 Byte AES +[Check 3] Test psa_import_key 32 Byte AES +[Check 4] Test psa_import_key 2048 RSA public key +[Check 5] Test psa_import_key with RSA 2048 keypair +[Check 6] Test psa_import_key with DES 64 bit key +[Check 7] Test psa_import_key with Triple DES 2-Key +[Check 8] Test psa_import_key with Triple DES 3-Key +[Check 9] Test psa_import_key with EC Public key +[Check 10] Test psa_import_key with EC keypair +[Check 11] Test psa_import_key with key data greater than the algorithm size +[Check 12] Test psa_import_key with incorrect key data size +[Check 13] Test psa_import_key with incorrect key type +[Check 14] Test psa_import_key with already occupied key slot +[Check 15] Test psa_import_key with zero as key handle +[Check 16] Test psa_import_key with destroyed handle +[Check 17] Test psa_import_key with unallocated key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 203 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_export_key 16 Byte AES +[Check 2] Test psa_export_key 24 Byte AES +[Check 3] Test psa_export_key 32 Byte AES +[Check 4] Test psa_export_key 2048 RSA public key +[Check 5] Test psa_export_key with RSA 2048 keypair +[Check 6] Test psa_export_key with DES 64 bit key +[Check 7] Test psa_export_key with Triple DES 2-Key +[Check 8] Test psa_export_key with Triple DES 3-Key +[Check 9] Test psa_export_key with EC Public key +[Check 10] Test psa_export_key with EC keypair +[Check 11] Test psa_export_key with key policy verify +[Check 12] Test psa_export_key with less buffer size +[Check 13] Test psa_export_key with unallocated key handle +[Check 14] Test psa_export_key with empty key handle +[Check 15] Test psa_export_key with zero as key handle +[Check 16] Test psa_export_key with destroyed key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 204 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_export_public_key 16 Byte AES +[Check 2] Test psa_export_public_key 24 Byte AES +[Check 3] Test psa_export_public_key 32 Byte AES +[Check 4] Test psa_export_public_key 2048 RSA public key +[Check 5] Test psa_export_public_key with RSA 2048 keypair +[Check 6] Test psa_export_public_key with DES 64 bit key +[Check 7] Test psa_export_public_key with Triple DES 2-Key +[Check 8] Test psa_export_public_key with Triple DES 3-Key +[Check 9] Test psa_export_public_key with EC Public key +[Check 10] Test psa_export_public_key with EC keypair +[Check 11] Test psa_export_public_key with less buffer size +[Check 12] Test psa_export_key with unallocated key handle +[Check 13] Test psa_export_key with empty key handle +[Check 14] Test psa_export_key with zero as key handle +[Check 15] Test psa_export_key with destroyed key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 205 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_destroy_key 16 Byte AES +[Check 2] Test psa_destroy_key 24 Byte AES +[Check 3] Test psa_destroy_key 32 Byte AES +[Check 4] Test psa_destroy_key 2048 RSA public key +[Check 5] Test psa_destroy_key with RSA 2048 keypair +[Check 6] Test psa_destroy_key with DES 64 bit key +[Check 7] Test psa_destroy_key with Triple DES 2-Key +[Check 8] Test psa_destroy_key with Triple DES 3-Key +[Check 9] Test psa_destroy_key with EC Public key +[Check 10] Test psa_destroy_key with EC keypair +[Check 11] Test psa_destroy_key with unallocated key handle +[Check 12] Test psa_destroy_key with zero as key handle +[Check 13] Test psa_destroy_key with empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 206 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_get_key_information 16 Byte AES +[Check 2] Test psa_get_key_information 24 Byte AES +[Check 3] Test psa_get_key_information 32 Byte AES +[Check 4] Test psa_get_key_information 2048 RSA public key +[Check 5] Test psa_get_key_information with RSA 2048 keypair +[Check 6] Test psa_get_key_information with DES 64 bit key +[Check 7] Test psa_get_key_information with Triple DES 2-Key +[Check 8] Test psa_get_key_information with Triple DES 3-Key +[Check 9] Test psa_get_key_information with EC Public key +[Check 10] Test psa_get_key_information with EC keypair +[Check 11] Test psa_get_key_information with unallocated key handle +[Check 12] Test psa_get_key_information with zero as key handle +[Check 13] Test psa_get_key_information with empty key handle +[Check 14] Test psa_get_key_information with destroyed key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 207 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_set_key_policy 16 Byte AES +[Check 2] Test psa_set_key_policy 24 Byte AES +[Check 3] Test psa_set_key_policy 32 Byte AES +[Check 4] Test psa_set_key_policy 2048 RSA public key +[Check 5] Test psa_set_key_policy with RSA 2048 keypair +[Check 6] Test psa_set_key_policy with DES 64 bit key +[Check 7] Test psa_set_key_policy with Triple DES 2-Key +[Check 8] Test psa_set_key_policy with Triple DES 3-Key +[Check 9] Test psa_set_key_policy with EC Public key +[Check 10] Test psa_set_key_policy with EC keypair +[Check 11] Test psa_set_key_policy with invalid usage +[Check 12] Test psa_set_key_policy with unallocated key handle +[Check 13] Test psa_set_key_policy with zero as key handle +[Check 14] Test psa_set_key_policy with already occupied handle +TEST RESULT: PASSED + +****************************************** + +TEST: 208 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_get_key_policy 16 Byte AES +[Check 2] Test psa_get_key_policy 24 Byte AES +[Check 3] Test psa_get_key_policy 32 Byte AES +[Check 4] Test psa_get_key_policy 2048 RSA public key +[Check 5] Test psa_get_key_policy with RSA 2048 keypair +[Check 6] Test psa_get_key_policy with DES 64 bit key +[Check 7] Test psa_get_key_policy with Triple DES 2-Key +[Check 8] Test psa_get_key_policy with Triple DES 3-Key +[Check 9] Test psa_get_key_policy with EC Public key +[Check 10] Test psa_get_key_policy with EC keypair +[Check 11] Test psa_get_key_policy negative cases +[Check 12] Test psa_get_key_policy with unallocated key handle +[Check 13] Test psa_get_key_policy with zero as key handle +[Check 14] Test psa_get_key_policy with empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 209 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_allocate_key 16 Byte AES +[Check 2] Test psa_allocate_key 24 Byte AES +[Check 3] Test psa_allocate_key 32 Byte AES +[Check 4] Test psa_allocate_key 2048 RSA public key +[Check 5] Test psa_allocate_key with RSA 2048 keypair +[Check 6] Test psa_allocate_key with DES 64 bit key +[Check 7] Test psa_allocate_key with Triple DES 2-Key +[Check 8] Test psa_allocate_key with Triple DES 3-Key +[Check 9] Test psa_allocate_key with EC Public key +[Check 10] Test psa_allocate_key with EC keypair +[Check 11] Testing the insufficient memory +TEST RESULT: PASSED + +****************************************** + +TEST: 210 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_get_key_lifetime 16 Byte AES +[Check 2] Test psa_get_key_lifetime 2048 RSA public key +[Check 3] Test psa_get_key_lifetime with Triple DES 2-Key +[Check 4] Test psa_get_key_lifetime with EC Public key +[Check 5] Test psa_get_key_lifetime with EC keypair +[Check 6] Test psa_get_key_lifetime with invalid key handle +[Check 7] Test psa_get_key_lifetime with zero as key handle +[Check 8] Test psa_get_key_lifetime with empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_setup with MD2 algorithm +[Check 2] Test psa_hash_setup with MD4 algorithm +[Check 3] Test psa_hash_setup with MD5 algorithm +[Check 4] Test psa_hash_setup with RIPEMD160 algorithm +[Check 5] Test psa_hash_setup with SHA1 algorithm +[Check 6] Test psa_hash_setup with SHA224 algorithm +[Check 7] Test psa_hash_setup with SHA256 algorithm +[Check 8] Test psa_hash_setup with SHA384 algorithm +[Check 9] Test psa_hash_setup with SHA512 algorithm +TEST RESULT: PASSED + +****************************************** + +TEST: 212 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_update with MD2 algorithm +[Check 2] Test psa_hash_update with MD4 algorithm +[Check 3] Test psa_hash_update with MD5 algorithm +[Check 4] Test psa_hash_update with RIPEMD160 algorithm +[Check 5] Test psa_hash_update with SHA1 algorithm +[Check 6] Test psa_hash_update with SHA224 algorithm +[Check 7] Test psa_hash_update with SHA256 algorithm +[Check 8] Test psa_hash_update with SHA384 algorithm +[Check 9] Test psa_hash_update with SHA512 algorithm +[Check 10] Test psa_hash_update without hash setup +[Check 11] Test psa_hash_update with completed opertaion handle +TEST RESULT: PASSED + +****************************************** + +TEST: 213 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_verify with MD2 algorithm +[Check 2] Test psa_hash_verify with MD4 algorithm +[Check 3] Test psa_hash_verify with MD5 algorithm +[Check 4] Test psa_hash_verify with RIPEMD160 algorithm +[Check 5] Test psa_hash_verify with SHA1 algorithm +[Check 6] Test psa_hash_verify with SHA224 algorithm +[Check 7] Test psa_hash_verify with SHA256 algorithm +[Check 8] Test psa_hash_verify with SHA384 algorithm +[Check 9] Test psa_hash_verify with SHA512 algorithm +[Check 10] Test psa_hash_verify with incorrect expected hash +[Check 11] Test psa_hash_verify with incorrect hash length +[Check 12] test psa_hash_verify with inactive & invalid operation handle +TEST RESULT: PASSED + +****************************************** + +TEST: 214 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_finish with MD2 algorithm +[Check 2] Test psa_hash_finish with MD4 algorithm +[Check 3] Test psa_hash_finish with MD5 algorithm +[Check 4] Test psa_hash_finish with RIPEMD160 algorithm +[Check 5] Test psa_hash_finish with SHA1 algorithm +[Check 6] Test psa_hash_finish with SHA224 algorithm +[Check 7] Test psa_hash_finish with SHA256 algorithm +[Check 8] Test psa_hash_finish with SHA384 algorithm +[Check 9] Test psa_hash_finish with SHA512 algorithm +[Check 10] test psa_hash_finish with inactive operation handle +[Check 11] test psa_hash_finish with invalid hash buffer size +TEST RESULT: PASSED + +****************************************** + +TEST: 215 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_abort with MD2 algorithm +[Check 2] Test psa_hash_abort with MD4 algorithm +[Check 3] Test psa_hash_abort with MD5 algorithm +[Check 4] Test psa_hash_abort with RIPEMD160 algorithm +[Check 5] Test psa_hash_abort with SHA1 algorithm +[Check 6] Test psa_hash_abort with SHA224 algorithm +[Check 7] Test psa_hash_abort with SHA256 algorithm +[Check 8] Test psa_hash_abort with SHA384 algorithm +[Check 9] Test psa_hash_abort with SHA512 algorithm +[Check 10] Test psa_hash_finish after calling psa_hash_abort +TEST RESULT: PASSED + +****************************************** + +TEST: 216 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_generate_key 16 Byte AES +[Check 2] Test psa_generate_key 24 Byte AES +[Check 3] Test psa_generate_key 32 Byte AES +[Check 4] Test psa_generate_key with DES 64 bit key +[Check 5] Test psa_generate_key with Triple DES 2-Key +[Check 6] Test psa_generate_key with Triple DES 3-Key +[Check 7] Test psa_generate_key with Null extra and Non-Zero extra size +[Check 8] Test psa_generate_key with ECC KeyPair +[Check 9] Test psa_generate_key with RSA 2048 Public key +[Check 10] Test psa_generate_key with unallocated key handle +[Check 11] Test psa_generate_key with zero as key handle +[Check 12] Test psa_generate_key with pre-occupied key handle +[Check 13] Test psa_generate_key with destroyed key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 217 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_generate_random to get 0 Byte data +[Check 2] Test psa_generate_random to get 16 Byte data +[Check 3] Test psa_generate_random to get 24 Byte data +[Check 4] Test psa_generate_random to get 32 Byte data +[Check 5] Test psa_generate_random to get 64 Byte data +[Check 6] Test psa_generate_random to get 128 Byte data +[Check 7] Test psa_generate_random to get 256 Byte data +[Check 8] Test psa_generate_random to get 512 Byte data +[Check 9] Test psa_generate_random to get 1000 Byte data +TEST RESULT: PASSED + +****************************************** + +TEST: 218 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_generator_read to get 16 Byte data with SHA-256 +[Check 2] Test psa_generator_read to get 32 Byte data with SHA-512 +[Check 3] Test psa_generator_read to get 8 Byte data with SHA-1 +[Check 4] Test psa_generator_read to request maximum capacity +[Check 5] Test psa_generator_read to request maximum capacity +1 +[Check 6] Test psa_generator_read without setup +TEST RESULT: PASSED + +****************************************** + +TEST: 219 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_generator_get_capacity to get 16 Byte data with SHA-256 +[Check 2] Test psa_generator_get_capacity to get 32 Byte data with SHA-512 +[Check 3] Test psa_get_generator_capacity without setup +TEST RESULT: PASSED + +****************************************** + +TEST: 220 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_generator_import_key for 16 Byte AES Key +[Check 2] Test psa_generator_import_key for Triple DES 3-Key +[Check 3] Test psa_generator_import_key output greater than capacity +[Check 4] Test psa_generator_import_key for RSA Public Key - Invalid type +[Check 5] Test psa_generator_import_key for invalid byte for generation +[Check 6] Test psa_generator_import_key with invalid handle +[Check 7] Test psa_generator_import_key with zero handle +[Check 8] Test psa_generator_import_key with pre-occupied key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 221 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_generator_abort on empty generator +[Check 2] Test psa_generator_abort +[Check 3] Multiple psa_generator_abort test +TEST RESULT: PASSED + +****************************************** + +TEST: 222 | DESCRIPTION: Testing crypto generator functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_key_derivation to get 16 Byte data with SHA-256 +[Check 2] Test psa_key_derivation to get 32 Byte data with SHA-512 +[Check 3] Test psa_key_derivation to get 32 Byte data with MD-5 +[Check 4] Test psa_key_derivation to get 16 Byte data with salt and label +[Check 5] Test psa_key_derivation with too large capacity for alg and key +[Check 6] Test psa_key_derivation with unsupported key type +[Check 7] Test psa_key_derivation with incorrect usage +[Check 8] Test psa_key_derivation with unsupported key derivation algorithm +[Check 9] Test psa_key_derivation with invalid algorithm +[Check 10] Test psa_key_derivation with Invalid key handle +[Check 11] Test psa_key_derivation with Zero as key handle +[Check 12] Test psa_key_derivation with Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 223 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_key_policy_get_usage with usage as encrypt +[Check 2] Test psa_key_policy_get_usage with usage as decrypt +[Check 3] Test psa_key_policy_get_usage with usage as derive +[Check 4] Test psa_key_policy_get_usage with usage as export +[Check 5] Test psa_key_policy_get_usage with usage as sign +[Check 6] Test psa_key_policy_get_usage with usage as verify +TEST RESULT: PASSED + +****************************************** + +TEST: 224 | DESCRIPTION: Testing crypto AEAD APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_aead_encrypt - CCM - 16B AES - 13B nounce & 8B addi data +[Check 2] Test psa_aead_encrypt - AES-CCM +[Check 3] Test psa_aead_encrypt - AES-CCM 24 bytes Tag length = 4 +[Check 4] Test psa_aead_encrypt - GCM - 16B AES - 12B Nounce & 12B addi data +[Check 5] Test psa_aead_encrypt - DES Key +[Check 6] Test psa_aead_encrypt - Unsupported Algorithm +[Check 7] Test psa_aead_encrypt - Invalid key usage +[Check 8] Test psa_aead_encrypt - Small output buffer size +[Check 9] Test psa_aead_encrypt - Invalid key handle +[Check 10] Test psa_aead_encrypt - Zero as key handle +[Check 11] Test psa_aead_encrypt - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 225 | DESCRIPTION: Testing crypto AEAD APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_aead_decrypt - CCM - 16B AES - 13B nounce & 8B addi data +[Check 2] Test psa_aead_encrypt - AES-CCM +[Check 3] Test psa_aead_encrypt - AES-CCM 24 bytes Tag length = 4 +[Check 4] Test psa_aead_decrypt - GCM - 16B AES - 12B Nounce & 12B addi data +[Check 5] Test psa_aead_decrypt - DES Key +[Check 6] Test psa_aead_decrypt - Unsupported Algorithm +[Check 7] Test psa_aead_decrypt - Invalid key usage +[Check 8] Test psa_aead_decrypt - Small output buffer size +[Check 9] Test psa_aead_decrypt - Invalid cipher text +[Check 10] Test psa_aead_decrypt - Invalid cipher text size +[Check 11] Test psa_aead_decrypt - Invalid tag length 0 +[Check 12] Test psa_aead_decrypt - Invalid key handle +[Check 13] Test psa_aead_decrypt - Zero as key handle +[Check 14] Test psa_aead_decrypt - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 226 | DESCRIPTION: Testing crypto MAC APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_mac_sign_setup 64 Byte HMAC +[Check 2] Test psa_mac_sign_setup 16 Byte AES - CMAC +[Check 3] Test psa_mac_sign_setup 16 Byte AES - GMAC +[Check 4] Test psa_mac_sign_setup incompactible HMAC for CMAC +[Check 5] Test psa_mac_sign_setup invalid usage +[Check 6] Test psa_mac_sign_setup invalid key type +[Check 7] Test psa_mac_sign_setup truncated MAC too large +[Check 8] Test psa_mac_sign_setup truncated MAC too small +[Check 9] Test psa_mac_sign_setup bad algorithm (unknown MAC algorithm) +[Check 10] Test psa_mac_sign_setup bad algorithm (not a MAC algorithm) +[Check 11] Test psa_mac_sign_setup with invalid key handle +[Check 12] Test psa_mac_sign_setup with zero key handle +[Check 13] Test psa_mac_sign_setup with empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 227 | DESCRIPTION: Testing crypto MAC APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_mac_update 64 Byte HMAC SHA256 +[Check 2] Test psa_mac_update 16 Byte AES - CMAC +[Check 3] Test psa_mac_update 32 Byte HMAC SHA512 +[Check 4] Test psa_mac_update without mac setup +TEST RESULT: PASSED + +****************************************** + +TEST: 228 | DESCRIPTION: Testing crypto MAC APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_mac_sign_finish HMAC SHA 224 +[Check 2] Test psa_mac_sign_finish HMAC SHA 256 +[Check 3] Test psa_mac_sign_finish HMAC SHA 512 +[Check 4] Test psa_mac_sign_finish HMAC SHA 224 (truncated to 8 Byte) +[Check 5] Test psa_mac_sign_finish CMAC AES 128 +[Check 6] Test psa_mac_sign_finish small size buffer +TEST RESULT: PASSED + +****************************************** + +TEST: 229 | DESCRIPTION: Testing crypto MAC APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_mac_verify_setup 64 Byte HMAC +[Check 2] Test psa_mac_verify_setup 16 Byte AES - CMAC +[Check 3] Test psa_mac_verify_setup 16 Byte AES - GMAC +[Check 4] Test psa_mac_verify_setup incompactible HMAC for CMAC +[Check 5] Test psa_mac_verify_setup invalid usage +[Check 6] Test psa_mac_verify_setup invalid key type +[Check 7] Test psa_mac_verify_setup truncated MAC too large +[Check 8] Test psa_mac_verify_setup truncated MAC too small +[Check 9] Test psa_mac_verify_setup bad algorithm (unknown MAC algorithm) +[Check 10] Test psa_mac_verify_setup bad algorithm (not a MAC algorithm) +[Check 11] Test psa_mac_verify_setup invalid key handle +[Check 12] Test psa_mac_verify_setup zero as key handle +[Check 13] Test psa_mac_verify_setup empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 230 | DESCRIPTION: Testing crypto MAC APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_mac_verify_finish HMAC SHA 224 +[Check 2] Test psa_mac_verify_finish HMAC SHA 256 +[Check 3] Test psa_mac_verify_finish HMAC SHA 512 +[Check 4] Test psa_mac_verify_finish HMAC SHA 224 (truncated to 8 Byte) +[Check 5] Test psa_mac_verify_finish CMAC AES 128 +[Check 6] Test psa_mac_verify_finish small size buffer +[Check 7] Test psa_mac_verify_finish incorrect expected MAC +TEST RESULT: PASSED + +****************************************** + +TEST: 231 | DESCRIPTION: Testing crypto MAC APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_mac_abort HMAC SHA 224 +[Check 2] Test psa_mac_abort HMAC SHA 256 +[Check 3] Test psa_mac_abort HMAC SHA 512 +[Check 4] Test psa_mac_abort HMAC SHA 224 (truncated to 8 Byte) +[Check 5] Test psa_mac_abort CMAC AES 128 +[Check 6] Test psa_mac_sign_finish after calling psa_mac_abort +TEST RESULT: PASSED + +****************************************** + +TEST: 232 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_encrypt_setup 16 Byte AES +[Check 2] Test psa_cipher_encrypt_setup 24 Byte AES +[Check 3] Test psa_cipher_encrypt_setup 32 Byte AES +[Check 4] Test psa_cipher_encrypt_setup DES 64 bit key +[Check 5] Test psa_cipher_encrypt_setup Triple DES 2-Key +[Check 6] Test psa_cipher_encrypt_setup Triple DES 3-Key +[Check 7] Test psa_cipher_encrypt_setup 16 Byte raw data +[Check 8] Test psa_cipher_encrypt_setup - not a cipher algorithm +[Check 9] Test psa_cipher_encrypt_setup - unknown cipher algorithm +[Check 10] Test psa_cipher_encrypt_setup - incompatible key ARC4 +[Check 11] Test psa_cipher_encrypt_setup - incorrect usage +[Check 12] Test psa_cipher_encrypt_setup - RSA public key +[Check 13] Test psa_cipher_encrypt_setup - RSA keypair +[Check 14] Test psa_cipher_encrypt_setup - EC Public key +[Check 15] Test psa_cipher_encrypt_setup - EC keypair +[Check 16] Test psa_cipher_encrypt_setup - Invalid key handle +[Check 17] Test psa_cipher_encrypt_setup - Zero as key handle +[Check 18] Test psa_cipher_encrypt_setup - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 233 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_decrypt_setup 16 Byte AES +[Check 2] Test psa_cipher_decrypt_setup 24 Byte AES +[Check 3] Test psa_cipher_decrypt_setup 32 Byte AES +[Check 4] Test psa_cipher_decrypt_setup DES 64 bit key +[Check 5] Test psa_cipher_decrypt_setup Triple DES 2-Key +[Check 6] Test psa_cipher_decrypt_setup Triple DES 3-Key +[Check 7] Test psa_cipher_decrypt_setup 16 Byte raw data +[Check 8] Test psa_cipher_decrypt_setup - not a cipher algorithm +[Check 9] Test psa_cipher_decrypt_setup - unknown cipher algorithm +[Check 10] Test psa_cipher_decrypt_setup - incompatible key ARC4 +[Check 11] Test psa_cipher_decrypt_setup - incorrect usage +[Check 12] Test psa_cipher_decrypt_setup - RSA public key +[Check 13] Test psa_cipher_decrypt_setup - RSA keypair +[Check 14] Test psa_cipher_decrypt_setup - EC Public key +[Check 15] Test psa_cipher_decrypt_setup - EC keypair +[Check 16] Test psa_cipher_decrypt_setup - Invalid key handle +[Check 17] Test psa_cipher_decrypt_setup - Zero as key handle +[Check 18] Test psa_cipher_decrypt_setup - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 234 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_generate_iv 16 Byte AES +[Check 2] Test psa_cipher_generate_iv 24 Byte AES +[Check 3] Test psa_cipher_generate_iv 32 Byte AES +[Check 4] Test psa_cipher_generate_iv DES 64 bit key +[Check 5] Test psa_cipher_generate_iv Triple DES 2-Key +[Check 6] Test psa_cipher_generate_iv Triple DES 3-Key +[Check 7] Test psa_cipher_generate_iv AES - small iv buffer +[Check 8] Test psa_cipher_generate_iv DES - small iv buffer +[Check 9] Test psa_cipher_generate_iv AES - large iv buffer +[Check 10] Test psa_cipher_generate_iv DES - large iv buffer +TEST RESULT: PASSED + +****************************************** + +TEST: 235 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_set_iv 16 Byte AES +[Check 2] Test psa_cipher_set_iv 24 Byte AES +[Check 3] Test psa_cipher_set_iv 32 Byte AES +[Check 4] Test psa_cipher_set_iv DES 64 bit key +[Check 5] Test psa_cipher_set_iv Triple DES 2-Key +[Check 6] Test psa_cipher_set_iv Triple DES 3-Key +[Check 7] Test psa_cipher_set_iv AES - small iv buffer +[Check 8] Test psa_cipher_set_iv DES - small iv buffer +[Check 9] Test psa_cipher_set_iv AES - large iv buffer +[Check 10] Test psa_cipher_set_iv DES - large iv buffer +TEST RESULT: PASSED + +****************************************** + +TEST: 236 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING +[Check 2] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING (Short input) +[Check 3] Test psa_cipher_update - Encrypt - AES CBC_PKCS7 +[Check 4] Test psa_cipher_update - Encrypt - AES CBC_PKCS7 (Short input) +[Check 5] Test psa_cipher_update - Encrypt - AES CTR +[Check 6] Test psa_cipher_update - Encrypt - DES CBC (nopad) +[Check 7] Test psa_cipher_update - Encrypt - 2-key 3DE -CBC (nopad) +[Check 8] Test psa_cipher_update - Encrypt - 3-key 3DE -CBC (nopad) +[Check 9] Test psa_cipher_update - small output buffer size +[Check 10] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING +[Check 11] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING (Short input) +[Check 12] Test psa_cipher_update - Decrypt - AES CBC_PKCS7 +[Check 13] Test psa_cipher_update - Decrypt - AES CBC_PKCS7 (Short input) +[Check 14] Test psa_cipher_update - Decrypt - AES CTR +[Check 15] Test psa_cipher_update - Decrypt - DES CBC (nopad) +[Check 16] Test psa_cipher_update - Decrypt - 2-key 3DE -CBC (nopad) +[Check 17] Test psa_cipher_update - Decrypt - 3-key 3DE -CBC (nopad) +[Check 18] Test psa_cipher_update without cipher setup +TEST RESULT: PASSED + +****************************************** + +TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING +[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short input) +[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 +[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input) +[Check 5] Test psa_cipher_finish - Encrypt - AES CTR +[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input) +[Check 7] Test psa_cipher_finish - Encrypt - DES CBC (nopad) +[Check 8] Test psa_cipher_finish - Encrypt - 2-key 3DE -CBC (nopad) +[Check 9] Test psa_cipher_finish - Encrypt - 3-key 3DE -CBC (nopad) +[Check 10] Test psa_cipher_finish - small output buffer size +[Check 11] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING +[Check 12] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short input) +[Check 13] Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 +[Check 14] Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 (Short input) +[Check 15] Test psa_cipher_finish - Decrypt - AES CTR +[Check 16] Test psa_cipher_finish - Decrypt - AES CTR (short input) +[Check 17] Test psa_cipher_finish - Decrypt - DES CBC (nopad) +[Check 18] Test psa_cipher_finish - Decrypt - 2-key 3DE -CBC (nopad) +[Check 19] Test psa_cipher_finish - 3-key 3DE -CBC (nopad) +TEST RESULT: PASSED + +****************************************** + +TEST: 238 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_abort - Encrypt - AES CBC_NO_PADDING +[Check 2] Test psa_cipher_abort - Encrypt - AES CBC_PKCS7 +[Check 3] Test psa_cipher_abort - Encrypt - AES CTR +[Check 4] Test psa_cipher_abort - Encrypt - DES CBC (nopad) +[Check 5] Test psa_cipher_abort - Encrypt - 2-key 3DE -CBC (nopad) +[Check 6] Test psa_cipher_abort - Encrypt - 3-key 3DE -CBC (nopad) +[Check 7] Test psa_cipher_abort - Decrypt - AES CBC_NO_PADDING +[Check 8] Test psa_cipher_abort - Decrypt - AES CBC_PKCS7 +[Check 9] Test psa_cipher_abort - Decrypt - AES CTR +[Check 10] Test psa_cipher_abort - Decrypt - DES CBC (nopad) +[Check 11] Test psa_cipher_abort - Decrypt - 2-key 3DE -CBC (nopad) +[Check 12] Test psa_cipher_abort - Decrypt - 3-key 3DE -CBC (nopad) +[Check 13] Test psa_cipher_update after psa_cipher_abort should fail +TEST RESULT: PASSED + +****************************************** + +TEST: 239 | DESCRIPTION: Testing crypto asymmetric APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_asymmetric_encrypt - RSA PKCS1V15 +[Check 2] Test psa_asymmetric_encrypt - RSA OAEP SHA256 +[Check 3] Test psa_asymmetric_encrypt - RSA OAEP SHA256 with label +[Check 4] Test psa_asymmetric_encrypt - RSA KEYPAIR PKCS1V15 +[Check 5] Test psa_asymmetric_encrypt - Small output buffer +[Check 6] Test psa_asymmetric_encrypt - Invalid algorithm +[Check 7] Test psa_asymmetric_encrypt - Invalid key type +[Check 8] Test psa_asymmetric_encrypt - Invalid usage +[Check 9] Test psa_asymmetric_encrypt - Invalid key handle +[Check 10] Test psa_asymmetric_encrypt - Zero as key handle +[Check 11] Test psa_asymmetric_encrypt - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 240 | DESCRIPTION: Testing crypto asymmetric APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_asymmetric_decrypt - RSA KEYPAIR PKCS1V15 +[Check 2] Test psa_asymmetric_decrypt - RSA KEYPAIR OAEP SHA256 +[Check 3] Test psa_asymmetric_decrypt - RSA KEYPAIR OAEP SHA256 with label +[Check 4] Test psa_asymmetric_decrypt - Invalid key type (RSA public key) +[Check 5] Test psa_asymmetric_decrypt - Small output buffer +[Check 6] Test psa_asymmetric_decrypt - Invalid algorithm +[Check 7] Test psa_asymmetric_decrypt - Invalid key type (AES Key) +[Check 8] Test psa_asymmetric_decrypt - Invalid usage +[Check 9] Test psa_asymmetric_decrypt - Invalid key handle +[Check 10] Test psa_asymmetric_decrypt - Zero as key handle +[Check 11] Test psa_asymmetric_decrypt - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 241 | DESCRIPTION: Testing crypto asymmetric APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_asymmetric_sign - RSA KEYPAIR PKCS1V15 RAW +[Check 2] Test psa_asymmetric_sign - RSA KEYPAIR PKCS1V15 SHA-256 +[Check 3] Test psa_asymmetric_sign - ECDSA SECP256R1 SHA-256 +[Check 4] Test psa_asymmetric_sign - Invalid key type (RSA public key) +[Check 5] Test psa_asymmetric_sign - Small output buffer +[Check 6] Test psa_asymmetric_sign - Invalid algorithm +[Check 7] Test psa_asymmetric_sign - Invalid key type (AES Key) +[Check 8] Test psa_asymmetric_sign - Invalid usage +[Check 9] Test psa_asymmetric_sign - Wrong hash size +[Check 10] Test psa_asymmetric_sign - Invalid key handle +[Check 11] Test psa_asymmetric_sign - Zero as key handle +[Check 12] Test psa_asymmetric_sign - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 242 | DESCRIPTION: Testing crypto asymmetric APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_asymmetric_verify - RSA KEYPAIR PKCS1V15 RAW +[Check 2] Test psa_asymmetric_verify - RSA KEYPAIR PKCS1V15 SHA-256 +[Check 3] Test psa_asymmetric_verify - ECDSA KEYPAIR SECP256R1 SHA-256 +[Check 4] Test psa_asymmetric_verify - RSA public key +[Check 5] Test psa_asymmetric_verify - Small output buffer +[Check 6] Test psa_asymmetric_verify - Invalid algorithm +[Check 7] Test psa_asymmetric_verify - Invalid key type (AES Key) +[Check 8] Test psa_asymmetric_verify - Invalid usage +[Check 9] Test psa_asymmetric_verify - Wrong hash size +[Check 10] Test psa_asymmetric_verify - Wrong signature +[Check 11] Test psa_asymmetric_verify - EC public key +[Check 12] Test psa_asymmetric_verify - Wrong signature size +[Check 13] Test psa_asymmetric_verify - Invalid key handle +[Check 14] Test psa_asymmetric_verify - Invalid key handle +[Check 15] Test psa_asymmetric_verify - Zero as key handle +[Check 16] Test psa_asymmetric_verify - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 243 | DESCRIPTION: Testing crypto generator APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_key_agreement - ECDH SECP256R1 +[Check 2] Test psa_key_agreement - ECDH SECP384R1 +[Check 3] Test psa_key_agreement - Invalid usage +[Check 4] Test psa_key_agreement - Unknown KDF +[Check 5] Test psa_key_agreement - Not a key agreement alg +[Check 6] Test psa_key_agreement - Public key on different curve +[Check 7] Test psa_key_agreement - Public key instead of private key +[Check 8] Test psa_key_agreement - Invalid key handle +[Check 9] Test psa_key_agreement - Invalid key handle +[Check 10] Test psa_key_agreement - Zero as key handle +[Check 11] Test psa_key_agreement - Empty key handle +TEST RESULT: PASSED + +****************************************** + +TEST: 244 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_copy_key 16 Byte AES +[Check 2] Test psa_copy_key 24 Byte AES +[Check 3] Test psa_copy_key 32 Byte AES +[Check 4] Test psa_copy_key 2048 RSA public key +[Check 5] Test psa_copy_key with RSA 2048 keypair +[Check 6] Test psa_copy_key with Incompatible target policy(source and target) +[Check 7] Test psa_copy_key with Incompatible constraint +[Check 8] Test psa_copy_key with unexport source key usage +TEST RESULT: PASSED + +****************************************** + +************ Crypto Suite Report ********** +TOTAL TESTS : 44 +TOTAL PASSED : 44 +TOTAL SIM ERROR : 0 +TOTAL FAILED : 0 +TOTAL SKIPPED : 0 +******************** + +Entering standby.. + diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/protected_storage.txt b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/protected_storage.txt new file mode 100755 index 00000000..93b7ba38 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/reference_logs/protected_storage.txt @@ -0,0 +1,157 @@ +***** PSA Architecture Test Suite - Version 0.9 ***** + +Running.. Protected Storage Suite +****************************************** + +TEST: 401 | DESCRIPTION: UID not found check +[Info] Executing tests from non-secure +[Check 1] Call get API for UID 6 which is not set +[Check 2] Call get_info API for UID 6 which is not set +[Check 3] Call remove API for UID 6 which is not set +[Check 4] Call get API for UID 6 which is removed +[Check 5] Call get_info API for UID 6 which is removed +[Check 6] Call remove API for UID 6 which is removed +Set storage for UID 6 +[Check 7] Call get API for different UID 6 +[Check 8] Call get_info API for different UID 6 +[Check 9] Call remove API for different UID 6 +TEST RESULT: PASSED + +****************************************** + +TEST: 402 | DESCRIPTION: Write once error check +[Info] Executing tests from non-secure +[Check 1] Update the flag of UID 1 with WRITE_ONCE flag +[Check 2] Try to remove the UID 1 having WRITE_ONCE flag +[Check 3] Create a new UID 2 with WRITE_ONCE flag +[Check 4] Try to remove the UID 2 having WRITE_ONCE flag +[Check 5] Try to change the length of write_once UID 2 +[Check 6] Check UID removal still fails +[Check 7] Try to change the WRITE_ONCE flag to None for UID 2 +[Check 8] Check UID removal still fails +TEST RESULT: PASSED + +****************************************** + +TEST: 403 | DESCRIPTION: Insufficient space check +[Info] Executing tests from non-secure +[Check 1] Overload storage space +Remove all registered UIDs +[Check 2] Overload storage again to verify all previous UID removed + +Remove all registered UIDs +TEST RESULT: PASSED + +****************************************** + +TEST: 404 | DESCRIPTION: Data Consistency check +[Info] Executing tests from non-secure +[Check 1] Call get API with incorrect length +[Check 2] Old buffer invalid after length change +TEST RESULT: PASSED + +****************************************** + +TEST: 405 | DESCRIPTION: Success scenarios check +[Info] Executing tests from non-secure +[Check 1] Set UID with data length zero and call storage APIs +[Check 2] Resetting the length check +TEST RESULT: PASSED + +****************************************** + +TEST: 406 | DESCRIPTION: Flags not supported check +[Info] Executing tests from non-secure +[Check 1] Call set API with valid flag values +TEST RESULT: PASSED + +****************************************** + +TEST: 407 | DESCRIPTION: Incorrect Size check +[Info] Executing tests from non-secure +Create a valid Storage +Increase the length of storage +[Check 1] Call get API with old length +Decrease the length of storage +[Check 2] Call get API with old length +[Check 3] Call get API with valid length +TEST RESULT: PASSED + +****************************************** + +TEST: 408 | DESCRIPTION: Invalid offset check +[Info] Executing tests from non-secure +[Check 1] Try to access data with varying valid offset +[Check 2] Try to access data with varying invalid offset +TEST RESULT: PASSED + +****************************************** + +TEST: 409 | DESCRIPTION: Invalid Arguments check +[Info] Executing tests from non-secure +[Check 1] Call set API with NULL pointer and data length 0 +[Check 2] Call get API with NULL read buffer and data length 0 +[Check 3] Remove the UID +[Check 4] Call get_info API to verify UID removed +[Check 5] Create UID with zero data_len and valid write buffer +[Check 8] Call get API with NULL read buffer and data length 0 +[Check 9] Increase the length +TEST RESULT: PASSED + +****************************************** + +TEST: 410 | DESCRIPTION: UID value zero check +[Info] Executing tests from non-secure +[Check 1] Creating storage with UID 0 should fail +TEST RESULT: PASSED + +****************************************** + +TEST: 411 | DESCRIPTION: Optional APIs: UID not found check +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +TEST: 412 | DESCRIPTION: Optional APIs: Invalid arguments and offset invalid +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +TEST: 413 | DESCRIPTION: Set_Extended and Create api : Success +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +TEST: 414 | DESCRIPTION: Optional APIs not supported check +[Info] Executing tests from non-secure +Optional PS APIs are not supported. +[Check 1] Call to create API should fail as API not supported +[Check 2] Create valid storage with set API +[Check 3] Call to set_extended API call should fail +[Check 4] Verify data is unchanged +TEST RESULT: PASSED + +****************************************** + +TEST: 415 | DESCRIPTION: Create API write_once flag value check +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +************ Protected Storage Suite Report ********** +TOTAL TESTS : 15 +TOTAL PASSED : 11 +TOTAL SIM ERROR : 0 +TOTAL FAILED : 0 +TOTAL SKIPPED : 4 +****************************************** + +Entering standby.. diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.c index eb468b9b..4d522071 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.c +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.c @@ -33,7 +33,7 @@ void pal_uart_init(uint32_t uart_base_addr) - data : Value for format specifier **/ -void pal_print(char *str, uint32_t data) +void pal_print(char *str, int32_t data) { pal_uart_pl011_print(str,data); } @@ -109,3 +109,23 @@ int pal_wd_timer_is_enabled(addr_t base_addr) return (pal_wd_cmsdk_is_enabled(base_addr)); } +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void pal_generate_interrupt(void) +{ + pal_uart_pl011_generate_irq(); +} + +/** + @brief - Disable interrupt that was generated using pal_generate_interrupt API. + @param - void + @return - void +**/ +void pal_disable_interrupt(void) +{ + pal_uart_pl011_disable_irq(); +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.h index da85a63e..cef34ca8 100644 --- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.h +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/spe/pal_driver_intf.h @@ -23,11 +23,13 @@ #include "pal_wd_cmsdk.h" void pal_uart_init(uint32_t uart_base_addr); -void pal_print(char *str, uint32_t data); +void pal_print(char *str, int32_t data); int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); int pal_wd_timer_enable(addr_t base_addr); int pal_wd_timer_disable(addr_t base_addr); int pal_wd_timer_is_enabled(addr_t base_addr); +void pal_generate_interrupt(void); +void pal_disable_interrupt(void); #endif /* _PAL_DRIVER_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/Makefile b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/Makefile new file mode 100644 index 00000000..aa7e10b7 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/Makefile @@ -0,0 +1,160 @@ +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +include $(SOURCE)/tools/makefiles/toolchain.mk + +# Make variables to select correct instances of PAL files + +## PSA_IPC_IMPLEMENTED must be true for IPC SUITE +PSA_IPC_IMPLEMENTED:=0 + +## PSA_CRYPTO_IMPLEMENTED must be true for CRYPTO SUITE +PSA_CRYPTO_IMPLEMENTED:=1 + +## PSA_PROTECTED_STORAGE_IMPLEMENTED must be true for PROTECTED_STORAGE SUITE +PSA_PROTECTED_STORAGE_IMPLEMENTED:=1 + +## PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED must be true for INTERNAL_TRUSTED_STORAGE SUITE +PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED:=0 + +## PSA_INITIAL_ATTESTATION_IMPLEMENTED must be true for INITIAL_ATTESTATION SUITE +PSA_INITIAL_ATTESTATION_IMPLEMENTED:=1 + +# Make variables holding NSPE/SPE source files + +## PAL C source files part of NSPE library +SRC_C_NSPE= + +## PAL ASM source files part of NSPE library +SRC_ASM_NSPE= + +## PAL C source files part of SPE library - driver partition +SRC_C_DRIVER_SP= + +## PAL ASM source files part of SPE library - driver partition +SRC_ASM_DRIVER_SP= + +ifeq (${PSA_IPC_IMPLEMENTED},1) +# When PSA_IPC_IMPLEMENTED=1, driver functionalities are implemented as RoT-services +# and secure and non-secure clients will call to these RoT-services to get appropriate driver services. +SRC_C_NSPE += pal_client_api_intf.c +SRC_C_NSPE += pal_driver_ipc_intf.c + +# Driver files will be compiled as part of driver partition +SRC_C_DRIVER_SP += pal_driver_intf.c pal_nvmem.c pal_uart.c pal_wd_cmsdk.c +else + +# When PSA_IPC_IMPLEMENTED=0, driver files will be compiled as part of NSPE +SRC_C_NSPE += pal_client_api_empty_intf.c +SRC_C_NSPE += pal_driver_ns_intf.c pal_nvmem.c pal_uart.c pal_wd_cmsdk.c +endif + +ifeq (${PSA_CRYPTO_IMPLEMENTED},1) +SRC_C_NSPE += pal_crypto_intf.c +else +SRC_C_NSPE += pal_crypto_empty_intf.c +endif + +ifeq (${PSA_PROTECTED_STORAGE_IMPLEMENTED},1) +SRC_C_NSPE += pal_protected_storage_intf.c +else +SRC_C_NSPE += pal_protected_storage_empty_intf.c +endif + +ifeq (${PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED},1) +SRC_C_NSPE += pal_internal_trusted_storage_intf.c +else +SRC_C_NSPE += pal_internal_trusted_storage_empty_intf.c +endif + +ifeq (${PSA_INITIAL_ATTESTATION_IMPLEMENTED},1) +SRC_C_NSPE += pal_attestation_intf.c +SRC_C_NSPE += pal_attestation_eat.c +SRC_C_NSPE += pal_attestation_crypto.c +else +SRC_C_NSPE += pal_attestation_empty_intf.c +endif + +INCLUDE= -I$(SOURCE)/platform/targets/$(TARGET)/nspe \ + -I$(SOURCE)/platform/targets/$(TARGET)/spe \ + -I$(BUILD)/platform/$(TARGET)/ \ + -I$(SOURCE)/platform/drivers/uart/pl011 \ + -I$(SOURCE)/platform/drivers/nvmem/ \ + -I$(SOURCE)/platform/drivers/watchdog/cmsdk \ + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/common \ + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/crypto \ + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation \ + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation/ext/inc \ + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/internal_trusted_storage \ + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage \ + +VPATH=$(SOURCE)/platform/targets/$(TARGET)/: \ + $(SOURCE)/platform/targets/$(TARGET)/spe: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe: \ + $(SOURCE)/platform/drivers/uart/pl011: \ + $(SOURCE)/platform/drivers/nvmem: \ + $(SOURCE)/platform/drivers/watchdog/cmsdk: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe/common: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe/crypto: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation/ext/src: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe/internal_trusted_storage: \ + $(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage: \ + +all: build + +ifeq (${PSA_IPC_IMPLEMENTED},1) +build: mkdir build_nspe_pal build_spe_pal +else +build: mkdir build_nspe_pal +endif + +mkdir: + @mkdir -p $(BUILD)/platform/nspe/ + @mkdir -p $(BUILD)/platform/spe/ + +# BUILD NSPE PAL +build_nspe_pal: build_c_nspe build_asm_nspe pal_nspe.a + +build_c_nspe: $(SRC_C_NSPE:%.c=$(BUILD)/platform/nspe/%.o) +build_asm_nspe: $(SRC_ASM_NSPE:%.s=$(BUILD)/platform/nspe/%.o) + +$(BUILD)/platform/nspe/%.o : %.c + $(CC) $(PAL_CDEFS) $(INCLUDE) -o $@ -c $< + +$(BUILD)/platform/nspe/%.o : %.s + $(AS) $(INCLUDE) -o $@ $< + +pal_nspe.a: + $(AR) $(AR_OPTIONS) $(BUILD)/platform/pal_nspe.a $(BUILD)/platform/nspe/*.o + +# BUILD SPE PAL +build_spe_pal: build_driver_sp + +build_driver_sp: build_c_driver_sp build_asm_driver_sp + +build_c_driver_sp: $(SRC_C_DRIVER_SP:%.c=$(BUILD)/platform/spe/%_driver_sp.o) +build_asm_driver_sp: $(SRC_ASM_DRIVER_SP:%.s=$(BUILD)/platform/spe/%_driver_sp.o) + +# Generated %_driver_sp.o(s) are used in spbuild.mk to create final driver_partition.a +$(BUILD)/platform/spe/%_driver_sp.o : %.c + $(CC) $(INCLUDE) -DSPE_BUILD -o $@ -c $< + +$(BUILD)/platform/spe/%_driver_sp.o : %.s + $(AS) $(INCLUDE) -o $@ $< + +clean: + @rm -rf $(BUILD)/platform/nspe/* $(BUILD)/platform/spe/*.a diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/common/driver_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/common/driver_partition_psa.json new file mode 100644 index 00000000..7010c9b5 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/common/driver_partition_psa.json @@ -0,0 +1,75 @@ +{ + "psa_framework_version": 1.0, + "name": "DRIVER_PARTITION", + "type": "PSA-ROT", + "priority": "NORMAL", + "description": "Implements device services such print, flash read/write,. etc.", + "entry_point": "driver_main", + "stack_size": "0x400", + "services": [{ + "name": "DRIVER_UART_SID", + "sid": "0x0000FC01", + "signal": "DRIVER_UART_SIG", + "non_secure_clients": true, + "minor_version": 1, + "minor_policy": "RELAXED" + }, + { + "name": "DRIVER_WATCHDOG_SID", + "sid": "0x0000FC02", + "signal": "DRIVER_WATCHDOG_SIG", + "non_secure_clients": true, + "minor_version": 1, + "minor_policy": "RELAXED" + }, + { + "name": "DRIVER_NVMEM_SID", + "sid": "0x0000FC03", + "signal": "DRIVER_NVMEM_SIG", + "non_secure_clients": true, + "minor_version": 1, + "minor_policy": "RELAXED" + }, + { + "name": "DRIVER_TEST_SID", + "sid": "0x0000FC04", + "signal": "DRIVER_TEST_SIG", + "non_secure_clients": true, + "minor_version": 1, + "minor_policy": "RELAXED" + } + ], + "mmio_regions" : [ + { + "name": "UART_REGION", + "base": "0x40004000", + "size": "0x1000", + "permission": "READ-WRITE" + }, + { + "name": "WATCHDOG_REGION", + "base": "0x40008000", + "size": "0x1000", + "permission": "READ-WRITE" + }, + { + "name": "NVMEM_REGION", + "base": "0x2002F000", + "size": "0x400", + "permission": "READ-WRITE" + }, + { + "name": "DRIVER_PARTITION_MMIO", + "base": "0x200AF040", + "size": "0x20", + "permission": "READ-WRITE" + } + ], + "irqs": [ + { + "description": "Using UART TX interrupt to test psa_wait and psa_eoi for irq_signal", + "signal": "DRIVER_UART_INTR_SIG", + "line_num": 46 + } + ] +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/ipc/client_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/ipc/client_partition_psa.json new file mode 100644 index 00000000..b93377bd --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/ipc/client_partition_psa.json @@ -0,0 +1,37 @@ +{ + "psa_framework_version": 1.0, + "name": "CLIENT_PARTITION", + "type": "APPLICATION-ROT", + "priority": "NORMAL", + "description": "Client partition executing client test func from SPE", + "entry_point": "client_main", + "stack_size": "0x400", + "services": [{ + "name": "CLIENT_TEST_DISPATCHER_SID", + "sid": "0x0000FA01", + "signal": "CLIENT_TEST_DISPATCHER_SIG", + "non_secure_clients": true, + "minor_version": 1, + "minor_policy": "RELAXED" + } + ], + "dependencies": [ + "DRIVER_UART_SID", + "DRIVER_NVMEM_SID", + "DRIVER_TEST_SID", + "SERVER_TEST_DISPATCHER_SID", + "SERVER_UNSPECIFED_MINOR_V_SID", + "SERVER_STRICT_MINOR_VERSION_SID", + "SERVER_RELAX_MINOR_VERSION_SID", + "SERVER_SECURE_CONNECT_ONLY_SID", + "SERVER_CONNECTION_DROP_SID" + ], + "mmio_regions" : [ + { + "name": "CLIENT_PARTITION_MMIO", + "base": "0x200AF000", + "size": "0x20", + "permission": "READ-WRITE" + } + ] +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/ipc/server_partition_psa.json b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/ipc/server_partition_psa.json new file mode 100644 index 00000000..146b8fbc --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/manifests/ipc/server_partition_psa.json @@ -0,0 +1,69 @@ +{ + "psa_framework_version": 1.0, + "name": "SERVER_PARTITION", + "type": "APPLICATION-ROT", + "priority": "NORMAL", + "description": "Server partition executing server test func", + "entry_point": "server_main", + "stack_size": "0x400", + "heap_size": "0x100", + "services": [{ + "name": "SERVER_TEST_DISPATCHER_SID", + "sid": "0x0000FB01", + "signal": "SERVER_TEST_DISPATCHER_SIG", + "non_secure_clients": true, + "minor_version": 1, + "minor_policy": "RELAXED" + }, + { + "name": "SERVER_SECURE_CONNECT_ONLY_SID", + "sid": "0x0000FB02", + "signal": "SERVER_SECURE_CONNECT_ONLY_SIG", + "non_secure_clients": false, + "minor_version": 2, + "minor_policy": "RELAXED" + }, + { + "name": "SERVER_STRICT_MINOR_VERSION_SID", + "sid": "0x0000FB03", + "signal": "SERVER_STRICT_MINOR_VERSION_SIG", + "non_secure_clients": true, + "minor_version": 2, + "minor_policy": "STRICT" + }, + { + "name": "SERVER_UNSPECIFED_MINOR_V_SID", + "sid": "0x0000FB04", + "signal": "SERVER_UNSPECIFED_MINOR_V_SIG", + "non_secure_clients": true + }, + { + "name": "SERVER_RELAX_MINOR_VERSION_SID", + "sid": "0x0000FB05", + "signal": "SERVER_RELAX_MINOR_VERSION_SIG", + "non_secure_clients": true, + "minor_version": 2, + "minor_policy": "RELAXED" + }, + { + "name": "SERVER_UNEXTERN_SID", + "sid": "0x0000FB06", + "signal": "SERVER_UNEXTERN_SIG", + "non_secure_clients": true, + "minor_version": 2, + "minor_policy": "RELAXED" + }, + { + "name": "SERVER_CONNECTION_DROP_SID", + "sid": "0x0000FB07", + "signal": "SERVER_CONNECTION_DROP_SIG", + "non_secure_clients": true, + "minor_version": 2, + "minor_policy": "RELAXED" + } + ], + "dependencies": [ + "DRIVER_UART_SID", + "DRIVER_NVMEM_SID" + ] +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_empty_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_empty_intf.c new file mode 100644 index 00000000..578b4cef --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_empty_intf.c @@ -0,0 +1,93 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_client_api_intf.h" + +/** + * @brief - Retrieve the version of the PSA Framework API that is implemented. + * This is a wrapper API for psa_framework_version API. + * @param - void + * @return - The PSA Framework API version. + */ + +uint32_t pal_ipc_framework_version(void) +{ + return 0; +} + +/** + * @brief - Retrieve the minor version of a Root of Trust Service by its SID. + * This is a wrapper API for the psa_version API. + * @param - sid The Root of Trust Service ID + * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust + * Service not present on the system. + */ + +uint32_t pal_ipc_version(uint32_t sid) +{ + return PSA_VERSION_NONE; +} + +/** + * @brief - Connect to given sid. + * This is a wrapper API for the psa_connect API. + * @param - sid : RoT service id + * @param - minor_version : minor_version of RoT service + * @return - psa_handle_t : return connection handle + */ + +psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version) +{ + return PSA_NULL_HANDLE; +} + +/** + * @brief Call a connected Root of Trust Service. + * This is a wrapper API for the psa_call API. + * The caller must provide an array of ::psa_invec_t structures as the input payload. + * + * @param -handle Handle for the connection. + * @param -in_vec Array of psa_invec structures. + * @param -in_len Number of psa_invec structures in in_vec. + * @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response. + * @param -out_len Number of psa_outvec structures in out_vec. + * @return -psa_status_t + */ + +psa_status_t pal_ipc_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + return (PSA_SUCCESS - 1); +} + +/** + * @brief Close a connection to a Root of Trust Service. + * This is a wrapper API for the psa_close API. + * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources. + * + * @param handle Handle for the connection. + * @return void + */ + +void pal_ipc_close(psa_handle_t handle) +{ + return; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_intf.c new file mode 100644 index 00000000..20ddd118 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_intf.c @@ -0,0 +1,97 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_client_api_intf.h" + +/** + * @brief - Retrieve the version of the PSA Framework API that is implemented. + * This is a wrapper API for psa_framework_version API. + * @param - void + * @return - The PSA Framework API version. + * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented. + */ + +uint32_t pal_ipc_framework_version(void) +{ + return (psa_framework_version()); +} + +/** + * @brief - Retrieve the minor version of a Root of Trust Service by its SID. + * This is a wrapper API for the psa_version API. + * @param - sid The Root of Trust Service ID + * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust + * Service not present on the system. + * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented. + */ + +uint32_t pal_ipc_version(uint32_t sid) +{ + return (psa_version(sid)); +} + +/** + * @brief - Connect to given sid. + * This is a wrapper API for the psa_connect API. + * @param - sid : RoT service id + * @param - minor_version : minor_version of RoT service + * @return - psa_handle_t : return connection handle + * Note - Return PSA_NULL_HANDLE if PSA IPC is not implemented. + */ + +psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version) +{ + return (psa_connect(sid, minor_version)); +} + +/** + * @brief Call a connected Root of Trust Service. + * This is a wrapper API for the psa_call API. + * The caller must provide an array of ::psa_invec_t structures as the input payload. + * + * @param -handle Handle for the connection. + * @param -in_vec Array of psa_invec structures. + * @param -in_len Number of psa_invec structures in in_vec. + * @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response. + * @param -out_len Number of psa_outvec structures in out_vec. + * @return -psa_status_t + * Note - Return -1 if PSA IPC is not implemented. + */ + +psa_status_t pal_ipc_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + return (psa_call(handle, in_vec, in_len, out_vec, out_len)); +} + +/** + * @brief Close a connection to a Root of Trust Service. + * This is a wrapper API for the psa_close API. + * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources. + * + * @param - handle Handle for the connection. + * @return - void + */ + +void pal_ipc_close(psa_handle_t handle) +{ + psa_close(handle); +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_intf.h new file mode 100644 index 00000000..3f5741e0 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_client_api_intf.h @@ -0,0 +1,32 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_CLIENT_API_H_ +#define _PAL_CLIENT_API_H_ + +#include "pal_common.h" + +uint32_t pal_ipc_framework_version(void); +uint32_t pal_ipc_version(uint32_t sid); +psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version); +psa_status_t pal_ipc_call(psa_handle_t handle, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len); +void pal_ipc_close(psa_handle_t handle); +#endif /* _PAL_CLIENT_API_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_common.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_common.h new file mode 100644 index 00000000..3ebe1e10 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_common.h @@ -0,0 +1,118 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_COMMON_H_ +#define _PAL_COMMON_H_ + +#include +#include +#include +#include +#include + +#ifndef TARGET_CFG_BUILD +#include "pal_config.h" +#include "pal_crypto_config.h" +#endif + +/* typedef's */ +typedef uint8_t bool_t; +typedef uint32_t addr_t; +typedef uint32_t test_id_t; +typedef uint32_t block_id_t; +typedef char char8_t; +typedef uint32_t cfg_id_t; + +#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF + +typedef enum +{ + PAL_STATUS_SUCCESS = 0x0, + PAL_STATUS_ERROR = 0x80 +} pal_status_t; + +typedef enum { + NVMEM_READ = 0x1, + NVMEM_WRITE = 0x2, +} nvmem_fn_type_t; + +typedef struct { + nvmem_fn_type_t nvmem_fn_type; + addr_t base; + uint32_t offset; + int size; +} nvmem_param_t; + +typedef enum { + WD_INIT_SEQ = 0x1, + WD_ENABLE_SEQ = 0x2, + WD_DISABLE_SEQ = 0x3, + WD_STATUS_SEQ = 0x4, +} wd_fn_type_t; + +typedef enum { + WD_LOW_TIMEOUT = 0x1, + WD_MEDIUM_TIMEOUT = 0x2, + WD_HIGH_TIMEOUT = 0x3, + WD_CRYPTO_TIMEOUT = 0x4, +} wd_timeout_type_t; + +typedef struct { + wd_fn_type_t wd_fn_type; + addr_t wd_base_addr; + uint32_t wd_time_us; + uint32_t wd_timer_tick_us; +} wd_param_t; + +typedef enum { + UART_INIT = 0x1, + UART_PRINT = 0x2, +} uart_fn_type_t; + +/* + * Redefining some of the client.h elements for compilation to go through + * when PSA IPC APIs are not implemented. + */ +#if (PSA_IPC_IMPLEMENTED == 0) + +#ifndef PSA_VERSION_NONE +#define PSA_VERSION_NONE (0) +#endif + +#ifndef PSA_SUCCESS +#define PSA_SUCCESS (0) +typedef int32_t psa_status_t; +#endif +typedef int32_t psa_handle_t; + +#ifndef PSA_NULL_HANDLE +#define PSA_NULL_HANDLE ((psa_handle_t)0) +#endif + +typedef struct psa_invec { + const void *base; + size_t len; +} psa_invec; + +typedef struct psa_outvec { + void *base; + size_t len; +} psa_outvec; + +#endif /* PSA_IPC_IMPLEMENTED */ + +#endif /* _PAL_COMMON_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h new file mode 100644 index 00000000..e3f70ad7 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h @@ -0,0 +1,119 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_CONFIG_H_ +#define _PAL_CONFIG_H_ + +/* + * List of macros used by test suite + */ +#if !defined(PSA_IPC_IMPLEMENTED) +#define PSA_IPC_IMPLEMENTED 0 +#endif + +#if !defined(PSA_CRYPTO_IMPLEMENTED) +#define PSA_CRYPTO_IMPLEMENTED 0 +#endif + +#if !defined(PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED) +#define PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED 0 +#endif + +#if !defined(PSA_PROTECTED_STORAGE_IMPLEMENTED) +#define PSA_PROTECTED_STORAGE_IMPLEMENTED 0 +#endif + +#if !defined(PSA_INITIAL_ATTESTATION_IMPLEMENTED) +#define PSA_INITIAL_ATTESTATION_IMPLEMENTED 0 +#endif + +#if (PSA_IPC_IMPLEMENTED == 0) && \ + (PSA_CRYPTO_IMPLEMENTED == 0) && \ + (PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED == 0) && \ + (PSA_PROTECTED_STORAGE_IMPLEMENTED == 0) && \ + (PSA_INITIAL_ATTESTATION_IMPLEMENTED == 0) +#error "You must define at least one of these macros to run test suite" +#endif + +#if !defined(VERBOSE) +#define VERBOSE 3 /* Print verbosity = TEST */ +#endif + +#if (!defined(VAL_NSPE_BUILD) && !defined(SPE_BUILD)) +#define VAL_NSPE_BUILD 1 +#endif + +#if (!defined(NONSECURE_TEST_BUILD) && !defined(SPE_BUILD)) +#define NONSECURE_TEST_BUILD 1 +#endif + +#if !defined(TEST_COMBINE_ARCHIVE) +#define TEST_COMBINE_ARCHIVE 0 /* Combine test archive or binary? */ +#endif + +#if !defined(WATCHDOG_AVAILABLE) +#define WATCHDOG_AVAILABLE 0 /* If zero, skip watchdog programming */ +#endif + +#if !defined(SP_HEAP_MEM_SUPP) +#define SP_HEAP_MEM_SUPP 0 /* Are Dynamic funcs available to secure partition? */ +#endif + +/* + * Include of PSA defined Header files + */ + +#if PSA_IPC_IMPLEMENTED +/* psa/client.h: Contains the PSA Client API elements */ +#include "psa/client.h" + +/* + * psa_manifest/sid.h: Macro definitions derived from manifest files that map from RoT Service + * names to Service IDs (SIDs). Partition manifest parse build tool must provide the implementation + * of this file. +*/ +#include "psa_manifest/sid.h" + +/* + * psa_manifest/pid.h: Secure Partition IDs + * Macro definitions that map from Secure Partition names to Secure Partition IDs. + * Partition manifest parse build tool must provide the implementation of this file. +*/ +#include "psa_manifest/pid.h" +#endif + +#if PSA_CRYPTO_IMPLEMENTED +/* psa/crypto.h: Contains the PSA Crypto API elements */ +#include "psa/crypto.h" +#endif + +#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED +/* psa/internal_trusted_storage.h: Contains the PSA ITS API elements */ +#include "psa/internal_trusted_storage.h" +#endif + +#if PSA_PROTECTED_STORAGE_IMPLEMENTED +/* psa/protected_storage.h: Contains the PSA PS API elements */ +#include "psa/protected_storage.h" +#endif + +#if PSA_INITIAL_ATTESTATION_IMPLEMENTED +/* psa/initial_attestation.h: Contains the PSA Initial Attestation API elements */ +#include "psa/initial_attestation.h" +#endif + +#endif /* _PAL_CONFIG_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_driver_ipc_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_driver_ipc_intf.c new file mode 100644 index 00000000..f8f773fb --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_driver_ipc_intf.c @@ -0,0 +1,305 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_client_api_intf.h" + +/** + @brief - This function initializes the UART + @param - uart base addr + @return - SUCCESS/FAILURE +**/ +int pal_uart_init_ns(uint32_t uart_base_addr) +{ + psa_handle_t print_handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + uart_fn_type_t uart_fn = UART_INIT; + + psa_invec data[3] = {{&uart_fn, sizeof(uart_fn)}, + {&uart_base_addr, sizeof(uart_base_addr)}, + {NULL, 0}}; + + print_handle = pal_ipc_connect(DRIVER_UART_SID, 0); + if (print_handle < 0) + { + return(PAL_STATUS_ERROR); + } + + status_of_call = pal_ipc_call(print_handle, data, 3, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + return(PAL_STATUS_ERROR); + } + + pal_ipc_close(print_handle); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - This function parses the input string and writes bytes into UART TX FIFO + @param - str : Input String + - data : Value for format specifier + @return - SUCCESS/FAILURE +**/ + +int pal_print_ns(char *str, int32_t data) +{ + int string_len = 0; + char *p = str; + psa_handle_t print_handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + pal_status_t status = PAL_STATUS_SUCCESS; + uart_fn_type_t uart_fn = UART_PRINT; + + while (*p != '\0') + { + string_len++; + p++; + } + + psa_invec data1[3] = {{&uart_fn, sizeof(uart_fn)}, + {str, string_len+1}, + {&data, sizeof(data)}}; + print_handle = pal_ipc_connect(DRIVER_UART_SID, 0); + + if (print_handle < 0) + { + return PAL_STATUS_ERROR; + } + else + { + status_of_call = pal_ipc_call(print_handle, data1, 3, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + status = PAL_STATUS_ERROR; + } + } + pal_ipc_close(print_handle); + return status; +} + +/** + @brief - Initializes an hardware watchdog timer + @param - base_addr : Base address of the watchdog module + - time_us : Time in micro seconds + - timer_tick_us : Number of ticks per micro second + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_init_ns(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us) +{ + wd_param_t wd_param; + psa_handle_t handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + + wd_param.wd_fn_type = WD_INIT_SEQ; + wd_param.wd_base_addr = base_addr; + wd_param.wd_time_us = time_us; + wd_param.wd_timer_tick_us = timer_tick_us; + psa_invec invec[1] = {{&wd_param, sizeof(wd_param)}}; + + handle = pal_ipc_connect(DRIVER_WATCHDOG_SID, 0); + if (handle < 0) + { + return PAL_STATUS_ERROR; + } + else + { + status_of_call = pal_ipc_call(handle, invec, 1, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + pal_ipc_close(handle); + return PAL_STATUS_ERROR; + } + } + pal_ipc_close(handle); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - Enables a hardware watchdog timer + @param - base_addr : Base address of the watchdog module + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_enable_ns(addr_t base_addr) +{ + wd_param_t wd_param; + psa_handle_t handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + + wd_param.wd_fn_type = WD_ENABLE_SEQ; + wd_param.wd_base_addr = base_addr; + wd_param.wd_time_us = 0; + wd_param.wd_timer_tick_us = 0; + psa_invec invec[1] = {{&wd_param, sizeof(wd_param)}}; + + handle = pal_ipc_connect(DRIVER_WATCHDOG_SID, 0); + if (handle < 0) + { + return PAL_STATUS_ERROR; + } + else + { + status_of_call = pal_ipc_call(handle, invec, 1, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + pal_ipc_close(handle); + return PAL_STATUS_ERROR; + } + } + pal_ipc_close(handle); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - Disables a hardware watchdog timer + @param - base_addr : Base address of the watchdog module + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_disable_ns(addr_t base_addr) +{ + wd_param_t wd_param; + psa_handle_t handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + + wd_param.wd_fn_type = WD_DISABLE_SEQ; + wd_param.wd_base_addr = base_addr; + wd_param.wd_time_us = 0; + wd_param.wd_timer_tick_us = 0; + psa_invec invec[1] = {{&wd_param, sizeof(wd_param)}}; + + handle = pal_ipc_connect(DRIVER_WATCHDOG_SID, 0); + if (handle < 0) + { + return PAL_STATUS_ERROR; + } + else + { + status_of_call = pal_ipc_call(handle, invec, 1, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + pal_ipc_close(handle); + return PAL_STATUS_ERROR; + } + } + pal_ipc_close(handle); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - Reads from given non-volatile address. + @param - base : Base address of nvmem + offset : Offset + buffer : Pointer to source address + size : Number of bytes + @return - SUCCESS/FAILURE +**/ +int pal_nvmem_read_ns(addr_t base, uint32_t offset, void *buffer, int size) +{ + nvmem_param_t nvmem_param; + psa_handle_t handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + + nvmem_param.nvmem_fn_type = NVMEM_READ; + nvmem_param.base = base; + nvmem_param.offset = offset; + nvmem_param.size = size; + psa_invec invec[1] = {{&nvmem_param, sizeof(nvmem_param)}}; + psa_outvec outvec[1] = {{buffer, size}}; + + handle = pal_ipc_connect(DRIVER_NVMEM_SID, 0); + if (handle < 0) + { + return PAL_STATUS_ERROR; + } + else + { + status_of_call = pal_ipc_call(handle, invec, 1, outvec, 1); + if (status_of_call != PSA_SUCCESS) + { + pal_ipc_close(handle); + return PAL_STATUS_ERROR; + } + } + psa_close(handle); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - Writes into given non-volatile address. + @param - base : Base address of nvmem + offset : Offset + buffer : Pointer to source address + size : Number of bytes + @return - SUCCESS/FAILURE +**/ +int pal_nvmem_write_ns(addr_t base, uint32_t offset, void *buffer, int size) +{ + nvmem_param_t nvmem_param; + psa_handle_t handle = 0; + psa_status_t status_of_call = PSA_SUCCESS; + + nvmem_param.nvmem_fn_type = NVMEM_WRITE; + nvmem_param.base = base; + nvmem_param.offset = offset; + nvmem_param.size = size; + psa_invec invec[2] = {{&nvmem_param, sizeof(nvmem_param)}, {buffer, size}}; + + handle = pal_ipc_connect(DRIVER_NVMEM_SID, 0); + if (handle < 0) + { + return PAL_STATUS_ERROR; + } + else + { + status_of_call = pal_ipc_call(handle, invec, 2, NULL, 0); + if (status_of_call != PSA_SUCCESS) + { + pal_ipc_close(handle); + return PAL_STATUS_ERROR; + } + } + pal_ipc_close(handle); + return PAL_STATUS_SUCCESS; +} + +/** + * @brief - This function will read peripherals using SPI commands + * @param - addr : address of the peripheral + * data : read buffer + * len : length of the read buffer in bytes + * @return - error status +**/ +int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len) +{ + return 0xFF; +} + +/** + * @brief - Terminates the simulation at the end of all tests completion. + * By default, it put cpus into power down mode. + * @param - void + * @return - void +**/ +void pal_terminate_simulation(void) +{ + /* Add logic to terminate the simluation */ + + while(1) + { + asm volatile("WFI"); + } +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_driver_ns_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_driver_ns_intf.c new file mode 100644 index 00000000..338df6cb --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_driver_ns_intf.c @@ -0,0 +1,145 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_uart.h" +#include "pal_nvmem.h" +#include "pal_wd_cmsdk.h" + +/** + @brief - This function initializes the UART + @param - uart base addr + @return - SUCCESS/FAILURE +**/ +int pal_uart_init_ns(uint32_t uart_base_addr) +{ + pal_uart_pl011_init(uart_base_addr); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - This function parses the input string and writes bytes into UART TX FIFO + @param - str : Input String + - data : Value for format specifier + @return - SUCCESS/FAILURE +**/ + +int pal_print_ns(char *str, int32_t data) +{ + pal_uart_pl011_print(str, data); + return PAL_STATUS_SUCCESS; +} + +/** + @brief - Initializes an hardware watchdog timer + @param - base_addr : Base address of the watchdog module + - time_us : Time in micro seconds + - timer_tick_us : Number of ticks per micro second + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_init_ns(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us) +{ + return(pal_wd_cmsdk_init(base_addr,time_us, timer_tick_us)); +} + +/** + @brief - Enables a hardware watchdog timer + @param - base_addr : Base address of the watchdog module + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_enable_ns(addr_t base_addr) +{ + return(pal_wd_cmsdk_enable(base_addr)); +} + +/** + @brief - Disables a hardware watchdog timer + @param - base_addr : Base address of the watchdog module + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_disable_ns(addr_t base_addr) +{ + return (pal_wd_cmsdk_disable(base_addr)); +} + +/** + @brief - Reads from given non-volatile address. + @param - base : Base address of nvmem + offset : Offset + buffer : Pointer to source address + size : Number of bytes + @return - SUCCESS/FAILURE +**/ +int pal_nvmem_read_ns(addr_t base, uint32_t offset, void *buffer, int size) +{ + if (nvmem_read(base, offset, buffer, size)) + { + return PAL_STATUS_SUCCESS; + } + else + { + return PAL_STATUS_ERROR; + } +} + +/** + @brief - Writes into given non-volatile address. + @param - base : Base address of nvmem + offset : Offset + buffer : Pointer to source address + size : Number of bytes + @return - SUCCESS/FAILURE +**/ +int pal_nvmem_write_ns(addr_t base, uint32_t offset, void *buffer, int size) +{ + if (nvmem_write(base, offset, buffer, size)) + { + return PAL_STATUS_SUCCESS; + } + else + { + return PAL_STATUS_ERROR; + } +} + +/** + * @brief - This function will read peripherals using SPI commands + * @param - addr : address of the peripheral + * data : read buffer + * len : length of the read buffer in bytes + * @return - error status +**/ +int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len) +{ + return 0xFF; +} + +/** + * @brief - Terminates the simulation at the end of all tests completion. + * By default, it put cpus into power down mode. + * @param - void + * @return - void +**/ +void pal_terminate_simulation(void) +{ + /* Add logic to terminate the simluation */ + + while(1) + { + asm volatile("WFI"); + } +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config.h new file mode 100644 index 00000000..ab11fd16 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config.h @@ -0,0 +1,323 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +/* + * \file pal_crypto_config.h + * + * \brief Configuration options for crypto tests (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively for crypto test suite + */ + +#ifndef _PAL_CRYPTO_CONFIG_H_ +#define _PAL_CRYPTO_CONFIG_H_ +/** + * \def ARCH_TEST_RSA + * + * Enable the RSA public-key cryptosystem. + * By default all supported keys are enabled. + * + * Comment macros to disable the types + */ +#define ARCH_TEST_RSA +#define ARCH_TEST_RSA_1024 +#define ARCH_TEST_RSA_2048 +#define ARCH_TEST_RSA_3072 + +/** + * \def ARCH_TEST_ECC + * \def ARCH_TEST_ECC_CURVE_SECPXXXR1 + * + * Enable the elliptic curve + * Enable specific curves within the Elliptic Curve + * module. By default all supported curves are enabled. + * + * Requires: ARCH_TEST_ECC + * Comment macros to disable the curve + */ +#define ARCH_TEST_ECC +#define ARCH_TEST_ECC_CURVE_SECP192R1 +#define ARCH_TEST_ECC_CURVE_SECP224R1 +#define ARCH_TEST_ECC_CURVE_SECP256R1 +#define ARCH_TEST_ECC_CURVE_SECP384R1 + +/** + * \def ARCH_TEST_AES + * + * Enable the AES block cipher. + * By default all supported keys are enabled. + * + * Comment macros to disable the types + */ +#define ARCH_TEST_AES +#define ARCH_TEST_AES_128 +#define ARCH_TEST_AES_192 +#define ARCH_TEST_AES_256 +#define ARCH_TEST_AES_512 + +/** + * \def ARCH_TEST_DES + * + * Enable the DES block cipher. + * By default all supported keys are enabled. + * + * Comment macros to disable the types + */ +//#define ARCH_TEST_DES +//#define ARCH_TEST_DES_1KEY +//#define ARCH_TEST_DES_2KEY +//#define ARCH_TEST_DES_3KEY + +/** + * \def ARCH_TEST_RAW + * + * A "key" of this type cannot be used for any cryptographic operation. + * Applications may use this type to store arbitrary data in the keystore. + */ +#define ARCH_TEST_RAW + +/** + * \def ARCH_TEST_CIPER + * + * Enable the generic cipher layer. + */ + +#define ARCH_TEST_CIPER + +/** + * \def ARCH_TEST_ARC4 + * + * Enable the ARC4 key type. + */ +//#define ARCH_TEST_ARC4 + +/** + * \def ARCH_TEST_CIPER_MODE_CTR + * + * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. + * + * Requires: ARCH_TEST_CIPER + */ +#define ARCH_TEST_CIPER_MODE_CTR + +/** + * \def ARCH_TEST_CIPER_MODE_CFB + * + * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + * + * Requires: ARCH_TEST_CIPER + */ +#define ARCH_TEST_CIPER_MODE_CFB + +/** + * \def ARCH_TEST_CIPER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + * + * Requires: ARCH_TEST_CIPER + */ +#define ARCH_TEST_CIPER_MODE_CBC + +/** + * \def ARCH_TEST_CTR_AES + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CTR + */ +#define ARCH_TEST_CTR_AES + +/** + * \def ARCH_TEST_CBC_AES + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CBC + * + * Comment macros to disable the types + */ +#define ARCH_TEST_CBC_AES +#define ARCH_TEST_CBC_AES_NO_PADDING + +/** + * \def ARCH_TEST_CBC_NO_PADDING + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_CIPER_MODE_CBC + * + * Comment macros to disable the types + */ +#define ARCH_TEST_CBC_NO_PADDING + +/** + * \def ARCH_TEST_CFB_AES + * + * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CFB + */ +#define ARCH_TEST_CFB_AES + +/** + * \def ARCH_TEST_PKCS1V15_* + * + * Enable support for PKCS#1 v1.5 encoding. + * Enable support for PKCS#1 v1.5 operations. + * Enable support for RSA-OAEP + * + * Requires: ARCH_TEST_RSA, ARCH_TEST_PKCS1V15 + * + * Comment macros to disable the types + */ +#define ARCH_TEST_PKCS1V15 +#define ARCH_TEST_RSA_PKCS1V15_SIGN +#define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW +#define ARCH_TEST_RSA_PKCS1V15_CRYPT +#define ARCH_TEST_RSA_OAEP + +/** + * \def ARCH_TEST_CBC_PKCS7 + * + * Requires: ARCH_TEST_CIPER_MODE_CBC + * + * Comment macros to disable the types + */ +#define ARCH_TEST_CBC_PKCS7 + +/** + * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION + * + * Enable support for Asymmetric encryption algorithms + */ +#define ARCH_TEST_ASYMMETRIC_ENCRYPTION + +/** + * \def ARCH_TEST_HASH + * + * Enable the hash algorithm. + */ +#define ARCH_TEST_HASH + +/** + * \def ARCH_TEST_HMAC + * + * The key policy determines which underlying hash algorithm the key can be + * used for. + * + * Requires: ARCH_TEST_HASH + */ +#define ARCH_TEST_HMAC + +/** + * \def ARCH_TEST_MDX + * \def ARCH_TEST_SHAXXX + * + * Enable the MDX algorithm. + * Enable the SHAXXX algorithm. + * + * Requires: ARCH_TEST_HASH + * + * Comment macros to disable the types + */ +//#define ARCH_TEST_MD2 +//#define ARCH_TEST_MD4 +//#define ARCH_TEST_MD5 +//#define ARCH_TEST_RIPEMD160 +#define ARCH_TEST_SHA1 +#define ARCH_TEST_SHA224 +#define ARCH_TEST_SHA256 +#define ARCH_TEST_SHA384 +#define ARCH_TEST_SHA512 +//#define ARCH_TEST_SHA512_224 +//#define ARCH_TEST_SHA512_256 +//#define ARCH_TEST_SHA3_224 +//#define ARCH_TEST_SHA3_256 +//#define ARCH_TEST_SHA3_384 +//#define ARCH_TEST_SHA3_512 + +/** + * \def ARCH_TEST_HKDF + * + * Enable the HKDF algorithm (RFC 5869). + * + * Requires: ARCH_TEST_HASH +*/ +#define ARCH_TEST_HKDF + +/** + * \def ARCH_TEST_xMAC + * + * Enable the xMAC (Cipher/Hash/G-based Message Authentication Code) mode for block + * ciphers. + * Requires: ARCH_TEST_AES or ARCH_TEST_DES + * + * Comment macros to disable the types + */ +#define ARCH_TEST_CMAC +#define ARCH_TEST_GMAC +#define ARCH_TEST_HMAC + +/** + * \def ARCH_TEST_CCM + * + * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. + * + * Requires: ARCH_TEST_AES + */ +#define ARCH_TEST_CCM + +/** + * \def ARCH_TEST_GCM + * + * Enable the Galois/Counter Mode (GCM) for AES. + * + * Requires: ARCH_TEST_AES + * + */ +#define ARCH_TEST_GCM + +/** + * \def ARCH_TEST_TRUNCATED_MAC + * + * Enable support for RFC 6066 truncated HMAC in SSL. + * + * Comment this macro to disable support for truncated HMAC in SSL + */ +#define ARCH_TEST_TRUNCATED_MAC + + +/** + * \def ARCH_TEST_ECDH + * + * Enable the elliptic curve Diffie-Hellman library. + * + * Requires: ARCH_TEST_ECC + */ +#define ARCH_TEST_ECDH + +/** + * \def ARCH_TEST_ECDSA + * + * Enable the elliptic curve DSA library. + * Requires: ARCH_TEST_ECC + */ +#define ARCH_TEST_ECDSA + +/** + * \def ARCH_TEST_DETERMINISTIC_ECDSA + * + * Enable deterministic ECDSA (RFC 6979). +*/ +#define ARCH_TEST_DETERMINISTIC_ECDSA + +#include "pal_crypto_config_check.h" + +#endif /* _PAL_CRYPTO_CONFIG_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h new file mode 100644 index 00000000..f18a7852 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h @@ -0,0 +1,223 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +/** + * \file pal_crypto_config_check.h + * + * \brief Consistency checks for configuration options + * + */ + +#ifndef _PAL_CRYPTO_CONFIG_CHECK_H_ +#define _PAL_CRYPTO_CONFIG_CHECK_H_ + +#if defined(ARCH_TEST_RSA_1024) && !defined(ARCH_TEST_RSA) +#error "ARCH_TEST_RSA_1024 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_2048) && !defined(ARCH_TEST_RSA) +#error "ARCH_TEST_RSA_2048 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_3072) && !defined(ARCH_TEST_RSA) +#error "ARCH_TEST_RSA_3072 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP192R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP192R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP224R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP224R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP256R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP256R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECC_CURVE_SECP384R1) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECC_CURVE_SECP384R1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_AES_128) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_AES_128 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_AES_256) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_AES_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_AES_512) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_AES_512 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_DES_1KEY) && !defined(ARCH_TEST_DES) +#error "ARCH_TEST_DES_1KEY defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_DES_2KEY) && !defined(ARCH_TEST_DES) +#error "ARCH_TEST_DES_2KEY defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_DES_3KEY) && !defined(ARCH_TEST_DES) +#error "ARCH_TEST_DES_3KEY defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CIPER_MODE_CTR) && !defined(ARCH_TEST_CIPER) +#error "ARCH_TEST_CIPER_MODE_CTR defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CIPER_MODE_CFB) && !defined(ARCH_TEST_CIPER) +#error "ARCH_TEST_CIPER_MODE_CFB defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CIPER_MODE_CBC) && !defined(ARCH_TEST_CIPER) +#error "ARCH_TEST_CIPER_MODE_CBC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CTR_AES) &&\ + (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CTR)) +#error "ARCH_TEST_CTR_AES defined, but not all prerequisites" +#endif + +#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\ + (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC)) +#error "ARCH_TEST_CBC_AES defined, but not all prerequisites" +#endif + +#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\ + (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC)) +#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CFB_AES) &&\ + (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CFB)) +#error "ARCH_TEST_CFB_AES defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN) &&\ + (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15)) +#error "ARCH_TEST_RSA_PKCS1V15_SIGN defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN_RAW) &&\ + (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15)) +#error "ARCH_TEST_RSA_PKCS1V15_SIGN_RAW defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RSA_PKCS1V15_CRYPT) &&\ + (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15)) +#error "ARCH_TEST_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CBC_PKCS7) && !defined(ARCH_TEST_CIPER_MODE_CBC) +#error "ARCH_TEST_CBC_PKCS7 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_HMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_MD2) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_MD2 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_MD4) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_MD4 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_MD5) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_MD5 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_RIPEMD160) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_RIPEMD160 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA1) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA1 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA224) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA224 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA256) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA512) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA512 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA512_224) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA512_224 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA512_256) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA512_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_224) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_224 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_256) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_384) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_SHA3_512) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_HKDF) && !defined(ARCH_TEST_HASH) +#error "ARCH_TEST_HKDF defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CMAC) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_CMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_GMAC) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_GMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_HMAC defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_CCM) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_CCM defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_GCM) && !defined(ARCH_TEST_AES) +#error "ARCH_TEST_GCM defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECDH) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECDH defined, but not all prerequisites" +#endif + +#if defined(ARCH_TEST_ECDSA) && !defined(ARCH_TEST_ECC) +#error "ARCH_TEST_ECDSA defined, but not all prerequisites" +#endif + +#endif /* _PAL_CRYPTO_CONFIG_CHECK_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_empty_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_empty_intf.c new file mode 100644 index 00000000..2a28f397 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_empty_intf.c @@ -0,0 +1,30 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include +#include "pal_common.h" + +/** + @brief - This API will call the requested crypto function + @param - type : function code + valist : variable argument list + @return - error status +**/ +int32_t pal_crypto_function(int type, va_list valist) +{ + return PAL_STATUS_ERROR; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c new file mode 100644 index 00000000..3df6aa8d --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c @@ -0,0 +1,340 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + + +#include "pal_crypto_intf.h" + +#define PAL_KEY_SLOT_COUNT 32 + +/** + @brief - This API will call the requested crypto function + @param - type : function code + valist : variable argument list + @return - error status +**/ +int32_t pal_crypto_function(int type, va_list valist) +{ + int i; + size_t size, *length, salt_length, label_length, ciphertext_size; + uint8_t *buffer, *ciphertext; + const uint8_t *salt, *label, *nonce, *additional_data; + uint8_t *plaintext; + uint32_t status; + const void *extra; + size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length; + psa_key_handle_t handle, *key_handle, target_handle; + psa_key_type_t key_type, *key_type_out; + psa_key_policy_t *policy; + psa_key_usage_t usage, *usage_out; + psa_key_lifetime_t *lifetime_out; + psa_algorithm_t alg, *alg_out; + psa_hash_operation_t *hash_operation; + psa_mac_operation_t *mac_operation; + psa_cipher_operation_t *cipher_operation; + psa_crypto_generator_t *generator; + + switch (type) + { + case PAL_CRYPTO_INIT: + return psa_crypto_init(); + case PAL_CRYPTO_GENERATE_RANDOM: + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, int); + return psa_generate_random(buffer, size); + case PAL_CRYPTO_IMPORT_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type = va_arg(valist, psa_key_type_t); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, int); + status = psa_import_key(handle, key_type, buffer, size); + return status; + case PAL_CRYPTO_EXPORT_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + buffer = (uint8_t *)(va_arg(valist, uint8_t*)); + size = va_arg(valist, int); + length = (size_t *)va_arg(valist, size_t*); + status = psa_export_key(handle, buffer, size, length); + return status; + case PAL_CRYPTO_EXPORT_PUBLIC_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + buffer = (uint8_t *)(va_arg(valist, uint8_t*)); + size = va_arg(valist, int); + length = (size_t *)va_arg(valist, size_t*); + status = psa_export_public_key(handle, buffer, size, length); + return status; + case PAL_CRYPTO_KEY_POLICY_INIT: + policy = va_arg(valist, psa_key_policy_t*); + memset(policy, 0, sizeof(psa_key_policy_t)); + return 0; + case PAL_CRYPTO_KEY_POLICY_SET_USAGE: + policy = va_arg(valist, psa_key_policy_t*); + usage = va_arg(valist, psa_key_usage_t); + alg = va_arg(valist, psa_algorithm_t); + psa_key_policy_set_usage(policy, usage, alg); + return 0; + case PAL_CRYPTO_SET_KEY_POLICY: + handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_set_key_policy(handle, policy); + case PAL_CRYPTO_DESTROY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + status = psa_destroy_key(handle); + return status; + case PAL_CRYPTO_GET_KEY_INFORMATION: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type_out = va_arg(valist, psa_key_type_t*); + length = (size_t *)va_arg(valist, size_t*); + status = psa_get_key_information(handle, key_type_out, length); + return status; + case PAL_CRYPTO_GET_KEY_POLICY: + handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_get_key_policy(handle, policy); + case PAL_CRYPTO_KEY_POLICY_GET_USAGE: + policy = va_arg(valist, psa_key_policy_t*); + usage_out = va_arg(valist, psa_key_usage_t*); + *usage_out = psa_key_policy_get_usage(policy); + return 0; + case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM: + policy = va_arg(valist, psa_key_policy_t*); + alg_out = va_arg(valist, psa_algorithm_t*); + *alg_out = psa_key_policy_get_algorithm(policy); + return 0; + case PAL_CRYPTO_GET_KEY_LIFETIME: + handle = (psa_key_handle_t)va_arg(valist, int); + lifetime_out = va_arg(valist, psa_key_lifetime_t*); + return psa_get_key_lifetime(handle, lifetime_out); + case PAL_CRYPTO_HASH_SETUP: + hash_operation = va_arg(valist, psa_hash_operation_t*); + alg = va_arg(valist, psa_algorithm_t); + return psa_hash_setup(hash_operation, alg); + case PAL_CRYPTO_HASH_UPDATE: + hash_operation = va_arg(valist, psa_hash_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_hash_update(hash_operation, buffer, size); + case PAL_CRYPTO_HASH_VERIFY: + hash_operation = va_arg(valist, psa_hash_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_hash_verify(hash_operation, buffer, size); + case PAL_CRYPTO_HASH_FINISH: + hash_operation = va_arg(valist, psa_hash_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_hash_finish(hash_operation, buffer, size, length); + case PAL_CRYPTO_HASH_ABORT: + hash_operation = va_arg(valist, psa_hash_operation_t*); + return psa_hash_abort(hash_operation); + case PAL_CRYPTO_GENERATE_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type = va_arg(valist, psa_key_type_t); + size = va_arg(valist, size_t); + extra = va_arg(valist, const void*); + extra_size = va_arg(valist, size_t); + return psa_generate_key(handle, key_type, size, extra, extra_size); + case PAL_CRYPTO_GENERATOR_READ: + generator = va_arg(valist, psa_crypto_generator_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, int); + return psa_generator_read(generator, buffer, size); + case PAL_CRYPTO_KEY_DERIVATION: + generator = va_arg(valist, psa_crypto_generator_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + salt = va_arg(valist, const uint8_t *); + salt_length = va_arg(valist, size_t); + label = va_arg(valist, const uint8_t *); + label_length = va_arg(valist, size_t); + capacity = va_arg(valist, size_t); + return psa_key_derivation(generator, handle, alg, salt, salt_length, label, + label_length, capacity); + case PAL_CRYPTO_GET_GENERATOR_CAPACITY: + generator = va_arg(valist, psa_crypto_generator_t*); + gen_cap = va_arg(valist, size_t*); + return psa_get_generator_capacity(generator, gen_cap); + case PAL_CRYPTO_GENERATOR_IMPORT_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + key_type = va_arg(valist, psa_key_type_t); + size = va_arg(valist, size_t); + generator = va_arg(valist, psa_crypto_generator_t*); + return psa_generator_import_key(handle, key_type, size, generator); + case PAL_CRYPTO_GENERATOR_ABORT: + generator = va_arg(valist, psa_crypto_generator_t*); + return psa_generator_abort(generator); + case PAL_CRYPTO_AEAD_ENCRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + nonce = va_arg(valist, const uint8_t *); + nonce_length = va_arg(valist, size_t); + additional_data = va_arg(valist, const uint8_t *); + additional_data_length = va_arg(valist, size_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data, + additional_data_length, plaintext, size, ciphertext, ciphertext_size, length); + case PAL_CRYPTO_AEAD_DECRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + nonce = va_arg(valist, const uint8_t *); + nonce_length = va_arg(valist, size_t); + additional_data = va_arg(valist, const uint8_t *); + additional_data_length = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data, + additional_data_length, ciphertext, ciphertext_size, plaintext, size, length); + case PAL_CRYPTO_MAC_SIGN_SETUP: + mac_operation = va_arg(valist, psa_mac_operation_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_mac_sign_setup(mac_operation, handle, alg); + case PAL_CRYPTO_MAC_UPDATE: + mac_operation = va_arg(valist, psa_mac_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_mac_update(mac_operation, buffer, size); + case PAL_CRYPTO_MAC_SIGN_FINISH: + mac_operation = va_arg(valist, psa_mac_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + length = (size_t *)va_arg(valist, size_t*); + return psa_mac_sign_finish(mac_operation, buffer, size, length); + case PAL_CRYPTO_MAC_VERIFY_SETUP: + mac_operation = va_arg(valist, psa_mac_operation_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_mac_verify_setup(mac_operation, handle, alg); + case PAL_CRYPTO_MAC_VERIFY_FINISH: + mac_operation = va_arg(valist, psa_mac_operation_t*); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_mac_verify_finish(mac_operation, buffer, size); + case PAL_CRYPTO_MAC_ABORT: + mac_operation = va_arg(valist, psa_mac_operation_t*); + return psa_mac_abort(mac_operation); + case PAL_CRYPTO_ASYMMTERIC_ENCRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + salt = va_arg(valist, const uint8_t *); + salt_length = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length, + ciphertext, ciphertext_size, length); + case PAL_CRYPTO_ASYMMTERIC_DECRYPT: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + salt = va_arg(valist, const uint8_t *); + salt_length = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length, + ciphertext, ciphertext_size, length); + case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_cipher_encrypt_setup(cipher_operation, handle, alg); + case PAL_CRYPTO_CIPHER_DECRYPT_SETUP: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + return psa_cipher_decrypt_setup(cipher_operation, handle, alg); + case PAL_CRYPTO_CIPHER_GENERATE_IV: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_cipher_generate_iv(cipher_operation, buffer, size, length); + case PAL_CRYPTO_CIPHER_SET_IV: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + return psa_cipher_set_iv(cipher_operation, buffer, size); + case PAL_CRYPTO_CIPHER_UPDATE: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + plaintext = va_arg(valist, uint8_t *); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size, + length); + case PAL_CRYPTO_CIPHER_FINISH: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_cipher_finish(cipher_operation, ciphertext, ciphertext_size, length); + case PAL_CRYPTO_CIPHER_ABORT: + cipher_operation = va_arg(valist, psa_cipher_operation_t *); + return psa_cipher_abort(cipher_operation); + case PAL_CRYPTO_ASYMMTERIC_SIGN: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + length = va_arg(valist, size_t*); + return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size, + length); + case PAL_CRYPTO_ASYMMTERIC_VERIFY: + handle = (psa_key_handle_t)va_arg(valist, int); + alg = va_arg(valist, psa_algorithm_t); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + ciphertext = va_arg(valist, uint8_t *); + ciphertext_size = va_arg(valist, size_t); + return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size); + case PAL_CRYPTO_KEY_AGREEMENT: + generator = va_arg(valist, psa_crypto_generator_t*); + handle = (psa_key_handle_t)va_arg(valist, int); + buffer = va_arg(valist, uint8_t*); + size = va_arg(valist, size_t); + alg = va_arg(valist, psa_algorithm_t); + return psa_key_agreement(generator, handle, buffer, size, alg); + case PAL_CRYPTO_ALLOCATE_KEY: + key_handle = (psa_key_handle_t *)va_arg(valist, int*); + return psa_allocate_key(key_handle); + case PAL_CRYPTO_COPY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + target_handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_copy_key(handle, target_handle, policy); + case PAL_CRYPTO_FREE: + for (i = 0; i < PAL_KEY_SLOT_COUNT; i++) + psa_destroy_key(i); + return 0; + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h new file mode 100644 index 00000000..d1dabfa4 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h @@ -0,0 +1,76 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_CRYPTO_H_ +#define _PAL_CRYPTO_H_ + +#include "pal_common.h" + +enum crypto_function_code { + PAL_CRYPTO_INIT = 0x1, + PAL_CRYPTO_GENERATE_RANDOM = 0x2, + PAL_CRYPTO_IMPORT_KEY = 0x3, + PAL_CRYPTO_EXPORT_KEY = 0x4, + PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5, + PAL_CRYPTO_DESTROY_KEY = 0x6, + PAL_CRYPTO_GET_KEY_INFO = 0x7, + PAL_CRYPTO_KEY_POLICY_INIT = 0x8, + PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9, + PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA, + PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB, + PAL_CRYPTO_SET_KEY_POLICY = 0xC, + PAL_CRYPTO_GET_KEY_POLICY = 0xD, + PAL_CRYPTO_GET_KEY_INFORMATION = 0xE, + PAL_CRYPTO_GET_KEY_LIFETIME = 0xF, + PAL_CRYPTO_HASH_SETUP = 0x11, + PAL_CRYPTO_HASH_UPDATE = 0x12, + PAL_CRYPTO_HASH_VERIFY = 0x13, + PAL_CRYPTO_HASH_FINISH = 0x14, + PAL_CRYPTO_HASH_ABORT = 0x15, + PAL_CRYPTO_GENERATE_KEY = 0x16, + PAL_CRYPTO_GENERATOR_READ = 0x17, + PAL_CRYPTO_KEY_DERIVATION = 0x18, + PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19, + PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A, + PAL_CRYPTO_GENERATOR_ABORT = 0x1B, + PAL_CRYPTO_AEAD_ENCRYPT = 0x1C, + PAL_CRYPTO_AEAD_DECRYPT = 0x1D, + PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E, + PAL_CRYPTO_MAC_UPDATE = 0x1F, + PAL_CRYPTO_MAC_SIGN_FINISH = 0x20, + PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21, + PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22, + PAL_CRYPTO_MAC_ABORT = 0x23, + PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24, + PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25, + PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26, + PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A, + PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B, + PAL_CRYPTO_CIPHER_SET_IV = 0x2C, + PAL_CRYPTO_CIPHER_UPDATE = 0x2D, + PAL_CRYPTO_CIPHER_FINISH = 0x2E, + PAL_CRYPTO_CIPHER_ABORT = 0x2F, + PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30, + PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, + PAL_CRYPTO_KEY_AGREEMENT = 0x32, + PAL_CRYPTO_ALLOCATE_KEY = 0x33, + PAL_CRYPTO_COPY_KEY = 0x34, + PAL_CRYPTO_FREE = 0xFE, +}; + +int32_t pal_crypto_function(int type, va_list valist); +#endif /* _PAL_CRYPTO_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c new file mode 100644 index 00000000..ae2bdba4 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c @@ -0,0 +1,346 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_attestation_crypto.h" + +static uint32_t public_key_registered = 0; + +static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf, + size_t amount) +{ + return UsefulBuf_Head(buf, amount); +} + +static uint32_t check_hash_sizes(void) +{ + if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256)) + { + return PAL_ATTEST_HASH_FAIL; + } + + return PAL_ATTEST_SUCCESS; +} + +static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve) +{ + psa_ecc_curve_t psa_curve; + + /*FixMe: Mapping is not complete, missing ones: P384, P521, ED25519, ED448 */ + switch (cose_curve) + { + case P_256: + psa_curve = PSA_ECC_CURVE_SECP256R1; + break; + default: + psa_curve = USHRT_MAX; + } + + return psa_curve; +} + +static psa_algorithm_t cose_hash_alg_id_to_psa(int32_t cose_hash_alg_id) +{ + psa_algorithm_t status; + + switch (cose_hash_alg_id) + { + case COSE_ALG_SHA256_PROPRIETARY: + status = PSA_ALG_SHA_256; + break; + default: + status = PSA_ALG_MD4; + break; + } + + return status; +} + +static int32_t hash_alg_id_from_sig_alg_id(int32_t cose_sig_alg_id) +{ + switch (cose_sig_alg_id) + { + case COSE_ALGORITHM_ES256: + return COSE_ALG_SHA256_PROPRIETARY; + default: + return INT32_MAX; + } +} + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id) +{ + int32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + cose_ret = check_hash_sizes(); + if (cose_ret) + { + goto error; + } + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + psa_hash_ctx->status = PAL_ATTEST_SUCCESS; + cose_ret = PAL_ATTEST_SUCCESS; + } + else if (psa_ret == PSA_ERROR_NOT_SUPPORTED) + { + cose_ret = PAL_ATTEST_HASH_UNSUPPORTED; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash) +{ + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + return; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + if (data_to_hash.ptr != NULL) + { + psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation, + data_to_hash.ptr, + data_to_hash.len); + } + else + { + /* Intentionally do nothing, just computing the size of the token */ + } + } +} + +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result) +{ + uint32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + psa_ret = psa_hash_finish(&psa_hash_ctx->operation, + buffer_to_hold_result.ptr, + buffer_to_hold_result.len, + &(hash_result->len)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + hash_result->ptr = buffer_to_hold_result.ptr; + cose_ret = 0; + } + else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL) + { + cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + struct pal_cose_crypto_hash hash_ctx; + + status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY); + if (status) + return status; + + pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash); + status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash); + + return status; +} + +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload) +{ + uint32_t status; + QCBOREncodeContext cbor_encode_ctx; + struct q_useful_buf_c tbs_first_part; + QCBORError qcbor_result; + struct pal_cose_crypto_hash hash_ctx = {{0}}; + int32_t hash_alg_id; + UsefulBuf_MAKE_STACK_UB (buffer_for_TBS_first_part, T_COSE_SIZE_OF_TBS); + + /* This builds the CBOR-format to-be-signed bytes */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part); + QCBOREncode_OpenArray(&cbor_encode_ctx); + /* context */ + QCBOREncode_AddSZString(&cbor_encode_ctx, + COSE_SIG_CONTEXT_STRING_SIGNATURE1); + /* body_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, + protected_headers); + /* sign_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* external_aad */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* fake payload */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + QCBOREncode_CloseArray(&cbor_encode_ctx); + + /* Get the result and convert it to struct q_useful_buf_c representation */ + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &tbs_first_part); + if (qcbor_result) + { + /* Mainly means that the protected_headers were too big + (which should never happen) */ + status = PAL_ATTEST_ERR_SIGN_STRUCT; + goto Done; + } + + /* Start the hashing */ + hash_alg_id = hash_alg_id_from_sig_alg_id(cose_alg_id); + + /* Don't check hash_alg_id for failure. pal_cose_crypto_hash_start() + * will handle it properly + */ + status = pal_cose_crypto_hash_start(&hash_ctx, hash_alg_id); + if (status) + goto Done; + + /* Hash the first part of the TBS. Take all but the last two + * bytes. The last two bytes are the fake payload from above. It + * is replaced by the real payload which is hashed next. The fake + * payload is needed so the array count is right. This is one of + * the main things that make it possible to implement with one + * buffer for the whole cose sign1. + */ + pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, + tbs_first_part.len - 2)); + + /* Hash the payload */ + pal_cose_crypto_hash_update(&hash_ctx, payload); + + /* Finish the hash and set up to return it */ + status = pal_cose_crypto_hash_finish(&hash_ctx, + buffer_for_hash, + hash); + +Done: + return status; +} + +uint32_t pal_import_attest_key(int32_t alg) +{ + psa_key_type_t attest_key_type; + size_t public_key_size; + psa_status_t status = PSA_SUCCESS; + psa_key_policy_t policy; + psa_ecc_curve_t psa_curve; + psa_key_handle_t public_key_handle; + + /* Mapping of COSE curve type to PSA curve types */ + psa_curve = attest_map_elliptic_curve_type(P_256); + if (psa_curve == USHRT_MAX) + return PAL_ATTEST_ERROR; + + /* Setup the key policy for public key */ + policy = psa_key_policy_init(); + psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg); + + status = psa_allocate_key(&public_key_handle); + if (status != PSA_SUCCESS) + return status; + + status = psa_set_key_policy(public_key_handle, &policy); + if (status != PSA_SUCCESS) + return status; + + attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve); + + /* Register public key to crypto service */ + public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size; + + status = psa_import_key(public_key_handle, + attest_key_type, + (const uint8_t *)&attest_public_key, + public_key_size + 1); + + return status; +} + + +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, + struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + + if (!public_key_registered) + { + status = pal_import_attest_key(cose_algorithm_id); + if (status != PAL_ATTEST_SUCCESS) + return status; + + public_key_registered = 1; + } + +/* + * Enable the verify function when Trusted Firmare - M Supports + + * Verify the signature a hash or short message using a public key. + status = psa_asymmetric_verify(public_key_handle, + cose_algorithm_id, token_hash.ptr, token_hash.len, + signature.ptr, signature.len); +*/ + return status; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h new file mode 100644 index 00000000..2d63ad13 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h @@ -0,0 +1,102 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_attestation_eat.h" + +#define ATTEST_PUBLIC_KEY_SLOT 4 + +typedef struct{ + uint8_t *pubx_key; + uint32_t pubx_key_size; + uint8_t *puby_key; + uint32_t puby_key_size; +} ecc_key_t; + +struct ecc_public_key_t { + const uint8_t a; + uint8_t public_key[]; /* X-coordinate || Y-coordinate */ +}; + +static const struct ecc_public_key_t attest_public_key = { + /* Constant byte */ + 0x04, + /* X-coordinate */ + {0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F, + /* Y-coordinate */ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64}, +}; + +struct pal_cose_crypto_hash { + /* Can't put the actual size here without creating dependecy on + * actual hash implementation, so this is a fairly large and + * accommodating size. + */ + uint8_t bytes[128]; +}; + +struct pal_cose_psa_crypto_hash { + psa_status_t status; + psa_hash_operation_t operation; +}; + +static const uint8_t initial_attestation_public_x_key[] = +{ + 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F +}; + +static const uint8_t initial_attestation_public_y_key[] = +{ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64 +}; + +/* Initialize the structure with given public key */ +static const ecc_key_t attest_key = { + (uint8_t *)initial_attestation_public_x_key, + sizeof(initial_attestation_public_x_key), + (uint8_t *)initial_attestation_public_y_key, + sizeof(initial_attestation_public_y_key) +}; + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id); +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash); +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result); +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash); +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload); +uint32_t pal_import_attest_key(int32_t alg); +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature); + + diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c new file mode 100644 index 00000000..178fdc9c --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c @@ -0,0 +1,491 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_attestation_crypto.h" + +uint32_t mandatory_claims = 0; +uint32_t mandaroty_sw_components = 0; +bool_t sw_component_present = 0; + +static int pal_encode_cose_key(struct q_useful_buf_c *cose_key, + struct q_useful_buf buffer_for_cose_key, + struct q_useful_buf_c x_cord, struct q_useful_buf_c y_cord) +{ + uint32_t return_value; + QCBORError qcbor_result; + QCBOREncodeContext cbor_encode_ctx; + int32_t cose_curve_id = P_256; + struct q_useful_buf_c encoded_key_id; + + /* Get the public key x and y */ + /* Encode it into a COSE_Key structure */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_cose_key); + QCBOREncode_OpenMap(&cbor_encode_ctx); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_COMMON_KTY, + COSE_KEY_TYPE_EC2); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_CRV, + cose_curve_id); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_X_COORDINATE, + x_cord); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_Y_COORDINATE, + y_cord); + QCBOREncode_CloseMap(&cbor_encode_ctx); + + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &encoded_key_id); + if (qcbor_result != QCBOR_SUCCESS) + { + /* Mainly means that the COSE_Key was too big for buffer_for_cose_key */ + return_value = PAL_ATTEST_ERR_PROTECTED_HEADERS; + goto Done; + } + + /* Finish up and return */ + *cose_key = encoded_key_id; + return_value = PAL_ATTEST_SUCCESS; + +Done: + return return_value; +} + + +static int get_items_in_map(QCBORDecodeContext *decode_context, + struct items_to_get_t *item_list) +{ + int item_index; + QCBORItem item; + struct items_to_get_t *item_ptr = item_list; + + /* initialize the data type of all items in the list */ + while (item_ptr->label != 0) + { + item_ptr->item.uDataType = QCBOR_TYPE_NONE; + item_ptr++; + } + + QCBORDecode_GetNext(decode_context, &item); + if (item.uDataType != QCBOR_TYPE_MAP) + { + return PAL_ATTEST_ERROR; + } + + for (item_index = item.val.uCount; item_index != 0; item_index--) + { + if (QCBORDecode_GetNext(decode_context, &item) != QCBOR_SUCCESS) + { + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + if (item.uLabelType != QCBOR_TYPE_INT64) + { + continue; + } + + item_ptr = item_list; + while (item_ptr->label != 0) + { + if (item.label.int64 == item_ptr->label) + { + item_ptr->item = item; + } + item_ptr++; + } + } + + return PAL_ATTEST_SUCCESS; +} + +static int get_item_in_map(QCBORDecodeContext *decode_context, + int32_t label, + QCBORItem *item) +{ + struct items_to_get_t item_list[2]; + + item_list[0].label = label; + item_list[1].label = 0; + + if (get_items_in_map(decode_context, item_list)) + { + return PAL_ATTEST_ERROR; + } + + if (item_list[0].item.uDataType == QCBOR_TYPE_NONE) + { + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + + *item = item_list[0].item; + + return PAL_ATTEST_SUCCESS; +} + +static int parse_unprotected_headers(QCBORDecodeContext *decode_context, + struct q_useful_buf_c *child, + bool *loop_back) +{ + struct items_to_get_t item_list[3]; + + item_list[0].label = COSE_HEADER_PARAM_KID; + item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL; + item_list[2].label = 0; + *loop_back = false; + + if (get_items_in_map(decode_context, item_list)) + { + return PAL_ATTEST_ERROR; + } + + if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE) + { + *loop_back = true; + } + + if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING) + { + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + + *child = item_list[0].item.val.string; + + return PAL_ATTEST_SUCCESS; +} + +static int parse_protected_headers(struct q_useful_buf_c protected_headers, + int32_t *alg_id) +{ + QCBORDecodeContext decode_context; + QCBORItem item; + + QCBORDecode_Init(&decode_context, protected_headers, 0); + + if (get_item_in_map(&decode_context, COSE_HEADER_PARAM_ALG, &item)) + { + return PAL_ATTEST_ERROR; + } + + if (QCBORDecode_Finish(&decode_context)) + { + return PAL_ATTEST_ERROR; + } + + if ((item.uDataType != QCBOR_TYPE_INT64) || (item.val.int64 > INT32_MAX)) + { + return PAL_ATTEST_ERROR; + } + + *alg_id = (int32_t)item.val.int64; + + return PAL_ATTEST_SUCCESS; +} + +/** + @brief - This API will verify the claims + @param - decode_context : The buffer containing the challenge + item : context for decoding the data items + completed_challenge : Buffer containing the challenge + @return - error status +**/ +static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, + struct q_useful_buf_c completed_challenge) +{ + int i, count = 0; + int status = PAL_ATTEST_SUCCESS; + + /* Parse each claim and validate their data type */ + while (status == PAL_ATTEST_SUCCESS) + { + status = QCBORDecode_GetNext(decode_context, &item); + if (status != PAL_ATTEST_SUCCESS) + break; + + mandatory_claims |= 1 << (EAT_CBOR_ARM_RANGE_BASE - item.label.int64); + if (item.uLabelType == QCBOR_TYPE_INT64) + { + if (item.label.int64 == EAT_CBOR_ARM_LABEL_NONCE) + { + if (item.uDataType == QCBOR_TYPE_BYTE_STRING) + { + /* Given challenge vs challenge in token */ + if (UsefulBuf_Compare(item.val.string, completed_challenge)) + return PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH; + } + else + return PAL_ATTEST_TOKEN_NOT_SUPPORTED; + } + else if (item.label.int64 == EAT_CBOR_ARM_LABEL_BOOT_SEED || + item.label.int64 == EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID || + item.label.int64 == EAT_CBOR_ARM_LABEL_UEID) + { + if (item.uDataType != QCBOR_TYPE_BYTE_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_ARM_LABEL_ORIGINATION || + item.label.int64 == EAT_CBOR_ARM_LABEL_PROFILE_DEFINITION || + item.label.int64 == EAT_CBOR_ARM_LABEL_HW_VERSION) + { + if (item.uDataType != QCBOR_TYPE_TEXT_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_ARM_LABEL_CLIENT_ID || + item.label.int64 == EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) + { + if (item.uDataType != QCBOR_TYPE_INT64) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_ARM_LABEL_SW_COMPONENTS) + { + if (item.uDataType != QCBOR_TYPE_ARRAY) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + + sw_component_present = 1; + status = QCBORDecode_GetNext(decode_context, &item); + if (status != PAL_ATTEST_SUCCESS) + continue; + + count = item.val.uCount; + for (i = 0; i <= count; i++) + { + mandaroty_sw_components |= 1 << item.label.int64; + + if (item.label.int64 == EAT_CBOR_SW_COMPONENT_MEASUREMENT) + { + if (item.uDataType != QCBOR_TYPE_BYTE_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC) + { + if (item.uDataType != QCBOR_TYPE_TEXT_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_VERSION) + { + if (item.uDataType != QCBOR_TYPE_TEXT_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_SIGNER_ID) + { + if (item.uDataType != QCBOR_TYPE_BYTE_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_EPOCH) + { + if (item.uDataType != QCBOR_TYPE_INT64) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_TYPE) + { + if (item.uDataType != QCBOR_TYPE_TEXT_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + + if (i < count) + { + status = QCBORDecode_GetNext(decode_context, &item); + if (status != PAL_ATTEST_SUCCESS) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + } + } + + } + } + else + { + /* ToDo: Add other claim types */ + } + } + + if (status == QCBOR_ERR_HIT_END) + return PAL_ATTEST_SUCCESS; + else + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; +} + +/** + @brief - This API will verify the attestation token + @param - challenge : The buffer containing the challenge + challenge_size : Size of the challenge buffer + token : The buffer containing the attestation token + token_size : Size of the token buffer + @return - error status +**/ +int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size, + uint8_t *token, uint32_t token_size) +{ + int32_t status = PAL_ATTEST_SUCCESS; + bool short_circuit; + int32_t cose_algorithm_id; + QCBORItem item; + QCBORDecodeContext decode_context; + struct q_useful_buf_c completed_challenge; + struct q_useful_buf_c completed_token; + struct q_useful_buf_c payload; + struct q_useful_buf_c signature; + struct q_useful_buf_c protected_headers; + struct q_useful_buf_c kid; + struct q_useful_buf_c x_cord; + struct q_useful_buf_c y_cord; + struct q_useful_buf_c cose_key_to_hash; + struct q_useful_buf_c key_hash; + struct q_useful_buf_c token_hash; + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_x_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_y_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_cose_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_encoded_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_token_hash, T_COSE_CRYPTO_SHA256_SIZE); + + kid.ptr = buffer_for_encoded_key.ptr; + + memcpy(buf_to_hold_x_coord.ptr, (const void *)attest_key.pubx_key, attest_key.pubx_key_size); + memcpy(buf_to_hold_y_coord.ptr, (const void *)attest_key.puby_key, attest_key.puby_key_size); + + /* Update size */ + buf_to_hold_x_coord.len = attest_key.pubx_key_size; + buf_to_hold_y_coord.len = attest_key.puby_key_size; + + x_cord.ptr = buf_to_hold_x_coord.ptr; + x_cord.len = buf_to_hold_x_coord.len; + y_cord.ptr = buf_to_hold_y_coord.ptr; + y_cord.len = buf_to_hold_y_coord.len; + + /* Construct the token buffer for validation */ + completed_token.ptr = token; + completed_token.len = token_size; + + /* Construct the challenge buffer for validation */ + completed_challenge.ptr = challenge; + completed_challenge.len = challenge_size; + +/* + ------------------------- + | CBOR Array Type | + ------------------------- + | Protected Headers | + ------------------------- + | Unprotected Headers | + ------------------------- + | Payload | + ------------------------- + | Signature | + ------------------------- +*/ + + /* Initialize the decorder */ + QCBORDecode_Init(&decode_context, completed_token, QCBOR_DECODE_MODE_NORMAL); + + /* Get the Header */ + QCBORDecode_GetNext(&decode_context, &item); + + /* Check the CBOR Array type. Check if the count is 4. + * Only COSE_SIGN1 is supported now. + */ + if (item.uDataType != QCBOR_TYPE_ARRAY || item.val.uCount != 4 || + !QCBORDecode_IsTagged(&decode_context, &item, CBOR_TAG_COSE_SIGN1)) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + + /* Get the next headers */ + QCBORDecode_GetNext(&decode_context, &item); + if (item.uDataType != QCBOR_TYPE_BYTE_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + + protected_headers = item.val.string; + + /* Parse the protected headers and check the data type and value*/ + status = parse_protected_headers(protected_headers, &cose_algorithm_id); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Parse the unprotected headers and check the data type and value */ + short_circuit = false; + status = parse_unprotected_headers(&decode_context, &kid, &short_circuit); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Encode the given public key */ + status = pal_encode_cose_key(&cose_key_to_hash, buffer_for_cose_key, x_cord, y_cord); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Create hash of the given public key */ + status = pal_create_sha256(cose_key_to_hash, buffer_for_kid, &key_hash); + if (status != PSA_SUCCESS) + return status; + + /* Compare the hash of the public key in token and hash of the given public key */ + if (kid.len != key_hash.len) + { + return PAL_ATTEST_HASH_LENGTH_MISMATCH; + } + + if (memcmp(kid.ptr, key_hash.ptr, kid.len) != 0) + { + return PAL_ATTEST_HASH_MISMATCH; + } + + /* Get the payload */ + QCBORDecode_GetNext(&decode_context, &item); + if (item.uDataType != QCBOR_TYPE_BYTE_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + + payload = item.val.string; + + /* Get the digital signature */ + QCBORDecode_GetNext(&decode_context, &item); + if (item.uDataType != QCBOR_TYPE_BYTE_STRING) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + + signature = item.val.string; + + /* Compute the hash from the token */ + status = pal_compute_hash(cose_algorithm_id, buffer_for_token_hash, &token_hash, + protected_headers, payload); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Verify the signature */ + status = pal_crypto_pub_key_verify(cose_algorithm_id, token_hash, signature); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Initialize the Decoder and validate the payload format */ + QCBORDecode_Init(&decode_context, payload, QCBOR_DECODE_MODE_NORMAL); + status = QCBORDecode_GetNext(&decode_context, &item); + if (status != PAL_ATTEST_SUCCESS) + return status; + + if (item.uDataType != QCBOR_TYPE_MAP) + return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + + /* Parse the payload and check the data type of each claim */ + status = parse_claims(&decode_context, item, completed_challenge); + if (status != PAL_ATTEST_SUCCESS) + return status; + + if ((mandatory_claims & MANDATORY_CLAIM_WITH_SW_COMP) == MANDATORY_CLAIM_WITH_SW_COMP) + { + if ((mandaroty_sw_components & MANDATORY_SW_COMP) != MANDATORY_SW_COMP) + return PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS; + } + else if ((mandatory_claims & MANDATORY_CLAIM_NO_SW_COMP) != MANDATORY_CLAIM_NO_SW_COMP) + { + return PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS; + } + + return PAL_ATTEST_SUCCESS; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h new file mode 100644 index 00000000..8a0c5455 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h @@ -0,0 +1,170 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "qcbor.h" +#include "pal_common.h" +#include "psa/crypto.h" + +#define PAL_ATTEST_MIN_ERROR 30 + +/* NIST P-256 also known as secp256r1 */ +#define P_256 1 + +#define COSE_HEADER_PARAM_ALG 1 +#define COSE_HEADER_PARAM_KID 4 + +#define COSE_KEY_COMMON_KTY 1 +#define COSE_KEY_TYPE_EC2 2 +#define COSE_KEY_PARAM_CRV -1 +#define COSE_KEY_PARAM_X_COORDINATE -2 +#define COSE_KEY_PARAM_Y_COORDINATE -3 +#define COSE_ALGORITHM_ES256 -7 +#define COSE_ALG_SHA256_PROPRIETARY -72000 + +/** + * The size of X and Y coordinate in 2 parameter style EC public + * key. Format is as defined in [COSE (RFC 8152)] + * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve + * Cryptography](http://www.secg.org/sec1-v2.pdf). + * + * This size is well-known and documented in public standards. + */ +#define T_COSE_CRYPTO_EC_P256_COORD_SIZE 32 +#define T_COSE_CRYPTO_SHA256_SIZE 32 + +#define MAX_ENCODED_COSE_KEY_SIZE \ + 1 + /* 1 byte to encode map */ \ + 2 + /* 2 bytes to encode key type */ \ + 2 + /* 2 bytes to encode curve */ \ + 2 * /* the X and Y coordinates at 32 bytes each */ \ + (T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2) +#define USEFUL_BUF_MAKE_STACK_UB UsefulBuf_MAKE_STACK_UB + +#define COSE_SIG_CONTEXT_STRING_SIGNATURE1 "Signature1" + +/* Private value. Intentionally not documented for Doxygen. + * This is the size allocated for the encoded protected headers. It + * needs to be big enough for make_protected_header() to succeed. It + * currently sized for one header with an algorithm ID up to 32 bits + * long -- one byte for the wrapping map, one byte for the label, 5 + * bytes for the ID. If this is made accidentially too small, QCBOR will + * only return an error, and not overrun any buffers. + * + * 9 extra bytes are added, rounding it up to 16 total, in case some + * other protected header is to be added. + */ +#define T_COSE_SIGN1_MAX_PROT_HEADER (1+1+5+9) + +/** + * This is the size of the first part of the CBOR encoded TBS + * bytes. It is around 20 bytes. See create_tbs_hash(). + */ +#define T_COSE_SIZE_OF_TBS \ + 1 + /* For opening the array */ \ + sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \ + 2 + /* Overhead for encoding string */ \ + T_COSE_SIGN1_MAX_PROT_HEADER + /* entire protected headers */ \ + 3 * ( /* 3 NULL bstrs for fields not used */ \ + 1 /* size of a NULL bstr */ \ + ) + +/* + CBOR Label for proprietary header indicating short-circuit + signing was used. Just a random number in the proprietary + label space */ +#define T_COSE_SHORT_CIRCUIT_LABEL (-8675309) + +#define EAT_CBOR_ARM_RANGE_BASE (-75000) +#define EAT_CBOR_ARM_LABEL_PROFILE_DEFINITION (EAT_CBOR_ARM_RANGE_BASE - 0) +#define EAT_CBOR_ARM_LABEL_CLIENT_ID (EAT_CBOR_ARM_RANGE_BASE - 1) +#define EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE (EAT_CBOR_ARM_RANGE_BASE - 2) +#define EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID (EAT_CBOR_ARM_RANGE_BASE - 3) +#define EAT_CBOR_ARM_LABEL_BOOT_SEED (EAT_CBOR_ARM_RANGE_BASE - 4) +#define EAT_CBOR_ARM_LABEL_HW_VERSION (EAT_CBOR_ARM_RANGE_BASE - 5) +#define EAT_CBOR_ARM_LABEL_SW_COMPONENTS (EAT_CBOR_ARM_RANGE_BASE - 6) +#define EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS (EAT_CBOR_ARM_RANGE_BASE - 7) +#define EAT_CBOR_ARM_LABEL_NONCE (EAT_CBOR_ARM_RANGE_BASE - 8) +#define EAT_CBOR_ARM_LABEL_UEID (EAT_CBOR_ARM_RANGE_BASE - 9) +#define EAT_CBOR_ARM_LABEL_ORIGINATION (EAT_CBOR_ARM_RANGE_BASE - 10) + +#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 + +#define EAT_CBOR_SW_COMPONENT_TYPE (1u) +#define EAT_CBOR_SW_COMPONENT_MEASUREMENT (2u) +#define EAT_CBOR_SW_COMPONENT_EPOCH (3u) +#define EAT_CBOR_SW_COMPONENT_VERSION (4u) +#define EAT_CBOR_SW_COMPONENT_SIGNER_ID (5u) +#define EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC (6u) + +#define MANDATORY_CLAIM_WITH_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SW_COMPONENTS)) + +#define MANDATORY_CLAIM_NO_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS)) + +#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \ + 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID) + +#define NULL_USEFUL_BUF_C NULLUsefulBufC + +enum attestation_error_code { + PAL_ATTEST_SUCCESS = 0, + PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING = PAL_ATTEST_MIN_ERROR, + PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH, + PAL_ATTEST_TOKEN_NOT_SUPPORTED, + PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS, + PAL_ATTEST_HASH_LENGTH_MISMATCH, + PAL_ATTEST_HASH_MISMATCH, + PAL_ATTEST_HASH_FAIL, + PAL_ATTEST_HASH_UNSUPPORTED, + PAL_ATTEST_HASH_BUFFER_SIZE, + PAL_ATTEST_ERR_PROTECTED_HEADERS, + PAL_ATTEST_ERR_SIGN_STRUCT, + PAL_ATTEST_ERROR, +}; + +struct items_to_get_t { + int64_t label; + QCBORItem item; +}; + +int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size, + uint8_t *token, uint32_t token_size); diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_empty_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_empty_intf.c new file mode 100644 index 00000000..faf3f493 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_empty_intf.c @@ -0,0 +1,30 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include +#include "pal_common.h" + +/** + @brief - This API will call the requested attestation function + @param - type : function code + valist : variable argument list + @return - error status +**/ +int32_t pal_attestation_function(int type, va_list valist) +{ + return PAL_STATUS_ERROR; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c new file mode 100644 index 00000000..2d99f74d --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c @@ -0,0 +1,54 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + + +#include "pal_attestation_intf.h" + +/** + @brief - This API will call the requested attestation function + @param - type : function code + valist : variable argument list + @return - error status +**/ +int32_t pal_attestation_function(int type, va_list valist) +{ + uint8_t *challenge, *token; + uint32_t challenge_size, *token_size, verify_token_size; + + switch (type) + { + case PAL_INITIAL_ATTEST_GET_TOKEN: + challenge = va_arg(valist, uint8_t*); + challenge_size = va_arg(valist, uint32_t); + token = va_arg(valist, uint8_t*); + token_size = va_arg(valist, uint32_t*); + return psa_initial_attest_get_token(challenge, challenge_size, token, token_size); + case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE: + challenge_size = va_arg(valist, uint32_t); + token_size = va_arg(valist, uint32_t*); + return psa_initial_attest_get_token_size(challenge_size, token_size); + case PAL_INITIAL_ATTEST_VERIFY_TOKEN: + challenge = va_arg(valist, uint8_t*); + challenge_size = va_arg(valist, uint32_t); + token = va_arg(valist, uint8_t*); + verify_token_size = va_arg(valist, uint32_t); + return pal_initial_attest_verify_token(challenge, challenge_size, + token, verify_token_size); + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.h new file mode 100644 index 00000000..12f6ee94 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.h @@ -0,0 +1,30 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_INITIAL_ATTESTATION_H_ +#define _PAL_INITIAL_ATTESTATION_H_ + +#include "pal_attestation_crypto.h" + +enum attestation_function_code { + PAL_INITIAL_ATTEST_GET_TOKEN = 0x1, + PAL_INITIAL_ATTEST_GET_TOKEN_SIZE = 0x2, + PAL_INITIAL_ATTEST_VERIFY_TOKEN = 0x3, +}; + +int32_t pal_attestation_function(int type, va_list valist); +#endif /* _PAL_INITIAL_ATTESTATION_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_empty_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_empty_intf.c new file mode 100644 index 00000000..133cfa9d --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_empty_intf.c @@ -0,0 +1,30 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include +#include "pal_common.h" + +/** + @brief - This API will call the requested internal trusted storage function + @param - type : function code + valist : variable argument list + @return - error status +**/ +uint32_t pal_its_function(int type, va_list valist) +{ + return PAL_STATUS_ERROR; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_intf.c new file mode 100644 index 00000000..4f04ab01 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_intf.c @@ -0,0 +1,60 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + + +#include "pal_internal_trusted_storage_intf.h" + +/** + @brief - This API will call the requested internal trusted storage function + @param - type : function code + valist : variable argument list + @return - error status +**/ +uint32_t pal_its_function(int type, va_list valist) +{ + psa_its_uid_t uid; + uint32_t data_length, offset; + const void *p_write_data; + void *p_read_data; + psa_its_create_flags_t its_create_flags; + struct psa_its_info_t *its_p_info; + + switch (type) + { + case PAL_ITS_SET: + uid = va_arg(valist, psa_its_uid_t); + data_length = va_arg(valist, uint32_t); + p_write_data = va_arg(valist, const void*); + its_create_flags = va_arg(valist, psa_its_create_flags_t); + return psa_its_set(uid, data_length, p_write_data, its_create_flags); + case PAL_ITS_GET: + uid = va_arg(valist, psa_its_uid_t); + offset = va_arg(valist, uint32_t); + data_length = va_arg(valist, uint32_t); + p_read_data = va_arg(valist, void*); + return psa_its_get(uid, offset, data_length, p_read_data); + case PAL_ITS_GET_INFO: + uid = va_arg(valist, psa_its_uid_t); + its_p_info = va_arg(valist, struct psa_its_info_t*); + return psa_its_get_info(uid, its_p_info); + case PAL_ITS_REMOVE: + uid = va_arg(valist, psa_its_uid_t); + return psa_its_remove(uid); + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_intf.h new file mode 100644 index 00000000..6db6aac6 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/internal_trusted_storage/pal_internal_trusted_storage_intf.h @@ -0,0 +1,31 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ +#define _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ + +#include "pal_common.h" + +enum its_function_code { + PAL_ITS_SET = 0x1, + PAL_ITS_GET = 0x2, + PAL_ITS_GET_INFO = 0x3, + PAL_ITS_REMOVE = 0x4, +}; + +uint32_t pal_its_function(int type, va_list valist); +#endif /* _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_empty_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_empty_intf.c new file mode 100644 index 00000000..ee9b13da --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_empty_intf.c @@ -0,0 +1,30 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include +#include "pal_common.h" + +/** + @brief - This API will call the requested protected storage function + @param - type : function code + valist : variable argument list + @return - error status +**/ +uint32_t pal_ps_function(int type, va_list valist) +{ + return PAL_STATUS_ERROR; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_intf.c new file mode 100644 index 00000000..a4241533 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_intf.c @@ -0,0 +1,75 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + + +#include "pal_protected_storage_intf.h" + +/** + @brief - This API will call the requested protected storage function + @param - type : function code + valist : variable argument list + @return - error status +**/ +uint32_t pal_ps_function(int type, va_list valist) +{ + psa_ps_uid_t uid; + uint32_t data_length, size, offset; + const void *p_write_data; + void *p_read_data; + psa_ps_create_flags_t ps_create_flags; + struct psa_ps_info_t *ps_p_info; + + switch (type) + { + case PAL_PS_SET: + uid = va_arg(valist, psa_ps_uid_t); + data_length = va_arg(valist, uint32_t); + p_write_data = va_arg(valist, const void*); + ps_create_flags = va_arg(valist, psa_ps_create_flags_t); + return psa_ps_set(uid, data_length, p_write_data, ps_create_flags); + case PAL_PS_GET: + uid = va_arg(valist, psa_ps_uid_t); + offset = va_arg(valist, uint32_t); + data_length = va_arg(valist, uint32_t); + p_read_data = va_arg(valist, void*); + return psa_ps_get(uid, offset, data_length, p_read_data); + case PAL_PS_GET_INFO: + uid = va_arg(valist, psa_ps_uid_t); + ps_p_info = va_arg(valist, struct psa_ps_info_t*); + return psa_ps_get_info(uid, ps_p_info); + case PAL_PS_REMOVE: + uid = va_arg(valist, psa_ps_uid_t); + return psa_ps_remove(uid); + case PAL_PS_CREATE: + uid = va_arg(valist, psa_ps_uid_t); + size = va_arg(valist, uint32_t); + ps_create_flags = va_arg(valist, psa_ps_create_flags_t); + return psa_ps_create(uid, size, ps_create_flags); + case PAL_PS_SET_EXTENDED: + uid = va_arg(valist, psa_ps_uid_t); + offset = va_arg(valist, uint32_t); + data_length = va_arg(valist, uint32_t); + p_write_data = va_arg(valist, const void*); + return psa_ps_set_extended(uid, offset, data_length, p_write_data); + case PAL_PS_GET_SUPPORT: + return psa_ps_get_support(); + default: + return PAL_STATUS_UNSUPPORTED_FUNC; + } + + return PAL_STATUS_UNSUPPORTED_FUNC; +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_intf.h new file mode 100644 index 00000000..a338cdf7 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/protected_storage/pal_protected_storage_intf.h @@ -0,0 +1,34 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#ifndef _PAL_PROTECTED_STORAGE_INTF_H_ +#define _PAL_PROTECTED_STORAGE_INTF_H_ + +#include "pal_common.h" + +enum ps_function_code { + PAL_PS_SET = 0x1, + PAL_PS_GET = 0x2, + PAL_PS_GET_INFO = 0x3, + PAL_PS_REMOVE = 0x4, + PAL_PS_CREATE = 0x5, + PAL_PS_SET_EXTENDED = 0x6, + PAL_PS_GET_SUPPORT = 0x7, +}; + +uint32_t pal_ps_function(int type, va_list valist); +#endif /* _PAL_PROTECTED_STORAGE_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/attestation.txt b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/attestation.txt new file mode 100755 index 00000000..0c918099 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/attestation.txt @@ -0,0 +1,36 @@ +***** PSA Architecture Test Suite - Version 0.8 ***** + +Running.. Attestation Suite +****************************************** + +TEST: 801 | DESCRIPTION: Testing initial attestation APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_initial_attestation_get_token with Challenge 32 +[Check 2] Test psa_initial_attestation_get_token with Challenge 48 +[Check 3] Test psa_initial_attestation_get_token with Challenge 64 +[Check 4] Test psa_initial_attestation_get_token with zero challenge size +[Check 5] Test psa_initial_attestation_get_token with small challenge size +[Check 6] Test psa_initial_attestation_get_token with invalid challenge size +[Check 7] Test psa_initial_attestation_get_token with large challenge size +[Check 8] Test psa_initial_attestation_get_token with zero as token size +[Check 9] Test psa_initial_attestation_get_token with small token size +[Check 10] Test psa_initial_attestation_get_token_size with Challenge 32 +[Check 11] Test psa_initial_attestation_get_token_size with Challenge 48 +[Check 12] Test psa_initial_attestation_get_token_size with Challenge 64 +[Check 13] Test psa_initial_attestation_get_token_size with zero challenge size +[Check 14] Test psa_initial_attestation_get_token_size with small challenge size +[Check 15] Test psa_initial_attestation_get_token_size with invalid challenge size +[Check 16] Test psa_initial_attestation_get_token_size with large challenge size +TEST RESULT: PASSED + +****************************************** + +************ Attestation Suite Report ********** +TOTAL TESTS : 1 +TOTAL PASSED : 1 +TOTAL SIM ERROR : 0 +TOTAL FAILED : 0 +TOTAL SKIPPED : 0 +****************************************** + +Entering standby.. diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/crypto.txt b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/crypto.txt new file mode 100755 index 00000000..39743ad6 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/crypto.txt @@ -0,0 +1,403 @@ +***** PSA Architecture Test Suite - Version 0.8 ***** + +Running.. Crypto Suite +****************************************** + +TEST: 201 | DESCRIPTION: Testing psa_crypto_init API: Basic +[Info] Executing tests from non-secure +[Check 1] Test calling crypto functions before psa_crypto_init +[Check 2] Test psa_crypto_init +[Check 3] Test multiple psa_crypto_init +TEST RESULT: PASSED + +****************************************** + +TEST: 202 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_import_key 16 Byte AES +[Check 2] Test psa_import_key 24 Byte AES +[Check 3] Test psa_import_key 32 Byte AES +[Check 4] Test psa_import_key with DES 64 bit key +[Check 5] Test psa_import_key with Triple DES 2-Key +[Check 6] Test psa_import_key with Triple DES 3-Key +[Check 7] Test psa_import_key with key data greater than the algorithm size +[Check 8] Test psa_import_key with incorrect key data size +[Check 9] Test psa_import_key with incorrect key type +[Check 10] Test psa_import_key with already occupied key slot +[Check 11] Test psa_import_key with invalid key slot +[Check 12] Test psa_import_key with zero key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 203 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_export_key 16 Byte AES +[Check 2] Test psa_export_key 24 Byte AES +[Check 3] Test psa_export_key 32 Byte AES +[Check 4] Test psa_export_key with DES 64 bit key +[Check 5] Test psa_export_key with Triple DES 2-Key +[Check 6] Test psa_export_key with Triple DES 3-Key +[Check 7] Test psa_export_key with key policy verify +[Check 8] Test psa_export_key with invalid key slot +[Check 9] Test psa_export_key with zero key slot +[Check 10] Test psa_export_key with less buffer size +[Check 11] Test psa_export_key with empty key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 204 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_export_public_key 16 Byte AES +[Check 2] Test psa_export_public_key 24 Byte AES +[Check 3] Test psa_export_public_key 32 Byte AES +[Check 4] Test psa_export_public_key with DES 64 bit key +[Check 5] Test psa_export_public_key with Triple DES 2-Key +[Check 6] Test psa_export_public_key with Triple DES 3-Key +TEST RESULT: PASSED + +****************************************** + +TEST: 205 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_destroy_key 16 Byte AES +[Check 2] Test psa_destroy_key 24 Byte AES +[Check 3] Test psa_destroy_key 32 Byte AES +[Check 4] Test psa_destroy_key with DES 64 bit key +[Check 5] Test psa_destroy_key with Triple DES 2-Key +[Check 6] Test psa_destroy_key with Triple DES 3-Key +[Check 7] Test psa_destroy_key with invalid key slot +[Check 8] Test psa_destroy_key with zero key slot +[Check 9] Test psa_destroy_key with empty key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 206 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_get_key_information 16 Byte AES +[Check 2] Test psa_get_key_information 24 Byte AES +[Check 3] Test psa_get_key_information 32 Byte AES +[Check 4] Test psa_get_key_information wit DE¦[Check 5] Test psa_get_key_information with Triple DES 2-Key +[Check 6] Test psa_get_key_information with Triple DES 3-Key +[Check 7] Test psa_get_key_information with invalid key slot +[Check 8] Test psa_get_key_information with zero key slot +[Check 9] Test psa_get_key_information with empty key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 207 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_set_key_policy 16 Byte AES +[Check 2] Test psa_set_key_policy 24 Byte AES +[Check 3] Test psa_set_key_policy 32 Byte AES +[Check 4] Test psa_set_key_policy with DES 64 bit key +[Check 5] Test psa_set_key_policy with Triple DES 2-Key +[Check 6] Test psa_set_key_policy with Triple DES 3-Key +[Check 7] Test psa_set_key_policy with already occupied key slot +[Check 8] Test psa_set_key_policy with invalid key slot +[Check 9] Test psa_set_key_policy with zero key slot +[Check 10] Test psa_set_key_policy with invalid usage +TEST RESULT: PASSED + +****************************************** + +TEST: 208 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_get_key_policy 16 Byte AES +[Check 2] Test psa_get_key_policy 24 Byte AES +[Check 3] Test psa_get_key_policy 32 Byte AES +[Check 4] Test psa_get_key_policy with DES 64 bit key +[Check 5] Test psa_get_key_policy with Triple DES 2-Key +[Check 6] Test psa_get_key_policy with Triple DES 3-Key +[Check 7] Test psa_get_key_policy with invalid key slot +[Check 8] Test psa_get_key_policy with zero key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 209 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_set_key_lifetime 16 Byte AES +[Check 2] Test psa_set_key_lifetime with Triple DES 2-Key +[Check 3] Test psa_set_key_lifetime with invalid key slot +[Check 4] Test psa_set_key_lifetime with zero key slot +[Check 5] Test psa_set_key_lifetime with invalid lifetime +TEST RESULT: PASSED + +****************************************** + +TEST: 210 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_get_key_lifetime 16 Byte AES +[Check 2] Test psa_get_key_lifetime with Triple DES 2-Key +[Check 3] Test psa_get_key_lifetime with invalid key slot +[Check 4] Test psa_get_key_lifetime with zero key slot +TEST RESULT: PASSED + +****************************************** + +TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_setup with MD2 algorithm +[Check 2] Test psa_hash_setup with MD4 algorithm +[Check 3] Test psa_hash_setup with MD5 algorithm +[Check 4] Test psa_hash_setup with RIPEMD160 algorithm +[Check 5] Test psa_hash_setup with SHA1 algorithm +[Check 6] Test psa_hash_setup with SHA224 algorithm +[Check 7] Test psa_hash_setup with SHA256 algorithm +[Check 8] Test psa_hash_setup with SHA384 algorithm +[Check 9] Test psa_hash_setup with SHA512 algorithm +[Check 10] Test psa_hash_setup with Invalid algorithm +TEST RESULT: PASSED + +****************************************** + +TEST: 212 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_update with MD2 algorithm +[Check 2] Test psa_hash_update with MD4 algorithm +[Check 3] Test psa_hash_update with MD5 algorithm +[Check 4] Test psa_hash_update with RIPEMD160 algorithm +[Check 5] Test psa_hash_update with SHA1 algorithm +[Check 6] Test psa_hash_update with SHA224 algorithm +[Check 7] Test psa_hash_update with SHA256 algorithm +[Check 8] Test psa_hash_update with SHA384 algorithm +[Check 9] Test psa_hash_update with SHA512 algorithm +[Check 10] Test psa_hash_update without hash setup +[Check 11] Test psa_hash_update with completed operation handle +TEST RESULT: PASSED + +****************************************** + +TEST: 213 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_verify with MD2 algorithm +[Check 2] Test psa_hash_verify with MD4 algorithm +[Check 3] Test psa_hash_verify with MD5 algorithm +[Check 4] Test psa_hash_verify with RIPEMD160 algorithm +[Check 5] Test psa_hash_verify with SHA1 algorithm +[Check 6] Test psa_hash_verify with SHA224 algorithm +[Check 7] Test psa_hash_verify with SHA256 algorithm +[Check 8] Test psa_hash_verify with SHA384 algorithm +[Check 9] Test psa_hash_verify with SHA512 algorithm +[Check 10] Test psa_hash_verify with incorrect expected hash +[Check 11] Test psa_hash_verify with incorrect hash length +[Check 12] test psa_hash_verify with inactive & invalid operation handle +TEST RESULT: PASSED + +****************************************** + +TEST: 214 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_finish with MD2 algorithm +[Check 2] Test psa_hash_finish with MD4 algorithm +[Check 3] Test psa_hash_finish with MD5 algorithm +[Check 4] Test psa_hash_finish with RIPEMD160 algorithm +[Check 5] Test psa_hash_finish with SHA1 algorithm +[Check 6] Test psa_hash_finish with SHA224 algorithm +[Check 7] Test psa_hash_finish with SHA256 algorithm +[Check 8] Test psa_hash_finish with SHA384 algorithm +[Check 9] Test psa_hash_finish with SHA512 algorithm +[Check 10] test psa_hash_finish with inactive operation handle +[Check 11] test psa_hash_finish with invalid hash buffer size +TEST RESULT: PASSED + +****************************************** + +TEST: 215 | DESCRIPTION: Testing crypto hash functions APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_hash_abort with MD2 algorithm +[Check 2] Test psa_hash_abort with MD4 algorithm +[Check 3] Test psa_hash_abort with MD5 algorithm +[Check 4] Test psa_hash_abort with RIPEMD160 algorithm +[Check 5] Test psa_hash_abort with SHA1 algorithm +[Check 6] Test psa_hash_abort with SHA224 algorithm +[Check 7] Test psa_hash_abort with SHA256 algorithm +[Check 8] Test psa_hash_abort with SHA384 algorithm +[Check 9] Test psa_hash_abort with SHA512 algorithm +[Check 10] Test psa_hash_finish after calling psa_hash_abort +TEST RESULT: PASSED + +****************************************** + +TEST: 223 | DESCRIPTION: Testing crypto key management APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_key_policy_get_usage with usage as encrypt +[Check 2] Test psa_key_policy_get_usage with usage as decrypt +[Check 3] Test psa_key_policy_get_usage with usage as derive +[Check 4] Test psa_key_policy_get_usage with usage as export +[Check 5] Test psa_key_policy_get_usage with usage as sign +[Check 6] Test psa_key_policy_get_usage with usage as verify +TEST RESULT: PASSED + +****************************************** + +TEST: 224 | DESCRIPTION: Testing crypto AEAD APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_aead_encrypt - CCM - 16B AES - 13B nounce & 8B addi data +[Check 2] Test psa_aead_encrypt - AES-CCM +[Check 3] Test psa_aead_encrypt - GCM - 16B AES - 12B Nounce & 12B addi data +[Check 4] Test psa_aead_encrypt - DES Key +[Check 5] Test psa_aead_encrypt - Empty key slot +[Check 6] Test psa_aead_encrypt - Zero key slot +[Check 7] Test psa_aead_encrypt - Invalid key slot +[Check 8] Test psa_aead_encrypt - Unsupported Algorithm +[Check 9] Test psa_aead_encrypt - Invalid key usage +[Check 10] Test psa_aead_encrypt - Small output buffer size +TEST RESULT: PASSED + +****************************************** + +TEST: 225 | DESCRIPTION: Testing crypto AEAD APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_aead_decrypt - CCM - 16B AES - 13B nounce & 8B addi data +[Check 2] Test psa_aead_decrypt - AES-CCM +[Check 3] Test psa_aead_decrypt - GCM - 16B AES - 12B Nounce & 12B addi data +[Check 4] Test psa_aead_decrypt - DES Key +[Check 5] Test psa_aead_decrypt - Empty key slot +[Check 6] Test psa_aead_decrypt - Zero key slot +[Check 7] Test psa_aead_decrypt - Invalid key slot +[Check 8] Test psa_aead_decrypt - Unsupported Algorithm +[Check 9] Test psa_aead_decrypt - Invalid key usage +[Check 10] Test psa_aead_decrypt - Small output buffer size +[Check 11] Test psa_aead_decrypt - Invalid cipher text +[Check 12] Test psa_aead_decrypt - Invalid cipher text size +TEST RESULT: PASSED + +****************************************** + +TEST: 232 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_encrypt_setup 16 Byte AES +[Check 2] Test psa_cipher_encrypt_setup 24 Byte AES +[Check 3] Test psa_cipher_encrypt_setup 32 Byte AES +[Check 4] Test psa_cipher_encrypt_setup DES 64 bit key +[Check 5] Test psa_cipher_encrypt_setup Triple DES 2-Key +[Check 6] Test psa_cipher_encrypt_setup Triple DES 3-Key +[Check 7] Test psa_cipher_encrypt_setup 16 Byte raw data +[Check 8] Test psa_cipher_encrypt_setup - not a cipher algorithm +[Check 9] Test psa_cipher_encrypt_setup - unknown cipher algorithm +[Check 10] Test psa_cipher_encrypt_setup - incompatible key ARC4 +[Check 11] Test psa_cipher_encrypt_setup - invalid key slot +[Check 12] Test psa_cipher_encrypt_setup - empty key slot +[Check 13] Test psa_cipher_encrypt_setup - zero as key slot +[Check 14] Test psa_cipher_encrypt_setup - incorrect usage +TEST RESULT: PASSED + +****************************************** + +TEST: 233 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_decrypt_setup 16 Byte AES +[Check 2] Test psa_cipher_decrypt_setup 24 Byte AES +[Check 3] Test psa_cipher_decrypt_setup 32 Byte AES +[Check 4] Test psa_cipher_decrypt_setup DES 64 bit key +[Check 5] Test psa_cipher_decrypt_setup Triple DES 2-Key +[Check 6] Test psa_cipher_decrypt_setup Triple DES 3-Key +[Check 7] Test psa_cipher_decrypt_setup 16 Byte raw data +[Check 8] Test psa_cipher_decrypt_setup - not a cipher algorithm +[Check 9] Test psa_cipher_decrypt_setup - unknown cipher algorithm +[Check 10] Test psa_cipher_decrypt_setup - incompatible key ARC4 +[Check 11] Test psa_cipher_decrypt_setup - invalid key slot +[Check 12] Test psa_cipher_decrypt_setup - empty key slot +[Check 13] Test psa_cipher_decrypt_setup - zero as key slot +[Check 14] Test psa_cipher_decrypt_setup - incorrect usage +TEST RESULT: PASSED + +****************************************** + +TEST: 235 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_set_iv 16 Byte AES +[Check 2] Test psa_cipher_set_iv 24 Byte AES +[Check 3] Test psa_cipher_set_iv 32 Byte AES +[Check 4] Test psa_cipher_set_iv DES 64 bit key +[Check 5] Test psa_cipher_set_iv Triple DES 2-Key +[Check 6] Test psa_cipher_set_iv Triple DES 3-Key +[Check 7] Test psa_cipher_set_iv AES - small iv buffer +[Check 8] Test psa_cipher_set_iv DES - small iv buffer +[Check 9] Test psa_cipher_set_iv AES - large iv buffer +[Check 10] Test psa_cipher_set_iv DES - large iv buffer +TEST RESULT: PASSED + +****************************************** + +TEST: 236 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING +[Check 2] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING (Short input) +[Check 3] Test psa_cipher_update - Encrypt - AES CBC_PKCS7 +[Check 4] Test psa_cipher_update - Encrypt - AES CBC_PKCS7 (Short input) +[Check 5] Test psa_cipher_update - Encrypt - AES CTR +[Check 6] Test psa_cipher_update - Encrypt - DES CBC (nopad) +[Check 7] Test psa_cipher_update - Encrypt - 2-key 3DE -CBC (nopad) +[Check 8] Test psa_cipher_update - Encrypt - 3-key 3DE -CBC (nopad) +[Check 9] Test psa_cipher_update - small output buffer size +[Check 10] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING +[Check 11] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING (Short input) +[Check 12] Test psa_cipher_update - Decrypt - AES CBC_PKCS7 +[Check 13] Test psa_cipher_update - Decrypt - AES CBC_PKCS7 (Short input) +[Check 14] Test psa_cipher_update - Decrypt - AES CTR +[Check 15] Test psa_cipher_update - Decrypt - DES CBC (nopad) +[Check 16] Test psa_cipher_update - Decrypt - 2-key 3DE -CBC (nopad) +[Check 17] Test psa_cipher_update - Decrypt - 3-key 3DE -CBC (nopad) +TEST RESULT: PASSED + +****************************************** + +TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING +[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short input) +[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 +[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input) +[Check 5] Test psa_cipher_finish - Encrypt - AES CTR +[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input) +[Check 7] Test psa_cipher_finish - Encrypt - DES CBC (nopad) +[Check 8] Test psa_cipher_finish - Encrypt - 2-key 3DE -CBC (nopad) +[Check 9] Test psa_cipher_finish - Encrypt - 3-key 3DE -CBC (nopad) +[Check 10] Test psa_cipher_finish - small output buffer size +[Check 11] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING +[Check 12] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short input) +[Check 13] Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 +[Check 14] Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 (Short input) +[Check 15] Test psa_cipher_finish - Decrypt - AES CTR +[Check 16] Test psa_cipher_finish - Decrypt - AES CTR (short input) +[Check 17] Test psa_cipher_finish - Decrypt - DES CBC (nopad) +[Check 18] Test psa_cipher_finish - Decrypt - 2-key 3DE -CBC (nopad) +[Check 19] Test psa_cipher_finish - 3-key 3DE -CBC (nopad) +TEST RESULT: PASSED + +****************************************** + +TEST: 238 | DESCRIPTION: Testing crypto symmetric cipher APIs +[Info] Executing tests from non-secure +[Check 1] Test psa_cipher_abort - Encrypt - AES CBC_NO_PADDING +[Check 2] Test psa_cipher_abort - Encrypt - AES CBC_PKCS7 +[Check 3] Test psa_cipher_abort - Encrypt - AES CTR +[Check 4] Test psa_cipher_abort - Encrypt - DES CBC (nopad) +[Check 5] Test psa_cipher_abort - Encrypt - 2-key 3DE -CBC (nopad) +[Check 6] Test psa_cipher_abort - Encrypt - 3-key 3DE -CBC (nopad) +[Check 7] Test psa_cipher_abort - Decrypt - AES CBC_NO_PADDING +[Check 8] Test psa_cipher_abort - Decrypt - AES CBC_PKCS7 +[Check 9] Test psa_cipher_abort - Decrypt - AES CTR +[Check 10] Test psa_cipher_abort - Decrypt - DES CBC (nopad) +[Check 11] Test psa_cipher_abort - Decrypt - 2-key 3DE -CBC (nopad) +[Check 12] Test psa_cipher_abort - Decrypt - 3-key 3DE -CBC (nopad) +[Check 1] Test psa_cipher_update after psa_cipher_abort should fail +TEST RESULT: PASSED + +****************************************** + +************ Crypto Suite Report ********** +TOTAL TESTS : 24 +TOTAL PASSED : 24 +TOTAL SIM ERROR : 0 +TOTAL FAILED : 0 +TOTAL SKIPPED : 0 +****************************************** + +Entering standby.. diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/protected_storage.txt b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/protected_storage.txt new file mode 100755 index 00000000..b7f12d55 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/reference_logs/protected_storage.txt @@ -0,0 +1,154 @@ +***** PSA Architecture Test Suite - Version 0.8 ***** + +Running.. Protected Storage Suite +****************************************** + +TEST: 401 | DESCRIPTION: UID not found check +[Info] Executing tests from non-secure +[Check 1] Call get API for UID 6 which is not set +[Check 2] Call get_info API for UID 6 which is not set +[Check 3] Call remove API for UID 6 which is not set +[Check 4] Call get API for UID 6 which is removed +[Check 5] Call get_info API for UID 6 which is removed +[Check 6] Call remove API for UID 6 which is removed +Set storage for UID 6 +[Check 7] Call get API for different UID 6 +[Check 8] Call get_info API for different UID 6 +[Check 9] Call remove API for different UID 6 +TEST RESULT: PASSED + +****************************************** + +TEST: 402 | DESCRIPTION: Write once error check +[Info] Executing tests from non-secure +[Check 1] Update the flag of UID 1 with WRITE_ONCE flag +[Check 2] Try to remove the UID 1 having WRITE_ONCE flag +[Check 3] Create a new UID 2 with WRITE_ONCE flag +[Check 4] Try to remove the UID 2 having WRITE_ONCE flag +[Check 5] Try to change the length of write_once UID 2 +[Check 6] Check UID removal still fails +[Check 7] Try to change the WRITE_ONCE flag to None for UID 2 +[Check 8] Check UID removal still fails +TEST RESULT: PASSED + +****************************************** + +TEST: 403 | DESCRIPTION: Insufficient space check +[Info] Executing tests from non-secure +[Check 1] Overload storage space +Remove all registered UIDs +[Check 2] Overload storage again to verify all previous UID removed +Remove all registered UIDs +TEST RESULT: PASSED + +****************************************** + +TEST: 404 | DESCRIPTION: Data Consistency check +[Info] Executing tests from non-secure +[Check 1] Call get API with incorrect length +[Check 2] Old buffer invalid after length change +TEST RESULT: PASSED + +****************************************** + +TEST: 405 | DESCRIPTION: Success scenarios check +[Info] Executing tests from non-secure +[Check 1] Set UID with data length zero and call storage APIs +[Check 2] Resetting the length check +TEST RESULT: PASSED + +****************************************** + +TEST: 406 | DESCRIPTION: Flags not supported check +[Info] Executing tests from non-secure +[Check 1] Call set API with valid flag values +TEST RESULT: PASSED + +****************************************** + +TEST: 407 | DESCRIPTION: Incorrect Size check +[Info] Executing tests from non-secure +Create a valid Storage +Increase the length of storage +[Check 1] Call get API with old length +Decrease the length of storage +[Check 2] Call get API with old length +[Check 3] Call get API with valid length +TEST RESULT: PASSED + +****************************************** + +TEST: 408 | DESCRIPTION: Invalid offset check +[Info] Executing tests from non-secure +[Check 1] Try to access data with varying valid offset +[Check 2] Try to access data with varying invalid offset +TEST RESULT: PASSED + +****************************************** + +TEST: 409 | DESCRIPTION: Invalid Arguments check +[Info] Executing tests from non-secure +[Check 1] Call set API with NULL pointer and data length 0 +[Check 2] Create UID with zero data length +[Check 3] Try to set NULL buffer for existing UID +[Check 4] Call get API with NULL read buffer and data length 0 +[Check 5] Increase the length +TEST RESULT: PASSED + +****************************************** + +TEST: 410 | DESCRIPTION: UID value zero check +[Info] Executing tests from non-secure +[Check 1] Creating storage with UID 0 should fail +TEST RESULT: PASSED + +****************************************** + +TEST: 411 | DESCRIPTION: Optional APIs: UID not found check +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +TEST: 412 | DESCRIPTION: Optional APIs: Invalid arguments and offset invalid +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +TEST: 413 | DESCRIPTION: Set_Extended and Create api : Success +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +TEST: 414 | DESCRIPTION: Optional APIs not supported check +[Info] Executing tests from non-secure +Optional PS APIs are not supported. +[Check 1] Call to create API should fail as API not supported +[Check 2] Create valid storage with set API +[Check 3] Call to set_extended API call should fail +[Check 4] Verify data is unchanged +TEST RESULT: PASSED + +****************************************** + +TEST: 415 | DESCRIPTION: Create API write_once flag value check +[Info] Executing tests from non-secure +Test Case skipped as Optional PS APIs are not supported. +TEST RESULT: SKIPPED (Skip Code=0x2B) + +****************************************** + +************ Protected Storage Suite Report ********** +TOTAL TESTS : 15 +TOTAL PASSED : 11 +TOTAL SIM ERROR : 0 +TOTAL FAILED : 0 +TOTAL SKIPPED : 4 +****************************************** + +Entering standby.. diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/spe/pal_driver_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/spe/pal_driver_intf.c new file mode 100644 index 00000000..4d522071 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/spe/pal_driver_intf.c @@ -0,0 +1,131 @@ + /** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + **/ + +#include "pal_driver_intf.h" + +/** + @brief - This function initializes the UART + @param - uart base addr + @return - void +**/ +void pal_uart_init(uint32_t uart_base_addr) +{ + pal_uart_pl011_init(uart_base_addr); +} + +/** + @brief - This function parses the input string and writes bytes into UART TX FIFO + @param - str : Input String + - data : Value for format specifier +**/ + +void pal_print(char *str, int32_t data) +{ + pal_uart_pl011_print(str,data); +} + + +/** + @brief - Writes into given non-volatile address. + @param - base : Base address of nvmem + offset : Offset + buffer : Pointer to source address + size : Number of bytes + @return - 1/0 +**/ +int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size) +{ + return nvmem_write(base, offset, buffer, size); +} + +/** + @brief - Reads from given non-volatile address. + @param - base : Base address of nvmem + offset : Offset + buffer : Pointer to source address + size : Number of bytes + @return - 1/0 +**/ +int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size) +{ + return nvmem_read(base, offset, buffer, size); +} + + +/** + @brief - Initializes an hardware watchdog timer + @param - base_addr : Base address of the watchdog module + - time_us : Time in micro seconds + - timer_tick_us : Number of ticks per micro second + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us) +{ + return(pal_wd_cmsdk_init(base_addr,time_us, timer_tick_us)); + +} + +/** + @brief - Enables a hardware watchdog timer + @param - base_addr : Base address of the watchdog module + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_enable(addr_t base_addr) +{ + return(pal_wd_cmsdk_enable(base_addr)); +} + +/** + @brief - Disables a hardware watchdog timer + @param - base_addr : Base address of the watchdog module + @return - SUCCESS/FAILURE +**/ +int pal_wd_timer_disable(addr_t base_addr) +{ + return (pal_wd_cmsdk_disable(base_addr)); +} + +/** + @brief - Checks whether hardware watchdog timer is enabled + @param - base_addr : Base address of the watchdog module + @return - Enabled : 1, Disabled : 0 +**/ +int pal_wd_timer_is_enabled(addr_t base_addr) +{ + return (pal_wd_cmsdk_is_enabled(base_addr)); +} + +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void pal_generate_interrupt(void) +{ + pal_uart_pl011_generate_irq(); +} + +/** + @brief - Disable interrupt that was generated using pal_generate_interrupt API. + @param - void + @return - void +**/ +void pal_disable_interrupt(void) +{ + pal_uart_pl011_disable_irq(); +} diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/spe/pal_driver_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/spe/pal_driver_intf.h new file mode 100644 index 00000000..cef34ca8 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/spe/pal_driver_intf.h @@ -0,0 +1,35 @@ + /** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + **/ + +#ifndef _PAL_DRIVER_INTF_H_ +#define _PAL_DRIVER_INTF_H_ + +#include "pal_uart.h" +#include "pal_nvmem.h" +#include "pal_wd_cmsdk.h" + +void pal_uart_init(uint32_t uart_base_addr); +void pal_print(char *str, int32_t data); +int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); +int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); +int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); +int pal_wd_timer_enable(addr_t base_addr); +int pal_wd_timer_disable(addr_t base_addr); +int pal_wd_timer_is_enabled(addr_t base_addr); +void pal_generate_interrupt(void); +void pal_disable_interrupt(void); +#endif /* _PAL_DRIVER_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/target.cfg b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/target.cfg new file mode 100644 index 00000000..629efb53 --- /dev/null +++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/target.cfg @@ -0,0 +1,56 @@ +///** @file +// * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +// * SPDX-License-Identifier : Apache-2.0 +// * +// * Licensed under the Apache License, Version 2.0 (the "License"); +// * you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at +// * +// * http://www.apache.org/licenses/LICENSE-2.0 +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the License is distributed on an "AS IS" BASIS, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the License for the specific language governing permissions and +// * limitations under the License. +//**/ + +// UART device info +uart.num=1; +uart.0.base = 0x40106000; // UART1_NS +uart.0.size = 0xFFF; +uart.0.intr_id = 0xFF; +uart.0.permission = TYPE_READ_WRITE; + +// Watchdog device info +watchdog.num = 1; +watchdog.0.base = 0x40081000; +watchdog.0.size = 0xFFF; +watchdog.0.intr_id = 0xFF; +watchdog.0.permission = TYPE_READ_WRITE; +watchdog.0.num_of_tick_per_micro_sec = 0x3; //(sys_feq/1000000) +watchdog.0.timeout_in_micro_sec_low = 0xF4240; //1.0 sec : 1 * 1000 * 1000 +watchdog.0.timeout_in_micro_sec_medium = 0x1E8480; //2.0 sec : 2 * 1000 * 1000 +watchdog.0.timeout_in_micro_sec_high = 0x4C4B40; //5.0 sec : 5 * 1000 * 1000 +watchdog.0.timeout_in_micro_sec_crypto = 0x1312D00; //18.0 sec : 18 * 1000 * 1000 + +// Range of 1KB Non-volatile memory to preserve data over reset. Ex, NVRAM and FLASH +nvmem.num =1; +nvmem.0.start = 0x20060000; +nvmem.0.end = 0x200603FF; +nvmem.0.permission = TYPE_READ_WRITE; + +// Miscellaneous - Test scatter info +dut.num = 1; + +// Start address of 12KB NS memory for test ELF +dut.0.ns_test_addr = 0x28110000; + +// Start address of combine_test_binary in memory. Memory can be main memory or secondary memory. +// Size of combine_test_binary = Summation of size of each test ELF file. +dut.0.ns_start_addr_of_combine_test_binary = 0x28120000; + +// Is combine_test_binary available in RAM? +dut.0.combine_test_binary_in_ram = AVAILABLE; + +dut.0.implemented_psa_firmware_isolation_level = LEVEL1; diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/Makefile b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/Makefile index 58167536..894cec4d 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/Makefile +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/Makefile @@ -83,6 +83,7 @@ endif ifeq (${PSA_INITIAL_ATTESTATION_IMPLEMENTED},1) SRC_C_NSPE += pal_attestation_intf.c SRC_C_NSPE += pal_attestation_eat.c +SRC_C_NSPE += pal_attestation_crypto.c else SRC_C_NSPE += pal_attestation_empty_intf.c endif @@ -98,7 +99,7 @@ INCLUDE= -I$(SOURCE)/platform/targets/$(TARGET)/nspe \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/initial_attestation/ext/inc \ -I$(SOURCE)/platform/targets/$(TARGET)/nspe/internal_trusted_storage \ - -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage + -I$(SOURCE)/platform/targets/$(TARGET)/nspe/protected_storage \ VPATH=$(SOURCE)/platform/targets/$(TARGET)/: \ $(SOURCE)/platform/targets/$(TARGET)/spe: \ diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json index 5d57571c..3e2ec674 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/common/driver_partition_psa.json @@ -3,11 +3,9 @@ "name": "DRIVER_PARTITION", "type": "PSA-ROT", "priority": "NORMAL", - "id": "0x00000003", "description": "Implements device services such print, flash read/write,. etc.", "entry_point": "driver_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "DRIVER_UART_SID", "sid": "0x0000FC01", @@ -33,9 +31,9 @@ "minor_policy": "RELAXED" }, { - "name": "TEST_INTR_SID", + "name": "DRIVER_TEST_SID", "sid": "0x0000FC04", - "signal": "TEST_INTR_SIG", + "signal": "DRIVER_TEST_SIG", "non_secure_clients": true, "minor_version": 1, "minor_policy": "RELAXED" @@ -69,13 +67,9 @@ ], "irqs": [ { + "description": "Using UART TX interrupt to test psa_wait and psa_eoi for irq_signal", "signal": "DRIVER_UART_INTR_SIG", "line_num": 17 } - ], - "linker_pattern": { - "object_list": [ - "driver_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json index 081dc95d..b93377bd 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/client_partition_psa.json @@ -3,11 +3,9 @@ "name": "CLIENT_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000001", "description": "Client partition executing client test func from SPE", "entry_point": "client_main", "stack_size": "0x400", - "heap_size": "0x100", "services": [{ "name": "CLIENT_TEST_DISPATCHER_SID", "sid": "0x0000FA01", @@ -20,7 +18,7 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID", - "TEST_INTR_SID", + "DRIVER_TEST_SID", "SERVER_TEST_DISPATCHER_SID", "SERVER_UNSPECIFED_MINOR_V_SID", "SERVER_STRICT_MINOR_VERSION_SID", @@ -35,10 +33,5 @@ "size": "0x20", "permission": "READ-WRITE" } - ], - "linker_pattern": { - "object_list": [ - "client_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json index 3541387c..146b8fbc 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/manifests/ipc/server_partition_psa.json @@ -3,7 +3,6 @@ "name": "SERVER_PARTITION", "type": "APPLICATION-ROT", "priority": "NORMAL", - "id": "0x00000002", "description": "Server partition executing server test func", "entry_point": "server_main", "stack_size": "0x400", @@ -66,10 +65,5 @@ "dependencies": [ "DRIVER_UART_SID", "DRIVER_NVMEM_SID" - ], - "linker_pattern": { - "object_list": [ - "server_partition.a" - ] - } + ] } diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h index daa0ec5f..e3f70ad7 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h @@ -50,7 +50,7 @@ #endif #if !defined(VERBOSE) -#define VERBOSE 4 /* Print verbosity = ERROR */ +#define VERBOSE 3 /* Print verbosity = TEST */ #endif #if (!defined(VAL_NSPE_BUILD) && !defined(SPE_BUILD)) @@ -62,7 +62,15 @@ #endif #if !defined(TEST_COMBINE_ARCHIVE) -//#define TEST_COMBINE_ARCHIVE /* Test dispatcher code selection */ +#define TEST_COMBINE_ARCHIVE 0 /* Combine test archive or binary? */ +#endif + +#if !defined(WATCHDOG_AVAILABLE) +#define WATCHDOG_AVAILABLE 0 /* If zero, skip watchdog programming */ +#endif + +#if !defined(SP_HEAP_MEM_SUPP) +#define SP_HEAP_MEM_SUPP 0 /* Are Dynamic funcs available to secure partition? */ #endif /* @@ -79,6 +87,13 @@ * of this file. */ #include "psa_manifest/sid.h" + +/* + * psa_manifest/pid.h: Secure Partition IDs + * Macro definitions that map from Secure Partition names to Secure Partition IDs. + * Partition manifest parse build tool must provide the implementation of this file. +*/ +#include "psa_manifest/pid.h" #endif #if PSA_CRYPTO_IMPLEMENTED diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c index 32aef9c5..f8f773fb 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ipc_intf.c @@ -56,7 +56,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { int string_len = 0; char *p = str; diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c index dd6b14c7..2af6fcc7 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_driver_ns_intf.c @@ -38,7 +38,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr) @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data) +int pal_print_ns(char *str, int32_t data) { pal_cmsdk_print(str, data); return PAL_STATUS_SUCCESS; diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c index ad838f91..3df6aa8d 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c @@ -36,7 +36,7 @@ int32_t pal_crypto_function(int type, va_list valist) uint32_t status; const void *extra; size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length; - psa_key_handle_t handle, *key_handle; + psa_key_handle_t handle, *key_handle, target_handle; psa_key_type_t key_type, *key_type_out; psa_key_policy_t *policy; psa_key_usage_t usage, *usage_out; @@ -325,6 +325,11 @@ int32_t pal_crypto_function(int type, va_list valist) case PAL_CRYPTO_ALLOCATE_KEY: key_handle = (psa_key_handle_t *)va_arg(valist, int*); return psa_allocate_key(key_handle); + case PAL_CRYPTO_COPY_KEY: + handle = (psa_key_handle_t)va_arg(valist, int); + target_handle = (psa_key_handle_t)va_arg(valist, int); + policy = va_arg(valist, psa_key_policy_t*); + return psa_copy_key(handle, target_handle, policy); case PAL_CRYPTO_FREE: for (i = 0; i < PAL_KEY_SLOT_COUNT; i++) psa_destroy_key(i); diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h index dfabee18..d1dabfa4 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h @@ -68,6 +68,7 @@ enum crypto_function_code { PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, PAL_CRYPTO_KEY_AGREEMENT = 0x32, PAL_CRYPTO_ALLOCATE_KEY = 0x33, + PAL_CRYPTO_COPY_KEY = 0x34, PAL_CRYPTO_FREE = 0xFE, }; diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c new file mode 100644 index 00000000..ae2bdba4 --- /dev/null +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c @@ -0,0 +1,346 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_attestation_crypto.h" + +static uint32_t public_key_registered = 0; + +static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf, + size_t amount) +{ + return UsefulBuf_Head(buf, amount); +} + +static uint32_t check_hash_sizes(void) +{ + if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256)) + { + return PAL_ATTEST_HASH_FAIL; + } + + return PAL_ATTEST_SUCCESS; +} + +static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve) +{ + psa_ecc_curve_t psa_curve; + + /*FixMe: Mapping is not complete, missing ones: P384, P521, ED25519, ED448 */ + switch (cose_curve) + { + case P_256: + psa_curve = PSA_ECC_CURVE_SECP256R1; + break; + default: + psa_curve = USHRT_MAX; + } + + return psa_curve; +} + +static psa_algorithm_t cose_hash_alg_id_to_psa(int32_t cose_hash_alg_id) +{ + psa_algorithm_t status; + + switch (cose_hash_alg_id) + { + case COSE_ALG_SHA256_PROPRIETARY: + status = PSA_ALG_SHA_256; + break; + default: + status = PSA_ALG_MD4; + break; + } + + return status; +} + +static int32_t hash_alg_id_from_sig_alg_id(int32_t cose_sig_alg_id) +{ + switch (cose_sig_alg_id) + { + case COSE_ALGORITHM_ES256: + return COSE_ALG_SHA256_PROPRIETARY; + default: + return INT32_MAX; + } +} + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id) +{ + int32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + cose_ret = check_hash_sizes(); + if (cose_ret) + { + goto error; + } + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + psa_hash_ctx->status = PAL_ATTEST_SUCCESS; + cose_ret = PAL_ATTEST_SUCCESS; + } + else if (psa_ret == PSA_ERROR_NOT_SUPPORTED) + { + cose_ret = PAL_ATTEST_HASH_UNSUPPORTED; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash) +{ + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + return; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + if (data_to_hash.ptr != NULL) + { + psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation, + data_to_hash.ptr, + data_to_hash.len); + } + else + { + /* Intentionally do nothing, just computing the size of the token */ + } + } +} + +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result) +{ + uint32_t cose_ret = PAL_ATTEST_SUCCESS; + psa_status_t psa_ret; + struct pal_cose_psa_crypto_hash *psa_hash_ctx; + + if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash)) + { + cose_ret = PAL_ATTEST_HASH_FAIL; + goto error; + } + + psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx; + + if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS) + { + psa_ret = psa_hash_finish(&psa_hash_ctx->operation, + buffer_to_hold_result.ptr, + buffer_to_hold_result.len, + &(hash_result->len)); + + if (psa_ret == PAL_ATTEST_SUCCESS) + { + hash_result->ptr = buffer_to_hold_result.ptr; + cose_ret = 0; + } + else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL) + { + cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE; + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + } + else + { + cose_ret = PAL_ATTEST_HASH_FAIL; + } + +error: + return cose_ret; +} + +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + struct pal_cose_crypto_hash hash_ctx; + + status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY); + if (status) + return status; + + pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash); + status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash); + + return status; +} + +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload) +{ + uint32_t status; + QCBOREncodeContext cbor_encode_ctx; + struct q_useful_buf_c tbs_first_part; + QCBORError qcbor_result; + struct pal_cose_crypto_hash hash_ctx = {{0}}; + int32_t hash_alg_id; + UsefulBuf_MAKE_STACK_UB (buffer_for_TBS_first_part, T_COSE_SIZE_OF_TBS); + + /* This builds the CBOR-format to-be-signed bytes */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part); + QCBOREncode_OpenArray(&cbor_encode_ctx); + /* context */ + QCBOREncode_AddSZString(&cbor_encode_ctx, + COSE_SIG_CONTEXT_STRING_SIGNATURE1); + /* body_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, + protected_headers); + /* sign_protected */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* external_aad */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + /* fake payload */ + QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C); + QCBOREncode_CloseArray(&cbor_encode_ctx); + + /* Get the result and convert it to struct q_useful_buf_c representation */ + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &tbs_first_part); + if (qcbor_result) + { + /* Mainly means that the protected_headers were too big + (which should never happen) */ + status = PAL_ATTEST_ERR_SIGN_STRUCT; + goto Done; + } + + /* Start the hashing */ + hash_alg_id = hash_alg_id_from_sig_alg_id(cose_alg_id); + + /* Don't check hash_alg_id for failure. pal_cose_crypto_hash_start() + * will handle it properly + */ + status = pal_cose_crypto_hash_start(&hash_ctx, hash_alg_id); + if (status) + goto Done; + + /* Hash the first part of the TBS. Take all but the last two + * bytes. The last two bytes are the fake payload from above. It + * is replaced by the real payload which is hashed next. The fake + * payload is needed so the array count is right. This is one of + * the main things that make it possible to implement with one + * buffer for the whole cose sign1. + */ + pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, + tbs_first_part.len - 2)); + + /* Hash the payload */ + pal_cose_crypto_hash_update(&hash_ctx, payload); + + /* Finish the hash and set up to return it */ + status = pal_cose_crypto_hash_finish(&hash_ctx, + buffer_for_hash, + hash); + +Done: + return status; +} + +uint32_t pal_import_attest_key(int32_t alg) +{ + psa_key_type_t attest_key_type; + size_t public_key_size; + psa_status_t status = PSA_SUCCESS; + psa_key_policy_t policy; + psa_ecc_curve_t psa_curve; + psa_key_handle_t public_key_handle; + + /* Mapping of COSE curve type to PSA curve types */ + psa_curve = attest_map_elliptic_curve_type(P_256); + if (psa_curve == USHRT_MAX) + return PAL_ATTEST_ERROR; + + /* Setup the key policy for public key */ + policy = psa_key_policy_init(); + psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg); + + status = psa_allocate_key(&public_key_handle); + if (status != PSA_SUCCESS) + return status; + + status = psa_set_key_policy(public_key_handle, &policy); + if (status != PSA_SUCCESS) + return status; + + attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve); + + /* Register public key to crypto service */ + public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size; + + status = psa_import_key(public_key_handle, + attest_key_type, + (const uint8_t *)&attest_public_key, + public_key_size + 1); + + return status; +} + + +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, + struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature) +{ + uint32_t status = PAL_ATTEST_SUCCESS; + + if (!public_key_registered) + { + status = pal_import_attest_key(cose_algorithm_id); + if (status != PAL_ATTEST_SUCCESS) + return status; + + public_key_registered = 1; + } + +/* + * Enable the verify function when Trusted Firmare - M Supports + + * Verify the signature a hash or short message using a public key. + status = psa_asymmetric_verify(public_key_handle, + cose_algorithm_id, token_hash.ptr, token_hash.len, + signature.ptr, signature.len); +*/ + return status; +} diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h new file mode 100644 index 00000000..2d63ad13 --- /dev/null +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h @@ -0,0 +1,102 @@ +/** @file + * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. + * SPDX-License-Identifier : Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +**/ + +#include "pal_common.h" +#include "pal_attestation_eat.h" + +#define ATTEST_PUBLIC_KEY_SLOT 4 + +typedef struct{ + uint8_t *pubx_key; + uint32_t pubx_key_size; + uint8_t *puby_key; + uint32_t puby_key_size; +} ecc_key_t; + +struct ecc_public_key_t { + const uint8_t a; + uint8_t public_key[]; /* X-coordinate || Y-coordinate */ +}; + +static const struct ecc_public_key_t attest_public_key = { + /* Constant byte */ + 0x04, + /* X-coordinate */ + {0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F, + /* Y-coordinate */ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64}, +}; + +struct pal_cose_crypto_hash { + /* Can't put the actual size here without creating dependecy on + * actual hash implementation, so this is a fairly large and + * accommodating size. + */ + uint8_t bytes[128]; +}; + +struct pal_cose_psa_crypto_hash { + psa_status_t status; + psa_hash_operation_t operation; +}; + +static const uint8_t initial_attestation_public_x_key[] = +{ + 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6, + 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A, + 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D, + 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F +}; + +static const uint8_t initial_attestation_public_y_key[] = +{ + 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF, + 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D, + 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08, + 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64 +}; + +/* Initialize the structure with given public key */ +static const ecc_key_t attest_key = { + (uint8_t *)initial_attestation_public_x_key, + sizeof(initial_attestation_public_x_key), + (uint8_t *)initial_attestation_public_y_key, + sizeof(initial_attestation_public_y_key) +}; + +int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id); +void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf_c data_to_hash); +int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx, + struct q_useful_buf buffer_to_hold_result, + struct q_useful_buf_c *hash_result); +int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash); +uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash, + struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers, + struct q_useful_buf_c payload); +uint32_t pal_import_attest_key(int32_t alg); +uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash, + struct q_useful_buf_c signature); + + diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c index 262dc5dd..178fdc9c 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c @@ -15,10 +15,56 @@ * limitations under the License. **/ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" + +uint32_t mandatory_claims = 0; +uint32_t mandaroty_sw_components = 0; +bool_t sw_component_present = 0; + +static int pal_encode_cose_key(struct q_useful_buf_c *cose_key, + struct q_useful_buf buffer_for_cose_key, + struct q_useful_buf_c x_cord, struct q_useful_buf_c y_cord) +{ + uint32_t return_value; + QCBORError qcbor_result; + QCBOREncodeContext cbor_encode_ctx; + int32_t cose_curve_id = P_256; + struct q_useful_buf_c encoded_key_id; + + /* Get the public key x and y */ + /* Encode it into a COSE_Key structure */ + QCBOREncode_Init(&cbor_encode_ctx, buffer_for_cose_key); + QCBOREncode_OpenMap(&cbor_encode_ctx); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_COMMON_KTY, + COSE_KEY_TYPE_EC2); + QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_CRV, + cose_curve_id); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_X_COORDINATE, + x_cord); + QCBOREncode_AddBytesToMapN(&cbor_encode_ctx, + COSE_KEY_PARAM_Y_COORDINATE, + y_cord); + QCBOREncode_CloseMap(&cbor_encode_ctx); + + qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &encoded_key_id); + if (qcbor_result != QCBOR_SUCCESS) + { + /* Mainly means that the COSE_Key was too big for buffer_for_cose_key */ + return_value = PAL_ATTEST_ERR_PROTECTED_HEADERS; + goto Done; + } + + /* Finish up and return */ + *cose_key = encoded_key_id; + return_value = PAL_ATTEST_SUCCESS; + +Done: + return return_value; +} -uint32_t mandatory_claims = 0, mandaroty_sw_components = 0; -bool_t sw_component_present = 0; static int get_items_in_map(QCBORDecodeContext *decode_context, struct items_to_get_t *item_list) @@ -90,7 +136,7 @@ static int get_item_in_map(QCBORDecodeContext *decode_context, } static int parse_unprotected_headers(QCBORDecodeContext *decode_context, - struct useful_buf_c *child, + struct q_useful_buf_c *child, bool *loop_back) { struct items_to_get_t item_list[3]; @@ -120,7 +166,7 @@ static int parse_unprotected_headers(QCBORDecodeContext *decode_context, return PAL_ATTEST_SUCCESS; } -static int parse_protected_headers(struct useful_buf_c protected_headers, +static int parse_protected_headers(struct q_useful_buf_c protected_headers, int32_t *alg_id) { QCBORDecodeContext decode_context; @@ -156,7 +202,7 @@ static int parse_protected_headers(struct useful_buf_c protected_headers, @return - error status **/ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, - struct useful_buf_c completed_challenge) + struct q_useful_buf_c completed_challenge) { int i, count = 0; int status = PAL_ATTEST_SUCCESS; @@ -281,16 +327,42 @@ static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item, int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size, uint8_t *token, uint32_t token_size) { - int status = PAL_ATTEST_SUCCESS; + int32_t status = PAL_ATTEST_SUCCESS; bool short_circuit; int32_t cose_algorithm_id; QCBORItem item; QCBORDecodeContext decode_context; - struct useful_buf_c completed_challenge; - struct useful_buf_c completed_token; - struct useful_buf_c payload; - struct useful_buf_c protected_headers; - struct useful_buf_c kid; + struct q_useful_buf_c completed_challenge; + struct q_useful_buf_c completed_token; + struct q_useful_buf_c payload; + struct q_useful_buf_c signature; + struct q_useful_buf_c protected_headers; + struct q_useful_buf_c kid; + struct q_useful_buf_c x_cord; + struct q_useful_buf_c y_cord; + struct q_useful_buf_c cose_key_to_hash; + struct q_useful_buf_c key_hash; + struct q_useful_buf_c token_hash; + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_x_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buf_to_hold_y_coord, T_COSE_CRYPTO_EC_P256_COORD_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_cose_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_encoded_key, MAX_ENCODED_COSE_KEY_SIZE); + USEFUL_BUF_MAKE_STACK_UB(buffer_for_token_hash, T_COSE_CRYPTO_SHA256_SIZE); + + kid.ptr = buffer_for_encoded_key.ptr; + + memcpy(buf_to_hold_x_coord.ptr, (const void *)attest_key.pubx_key, attest_key.pubx_key_size); + memcpy(buf_to_hold_y_coord.ptr, (const void *)attest_key.puby_key, attest_key.puby_key_size); + + /* Update size */ + buf_to_hold_x_coord.len = attest_key.pubx_key_size; + buf_to_hold_y_coord.len = attest_key.puby_key_size; + + x_cord.ptr = buf_to_hold_x_coord.ptr; + x_cord.len = buf_to_hold_x_coord.len; + y_cord.ptr = buf_to_hold_y_coord.ptr; + y_cord.len = buf_to_hold_y_coord.len; /* Construct the token buffer for validation */ completed_token.ptr = token; @@ -345,6 +417,27 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (status != PAL_ATTEST_SUCCESS) return status; + /* Encode the given public key */ + status = pal_encode_cose_key(&cose_key_to_hash, buffer_for_cose_key, x_cord, y_cord); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Create hash of the given public key */ + status = pal_create_sha256(cose_key_to_hash, buffer_for_kid, &key_hash); + if (status != PSA_SUCCESS) + return status; + + /* Compare the hash of the public key in token and hash of the given public key */ + if (kid.len != key_hash.len) + { + return PAL_ATTEST_HASH_LENGTH_MISMATCH; + } + + if (memcmp(kid.ptr, key_hash.ptr, kid.len) != 0) + { + return PAL_ATTEST_HASH_MISMATCH; + } + /* Get the payload */ QCBORDecode_GetNext(&decode_context, &item); if (item.uDataType != QCBOR_TYPE_BYTE_STRING) @@ -357,6 +450,19 @@ int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_s if (item.uDataType != QCBOR_TYPE_BYTE_STRING) return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING; + signature = item.val.string; + + /* Compute the hash from the token */ + status = pal_compute_hash(cose_algorithm_id, buffer_for_token_hash, &token_hash, + protected_headers, payload); + if (status != PAL_ATTEST_SUCCESS) + return status; + + /* Verify the signature */ + status = pal_crypto_pub_key_verify(cose_algorithm_id, token_hash, signature); + if (status != PAL_ATTEST_SUCCESS) + return status; + /* Initialize the Decoder and validate the payload format */ QCBORDecode_Init(&decode_context, payload, QCBOR_DECODE_MODE_NORMAL); status = QCBORDecode_GetNext(&decode_context, &item); diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h index 9f435fb3..8a0c5455 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h @@ -17,16 +17,70 @@ #include "qcbor.h" #include "pal_common.h" +#include "psa/crypto.h" #define PAL_ATTEST_MIN_ERROR 30 +/* NIST P-256 also known as secp256r1 */ +#define P_256 1 + #define COSE_HEADER_PARAM_ALG 1 #define COSE_HEADER_PARAM_KID 4 -#define MANDATORY_CLAIM_WITH_SW_COMP 862 -#define MANDATORY_CLAIM_NO_SW_COMP 926 -#define MANDATORY_SW_COMP 36 -#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 +#define COSE_KEY_COMMON_KTY 1 +#define COSE_KEY_TYPE_EC2 2 +#define COSE_KEY_PARAM_CRV -1 +#define COSE_KEY_PARAM_X_COORDINATE -2 +#define COSE_KEY_PARAM_Y_COORDINATE -3 +#define COSE_ALGORITHM_ES256 -7 +#define COSE_ALG_SHA256_PROPRIETARY -72000 + +/** + * The size of X and Y coordinate in 2 parameter style EC public + * key. Format is as defined in [COSE (RFC 8152)] + * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve + * Cryptography](http://www.secg.org/sec1-v2.pdf). + * + * This size is well-known and documented in public standards. + */ +#define T_COSE_CRYPTO_EC_P256_COORD_SIZE 32 +#define T_COSE_CRYPTO_SHA256_SIZE 32 + +#define MAX_ENCODED_COSE_KEY_SIZE \ + 1 + /* 1 byte to encode map */ \ + 2 + /* 2 bytes to encode key type */ \ + 2 + /* 2 bytes to encode curve */ \ + 2 * /* the X and Y coordinates at 32 bytes each */ \ + (T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2) +#define USEFUL_BUF_MAKE_STACK_UB UsefulBuf_MAKE_STACK_UB + +#define COSE_SIG_CONTEXT_STRING_SIGNATURE1 "Signature1" + +/* Private value. Intentionally not documented for Doxygen. + * This is the size allocated for the encoded protected headers. It + * needs to be big enough for make_protected_header() to succeed. It + * currently sized for one header with an algorithm ID up to 32 bits + * long -- one byte for the wrapping map, one byte for the label, 5 + * bytes for the ID. If this is made accidentially too small, QCBOR will + * only return an error, and not overrun any buffers. + * + * 9 extra bytes are added, rounding it up to 16 total, in case some + * other protected header is to be added. + */ +#define T_COSE_SIGN1_MAX_PROT_HEADER (1+1+5+9) + +/** + * This is the size of the first part of the CBOR encoded TBS + * bytes. It is around 20 bytes. See create_tbs_hash(). + */ +#define T_COSE_SIZE_OF_TBS \ + 1 + /* For opening the array */ \ + sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \ + 2 + /* Overhead for encoding string */ \ + T_COSE_SIGN1_MAX_PROT_HEADER + /* entire protected headers */ \ + 3 * ( /* 3 NULL bstrs for fields not used */ \ + 1 /* size of a NULL bstr */ \ + ) /* CBOR Label for proprietary header indicating short-circuit @@ -47,6 +101,8 @@ #define EAT_CBOR_ARM_LABEL_UEID (EAT_CBOR_ARM_RANGE_BASE - 9) #define EAT_CBOR_ARM_LABEL_ORIGINATION (EAT_CBOR_ARM_RANGE_BASE - 10) +#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10 + #define EAT_CBOR_SW_COMPONENT_TYPE (1u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT (2u) #define EAT_CBOR_SW_COMPONENT_EPOCH (3u) @@ -54,6 +110,40 @@ #define EAT_CBOR_SW_COMPONENT_SIGNER_ID (5u) #define EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC (6u) +#define MANDATORY_CLAIM_WITH_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SW_COMPONENTS)) + +#define MANDATORY_CLAIM_NO_SW_COMP (1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NONCE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_UEID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_CLIENT_ID) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_BOOT_SEED) | \ + 1 << (EAT_CBOR_ARM_RANGE_BASE \ + - EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS)) + +#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \ + 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID) + +#define NULL_USEFUL_BUF_C NULLUsefulBufC enum attestation_error_code { PAL_ATTEST_SUCCESS = 0, @@ -61,6 +151,13 @@ enum attestation_error_code { PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH, PAL_ATTEST_TOKEN_NOT_SUPPORTED, PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS, + PAL_ATTEST_HASH_LENGTH_MISMATCH, + PAL_ATTEST_HASH_MISMATCH, + PAL_ATTEST_HASH_FAIL, + PAL_ATTEST_HASH_UNSUPPORTED, + PAL_ATTEST_HASH_BUFFER_SIZE, + PAL_ATTEST_ERR_PROTECTED_HEADERS, + PAL_ATTEST_ERR_SIGN_STRUCT, PAL_ATTEST_ERROR, }; diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h index ef132b5b..12f6ee94 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h @@ -18,7 +18,7 @@ #ifndef _PAL_INITIAL_ATTESTATION_H_ #define _PAL_INITIAL_ATTESTATION_H_ -#include "pal_attestation_eat.h" +#include "pal_attestation_crypto.h" enum attestation_function_code { PAL_INITIAL_ATTEST_GET_TOKEN = 0x1, diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c index cc8b5373..fd307839 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.c @@ -33,7 +33,7 @@ void pal_uart_init(uint32_t uart_base_addr) - data : Value for format specifier **/ -void pal_print(char *str, uint32_t data) +void pal_print(char *str, int32_t data) { pal_cmsdk_print(str,data); @@ -110,3 +110,23 @@ int pal_wd_timer_is_enabled(addr_t base_addr) return (pal_wd_cmsdk_is_enabled(base_addr)); } +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void pal_generate_interrupt(void) +{ + pal_uart_cmsdk_generate_irq(); +} + +/** + @brief - Disable interrupt that was generated using pal_generate_interrupt API. + @param - void + @return - void +**/ +void pal_disable_interrupt(void) +{ + pal_uart_cmsdk_disable_irq(); +} diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h index da85a63e..cef34ca8 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/spe/pal_driver_intf.h @@ -23,11 +23,13 @@ #include "pal_wd_cmsdk.h" void pal_uart_init(uint32_t uart_base_addr); -void pal_print(char *str, uint32_t data); +void pal_print(char *str, int32_t data); int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); int pal_wd_timer_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); int pal_wd_timer_enable(addr_t base_addr); int pal_wd_timer_disable(addr_t base_addr); int pal_wd_timer_is_enabled(addr_t base_addr); +void pal_generate_interrupt(void); +void pal_disable_interrupt(void); #endif /* _PAL_DRIVER_INTF_H_ */ diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/target.cfg b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/target.cfg index 37b2628b..9a407b80 100644 --- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/target.cfg +++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/target.cfg @@ -62,18 +62,21 @@ dut.0.combine_test_binary_in_ram = AVAILABLE; // Level of Isolation dut.0.implemented_psa_firmware_isolation_level = LEVEL1; +// Are dynamic memory allocation functions available to secure partition? +dut.0.sp_heap_mem_supp = AVAILABLE; + // Assign free memory range for isolation testing. Choose the addresses // for these memory regions such that it follows below condition: -// nspe_mmio.0.start < client_partition_mmio.0.start < driver_partition_mmio.0.start. +// nspe_mmio.0.start < server_partition_mmio.0.start < driver_partition_mmio.0.start. nspe_mmio.num=1; nspe_mmio.0.start = 0x200AF000; nspe_mmio.0.end = 0x200AF01F; nspe_mmio.0.permission = TYPE_READ_WRITE; -client_partition_mmio.num=1; -client_partition_mmio.0.start = 0x200AF020; -client_partition_mmio.0.end = 0x200AF03F; -client_partition_mmio.0.permission = TYPE_READ_WRITE; +server_partition_mmio.num=1; +server_partition_mmio.0.start = 0x200AF020; +server_partition_mmio.0.end = 0x200AF03F; +server_partition_mmio.0.permission = TYPE_READ_WRITE; driver_partition_mmio.num=1; driver_partition_mmio.0.start = 0x200AF040; diff --git a/api-tests/tools/makefiles/Makefile b/api-tests/tools/makefiles/Makefile index 6891f43a..1aa790b1 100644 --- a/api-tests/tools/makefiles/Makefile +++ b/api-tests/tools/makefiles/Makefile @@ -30,17 +30,32 @@ all: clean target_cfg gen_linker process_testsuite.db build #Generate target files from User provided data base target_cfg: + @echo "" + @echo "Processing target configuration..." mkdir -p $(BUILD)/platform/${TARGET}/ @if [ ! -f "$(SOURCE)/platform/targets/$(TARGET)/target.cfg" ]; then { echo "Error: Target Not Found!!!"; exit 1; } fi - perl $(SOURCE)/tools/scripts/targetConfigGen.pl $(SOURCE) $(BUILD) ${TARGET} + python $(SOURCE)/tools/scripts/targetConfigGen.py ${TARGET} $(SOURCE)/val/common/val_target.h \ + $(SOURCE)/platform/targets/${TARGET}/target.cfg $(BUILD)/platform/${TARGET}/targetConfigGen.c \ + $(BUILD)/platform/${TARGET}/target_database.h target_database "" + gcc -D__addr_t_defined -DTARGET_CFG_BUILD $(BUILD)/platform/${TARGET}/targetConfigGen.c -o $(BUILD)/platform/${TARGET}/targetConfigGen \ + -I$(SOURCE)/val/nspe -I$(SOURCE)/val/common -I$(SOURCE)/platform/targets/${TARGET}/nspe/common + ./$(BUILD)/platform/${TARGET}/targetConfigGen #Read target.cfg and update the addresses in linker script gen_linker: + @echo "" + @echo "Updating linker files..." mkdir -p $(SUITE_OUT)/ $(BUILD)/val/ $(BUILD)/partition/ ; perl $(SOURCE)/tools/scripts/process_test_linker_file.pl $(SOURCE) $(SUITE_OUT) ${TARGET} $(TOOLCHAIN) process_testsuite.db: - $(eval TEST_LIST := $(shell grep "^test" $(SUITE_IN)/testsuite.db > $(SUITE_OUT)/.testlist.txt ; dos2unix $(SUITE_OUT)/.testlist.txt ; cat $(SUITE_OUT)/.testlist.txt)) + @echo "" + @echo "Creating testlist..." +ifeq (${INCLUDE_PANIC_TESTS}, 1) + $(eval TEST_LIST := $(shell grep -o "^test....." $(SUITE_IN)/testsuite.db > $(SUITE_OUT)/.testlist.txt ; dos2unix $(SUITE_OUT)/.testlist.txt ; cat $(SUITE_OUT)/.testlist.txt)) +else + $(eval TEST_LIST := $(shell grep -v "^test....., panic_test" $(SUITE_IN)/testsuite.db | grep "^test" > $(SUITE_OUT)/.testlist.txt ; dos2unix $(SUITE_OUT)/.testlist.txt ; cat $(SUITE_OUT)/.testlist.txt)) +endif perl $(SOURCE)/tools/scripts/gen_tests_list.pl $(BUILD) $(SUITE_OUT)/.testlist.txt $(SUITE) @@ -60,9 +75,17 @@ val_nspe.a: @echo "----------val build complete-------------" test_combine.elf: test.elf + @echo "" +ifeq (${TEST_COMBINE_ARCHIVE}, 1) + @echo "----------Combine NS test objects into archive start-------------" + $(AR) $(AR_OPTIONS) $(SUITE_OUT)/test_combine.a $(SUITE_OUT)/test*/test_*_nspe.o + @echo "----------Combine NS test objects into archive complete-------------" +else + @echo "----------Combine NS test elfs into binary start-------------" perl $(SOURCE)/tools/scripts/test_elf_combine.pl $(SUITE_OUT)/.testlist.txt hexdump -v -e ' 1/4 "%08X" "\n"' $(SUITE_OUT)/test_elf_combine.bin > $(SUITE_OUT)/test_elf_combine.hex - $(AR) $(AR_OPTIONS) $(SUITE_OUT)/test_combine.a $(SUITE_OUT)/test*/test_*_nspe.o + @echo "----------Combine NS test elfs into binary complete-------------" +endif test.elf: @echo "" @@ -80,7 +103,7 @@ endif output_list: @echo "" - @echo "Below are the list of output binaries/libraries. Integrate these bins/libs" + @echo "Below are the list of output binaries/libraries. Integrate these" @echo "to your software stack to execute test suite." @echo "" @echo "a) NSPE files:" @@ -103,5 +126,6 @@ endif @echo "" clean: - @echo ">>>> Cleaning the build directory..." + @echo "" + @echo "Cleaning the build directory..." rm -rf $(BUILD)/* diff --git a/api-tests/tools/makefiles/linker/test.linker b/api-tests/tools/makefiles/linker/test.linker index ee746997..69fc4d15 100644 --- a/api-tests/tools/makefiles/linker/test.linker +++ b/api-tests/tools/makefiles/linker/test.linker @@ -21,8 +21,8 @@ TEST_START = 0x2004F000; MEMORY { TEST_INFO (R) : ORIGIN = TEST_START, LENGTH = 0x100 - TEST_TEXT (RX) : ORIGIN = TEST_START +0x100, LENGTH = 0x1800 - TEST_DATA (RW) : ORIGIN = TEST_START +0x1900, LENGTH = 0x1800 + TEST_TEXT (RX) : ORIGIN = TEST_START +0x100, LENGTH = 0x1A00 + TEST_DATA (RW) : ORIGIN = TEST_START +0x1B00, LENGTH = 0x1800 } SECTIONS diff --git a/api-tests/tools/makefiles/linker/test.sct b/api-tests/tools/makefiles/linker/test.sct index ef86c3f2..4d5a7a91 100644 --- a/api-tests/tools/makefiles/linker/test.sct +++ b/api-tests/tools/makefiles/linker/test.sct @@ -16,7 +16,7 @@ #define TEST_CODE_START 0x0 #define TEST_INFO_SIZE 0x100 -#define TEST_TEXT_SIZE 0x1800 +#define TEST_TEXT_SIZE 0x1A00 #define TEST_DATA_SIZE 0x1800 LR_CODE TEST_CODE_START diff --git a/api-tests/tools/makefiles/spbuild.mk b/api-tests/tools/makefiles/spbuild.mk index 21fbc965..1479e744 100644 --- a/api-tests/tools/makefiles/spbuild.mk +++ b/api-tests/tools/makefiles/spbuild.mk @@ -59,7 +59,13 @@ $(BUILD)/partition/%.o : %.s $(AS) -o $@ $< client_partition.a: +ifeq ($(wildcard $(SUITE_OUT)/test_i*/.*),) + $(AR) $(AR_OPTIONS) $(BUILD)/partition/client_partition.a $(BUILD)/partition/client_partition.o $(SUITE_OUT)/test*/test_l*_spe.o +else ifeq ($(wildcard $(SUITE_OUT)/test_l*/.*),) $(AR) $(AR_OPTIONS) $(BUILD)/partition/client_partition.a $(BUILD)/partition/client_partition.o $(SUITE_OUT)/test*/test_i*_spe.o +else + $(AR) $(AR_OPTIONS) $(BUILD)/partition/client_partition.a $(BUILD)/partition/client_partition.o $(SUITE_OUT)/test*/test_i*_spe.o $(SUITE_OUT)/test*/test_l*_spe.o +endif server_partition.a: $(AR) $(AR_OPTIONS) $(BUILD)/partition/server_partition.a $(BUILD)/partition/server_partition.o $(SUITE_OUT)/test*/test_supp_*_spe.o diff --git a/api-tests/tools/makefiles/toolchain.mk b/api-tests/tools/makefiles/toolchain.mk index 2a3c9983..699e6bbb 100644 --- a/api-tests/tools/makefiles/toolchain.mk +++ b/api-tests/tools/makefiles/toolchain.mk @@ -82,27 +82,35 @@ endif COMPILER_OPTIONS += -DVERBOSE=$(VERBOSE) ifeq (${TEST_COMBINE_ARCHIVE}, 1) -COMPILER_OPTIONS += -DTEST_COMBINE_ARCHIVE +COMPILER_OPTIONS += -DTEST_COMBINE_ARCHIVE=1 +endif + +ifeq (${WATCHDOG_AVAILABLE}, 1) +COMPILER_OPTIONS += -DWATCHDOG_AVAILABLE=1 +endif + +ifeq (${SP_HEAP_MEM_SUPP}, 1) +COMPILER_OPTIONS += -DSP_HEAP_MEM_SUPP=1 endif ifeq (${PSA_IPC_IMPLEMENTED}, 1) -COMPILER_OPTIONS += -DPSA_IPC_IMPLEMENTED +COMPILER_OPTIONS += -DPSA_IPC_IMPLEMENTED=1 endif ifeq (${PSA_CRYPTO_IMPLEMENTED}, 1) -COMPILER_OPTIONS += -DPSA_CRYPTO_IMPLEMENTED +COMPILER_OPTIONS += -DPSA_CRYPTO_IMPLEMENTED=1 endif ifeq (${PSA_PROTECTED_STORAGE_IMPLEMENTED}, 1) -COMPILER_OPTIONS += -DPSA_PROTECTED_STORAGE_IMPLEMENTED +COMPILER_OPTIONS += -DPSA_PROTECTED_STORAGE_IMPLEMENTED=1 endif ifeq (${PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED}, 1) -COMPILER_OPTIONS += -DPSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED +COMPILER_OPTIONS += -DPSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED=1 endif ifeq (${PSA_INITIAL_ATTESTATION_IMPLEMENTED}, 1) -COMPILER_OPTIONS += -DPSA_INITIAL_ATTESTATION_IMPLEMENTED +COMPILER_OPTIONS += -DPSA_INITIAL_ATTESTATION_IMPLEMENTED=1 endif CC= $(COMPILER) $(COMPILER_OPTIONS) $(CC_OPTIONS) $(USER_INCLUDE) $(INCLUDE) diff --git a/api-tests/tools/scripts/gen_tests_list.pl b/api-tests/tools/scripts/gen_tests_list.pl index 8b27b50b..f98bb562 100644 --- a/api-tests/tools/scripts/gen_tests_list.pl +++ b/api-tests/tools/scripts/gen_tests_list.pl @@ -33,8 +33,6 @@ sub gen_test_entry_info my $test_entry_list = "$build/val/test_entry_list.inc"; my $test_entry_fn_declare_list = "$build/val/test_entry_fn_declare_list.inc"; - print "\n>>>> Generating tests list by referring testsuite.db \n"; - if ($suite eq "crypto") { $suite_base = 1; @@ -73,7 +71,7 @@ sub gen_test_entry_info close IN; close OUT1; close OUT2; - print "Output files are: + print "Non-secure test entry symbol list: $test_entry_list, $test_entry_fn_declare_list\n"; } @@ -87,8 +85,6 @@ sub gen_secure_tests_list my $server_tests_list_declare = "$build/partition/server_tests_list_declare.inc"; my $server_tests_list = "$build/partition/server_tests_list.inc"; - print "\n>>>> Generating secure tests list files by referring testsuite.db \n"; - open(IN, $tests_list) or die "Unable to open $tests_list $!"; open(OUT1, '>', $client_tests_list_declare) or die "Unable to open: $!"; open(OUT2, '>', $client_tests_list) or die "Unable to open: $!"; @@ -123,7 +119,7 @@ sub gen_secure_tests_list close OUT3; close OUT4; - print "Output files are: + print "Secure test entry symbol list: $client_tests_list_declare, $client_tests_list, $server_tests_list_declare, diff --git a/api-tests/tools/scripts/process_test_linker_file.pl b/api-tests/tools/scripts/process_test_linker_file.pl index 3a31b3b5..4b0bb276 100755 --- a/api-tests/tools/scripts/process_test_linker_file.pl +++ b/api-tests/tools/scripts/process_test_linker_file.pl @@ -16,8 +16,6 @@ # * limitations under the License. #**/ -print "\n>>>> Updating linker file... \n"; - #inputs $source=$ARGV[0]; $suite_out=$ARGV[1]; diff --git a/api-tests/tools/scripts/setup.sh b/api-tests/tools/scripts/setup.sh index 46058a75..7d6b36cf 100755 --- a/api-tests/tools/scripts/setup.sh +++ b/api-tests/tools/scripts/setup.sh @@ -21,16 +21,21 @@ echo "" declare -a INCLUDE_PATHS export SUITE=" " export TEST_COMBINE_ARCHIVE=0 +export INCLUDE_PANIC_TESTS=0 +export WATCHDOG_AVAILABLE=0 +export SP_HEAP_MEM_SUPP=0 export CLIENT_FILE_FOUND=0 export SERVICE_FILE_FOUND=0 +export MANIFEST_OUT_FILE_FOUND=0 export CRYPTO_FILE_FOUND=0 export PROTECTED_STORAGE_FILE_FOUND=0 export INTERNAL_TRUSTED_STORAGE_FILE_FOUND=0 export INITIAL_ATTESTATION_FILE_FOUND=0 +export LIFECYCLE_FILE_FOUND=0 IPC_HEADER_FILE_REQ="If PSA IPC implemented in your platform, include path must point to path -where \"psa/client.h\", \"psa/service.h\" and test partition manifest output files -(\"psa_manifest/sid.h\" and \"psa_manifest/.h\") are located. +where \"psa/client.h\", \"psa/service.h\", \"psa/lifecycle.h\" and test partition manifest output files +(\"psa_manifest/sid.h\", \"psa_manifest/pid.h\" and \"psa_manifest/.h\") are located. " CRYPTO_HEADER_FILE_REQ="If PSA CRYPTO APIs are implemented into your platform then you must provide \"psa/crypto.h\" file to setup.sh script using --include option to compile tests and framework. @@ -42,7 +47,7 @@ ITS_HEADER_FILE_REQ="If PSA INTERNAL_TRUSTED_STORAGE APIs are implemented into y \"psa/internal_trusted_storage.h\" file to setup.sh script using --include option to compile tests and framework. " ATTESTATION_HEADER_FILE_REQ="If PSA INITIAL_ATTESTATION APIs are implemented into your platform then you must provide -\"psa/initial_attestation.h\" file to setup.sh script using --include option to compile tests and framework. +\"psa/initial_attestation.h\" and \"psa/crypto.h\" file to setup.sh script using --include option to compile tests and framework. " HELP=" @@ -50,6 +55,7 @@ HELP=" Usage: setup.sh [--source SOURCE_DIR] [--build BUILD_DIR] [--target TARGET] [--suite SUITE] [--toolchain TOOLCHAIN] [--cpu_arch CPU_ARCH] [--verbose PRINT_LEVEL] [--include INCLUDE_PATH] [--help|-h] +Toplevel script to build tests and framework sources for given test suite. Arguments Info: --source : SOURCE_DIR pointing to architecture test suite directory structure. @@ -59,7 +65,8 @@ Arguments Info: target.cfg file corresponding to input string must be avaiable at platform/targets// --suite : Compile tests for given suite. Support values are: - ipc, crypto, internal_trusted_storage, protected_storage and initial_attestation. + ipc, crypto, internal_trusted_storage, protected_storage, + and initial_attestation. --toolchain : Build using the given TOOLCHAIN. Supported values are GNUARM (GNU Arm Embedded) and ARMCLANG (ARM Compiler 6.x). --cpu_arch : Provide cpu arch string as argument. @@ -68,9 +75,13 @@ Arguments Info: Supported print levels are: 1 - INFO & above. 2 - DEBUG & above. - 3 - TEST & above. - 4 - WARN & ERROR.(Default) + 3 - TEST & above.(Default) + 4 - WARN & ERROR. 5 - ERROR. + --archive_tests : Create combine test archive(.a) file by combining available test objects files. + Absence of this option would create combine test binary(.bin) by combining available test elfs + --include_panic_tests : Consider panic tests (mentioned in testsuite.db of respective suite) along with functional tests + for building the final executables. Absence of this option would consider only non-panic (ie, functional) tests --include : Additional directory to be included into compiler search path. Provide --include where path pointing to location of PSA defined header files. You can specify multiple source locations using --include option. @@ -118,6 +129,9 @@ while [ $# -gt 0 ]; do --archive_tests ) export TEST_COMBINE_ARCHIVE=1 ;; + --include_panic_tests ) + export INCLUDE_PANIC_TESTS=1 + ;; --include ) shift export INCLUDE="$INCLUDE -I $1/" INCLUDE_PATHS=("${INCLUDE_PATHS[@]}" $1) @@ -134,7 +148,7 @@ while [ $# -gt 0 ]; do shift done -echo ">>>> Processing inputs..." +echo "----------Process input arguments- start-------------" if [ -z "$SOURCE" ] then export SOURCE=./ @@ -179,6 +193,8 @@ PSA_CRYPTO_IMPLEMENTED=`grep -c "^ *PSA_CRYPTO_IMPLEMENTED\s*:=\s*1" $PLATFORM_M PSA_PROTECTED_STORAGE_IMPLEMENTED=`grep -c "^ *PSA_PROTECTED_STORAGE_IMPLEMENTED\s*:=\s*1" $PLATFORM_MAKEFILE` PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED=`grep -c "^ *PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED\s*:=\s*1" $PLATFORM_MAKEFILE` PSA_INITIAL_ATTESTATION_IMPLEMENTED=`grep -c "^ *PSA_INITIAL_ATTESTATION_IMPLEMENTED\s*:=\s*1" $PLATFORM_MAKEFILE` +WATCHDOG_AVAILABLE=`grep -c "^ *watchdog.num\s*=\s*1\s*;" $SOURCE/platform/targets/$TARGET/target.cfg` +SP_HEAP_MEM_SUPP=`grep -c "^ *dut.0.sp_heap_mem_supp\s*=\s*AVAILABLE\s*;" $SOURCE/platform/targets/$TARGET/target.cfg` # Check PSA_IPC_IMPLEMENTED validity if [ $SUITE == "ipc" ] && [ $PSA_IPC_IMPLEMENTED == "0" ] @@ -238,6 +254,14 @@ then then export SERVICE_FILE_FOUND=1 fi + if [ -f "$path/psa_manifest/sid.h" ] && [ -f "$path/psa_manifest/pid.h" ] + then + export MANIFEST_OUT_FILE_FOUND=1 + fi + if [ -f "$path/psa/lifecycle.h" ] + then + export LIFECYCLE_FILE_FOUND=1 + fi done if [ $CLIENT_FILE_FOUND == "0" ] then @@ -251,6 +275,18 @@ then echo "$IPC_HEADER_FILE_REQ" exit 1 fi + if [ $MANIFEST_OUT_FILE_FOUND == "0" ] + then + echo "Couldn't find psa_manifest/sid.h or psa_manifest/pid.h file in paths: ${INCLUDE_PATHS[@]}" + echo "$IPC_HEADER_FILE_REQ" + exit 1 + fi + if [ $LIFECYCLE_FILE_FOUND == "0" ] + then + echo "Couldn't find psa/lifecycle.h file in paths: ${INCLUDE_PATHS[@]}" + echo "$IPC_HEADER_FILE_REQ" + exit 1 + fi fi fi @@ -344,7 +380,12 @@ then then export INITIAL_ATTESTATION_FILE_FOUND=1 fi + if [ -f "$path/psa/crypto.h" ] + then + export CRYPTO_FILE_FOUND=1 + fi done + if [ $INITIAL_ATTESTATION_FILE_FOUND == "0" ] then echo "Couldn't find psa/initial_attestation.h file in paths: ${INCLUDE_PATHS[@]}" @@ -352,10 +393,16 @@ then exit 1 elif [ $INITIAL_ATTESTATION_FILE_FOUND == "1" ] then + if [ $CRYPTO_FILE_FOUND == "0" ] + then + echo "Couldn't find psa/crypto.h file in paths: ${INCLUDE_PATHS[@]}" + echo "$CRYPTO_HEADER_FILE_REQ" + exit 1 + fi if [ ! -d "$SOURCE/platform/targets/$TARGET/nspe/initial_attestation/ext" ] then git clone https://github.com/laurencelundblade/QCBOR.git $SOURCE/platform/targets/$TARGET/nspe/initial_attestation/ext - cd $SOURCE/platform/targets/$TARGET/nspe/initial_attestation/ext; git checkout 01168ef3f20e81d5db1ebd0cfa9a70055ee5b155 ; cd - + cd $SOURCE/platform/targets/$TARGET/nspe/initial_attestation/ext; git checkout da53227db1488dde0952bdff66c3d904dce270b3 ; cd - else echo "QCBOR library already cloned" fi @@ -363,7 +410,6 @@ then fi fi - if [ -z "$TOOLCHAIN" ] then export TOOLCHAIN=GNUARM @@ -411,9 +457,23 @@ then exit 1 fi else - export VERBOSE=4 + export VERBOSE=3 fi +if [ $INCLUDE_PANIC_TESTS == "1" ] && [ $WATCHDOG_AVAILABLE == "0" ] +then + echo " +Warning: You have set watchdog.num to 0 in $SOURCE/platform/targets/$TARGET/target.cfg +Note - To test PSA APIs panic conditions, test harness may require to access watchdog timer +to recover from panic and to be able to continue with next test. +Ignore this warning if system under test has capability to reset the system +when it encounters panic condition. +" +fi + +echo "----------Process input arguments- complete-------------" +echo "" + MAKE_OPTIONS=" SOURCE=$SOURCE " MAKE_OPTIONS+=" BUILD=$BUILD " MAKE_OPTIONS+=" TARGET=$TARGET " @@ -422,6 +482,9 @@ MAKE_OPTIONS+=" TOOLCHAIN=$TOOLCHAIN " MAKE_OPTIONS+=" CPU_ARCH=$CPU_ARCH " MAKE_OPTIONS+=" VERBOSE=$VERBOSE " MAKE_OPTIONS+=" TEST_COMBINE_ARCHIVE=$TEST_COMBINE_ARCHIVE " +MAKE_OPTIONS+=" INCLUDE_PANIC_TESTS=$INCLUDE_PANIC_TESTS " +MAKE_OPTIONS+=" WATCHDOG_AVAILABLE=$WATCHDOG_AVAILABLE " +MAKE_OPTIONS+=" SP_HEAP_MEM_SUPP=$SP_HEAP_MEM_SUPP " MAKE_OPTIONS+=" PSA_IPC_IMPLEMENTED=$PSA_IPC_IMPLEMENTED " MAKE_OPTIONS+=" PSA_CRYPTO_IMPLEMENTED=$PSA_CRYPTO_IMPLEMENTED " MAKE_OPTIONS+=" PSA_PROTECTED_STORAGE_IMPLEMENTED=$PSA_PROTECTED_STORAGE_IMPLEMENTED " diff --git a/api-tests/tools/scripts/targetConfigGen.pl b/api-tests/tools/scripts/targetConfigGen.pl deleted file mode 100755 index 602de991..00000000 --- a/api-tests/tools/scripts/targetConfigGen.pl +++ /dev/null @@ -1,238 +0,0 @@ -#!/usr/bin/env perl -#/** @file -# * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. -# * SPDX-License-Identifier : Apache-2.0 -# * -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -#**/ -#--------------------------------------------------------------------- -# USAGE: -# 1) perl -# 2) gcc -o -# 3) ./ -# 4) Resulting output file is target.hex -#--------------------------------------------------------------------- -# THIS SCRIPT : -# 1) Reads the targetConfig.cfg file written in pre-defined format. -# 2) * Generates a C file based on targetConfig, complete with all -# variable declarations and C syntax formatting. -# * It will #include val_target.h header file which contains -# template info about each device described in targetConfig. -# * This header file is also used by test code to unpack the -# resulting hex file. -# 3) The autogenerated C file will then be compiled and the resulting -# executable run to generate target.hex file: which is the packed -# output of the targetConfig.cfg parameters. -#--------------------------------------------------------------------- -# NOTE: Only C-style single line commenting is permitted inside targetConfig.cfg -#--------------------------------------------------------------------- - -print "\n>>>> Generating targetConfig data base... \n"; -$source=$ARGV[0]; -$build=$ARGV[1]; -$target=$ARGV[2]; -$targetConfigPath = "$source/platform/targets/$target/target.cfg"; -$final_output = "$build/platform/$target/target_database"; -$output_c = "$build/platform/$target/targetConfigGen.c"; -$input_h = "$source/val/common/val_target.h"; - -$final_output_file = undef; -if($final_output =~ /([0-9a-zA-Z_]+)$/) { - $final_output_file = $1; -} - -@unique_devices = undef; - -sub uniq { - my %seen; - grep !$seen{$_}++, @_; -} - -open(IN, $targetConfigPath) or die "Unable to open $targetConfigPath $!"; -open(OUT, '>', $output_c) or die "Unable to open: $!"; - -#--------------------------------------------------------------------- -# Open header file and go through enum definition to find group of -# each component; rather than making partner do it. Store in a hash. -#--------------------------------------------------------------------- -open(IN0, $input_h) or die "Unable to open: $!"; -my %comp_groups; -while() { - if($_ =~ /COMPONENT_GROUPING/) { - while($nextline !~ /\}/) { - $nextline = ; - #print "$nextline"; - if($nextline =~ /(\S+)(\s*)\=(\s*)GROUP_([0-9a-zA-Z_]+)(,*)/) { - $comp_groups{$1} = $4; - } - } - } -} -close IN0; -#print keys %comp_groups, "\n"; -#print values %comp_groups, "\n"; -#--------------------------------------------------------------------- - -print OUT '#include "val_target.h"',"\n"; -print OUT '#include ',"\n\n"; - -print OUT "int main\(void\) \{\n"; - -while() { - if($_ !~ /^\//) {# exclude commented lines - - if($_ =~ /(\S+)\.num(\s*)\=(\s*)(\d+)(\s*)\;/) { - print OUT lc($comp_groups{uc($1)}),"_desc_t $1\[$4\];\n"; - print OUT "int $1","_num_instances \= $4\;\n"; - - # For each instance of this device - for ($count = 0; $count < $4; $count++) { - print OUT "$1\[$count\]\.cfg_type\.cfg_id \= \(GROUP_",$comp_groups{uc($1)}," << 24\) \+ \(",$comp_groups{uc($1)},"_",uc($1)," << 16\) \+ $count\;\n"; - print OUT "$1\[$count\]\.cfg_type\.size \= sizeof\($1\)\/$1","_num_instances\;\n"; - print OUT "$1\[$count\]\.cfg_type\.size \|\= $1","_num_instances << 24\;\n"; - } - - push(@unique_devices, $1); - push(@unique_groups, $comp_groups{uc($1)}); - } - #elsif($_ =~ /(\S+)\.(\d+)\.(\S+)(\s*)\=(\s*)(\S+)(\s*)\;/) { - elsif($_ =~ /(\S+)\.(\d+)\.(\S+)(\s*)\=(\s*)(.+)\;/) { - print OUT "$1\[$2\]\.$3 \= $6\;\n"; - } - else { - print OUT $_; - } - - } -} - -# Remove empty elements from array -@unique_devices = grep { $_ ne '' } @unique_devices; -# Remove duplicate groups -@unique_groups = uniq @unique_groups; -@unique_groups = grep { $_ ne '' } @unique_groups; - -#print "@unique_devices\n"; -#print "@unique_groups\n\n"; - -foreach $thisgroup (@unique_groups) { - print "\nGROUP $thisgroup \n"; - print OUT lc($thisgroup),"_hdr_t group_",lc($thisgroup),"\;\n"; - print OUT "int group_",lc($thisgroup),"_size \= sizeof(group_",lc($thisgroup),"\)\;\n"; - print OUT "int group_",lc($thisgroup),"_count \= 0\;\n"; - - print OUT "group_",lc($thisgroup),"\.cfg_type\.cfg_id \= \(GROUP_",$thisgroup," << 24\)\;\n"; - - foreach $thisdevice (@unique_devices) { - if($comp_groups{uc($thisdevice)} eq $thisgroup) { - print "DEVICE $thisdevice \n"; - print OUT "group_",lc($thisgroup),"_size \= group_",lc($thisgroup),"_size \+ sizeof\($thisdevice\)\;\n"; - print OUT "group_",lc($thisgroup),"_count \= group_",lc($thisgroup),"_count \+ $thisdevice","_num_instances\;\n"; - - } - } - print OUT "group_",lc($thisgroup),"\.cfg_type\.size \= group_",lc($thisgroup),"_size\;\n"; - print OUT "group_",lc($thisgroup),"\.num \= group_",lc($thisgroup),"_count\;\n"; - - print OUT "\n"; -} - -print OUT "\n"; -print OUT "uint32_t\* word_ptr\;\n"; -print OUT "int byte_no \= 0\;\n"; -#print OUT "int instance_no \= 0\;\n"; -#print OUT "int instance_size \= 0\;\n"; -#print OUT "device_type_t device_id\;\n"; -print OUT "FILE \* fp\;\n"; -print OUT "fp \= fopen\(\"",$final_output,"\.h\"\, \"w\"\)\;\n\n"; - -# Printing out main header inside hex file -#print OUT "fprintf\(fp\, \"#include \\\"pal_fvp_config\.h\\\"\\n\\n\"\)\;\n"; -print OUT "fprintf\(fp\, \"#ifndef ",uc($final_output_file),"\\n\"\)\;\n"; -print OUT "fprintf\(fp\, \"#define ",uc($final_output_file),"\\n\\n\"\)\;\n"; -#print OUT "fprintf\(fp\, \"__attribute__\(\(section\(\\\"\.target_config_ns_data\\\"\)\)\)\\n\"\)\;\n"; -print OUT "fprintf\(fp\, \"const uint32_t\\n\"\)\;\n"; -print OUT "fprintf\(fp\, \"static target_database[] \= \{\\n\"\)\;\n"; - -# print OUT "fprintf\(fp\, \"0x\%08x\,\\n\"\, \"_CFG\"\)\;\n"; -# print OUT "fprintf\(fp\, \"0x\%08x\,\\n\"\, \" FVP\"\)\;\n"; -# print OUT "fprintf\(fp\, \"0x\%08x\,\\n\"\, \"_CFG\"\)\;\n"; -# TBSA_CFG header -print OUT "fprintf\(fp\, \"0x\%x\"\, \'T\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'B\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'S\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\,\\n\"\, \'A\'\)\;\n"; -print OUT "fprintf\(fp\, \"0x\%x\"\, \'_\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'C\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'F\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\,\\n\"\, \'G\'\)\;\n"; -# FVP_CFG header -print OUT "fprintf\(fp\, \"0x\%x\"\, \' \'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'F\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'V\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\,\\n\"\, \'P\'\)\;\n"; -print OUT "fprintf\(fp\, \"0x\%x\"\, \'_\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'C\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\"\, \'F\'\)\;\n"; -print OUT "fprintf\(fp\, \"\%x\,\\n\"\, \'G\'\)\;\n"; - -print OUT "uint32_t version \= 1\;\n"; -print OUT "fprintf\(fp\, \"0x\%08x\,\\n\"\, version\)\;\n"; -#print OUT "fwrite\(\&version\, 4\, 1\, fp\)\;\n"; -print OUT "uint32_t total_size \= 0\;\n"; - -foreach $thisgroup (@unique_groups) { - print OUT "total_size \= total_size \+ group_",lc($thisgroup),"_size\;\n"; -} -# foreach $thisdevice (@unique_devices) { -# print OUT "total_size \= total_size \+ sizeof\($thisdevice\) \+ \(8\* $thisdevice","_num_instances\)\;\n"; -# } -# Add main header size -print OUT "total_size \= total_size \+8 \+8 \+4 \+4 \+4\;\n"; -#print OUT "fwrite\(\&total_size\, 4\, 1\, fp\)\;\n\n"; -print OUT "fprintf\(fp\, \"0x\%08x\,\\n\"\, total_size\)\;\n"; - - -foreach $thisgroup (@unique_groups) { - print OUT "word_ptr \= \(uint32_t \*\)\&group_",lc($thisgroup),"\;\n"; - print OUT "for\(byte_no\=0\; byte_no\<\sizeof\(group_",lc($thisgroup),"\)\; byte_no\=byte_no\+4\)\{\n"; - #print OUT "fwrite\(word_ptr\, 4\, 1\, fp\)\;\n"; - #print OUT "printf\(\"\%08x\,\\n\"\, \*word_ptr\)\;\n"; - print OUT "fprintf\(fp\, \"0x\%08x\,\\n\"\, \*word_ptr\)\;\n"; - print OUT "word_ptr\+\+\;\n"; - print OUT "\}\n"; - - foreach $thisdevice (@unique_devices) { - if($comp_groups{uc($thisdevice)} eq $thisgroup) { - print OUT "\tword_ptr \= \(uint32_t \*\)\&","$thisdevice","\[0\]\;\n"; - print OUT "\tfor\(byte_no\=0\; byte_no\<\sizeof\($thisdevice\)\; byte_no\=byte_no\+4\)\{\n"; - #print OUT "\tfwrite\(word_ptr\, 4\, 1\, fp\)\;\n"; - #print OUT "\tprintf\(\"\%08x\,\\n\"\, \*word_ptr\)\;\n"; - print OUT "\tfprintf\(fp\, \"0x\%08x\,\\n\"\, \*word_ptr\)\;\n"; - print OUT "\tword_ptr\+\+\;\n"; - print OUT "\t\}\n"; - } - } -} -print OUT "fprintf\(fp\, \"0x\%08x\\n\"\, 0xffffffff\)\;\n"; -print OUT "fprintf\(fp\, \"\}\;\\n\\n\"\)\;\n"; -print OUT "fprintf\(fp\, \"#endif \\n\"\)\;\n"; - - -print OUT "\nreturn 0;\}\/\/int main"; - -#generate target_database.h file -print "gcc -D__addr_t_defined -DTARGET_CFG_BUILD $output_c -o $build/platform/$target/targetConfigGen -I$source/val/nspe -I$source/val/common -I$source/platform/targets/$target/nspe/common\n"; -system("gcc -D__addr_t_defined -DTARGET_CFG_BUILD $output_c -o $build/platform/$target/targetConfigGen -I$source/val/nspe -I$source/val/common -I$source/platform/targets/$target/nspe/common") && die ("Failed to compile targetConfigGen.c \n"); -print "./$build/platform/$target/targetConfigGen\n"; -system("./$build/platform/$target/targetConfigGen ") && die ("Failed to generate targetConfig data base \n"); diff --git a/api-tests/tools/scripts/targetConfigGen.py b/api-tests/tools/scripts/targetConfigGen.py new file mode 100644 index 00000000..6442f74d --- /dev/null +++ b/api-tests/tools/scripts/targetConfigGen.py @@ -0,0 +1,183 @@ +#!/usr/bin/python +#/** @file +# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved. +# * SPDX-License-Identifier : Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +#**/ + +import sys + +if (len(sys.argv) != 8): + print("\nPlease provide following inputs") + print("\narg1 : target name") + print("\narg2 : val_target.h") + print("\narg3 : tbsa_tgt.cfg") + print("\narg4 : intermediate source file") + print("\narg5 : output database file\n") + print("\narg6 : name for table\n") + print("\narg7 : section name for database table\n") + sys.exit(1) + +target = sys.argv[1] +in_val_tgt = sys.argv[2] +in_tbsa_tgt = sys.argv[3] +out_source = sys.argv[4] +out_database = sys.argv[5] +table_name = sys.argv[6] +section_name = sys.argv[7] + +minor_major_map = {} +unique_major_groups = [] +unique_minor_components = [] + +def get_minor_major_map(): + """ This method populates the dictionary which maps between every available minor component to their major group """ + try: + with open(in_val_tgt, mode="r") as f: + for line in f: + if "GROUP_" in line: + temp_list = line.split() + if "=" in temp_list[1] and "GROUP_" in temp_list[2]: + minor_major_map.update({temp_list[0]:temp_list[2][6:temp_list[2].find(',')]}) + if minor_major_map[temp_list[0]] not in unique_major_groups: + unique_major_groups.append(minor_major_map[temp_list[0]]) + except: + print("Cannot open %s" %in_val_tgt) + +def generate_source(): + """" This method generates the source file which gets compiled on host machine. + The compiled output then generates the database file for a given target """ + try: + with open(out_source, mode="a") as o_f: + o_f.write("#include \n") + o_f.write("#include \"val_target.h\"\n\n") + o_f.write("int main (void)\n") + o_f.write("{\n") + try: + with open(in_tbsa_tgt, mode="r") as i_f: + num = '' + for line in i_f: + if "/" in line[0:1]: + """ Ignoring the commented lines """ + pass + elif (".num" in line) and (line[line.find('.')+1:line.find('.')+4] == "num"): + """ Pick the lines which tells the total instances of a component """ + minor_comp = line[:line.find('.')] + num = "".join(line[line.find('=')+1:line.find(';')].replace(" ","")) + if (int(num)) != 0: + o_f.write("\t%s_desc_t %s[%s] = {0};\n" %(minor_major_map[minor_comp.upper()].lower(), minor_comp, num)) + o_f.write("\tint %s_num_instances = %s;\n" %(minor_comp, num)) + num = int(num) + for instance in range(num): + o_f.write("\t%s[%d].cfg_type.cfg_id = ((GROUP_%s << 24) + (%s_%s << 16) + %d);\n" \ + %(minor_comp, instance, minor_major_map[minor_comp.upper()],\ + minor_major_map[minor_comp.upper()], minor_comp.upper(), instance)) + o_f.write("\t%s[%d].cfg_type.size = sizeof(%s)/%s_num_instances;\n" %(minor_comp, instance, minor_comp, minor_comp)) + o_f.write("\t%s[%d].cfg_type.size |= (%s_num_instances << 24);\n" %(minor_comp, instance, minor_comp)) + unique_minor_components.append(minor_comp.upper()) + elif ("=" in line) and (";" in line) and (int(num) != 0): + """ Pick the lines which tells the component details """ + period_1 = line.find('.') + period_2 = period_1 + line[period_1+1:].find('.') + 1 + o_f.write("\t%s[%s].%s;\n" %(line[:period_1], line[period_1+1:period_2], line[period_2+1:line.find(';')])) + else: + o_f.write("\n") + o_f.write("\n") + except: + print("Cannot open input file %s" %in_tbsa_tgt) + + """ Populate major structure details """ + for group in unique_major_groups: + o_f.write("\t%s_hdr_t group_%s = {0};\n" %(group.lower(), group.lower())) + o_f.write("\tgroup_%s.cfg_type.cfg_id = (GROUP_%s << 24);\n" %(group.lower(), group)) + o_f.write("\tgroup_%s.cfg_type.size += sizeof(group_%s);\n" %(group.lower(), group.lower())) + for minor in unique_minor_components: + if group == minor_major_map[minor]: + o_f.write("\tgroup_%s.cfg_type.size += sizeof(%s);\n" %(group.lower(), minor.lower())) + o_f.write("\tgroup_%s.num += %s_num_instances;\n" %(group.lower(), minor.lower())) + o_f.write("\n") + + """ Start pushing fprintf into the source resposible for generating the database table """ + o_f.write("\tuint32_t *word_ptr;\n") + o_f.write("\tint byte_no = 0;\n") + o_f.write("\tFILE *fp;\n\n") + o_f.write("\tfp = fopen(\"%s\", \"w\");\n\n" %(out_database)) + temp_out_file = out_database + while '/' in temp_out_file: + temp_out_file = "".join(temp_out_file[temp_out_file.find('/')+1:]) + o_f.write("\tfprintf(fp, \"#ifndef _%s_H_\\n\");\n" %(temp_out_file[:temp_out_file.find('.')].upper())) + o_f.write("\tfprintf(fp, \"#define _%s_H_\\n\");\n\n" %(temp_out_file[:temp_out_file.find('.')].upper())) + if section_name: + o_f.write("\tfprintf(fp, \"__attribute__((section(\\\"%s\\\")))\\n\");\n" %(section_name)) + o_f.write("\tfprintf(fp, \"const uint32_t static %s[] = {\\n\");\n" %(table_name)) + o_f.write("\tfprintf(fp, \"0x%x\", \'T\');\n") + o_f.write("\tfprintf(fp, \"%x\", \'B\');\n") + o_f.write("\tfprintf(fp, \"%x\", \'S\');\n") + o_f.write("\tfprintf(fp, \"%x,\\n\", \'A\');\n") + o_f.write("\tfprintf(fp, \"0x%x\", \'_\');\n") + o_f.write("\tfprintf(fp, \"%x\", \'C\');\n") + o_f.write("\tfprintf(fp, \"%x\", \'F\');\n") + o_f.write("\tfprintf(fp, \"%x,\\n\", \'G\');\n") + required_target_name_len = 4 + new_target = target + if (len(target) < required_target_name_len): + while(required_target_name_len - len(target)): + new_target += " " + required_target_name_len -= 1 + o_f.write("\tfprintf(fp, \"0x%x\", ") + o_f.write("\'%c\');\n" %(new_target[0:1])) + o_f.write("\tfprintf(fp, \"%x\", ") + o_f.write("\'%c\');\n" %(new_target[1:2])) + o_f.write("\tfprintf(fp, \"%x\", ") + o_f.write("\'%c\');\n" %(new_target[2:3])) + o_f.write("\tfprintf(fp, \"%x,\\n\", ") + o_f.write("\'%c\');\n" %(new_target[3:4])) + o_f.write("\tfprintf(fp, \"0x%x\", \'_\');\n") + o_f.write("\tfprintf(fp, \"%x\", \'C\');\n") + o_f.write("\tfprintf(fp, \"%x\", \'F\');\n") + o_f.write("\tfprintf(fp, \"%x,\\n\", \'G\');\n") + o_f.write("\tuint32_t version = 1;\n") + o_f.write("\tfprintf(fp, \"0x%08x,\\n\", version);\n") + o_f.write("\tuint32_t total_size = 0;\n") + for group in unique_major_groups: + o_f.write("\ttotal_size += group_%s.cfg_type.size;\n" %(group.lower())) + o_f.write("\ttotal_size += (8 + 8 + 4 + 4);\n") + o_f.write("\tfprintf(fp, \"0x%08x,\\n\", total_size);\n") + + """ Start writing component values to database file """ + for group in unique_major_groups: + o_f.write("\t/* Writing major group details to the file */\n") + o_f.write("\tword_ptr = (uint32_t *)&group_%s;\n" %(group.lower())) + o_f.write("\tfor(byte_no=0; byte_no>>> Combining test ELFs... \n"; - #Inputs $test_list_file = $ARGV[0]; diff --git a/api-tests/val/common/val.h b/api-tests/val/common/val.h index b3dbcd55..2af2858e 100644 --- a/api-tests/val/common/val.h +++ b/api-tests/val/common/val.h @@ -178,12 +178,18 @@ typedef enum { } test_isolation_level_t; typedef enum { - BOOT_UNKNOWN = 0x1, - BOOT_NOT_EXPECTED = 0x2, - BOOT_EXPECTED_NS = 0x3, - BOOT_EXPECTED_S = 0x4, - BOOT_EXPECTED_BUT_FAILED = 0x5, - BOOT_EXPECTED_CRYPTO = 0x6, + /* VAL uses this boot flag to mark first time boot of the system */ + BOOT_UNKNOWN = 0x1, + /* VAL/Test uses this boot flag to catch any unwanted system reboot - SIM ERROR Cases*/ + BOOT_NOT_EXPECTED = 0x2, + /* Test performs panic check for non-secure test run and expect reboot */ + BOOT_EXPECTED_NS = 0x3, + /* Test performs panic check for secure test run and expect reboot */ + BOOT_EXPECTED_S = 0x4, + /* Test expected reboot but it didn't happen */ + BOOT_EXPECTED_BUT_FAILED = 0x5, + /* Test expect reboot for secure/non-secure test run. If reboot happens, re-enter same test */ + BOOT_EXPECTED_REENTER_TEST = 0x6, } boot_state_t; typedef enum { @@ -224,6 +230,7 @@ typedef enum { VAL_STATUS_INIT_ALREADY_DONE = 0x29, VAL_STATUS_HEAP_NOT_AVAILABLE = 0x2A, VAL_STATUS_UNSUPPORTED = 0x2B, + VAL_STATUS_DRIVER_FN_FAILED = 0x2C, VAL_STATUS_ERROR_MAX = INT_MAX, } val_status_t; @@ -237,13 +244,21 @@ typedef enum { PRINT_ALWAYS = 9 } print_verbosity_t; -/* Interrupt test function id enums */ +/* Driver test function id enums */ typedef enum { TEST_PSA_EOI_WITH_NON_INTR_SIGNAL = 1, TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS = 2, TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL = 3, TEST_INTR_SERVICE = 4, -} test_intr_fn_id_t; + TEST_ISOLATION_PSA_ROT_DATA_RD = 5, + TEST_ISOLATION_PSA_ROT_DATA_WR = 6, + TEST_ISOLATION_PSA_ROT_STACK_RD = 7, + TEST_ISOLATION_PSA_ROT_STACK_WR = 8, + TEST_ISOLATION_PSA_ROT_HEAP_RD = 9, + TEST_ISOLATION_PSA_ROT_HEAP_WR = 10, + TEST_ISOLATION_PSA_ROT_MMIO_RD = 11, + TEST_ISOLATION_PSA_ROT_MMIO_WR = 12, +} driver_test_fn_id_t; /* typedef's */ typedef struct { diff --git a/api-tests/val/common/val_target.c b/api-tests/val/common/val_target.c index ae3c2f4f..3564c7d9 100644 --- a/api-tests/val/common/val_target.c +++ b/api-tests/val/common/val_target.c @@ -18,7 +18,8 @@ #include "val_target.h" #include "target_database.h" -#ifdef USE_RAW_PRINT_FOR_DRIVER_PARTITION +/* Use raw print for driver partition */ +#ifdef DRIVER_PARTITION_INCLUDE #define val_print(x, y, z) \ do { \ if (x >= VERBOSE) \ @@ -26,7 +27,7 @@ } while(0) #else __UNUSED STATIC_DECLARE val_status_t val_print - (print_verbosity_t verbosity, char *string, uint32_t data); + (print_verbosity_t verbosity, char *string, int32_t data); #endif /** @@ -52,7 +53,7 @@ STATIC_DECLARE val_status_t val_target_cfg_get_next(void **blob) /* Sanity check signature and version here */ if ((hdr->version != 1) || (hdr->size == 0)) { - val_print(PRINT_ERROR, "Target config database Error. \n", 0); + val_print(PRINT_ERROR, "\tTarget config database Error. \n", 0); return VAL_STATUS_ERROR; } hdr++; @@ -82,7 +83,7 @@ STATIC_DECLARE val_status_t val_target_get_cfg_blob(cfg_id_t cfg_id, uint8_t **d val_status_t status; void *config_blob = NULL; - val_print(PRINT_INFO, "Input id is %x \n", cfg_id); + val_print(PRINT_INFO, "\tInput id is %x \n", cfg_id); do { @@ -138,7 +139,7 @@ STATIC_DECLARE val_status_t val_target_get_config(cfg_id_t cfg_id, uint8_t **dat if ((cfg_id < TARGET_MIN_CFG_ID) || (cfg_id > TARGET_MAX_CFG_ID)) { - val_print(PRINT_ERROR, "Invalid Target data config ID = %x \n", cfg_id); + val_print(PRINT_ERROR, "\tInvalid Target data config ID = %x \n", cfg_id); return VAL_STATUS_INSUFFICIENT_SIZE; } @@ -146,8 +147,8 @@ STATIC_DECLARE val_status_t val_target_get_config(cfg_id_t cfg_id, uint8_t **dat if (VAL_ERROR(status)) { - val_print(PRINT_ERROR, "\n Get Config failed with status = %x", status); - val_print(PRINT_ERROR, " for cfg_id = %x", cfg_id); + val_print(PRINT_ERROR, "\tGet Config failed with status = %x", status); + val_print(PRINT_ERROR, " for cfg_id = %x\n", cfg_id); return status; } return VAL_STATUS_SUCCESS; diff --git a/api-tests/val/common/val_target.h b/api-tests/val/common/val_target.h index c32f0a57..c8b14661 100644 --- a/api-tests/val/common/val_target.h +++ b/api-tests/val/common/val_target.h @@ -64,7 +64,7 @@ typedef enum _SOC_PERIPHERAL_CONFIG_ID_ { typedef enum _MEMORY_CONFIG_ID_ { MEMORY_NVMEM = 0x2, MEMORY_NSPE_MMIO = 0x3, - MEMORY_CLIENT_PARTITION_MMIO = 0x4, + MEMORY_SERVER_PARTITION_MMIO = 0x4, MEMORY_DRIVER_PARTITION_MMIO = 0x5, } memory_cfg_id_t; @@ -82,7 +82,7 @@ typedef enum _COMPONENT_GROUPING_{ WATCHDOG = GROUP_SOC_PERIPHERAL, NVMEM = GROUP_MEMORY, NSPE_MMIO = GROUP_MEMORY, - CLIENT_PARTITION_MMIO = GROUP_MEMORY, + SERVER_PARTITION_MMIO = GROUP_MEMORY, DRIVER_PARTITION_MMIO = GROUP_MEMORY, BOOT = GROUP_MISCELLANEOUS, DUT = GROUP_MISCELLANEOUS, @@ -195,11 +195,15 @@ typedef struct _MISCELLANEOUS_INFO_DESC_ { addr_t ns_start_addr_of_combine_test_binary; is_available_t combine_test_binary_in_ram; addr_t ns_test_addr; + is_available_t sp_heap_mem_supp; } miscellaneous_desc_t; /*val target config read apis */ +#ifdef VAL_NSPE_BUILD STATIC_DECLARE val_status_t val_target_get_config(cfg_id_t cfg_id, uint8_t **data, uint32_t *size); STATIC_DECLARE val_status_t val_target_cfg_get_next(void **blob); -STATIC_DECLARE val_status_t val_target_get_cfg_blob(cfg_id_t cfg_id, uint8_t **data, uint32_t *size); +STATIC_DECLARE val_status_t val_target_get_cfg_blob(cfg_id_t cfg_id, uint8_t **data, + uint32_t *size); STATIC_DECLARE val_status_t val_target_get_config(cfg_id_t cfg_id, uint8_t **data, uint32_t *size); #endif +#endif diff --git a/api-tests/val/nspe/pal_interfaces_ns.h b/api-tests/val/nspe/pal_interfaces_ns.h index 186a5fc7..0b506121 100644 --- a/api-tests/val/nspe/pal_interfaces_ns.h +++ b/api-tests/val/nspe/pal_interfaces_ns.h @@ -100,7 +100,7 @@ int pal_uart_init_ns(uint32_t uart_base_addr); * @return - SUCCESS/FAILURE **/ -int pal_print_ns(char *str, uint32_t data); +int pal_print_ns(char *str, int32_t data); /** * @brief - Initializes an hardware watchdog timer diff --git a/api-tests/val/nspe/val_attestation.h b/api-tests/val/nspe/val_attestation.h index d860739b..58ea59c1 100644 --- a/api-tests/val/nspe/val_attestation.h +++ b/api-tests/val/nspe/val_attestation.h @@ -19,7 +19,6 @@ #define _VAL_INITIAL_ATTESTATION_H_ #include "val.h" - #define MAX_CHALLENGE_SIZE PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 enum attestation_function_code { diff --git a/api-tests/val/nspe/val_crypto.c b/api-tests/val/nspe/val_crypto.c index 764b44a9..da1aced4 100644 --- a/api-tests/val/nspe/val_crypto.c +++ b/api-tests/val/nspe/val_crypto.c @@ -30,7 +30,7 @@ int32_t val_crypto_function(int type, ...) { va_list valist; - val_status_t status; + int32_t status; va_start(valist, type); status = pal_crypto_function(type, valist); diff --git a/api-tests/val/nspe/val_crypto.h b/api-tests/val/nspe/val_crypto.h index 6cb1b2f0..6fc3f562 100644 --- a/api-tests/val/nspe/val_crypto.h +++ b/api-tests/val/nspe/val_crypto.h @@ -48,6 +48,7 @@ #define PSA_KEY_LIFETIME_INVALID 0xFFFFFFFF #define PSA_KEY_USAGE_INVALID 0xFFFFFFFF +#define PSA_HASH_ALG_INVALID 0x01FFFFFF #define PSA_ALG_INVALID 0xFFFFFFFF enum crypto_function_code { @@ -98,6 +99,7 @@ enum crypto_function_code { VAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31, VAL_CRYPTO_KEY_AGREEMENT = 0x32, VAL_CRYPTO_ALLOCATE_KEY = 0x33, + VAL_CRYPTO_COPY_KEY = 0x34, VAL_CRYPTO_FREE = 0xFE, }; diff --git a/api-tests/val/nspe/val_dispatcher.c b/api-tests/val/nspe/val_dispatcher.c index 29c72dc2..86755187 100644 --- a/api-tests/val/nspe/val_dispatcher.c +++ b/api-tests/val/nspe/val_dispatcher.c @@ -126,7 +126,7 @@ int val_copy_elf(uint32_t saddr, uint32_t *info_addr) **/ val_status_t val_test_load(test_id_t *test_id, test_id_t test_id_prev) { -#ifndef TEST_COMBINE_ARCHIVE +#if (TEST_COMBINE_ARCHIVE == 0) test_header_t test_header; addr_t flash_addr = combine_test_binary_addr; @@ -260,7 +260,7 @@ val_status_t val_test_load(test_id_t *test_id, test_id_t test_id_prev) **/ val_status_t val_get_test_entry_addr(addr_t *paddr) { -#ifndef TEST_COMBINE_ARCHIVE +#if (TEST_COMBINE_ARCHIVE == 0) *paddr = (addr_t)(((val_test_info_t *)g_test_info_addr)->entry_addr); #else *paddr = g_test_info_addr; diff --git a/api-tests/val/nspe/val_entry.h b/api-tests/val/nspe/val_entry.h index 2b885e0c..2236016e 100644 --- a/api-tests/val/nspe/val_entry.h +++ b/api-tests/val/nspe/val_entry.h @@ -21,7 +21,7 @@ #include "val_framework.h" #define PSA_ACS_MAJOR_VER 0 -#define PSA_ACS_MINOR_VER 8 +#define PSA_ACS_MINOR_VER 9 /** @brief - PSA Test Suite C main function, does VAL init and calls test dispatcher diff --git a/api-tests/val/nspe/val_framework.c b/api-tests/val/nspe/val_framework.c index 1bc3b128..4f6163c1 100644 --- a/api-tests/val/nspe/val_framework.c +++ b/api-tests/val/nspe/val_framework.c @@ -111,11 +111,31 @@ val_status_t val_execute_non_secure_tests(uint32_t test_num, client_test_t *test return status; } - if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_CRYPTO) + if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_REENTER_TEST) { - val_print(PRINT_TEST,"[Info] Executing tests from non-secure\n", 0); while (tests_list[i] != NULL) { + /* + * Reboot have been expected by test in previous ns run, + * consider previous run pass and jump to second test function + * of the same test if available. + */ + if ((boot.state == BOOT_EXPECTED_REENTER_TEST) && (i == 1)) + { + val_print(PRINT_DEBUG, "[Check1] PASSED\n", 0); + i++; + continue; + } + + status = val_set_boot_flag(BOOT_NOT_EXPECTED); + if (VAL_ERROR(status)) + { + return status; + } + + if (i == 1) + val_print(PRINT_TEST,"[Info] Executing tests from non-secure\n", 0); + if (server_hs == TRUE) { /* Handshake with server tests */ @@ -204,6 +224,17 @@ val_status_t val_switch_to_secure_client(uint32_t test_num) if (boot.state != BOOT_EXPECTED_S) { + /* + * Reboot have been expected by test in previous s run, + * consider previous run pass and jump to second test function + * of the same test if available. + */ + if (boot.state == BOOT_EXPECTED_REENTER_TEST) + { + test_info.block_num++; + val_print(PRINT_DEBUG, "[Check1] PASSED\n", 0); + } + status = val_set_boot_flag(BOOT_NOT_EXPECTED); if (VAL_ERROR(status)) { @@ -399,7 +430,7 @@ val_status_t val_err_check_set(uint32_t checkpoint, val_status_t status) } else { - status = val_get_status(); + status = (val_get_status() & TEST_STATUS_MASK); if (VAL_ERROR(status)) { val_print(PRINT_ERROR, "\tCheckpoint %d : ", checkpoint); @@ -451,15 +482,16 @@ void val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield) GET_TEST_ISOLATION_LEVEL(test_bitfield)) { val_set_status(RESULT_SKIP(VAL_STATUS_ISOLATION_LEVEL_NOT_SUPP)); - val_print(PRINT_ALWAYS, "Skipping test. Required isolation level is not supported\n", 0); + val_print(PRINT_ALWAYS, "\tSkipping test. Required isolation level is not supported\n", 0); return; } +#if (WATCHDOG_AVAILABLE == 1) /* Initialise watchdog */ status = val_wd_timer_init(GET_WD_TIMOUT_TYPE(test_bitfield)); if (VAL_ERROR(status)) { - val_print(PRINT_ERROR, "val_wd_timer_init failed Error=0x%x\n", status); + val_print(PRINT_ERROR, "\tval_wd_timer_init failed Error=0x%x\n", status); return; } @@ -467,9 +499,10 @@ void val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield) status = val_wd_timer_enable(); if (VAL_ERROR(status)) { - val_print(PRINT_ERROR, "val_wd_timer_enable failed Error=0x%x\n", status); + val_print(PRINT_ERROR, "\tval_wd_timer_enable failed Error=0x%x\n", status); return; } +#endif val_set_status(RESULT_START(VAL_STATUS_SUCCESS)); return; @@ -483,10 +516,20 @@ void val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield) void val_test_exit(void) { - val_status_t status; + val_status_t status = VAL_STATUS_SUCCESS; + +#if (WATCHDOG_AVAILABLE == 1) + status = val_wd_timer_disable(); + if (VAL_ERROR(status)) + { + val_print(PRINT_ERROR, "\tval_wd_timer_disable failed Error=0x%x\n", status); + val_set_status(RESULT_FAIL(status)); + return; + } +#endif - val_wd_timer_disable(); status = val_get_status(); + /* return if test skipped or failed */ if (IS_TEST_FAIL(status) || IS_TEST_SKIP(status)) { @@ -509,9 +552,12 @@ val_status_t val_get_last_run_test_id(test_id_t *test_id) test_count_t test_count; boot_t boot; int i = 0, intermediate_boot = 0; - boot_state_t boot_state[] = {BOOT_NOT_EXPECTED, BOOT_EXPECTED_NS, - BOOT_EXPECTED_S, BOOT_EXPECTED_BUT_FAILED, - BOOT_EXPECTED_CRYPTO}; + boot_state_t boot_state[] = {BOOT_NOT_EXPECTED, + BOOT_EXPECTED_NS, + BOOT_EXPECTED_S, + BOOT_EXPECTED_BUT_FAILED, + BOOT_EXPECTED_REENTER_TEST + }; status = val_get_boot_flag(&boot.state); if (VAL_ERROR(status)) @@ -519,6 +565,8 @@ val_status_t val_get_last_run_test_id(test_id_t *test_id) return status; } + val_print(PRINT_INFO, "\n\tboot.state=0x%x", boot.state); + for (i = 0; i < (sizeof(boot_state)/sizeof(boot_state[0])); i++) { if (boot.state == boot_state[i]) @@ -585,7 +633,7 @@ val_status_t val_set_boot_flag(boot_state_t state) status = val_nvmem_write(VAL_NVMEM_OFFSET(NV_BOOT), &boot, sizeof(boot_t)); if (VAL_ERROR(status)) { - val_print(PRINT_ERROR, "val_nvmem_write failed. Error=0x%x\n", status); + val_print(PRINT_ERROR, "\tval_nvmem_write failed. Error=0x%x\n", status); return status; } return status; @@ -604,7 +652,7 @@ val_status_t val_get_boot_flag(boot_state_t *state) status = val_nvmem_read(VAL_NVMEM_OFFSET(NV_BOOT), &boot, sizeof(boot_t)); if (VAL_ERROR(status)) { - val_print(PRINT_ERROR, "val_nvmem_read failed. Error=0x%x\n", status); + val_print(PRINT_ERROR, "\tval_nvmem_read failed. Error=0x%x\n", status); return status; } *state = boot.state; diff --git a/api-tests/val/nspe/val_interfaces.h b/api-tests/val/nspe/val_interfaces.h index b41aab1b..8e9c56bd 100644 --- a/api-tests/val/nspe/val_interfaces.h +++ b/api-tests/val/nspe/val_interfaces.h @@ -25,7 +25,7 @@ /* typedef's */ typedef struct { val_status_t (*print) (print_verbosity_t verbosity, - char *string, uint32_t data); + char *string, int32_t data); val_status_t (*set_status) (uint32_t status); uint32_t (*get_status) (void); void (*test_init) (uint32_t test_num, char8_t *desc, diff --git a/api-tests/val/nspe/val_peripherals.c b/api-tests/val/nspe/val_peripherals.c index 9f153e00..dccc4e40 100644 --- a/api-tests/val/nspe/val_peripherals.c +++ b/api-tests/val/nspe/val_peripherals.c @@ -56,7 +56,7 @@ val_status_t val_uart_init(void) - data : Value for format specifier @return - val_status_t **/ -val_status_t val_print(print_verbosity_t verbosity, char *string, uint32_t data) +val_status_t val_print(print_verbosity_t verbosity, char *string, int32_t data) { if ((is_uart_init_done == 0) || (verbosity < VERBOSE)) { diff --git a/api-tests/val/nspe/val_peripherals.h b/api-tests/val/nspe/val_peripherals.h index dfea1431..d1b75389 100644 --- a/api-tests/val/nspe/val_peripherals.h +++ b/api-tests/val/nspe/val_peripherals.h @@ -21,7 +21,7 @@ #include "val.h" val_status_t val_uart_init(void); -val_status_t val_print(print_verbosity_t verbosity, char *string, uint32_t data); +val_status_t val_print(print_verbosity_t verbosity, char *string, int32_t data); val_status_t val_spi_read(addr_t addr, uint8_t *data, uint32_t len); val_status_t val_nvmem_read(uint32_t offset, void *buffer, int size); val_status_t val_nvmem_write(uint32_t offset, void *buffer, int size); diff --git a/api-tests/val/spe/pal_interfaces_s.h b/api-tests/val/spe/pal_interfaces_s.h index a9edd70a..2ca9e28b 100644 --- a/api-tests/val/spe/pal_interfaces_s.h +++ b/api-tests/val/spe/pal_interfaces_s.h @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,7 +19,7 @@ #define _VAL_PAL_INTERFACE_APIS_H_ -#include "val/common/val.h" +#include "val.h" /* Peripherals APIs */ @@ -37,7 +37,7 @@ void pal_uart_init(addr_t uart_base_addr); - data : Value for Format specifier @return - void */ -void pal_print(char *str, uint32_t data); +void pal_print(char *str, int32_t data); /** @brief - Initializes an hardware watchdog timer @@ -90,4 +90,19 @@ int pal_nvmem_write(addr_t base, uint32_t offset, void *buffer, int size); @return - error status 0:SUCCESS, 1:FAIL */ int pal_nvmem_read(addr_t base, uint32_t offset, void *buffer, int size); + +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void pal_generate_interrupt(void); + +/** + @brief - Disable interrupt that was generated using pal_generate_interrupt API. + @param - void + @return - void +**/ +void pal_disable_interrupt(void); #endif diff --git a/api-tests/val/spe/val_driver_service_apis.c b/api-tests/val/spe/val_driver_service_apis.c index 46a31622..05b14fde 100644 --- a/api-tests/val/spe/val_driver_service_apis.c +++ b/api-tests/val/spe/val_driver_service_apis.c @@ -17,7 +17,7 @@ #include "val_driver_service_apis.h" -#include "val/common/val_target.c" +#include "val_target.c" print_verbosity_t g_print_level = PRINT_INFO; static int is_uart_init_done = 0; @@ -39,10 +39,10 @@ val_status_t val_uart_init_sf(addr_t uart_base_addr) @brief - This function parses the input string and writes byte by byte to print the input string @param - pointer : Input String - - data : Value for Format specifier + - data : Value for Format specifier @return - error status */ -val_status_t val_print_sf(char *string, uint32_t data) +val_status_t val_print_sf(char *string, int32_t data) { if (is_uart_init_done == 1) { @@ -199,3 +199,47 @@ val_status_t val_init_driver_memory(void) return VAL_STATUS_SUCCESS; } + +/** + @brief - This function returns the driver reserved mmio region base + @param - base pointer + @return - val_status_t +**/ +val_status_t val_get_driver_mmio_addr(addr_t *base_addr) +{ + val_status_t status; + memory_desc_t *memory_desc; + + status = val_target_get_config(TARGET_CONFIG_CREATE_ID(GROUP_MEMORY, + MEMORY_DRIVER_PARTITION_MMIO, 0), + (uint8_t **)&memory_desc, + (uint32_t *)sizeof(memory_desc_t)); + if (VAL_ERROR(status)) + { + return status; + } + + *base_addr = memory_desc->start; + return VAL_STATUS_SUCCESS; +} + +/** + @brief - Trigger interrupt for irq signal assigned to driver partition + before return to caller. + @param - void + @return - void +**/ +void val_generate_interrupt(void) +{ + pal_generate_interrupt(); +} + +/** + @brief - Disable interrupt that was generated using val_generate_interrupt API. + @param - void + @return - void +**/ +void val_disable_interrupt(void) +{ + pal_disable_interrupt(); +} diff --git a/api-tests/val/spe/val_driver_service_apis.h b/api-tests/val/spe/val_driver_service_apis.h index 9614e352..251a0655 100644 --- a/api-tests/val/spe/val_driver_service_apis.h +++ b/api-tests/val/spe/val_driver_service_apis.h @@ -20,20 +20,13 @@ #include "val.h" #include "val_client_defs.h" -#include "val_service_defs.h" #include "pal_interfaces_s.h" -/* "psa_manifest/.h" Manifest definitions. Only accessible to Secure Partition. - * The file name is based on the name of the Secure Partitions manifest file. - * The name must not collide with other header files. - * Compliance tests expect the below manifest output files implementation from build tool. - */ -#include "psa_manifest/driver_partition_psa.h" - -#define USE_RAW_PRINT_FOR_DRIVER_PARTITION 1 +#define DRIVER_PARTITION_INCLUDE +#include "val_service_defs.h" val_status_t val_uart_init_sf(addr_t uart_base_addr); -val_status_t val_print_sf(char *string, uint32_t data); +val_status_t val_print_sf(char *string, int32_t data); val_status_t val_wd_timer_init_sf(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us); val_status_t val_wd_timer_enable_sf(addr_t base_addr); val_status_t val_wd_timer_disable_sf(addr_t base_addr); @@ -42,4 +35,7 @@ val_status_t val_nvmem_read_sf(addr_t base, uint32_t offset, void *buffer, int s val_status_t val_nvmem_write_sf(addr_t base, uint32_t offset, void *buffer, int size); val_status_t val_driver_private_set_boot_flag_fn(boot_state_t state); val_status_t val_init_driver_memory(void); +val_status_t val_get_driver_mmio_addr(addr_t *base_addr); +void val_generate_interrupt(void); +void val_disable_interrupt(void); #endif diff --git a/api-tests/val/spe/val_partition_common.h b/api-tests/val/spe/val_partition_common.h index df36402d..76b5c8c6 100644 --- a/api-tests/val/spe/val_partition_common.h +++ b/api-tests/val/spe/val_partition_common.h @@ -30,16 +30,8 @@ #include "val_target.c" #include "val_service_defs.h" -/* "psa_manifest/.h" Manifest definitions. Only accessible to Secure Partition. - * The file name is based on the name of the Secure Partitions manifest file. - * The name must not collide with other header files. - * Compliance tests expect the below manifest output files implementation from build tool. - */ -#include "psa_manifest/client_partition_psa.h" -#include "psa_manifest/server_partition_psa.h" - __UNUSED STATIC_DECLARE val_status_t val_print - (print_verbosity_t verbosity, char *string, uint32_t data); + (print_verbosity_t verbosity, char *string, int32_t data); __UNUSED STATIC_DECLARE val_status_t val_ipc_connect (uint32_t sid, uint32_t minor_version, psa_handle_t *handle ); __UNUSED STATIC_DECLARE val_status_t val_ipc_call @@ -52,7 +44,7 @@ __UNUSED STATIC_DECLARE val_status_t val_process_call_request(psa_signal_t sig, __UNUSED STATIC_DECLARE val_status_t val_process_disconnect_request (psa_signal_t sig, psa_msg_t *msg); __UNUSED STATIC_DECLARE val_status_t val_execute_secure_tests - (uint32_t test_num, client_test_t *tests_list); + (test_info_t test_info, client_test_t *tests_list); __UNUSED STATIC_DECLARE val_status_t val_execute_secure_test_func (psa_handle_t *handle, test_info_t test_info, uint32_t sid); __UNUSED STATIC_DECLARE val_status_t val_get_secure_test_result(psa_handle_t *handle); @@ -70,6 +62,9 @@ __UNUSED static val_api_t val_api = { .ipc_close = val_ipc_close, .set_boot_flag = val_set_boot_flag, .target_get_config = val_target_get_config, + .process_connect_request = val_process_connect_request, + .process_call_request = val_process_call_request, + .process_disconnect_request= val_process_disconnect_request, }; __UNUSED static psa_api_t psa_api = { @@ -78,6 +73,17 @@ __UNUSED static psa_api_t psa_api = { .connect = psa_connect, .call = psa_call, .close = psa_close, + .wait = psa_wait, + .set_rhandle = psa_set_rhandle, + .get = psa_get, + .read = psa_read, + .skip = psa_skip, + .write = psa_write, + .reply = psa_reply, + .notify = psa_notify, + .clear = psa_clear, + .eoi = psa_eoi, + .rot_lifecycle_state = psa_rot_lifecycle_state, }; /** @@ -88,7 +94,7 @@ __UNUSED static psa_api_t psa_api = { - data : Value for format specifier @return - val_status_t **/ -STATIC_DECLARE val_status_t val_print(print_verbosity_t verbosity, char *string, uint32_t data) +STATIC_DECLARE val_status_t val_print(print_verbosity_t verbosity, char *string, int32_t data) { int string_len = 0; char *p = string; @@ -108,7 +114,7 @@ STATIC_DECLARE val_status_t val_print(print_verbosity_t verbosity, char *string, p++; } - psa_invec data1[3] = {{&uart_fn, sizeof(uart_fn)}, {string, string_len+1}, {&data, 4}}; + psa_invec data1[3] = {{&uart_fn, sizeof(uart_fn)}, {string, string_len+1}, {&data, sizeof(data)}}; print_handle = psa_connect(DRIVER_UART_SID, 0); if (print_handle < 0) @@ -301,23 +307,21 @@ STATIC_DECLARE val_status_t val_process_disconnect_request(psa_signal_t sig, psa /** @brief - This function executes given list of tests from secure sequentially This covers secure to secure IPC API scenario - @param - test_num : Test_num + @param - test_info_t : test_num and block_num @param - tests_list : list of tests to be executed @return - val_status_t **/ -STATIC_DECLARE val_status_t val_execute_secure_tests(uint32_t test_num, client_test_t *tests_list) +STATIC_DECLARE val_status_t val_execute_secure_tests(test_info_t test_info, client_test_t *tests_list) { val_status_t status = VAL_STATUS_SUCCESS; val_status_t test_status = VAL_STATUS_SUCCESS; psa_handle_t handle; - int i = 1; - test_info_t test_info; - - test_info.test_num = test_num; - val_print(PRINT_TEST, "[Info] Executing tests from secure\n", 0); + int i = test_info.block_num; while (tests_list[i] != NULL) { + if (i == 1) + val_print(PRINT_TEST, "[Info] Executing tests from secure\n", 0); /* Handshake with server tests */ test_info.block_num = i; @@ -513,7 +517,7 @@ STATIC_DECLARE val_status_t val_set_boot_flag(boot_state_t state) status = val_nvmem_write(VAL_NVMEM_OFFSET(NV_BOOT), &boot, sizeof(boot_t)); if (VAL_ERROR(status)) { - val_print(PRINT_ERROR, "val_nvmem_write failed Error=0x%x\n", status); + val_print(PRINT_ERROR, "\tval_nvmem_write failed Error=0x%x\n", status); return status; } return status; diff --git a/api-tests/val/spe/val_service_defs.h b/api-tests/val/spe/val_service_defs.h index 51b6d5cd..b499b5d3 100644 --- a/api-tests/val/spe/val_service_defs.h +++ b/api-tests/val/spe/val_service_defs.h @@ -1,5 +1,5 @@ /** @file - * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved. * SPDX-License-Identifier : Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,16 +20,25 @@ /***************** PSA Secure Function API *****************/ -/* Note - This header file containts the declaration of PSA defined secure partition service API - elements. Ideally, These elements must be defined in a header file by SPM - implemented library and provided to clients operation in NSPE and SPE as per the specification. - If this is available in the platform, the elements declared as part of this - file can be overwritten by passing --include to setup.sh script. - */ - /* psa/service.h: Secure Partition API elements. Only accessible to Secure Partition */ #include "psa/service.h" +/* psa/lifecycle.h: Contains the PSA Lifecycle API elements */ +#include "psa/lifecycle.h" + +/* "psa_manifest/.h" Manifest definitions. Only accessible to Secure Partition. + * The file name is based on the name of the Secure Partitions manifest file. + * The name must not collide with other header files. + * Compliance tests expect the below manifest output files implementation from build tool. + */ +#include "psa_manifest/driver_partition_psa.h" +#ifndef DRIVER_PARTITION_INCLUDE +#include "psa_manifest/client_partition_psa.h" +#include "psa_manifest/server_partition_psa.h" +#endif + +#include "val_target.h" + /* struct of function pointers to uniqify nspe and spe client interface for test */ typedef struct { uint32_t (*framework_version) (void); @@ -42,21 +51,38 @@ typedef struct { size_t out_len ); void (*close) (psa_handle_t handle); + psa_signal_t (*wait) (psa_signal_t signal_mask, uint32_t timeout); + void (*set_rhandle) (psa_handle_t msg_handle, void *rhandle); + psa_status_t (*get) (psa_signal_t signal, psa_msg_t *msg); + size_t (*read) (psa_handle_t msg_handle, uint32_t invec_idx, + void *buffer, size_t num_bytes); + size_t (*skip) (psa_handle_t msg_handle, uint32_t invec_idx, + size_t num_bytes); + void (*write) (psa_handle_t msg_handle, uint32_t outvec_idx, + const void *buffer, size_t num_bytes); + void (*reply) (psa_handle_t msg_handle, psa_status_t status); + void (*notify) (int32_t partition_id); + void (*clear) (void); + void (*eoi) (psa_signal_t irq_signal); + uint32_t (*rot_lifecycle_state) (void); } psa_api_t; typedef struct { - val_status_t (*print) (print_verbosity_t verbosity, - char *string, uint32_t data); - val_status_t (*err_check_set) (uint32_t checkpoint, val_status_t status); - val_status_t (*execute_secure_test_func) (psa_handle_t *handle, test_info_t test_info, - uint32_t sid); - val_status_t (*get_secure_test_result) (psa_handle_t *handle); - val_status_t (*ipc_connect) (uint32_t sid, uint32_t minor_version, - psa_handle_t *handle ); - val_status_t (*ipc_call) (psa_handle_t handle, psa_invec *in_vec, - size_t in_len, psa_outvec *out_vec, size_t out_len); - void (*ipc_close) (psa_handle_t handle); - val_status_t (*set_boot_flag) (boot_state_t state); - val_status_t (*target_get_config) (cfg_id_t cfg_id, uint8_t **data, uint32_t *size); + val_status_t (*print) (print_verbosity_t verbosity, + char *string, int32_t data); + val_status_t (*err_check_set) (uint32_t checkpoint, val_status_t status); + val_status_t (*execute_secure_test_func) (psa_handle_t *handle, test_info_t test_info, + uint32_t sid); + val_status_t (*get_secure_test_result) (psa_handle_t *handle); + val_status_t (*ipc_connect) (uint32_t sid, uint32_t minor_version, + psa_handle_t *handle ); + val_status_t (*ipc_call) (psa_handle_t handle, psa_invec *in_vec, + size_t in_len, psa_outvec *out_vec, size_t out_len); + void (*ipc_close) (psa_handle_t handle); + val_status_t (*set_boot_flag) (boot_state_t state); + val_status_t (*target_get_config) (cfg_id_t cfg_id, uint8_t **data, uint32_t *size); + val_status_t (*process_connect_request) (psa_signal_t sig, psa_msg_t *msg); + val_status_t (*process_call_request) (psa_signal_t sig, psa_msg_t *msg); + val_status_t (*process_disconnect_request) (psa_signal_t sig, psa_msg_t *msg); } val_api_t; #endif