PSA Crypto SPM

.gitignore

@@ -94,3 +94,6 @@ log
 
 # Icetea related file
 test_suite.json
+
+# default delivery dir
+DELIVERY/

TESTS/mbed_hal/spm/fault_functions.h

@@ -0,0 +1,49 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __MBED_HAL_SPM_FAULT_FUNCTIONS__
+#define __MBED_HAL_SPM_FAULT_FUNCTIONS__
+
+#include "cmsis_compiler.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Retruns the value of the LR register
+// Used to determine which stack the exception happend in
+__STATIC_FORCEINLINE uint32_t __get_LR(void);
+
+// This function is required as we need a symbol/address
+// to jump to from fault handler.
+void do_nothing(void);
+
+// Test exception handler
+static void hard_fault_handler_test();
+
+// Using naked function as it will not be executed from beginning to the end.
+// The execution flow expected to be interrupted by exception and we will
+// return to other function.
+// compiler will not produce prolog and epilog code for naked function
+// and thus will preserve stack in un-corrupted state
+__attribute__((naked)) void call_mem(uint32_t addr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // __MBED_HAL_SPM_FAULT_FUNCTIONS__

TESTS/mbed_hal/spm/main.cpp

@@ -0,0 +1,156 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(COMPONENT_PSA_SRV_IPC)
+#error [NOT_SUPPORTED] Test supported only on PSA targets
+#endif
+
+#if (defined( __CC_ARM ) || defined(__ARMCC_VERSION) || defined( __ICCARM__ ))
+#error [NOT_SUPPORTED] this test is supported on GCC only
+#endif
+
+#include "utest/utest.h"
+#include "unity/unity.h"
+#include "greentea-client/test_env.h"
+#include "cmsis.h"
+#include "spm_api.h"
+#include <stdlib.h>
+#include "fault_functions.h"
+
+using namespace utest::v1;
+
+
+#define HARDFAULT_IRQn   ((IRQn_Type)-13)
+#define EXC_RETURN_RETURN_STACK_MSK ((uint32_t)(0x00000004))
+#define PC_INDEX_IN_STACK_FRAME 6
+
+volatile uint32_t fault_occurred;
+uint32_t real_hard_fault_handler;
+
+__STATIC_FORCEINLINE uint32_t __get_LR(void)
+{
+    uint32_t result;
+
+    __ASM volatile("MOV %0, lr" : "=r"(result));
+    return (result);
+}
+
+void do_nothing(void)
+{
+    __NOP();
+}
+
+static void hard_fault_handler_test()
+{
+    fault_occurred++;
+    // LR is set EXC_RETURN
+    // lowest bits identify PSP vs MSP stack used for stacking
+    uint32_t lr = __get_LR();
+    uint32_t sp;
+
+    if (lr & EXC_RETURN_RETURN_STACK_MSK) {
+        sp = __get_PSP();
+    } else {
+        sp = __get_MSP();
+    }
+
+    // Overwrite return address.
+    // Fake return to a our special function since current
+    // instruction under test will always fail due to memory protection
+    ((uint32_t *)sp)[PC_INDEX_IN_STACK_FRAME] = (uint32_t)do_nothing;
+}
+
+__attribute__((naked)) void call_mem(uint32_t addr)
+{
+    // Only first instruction will be executed in positive flow,
+    // since exception will be generated for invalid memory access.
+    // Other instructions are for calling do_nothing function according to AAPCS.
+    __ASM(
+        "LDR     r1, [r0]\n"
+        "BX      lr\n"
+    );
+}
+
+static void test_memory(uint32_t addr, uint32_t expected_fatal_count)
+{
+    call_mem(addr);
+    // Although call_mem is a "naked" function, it is called using AAPCS.
+    // Thus we can assume LR will point to next instruction, and caller save registers are backed up
+    TEST_ASSERT_EQUAL(expected_fatal_count, fault_occurred);
+}
+
+static void secure_ram_fault_test(void)
+{
+    test_memory(PSA_SECURE_RAM_START, 1);
+}
+
+static void secure_flash_fault_test(void)
+{
+    test_memory(PSA_SECURE_ROM_START, 1);
+}
+
+static void non_secure_ram_fault_test(void)
+{
+    test_memory(PSA_NON_SECURE_RAM_START, 0);
+}
+
+static void non_secure_flash_fault_test(void)
+{
+    test_memory(PSA_NON_SECURE_ROM_START, 0);
+}
+
+utest::v1::status_t fault_override_setup(const Case *const source, const size_t index_of_case)
+{
+    // Save old hard fault handler and replace it with a new one
+    // NOTE: only works when VTOR is set to RAM
+    real_hard_fault_handler = NVIC_GetVector(HARDFAULT_IRQn);
+    NVIC_SetVector(HARDFAULT_IRQn, (uint32_t)&hard_fault_handler_test);
+    fault_occurred = 0;
+
+    return greentea_case_setup_handler(source, index_of_case);
+}
+
+utest::v1::status_t fault_override_teardown(const Case *const source, const size_t passed, const size_t failed,
+                                            const failure_t reason)
+{
+    // Restore real hard fault handler
+    NVIC_SetVector(HARDFAULT_IRQn, real_hard_fault_handler);
+
+    return greentea_case_teardown_handler(source, passed, failed, reason);
+}
+
+Case cases[] = {
+    Case("SPM - Access secure RAM",       fault_override_setup, secure_ram_fault_test, fault_override_teardown),
+    Case("SPM - Access secure Flash",     fault_override_setup, secure_flash_fault_test, fault_override_teardown),
+    Case("SPM - Access non-secure RAM",   fault_override_setup, non_secure_ram_fault_test, fault_override_teardown),
+    Case("SPM - Access non-secure Flash", fault_override_setup, non_secure_flash_fault_test, fault_override_teardown),
+};
+
+utest::v1::status_t greentea_test_setup(const size_t number_of_cases)
+{
+#ifndef NO_GREENTEA
+    GREENTEA_SETUP(20, "default_auto");
+#endif
+    return greentea_test_setup_handler(number_of_cases);
+}
+
+Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler);
+
+int main()
+{
+    Harness::run(specification);
+}

TESTS/psa/crypto_init/main.cpp

@@ -0,0 +1,106 @@
+/*
+* Copyright (c) 2018 ARM Limited. All rights reserved.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+* Licensed under the Apache License, Version 2.0 (the License); you may
+* not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an AS IS BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#if ((!defined(TARGET_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C)) || (!defined(MBEDTLS_PSA_CRYPTO_SPM )))
+#error [NOT_SUPPORTED] Mbed SPM Crypto is OFF - skipping.
+#endif // TARGET_PSA
+
+#include "greentea-client/test_env.h"
+#include "unity/unity.h"
+#include "utest/utest.h"
+#include "crypto.h"
+#include "entropy.h"
+#include "entropy_poll.h"
+
+#define TEST_RANDOM_SIZE 64
+
+#if !defined(MAX)
+#define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/* Calculating the minimum allowed entropy size in bytes */
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \
+            MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
+using namespace utest::v1;
+
+utest::v1::status_t greentea_test_setup(const size_t number_of_cases)
+{
+#ifndef NO_GREENTEA
+    GREENTEA_SETUP(60, "default_auto");
+#endif
+    return greentea_test_setup_handler(number_of_cases);
+}
+
+static void check_multi_crypto_init_deinit()
+{
+    uint8_t output[TEST_RANDOM_SIZE] = {0};
+    uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0};
+    /* inject some a seed for test*/
+    for (int i; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
+        seed[i] = i;
+    }
+    /* don't really care if this succeed this is just to make crypto init pass*/
+    mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    psa_status_t status = psa_crypto_init();
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
+    status = psa_crypto_init();
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_NOT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    mbedtls_psa_crypto_free();
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_NOT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    mbedtls_psa_crypto_free();
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_EQUAL(PSA_ERROR_BAD_STATE, status);
+}
+
+static void check_crypto_init_deinit()
+{
+    psa_status_t status;
+    uint8_t output[TEST_RANDOM_SIZE] = {0};
+    uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0};
+    /* inject some a seed for test*/
+    for (int i; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
+        seed[i] = i;
+    }
+    /* don't really care if this succeed this is just to make crypto init pass*/
+    mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    status = psa_crypto_init();
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_NOT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    mbedtls_psa_crypto_free();
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_EQUAL(PSA_ERROR_BAD_STATE, status);
+}
+
+Case cases[] = {
+    Case("PSA crypto-init De-init", check_crypto_init_deinit),
+    Case("PSA crypto- multiple init De-init", check_multi_crypto_init_deinit),
+};
+
+Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler);
+
+int main()
+{
+    return !Harness::run(specification);
+}