MATF-Software-Verification
diff --git a/‎testing/integration/psa_hci_integration/CMakeLists.txt
+12 b/‎testing/integration/psa_hci_integration/CMakeLists.txt
+12
diff --git a/‎testing/integration/psa_hci_integration/prj.conf
+32 b/‎testing/integration/psa_hci_integration/prj.conf
+32
diff --git a/‎testing/integration/psa_hci_integration/src/0000000000000001.psa_its
84 Bytes b/‎testing/integration/psa_hci_integration/src/0000000000000001.psa_its
84 Bytes
diff --git a/‎testing/integration/psa_hci_integration/src/main.c
+154 b/‎testing/integration/psa_hci_integration/src/main.c
+154
diff --git a/‎testing/integration/psa_hci_integration/src/post_reboot_psa_test.c
+46 b/‎testing/integration/psa_hci_integration/src/post_reboot_psa_test.c
+46
diff --git a/‎testing/integration/psa_hci_integration/testcase.yaml
+12 b/‎testing/integration/psa_hci_integration/testcase.yaml
+12
diff --git a/‎testing/integration/rpa_psa_integration/CMakeLists.txt
+12 b/‎testing/integration/rpa_psa_integration/CMakeLists.txt
+12
diff --git a/‎testing/integration/rpa_psa_integration/prj.conf
+51 b/‎testing/integration/rpa_psa_integration/prj.conf
+51
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: Apache-2.0
+
+cmake_minimum_required(VERSION 3.20.0)
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(integration)
+
+# include_directories(BEFORE
+#     ${ZEPHYR_BASE}/tests/bluetooth/host/cs/channel_sounding/mocks_unit_tests
+# )
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
@@ -0,0 +1,32 @@
+CONFIG_ZTEST=y
+
+# # # Mbed TLS
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_BUILTIN=y
+# CONFIG_MBEDTLS_ECP_MAX_BITS=512
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+
+CONFIG_REBOOT=y
+
+CONFIG_BT=y
+CONFIG_BT_HCI=y
+
+CONFIG_LOG=y
+CONFIG_LOG_DEFAULT_LEVEL=3
+CONFIG_ASSERT=y
+CONFIG_SECURE_STORAGE=y
+
+CONFIG_PSA_WANT_KEY_TYPE_AES=y
+CONFIG_PSA_WANT_ALG_CTR=y
+# CONFIG_PSA_WANT_ALG_ECDH=y
+
+CONFIG_ENTROPY_GENERATOR=y
+
+CONFIG_TEST_RANDOM_GENERATOR=y
+CONFIG_TIMER_RANDOM_GENERATOR=y
+CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR=y
+CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG=y
+
+CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_SETTINGS=y
+CONFIG_SETTINGS_NVS=y
+CONFIG_NVS=y
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr/ztest.h>
+
+#include <psa/crypto.h>
+#include <zephyr/bluetooth/bluetooth.h>
+#include <zephyr/sys/reboot.h>
+#include <zephyr/logging/log.h>
+
+#define SAMPLE_KEY_ID   PSA_KEY_ID_USER_MIN
+#define SAMPLE_KEY_TYPE PSA_KEY_TYPE_AES
+#define SAMPLE_ALG      PSA_ALG_CTR
+#define SAMPLE_KEY_BITS 256
+
+LOG_MODULE_REGISTER(psa_hci_integration_tests);
+
+psa_status_t generate_key_helper(psa_key_id_t* key_id, psa_algorithm_t algorithm, size_t key_bits);
+
+void setup_pre_reboot(){
+    // Use this function as a setup for the next testsuite that should simulate reboot
+    psa_status_t ret;
+    psa_key_id_t key_id;
+    ret = generate_key_helper(&key_id, SAMPLE_ALG, SAMPLE_KEY_BITS);
+    zassert_equal(ret, PSA_SUCCESS, "Key generation failed: %d", ret);
+
+    // Don't destroy the key, but purge it for good measure
+    ret = psa_purge_key(SAMPLE_KEY_ID);
+    zassert_equal(ret, PSA_SUCCESS, "Failed to purge the key: %d", ret);
+}
+
+ZTEST_SUITE(psa_hci_integration_tests, NULL, NULL, NULL, NULL, setup_pre_reboot);
+
+static uint8_t plaintext[] = {0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF};
+static uint8_t ciphertext[PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(SAMPLE_KEY_TYPE, SAMPLE_ALG,
+    sizeof(plaintext))];
+static size_t ct_len;
+
+psa_status_t generate_key_helper(psa_key_id_t* key_id, psa_algorithm_t algorithm, size_t key_bits) {
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_PERSISTENT);
+	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+	psa_set_key_id(&key_attributes, SAMPLE_KEY_ID);
+	psa_set_key_type(&key_attributes, SAMPLE_KEY_TYPE);
+	psa_set_key_algorithm(&key_attributes, algorithm);
+	psa_set_key_bits(&key_attributes, key_bits);
+
+    // //HACK: remove when the test is ready
+    // psa_destroy_key(SAMPLE_KEY_ID);
+
+    return psa_generate_key(&key_attributes, key_id);
+}
+
+ZTEST(psa_hci_integration_tests, test_psa_persistence_encrypt_decrypt) {
+    psa_status_t ret;
+	psa_key_id_t key_id;
+
+    // Create a persistent signing key
+	ret = generate_key_helper(&key_id, SAMPLE_ALG, SAMPLE_KEY_BITS);
+    zassert_equal(ret, PSA_SUCCESS, "Key gen failed: %d", ret);
+
+    ret = psa_cipher_encrypt(key_id, SAMPLE_ALG, plaintext, sizeof(plaintext), ciphertext, sizeof(ciphertext), &ct_len);
+
+    LOG_INF("Encrypted %d bytes", ct_len);
+
+    zassert_equal(ret, PSA_SUCCESS, "Encryption failed: %d", ret);
+
+    // Purge key from volatile storage
+    ret = psa_purge_key(SAMPLE_KEY_ID);
+    zassert_equal(ret, PSA_SUCCESS, "Failed to purge the key: %d", ret);
+
+        /* Open persisted key */
+        ret = psa_open_key(SAMPLE_KEY_ID, &key_id);
+        zassert_equal(ret, PSA_SUCCESS, "Open failed: %d", ret);
+
+    uint8_t decrypted[sizeof(plaintext)];
+    size_t dlen;
+
+        /* Verify key usability */
+    ret = psa_cipher_decrypt(
+        key_id, SAMPLE_ALG,
+        ciphertext, ct_len,
+        decrypted, sizeof(decrypted), &dlen
+    );
+    zassert_equal(ret, PSA_SUCCESS, "Decrypt failed: %d", ret);
+    zassert_mem_equal(plaintext, decrypted, sizeof(plaintext),
+                    "Data corrupted");
+
+                        /* Cleanup */
+    psa_destroy_key(key_id);
+}
+
+
+ZTEST(psa_hci_integration_tests, test_psa_key_deletion_and_regeneration) {
+    psa_status_t ret;
+    psa_key_id_t key_id;
+
+    // Generate the key
+    ret = generate_key_helper(&key_id, SAMPLE_ALG, SAMPLE_KEY_BITS);
+    zassert_equal(ret, PSA_SUCCESS, "Key generation failed: %d", ret);
+
+    // Encrypt some data with the key
+    ret = psa_cipher_encrypt(key_id, SAMPLE_ALG, plaintext, sizeof(plaintext), ciphertext, sizeof(ciphertext), &ct_len);
+    zassert_equal(ret, PSA_SUCCESS, "Encryption failed: %d", ret);
+
+    // Destroy the key
+    ret = psa_destroy_key(key_id);
+    zassert_equal(ret, PSA_SUCCESS, "Failed to destroy key: %d", ret);
+
+    // Attempt to re-generate the key
+    ret = generate_key_helper(&key_id, SAMPLE_ALG, SAMPLE_KEY_BITS);
+    zassert_equal(ret, PSA_SUCCESS, "Key re-generation failed: %d", ret);
+
+    // Attempt to decrypt the ciphertext encrypted using the different key (should fail)
+    uint8_t decrypted[sizeof(plaintext)];
+    size_t dlen;
+    ret = psa_cipher_decrypt(key_id, SAMPLE_ALG, ciphertext, ct_len, decrypted, sizeof(decrypted), &dlen);
+    zassert_equal(ret, PSA_SUCCESS, "Decryption failed: %d", ret);
+    zassert_true(memcmp(plaintext, decrypted, sizeof(plaintext)) != 0, "Decryption succeeded with a different key!");
+
+    // Cleanup
+    psa_destroy_key(key_id);
+}
+
+ZTEST(psa_hci_integration_tests, test_psa_invalid_key_usage) {
+    psa_status_t ret;
+    
+    // Try using an ungenerated key (should fail)
+    psa_key_id_t bad_key_id = (psa_key_id_t)0xBAADBEEF;
+    ret = psa_cipher_encrypt(bad_key_id, SAMPLE_ALG, plaintext, sizeof(plaintext), ciphertext, sizeof(ciphertext), &ct_len);
+    zassert_equal(ret, PSA_ERROR_INVALID_HANDLE, "Expected failure due to invalid key handle");
+
+    // Try using a destroyed key
+    psa_key_id_t key_id;
+    ret = generate_key_helper(&key_id, SAMPLE_ALG, SAMPLE_KEY_BITS);
+    zassert_equal(ret, PSA_SUCCESS, "Key generation failed: %d", ret);
+
+    // Destroy the key
+    ret = psa_destroy_key(key_id);
+    zassert_equal(ret, PSA_SUCCESS, "Failed to destroy key: %d", ret);
+
+    // Attempt to use the destroyed key (should fail)
+    uint8_t decrypted[sizeof(plaintext)];
+    size_t dlen;
+    ret = psa_cipher_decrypt(key_id, SAMPLE_ALG, ciphertext, ct_len, decrypted, sizeof(decrypted), &dlen);
+    zassert_equal(ret, PSA_ERROR_INVALID_HANDLE, "Decryption should fail with invalid key");
+    
+    // Cleanup
+    psa_destroy_key(key_id);
+}
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+ #include <zephyr/ztest.h>
+ #include <psa/crypto.h>
+ #include <zephyr/logging/log.h>
+ 
+ LOG_MODULE_REGISTER(psa_hci_reboot_integration_tests);
+
+ ZTEST_SUITE(psa_hci_reboot_integration_tests, NULL, NULL, NULL, NULL, NULL);
+ 
+ #define SAMPLE_KEY_ID   PSA_KEY_ID_USER_MIN
+ #define SAMPLE_KEY_TYPE PSA_KEY_TYPE_AES
+ #define SAMPLE_ALG      PSA_ALG_CTR
+ #define SAMPLE_KEY_BITS 256
+ 
+ static uint8_t plaintext[] = {0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF};
+ static uint8_t ciphertext[PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(SAMPLE_KEY_TYPE, SAMPLE_ALG,
+     sizeof(plaintext))];
+ static size_t ct_len;
+  
+ ZTEST(psa_hci_reboot_integration_tests, test_psa_persistence_after_reboot) {
+     psa_status_t ret;
+     psa_key_id_t key_id;
+ 
+     ret = psa_open_key(SAMPLE_KEY_ID, &key_id);
+     zassert_equal(ret, PSA_SUCCESS, "Open failed: %d", ret);
+ 
+     // Encrypt the data
+     ret = psa_cipher_encrypt(key_id, SAMPLE_ALG, plaintext, sizeof(plaintext), ciphertext, sizeof(ciphertext), &ct_len);
+     zassert_equal(ret, PSA_SUCCESS, "Encryption failed: %d", ret);
+  
+     // Decrypt the ciphertext to verify persistence
+     uint8_t decrypted[sizeof(plaintext)];
+     size_t dlen;
+     ret = psa_cipher_decrypt(key_id, SAMPLE_ALG, ciphertext, ct_len, decrypted, sizeof(decrypted), &dlen);
+     zassert_equal(ret, PSA_SUCCESS, "Decryption failed after reboot: %d", ret);
+     zassert_mem_equal(plaintext, decrypted, sizeof(plaintext), "Decryption resulted in corrupted data after reboot");
+ 
+     // Cleanup
+     psa_destroy_key(key_id);
+ }
+ 
@@ -0,0 +1,12 @@
+tests:
+  # section.subsection
+  sample.testing.ztest:
+    # build_only: true
+    platform_allow:
+      - native_posix
+      - native_sim
+      - qemu_cortex_m3
+    integration_platforms:
+      - native_sim
+      - qemu_cortex_m3
+    tags: test_framework
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: Apache-2.0
+
+cmake_minimum_required(VERSION 3.20.0)
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(integration)
+
+include_directories(BEFORE
+    ${ZEPHYR_BASE}/bluetooth/common/
+)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
@@ -0,0 +1,51 @@
+CONFIG_ZTEST=y
+
+# # # Mbed TLS
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_BUILTIN=y
+# CONFIG_MBEDTLS_ECP_MAX_BITS=512
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+
+CONFIG_BT_BROADCASTER=y
+
+CONFIG_BT=y
+CONFIG_BT_SMP=y
+# CONFIG_BT_CONN=y
+CONFIG_BT_HCI=y
+# CONFIG_BT_HCI_HOST=y
+
+CONFIG_LOG=y
+CONFIG_LOG_DEFAULT_LEVEL=4
+CONFIG_ASSERT=y
+CONFIG_SECURE_STORAGE=y
+
+CONFIG_PSA_WANT_KEY_TYPE_AES=y
+CONFIG_PSA_WANT_ALG_CTR=y
+# CONFIG_PSA_WANT_ALG_ECDH=y
+
+CONFIG_ENTROPY_GENERATOR=y
+
+CONFIG_TEST_RANDOM_GENERATOR=y
+CONFIG_TIMER_RANDOM_GENERATOR=y
+CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR=y
+CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG=y
+
+CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_SETTINGS=y
+CONFIG_SETTINGS_NVS=y
+CONFIG_NVS=y
+
+CONFIG_BT_PRIVACY=y
+# CONFIG_BT_RPA=y
+CONFIG_BT_RPA_LOG_LEVEL_DBG=y
+# Enable creating more than one identity:
+#
+# 2 ids for test_different_irks_yield_different_rpas
+# 1 id for test_null_irk_generates_random_irk
+# 1 id for test_rpa_is_stable_before_timeout
+CONFIG_BT_ID_MAX=7
+CONFIG_BT_CENTRAL=y
+CONFIG_BT_RPA_TIMEOUT=30
+CONFIG_BT_LOG_SNIFFER_INFO=y
+# Enable dynamic RPA timeout manipulation
+CONFIG_BT_RPA_TIMEOUT_DYNAMIC=y
+CONFIG_COVERAGE=y