aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2020-06-04 15:58:38 +0800
committerDavid Hu <david.hu@arm.com>2020-06-22 07:04:03 +0000
commit055dce78a89aed694cb1846833cf2575fe9afb3d (patch)
tree2f1d0307bbdcf5e2cff243a856910f35d3f47503
parentfa5a75a6b6407976d9288ed79b26cd0a0c2ac53c (diff)
downloadtrusted-firmware-m-055dce78a89aed694cb1846833cf2575fe9afb3d.tar.gz
Test: Add key derivation test case in Crypto test
Add key derivation test cases in both secure and non-secure test suites. Add a common key derivation test function to support all the test cases. Change-Id: I3fd2c1e8bc3ed0a48bf0eb10253524aa4df6378a Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r--configs/ConfigRegressionProfileS.cmake1
-rw-r--r--test/suites/crypto/CMakeLists.inc6
-rw-r--r--test/suites/crypto/crypto_tests_common.c139
-rw-r--r--test/suites/crypto/crypto_tests_common.h9
-rw-r--r--test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c30
-rw-r--r--test/suites/crypto/secure/crypto_sec_interface_testsuite.c30
6 files changed, 215 insertions, 0 deletions
diff --git a/configs/ConfigRegressionProfileS.cmake b/configs/ConfigRegressionProfileS.cmake
index 51324fe30..824d88613 100644
--- a/configs/ConfigRegressionProfileS.cmake
+++ b/configs/ConfigRegressionProfileS.cmake
@@ -86,6 +86,7 @@ set(TFM_CRYPTO_TEST_ALG_CFB OFF)
set(TFM_CRYPTO_TEST_ALG_CTR OFF)
set(TFM_CRYPTO_TEST_ALG_GCM OFF)
set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF)
+set(TFM_CRYPTO_TEST_HKDF OFF)
# Include platform specific profile configuration extension file if it is
# provided via argument TFM_PROFILE_CONFIG_EXT in command line.
diff --git a/test/suites/crypto/CMakeLists.inc b/test/suites/crypto/CMakeLists.inc
index 20f7ca61a..7faed46e3 100644
--- a/test/suites/crypto/CMakeLists.inc
+++ b/test/suites/crypto/CMakeLists.inc
@@ -51,6 +51,9 @@ elseif (ENABLE_CRYPTO_SERVICE_TESTS)
if (NOT DEFINED TFM_CRYPTO_TEST_ALG_SHA_512)
set(TFM_CRYPTO_TEST_ALG_SHA_512 ON)
endif()
+ if (NOT DEFINED TFM_CRYPTO_TEST_HKDF)
+ set(TFM_CRYPTO_TEST_HKDF ON)
+ endif()
if (TFM_CRYPTO_TEST_ALG_CBC)
add_definitions(-DTFM_CRYPTO_TEST_ALG_CBC)
@@ -70,6 +73,9 @@ elseif (ENABLE_CRYPTO_SERVICE_TESTS)
if (TFM_CRYPTO_TEST_ALG_SHA_512)
add_definitions(-DTFM_CRYPTO_TEST_ALG_SHA_512)
endif()
+ if (TFM_CRYPTO_TEST_HKDF)
+ add_definitions(-DTFM_CRYPTO_TEST_HKDF)
+ endif()
#Setting include directories
embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
diff --git a/test/suites/crypto/crypto_tests_common.c b/test/suites/crypto/crypto_tests_common.c
index 14fffc099..edbca4d04 100644
--- a/test/suites/crypto/crypto_tests_common.c
+++ b/test/suites/crypto/crypto_tests_common.c
@@ -1046,3 +1046,142 @@ void psa_persistent_key_test(psa_key_id_t key_id, struct test_result_t *ret)
ret->val = TEST_PASSED;
}
+
+#define KEY_DERIVE_OUTPUT_LEN 32
+#define KEY_DERIV_SECRET_LEN 16
+#define KEY_DERIV_LABEL_INFO_LEN 8
+#define KEY_DERIV_SEED_SALT_LEN 8
+
+static uint8_t key_deriv_secret[KEY_DERIV_SECRET_LEN];
+static uint8_t key_deriv_label_info[KEY_DERIV_LABEL_INFO_LEN];
+static uint8_t key_deriv_seed_salt[KEY_DERIV_SEED_SALT_LEN];
+
+void psa_key_derivation_test(psa_algorithm_t deriv_alg,
+ struct test_result_t *ret)
+{
+ psa_key_handle_t input_handle = 0, output_handle = 0;
+ psa_key_attributes_t input_key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t output_key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t deriv_ops;
+ psa_status_t status;
+ uint8_t counter = 0xA5;
+
+ /* Prepare the parameters */
+#if DOMAIN_NS == 1U
+ memset(key_deriv_secret, counter, KEY_DERIV_SECRET_LEN);
+ memset(key_deriv_label_info, counter++, KEY_DERIV_LABEL_INFO_LEN);
+ memset(key_deriv_seed_salt, counter++, KEY_DERIV_SEED_SALT_LEN);
+#else
+ tfm_memset(key_deriv_secret, counter, KEY_DERIV_SECRET_LEN);
+ tfm_memset(key_deriv_label_info, counter++, KEY_DERIV_LABEL_INFO_LEN);
+ tfm_memset(key_deriv_seed_salt, counter++, KEY_DERIV_SEED_SALT_LEN);
+#endif
+
+ deriv_ops = psa_key_derivation_operation_init();
+
+ psa_set_key_usage_flags(&input_key_attr, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&input_key_attr, deriv_alg);
+ psa_set_key_type(&input_key_attr, PSA_KEY_TYPE_DERIVE);
+
+ /* Force to use HMAC-SHA256 as HMAC operation so far */
+ status = psa_import_key(&input_key_attr, key_deriv_secret,
+ KEY_DERIV_SECRET_LEN, &input_handle);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to import secret");
+ return;
+ }
+
+ status = psa_key_derivation_setup(&deriv_ops, deriv_alg);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to setup derivation operation");
+ goto destroy_key;
+ }
+
+ if (PSA_ALG_IS_TLS12_PRF(deriv_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(deriv_alg)) {
+ status = psa_key_derivation_input_bytes(&deriv_ops,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ key_deriv_seed_salt,
+ KEY_DERIV_SEED_SALT_LEN);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to input seed");
+ goto deriv_abort;
+ }
+
+ status = psa_key_derivation_input_key(&deriv_ops,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ input_handle);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to input key");
+ goto deriv_abort;
+ }
+
+ status = psa_key_derivation_input_bytes(&deriv_ops,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ key_deriv_label_info,
+ KEY_DERIV_LABEL_INFO_LEN);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to input label");
+ goto deriv_abort;
+ }
+ } else if (PSA_ALG_IS_HKDF(deriv_alg)) {
+ status = psa_key_derivation_input_bytes(&deriv_ops,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ key_deriv_seed_salt,
+ KEY_DERIV_SEED_SALT_LEN);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to input salt");
+ goto deriv_abort;
+ }
+
+ status = psa_key_derivation_input_key(&deriv_ops,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ input_handle);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to input key");
+ goto deriv_abort;
+ }
+
+ status = psa_key_derivation_input_bytes(&deriv_ops,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ key_deriv_label_info,
+ KEY_DERIV_LABEL_INFO_LEN);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to input info");
+ goto deriv_abort;
+ }
+ } else {
+ TEST_FAIL("Unsupported derivation algorithm");
+ goto deriv_abort;
+ }
+
+ if (NR_TEST_AES_MODE < 1) {
+ TEST_LOG("No AES algorithm to verify. Output raw data instead");
+ psa_set_key_type(&output_key_attr, PSA_KEY_TYPE_RAW_DATA);
+ } else {
+ psa_set_key_usage_flags(&output_key_attr, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&output_key_attr, test_aes_mode_array[0]);
+ psa_set_key_type(&output_key_attr, PSA_KEY_TYPE_AES);
+ }
+ psa_set_key_bits(&output_key_attr,
+ PSA_BYTES_TO_BITS(KEY_DERIVE_OUTPUT_LEN));
+
+ status = psa_key_derivation_output_key(&output_key_attr, &deriv_ops,
+ &output_handle);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Failed to output key");
+ goto deriv_abort;
+ }
+
+ ret->val = TEST_PASSED;
+
+deriv_abort:
+ psa_key_derivation_abort(&deriv_ops);
+destroy_key:
+ psa_destroy_key(input_handle);
+ if (output_handle) {
+ psa_destroy_key(output_handle);
+ }
+
+ return;
+}
diff --git a/test/suites/crypto/crypto_tests_common.h b/test/suites/crypto/crypto_tests_common.h
index a9e012f62..67e6a33ce 100644
--- a/test/suites/crypto/crypto_tests_common.h
+++ b/test/suites/crypto/crypto_tests_common.h
@@ -179,6 +179,15 @@ void psa_policy_invalid_policy_usage_test(struct test_result_t *ret);
*/
void psa_persistent_key_test(psa_key_id_t key_id, struct test_result_t *ret);
+/**
+ * \brief Key derivation test
+ *
+ * \param[in] deriv_alg Key derivation algorithm
+ * \param[out] ret Test result
+ */
+void psa_key_derivation_test(psa_algorithm_t deriv_alg,
+ struct test_result_t *ret);
+
#ifdef __cplusplus
}
#endif
diff --git a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
index dcd3a6c88..22a0c9d37 100644
--- a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
+++ b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
@@ -51,6 +51,11 @@ static void tfm_crypto_test_6034(struct test_result_t *ret);
#ifdef TFM_CRYPTO_TEST_ALG_CCM
static void tfm_crypto_test_6035(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_CCM */
+static void tfm_crypto_test_6036(struct test_result_t *ret);
+static void tfm_crypto_test_6037(struct test_result_t *ret);
+#ifdef TFM_CRYPTO_TEST_HKDF
+static void tfm_crypto_test_6038(struct test_result_t *ret);
+#endif /* TFM_CRYPTO_TEST_HKDF */
static struct test_t crypto_tests[] = {
{&tfm_crypto_test_6001, "TFM_CRYPTO_TEST_6001",
@@ -118,6 +123,14 @@ static struct test_t crypto_tests[] = {
"Non Secure AEAD interface with truncated auth tag (AES-128-CCM-8)",
{TEST_PASSED} },
#endif /* TFM_CRYPTO_TEST_ALG_CCM */
+ {&tfm_crypto_test_6036, "TFM_CRYPTO_TEST_6036",
+ "Non Secure TLS 1.2 PRF key derivation", {TEST_PASSED} },
+ {&tfm_crypto_test_6037, "TFM_CRYPTO_TEST_6037",
+ "Non Secure TLS-1.2 PSK-to-MasterSecret key derivation", {TEST_PASSED} },
+#ifdef TFM_CRYPTO_TEST_HKDF
+ {&tfm_crypto_test_6038, "TFM_CRYPTO_TEST_6038",
+ "Non Secure HKDF key derivation", {TEST_PASSED} },
+#endif /* TFM_CRYPTO_TEST_HKDF */
};
void register_testsuite_ns_crypto_interface(struct test_suite_t *p_test_suite)
@@ -275,3 +288,20 @@ static void tfm_crypto_test_6035(struct test_result_t *ret)
psa_aead_test(PSA_KEY_TYPE_AES, alg, ret);
}
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
+
+static void tfm_crypto_test_6036(struct test_result_t *ret)
+{
+ psa_key_derivation_test(PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256), ret);
+}
+
+static void tfm_crypto_test_6037(struct test_result_t *ret)
+{
+ psa_key_derivation_test(PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256), ret);
+}
+
+#ifdef TFM_CRYPTO_TEST_HKDF
+static void tfm_crypto_test_6038(struct test_result_t *ret)
+{
+ psa_key_derivation_test(PSA_ALG_HKDF(PSA_ALG_SHA_256), ret);
+}
+#endif /* TFM_CRYPTO_TEST_HKDF */
diff --git a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
index 7e6eeaacf..bd314e0f8 100644
--- a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
+++ b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
@@ -53,6 +53,11 @@ static void tfm_crypto_test_5035(struct test_result_t *ret);
#ifdef TFM_CRYPTO_TEST_ALG_CCM
static void tfm_crypto_test_5036(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_CCM */
+static void tfm_crypto_test_5037(struct test_result_t *ret);
+static void tfm_crypto_test_5038(struct test_result_t *ret);
+#ifdef TFM_CRYPTO_TEST_HKDF
+static void tfm_crypto_test_5039(struct test_result_t *ret);
+#endif /* TFM_CRYPTO_TEST_HKDF */
static struct test_t crypto_tests[] = {
{&tfm_crypto_test_5001, "TFM_CRYPTO_TEST_5001",
@@ -122,6 +127,14 @@ static struct test_t crypto_tests[] = {
"Secure AEAD interface with truncated auth tag (AES-128-CCM-8)",
{TEST_PASSED} },
#endif /* TFM_CRYPTO_TEST_ALG_CCM */
+ {&tfm_crypto_test_5037, "TFM_CRYPTO_TEST_5037",
+ "Secure TLS 1.2 PRF key derivation", {TEST_PASSED} },
+ {&tfm_crypto_test_5038, "TFM_CRYPTO_TEST_5038",
+ "Secure TLS-1.2 PSK-to-MasterSecret key derivation", {TEST_PASSED} },
+#ifdef TFM_CRYPTO_TEST_HKDF
+ {&tfm_crypto_test_5039, "TFM_CRYPTO_TEST_5039",
+ "Secure HKDF key derivation", {TEST_PASSED} },
+#endif /* TFM_CRYPTO_TEST_HKDF */
};
void register_testsuite_s_crypto_interface(struct test_suite_t *p_test_suite)
@@ -319,3 +332,20 @@ static void tfm_crypto_test_5036(struct test_result_t *ret)
psa_aead_test(PSA_KEY_TYPE_AES, alg, ret);
}
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
+
+static void tfm_crypto_test_5037(struct test_result_t *ret)
+{
+ psa_key_derivation_test(PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256), ret);
+}
+
+static void tfm_crypto_test_5038(struct test_result_t *ret)
+{
+ psa_key_derivation_test(PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256), ret);
+}
+
+#ifdef TFM_CRYPTO_TEST_HKDF
+static void tfm_crypto_test_5039(struct test_result_t *ret)
+{
+ psa_key_derivation_test(PSA_ALG_HKDF(PSA_ALG_SHA_256), ret);
+}
+#endif /* TFM_CRYPTO_TEST_HKDF */