aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2020-01-22 14:31:04 +0800
committerDavid Hu <david.hu@arm.com>2020-06-22 02:33:00 +0000
commit3b49ce71f346dceb3e09eb07435aeab56aebb7b7 (patch)
treef156291ed01399663e8dd79f286b7e31de352579
parentb835f4d199c808265895bb39a32e630c05be8db4 (diff)
downloadtrusted-firmware-m-3b49ce71f346dceb3e09eb07435aeab56aebb7b7.tar.gz
Test: Add test of symmetric Initial Attestation
Add test cases in secure side and non-secure side respectively to test symmetric key algorithm based Initial Attestation. Enable Initial Attestation and symmetric key algorithm based Initial Attestation in TF-M Profile Small Regression test config. Change-Id: I74cd79712bd6dc679dcdbb49d1ffe02320cb0e13 Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r--configs/ConfigRegressionProfileS.cmake10
-rw-r--r--test/suites/attestation/CMakeLists.inc28
-rw-r--r--test/suites/attestation/attest_token_test.c20
-rw-r--r--test/suites/attestation/attest_token_test.h21
-rw-r--r--test/suites/attestation/non_secure/symmetric_attest_ns_interface_testsuite.c52
-rw-r--r--test/suites/attestation/secure/symmetric_attest_s_interface_testsuite.c53
6 files changed, 172 insertions, 12 deletions
diff --git a/configs/ConfigRegressionProfileS.cmake b/configs/ConfigRegressionProfileS.cmake
index 324ebb22d..84576720c 100644
--- a/configs/ConfigRegressionProfileS.cmake
+++ b/configs/ConfigRegressionProfileS.cmake
@@ -66,8 +66,14 @@ set(TFM_PARTITION_PLATFORM OFF)
# Disable Protected Storage service
set(TFM_PARTITION_PROTECTED_STORAGE OFF)
-# Disable Initial Attestation service temporarily
-set(TFM_PARTITION_INITIAL_ATTESTATION OFF)
+# Enable Initial Attestation service
+set(TFM_PARTITION_INITIAL_ATTESTATION ON)
+# Enable symmetric key algorithm based attestation
+set(SYMMETRIC_INITIAL_ATTESTATION ON)
+# Disable QCBOR test cases to save memory
+set(ENABLE_QCBOR_TESTS OFF)
+# Disable t_cose test cases to save memory
+set(ENABLE_T_COSE_TESTS OFF)
# Configure the test cases
set(REGRESSION True)
diff --git a/test/suites/attestation/CMakeLists.inc b/test/suites/attestation/CMakeLists.inc
index f761640e5..1a739f2a9 100644
--- a/test/suites/attestation/CMakeLists.inc
+++ b/test/suites/attestation/CMakeLists.inc
@@ -36,23 +36,39 @@ if (NOT DEFINED ENABLE_ATTESTATION_SERVICE_TESTS)
message(FATAL_ERROR "Incomplete build configuration: ENABLE_ATTESTATION_SERVICE_TESTS is undefined. ")
elseif(ENABLE_ATTESTATION_SERVICE_TESTS)
list(APPEND ATTEST_TEST_SRC_S
- "${ATTESTATION_TEST_DIR}/secure/attestation_s_interface_testsuite.c"
"${ATTESTATION_TEST_DIR}/attest_token_test.c"
"${ATTESTATION_TEST_DIR}/attest_token_decode_common.c"
- "${ATTESTATION_TEST_DIR}/attest_token_decode.c"
- "${ATTESTATION_TEST_DIR}/attest_public_key.c"
"${TFM_ROOT_DIR}/lib/ext/qcbor/util/qcbor_util.c"
)
list(APPEND ATTEST_TEST_SRC_NS
- "${ATTESTATION_TEST_DIR}/non_secure/attestation_ns_interface_testsuite.c"
"${ATTESTATION_TEST_DIR}/attest_token_test.c"
"${ATTESTATION_TEST_DIR}/attest_token_decode_common.c"
- "${ATTESTATION_TEST_DIR}/attest_token_decode.c"
- "${ATTESTATION_TEST_DIR}/attest_public_key.c"
"${TFM_ROOT_DIR}/lib/ext/qcbor/util/qcbor_util.c"
)
+ if (SYMMETRIC_INITIAL_ATTESTATION)
+ list(APPEND ATTEST_TEST_SRC_S
+ "${ATTESTATION_TEST_DIR}/secure/symmetric_attest_s_interface_testsuite.c"
+ "${ATTESTATION_TEST_DIR}/attest_symmetric_iat_decode.c"
+ )
+ list(APPEND ATTEST_TEST_SRC_NS
+ "${ATTESTATION_TEST_DIR}/non_secure/symmetric_attest_ns_interface_testsuite.c"
+ "${ATTESTATION_TEST_DIR}/attest_symmetric_iat_decode.c"
+ )
+ else()
+ list(APPEND ATTEST_TEST_SRC_S
+ "${ATTESTATION_TEST_DIR}/secure/attestation_s_interface_testsuite.c"
+ "${ATTESTATION_TEST_DIR}/attest_public_key.c"
+ "${ATTESTATION_TEST_DIR}/attest_token_decode.c"
+ )
+ list(APPEND ATTEST_TEST_SRC_NS
+ "${ATTESTATION_TEST_DIR}/non_secure/attestation_ns_interface_testsuite.c"
+ "${ATTESTATION_TEST_DIR}/attest_public_key.c"
+ "${ATTESTATION_TEST_DIR}/attest_token_decode.c"
+ )
+ endif()
+
if (ATTEST_INCLUDE_TEST_CODE)
set_property(SOURCE ${ATTEST_TEST_SRC_S} APPEND PROPERTY COMPILE_DEFINITIONS INCLUDE_TEST_CODE)
set_property(SOURCE ${ATTEST_TEST_SRC_NS} APPEND PROPERTY COMPILE_DEFINITIONS INCLUDE_TEST_CODE)
diff --git a/test/suites/attestation/attest_token_test.c b/test/suites/attestation/attest_token_test.c
index cb71aaa19..0d3aeace3 100644
--- a/test/suites/attestation/attest_token_test.c
+++ b/test/suites/attestation/attest_token_test.c
@@ -88,6 +88,7 @@ int token_main_alt(uint32_t option_flags,
return 0;
}
+#ifndef SYMMETRIC_INITIAL_ATTESTATION
#ifdef INCLUDE_TEST_CODE /* Remove them from release build */
/**
* This is the expected output for the minimal test. It is the result
@@ -238,6 +239,7 @@ int_fast16_t buffer_too_small_test()
return return_value;
}
#endif /* INCLUDE_TEST_CODE */
+#endif /* !SYMMETRIC_INITIAL_ATTESTATION */
/**
@@ -777,7 +779,6 @@ Done:
return return_value;
}
-
/**
* Modes for decode_test_internal()
*/
@@ -785,7 +786,9 @@ enum decode_test_mode_t {
/** See documentation for decode_test_short_circuit_sig() */
SHORT_CIRCUIT_SIGN,
/** See documentation for decode_test_normal_sig() */
- NORMAL_SIGN
+ NORMAL_SIGN,
+ /** See documentation for decode_test_symmetric_initial_attest() */
+ COSE_MAC0
};
/**
@@ -822,6 +825,11 @@ static int_fast16_t decode_test_internal(enum decode_test_mode_t mode)
token_decode_options = 0;
break;
+ case COSE_MAC0:
+ token_encode_options = 0;
+ token_decode_options = 0;
+ break;
+
default:
return_value = -1000;
goto Done;
@@ -912,7 +920,12 @@ Done:
return return_value;
}
-
+#ifdef SYMMETRIC_INITIAL_ATTESTATION
+int_fast16_t decode_test_symmetric_initial_attest(void)
+{
+ return decode_test_internal(COSE_MAC0);
+}
+#else /* SYMMETRIC_INITIAL_ATTESTATION */
/*
* Public function. See token_test.h
*/
@@ -929,3 +942,4 @@ int_fast16_t decode_test_normal_sig(void)
{
return decode_test_internal(NORMAL_SIGN);
}
+#endif /* SYMMETRIC_INITIAL_ATTESTATION */
diff --git a/test/suites/attestation/attest_token_test.h b/test/suites/attestation/attest_token_test.h
index 4c66dc53c..8bf022d62 100644
--- a/test/suites/attestation/attest_token_test.h
+++ b/test/suites/attestation/attest_token_test.h
@@ -59,7 +59,25 @@ int_fast16_t minimal_get_size_test(void);
*/
int_fast16_t buffer_too_small_test(void);
-
+#ifdef SYMMETRIC_INITIAL_ATTESTATION
+/**
+ * \brief Test by checking token generated by symmetric key algorithms based
+ * Initial Attestation.
+ *
+ * \return non-zero on failure.
+ *
+ * This is an extensive test that can compare the values in the token
+ * to expected valued compiled into the test app from
+ * token_test_values.h. All the values represented in \ref
+ * attest_token_iat_simple_t and in \ref attest_token_sw_component_t
+ * are checked.
+ *
+ * The generated token will be decoded.
+ * The tag in COSE_Mac0 structure will be verified in secure side when
+ * INCLUDE_TEST_CODE is enabled.
+ */
+int_fast16_t decode_test_symmetric_initial_attest(void);
+#else /* SYMMETRIC_INITIAL_ATTESTATION */
/**
* \brief Test by checking signed values of claims.
*
@@ -98,6 +116,7 @@ int_fast16_t decode_test_normal_sig(void);
* any keys configured.
*/
int_fast16_t decode_test_short_circuit_sig(void);
+#endif /* SYMMETRIC_INITIAL_ATTESTATION */
#ifdef __cplusplus
}
diff --git a/test/suites/attestation/non_secure/symmetric_attest_ns_interface_testsuite.c b/test/suites/attestation/non_secure/symmetric_attest_ns_interface_testsuite.c
new file mode 100644
index 000000000..cd208c6d0
--- /dev/null
+++ b/test/suites/attestation/non_secure/symmetric_attest_ns_interface_testsuite.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "attestation_ns_tests.h"
+#include "psa/initial_attestation.h"
+#include "secure_fw/partitions/initial_attestation/attestation.h"
+#include "../attestation_tests_common.h"
+#include "../attest_token_test_values.h"
+#include "../attest_token_test.h"
+
+/* Define test suite for attestation service tests */
+/* List of tests */
+static void tfm_attest_test_2001(struct test_result_t *ret);
+
+static struct test_t attestation_interface_tests[] = {
+ {&tfm_attest_test_2001, "TFM_ATTEST_TEST_2001",
+ "Symmetric key algorithm based Initial Attestation test", {0} },
+};
+
+void
+register_testsuite_ns_attestation_interface(struct test_suite_t *p_test_suite)
+{
+ uint32_t list_size;
+
+ list_size = (sizeof(attestation_interface_tests) /
+ sizeof(attestation_interface_tests[0]));
+
+ set_testsuite("Symmetric key algorithm based Initial Attestation Service "
+ "non-secure interface tests (TFM_ATTEST_TEST_2XXX)",
+ attestation_interface_tests, list_size, p_test_suite);
+}
+
+/*!
+ * \brief Get an IAT with symmetric key algorithm based Initial Attestation.
+ */
+static void tfm_attest_test_2001(struct test_result_t *ret)
+{
+ int32_t err;
+
+ err = decode_test_symmetric_initial_attest();
+ if (err != 0) {
+ TEST_LOG("tfm_attest_test_2001() returned: %d\r\n", err);
+ TEST_FAIL("Attest token tfm_attest_test_2001() has failed");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
diff --git a/test/suites/attestation/secure/symmetric_attest_s_interface_testsuite.c b/test/suites/attestation/secure/symmetric_attest_s_interface_testsuite.c
new file mode 100644
index 000000000..43f0419a6
--- /dev/null
+++ b/test/suites/attestation/secure/symmetric_attest_s_interface_testsuite.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "attestation_s_tests.h"
+#include "psa/initial_attestation.h"
+#include "secure_fw/partitions/initial_attestation/attestation.h"
+#include "../attestation_tests_common.h"
+#include "../attest_token_test_values.h"
+#include "../attest_token_test.h"
+
+/* Define test suite for attestation service tests */
+/* List of tests */
+static void tfm_attest_test_1001(struct test_result_t *ret);
+
+
+static struct test_t attestation_interface_tests[] = {
+ {&tfm_attest_test_1001, "TFM_ATTEST_TEST_1001",
+ "Symmetric key algorithm based Initial Attestation test", {0} },
+};
+
+void
+register_testsuite_s_attestation_interface(struct test_suite_t *p_test_suite)
+{
+ uint32_t list_size;
+
+ list_size = (sizeof(attestation_interface_tests) /
+ sizeof(attestation_interface_tests[0]));
+
+ set_testsuite("Symmetric key algorithm based Initial Attestation Service "
+ "secure interface tests (TFM_ATTEST_TEST_1XXX)",
+ attestation_interface_tests, list_size, p_test_suite);
+}
+
+/*!
+ * \brief Get an IAT with symmetric key algorithm based Initial Attestation.
+ */
+static void tfm_attest_test_1001(struct test_result_t *ret)
+{
+ int32_t err;
+
+ err = decode_test_symmetric_initial_attest();
+ if (err != 0) {
+ TEST_LOG("tfm_attest_test_1001() returned: %d\r\n", err);
+ TEST_FAIL("Attest token tfm_attest_test_1001() has failed");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}