TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 3e143ee5c318f75527bac5b39af8a6ef15dedce7 / . / host / xtest / xtest_4000.c
blob: ed624486f1305c4db72a59e46b990d9ad69ce8ba [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, STMicroelectronics International N.V.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13
14#include <stdio.h>
15#include <string.h>
16#include <inttypes.h>
17#include <malloc.h>
18
19#include "xtest_test.h"
20#include "xtest_helpers.h"
21
22#include <tee_api_types.h>
23#include <ta_crypt.h>
24#include <utee_defines.h>
25#include <util.h>
26
27#include <xtest_4000_data.h>
28
29#include <assert.h>
30
31static void xtest_tee_test_4001(ADBG_Case_t *Case_p);
32static void xtest_tee_test_4002(ADBG_Case_t *Case_p);
33static void xtest_tee_test_4003_no_xts(ADBG_Case_t *Case_p);
34static void xtest_tee_test_4003_xts(ADBG_Case_t *Case_p);
35static void xtest_tee_test_4004(ADBG_Case_t *Case_p);
36static void xtest_tee_test_4005(ADBG_Case_t *Case_p);
37static void xtest_tee_test_4006(ADBG_Case_t *Case_p);
38static void xtest_tee_test_4007(ADBG_Case_t *Case_p);
39static void xtest_tee_test_4008(ADBG_Case_t *Case_p);
40
41ADBG_CASE_DEFINE(XTEST_TEE_4001, xtest_tee_test_4001,
42 /* Title */
43 "Test TEE Internal API hash operations",
44 /* Short description */
45 "Short description ...",
46 /* Requirement IDs */
47 "TEE-??",
48 /* How to implement */
49 "Description of how to implement ..."
50 );
51
52ADBG_CASE_DEFINE(XTEST_TEE_4002, xtest_tee_test_4002,
53 /* Title */
54 "Test TEE Internal API MAC operations",
55 /* Short description */
56 "Short description ...",
57 /* Requirement IDs */
58 "TEE-??",
59 /* How to implement */
60 "Description of how to implement ..."
61 );
62
63ADBG_CASE_DEFINE(XTEST_TEE_4003_NO_XTS, xtest_tee_test_4003_no_xts,
64 /* Title */
65 "Test TEE Internal API cipher operations without AES XTS",
66 /* Short description */
67 "Short description ...",
68 /* Requirement IDs */
69 "TEE-??",
70 /* How to implement */
71 "Description of how to implement ..."
72 );
73
74ADBG_CASE_DEFINE(XTEST_TEE_4003_XTS, xtest_tee_test_4003_xts,
75 /* Title */
76 "Test TEE Internal API cipher operations for AES XTS",
77 /* Short description */
78 "Short description ...",
79 /* Requirement IDs */
80 "TEE-??",
81 /* How to implement */
82 "Description of how to implement ..."
83 );
84
85ADBG_CASE_DEFINE(XTEST_TEE_4004, xtest_tee_test_4004,
86 /* Title */
87 "Test TEE Internal API get random",
88 /* Short description */
89 "Short description ...",
90 /* Requirement IDs */
91 "TEE-??",
92 /* How to implement */
93 "Description of how to implement ..."
94 );
95
96ADBG_CASE_DEFINE(XTEST_TEE_4005, xtest_tee_test_4005,
97 /* Title */
98 "Test TEE Internal API Authenticated Encryption operations",
99 /* Short description */
100 "Short description ...",
101 /* Requirement IDs */
102 "TEE-??",
103 /* How to implement */
104 "Description of how to implement ..."
105 );
106
107ADBG_CASE_DEFINE(XTEST_TEE_4006, xtest_tee_test_4006,
108 /* Title */
109 "Test TEE Internal API Asymmetric Cipher operations",
110 /* Short description */
111 "Short description ...",
112 /* Requirement IDs */
113 "TEE-??",
114 /* How to implement */
115 "Description of how to implement ..."
116 );
117
118ADBG_CASE_DEFINE(XTEST_TEE_4007, xtest_tee_test_4007,
119 /* Title */
120 "Test TEE Internal API Generate key",
121 /* Short description */
122 "Short description ...",
123 /* Requirement IDs */
124 "TEE-??",
125 /* How to implement */
126 "Description of how to implement ..."
127 );
128
129ADBG_CASE_DEFINE(XTEST_TEE_4008, xtest_tee_test_4008,
130 /* Title */
131 "Test TEE Internal API Derive key",
132 /* Short description */
133 "Short description ...",
134 /* Requirement IDs */
135 "TEE-??",
136 /* How to implement */
137 "Description of how to implement ..."
138 );
139
140static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
141 TEEC_Session *s,
142 void *buf, size_t blen);
143
144static TEEC_Result ta_crypt_cmd_reset_operation(ADBG_Case_t *c, TEEC_Session *s,
145 TEE_OperationHandle oph)
146{
147 TEEC_Result res;
148 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
149 uint32_t ret_orig;
150
151 assert((uintptr_t)oph <= UINT32_MAX);
152 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
153 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
154 TEEC_NONE);
155 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RESET_OPERATION, &op,
156 &ret_orig);
157 if (res != TEEC_SUCCESS) {
158 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
159 ret_orig);
160 }
161 return res;
162}
163
164static TEEC_Result ta_crypt_cmd_copy_operation(ADBG_Case_t *c,
165 TEEC_Session *s,
166 TEE_OperationHandle dst_oph,
167 TEE_OperationHandle src_oph)
168{
169 TEEC_Result res;
170 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
171 uint32_t ret_orig;
172
173 assert((uintptr_t)dst_oph <= UINT32_MAX);
174 op.params[0].value.a = (uint32_t)(uintptr_t)dst_oph;
175
176 assert((uintptr_t)src_oph <= UINT32_MAX);
177 op.params[0].value.b = (uint32_t)(uintptr_t)src_oph;
178 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
179 TEEC_NONE);
180
181 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_COPY_OPERATION, &op,
182 &ret_orig);
183
184 if (res != TEEC_SUCCESS) {
185 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
186 ret_orig);
187 }
188 return res;
189}
190
191static TEEC_Result ta_crypt_cmd_digest_update(ADBG_Case_t *c, TEEC_Session *s,
192 TEE_OperationHandle oph,
193 const void *chunk,
194 size_t chunk_size)
195{
196 TEEC_Result res;
197 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
198 uint32_t ret_orig;
199
200 assert((uintptr_t)oph <= UINT32_MAX);
201 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
202 op.params[1].tmpref.buffer = (void *)chunk;
203 op.params[1].tmpref.size = chunk_size;
204
205 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
206 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
207 TEEC_NONE);
208
209 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_UPDATE, &op, &ret_orig);
210
211 if (res != TEEC_SUCCESS) {
212 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
213 ret_orig);
214 }
215
216 return res;
217}
218
219static TEEC_Result ta_crypt_cmd_digest_do_final(ADBG_Case_t *c, TEEC_Session *s,
220 TEE_OperationHandle oph,
221 const void *chunk,
222 size_t chunk_len, void *hash,
223 size_t *hash_len)
224{
225 TEEC_Result res;
226 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
227 uint32_t ret_orig;
228
229 assert((uintptr_t)oph <= UINT32_MAX);
230 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
231
232 op.params[1].tmpref.buffer = (void *)chunk;
233 op.params[1].tmpref.size = chunk_len;
234
235 op.params[2].tmpref.buffer = (void *)hash;
236 op.params[2].tmpref.size = *hash_len;
237
238 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
239 TEEC_MEMREF_TEMP_INPUT,
240 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
241
242 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_DO_FINAL, &op,
243 &ret_orig);
244
245 if (res != TEEC_SUCCESS) {
246 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
247 ret_orig);
248 }
249
250 if (res == TEEC_SUCCESS)
251 *hash_len = op.params[2].tmpref.size;
252
253 return res;
254}
255
256static TEE_Result ta_crypt_cmd_set_operation_key2(ADBG_Case_t *c,
257 TEEC_Session *s,
258 TEE_OperationHandle oph,
259 TEE_ObjectHandle key1,
260 TEE_ObjectHandle key2)
261{
262 TEEC_Result res;
263 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
264 uint32_t ret_orig;
265
266 assert((uintptr_t)oph <= UINT32_MAX);
267 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
268
269 assert((uintptr_t)key1 <= UINT32_MAX);
270 op.params[0].value.b = (uint32_t)(uintptr_t)key1;
271
272 assert((uintptr_t)key2 <= UINT32_MAX);
273 op.params[1].value.a = (uint32_t)(uintptr_t)key2;
274 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_INPUT,
275 TEEC_NONE, TEEC_NONE);
276
277 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_SET_OPERATION_KEY2, &op,
278 &ret_orig);
279
280 if (res != TEEC_SUCCESS) {
281 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
282 ret_orig);
283 }
284
285 return res;
286}
287
288static TEEC_Result ta_crypt_cmd_mac_init(ADBG_Case_t *c, TEEC_Session *s,
289 TEE_OperationHandle oph,
290 const void *iv, size_t iv_len)
291{
292 TEEC_Result res;
293 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
294 uint32_t ret_orig;
295
296 assert((uintptr_t)oph <= UINT32_MAX);
297 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
298
299 if (iv != NULL) {
300 op.params[1].tmpref.buffer = (void *)iv;
301 op.params[1].tmpref.size = iv_len;
302 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
303 TEEC_MEMREF_TEMP_INPUT,
304 TEEC_NONE, TEEC_NONE);
305 } else {
306 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
307 TEEC_NONE, TEEC_NONE);
308 }
309
310 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_INIT, &op, &ret_orig);
311
312 if (res != TEEC_SUCCESS) {
313 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
314 ret_orig);
315 }
316
317 return res;
318}
319
320static TEEC_Result ta_crypt_cmd_mac_update(ADBG_Case_t *c, TEEC_Session *s,
321 TEE_OperationHandle oph,
322 const void *chunk, size_t chunk_size)
323{
324 TEEC_Result res;
325 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
326 uint32_t ret_orig;
327
328 assert((uintptr_t)oph <= UINT32_MAX);
329 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
330
331 op.params[1].tmpref.buffer = (void *)chunk;
332 op.params[1].tmpref.size = chunk_size;
333
334 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
335 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
336 TEEC_NONE);
337
338 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_UPDATE, &op, &ret_orig);
339
340 if (res != TEEC_SUCCESS) {
341 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
342 ret_orig);
343 }
344
345 return res;
346}
347
348static TEEC_Result ta_crypt_cmd_mac_final_compute(ADBG_Case_t *c,
349 TEEC_Session *s,
350 TEE_OperationHandle oph,
351 const void *chunk,
352 size_t chunk_len,
353 void *hash,
354 size_t *hash_len)
355{
356 TEEC_Result res;
357 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
358 uint32_t ret_orig;
359
360 assert((uintptr_t)oph <= UINT32_MAX);
361 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
362
363 op.params[1].tmpref.buffer = (void *)chunk;
364 op.params[1].tmpref.size = chunk_len;
365
366 op.params[2].tmpref.buffer = (void *)hash;
367 op.params[2].tmpref.size = *hash_len;
368
369 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
370 TEEC_MEMREF_TEMP_INPUT,
371 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
372
373 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_FINAL_COMPUTE, &op,
374 &ret_orig);
375
376 if (res != TEEC_SUCCESS) {
377 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
378 ret_orig);
379 }
380
381 if (res == TEEC_SUCCESS)
382 *hash_len = op.params[2].tmpref.size;
383
384 return res;
385}
386
387static TEEC_Result ta_crypt_cmd_cipher_init(ADBG_Case_t *c, TEEC_Session *s,
388 TEE_OperationHandle oph,
389 const void *iv, size_t iv_len)
390{
391 TEEC_Result res;
392 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
393 uint32_t ret_orig;
394
395 assert((uintptr_t)oph <= UINT32_MAX);
396 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
397
398 if (iv != NULL) {
399 op.params[1].tmpref.buffer = (void *)iv;
400 op.params[1].tmpref.size = iv_len;
401
402 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
403 TEEC_MEMREF_TEMP_INPUT,
404 TEEC_NONE, TEEC_NONE);
405 } else {
406 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
407 TEEC_NONE, TEEC_NONE);
408 }
409
410 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_INIT, &op, &ret_orig);
411
412 if (res != TEEC_SUCCESS) {
413 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
414 ret_orig);
415 }
416
417 return res;
418}
419
420static TEEC_Result ta_crypt_cmd_cipher_update(ADBG_Case_t *c, TEEC_Session *s,
421 TEE_OperationHandle oph,
422 const void *src, size_t src_len,
423 void *dst, size_t *dst_len)
424{
425 TEEC_Result res;
426 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
427 uint32_t ret_orig;
428
429 assert((uintptr_t)oph <= UINT32_MAX);
430 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
431
432 op.params[1].tmpref.buffer = (void *)src;
433 op.params[1].tmpref.size = src_len;
434
435 op.params[2].tmpref.buffer = dst;
436 op.params[2].tmpref.size = *dst_len;
437
438 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
439 TEEC_MEMREF_TEMP_INPUT,
440 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
441
442 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_UPDATE, &op, &ret_orig);
443
444 if (res != TEEC_SUCCESS) {
445 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
446 ret_orig);
447 }
448
449 if (res == TEEC_SUCCESS)
450 *dst_len = op.params[2].tmpref.size;
451
452 return res;
453}
454
455static TEEC_Result ta_crypt_cmd_cipher_do_final(ADBG_Case_t *c,
456 TEEC_Session *s,
457 TEE_OperationHandle oph,
458 const void *src,
459 size_t src_len,
460 void *dst,
461 size_t *dst_len)
462{
463 TEEC_Result res;
464 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
465 uint32_t ret_orig;
466
467 assert((uintptr_t)oph <= UINT32_MAX);
468 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
469
470 op.params[1].tmpref.buffer = (void *)src;
471 op.params[1].tmpref.size = src_len;
472
473 op.params[2].tmpref.buffer = (void *)dst;
474 op.params[2].tmpref.size = *dst_len;
475
476 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
477 TEEC_MEMREF_TEMP_INPUT,
478 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
479
480 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_DO_FINAL, &op,
481 &ret_orig);
482
483 if (res != TEEC_SUCCESS) {
484 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
485 ret_orig);
486 }
487
488 if (res == TEEC_SUCCESS)
489 *dst_len = op.params[2].tmpref.size;
490
491 return res;
492}
493
494static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
495 TEEC_Session *s,
496 void *buf,
497 size_t blen)
498{
499 TEEC_Result res;
500 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
501 uint32_t ret_orig;
502
503 op.params[0].tmpref.buffer = buf;
504 op.params[0].tmpref.size = blen;
505
506 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
507 TEEC_NONE, TEEC_NONE);
508
509 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RANDOM_NUMBER_GENEREATE, &op,
510 &ret_orig);
511
512 if (res != TEEC_SUCCESS) {
513 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
514 ret_orig);
515 }
516
517 (void)ADBG_EXPECT_COMPARE_UNSIGNED(c, blen, ==,
518 op.params[0].tmpref.size);
519 return res;
520}
521
522static TEEC_Result ta_crypt_cmd_ae_init(ADBG_Case_t *c, TEEC_Session *s,
523 TEE_OperationHandle oph,
524 const void *nonce, size_t nonce_len,
525 size_t tag_len, size_t aad_len,
526 size_t payload_len)
527{
528 TEEC_Result res;
529 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
530 uint32_t ret_orig;
531
532 assert((uintptr_t)oph <= UINT32_MAX);
533 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
534 op.params[0].value.b = tag_len;
535
536 op.params[1].tmpref.buffer = (void *)nonce;
537 op.params[1].tmpref.size = nonce_len;
538
539 op.params[2].value.a = aad_len;
540 op.params[2].value.b = payload_len;
541
542 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
543 TEEC_MEMREF_TEMP_INPUT,
Jens Wiklander74a42302015-07-07 01:08:41 +0200[diff] [blame]544 TEEC_VALUE_INPUT, TEEC_NONE);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]545
546 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_INIT, &op, &ret_orig);
547
548 if (res != TEEC_SUCCESS) {
549 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
550 ret_orig);
551 }
552 return res;
553}
554
555static TEEC_Result ta_crypt_cmd_ae_update_aad(ADBG_Case_t *c, TEEC_Session *s,
556 TEE_OperationHandle oph,
557 const void *aad, size_t aad_len)
558{
559 TEEC_Result res;
560 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
561 uint32_t ret_orig;
562
563 assert((uintptr_t)oph <= UINT32_MAX);
564 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
565
566 op.params[1].tmpref.buffer = (void *)aad;
567 op.params[1].tmpref.size = aad_len;
568
569 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
570 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
571 TEEC_NONE);
572
573 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE_AAD, &op, &ret_orig);
574
575 if (res != TEEC_SUCCESS) {
576 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
577 ret_orig);
578 }
579
580 return res;
581}
582
583static TEEC_Result ta_crypt_cmd_ae_update(ADBG_Case_t *c,
584 TEEC_Session *s,
585 TEE_OperationHandle oph,
586 const void *src,
587 size_t src_len,
588 void *dst,
589 size_t *dst_len)
590{
591 TEEC_Result res;
592 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
593 uint32_t ret_orig;
594
595 assert((uintptr_t)oph <= UINT32_MAX);
596 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
597
598 op.params[1].tmpref.buffer = (void *)src;
599 op.params[1].tmpref.size = src_len;
600
601 op.params[2].tmpref.buffer = (void *)dst;
602 op.params[2].tmpref.size = *dst_len;
603
604 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
605 TEEC_MEMREF_TEMP_INPUT,
606 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
607
608 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE, &op, &ret_orig);
609
610 if (res != TEEC_SUCCESS) {
611 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
612 ret_orig);
613 }
614
615 if (res == TEEC_SUCCESS)
616 *dst_len = op.params[2].tmpref.size;
617
618 return res;
619}
620
621static TEEC_Result ta_crypt_cmd_ae_encrypt_final(ADBG_Case_t *c,
622 TEEC_Session *s,
623 TEE_OperationHandle oph,
624 const void *src,
625 size_t src_len, void *dst,
626 size_t *dst_len, void *tag,
627 size_t *tag_len)
628{
629 TEEC_Result res;
630 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
631 uint32_t ret_orig;
632
633 assert((uintptr_t)oph <= UINT32_MAX);
634 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
635
636 op.params[1].tmpref.buffer = (void *)src;
637 op.params[1].tmpref.size = src_len;
638
639 op.params[2].tmpref.buffer = (void *)dst;
640 op.params[2].tmpref.size = *dst_len;
641
642 op.params[3].tmpref.buffer = (void *)tag;
643 op.params[3].tmpref.size = *tag_len;
644
645 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
646 TEEC_MEMREF_TEMP_INPUT,
647 TEEC_MEMREF_TEMP_OUTPUT,
648 TEEC_MEMREF_TEMP_OUTPUT);
649
650 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_ENCRYPT_FINAL, &op,
651 &ret_orig);
652
653 if (res != TEEC_SUCCESS) {
654 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
655 ret_orig);
656 }
657
658 if (res == TEEC_SUCCESS) {
659 *dst_len = op.params[2].tmpref.size;
660 *tag_len = op.params[3].tmpref.size;
661 }
662
663 return res;
664}
665
666static TEEC_Result ta_crypt_cmd_ae_decrypt_final(ADBG_Case_t *c,
667 TEEC_Session *s,
668 TEE_OperationHandle oph,
669 const void *src, size_t src_len,
670 void *dst, size_t *dst_len,
671 const void *tag, size_t tag_len)
672{
673 TEEC_Result res;
674 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
675 uint32_t ret_orig;
676
677 assert((uintptr_t)oph <= UINT32_MAX);
678 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
679
680 op.params[1].tmpref.buffer = (void *)src;
681 op.params[1].tmpref.size = src_len;
682
683 op.params[2].tmpref.buffer = dst;
684 op.params[2].tmpref.size = *dst_len;
685
686 op.params[3].tmpref.buffer = (void *)tag;
687 op.params[3].tmpref.size = tag_len;
688
689 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
690 TEEC_MEMREF_TEMP_INPUT,
691 TEEC_MEMREF_TEMP_OUTPUT,
692 TEEC_MEMREF_TEMP_INPUT);
693
694 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_DECRYPT_FINAL, &op,
695 &ret_orig);
696
697 if (res != TEEC_SUCCESS) {
698 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
699 ret_orig);
700 }
701
702 if (res == TEEC_SUCCESS)
703 *dst_len = op.params[2].tmpref.size;
704
705 return res;
706}
707
708static TEEC_Result ta_crypt_cmd_asymmetric_operate(ADBG_Case_t *c,
709 TEEC_Session *s,
710 TEE_OperationHandle oph,
711 uint32_t cmd,
712 const TEE_Attribute *params,
713 uint32_t paramCount,
714 const void *src,
715 size_t src_len,
716 void *dst,
717 size_t *dst_len)
718{
719 TEEC_Result res;
720 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
721 uint32_t ret_orig;
722 uint8_t *buf;
723 size_t blen;
724
725 res = pack_attrs(params, paramCount, &buf, &blen);
726 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
727 return res;
728
729 assert((uintptr_t)oph <= UINT32_MAX);
730 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
731
732 op.params[1].tmpref.buffer = buf;
733 op.params[1].tmpref.size = blen;
734
735 op.params[2].tmpref.buffer = (void *)src;
736 op.params[2].tmpref.size = src_len;
737
738 op.params[3].tmpref.buffer = dst;
739 op.params[3].tmpref.size = *dst_len;
740
741 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
742 TEEC_MEMREF_TEMP_INPUT,
743 TEEC_MEMREF_TEMP_INPUT,
744 TEEC_MEMREF_TEMP_OUTPUT);
745
746 res = TEEC_InvokeCommand(s, cmd, &op, &ret_orig);
747
748 if (res != TEEC_SUCCESS) {
749 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
750 ret_orig);
751 }
752
753 if (res == TEEC_SUCCESS)
754 *dst_len = op.params[3].tmpref.size;
755
756 free(buf);
757 return res;
758}
759
760static TEEC_Result ta_crypt_cmd_asymmetric_encrypt(ADBG_Case_t *c,
761 TEEC_Session *s,
762 TEE_OperationHandle oph,
763 const TEE_Attribute *params,
764 uint32_t paramCount,
765 const void *src,
766 size_t src_len,
767 void *dst,
768 size_t *dst_len)
769{
770 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
771 TA_CRYPT_CMD_ASYMMETRIC_ENCRYPT,
772 params, paramCount,
773 src, src_len, dst, dst_len);
774}
775
776static TEEC_Result ta_crypt_cmd_asymmetric_decrypt(ADBG_Case_t *c,
777 TEEC_Session *s,
778 TEE_OperationHandle oph,
779 const TEE_Attribute *params,
780 uint32_t paramCount,
781 const void *src,
782 size_t src_len,
783 void *dst,
784 size_t *dst_len)
785{
786 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
787 TA_CRYPT_CMD_ASYMMETRIC_DECRYPT,
788 params, paramCount,
789 src, src_len, dst, dst_len);
790}
791
792static TEEC_Result ta_crypt_cmd_asymmetric_sign(ADBG_Case_t *c,
793 TEEC_Session *s,
794 TEE_OperationHandle oph,
795 const TEE_Attribute *params,
796 uint32_t paramCount,
797 const void *digest,
798 size_t digest_len,
799 void *signature,
800 size_t *signature_len)
801{
802 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
803 TA_CRYPT_CMD_ASYMMETRIC_SIGN_DIGEST, params, paramCount,
804 digest, digest_len, signature, signature_len);
805}
806
807static TEEC_Result ta_crypt_cmd_asymmetric_verify(ADBG_Case_t *c,
808 TEEC_Session *s,
809 TEE_OperationHandle oph,
810 const TEE_Attribute *params,
811 uint32_t paramCount,
812 const void *digest,
813 size_t digest_len,
814 const void *signature,
815 size_t signature_len)
816{
817 TEEC_Result res;
818 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
819 uint32_t ret_orig;
820 uint8_t *buf;
821 size_t blen;
822
823 res = pack_attrs(params, paramCount, &buf, &blen);
824 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
825 return res;
826
827 assert((uintptr_t)oph <= UINT32_MAX);
828 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
829
830 op.params[1].tmpref.buffer = buf;
831 op.params[1].tmpref.size = blen;
832
833 op.params[2].tmpref.buffer = (void *)digest;
834 op.params[2].tmpref.size = digest_len;
835
836 op.params[3].tmpref.buffer = (void *)signature;
837 op.params[3].tmpref.size = signature_len;
838
839 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
840 TEEC_MEMREF_TEMP_INPUT,
841 TEEC_MEMREF_TEMP_INPUT,
842 TEEC_MEMREF_TEMP_INPUT);
843
844 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_ASYMMETRIC_VERIFY_DIGEST,
845 &op, &ret_orig);
846
847 if (res != TEEC_SUCCESS) {
848 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
849 ret_orig);
850 }
851
852 free(buf);
853 return res;
854}
855
856static TEEC_Result ta_crypt_cmd_get_object_value_attribute(ADBG_Case_t *c,
857 TEEC_Session *s,
858 TEE_ObjectHandle o,
859 uint32_t attr_id,
860 uint32_t *valuea,
861 uint32_t *valueb)
862{
863 TEEC_Result res;
864 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
865 uint32_t ret_orig;
866
867 assert((uintptr_t)o <= UINT32_MAX);
868 op.params[0].value.a = (uint32_t)(uintptr_t)o;
869 op.params[0].value.b = attr_id;
870 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_OUTPUT,
871 TEEC_NONE, TEEC_NONE);
872
873 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GET_OBJECT_VALUE_ATTRIBUTE,
874 &op, &ret_orig);
875
876 if (res != TEEC_SUCCESS) {
877 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
878 ret_orig);
879 }
880
881 if (res == TEEC_SUCCESS) {
882 *valuea = op.params[1].value.a;
883 *valueb = op.params[1].value.b;
884 }
885
886 return res;
887}
888
889static TEEC_Result ta_crypt_cmd_generate_key(ADBG_Case_t *c,
890 TEEC_Session *s,
891 TEE_ObjectHandle o,
892 uint32_t key_size,
893 const TEE_Attribute *params,
894 uint32_t paramCount)
895{
896 TEEC_Result res;
897 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
898 uint32_t ret_orig;
899 uint8_t *buf;
900 size_t blen;
901
902 res = pack_attrs(params, paramCount, &buf, &blen);
903 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
904 return res;
905
906 assert((uintptr_t)o <= UINT32_MAX);
907 op.params[0].value.a = (uint32_t)(uintptr_t)o;
908 op.params[0].value.b = key_size;
909
910 op.params[1].tmpref.buffer = buf;
911 op.params[1].tmpref.size = blen;
912
913 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
914 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
915 TEEC_NONE);
916
917 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GENERATE_KEY, &op, &ret_orig);
918
919 if (res != TEEC_SUCCESS) {
920 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
921 ret_orig);
922 }
923
924 free(buf);
925 return res;
926}
927
928static const uint8_t hash_data_md5_in1[] = {
929 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
930};
931
932static const uint8_t hash_data_md5_out1[] = {
933 0x61, 0x12, 0x71, 0x83, 0x70, 0x8d, 0x3a, 0xc7,
934 0xf1, 0x9b, 0x66, 0x06, 0xfc, 0xae, 0x7d, 0xf6
935};
936
937static const uint8_t hash_data_sha1_in1[] = {
938 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
939};
940
941static const uint8_t hash_data_sha1_out1[] = {
942 0x4b, 0x98, 0x92, 0xb6, 0x52, 0x72, 0x14, 0xaf,
943 0xc6, 0x55, 0xb8, 0xaa, 0x52, 0xf4, 0xd2, 0x03,
944 0xc1, 0x5e, 0x7c, 0x9c
945};
946
947static const uint8_t hash_data_sha224_in1[] = {
948 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
949};
950
951static const uint8_t hash_data_sha224_out1[] = {
952 0x08, 0x21, 0x69, 0xf9, 0x77, 0x1b, 0x80, 0x15,
953 0xf3, 0x97, 0xae, 0xde, 0x5b, 0xba, 0xa2, 0x72,
954 0x2d, 0x8f, 0x5c, 0x19, 0xfe, 0xd2, 0xe2, 0x68,
955 0x92, 0x49, 0xd8, 0x44
956};
957
958static const uint8_t hash_data_sha256_in1[] = { 'a', 'b', 'c' };
959
960static const uint8_t hash_data_sha256_out1[] = {
961 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
962 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
963 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
964 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
965};
966
967static const uint8_t hash_data_sha256_in2[] = { 'e', 'f', 'g' };
968
969static const uint8_t hash_data_sha256_out2[] = {
970 0xd4, 0xff, 0xe8, 0xe9, 0xee, 0x0b, 0x48, 0xeb,
971 0xa7, 0x16, 0x70, 0x61, 0x23, 0xa7, 0x18, 0x7f,
972 0x32, 0xea, 0xe3, 0xbd, 0xcb, 0x0e, 0x77, 0x63,
973 0xe4, 0x1e, 0x53, 0x32, 0x67, 0xbd, 0x8a, 0x53
974};
975
976
977static const uint8_t hash_data_sha384_in1[] = {
978 'a', 'b', 'c', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
979};
980
981static const uint8_t hash_data_sha384_out1[] = {
982 0x4c, 0xab, 0x80, 0x9d, 0x96, 0x84, 0x01, 0x47,
983 0x67, 0x0a, 0xc1, 0x7a, 0xb6, 0xb9, 0xf7, 0x6e,
984 0x35, 0xa6, 0xb0, 0x8c, 0xf5, 0x2a, 0x3d, 0x64,
985 0x9a, 0x8c, 0x7e, 0x0c, 0x55, 0x45, 0xd3, 0x7d,
986 0x1f, 0x7f, 0x28, 0x34, 0x96, 0x14, 0x44, 0x2a,
987 0xf5, 0x98, 0xa2, 0x95, 0x24, 0x76, 0x53, 0x97
988};
989
990static const uint8_t hash_data_sha512_in1[] = {
991 'a', 'b', 'c', 'd', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
992};
993
994static const uint8_t hash_data_sha512_out1[] = {
995 0x20, 0xd8, 0x64, 0x4f, 0x54, 0xa2, 0x5f, 0x6f,
996 0x0a, 0xf9, 0xd5, 0x27, 0x7d, 0x17, 0xa8, 0x99,
997 0x4c, 0x64, 0x3f, 0xd0, 0xf3, 0x83, 0x36, 0xee,
998 0x93, 0x12, 0x55, 0xcd, 0x2e, 0x12, 0x34, 0xa0,
999 0xc2, 0xaa, 0xf9, 0xbb, 0x15, 0xc5, 0xe9, 0xfa,
1000 0xf7, 0xa7, 0xda, 0xb8, 0x2f, 0x72, 0xa0, 0x47,
1001 0xe3, 0x02, 0x04, 0xe8, 0xa0, 0x35, 0x0c, 0x96,
1002 0x26, 0xd1, 0xcb, 0x8b, 0x47, 0x45, 0x25, 0xd0
1003};
1004
1005struct xtest_hash_case {
1006 uint32_t algo;
1007 size_t in_incr;
1008 const uint8_t *in;
1009 size_t in_len;
1010 const uint8_t *out;
1011 size_t out_len;
1012};
1013
1014#define XTEST_HASH_CASE(algo, in_incr, in, out) \
1015 { (algo), (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1016
1017static const struct xtest_hash_case hash_cases[] = {
1018 XTEST_HASH_CASE(TEE_ALG_MD5, 6, hash_data_md5_in1,
1019 hash_data_md5_out1),
1020 XTEST_HASH_CASE(TEE_ALG_SHA1, 3, hash_data_sha1_in1,
1021 hash_data_sha1_out1),
1022 XTEST_HASH_CASE(TEE_ALG_SHA224, 7, hash_data_sha224_in1,
1023 hash_data_sha224_out1),
1024 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in1,
1025 hash_data_sha256_out1),
1026 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in2,
1027 hash_data_sha256_out2),
1028 XTEST_HASH_CASE(TEE_ALG_SHA384, 1, hash_data_sha384_in1,
1029 hash_data_sha384_out1),
1030 XTEST_HASH_CASE(TEE_ALG_SHA512, 1, hash_data_sha512_in1,
1031 hash_data_sha512_out1),
1032};
1033
1034static void xtest_tee_test_4001(ADBG_Case_t *c)
1035{
1036 TEEC_Session session = { 0 };
1037 uint32_t ret_orig;
1038 size_t n;
1039
1040 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1041 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1042 &ret_orig)))
1043 return;
1044
1045
1046 for (n = 0; n < ARRAY_SIZE(hash_cases); n++) {
1047 TEE_OperationHandle op1;
1048 TEE_OperationHandle op2;
1049 uint8_t out[64];
1050 size_t out_size;
1051
1052 Do_ADBG_BeginSubCase(c, "Hash case %d algo 0x%x",
1053 (int)n, (unsigned int)hash_cases[n].algo);
1054
1055 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1056 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1057 hash_cases[n].algo,
1058 TEE_MODE_DIGEST, 0)))
1059 goto out;
1060
1061 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1062 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1063 hash_cases[n].algo,
1064 TEE_MODE_DIGEST, 0)))
1065 goto out;
1066
1067 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1068 ta_crypt_cmd_digest_update(c, &session, op1,
1069 hash_cases[n].in,
1070 hash_cases[n].in_incr)))
1071 goto out;
1072
1073 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1074 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1075 goto out;
1076
1077 out_size = sizeof(out);
1078 memset(out, 0, sizeof(out));
1079 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1080 ta_crypt_cmd_digest_do_final(c, &session, op2,
1081 hash_cases[n].in + hash_cases[n].in_incr,
1082 hash_cases[n].in_len - hash_cases[n].in_incr,
1083 out, &out_size)))
1084 goto out;
1085
1086 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1087 hash_cases[n].out_len, out, out_size);
1088
1089 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1090 ta_crypt_cmd_reset_operation(c, &session, op1)))
1091 goto out;
1092
1093 out_size = sizeof(out);
1094 memset(out, 0, sizeof(out));
1095 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1096 ta_crypt_cmd_digest_do_final(c, &session, op1,
1097 hash_cases[n].in,
1098 hash_cases[n].in_len, out,
1099 &out_size)))
1100 goto out;
1101
1102 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1103 hash_cases[n].out_len, out, out_size);
1104
1105 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1106 ta_crypt_cmd_free_operation(c, &session, op1)))
1107 goto out;
1108
1109 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1110 ta_crypt_cmd_free_operation(c, &session, op2)))
1111 goto out;
1112
1113 Do_ADBG_EndSubCase(c, NULL);
1114 }
1115
1116out:
1117 TEEC_CloseSession(&session);
1118}
1119
1120static const uint8_t mac_data_md5_key1[10] = {
1121 0x6B, 0x65, 0x79, /* key */
1122};
1123
1124static const uint8_t mac_data_md5_in1[] = {
1125 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1126 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1127 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1128 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1129 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1130 0x64, 0x6F, 0x67, /* dog */
1131};
1132
1133static const uint8_t mac_data_md5_out1[] = {
1134 0x80, 0x07, 0x07, 0x13, 0x46, 0x3e, 0x77, 0x49,
1135 0xb9, 0x0c, 0x2d, 0xc2, 0x49, 0x11, 0xe2, 0x75
1136};
1137
1138
1139/* generated with scripts/digest_hmac.pl */
1140static const uint8_t mac_data_sha1_key1[10] = {
1141 0x6B, 0x65, 0x79, /* key */
1142};
1143
1144static const uint8_t mac_data_sha1_in1[] = {
1145 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1146 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1147 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1148 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1149 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1150 0x64, 0x6F, 0x67, /* dog */
1151};
1152
1153static const uint8_t mac_data_sha1_out1[] = {
1154 0xDE, 0x7C, 0x9B, 0x85, 0xB8, 0xB7, 0x8A, 0xA6, /* .|...... */
1155 0xBC, 0x8A, 0x7A, 0x36, 0xF7, 0x0A, 0x90, 0x70, /* ..z6...p */
1156 0x1C, 0x9D, 0xB4, 0xD9, /* .... */
1157};
1158
1159static const uint8_t mac_data_sha224_key1[24] = {
1160 0x6B, 0x65, 0x79, /* key */
1161};
1162
1163static const uint8_t mac_data_sha224_in1[] = {
1164 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1165 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1166 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1167 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1168 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1169 0x64, 0x6F, 0x67, /* dog */
1170};
1171
1172static const uint8_t mac_data_sha224_out1[] = {
1173 0x88, 0xFF, 0x8B, 0x54, 0x67, 0x5D, 0x39, 0xB8, /* ...Tg]9. */
1174 0xF7, 0x23, 0x22, 0xE6, 0x5F, 0xF9, 0x45, 0xC5, /* .#"._.E. */
1175 0x2D, 0x96, 0x37, 0x99, 0x88, 0xAD, 0xA2, 0x56, /* -.7....V */
1176 0x39, 0x74, 0x7E, 0x69, /* 9t~i */
1177};
1178
1179
1180static const uint8_t mac_data_sha256_key1[24] = {
1181 'Q', 'W', 'E', 'R', 'T', 'Y'
1182};
1183
1184static const uint8_t mac_data_sha256_in1[] = { 'a', 'b', 'c' };
1185
1186static const uint8_t mac_data_sha256_out1[] = {
1187 0xee, 0x2e, 0x5d, 0x9b, 0x51, 0xe2, 0x9c, 0x1d,
1188 0x49, 0xe9, 0xae, 0x6f, 0x0a, 0xcc, 0x15, 0x18,
1189 0xde, 0x1e, 0xa3, 0x88, 0x8e, 0xee, 0x48, 0xbb,
1190 0x82, 0x77, 0xe9, 0x09, 0x74, 0x4b, 0xa2, 0xf2
1191};
1192
1193/* generated with scripts/digest_hmac.pl */
1194static const uint8_t mac_data_sha256_key2[24] = {
1195 0x6B, 0x65, 0x79, /* key */
1196};
1197
1198static const uint8_t mac_data_sha256_in2[] = {
1199 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1200 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1201 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1202 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1203 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1204 0x64, 0x6F, 0x67, /* dog */
1205};
1206
1207static const uint8_t mac_data_sha256_out2[] = {
1208 0xF7, 0xBC, 0x83, 0xF4, 0x30, 0x53, 0x84, 0x24, /* ....0S.$ */
1209 0xB1, 0x32, 0x98, 0xE6, 0xAA, 0x6F, 0xB1, 0x43, /* .2...o.C */
1210 0xEF, 0x4D, 0x59, 0xA1, 0x49, 0x46, 0x17, 0x59, /* .MY.IF.Y */
1211 0x97, 0x47, 0x9D, 0xBC, 0x2D, 0x1A, 0x3C, 0xD8, /* .G..-.<. */
1212};
1213
1214static const uint8_t mac_data_sha384_key1[32] = {
1215 0x6B, 0x65, 0x79, /* key */
1216};
1217
1218static const uint8_t mac_data_sha384_in1[] = {
1219 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1220 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1221 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1222 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1223 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1224 0x64, 0x6F, 0x67, /* dog */
1225};
1226
1227static const uint8_t mac_data_sha384_out1[] = {
1228 0xD7, 0xF4, 0x72, 0x7E, 0x2C, 0x0B, 0x39, 0xAE, /* ..r~, .9. */
1229 0x0F, 0x1E, 0x40, 0xCC, 0x96, 0xF6, 0x02, 0x42, /* ..@....B */
1230 0xD5, 0xB7, 0x80, 0x18, 0x41, 0xCE, 0xA6, 0xFC, /* ....A... */
1231 0x59, 0x2C, 0x5D, 0x3E, 0x1A, 0xE5, 0x07, 0x00, /* Y, ]>.... */
1232 0x58, 0x2A, 0x96, 0xCF, 0x35, 0xE1, 0xE5, 0x54, /* X...5..T */
1233 0x99, 0x5F, 0xE4, 0xE0, 0x33, 0x81, 0xC2, 0x37, /* ._..3..7 */
1234};
1235
1236static const uint8_t mac_data_sha512_key1[32] = {
1237 0x6B, 0x65, 0x79, /* key */
1238};
1239
1240static const uint8_t mac_data_sha512_in1[] = {
1241 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1242 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1243 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1244 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1245 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1246 0x64, 0x6F, 0x67, /* dog */
1247};
1248
1249static const uint8_t mac_data_sha512_out1[] = {
1250 0xB4, 0x2A, 0xF0, 0x90, 0x57, 0xBA, 0xC1, 0xE2, /* ....W... */
1251 0xD4, 0x17, 0x08, 0xE4, 0x8A, 0x90, 0x2E, 0x09, /* ........ */
1252 0xB5, 0xFF, 0x7F, 0x12, 0xAB, 0x42, 0x8A, 0x4F, /* .....B.O */
1253 0xE8, 0x66, 0x53, 0xC7, 0x3D, 0xD2, 0x48, 0xFB, /* .fS.=.H. */
1254 0x82, 0xF9, 0x48, 0xA5, 0x49, 0xF7, 0xB7, 0x91, /* ..H.I... */
1255 0xA5, 0xB4, 0x19, 0x15, 0xEE, 0x4D, 0x1E, 0xC3, /* .....M.. */
1256 0x93, 0x53, 0x57, 0xE4, 0xE2, 0x31, 0x72, 0x50, /* .SW..1rP */
1257 0xD0, 0x37, 0x2A, 0xFA, 0x2E, 0xBE, 0xEB, 0x3A, /* .7.....: */
1258};
1259
1260
1261/* AES-CBC-MAC */
1262static const uint8_t mac_cbc_vect1_key[] = {
1263 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1264 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1265};
1266
1267static const uint8_t mac_cbc_vect1_data[] = {
1268 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1269 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1270 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1271 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1272 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1273 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1274 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1275 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1276 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1277 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1278 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1279 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1280 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1281 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1282 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1283 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1284 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1285 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1286 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1287 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1288};
1289
1290static const uint8_t mac_cbc_vect1_out[] = {
1291 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1292 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1293};
1294
1295/* DES-CBC-MAC */
1296static const uint8_t mac_cbc_vect2_key[] = {
1297 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1298};
1299
1300#define mac_cbc_vect2_data mac_cbc_vect1_data
1301static const uint8_t mac_cbc_vect2_out[] = {
1302 0xE9, 0x41, 0x46, 0x30, 0x69, 0x32, 0xBD, 0xD6, /* .AF0i2.. */
1303};
1304
1305/* DES3-CBC-MAC */
1306static const uint8_t mac_cbc_vect3_key[] = {
1307 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1308 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1309 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1310};
1311
1312#define mac_cbc_vect3_data mac_cbc_vect2_data
1313static const uint8_t mac_cbc_vect3_out[] = {
1314 0x1C, 0x17, 0xB7, 0xB5, 0x9F, 0x54, 0x9C, 0x63, /* .....T.c */
1315};
1316
1317/* AES-CBC-MAC PKCS#5 pad*/
1318static const uint8_t mac_cbc_vect4_key[] = {
1319 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1320 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1321 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1322 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1323};
1324
1325#define mac_cbc_vect4_data mac_cbc_vect1_data
1326static const uint8_t mac_cbc_vect4_out[] = {
1327 0x0B, 0x46, 0xC7, 0xA2, 0xE1, 0x5A, 0xE2, 0x23, /* .F...Z.# */
1328 0x83, 0x34, 0x1C, 0x86, 0x53, 0xF8, 0x51, 0x24, /* .4..S.Q$ */
1329};
1330
1331/* DES-CBC-MAC PKCS#5 pad*/
1332static const uint8_t mac_cbc_vect5_key[] = {
1333 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1334};
1335
1336#define mac_cbc_vect5_data mac_cbc_vect1_data
1337static const uint8_t mac_cbc_vect5_out[] = {
1338 0x30, 0x81, 0x4F, 0x42, 0x03, 0x7E, 0xD8, 0xA9, /* 0.OB.~.. */
1339};
1340
1341/* DES3-CBC-MAC PKCS#5 pad*/
1342static const uint8_t mac_cbc_vect6_key[] = {
1343 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1344 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1345 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1346};
1347
1348#define mac_cbc_vect6_data mac_cbc_vect1_data
1349static const uint8_t mac_cbc_vect6_out[] = {
1350 0x6E, 0x37, 0x6E, 0x14, 0x5E, 0x21, 0xDD, 0xF8, /* n7n.^!.. */
1351};
1352
1353/* AES-CBC-MAC PKCS#5 pad*/
1354#define mac_cbc_vect7_key mac_cbc_vect4_key
1355static const uint8_t mac_cbc_vect7_data[] = {
1356 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1357 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1358 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1359 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1360 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1361 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1362 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1363 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1364 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1365 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1366 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1367 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1368 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1369 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1370 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1371 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1372 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1373 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1374 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1375 0x74, 0x69, 0x6F, 0x6E, 0x2E, /* tion. */
1376};
1377
1378static const uint8_t mac_cbc_vect7_out[] = {
1379 0xFD, 0x89, 0x35, 0xB3, 0x93, 0x7F, 0xBB, 0xA2, /* ..5..... */
1380 0xFB, 0x65, 0x60, 0xC4, 0x0A, 0x62, 0xA0, 0xF9, /* .e`..b.. */
1381};
1382
1383/* DES-CBC-MAC PKCS#5 pad*/
1384#define mac_cbc_vect8_key mac_cbc_vect5_key
1385#define mac_cbc_vect8_data mac_cbc_vect7_data
1386static const uint8_t mac_cbc_vect8_out[] = {
1387 0x02, 0x2A, 0xA8, 0x2E, 0x47, 0xC6, 0xBB, 0x7C, /* ....G..| */
1388};
1389
1390/* DES3-CBC-MAC PKCS#5 pad*/
1391#define mac_cbc_vect9_key mac_cbc_vect6_key
1392#define mac_cbc_vect9_data mac_cbc_vect7_data
1393static const uint8_t mac_cbc_vect9_out[] = {
1394 0xD4, 0xF7, 0x3E, 0x27, 0x78, 0x0E, 0x1C, 0x79, /* ..>'x..y */
1395};
1396
1397/*
1398 * AES-CMAC
1399 * Test vectors from
1400 * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
1401 */
1402
1403/* AES-128 */
1404static const uint8_t mac_cmac_vect1_key[] = {
1405 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1406 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
1407};
1408
1409static const uint8_t mac_cmac_vect1_out[] = {
1410 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
1411 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
1412};
1413
1414#define mac_cmac_vect2_key mac_cmac_vect1_key
1415static const uint8_t mac_cmac_vect2_data[] = {
1416 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1417 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1418};
1419
1420static const uint8_t mac_cmac_vect2_out[] = {
1421 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
1422 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
1423};
1424
1425#define mac_cmac_vect3_key mac_cmac_vect1_key
1426static const uint8_t mac_cmac_vect3_data[] = {
1427 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1428 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1429 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1430 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1431 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1432};
1433
1434static const uint8_t mac_cmac_vect3_out[] = {
1435 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
1436 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
1437};
1438
1439#define mac_cmac_vect4_key mac_cmac_vect1_key
1440static const uint8_t mac_cmac_vect4_data[] = {
1441 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1442 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1443 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1444 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1445 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1446 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1447 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1448 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1449};
1450
1451static const uint8_t mac_cmac_vect4_out[] = {
1452 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
1453 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
1454};
1455
1456/* AES-192 */
1457static const uint8_t mac_cmac_vect5_key[] = {
1458 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
1459 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
1460 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
1461};
1462
1463static const uint8_t mac_cmac_vect5_out[] = {
1464 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
1465 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
1466};
1467
1468
1469#define mac_cmac_vect6_key mac_cmac_vect5_key
1470static const uint8_t mac_cmac_vect6_data[] = {
1471 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1472 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1473};
1474
1475static const uint8_t mac_cmac_vect6_out[] = {
1476 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
1477 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
1478};
1479
1480#define mac_cmac_vect7_key mac_cmac_vect5_key
1481static const uint8_t mac_cmac_vect7_data[] = {
1482 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1483 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1484 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1485 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1486 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1487};
1488
1489static const uint8_t mac_cmac_vect7_out[] = {
1490 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
1491 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
1492};
1493
1494#define mac_cmac_vect8_key mac_cmac_vect5_key
1495static const uint8_t mac_cmac_vect8_data[] = {
1496 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1497 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1498 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1499 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1500 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1501 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1502 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1503 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1504};
1505
1506static const uint8_t mac_cmac_vect8_out[] = {
1507 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
1508 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
1509};
1510
1511/* AES-256 */
1512static const uint8_t mac_cmac_vect9_key[] = {
1513 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
1514 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
1515 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
1516 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
1517};
1518
1519static const uint8_t mac_cmac_vect9_out[] = {
1520 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
1521 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
1522};
1523
1524#define mac_cmac_vect10_key mac_cmac_vect9_key
1525static const uint8_t mac_cmac_vect10_data[] = {
1526 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1527 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1528};
1529
1530static const uint8_t mac_cmac_vect10_out[] = {
1531 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
1532 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
1533};
1534
1535#define mac_cmac_vect11_key mac_cmac_vect9_key
1536static const uint8_t mac_cmac_vect11_data[] = {
1537 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1538 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1539 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1540 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1541 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1542};
1543
1544static const uint8_t mac_cmac_vect11_out[] = {
1545 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
1546 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
1547};
1548
1549#define mac_cmac_vect12_key mac_cmac_vect9_key
1550static const uint8_t mac_cmac_vect12_data[] = {
1551 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1552 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1553 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1554 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1555 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1556 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1557 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1558 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1559};
1560
1561static const uint8_t mac_cmac_vect12_out[] = {
1562 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
1563 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
1564};
1565
1566struct xtest_mac_case {
1567 uint32_t algo;
1568 uint32_t key_type;
1569 const uint8_t *key;
1570 size_t key_len;
1571 size_t in_incr;
1572 const uint8_t *in;
1573 size_t in_len;
1574 const uint8_t *out;
1575 size_t out_len;
1576};
1577
1578#define XTEST_MAC_CASE(algo, key_type, key, in_incr, in, out) \
1579 { (algo), (key_type), (key), ARRAY_SIZE(key), \
1580 (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1581
1582#define XTEST_MAC_CBC_CASE(algo, key_type, vect, in_incr) \
1583 XTEST_MAC_CASE((algo), (key_type), \
1584 mac_cbc_ ## vect ## _key, (in_incr), \
1585 mac_cbc_ ## vect ## _data, mac_cbc_ ## vect ## _out)
1586
1587#define XTEST_MAC_CMAC_CASE(vect, in_incr) \
1588 XTEST_MAC_CASE(TEE_ALG_AES_CMAC, TEE_TYPE_AES, \
1589 mac_cmac_ ## vect ## _key, (in_incr), \
1590 mac_cmac_ ## vect ## _data, mac_cmac_ ## vect ## _out)
1591
1592static const struct xtest_mac_case mac_cases[] = {
1593 XTEST_MAC_CASE(TEE_ALG_HMAC_MD5, TEE_TYPE_HMAC_MD5,
1594 mac_data_md5_key1,
1595 4, mac_data_md5_in1, mac_data_md5_out1),
1596 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA1, TEE_TYPE_HMAC_SHA1,
1597 mac_data_sha1_key1,
1598 5, mac_data_sha1_in1, mac_data_sha1_out1),
1599 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA224, TEE_TYPE_HMAC_SHA224,
1600 mac_data_sha224_key1,
1601 8, mac_data_sha224_in1, mac_data_sha224_out1),
1602 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1603 mac_data_sha256_key1,
1604 1, mac_data_sha256_in1, mac_data_sha256_out1),
1605 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1606 mac_data_sha256_key2,
1607 7, mac_data_sha256_in2, mac_data_sha256_out2),
1608 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA384, TEE_TYPE_HMAC_SHA384,
1609 mac_data_sha384_key1,
1610 11, mac_data_sha384_in1, mac_data_sha384_out1),
1611 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA512, TEE_TYPE_HMAC_SHA512,
1612 mac_data_sha512_key1,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1),
1614
1615 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_NOPAD, TEE_TYPE_AES, vect1, 14),
1616 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_NOPAD, TEE_TYPE_DES, vect2, 16),
1617 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_NOPAD, TEE_TYPE_DES3, vect3,
1618 17),
1619 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect4, 11),
1620 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect5, 9),
1621 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect6, 4),
1622 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect7, 3),
1623 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect8, 23),
1624 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect9,
1625 34),
1626
1627 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect1_key,
1628 ARRAY_SIZE(mac_cmac_vect1_key), 0, NULL, 0, mac_cmac_vect1_out,
1629 ARRAY_SIZE(mac_cmac_vect1_out) },
1630 XTEST_MAC_CMAC_CASE(vect2, 9),
1631 XTEST_MAC_CMAC_CASE(vect3, 9),
1632 XTEST_MAC_CMAC_CASE(vect4, 9),
1633 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect5_key,
1634 ARRAY_SIZE(mac_cmac_vect5_key), 0, NULL, 0, mac_cmac_vect5_out,
1635 ARRAY_SIZE(mac_cmac_vect5_out) },
1636 XTEST_MAC_CMAC_CASE(vect6, 9),
1637 XTEST_MAC_CMAC_CASE(vect7, 9),
1638 XTEST_MAC_CMAC_CASE(vect8, 9),
1639 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect9_key,
1640 ARRAY_SIZE(mac_cmac_vect9_key), 0, NULL, 0, mac_cmac_vect9_out,
1641 ARRAY_SIZE(mac_cmac_vect9_out) },
1642 XTEST_MAC_CMAC_CASE(vect10, 9),
1643 XTEST_MAC_CMAC_CASE(vect11, 9),
1644 XTEST_MAC_CMAC_CASE(vect12, 9),
1645};
1646
1647static void xtest_tee_test_4002(ADBG_Case_t *c)
1648{
1649 TEEC_Session session = { 0 };
1650 TEE_OperationHandle op1;
1651 TEE_OperationHandle op2;
1652 TEE_ObjectHandle key_handle;
1653 uint8_t out[64];
1654 size_t out_size;
1655 uint32_t ret_orig;
1656 size_t n;
1657
1658 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1659 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1660 &ret_orig)))
1661 return;
1662
1663 for (n = 0; n < ARRAY_SIZE(mac_cases); n++) {
1664 TEE_Attribute key_attr;
1665 size_t key_size;
1666
1667 Do_ADBG_BeginSubCase(c, "MAC case %d algo 0x%x",
1668 (int)n, (unsigned int)mac_cases[n].algo);
1669
1670 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
1671 key_attr.content.ref.buffer = (void *)mac_cases[n].key;
1672 key_attr.content.ref.length = mac_cases[n].key_len;
1673
1674 key_size = key_attr.content.ref.length * 8;
1675 if (mac_cases[n].key_type == TEE_TYPE_DES ||
1676 mac_cases[n].key_type == TEE_TYPE_DES3)
1677 /* Exclude parity in bit size of key */
1678 key_size -= key_size / 8;
1679
1680 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1681 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1682 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1683 goto out;
1684
1685 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1686 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1687 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1688 goto out;
1689
1690 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1691 ta_crypt_cmd_allocate_transient_object(c, &session,
1692 mac_cases[n].key_type, key_size, &key_handle)))
1693 goto out;
1694
1695 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1696 ta_crypt_cmd_populate_transient_object(c, &session,
1697 key_handle, &key_attr, 1)))
1698 goto out;
1699
1700 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1701 ta_crypt_cmd_set_operation_key(c, &session, op1,
1702 key_handle)))
1703 goto out;
1704
1705 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1706 ta_crypt_cmd_free_transient_object(c, &session,
1707 key_handle)))
1708 goto out;
1709
1710 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1711 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1712 goto out;
1713
1714 if (mac_cases[n].in != NULL) {
1715 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1716 ta_crypt_cmd_mac_update(c, &session, op1,
1717 mac_cases[n].in, mac_cases[n].in_incr)))
1718 goto out;
1719 }
1720
1721 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1722 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1723 goto out;
1724
1725 out_size = sizeof(out);
1726 memset(out, 0, sizeof(out));
1727 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1728 ta_crypt_cmd_mac_final_compute(c, &session, op2,
1729 mac_cases[n].in + mac_cases[n].in_incr,
1730 mac_cases [n].in_len - mac_cases[n].in_incr,
1731 out, &out_size)))
1732 goto out;
1733
1734 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1735 mac_cases[n].out_len, out, out_size);
1736
1737 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1738 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1739 goto out;
1740
1741 out_size = sizeof(out);
1742 memset(out, 0, sizeof(out));
1743 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1744 ta_crypt_cmd_mac_final_compute(c, &session, op1,
1745 mac_cases[n].in, mac_cases[n].in_len, out,
1746 &out_size)))
1747 goto out;
1748
1749 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1750 mac_cases[n].out_len, out, out_size);
1751
1752 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1753 ta_crypt_cmd_free_operation(c, &session, op1)))
1754 goto out;
1755
1756 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1757 ta_crypt_cmd_free_operation(c, &session, op2)))
1758 goto out;
1759
1760 Do_ADBG_EndSubCase(c, NULL);
1761 }
1762out:
1763 TEEC_CloseSession(&session);
1764}
1765
1766/* generated with scripts/crypt_aes_cbc_nopad.pl */
1767static const uint8_t ciph_data_aes_key1[] = {
1768 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1769 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1770};
1771
1772static const uint8_t ciph_data_des_key1[] = {
1773 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 /* 01234567 */
1774};
1775
1776static const uint8_t ciph_data_des_key2[] = {
1777 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1778};
1779
1780
1781static const uint8_t ciph_data_des3_key1[] = {
1782 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1783 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1784 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1785};
1786
1787static const uint8_t ciph_data_des3_key2[] = {
1788 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1789 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1790 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1791};
1792
1793static const uint8_t ciph_data_des2_key1[] = {
1794 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1795 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1796};
1797
1798static const uint8_t ciph_data_in1[] = {
1799 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1800 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1801 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1802 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1803 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1804 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, /* CDEF0123 */
1805};
1806
1807static const uint8_t ciph_data_in3[] = {
1808 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1809 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1810 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1811 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1812 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1813 0x43, 0x44, 0x45, 0x46, 0x30, /* CDEF0 */
1814};
1815
1816static const uint8_t ciph_data_128_iv1[] = {
1817 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1818 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, /* 9ABCDEF0 */
1819};
1820
1821static const uint8_t ciph_data_64_iv1[] = {
1822 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1823};
1824
1825static const uint8_t ciph_data_in2[] = {
1826 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
1827};
1828
1829static const uint8_t ciph_data_aes_ecb_nopad_out1[] = {
1830 0xA5, 0xBE, 0x14, 0xD5, 0x01, 0x05, 0x24, 0x48, /* ......$H */
1831 0x58, 0x1A, 0x6B, 0x82, 0xD4, 0x41, 0xD2, 0xB3, /* X.k..A.. */
1832 0xBB, 0xF9, 0xAE, 0x37, 0x94, 0xAC, 0x18, 0x50, /* ...7...P */
1833 0x87, 0x09, 0xCC, 0x3F, 0x43, 0xD2, 0xC2, 0xB7, /* ...?C... */
1834 0xD7, 0x6F, 0x84, 0x07, 0xB4, 0x78, 0xCE, 0x34, /* .o...x.4 */
1835 0x48, 0xC9, 0x16, 0x86, 0x42, 0xB8, 0xFF, 0xCF, /* H...B... */
1836};
1837
1838static const uint8_t ciph_data_aes_cbc_nopad_out1[] = {
1839 0x8D, 0x9F, 0x88, 0xD8, 0xAF, 0x9F, 0xC1, 0x3B, /* .......; */
1840 0x02, 0x15, 0x43, 0x6A, 0x8C, 0x1E, 0x34, 0x5C, /* ..Cj..4\ */
1841 0x83, 0xF4, 0x85, 0x3E, 0x43, 0x0F, 0xE5, 0x5F, /* ...>C.._ */
1842 0x81, 0x4C, 0xC0, 0x28, 0x3F, 0xD9, 0x98, 0x53, /* .L.(?..S */
1843 0xB1, 0x44, 0x51, 0x38, 0x21, 0xAB, 0x10, 0xCE, /* .DQ8!... */
1844 0xC2, 0xEC, 0x65, 0x54, 0xDD, 0x5C, 0xEA, 0xDC, /* ..eT.\.. */
1845};
1846
1847static const uint8_t ciph_data_aes_ctr_out1[] = {
1848 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1849 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1850 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1851 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1852 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1853 0x72, 0x0E, 0x3C, 0xD1, 0xA1, 0x2F, 0x5D, 0x33, /* r.<../]3 */
1854};
1855
1856static const uint8_t ciph_data_aes_ctr_out2[] = {
1857 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1858 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1859 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1860 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1861 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1862 0x72, 0x0E, 0x3C, 0xD1, 0xA1, /* r.<.. */
1863};
1864
1865static const uint8_t ciph_data_aes_cbc_vect1_key[] = {
1866 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1867 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1868};
1869
1870static const uint8_t ciph_data_aes_cbc_vect1_iv[] = {
1871 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1872 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1873};
1874
1875static const uint8_t ciph_data_aes_cbc_vect1_ptx[] = {
1876 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1877 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1878 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1879 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1880 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1881 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1882 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1883 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1884 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1885 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1886 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1887 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1888 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1889 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1890 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1891 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1892 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1893 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1894 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1895 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1896};
1897
1898static const uint8_t ciph_data_aes_cbc_vect1_ctx[] = {
1899 0xDD, 0x16, 0xC3, 0x47, 0x69, 0xEC, 0xF5, 0x86, /* ...Gi... */
1900 0x20, 0xB4, 0xF7, 0xE3, 0xB9, 0x36, 0xE8, 0xAC, /* ....6.. */
1901 0xC9, 0xA2, 0x11, 0x71, 0x3B, 0x10, 0x9D, 0x45, /* ...q;..E */
1902 0xCA, 0xE2, 0x49, 0xA6, 0x4E, 0x56, 0x07, 0xC5, /* ..I.NV.. */
1903 0xCE, 0xA3, 0x14, 0xB5, 0x30, 0x1B, 0x63, 0xBB, /* ....0.c. */
1904 0x2D, 0x6F, 0xE9, 0xCA, 0x0B, 0x00, 0x31, 0x3F, /* -o....1? */
1905 0xA4, 0x9A, 0x39, 0xE1, 0xC8, 0xD2, 0x24, 0x95, /* ..9...$. */
1906 0x14, 0xE9, 0xD2, 0x43, 0xE8, 0xA8, 0x1E, 0x0A, /* ...C.... */
1907 0xFE, 0x9D, 0x4F, 0xF5, 0xBB, 0x16, 0xB9, 0x54, /* ..O....T */
1908 0x78, 0x07, 0x94, 0x05, 0x8E, 0x47, 0xC3, 0xCB, /* x....G.. */
1909 0x7C, 0xEC, 0xF4, 0xF8, 0xF2, 0xA4, 0x59, 0x6E, /* |.....Yn */
1910 0xED, 0xAD, 0x7F, 0x62, 0xAF, 0x89, 0xA8, 0x5B, /* ...b...[ */
1911 0x75, 0xD4, 0x73, 0xE3, 0xBA, 0x9F, 0x9A, 0xD2, /* u.s..... */
1912 0x0F, 0xFD, 0x3C, 0xE6, 0xC6, 0xA4, 0xD6, 0x6C, /* ..<....l */
1913 0x6A, 0x09, 0xE2, 0x16, 0xB0, 0x8C, 0x69, 0x3C, /* j.....i< */
1914 0xC8, 0x1C, 0xE4, 0x3E, 0x86, 0x4D, 0xB0, 0x2B, /* ...>.M.+ */
1915 0x29, 0xA0, 0x5A, 0xA3, 0x67, 0xBA, 0xDC, 0x11, /* ).Z.g... */
1916 0x08, 0x5E, 0x69, 0xB4, 0x6F, 0xA5, 0xE2, 0xB8, /* .^i.o... */
1917 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1918 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1919};
1920
1921/* AES-CTS test vectors from http://tools.ietf.org/html/rfc3962
1922 * and http://tools.ietf.org/html/draft-raeburn-krb-rijndael-krb-02 */
1923static const uint8_t ciph_data_aes_cts_vect1_key[] = {
1924 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
1925 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
1926};
1927
1928static const uint8_t ciph_data_aes_cts_vect1_iv[16] = {
1929 0x00
1930};
1931
1932static const uint8_t ciph_data_aes_cts_vect1_ptx[] = {
1933 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1934 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1935 0x20
1936};
1937
1938static const uint8_t ciph_data_aes_cts_vect1_ctx[] = {
1939 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
1940 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
1941 0x97
1942};
1943
1944#define ciph_data_aes_cts_vect2_key ciph_data_aes_cts_vect1_key
1945#define ciph_data_aes_cts_vect2_iv ciph_data_aes_cts_vect1_iv
1946static const uint8_t ciph_data_aes_cts_vect2_ptx[] = {
1947 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1948 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1949 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1950 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
1951};
1952
1953static const uint8_t ciph_data_aes_cts_vect2_ctx[] = {
1954 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
1955 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
1956 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1957 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
1958};
1959
1960#define ciph_data_aes_cts_vect3_key ciph_data_aes_cts_vect1_key
1961#define ciph_data_aes_cts_vect3_iv ciph_data_aes_cts_vect1_iv
1962static const uint8_t ciph_data_aes_cts_vect3_ptx[] = {
1963 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1964 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1965 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1966 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1967};
1968
1969static const uint8_t ciph_data_aes_cts_vect3_ctx[] = {
1970 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
1971 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
1972 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1973 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
1974};
1975
1976#define ciph_data_aes_cts_vect4_key ciph_data_aes_cts_vect1_key
1977#define ciph_data_aes_cts_vect4_iv ciph_data_aes_cts_vect1_iv
1978static const uint8_t ciph_data_aes_cts_vect4_ptx[] = {
1979 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1980 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1981 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1982 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1983 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
1984 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c,
1985};
1986
1987static const uint8_t ciph_data_aes_cts_vect4_ctx[] = {
1988 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1989 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
1990 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
1991 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
1992 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
1993 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5,
1994};
1995
1996#define ciph_data_aes_cts_vect5_key ciph_data_aes_cts_vect1_key
1997#define ciph_data_aes_cts_vect5_iv ciph_data_aes_cts_vect1_iv
1998static const uint8_t ciph_data_aes_cts_vect5_ptx[] = {
1999 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2000 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2001 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2002 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2003 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2004 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2005};
2006
2007static const uint8_t ciph_data_aes_cts_vect5_ctx[] = {
2008 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2009 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2010 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2011 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2012 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2013 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2014};
2015
2016#define ciph_data_aes_cts_vect6_key ciph_data_aes_cts_vect1_key
2017#define ciph_data_aes_cts_vect6_iv ciph_data_aes_cts_vect1_iv
2018static const uint8_t ciph_data_aes_cts_vect6_ptx[] = {
2019 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2020 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2021 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2022 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2023 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2024 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2025 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
2026 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e,
2027};
2028
2029static const uint8_t ciph_data_aes_cts_vect6_ctx[] = {
2030 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2031 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2032 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2033 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2034 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
2035 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
2036 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2037 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2038};
2039
2040static const uint8_t ciph_data_des_ecb_nopad_out1[] = {
2041 0x46, 0x2B, 0x91, 0xA8, 0x55, 0xE6, 0x7E, 0x75, /* F+..U.~u */
2042 0x5E, 0x53, 0xF4, 0x8F, 0x29, 0x41, 0x4E, 0xEF, /* ^S..)AN. */
2043 0x32, 0x1B, 0x58, 0x42, 0x9B, 0xB4, 0x3A, 0x1F, /* 2.XB..:. */
2044 0x9A, 0xEA, 0xA4, 0xB4, 0xCD, 0xE9, 0x87, 0x7C, /* .......| */
2045 0xC0, 0x05, 0x34, 0xED, 0x86, 0x3C, 0x2A, 0x81, /* ..4..<.. */
2046 0x5E, 0x93, 0x0E, 0x86, 0xA9, 0xBB, 0x80, 0xFF, /* ^....... */
2047};
2048
2049static const uint8_t ciph_data_des_ecb_nopad_out2[] = {
2050 0x85, 0xE8, 0x13, 0x54, 0x0F, 0x0A, 0xB4, 0x05
2051};
2052
2053static const uint8_t ciph_data_des_cbc_nopad_out1[] = {
2054 0xAD, 0xD6, 0xD6, 0x3E, 0x88, 0xD0, 0xDD, 0xD4, /* ...>.... */
2055 0x9A, 0x93, 0x95, 0xA0, 0x86, 0x22, 0x5B, 0x9E, /* ....."[. */
2056 0x84, 0x0C, 0x6F, 0x12, 0x04, 0x11, 0x6F, 0xD4, /* ..o...o. */
2057 0x12, 0x29, 0xC6, 0x78, 0x0C, 0xFB, 0x58, 0x5B, /* .).x..X[ */
2058 0x66, 0x82, 0x0E, 0x52, 0xDC, 0x25, 0x16, 0x51, /* f..R.%.Q */
2059 0x69, 0xDF, 0xFE, 0x4E, 0x11, 0x1D, 0x9D, 0x08, /* i..N.... */
2060};
2061
2062static const uint8_t ciph_data_des3_ecb_nopad_out1[] = {
2063 0xA7, 0x46, 0xEC, 0xA8, 0x6A, 0x7F, 0x4A, 0xF1, /* .F..j.J. */
2064 0x44, 0x60, 0x37, 0x3B, 0x7F, 0x76, 0xE5, 0xFF, /* D`7;.v.. */
2065 0xC1, 0xE7, 0xA5, 0x04, 0x9C, 0x29, 0x5C, 0xA5, /* .....)\. */
2066 0xDD, 0xC8, 0xEE, 0x36, 0x1F, 0x48, 0xE0, 0xA9, /* ...6.H.. */
2067 0x82, 0x2D, 0x53, 0x84, 0x49, 0x69, 0x78, 0xFA, /* .-S.Iix. */
2068 0x23, 0x69, 0x1D, 0xF7, 0x08, 0x38, 0x44, 0x05, /* #i...8D. */
2069};
2070
2071static const uint8_t ciph_data_des3_cbc_nopad_out1[] = {
2072 0x18, 0x09, 0xEB, 0x98, 0xE4, 0x58, 0x72, 0x11, /* .....Xr. */
2073 0x30, 0x58, 0xAB, 0x38, 0xB0, 0xC9, 0x2B, 0xED, /* 0X.8..+. */
2074 0xDA, 0xC5, 0xE8, 0xA9, 0xF6, 0x8A, 0xA7, 0x80, /* ........ */
2075 0xBE, 0x54, 0x1F, 0x63, 0xF6, 0xEE, 0xA2, 0x4C, /* .T.c...L */
2076 0x7C, 0xEB, 0x84, 0x7D, 0xDA, 0xCA, 0x1E, 0xB2, /* |..}.... */
2077 0xED, 0x5E, 0x96, 0xB8, 0x01, 0x4B, 0x77, 0x02, /* .^...Kw. */
2078};
2079
2080static const uint8_t ciph_data_des2_ecb_nopad_out1[] = {
2081 0xAB, 0x12, 0xB6, 0xE2, 0x4A, 0x3A, 0x26, 0x14, /* ....J:&. */
2082 0xF0, 0x7D, 0x23, 0xD0, 0x55, 0xDF, 0x5C, 0x16, /* .}#.U.\. */
2083 0x43, 0x59, 0x1E, 0x44, 0x01, 0x76, 0xD7, 0x50, /* CY.D.v.P */
2084 0x44, 0xC0, 0x15, 0xDF, 0x2E, 0x7F, 0x8B, 0xC5, /* D....... */
2085 0xFF, 0x8B, 0x87, 0xFE, 0x33, 0xD7, 0xCB, 0x2C, /* ....3.., */
2086 0xDA, 0x79, 0x6F, 0xA4, 0x05, 0x2B, 0x30, 0xCE, /* .yo..+0. */
2087};
2088
2089static const uint8_t ciph_data_des2_cbc_nopad_out1[] = {
2090 0x47, 0x2F, 0xB1, 0x83, 0xC4, 0xBB, 0x93, 0x16, /* G/...... */
2091 0x73, 0xF9, 0xAD, 0x6F, 0x00, 0xF9, 0xCB, 0x4A, /* s..o...J */
2092 0x0F, 0x4F, 0x75, 0x75, 0xFB, 0x39, 0x0B, 0xFC, /* .Ouu.9.. */
2093 0x9F, 0x48, 0x52, 0xAD, 0xA2, 0x75, 0x2C, 0xF1, /* .HR..u, . */
2094 0x7D, 0xC3, 0x8F, 0x16, 0xCF, 0xC9, 0x76, 0x29, /* }.....v) */
2095 0x1A, 0xBF, 0xB3, 0xD9, 0x10, 0x7E, 0xAA, 0x49, /* .....~.I */
2096};
2097
2098struct xtest_ciph_case {
2099 uint32_t algo;
2100 uint32_t mode;
2101 uint32_t key_type;
2102 const uint8_t *key1;
2103 size_t key1_len;
2104 const uint8_t *key2;
2105 size_t key2_len;
2106 const uint8_t *iv;
2107 size_t iv_len;
2108 size_t in_incr;
2109 const uint8_t *in;
2110 size_t in_len;
2111 const uint8_t *out;
2112 size_t out_len;
2113 size_t line;
2114};
2115
2116#define XTEST_CIPH_CASE_NO_IV(algo, key_type, key, in_incr, ptx, ctx) \
2117 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2118 NULL, 0, NULL, 0, \
2119 (in_incr), (ptx), ARRAY_SIZE(ptx), (ctx), ARRAY_SIZE(ctx), \
2120 __LINE__ }, \
2121 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2122 NULL, 0, NULL, 0, \
2123 (in_incr), (ctx), ARRAY_SIZE(ctx), (ptx), ARRAY_SIZE(ptx), __LINE__ }
2124
2125#define XTEST_CIPH_CASE(algo, key_type, key, iv, in_incr, ptx, ctx) \
2126 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2127 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ptx), ARRAY_SIZE(ptx), \
2128 (ctx), ARRAY_SIZE(ctx), __LINE__ }, \
2129 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2130 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ctx), ARRAY_SIZE(ctx), \
2131 (ptx), ARRAY_SIZE(ptx), __LINE__ }
2132
2133#define XTEST_CIPH_CASE_AES_XTS(vect, in_incr) \
2134 { TEE_ALG_AES_XTS, TEE_MODE_ENCRYPT, TEE_TYPE_AES, \
2135 ciph_data_aes_xts_ ## vect ## _key1, \
2136 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2137 ciph_data_aes_xts_ ## vect ## _key2, \
2138 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2139 ciph_data_aes_xts_ ## vect ## _iv, \
2140 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2141 (in_incr), \
2142 ciph_data_aes_xts_ ## vect ## _ptx, \
2143 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), \
2144 ciph_data_aes_xts_ ## vect ## _ctx, \
2145 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), __LINE__ }, \
2146 { TEE_ALG_AES_XTS, TEE_MODE_DECRYPT, TEE_TYPE_AES, \
2147 ciph_data_aes_xts_ ## vect ## _key1, \
2148 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2149 ciph_data_aes_xts_ ## vect ## _key2, \
2150 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2151 ciph_data_aes_xts_ ## vect ## _iv, \
2152 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2153 (in_incr), \
2154 ciph_data_aes_xts_ ## vect ## _ctx, \
2155 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), \
2156 ciph_data_aes_xts_ ## vect ## _ptx, \
2157 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), __LINE__ }
2158
2159#define XTEST_CIPH_CASE_AES_CBC(vect, in_incr) \
2160 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES, \
2161 ciph_data_aes_cbc_ ## vect ## _key, \
2162 ciph_data_aes_cbc_ ## vect ## _iv, \
2163 (in_incr), ciph_data_aes_cbc_ ## vect ## _ptx, \
2164 ciph_data_aes_cbc_ ## vect ## _ctx)
2165
2166#define XTEST_CIPH_CASE_AES_CTS(vect, in_incr) \
2167 XTEST_CIPH_CASE(TEE_ALG_AES_CTS, TEE_TYPE_AES, \
2168 ciph_data_aes_cts_ ## vect ## _key, \
2169 ciph_data_aes_cts_ ## vect ## _iv, \
2170 (in_incr), ciph_data_aes_cts_ ## vect ## _ptx, \
2171 ciph_data_aes_cts_ ## vect ## _ctx)
2172
2173static const struct xtest_ciph_case ciph_cases[] = {
2174 /* AES */
2175 XTEST_CIPH_CASE_NO_IV(TEE_ALG_AES_ECB_NOPAD, TEE_TYPE_AES,
2176 ciph_data_aes_key1, 11, ciph_data_in1,
2177 ciph_data_aes_ecb_nopad_out1),
2178 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES,
2179 ciph_data_aes_key1, ciph_data_128_iv1, 11,
2180 ciph_data_in1,
2181 ciph_data_aes_cbc_nopad_out1),
2182 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2183 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2184 ciph_data_in1,
2185 ciph_data_aes_ctr_out1),
2186 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2187 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2188 ciph_data_in3,
2189 ciph_data_aes_ctr_out2),
2190
2191 XTEST_CIPH_CASE_AES_CBC(vect1, 11),
2192
2193 /* AES-CTS */
2194 XTEST_CIPH_CASE_AES_CTS(vect1, 13),
2195 XTEST_CIPH_CASE_AES_CTS(vect2, 14),
2196 XTEST_CIPH_CASE_AES_CTS(vect3, 11),
2197 XTEST_CIPH_CASE_AES_CTS(vect4, 9),
2198 XTEST_CIPH_CASE_AES_CTS(vect5, 7),
2199 XTEST_CIPH_CASE_AES_CTS(vect6, 17),
2200 XTEST_CIPH_CASE_AES_CTS(vect6, 0x20),
2201
2202 /* DES */
2203 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2204 ciph_data_des_key1, 14, ciph_data_in1,
2205 ciph_data_des_ecb_nopad_out1),
2206 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2207 ciph_data_des_key2, 3, ciph_data_in2,
2208 ciph_data_des_ecb_nopad_out2),
2209 XTEST_CIPH_CASE(TEE_ALG_DES_CBC_NOPAD, TEE_TYPE_DES,
2210 ciph_data_des_key1, ciph_data_64_iv1, 15, ciph_data_in1,
2211 ciph_data_des_cbc_nopad_out1),
2212
2213 /* DES3 */
2214 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2215 ciph_data_des3_key1, 11, ciph_data_in1,
2216 ciph_data_des3_ecb_nopad_out1),
2217 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2218 ciph_data_des3_key2, 3, ciph_data_in2,
2219 ciph_data_des_ecb_nopad_out2),
2220 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2221 ciph_data_des3_key1, ciph_data_64_iv1, 11,
2222 ciph_data_in1,
2223 ciph_data_des3_cbc_nopad_out1),
2224
2225 /* DES2 */
2226 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2227 ciph_data_des2_key1, 11, ciph_data_in1,
2228 ciph_data_des2_ecb_nopad_out1),
2229 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2230 ciph_data_des2_key1, ciph_data_64_iv1, 11,
2231 ciph_data_in1,
2232 ciph_data_des2_cbc_nopad_out1),
2233};
2234
2235static const struct xtest_ciph_case ciph_cases_xts[] = {
2236 /* AES-XTS */
2237 XTEST_CIPH_CASE_AES_XTS(vect1, 3),
2238 XTEST_CIPH_CASE_AES_XTS(vect2, 6),
2239 XTEST_CIPH_CASE_AES_XTS(vect3, 7),
2240 XTEST_CIPH_CASE_AES_XTS(vect4, 8),
2241 XTEST_CIPH_CASE_AES_XTS(vect5, 9),
2242 XTEST_CIPH_CASE_AES_XTS(vect6, 13),
2243 XTEST_CIPH_CASE_AES_XTS(vect7, 1),
2244 XTEST_CIPH_CASE_AES_XTS(vect8, 3),
2245 XTEST_CIPH_CASE_AES_XTS(vect9, 2),
2246 XTEST_CIPH_CASE_AES_XTS(vect10, 5),
2247 XTEST_CIPH_CASE_AES_XTS(vect11, 6),
2248 XTEST_CIPH_CASE_AES_XTS(vect12, 7),
2249 XTEST_CIPH_CASE_AES_XTS(vect13, 3),
2250 XTEST_CIPH_CASE_AES_XTS(vect14, 2),
2251 XTEST_CIPH_CASE_AES_XTS(vect15, 0),
2252 XTEST_CIPH_CASE_AES_XTS(vect16, 9),
2253 XTEST_CIPH_CASE_AES_XTS(vect17, 6),
2254 XTEST_CIPH_CASE_AES_XTS(vect18, 8),
2255 XTEST_CIPH_CASE_AES_XTS(vect19, 23),
2256};
2257
2258static void xtest_tee_test_4003_no_xts(ADBG_Case_t *c)
2259{
2260 TEEC_Session session = { 0 };
2261 TEE_OperationHandle op;
2262 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2263 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2264 uint8_t out[2048];
2265 size_t out_size;
2266 size_t out_offs;
2267 uint32_t ret_orig;
2268 size_t n;
2269
2270 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2271 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2272 &ret_orig)))
2273 return;
2274
2275 for (n = 0; n < ARRAY_SIZE(ciph_cases); n++) {
2276 TEE_Attribute key_attr;
2277 size_t key_size;
2278 size_t op_key_size;
2279
2280
2281 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2282 (int)n, (unsigned int)ciph_cases[n].algo,
2283 (int)ciph_cases[n].line);
2284
2285 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2286 key_attr.content.ref.buffer = (void *)ciph_cases[n].key1;
2287 key_attr.content.ref.length = ciph_cases[n].key1_len;
2288
2289 key_size = key_attr.content.ref.length * 8;
2290 if (ciph_cases[n].key_type == TEE_TYPE_DES ||
2291 ciph_cases[n].key_type == TEE_TYPE_DES3)
2292 /* Exclude parity in bit size of key */
2293 key_size -= key_size / 8;
2294
2295 op_key_size = key_size;
2296 if (ciph_cases[n].key2 != NULL)
2297 op_key_size *= 2;
2298
2299 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2300 ta_crypt_cmd_allocate_operation(c, &session, &op,
2301 ciph_cases[n].algo, ciph_cases[n].mode,
2302 op_key_size)))
2303 goto out;
2304
2305 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2306 ta_crypt_cmd_allocate_transient_object(c, &session,
2307 ciph_cases[n].key_type, key_size,
2308 &key1_handle)))
2309 goto out;
2310
2311 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2312 ta_crypt_cmd_populate_transient_object(c, &session,
2313 key1_handle, &key_attr, 1)))
2314 goto out;
2315
2316 if (ciph_cases[n].key2 != NULL) {
2317 key_attr.content.ref.buffer =
2318 (void *)ciph_cases[n].key2;
2319 key_attr.content.ref.length = ciph_cases[n].key2_len;
2320
2321 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2322 ta_crypt_cmd_allocate_transient_object(c,
2323 &session, ciph_cases[n].key_type,
2324 key_attr.content.ref.length * 8,
2325 &key2_handle)))
2326 goto out;
2327
2328 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2329 ta_crypt_cmd_populate_transient_object(c,
2330 &session, key2_handle, &key_attr, 1)))
2331 goto out;
2332
2333 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2334 ta_crypt_cmd_set_operation_key2(c, &session, op,
2335 key1_handle, key2_handle)))
2336 goto out;
2337 } else {
2338 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2339 ta_crypt_cmd_set_operation_key(c, &session, op,
2340 key1_handle)))
2341 goto out;
2342 }
2343
2344 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2345 ta_crypt_cmd_free_transient_object(c, &session,
2346 key1_handle)))
2347 goto out;
2348 key1_handle = TEE_HANDLE_NULL;
2349
2350 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2351 ta_crypt_cmd_free_transient_object(c, &session,
2352 key2_handle)))
2353 goto out;
2354 key2_handle = TEE_HANDLE_NULL;
2355
2356 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2357 ta_crypt_cmd_cipher_init(c, &session, op,
2358 ciph_cases[n].iv, ciph_cases[n].iv_len)))
2359 goto out;
2360
2361 out_offs = 0;
2362 out_size = sizeof(out);
2363 memset(out, 0, sizeof(out));
2364 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2365 ta_crypt_cmd_cipher_update(c, &session, op,
2366 ciph_cases[n].in, ciph_cases[n].in_incr, out,
2367 &out_size)))
2368 goto out;
2369
2370 out_offs += out_size;
2371 out_size = sizeof(out) - out_offs;
2372
2373 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2374 ta_crypt_cmd_cipher_do_final(c, &session, op,
2375 ciph_cases[n].in + ciph_cases[n].in_incr,
2376 ciph_cases[n].in_len - ciph_cases[n].in_incr,
2377 out + out_offs,
2378 &out_size)))
2379 goto out;
2380
2381 out_offs += out_size;
2382
2383 (void)ADBG_EXPECT_BUFFER(c, ciph_cases[n].out,
2384 ciph_cases[n].out_len, out, out_offs);
2385
2386 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2387 ta_crypt_cmd_free_operation(c, &session, op)))
2388 goto out;
2389
2390 Do_ADBG_EndSubCase(c, NULL);
2391 }
2392out:
2393 TEEC_CloseSession(&session);
2394}
2395
2396/*
2397 * This is a split of the original xtest 4003 as eary version of the ST TEE.
2398 *
2399 * Core did not support xts.
2400 */
2401static void xtest_tee_test_4003_xts(ADBG_Case_t *c)
2402{
2403 TEEC_Session session = { 0 };
2404 TEE_OperationHandle op;
2405 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2406 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2407 uint8_t out[2048];
2408 size_t out_size;
2409 size_t out_offs;
2410 uint32_t ret_orig;
2411 size_t n;
2412
2413 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2414 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2415 &ret_orig)))
2416 return;
2417
2418 for (n = 0; n < ARRAY_SIZE(ciph_cases_xts); n++) {
2419 TEE_Attribute key_attr;
2420 size_t key_size;
2421 size_t op_key_size;
2422
2423 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2424 (int)n,
2425 (unsigned int)ciph_cases_xts[n].algo,
2426 (int)ciph_cases_xts[n].line);
2427
2428 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2429 key_attr.content.ref.buffer = (void *)ciph_cases_xts[n].key1;
2430 key_attr.content.ref.length = ciph_cases_xts[n].key1_len;
2431
2432 key_size = key_attr.content.ref.length * 8;
2433 if (ciph_cases_xts[n].key_type == TEE_TYPE_DES ||
2434 ciph_cases_xts[n].key_type == TEE_TYPE_DES3)
2435 /* Exclude parity in bit size of key */
2436 key_size -= key_size / 8;
2437
2438 op_key_size = key_size;
2439 if (ciph_cases_xts[n].key2 != NULL)
2440 op_key_size *= 2;
2441
2442 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2443 ta_crypt_cmd_allocate_operation(c, &session, &op,
2444 ciph_cases_xts[n].algo, ciph_cases_xts[n].mode,
2445 op_key_size)))
2446 goto out;
2447
2448 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2449 ta_crypt_cmd_allocate_transient_object(c, &session,
2450 ciph_cases_xts[n].key_type, key_size,
2451 &key1_handle)))
2452 goto out;
2453
2454 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2455 ta_crypt_cmd_populate_transient_object(c, &session,
2456 key1_handle, &key_attr, 1)))
2457 goto out;
2458
2459 if (ciph_cases_xts[n].key2 != NULL) {
2460 key_attr.content.ref.buffer =
2461 (void *)ciph_cases_xts[n].key2;
2462
2463 key_attr.content.ref.length =
2464 ciph_cases_xts[n].key2_len;
2465
2466 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2467 ta_crypt_cmd_allocate_transient_object(c,
2468 &session, ciph_cases_xts[n].key_type,
2469 key_attr.content.ref.length * 8,
2470 &key2_handle)))
2471 goto out;
2472
2473 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2474 ta_crypt_cmd_populate_transient_object(c,
2475 &session, key2_handle, &key_attr, 1)))
2476 goto out;
2477
2478 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2479 ta_crypt_cmd_set_operation_key2(c, &session, op,
2480 key1_handle, key2_handle)))
2481 goto out;
2482 } else {
2483 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2484 ta_crypt_cmd_set_operation_key(c, &session, op,
2485 key1_handle)))
2486 goto out;
2487 }
2488
2489 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2490 ta_crypt_cmd_free_transient_object(c, &session,
2491 key1_handle)))
2492 goto out;
2493
2494 key1_handle = TEE_HANDLE_NULL;
2495
2496 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2497 ta_crypt_cmd_free_transient_object(c, &session,
2498 key2_handle)))
2499 goto out;
2500
2501 key2_handle = TEE_HANDLE_NULL;
2502
2503 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_cipher_init(c,
2504 &
2505 session,
2506 op,
2507 ciph_cases_xts
2508 [n].iv, ciph_cases_xts[n].iv_len)))
2509 goto out;
2510
2511 out_offs = 0;
2512 out_size = sizeof(out);
2513 memset(out, 0, sizeof(out));
2514 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2515 ta_crypt_cmd_cipher_update(c, &session, op,
2516 ciph_cases_xts[n].in, ciph_cases_xts[n].in_incr,
2517 out, &out_size)))
2518 goto out;
2519
2520 out_offs += out_size;
2521 out_size = sizeof(out) - out_offs;
2522
2523 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2524 ta_crypt_cmd_cipher_do_final(c, &session, op,
2525 ciph_cases_xts[n].in +
2526 ciph_cases_xts[n].in_incr,
2527 ciph_cases_xts[n].in_len -
2528 ciph_cases_xts[n].in_incr,
2529 out + out_offs,
2530 &out_size)))
2531 goto out;
2532 out_offs += out_size;
2533
2534 (void)ADBG_EXPECT_BUFFER(c, ciph_cases_xts[n].out,
2535 ciph_cases_xts[n].out_len, out,
2536 out_offs);
2537
2538 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2539 ta_crypt_cmd_free_operation(c, &session, op)))
2540 goto out;
2541
2542 Do_ADBG_EndSubCase(c, NULL);
2543 }
2544out:
2545 TEEC_CloseSession(&session);
2546}
2547
2548static void xtest_tee_test_4004(ADBG_Case_t *c)
2549{
2550 TEEC_Session session = { 0 };
2551 uint32_t ret_orig;
2552 uint8_t buf1[45] = { 0 };
2553 uint8_t buf2[45] = { 0 };
2554 static const uint8_t zeros[45] = { 0 };
2555
2556 Do_ADBG_BeginSubCase(c, "TEE get random");
2557 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2558 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2559 &ret_orig)))
2560 return;
2561
2562 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2563 ta_crypt_cmd_random_number_generate(c, &session, buf1,
2564 sizeof(buf1))))
2565 goto out;
2566
2567 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2568 0, !=, memcmp(buf1, zeros, sizeof(buf1)));
2569
2570 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2571 ta_crypt_cmd_random_number_generate(c, &session, buf2,
2572 sizeof(buf2))))
2573 goto out;
2574
2575 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2576 0, !=, memcmp(buf2, zeros, sizeof(buf2)));
2577
2578 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2579 0, !=, memcmp(buf2, buf1, sizeof(buf1)));
2580out:
2581 TEEC_CloseSession(&session);
2582 Do_ADBG_EndSubCase(c, "TEE get random");
2583}
2584
2585
2586struct xtest_ae_case {
2587 uint32_t algo;
2588 uint32_t mode;
2589 uint32_t key_type;
2590 const uint8_t *key;
2591 size_t key_len;
2592 const uint8_t *nonce;
2593 size_t nonce_len;
2594 size_t aad_incr;
2595 const uint8_t *aad;
2596 size_t aad_len;
2597 size_t in_incr;
2598 const uint8_t *ptx;
2599 size_t ptx_len;
2600 const uint8_t *ctx;
2601 size_t ctx_len;
2602 const uint8_t *tag;
2603 size_t tag_len;
2604 size_t line;
2605};
2606
2607
2608#define ARRAY(a) a, ARRAY_SIZE(a)
2609#define NULL_ARRAY(a) NULL, 0
2610
2611#define XTEST_AE_CASE(algo, vect, aad_incr, in_incr, \
2612 aad_array, ptx_array, ctx_array) \
2613 { (algo), TEE_MODE_ENCRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2614 ARRAY(vect ## _nonce), (aad_incr), \
2615 aad_array(vect ## _aad), (in_incr), \
2616 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2617 ARRAY(vect ## _tag), \
2618 __LINE__ }, \
2619 { (algo), TEE_MODE_DECRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2620 ARRAY(vect ## _nonce), (aad_incr), \
2621 aad_array(vect ## _aad), (in_incr), \
2622 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2623 ARRAY(vect ## _tag), \
2624 __LINE__ }
2625
2626#define XTEST_AE_CASE_AES_CCM(vect, aad_incr, in_incr) \
2627 XTEST_AE_CASE(TEE_ALG_AES_CCM, ae_data_aes_ccm_ ## vect, aad_incr, \
2628 in_incr, ARRAY, ARRAY, ARRAY)
2629
2630#define XTEST_AE_CASE_AES_GCM(vect, aad_incr, in_incr, \
2631 aad_array, ptx_array, ctx_array) \
2632 XTEST_AE_CASE(TEE_ALG_AES_GCM, ae_data_aes_gcm_ ## vect, aad_incr, \
2633 in_incr, aad_array, ptx_array, ctx_array)
2634
2635
2636
2637static const struct xtest_ae_case ae_cases[] = {
2638 XTEST_AE_CASE_AES_CCM(vect1, 3, 2),
2639 XTEST_AE_CASE_AES_CCM(vect2, 7, 13),
2640 XTEST_AE_CASE_AES_CCM(vect3, 5, 21),
2641
2642 XTEST_AE_CASE_AES_GCM(vect1, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2643 XTEST_AE_CASE_AES_GCM(vect2, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2644 XTEST_AE_CASE_AES_GCM(vect3, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2645 XTEST_AE_CASE_AES_GCM(vect3, 0, 0x20, NULL_ARRAY, ARRAY, ARRAY),
2646 XTEST_AE_CASE_AES_GCM(vect4, 5, 9, ARRAY, ARRAY, ARRAY),
2647 XTEST_AE_CASE_AES_GCM(vect5, 5, 9, ARRAY, ARRAY, ARRAY),
2648 XTEST_AE_CASE_AES_GCM(vect6, 5, 9, ARRAY, ARRAY, ARRAY),
2649 XTEST_AE_CASE_AES_GCM(vect7, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2650 XTEST_AE_CASE_AES_GCM(vect8, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2651 XTEST_AE_CASE_AES_GCM(vect9, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2652 XTEST_AE_CASE_AES_GCM(vect10, 5, 9, ARRAY, ARRAY, ARRAY),
2653 XTEST_AE_CASE_AES_GCM(vect11, 5, 9, ARRAY, ARRAY, ARRAY),
2654 XTEST_AE_CASE_AES_GCM(vect12, 5, 9, ARRAY, ARRAY, ARRAY),
2655 XTEST_AE_CASE_AES_GCM(vect13, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2656 XTEST_AE_CASE_AES_GCM(vect14, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2657 XTEST_AE_CASE_AES_GCM(vect15, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2658 XTEST_AE_CASE_AES_GCM(vect16, 5, 9, ARRAY, ARRAY, ARRAY),
2659 XTEST_AE_CASE_AES_GCM(vect17, 5, 9, ARRAY, ARRAY, ARRAY),
2660 XTEST_AE_CASE_AES_GCM(vect18, 5, 9, ARRAY, ARRAY, ARRAY),
2661};
2662
2663static void xtest_tee_test_4005(ADBG_Case_t *c)
2664{
2665 TEEC_Session session = { 0 };
2666 TEE_OperationHandle op;
2667 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
2668 TEE_Attribute key_attr;
2669 uint8_t out[512];
2670 size_t out_size;
2671 size_t out_offs;
2672 uint32_t ret_orig;
2673 size_t n;
2674
2675 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2676 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2677 &ret_orig)))
2678 return;
2679
2680 for (n = 0; n < ARRAY_SIZE(ae_cases); n++) {
2681 Do_ADBG_BeginSubCase(c, "AE case %d algo 0x%x line %d",
2682 (int)n, (unsigned int)ae_cases[n].algo,
2683 (int)ae_cases[n].line);
2684
2685 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2686 key_attr.content.ref.buffer = (void *)ae_cases[n].key;
2687 key_attr.content.ref.length = ae_cases[n].key_len;
2688
2689 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2690 ta_crypt_cmd_allocate_operation(c, &session, &op,
2691 ae_cases[n].algo, ae_cases[n].mode,
2692 key_attr.content.ref.length * 8)))
2693 goto out;
2694
2695 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2696 ta_crypt_cmd_allocate_transient_object(c, &session,
2697 ae_cases[n].key_type,
2698 key_attr.content.ref.length * 8,
2699 &key_handle)))
2700 goto out;
2701
2702 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2703 ta_crypt_cmd_populate_transient_object(c, &session,
2704 key_handle, &key_attr, 1)))
2705 goto out;
2706
2707 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2708 ta_crypt_cmd_set_operation_key(c, &session, op,
2709 key_handle)))
2710 goto out;
2711
2712 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2713 ta_crypt_cmd_free_transient_object(c, &session,
2714 key_handle)))
2715 goto out;
2716 key_handle = TEE_HANDLE_NULL;
2717
2718 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2719 ta_crypt_cmd_ae_init(c, &session, op, ae_cases[n].nonce,
2720 ae_cases[n].nonce_len, ae_cases[n].tag_len,
2721 ae_cases[n].aad_len, ae_cases[n].ptx_len)))
2722 goto out;
2723
2724 if (ae_cases[n].aad != NULL) {
2725 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2726 ta_crypt_cmd_ae_update_aad(c, &session, op,
2727 ae_cases[n].aad, ae_cases[n].aad_incr)))
2728 goto out;
2729
2730 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2731 ta_crypt_cmd_ae_update_aad(c, &session, op,
2732 ae_cases[n].aad + ae_cases[n].aad_incr,
2733 ae_cases [n].aad_len -
2734 ae_cases[n].aad_incr)))
2735 goto out;
2736 }
2737
2738 out_offs = 0;
2739 out_size = sizeof(out);
2740 memset(out, 0, sizeof(out));
2741 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2742 if (ae_cases[n].ptx != NULL) {
2743 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2744 ta_crypt_cmd_ae_update(c, &session, op,
2745 ae_cases[n].ptx,
2746 ae_cases[n].in_incr, out,
2747 &out_size)))
2748 goto out;
2749 out_offs += out_size;
2750 }
2751 } else {
2752 if (ae_cases[n].ctx != NULL) {
2753 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2754 ta_crypt_cmd_ae_update(c, &session, op,
2755 ae_cases[n].ctx,
2756 ae_cases[n].in_incr, out,
2757 &out_size)))
2758 goto out;
2759 out_offs += out_size;
2760 }
2761 }
2762
2763 out_size = sizeof(out) - out_offs;
2764 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2765 uint8_t out_tag[64];
2766 size_t out_tag_len = MIN(sizeof(out_tag),
2767 ae_cases[n].tag_len);
2768
2769 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2770 ta_crypt_cmd_ae_encrypt_final(c, &session, op,
2771 ae_cases[n].ptx + ae_cases[n].in_incr,
2772 ae_cases[n].ptx_len -
2773 ae_cases[n].in_incr,
2774 out + out_offs,
2775 &out_size, out_tag, &out_tag_len)))
2776 goto out;
2777
2778 (void)ADBG_EXPECT_BUFFER(c,
2779 ae_cases[n].tag, ae_cases[n].tag_len, out_tag,
2780 out_tag_len);
2781
2782 out_offs += out_size;
2783
2784 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ctx,
2785 ae_cases[n].ctx_len, out, out_offs);
2786 } else {
2787 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2788 ta_crypt_cmd_ae_decrypt_final(c, &session, op,
2789 ae_cases[n].ctx + ae_cases[n].in_incr,
2790 ae_cases[n].ctx_len -
2791 ae_cases[n].in_incr,
2792 out + out_offs,
2793 &out_size, ae_cases[n].tag,
2794 ae_cases[n].tag_len)))
2795 goto out;
2796
2797 out_offs += out_size;
2798
2799 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ptx,
2800 ae_cases[n].ptx_len, out, out_offs);
2801 }
2802
2803 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2804 ta_crypt_cmd_free_operation(c, &session, op)))
2805 goto out;
2806
2807 Do_ADBG_EndSubCase(c, NULL);
2808 }
2809out:
2810 TEEC_CloseSession(&session);
2811}
2812
2813struct xtest_ac_case {
2814 uint32_t algo;
2815 TEE_OperationMode mode;
2816
2817 union {
2818 struct {
2819 const uint8_t *modulus;
2820 size_t modulus_len;
2821
2822 const uint8_t *pub_exp;
2823 size_t pub_exp_len;
2824
2825 const uint8_t *priv_exp;
2826 size_t priv_exp_len;
2827
2828 const uint8_t *prime1; /* q */
2829 size_t prime1_len;
2830 const uint8_t *prime2; /* p */
2831 size_t prime2_len;
2832 const uint8_t *exp1; /* dp */
2833 size_t exp1_len;
2834 const uint8_t *exp2; /* dq */
2835 size_t exp2_len;
2836 const uint8_t *coeff; /* iq */
2837 size_t coeff_len;
2838
2839 int salt_len;
2840 } rsa;
2841 struct {
2842 const uint8_t *prime;
2843 size_t prime_len;
2844 const uint8_t *sub_prime;
2845 size_t sub_prime_len;
2846 const uint8_t *base;
2847 size_t base_len;
2848 const uint8_t *pub_val;
2849 size_t pub_val_len;
2850 const uint8_t *priv_val;
2851 size_t priv_val_len;
2852 } dsa;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]2853 struct {
2854 const uint8_t *private;
2855 size_t private_len;
2856 const uint8_t *public_x;
2857 size_t public_x_len;
2858 const uint8_t *public_y;
2859 size_t public_y_len;
2860 } ecdsa;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2861 } params;
2862
2863 const uint8_t *ptx;
2864 size_t ptx_len;
2865 const uint8_t *ctx;
2866 size_t ctx_len;
2867 size_t line;
2868};
2869
2870#define WITHOUT_SALT(x) -1
2871#define WITH_SALT(x) x
2872
2873#define XTEST_AC_CASE(algo, mode, vect, union_params) \
2874 { (algo), (mode), .params = union_params, \
2875 ARRAY(vect ## _ptx), \
2876 ARRAY(vect ## _out), \
2877 __LINE__ }
2878
2879#define XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt) \
2880 { .rsa = { \
2881 ARRAY(vect ## _modulus), \
2882 ARRAY(vect ## _pub_exp), \
2883 ARRAY(vect ## _priv_exp), \
2884 opt_crt_array(vect ## _prime1), \
2885 opt_crt_array(vect ## _prime2), \
2886 opt_crt_array(vect ## _exp1), \
2887 opt_crt_array(vect ## _exp2), \
2888 opt_crt_array(vect ## _coeff), \
2889 opt_salt(vect ## _salt_len) \
2890 } }
2891
2892#define XTEST_AC_RSA_CASE(algo, mode, vect, opt_crt_array, opt_salt) \
2893 XTEST_AC_CASE(algo, mode, vect, \
2894 XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt))
2895
2896#define XTEST_AC_DSA_UNION(vect) \
2897 { .dsa = { \
2898 ARRAY(vect ## _prime), \
2899 ARRAY(vect ## _sub_prime), \
2900 ARRAY(vect ## _base), \
2901 ARRAY(vect ## _pub_val), \
2902 ARRAY(vect ## _priv_val), \
2903 } }
2904
2905#define XTEST_AC_DSA_CASE(algo, mode, vect) \
2906 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_DSA_UNION(vect))
2907
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]2908#define XTEST_AC_ECDSA_UNION(vect) \
2909 { .ecdsa = { \
2910 ARRAY(vect ## _private), \
2911 ARRAY(vect ## _public_x), \
2912 ARRAY(vect ## _public_y), \
2913 } }
2914
2915#define XTEST_AC_ECDSA_CASE(algo, mode, vect) \
2916 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_ECDSA_UNION(vect))
2917
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2918static const struct xtest_ac_case xtest_ac_cases[] = {
2919 /* RSA test without crt parameters */
2920 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2921 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2922 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2923 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2924 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2925 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2926 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2927 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2928 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2929 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2930 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2931 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2932 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2933 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2934 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2935 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2936 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2937 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2938 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2939 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2940 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2941 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2942 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2943 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2944
2945 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2946 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2947 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2948 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2949
2950 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2951 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2952 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2953 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2954 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_SIGN,
2955 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2956 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_VERIFY,
2957 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2958 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
2959 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2960 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
2961 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2962 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
2963 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2964 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
2965 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2966 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
2967 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2968 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
2969 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2970
2971 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
2972 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
2973 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
2974 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
2975 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
2976 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
2977 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
2978 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
2979 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
2980 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
2981 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
2982 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
2983 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
2984 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
2985 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
2986 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
2987 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
2988 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
2989 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
2990 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
2991
2992 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
2993 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
2994 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
2995 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
2996 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
2997 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
2998 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
2999 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
3000 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3001 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3002 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3003 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3004
3005 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3006 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
3007 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3008 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
3009 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3010 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
3011 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3012 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
3013 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3014 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
3015 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3016 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
3017
3018 /* RSA test with crt parameters */
3019 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3020 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3021 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3022 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3023 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3024 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3025 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3026 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3027 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3028 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3029 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3030 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3031 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3032 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3033 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3034 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3035 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3036 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3037 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3038 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3039 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3040 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3041 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3042 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3043 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3044 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3045 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3046 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3047 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3048 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3049 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3050 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3051 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
3052 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3053 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
3054 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3055 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
3056 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3057 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
3058 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3059 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
3060 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3061 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
3062 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3063
3064 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
3065 ac_rsassa_vect12, ARRAY, WITH_SALT),
3066 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
3067 ac_rsassa_vect12, ARRAY, WITH_SALT),
3068 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
3069 ac_rsassa_vect17, ARRAY, WITH_SALT),
3070 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
3071 ac_rsassa_vect17, ARRAY, WITH_SALT),
3072 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
3073 ac_rsassa_vect13, ARRAY, WITH_SALT),
3074 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
3075 ac_rsassa_vect13, ARRAY, WITH_SALT),
3076 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
3077 ac_rsassa_vect14, ARRAY, WITH_SALT),
3078 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
3079 ac_rsassa_vect14, ARRAY, WITH_SALT),
3080 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
3081 ac_rsassa_vect15, ARRAY, WITH_SALT),
3082 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
3083 ac_rsassa_vect15, ARRAY, WITH_SALT),
3084
3085 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3086 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3087 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3088 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3089 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3090 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3091 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3092 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3093 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3094 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3095 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3096 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3097
3098 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3099 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3100 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3101 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3102 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3103 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3104 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3105 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3106 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3107 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3108 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3109 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3110
3111 /* DSA tests */
3112 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect1),
3113 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect1),
3114 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect2),
3115 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect2),
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3116
3117 /* ECDSA tests */
3118 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3119 ac_ecdsa_vect192),
3120 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3121 ac_ecdsa_vect192),
3122 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3123 ac_ecdsa_vect224),
3124 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3125 ac_ecdsa_vect224),
3126 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3127 ac_ecdsa_vect256),
3128 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3129 ac_ecdsa_vect256),
3130 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3131 ac_ecdsa_vect384),
3132 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3133 ac_ecdsa_vect384),
3134 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3135 ac_ecdsa_vect521),
3136 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3137 ac_ecdsa_vect521),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3138};
3139
3140static bool create_key(ADBG_Case_t *c, TEEC_Session *s,
3141 uint32_t max_key_size, uint32_t key_type,
3142 TEE_Attribute *attrs, size_t num_attrs,
3143 TEE_ObjectHandle *handle)
3144{
3145 size_t n;
3146
3147 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3148 ta_crypt_cmd_allocate_transient_object(c, s, key_type,
3149 max_key_size, handle)))
3150 return false;
3151
3152 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3153 ta_crypt_cmd_populate_transient_object(c, s, *handle, attrs,
3154 num_attrs)))
3155 return false;
3156
3157 for (n = 0; n < num_attrs; n++) {
3158 uint8_t out[256];
3159 size_t out_size;
3160
3161 out_size = sizeof(out);
3162 memset(out, 0, sizeof(out));
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3163
3164 if (attrs[n].attributeID == TEE_ATTR_ECC_CURVE)
3165 continue;
3166
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3167 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3168 ta_crypt_cmd_get_object_buffer_attribute(c, s, *handle,
3169 attrs[n].attributeID, out, &out_size)))
3170 return false;
3171
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3172 if (out_size < attrs[n].content.ref.length) {
3173 memmove(out + (attrs[n].content.ref.length - out_size),
3174 out,
3175 attrs[n].content.ref.length);
3176 memset(out, 0, attrs[n].content.ref.length - out_size);
3177 out_size = attrs[n].content.ref.length;
3178 }
3179
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3180 if (!ADBG_EXPECT_BUFFER(c, attrs[n].content.ref.buffer,
3181 attrs[n].content.ref.length, out, out_size))
3182 return false;
3183 }
3184
3185 return true;
3186}
3187
3188static void xtest_tee_test_4006(ADBG_Case_t *c)
3189{
3190 TEEC_Session session = { 0 };
3191 TEE_OperationHandle op = TEE_HANDLE_NULL;
3192 TEE_ObjectHandle priv_key_handle = TEE_HANDLE_NULL;
3193 TEE_ObjectHandle pub_key_handle = TEE_HANDLE_NULL;
3194 TEE_Attribute key_attrs[8];
3195 TEE_Attribute algo_params[1];
3196 size_t num_algo_params;
3197 uint8_t out[512];
3198 size_t out_size;
3199 uint8_t out_enc[512];
3200 size_t out_enc_size;
3201 uint8_t ptx_hash[TEE_MAX_HASH_SIZE];
3202 size_t ptx_hash_size;
3203 size_t max_key_size;
3204 size_t num_key_attrs;
3205 uint32_t ret_orig;
3206 size_t n;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3207 uint32_t curve;
3208 uint32_t hash_algo;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3209
3210 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3211 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
3212 &ret_orig)))
3213 return;
3214
3215 for (n = 0; n < ARRAY_SIZE(xtest_ac_cases); n++) {
3216 const struct xtest_ac_case *tv = xtest_ac_cases + n;
3217
3218 Do_ADBG_BeginSubCase(c, "Asym Crypto case %d algo 0x%x line %d",
3219 (int)n, (unsigned int)tv->algo,
3220 (int)tv->line);
3221
3222 /*
3223 * When signing or verifying we're working with the hash of
3224 * the payload.
3225 */
3226 if (tv->mode == TEE_MODE_VERIFY || tv->mode == TEE_MODE_SIGN) {
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3227 if (TEE_ALG_GET_MAIN_ALG(tv->algo) == TEE_MAIN_ALGO_ECDSA)
3228 hash_algo = TEE_ALG_SHA1;
3229 else
3230 hash_algo = TEE_ALG_HASH_ALGO(
3231 TEE_ALG_GET_DIGEST_HASH(tv->algo));
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3232
3233 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3234 ta_crypt_cmd_allocate_operation(c, &session,
3235 &op, hash_algo, TEE_MODE_DIGEST, 0)))
3236 goto out;
3237
3238 ptx_hash_size = sizeof(ptx_hash);
3239 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3240 ta_crypt_cmd_digest_do_final(c, & session, op,
3241 tv->ptx, tv->ptx_len, ptx_hash,
3242 &ptx_hash_size)))
3243 goto out;
3244
3245 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3246 ta_crypt_cmd_free_operation(c, &session, op)))
3247 goto out;
3248 }
3249
3250 num_algo_params = 0;
3251 num_key_attrs = 0;
3252 switch (TEE_ALG_GET_MAIN_ALG(tv->algo)) {
3253 case TEE_MAIN_ALGO_RSA:
3254 if (tv->params.rsa.salt_len > 0) {
3255 algo_params[0].attributeID =
3256 TEE_ATTR_RSA_PSS_SALT_LENGTH;
3257 algo_params[0].content.value.a =
3258 tv->params.rsa.salt_len;
3259 algo_params[0].content.value.b = 0;
3260 num_algo_params = 1;
3261 }
3262
3263 max_key_size = tv->params.rsa.modulus_len * 8;
3264
3265 xtest_add_attr(&num_key_attrs, key_attrs,
3266 TEE_ATTR_RSA_MODULUS,
3267 tv->params.rsa.modulus,
3268 tv->params.rsa.modulus_len);
3269 xtest_add_attr(&num_key_attrs, key_attrs,
3270 TEE_ATTR_RSA_PUBLIC_EXPONENT,
3271 tv->params.rsa.pub_exp,
3272 tv->params.rsa.pub_exp_len);
3273
3274 if (!ADBG_EXPECT_TRUE(c,
3275 create_key(c, &session,
3276 max_key_size,
3277 TEE_TYPE_RSA_PUBLIC_KEY,
3278 key_attrs,
3279 num_key_attrs,
3280 &pub_key_handle)))
3281 goto out;
3282
3283 xtest_add_attr(&num_key_attrs, key_attrs,
3284 TEE_ATTR_RSA_PRIVATE_EXPONENT,
3285 tv->params.rsa.priv_exp,
3286 tv->params.rsa.priv_exp_len);
3287
3288 if (tv->params.rsa.prime1_len != 0) {
3289 xtest_add_attr(&num_key_attrs, key_attrs,
3290 TEE_ATTR_RSA_PRIME1,
3291 tv->params.rsa.prime1,
3292 tv->params.rsa.prime1_len);
3293 }
3294
3295 if (tv->params.rsa.prime2_len != 0) {
3296 xtest_add_attr(&num_key_attrs, key_attrs,
3297 TEE_ATTR_RSA_PRIME2,
3298 tv->params.rsa.prime2,
3299 tv->params.rsa.prime2_len);
3300 }
3301
3302 if (tv->params.rsa.exp1_len != 0) {
3303 xtest_add_attr(&num_key_attrs, key_attrs,
3304 TEE_ATTR_RSA_EXPONENT1,
3305 tv->params.rsa.exp1,
3306 tv->params.rsa.exp1_len);
3307 }
3308
3309 if (tv->params.rsa.exp2_len != 0) {
3310 xtest_add_attr(&num_key_attrs, key_attrs,
3311 TEE_ATTR_RSA_EXPONENT2,
3312 tv->params.rsa.exp2,
3313 tv->params.rsa.exp2_len);
3314 }
3315
3316 if (tv->params.rsa.coeff_len != 0) {
3317 xtest_add_attr(&num_key_attrs, key_attrs,
3318 TEE_ATTR_RSA_COEFFICIENT,
3319 tv->params.rsa.coeff,
3320 tv->params.rsa.coeff_len);
3321 }
3322
3323 if (!ADBG_EXPECT_TRUE(c,
3324 create_key(c, &session,
3325 max_key_size,
3326 TEE_TYPE_RSA_KEYPAIR,
3327 key_attrs,
3328 num_key_attrs,
3329 &priv_key_handle)))
3330 goto out;
3331 break;
3332
3333 case TEE_MAIN_ALGO_DSA:
3334 max_key_size = tv->params.dsa.prime_len * 8;
3335
3336 xtest_add_attr(&num_key_attrs, key_attrs,
3337 TEE_ATTR_DSA_PRIME,
3338 tv->params.dsa.prime,
3339 tv->params.dsa.prime_len);
3340 xtest_add_attr(&num_key_attrs, key_attrs,
3341 TEE_ATTR_DSA_SUBPRIME,
3342 tv->params.dsa.sub_prime,
3343 tv->params.dsa.sub_prime_len);
3344 xtest_add_attr(&num_key_attrs, key_attrs,
3345 TEE_ATTR_DSA_BASE,
3346 tv->params.dsa.base,
3347 tv->params.dsa.base_len);
3348 xtest_add_attr(&num_key_attrs, key_attrs,
3349 TEE_ATTR_DSA_PUBLIC_VALUE,
3350 tv->params.dsa.pub_val,
3351 tv->params.dsa.pub_val_len);
3352
3353 if (!ADBG_EXPECT_TRUE(c,
3354 create_key(c, &session, max_key_size,
3355 TEE_TYPE_DSA_PUBLIC_KEY, key_attrs,
3356 num_key_attrs, &pub_key_handle)))
3357 goto out;
3358
3359 xtest_add_attr(&num_key_attrs, key_attrs,
3360 TEE_ATTR_DSA_PRIVATE_VALUE,
3361 tv->params.dsa.priv_val,
3362 tv->params.dsa.priv_val_len);
3363
3364 if (!ADBG_EXPECT_TRUE(c,
3365 create_key(c, &session, max_key_size,
3366 TEE_TYPE_DSA_KEYPAIR, key_attrs,
3367 num_key_attrs, &priv_key_handle)))
3368 goto out;
3369 break;
3370
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3371 case TEE_MAIN_ALGO_ECDSA:
3372 switch (tv->algo) {
3373 case TEE_ALG_ECDSA_P192:
3374 curve = TEE_ECC_CURVE_NIST_P192;
3375 break;
3376 case TEE_ALG_ECDSA_P224:
3377 curve = TEE_ECC_CURVE_NIST_P224;
3378 break;
3379 case TEE_ALG_ECDSA_P256:
3380 curve = TEE_ECC_CURVE_NIST_P256;
3381 break;
3382 case TEE_ALG_ECDSA_P384:
3383 curve = TEE_ECC_CURVE_NIST_P384;
3384 break;
3385 case TEE_ALG_ECDSA_P521:
3386 curve = TEE_ECC_CURVE_NIST_P521;
3387 break;
3388 default:
3389 curve = 0xFF;
3390 break;
3391 }
3392
3393 if (tv->algo == TEE_ALG_ECDSA_P521)
3394 max_key_size = 521;
3395 else
3396 max_key_size = tv->params.ecdsa.private_len * 8;
3397
3398 xtest_add_attr_value(&num_key_attrs, key_attrs,
3399 TEE_ATTR_ECC_CURVE, curve, 0);
3400 xtest_add_attr(&num_key_attrs, key_attrs,
3401 TEE_ATTR_ECC_PUBLIC_VALUE_X,
3402 tv->params.ecdsa.public_x,
3403 tv->params.ecdsa.public_x_len);
3404 xtest_add_attr(&num_key_attrs, key_attrs,
3405 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
3406 tv->params.ecdsa.public_y,
3407 tv->params.ecdsa.public_y_len);
3408
3409 if (!ADBG_EXPECT_TRUE(c,
3410 create_key(c, &session, max_key_size,
3411 TEE_TYPE_ECDSA_PUBLIC_KEY, key_attrs,
3412 num_key_attrs, &pub_key_handle)))
3413 goto out;
3414
3415 xtest_add_attr(&num_key_attrs, key_attrs,
3416 TEE_ATTR_ECC_PRIVATE_VALUE,
3417 tv->params.ecdsa.private,
3418 tv->params.ecdsa.private_len);
3419
3420 if (!ADBG_EXPECT_TRUE(c,
3421 create_key(c, &session, max_key_size,
3422 TEE_TYPE_ECDSA_KEYPAIR, key_attrs,
3423 num_key_attrs, &priv_key_handle)))
3424 goto out;
3425 break;
3426
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3427 default:
3428 ADBG_EXPECT_TRUE(c, false);
3429 goto out;
3430 }
3431
3432 out_size = sizeof(out);
3433 memset(out, 0, sizeof(out));
3434 switch (tv->mode) {
3435 case TEE_MODE_ENCRYPT:
3436 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3437 ta_crypt_cmd_allocate_operation(c, &session,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3438 &op, tv->algo, TEE_MODE_ENCRYPT,
3439 max_key_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3440 goto out;
3441
3442 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3443 ta_crypt_cmd_set_operation_key(c, &session, op,
3444 pub_key_handle)))
3445 goto out;
3446
3447 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3448 ta_crypt_cmd_free_transient_object(c, &session,
3449 pub_key_handle)))
3450 goto out;
3451 pub_key_handle = TEE_HANDLE_NULL;
3452
3453 out_enc_size = sizeof(out_enc);
3454 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3455 ta_crypt_cmd_asymmetric_encrypt(c, &session, op,
3456 NULL, 0, tv->ptx, tv->ptx_len, out_enc,
3457 &out_enc_size)))
3458 goto out;
3459
3460 /*
3461 * A PS which is random is added when formatting the
3462 * message internally of the algorithm so we can't
3463 * verify against precomputed values, instead we use the
3464 * decrypt operation to see that output is correct.
3465 */
3466
3467 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3468 ta_crypt_cmd_free_operation(c, &session, op)))
3469 goto out;
3470
3471 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3472 ta_crypt_cmd_allocate_operation(c, &session,
3473 &op, tv->algo, TEE_MODE_DECRYPT,
3474 max_key_size)))
3475 goto out;
3476
3477 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3478 ta_crypt_cmd_set_operation_key(c, &session, op,
3479 priv_key_handle)))
3480 goto out;
3481
3482 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3483 ta_crypt_cmd_free_transient_object(c, &session,
3484 priv_key_handle)))
3485 goto out;
3486
3487 priv_key_handle = TEE_HANDLE_NULL;
3488
3489 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3490 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3491 NULL, 0, out_enc, out_enc_size, out,
3492 &out_size)))
3493 goto out;
3494
3495 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3496 out_size);
3497 break;
3498
3499 case TEE_MODE_DECRYPT:
3500 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3501 ta_crypt_cmd_allocate_operation(c, &session,
3502 &op, tv->algo, TEE_MODE_DECRYPT,
3503 max_key_size)))
3504 goto out;
3505
3506 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3507 ta_crypt_cmd_set_operation_key(c, &session, op,
3508 priv_key_handle)))
3509 goto out;
3510
3511 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3512 ta_crypt_cmd_free_transient_object(c, &session,
3513 priv_key_handle)))
3514 goto out;
3515
3516 priv_key_handle = TEE_HANDLE_NULL;
3517
3518 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3519 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3520 NULL, 0, tv->ctx, tv->ctx_len, out,
3521 &out_size)))
3522 goto out;
3523
3524 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3525 out_size);
3526 break;
3527
3528 case TEE_MODE_VERIFY:
3529 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3530 ta_crypt_cmd_allocate_operation(c, &session,
3531 &op, tv->algo, TEE_MODE_VERIFY,
3532 max_key_size)))
3533 goto out;
3534
3535 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3536 ta_crypt_cmd_set_operation_key(c, &session, op,
3537 pub_key_handle)))
3538 goto out;
3539
3540 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3541 ta_crypt_cmd_free_transient_object(c, &session,
3542 pub_key_handle)))
3543 goto out;
3544
3545 pub_key_handle = TEE_HANDLE_NULL;
3546
3547 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3548 ta_crypt_cmd_asymmetric_verify(c, &session, op,
3549 algo_params, num_algo_params, ptx_hash,
3550 ptx_hash_size, tv->ctx, tv->ctx_len)))
3551 goto out;
3552 break;
3553
3554 case TEE_MODE_SIGN:
3555 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3556 ta_crypt_cmd_allocate_operation(c, &session,
3557 &op, tv->algo, TEE_MODE_SIGN,
3558 max_key_size)))
3559 goto out;
3560
3561 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3562 ta_crypt_cmd_set_operation_key(c, &session, op,
3563 priv_key_handle)))
3564 goto out;
3565
3566 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3567 ta_crypt_cmd_free_transient_object(c, &session,
3568 priv_key_handle)))
3569 goto out;
3570
3571 priv_key_handle = TEE_HANDLE_NULL;
3572
3573 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3574 ta_crypt_cmd_asymmetric_sign(c, &session, op,
3575 algo_params, num_algo_params, ptx_hash,
3576 ptx_hash_size, out, &out_size)))
3577 goto out;
3578
3579 if (TEE_ALG_GET_CHAIN_MODE(tv->algo) ==
3580 TEE_CHAIN_MODE_PKCS1_PSS_MGF1 ||
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame^]3581 tv->algo == TEE_ALG_DSA_SHA1 ||
3582 TEE_ALG_GET_MAIN_ALG(tv->algo) ==
3583 TEE_MAIN_ALGO_ECDSA) {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3584 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3585 ta_crypt_cmd_free_operation(c, &session,
3586 op)))
3587 goto out;
3588 /*
3589 * The salt or K is random so we can't verify
3590 * signing against precomputed values, instead
3591 * we use the verify operation to see that
3592 * output is correct.
3593 */
3594 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3595 ta_crypt_cmd_allocate_operation(c,
3596 &session, &op, tv->algo,
3597 TEE_MODE_VERIFY, max_key_size)))
3598 goto out;
3599
3600 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3601 ta_crypt_cmd_set_operation_key(c,
3602 &session, op, pub_key_handle)))
3603 goto out;
3604
3605 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3606 ta_crypt_cmd_free_transient_object(c,
3607 &session, pub_key_handle)))
3608 goto out;
3609
3610 pub_key_handle = TEE_HANDLE_NULL;
3611
3612 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3613 ta_crypt_cmd_asymmetric_verify(c,
3614 &session, op, algo_params,
3615 num_algo_params, ptx_hash,
3616 ptx_hash_size, out, out_size)))
3617 goto out;
3618 } else {
3619 (void)ADBG_EXPECT_BUFFER(c, tv->ctx,
3620 tv->ctx_len, out,
3621 out_size);
3622 }
3623 break;
3624
3625 default:
3626 break;
3627 }
3628
3629 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3630 ta_crypt_cmd_free_operation(c, &session, op)))
3631 goto out;
3632
3633 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3634 ta_crypt_cmd_free_transient_object(c, &session,
3635 pub_key_handle)))
3636 goto out;
3637 pub_key_handle = TEE_HANDLE_NULL;
3638
3639 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3640 ta_crypt_cmd_free_transient_object(c, &session,
3641 priv_key_handle)))
3642 goto out;
3643
3644 priv_key_handle = TEE_HANDLE_NULL;
3645
3646 Do_ADBG_EndSubCase(c, NULL);
3647 }
3648out:
3649 TEEC_CloseSession(&session);
3650}
3651
3652#define KEY_ATTR(x, y) { #x, (x), y }
3653
3654struct key_attrs {
3655 const char *name;
3656 uint32_t attr;
3657 bool keysize_check;
3658};
3659
3660static bool test_keygen_attributes(ADBG_Case_t *c, TEEC_Session *s,
3661 TEE_ObjectHandle key, uint32_t key_size,
3662 struct key_attrs *attrs, size_t num_attrs)
3663{
3664 uint8_t out[2048];
3665 size_t out_size;
3666 size_t n;
3667 size_t m;
3668
3669 for (m = 0; m < num_attrs; m++) {
3670 if ((attrs[m].attr & TEE_ATTR_BIT_VALUE) == 0) {
3671 out_size = sizeof(out);
3672 memset(out, 0, sizeof(out));
3673 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3674 ta_crypt_cmd_get_object_buffer_attribute(c, s,
3675 key, attrs[m].attr, out, &out_size)))
3676 return false;
3677
3678 if (attrs[m].keysize_check)
3679 ADBG_EXPECT_COMPARE_UNSIGNED(c, out_size, ==,
3680 key_size / 8);
3681
3682 if (out_size > 0) {
3683 /* Check that buffer isn't all zeroes */
3684 for (n = 0; n < out_size; n++)
3685 if (out[n] != 0)
3686 break;
3687 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <,
3688 out_size))
3689 return false;
3690 }
3691 } else {
3692 uint32_t a;
3693 uint32_t b;
3694
3695 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3696 ta_crypt_cmd_get_object_value_attribute(c, s, key,
3697 attrs[m].attr, &a, &b)))
3698 return false;
3699 }
3700 }
3701 return true;
3702}
3703
3704static bool test_secret_value(ADBG_Case_t *c, TEEC_Session *s,
3705 TEE_ObjectHandle key, uint32_t key_size)
3706{
3707 const struct key_attrs attrs[] = {
3708 KEY_ATTR(TEE_ATTR_SECRET_VALUE, true),
3709 };
3710
3711 return test_keygen_attributes(c, s, key, key_size,
3712 (struct key_attrs *)&attrs,
3713 ARRAY_SIZE(attrs));
3714}
3715
3716
3717static bool test_rsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3718 TEE_ObjectHandle key, uint32_t key_size)
3719{
3720 const struct key_attrs attrs[] = {
3721 KEY_ATTR(TEE_ATTR_RSA_MODULUS, true),
3722 KEY_ATTR(TEE_ATTR_RSA_PUBLIC_EXPONENT, false),
3723 KEY_ATTR(TEE_ATTR_RSA_PRIVATE_EXPONENT, false),
3724 KEY_ATTR(TEE_ATTR_RSA_PRIME1, false),
3725 KEY_ATTR(TEE_ATTR_RSA_PRIME2, false),
3726 KEY_ATTR(TEE_ATTR_RSA_EXPONENT1, false),
3727 KEY_ATTR(TEE_ATTR_RSA_EXPONENT2, false),
3728 KEY_ATTR(TEE_ATTR_RSA_COEFFICIENT, false),
3729 };
3730
3731 return test_keygen_attributes(c, s, key, key_size,
3732 (struct key_attrs *)&attrs,
3733 ARRAY_SIZE(attrs));
3734}
3735
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3736static bool test_ecc_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3737 TEE_ObjectHandle key, uint32_t key_size)
3738{
3739 const struct key_attrs attrs[] = {
3740 KEY_ATTR(TEE_ATTR_ECC_PRIVATE_VALUE, false),
3741 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_X , false),
3742 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_Y , false),
3743 /* KEY_ATTR(TEE_ATTR_ECC_CURVE, false), - do not test */
3744 };
3745
3746 return test_keygen_attributes(c, s, key, key_size,
3747 (struct key_attrs *)&attrs,
3748 ARRAY_SIZE(attrs));
3749}
3750
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3751static bool test_dh_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3752 uint32_t check_keysize,
3753 TEE_ObjectHandle key, uint32_t key_size)
3754{
3755 const struct key_attrs attrs[] = {
3756 KEY_ATTR(TEE_ATTR_DH_PRIME, false),
3757 KEY_ATTR(TEE_ATTR_DH_BASE, false),
3758 KEY_ATTR(TEE_ATTR_DH_PUBLIC_VALUE, false),
3759 KEY_ATTR(TEE_ATTR_DH_PRIVATE_VALUE, check_keysize),
3760 KEY_ATTR(TEE_ATTR_DH_X_BITS, false),
3761 };
3762
3763 return test_keygen_attributes(c, s, key, key_size,
3764 (struct key_attrs *)&attrs,
3765 ARRAY_SIZE(attrs));
3766}
3767
3768static bool test_dsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3769 TEE_ObjectHandle key, uint32_t key_size)
3770{
3771 const struct key_attrs attrs[] = {
3772 KEY_ATTR(TEE_ATTR_DSA_PRIME, true),
3773 KEY_ATTR(TEE_ATTR_DSA_SUBPRIME, false),
3774 KEY_ATTR(TEE_ATTR_DSA_BASE, false),
3775 KEY_ATTR(TEE_ATTR_DSA_PUBLIC_VALUE, false),
3776 KEY_ATTR(TEE_ATTR_DSA_PRIVATE_VALUE, false),
3777 };
3778
3779 return test_keygen_attributes(c, s, key, key_size,
3780 (struct key_attrs *)&attrs,
3781 ARRAY_SIZE(attrs));
3782}
3783
3784static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
3785 uint32_t key_type, uint32_t check_keysize,
3786 uint32_t key_size,
3787 TEE_Attribute *params, size_t param_count)
3788{
3789 TEE_ObjectHandle key;
3790 bool ret_val = true;
3791
3792 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3793 ta_crypt_cmd_allocate_transient_object(c, s, key_type, key_size,
3794 &key)))
3795 return false;
3796
3797 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3798 ta_crypt_cmd_generate_key(c, s, key, key_size, params,
3799 param_count)))
3800 return false;
3801
3802 switch (key_type) {
3803 case TEE_TYPE_DES:
3804 case TEE_TYPE_DES3:
3805 ret_val = ADBG_EXPECT_TRUE(c,
3806 test_secret_value(c, s, key,
3807 key_size + key_size / 7));
3808 break;
3809 case TEE_TYPE_AES:
3810 case TEE_TYPE_HMAC_MD5:
3811 case TEE_TYPE_HMAC_SHA1:
3812 case TEE_TYPE_HMAC_SHA224:
3813 case TEE_TYPE_HMAC_SHA256:
3814 case TEE_TYPE_HMAC_SHA384:
3815 case TEE_TYPE_HMAC_SHA512:
3816 case TEE_TYPE_GENERIC_SECRET:
3817 ret_val = ADBG_EXPECT_TRUE(c,
3818 test_secret_value(c, s, key, key_size));
3819 break;
3820
3821 case TEE_TYPE_RSA_KEYPAIR:
3822 ret_val = ADBG_EXPECT_TRUE(c,
3823 test_rsa_key_pair(c, s, key, key_size));
3824 break;
3825
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3826 case TEE_TYPE_ECDSA_KEYPAIR:
3827 case TEE_TYPE_ECDH_KEYPAIR:
3828 ret_val = ADBG_EXPECT_TRUE(c,
3829 test_ecc_key_pair(c, s, key, key_size));
3830 break;
3831
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3832 case TEE_TYPE_DH_KEYPAIR:
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3833 ret_val = ADBG_EXPECT_TRUE(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3834 test_dh_key_pair(c, s, check_keysize, key,
3835 key_size));
3836 break;
3837
3838 case TEE_TYPE_DSA_KEYPAIR:
3839 ret_val = ADBG_EXPECT_TRUE(c,
3840 test_dsa_key_pair(c, s, key, key_size));
3841 break;
3842
3843 default:
3844 ret_val = false;
3845 break;
3846 }
3847
3848 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3849 ta_crypt_cmd_free_transient_object(c, s, key)))
3850 return false;
3851
3852 return ret_val;
3853}
3854
3855static void xtest_test_keygen_noparams(ADBG_Case_t *c, TEEC_Session *session)
3856{
3857 size_t n;
3858 uint32_t key_size;
3859 static const struct {
3860 const char *name;
3861 uint32_t key_type;
3862 uint32_t quanta;
3863 uint32_t min_size;
3864 uint32_t max_size;
3865 } key_types[] = {
3866 { "AES", TEE_TYPE_AES, 64, 128,
3867 256 /* valid sizes 128, 192, 256 */ },
3868 { "DES", TEE_TYPE_DES, 56, 56, 56 /* valid size 56 */ },
3869 { "DES3", TEE_TYPE_DES3, 56, 112,
3870 168 /* valid sizes 112, 168 */ },
3871 { "HMAC-MD5", TEE_TYPE_HMAC_MD5, 8, 64, 512 },
3872 { "HMAC-SHA1", TEE_TYPE_HMAC_SHA1, 8, 80, 512 },
3873 { "HMAC-SHA224", TEE_TYPE_HMAC_SHA224, 8, 112, 512 },
3874 { "HMAC-SHA256", TEE_TYPE_HMAC_SHA256, 8, 192, 1024 },
3875 { "HMAC-SHA384", TEE_TYPE_HMAC_SHA384, 8, 256, 1024 },
3876 { "HMAC-SHA512", TEE_TYPE_HMAC_SHA512, 8, 256, 1024 },
3877 { "Generic secret", TEE_TYPE_GENERIC_SECRET, 8, 128, 4096 },
3878 { "RSA-2048", TEE_TYPE_RSA_KEYPAIR, 1, 2048, 2048 },
3879
3880 /* New tests added to check non-regression of issue #5398 */
3881 { "RSA-256", TEE_TYPE_RSA_KEYPAIR, 1, 256, 256 },
3882 { "RSA-384", TEE_TYPE_RSA_KEYPAIR, 1, 384, 384 },
3883 { "RSA-512", TEE_TYPE_RSA_KEYPAIR, 1, 512, 512 },
3884 { "RSA-640", TEE_TYPE_RSA_KEYPAIR, 1, 640, 640 },
3885 { "RSA-768", TEE_TYPE_RSA_KEYPAIR, 1, 768, 768 },
3886 { "RSA-896", TEE_TYPE_RSA_KEYPAIR, 1, 896, 896 },
3887 { "RSA-1024", TEE_TYPE_RSA_KEYPAIR, 1, 1024, 1024 },
3888 };
3889
3890 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3891 uint32_t min_size = key_types[n].min_size;
3892 uint32_t max_size = key_types[n].max_size;
3893 uint32_t quanta = key_types[n].quanta;
3894
3895 Do_ADBG_BeginSubCase(c, "Generate %s key", key_types[n].name);
3896
3897 for (key_size = min_size; key_size <= max_size;
3898 key_size += quanta) {
3899 if (!ADBG_EXPECT_TRUE(c,
3900 generate_and_test_key(c, session, key_types
3901 [n].key_type, 1, key_size, NULL, 0)))
3902 break;
3903 }
3904
3905 Do_ADBG_EndSubCase(c, "Generate %s key", key_types[n].name);
3906 }
3907}
3908
3909static void xtest_test_keygen_dh(ADBG_Case_t *c, TEEC_Session *session)
3910{
3911 size_t n;
3912 size_t param_count;
3913 /*
3914 * Note that the key size parameter is not used when creating the keys
3915 * but specifying these sizes make it possible to test the expected size
3916 * of the private value. This also means that the keysize must match the
3917 * size of p or what is specified in private_bits or the equvivalent
3918 * size of the subprime parameter.
3919 */
3920 TEE_Attribute params[4];
3921
3922#define XTEST_DH_GK_DATA(vect) \
3923 ARRAY(vect ## _p), \
3924 ARRAY(vect ## _g), \
3925 &vect ## _private_bits, \
3926 0, 0
3927#define XTEST_DH_GK_DATA_SUBPRIME(vect) \
3928 ARRAY(vect ## _p), \
3929 ARRAY(vect ## _g), \
3930 &vect ## _private_bits, \
3931 ARRAY(vect ## _subprime)
3932 static const struct {
3933 uint32_t key_size;
3934 const uint8_t *p;
3935 size_t p_len;
3936 const uint8_t *g;
3937 size_t g_len;
3938 const uint32_t *private_bits;
3939 const uint8_t *subprime;
3940 size_t subprime_len;
3941 } key_types[] = {
3942 { 256, XTEST_DH_GK_DATA(keygen_dh256) },
3943 { 256, XTEST_DH_GK_DATA(keygen_dh320) },
3944 { 384, XTEST_DH_GK_DATA(keygen_dh384) },
3945 { 256, XTEST_DH_GK_DATA(keygen_dh448) },
3946 { 512, XTEST_DH_GK_DATA(keygen_dh512) },
3947 { 288, XTEST_DH_GK_DATA(keygen_dh576) },
3948 { 640, XTEST_DH_GK_DATA(keygen_dh640) },
3949 { 352, XTEST_DH_GK_DATA(keygen_dh704) },
3950 { 768, XTEST_DH_GK_DATA(keygen_dh768) },
3951 { 416, XTEST_DH_GK_DATA(keygen_dh832) },
3952 { 896, XTEST_DH_GK_DATA(keygen_dh896) },
3953 { 480, XTEST_DH_GK_DATA(keygen_dh960) },
3954 { 1024, XTEST_DH_GK_DATA(keygen_dh1024) },
3955 { 544, XTEST_DH_GK_DATA(keygen_dh1088) },
3956 { 1152, XTEST_DH_GK_DATA(keygen_dh1152) },
3957 { 608, XTEST_DH_GK_DATA(keygen_dh1216) },
3958 { 1280, XTEST_DH_GK_DATA(keygen_dh1280) },
3959 { 672, XTEST_DH_GK_DATA(keygen_dh1344) },
3960 { 1408, XTEST_DH_GK_DATA(keygen_dh1408) },
3961 { 736, XTEST_DH_GK_DATA(keygen_dh1472) },
3962 { 1536, XTEST_DH_GK_DATA(keygen_dh1536) },
3963 { 800, XTEST_DH_GK_DATA(keygen_dh1600) },
3964 { 1664, XTEST_DH_GK_DATA(keygen_dh1664) },
3965 { 864, XTEST_DH_GK_DATA(keygen_dh1728) },
3966 { 1792, XTEST_DH_GK_DATA(keygen_dh1792) },
3967 { 928, XTEST_DH_GK_DATA(keygen_dh1856) },
3968 { 1920, XTEST_DH_GK_DATA(keygen_dh1920) },
3969 { 992, XTEST_DH_GK_DATA(keygen_dh1984) },
3970 { 2048, XTEST_DH_GK_DATA(keygen_dh2048) },
3971 { 256, XTEST_DH_GK_DATA_SUBPRIME(keygen_dh2048_subprime) }
3972 };
3973
3974
3975 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3976 Do_ADBG_BeginSubCase(c,
3977 "Generate DH key %d bits - Private bits = %d",
3978 key_types[n].key_size,
3979 *key_types[n].private_bits);
3980 param_count = 0;
3981
3982 xtest_add_attr(&param_count, params,
3983 TEE_ATTR_DH_PRIME,
3984 key_types[n].p, key_types[n].p_len);
3985
3986 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
3987 key_types[n].g, key_types[n].g_len);
3988
3989 if (key_types[n].private_bits != 0) {
3990 params[param_count].attributeID = TEE_ATTR_DH_X_BITS;
3991
3992 params[param_count].content.value.a =
3993 *key_types[n].private_bits;
3994
3995 params[param_count].content.value.b = 0;
3996 param_count++;
3997 }
3998
3999 if (key_types[n].subprime != 0) {
4000 xtest_add_attr(&param_count, params,
4001 TEE_ATTR_DH_SUBPRIME,
4002 key_types[n].subprime,
4003 key_types[n].subprime_len);
4004 }
4005
4006 if (!ADBG_EXPECT_TRUE(c,
4007 generate_and_test_key(c, session, TEE_TYPE_DH_KEYPAIR,
4008 ((*key_types[n].private_bits) != 0),
4009 key_types[n]. key_size, params, param_count)))
4010 break;
4011
4012 Do_ADBG_EndSubCase(c,
4013 "Generate DH key %d bits - Private bits = %d",
4014 key_types[n].key_size,
4015 *key_types[n].private_bits);
4016 }
4017}
4018
4019static void xtest_test_keygen_dsa(ADBG_Case_t *c, TEEC_Session *session)
4020{
4021 size_t n;
4022 size_t param_count;
4023 TEE_Attribute params[4];
4024
4025#define XTEST_DSA_GK_DATA(vect) \
4026 ARRAY(vect ## _p), \
4027 ARRAY(vect ## _g), \
4028 ARRAY(vect ## _q)
4029 static const struct {
4030 uint32_t key_size;
4031 const uint8_t *prime;
4032 size_t prime_len;
4033 const uint8_t *base;
4034 size_t base_len;
4035 const uint8_t *sub_prime;
4036 size_t sub_prime_len;
4037 } key_types[] = {
4038 { 1024, XTEST_DSA_GK_DATA(keygen_dsa_test1) },
4039 { 512, XTEST_DSA_GK_DATA(keygen_dsa512) },
4040 { 576, XTEST_DSA_GK_DATA(keygen_dsa576) },
4041 { 640, XTEST_DSA_GK_DATA(keygen_dsa640) },
4042 { 704, XTEST_DSA_GK_DATA(keygen_dsa704) },
4043 { 768, XTEST_DSA_GK_DATA(keygen_dsa768) },
4044 { 832, XTEST_DSA_GK_DATA(keygen_dsa832) },
4045 { 896, XTEST_DSA_GK_DATA(keygen_dsa896) },
4046 { 960, XTEST_DSA_GK_DATA(keygen_dsa960) },
4047 { 1024, XTEST_DSA_GK_DATA(keygen_dsa1024) },
4048 };
4049
4050 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4051 Do_ADBG_BeginSubCase(c, "Generate DSA key %d bits",
4052 key_types[n].key_size);
4053 param_count = 0;
4054
4055
4056 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_PRIME,
4057 key_types[n].prime, key_types[n].prime_len);
4058
4059 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_SUBPRIME,
4060 key_types[n].sub_prime,
4061 key_types[n].sub_prime_len);
4062
4063 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_BASE,
4064 key_types[n].base, key_types[n].base_len);
4065
4066 if (!ADBG_EXPECT_TRUE(c,
4067 generate_and_test_key(c, session, TEE_TYPE_DSA_KEYPAIR,
4068 1, key_types[n]. key_size, params,
4069 param_count)))
4070 break;
4071
4072 Do_ADBG_EndSubCase(c, "Generate DSA key %d bits",
4073 key_types[n].key_size);
4074 }
4075}
4076
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4077static void xtest_test_keygen_ecc(ADBG_Case_t *c, TEEC_Session *session)
4078{
4079 size_t n;
4080 size_t param_count;
4081 TEE_Attribute params[4];
4082
4083 static const struct {
4084 const char *name;
4085 uint32_t algo;
4086 uint32_t curve;
4087 uint32_t key_size;
4088 } key_types[] = {
4089 /* ECDSA */
4090 { "ECDSA-192", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
4091 { "ECDSA-224", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
4092 { "ECDSA-256", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
4093 { "ECDSA-384", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
4094 { "ECDSA-521", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
4095
4096 /* ECDH */
4097 { "ECDH-192", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
4098 { "ECDH-224", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
4099 { "ECDH-256", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
4100 { "ECDH-384", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
4101 { "ECDH-521", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
4102 };
4103
4104 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4105 Do_ADBG_BeginSubCase(c, "Generate %s", key_types[n].name);
4106 param_count = 0;
4107
4108 xtest_add_attr_value(&param_count, params, TEE_ATTR_ECC_CURVE,
4109 key_types[n].curve, 0);
4110
4111 if (!ADBG_EXPECT_TRUE(c,
4112 generate_and_test_key(c, session, key_types[n].algo,
4113 0, key_types[n].key_size, params,
4114 param_count)))
4115 break;
4116
4117 Do_ADBG_EndSubCase(c, "Generate %s", key_types[n].name);
4118 }
4119}
4120
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4121static void xtest_tee_test_4007(ADBG_Case_t *c)
4122{
4123 TEEC_Session session = { 0 };
4124 uint32_t ret_orig;
4125
4126 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4127 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4128 &ret_orig)))
4129 return;
4130
4131 xtest_test_keygen_noparams(c, &session);
4132
4133 xtest_test_keygen_dh(c, &session);
4134
4135 xtest_test_keygen_dsa(c, &session);
4136
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4137 xtest_test_keygen_ecc (c, &session);
4138
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4139 TEEC_CloseSession(&session);
4140}
4141
4142static void xtest_tee_test_4008(ADBG_Case_t *c)
4143{
4144 TEEC_Session session = { 0 };
4145 uint32_t ret_orig;
4146 TEE_OperationHandle op;
4147 TEE_ObjectHandle key_handle;
4148 TEE_ObjectHandle sv_handle;
4149 TEE_Attribute params[4];
4150 size_t param_count = 0;
4151 uint8_t out[2048];
4152 size_t out_size;
4153
4154 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4155 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4156 &ret_orig)))
4157 return;
4158
4159 Do_ADBG_BeginSubCase(c, "Derive DH key success");
4160
4161 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4162 ta_crypt_cmd_allocate_operation(c, &session, &op,
4163 TEE_ALG_DH_DERIVE_SHARED_SECRET, TEE_MODE_DERIVE,
4164 derive_key_max_keysize)))
4165 goto out;
4166
4167 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4168 ta_crypt_cmd_allocate_transient_object(c, & session,
4169 TEE_TYPE_DH_KEYPAIR, derive_key_max_keysize,
4170 &key_handle)))
4171 goto out;
4172
4173 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIME,
4174 ARRAY(derive_key_dh_prime));
4175
4176 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
4177 ARRAY(derive_key_dh_base));
4178
4179 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4180 ARRAY(derive_key_dh_public_value));
4181
4182 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIVATE_VALUE,
4183 ARRAY(derive_key_dh_private_value));
4184
4185 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4186 ta_crypt_cmd_populate_transient_object(c, &session, key_handle,
4187 params, param_count)))
4188 goto out;
4189
4190 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4191 ta_crypt_cmd_set_operation_key(c, &session, op, key_handle)))
4192 goto out;
4193
4194 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4195 ta_crypt_cmd_free_transient_object(c, & session, key_handle)))
4196 goto out;
4197
4198 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4199 ta_crypt_cmd_allocate_transient_object(c, &session,
4200 TEE_TYPE_GENERIC_SECRET, derive_key_max_keysize,
4201 &sv_handle)))
4202 goto out;
4203
4204 /* resuse but reset params and param-count */
4205 param_count = 0;
4206
4207 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4208 ARRAY(derive_key_dh_public_value_2));
4209
4210 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4211 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
4212 param_count)))
4213 goto out;
4214
4215 out_size = sizeof(out);
4216 memset(out, 0, sizeof(out));
4217 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4218 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
4219 TEE_ATTR_SECRET_VALUE, out, &out_size)))
4220 goto out;
4221
4222 if (!ADBG_EXPECT_BUFFER(c, derive_key_dh_shared_secret,
4223 sizeof(derive_key_dh_shared_secret), out,
4224 out_size))
4225 goto out;
4226
4227 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4228 ta_crypt_cmd_free_operation(c, &session, op)))
4229 goto out;
4230
4231 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4232 ta_crypt_cmd_free_transient_object(c, &session, sv_handle)))
4233 goto out;
4234out:
4235 Do_ADBG_EndSubCase(c, "Derive DH key success");
4236 TEEC_CloseSession(&session);
4237}