TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 2b92b64c4da5ddc77ff587d3ad9aaa2a9ab46cab / . / host / xtest / xtest_4000.c
blob: 0c1efb77c68637c029216f9b30baa0011516b527 [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, STMicroelectronics International N.V.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13
14#include <stdio.h>
15#include <string.h>
16#include <inttypes.h>
17#include <malloc.h>
18
19#include "xtest_test.h"
20#include "xtest_helpers.h"
21
22#include <tee_api_types.h>
23#include <ta_crypt.h>
24#include <utee_defines.h>
25#include <util.h>
26
27#include <xtest_4000_data.h>
28
29#include <assert.h>
30
31static void xtest_tee_test_4001(ADBG_Case_t *Case_p);
32static void xtest_tee_test_4002(ADBG_Case_t *Case_p);
33static void xtest_tee_test_4003_no_xts(ADBG_Case_t *Case_p);
34static void xtest_tee_test_4003_xts(ADBG_Case_t *Case_p);
35static void xtest_tee_test_4004(ADBG_Case_t *Case_p);
36static void xtest_tee_test_4005(ADBG_Case_t *Case_p);
37static void xtest_tee_test_4006(ADBG_Case_t *Case_p);
38static void xtest_tee_test_4007(ADBG_Case_t *Case_p);
39static void xtest_tee_test_4008(ADBG_Case_t *Case_p);
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame^]40static void xtest_tee_test_4009(ADBG_Case_t *Case_p);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]41
42ADBG_CASE_DEFINE(XTEST_TEE_4001, xtest_tee_test_4001,
43 /* Title */
44 "Test TEE Internal API hash operations",
45 /* Short description */
46 "Short description ...",
47 /* Requirement IDs */
48 "TEE-??",
49 /* How to implement */
50 "Description of how to implement ..."
51 );
52
53ADBG_CASE_DEFINE(XTEST_TEE_4002, xtest_tee_test_4002,
54 /* Title */
55 "Test TEE Internal API MAC operations",
56 /* Short description */
57 "Short description ...",
58 /* Requirement IDs */
59 "TEE-??",
60 /* How to implement */
61 "Description of how to implement ..."
62 );
63
64ADBG_CASE_DEFINE(XTEST_TEE_4003_NO_XTS, xtest_tee_test_4003_no_xts,
65 /* Title */
66 "Test TEE Internal API cipher operations without AES XTS",
67 /* Short description */
68 "Short description ...",
69 /* Requirement IDs */
70 "TEE-??",
71 /* How to implement */
72 "Description of how to implement ..."
73 );
74
75ADBG_CASE_DEFINE(XTEST_TEE_4003_XTS, xtest_tee_test_4003_xts,
76 /* Title */
77 "Test TEE Internal API cipher operations for AES XTS",
78 /* Short description */
79 "Short description ...",
80 /* Requirement IDs */
81 "TEE-??",
82 /* How to implement */
83 "Description of how to implement ..."
84 );
85
86ADBG_CASE_DEFINE(XTEST_TEE_4004, xtest_tee_test_4004,
87 /* Title */
88 "Test TEE Internal API get random",
89 /* Short description */
90 "Short description ...",
91 /* Requirement IDs */
92 "TEE-??",
93 /* How to implement */
94 "Description of how to implement ..."
95 );
96
97ADBG_CASE_DEFINE(XTEST_TEE_4005, xtest_tee_test_4005,
98 /* Title */
99 "Test TEE Internal API Authenticated Encryption operations",
100 /* Short description */
101 "Short description ...",
102 /* Requirement IDs */
103 "TEE-??",
104 /* How to implement */
105 "Description of how to implement ..."
106 );
107
108ADBG_CASE_DEFINE(XTEST_TEE_4006, xtest_tee_test_4006,
109 /* Title */
110 "Test TEE Internal API Asymmetric Cipher operations",
111 /* Short description */
112 "Short description ...",
113 /* Requirement IDs */
114 "TEE-??",
115 /* How to implement */
116 "Description of how to implement ..."
117 );
118
119ADBG_CASE_DEFINE(XTEST_TEE_4007, xtest_tee_test_4007,
120 /* Title */
121 "Test TEE Internal API Generate key",
122 /* Short description */
123 "Short description ...",
124 /* Requirement IDs */
125 "TEE-??",
126 /* How to implement */
127 "Description of how to implement ..."
128 );
129
130ADBG_CASE_DEFINE(XTEST_TEE_4008, xtest_tee_test_4008,
131 /* Title */
132 "Test TEE Internal API Derive key",
133 /* Short description */
134 "Short description ...",
135 /* Requirement IDs */
136 "TEE-??",
137 /* How to implement */
138 "Description of how to implement ..."
139 );
140
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame^]141ADBG_CASE_DEFINE(XTEST_TEE_4009, xtest_tee_test_4009,
142 /* Title */
143 "Test TEE Internal API Derive key ECDH",
144 /* Short description */
145 "Short description ...",
146 /* Requirement IDs */
147 "TEE-??",
148 /* How to implement */
149 "Description of how to implement ..."
150 );
151
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]152static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
153 TEEC_Session *s,
154 void *buf, size_t blen);
155
156static TEEC_Result ta_crypt_cmd_reset_operation(ADBG_Case_t *c, TEEC_Session *s,
157 TEE_OperationHandle oph)
158{
159 TEEC_Result res;
160 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
161 uint32_t ret_orig;
162
163 assert((uintptr_t)oph <= UINT32_MAX);
164 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
165 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
166 TEEC_NONE);
167 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RESET_OPERATION, &op,
168 &ret_orig);
169 if (res != TEEC_SUCCESS) {
170 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
171 ret_orig);
172 }
173 return res;
174}
175
176static TEEC_Result ta_crypt_cmd_copy_operation(ADBG_Case_t *c,
177 TEEC_Session *s,
178 TEE_OperationHandle dst_oph,
179 TEE_OperationHandle src_oph)
180{
181 TEEC_Result res;
182 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
183 uint32_t ret_orig;
184
185 assert((uintptr_t)dst_oph <= UINT32_MAX);
186 op.params[0].value.a = (uint32_t)(uintptr_t)dst_oph;
187
188 assert((uintptr_t)src_oph <= UINT32_MAX);
189 op.params[0].value.b = (uint32_t)(uintptr_t)src_oph;
190 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
191 TEEC_NONE);
192
193 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_COPY_OPERATION, &op,
194 &ret_orig);
195
196 if (res != TEEC_SUCCESS) {
197 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
198 ret_orig);
199 }
200 return res;
201}
202
203static TEEC_Result ta_crypt_cmd_digest_update(ADBG_Case_t *c, TEEC_Session *s,
204 TEE_OperationHandle oph,
205 const void *chunk,
206 size_t chunk_size)
207{
208 TEEC_Result res;
209 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
210 uint32_t ret_orig;
211
212 assert((uintptr_t)oph <= UINT32_MAX);
213 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
214 op.params[1].tmpref.buffer = (void *)chunk;
215 op.params[1].tmpref.size = chunk_size;
216
217 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
218 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
219 TEEC_NONE);
220
221 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_UPDATE, &op, &ret_orig);
222
223 if (res != TEEC_SUCCESS) {
224 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
225 ret_orig);
226 }
227
228 return res;
229}
230
231static TEEC_Result ta_crypt_cmd_digest_do_final(ADBG_Case_t *c, TEEC_Session *s,
232 TEE_OperationHandle oph,
233 const void *chunk,
234 size_t chunk_len, void *hash,
235 size_t *hash_len)
236{
237 TEEC_Result res;
238 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
239 uint32_t ret_orig;
240
241 assert((uintptr_t)oph <= UINT32_MAX);
242 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
243
244 op.params[1].tmpref.buffer = (void *)chunk;
245 op.params[1].tmpref.size = chunk_len;
246
247 op.params[2].tmpref.buffer = (void *)hash;
248 op.params[2].tmpref.size = *hash_len;
249
250 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
251 TEEC_MEMREF_TEMP_INPUT,
252 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
253
254 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_DO_FINAL, &op,
255 &ret_orig);
256
257 if (res != TEEC_SUCCESS) {
258 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
259 ret_orig);
260 }
261
262 if (res == TEEC_SUCCESS)
263 *hash_len = op.params[2].tmpref.size;
264
265 return res;
266}
267
268static TEE_Result ta_crypt_cmd_set_operation_key2(ADBG_Case_t *c,
269 TEEC_Session *s,
270 TEE_OperationHandle oph,
271 TEE_ObjectHandle key1,
272 TEE_ObjectHandle key2)
273{
274 TEEC_Result res;
275 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
276 uint32_t ret_orig;
277
278 assert((uintptr_t)oph <= UINT32_MAX);
279 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
280
281 assert((uintptr_t)key1 <= UINT32_MAX);
282 op.params[0].value.b = (uint32_t)(uintptr_t)key1;
283
284 assert((uintptr_t)key2 <= UINT32_MAX);
285 op.params[1].value.a = (uint32_t)(uintptr_t)key2;
286 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_INPUT,
287 TEEC_NONE, TEEC_NONE);
288
289 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_SET_OPERATION_KEY2, &op,
290 &ret_orig);
291
292 if (res != TEEC_SUCCESS) {
293 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
294 ret_orig);
295 }
296
297 return res;
298}
299
300static TEEC_Result ta_crypt_cmd_mac_init(ADBG_Case_t *c, TEEC_Session *s,
301 TEE_OperationHandle oph,
302 const void *iv, size_t iv_len)
303{
304 TEEC_Result res;
305 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
306 uint32_t ret_orig;
307
308 assert((uintptr_t)oph <= UINT32_MAX);
309 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
310
311 if (iv != NULL) {
312 op.params[1].tmpref.buffer = (void *)iv;
313 op.params[1].tmpref.size = iv_len;
314 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
315 TEEC_MEMREF_TEMP_INPUT,
316 TEEC_NONE, TEEC_NONE);
317 } else {
318 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
319 TEEC_NONE, TEEC_NONE);
320 }
321
322 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_INIT, &op, &ret_orig);
323
324 if (res != TEEC_SUCCESS) {
325 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
326 ret_orig);
327 }
328
329 return res;
330}
331
332static TEEC_Result ta_crypt_cmd_mac_update(ADBG_Case_t *c, TEEC_Session *s,
333 TEE_OperationHandle oph,
334 const void *chunk, size_t chunk_size)
335{
336 TEEC_Result res;
337 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
338 uint32_t ret_orig;
339
340 assert((uintptr_t)oph <= UINT32_MAX);
341 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
342
343 op.params[1].tmpref.buffer = (void *)chunk;
344 op.params[1].tmpref.size = chunk_size;
345
346 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
347 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
348 TEEC_NONE);
349
350 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_UPDATE, &op, &ret_orig);
351
352 if (res != TEEC_SUCCESS) {
353 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
354 ret_orig);
355 }
356
357 return res;
358}
359
360static TEEC_Result ta_crypt_cmd_mac_final_compute(ADBG_Case_t *c,
361 TEEC_Session *s,
362 TEE_OperationHandle oph,
363 const void *chunk,
364 size_t chunk_len,
365 void *hash,
366 size_t *hash_len)
367{
368 TEEC_Result res;
369 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
370 uint32_t ret_orig;
371
372 assert((uintptr_t)oph <= UINT32_MAX);
373 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
374
375 op.params[1].tmpref.buffer = (void *)chunk;
376 op.params[1].tmpref.size = chunk_len;
377
378 op.params[2].tmpref.buffer = (void *)hash;
379 op.params[2].tmpref.size = *hash_len;
380
381 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
382 TEEC_MEMREF_TEMP_INPUT,
383 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
384
385 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_FINAL_COMPUTE, &op,
386 &ret_orig);
387
388 if (res != TEEC_SUCCESS) {
389 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
390 ret_orig);
391 }
392
393 if (res == TEEC_SUCCESS)
394 *hash_len = op.params[2].tmpref.size;
395
396 return res;
397}
398
399static TEEC_Result ta_crypt_cmd_cipher_init(ADBG_Case_t *c, TEEC_Session *s,
400 TEE_OperationHandle oph,
401 const void *iv, size_t iv_len)
402{
403 TEEC_Result res;
404 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
405 uint32_t ret_orig;
406
407 assert((uintptr_t)oph <= UINT32_MAX);
408 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
409
410 if (iv != NULL) {
411 op.params[1].tmpref.buffer = (void *)iv;
412 op.params[1].tmpref.size = iv_len;
413
414 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
415 TEEC_MEMREF_TEMP_INPUT,
416 TEEC_NONE, TEEC_NONE);
417 } else {
418 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
419 TEEC_NONE, TEEC_NONE);
420 }
421
422 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_INIT, &op, &ret_orig);
423
424 if (res != TEEC_SUCCESS) {
425 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
426 ret_orig);
427 }
428
429 return res;
430}
431
432static TEEC_Result ta_crypt_cmd_cipher_update(ADBG_Case_t *c, TEEC_Session *s,
433 TEE_OperationHandle oph,
434 const void *src, size_t src_len,
435 void *dst, size_t *dst_len)
436{
437 TEEC_Result res;
438 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
439 uint32_t ret_orig;
440
441 assert((uintptr_t)oph <= UINT32_MAX);
442 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
443
444 op.params[1].tmpref.buffer = (void *)src;
445 op.params[1].tmpref.size = src_len;
446
447 op.params[2].tmpref.buffer = dst;
448 op.params[2].tmpref.size = *dst_len;
449
450 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
451 TEEC_MEMREF_TEMP_INPUT,
452 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
453
454 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_UPDATE, &op, &ret_orig);
455
456 if (res != TEEC_SUCCESS) {
457 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
458 ret_orig);
459 }
460
461 if (res == TEEC_SUCCESS)
462 *dst_len = op.params[2].tmpref.size;
463
464 return res;
465}
466
467static TEEC_Result ta_crypt_cmd_cipher_do_final(ADBG_Case_t *c,
468 TEEC_Session *s,
469 TEE_OperationHandle oph,
470 const void *src,
471 size_t src_len,
472 void *dst,
473 size_t *dst_len)
474{
475 TEEC_Result res;
476 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
477 uint32_t ret_orig;
478
479 assert((uintptr_t)oph <= UINT32_MAX);
480 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
481
482 op.params[1].tmpref.buffer = (void *)src;
483 op.params[1].tmpref.size = src_len;
484
485 op.params[2].tmpref.buffer = (void *)dst;
486 op.params[2].tmpref.size = *dst_len;
487
488 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
489 TEEC_MEMREF_TEMP_INPUT,
490 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
491
492 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_DO_FINAL, &op,
493 &ret_orig);
494
495 if (res != TEEC_SUCCESS) {
496 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
497 ret_orig);
498 }
499
500 if (res == TEEC_SUCCESS)
501 *dst_len = op.params[2].tmpref.size;
502
503 return res;
504}
505
506static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
507 TEEC_Session *s,
508 void *buf,
509 size_t blen)
510{
511 TEEC_Result res;
512 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
513 uint32_t ret_orig;
514
515 op.params[0].tmpref.buffer = buf;
516 op.params[0].tmpref.size = blen;
517
518 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
519 TEEC_NONE, TEEC_NONE);
520
521 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RANDOM_NUMBER_GENEREATE, &op,
522 &ret_orig);
523
524 if (res != TEEC_SUCCESS) {
525 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
526 ret_orig);
527 }
528
529 (void)ADBG_EXPECT_COMPARE_UNSIGNED(c, blen, ==,
530 op.params[0].tmpref.size);
531 return res;
532}
533
534static TEEC_Result ta_crypt_cmd_ae_init(ADBG_Case_t *c, TEEC_Session *s,
535 TEE_OperationHandle oph,
536 const void *nonce, size_t nonce_len,
537 size_t tag_len, size_t aad_len,
538 size_t payload_len)
539{
540 TEEC_Result res;
541 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
542 uint32_t ret_orig;
543
544 assert((uintptr_t)oph <= UINT32_MAX);
545 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
546 op.params[0].value.b = tag_len;
547
548 op.params[1].tmpref.buffer = (void *)nonce;
549 op.params[1].tmpref.size = nonce_len;
550
551 op.params[2].value.a = aad_len;
552 op.params[2].value.b = payload_len;
553
554 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
555 TEEC_MEMREF_TEMP_INPUT,
Jens Wiklander74a42302015-07-07 01:08:41 +0200[diff] [blame]556 TEEC_VALUE_INPUT, TEEC_NONE);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]557
558 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_INIT, &op, &ret_orig);
559
560 if (res != TEEC_SUCCESS) {
561 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
562 ret_orig);
563 }
564 return res;
565}
566
567static TEEC_Result ta_crypt_cmd_ae_update_aad(ADBG_Case_t *c, TEEC_Session *s,
568 TEE_OperationHandle oph,
569 const void *aad, size_t aad_len)
570{
571 TEEC_Result res;
572 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
573 uint32_t ret_orig;
574
575 assert((uintptr_t)oph <= UINT32_MAX);
576 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
577
578 op.params[1].tmpref.buffer = (void *)aad;
579 op.params[1].tmpref.size = aad_len;
580
581 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
582 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
583 TEEC_NONE);
584
585 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE_AAD, &op, &ret_orig);
586
587 if (res != TEEC_SUCCESS) {
588 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
589 ret_orig);
590 }
591
592 return res;
593}
594
595static TEEC_Result ta_crypt_cmd_ae_update(ADBG_Case_t *c,
596 TEEC_Session *s,
597 TEE_OperationHandle oph,
598 const void *src,
599 size_t src_len,
600 void *dst,
601 size_t *dst_len)
602{
603 TEEC_Result res;
604 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
605 uint32_t ret_orig;
606
607 assert((uintptr_t)oph <= UINT32_MAX);
608 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
609
610 op.params[1].tmpref.buffer = (void *)src;
611 op.params[1].tmpref.size = src_len;
612
613 op.params[2].tmpref.buffer = (void *)dst;
614 op.params[2].tmpref.size = *dst_len;
615
616 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
617 TEEC_MEMREF_TEMP_INPUT,
618 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
619
620 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE, &op, &ret_orig);
621
622 if (res != TEEC_SUCCESS) {
623 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
624 ret_orig);
625 }
626
627 if (res == TEEC_SUCCESS)
628 *dst_len = op.params[2].tmpref.size;
629
630 return res;
631}
632
633static TEEC_Result ta_crypt_cmd_ae_encrypt_final(ADBG_Case_t *c,
634 TEEC_Session *s,
635 TEE_OperationHandle oph,
636 const void *src,
637 size_t src_len, void *dst,
638 size_t *dst_len, void *tag,
639 size_t *tag_len)
640{
641 TEEC_Result res;
642 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
643 uint32_t ret_orig;
644
645 assert((uintptr_t)oph <= UINT32_MAX);
646 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
647
648 op.params[1].tmpref.buffer = (void *)src;
649 op.params[1].tmpref.size = src_len;
650
651 op.params[2].tmpref.buffer = (void *)dst;
652 op.params[2].tmpref.size = *dst_len;
653
654 op.params[3].tmpref.buffer = (void *)tag;
655 op.params[3].tmpref.size = *tag_len;
656
657 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
658 TEEC_MEMREF_TEMP_INPUT,
659 TEEC_MEMREF_TEMP_OUTPUT,
660 TEEC_MEMREF_TEMP_OUTPUT);
661
662 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_ENCRYPT_FINAL, &op,
663 &ret_orig);
664
665 if (res != TEEC_SUCCESS) {
666 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
667 ret_orig);
668 }
669
670 if (res == TEEC_SUCCESS) {
671 *dst_len = op.params[2].tmpref.size;
672 *tag_len = op.params[3].tmpref.size;
673 }
674
675 return res;
676}
677
678static TEEC_Result ta_crypt_cmd_ae_decrypt_final(ADBG_Case_t *c,
679 TEEC_Session *s,
680 TEE_OperationHandle oph,
681 const void *src, size_t src_len,
682 void *dst, size_t *dst_len,
683 const void *tag, size_t tag_len)
684{
685 TEEC_Result res;
686 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
687 uint32_t ret_orig;
688
689 assert((uintptr_t)oph <= UINT32_MAX);
690 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
691
692 op.params[1].tmpref.buffer = (void *)src;
693 op.params[1].tmpref.size = src_len;
694
695 op.params[2].tmpref.buffer = dst;
696 op.params[2].tmpref.size = *dst_len;
697
698 op.params[3].tmpref.buffer = (void *)tag;
699 op.params[3].tmpref.size = tag_len;
700
701 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
702 TEEC_MEMREF_TEMP_INPUT,
703 TEEC_MEMREF_TEMP_OUTPUT,
704 TEEC_MEMREF_TEMP_INPUT);
705
706 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_DECRYPT_FINAL, &op,
707 &ret_orig);
708
709 if (res != TEEC_SUCCESS) {
710 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
711 ret_orig);
712 }
713
714 if (res == TEEC_SUCCESS)
715 *dst_len = op.params[2].tmpref.size;
716
717 return res;
718}
719
720static TEEC_Result ta_crypt_cmd_asymmetric_operate(ADBG_Case_t *c,
721 TEEC_Session *s,
722 TEE_OperationHandle oph,
723 uint32_t cmd,
724 const TEE_Attribute *params,
725 uint32_t paramCount,
726 const void *src,
727 size_t src_len,
728 void *dst,
729 size_t *dst_len)
730{
731 TEEC_Result res;
732 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
733 uint32_t ret_orig;
734 uint8_t *buf;
735 size_t blen;
736
737 res = pack_attrs(params, paramCount, &buf, &blen);
738 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
739 return res;
740
741 assert((uintptr_t)oph <= UINT32_MAX);
742 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
743
744 op.params[1].tmpref.buffer = buf;
745 op.params[1].tmpref.size = blen;
746
747 op.params[2].tmpref.buffer = (void *)src;
748 op.params[2].tmpref.size = src_len;
749
750 op.params[3].tmpref.buffer = dst;
751 op.params[3].tmpref.size = *dst_len;
752
753 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
754 TEEC_MEMREF_TEMP_INPUT,
755 TEEC_MEMREF_TEMP_INPUT,
756 TEEC_MEMREF_TEMP_OUTPUT);
757
758 res = TEEC_InvokeCommand(s, cmd, &op, &ret_orig);
759
760 if (res != TEEC_SUCCESS) {
761 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
762 ret_orig);
763 }
764
765 if (res == TEEC_SUCCESS)
766 *dst_len = op.params[3].tmpref.size;
767
768 free(buf);
769 return res;
770}
771
772static TEEC_Result ta_crypt_cmd_asymmetric_encrypt(ADBG_Case_t *c,
773 TEEC_Session *s,
774 TEE_OperationHandle oph,
775 const TEE_Attribute *params,
776 uint32_t paramCount,
777 const void *src,
778 size_t src_len,
779 void *dst,
780 size_t *dst_len)
781{
782 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
783 TA_CRYPT_CMD_ASYMMETRIC_ENCRYPT,
784 params, paramCount,
785 src, src_len, dst, dst_len);
786}
787
788static TEEC_Result ta_crypt_cmd_asymmetric_decrypt(ADBG_Case_t *c,
789 TEEC_Session *s,
790 TEE_OperationHandle oph,
791 const TEE_Attribute *params,
792 uint32_t paramCount,
793 const void *src,
794 size_t src_len,
795 void *dst,
796 size_t *dst_len)
797{
798 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
799 TA_CRYPT_CMD_ASYMMETRIC_DECRYPT,
800 params, paramCount,
801 src, src_len, dst, dst_len);
802}
803
804static TEEC_Result ta_crypt_cmd_asymmetric_sign(ADBG_Case_t *c,
805 TEEC_Session *s,
806 TEE_OperationHandle oph,
807 const TEE_Attribute *params,
808 uint32_t paramCount,
809 const void *digest,
810 size_t digest_len,
811 void *signature,
812 size_t *signature_len)
813{
814 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
815 TA_CRYPT_CMD_ASYMMETRIC_SIGN_DIGEST, params, paramCount,
816 digest, digest_len, signature, signature_len);
817}
818
819static TEEC_Result ta_crypt_cmd_asymmetric_verify(ADBG_Case_t *c,
820 TEEC_Session *s,
821 TEE_OperationHandle oph,
822 const TEE_Attribute *params,
823 uint32_t paramCount,
824 const void *digest,
825 size_t digest_len,
826 const void *signature,
827 size_t signature_len)
828{
829 TEEC_Result res;
830 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
831 uint32_t ret_orig;
832 uint8_t *buf;
833 size_t blen;
834
835 res = pack_attrs(params, paramCount, &buf, &blen);
836 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
837 return res;
838
839 assert((uintptr_t)oph <= UINT32_MAX);
840 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
841
842 op.params[1].tmpref.buffer = buf;
843 op.params[1].tmpref.size = blen;
844
845 op.params[2].tmpref.buffer = (void *)digest;
846 op.params[2].tmpref.size = digest_len;
847
848 op.params[3].tmpref.buffer = (void *)signature;
849 op.params[3].tmpref.size = signature_len;
850
851 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
852 TEEC_MEMREF_TEMP_INPUT,
853 TEEC_MEMREF_TEMP_INPUT,
854 TEEC_MEMREF_TEMP_INPUT);
855
856 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_ASYMMETRIC_VERIFY_DIGEST,
857 &op, &ret_orig);
858
859 if (res != TEEC_SUCCESS) {
860 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
861 ret_orig);
862 }
863
864 free(buf);
865 return res;
866}
867
868static TEEC_Result ta_crypt_cmd_get_object_value_attribute(ADBG_Case_t *c,
869 TEEC_Session *s,
870 TEE_ObjectHandle o,
871 uint32_t attr_id,
872 uint32_t *valuea,
873 uint32_t *valueb)
874{
875 TEEC_Result res;
876 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
877 uint32_t ret_orig;
878
879 assert((uintptr_t)o <= UINT32_MAX);
880 op.params[0].value.a = (uint32_t)(uintptr_t)o;
881 op.params[0].value.b = attr_id;
882 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_OUTPUT,
883 TEEC_NONE, TEEC_NONE);
884
885 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GET_OBJECT_VALUE_ATTRIBUTE,
886 &op, &ret_orig);
887
888 if (res != TEEC_SUCCESS) {
889 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
890 ret_orig);
891 }
892
893 if (res == TEEC_SUCCESS) {
894 *valuea = op.params[1].value.a;
895 *valueb = op.params[1].value.b;
896 }
897
898 return res;
899}
900
901static TEEC_Result ta_crypt_cmd_generate_key(ADBG_Case_t *c,
902 TEEC_Session *s,
903 TEE_ObjectHandle o,
904 uint32_t key_size,
905 const TEE_Attribute *params,
906 uint32_t paramCount)
907{
908 TEEC_Result res;
909 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
910 uint32_t ret_orig;
911 uint8_t *buf;
912 size_t blen;
913
914 res = pack_attrs(params, paramCount, &buf, &blen);
915 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
916 return res;
917
918 assert((uintptr_t)o <= UINT32_MAX);
919 op.params[0].value.a = (uint32_t)(uintptr_t)o;
920 op.params[0].value.b = key_size;
921
922 op.params[1].tmpref.buffer = buf;
923 op.params[1].tmpref.size = blen;
924
925 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
926 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
927 TEEC_NONE);
928
929 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GENERATE_KEY, &op, &ret_orig);
930
931 if (res != TEEC_SUCCESS) {
932 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
933 ret_orig);
934 }
935
936 free(buf);
937 return res;
938}
939
940static const uint8_t hash_data_md5_in1[] = {
941 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
942};
943
944static const uint8_t hash_data_md5_out1[] = {
945 0x61, 0x12, 0x71, 0x83, 0x70, 0x8d, 0x3a, 0xc7,
946 0xf1, 0x9b, 0x66, 0x06, 0xfc, 0xae, 0x7d, 0xf6
947};
948
949static const uint8_t hash_data_sha1_in1[] = {
950 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
951};
952
953static const uint8_t hash_data_sha1_out1[] = {
954 0x4b, 0x98, 0x92, 0xb6, 0x52, 0x72, 0x14, 0xaf,
955 0xc6, 0x55, 0xb8, 0xaa, 0x52, 0xf4, 0xd2, 0x03,
956 0xc1, 0x5e, 0x7c, 0x9c
957};
958
959static const uint8_t hash_data_sha224_in1[] = {
960 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
961};
962
963static const uint8_t hash_data_sha224_out1[] = {
964 0x08, 0x21, 0x69, 0xf9, 0x77, 0x1b, 0x80, 0x15,
965 0xf3, 0x97, 0xae, 0xde, 0x5b, 0xba, 0xa2, 0x72,
966 0x2d, 0x8f, 0x5c, 0x19, 0xfe, 0xd2, 0xe2, 0x68,
967 0x92, 0x49, 0xd8, 0x44
968};
969
970static const uint8_t hash_data_sha256_in1[] = { 'a', 'b', 'c' };
971
972static const uint8_t hash_data_sha256_out1[] = {
973 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
974 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
975 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
976 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
977};
978
979static const uint8_t hash_data_sha256_in2[] = { 'e', 'f', 'g' };
980
981static const uint8_t hash_data_sha256_out2[] = {
982 0xd4, 0xff, 0xe8, 0xe9, 0xee, 0x0b, 0x48, 0xeb,
983 0xa7, 0x16, 0x70, 0x61, 0x23, 0xa7, 0x18, 0x7f,
984 0x32, 0xea, 0xe3, 0xbd, 0xcb, 0x0e, 0x77, 0x63,
985 0xe4, 0x1e, 0x53, 0x32, 0x67, 0xbd, 0x8a, 0x53
986};
987
988
989static const uint8_t hash_data_sha384_in1[] = {
990 'a', 'b', 'c', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
991};
992
993static const uint8_t hash_data_sha384_out1[] = {
994 0x4c, 0xab, 0x80, 0x9d, 0x96, 0x84, 0x01, 0x47,
995 0x67, 0x0a, 0xc1, 0x7a, 0xb6, 0xb9, 0xf7, 0x6e,
996 0x35, 0xa6, 0xb0, 0x8c, 0xf5, 0x2a, 0x3d, 0x64,
997 0x9a, 0x8c, 0x7e, 0x0c, 0x55, 0x45, 0xd3, 0x7d,
998 0x1f, 0x7f, 0x28, 0x34, 0x96, 0x14, 0x44, 0x2a,
999 0xf5, 0x98, 0xa2, 0x95, 0x24, 0x76, 0x53, 0x97
1000};
1001
1002static const uint8_t hash_data_sha512_in1[] = {
1003 'a', 'b', 'c', 'd', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
1004};
1005
1006static const uint8_t hash_data_sha512_out1[] = {
1007 0x20, 0xd8, 0x64, 0x4f, 0x54, 0xa2, 0x5f, 0x6f,
1008 0x0a, 0xf9, 0xd5, 0x27, 0x7d, 0x17, 0xa8, 0x99,
1009 0x4c, 0x64, 0x3f, 0xd0, 0xf3, 0x83, 0x36, 0xee,
1010 0x93, 0x12, 0x55, 0xcd, 0x2e, 0x12, 0x34, 0xa0,
1011 0xc2, 0xaa, 0xf9, 0xbb, 0x15, 0xc5, 0xe9, 0xfa,
1012 0xf7, 0xa7, 0xda, 0xb8, 0x2f, 0x72, 0xa0, 0x47,
1013 0xe3, 0x02, 0x04, 0xe8, 0xa0, 0x35, 0x0c, 0x96,
1014 0x26, 0xd1, 0xcb, 0x8b, 0x47, 0x45, 0x25, 0xd0
1015};
1016
1017struct xtest_hash_case {
1018 uint32_t algo;
1019 size_t in_incr;
1020 const uint8_t *in;
1021 size_t in_len;
1022 const uint8_t *out;
1023 size_t out_len;
1024};
1025
1026#define XTEST_HASH_CASE(algo, in_incr, in, out) \
1027 { (algo), (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1028
1029static const struct xtest_hash_case hash_cases[] = {
1030 XTEST_HASH_CASE(TEE_ALG_MD5, 6, hash_data_md5_in1,
1031 hash_data_md5_out1),
1032 XTEST_HASH_CASE(TEE_ALG_SHA1, 3, hash_data_sha1_in1,
1033 hash_data_sha1_out1),
1034 XTEST_HASH_CASE(TEE_ALG_SHA224, 7, hash_data_sha224_in1,
1035 hash_data_sha224_out1),
1036 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in1,
1037 hash_data_sha256_out1),
1038 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in2,
1039 hash_data_sha256_out2),
1040 XTEST_HASH_CASE(TEE_ALG_SHA384, 1, hash_data_sha384_in1,
1041 hash_data_sha384_out1),
1042 XTEST_HASH_CASE(TEE_ALG_SHA512, 1, hash_data_sha512_in1,
1043 hash_data_sha512_out1),
1044};
1045
1046static void xtest_tee_test_4001(ADBG_Case_t *c)
1047{
1048 TEEC_Session session = { 0 };
1049 uint32_t ret_orig;
1050 size_t n;
1051
1052 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1053 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1054 &ret_orig)))
1055 return;
1056
1057
1058 for (n = 0; n < ARRAY_SIZE(hash_cases); n++) {
1059 TEE_OperationHandle op1;
1060 TEE_OperationHandle op2;
1061 uint8_t out[64];
1062 size_t out_size;
1063
1064 Do_ADBG_BeginSubCase(c, "Hash case %d algo 0x%x",
1065 (int)n, (unsigned int)hash_cases[n].algo);
1066
1067 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1068 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1069 hash_cases[n].algo,
1070 TEE_MODE_DIGEST, 0)))
1071 goto out;
1072
1073 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1074 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1075 hash_cases[n].algo,
1076 TEE_MODE_DIGEST, 0)))
1077 goto out;
1078
1079 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1080 ta_crypt_cmd_digest_update(c, &session, op1,
1081 hash_cases[n].in,
1082 hash_cases[n].in_incr)))
1083 goto out;
1084
1085 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1086 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1087 goto out;
1088
1089 out_size = sizeof(out);
1090 memset(out, 0, sizeof(out));
1091 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1092 ta_crypt_cmd_digest_do_final(c, &session, op2,
1093 hash_cases[n].in + hash_cases[n].in_incr,
1094 hash_cases[n].in_len - hash_cases[n].in_incr,
1095 out, &out_size)))
1096 goto out;
1097
1098 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1099 hash_cases[n].out_len, out, out_size);
1100
1101 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1102 ta_crypt_cmd_reset_operation(c, &session, op1)))
1103 goto out;
1104
1105 out_size = sizeof(out);
1106 memset(out, 0, sizeof(out));
1107 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1108 ta_crypt_cmd_digest_do_final(c, &session, op1,
1109 hash_cases[n].in,
1110 hash_cases[n].in_len, out,
1111 &out_size)))
1112 goto out;
1113
1114 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1115 hash_cases[n].out_len, out, out_size);
1116
1117 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1118 ta_crypt_cmd_free_operation(c, &session, op1)))
1119 goto out;
1120
1121 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1122 ta_crypt_cmd_free_operation(c, &session, op2)))
1123 goto out;
1124
1125 Do_ADBG_EndSubCase(c, NULL);
1126 }
1127
1128out:
1129 TEEC_CloseSession(&session);
1130}
1131
1132static const uint8_t mac_data_md5_key1[10] = {
1133 0x6B, 0x65, 0x79, /* key */
1134};
1135
1136static const uint8_t mac_data_md5_in1[] = {
1137 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1138 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1139 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1140 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1141 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1142 0x64, 0x6F, 0x67, /* dog */
1143};
1144
1145static const uint8_t mac_data_md5_out1[] = {
1146 0x80, 0x07, 0x07, 0x13, 0x46, 0x3e, 0x77, 0x49,
1147 0xb9, 0x0c, 0x2d, 0xc2, 0x49, 0x11, 0xe2, 0x75
1148};
1149
1150
1151/* generated with scripts/digest_hmac.pl */
1152static const uint8_t mac_data_sha1_key1[10] = {
1153 0x6B, 0x65, 0x79, /* key */
1154};
1155
1156static const uint8_t mac_data_sha1_in1[] = {
1157 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1158 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1159 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1160 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1161 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1162 0x64, 0x6F, 0x67, /* dog */
1163};
1164
1165static const uint8_t mac_data_sha1_out1[] = {
1166 0xDE, 0x7C, 0x9B, 0x85, 0xB8, 0xB7, 0x8A, 0xA6, /* .|...... */
1167 0xBC, 0x8A, 0x7A, 0x36, 0xF7, 0x0A, 0x90, 0x70, /* ..z6...p */
1168 0x1C, 0x9D, 0xB4, 0xD9, /* .... */
1169};
1170
1171static const uint8_t mac_data_sha224_key1[24] = {
1172 0x6B, 0x65, 0x79, /* key */
1173};
1174
1175static const uint8_t mac_data_sha224_in1[] = {
1176 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1177 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1178 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1179 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1180 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1181 0x64, 0x6F, 0x67, /* dog */
1182};
1183
1184static const uint8_t mac_data_sha224_out1[] = {
1185 0x88, 0xFF, 0x8B, 0x54, 0x67, 0x5D, 0x39, 0xB8, /* ...Tg]9. */
1186 0xF7, 0x23, 0x22, 0xE6, 0x5F, 0xF9, 0x45, 0xC5, /* .#"._.E. */
1187 0x2D, 0x96, 0x37, 0x99, 0x88, 0xAD, 0xA2, 0x56, /* -.7....V */
1188 0x39, 0x74, 0x7E, 0x69, /* 9t~i */
1189};
1190
1191
1192static const uint8_t mac_data_sha256_key1[24] = {
1193 'Q', 'W', 'E', 'R', 'T', 'Y'
1194};
1195
1196static const uint8_t mac_data_sha256_in1[] = { 'a', 'b', 'c' };
1197
1198static const uint8_t mac_data_sha256_out1[] = {
1199 0xee, 0x2e, 0x5d, 0x9b, 0x51, 0xe2, 0x9c, 0x1d,
1200 0x49, 0xe9, 0xae, 0x6f, 0x0a, 0xcc, 0x15, 0x18,
1201 0xde, 0x1e, 0xa3, 0x88, 0x8e, 0xee, 0x48, 0xbb,
1202 0x82, 0x77, 0xe9, 0x09, 0x74, 0x4b, 0xa2, 0xf2
1203};
1204
1205/* generated with scripts/digest_hmac.pl */
1206static const uint8_t mac_data_sha256_key2[24] = {
1207 0x6B, 0x65, 0x79, /* key */
1208};
1209
1210static const uint8_t mac_data_sha256_in2[] = {
1211 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1212 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1213 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1214 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1215 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1216 0x64, 0x6F, 0x67, /* dog */
1217};
1218
1219static const uint8_t mac_data_sha256_out2[] = {
1220 0xF7, 0xBC, 0x83, 0xF4, 0x30, 0x53, 0x84, 0x24, /* ....0S.$ */
1221 0xB1, 0x32, 0x98, 0xE6, 0xAA, 0x6F, 0xB1, 0x43, /* .2...o.C */
1222 0xEF, 0x4D, 0x59, 0xA1, 0x49, 0x46, 0x17, 0x59, /* .MY.IF.Y */
1223 0x97, 0x47, 0x9D, 0xBC, 0x2D, 0x1A, 0x3C, 0xD8, /* .G..-.<. */
1224};
1225
1226static const uint8_t mac_data_sha384_key1[32] = {
1227 0x6B, 0x65, 0x79, /* key */
1228};
1229
1230static const uint8_t mac_data_sha384_in1[] = {
1231 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1232 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1233 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1234 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1235 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1236 0x64, 0x6F, 0x67, /* dog */
1237};
1238
1239static const uint8_t mac_data_sha384_out1[] = {
1240 0xD7, 0xF4, 0x72, 0x7E, 0x2C, 0x0B, 0x39, 0xAE, /* ..r~, .9. */
1241 0x0F, 0x1E, 0x40, 0xCC, 0x96, 0xF6, 0x02, 0x42, /* ..@....B */
1242 0xD5, 0xB7, 0x80, 0x18, 0x41, 0xCE, 0xA6, 0xFC, /* ....A... */
1243 0x59, 0x2C, 0x5D, 0x3E, 0x1A, 0xE5, 0x07, 0x00, /* Y, ]>.... */
1244 0x58, 0x2A, 0x96, 0xCF, 0x35, 0xE1, 0xE5, 0x54, /* X...5..T */
1245 0x99, 0x5F, 0xE4, 0xE0, 0x33, 0x81, 0xC2, 0x37, /* ._..3..7 */
1246};
1247
1248static const uint8_t mac_data_sha512_key1[32] = {
1249 0x6B, 0x65, 0x79, /* key */
1250};
1251
1252static const uint8_t mac_data_sha512_in1[] = {
1253 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1254 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1255 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1256 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1257 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1258 0x64, 0x6F, 0x67, /* dog */
1259};
1260
1261static const uint8_t mac_data_sha512_out1[] = {
1262 0xB4, 0x2A, 0xF0, 0x90, 0x57, 0xBA, 0xC1, 0xE2, /* ....W... */
1263 0xD4, 0x17, 0x08, 0xE4, 0x8A, 0x90, 0x2E, 0x09, /* ........ */
1264 0xB5, 0xFF, 0x7F, 0x12, 0xAB, 0x42, 0x8A, 0x4F, /* .....B.O */
1265 0xE8, 0x66, 0x53, 0xC7, 0x3D, 0xD2, 0x48, 0xFB, /* .fS.=.H. */
1266 0x82, 0xF9, 0x48, 0xA5, 0x49, 0xF7, 0xB7, 0x91, /* ..H.I... */
1267 0xA5, 0xB4, 0x19, 0x15, 0xEE, 0x4D, 0x1E, 0xC3, /* .....M.. */
1268 0x93, 0x53, 0x57, 0xE4, 0xE2, 0x31, 0x72, 0x50, /* .SW..1rP */
1269 0xD0, 0x37, 0x2A, 0xFA, 0x2E, 0xBE, 0xEB, 0x3A, /* .7.....: */
1270};
1271
1272
1273/* AES-CBC-MAC */
1274static const uint8_t mac_cbc_vect1_key[] = {
1275 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1276 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1277};
1278
1279static const uint8_t mac_cbc_vect1_data[] = {
1280 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1281 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1282 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1283 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1284 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1285 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1286 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1287 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1288 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1289 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1290 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1291 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1292 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1293 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1294 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1295 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1296 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1297 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1298 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1299 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1300};
1301
1302static const uint8_t mac_cbc_vect1_out[] = {
1303 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1304 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1305};
1306
1307/* DES-CBC-MAC */
1308static const uint8_t mac_cbc_vect2_key[] = {
1309 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1310};
1311
1312#define mac_cbc_vect2_data mac_cbc_vect1_data
1313static const uint8_t mac_cbc_vect2_out[] = {
1314 0xE9, 0x41, 0x46, 0x30, 0x69, 0x32, 0xBD, 0xD6, /* .AF0i2.. */
1315};
1316
1317/* DES3-CBC-MAC */
1318static const uint8_t mac_cbc_vect3_key[] = {
1319 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1320 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1321 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1322};
1323
1324#define mac_cbc_vect3_data mac_cbc_vect2_data
1325static const uint8_t mac_cbc_vect3_out[] = {
1326 0x1C, 0x17, 0xB7, 0xB5, 0x9F, 0x54, 0x9C, 0x63, /* .....T.c */
1327};
1328
1329/* AES-CBC-MAC PKCS#5 pad*/
1330static const uint8_t mac_cbc_vect4_key[] = {
1331 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1332 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1333 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1334 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1335};
1336
1337#define mac_cbc_vect4_data mac_cbc_vect1_data
1338static const uint8_t mac_cbc_vect4_out[] = {
1339 0x0B, 0x46, 0xC7, 0xA2, 0xE1, 0x5A, 0xE2, 0x23, /* .F...Z.# */
1340 0x83, 0x34, 0x1C, 0x86, 0x53, 0xF8, 0x51, 0x24, /* .4..S.Q$ */
1341};
1342
1343/* DES-CBC-MAC PKCS#5 pad*/
1344static const uint8_t mac_cbc_vect5_key[] = {
1345 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1346};
1347
1348#define mac_cbc_vect5_data mac_cbc_vect1_data
1349static const uint8_t mac_cbc_vect5_out[] = {
1350 0x30, 0x81, 0x4F, 0x42, 0x03, 0x7E, 0xD8, 0xA9, /* 0.OB.~.. */
1351};
1352
1353/* DES3-CBC-MAC PKCS#5 pad*/
1354static const uint8_t mac_cbc_vect6_key[] = {
1355 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1356 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1357 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1358};
1359
1360#define mac_cbc_vect6_data mac_cbc_vect1_data
1361static const uint8_t mac_cbc_vect6_out[] = {
1362 0x6E, 0x37, 0x6E, 0x14, 0x5E, 0x21, 0xDD, 0xF8, /* n7n.^!.. */
1363};
1364
1365/* AES-CBC-MAC PKCS#5 pad*/
1366#define mac_cbc_vect7_key mac_cbc_vect4_key
1367static const uint8_t mac_cbc_vect7_data[] = {
1368 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1369 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1370 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1371 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1372 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1373 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1374 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1375 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1376 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1377 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1378 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1379 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1380 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1381 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1382 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1383 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1384 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1385 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1386 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1387 0x74, 0x69, 0x6F, 0x6E, 0x2E, /* tion. */
1388};
1389
1390static const uint8_t mac_cbc_vect7_out[] = {
1391 0xFD, 0x89, 0x35, 0xB3, 0x93, 0x7F, 0xBB, 0xA2, /* ..5..... */
1392 0xFB, 0x65, 0x60, 0xC4, 0x0A, 0x62, 0xA0, 0xF9, /* .e`..b.. */
1393};
1394
1395/* DES-CBC-MAC PKCS#5 pad*/
1396#define mac_cbc_vect8_key mac_cbc_vect5_key
1397#define mac_cbc_vect8_data mac_cbc_vect7_data
1398static const uint8_t mac_cbc_vect8_out[] = {
1399 0x02, 0x2A, 0xA8, 0x2E, 0x47, 0xC6, 0xBB, 0x7C, /* ....G..| */
1400};
1401
1402/* DES3-CBC-MAC PKCS#5 pad*/
1403#define mac_cbc_vect9_key mac_cbc_vect6_key
1404#define mac_cbc_vect9_data mac_cbc_vect7_data
1405static const uint8_t mac_cbc_vect9_out[] = {
1406 0xD4, 0xF7, 0x3E, 0x27, 0x78, 0x0E, 0x1C, 0x79, /* ..>'x..y */
1407};
1408
1409/*
1410 * AES-CMAC
1411 * Test vectors from
1412 * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
1413 */
1414
1415/* AES-128 */
1416static const uint8_t mac_cmac_vect1_key[] = {
1417 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1418 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
1419};
1420
1421static const uint8_t mac_cmac_vect1_out[] = {
1422 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
1423 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
1424};
1425
1426#define mac_cmac_vect2_key mac_cmac_vect1_key
1427static const uint8_t mac_cmac_vect2_data[] = {
1428 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1429 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1430};
1431
1432static const uint8_t mac_cmac_vect2_out[] = {
1433 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
1434 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
1435};
1436
1437#define mac_cmac_vect3_key mac_cmac_vect1_key
1438static const uint8_t mac_cmac_vect3_data[] = {
1439 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1440 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1441 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1442 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1443 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1444};
1445
1446static const uint8_t mac_cmac_vect3_out[] = {
1447 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
1448 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
1449};
1450
1451#define mac_cmac_vect4_key mac_cmac_vect1_key
1452static const uint8_t mac_cmac_vect4_data[] = {
1453 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1454 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1455 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1456 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1457 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1458 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1459 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1460 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1461};
1462
1463static const uint8_t mac_cmac_vect4_out[] = {
1464 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
1465 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
1466};
1467
1468/* AES-192 */
1469static const uint8_t mac_cmac_vect5_key[] = {
1470 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
1471 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
1472 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
1473};
1474
1475static const uint8_t mac_cmac_vect5_out[] = {
1476 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
1477 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
1478};
1479
1480
1481#define mac_cmac_vect6_key mac_cmac_vect5_key
1482static const uint8_t mac_cmac_vect6_data[] = {
1483 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1484 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1485};
1486
1487static const uint8_t mac_cmac_vect6_out[] = {
1488 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
1489 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
1490};
1491
1492#define mac_cmac_vect7_key mac_cmac_vect5_key
1493static const uint8_t mac_cmac_vect7_data[] = {
1494 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1495 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1496 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1497 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1498 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1499};
1500
1501static const uint8_t mac_cmac_vect7_out[] = {
1502 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
1503 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
1504};
1505
1506#define mac_cmac_vect8_key mac_cmac_vect5_key
1507static const uint8_t mac_cmac_vect8_data[] = {
1508 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1509 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1510 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1511 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1512 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1513 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1514 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1515 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1516};
1517
1518static const uint8_t mac_cmac_vect8_out[] = {
1519 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
1520 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
1521};
1522
1523/* AES-256 */
1524static const uint8_t mac_cmac_vect9_key[] = {
1525 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
1526 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
1527 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
1528 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
1529};
1530
1531static const uint8_t mac_cmac_vect9_out[] = {
1532 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
1533 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
1534};
1535
1536#define mac_cmac_vect10_key mac_cmac_vect9_key
1537static const uint8_t mac_cmac_vect10_data[] = {
1538 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1539 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1540};
1541
1542static const uint8_t mac_cmac_vect10_out[] = {
1543 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
1544 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
1545};
1546
1547#define mac_cmac_vect11_key mac_cmac_vect9_key
1548static const uint8_t mac_cmac_vect11_data[] = {
1549 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1550 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1551 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1552 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1553 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1554};
1555
1556static const uint8_t mac_cmac_vect11_out[] = {
1557 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
1558 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
1559};
1560
1561#define mac_cmac_vect12_key mac_cmac_vect9_key
1562static const uint8_t mac_cmac_vect12_data[] = {
1563 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1564 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1565 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1566 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1567 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1568 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1569 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1570 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1571};
1572
1573static const uint8_t mac_cmac_vect12_out[] = {
1574 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
1575 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
1576};
1577
1578struct xtest_mac_case {
1579 uint32_t algo;
1580 uint32_t key_type;
1581 const uint8_t *key;
1582 size_t key_len;
1583 size_t in_incr;
1584 const uint8_t *in;
1585 size_t in_len;
1586 const uint8_t *out;
1587 size_t out_len;
1588};
1589
1590#define XTEST_MAC_CASE(algo, key_type, key, in_incr, in, out) \
1591 { (algo), (key_type), (key), ARRAY_SIZE(key), \
1592 (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1593
1594#define XTEST_MAC_CBC_CASE(algo, key_type, vect, in_incr) \
1595 XTEST_MAC_CASE((algo), (key_type), \
1596 mac_cbc_ ## vect ## _key, (in_incr), \
1597 mac_cbc_ ## vect ## _data, mac_cbc_ ## vect ## _out)
1598
1599#define XTEST_MAC_CMAC_CASE(vect, in_incr) \
1600 XTEST_MAC_CASE(TEE_ALG_AES_CMAC, TEE_TYPE_AES, \
1601 mac_cmac_ ## vect ## _key, (in_incr), \
1602 mac_cmac_ ## vect ## _data, mac_cmac_ ## vect ## _out)
1603
1604static const struct xtest_mac_case mac_cases[] = {
1605 XTEST_MAC_CASE(TEE_ALG_HMAC_MD5, TEE_TYPE_HMAC_MD5,
1606 mac_data_md5_key1,
1607 4, mac_data_md5_in1, mac_data_md5_out1),
1608 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA1, TEE_TYPE_HMAC_SHA1,
1609 mac_data_sha1_key1,
1610 5, mac_data_sha1_in1, mac_data_sha1_out1),
1611 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA224, TEE_TYPE_HMAC_SHA224,
1612 mac_data_sha224_key1,
1613 8, mac_data_sha224_in1, mac_data_sha224_out1),
1614 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1615 mac_data_sha256_key1,
1616 1, mac_data_sha256_in1, mac_data_sha256_out1),
1617 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1618 mac_data_sha256_key2,
1619 7, mac_data_sha256_in2, mac_data_sha256_out2),
1620 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA384, TEE_TYPE_HMAC_SHA384,
1621 mac_data_sha384_key1,
1622 11, mac_data_sha384_in1, mac_data_sha384_out1),
1623 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA512, TEE_TYPE_HMAC_SHA512,
1624 mac_data_sha512_key1,
1625 13, mac_data_sha512_in1, mac_data_sha512_out1),
1626
1627 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_NOPAD, TEE_TYPE_AES, vect1, 14),
1628 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_NOPAD, TEE_TYPE_DES, vect2, 16),
1629 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_NOPAD, TEE_TYPE_DES3, vect3,
1630 17),
1631 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect4, 11),
1632 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect5, 9),
1633 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect6, 4),
1634 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect7, 3),
1635 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect8, 23),
1636 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect9,
1637 34),
1638
1639 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect1_key,
1640 ARRAY_SIZE(mac_cmac_vect1_key), 0, NULL, 0, mac_cmac_vect1_out,
1641 ARRAY_SIZE(mac_cmac_vect1_out) },
1642 XTEST_MAC_CMAC_CASE(vect2, 9),
1643 XTEST_MAC_CMAC_CASE(vect3, 9),
1644 XTEST_MAC_CMAC_CASE(vect4, 9),
1645 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect5_key,
1646 ARRAY_SIZE(mac_cmac_vect5_key), 0, NULL, 0, mac_cmac_vect5_out,
1647 ARRAY_SIZE(mac_cmac_vect5_out) },
1648 XTEST_MAC_CMAC_CASE(vect6, 9),
1649 XTEST_MAC_CMAC_CASE(vect7, 9),
1650 XTEST_MAC_CMAC_CASE(vect8, 9),
1651 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect9_key,
1652 ARRAY_SIZE(mac_cmac_vect9_key), 0, NULL, 0, mac_cmac_vect9_out,
1653 ARRAY_SIZE(mac_cmac_vect9_out) },
1654 XTEST_MAC_CMAC_CASE(vect10, 9),
1655 XTEST_MAC_CMAC_CASE(vect11, 9),
1656 XTEST_MAC_CMAC_CASE(vect12, 9),
1657};
1658
1659static void xtest_tee_test_4002(ADBG_Case_t *c)
1660{
1661 TEEC_Session session = { 0 };
1662 TEE_OperationHandle op1;
1663 TEE_OperationHandle op2;
1664 TEE_ObjectHandle key_handle;
1665 uint8_t out[64];
1666 size_t out_size;
1667 uint32_t ret_orig;
1668 size_t n;
1669
1670 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1671 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1672 &ret_orig)))
1673 return;
1674
1675 for (n = 0; n < ARRAY_SIZE(mac_cases); n++) {
1676 TEE_Attribute key_attr;
1677 size_t key_size;
1678
1679 Do_ADBG_BeginSubCase(c, "MAC case %d algo 0x%x",
1680 (int)n, (unsigned int)mac_cases[n].algo);
1681
1682 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
1683 key_attr.content.ref.buffer = (void *)mac_cases[n].key;
1684 key_attr.content.ref.length = mac_cases[n].key_len;
1685
1686 key_size = key_attr.content.ref.length * 8;
1687 if (mac_cases[n].key_type == TEE_TYPE_DES ||
1688 mac_cases[n].key_type == TEE_TYPE_DES3)
1689 /* Exclude parity in bit size of key */
1690 key_size -= key_size / 8;
1691
1692 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1693 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1694 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1695 goto out;
1696
1697 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1698 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1699 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1700 goto out;
1701
1702 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1703 ta_crypt_cmd_allocate_transient_object(c, &session,
1704 mac_cases[n].key_type, key_size, &key_handle)))
1705 goto out;
1706
1707 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1708 ta_crypt_cmd_populate_transient_object(c, &session,
1709 key_handle, &key_attr, 1)))
1710 goto out;
1711
1712 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1713 ta_crypt_cmd_set_operation_key(c, &session, op1,
1714 key_handle)))
1715 goto out;
1716
1717 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1718 ta_crypt_cmd_free_transient_object(c, &session,
1719 key_handle)))
1720 goto out;
1721
1722 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1723 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1724 goto out;
1725
1726 if (mac_cases[n].in != NULL) {
1727 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1728 ta_crypt_cmd_mac_update(c, &session, op1,
1729 mac_cases[n].in, mac_cases[n].in_incr)))
1730 goto out;
1731 }
1732
1733 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1734 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1735 goto out;
1736
1737 out_size = sizeof(out);
1738 memset(out, 0, sizeof(out));
1739 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1740 ta_crypt_cmd_mac_final_compute(c, &session, op2,
1741 mac_cases[n].in + mac_cases[n].in_incr,
1742 mac_cases [n].in_len - mac_cases[n].in_incr,
1743 out, &out_size)))
1744 goto out;
1745
1746 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1747 mac_cases[n].out_len, out, out_size);
1748
1749 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1750 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1751 goto out;
1752
1753 out_size = sizeof(out);
1754 memset(out, 0, sizeof(out));
1755 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1756 ta_crypt_cmd_mac_final_compute(c, &session, op1,
1757 mac_cases[n].in, mac_cases[n].in_len, out,
1758 &out_size)))
1759 goto out;
1760
1761 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1762 mac_cases[n].out_len, out, out_size);
1763
1764 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1765 ta_crypt_cmd_free_operation(c, &session, op1)))
1766 goto out;
1767
1768 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1769 ta_crypt_cmd_free_operation(c, &session, op2)))
1770 goto out;
1771
1772 Do_ADBG_EndSubCase(c, NULL);
1773 }
1774out:
1775 TEEC_CloseSession(&session);
1776}
1777
1778/* generated with scripts/crypt_aes_cbc_nopad.pl */
1779static const uint8_t ciph_data_aes_key1[] = {
1780 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1781 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1782};
1783
1784static const uint8_t ciph_data_des_key1[] = {
1785 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 /* 01234567 */
1786};
1787
1788static const uint8_t ciph_data_des_key2[] = {
1789 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1790};
1791
1792
1793static const uint8_t ciph_data_des3_key1[] = {
1794 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1795 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1796 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1797};
1798
1799static const uint8_t ciph_data_des3_key2[] = {
1800 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1801 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1802 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1803};
1804
1805static const uint8_t ciph_data_des2_key1[] = {
1806 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1807 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1808};
1809
1810static const uint8_t ciph_data_in1[] = {
1811 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1812 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1813 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1814 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1815 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1816 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, /* CDEF0123 */
1817};
1818
1819static const uint8_t ciph_data_in3[] = {
1820 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1821 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1822 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1823 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1824 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1825 0x43, 0x44, 0x45, 0x46, 0x30, /* CDEF0 */
1826};
1827
1828static const uint8_t ciph_data_128_iv1[] = {
1829 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1830 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, /* 9ABCDEF0 */
1831};
1832
1833static const uint8_t ciph_data_64_iv1[] = {
1834 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1835};
1836
1837static const uint8_t ciph_data_in2[] = {
1838 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
1839};
1840
1841static const uint8_t ciph_data_aes_ecb_nopad_out1[] = {
1842 0xA5, 0xBE, 0x14, 0xD5, 0x01, 0x05, 0x24, 0x48, /* ......$H */
1843 0x58, 0x1A, 0x6B, 0x82, 0xD4, 0x41, 0xD2, 0xB3, /* X.k..A.. */
1844 0xBB, 0xF9, 0xAE, 0x37, 0x94, 0xAC, 0x18, 0x50, /* ...7...P */
1845 0x87, 0x09, 0xCC, 0x3F, 0x43, 0xD2, 0xC2, 0xB7, /* ...?C... */
1846 0xD7, 0x6F, 0x84, 0x07, 0xB4, 0x78, 0xCE, 0x34, /* .o...x.4 */
1847 0x48, 0xC9, 0x16, 0x86, 0x42, 0xB8, 0xFF, 0xCF, /* H...B... */
1848};
1849
1850static const uint8_t ciph_data_aes_cbc_nopad_out1[] = {
1851 0x8D, 0x9F, 0x88, 0xD8, 0xAF, 0x9F, 0xC1, 0x3B, /* .......; */
1852 0x02, 0x15, 0x43, 0x6A, 0x8C, 0x1E, 0x34, 0x5C, /* ..Cj..4\ */
1853 0x83, 0xF4, 0x85, 0x3E, 0x43, 0x0F, 0xE5, 0x5F, /* ...>C.._ */
1854 0x81, 0x4C, 0xC0, 0x28, 0x3F, 0xD9, 0x98, 0x53, /* .L.(?..S */
1855 0xB1, 0x44, 0x51, 0x38, 0x21, 0xAB, 0x10, 0xCE, /* .DQ8!... */
1856 0xC2, 0xEC, 0x65, 0x54, 0xDD, 0x5C, 0xEA, 0xDC, /* ..eT.\.. */
1857};
1858
1859static const uint8_t ciph_data_aes_ctr_out1[] = {
1860 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1861 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1862 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1863 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1864 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1865 0x72, 0x0E, 0x3C, 0xD1, 0xA1, 0x2F, 0x5D, 0x33, /* r.<../]3 */
1866};
1867
1868static const uint8_t ciph_data_aes_ctr_out2[] = {
1869 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1870 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1871 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1872 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1873 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1874 0x72, 0x0E, 0x3C, 0xD1, 0xA1, /* r.<.. */
1875};
1876
1877static const uint8_t ciph_data_aes_cbc_vect1_key[] = {
1878 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1879 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1880};
1881
1882static const uint8_t ciph_data_aes_cbc_vect1_iv[] = {
1883 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1884 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1885};
1886
1887static const uint8_t ciph_data_aes_cbc_vect1_ptx[] = {
1888 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1889 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1890 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1891 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1892 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1893 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1894 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1895 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1896 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1897 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1898 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1899 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1900 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1901 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1902 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1903 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1904 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1905 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1906 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1907 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1908};
1909
1910static const uint8_t ciph_data_aes_cbc_vect1_ctx[] = {
1911 0xDD, 0x16, 0xC3, 0x47, 0x69, 0xEC, 0xF5, 0x86, /* ...Gi... */
1912 0x20, 0xB4, 0xF7, 0xE3, 0xB9, 0x36, 0xE8, 0xAC, /* ....6.. */
1913 0xC9, 0xA2, 0x11, 0x71, 0x3B, 0x10, 0x9D, 0x45, /* ...q;..E */
1914 0xCA, 0xE2, 0x49, 0xA6, 0x4E, 0x56, 0x07, 0xC5, /* ..I.NV.. */
1915 0xCE, 0xA3, 0x14, 0xB5, 0x30, 0x1B, 0x63, 0xBB, /* ....0.c. */
1916 0x2D, 0x6F, 0xE9, 0xCA, 0x0B, 0x00, 0x31, 0x3F, /* -o....1? */
1917 0xA4, 0x9A, 0x39, 0xE1, 0xC8, 0xD2, 0x24, 0x95, /* ..9...$. */
1918 0x14, 0xE9, 0xD2, 0x43, 0xE8, 0xA8, 0x1E, 0x0A, /* ...C.... */
1919 0xFE, 0x9D, 0x4F, 0xF5, 0xBB, 0x16, 0xB9, 0x54, /* ..O....T */
1920 0x78, 0x07, 0x94, 0x05, 0x8E, 0x47, 0xC3, 0xCB, /* x....G.. */
1921 0x7C, 0xEC, 0xF4, 0xF8, 0xF2, 0xA4, 0x59, 0x6E, /* |.....Yn */
1922 0xED, 0xAD, 0x7F, 0x62, 0xAF, 0x89, 0xA8, 0x5B, /* ...b...[ */
1923 0x75, 0xD4, 0x73, 0xE3, 0xBA, 0x9F, 0x9A, 0xD2, /* u.s..... */
1924 0x0F, 0xFD, 0x3C, 0xE6, 0xC6, 0xA4, 0xD6, 0x6C, /* ..<....l */
1925 0x6A, 0x09, 0xE2, 0x16, 0xB0, 0x8C, 0x69, 0x3C, /* j.....i< */
1926 0xC8, 0x1C, 0xE4, 0x3E, 0x86, 0x4D, 0xB0, 0x2B, /* ...>.M.+ */
1927 0x29, 0xA0, 0x5A, 0xA3, 0x67, 0xBA, 0xDC, 0x11, /* ).Z.g... */
1928 0x08, 0x5E, 0x69, 0xB4, 0x6F, 0xA5, 0xE2, 0xB8, /* .^i.o... */
1929 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1930 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1931};
1932
1933/* AES-CTS test vectors from http://tools.ietf.org/html/rfc3962
1934 * and http://tools.ietf.org/html/draft-raeburn-krb-rijndael-krb-02 */
1935static const uint8_t ciph_data_aes_cts_vect1_key[] = {
1936 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
1937 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
1938};
1939
1940static const uint8_t ciph_data_aes_cts_vect1_iv[16] = {
1941 0x00
1942};
1943
1944static const uint8_t ciph_data_aes_cts_vect1_ptx[] = {
1945 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1946 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1947 0x20
1948};
1949
1950static const uint8_t ciph_data_aes_cts_vect1_ctx[] = {
1951 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
1952 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
1953 0x97
1954};
1955
1956#define ciph_data_aes_cts_vect2_key ciph_data_aes_cts_vect1_key
1957#define ciph_data_aes_cts_vect2_iv ciph_data_aes_cts_vect1_iv
1958static const uint8_t ciph_data_aes_cts_vect2_ptx[] = {
1959 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1960 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1961 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1962 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
1963};
1964
1965static const uint8_t ciph_data_aes_cts_vect2_ctx[] = {
1966 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
1967 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
1968 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1969 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
1970};
1971
1972#define ciph_data_aes_cts_vect3_key ciph_data_aes_cts_vect1_key
1973#define ciph_data_aes_cts_vect3_iv ciph_data_aes_cts_vect1_iv
1974static const uint8_t ciph_data_aes_cts_vect3_ptx[] = {
1975 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1976 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1977 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1978 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1979};
1980
1981static const uint8_t ciph_data_aes_cts_vect3_ctx[] = {
1982 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
1983 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
1984 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1985 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
1986};
1987
1988#define ciph_data_aes_cts_vect4_key ciph_data_aes_cts_vect1_key
1989#define ciph_data_aes_cts_vect4_iv ciph_data_aes_cts_vect1_iv
1990static const uint8_t ciph_data_aes_cts_vect4_ptx[] = {
1991 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1992 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1993 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1994 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1995 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
1996 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c,
1997};
1998
1999static const uint8_t ciph_data_aes_cts_vect4_ctx[] = {
2000 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2001 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2002 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
2003 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
2004 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2005 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5,
2006};
2007
2008#define ciph_data_aes_cts_vect5_key ciph_data_aes_cts_vect1_key
2009#define ciph_data_aes_cts_vect5_iv ciph_data_aes_cts_vect1_iv
2010static const uint8_t ciph_data_aes_cts_vect5_ptx[] = {
2011 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2012 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2013 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2014 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2015 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2016 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2017};
2018
2019static const uint8_t ciph_data_aes_cts_vect5_ctx[] = {
2020 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2021 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2022 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2023 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2024 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2025 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2026};
2027
2028#define ciph_data_aes_cts_vect6_key ciph_data_aes_cts_vect1_key
2029#define ciph_data_aes_cts_vect6_iv ciph_data_aes_cts_vect1_iv
2030static const uint8_t ciph_data_aes_cts_vect6_ptx[] = {
2031 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2032 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2033 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2034 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2035 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2036 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2037 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
2038 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e,
2039};
2040
2041static const uint8_t ciph_data_aes_cts_vect6_ctx[] = {
2042 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2043 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2044 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2045 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2046 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
2047 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
2048 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2049 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2050};
2051
2052static const uint8_t ciph_data_des_ecb_nopad_out1[] = {
2053 0x46, 0x2B, 0x91, 0xA8, 0x55, 0xE6, 0x7E, 0x75, /* F+..U.~u */
2054 0x5E, 0x53, 0xF4, 0x8F, 0x29, 0x41, 0x4E, 0xEF, /* ^S..)AN. */
2055 0x32, 0x1B, 0x58, 0x42, 0x9B, 0xB4, 0x3A, 0x1F, /* 2.XB..:. */
2056 0x9A, 0xEA, 0xA4, 0xB4, 0xCD, 0xE9, 0x87, 0x7C, /* .......| */
2057 0xC0, 0x05, 0x34, 0xED, 0x86, 0x3C, 0x2A, 0x81, /* ..4..<.. */
2058 0x5E, 0x93, 0x0E, 0x86, 0xA9, 0xBB, 0x80, 0xFF, /* ^....... */
2059};
2060
2061static const uint8_t ciph_data_des_ecb_nopad_out2[] = {
2062 0x85, 0xE8, 0x13, 0x54, 0x0F, 0x0A, 0xB4, 0x05
2063};
2064
2065static const uint8_t ciph_data_des_cbc_nopad_out1[] = {
2066 0xAD, 0xD6, 0xD6, 0x3E, 0x88, 0xD0, 0xDD, 0xD4, /* ...>.... */
2067 0x9A, 0x93, 0x95, 0xA0, 0x86, 0x22, 0x5B, 0x9E, /* ....."[. */
2068 0x84, 0x0C, 0x6F, 0x12, 0x04, 0x11, 0x6F, 0xD4, /* ..o...o. */
2069 0x12, 0x29, 0xC6, 0x78, 0x0C, 0xFB, 0x58, 0x5B, /* .).x..X[ */
2070 0x66, 0x82, 0x0E, 0x52, 0xDC, 0x25, 0x16, 0x51, /* f..R.%.Q */
2071 0x69, 0xDF, 0xFE, 0x4E, 0x11, 0x1D, 0x9D, 0x08, /* i..N.... */
2072};
2073
2074static const uint8_t ciph_data_des3_ecb_nopad_out1[] = {
2075 0xA7, 0x46, 0xEC, 0xA8, 0x6A, 0x7F, 0x4A, 0xF1, /* .F..j.J. */
2076 0x44, 0x60, 0x37, 0x3B, 0x7F, 0x76, 0xE5, 0xFF, /* D`7;.v.. */
2077 0xC1, 0xE7, 0xA5, 0x04, 0x9C, 0x29, 0x5C, 0xA5, /* .....)\. */
2078 0xDD, 0xC8, 0xEE, 0x36, 0x1F, 0x48, 0xE0, 0xA9, /* ...6.H.. */
2079 0x82, 0x2D, 0x53, 0x84, 0x49, 0x69, 0x78, 0xFA, /* .-S.Iix. */
2080 0x23, 0x69, 0x1D, 0xF7, 0x08, 0x38, 0x44, 0x05, /* #i...8D. */
2081};
2082
2083static const uint8_t ciph_data_des3_cbc_nopad_out1[] = {
2084 0x18, 0x09, 0xEB, 0x98, 0xE4, 0x58, 0x72, 0x11, /* .....Xr. */
2085 0x30, 0x58, 0xAB, 0x38, 0xB0, 0xC9, 0x2B, 0xED, /* 0X.8..+. */
2086 0xDA, 0xC5, 0xE8, 0xA9, 0xF6, 0x8A, 0xA7, 0x80, /* ........ */
2087 0xBE, 0x54, 0x1F, 0x63, 0xF6, 0xEE, 0xA2, 0x4C, /* .T.c...L */
2088 0x7C, 0xEB, 0x84, 0x7D, 0xDA, 0xCA, 0x1E, 0xB2, /* |..}.... */
2089 0xED, 0x5E, 0x96, 0xB8, 0x01, 0x4B, 0x77, 0x02, /* .^...Kw. */
2090};
2091
2092static const uint8_t ciph_data_des2_ecb_nopad_out1[] = {
2093 0xAB, 0x12, 0xB6, 0xE2, 0x4A, 0x3A, 0x26, 0x14, /* ....J:&. */
2094 0xF0, 0x7D, 0x23, 0xD0, 0x55, 0xDF, 0x5C, 0x16, /* .}#.U.\. */
2095 0x43, 0x59, 0x1E, 0x44, 0x01, 0x76, 0xD7, 0x50, /* CY.D.v.P */
2096 0x44, 0xC0, 0x15, 0xDF, 0x2E, 0x7F, 0x8B, 0xC5, /* D....... */
2097 0xFF, 0x8B, 0x87, 0xFE, 0x33, 0xD7, 0xCB, 0x2C, /* ....3.., */
2098 0xDA, 0x79, 0x6F, 0xA4, 0x05, 0x2B, 0x30, 0xCE, /* .yo..+0. */
2099};
2100
2101static const uint8_t ciph_data_des2_cbc_nopad_out1[] = {
2102 0x47, 0x2F, 0xB1, 0x83, 0xC4, 0xBB, 0x93, 0x16, /* G/...... */
2103 0x73, 0xF9, 0xAD, 0x6F, 0x00, 0xF9, 0xCB, 0x4A, /* s..o...J */
2104 0x0F, 0x4F, 0x75, 0x75, 0xFB, 0x39, 0x0B, 0xFC, /* .Ouu.9.. */
2105 0x9F, 0x48, 0x52, 0xAD, 0xA2, 0x75, 0x2C, 0xF1, /* .HR..u, . */
2106 0x7D, 0xC3, 0x8F, 0x16, 0xCF, 0xC9, 0x76, 0x29, /* }.....v) */
2107 0x1A, 0xBF, 0xB3, 0xD9, 0x10, 0x7E, 0xAA, 0x49, /* .....~.I */
2108};
2109
2110struct xtest_ciph_case {
2111 uint32_t algo;
2112 uint32_t mode;
2113 uint32_t key_type;
2114 const uint8_t *key1;
2115 size_t key1_len;
2116 const uint8_t *key2;
2117 size_t key2_len;
2118 const uint8_t *iv;
2119 size_t iv_len;
2120 size_t in_incr;
2121 const uint8_t *in;
2122 size_t in_len;
2123 const uint8_t *out;
2124 size_t out_len;
2125 size_t line;
2126};
2127
2128#define XTEST_CIPH_CASE_NO_IV(algo, key_type, key, in_incr, ptx, ctx) \
2129 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2130 NULL, 0, NULL, 0, \
2131 (in_incr), (ptx), ARRAY_SIZE(ptx), (ctx), ARRAY_SIZE(ctx), \
2132 __LINE__ }, \
2133 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2134 NULL, 0, NULL, 0, \
2135 (in_incr), (ctx), ARRAY_SIZE(ctx), (ptx), ARRAY_SIZE(ptx), __LINE__ }
2136
2137#define XTEST_CIPH_CASE(algo, key_type, key, iv, in_incr, ptx, ctx) \
2138 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2139 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ptx), ARRAY_SIZE(ptx), \
2140 (ctx), ARRAY_SIZE(ctx), __LINE__ }, \
2141 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2142 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ctx), ARRAY_SIZE(ctx), \
2143 (ptx), ARRAY_SIZE(ptx), __LINE__ }
2144
2145#define XTEST_CIPH_CASE_AES_XTS(vect, in_incr) \
2146 { TEE_ALG_AES_XTS, TEE_MODE_ENCRYPT, TEE_TYPE_AES, \
2147 ciph_data_aes_xts_ ## vect ## _key1, \
2148 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2149 ciph_data_aes_xts_ ## vect ## _key2, \
2150 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2151 ciph_data_aes_xts_ ## vect ## _iv, \
2152 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2153 (in_incr), \
2154 ciph_data_aes_xts_ ## vect ## _ptx, \
2155 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), \
2156 ciph_data_aes_xts_ ## vect ## _ctx, \
2157 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), __LINE__ }, \
2158 { TEE_ALG_AES_XTS, TEE_MODE_DECRYPT, TEE_TYPE_AES, \
2159 ciph_data_aes_xts_ ## vect ## _key1, \
2160 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2161 ciph_data_aes_xts_ ## vect ## _key2, \
2162 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2163 ciph_data_aes_xts_ ## vect ## _iv, \
2164 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2165 (in_incr), \
2166 ciph_data_aes_xts_ ## vect ## _ctx, \
2167 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), \
2168 ciph_data_aes_xts_ ## vect ## _ptx, \
2169 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), __LINE__ }
2170
2171#define XTEST_CIPH_CASE_AES_CBC(vect, in_incr) \
2172 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES, \
2173 ciph_data_aes_cbc_ ## vect ## _key, \
2174 ciph_data_aes_cbc_ ## vect ## _iv, \
2175 (in_incr), ciph_data_aes_cbc_ ## vect ## _ptx, \
2176 ciph_data_aes_cbc_ ## vect ## _ctx)
2177
2178#define XTEST_CIPH_CASE_AES_CTS(vect, in_incr) \
2179 XTEST_CIPH_CASE(TEE_ALG_AES_CTS, TEE_TYPE_AES, \
2180 ciph_data_aes_cts_ ## vect ## _key, \
2181 ciph_data_aes_cts_ ## vect ## _iv, \
2182 (in_incr), ciph_data_aes_cts_ ## vect ## _ptx, \
2183 ciph_data_aes_cts_ ## vect ## _ctx)
2184
2185static const struct xtest_ciph_case ciph_cases[] = {
2186 /* AES */
2187 XTEST_CIPH_CASE_NO_IV(TEE_ALG_AES_ECB_NOPAD, TEE_TYPE_AES,
2188 ciph_data_aes_key1, 11, ciph_data_in1,
2189 ciph_data_aes_ecb_nopad_out1),
2190 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES,
2191 ciph_data_aes_key1, ciph_data_128_iv1, 11,
2192 ciph_data_in1,
2193 ciph_data_aes_cbc_nopad_out1),
2194 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2195 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2196 ciph_data_in1,
2197 ciph_data_aes_ctr_out1),
2198 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2199 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2200 ciph_data_in3,
2201 ciph_data_aes_ctr_out2),
2202
2203 XTEST_CIPH_CASE_AES_CBC(vect1, 11),
2204
2205 /* AES-CTS */
2206 XTEST_CIPH_CASE_AES_CTS(vect1, 13),
2207 XTEST_CIPH_CASE_AES_CTS(vect2, 14),
2208 XTEST_CIPH_CASE_AES_CTS(vect3, 11),
2209 XTEST_CIPH_CASE_AES_CTS(vect4, 9),
2210 XTEST_CIPH_CASE_AES_CTS(vect5, 7),
2211 XTEST_CIPH_CASE_AES_CTS(vect6, 17),
2212 XTEST_CIPH_CASE_AES_CTS(vect6, 0x20),
2213
2214 /* DES */
2215 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2216 ciph_data_des_key1, 14, ciph_data_in1,
2217 ciph_data_des_ecb_nopad_out1),
2218 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2219 ciph_data_des_key2, 3, ciph_data_in2,
2220 ciph_data_des_ecb_nopad_out2),
2221 XTEST_CIPH_CASE(TEE_ALG_DES_CBC_NOPAD, TEE_TYPE_DES,
2222 ciph_data_des_key1, ciph_data_64_iv1, 15, ciph_data_in1,
2223 ciph_data_des_cbc_nopad_out1),
2224
2225 /* DES3 */
2226 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2227 ciph_data_des3_key1, 11, ciph_data_in1,
2228 ciph_data_des3_ecb_nopad_out1),
2229 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2230 ciph_data_des3_key2, 3, ciph_data_in2,
2231 ciph_data_des_ecb_nopad_out2),
2232 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2233 ciph_data_des3_key1, ciph_data_64_iv1, 11,
2234 ciph_data_in1,
2235 ciph_data_des3_cbc_nopad_out1),
2236
2237 /* DES2 */
2238 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2239 ciph_data_des2_key1, 11, ciph_data_in1,
2240 ciph_data_des2_ecb_nopad_out1),
2241 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2242 ciph_data_des2_key1, ciph_data_64_iv1, 11,
2243 ciph_data_in1,
2244 ciph_data_des2_cbc_nopad_out1),
2245};
2246
2247static const struct xtest_ciph_case ciph_cases_xts[] = {
2248 /* AES-XTS */
2249 XTEST_CIPH_CASE_AES_XTS(vect1, 3),
2250 XTEST_CIPH_CASE_AES_XTS(vect2, 6),
2251 XTEST_CIPH_CASE_AES_XTS(vect3, 7),
2252 XTEST_CIPH_CASE_AES_XTS(vect4, 8),
2253 XTEST_CIPH_CASE_AES_XTS(vect5, 9),
2254 XTEST_CIPH_CASE_AES_XTS(vect6, 13),
2255 XTEST_CIPH_CASE_AES_XTS(vect7, 1),
2256 XTEST_CIPH_CASE_AES_XTS(vect8, 3),
2257 XTEST_CIPH_CASE_AES_XTS(vect9, 2),
2258 XTEST_CIPH_CASE_AES_XTS(vect10, 5),
2259 XTEST_CIPH_CASE_AES_XTS(vect11, 6),
2260 XTEST_CIPH_CASE_AES_XTS(vect12, 7),
2261 XTEST_CIPH_CASE_AES_XTS(vect13, 3),
2262 XTEST_CIPH_CASE_AES_XTS(vect14, 2),
2263 XTEST_CIPH_CASE_AES_XTS(vect15, 0),
2264 XTEST_CIPH_CASE_AES_XTS(vect16, 9),
2265 XTEST_CIPH_CASE_AES_XTS(vect17, 6),
2266 XTEST_CIPH_CASE_AES_XTS(vect18, 8),
2267 XTEST_CIPH_CASE_AES_XTS(vect19, 23),
2268};
2269
2270static void xtest_tee_test_4003_no_xts(ADBG_Case_t *c)
2271{
2272 TEEC_Session session = { 0 };
2273 TEE_OperationHandle op;
2274 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2275 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2276 uint8_t out[2048];
2277 size_t out_size;
2278 size_t out_offs;
2279 uint32_t ret_orig;
2280 size_t n;
2281
2282 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2283 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2284 &ret_orig)))
2285 return;
2286
2287 for (n = 0; n < ARRAY_SIZE(ciph_cases); n++) {
2288 TEE_Attribute key_attr;
2289 size_t key_size;
2290 size_t op_key_size;
2291
2292
2293 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2294 (int)n, (unsigned int)ciph_cases[n].algo,
2295 (int)ciph_cases[n].line);
2296
2297 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2298 key_attr.content.ref.buffer = (void *)ciph_cases[n].key1;
2299 key_attr.content.ref.length = ciph_cases[n].key1_len;
2300
2301 key_size = key_attr.content.ref.length * 8;
2302 if (ciph_cases[n].key_type == TEE_TYPE_DES ||
2303 ciph_cases[n].key_type == TEE_TYPE_DES3)
2304 /* Exclude parity in bit size of key */
2305 key_size -= key_size / 8;
2306
2307 op_key_size = key_size;
2308 if (ciph_cases[n].key2 != NULL)
2309 op_key_size *= 2;
2310
2311 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2312 ta_crypt_cmd_allocate_operation(c, &session, &op,
2313 ciph_cases[n].algo, ciph_cases[n].mode,
2314 op_key_size)))
2315 goto out;
2316
2317 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2318 ta_crypt_cmd_allocate_transient_object(c, &session,
2319 ciph_cases[n].key_type, key_size,
2320 &key1_handle)))
2321 goto out;
2322
2323 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2324 ta_crypt_cmd_populate_transient_object(c, &session,
2325 key1_handle, &key_attr, 1)))
2326 goto out;
2327
2328 if (ciph_cases[n].key2 != NULL) {
2329 key_attr.content.ref.buffer =
2330 (void *)ciph_cases[n].key2;
2331 key_attr.content.ref.length = ciph_cases[n].key2_len;
2332
2333 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2334 ta_crypt_cmd_allocate_transient_object(c,
2335 &session, ciph_cases[n].key_type,
2336 key_attr.content.ref.length * 8,
2337 &key2_handle)))
2338 goto out;
2339
2340 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2341 ta_crypt_cmd_populate_transient_object(c,
2342 &session, key2_handle, &key_attr, 1)))
2343 goto out;
2344
2345 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2346 ta_crypt_cmd_set_operation_key2(c, &session, op,
2347 key1_handle, key2_handle)))
2348 goto out;
2349 } else {
2350 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2351 ta_crypt_cmd_set_operation_key(c, &session, op,
2352 key1_handle)))
2353 goto out;
2354 }
2355
2356 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2357 ta_crypt_cmd_free_transient_object(c, &session,
2358 key1_handle)))
2359 goto out;
2360 key1_handle = TEE_HANDLE_NULL;
2361
2362 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2363 ta_crypt_cmd_free_transient_object(c, &session,
2364 key2_handle)))
2365 goto out;
2366 key2_handle = TEE_HANDLE_NULL;
2367
2368 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2369 ta_crypt_cmd_cipher_init(c, &session, op,
2370 ciph_cases[n].iv, ciph_cases[n].iv_len)))
2371 goto out;
2372
2373 out_offs = 0;
2374 out_size = sizeof(out);
2375 memset(out, 0, sizeof(out));
2376 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2377 ta_crypt_cmd_cipher_update(c, &session, op,
2378 ciph_cases[n].in, ciph_cases[n].in_incr, out,
2379 &out_size)))
2380 goto out;
2381
2382 out_offs += out_size;
2383 out_size = sizeof(out) - out_offs;
2384
2385 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2386 ta_crypt_cmd_cipher_do_final(c, &session, op,
2387 ciph_cases[n].in + ciph_cases[n].in_incr,
2388 ciph_cases[n].in_len - ciph_cases[n].in_incr,
2389 out + out_offs,
2390 &out_size)))
2391 goto out;
2392
2393 out_offs += out_size;
2394
2395 (void)ADBG_EXPECT_BUFFER(c, ciph_cases[n].out,
2396 ciph_cases[n].out_len, out, out_offs);
2397
2398 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2399 ta_crypt_cmd_free_operation(c, &session, op)))
2400 goto out;
2401
2402 Do_ADBG_EndSubCase(c, NULL);
2403 }
2404out:
2405 TEEC_CloseSession(&session);
2406}
2407
2408/*
2409 * This is a split of the original xtest 4003 as eary version of the ST TEE.
2410 *
2411 * Core did not support xts.
2412 */
2413static void xtest_tee_test_4003_xts(ADBG_Case_t *c)
2414{
2415 TEEC_Session session = { 0 };
2416 TEE_OperationHandle op;
2417 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2418 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2419 uint8_t out[2048];
2420 size_t out_size;
2421 size_t out_offs;
2422 uint32_t ret_orig;
2423 size_t n;
2424
2425 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2426 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2427 &ret_orig)))
2428 return;
2429
2430 for (n = 0; n < ARRAY_SIZE(ciph_cases_xts); n++) {
2431 TEE_Attribute key_attr;
2432 size_t key_size;
2433 size_t op_key_size;
2434
2435 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2436 (int)n,
2437 (unsigned int)ciph_cases_xts[n].algo,
2438 (int)ciph_cases_xts[n].line);
2439
2440 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2441 key_attr.content.ref.buffer = (void *)ciph_cases_xts[n].key1;
2442 key_attr.content.ref.length = ciph_cases_xts[n].key1_len;
2443
2444 key_size = key_attr.content.ref.length * 8;
2445 if (ciph_cases_xts[n].key_type == TEE_TYPE_DES ||
2446 ciph_cases_xts[n].key_type == TEE_TYPE_DES3)
2447 /* Exclude parity in bit size of key */
2448 key_size -= key_size / 8;
2449
2450 op_key_size = key_size;
2451 if (ciph_cases_xts[n].key2 != NULL)
2452 op_key_size *= 2;
2453
2454 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2455 ta_crypt_cmd_allocate_operation(c, &session, &op,
2456 ciph_cases_xts[n].algo, ciph_cases_xts[n].mode,
2457 op_key_size)))
2458 goto out;
2459
2460 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2461 ta_crypt_cmd_allocate_transient_object(c, &session,
2462 ciph_cases_xts[n].key_type, key_size,
2463 &key1_handle)))
2464 goto out;
2465
2466 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2467 ta_crypt_cmd_populate_transient_object(c, &session,
2468 key1_handle, &key_attr, 1)))
2469 goto out;
2470
2471 if (ciph_cases_xts[n].key2 != NULL) {
2472 key_attr.content.ref.buffer =
2473 (void *)ciph_cases_xts[n].key2;
2474
2475 key_attr.content.ref.length =
2476 ciph_cases_xts[n].key2_len;
2477
2478 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2479 ta_crypt_cmd_allocate_transient_object(c,
2480 &session, ciph_cases_xts[n].key_type,
2481 key_attr.content.ref.length * 8,
2482 &key2_handle)))
2483 goto out;
2484
2485 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2486 ta_crypt_cmd_populate_transient_object(c,
2487 &session, key2_handle, &key_attr, 1)))
2488 goto out;
2489
2490 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2491 ta_crypt_cmd_set_operation_key2(c, &session, op,
2492 key1_handle, key2_handle)))
2493 goto out;
2494 } else {
2495 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2496 ta_crypt_cmd_set_operation_key(c, &session, op,
2497 key1_handle)))
2498 goto out;
2499 }
2500
2501 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2502 ta_crypt_cmd_free_transient_object(c, &session,
2503 key1_handle)))
2504 goto out;
2505
2506 key1_handle = TEE_HANDLE_NULL;
2507
2508 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2509 ta_crypt_cmd_free_transient_object(c, &session,
2510 key2_handle)))
2511 goto out;
2512
2513 key2_handle = TEE_HANDLE_NULL;
2514
2515 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_cipher_init(c,
2516 &
2517 session,
2518 op,
2519 ciph_cases_xts
2520 [n].iv, ciph_cases_xts[n].iv_len)))
2521 goto out;
2522
2523 out_offs = 0;
2524 out_size = sizeof(out);
2525 memset(out, 0, sizeof(out));
2526 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2527 ta_crypt_cmd_cipher_update(c, &session, op,
2528 ciph_cases_xts[n].in, ciph_cases_xts[n].in_incr,
2529 out, &out_size)))
2530 goto out;
2531
2532 out_offs += out_size;
2533 out_size = sizeof(out) - out_offs;
2534
2535 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2536 ta_crypt_cmd_cipher_do_final(c, &session, op,
2537 ciph_cases_xts[n].in +
2538 ciph_cases_xts[n].in_incr,
2539 ciph_cases_xts[n].in_len -
2540 ciph_cases_xts[n].in_incr,
2541 out + out_offs,
2542 &out_size)))
2543 goto out;
2544 out_offs += out_size;
2545
2546 (void)ADBG_EXPECT_BUFFER(c, ciph_cases_xts[n].out,
2547 ciph_cases_xts[n].out_len, out,
2548 out_offs);
2549
2550 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2551 ta_crypt_cmd_free_operation(c, &session, op)))
2552 goto out;
2553
2554 Do_ADBG_EndSubCase(c, NULL);
2555 }
2556out:
2557 TEEC_CloseSession(&session);
2558}
2559
2560static void xtest_tee_test_4004(ADBG_Case_t *c)
2561{
2562 TEEC_Session session = { 0 };
2563 uint32_t ret_orig;
2564 uint8_t buf1[45] = { 0 };
2565 uint8_t buf2[45] = { 0 };
2566 static const uint8_t zeros[45] = { 0 };
2567
2568 Do_ADBG_BeginSubCase(c, "TEE get random");
2569 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2570 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2571 &ret_orig)))
2572 return;
2573
2574 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2575 ta_crypt_cmd_random_number_generate(c, &session, buf1,
2576 sizeof(buf1))))
2577 goto out;
2578
2579 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2580 0, !=, memcmp(buf1, zeros, sizeof(buf1)));
2581
2582 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2583 ta_crypt_cmd_random_number_generate(c, &session, buf2,
2584 sizeof(buf2))))
2585 goto out;
2586
2587 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2588 0, !=, memcmp(buf2, zeros, sizeof(buf2)));
2589
2590 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2591 0, !=, memcmp(buf2, buf1, sizeof(buf1)));
2592out:
2593 TEEC_CloseSession(&session);
2594 Do_ADBG_EndSubCase(c, "TEE get random");
2595}
2596
2597
2598struct xtest_ae_case {
2599 uint32_t algo;
2600 uint32_t mode;
2601 uint32_t key_type;
2602 const uint8_t *key;
2603 size_t key_len;
2604 const uint8_t *nonce;
2605 size_t nonce_len;
2606 size_t aad_incr;
2607 const uint8_t *aad;
2608 size_t aad_len;
2609 size_t in_incr;
2610 const uint8_t *ptx;
2611 size_t ptx_len;
2612 const uint8_t *ctx;
2613 size_t ctx_len;
2614 const uint8_t *tag;
2615 size_t tag_len;
2616 size_t line;
2617};
2618
2619
2620#define ARRAY(a) a, ARRAY_SIZE(a)
2621#define NULL_ARRAY(a) NULL, 0
2622
2623#define XTEST_AE_CASE(algo, vect, aad_incr, in_incr, \
2624 aad_array, ptx_array, ctx_array) \
2625 { (algo), TEE_MODE_ENCRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2626 ARRAY(vect ## _nonce), (aad_incr), \
2627 aad_array(vect ## _aad), (in_incr), \
2628 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2629 ARRAY(vect ## _tag), \
2630 __LINE__ }, \
2631 { (algo), TEE_MODE_DECRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2632 ARRAY(vect ## _nonce), (aad_incr), \
2633 aad_array(vect ## _aad), (in_incr), \
2634 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2635 ARRAY(vect ## _tag), \
2636 __LINE__ }
2637
2638#define XTEST_AE_CASE_AES_CCM(vect, aad_incr, in_incr) \
2639 XTEST_AE_CASE(TEE_ALG_AES_CCM, ae_data_aes_ccm_ ## vect, aad_incr, \
2640 in_incr, ARRAY, ARRAY, ARRAY)
2641
2642#define XTEST_AE_CASE_AES_GCM(vect, aad_incr, in_incr, \
2643 aad_array, ptx_array, ctx_array) \
2644 XTEST_AE_CASE(TEE_ALG_AES_GCM, ae_data_aes_gcm_ ## vect, aad_incr, \
2645 in_incr, aad_array, ptx_array, ctx_array)
2646
2647
2648
2649static const struct xtest_ae_case ae_cases[] = {
2650 XTEST_AE_CASE_AES_CCM(vect1, 3, 2),
2651 XTEST_AE_CASE_AES_CCM(vect2, 7, 13),
2652 XTEST_AE_CASE_AES_CCM(vect3, 5, 21),
2653
2654 XTEST_AE_CASE_AES_GCM(vect1, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2655 XTEST_AE_CASE_AES_GCM(vect2, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2656 XTEST_AE_CASE_AES_GCM(vect3, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2657 XTEST_AE_CASE_AES_GCM(vect3, 0, 0x20, NULL_ARRAY, ARRAY, ARRAY),
2658 XTEST_AE_CASE_AES_GCM(vect4, 5, 9, ARRAY, ARRAY, ARRAY),
2659 XTEST_AE_CASE_AES_GCM(vect5, 5, 9, ARRAY, ARRAY, ARRAY),
2660 XTEST_AE_CASE_AES_GCM(vect6, 5, 9, ARRAY, ARRAY, ARRAY),
2661 XTEST_AE_CASE_AES_GCM(vect7, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2662 XTEST_AE_CASE_AES_GCM(vect8, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2663 XTEST_AE_CASE_AES_GCM(vect9, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2664 XTEST_AE_CASE_AES_GCM(vect10, 5, 9, ARRAY, ARRAY, ARRAY),
2665 XTEST_AE_CASE_AES_GCM(vect11, 5, 9, ARRAY, ARRAY, ARRAY),
2666 XTEST_AE_CASE_AES_GCM(vect12, 5, 9, ARRAY, ARRAY, ARRAY),
2667 XTEST_AE_CASE_AES_GCM(vect13, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2668 XTEST_AE_CASE_AES_GCM(vect14, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2669 XTEST_AE_CASE_AES_GCM(vect15, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2670 XTEST_AE_CASE_AES_GCM(vect16, 5, 9, ARRAY, ARRAY, ARRAY),
2671 XTEST_AE_CASE_AES_GCM(vect17, 5, 9, ARRAY, ARRAY, ARRAY),
2672 XTEST_AE_CASE_AES_GCM(vect18, 5, 9, ARRAY, ARRAY, ARRAY),
2673};
2674
2675static void xtest_tee_test_4005(ADBG_Case_t *c)
2676{
2677 TEEC_Session session = { 0 };
2678 TEE_OperationHandle op;
2679 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
2680 TEE_Attribute key_attr;
2681 uint8_t out[512];
2682 size_t out_size;
2683 size_t out_offs;
2684 uint32_t ret_orig;
2685 size_t n;
2686
2687 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2688 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2689 &ret_orig)))
2690 return;
2691
2692 for (n = 0; n < ARRAY_SIZE(ae_cases); n++) {
2693 Do_ADBG_BeginSubCase(c, "AE case %d algo 0x%x line %d",
2694 (int)n, (unsigned int)ae_cases[n].algo,
2695 (int)ae_cases[n].line);
2696
2697 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2698 key_attr.content.ref.buffer = (void *)ae_cases[n].key;
2699 key_attr.content.ref.length = ae_cases[n].key_len;
2700
2701 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2702 ta_crypt_cmd_allocate_operation(c, &session, &op,
2703 ae_cases[n].algo, ae_cases[n].mode,
2704 key_attr.content.ref.length * 8)))
2705 goto out;
2706
2707 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2708 ta_crypt_cmd_allocate_transient_object(c, &session,
2709 ae_cases[n].key_type,
2710 key_attr.content.ref.length * 8,
2711 &key_handle)))
2712 goto out;
2713
2714 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2715 ta_crypt_cmd_populate_transient_object(c, &session,
2716 key_handle, &key_attr, 1)))
2717 goto out;
2718
2719 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2720 ta_crypt_cmd_set_operation_key(c, &session, op,
2721 key_handle)))
2722 goto out;
2723
2724 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2725 ta_crypt_cmd_free_transient_object(c, &session,
2726 key_handle)))
2727 goto out;
2728 key_handle = TEE_HANDLE_NULL;
2729
2730 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2731 ta_crypt_cmd_ae_init(c, &session, op, ae_cases[n].nonce,
2732 ae_cases[n].nonce_len, ae_cases[n].tag_len,
2733 ae_cases[n].aad_len, ae_cases[n].ptx_len)))
2734 goto out;
2735
2736 if (ae_cases[n].aad != NULL) {
2737 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2738 ta_crypt_cmd_ae_update_aad(c, &session, op,
2739 ae_cases[n].aad, ae_cases[n].aad_incr)))
2740 goto out;
2741
2742 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2743 ta_crypt_cmd_ae_update_aad(c, &session, op,
2744 ae_cases[n].aad + ae_cases[n].aad_incr,
2745 ae_cases [n].aad_len -
2746 ae_cases[n].aad_incr)))
2747 goto out;
2748 }
2749
2750 out_offs = 0;
2751 out_size = sizeof(out);
2752 memset(out, 0, sizeof(out));
2753 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2754 if (ae_cases[n].ptx != NULL) {
2755 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2756 ta_crypt_cmd_ae_update(c, &session, op,
2757 ae_cases[n].ptx,
2758 ae_cases[n].in_incr, out,
2759 &out_size)))
2760 goto out;
2761 out_offs += out_size;
2762 }
2763 } else {
2764 if (ae_cases[n].ctx != NULL) {
2765 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2766 ta_crypt_cmd_ae_update(c, &session, op,
2767 ae_cases[n].ctx,
2768 ae_cases[n].in_incr, out,
2769 &out_size)))
2770 goto out;
2771 out_offs += out_size;
2772 }
2773 }
2774
2775 out_size = sizeof(out) - out_offs;
2776 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2777 uint8_t out_tag[64];
2778 size_t out_tag_len = MIN(sizeof(out_tag),
2779 ae_cases[n].tag_len);
2780
2781 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2782 ta_crypt_cmd_ae_encrypt_final(c, &session, op,
2783 ae_cases[n].ptx + ae_cases[n].in_incr,
2784 ae_cases[n].ptx_len -
2785 ae_cases[n].in_incr,
2786 out + out_offs,
2787 &out_size, out_tag, &out_tag_len)))
2788 goto out;
2789
2790 (void)ADBG_EXPECT_BUFFER(c,
2791 ae_cases[n].tag, ae_cases[n].tag_len, out_tag,
2792 out_tag_len);
2793
2794 out_offs += out_size;
2795
2796 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ctx,
2797 ae_cases[n].ctx_len, out, out_offs);
2798 } else {
2799 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2800 ta_crypt_cmd_ae_decrypt_final(c, &session, op,
2801 ae_cases[n].ctx + ae_cases[n].in_incr,
2802 ae_cases[n].ctx_len -
2803 ae_cases[n].in_incr,
2804 out + out_offs,
2805 &out_size, ae_cases[n].tag,
2806 ae_cases[n].tag_len)))
2807 goto out;
2808
2809 out_offs += out_size;
2810
2811 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ptx,
2812 ae_cases[n].ptx_len, out, out_offs);
2813 }
2814
2815 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2816 ta_crypt_cmd_free_operation(c, &session, op)))
2817 goto out;
2818
2819 Do_ADBG_EndSubCase(c, NULL);
2820 }
2821out:
2822 TEEC_CloseSession(&session);
2823}
2824
2825struct xtest_ac_case {
2826 uint32_t algo;
2827 TEE_OperationMode mode;
2828
2829 union {
2830 struct {
2831 const uint8_t *modulus;
2832 size_t modulus_len;
2833
2834 const uint8_t *pub_exp;
2835 size_t pub_exp_len;
2836
2837 const uint8_t *priv_exp;
2838 size_t priv_exp_len;
2839
2840 const uint8_t *prime1; /* q */
2841 size_t prime1_len;
2842 const uint8_t *prime2; /* p */
2843 size_t prime2_len;
2844 const uint8_t *exp1; /* dp */
2845 size_t exp1_len;
2846 const uint8_t *exp2; /* dq */
2847 size_t exp2_len;
2848 const uint8_t *coeff; /* iq */
2849 size_t coeff_len;
2850
2851 int salt_len;
2852 } rsa;
2853 struct {
2854 const uint8_t *prime;
2855 size_t prime_len;
2856 const uint8_t *sub_prime;
2857 size_t sub_prime_len;
2858 const uint8_t *base;
2859 size_t base_len;
2860 const uint8_t *pub_val;
2861 size_t pub_val_len;
2862 const uint8_t *priv_val;
2863 size_t priv_val_len;
2864 } dsa;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]2865 struct {
2866 const uint8_t *private;
2867 size_t private_len;
2868 const uint8_t *public_x;
2869 size_t public_x_len;
2870 const uint8_t *public_y;
2871 size_t public_y_len;
2872 } ecdsa;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2873 } params;
2874
2875 const uint8_t *ptx;
2876 size_t ptx_len;
2877 const uint8_t *ctx;
2878 size_t ctx_len;
2879 size_t line;
2880};
2881
2882#define WITHOUT_SALT(x) -1
2883#define WITH_SALT(x) x
2884
2885#define XTEST_AC_CASE(algo, mode, vect, union_params) \
2886 { (algo), (mode), .params = union_params, \
2887 ARRAY(vect ## _ptx), \
2888 ARRAY(vect ## _out), \
2889 __LINE__ }
2890
2891#define XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt) \
2892 { .rsa = { \
2893 ARRAY(vect ## _modulus), \
2894 ARRAY(vect ## _pub_exp), \
2895 ARRAY(vect ## _priv_exp), \
2896 opt_crt_array(vect ## _prime1), \
2897 opt_crt_array(vect ## _prime2), \
2898 opt_crt_array(vect ## _exp1), \
2899 opt_crt_array(vect ## _exp2), \
2900 opt_crt_array(vect ## _coeff), \
2901 opt_salt(vect ## _salt_len) \
2902 } }
2903
2904#define XTEST_AC_RSA_CASE(algo, mode, vect, opt_crt_array, opt_salt) \
2905 XTEST_AC_CASE(algo, mode, vect, \
2906 XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt))
2907
2908#define XTEST_AC_DSA_UNION(vect) \
2909 { .dsa = { \
2910 ARRAY(vect ## _prime), \
2911 ARRAY(vect ## _sub_prime), \
2912 ARRAY(vect ## _base), \
2913 ARRAY(vect ## _pub_val), \
2914 ARRAY(vect ## _priv_val), \
2915 } }
2916
2917#define XTEST_AC_DSA_CASE(algo, mode, vect) \
2918 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_DSA_UNION(vect))
2919
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]2920#define XTEST_AC_ECDSA_UNION(vect) \
2921 { .ecdsa = { \
2922 ARRAY(vect ## _private), \
2923 ARRAY(vect ## _public_x), \
2924 ARRAY(vect ## _public_y), \
2925 } }
2926
2927#define XTEST_AC_ECDSA_CASE(algo, mode, vect) \
2928 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_ECDSA_UNION(vect))
2929
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2930static const struct xtest_ac_case xtest_ac_cases[] = {
2931 /* RSA test without crt parameters */
2932 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2933 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2934 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2935 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2936 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2937 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2938 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2939 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2940 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2941 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2942 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2943 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2944 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2945 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2946 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2947 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2948 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2949 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2950 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2951 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2952 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2953 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2954 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2955 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2956
2957 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2958 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2959 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2960 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2961
2962 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2963 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2964 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2965 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2966 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_SIGN,
2967 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2968 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_VERIFY,
2969 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2970 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
2971 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2972 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
2973 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2974 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
2975 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2976 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
2977 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2978 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
2979 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2980 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
2981 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2982
2983 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
2984 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
2985 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
2986 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
2987 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
2988 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
2989 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
2990 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
2991 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
2992 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
2993 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
2994 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
2995 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
2996 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
2997 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
2998 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
2999 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
3000 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
3001 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
3002 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
3003
3004 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3005 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
3006 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3007 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
3008 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3009 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
3010 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3011 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
3012 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3013 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3014 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3015 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3016
3017 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3018 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
3019 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3020 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
3021 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3022 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
3023 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3024 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
3025 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3026 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
3027 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3028 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
3029
3030 /* RSA test with crt parameters */
3031 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3032 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3033 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3034 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3035 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3036 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3037 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3038 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3039 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3040 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3041 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3042 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3043 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3044 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3045 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3046 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3047 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3048 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3049 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3050 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3051 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3052 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3053 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3054 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3055 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3056 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3057 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3058 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3059 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3060 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3061 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3062 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3063 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
3064 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3065 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
3066 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3067 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
3068 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3069 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
3070 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3071 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
3072 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3073 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
3074 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3075
3076 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
3077 ac_rsassa_vect12, ARRAY, WITH_SALT),
3078 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
3079 ac_rsassa_vect12, ARRAY, WITH_SALT),
3080 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
3081 ac_rsassa_vect17, ARRAY, WITH_SALT),
3082 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
3083 ac_rsassa_vect17, ARRAY, WITH_SALT),
3084 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
3085 ac_rsassa_vect13, ARRAY, WITH_SALT),
3086 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
3087 ac_rsassa_vect13, ARRAY, WITH_SALT),
3088 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
3089 ac_rsassa_vect14, ARRAY, WITH_SALT),
3090 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
3091 ac_rsassa_vect14, ARRAY, WITH_SALT),
3092 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
3093 ac_rsassa_vect15, ARRAY, WITH_SALT),
3094 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
3095 ac_rsassa_vect15, ARRAY, WITH_SALT),
3096
3097 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3098 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3099 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3100 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3101 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3102 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3103 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3104 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3105 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3106 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3107 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3108 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3109
3110 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3111 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3112 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3113 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3114 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3115 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3116 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3117 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3118 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3119 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3120 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3121 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3122
3123 /* DSA tests */
3124 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect1),
3125 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect1),
3126 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect2),
3127 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect2),
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3128
3129 /* ECDSA tests */
3130 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3131 ac_ecdsa_vect192),
3132 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3133 ac_ecdsa_vect192),
3134 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3135 ac_ecdsa_vect224),
3136 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3137 ac_ecdsa_vect224),
3138 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3139 ac_ecdsa_vect256),
3140 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3141 ac_ecdsa_vect256),
3142 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3143 ac_ecdsa_vect384),
3144 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3145 ac_ecdsa_vect384),
3146 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3147 ac_ecdsa_vect521),
3148 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3149 ac_ecdsa_vect521),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3150};
3151
3152static bool create_key(ADBG_Case_t *c, TEEC_Session *s,
3153 uint32_t max_key_size, uint32_t key_type,
3154 TEE_Attribute *attrs, size_t num_attrs,
3155 TEE_ObjectHandle *handle)
3156{
3157 size_t n;
3158
3159 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3160 ta_crypt_cmd_allocate_transient_object(c, s, key_type,
3161 max_key_size, handle)))
3162 return false;
3163
3164 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3165 ta_crypt_cmd_populate_transient_object(c, s, *handle, attrs,
3166 num_attrs)))
3167 return false;
3168
3169 for (n = 0; n < num_attrs; n++) {
3170 uint8_t out[256];
3171 size_t out_size;
3172
3173 out_size = sizeof(out);
3174 memset(out, 0, sizeof(out));
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3175
3176 if (attrs[n].attributeID == TEE_ATTR_ECC_CURVE)
3177 continue;
3178
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3179 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3180 ta_crypt_cmd_get_object_buffer_attribute(c, s, *handle,
3181 attrs[n].attributeID, out, &out_size)))
3182 return false;
3183
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3184 if (out_size < attrs[n].content.ref.length) {
3185 memmove(out + (attrs[n].content.ref.length - out_size),
3186 out,
3187 attrs[n].content.ref.length);
3188 memset(out, 0, attrs[n].content.ref.length - out_size);
3189 out_size = attrs[n].content.ref.length;
3190 }
3191
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3192 if (!ADBG_EXPECT_BUFFER(c, attrs[n].content.ref.buffer,
3193 attrs[n].content.ref.length, out, out_size))
3194 return false;
3195 }
3196
3197 return true;
3198}
3199
3200static void xtest_tee_test_4006(ADBG_Case_t *c)
3201{
3202 TEEC_Session session = { 0 };
3203 TEE_OperationHandle op = TEE_HANDLE_NULL;
3204 TEE_ObjectHandle priv_key_handle = TEE_HANDLE_NULL;
3205 TEE_ObjectHandle pub_key_handle = TEE_HANDLE_NULL;
3206 TEE_Attribute key_attrs[8];
3207 TEE_Attribute algo_params[1];
3208 size_t num_algo_params;
3209 uint8_t out[512];
3210 size_t out_size;
3211 uint8_t out_enc[512];
3212 size_t out_enc_size;
3213 uint8_t ptx_hash[TEE_MAX_HASH_SIZE];
3214 size_t ptx_hash_size;
3215 size_t max_key_size;
3216 size_t num_key_attrs;
3217 uint32_t ret_orig;
3218 size_t n;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3219 uint32_t curve;
3220 uint32_t hash_algo;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3221
3222 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3223 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
3224 &ret_orig)))
3225 return;
3226
3227 for (n = 0; n < ARRAY_SIZE(xtest_ac_cases); n++) {
3228 const struct xtest_ac_case *tv = xtest_ac_cases + n;
3229
3230 Do_ADBG_BeginSubCase(c, "Asym Crypto case %d algo 0x%x line %d",
3231 (int)n, (unsigned int)tv->algo,
3232 (int)tv->line);
3233
3234 /*
3235 * When signing or verifying we're working with the hash of
3236 * the payload.
3237 */
3238 if (tv->mode == TEE_MODE_VERIFY || tv->mode == TEE_MODE_SIGN) {
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3239 if (TEE_ALG_GET_MAIN_ALG(tv->algo) == TEE_MAIN_ALGO_ECDSA)
3240 hash_algo = TEE_ALG_SHA1;
3241 else
3242 hash_algo = TEE_ALG_HASH_ALGO(
3243 TEE_ALG_GET_DIGEST_HASH(tv->algo));
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3244
3245 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3246 ta_crypt_cmd_allocate_operation(c, &session,
3247 &op, hash_algo, TEE_MODE_DIGEST, 0)))
3248 goto out;
3249
3250 ptx_hash_size = sizeof(ptx_hash);
3251 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3252 ta_crypt_cmd_digest_do_final(c, & session, op,
3253 tv->ptx, tv->ptx_len, ptx_hash,
3254 &ptx_hash_size)))
3255 goto out;
3256
3257 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3258 ta_crypt_cmd_free_operation(c, &session, op)))
3259 goto out;
3260 }
3261
3262 num_algo_params = 0;
3263 num_key_attrs = 0;
3264 switch (TEE_ALG_GET_MAIN_ALG(tv->algo)) {
3265 case TEE_MAIN_ALGO_RSA:
3266 if (tv->params.rsa.salt_len > 0) {
3267 algo_params[0].attributeID =
3268 TEE_ATTR_RSA_PSS_SALT_LENGTH;
3269 algo_params[0].content.value.a =
3270 tv->params.rsa.salt_len;
3271 algo_params[0].content.value.b = 0;
3272 num_algo_params = 1;
3273 }
3274
3275 max_key_size = tv->params.rsa.modulus_len * 8;
3276
3277 xtest_add_attr(&num_key_attrs, key_attrs,
3278 TEE_ATTR_RSA_MODULUS,
3279 tv->params.rsa.modulus,
3280 tv->params.rsa.modulus_len);
3281 xtest_add_attr(&num_key_attrs, key_attrs,
3282 TEE_ATTR_RSA_PUBLIC_EXPONENT,
3283 tv->params.rsa.pub_exp,
3284 tv->params.rsa.pub_exp_len);
3285
3286 if (!ADBG_EXPECT_TRUE(c,
3287 create_key(c, &session,
3288 max_key_size,
3289 TEE_TYPE_RSA_PUBLIC_KEY,
3290 key_attrs,
3291 num_key_attrs,
3292 &pub_key_handle)))
3293 goto out;
3294
3295 xtest_add_attr(&num_key_attrs, key_attrs,
3296 TEE_ATTR_RSA_PRIVATE_EXPONENT,
3297 tv->params.rsa.priv_exp,
3298 tv->params.rsa.priv_exp_len);
3299
3300 if (tv->params.rsa.prime1_len != 0) {
3301 xtest_add_attr(&num_key_attrs, key_attrs,
3302 TEE_ATTR_RSA_PRIME1,
3303 tv->params.rsa.prime1,
3304 tv->params.rsa.prime1_len);
3305 }
3306
3307 if (tv->params.rsa.prime2_len != 0) {
3308 xtest_add_attr(&num_key_attrs, key_attrs,
3309 TEE_ATTR_RSA_PRIME2,
3310 tv->params.rsa.prime2,
3311 tv->params.rsa.prime2_len);
3312 }
3313
3314 if (tv->params.rsa.exp1_len != 0) {
3315 xtest_add_attr(&num_key_attrs, key_attrs,
3316 TEE_ATTR_RSA_EXPONENT1,
3317 tv->params.rsa.exp1,
3318 tv->params.rsa.exp1_len);
3319 }
3320
3321 if (tv->params.rsa.exp2_len != 0) {
3322 xtest_add_attr(&num_key_attrs, key_attrs,
3323 TEE_ATTR_RSA_EXPONENT2,
3324 tv->params.rsa.exp2,
3325 tv->params.rsa.exp2_len);
3326 }
3327
3328 if (tv->params.rsa.coeff_len != 0) {
3329 xtest_add_attr(&num_key_attrs, key_attrs,
3330 TEE_ATTR_RSA_COEFFICIENT,
3331 tv->params.rsa.coeff,
3332 tv->params.rsa.coeff_len);
3333 }
3334
3335 if (!ADBG_EXPECT_TRUE(c,
3336 create_key(c, &session,
3337 max_key_size,
3338 TEE_TYPE_RSA_KEYPAIR,
3339 key_attrs,
3340 num_key_attrs,
3341 &priv_key_handle)))
3342 goto out;
3343 break;
3344
3345 case TEE_MAIN_ALGO_DSA:
3346 max_key_size = tv->params.dsa.prime_len * 8;
3347
3348 xtest_add_attr(&num_key_attrs, key_attrs,
3349 TEE_ATTR_DSA_PRIME,
3350 tv->params.dsa.prime,
3351 tv->params.dsa.prime_len);
3352 xtest_add_attr(&num_key_attrs, key_attrs,
3353 TEE_ATTR_DSA_SUBPRIME,
3354 tv->params.dsa.sub_prime,
3355 tv->params.dsa.sub_prime_len);
3356 xtest_add_attr(&num_key_attrs, key_attrs,
3357 TEE_ATTR_DSA_BASE,
3358 tv->params.dsa.base,
3359 tv->params.dsa.base_len);
3360 xtest_add_attr(&num_key_attrs, key_attrs,
3361 TEE_ATTR_DSA_PUBLIC_VALUE,
3362 tv->params.dsa.pub_val,
3363 tv->params.dsa.pub_val_len);
3364
3365 if (!ADBG_EXPECT_TRUE(c,
3366 create_key(c, &session, max_key_size,
3367 TEE_TYPE_DSA_PUBLIC_KEY, key_attrs,
3368 num_key_attrs, &pub_key_handle)))
3369 goto out;
3370
3371 xtest_add_attr(&num_key_attrs, key_attrs,
3372 TEE_ATTR_DSA_PRIVATE_VALUE,
3373 tv->params.dsa.priv_val,
3374 tv->params.dsa.priv_val_len);
3375
3376 if (!ADBG_EXPECT_TRUE(c,
3377 create_key(c, &session, max_key_size,
3378 TEE_TYPE_DSA_KEYPAIR, key_attrs,
3379 num_key_attrs, &priv_key_handle)))
3380 goto out;
3381 break;
3382
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3383 case TEE_MAIN_ALGO_ECDSA:
3384 switch (tv->algo) {
3385 case TEE_ALG_ECDSA_P192:
3386 curve = TEE_ECC_CURVE_NIST_P192;
3387 break;
3388 case TEE_ALG_ECDSA_P224:
3389 curve = TEE_ECC_CURVE_NIST_P224;
3390 break;
3391 case TEE_ALG_ECDSA_P256:
3392 curve = TEE_ECC_CURVE_NIST_P256;
3393 break;
3394 case TEE_ALG_ECDSA_P384:
3395 curve = TEE_ECC_CURVE_NIST_P384;
3396 break;
3397 case TEE_ALG_ECDSA_P521:
3398 curve = TEE_ECC_CURVE_NIST_P521;
3399 break;
3400 default:
3401 curve = 0xFF;
3402 break;
3403 }
3404
3405 if (tv->algo == TEE_ALG_ECDSA_P521)
3406 max_key_size = 521;
3407 else
3408 max_key_size = tv->params.ecdsa.private_len * 8;
3409
3410 xtest_add_attr_value(&num_key_attrs, key_attrs,
3411 TEE_ATTR_ECC_CURVE, curve, 0);
3412 xtest_add_attr(&num_key_attrs, key_attrs,
3413 TEE_ATTR_ECC_PUBLIC_VALUE_X,
3414 tv->params.ecdsa.public_x,
3415 tv->params.ecdsa.public_x_len);
3416 xtest_add_attr(&num_key_attrs, key_attrs,
3417 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
3418 tv->params.ecdsa.public_y,
3419 tv->params.ecdsa.public_y_len);
3420
3421 if (!ADBG_EXPECT_TRUE(c,
3422 create_key(c, &session, max_key_size,
3423 TEE_TYPE_ECDSA_PUBLIC_KEY, key_attrs,
3424 num_key_attrs, &pub_key_handle)))
3425 goto out;
3426
3427 xtest_add_attr(&num_key_attrs, key_attrs,
3428 TEE_ATTR_ECC_PRIVATE_VALUE,
3429 tv->params.ecdsa.private,
3430 tv->params.ecdsa.private_len);
3431
3432 if (!ADBG_EXPECT_TRUE(c,
3433 create_key(c, &session, max_key_size,
3434 TEE_TYPE_ECDSA_KEYPAIR, key_attrs,
3435 num_key_attrs, &priv_key_handle)))
3436 goto out;
3437 break;
3438
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3439 default:
3440 ADBG_EXPECT_TRUE(c, false);
3441 goto out;
3442 }
3443
3444 out_size = sizeof(out);
3445 memset(out, 0, sizeof(out));
3446 switch (tv->mode) {
3447 case TEE_MODE_ENCRYPT:
3448 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3449 ta_crypt_cmd_allocate_operation(c, &session,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3450 &op, tv->algo, TEE_MODE_ENCRYPT,
3451 max_key_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3452 goto out;
3453
3454 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3455 ta_crypt_cmd_set_operation_key(c, &session, op,
3456 pub_key_handle)))
3457 goto out;
3458
3459 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3460 ta_crypt_cmd_free_transient_object(c, &session,
3461 pub_key_handle)))
3462 goto out;
3463 pub_key_handle = TEE_HANDLE_NULL;
3464
3465 out_enc_size = sizeof(out_enc);
3466 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3467 ta_crypt_cmd_asymmetric_encrypt(c, &session, op,
3468 NULL, 0, tv->ptx, tv->ptx_len, out_enc,
3469 &out_enc_size)))
3470 goto out;
3471
3472 /*
3473 * A PS which is random is added when formatting the
3474 * message internally of the algorithm so we can't
3475 * verify against precomputed values, instead we use the
3476 * decrypt operation to see that output is correct.
3477 */
3478
3479 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3480 ta_crypt_cmd_free_operation(c, &session, op)))
3481 goto out;
3482
3483 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3484 ta_crypt_cmd_allocate_operation(c, &session,
3485 &op, tv->algo, TEE_MODE_DECRYPT,
3486 max_key_size)))
3487 goto out;
3488
3489 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3490 ta_crypt_cmd_set_operation_key(c, &session, op,
3491 priv_key_handle)))
3492 goto out;
3493
3494 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3495 ta_crypt_cmd_free_transient_object(c, &session,
3496 priv_key_handle)))
3497 goto out;
3498
3499 priv_key_handle = TEE_HANDLE_NULL;
3500
3501 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3502 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3503 NULL, 0, out_enc, out_enc_size, out,
3504 &out_size)))
3505 goto out;
3506
3507 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3508 out_size);
3509 break;
3510
3511 case TEE_MODE_DECRYPT:
3512 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3513 ta_crypt_cmd_allocate_operation(c, &session,
3514 &op, tv->algo, TEE_MODE_DECRYPT,
3515 max_key_size)))
3516 goto out;
3517
3518 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3519 ta_crypt_cmd_set_operation_key(c, &session, op,
3520 priv_key_handle)))
3521 goto out;
3522
3523 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3524 ta_crypt_cmd_free_transient_object(c, &session,
3525 priv_key_handle)))
3526 goto out;
3527
3528 priv_key_handle = TEE_HANDLE_NULL;
3529
3530 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3531 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3532 NULL, 0, tv->ctx, tv->ctx_len, out,
3533 &out_size)))
3534 goto out;
3535
3536 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3537 out_size);
3538 break;
3539
3540 case TEE_MODE_VERIFY:
3541 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3542 ta_crypt_cmd_allocate_operation(c, &session,
3543 &op, tv->algo, TEE_MODE_VERIFY,
3544 max_key_size)))
3545 goto out;
3546
3547 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3548 ta_crypt_cmd_set_operation_key(c, &session, op,
3549 pub_key_handle)))
3550 goto out;
3551
3552 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3553 ta_crypt_cmd_free_transient_object(c, &session,
3554 pub_key_handle)))
3555 goto out;
3556
3557 pub_key_handle = TEE_HANDLE_NULL;
3558
3559 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3560 ta_crypt_cmd_asymmetric_verify(c, &session, op,
3561 algo_params, num_algo_params, ptx_hash,
3562 ptx_hash_size, tv->ctx, tv->ctx_len)))
3563 goto out;
3564 break;
3565
3566 case TEE_MODE_SIGN:
3567 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3568 ta_crypt_cmd_allocate_operation(c, &session,
3569 &op, tv->algo, TEE_MODE_SIGN,
3570 max_key_size)))
3571 goto out;
3572
3573 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3574 ta_crypt_cmd_set_operation_key(c, &session, op,
3575 priv_key_handle)))
3576 goto out;
3577
3578 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3579 ta_crypt_cmd_free_transient_object(c, &session,
3580 priv_key_handle)))
3581 goto out;
3582
3583 priv_key_handle = TEE_HANDLE_NULL;
3584
3585 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3586 ta_crypt_cmd_asymmetric_sign(c, &session, op,
3587 algo_params, num_algo_params, ptx_hash,
3588 ptx_hash_size, out, &out_size)))
3589 goto out;
3590
3591 if (TEE_ALG_GET_CHAIN_MODE(tv->algo) ==
3592 TEE_CHAIN_MODE_PKCS1_PSS_MGF1 ||
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3593 tv->algo == TEE_ALG_DSA_SHA1 ||
3594 TEE_ALG_GET_MAIN_ALG(tv->algo) ==
3595 TEE_MAIN_ALGO_ECDSA) {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3596 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3597 ta_crypt_cmd_free_operation(c, &session,
3598 op)))
3599 goto out;
3600 /*
3601 * The salt or K is random so we can't verify
3602 * signing against precomputed values, instead
3603 * we use the verify operation to see that
3604 * output is correct.
3605 */
3606 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3607 ta_crypt_cmd_allocate_operation(c,
3608 &session, &op, tv->algo,
3609 TEE_MODE_VERIFY, max_key_size)))
3610 goto out;
3611
3612 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3613 ta_crypt_cmd_set_operation_key(c,
3614 &session, op, pub_key_handle)))
3615 goto out;
3616
3617 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3618 ta_crypt_cmd_free_transient_object(c,
3619 &session, pub_key_handle)))
3620 goto out;
3621
3622 pub_key_handle = TEE_HANDLE_NULL;
3623
3624 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3625 ta_crypt_cmd_asymmetric_verify(c,
3626 &session, op, algo_params,
3627 num_algo_params, ptx_hash,
3628 ptx_hash_size, out, out_size)))
3629 goto out;
3630 } else {
3631 (void)ADBG_EXPECT_BUFFER(c, tv->ctx,
3632 tv->ctx_len, out,
3633 out_size);
3634 }
3635 break;
3636
3637 default:
3638 break;
3639 }
3640
3641 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3642 ta_crypt_cmd_free_operation(c, &session, op)))
3643 goto out;
3644
3645 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3646 ta_crypt_cmd_free_transient_object(c, &session,
3647 pub_key_handle)))
3648 goto out;
3649 pub_key_handle = TEE_HANDLE_NULL;
3650
3651 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3652 ta_crypt_cmd_free_transient_object(c, &session,
3653 priv_key_handle)))
3654 goto out;
3655
3656 priv_key_handle = TEE_HANDLE_NULL;
3657
3658 Do_ADBG_EndSubCase(c, NULL);
3659 }
3660out:
3661 TEEC_CloseSession(&session);
3662}
3663
3664#define KEY_ATTR(x, y) { #x, (x), y }
3665
3666struct key_attrs {
3667 const char *name;
3668 uint32_t attr;
3669 bool keysize_check;
3670};
3671
3672static bool test_keygen_attributes(ADBG_Case_t *c, TEEC_Session *s,
3673 TEE_ObjectHandle key, uint32_t key_size,
3674 struct key_attrs *attrs, size_t num_attrs)
3675{
3676 uint8_t out[2048];
3677 size_t out_size;
3678 size_t n;
3679 size_t m;
3680
3681 for (m = 0; m < num_attrs; m++) {
3682 if ((attrs[m].attr & TEE_ATTR_BIT_VALUE) == 0) {
3683 out_size = sizeof(out);
3684 memset(out, 0, sizeof(out));
3685 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3686 ta_crypt_cmd_get_object_buffer_attribute(c, s,
3687 key, attrs[m].attr, out, &out_size)))
3688 return false;
3689
3690 if (attrs[m].keysize_check)
3691 ADBG_EXPECT_COMPARE_UNSIGNED(c, out_size, ==,
3692 key_size / 8);
3693
3694 if (out_size > 0) {
3695 /* Check that buffer isn't all zeroes */
3696 for (n = 0; n < out_size; n++)
3697 if (out[n] != 0)
3698 break;
3699 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <,
3700 out_size))
3701 return false;
3702 }
3703 } else {
3704 uint32_t a;
3705 uint32_t b;
3706
3707 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3708 ta_crypt_cmd_get_object_value_attribute(c, s, key,
3709 attrs[m].attr, &a, &b)))
3710 return false;
3711 }
3712 }
3713 return true;
3714}
3715
3716static bool test_secret_value(ADBG_Case_t *c, TEEC_Session *s,
3717 TEE_ObjectHandle key, uint32_t key_size)
3718{
3719 const struct key_attrs attrs[] = {
3720 KEY_ATTR(TEE_ATTR_SECRET_VALUE, true),
3721 };
3722
3723 return test_keygen_attributes(c, s, key, key_size,
3724 (struct key_attrs *)&attrs,
3725 ARRAY_SIZE(attrs));
3726}
3727
3728
3729static bool test_rsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3730 TEE_ObjectHandle key, uint32_t key_size)
3731{
3732 const struct key_attrs attrs[] = {
3733 KEY_ATTR(TEE_ATTR_RSA_MODULUS, true),
3734 KEY_ATTR(TEE_ATTR_RSA_PUBLIC_EXPONENT, false),
3735 KEY_ATTR(TEE_ATTR_RSA_PRIVATE_EXPONENT, false),
3736 KEY_ATTR(TEE_ATTR_RSA_PRIME1, false),
3737 KEY_ATTR(TEE_ATTR_RSA_PRIME2, false),
3738 KEY_ATTR(TEE_ATTR_RSA_EXPONENT1, false),
3739 KEY_ATTR(TEE_ATTR_RSA_EXPONENT2, false),
3740 KEY_ATTR(TEE_ATTR_RSA_COEFFICIENT, false),
3741 };
3742
3743 return test_keygen_attributes(c, s, key, key_size,
3744 (struct key_attrs *)&attrs,
3745 ARRAY_SIZE(attrs));
3746}
3747
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3748static bool test_ecc_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3749 TEE_ObjectHandle key, uint32_t key_size)
3750{
3751 const struct key_attrs attrs[] = {
3752 KEY_ATTR(TEE_ATTR_ECC_PRIVATE_VALUE, false),
3753 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_X , false),
3754 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_Y , false),
3755 /* KEY_ATTR(TEE_ATTR_ECC_CURVE, false), - do not test */
3756 };
3757
3758 return test_keygen_attributes(c, s, key, key_size,
3759 (struct key_attrs *)&attrs,
3760 ARRAY_SIZE(attrs));
3761}
3762
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3763static bool test_dh_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3764 uint32_t check_keysize,
3765 TEE_ObjectHandle key, uint32_t key_size)
3766{
3767 const struct key_attrs attrs[] = {
3768 KEY_ATTR(TEE_ATTR_DH_PRIME, false),
3769 KEY_ATTR(TEE_ATTR_DH_BASE, false),
3770 KEY_ATTR(TEE_ATTR_DH_PUBLIC_VALUE, false),
3771 KEY_ATTR(TEE_ATTR_DH_PRIVATE_VALUE, check_keysize),
3772 KEY_ATTR(TEE_ATTR_DH_X_BITS, false),
3773 };
3774
3775 return test_keygen_attributes(c, s, key, key_size,
3776 (struct key_attrs *)&attrs,
3777 ARRAY_SIZE(attrs));
3778}
3779
3780static bool test_dsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3781 TEE_ObjectHandle key, uint32_t key_size)
3782{
3783 const struct key_attrs attrs[] = {
3784 KEY_ATTR(TEE_ATTR_DSA_PRIME, true),
3785 KEY_ATTR(TEE_ATTR_DSA_SUBPRIME, false),
3786 KEY_ATTR(TEE_ATTR_DSA_BASE, false),
3787 KEY_ATTR(TEE_ATTR_DSA_PUBLIC_VALUE, false),
3788 KEY_ATTR(TEE_ATTR_DSA_PRIVATE_VALUE, false),
3789 };
3790
3791 return test_keygen_attributes(c, s, key, key_size,
3792 (struct key_attrs *)&attrs,
3793 ARRAY_SIZE(attrs));
3794}
3795
3796static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
3797 uint32_t key_type, uint32_t check_keysize,
3798 uint32_t key_size,
3799 TEE_Attribute *params, size_t param_count)
3800{
3801 TEE_ObjectHandle key;
3802 bool ret_val = true;
3803
3804 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3805 ta_crypt_cmd_allocate_transient_object(c, s, key_type, key_size,
3806 &key)))
3807 return false;
3808
3809 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3810 ta_crypt_cmd_generate_key(c, s, key, key_size, params,
3811 param_count)))
3812 return false;
3813
3814 switch (key_type) {
3815 case TEE_TYPE_DES:
3816 case TEE_TYPE_DES3:
3817 ret_val = ADBG_EXPECT_TRUE(c,
3818 test_secret_value(c, s, key,
3819 key_size + key_size / 7));
3820 break;
3821 case TEE_TYPE_AES:
3822 case TEE_TYPE_HMAC_MD5:
3823 case TEE_TYPE_HMAC_SHA1:
3824 case TEE_TYPE_HMAC_SHA224:
3825 case TEE_TYPE_HMAC_SHA256:
3826 case TEE_TYPE_HMAC_SHA384:
3827 case TEE_TYPE_HMAC_SHA512:
3828 case TEE_TYPE_GENERIC_SECRET:
3829 ret_val = ADBG_EXPECT_TRUE(c,
3830 test_secret_value(c, s, key, key_size));
3831 break;
3832
3833 case TEE_TYPE_RSA_KEYPAIR:
3834 ret_val = ADBG_EXPECT_TRUE(c,
3835 test_rsa_key_pair(c, s, key, key_size));
3836 break;
3837
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3838 case TEE_TYPE_ECDSA_KEYPAIR:
3839 case TEE_TYPE_ECDH_KEYPAIR:
3840 ret_val = ADBG_EXPECT_TRUE(c,
3841 test_ecc_key_pair(c, s, key, key_size));
3842 break;
3843
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3844 case TEE_TYPE_DH_KEYPAIR:
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3845 ret_val = ADBG_EXPECT_TRUE(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3846 test_dh_key_pair(c, s, check_keysize, key,
3847 key_size));
3848 break;
3849
3850 case TEE_TYPE_DSA_KEYPAIR:
3851 ret_val = ADBG_EXPECT_TRUE(c,
3852 test_dsa_key_pair(c, s, key, key_size));
3853 break;
3854
3855 default:
3856 ret_val = false;
3857 break;
3858 }
3859
3860 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3861 ta_crypt_cmd_free_transient_object(c, s, key)))
3862 return false;
3863
3864 return ret_val;
3865}
3866
3867static void xtest_test_keygen_noparams(ADBG_Case_t *c, TEEC_Session *session)
3868{
3869 size_t n;
3870 uint32_t key_size;
3871 static const struct {
3872 const char *name;
3873 uint32_t key_type;
3874 uint32_t quanta;
3875 uint32_t min_size;
3876 uint32_t max_size;
3877 } key_types[] = {
3878 { "AES", TEE_TYPE_AES, 64, 128,
3879 256 /* valid sizes 128, 192, 256 */ },
3880 { "DES", TEE_TYPE_DES, 56, 56, 56 /* valid size 56 */ },
3881 { "DES3", TEE_TYPE_DES3, 56, 112,
3882 168 /* valid sizes 112, 168 */ },
3883 { "HMAC-MD5", TEE_TYPE_HMAC_MD5, 8, 64, 512 },
3884 { "HMAC-SHA1", TEE_TYPE_HMAC_SHA1, 8, 80, 512 },
3885 { "HMAC-SHA224", TEE_TYPE_HMAC_SHA224, 8, 112, 512 },
3886 { "HMAC-SHA256", TEE_TYPE_HMAC_SHA256, 8, 192, 1024 },
3887 { "HMAC-SHA384", TEE_TYPE_HMAC_SHA384, 8, 256, 1024 },
3888 { "HMAC-SHA512", TEE_TYPE_HMAC_SHA512, 8, 256, 1024 },
3889 { "Generic secret", TEE_TYPE_GENERIC_SECRET, 8, 128, 4096 },
3890 { "RSA-2048", TEE_TYPE_RSA_KEYPAIR, 1, 2048, 2048 },
3891
3892 /* New tests added to check non-regression of issue #5398 */
3893 { "RSA-256", TEE_TYPE_RSA_KEYPAIR, 1, 256, 256 },
3894 { "RSA-384", TEE_TYPE_RSA_KEYPAIR, 1, 384, 384 },
3895 { "RSA-512", TEE_TYPE_RSA_KEYPAIR, 1, 512, 512 },
3896 { "RSA-640", TEE_TYPE_RSA_KEYPAIR, 1, 640, 640 },
3897 { "RSA-768", TEE_TYPE_RSA_KEYPAIR, 1, 768, 768 },
3898 { "RSA-896", TEE_TYPE_RSA_KEYPAIR, 1, 896, 896 },
3899 { "RSA-1024", TEE_TYPE_RSA_KEYPAIR, 1, 1024, 1024 },
3900 };
3901
3902 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3903 uint32_t min_size = key_types[n].min_size;
3904 uint32_t max_size = key_types[n].max_size;
3905 uint32_t quanta = key_types[n].quanta;
3906
3907 Do_ADBG_BeginSubCase(c, "Generate %s key", key_types[n].name);
3908
3909 for (key_size = min_size; key_size <= max_size;
3910 key_size += quanta) {
3911 if (!ADBG_EXPECT_TRUE(c,
3912 generate_and_test_key(c, session, key_types
3913 [n].key_type, 1, key_size, NULL, 0)))
3914 break;
3915 }
3916
3917 Do_ADBG_EndSubCase(c, "Generate %s key", key_types[n].name);
3918 }
3919}
3920
3921static void xtest_test_keygen_dh(ADBG_Case_t *c, TEEC_Session *session)
3922{
3923 size_t n;
3924 size_t param_count;
3925 /*
3926 * Note that the key size parameter is not used when creating the keys
3927 * but specifying these sizes make it possible to test the expected size
3928 * of the private value. This also means that the keysize must match the
3929 * size of p or what is specified in private_bits or the equvivalent
3930 * size of the subprime parameter.
3931 */
3932 TEE_Attribute params[4];
3933
3934#define XTEST_DH_GK_DATA(vect) \
3935 ARRAY(vect ## _p), \
3936 ARRAY(vect ## _g), \
3937 &vect ## _private_bits, \
3938 0, 0
3939#define XTEST_DH_GK_DATA_SUBPRIME(vect) \
3940 ARRAY(vect ## _p), \
3941 ARRAY(vect ## _g), \
3942 &vect ## _private_bits, \
3943 ARRAY(vect ## _subprime)
3944 static const struct {
3945 uint32_t key_size;
3946 const uint8_t *p;
3947 size_t p_len;
3948 const uint8_t *g;
3949 size_t g_len;
3950 const uint32_t *private_bits;
3951 const uint8_t *subprime;
3952 size_t subprime_len;
3953 } key_types[] = {
3954 { 256, XTEST_DH_GK_DATA(keygen_dh256) },
3955 { 256, XTEST_DH_GK_DATA(keygen_dh320) },
3956 { 384, XTEST_DH_GK_DATA(keygen_dh384) },
3957 { 256, XTEST_DH_GK_DATA(keygen_dh448) },
3958 { 512, XTEST_DH_GK_DATA(keygen_dh512) },
3959 { 288, XTEST_DH_GK_DATA(keygen_dh576) },
3960 { 640, XTEST_DH_GK_DATA(keygen_dh640) },
3961 { 352, XTEST_DH_GK_DATA(keygen_dh704) },
3962 { 768, XTEST_DH_GK_DATA(keygen_dh768) },
3963 { 416, XTEST_DH_GK_DATA(keygen_dh832) },
3964 { 896, XTEST_DH_GK_DATA(keygen_dh896) },
3965 { 480, XTEST_DH_GK_DATA(keygen_dh960) },
3966 { 1024, XTEST_DH_GK_DATA(keygen_dh1024) },
3967 { 544, XTEST_DH_GK_DATA(keygen_dh1088) },
3968 { 1152, XTEST_DH_GK_DATA(keygen_dh1152) },
3969 { 608, XTEST_DH_GK_DATA(keygen_dh1216) },
3970 { 1280, XTEST_DH_GK_DATA(keygen_dh1280) },
3971 { 672, XTEST_DH_GK_DATA(keygen_dh1344) },
3972 { 1408, XTEST_DH_GK_DATA(keygen_dh1408) },
3973 { 736, XTEST_DH_GK_DATA(keygen_dh1472) },
3974 { 1536, XTEST_DH_GK_DATA(keygen_dh1536) },
3975 { 800, XTEST_DH_GK_DATA(keygen_dh1600) },
3976 { 1664, XTEST_DH_GK_DATA(keygen_dh1664) },
3977 { 864, XTEST_DH_GK_DATA(keygen_dh1728) },
3978 { 1792, XTEST_DH_GK_DATA(keygen_dh1792) },
3979 { 928, XTEST_DH_GK_DATA(keygen_dh1856) },
3980 { 1920, XTEST_DH_GK_DATA(keygen_dh1920) },
3981 { 992, XTEST_DH_GK_DATA(keygen_dh1984) },
3982 { 2048, XTEST_DH_GK_DATA(keygen_dh2048) },
3983 { 256, XTEST_DH_GK_DATA_SUBPRIME(keygen_dh2048_subprime) }
3984 };
3985
3986
3987 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3988 Do_ADBG_BeginSubCase(c,
3989 "Generate DH key %d bits - Private bits = %d",
3990 key_types[n].key_size,
3991 *key_types[n].private_bits);
3992 param_count = 0;
3993
3994 xtest_add_attr(&param_count, params,
3995 TEE_ATTR_DH_PRIME,
3996 key_types[n].p, key_types[n].p_len);
3997
3998 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
3999 key_types[n].g, key_types[n].g_len);
4000
4001 if (key_types[n].private_bits != 0) {
4002 params[param_count].attributeID = TEE_ATTR_DH_X_BITS;
4003
4004 params[param_count].content.value.a =
4005 *key_types[n].private_bits;
4006
4007 params[param_count].content.value.b = 0;
4008 param_count++;
4009 }
4010
4011 if (key_types[n].subprime != 0) {
4012 xtest_add_attr(&param_count, params,
4013 TEE_ATTR_DH_SUBPRIME,
4014 key_types[n].subprime,
4015 key_types[n].subprime_len);
4016 }
4017
4018 if (!ADBG_EXPECT_TRUE(c,
4019 generate_and_test_key(c, session, TEE_TYPE_DH_KEYPAIR,
4020 ((*key_types[n].private_bits) != 0),
4021 key_types[n]. key_size, params, param_count)))
4022 break;
4023
4024 Do_ADBG_EndSubCase(c,
4025 "Generate DH key %d bits - Private bits = %d",
4026 key_types[n].key_size,
4027 *key_types[n].private_bits);
4028 }
4029}
4030
4031static void xtest_test_keygen_dsa(ADBG_Case_t *c, TEEC_Session *session)
4032{
4033 size_t n;
4034 size_t param_count;
4035 TEE_Attribute params[4];
4036
4037#define XTEST_DSA_GK_DATA(vect) \
4038 ARRAY(vect ## _p), \
4039 ARRAY(vect ## _g), \
4040 ARRAY(vect ## _q)
4041 static const struct {
4042 uint32_t key_size;
4043 const uint8_t *prime;
4044 size_t prime_len;
4045 const uint8_t *base;
4046 size_t base_len;
4047 const uint8_t *sub_prime;
4048 size_t sub_prime_len;
4049 } key_types[] = {
4050 { 1024, XTEST_DSA_GK_DATA(keygen_dsa_test1) },
4051 { 512, XTEST_DSA_GK_DATA(keygen_dsa512) },
4052 { 576, XTEST_DSA_GK_DATA(keygen_dsa576) },
4053 { 640, XTEST_DSA_GK_DATA(keygen_dsa640) },
4054 { 704, XTEST_DSA_GK_DATA(keygen_dsa704) },
4055 { 768, XTEST_DSA_GK_DATA(keygen_dsa768) },
4056 { 832, XTEST_DSA_GK_DATA(keygen_dsa832) },
4057 { 896, XTEST_DSA_GK_DATA(keygen_dsa896) },
4058 { 960, XTEST_DSA_GK_DATA(keygen_dsa960) },
4059 { 1024, XTEST_DSA_GK_DATA(keygen_dsa1024) },
4060 };
4061
4062 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4063 Do_ADBG_BeginSubCase(c, "Generate DSA key %d bits",
4064 key_types[n].key_size);
4065 param_count = 0;
4066
4067
4068 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_PRIME,
4069 key_types[n].prime, key_types[n].prime_len);
4070
4071 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_SUBPRIME,
4072 key_types[n].sub_prime,
4073 key_types[n].sub_prime_len);
4074
4075 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_BASE,
4076 key_types[n].base, key_types[n].base_len);
4077
4078 if (!ADBG_EXPECT_TRUE(c,
4079 generate_and_test_key(c, session, TEE_TYPE_DSA_KEYPAIR,
4080 1, key_types[n]. key_size, params,
4081 param_count)))
4082 break;
4083
4084 Do_ADBG_EndSubCase(c, "Generate DSA key %d bits",
4085 key_types[n].key_size);
4086 }
4087}
4088
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4089static void xtest_test_keygen_ecc(ADBG_Case_t *c, TEEC_Session *session)
4090{
4091 size_t n;
4092 size_t param_count;
4093 TEE_Attribute params[4];
4094
4095 static const struct {
4096 const char *name;
4097 uint32_t algo;
4098 uint32_t curve;
4099 uint32_t key_size;
4100 } key_types[] = {
4101 /* ECDSA */
4102 { "ECDSA-192", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
4103 { "ECDSA-224", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
4104 { "ECDSA-256", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
4105 { "ECDSA-384", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
4106 { "ECDSA-521", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
4107
4108 /* ECDH */
4109 { "ECDH-192", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
4110 { "ECDH-224", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
4111 { "ECDH-256", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
4112 { "ECDH-384", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
4113 { "ECDH-521", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
4114 };
4115
4116 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4117 Do_ADBG_BeginSubCase(c, "Generate %s", key_types[n].name);
4118 param_count = 0;
4119
4120 xtest_add_attr_value(&param_count, params, TEE_ATTR_ECC_CURVE,
4121 key_types[n].curve, 0);
4122
4123 if (!ADBG_EXPECT_TRUE(c,
4124 generate_and_test_key(c, session, key_types[n].algo,
4125 0, key_types[n].key_size, params,
4126 param_count)))
4127 break;
4128
4129 Do_ADBG_EndSubCase(c, "Generate %s", key_types[n].name);
4130 }
4131}
4132
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4133static void xtest_tee_test_4007(ADBG_Case_t *c)
4134{
4135 TEEC_Session session = { 0 };
4136 uint32_t ret_orig;
4137
4138 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4139 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4140 &ret_orig)))
4141 return;
4142
4143 xtest_test_keygen_noparams(c, &session);
4144
4145 xtest_test_keygen_dh(c, &session);
4146
4147 xtest_test_keygen_dsa(c, &session);
4148
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4149 xtest_test_keygen_ecc (c, &session);
4150
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4151 TEEC_CloseSession(&session);
4152}
4153
4154static void xtest_tee_test_4008(ADBG_Case_t *c)
4155{
4156 TEEC_Session session = { 0 };
4157 uint32_t ret_orig;
4158 TEE_OperationHandle op;
4159 TEE_ObjectHandle key_handle;
4160 TEE_ObjectHandle sv_handle;
4161 TEE_Attribute params[4];
4162 size_t param_count = 0;
4163 uint8_t out[2048];
4164 size_t out_size;
4165
4166 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4167 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4168 &ret_orig)))
4169 return;
4170
4171 Do_ADBG_BeginSubCase(c, "Derive DH key success");
4172
4173 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4174 ta_crypt_cmd_allocate_operation(c, &session, &op,
4175 TEE_ALG_DH_DERIVE_SHARED_SECRET, TEE_MODE_DERIVE,
4176 derive_key_max_keysize)))
4177 goto out;
4178
4179 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4180 ta_crypt_cmd_allocate_transient_object(c, & session,
4181 TEE_TYPE_DH_KEYPAIR, derive_key_max_keysize,
4182 &key_handle)))
4183 goto out;
4184
4185 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIME,
4186 ARRAY(derive_key_dh_prime));
4187
4188 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
4189 ARRAY(derive_key_dh_base));
4190
4191 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4192 ARRAY(derive_key_dh_public_value));
4193
4194 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIVATE_VALUE,
4195 ARRAY(derive_key_dh_private_value));
4196
4197 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4198 ta_crypt_cmd_populate_transient_object(c, &session, key_handle,
4199 params, param_count)))
4200 goto out;
4201
4202 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4203 ta_crypt_cmd_set_operation_key(c, &session, op, key_handle)))
4204 goto out;
4205
4206 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4207 ta_crypt_cmd_free_transient_object(c, & session, key_handle)))
4208 goto out;
4209
4210 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4211 ta_crypt_cmd_allocate_transient_object(c, &session,
4212 TEE_TYPE_GENERIC_SECRET, derive_key_max_keysize,
4213 &sv_handle)))
4214 goto out;
4215
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame^]4216 /* reuse but reset params and param-count */
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4217 param_count = 0;
4218
4219 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4220 ARRAY(derive_key_dh_public_value_2));
4221
4222 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4223 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
4224 param_count)))
4225 goto out;
4226
4227 out_size = sizeof(out);
4228 memset(out, 0, sizeof(out));
4229 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4230 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
4231 TEE_ATTR_SECRET_VALUE, out, &out_size)))
4232 goto out;
4233
4234 if (!ADBG_EXPECT_BUFFER(c, derive_key_dh_shared_secret,
4235 sizeof(derive_key_dh_shared_secret), out,
4236 out_size))
4237 goto out;
4238
4239 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4240 ta_crypt_cmd_free_operation(c, &session, op)))
4241 goto out;
4242
4243 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4244 ta_crypt_cmd_free_transient_object(c, &session, sv_handle)))
4245 goto out;
4246out:
4247 Do_ADBG_EndSubCase(c, "Derive DH key success");
4248 TEEC_CloseSession(&session);
4249}
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame^]4250
4251static void xtest_tee_test_4009(ADBG_Case_t *c)
4252{
4253 TEEC_Session session = { 0 };
4254 uint32_t ret_orig;
4255 TEE_OperationHandle op;
4256 TEE_ObjectHandle key_handle;
4257 TEE_ObjectHandle sv_handle;
4258 TEE_Attribute params[4];
4259 size_t param_count = 0;
4260 uint8_t out[2048];
4261 size_t out_size;
4262 uint32_t size_bytes;
4263 int i;
4264 struct derive_key_ecdh_t *pt;
4265
4266 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4267 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4268 &ret_orig)))
4269 return;
4270
4271 for (i = 0; i < ARRAY_SIZE(derive_key_ecdh); i++) {
4272 pt = &derive_key_ecdh[i];
4273
4274 Do_ADBG_BeginSubCase(c, "Derive ECDH key - algo = 0x%x",
4275 pt->algo);
4276 size_bytes = (pt->keysize + 7) / 8;
4277 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4278 ta_crypt_cmd_allocate_operation(c, &session, &op,
4279 pt->algo,
4280 TEE_MODE_DERIVE, pt->keysize)))
4281 goto out;
4282
4283 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4284 ta_crypt_cmd_allocate_transient_object(c, & session,
4285 TEE_TYPE_ECDH_KEYPAIR, pt->keysize,
4286 &key_handle)))
4287 goto out;
4288
4289 param_count = 0;
4290 xtest_add_attr_value(&param_count, params,
4291 TEE_ATTR_ECC_CURVE, pt->curve, 0);
4292 xtest_add_attr(&param_count, params,
4293 TEE_ATTR_ECC_PRIVATE_VALUE,
4294 pt->private, size_bytes);
4295 /*
4296 * The public value is not used. This is why we provide
4297 * another buffer
4298 */
4299 xtest_add_attr(&param_count, params,
4300 TEE_ATTR_ECC_PUBLIC_VALUE_X,
4301 pt->private, size_bytes);
4302 xtest_add_attr(&param_count, params,
4303 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
4304 pt->private, size_bytes);
4305
4306 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4307 ta_crypt_cmd_populate_transient_object(c,
4308 &session,
4309 key_handle, params, param_count)))
4310 goto out;
4311
4312 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4313 ta_crypt_cmd_set_operation_key(c, &session, op,
4314 key_handle)))
4315 goto out;
4316
4317 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4318 ta_crypt_cmd_free_transient_object(c, & session,
4319 key_handle)))
4320 goto out;
4321
4322 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4323 ta_crypt_cmd_allocate_transient_object(c, &session,
4324 TEE_TYPE_GENERIC_SECRET, size_bytes * 8,
4325 &sv_handle)))
4326 goto out;
4327
4328 /* reuse but reset params and param-count */
4329 param_count = 0;
4330
4331 xtest_add_attr(&param_count, params,
4332 TEE_ATTR_ECC_PUBLIC_VALUE_X,
4333 pt->public_x, size_bytes);
4334 xtest_add_attr(&param_count, params,
4335 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
4336 pt->public_y, size_bytes);
4337
4338 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4339 ta_crypt_cmd_derive_key(c, &session, op, sv_handle,
4340 params, param_count)))
4341 goto out;
4342
4343 out_size = sizeof(out);
4344 memset(out, 0, sizeof(out));
4345 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4346 ta_crypt_cmd_get_object_buffer_attribute(c, &session,
4347 sv_handle,
4348 TEE_ATTR_SECRET_VALUE, out, &out_size)))
4349 goto out;
4350
4351 if (!ADBG_EXPECT_BUFFER(c, pt->out, size_bytes,
4352 out, out_size))
4353 goto out;
4354
4355 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4356 ta_crypt_cmd_free_operation(c, &session, op)))
4357 goto out;
4358
4359 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4360 ta_crypt_cmd_free_transient_object(c, &session,
4361 sv_handle)))
4362 goto out;
4363
4364 Do_ADBG_EndSubCase(c, "Derive ECDH key - algo = 0x%x",
4365 pt->algo);
4366 }
4367
4368 goto noerror;
4369
4370out:
4371 Do_ADBG_EndSubCase(c, "Derive ECDH key - algo = 0x%x", pt->algo);
4372
4373noerror:
4374 TEEC_CloseSession(&session);
4375}