TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 5c3d809d5e263c81b99bf6aa10ff1e00203d6cb7 / . / host / xtest / xtest_4000.c
blob: 22e9e11be352618bbe93e9d6fa9576dea29a9565 [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, STMicroelectronics International N.V.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13
14#include <stdio.h>
15#include <string.h>
16#include <inttypes.h>
17#include <malloc.h>
18
19#include "xtest_test.h"
20#include "xtest_helpers.h"
21
22#include <tee_api_types.h>
23#include <ta_crypt.h>
24#include <utee_defines.h>
25#include <util.h>
26
27#include <xtest_4000_data.h>
28
29#include <assert.h>
30
31static void xtest_tee_test_4001(ADBG_Case_t *Case_p);
32static void xtest_tee_test_4002(ADBG_Case_t *Case_p);
33static void xtest_tee_test_4003_no_xts(ADBG_Case_t *Case_p);
34static void xtest_tee_test_4003_xts(ADBG_Case_t *Case_p);
35static void xtest_tee_test_4004(ADBG_Case_t *Case_p);
36static void xtest_tee_test_4005(ADBG_Case_t *Case_p);
37static void xtest_tee_test_4006(ADBG_Case_t *Case_p);
38static void xtest_tee_test_4007(ADBG_Case_t *Case_p);
39static void xtest_tee_test_4008(ADBG_Case_t *Case_p);
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]40static void xtest_tee_test_4009(ADBG_Case_t *Case_p);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]41
42ADBG_CASE_DEFINE(XTEST_TEE_4001, xtest_tee_test_4001,
43 /* Title */
44 "Test TEE Internal API hash operations",
45 /* Short description */
46 "Short description ...",
47 /* Requirement IDs */
48 "TEE-??",
49 /* How to implement */
50 "Description of how to implement ..."
51 );
52
53ADBG_CASE_DEFINE(XTEST_TEE_4002, xtest_tee_test_4002,
54 /* Title */
55 "Test TEE Internal API MAC operations",
56 /* Short description */
57 "Short description ...",
58 /* Requirement IDs */
59 "TEE-??",
60 /* How to implement */
61 "Description of how to implement ..."
62 );
63
64ADBG_CASE_DEFINE(XTEST_TEE_4003_NO_XTS, xtest_tee_test_4003_no_xts,
65 /* Title */
66 "Test TEE Internal API cipher operations without AES XTS",
67 /* Short description */
68 "Short description ...",
69 /* Requirement IDs */
70 "TEE-??",
71 /* How to implement */
72 "Description of how to implement ..."
73 );
74
75ADBG_CASE_DEFINE(XTEST_TEE_4003_XTS, xtest_tee_test_4003_xts,
76 /* Title */
77 "Test TEE Internal API cipher operations for AES XTS",
78 /* Short description */
79 "Short description ...",
80 /* Requirement IDs */
81 "TEE-??",
82 /* How to implement */
83 "Description of how to implement ..."
84 );
85
86ADBG_CASE_DEFINE(XTEST_TEE_4004, xtest_tee_test_4004,
87 /* Title */
88 "Test TEE Internal API get random",
89 /* Short description */
90 "Short description ...",
91 /* Requirement IDs */
92 "TEE-??",
93 /* How to implement */
94 "Description of how to implement ..."
95 );
96
97ADBG_CASE_DEFINE(XTEST_TEE_4005, xtest_tee_test_4005,
98 /* Title */
99 "Test TEE Internal API Authenticated Encryption operations",
100 /* Short description */
101 "Short description ...",
102 /* Requirement IDs */
103 "TEE-??",
104 /* How to implement */
105 "Description of how to implement ..."
106 );
107
108ADBG_CASE_DEFINE(XTEST_TEE_4006, xtest_tee_test_4006,
109 /* Title */
110 "Test TEE Internal API Asymmetric Cipher operations",
111 /* Short description */
112 "Short description ...",
113 /* Requirement IDs */
114 "TEE-??",
115 /* How to implement */
116 "Description of how to implement ..."
117 );
118
119ADBG_CASE_DEFINE(XTEST_TEE_4007, xtest_tee_test_4007,
120 /* Title */
121 "Test TEE Internal API Generate key",
122 /* Short description */
123 "Short description ...",
124 /* Requirement IDs */
125 "TEE-??",
126 /* How to implement */
127 "Description of how to implement ..."
128 );
129
130ADBG_CASE_DEFINE(XTEST_TEE_4008, xtest_tee_test_4008,
131 /* Title */
132 "Test TEE Internal API Derive key",
133 /* Short description */
134 "Short description ...",
135 /* Requirement IDs */
136 "TEE-??",
137 /* How to implement */
138 "Description of how to implement ..."
139 );
140
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]141ADBG_CASE_DEFINE(XTEST_TEE_4009, xtest_tee_test_4009,
142 /* Title */
143 "Test TEE Internal API Derive key ECDH",
144 /* Short description */
145 "Short description ...",
146 /* Requirement IDs */
147 "TEE-??",
148 /* How to implement */
149 "Description of how to implement ..."
150 );
151
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]152static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
153 TEEC_Session *s,
154 void *buf, size_t blen);
155
156static TEEC_Result ta_crypt_cmd_reset_operation(ADBG_Case_t *c, TEEC_Session *s,
157 TEE_OperationHandle oph)
158{
159 TEEC_Result res;
160 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
161 uint32_t ret_orig;
162
163 assert((uintptr_t)oph <= UINT32_MAX);
164 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
165 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
166 TEEC_NONE);
167 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RESET_OPERATION, &op,
168 &ret_orig);
169 if (res != TEEC_SUCCESS) {
170 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
171 ret_orig);
172 }
173 return res;
174}
175
176static TEEC_Result ta_crypt_cmd_copy_operation(ADBG_Case_t *c,
177 TEEC_Session *s,
178 TEE_OperationHandle dst_oph,
179 TEE_OperationHandle src_oph)
180{
181 TEEC_Result res;
182 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
183 uint32_t ret_orig;
184
185 assert((uintptr_t)dst_oph <= UINT32_MAX);
186 op.params[0].value.a = (uint32_t)(uintptr_t)dst_oph;
187
188 assert((uintptr_t)src_oph <= UINT32_MAX);
189 op.params[0].value.b = (uint32_t)(uintptr_t)src_oph;
190 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
191 TEEC_NONE);
192
193 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_COPY_OPERATION, &op,
194 &ret_orig);
195
196 if (res != TEEC_SUCCESS) {
197 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
198 ret_orig);
199 }
200 return res;
201}
202
203static TEEC_Result ta_crypt_cmd_digest_update(ADBG_Case_t *c, TEEC_Session *s,
204 TEE_OperationHandle oph,
205 const void *chunk,
206 size_t chunk_size)
207{
208 TEEC_Result res;
209 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
210 uint32_t ret_orig;
211
212 assert((uintptr_t)oph <= UINT32_MAX);
213 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
214 op.params[1].tmpref.buffer = (void *)chunk;
215 op.params[1].tmpref.size = chunk_size;
216
217 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
218 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
219 TEEC_NONE);
220
221 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_UPDATE, &op, &ret_orig);
222
223 if (res != TEEC_SUCCESS) {
224 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
225 ret_orig);
226 }
227
228 return res;
229}
230
231static TEEC_Result ta_crypt_cmd_digest_do_final(ADBG_Case_t *c, TEEC_Session *s,
232 TEE_OperationHandle oph,
233 const void *chunk,
234 size_t chunk_len, void *hash,
235 size_t *hash_len)
236{
237 TEEC_Result res;
238 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
239 uint32_t ret_orig;
240
241 assert((uintptr_t)oph <= UINT32_MAX);
242 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
243
244 op.params[1].tmpref.buffer = (void *)chunk;
245 op.params[1].tmpref.size = chunk_len;
246
247 op.params[2].tmpref.buffer = (void *)hash;
248 op.params[2].tmpref.size = *hash_len;
249
250 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
251 TEEC_MEMREF_TEMP_INPUT,
252 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
253
254 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_DO_FINAL, &op,
255 &ret_orig);
256
257 if (res != TEEC_SUCCESS) {
258 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
259 ret_orig);
260 }
261
262 if (res == TEEC_SUCCESS)
263 *hash_len = op.params[2].tmpref.size;
264
265 return res;
266}
267
268static TEE_Result ta_crypt_cmd_set_operation_key2(ADBG_Case_t *c,
269 TEEC_Session *s,
270 TEE_OperationHandle oph,
271 TEE_ObjectHandle key1,
272 TEE_ObjectHandle key2)
273{
274 TEEC_Result res;
275 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
276 uint32_t ret_orig;
277
278 assert((uintptr_t)oph <= UINT32_MAX);
279 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
280
281 assert((uintptr_t)key1 <= UINT32_MAX);
282 op.params[0].value.b = (uint32_t)(uintptr_t)key1;
283
284 assert((uintptr_t)key2 <= UINT32_MAX);
285 op.params[1].value.a = (uint32_t)(uintptr_t)key2;
286 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_INPUT,
287 TEEC_NONE, TEEC_NONE);
288
289 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_SET_OPERATION_KEY2, &op,
290 &ret_orig);
291
292 if (res != TEEC_SUCCESS) {
293 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
294 ret_orig);
295 }
296
297 return res;
298}
299
300static TEEC_Result ta_crypt_cmd_mac_init(ADBG_Case_t *c, TEEC_Session *s,
301 TEE_OperationHandle oph,
302 const void *iv, size_t iv_len)
303{
304 TEEC_Result res;
305 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
306 uint32_t ret_orig;
307
308 assert((uintptr_t)oph <= UINT32_MAX);
309 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
310
311 if (iv != NULL) {
312 op.params[1].tmpref.buffer = (void *)iv;
313 op.params[1].tmpref.size = iv_len;
314 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
315 TEEC_MEMREF_TEMP_INPUT,
316 TEEC_NONE, TEEC_NONE);
317 } else {
318 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
319 TEEC_NONE, TEEC_NONE);
320 }
321
322 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_INIT, &op, &ret_orig);
323
324 if (res != TEEC_SUCCESS) {
325 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
326 ret_orig);
327 }
328
329 return res;
330}
331
332static TEEC_Result ta_crypt_cmd_mac_update(ADBG_Case_t *c, TEEC_Session *s,
333 TEE_OperationHandle oph,
334 const void *chunk, size_t chunk_size)
335{
336 TEEC_Result res;
337 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
338 uint32_t ret_orig;
339
340 assert((uintptr_t)oph <= UINT32_MAX);
341 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
342
343 op.params[1].tmpref.buffer = (void *)chunk;
344 op.params[1].tmpref.size = chunk_size;
345
346 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
347 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
348 TEEC_NONE);
349
350 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_UPDATE, &op, &ret_orig);
351
352 if (res != TEEC_SUCCESS) {
353 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
354 ret_orig);
355 }
356
357 return res;
358}
359
360static TEEC_Result ta_crypt_cmd_mac_final_compute(ADBG_Case_t *c,
361 TEEC_Session *s,
362 TEE_OperationHandle oph,
363 const void *chunk,
364 size_t chunk_len,
365 void *hash,
366 size_t *hash_len)
367{
368 TEEC_Result res;
369 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
370 uint32_t ret_orig;
371
372 assert((uintptr_t)oph <= UINT32_MAX);
373 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
374
375 op.params[1].tmpref.buffer = (void *)chunk;
376 op.params[1].tmpref.size = chunk_len;
377
378 op.params[2].tmpref.buffer = (void *)hash;
379 op.params[2].tmpref.size = *hash_len;
380
381 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
382 TEEC_MEMREF_TEMP_INPUT,
383 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
384
385 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_FINAL_COMPUTE, &op,
386 &ret_orig);
387
388 if (res != TEEC_SUCCESS) {
389 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
390 ret_orig);
391 }
392
393 if (res == TEEC_SUCCESS)
394 *hash_len = op.params[2].tmpref.size;
395
396 return res;
397}
398
399static TEEC_Result ta_crypt_cmd_cipher_init(ADBG_Case_t *c, TEEC_Session *s,
400 TEE_OperationHandle oph,
401 const void *iv, size_t iv_len)
402{
403 TEEC_Result res;
404 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
405 uint32_t ret_orig;
406
407 assert((uintptr_t)oph <= UINT32_MAX);
408 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
409
410 if (iv != NULL) {
411 op.params[1].tmpref.buffer = (void *)iv;
412 op.params[1].tmpref.size = iv_len;
413
414 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
415 TEEC_MEMREF_TEMP_INPUT,
416 TEEC_NONE, TEEC_NONE);
417 } else {
418 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
419 TEEC_NONE, TEEC_NONE);
420 }
421
422 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_INIT, &op, &ret_orig);
423
424 if (res != TEEC_SUCCESS) {
425 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
426 ret_orig);
427 }
428
429 return res;
430}
431
432static TEEC_Result ta_crypt_cmd_cipher_update(ADBG_Case_t *c, TEEC_Session *s,
433 TEE_OperationHandle oph,
434 const void *src, size_t src_len,
435 void *dst, size_t *dst_len)
436{
437 TEEC_Result res;
438 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
439 uint32_t ret_orig;
440
441 assert((uintptr_t)oph <= UINT32_MAX);
442 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
443
444 op.params[1].tmpref.buffer = (void *)src;
445 op.params[1].tmpref.size = src_len;
446
447 op.params[2].tmpref.buffer = dst;
448 op.params[2].tmpref.size = *dst_len;
449
450 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
451 TEEC_MEMREF_TEMP_INPUT,
452 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
453
454 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_UPDATE, &op, &ret_orig);
455
456 if (res != TEEC_SUCCESS) {
457 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
458 ret_orig);
459 }
460
461 if (res == TEEC_SUCCESS)
462 *dst_len = op.params[2].tmpref.size;
463
464 return res;
465}
466
467static TEEC_Result ta_crypt_cmd_cipher_do_final(ADBG_Case_t *c,
468 TEEC_Session *s,
469 TEE_OperationHandle oph,
470 const void *src,
471 size_t src_len,
472 void *dst,
473 size_t *dst_len)
474{
475 TEEC_Result res;
476 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
477 uint32_t ret_orig;
478
479 assert((uintptr_t)oph <= UINT32_MAX);
480 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
481
482 op.params[1].tmpref.buffer = (void *)src;
483 op.params[1].tmpref.size = src_len;
484
485 op.params[2].tmpref.buffer = (void *)dst;
486 op.params[2].tmpref.size = *dst_len;
487
488 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
489 TEEC_MEMREF_TEMP_INPUT,
490 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
491
492 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_DO_FINAL, &op,
493 &ret_orig);
494
495 if (res != TEEC_SUCCESS) {
496 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
497 ret_orig);
498 }
499
500 if (res == TEEC_SUCCESS)
501 *dst_len = op.params[2].tmpref.size;
502
503 return res;
504}
505
506static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
507 TEEC_Session *s,
508 void *buf,
509 size_t blen)
510{
511 TEEC_Result res;
512 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
513 uint32_t ret_orig;
514
515 op.params[0].tmpref.buffer = buf;
516 op.params[0].tmpref.size = blen;
517
518 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
519 TEEC_NONE, TEEC_NONE);
520
521 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RANDOM_NUMBER_GENEREATE, &op,
522 &ret_orig);
523
524 if (res != TEEC_SUCCESS) {
525 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
526 ret_orig);
527 }
528
529 (void)ADBG_EXPECT_COMPARE_UNSIGNED(c, blen, ==,
530 op.params[0].tmpref.size);
531 return res;
532}
533
534static TEEC_Result ta_crypt_cmd_ae_init(ADBG_Case_t *c, TEEC_Session *s,
535 TEE_OperationHandle oph,
536 const void *nonce, size_t nonce_len,
537 size_t tag_len, size_t aad_len,
538 size_t payload_len)
539{
540 TEEC_Result res;
541 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
542 uint32_t ret_orig;
543
544 assert((uintptr_t)oph <= UINT32_MAX);
545 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
546 op.params[0].value.b = tag_len;
547
548 op.params[1].tmpref.buffer = (void *)nonce;
549 op.params[1].tmpref.size = nonce_len;
550
551 op.params[2].value.a = aad_len;
552 op.params[2].value.b = payload_len;
553
554 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
555 TEEC_MEMREF_TEMP_INPUT,
Jens Wiklander74a42302015-07-07 01:08:41 +0200[diff] [blame]556 TEEC_VALUE_INPUT, TEEC_NONE);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]557
558 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_INIT, &op, &ret_orig);
559
560 if (res != TEEC_SUCCESS) {
561 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
562 ret_orig);
563 }
564 return res;
565}
566
567static TEEC_Result ta_crypt_cmd_ae_update_aad(ADBG_Case_t *c, TEEC_Session *s,
568 TEE_OperationHandle oph,
569 const void *aad, size_t aad_len)
570{
571 TEEC_Result res;
572 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
573 uint32_t ret_orig;
574
575 assert((uintptr_t)oph <= UINT32_MAX);
576 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
577
578 op.params[1].tmpref.buffer = (void *)aad;
579 op.params[1].tmpref.size = aad_len;
580
581 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
582 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
583 TEEC_NONE);
584
585 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE_AAD, &op, &ret_orig);
586
587 if (res != TEEC_SUCCESS) {
588 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
589 ret_orig);
590 }
591
592 return res;
593}
594
595static TEEC_Result ta_crypt_cmd_ae_update(ADBG_Case_t *c,
596 TEEC_Session *s,
597 TEE_OperationHandle oph,
598 const void *src,
599 size_t src_len,
600 void *dst,
601 size_t *dst_len)
602{
603 TEEC_Result res;
604 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
605 uint32_t ret_orig;
606
607 assert((uintptr_t)oph <= UINT32_MAX);
608 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
609
610 op.params[1].tmpref.buffer = (void *)src;
611 op.params[1].tmpref.size = src_len;
612
613 op.params[2].tmpref.buffer = (void *)dst;
614 op.params[2].tmpref.size = *dst_len;
615
616 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
617 TEEC_MEMREF_TEMP_INPUT,
618 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
619
620 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE, &op, &ret_orig);
621
622 if (res != TEEC_SUCCESS) {
623 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
624 ret_orig);
625 }
626
627 if (res == TEEC_SUCCESS)
628 *dst_len = op.params[2].tmpref.size;
629
630 return res;
631}
632
633static TEEC_Result ta_crypt_cmd_ae_encrypt_final(ADBG_Case_t *c,
634 TEEC_Session *s,
635 TEE_OperationHandle oph,
636 const void *src,
637 size_t src_len, void *dst,
638 size_t *dst_len, void *tag,
639 size_t *tag_len)
640{
641 TEEC_Result res;
642 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
643 uint32_t ret_orig;
644
645 assert((uintptr_t)oph <= UINT32_MAX);
646 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
647
648 op.params[1].tmpref.buffer = (void *)src;
649 op.params[1].tmpref.size = src_len;
650
651 op.params[2].tmpref.buffer = (void *)dst;
652 op.params[2].tmpref.size = *dst_len;
653
654 op.params[3].tmpref.buffer = (void *)tag;
655 op.params[3].tmpref.size = *tag_len;
656
657 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
658 TEEC_MEMREF_TEMP_INPUT,
659 TEEC_MEMREF_TEMP_OUTPUT,
660 TEEC_MEMREF_TEMP_OUTPUT);
661
662 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_ENCRYPT_FINAL, &op,
663 &ret_orig);
664
665 if (res != TEEC_SUCCESS) {
666 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
667 ret_orig);
668 }
669
670 if (res == TEEC_SUCCESS) {
671 *dst_len = op.params[2].tmpref.size;
672 *tag_len = op.params[3].tmpref.size;
673 }
674
675 return res;
676}
677
678static TEEC_Result ta_crypt_cmd_ae_decrypt_final(ADBG_Case_t *c,
679 TEEC_Session *s,
680 TEE_OperationHandle oph,
681 const void *src, size_t src_len,
682 void *dst, size_t *dst_len,
683 const void *tag, size_t tag_len)
684{
685 TEEC_Result res;
686 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
687 uint32_t ret_orig;
688
689 assert((uintptr_t)oph <= UINT32_MAX);
690 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
691
692 op.params[1].tmpref.buffer = (void *)src;
693 op.params[1].tmpref.size = src_len;
694
695 op.params[2].tmpref.buffer = dst;
696 op.params[2].tmpref.size = *dst_len;
697
698 op.params[3].tmpref.buffer = (void *)tag;
699 op.params[3].tmpref.size = tag_len;
700
701 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
702 TEEC_MEMREF_TEMP_INPUT,
703 TEEC_MEMREF_TEMP_OUTPUT,
704 TEEC_MEMREF_TEMP_INPUT);
705
706 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_DECRYPT_FINAL, &op,
707 &ret_orig);
708
709 if (res != TEEC_SUCCESS) {
710 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
711 ret_orig);
712 }
713
714 if (res == TEEC_SUCCESS)
715 *dst_len = op.params[2].tmpref.size;
716
717 return res;
718}
719
720static TEEC_Result ta_crypt_cmd_asymmetric_operate(ADBG_Case_t *c,
721 TEEC_Session *s,
722 TEE_OperationHandle oph,
723 uint32_t cmd,
724 const TEE_Attribute *params,
725 uint32_t paramCount,
726 const void *src,
727 size_t src_len,
728 void *dst,
729 size_t *dst_len)
730{
731 TEEC_Result res;
732 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
733 uint32_t ret_orig;
734 uint8_t *buf;
735 size_t blen;
736
737 res = pack_attrs(params, paramCount, &buf, &blen);
738 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
739 return res;
740
741 assert((uintptr_t)oph <= UINT32_MAX);
742 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
743
744 op.params[1].tmpref.buffer = buf;
745 op.params[1].tmpref.size = blen;
746
747 op.params[2].tmpref.buffer = (void *)src;
748 op.params[2].tmpref.size = src_len;
749
750 op.params[3].tmpref.buffer = dst;
751 op.params[3].tmpref.size = *dst_len;
752
753 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
754 TEEC_MEMREF_TEMP_INPUT,
755 TEEC_MEMREF_TEMP_INPUT,
756 TEEC_MEMREF_TEMP_OUTPUT);
757
758 res = TEEC_InvokeCommand(s, cmd, &op, &ret_orig);
759
760 if (res != TEEC_SUCCESS) {
761 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
762 ret_orig);
763 }
764
765 if (res == TEEC_SUCCESS)
766 *dst_len = op.params[3].tmpref.size;
767
768 free(buf);
769 return res;
770}
771
772static TEEC_Result ta_crypt_cmd_asymmetric_encrypt(ADBG_Case_t *c,
773 TEEC_Session *s,
774 TEE_OperationHandle oph,
775 const TEE_Attribute *params,
776 uint32_t paramCount,
777 const void *src,
778 size_t src_len,
779 void *dst,
780 size_t *dst_len)
781{
782 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
783 TA_CRYPT_CMD_ASYMMETRIC_ENCRYPT,
784 params, paramCount,
785 src, src_len, dst, dst_len);
786}
787
788static TEEC_Result ta_crypt_cmd_asymmetric_decrypt(ADBG_Case_t *c,
789 TEEC_Session *s,
790 TEE_OperationHandle oph,
791 const TEE_Attribute *params,
792 uint32_t paramCount,
793 const void *src,
794 size_t src_len,
795 void *dst,
796 size_t *dst_len)
797{
798 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
799 TA_CRYPT_CMD_ASYMMETRIC_DECRYPT,
800 params, paramCount,
801 src, src_len, dst, dst_len);
802}
803
804static TEEC_Result ta_crypt_cmd_asymmetric_sign(ADBG_Case_t *c,
805 TEEC_Session *s,
806 TEE_OperationHandle oph,
807 const TEE_Attribute *params,
808 uint32_t paramCount,
809 const void *digest,
810 size_t digest_len,
811 void *signature,
812 size_t *signature_len)
813{
814 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
815 TA_CRYPT_CMD_ASYMMETRIC_SIGN_DIGEST, params, paramCount,
816 digest, digest_len, signature, signature_len);
817}
818
819static TEEC_Result ta_crypt_cmd_asymmetric_verify(ADBG_Case_t *c,
820 TEEC_Session *s,
821 TEE_OperationHandle oph,
822 const TEE_Attribute *params,
823 uint32_t paramCount,
824 const void *digest,
825 size_t digest_len,
826 const void *signature,
827 size_t signature_len)
828{
829 TEEC_Result res;
830 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
831 uint32_t ret_orig;
832 uint8_t *buf;
833 size_t blen;
834
835 res = pack_attrs(params, paramCount, &buf, &blen);
836 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
837 return res;
838
839 assert((uintptr_t)oph <= UINT32_MAX);
840 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
841
842 op.params[1].tmpref.buffer = buf;
843 op.params[1].tmpref.size = blen;
844
845 op.params[2].tmpref.buffer = (void *)digest;
846 op.params[2].tmpref.size = digest_len;
847
848 op.params[3].tmpref.buffer = (void *)signature;
849 op.params[3].tmpref.size = signature_len;
850
851 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
852 TEEC_MEMREF_TEMP_INPUT,
853 TEEC_MEMREF_TEMP_INPUT,
854 TEEC_MEMREF_TEMP_INPUT);
855
856 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_ASYMMETRIC_VERIFY_DIGEST,
857 &op, &ret_orig);
858
859 if (res != TEEC_SUCCESS) {
860 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
861 ret_orig);
862 }
863
864 free(buf);
865 return res;
866}
867
868static TEEC_Result ta_crypt_cmd_get_object_value_attribute(ADBG_Case_t *c,
869 TEEC_Session *s,
870 TEE_ObjectHandle o,
871 uint32_t attr_id,
872 uint32_t *valuea,
873 uint32_t *valueb)
874{
875 TEEC_Result res;
876 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
877 uint32_t ret_orig;
878
879 assert((uintptr_t)o <= UINT32_MAX);
880 op.params[0].value.a = (uint32_t)(uintptr_t)o;
881 op.params[0].value.b = attr_id;
882 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_OUTPUT,
883 TEEC_NONE, TEEC_NONE);
884
885 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GET_OBJECT_VALUE_ATTRIBUTE,
886 &op, &ret_orig);
887
888 if (res != TEEC_SUCCESS) {
889 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
890 ret_orig);
891 }
892
893 if (res == TEEC_SUCCESS) {
894 *valuea = op.params[1].value.a;
895 *valueb = op.params[1].value.b;
896 }
897
898 return res;
899}
900
901static TEEC_Result ta_crypt_cmd_generate_key(ADBG_Case_t *c,
902 TEEC_Session *s,
903 TEE_ObjectHandle o,
904 uint32_t key_size,
905 const TEE_Attribute *params,
906 uint32_t paramCount)
907{
908 TEEC_Result res;
909 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
910 uint32_t ret_orig;
911 uint8_t *buf;
912 size_t blen;
913
914 res = pack_attrs(params, paramCount, &buf, &blen);
915 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
916 return res;
917
918 assert((uintptr_t)o <= UINT32_MAX);
919 op.params[0].value.a = (uint32_t)(uintptr_t)o;
920 op.params[0].value.b = key_size;
921
922 op.params[1].tmpref.buffer = buf;
923 op.params[1].tmpref.size = blen;
924
925 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
926 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
927 TEEC_NONE);
928
929 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GENERATE_KEY, &op, &ret_orig);
930
931 if (res != TEEC_SUCCESS) {
932 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
933 ret_orig);
934 }
935
936 free(buf);
937 return res;
938}
939
940static const uint8_t hash_data_md5_in1[] = {
941 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
942};
943
944static const uint8_t hash_data_md5_out1[] = {
945 0x61, 0x12, 0x71, 0x83, 0x70, 0x8d, 0x3a, 0xc7,
946 0xf1, 0x9b, 0x66, 0x06, 0xfc, 0xae, 0x7d, 0xf6
947};
948
949static const uint8_t hash_data_sha1_in1[] = {
950 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
951};
952
953static const uint8_t hash_data_sha1_out1[] = {
954 0x4b, 0x98, 0x92, 0xb6, 0x52, 0x72, 0x14, 0xaf,
955 0xc6, 0x55, 0xb8, 0xaa, 0x52, 0xf4, 0xd2, 0x03,
956 0xc1, 0x5e, 0x7c, 0x9c
957};
958
959static const uint8_t hash_data_sha224_in1[] = {
960 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
961};
962
963static const uint8_t hash_data_sha224_out1[] = {
964 0x08, 0x21, 0x69, 0xf9, 0x77, 0x1b, 0x80, 0x15,
965 0xf3, 0x97, 0xae, 0xde, 0x5b, 0xba, 0xa2, 0x72,
966 0x2d, 0x8f, 0x5c, 0x19, 0xfe, 0xd2, 0xe2, 0x68,
967 0x92, 0x49, 0xd8, 0x44
968};
969
970static const uint8_t hash_data_sha256_in1[] = { 'a', 'b', 'c' };
971
972static const uint8_t hash_data_sha256_out1[] = {
973 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
974 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
975 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
976 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
977};
978
979static const uint8_t hash_data_sha256_in2[] = { 'e', 'f', 'g' };
980
981static const uint8_t hash_data_sha256_out2[] = {
982 0xd4, 0xff, 0xe8, 0xe9, 0xee, 0x0b, 0x48, 0xeb,
983 0xa7, 0x16, 0x70, 0x61, 0x23, 0xa7, 0x18, 0x7f,
984 0x32, 0xea, 0xe3, 0xbd, 0xcb, 0x0e, 0x77, 0x63,
985 0xe4, 0x1e, 0x53, 0x32, 0x67, 0xbd, 0x8a, 0x53
986};
987
988
989static const uint8_t hash_data_sha384_in1[] = {
990 'a', 'b', 'c', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
991};
992
993static const uint8_t hash_data_sha384_out1[] = {
994 0x4c, 0xab, 0x80, 0x9d, 0x96, 0x84, 0x01, 0x47,
995 0x67, 0x0a, 0xc1, 0x7a, 0xb6, 0xb9, 0xf7, 0x6e,
996 0x35, 0xa6, 0xb0, 0x8c, 0xf5, 0x2a, 0x3d, 0x64,
997 0x9a, 0x8c, 0x7e, 0x0c, 0x55, 0x45, 0xd3, 0x7d,
998 0x1f, 0x7f, 0x28, 0x34, 0x96, 0x14, 0x44, 0x2a,
999 0xf5, 0x98, 0xa2, 0x95, 0x24, 0x76, 0x53, 0x97
1000};
1001
1002static const uint8_t hash_data_sha512_in1[] = {
1003 'a', 'b', 'c', 'd', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
1004};
1005
1006static const uint8_t hash_data_sha512_out1[] = {
1007 0x20, 0xd8, 0x64, 0x4f, 0x54, 0xa2, 0x5f, 0x6f,
1008 0x0a, 0xf9, 0xd5, 0x27, 0x7d, 0x17, 0xa8, 0x99,
1009 0x4c, 0x64, 0x3f, 0xd0, 0xf3, 0x83, 0x36, 0xee,
1010 0x93, 0x12, 0x55, 0xcd, 0x2e, 0x12, 0x34, 0xa0,
1011 0xc2, 0xaa, 0xf9, 0xbb, 0x15, 0xc5, 0xe9, 0xfa,
1012 0xf7, 0xa7, 0xda, 0xb8, 0x2f, 0x72, 0xa0, 0x47,
1013 0xe3, 0x02, 0x04, 0xe8, 0xa0, 0x35, 0x0c, 0x96,
1014 0x26, 0xd1, 0xcb, 0x8b, 0x47, 0x45, 0x25, 0xd0
1015};
1016
1017struct xtest_hash_case {
1018 uint32_t algo;
1019 size_t in_incr;
1020 const uint8_t *in;
1021 size_t in_len;
1022 const uint8_t *out;
1023 size_t out_len;
1024};
1025
1026#define XTEST_HASH_CASE(algo, in_incr, in, out) \
1027 { (algo), (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1028
1029static const struct xtest_hash_case hash_cases[] = {
1030 XTEST_HASH_CASE(TEE_ALG_MD5, 6, hash_data_md5_in1,
1031 hash_data_md5_out1),
1032 XTEST_HASH_CASE(TEE_ALG_SHA1, 3, hash_data_sha1_in1,
1033 hash_data_sha1_out1),
1034 XTEST_HASH_CASE(TEE_ALG_SHA224, 7, hash_data_sha224_in1,
1035 hash_data_sha224_out1),
1036 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in1,
1037 hash_data_sha256_out1),
1038 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in2,
1039 hash_data_sha256_out2),
1040 XTEST_HASH_CASE(TEE_ALG_SHA384, 1, hash_data_sha384_in1,
1041 hash_data_sha384_out1),
1042 XTEST_HASH_CASE(TEE_ALG_SHA512, 1, hash_data_sha512_in1,
1043 hash_data_sha512_out1),
1044};
1045
1046static void xtest_tee_test_4001(ADBG_Case_t *c)
1047{
1048 TEEC_Session session = { 0 };
1049 uint32_t ret_orig;
1050 size_t n;
1051
1052 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1053 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1054 &ret_orig)))
1055 return;
1056
1057
1058 for (n = 0; n < ARRAY_SIZE(hash_cases); n++) {
1059 TEE_OperationHandle op1;
1060 TEE_OperationHandle op2;
1061 uint8_t out[64];
1062 size_t out_size;
1063
1064 Do_ADBG_BeginSubCase(c, "Hash case %d algo 0x%x",
1065 (int)n, (unsigned int)hash_cases[n].algo);
1066
1067 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1068 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1069 hash_cases[n].algo,
1070 TEE_MODE_DIGEST, 0)))
1071 goto out;
1072
1073 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1074 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1075 hash_cases[n].algo,
1076 TEE_MODE_DIGEST, 0)))
1077 goto out;
1078
1079 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1080 ta_crypt_cmd_digest_update(c, &session, op1,
1081 hash_cases[n].in,
1082 hash_cases[n].in_incr)))
1083 goto out;
1084
1085 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1086 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1087 goto out;
1088
1089 out_size = sizeof(out);
1090 memset(out, 0, sizeof(out));
1091 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1092 ta_crypt_cmd_digest_do_final(c, &session, op2,
1093 hash_cases[n].in + hash_cases[n].in_incr,
1094 hash_cases[n].in_len - hash_cases[n].in_incr,
1095 out, &out_size)))
1096 goto out;
1097
1098 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1099 hash_cases[n].out_len, out, out_size);
1100
1101 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1102 ta_crypt_cmd_reset_operation(c, &session, op1)))
1103 goto out;
1104
1105 out_size = sizeof(out);
1106 memset(out, 0, sizeof(out));
1107 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1108 ta_crypt_cmd_digest_do_final(c, &session, op1,
1109 hash_cases[n].in,
1110 hash_cases[n].in_len, out,
1111 &out_size)))
1112 goto out;
1113
1114 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1115 hash_cases[n].out_len, out, out_size);
1116
1117 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1118 ta_crypt_cmd_free_operation(c, &session, op1)))
1119 goto out;
1120
1121 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1122 ta_crypt_cmd_free_operation(c, &session, op2)))
1123 goto out;
1124
1125 Do_ADBG_EndSubCase(c, NULL);
1126 }
1127
1128out:
1129 TEEC_CloseSession(&session);
1130}
1131
1132static const uint8_t mac_data_md5_key1[10] = {
1133 0x6B, 0x65, 0x79, /* key */
1134};
1135
1136static const uint8_t mac_data_md5_in1[] = {
1137 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1138 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1139 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1140 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1141 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1142 0x64, 0x6F, 0x67, /* dog */
1143};
1144
1145static const uint8_t mac_data_md5_out1[] = {
1146 0x80, 0x07, 0x07, 0x13, 0x46, 0x3e, 0x77, 0x49,
1147 0xb9, 0x0c, 0x2d, 0xc2, 0x49, 0x11, 0xe2, 0x75
1148};
1149
1150
1151/* generated with scripts/digest_hmac.pl */
1152static const uint8_t mac_data_sha1_key1[10] = {
1153 0x6B, 0x65, 0x79, /* key */
1154};
1155
1156static const uint8_t mac_data_sha1_in1[] = {
1157 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1158 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1159 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1160 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1161 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1162 0x64, 0x6F, 0x67, /* dog */
1163};
1164
1165static const uint8_t mac_data_sha1_out1[] = {
1166 0xDE, 0x7C, 0x9B, 0x85, 0xB8, 0xB7, 0x8A, 0xA6, /* .|...... */
1167 0xBC, 0x8A, 0x7A, 0x36, 0xF7, 0x0A, 0x90, 0x70, /* ..z6...p */
1168 0x1C, 0x9D, 0xB4, 0xD9, /* .... */
1169};
1170
1171static const uint8_t mac_data_sha224_key1[24] = {
1172 0x6B, 0x65, 0x79, /* key */
1173};
1174
1175static const uint8_t mac_data_sha224_in1[] = {
1176 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1177 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1178 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1179 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1180 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1181 0x64, 0x6F, 0x67, /* dog */
1182};
1183
1184static const uint8_t mac_data_sha224_out1[] = {
1185 0x88, 0xFF, 0x8B, 0x54, 0x67, 0x5D, 0x39, 0xB8, /* ...Tg]9. */
1186 0xF7, 0x23, 0x22, 0xE6, 0x5F, 0xF9, 0x45, 0xC5, /* .#"._.E. */
1187 0x2D, 0x96, 0x37, 0x99, 0x88, 0xAD, 0xA2, 0x56, /* -.7....V */
1188 0x39, 0x74, 0x7E, 0x69, /* 9t~i */
1189};
1190
1191
1192static const uint8_t mac_data_sha256_key1[24] = {
1193 'Q', 'W', 'E', 'R', 'T', 'Y'
1194};
1195
1196static const uint8_t mac_data_sha256_in1[] = { 'a', 'b', 'c' };
1197
1198static const uint8_t mac_data_sha256_out1[] = {
1199 0xee, 0x2e, 0x5d, 0x9b, 0x51, 0xe2, 0x9c, 0x1d,
1200 0x49, 0xe9, 0xae, 0x6f, 0x0a, 0xcc, 0x15, 0x18,
1201 0xde, 0x1e, 0xa3, 0x88, 0x8e, 0xee, 0x48, 0xbb,
1202 0x82, 0x77, 0xe9, 0x09, 0x74, 0x4b, 0xa2, 0xf2
1203};
1204
1205/* generated with scripts/digest_hmac.pl */
1206static const uint8_t mac_data_sha256_key2[24] = {
1207 0x6B, 0x65, 0x79, /* key */
1208};
1209
1210static const uint8_t mac_data_sha256_in2[] = {
1211 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1212 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1213 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1214 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1215 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1216 0x64, 0x6F, 0x67, /* dog */
1217};
1218
1219static const uint8_t mac_data_sha256_out2[] = {
1220 0xF7, 0xBC, 0x83, 0xF4, 0x30, 0x53, 0x84, 0x24, /* ....0S.$ */
1221 0xB1, 0x32, 0x98, 0xE6, 0xAA, 0x6F, 0xB1, 0x43, /* .2...o.C */
1222 0xEF, 0x4D, 0x59, 0xA1, 0x49, 0x46, 0x17, 0x59, /* .MY.IF.Y */
1223 0x97, 0x47, 0x9D, 0xBC, 0x2D, 0x1A, 0x3C, 0xD8, /* .G..-.<. */
1224};
1225
1226static const uint8_t mac_data_sha384_key1[32] = {
1227 0x6B, 0x65, 0x79, /* key */
1228};
1229
1230static const uint8_t mac_data_sha384_in1[] = {
1231 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1232 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1233 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1234 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1235 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1236 0x64, 0x6F, 0x67, /* dog */
1237};
1238
1239static const uint8_t mac_data_sha384_out1[] = {
1240 0xD7, 0xF4, 0x72, 0x7E, 0x2C, 0x0B, 0x39, 0xAE, /* ..r~, .9. */
1241 0x0F, 0x1E, 0x40, 0xCC, 0x96, 0xF6, 0x02, 0x42, /* ..@....B */
1242 0xD5, 0xB7, 0x80, 0x18, 0x41, 0xCE, 0xA6, 0xFC, /* ....A... */
1243 0x59, 0x2C, 0x5D, 0x3E, 0x1A, 0xE5, 0x07, 0x00, /* Y, ]>.... */
1244 0x58, 0x2A, 0x96, 0xCF, 0x35, 0xE1, 0xE5, 0x54, /* X...5..T */
1245 0x99, 0x5F, 0xE4, 0xE0, 0x33, 0x81, 0xC2, 0x37, /* ._..3..7 */
1246};
1247
1248static const uint8_t mac_data_sha512_key1[32] = {
1249 0x6B, 0x65, 0x79, /* key */
1250};
1251
1252static const uint8_t mac_data_sha512_in1[] = {
1253 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1254 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1255 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1256 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1257 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1258 0x64, 0x6F, 0x67, /* dog */
1259};
1260
1261static const uint8_t mac_data_sha512_out1[] = {
1262 0xB4, 0x2A, 0xF0, 0x90, 0x57, 0xBA, 0xC1, 0xE2, /* ....W... */
1263 0xD4, 0x17, 0x08, 0xE4, 0x8A, 0x90, 0x2E, 0x09, /* ........ */
1264 0xB5, 0xFF, 0x7F, 0x12, 0xAB, 0x42, 0x8A, 0x4F, /* .....B.O */
1265 0xE8, 0x66, 0x53, 0xC7, 0x3D, 0xD2, 0x48, 0xFB, /* .fS.=.H. */
1266 0x82, 0xF9, 0x48, 0xA5, 0x49, 0xF7, 0xB7, 0x91, /* ..H.I... */
1267 0xA5, 0xB4, 0x19, 0x15, 0xEE, 0x4D, 0x1E, 0xC3, /* .....M.. */
1268 0x93, 0x53, 0x57, 0xE4, 0xE2, 0x31, 0x72, 0x50, /* .SW..1rP */
1269 0xD0, 0x37, 0x2A, 0xFA, 0x2E, 0xBE, 0xEB, 0x3A, /* .7.....: */
1270};
1271
1272
1273/* AES-CBC-MAC */
1274static const uint8_t mac_cbc_vect1_key[] = {
1275 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1276 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1277};
1278
1279static const uint8_t mac_cbc_vect1_data[] = {
1280 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1281 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1282 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1283 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1284 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1285 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1286 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1287 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1288 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1289 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1290 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1291 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1292 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1293 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1294 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1295 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1296 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1297 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1298 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1299 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1300};
1301
1302static const uint8_t mac_cbc_vect1_out[] = {
1303 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1304 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1305};
1306
1307/* DES-CBC-MAC */
1308static const uint8_t mac_cbc_vect2_key[] = {
1309 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1310};
1311
1312#define mac_cbc_vect2_data mac_cbc_vect1_data
1313static const uint8_t mac_cbc_vect2_out[] = {
1314 0xE9, 0x41, 0x46, 0x30, 0x69, 0x32, 0xBD, 0xD6, /* .AF0i2.. */
1315};
1316
1317/* DES3-CBC-MAC */
1318static const uint8_t mac_cbc_vect3_key[] = {
1319 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1320 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1321 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1322};
1323
1324#define mac_cbc_vect3_data mac_cbc_vect2_data
1325static const uint8_t mac_cbc_vect3_out[] = {
1326 0x1C, 0x17, 0xB7, 0xB5, 0x9F, 0x54, 0x9C, 0x63, /* .....T.c */
1327};
1328
1329/* AES-CBC-MAC PKCS#5 pad*/
1330static const uint8_t mac_cbc_vect4_key[] = {
1331 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1332 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1333 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1334 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1335};
1336
1337#define mac_cbc_vect4_data mac_cbc_vect1_data
1338static const uint8_t mac_cbc_vect4_out[] = {
1339 0x0B, 0x46, 0xC7, 0xA2, 0xE1, 0x5A, 0xE2, 0x23, /* .F...Z.# */
1340 0x83, 0x34, 0x1C, 0x86, 0x53, 0xF8, 0x51, 0x24, /* .4..S.Q$ */
1341};
1342
1343/* DES-CBC-MAC PKCS#5 pad*/
1344static const uint8_t mac_cbc_vect5_key[] = {
1345 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1346};
1347
1348#define mac_cbc_vect5_data mac_cbc_vect1_data
1349static const uint8_t mac_cbc_vect5_out[] = {
1350 0x30, 0x81, 0x4F, 0x42, 0x03, 0x7E, 0xD8, 0xA9, /* 0.OB.~.. */
1351};
1352
1353/* DES3-CBC-MAC PKCS#5 pad*/
1354static const uint8_t mac_cbc_vect6_key[] = {
1355 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1356 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1357 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1358};
1359
1360#define mac_cbc_vect6_data mac_cbc_vect1_data
1361static const uint8_t mac_cbc_vect6_out[] = {
1362 0x6E, 0x37, 0x6E, 0x14, 0x5E, 0x21, 0xDD, 0xF8, /* n7n.^!.. */
1363};
1364
1365/* AES-CBC-MAC PKCS#5 pad*/
1366#define mac_cbc_vect7_key mac_cbc_vect4_key
1367static const uint8_t mac_cbc_vect7_data[] = {
1368 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1369 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1370 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1371 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1372 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1373 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1374 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1375 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1376 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1377 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1378 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1379 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1380 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1381 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1382 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1383 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1384 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1385 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1386 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1387 0x74, 0x69, 0x6F, 0x6E, 0x2E, /* tion. */
1388};
1389
1390static const uint8_t mac_cbc_vect7_out[] = {
1391 0xFD, 0x89, 0x35, 0xB3, 0x93, 0x7F, 0xBB, 0xA2, /* ..5..... */
1392 0xFB, 0x65, 0x60, 0xC4, 0x0A, 0x62, 0xA0, 0xF9, /* .e`..b.. */
1393};
1394
1395/* DES-CBC-MAC PKCS#5 pad*/
1396#define mac_cbc_vect8_key mac_cbc_vect5_key
1397#define mac_cbc_vect8_data mac_cbc_vect7_data
1398static const uint8_t mac_cbc_vect8_out[] = {
1399 0x02, 0x2A, 0xA8, 0x2E, 0x47, 0xC6, 0xBB, 0x7C, /* ....G..| */
1400};
1401
1402/* DES3-CBC-MAC PKCS#5 pad*/
1403#define mac_cbc_vect9_key mac_cbc_vect6_key
1404#define mac_cbc_vect9_data mac_cbc_vect7_data
1405static const uint8_t mac_cbc_vect9_out[] = {
1406 0xD4, 0xF7, 0x3E, 0x27, 0x78, 0x0E, 0x1C, 0x79, /* ..>'x..y */
1407};
1408
1409/*
Pascal Brand5c3d8092015-07-23 08:20:26 +0200[diff] [blame^]1410 * DES3-CBC-MAC, with key size of 112bit
1411 * out obtained with:
1412 * echo -n "Cipher block chaining (CBC) is a common chaining mode in which the previous block's ciphertext is xored with the current block's plaintext before encryption...."|openssl enc -iv 0 -des3 -K 303132333435363738394142434445463031323334353637 |xxd
1413 */
1414/* DES3-CBC-MAC PKCS#5 pad*/
1415static const uint8_t mac_cbc_vect10_key[] = {
1416 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1417 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1418};
1419#define mac_cbc_vect10_data mac_cbc_vect1_data
1420static const uint8_t mac_cbc_vect10_out[] = {
1421 0x30, 0x92, 0x60, 0x99, 0x66, 0xac, 0x8c, 0xa6,
1422};
1423
1424
1425/*
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1426 * AES-CMAC
1427 * Test vectors from
1428 * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
1429 */
1430
1431/* AES-128 */
1432static const uint8_t mac_cmac_vect1_key[] = {
1433 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1434 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
1435};
1436
1437static const uint8_t mac_cmac_vect1_out[] = {
1438 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
1439 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
1440};
1441
1442#define mac_cmac_vect2_key mac_cmac_vect1_key
1443static const uint8_t mac_cmac_vect2_data[] = {
1444 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1445 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1446};
1447
1448static const uint8_t mac_cmac_vect2_out[] = {
1449 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
1450 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
1451};
1452
1453#define mac_cmac_vect3_key mac_cmac_vect1_key
1454static const uint8_t mac_cmac_vect3_data[] = {
1455 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1456 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1457 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1458 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1459 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1460};
1461
1462static const uint8_t mac_cmac_vect3_out[] = {
1463 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
1464 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
1465};
1466
1467#define mac_cmac_vect4_key mac_cmac_vect1_key
1468static const uint8_t mac_cmac_vect4_data[] = {
1469 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1470 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1471 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1472 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1473 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1474 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1475 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1476 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1477};
1478
1479static const uint8_t mac_cmac_vect4_out[] = {
1480 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
1481 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
1482};
1483
1484/* AES-192 */
1485static const uint8_t mac_cmac_vect5_key[] = {
1486 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
1487 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
1488 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
1489};
1490
1491static const uint8_t mac_cmac_vect5_out[] = {
1492 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
1493 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
1494};
1495
1496
1497#define mac_cmac_vect6_key mac_cmac_vect5_key
1498static const uint8_t mac_cmac_vect6_data[] = {
1499 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1500 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1501};
1502
1503static const uint8_t mac_cmac_vect6_out[] = {
1504 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
1505 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
1506};
1507
1508#define mac_cmac_vect7_key mac_cmac_vect5_key
1509static const uint8_t mac_cmac_vect7_data[] = {
1510 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1511 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1512 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1513 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1514 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1515};
1516
1517static const uint8_t mac_cmac_vect7_out[] = {
1518 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
1519 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
1520};
1521
1522#define mac_cmac_vect8_key mac_cmac_vect5_key
1523static const uint8_t mac_cmac_vect8_data[] = {
1524 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1525 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1526 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1527 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1528 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1529 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1530 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1531 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1532};
1533
1534static const uint8_t mac_cmac_vect8_out[] = {
1535 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
1536 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
1537};
1538
1539/* AES-256 */
1540static const uint8_t mac_cmac_vect9_key[] = {
1541 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
1542 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
1543 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
1544 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
1545};
1546
1547static const uint8_t mac_cmac_vect9_out[] = {
1548 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
1549 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
1550};
1551
1552#define mac_cmac_vect10_key mac_cmac_vect9_key
1553static const uint8_t mac_cmac_vect10_data[] = {
1554 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1555 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1556};
1557
1558static const uint8_t mac_cmac_vect10_out[] = {
1559 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
1560 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
1561};
1562
1563#define mac_cmac_vect11_key mac_cmac_vect9_key
1564static const uint8_t mac_cmac_vect11_data[] = {
1565 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1566 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1567 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1568 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1569 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1570};
1571
1572static const uint8_t mac_cmac_vect11_out[] = {
1573 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
1574 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
1575};
1576
1577#define mac_cmac_vect12_key mac_cmac_vect9_key
1578static const uint8_t mac_cmac_vect12_data[] = {
1579 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1580 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1581 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1582 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1583 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1584 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1585 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1586 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1587};
1588
1589static const uint8_t mac_cmac_vect12_out[] = {
1590 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
1591 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
1592};
1593
1594struct xtest_mac_case {
1595 uint32_t algo;
1596 uint32_t key_type;
1597 const uint8_t *key;
1598 size_t key_len;
1599 size_t in_incr;
1600 const uint8_t *in;
1601 size_t in_len;
1602 const uint8_t *out;
1603 size_t out_len;
1604};
1605
1606#define XTEST_MAC_CASE(algo, key_type, key, in_incr, in, out) \
1607 { (algo), (key_type), (key), ARRAY_SIZE(key), \
1608 (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1609
1610#define XTEST_MAC_CBC_CASE(algo, key_type, vect, in_incr) \
1611 XTEST_MAC_CASE((algo), (key_type), \
1612 mac_cbc_ ## vect ## _key, (in_incr), \
1613 mac_cbc_ ## vect ## _data, mac_cbc_ ## vect ## _out)
1614
1615#define XTEST_MAC_CMAC_CASE(vect, in_incr) \
1616 XTEST_MAC_CASE(TEE_ALG_AES_CMAC, TEE_TYPE_AES, \
1617 mac_cmac_ ## vect ## _key, (in_incr), \
1618 mac_cmac_ ## vect ## _data, mac_cmac_ ## vect ## _out)
1619
1620static const struct xtest_mac_case mac_cases[] = {
1621 XTEST_MAC_CASE(TEE_ALG_HMAC_MD5, TEE_TYPE_HMAC_MD5,
1622 mac_data_md5_key1,
1623 4, mac_data_md5_in1, mac_data_md5_out1),
1624 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA1, TEE_TYPE_HMAC_SHA1,
1625 mac_data_sha1_key1,
1626 5, mac_data_sha1_in1, mac_data_sha1_out1),
1627 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA224, TEE_TYPE_HMAC_SHA224,
1628 mac_data_sha224_key1,
1629 8, mac_data_sha224_in1, mac_data_sha224_out1),
1630 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1631 mac_data_sha256_key1,
1632 1, mac_data_sha256_in1, mac_data_sha256_out1),
1633 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1634 mac_data_sha256_key2,
1635 7, mac_data_sha256_in2, mac_data_sha256_out2),
1636 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA384, TEE_TYPE_HMAC_SHA384,
1637 mac_data_sha384_key1,
1638 11, mac_data_sha384_in1, mac_data_sha384_out1),
1639 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA512, TEE_TYPE_HMAC_SHA512,
1640 mac_data_sha512_key1,
1641 13, mac_data_sha512_in1, mac_data_sha512_out1),
1642
1643 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_NOPAD, TEE_TYPE_AES, vect1, 14),
1644 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_NOPAD, TEE_TYPE_DES, vect2, 16),
1645 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_NOPAD, TEE_TYPE_DES3, vect3,
1646 17),
1647 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect4, 11),
1648 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect5, 9),
1649 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect6, 4),
1650 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect7, 3),
1651 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect8, 23),
1652 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect9,
1653 34),
Pascal Brand5c3d8092015-07-23 08:20:26 +0200[diff] [blame^]1654 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect10, 4),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1655
1656 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect1_key,
1657 ARRAY_SIZE(mac_cmac_vect1_key), 0, NULL, 0, mac_cmac_vect1_out,
1658 ARRAY_SIZE(mac_cmac_vect1_out) },
1659 XTEST_MAC_CMAC_CASE(vect2, 9),
1660 XTEST_MAC_CMAC_CASE(vect3, 9),
1661 XTEST_MAC_CMAC_CASE(vect4, 9),
1662 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect5_key,
1663 ARRAY_SIZE(mac_cmac_vect5_key), 0, NULL, 0, mac_cmac_vect5_out,
1664 ARRAY_SIZE(mac_cmac_vect5_out) },
1665 XTEST_MAC_CMAC_CASE(vect6, 9),
1666 XTEST_MAC_CMAC_CASE(vect7, 9),
1667 XTEST_MAC_CMAC_CASE(vect8, 9),
1668 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect9_key,
1669 ARRAY_SIZE(mac_cmac_vect9_key), 0, NULL, 0, mac_cmac_vect9_out,
1670 ARRAY_SIZE(mac_cmac_vect9_out) },
1671 XTEST_MAC_CMAC_CASE(vect10, 9),
1672 XTEST_MAC_CMAC_CASE(vect11, 9),
1673 XTEST_MAC_CMAC_CASE(vect12, 9),
1674};
1675
1676static void xtest_tee_test_4002(ADBG_Case_t *c)
1677{
1678 TEEC_Session session = { 0 };
1679 TEE_OperationHandle op1;
1680 TEE_OperationHandle op2;
1681 TEE_ObjectHandle key_handle;
1682 uint8_t out[64];
1683 size_t out_size;
1684 uint32_t ret_orig;
1685 size_t n;
1686
1687 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1688 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1689 &ret_orig)))
1690 return;
1691
1692 for (n = 0; n < ARRAY_SIZE(mac_cases); n++) {
1693 TEE_Attribute key_attr;
1694 size_t key_size;
1695
1696 Do_ADBG_BeginSubCase(c, "MAC case %d algo 0x%x",
1697 (int)n, (unsigned int)mac_cases[n].algo);
1698
1699 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
1700 key_attr.content.ref.buffer = (void *)mac_cases[n].key;
1701 key_attr.content.ref.length = mac_cases[n].key_len;
1702
1703 key_size = key_attr.content.ref.length * 8;
1704 if (mac_cases[n].key_type == TEE_TYPE_DES ||
1705 mac_cases[n].key_type == TEE_TYPE_DES3)
1706 /* Exclude parity in bit size of key */
1707 key_size -= key_size / 8;
1708
1709 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1710 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1711 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1712 goto out;
1713
1714 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1715 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1716 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1717 goto out;
1718
1719 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1720 ta_crypt_cmd_allocate_transient_object(c, &session,
1721 mac_cases[n].key_type, key_size, &key_handle)))
1722 goto out;
1723
1724 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1725 ta_crypt_cmd_populate_transient_object(c, &session,
1726 key_handle, &key_attr, 1)))
1727 goto out;
1728
1729 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1730 ta_crypt_cmd_set_operation_key(c, &session, op1,
1731 key_handle)))
1732 goto out;
1733
1734 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1735 ta_crypt_cmd_free_transient_object(c, &session,
1736 key_handle)))
1737 goto out;
1738
1739 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1740 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1741 goto out;
1742
1743 if (mac_cases[n].in != NULL) {
1744 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1745 ta_crypt_cmd_mac_update(c, &session, op1,
1746 mac_cases[n].in, mac_cases[n].in_incr)))
1747 goto out;
1748 }
1749
1750 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1751 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1752 goto out;
1753
1754 out_size = sizeof(out);
1755 memset(out, 0, sizeof(out));
1756 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1757 ta_crypt_cmd_mac_final_compute(c, &session, op2,
1758 mac_cases[n].in + mac_cases[n].in_incr,
1759 mac_cases [n].in_len - mac_cases[n].in_incr,
1760 out, &out_size)))
1761 goto out;
1762
1763 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1764 mac_cases[n].out_len, out, out_size);
1765
1766 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1767 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1768 goto out;
1769
1770 out_size = sizeof(out);
1771 memset(out, 0, sizeof(out));
1772 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1773 ta_crypt_cmd_mac_final_compute(c, &session, op1,
1774 mac_cases[n].in, mac_cases[n].in_len, out,
1775 &out_size)))
1776 goto out;
1777
1778 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1779 mac_cases[n].out_len, out, out_size);
1780
1781 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1782 ta_crypt_cmd_free_operation(c, &session, op1)))
1783 goto out;
1784
1785 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1786 ta_crypt_cmd_free_operation(c, &session, op2)))
1787 goto out;
1788
1789 Do_ADBG_EndSubCase(c, NULL);
1790 }
1791out:
1792 TEEC_CloseSession(&session);
1793}
1794
1795/* generated with scripts/crypt_aes_cbc_nopad.pl */
1796static const uint8_t ciph_data_aes_key1[] = {
1797 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1798 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1799};
1800
1801static const uint8_t ciph_data_des_key1[] = {
1802 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 /* 01234567 */
1803};
1804
1805static const uint8_t ciph_data_des_key2[] = {
1806 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1807};
1808
1809
1810static const uint8_t ciph_data_des3_key1[] = {
1811 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1812 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1813 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1814};
1815
1816static const uint8_t ciph_data_des3_key2[] = {
1817 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1818 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1819 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1820};
1821
1822static const uint8_t ciph_data_des2_key1[] = {
1823 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1824 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1825};
1826
1827static const uint8_t ciph_data_in1[] = {
1828 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1829 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1830 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1831 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1832 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1833 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, /* CDEF0123 */
1834};
1835
1836static const uint8_t ciph_data_in3[] = {
1837 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1838 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1839 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1840 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1841 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1842 0x43, 0x44, 0x45, 0x46, 0x30, /* CDEF0 */
1843};
1844
1845static const uint8_t ciph_data_128_iv1[] = {
1846 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1847 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, /* 9ABCDEF0 */
1848};
1849
1850static const uint8_t ciph_data_64_iv1[] = {
1851 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1852};
1853
1854static const uint8_t ciph_data_in2[] = {
1855 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
1856};
1857
1858static const uint8_t ciph_data_aes_ecb_nopad_out1[] = {
1859 0xA5, 0xBE, 0x14, 0xD5, 0x01, 0x05, 0x24, 0x48, /* ......$H */
1860 0x58, 0x1A, 0x6B, 0x82, 0xD4, 0x41, 0xD2, 0xB3, /* X.k..A.. */
1861 0xBB, 0xF9, 0xAE, 0x37, 0x94, 0xAC, 0x18, 0x50, /* ...7...P */
1862 0x87, 0x09, 0xCC, 0x3F, 0x43, 0xD2, 0xC2, 0xB7, /* ...?C... */
1863 0xD7, 0x6F, 0x84, 0x07, 0xB4, 0x78, 0xCE, 0x34, /* .o...x.4 */
1864 0x48, 0xC9, 0x16, 0x86, 0x42, 0xB8, 0xFF, 0xCF, /* H...B... */
1865};
1866
1867static const uint8_t ciph_data_aes_cbc_nopad_out1[] = {
1868 0x8D, 0x9F, 0x88, 0xD8, 0xAF, 0x9F, 0xC1, 0x3B, /* .......; */
1869 0x02, 0x15, 0x43, 0x6A, 0x8C, 0x1E, 0x34, 0x5C, /* ..Cj..4\ */
1870 0x83, 0xF4, 0x85, 0x3E, 0x43, 0x0F, 0xE5, 0x5F, /* ...>C.._ */
1871 0x81, 0x4C, 0xC0, 0x28, 0x3F, 0xD9, 0x98, 0x53, /* .L.(?..S */
1872 0xB1, 0x44, 0x51, 0x38, 0x21, 0xAB, 0x10, 0xCE, /* .DQ8!... */
1873 0xC2, 0xEC, 0x65, 0x54, 0xDD, 0x5C, 0xEA, 0xDC, /* ..eT.\.. */
1874};
1875
1876static const uint8_t ciph_data_aes_ctr_out1[] = {
1877 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1878 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1879 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1880 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1881 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1882 0x72, 0x0E, 0x3C, 0xD1, 0xA1, 0x2F, 0x5D, 0x33, /* r.<../]3 */
1883};
1884
1885static const uint8_t ciph_data_aes_ctr_out2[] = {
1886 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1887 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1888 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1889 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1890 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1891 0x72, 0x0E, 0x3C, 0xD1, 0xA1, /* r.<.. */
1892};
1893
1894static const uint8_t ciph_data_aes_cbc_vect1_key[] = {
1895 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1896 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1897};
1898
1899static const uint8_t ciph_data_aes_cbc_vect1_iv[] = {
1900 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1901 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1902};
1903
1904static const uint8_t ciph_data_aes_cbc_vect1_ptx[] = {
1905 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1906 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1907 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1908 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1909 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1910 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1911 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1912 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1913 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1914 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1915 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1916 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1917 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1918 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1919 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1920 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1921 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1922 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1923 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1924 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1925};
1926
1927static const uint8_t ciph_data_aes_cbc_vect1_ctx[] = {
1928 0xDD, 0x16, 0xC3, 0x47, 0x69, 0xEC, 0xF5, 0x86, /* ...Gi... */
1929 0x20, 0xB4, 0xF7, 0xE3, 0xB9, 0x36, 0xE8, 0xAC, /* ....6.. */
1930 0xC9, 0xA2, 0x11, 0x71, 0x3B, 0x10, 0x9D, 0x45, /* ...q;..E */
1931 0xCA, 0xE2, 0x49, 0xA6, 0x4E, 0x56, 0x07, 0xC5, /* ..I.NV.. */
1932 0xCE, 0xA3, 0x14, 0xB5, 0x30, 0x1B, 0x63, 0xBB, /* ....0.c. */
1933 0x2D, 0x6F, 0xE9, 0xCA, 0x0B, 0x00, 0x31, 0x3F, /* -o....1? */
1934 0xA4, 0x9A, 0x39, 0xE1, 0xC8, 0xD2, 0x24, 0x95, /* ..9...$. */
1935 0x14, 0xE9, 0xD2, 0x43, 0xE8, 0xA8, 0x1E, 0x0A, /* ...C.... */
1936 0xFE, 0x9D, 0x4F, 0xF5, 0xBB, 0x16, 0xB9, 0x54, /* ..O....T */
1937 0x78, 0x07, 0x94, 0x05, 0x8E, 0x47, 0xC3, 0xCB, /* x....G.. */
1938 0x7C, 0xEC, 0xF4, 0xF8, 0xF2, 0xA4, 0x59, 0x6E, /* |.....Yn */
1939 0xED, 0xAD, 0x7F, 0x62, 0xAF, 0x89, 0xA8, 0x5B, /* ...b...[ */
1940 0x75, 0xD4, 0x73, 0xE3, 0xBA, 0x9F, 0x9A, 0xD2, /* u.s..... */
1941 0x0F, 0xFD, 0x3C, 0xE6, 0xC6, 0xA4, 0xD6, 0x6C, /* ..<....l */
1942 0x6A, 0x09, 0xE2, 0x16, 0xB0, 0x8C, 0x69, 0x3C, /* j.....i< */
1943 0xC8, 0x1C, 0xE4, 0x3E, 0x86, 0x4D, 0xB0, 0x2B, /* ...>.M.+ */
1944 0x29, 0xA0, 0x5A, 0xA3, 0x67, 0xBA, 0xDC, 0x11, /* ).Z.g... */
1945 0x08, 0x5E, 0x69, 0xB4, 0x6F, 0xA5, 0xE2, 0xB8, /* .^i.o... */
1946 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1947 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1948};
1949
1950/* AES-CTS test vectors from http://tools.ietf.org/html/rfc3962
1951 * and http://tools.ietf.org/html/draft-raeburn-krb-rijndael-krb-02 */
1952static const uint8_t ciph_data_aes_cts_vect1_key[] = {
1953 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
1954 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
1955};
1956
1957static const uint8_t ciph_data_aes_cts_vect1_iv[16] = {
1958 0x00
1959};
1960
1961static const uint8_t ciph_data_aes_cts_vect1_ptx[] = {
1962 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1963 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1964 0x20
1965};
1966
1967static const uint8_t ciph_data_aes_cts_vect1_ctx[] = {
1968 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
1969 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
1970 0x97
1971};
1972
1973#define ciph_data_aes_cts_vect2_key ciph_data_aes_cts_vect1_key
1974#define ciph_data_aes_cts_vect2_iv ciph_data_aes_cts_vect1_iv
1975static const uint8_t ciph_data_aes_cts_vect2_ptx[] = {
1976 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1977 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1978 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1979 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
1980};
1981
1982static const uint8_t ciph_data_aes_cts_vect2_ctx[] = {
1983 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
1984 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
1985 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1986 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
1987};
1988
1989#define ciph_data_aes_cts_vect3_key ciph_data_aes_cts_vect1_key
1990#define ciph_data_aes_cts_vect3_iv ciph_data_aes_cts_vect1_iv
1991static const uint8_t ciph_data_aes_cts_vect3_ptx[] = {
1992 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1993 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1994 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1995 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1996};
1997
1998static const uint8_t ciph_data_aes_cts_vect3_ctx[] = {
1999 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2000 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2001 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2002 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2003};
2004
2005#define ciph_data_aes_cts_vect4_key ciph_data_aes_cts_vect1_key
2006#define ciph_data_aes_cts_vect4_iv ciph_data_aes_cts_vect1_iv
2007static const uint8_t ciph_data_aes_cts_vect4_ptx[] = {
2008 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2009 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2010 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2011 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2012 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2013 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c,
2014};
2015
2016static const uint8_t ciph_data_aes_cts_vect4_ctx[] = {
2017 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2018 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2019 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
2020 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
2021 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2022 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5,
2023};
2024
2025#define ciph_data_aes_cts_vect5_key ciph_data_aes_cts_vect1_key
2026#define ciph_data_aes_cts_vect5_iv ciph_data_aes_cts_vect1_iv
2027static const uint8_t ciph_data_aes_cts_vect5_ptx[] = {
2028 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2029 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2030 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2031 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2032 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2033 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2034};
2035
2036static const uint8_t ciph_data_aes_cts_vect5_ctx[] = {
2037 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2038 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2039 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2040 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2041 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2042 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2043};
2044
2045#define ciph_data_aes_cts_vect6_key ciph_data_aes_cts_vect1_key
2046#define ciph_data_aes_cts_vect6_iv ciph_data_aes_cts_vect1_iv
2047static const uint8_t ciph_data_aes_cts_vect6_ptx[] = {
2048 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2049 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2050 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2051 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2052 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2053 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2054 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
2055 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e,
2056};
2057
2058static const uint8_t ciph_data_aes_cts_vect6_ctx[] = {
2059 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2060 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2061 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2062 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2063 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
2064 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
2065 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2066 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2067};
2068
2069static const uint8_t ciph_data_des_ecb_nopad_out1[] = {
2070 0x46, 0x2B, 0x91, 0xA8, 0x55, 0xE6, 0x7E, 0x75, /* F+..U.~u */
2071 0x5E, 0x53, 0xF4, 0x8F, 0x29, 0x41, 0x4E, 0xEF, /* ^S..)AN. */
2072 0x32, 0x1B, 0x58, 0x42, 0x9B, 0xB4, 0x3A, 0x1F, /* 2.XB..:. */
2073 0x9A, 0xEA, 0xA4, 0xB4, 0xCD, 0xE9, 0x87, 0x7C, /* .......| */
2074 0xC0, 0x05, 0x34, 0xED, 0x86, 0x3C, 0x2A, 0x81, /* ..4..<.. */
2075 0x5E, 0x93, 0x0E, 0x86, 0xA9, 0xBB, 0x80, 0xFF, /* ^....... */
2076};
2077
2078static const uint8_t ciph_data_des_ecb_nopad_out2[] = {
2079 0x85, 0xE8, 0x13, 0x54, 0x0F, 0x0A, 0xB4, 0x05
2080};
2081
2082static const uint8_t ciph_data_des_cbc_nopad_out1[] = {
2083 0xAD, 0xD6, 0xD6, 0x3E, 0x88, 0xD0, 0xDD, 0xD4, /* ...>.... */
2084 0x9A, 0x93, 0x95, 0xA0, 0x86, 0x22, 0x5B, 0x9E, /* ....."[. */
2085 0x84, 0x0C, 0x6F, 0x12, 0x04, 0x11, 0x6F, 0xD4, /* ..o...o. */
2086 0x12, 0x29, 0xC6, 0x78, 0x0C, 0xFB, 0x58, 0x5B, /* .).x..X[ */
2087 0x66, 0x82, 0x0E, 0x52, 0xDC, 0x25, 0x16, 0x51, /* f..R.%.Q */
2088 0x69, 0xDF, 0xFE, 0x4E, 0x11, 0x1D, 0x9D, 0x08, /* i..N.... */
2089};
2090
2091static const uint8_t ciph_data_des3_ecb_nopad_out1[] = {
2092 0xA7, 0x46, 0xEC, 0xA8, 0x6A, 0x7F, 0x4A, 0xF1, /* .F..j.J. */
2093 0x44, 0x60, 0x37, 0x3B, 0x7F, 0x76, 0xE5, 0xFF, /* D`7;.v.. */
2094 0xC1, 0xE7, 0xA5, 0x04, 0x9C, 0x29, 0x5C, 0xA5, /* .....)\. */
2095 0xDD, 0xC8, 0xEE, 0x36, 0x1F, 0x48, 0xE0, 0xA9, /* ...6.H.. */
2096 0x82, 0x2D, 0x53, 0x84, 0x49, 0x69, 0x78, 0xFA, /* .-S.Iix. */
2097 0x23, 0x69, 0x1D, 0xF7, 0x08, 0x38, 0x44, 0x05, /* #i...8D. */
2098};
2099
2100static const uint8_t ciph_data_des3_cbc_nopad_out1[] = {
2101 0x18, 0x09, 0xEB, 0x98, 0xE4, 0x58, 0x72, 0x11, /* .....Xr. */
2102 0x30, 0x58, 0xAB, 0x38, 0xB0, 0xC9, 0x2B, 0xED, /* 0X.8..+. */
2103 0xDA, 0xC5, 0xE8, 0xA9, 0xF6, 0x8A, 0xA7, 0x80, /* ........ */
2104 0xBE, 0x54, 0x1F, 0x63, 0xF6, 0xEE, 0xA2, 0x4C, /* .T.c...L */
2105 0x7C, 0xEB, 0x84, 0x7D, 0xDA, 0xCA, 0x1E, 0xB2, /* |..}.... */
2106 0xED, 0x5E, 0x96, 0xB8, 0x01, 0x4B, 0x77, 0x02, /* .^...Kw. */
2107};
2108
2109static const uint8_t ciph_data_des2_ecb_nopad_out1[] = {
2110 0xAB, 0x12, 0xB6, 0xE2, 0x4A, 0x3A, 0x26, 0x14, /* ....J:&. */
2111 0xF0, 0x7D, 0x23, 0xD0, 0x55, 0xDF, 0x5C, 0x16, /* .}#.U.\. */
2112 0x43, 0x59, 0x1E, 0x44, 0x01, 0x76, 0xD7, 0x50, /* CY.D.v.P */
2113 0x44, 0xC0, 0x15, 0xDF, 0x2E, 0x7F, 0x8B, 0xC5, /* D....... */
2114 0xFF, 0x8B, 0x87, 0xFE, 0x33, 0xD7, 0xCB, 0x2C, /* ....3.., */
2115 0xDA, 0x79, 0x6F, 0xA4, 0x05, 0x2B, 0x30, 0xCE, /* .yo..+0. */
2116};
2117
2118static const uint8_t ciph_data_des2_cbc_nopad_out1[] = {
2119 0x47, 0x2F, 0xB1, 0x83, 0xC4, 0xBB, 0x93, 0x16, /* G/...... */
2120 0x73, 0xF9, 0xAD, 0x6F, 0x00, 0xF9, 0xCB, 0x4A, /* s..o...J */
2121 0x0F, 0x4F, 0x75, 0x75, 0xFB, 0x39, 0x0B, 0xFC, /* .Ouu.9.. */
2122 0x9F, 0x48, 0x52, 0xAD, 0xA2, 0x75, 0x2C, 0xF1, /* .HR..u, . */
2123 0x7D, 0xC3, 0x8F, 0x16, 0xCF, 0xC9, 0x76, 0x29, /* }.....v) */
2124 0x1A, 0xBF, 0xB3, 0xD9, 0x10, 0x7E, 0xAA, 0x49, /* .....~.I */
2125};
2126
2127struct xtest_ciph_case {
2128 uint32_t algo;
2129 uint32_t mode;
2130 uint32_t key_type;
2131 const uint8_t *key1;
2132 size_t key1_len;
2133 const uint8_t *key2;
2134 size_t key2_len;
2135 const uint8_t *iv;
2136 size_t iv_len;
2137 size_t in_incr;
2138 const uint8_t *in;
2139 size_t in_len;
2140 const uint8_t *out;
2141 size_t out_len;
2142 size_t line;
2143};
2144
2145#define XTEST_CIPH_CASE_NO_IV(algo, key_type, key, in_incr, ptx, ctx) \
2146 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2147 NULL, 0, NULL, 0, \
2148 (in_incr), (ptx), ARRAY_SIZE(ptx), (ctx), ARRAY_SIZE(ctx), \
2149 __LINE__ }, \
2150 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2151 NULL, 0, NULL, 0, \
2152 (in_incr), (ctx), ARRAY_SIZE(ctx), (ptx), ARRAY_SIZE(ptx), __LINE__ }
2153
2154#define XTEST_CIPH_CASE(algo, key_type, key, iv, in_incr, ptx, ctx) \
2155 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2156 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ptx), ARRAY_SIZE(ptx), \
2157 (ctx), ARRAY_SIZE(ctx), __LINE__ }, \
2158 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2159 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ctx), ARRAY_SIZE(ctx), \
2160 (ptx), ARRAY_SIZE(ptx), __LINE__ }
2161
2162#define XTEST_CIPH_CASE_AES_XTS(vect, in_incr) \
2163 { TEE_ALG_AES_XTS, TEE_MODE_ENCRYPT, TEE_TYPE_AES, \
2164 ciph_data_aes_xts_ ## vect ## _key1, \
2165 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2166 ciph_data_aes_xts_ ## vect ## _key2, \
2167 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2168 ciph_data_aes_xts_ ## vect ## _iv, \
2169 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2170 (in_incr), \
2171 ciph_data_aes_xts_ ## vect ## _ptx, \
2172 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), \
2173 ciph_data_aes_xts_ ## vect ## _ctx, \
2174 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), __LINE__ }, \
2175 { TEE_ALG_AES_XTS, TEE_MODE_DECRYPT, TEE_TYPE_AES, \
2176 ciph_data_aes_xts_ ## vect ## _key1, \
2177 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2178 ciph_data_aes_xts_ ## vect ## _key2, \
2179 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2180 ciph_data_aes_xts_ ## vect ## _iv, \
2181 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2182 (in_incr), \
2183 ciph_data_aes_xts_ ## vect ## _ctx, \
2184 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), \
2185 ciph_data_aes_xts_ ## vect ## _ptx, \
2186 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), __LINE__ }
2187
2188#define XTEST_CIPH_CASE_AES_CBC(vect, in_incr) \
2189 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES, \
2190 ciph_data_aes_cbc_ ## vect ## _key, \
2191 ciph_data_aes_cbc_ ## vect ## _iv, \
2192 (in_incr), ciph_data_aes_cbc_ ## vect ## _ptx, \
2193 ciph_data_aes_cbc_ ## vect ## _ctx)
2194
2195#define XTEST_CIPH_CASE_AES_CTS(vect, in_incr) \
2196 XTEST_CIPH_CASE(TEE_ALG_AES_CTS, TEE_TYPE_AES, \
2197 ciph_data_aes_cts_ ## vect ## _key, \
2198 ciph_data_aes_cts_ ## vect ## _iv, \
2199 (in_incr), ciph_data_aes_cts_ ## vect ## _ptx, \
2200 ciph_data_aes_cts_ ## vect ## _ctx)
2201
2202static const struct xtest_ciph_case ciph_cases[] = {
2203 /* AES */
2204 XTEST_CIPH_CASE_NO_IV(TEE_ALG_AES_ECB_NOPAD, TEE_TYPE_AES,
2205 ciph_data_aes_key1, 11, ciph_data_in1,
2206 ciph_data_aes_ecb_nopad_out1),
2207 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES,
2208 ciph_data_aes_key1, ciph_data_128_iv1, 11,
2209 ciph_data_in1,
2210 ciph_data_aes_cbc_nopad_out1),
2211 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2212 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2213 ciph_data_in1,
2214 ciph_data_aes_ctr_out1),
2215 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2216 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2217 ciph_data_in3,
2218 ciph_data_aes_ctr_out2),
2219
2220 XTEST_CIPH_CASE_AES_CBC(vect1, 11),
2221
2222 /* AES-CTS */
2223 XTEST_CIPH_CASE_AES_CTS(vect1, 13),
2224 XTEST_CIPH_CASE_AES_CTS(vect2, 14),
2225 XTEST_CIPH_CASE_AES_CTS(vect3, 11),
2226 XTEST_CIPH_CASE_AES_CTS(vect4, 9),
2227 XTEST_CIPH_CASE_AES_CTS(vect5, 7),
2228 XTEST_CIPH_CASE_AES_CTS(vect6, 17),
2229 XTEST_CIPH_CASE_AES_CTS(vect6, 0x20),
2230
2231 /* DES */
2232 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2233 ciph_data_des_key1, 14, ciph_data_in1,
2234 ciph_data_des_ecb_nopad_out1),
2235 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2236 ciph_data_des_key2, 3, ciph_data_in2,
2237 ciph_data_des_ecb_nopad_out2),
2238 XTEST_CIPH_CASE(TEE_ALG_DES_CBC_NOPAD, TEE_TYPE_DES,
2239 ciph_data_des_key1, ciph_data_64_iv1, 15, ciph_data_in1,
2240 ciph_data_des_cbc_nopad_out1),
2241
2242 /* DES3 */
2243 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2244 ciph_data_des3_key1, 11, ciph_data_in1,
2245 ciph_data_des3_ecb_nopad_out1),
2246 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2247 ciph_data_des3_key2, 3, ciph_data_in2,
2248 ciph_data_des_ecb_nopad_out2),
2249 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2250 ciph_data_des3_key1, ciph_data_64_iv1, 11,
2251 ciph_data_in1,
2252 ciph_data_des3_cbc_nopad_out1),
2253
2254 /* DES2 */
2255 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2256 ciph_data_des2_key1, 11, ciph_data_in1,
2257 ciph_data_des2_ecb_nopad_out1),
2258 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2259 ciph_data_des2_key1, ciph_data_64_iv1, 11,
2260 ciph_data_in1,
2261 ciph_data_des2_cbc_nopad_out1),
2262};
2263
2264static const struct xtest_ciph_case ciph_cases_xts[] = {
2265 /* AES-XTS */
2266 XTEST_CIPH_CASE_AES_XTS(vect1, 3),
2267 XTEST_CIPH_CASE_AES_XTS(vect2, 6),
2268 XTEST_CIPH_CASE_AES_XTS(vect3, 7),
2269 XTEST_CIPH_CASE_AES_XTS(vect4, 8),
2270 XTEST_CIPH_CASE_AES_XTS(vect5, 9),
2271 XTEST_CIPH_CASE_AES_XTS(vect6, 13),
2272 XTEST_CIPH_CASE_AES_XTS(vect7, 1),
2273 XTEST_CIPH_CASE_AES_XTS(vect8, 3),
2274 XTEST_CIPH_CASE_AES_XTS(vect9, 2),
2275 XTEST_CIPH_CASE_AES_XTS(vect10, 5),
2276 XTEST_CIPH_CASE_AES_XTS(vect11, 6),
2277 XTEST_CIPH_CASE_AES_XTS(vect12, 7),
2278 XTEST_CIPH_CASE_AES_XTS(vect13, 3),
2279 XTEST_CIPH_CASE_AES_XTS(vect14, 2),
2280 XTEST_CIPH_CASE_AES_XTS(vect15, 0),
2281 XTEST_CIPH_CASE_AES_XTS(vect16, 9),
2282 XTEST_CIPH_CASE_AES_XTS(vect17, 6),
2283 XTEST_CIPH_CASE_AES_XTS(vect18, 8),
2284 XTEST_CIPH_CASE_AES_XTS(vect19, 23),
2285};
2286
2287static void xtest_tee_test_4003_no_xts(ADBG_Case_t *c)
2288{
2289 TEEC_Session session = { 0 };
2290 TEE_OperationHandle op;
2291 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2292 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2293 uint8_t out[2048];
2294 size_t out_size;
2295 size_t out_offs;
2296 uint32_t ret_orig;
2297 size_t n;
2298
2299 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2300 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2301 &ret_orig)))
2302 return;
2303
2304 for (n = 0; n < ARRAY_SIZE(ciph_cases); n++) {
2305 TEE_Attribute key_attr;
2306 size_t key_size;
2307 size_t op_key_size;
2308
2309
2310 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2311 (int)n, (unsigned int)ciph_cases[n].algo,
2312 (int)ciph_cases[n].line);
2313
2314 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2315 key_attr.content.ref.buffer = (void *)ciph_cases[n].key1;
2316 key_attr.content.ref.length = ciph_cases[n].key1_len;
2317
2318 key_size = key_attr.content.ref.length * 8;
2319 if (ciph_cases[n].key_type == TEE_TYPE_DES ||
2320 ciph_cases[n].key_type == TEE_TYPE_DES3)
2321 /* Exclude parity in bit size of key */
2322 key_size -= key_size / 8;
2323
2324 op_key_size = key_size;
2325 if (ciph_cases[n].key2 != NULL)
2326 op_key_size *= 2;
2327
2328 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2329 ta_crypt_cmd_allocate_operation(c, &session, &op,
2330 ciph_cases[n].algo, ciph_cases[n].mode,
2331 op_key_size)))
2332 goto out;
2333
2334 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2335 ta_crypt_cmd_allocate_transient_object(c, &session,
2336 ciph_cases[n].key_type, key_size,
2337 &key1_handle)))
2338 goto out;
2339
2340 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2341 ta_crypt_cmd_populate_transient_object(c, &session,
2342 key1_handle, &key_attr, 1)))
2343 goto out;
2344
2345 if (ciph_cases[n].key2 != NULL) {
2346 key_attr.content.ref.buffer =
2347 (void *)ciph_cases[n].key2;
2348 key_attr.content.ref.length = ciph_cases[n].key2_len;
2349
2350 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2351 ta_crypt_cmd_allocate_transient_object(c,
2352 &session, ciph_cases[n].key_type,
2353 key_attr.content.ref.length * 8,
2354 &key2_handle)))
2355 goto out;
2356
2357 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2358 ta_crypt_cmd_populate_transient_object(c,
2359 &session, key2_handle, &key_attr, 1)))
2360 goto out;
2361
2362 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2363 ta_crypt_cmd_set_operation_key2(c, &session, op,
2364 key1_handle, key2_handle)))
2365 goto out;
2366 } else {
2367 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2368 ta_crypt_cmd_set_operation_key(c, &session, op,
2369 key1_handle)))
2370 goto out;
2371 }
2372
2373 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2374 ta_crypt_cmd_free_transient_object(c, &session,
2375 key1_handle)))
2376 goto out;
2377 key1_handle = TEE_HANDLE_NULL;
2378
2379 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2380 ta_crypt_cmd_free_transient_object(c, &session,
2381 key2_handle)))
2382 goto out;
2383 key2_handle = TEE_HANDLE_NULL;
2384
2385 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2386 ta_crypt_cmd_cipher_init(c, &session, op,
2387 ciph_cases[n].iv, ciph_cases[n].iv_len)))
2388 goto out;
2389
2390 out_offs = 0;
2391 out_size = sizeof(out);
2392 memset(out, 0, sizeof(out));
2393 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2394 ta_crypt_cmd_cipher_update(c, &session, op,
2395 ciph_cases[n].in, ciph_cases[n].in_incr, out,
2396 &out_size)))
2397 goto out;
2398
2399 out_offs += out_size;
2400 out_size = sizeof(out) - out_offs;
2401
2402 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2403 ta_crypt_cmd_cipher_do_final(c, &session, op,
2404 ciph_cases[n].in + ciph_cases[n].in_incr,
2405 ciph_cases[n].in_len - ciph_cases[n].in_incr,
2406 out + out_offs,
2407 &out_size)))
2408 goto out;
2409
2410 out_offs += out_size;
2411
2412 (void)ADBG_EXPECT_BUFFER(c, ciph_cases[n].out,
2413 ciph_cases[n].out_len, out, out_offs);
2414
2415 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2416 ta_crypt_cmd_free_operation(c, &session, op)))
2417 goto out;
2418
2419 Do_ADBG_EndSubCase(c, NULL);
2420 }
2421out:
2422 TEEC_CloseSession(&session);
2423}
2424
2425/*
2426 * This is a split of the original xtest 4003 as eary version of the ST TEE.
2427 *
2428 * Core did not support xts.
2429 */
2430static void xtest_tee_test_4003_xts(ADBG_Case_t *c)
2431{
2432 TEEC_Session session = { 0 };
2433 TEE_OperationHandle op;
2434 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2435 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2436 uint8_t out[2048];
2437 size_t out_size;
2438 size_t out_offs;
2439 uint32_t ret_orig;
2440 size_t n;
2441
2442 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2443 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2444 &ret_orig)))
2445 return;
2446
2447 for (n = 0; n < ARRAY_SIZE(ciph_cases_xts); n++) {
2448 TEE_Attribute key_attr;
2449 size_t key_size;
2450 size_t op_key_size;
2451
2452 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2453 (int)n,
2454 (unsigned int)ciph_cases_xts[n].algo,
2455 (int)ciph_cases_xts[n].line);
2456
2457 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2458 key_attr.content.ref.buffer = (void *)ciph_cases_xts[n].key1;
2459 key_attr.content.ref.length = ciph_cases_xts[n].key1_len;
2460
2461 key_size = key_attr.content.ref.length * 8;
2462 if (ciph_cases_xts[n].key_type == TEE_TYPE_DES ||
2463 ciph_cases_xts[n].key_type == TEE_TYPE_DES3)
2464 /* Exclude parity in bit size of key */
2465 key_size -= key_size / 8;
2466
2467 op_key_size = key_size;
2468 if (ciph_cases_xts[n].key2 != NULL)
2469 op_key_size *= 2;
2470
2471 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2472 ta_crypt_cmd_allocate_operation(c, &session, &op,
2473 ciph_cases_xts[n].algo, ciph_cases_xts[n].mode,
2474 op_key_size)))
2475 goto out;
2476
2477 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2478 ta_crypt_cmd_allocate_transient_object(c, &session,
2479 ciph_cases_xts[n].key_type, key_size,
2480 &key1_handle)))
2481 goto out;
2482
2483 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2484 ta_crypt_cmd_populate_transient_object(c, &session,
2485 key1_handle, &key_attr, 1)))
2486 goto out;
2487
2488 if (ciph_cases_xts[n].key2 != NULL) {
2489 key_attr.content.ref.buffer =
2490 (void *)ciph_cases_xts[n].key2;
2491
2492 key_attr.content.ref.length =
2493 ciph_cases_xts[n].key2_len;
2494
2495 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2496 ta_crypt_cmd_allocate_transient_object(c,
2497 &session, ciph_cases_xts[n].key_type,
2498 key_attr.content.ref.length * 8,
2499 &key2_handle)))
2500 goto out;
2501
2502 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2503 ta_crypt_cmd_populate_transient_object(c,
2504 &session, key2_handle, &key_attr, 1)))
2505 goto out;
2506
2507 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2508 ta_crypt_cmd_set_operation_key2(c, &session, op,
2509 key1_handle, key2_handle)))
2510 goto out;
2511 } else {
2512 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2513 ta_crypt_cmd_set_operation_key(c, &session, op,
2514 key1_handle)))
2515 goto out;
2516 }
2517
2518 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2519 ta_crypt_cmd_free_transient_object(c, &session,
2520 key1_handle)))
2521 goto out;
2522
2523 key1_handle = TEE_HANDLE_NULL;
2524
2525 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2526 ta_crypt_cmd_free_transient_object(c, &session,
2527 key2_handle)))
2528 goto out;
2529
2530 key2_handle = TEE_HANDLE_NULL;
2531
2532 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_cipher_init(c,
2533 &
2534 session,
2535 op,
2536 ciph_cases_xts
2537 [n].iv, ciph_cases_xts[n].iv_len)))
2538 goto out;
2539
2540 out_offs = 0;
2541 out_size = sizeof(out);
2542 memset(out, 0, sizeof(out));
2543 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2544 ta_crypt_cmd_cipher_update(c, &session, op,
2545 ciph_cases_xts[n].in, ciph_cases_xts[n].in_incr,
2546 out, &out_size)))
2547 goto out;
2548
2549 out_offs += out_size;
2550 out_size = sizeof(out) - out_offs;
2551
2552 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2553 ta_crypt_cmd_cipher_do_final(c, &session, op,
2554 ciph_cases_xts[n].in +
2555 ciph_cases_xts[n].in_incr,
2556 ciph_cases_xts[n].in_len -
2557 ciph_cases_xts[n].in_incr,
2558 out + out_offs,
2559 &out_size)))
2560 goto out;
2561 out_offs += out_size;
2562
2563 (void)ADBG_EXPECT_BUFFER(c, ciph_cases_xts[n].out,
2564 ciph_cases_xts[n].out_len, out,
2565 out_offs);
2566
2567 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2568 ta_crypt_cmd_free_operation(c, &session, op)))
2569 goto out;
2570
2571 Do_ADBG_EndSubCase(c, NULL);
2572 }
2573out:
2574 TEEC_CloseSession(&session);
2575}
2576
2577static void xtest_tee_test_4004(ADBG_Case_t *c)
2578{
2579 TEEC_Session session = { 0 };
2580 uint32_t ret_orig;
2581 uint8_t buf1[45] = { 0 };
2582 uint8_t buf2[45] = { 0 };
2583 static const uint8_t zeros[45] = { 0 };
2584
2585 Do_ADBG_BeginSubCase(c, "TEE get random");
2586 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2587 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2588 &ret_orig)))
2589 return;
2590
2591 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2592 ta_crypt_cmd_random_number_generate(c, &session, buf1,
2593 sizeof(buf1))))
2594 goto out;
2595
2596 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2597 0, !=, memcmp(buf1, zeros, sizeof(buf1)));
2598
2599 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2600 ta_crypt_cmd_random_number_generate(c, &session, buf2,
2601 sizeof(buf2))))
2602 goto out;
2603
2604 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2605 0, !=, memcmp(buf2, zeros, sizeof(buf2)));
2606
2607 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2608 0, !=, memcmp(buf2, buf1, sizeof(buf1)));
2609out:
2610 TEEC_CloseSession(&session);
2611 Do_ADBG_EndSubCase(c, "TEE get random");
2612}
2613
2614
2615struct xtest_ae_case {
2616 uint32_t algo;
2617 uint32_t mode;
2618 uint32_t key_type;
2619 const uint8_t *key;
2620 size_t key_len;
2621 const uint8_t *nonce;
2622 size_t nonce_len;
2623 size_t aad_incr;
2624 const uint8_t *aad;
2625 size_t aad_len;
2626 size_t in_incr;
2627 const uint8_t *ptx;
2628 size_t ptx_len;
2629 const uint8_t *ctx;
2630 size_t ctx_len;
2631 const uint8_t *tag;
2632 size_t tag_len;
2633 size_t line;
2634};
2635
2636
2637#define ARRAY(a) a, ARRAY_SIZE(a)
2638#define NULL_ARRAY(a) NULL, 0
2639
2640#define XTEST_AE_CASE(algo, vect, aad_incr, in_incr, \
2641 aad_array, ptx_array, ctx_array) \
2642 { (algo), TEE_MODE_ENCRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2643 ARRAY(vect ## _nonce), (aad_incr), \
2644 aad_array(vect ## _aad), (in_incr), \
2645 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2646 ARRAY(vect ## _tag), \
2647 __LINE__ }, \
2648 { (algo), TEE_MODE_DECRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2649 ARRAY(vect ## _nonce), (aad_incr), \
2650 aad_array(vect ## _aad), (in_incr), \
2651 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2652 ARRAY(vect ## _tag), \
2653 __LINE__ }
2654
2655#define XTEST_AE_CASE_AES_CCM(vect, aad_incr, in_incr) \
2656 XTEST_AE_CASE(TEE_ALG_AES_CCM, ae_data_aes_ccm_ ## vect, aad_incr, \
2657 in_incr, ARRAY, ARRAY, ARRAY)
2658
2659#define XTEST_AE_CASE_AES_GCM(vect, aad_incr, in_incr, \
2660 aad_array, ptx_array, ctx_array) \
2661 XTEST_AE_CASE(TEE_ALG_AES_GCM, ae_data_aes_gcm_ ## vect, aad_incr, \
2662 in_incr, aad_array, ptx_array, ctx_array)
2663
2664
2665
2666static const struct xtest_ae_case ae_cases[] = {
2667 XTEST_AE_CASE_AES_CCM(vect1, 3, 2),
2668 XTEST_AE_CASE_AES_CCM(vect2, 7, 13),
2669 XTEST_AE_CASE_AES_CCM(vect3, 5, 21),
2670
2671 XTEST_AE_CASE_AES_GCM(vect1, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2672 XTEST_AE_CASE_AES_GCM(vect2, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2673 XTEST_AE_CASE_AES_GCM(vect3, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2674 XTEST_AE_CASE_AES_GCM(vect3, 0, 0x20, NULL_ARRAY, ARRAY, ARRAY),
2675 XTEST_AE_CASE_AES_GCM(vect4, 5, 9, ARRAY, ARRAY, ARRAY),
2676 XTEST_AE_CASE_AES_GCM(vect5, 5, 9, ARRAY, ARRAY, ARRAY),
2677 XTEST_AE_CASE_AES_GCM(vect6, 5, 9, ARRAY, ARRAY, ARRAY),
2678 XTEST_AE_CASE_AES_GCM(vect7, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2679 XTEST_AE_CASE_AES_GCM(vect8, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2680 XTEST_AE_CASE_AES_GCM(vect9, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2681 XTEST_AE_CASE_AES_GCM(vect10, 5, 9, ARRAY, ARRAY, ARRAY),
2682 XTEST_AE_CASE_AES_GCM(vect11, 5, 9, ARRAY, ARRAY, ARRAY),
2683 XTEST_AE_CASE_AES_GCM(vect12, 5, 9, ARRAY, ARRAY, ARRAY),
2684 XTEST_AE_CASE_AES_GCM(vect13, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2685 XTEST_AE_CASE_AES_GCM(vect14, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2686 XTEST_AE_CASE_AES_GCM(vect15, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2687 XTEST_AE_CASE_AES_GCM(vect16, 5, 9, ARRAY, ARRAY, ARRAY),
2688 XTEST_AE_CASE_AES_GCM(vect17, 5, 9, ARRAY, ARRAY, ARRAY),
2689 XTEST_AE_CASE_AES_GCM(vect18, 5, 9, ARRAY, ARRAY, ARRAY),
2690};
2691
2692static void xtest_tee_test_4005(ADBG_Case_t *c)
2693{
2694 TEEC_Session session = { 0 };
2695 TEE_OperationHandle op;
2696 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
2697 TEE_Attribute key_attr;
2698 uint8_t out[512];
2699 size_t out_size;
2700 size_t out_offs;
2701 uint32_t ret_orig;
2702 size_t n;
2703
2704 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2705 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2706 &ret_orig)))
2707 return;
2708
2709 for (n = 0; n < ARRAY_SIZE(ae_cases); n++) {
2710 Do_ADBG_BeginSubCase(c, "AE case %d algo 0x%x line %d",
2711 (int)n, (unsigned int)ae_cases[n].algo,
2712 (int)ae_cases[n].line);
2713
2714 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2715 key_attr.content.ref.buffer = (void *)ae_cases[n].key;
2716 key_attr.content.ref.length = ae_cases[n].key_len;
2717
2718 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2719 ta_crypt_cmd_allocate_operation(c, &session, &op,
2720 ae_cases[n].algo, ae_cases[n].mode,
2721 key_attr.content.ref.length * 8)))
2722 goto out;
2723
2724 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2725 ta_crypt_cmd_allocate_transient_object(c, &session,
2726 ae_cases[n].key_type,
2727 key_attr.content.ref.length * 8,
2728 &key_handle)))
2729 goto out;
2730
2731 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2732 ta_crypt_cmd_populate_transient_object(c, &session,
2733 key_handle, &key_attr, 1)))
2734 goto out;
2735
2736 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2737 ta_crypt_cmd_set_operation_key(c, &session, op,
2738 key_handle)))
2739 goto out;
2740
2741 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2742 ta_crypt_cmd_free_transient_object(c, &session,
2743 key_handle)))
2744 goto out;
2745 key_handle = TEE_HANDLE_NULL;
2746
2747 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2748 ta_crypt_cmd_ae_init(c, &session, op, ae_cases[n].nonce,
2749 ae_cases[n].nonce_len, ae_cases[n].tag_len,
2750 ae_cases[n].aad_len, ae_cases[n].ptx_len)))
2751 goto out;
2752
2753 if (ae_cases[n].aad != NULL) {
2754 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2755 ta_crypt_cmd_ae_update_aad(c, &session, op,
2756 ae_cases[n].aad, ae_cases[n].aad_incr)))
2757 goto out;
2758
2759 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2760 ta_crypt_cmd_ae_update_aad(c, &session, op,
2761 ae_cases[n].aad + ae_cases[n].aad_incr,
2762 ae_cases [n].aad_len -
2763 ae_cases[n].aad_incr)))
2764 goto out;
2765 }
2766
2767 out_offs = 0;
2768 out_size = sizeof(out);
2769 memset(out, 0, sizeof(out));
2770 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2771 if (ae_cases[n].ptx != NULL) {
2772 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2773 ta_crypt_cmd_ae_update(c, &session, op,
2774 ae_cases[n].ptx,
2775 ae_cases[n].in_incr, out,
2776 &out_size)))
2777 goto out;
2778 out_offs += out_size;
2779 }
2780 } else {
2781 if (ae_cases[n].ctx != NULL) {
2782 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2783 ta_crypt_cmd_ae_update(c, &session, op,
2784 ae_cases[n].ctx,
2785 ae_cases[n].in_incr, out,
2786 &out_size)))
2787 goto out;
2788 out_offs += out_size;
2789 }
2790 }
2791
2792 out_size = sizeof(out) - out_offs;
2793 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2794 uint8_t out_tag[64];
2795 size_t out_tag_len = MIN(sizeof(out_tag),
2796 ae_cases[n].tag_len);
2797
2798 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2799 ta_crypt_cmd_ae_encrypt_final(c, &session, op,
2800 ae_cases[n].ptx + ae_cases[n].in_incr,
2801 ae_cases[n].ptx_len -
2802 ae_cases[n].in_incr,
2803 out + out_offs,
2804 &out_size, out_tag, &out_tag_len)))
2805 goto out;
2806
2807 (void)ADBG_EXPECT_BUFFER(c,
2808 ae_cases[n].tag, ae_cases[n].tag_len, out_tag,
2809 out_tag_len);
2810
2811 out_offs += out_size;
2812
2813 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ctx,
2814 ae_cases[n].ctx_len, out, out_offs);
2815 } else {
2816 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2817 ta_crypt_cmd_ae_decrypt_final(c, &session, op,
2818 ae_cases[n].ctx + ae_cases[n].in_incr,
2819 ae_cases[n].ctx_len -
2820 ae_cases[n].in_incr,
2821 out + out_offs,
2822 &out_size, ae_cases[n].tag,
2823 ae_cases[n].tag_len)))
2824 goto out;
2825
2826 out_offs += out_size;
2827
2828 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ptx,
2829 ae_cases[n].ptx_len, out, out_offs);
2830 }
2831
2832 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2833 ta_crypt_cmd_free_operation(c, &session, op)))
2834 goto out;
2835
2836 Do_ADBG_EndSubCase(c, NULL);
2837 }
2838out:
2839 TEEC_CloseSession(&session);
2840}
2841
2842struct xtest_ac_case {
2843 uint32_t algo;
2844 TEE_OperationMode mode;
2845
2846 union {
2847 struct {
2848 const uint8_t *modulus;
2849 size_t modulus_len;
2850
2851 const uint8_t *pub_exp;
2852 size_t pub_exp_len;
2853
2854 const uint8_t *priv_exp;
2855 size_t priv_exp_len;
2856
2857 const uint8_t *prime1; /* q */
2858 size_t prime1_len;
2859 const uint8_t *prime2; /* p */
2860 size_t prime2_len;
2861 const uint8_t *exp1; /* dp */
2862 size_t exp1_len;
2863 const uint8_t *exp2; /* dq */
2864 size_t exp2_len;
2865 const uint8_t *coeff; /* iq */
2866 size_t coeff_len;
2867
2868 int salt_len;
2869 } rsa;
2870 struct {
2871 const uint8_t *prime;
2872 size_t prime_len;
2873 const uint8_t *sub_prime;
2874 size_t sub_prime_len;
2875 const uint8_t *base;
2876 size_t base_len;
2877 const uint8_t *pub_val;
2878 size_t pub_val_len;
2879 const uint8_t *priv_val;
2880 size_t priv_val_len;
2881 } dsa;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]2882 struct {
2883 const uint8_t *private;
2884 size_t private_len;
2885 const uint8_t *public_x;
2886 size_t public_x_len;
2887 const uint8_t *public_y;
2888 size_t public_y_len;
2889 } ecdsa;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2890 } params;
2891
2892 const uint8_t *ptx;
2893 size_t ptx_len;
2894 const uint8_t *ctx;
2895 size_t ctx_len;
2896 size_t line;
2897};
2898
2899#define WITHOUT_SALT(x) -1
2900#define WITH_SALT(x) x
2901
2902#define XTEST_AC_CASE(algo, mode, vect, union_params) \
2903 { (algo), (mode), .params = union_params, \
2904 ARRAY(vect ## _ptx), \
2905 ARRAY(vect ## _out), \
2906 __LINE__ }
2907
2908#define XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt) \
2909 { .rsa = { \
2910 ARRAY(vect ## _modulus), \
2911 ARRAY(vect ## _pub_exp), \
2912 ARRAY(vect ## _priv_exp), \
2913 opt_crt_array(vect ## _prime1), \
2914 opt_crt_array(vect ## _prime2), \
2915 opt_crt_array(vect ## _exp1), \
2916 opt_crt_array(vect ## _exp2), \
2917 opt_crt_array(vect ## _coeff), \
2918 opt_salt(vect ## _salt_len) \
2919 } }
2920
2921#define XTEST_AC_RSA_CASE(algo, mode, vect, opt_crt_array, opt_salt) \
2922 XTEST_AC_CASE(algo, mode, vect, \
2923 XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt))
2924
2925#define XTEST_AC_DSA_UNION(vect) \
2926 { .dsa = { \
2927 ARRAY(vect ## _prime), \
2928 ARRAY(vect ## _sub_prime), \
2929 ARRAY(vect ## _base), \
2930 ARRAY(vect ## _pub_val), \
2931 ARRAY(vect ## _priv_val), \
2932 } }
2933
2934#define XTEST_AC_DSA_CASE(algo, mode, vect) \
2935 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_DSA_UNION(vect))
2936
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]2937#define XTEST_AC_ECDSA_UNION(vect) \
2938 { .ecdsa = { \
2939 ARRAY(vect ## _private), \
2940 ARRAY(vect ## _public_x), \
2941 ARRAY(vect ## _public_y), \
2942 } }
2943
2944#define XTEST_AC_ECDSA_CASE(algo, mode, vect) \
2945 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_ECDSA_UNION(vect))
2946
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2947static const struct xtest_ac_case xtest_ac_cases[] = {
2948 /* RSA test without crt parameters */
2949 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2950 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2951 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2952 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2953 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2954 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2955 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2956 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2957 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2958 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2959 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2960 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2961 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2962 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2963 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2964 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2965 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2966 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2967 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2968 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2969 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2970 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2971 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2972 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2973
2974 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2975 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2976 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2977 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2978
2979 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2980 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2981 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2982 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2983 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_SIGN,
2984 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2985 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_VERIFY,
2986 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2987 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
2988 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2989 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
2990 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2991 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
2992 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2993 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
2994 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2995 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
2996 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2997 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
2998 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2999
3000 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
3001 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
3002 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
3003 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
3004 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
3005 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
3006 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
3007 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
3008 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
3009 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
3010 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
3011 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
3012 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
3013 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
3014 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
3015 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
3016 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
3017 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
3018 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
3019 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
3020
3021 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3022 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
3023 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3024 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
3025 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3026 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
3027 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3028 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
3029 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3030 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3031 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3032 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3033
3034 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3035 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
3036 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3037 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
3038 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3039 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
3040 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3041 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
3042 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3043 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
3044 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3045 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
3046
3047 /* RSA test with crt parameters */
3048 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3049 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3050 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3051 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3052 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3053 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3054 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3055 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3056 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3057 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3058 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3059 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3060 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3061 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3062 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3063 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3064 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3065 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3066 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3067 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3068 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3069 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3070 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3071 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3072 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3073 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3074 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3075 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3076 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3077 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3078 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3079 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3080 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
3081 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3082 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
3083 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3084 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
3085 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3086 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
3087 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3088 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
3089 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3090 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
3091 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3092
3093 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
3094 ac_rsassa_vect12, ARRAY, WITH_SALT),
3095 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
3096 ac_rsassa_vect12, ARRAY, WITH_SALT),
3097 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
3098 ac_rsassa_vect17, ARRAY, WITH_SALT),
3099 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
3100 ac_rsassa_vect17, ARRAY, WITH_SALT),
3101 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
3102 ac_rsassa_vect13, ARRAY, WITH_SALT),
3103 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
3104 ac_rsassa_vect13, ARRAY, WITH_SALT),
3105 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
3106 ac_rsassa_vect14, ARRAY, WITH_SALT),
3107 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
3108 ac_rsassa_vect14, ARRAY, WITH_SALT),
3109 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
3110 ac_rsassa_vect15, ARRAY, WITH_SALT),
3111 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
3112 ac_rsassa_vect15, ARRAY, WITH_SALT),
3113
3114 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3115 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3116 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3117 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3118 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3119 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3120 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3121 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3122 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3123 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3124 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3125 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3126
3127 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3128 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3129 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3130 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3131 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3132 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3133 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3134 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3135 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3136 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3137 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3138 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3139
3140 /* DSA tests */
3141 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect1),
3142 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect1),
3143 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect2),
3144 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect2),
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3145
3146 /* ECDSA tests */
3147 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3148 ac_ecdsa_vect192),
3149 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3150 ac_ecdsa_vect192),
3151 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3152 ac_ecdsa_vect224),
3153 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3154 ac_ecdsa_vect224),
3155 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3156 ac_ecdsa_vect256),
3157 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3158 ac_ecdsa_vect256),
3159 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3160 ac_ecdsa_vect384),
3161 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3162 ac_ecdsa_vect384),
3163 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3164 ac_ecdsa_vect521),
3165 XTEST_AC_ECDSA_CASE(TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3166 ac_ecdsa_vect521),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3167};
3168
3169static bool create_key(ADBG_Case_t *c, TEEC_Session *s,
3170 uint32_t max_key_size, uint32_t key_type,
3171 TEE_Attribute *attrs, size_t num_attrs,
3172 TEE_ObjectHandle *handle)
3173{
3174 size_t n;
3175
3176 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3177 ta_crypt_cmd_allocate_transient_object(c, s, key_type,
3178 max_key_size, handle)))
3179 return false;
3180
3181 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3182 ta_crypt_cmd_populate_transient_object(c, s, *handle, attrs,
3183 num_attrs)))
3184 return false;
3185
3186 for (n = 0; n < num_attrs; n++) {
3187 uint8_t out[256];
3188 size_t out_size;
3189
3190 out_size = sizeof(out);
3191 memset(out, 0, sizeof(out));
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3192
3193 if (attrs[n].attributeID == TEE_ATTR_ECC_CURVE)
3194 continue;
3195
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3196 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3197 ta_crypt_cmd_get_object_buffer_attribute(c, s, *handle,
3198 attrs[n].attributeID, out, &out_size)))
3199 return false;
3200
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3201 if (out_size < attrs[n].content.ref.length) {
3202 memmove(out + (attrs[n].content.ref.length - out_size),
3203 out,
3204 attrs[n].content.ref.length);
3205 memset(out, 0, attrs[n].content.ref.length - out_size);
3206 out_size = attrs[n].content.ref.length;
3207 }
3208
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3209 if (!ADBG_EXPECT_BUFFER(c, attrs[n].content.ref.buffer,
3210 attrs[n].content.ref.length, out, out_size))
3211 return false;
3212 }
3213
3214 return true;
3215}
3216
3217static void xtest_tee_test_4006(ADBG_Case_t *c)
3218{
3219 TEEC_Session session = { 0 };
3220 TEE_OperationHandle op = TEE_HANDLE_NULL;
3221 TEE_ObjectHandle priv_key_handle = TEE_HANDLE_NULL;
3222 TEE_ObjectHandle pub_key_handle = TEE_HANDLE_NULL;
3223 TEE_Attribute key_attrs[8];
3224 TEE_Attribute algo_params[1];
3225 size_t num_algo_params;
3226 uint8_t out[512];
3227 size_t out_size;
3228 uint8_t out_enc[512];
3229 size_t out_enc_size;
3230 uint8_t ptx_hash[TEE_MAX_HASH_SIZE];
3231 size_t ptx_hash_size;
3232 size_t max_key_size;
3233 size_t num_key_attrs;
3234 uint32_t ret_orig;
3235 size_t n;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3236 uint32_t curve;
3237 uint32_t hash_algo;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3238
3239 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3240 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
3241 &ret_orig)))
3242 return;
3243
3244 for (n = 0; n < ARRAY_SIZE(xtest_ac_cases); n++) {
3245 const struct xtest_ac_case *tv = xtest_ac_cases + n;
3246
3247 Do_ADBG_BeginSubCase(c, "Asym Crypto case %d algo 0x%x line %d",
3248 (int)n, (unsigned int)tv->algo,
3249 (int)tv->line);
3250
3251 /*
3252 * When signing or verifying we're working with the hash of
3253 * the payload.
3254 */
3255 if (tv->mode == TEE_MODE_VERIFY || tv->mode == TEE_MODE_SIGN) {
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3256 if (TEE_ALG_GET_MAIN_ALG(tv->algo) == TEE_MAIN_ALGO_ECDSA)
3257 hash_algo = TEE_ALG_SHA1;
3258 else
3259 hash_algo = TEE_ALG_HASH_ALGO(
3260 TEE_ALG_GET_DIGEST_HASH(tv->algo));
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3261
3262 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3263 ta_crypt_cmd_allocate_operation(c, &session,
3264 &op, hash_algo, TEE_MODE_DIGEST, 0)))
3265 goto out;
3266
3267 ptx_hash_size = sizeof(ptx_hash);
3268 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3269 ta_crypt_cmd_digest_do_final(c, & session, op,
3270 tv->ptx, tv->ptx_len, ptx_hash,
3271 &ptx_hash_size)))
3272 goto out;
3273
3274 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3275 ta_crypt_cmd_free_operation(c, &session, op)))
3276 goto out;
3277 }
3278
3279 num_algo_params = 0;
3280 num_key_attrs = 0;
3281 switch (TEE_ALG_GET_MAIN_ALG(tv->algo)) {
3282 case TEE_MAIN_ALGO_RSA:
3283 if (tv->params.rsa.salt_len > 0) {
3284 algo_params[0].attributeID =
3285 TEE_ATTR_RSA_PSS_SALT_LENGTH;
3286 algo_params[0].content.value.a =
3287 tv->params.rsa.salt_len;
3288 algo_params[0].content.value.b = 0;
3289 num_algo_params = 1;
3290 }
3291
3292 max_key_size = tv->params.rsa.modulus_len * 8;
3293
3294 xtest_add_attr(&num_key_attrs, key_attrs,
3295 TEE_ATTR_RSA_MODULUS,
3296 tv->params.rsa.modulus,
3297 tv->params.rsa.modulus_len);
3298 xtest_add_attr(&num_key_attrs, key_attrs,
3299 TEE_ATTR_RSA_PUBLIC_EXPONENT,
3300 tv->params.rsa.pub_exp,
3301 tv->params.rsa.pub_exp_len);
3302
3303 if (!ADBG_EXPECT_TRUE(c,
3304 create_key(c, &session,
3305 max_key_size,
3306 TEE_TYPE_RSA_PUBLIC_KEY,
3307 key_attrs,
3308 num_key_attrs,
3309 &pub_key_handle)))
3310 goto out;
3311
3312 xtest_add_attr(&num_key_attrs, key_attrs,
3313 TEE_ATTR_RSA_PRIVATE_EXPONENT,
3314 tv->params.rsa.priv_exp,
3315 tv->params.rsa.priv_exp_len);
3316
3317 if (tv->params.rsa.prime1_len != 0) {
3318 xtest_add_attr(&num_key_attrs, key_attrs,
3319 TEE_ATTR_RSA_PRIME1,
3320 tv->params.rsa.prime1,
3321 tv->params.rsa.prime1_len);
3322 }
3323
3324 if (tv->params.rsa.prime2_len != 0) {
3325 xtest_add_attr(&num_key_attrs, key_attrs,
3326 TEE_ATTR_RSA_PRIME2,
3327 tv->params.rsa.prime2,
3328 tv->params.rsa.prime2_len);
3329 }
3330
3331 if (tv->params.rsa.exp1_len != 0) {
3332 xtest_add_attr(&num_key_attrs, key_attrs,
3333 TEE_ATTR_RSA_EXPONENT1,
3334 tv->params.rsa.exp1,
3335 tv->params.rsa.exp1_len);
3336 }
3337
3338 if (tv->params.rsa.exp2_len != 0) {
3339 xtest_add_attr(&num_key_attrs, key_attrs,
3340 TEE_ATTR_RSA_EXPONENT2,
3341 tv->params.rsa.exp2,
3342 tv->params.rsa.exp2_len);
3343 }
3344
3345 if (tv->params.rsa.coeff_len != 0) {
3346 xtest_add_attr(&num_key_attrs, key_attrs,
3347 TEE_ATTR_RSA_COEFFICIENT,
3348 tv->params.rsa.coeff,
3349 tv->params.rsa.coeff_len);
3350 }
3351
3352 if (!ADBG_EXPECT_TRUE(c,
3353 create_key(c, &session,
3354 max_key_size,
3355 TEE_TYPE_RSA_KEYPAIR,
3356 key_attrs,
3357 num_key_attrs,
3358 &priv_key_handle)))
3359 goto out;
3360 break;
3361
3362 case TEE_MAIN_ALGO_DSA:
3363 max_key_size = tv->params.dsa.prime_len * 8;
3364
3365 xtest_add_attr(&num_key_attrs, key_attrs,
3366 TEE_ATTR_DSA_PRIME,
3367 tv->params.dsa.prime,
3368 tv->params.dsa.prime_len);
3369 xtest_add_attr(&num_key_attrs, key_attrs,
3370 TEE_ATTR_DSA_SUBPRIME,
3371 tv->params.dsa.sub_prime,
3372 tv->params.dsa.sub_prime_len);
3373 xtest_add_attr(&num_key_attrs, key_attrs,
3374 TEE_ATTR_DSA_BASE,
3375 tv->params.dsa.base,
3376 tv->params.dsa.base_len);
3377 xtest_add_attr(&num_key_attrs, key_attrs,
3378 TEE_ATTR_DSA_PUBLIC_VALUE,
3379 tv->params.dsa.pub_val,
3380 tv->params.dsa.pub_val_len);
3381
3382 if (!ADBG_EXPECT_TRUE(c,
3383 create_key(c, &session, max_key_size,
3384 TEE_TYPE_DSA_PUBLIC_KEY, key_attrs,
3385 num_key_attrs, &pub_key_handle)))
3386 goto out;
3387
3388 xtest_add_attr(&num_key_attrs, key_attrs,
3389 TEE_ATTR_DSA_PRIVATE_VALUE,
3390 tv->params.dsa.priv_val,
3391 tv->params.dsa.priv_val_len);
3392
3393 if (!ADBG_EXPECT_TRUE(c,
3394 create_key(c, &session, max_key_size,
3395 TEE_TYPE_DSA_KEYPAIR, key_attrs,
3396 num_key_attrs, &priv_key_handle)))
3397 goto out;
3398 break;
3399
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3400 case TEE_MAIN_ALGO_ECDSA:
3401 switch (tv->algo) {
3402 case TEE_ALG_ECDSA_P192:
3403 curve = TEE_ECC_CURVE_NIST_P192;
3404 break;
3405 case TEE_ALG_ECDSA_P224:
3406 curve = TEE_ECC_CURVE_NIST_P224;
3407 break;
3408 case TEE_ALG_ECDSA_P256:
3409 curve = TEE_ECC_CURVE_NIST_P256;
3410 break;
3411 case TEE_ALG_ECDSA_P384:
3412 curve = TEE_ECC_CURVE_NIST_P384;
3413 break;
3414 case TEE_ALG_ECDSA_P521:
3415 curve = TEE_ECC_CURVE_NIST_P521;
3416 break;
3417 default:
3418 curve = 0xFF;
3419 break;
3420 }
3421
3422 if (tv->algo == TEE_ALG_ECDSA_P521)
3423 max_key_size = 521;
3424 else
3425 max_key_size = tv->params.ecdsa.private_len * 8;
3426
3427 xtest_add_attr_value(&num_key_attrs, key_attrs,
3428 TEE_ATTR_ECC_CURVE, curve, 0);
3429 xtest_add_attr(&num_key_attrs, key_attrs,
3430 TEE_ATTR_ECC_PUBLIC_VALUE_X,
3431 tv->params.ecdsa.public_x,
3432 tv->params.ecdsa.public_x_len);
3433 xtest_add_attr(&num_key_attrs, key_attrs,
3434 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
3435 tv->params.ecdsa.public_y,
3436 tv->params.ecdsa.public_y_len);
3437
3438 if (!ADBG_EXPECT_TRUE(c,
3439 create_key(c, &session, max_key_size,
3440 TEE_TYPE_ECDSA_PUBLIC_KEY, key_attrs,
3441 num_key_attrs, &pub_key_handle)))
3442 goto out;
3443
3444 xtest_add_attr(&num_key_attrs, key_attrs,
3445 TEE_ATTR_ECC_PRIVATE_VALUE,
3446 tv->params.ecdsa.private,
3447 tv->params.ecdsa.private_len);
3448
3449 if (!ADBG_EXPECT_TRUE(c,
3450 create_key(c, &session, max_key_size,
3451 TEE_TYPE_ECDSA_KEYPAIR, key_attrs,
3452 num_key_attrs, &priv_key_handle)))
3453 goto out;
3454 break;
3455
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3456 default:
3457 ADBG_EXPECT_TRUE(c, false);
3458 goto out;
3459 }
3460
3461 out_size = sizeof(out);
3462 memset(out, 0, sizeof(out));
3463 switch (tv->mode) {
3464 case TEE_MODE_ENCRYPT:
3465 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3466 ta_crypt_cmd_allocate_operation(c, &session,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3467 &op, tv->algo, TEE_MODE_ENCRYPT,
3468 max_key_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3469 goto out;
3470
3471 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3472 ta_crypt_cmd_set_operation_key(c, &session, op,
3473 pub_key_handle)))
3474 goto out;
3475
3476 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3477 ta_crypt_cmd_free_transient_object(c, &session,
3478 pub_key_handle)))
3479 goto out;
3480 pub_key_handle = TEE_HANDLE_NULL;
3481
3482 out_enc_size = sizeof(out_enc);
3483 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3484 ta_crypt_cmd_asymmetric_encrypt(c, &session, op,
3485 NULL, 0, tv->ptx, tv->ptx_len, out_enc,
3486 &out_enc_size)))
3487 goto out;
3488
3489 /*
3490 * A PS which is random is added when formatting the
3491 * message internally of the algorithm so we can't
3492 * verify against precomputed values, instead we use the
3493 * decrypt operation to see that output is correct.
3494 */
3495
3496 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3497 ta_crypt_cmd_free_operation(c, &session, op)))
3498 goto out;
3499
3500 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3501 ta_crypt_cmd_allocate_operation(c, &session,
3502 &op, tv->algo, TEE_MODE_DECRYPT,
3503 max_key_size)))
3504 goto out;
3505
3506 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3507 ta_crypt_cmd_set_operation_key(c, &session, op,
3508 priv_key_handle)))
3509 goto out;
3510
3511 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3512 ta_crypt_cmd_free_transient_object(c, &session,
3513 priv_key_handle)))
3514 goto out;
3515
3516 priv_key_handle = TEE_HANDLE_NULL;
3517
3518 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3519 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3520 NULL, 0, out_enc, out_enc_size, out,
3521 &out_size)))
3522 goto out;
3523
3524 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3525 out_size);
3526 break;
3527
3528 case TEE_MODE_DECRYPT:
3529 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3530 ta_crypt_cmd_allocate_operation(c, &session,
3531 &op, tv->algo, TEE_MODE_DECRYPT,
3532 max_key_size)))
3533 goto out;
3534
3535 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3536 ta_crypt_cmd_set_operation_key(c, &session, op,
3537 priv_key_handle)))
3538 goto out;
3539
3540 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3541 ta_crypt_cmd_free_transient_object(c, &session,
3542 priv_key_handle)))
3543 goto out;
3544
3545 priv_key_handle = TEE_HANDLE_NULL;
3546
3547 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3548 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3549 NULL, 0, tv->ctx, tv->ctx_len, out,
3550 &out_size)))
3551 goto out;
3552
3553 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3554 out_size);
3555 break;
3556
3557 case TEE_MODE_VERIFY:
3558 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3559 ta_crypt_cmd_allocate_operation(c, &session,
3560 &op, tv->algo, TEE_MODE_VERIFY,
3561 max_key_size)))
3562 goto out;
3563
3564 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3565 ta_crypt_cmd_set_operation_key(c, &session, op,
3566 pub_key_handle)))
3567 goto out;
3568
3569 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3570 ta_crypt_cmd_free_transient_object(c, &session,
3571 pub_key_handle)))
3572 goto out;
3573
3574 pub_key_handle = TEE_HANDLE_NULL;
3575
3576 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3577 ta_crypt_cmd_asymmetric_verify(c, &session, op,
3578 algo_params, num_algo_params, ptx_hash,
3579 ptx_hash_size, tv->ctx, tv->ctx_len)))
3580 goto out;
3581 break;
3582
3583 case TEE_MODE_SIGN:
3584 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3585 ta_crypt_cmd_allocate_operation(c, &session,
3586 &op, tv->algo, TEE_MODE_SIGN,
3587 max_key_size)))
3588 goto out;
3589
3590 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3591 ta_crypt_cmd_set_operation_key(c, &session, op,
3592 priv_key_handle)))
3593 goto out;
3594
3595 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3596 ta_crypt_cmd_free_transient_object(c, &session,
3597 priv_key_handle)))
3598 goto out;
3599
3600 priv_key_handle = TEE_HANDLE_NULL;
3601
3602 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3603 ta_crypt_cmd_asymmetric_sign(c, &session, op,
3604 algo_params, num_algo_params, ptx_hash,
3605 ptx_hash_size, out, &out_size)))
3606 goto out;
3607
3608 if (TEE_ALG_GET_CHAIN_MODE(tv->algo) ==
3609 TEE_CHAIN_MODE_PKCS1_PSS_MGF1 ||
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3610 tv->algo == TEE_ALG_DSA_SHA1 ||
3611 TEE_ALG_GET_MAIN_ALG(tv->algo) ==
3612 TEE_MAIN_ALGO_ECDSA) {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3613 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3614 ta_crypt_cmd_free_operation(c, &session,
3615 op)))
3616 goto out;
3617 /*
3618 * The salt or K is random so we can't verify
3619 * signing against precomputed values, instead
3620 * we use the verify operation to see that
3621 * output is correct.
3622 */
3623 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3624 ta_crypt_cmd_allocate_operation(c,
3625 &session, &op, tv->algo,
3626 TEE_MODE_VERIFY, max_key_size)))
3627 goto out;
3628
3629 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3630 ta_crypt_cmd_set_operation_key(c,
3631 &session, op, pub_key_handle)))
3632 goto out;
3633
3634 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3635 ta_crypt_cmd_free_transient_object(c,
3636 &session, pub_key_handle)))
3637 goto out;
3638
3639 pub_key_handle = TEE_HANDLE_NULL;
3640
3641 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3642 ta_crypt_cmd_asymmetric_verify(c,
3643 &session, op, algo_params,
3644 num_algo_params, ptx_hash,
3645 ptx_hash_size, out, out_size)))
3646 goto out;
3647 } else {
3648 (void)ADBG_EXPECT_BUFFER(c, tv->ctx,
3649 tv->ctx_len, out,
3650 out_size);
3651 }
3652 break;
3653
3654 default:
3655 break;
3656 }
3657
3658 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3659 ta_crypt_cmd_free_operation(c, &session, op)))
3660 goto out;
3661
3662 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3663 ta_crypt_cmd_free_transient_object(c, &session,
3664 pub_key_handle)))
3665 goto out;
3666 pub_key_handle = TEE_HANDLE_NULL;
3667
3668 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3669 ta_crypt_cmd_free_transient_object(c, &session,
3670 priv_key_handle)))
3671 goto out;
3672
3673 priv_key_handle = TEE_HANDLE_NULL;
3674
3675 Do_ADBG_EndSubCase(c, NULL);
3676 }
3677out:
3678 TEEC_CloseSession(&session);
3679}
3680
3681#define KEY_ATTR(x, y) { #x, (x), y }
3682
3683struct key_attrs {
3684 const char *name;
3685 uint32_t attr;
3686 bool keysize_check;
3687};
3688
3689static bool test_keygen_attributes(ADBG_Case_t *c, TEEC_Session *s,
3690 TEE_ObjectHandle key, uint32_t key_size,
3691 struct key_attrs *attrs, size_t num_attrs)
3692{
3693 uint8_t out[2048];
3694 size_t out_size;
3695 size_t n;
3696 size_t m;
3697
3698 for (m = 0; m < num_attrs; m++) {
3699 if ((attrs[m].attr & TEE_ATTR_BIT_VALUE) == 0) {
3700 out_size = sizeof(out);
3701 memset(out, 0, sizeof(out));
3702 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3703 ta_crypt_cmd_get_object_buffer_attribute(c, s,
3704 key, attrs[m].attr, out, &out_size)))
3705 return false;
3706
3707 if (attrs[m].keysize_check)
3708 ADBG_EXPECT_COMPARE_UNSIGNED(c, out_size, ==,
3709 key_size / 8);
3710
3711 if (out_size > 0) {
3712 /* Check that buffer isn't all zeroes */
3713 for (n = 0; n < out_size; n++)
3714 if (out[n] != 0)
3715 break;
3716 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <,
3717 out_size))
3718 return false;
3719 }
3720 } else {
3721 uint32_t a;
3722 uint32_t b;
3723
3724 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3725 ta_crypt_cmd_get_object_value_attribute(c, s, key,
3726 attrs[m].attr, &a, &b)))
3727 return false;
3728 }
3729 }
3730 return true;
3731}
3732
3733static bool test_secret_value(ADBG_Case_t *c, TEEC_Session *s,
3734 TEE_ObjectHandle key, uint32_t key_size)
3735{
3736 const struct key_attrs attrs[] = {
3737 KEY_ATTR(TEE_ATTR_SECRET_VALUE, true),
3738 };
3739
3740 return test_keygen_attributes(c, s, key, key_size,
3741 (struct key_attrs *)&attrs,
3742 ARRAY_SIZE(attrs));
3743}
3744
3745
3746static bool test_rsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3747 TEE_ObjectHandle key, uint32_t key_size)
3748{
3749 const struct key_attrs attrs[] = {
3750 KEY_ATTR(TEE_ATTR_RSA_MODULUS, true),
3751 KEY_ATTR(TEE_ATTR_RSA_PUBLIC_EXPONENT, false),
3752 KEY_ATTR(TEE_ATTR_RSA_PRIVATE_EXPONENT, false),
3753 KEY_ATTR(TEE_ATTR_RSA_PRIME1, false),
3754 KEY_ATTR(TEE_ATTR_RSA_PRIME2, false),
3755 KEY_ATTR(TEE_ATTR_RSA_EXPONENT1, false),
3756 KEY_ATTR(TEE_ATTR_RSA_EXPONENT2, false),
3757 KEY_ATTR(TEE_ATTR_RSA_COEFFICIENT, false),
3758 };
3759
3760 return test_keygen_attributes(c, s, key, key_size,
3761 (struct key_attrs *)&attrs,
3762 ARRAY_SIZE(attrs));
3763}
3764
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3765static bool test_ecc_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3766 TEE_ObjectHandle key, uint32_t key_size)
3767{
3768 const struct key_attrs attrs[] = {
3769 KEY_ATTR(TEE_ATTR_ECC_PRIVATE_VALUE, false),
3770 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_X , false),
3771 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_Y , false),
3772 /* KEY_ATTR(TEE_ATTR_ECC_CURVE, false), - do not test */
3773 };
3774
3775 return test_keygen_attributes(c, s, key, key_size,
3776 (struct key_attrs *)&attrs,
3777 ARRAY_SIZE(attrs));
3778}
3779
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3780static bool test_dh_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3781 uint32_t check_keysize,
3782 TEE_ObjectHandle key, uint32_t key_size)
3783{
3784 const struct key_attrs attrs[] = {
3785 KEY_ATTR(TEE_ATTR_DH_PRIME, false),
3786 KEY_ATTR(TEE_ATTR_DH_BASE, false),
3787 KEY_ATTR(TEE_ATTR_DH_PUBLIC_VALUE, false),
3788 KEY_ATTR(TEE_ATTR_DH_PRIVATE_VALUE, check_keysize),
3789 KEY_ATTR(TEE_ATTR_DH_X_BITS, false),
3790 };
3791
3792 return test_keygen_attributes(c, s, key, key_size,
3793 (struct key_attrs *)&attrs,
3794 ARRAY_SIZE(attrs));
3795}
3796
3797static bool test_dsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3798 TEE_ObjectHandle key, uint32_t key_size)
3799{
3800 const struct key_attrs attrs[] = {
3801 KEY_ATTR(TEE_ATTR_DSA_PRIME, true),
3802 KEY_ATTR(TEE_ATTR_DSA_SUBPRIME, false),
3803 KEY_ATTR(TEE_ATTR_DSA_BASE, false),
3804 KEY_ATTR(TEE_ATTR_DSA_PUBLIC_VALUE, false),
3805 KEY_ATTR(TEE_ATTR_DSA_PRIVATE_VALUE, false),
3806 };
3807
3808 return test_keygen_attributes(c, s, key, key_size,
3809 (struct key_attrs *)&attrs,
3810 ARRAY_SIZE(attrs));
3811}
3812
3813static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
3814 uint32_t key_type, uint32_t check_keysize,
3815 uint32_t key_size,
3816 TEE_Attribute *params, size_t param_count)
3817{
3818 TEE_ObjectHandle key;
3819 bool ret_val = true;
3820
3821 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3822 ta_crypt_cmd_allocate_transient_object(c, s, key_type, key_size,
3823 &key)))
3824 return false;
3825
3826 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3827 ta_crypt_cmd_generate_key(c, s, key, key_size, params,
3828 param_count)))
3829 return false;
3830
3831 switch (key_type) {
3832 case TEE_TYPE_DES:
3833 case TEE_TYPE_DES3:
3834 ret_val = ADBG_EXPECT_TRUE(c,
3835 test_secret_value(c, s, key,
3836 key_size + key_size / 7));
3837 break;
3838 case TEE_TYPE_AES:
3839 case TEE_TYPE_HMAC_MD5:
3840 case TEE_TYPE_HMAC_SHA1:
3841 case TEE_TYPE_HMAC_SHA224:
3842 case TEE_TYPE_HMAC_SHA256:
3843 case TEE_TYPE_HMAC_SHA384:
3844 case TEE_TYPE_HMAC_SHA512:
3845 case TEE_TYPE_GENERIC_SECRET:
3846 ret_val = ADBG_EXPECT_TRUE(c,
3847 test_secret_value(c, s, key, key_size));
3848 break;
3849
3850 case TEE_TYPE_RSA_KEYPAIR:
3851 ret_val = ADBG_EXPECT_TRUE(c,
3852 test_rsa_key_pair(c, s, key, key_size));
3853 break;
3854
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3855 case TEE_TYPE_ECDSA_KEYPAIR:
3856 case TEE_TYPE_ECDH_KEYPAIR:
3857 ret_val = ADBG_EXPECT_TRUE(c,
3858 test_ecc_key_pair(c, s, key, key_size));
3859 break;
3860
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3861 case TEE_TYPE_DH_KEYPAIR:
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]3862 ret_val = ADBG_EXPECT_TRUE(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3863 test_dh_key_pair(c, s, check_keysize, key,
3864 key_size));
3865 break;
3866
3867 case TEE_TYPE_DSA_KEYPAIR:
3868 ret_val = ADBG_EXPECT_TRUE(c,
3869 test_dsa_key_pair(c, s, key, key_size));
3870 break;
3871
3872 default:
3873 ret_val = false;
3874 break;
3875 }
3876
3877 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3878 ta_crypt_cmd_free_transient_object(c, s, key)))
3879 return false;
3880
3881 return ret_val;
3882}
3883
3884static void xtest_test_keygen_noparams(ADBG_Case_t *c, TEEC_Session *session)
3885{
3886 size_t n;
3887 uint32_t key_size;
3888 static const struct {
3889 const char *name;
3890 uint32_t key_type;
3891 uint32_t quanta;
3892 uint32_t min_size;
3893 uint32_t max_size;
3894 } key_types[] = {
3895 { "AES", TEE_TYPE_AES, 64, 128,
3896 256 /* valid sizes 128, 192, 256 */ },
3897 { "DES", TEE_TYPE_DES, 56, 56, 56 /* valid size 56 */ },
3898 { "DES3", TEE_TYPE_DES3, 56, 112,
3899 168 /* valid sizes 112, 168 */ },
3900 { "HMAC-MD5", TEE_TYPE_HMAC_MD5, 8, 64, 512 },
3901 { "HMAC-SHA1", TEE_TYPE_HMAC_SHA1, 8, 80, 512 },
3902 { "HMAC-SHA224", TEE_TYPE_HMAC_SHA224, 8, 112, 512 },
3903 { "HMAC-SHA256", TEE_TYPE_HMAC_SHA256, 8, 192, 1024 },
3904 { "HMAC-SHA384", TEE_TYPE_HMAC_SHA384, 8, 256, 1024 },
3905 { "HMAC-SHA512", TEE_TYPE_HMAC_SHA512, 8, 256, 1024 },
3906 { "Generic secret", TEE_TYPE_GENERIC_SECRET, 8, 128, 4096 },
3907 { "RSA-2048", TEE_TYPE_RSA_KEYPAIR, 1, 2048, 2048 },
3908
3909 /* New tests added to check non-regression of issue #5398 */
3910 { "RSA-256", TEE_TYPE_RSA_KEYPAIR, 1, 256, 256 },
3911 { "RSA-384", TEE_TYPE_RSA_KEYPAIR, 1, 384, 384 },
3912 { "RSA-512", TEE_TYPE_RSA_KEYPAIR, 1, 512, 512 },
3913 { "RSA-640", TEE_TYPE_RSA_KEYPAIR, 1, 640, 640 },
3914 { "RSA-768", TEE_TYPE_RSA_KEYPAIR, 1, 768, 768 },
3915 { "RSA-896", TEE_TYPE_RSA_KEYPAIR, 1, 896, 896 },
3916 { "RSA-1024", TEE_TYPE_RSA_KEYPAIR, 1, 1024, 1024 },
3917 };
3918
3919 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3920 uint32_t min_size = key_types[n].min_size;
3921 uint32_t max_size = key_types[n].max_size;
3922 uint32_t quanta = key_types[n].quanta;
3923
3924 Do_ADBG_BeginSubCase(c, "Generate %s key", key_types[n].name);
3925
3926 for (key_size = min_size; key_size <= max_size;
3927 key_size += quanta) {
3928 if (!ADBG_EXPECT_TRUE(c,
3929 generate_and_test_key(c, session, key_types
3930 [n].key_type, 1, key_size, NULL, 0)))
3931 break;
3932 }
3933
3934 Do_ADBG_EndSubCase(c, "Generate %s key", key_types[n].name);
3935 }
3936}
3937
3938static void xtest_test_keygen_dh(ADBG_Case_t *c, TEEC_Session *session)
3939{
3940 size_t n;
3941 size_t param_count;
3942 /*
3943 * Note that the key size parameter is not used when creating the keys
3944 * but specifying these sizes make it possible to test the expected size
3945 * of the private value. This also means that the keysize must match the
3946 * size of p or what is specified in private_bits or the equvivalent
3947 * size of the subprime parameter.
3948 */
3949 TEE_Attribute params[4];
3950
3951#define XTEST_DH_GK_DATA(vect) \
3952 ARRAY(vect ## _p), \
3953 ARRAY(vect ## _g), \
3954 &vect ## _private_bits, \
3955 0, 0
3956#define XTEST_DH_GK_DATA_SUBPRIME(vect) \
3957 ARRAY(vect ## _p), \
3958 ARRAY(vect ## _g), \
3959 &vect ## _private_bits, \
3960 ARRAY(vect ## _subprime)
3961 static const struct {
3962 uint32_t key_size;
3963 const uint8_t *p;
3964 size_t p_len;
3965 const uint8_t *g;
3966 size_t g_len;
3967 const uint32_t *private_bits;
3968 const uint8_t *subprime;
3969 size_t subprime_len;
3970 } key_types[] = {
3971 { 256, XTEST_DH_GK_DATA(keygen_dh256) },
3972 { 256, XTEST_DH_GK_DATA(keygen_dh320) },
3973 { 384, XTEST_DH_GK_DATA(keygen_dh384) },
3974 { 256, XTEST_DH_GK_DATA(keygen_dh448) },
3975 { 512, XTEST_DH_GK_DATA(keygen_dh512) },
3976 { 288, XTEST_DH_GK_DATA(keygen_dh576) },
3977 { 640, XTEST_DH_GK_DATA(keygen_dh640) },
3978 { 352, XTEST_DH_GK_DATA(keygen_dh704) },
3979 { 768, XTEST_DH_GK_DATA(keygen_dh768) },
3980 { 416, XTEST_DH_GK_DATA(keygen_dh832) },
3981 { 896, XTEST_DH_GK_DATA(keygen_dh896) },
3982 { 480, XTEST_DH_GK_DATA(keygen_dh960) },
3983 { 1024, XTEST_DH_GK_DATA(keygen_dh1024) },
3984 { 544, XTEST_DH_GK_DATA(keygen_dh1088) },
3985 { 1152, XTEST_DH_GK_DATA(keygen_dh1152) },
3986 { 608, XTEST_DH_GK_DATA(keygen_dh1216) },
3987 { 1280, XTEST_DH_GK_DATA(keygen_dh1280) },
3988 { 672, XTEST_DH_GK_DATA(keygen_dh1344) },
3989 { 1408, XTEST_DH_GK_DATA(keygen_dh1408) },
3990 { 736, XTEST_DH_GK_DATA(keygen_dh1472) },
3991 { 1536, XTEST_DH_GK_DATA(keygen_dh1536) },
3992 { 800, XTEST_DH_GK_DATA(keygen_dh1600) },
3993 { 1664, XTEST_DH_GK_DATA(keygen_dh1664) },
3994 { 864, XTEST_DH_GK_DATA(keygen_dh1728) },
3995 { 1792, XTEST_DH_GK_DATA(keygen_dh1792) },
3996 { 928, XTEST_DH_GK_DATA(keygen_dh1856) },
3997 { 1920, XTEST_DH_GK_DATA(keygen_dh1920) },
3998 { 992, XTEST_DH_GK_DATA(keygen_dh1984) },
3999 { 2048, XTEST_DH_GK_DATA(keygen_dh2048) },
4000 { 256, XTEST_DH_GK_DATA_SUBPRIME(keygen_dh2048_subprime) }
4001 };
4002
4003
4004 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4005 Do_ADBG_BeginSubCase(c,
4006 "Generate DH key %d bits - Private bits = %d",
4007 key_types[n].key_size,
4008 *key_types[n].private_bits);
4009 param_count = 0;
4010
4011 xtest_add_attr(&param_count, params,
4012 TEE_ATTR_DH_PRIME,
4013 key_types[n].p, key_types[n].p_len);
4014
4015 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
4016 key_types[n].g, key_types[n].g_len);
4017
4018 if (key_types[n].private_bits != 0) {
4019 params[param_count].attributeID = TEE_ATTR_DH_X_BITS;
4020
4021 params[param_count].content.value.a =
4022 *key_types[n].private_bits;
4023
4024 params[param_count].content.value.b = 0;
4025 param_count++;
4026 }
4027
4028 if (key_types[n].subprime != 0) {
4029 xtest_add_attr(&param_count, params,
4030 TEE_ATTR_DH_SUBPRIME,
4031 key_types[n].subprime,
4032 key_types[n].subprime_len);
4033 }
4034
4035 if (!ADBG_EXPECT_TRUE(c,
4036 generate_and_test_key(c, session, TEE_TYPE_DH_KEYPAIR,
4037 ((*key_types[n].private_bits) != 0),
4038 key_types[n]. key_size, params, param_count)))
4039 break;
4040
4041 Do_ADBG_EndSubCase(c,
4042 "Generate DH key %d bits - Private bits = %d",
4043 key_types[n].key_size,
4044 *key_types[n].private_bits);
4045 }
4046}
4047
4048static void xtest_test_keygen_dsa(ADBG_Case_t *c, TEEC_Session *session)
4049{
4050 size_t n;
4051 size_t param_count;
4052 TEE_Attribute params[4];
4053
4054#define XTEST_DSA_GK_DATA(vect) \
4055 ARRAY(vect ## _p), \
4056 ARRAY(vect ## _g), \
4057 ARRAY(vect ## _q)
4058 static const struct {
4059 uint32_t key_size;
4060 const uint8_t *prime;
4061 size_t prime_len;
4062 const uint8_t *base;
4063 size_t base_len;
4064 const uint8_t *sub_prime;
4065 size_t sub_prime_len;
4066 } key_types[] = {
4067 { 1024, XTEST_DSA_GK_DATA(keygen_dsa_test1) },
4068 { 512, XTEST_DSA_GK_DATA(keygen_dsa512) },
4069 { 576, XTEST_DSA_GK_DATA(keygen_dsa576) },
4070 { 640, XTEST_DSA_GK_DATA(keygen_dsa640) },
4071 { 704, XTEST_DSA_GK_DATA(keygen_dsa704) },
4072 { 768, XTEST_DSA_GK_DATA(keygen_dsa768) },
4073 { 832, XTEST_DSA_GK_DATA(keygen_dsa832) },
4074 { 896, XTEST_DSA_GK_DATA(keygen_dsa896) },
4075 { 960, XTEST_DSA_GK_DATA(keygen_dsa960) },
4076 { 1024, XTEST_DSA_GK_DATA(keygen_dsa1024) },
4077 };
4078
4079 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4080 Do_ADBG_BeginSubCase(c, "Generate DSA key %d bits",
4081 key_types[n].key_size);
4082 param_count = 0;
4083
4084
4085 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_PRIME,
4086 key_types[n].prime, key_types[n].prime_len);
4087
4088 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_SUBPRIME,
4089 key_types[n].sub_prime,
4090 key_types[n].sub_prime_len);
4091
4092 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_BASE,
4093 key_types[n].base, key_types[n].base_len);
4094
4095 if (!ADBG_EXPECT_TRUE(c,
4096 generate_and_test_key(c, session, TEE_TYPE_DSA_KEYPAIR,
4097 1, key_types[n]. key_size, params,
4098 param_count)))
4099 break;
4100
4101 Do_ADBG_EndSubCase(c, "Generate DSA key %d bits",
4102 key_types[n].key_size);
4103 }
4104}
4105
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4106static void xtest_test_keygen_ecc(ADBG_Case_t *c, TEEC_Session *session)
4107{
4108 size_t n;
4109 size_t param_count;
4110 TEE_Attribute params[4];
4111
4112 static const struct {
4113 const char *name;
4114 uint32_t algo;
4115 uint32_t curve;
4116 uint32_t key_size;
4117 } key_types[] = {
4118 /* ECDSA */
4119 { "ECDSA-192", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
4120 { "ECDSA-224", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
4121 { "ECDSA-256", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
4122 { "ECDSA-384", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
4123 { "ECDSA-521", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
4124
4125 /* ECDH */
4126 { "ECDH-192", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
4127 { "ECDH-224", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
4128 { "ECDH-256", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
4129 { "ECDH-384", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
4130 { "ECDH-521", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
4131 };
4132
4133 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
4134 Do_ADBG_BeginSubCase(c, "Generate %s", key_types[n].name);
4135 param_count = 0;
4136
4137 xtest_add_attr_value(&param_count, params, TEE_ATTR_ECC_CURVE,
4138 key_types[n].curve, 0);
4139
4140 if (!ADBG_EXPECT_TRUE(c,
4141 generate_and_test_key(c, session, key_types[n].algo,
4142 0, key_types[n].key_size, params,
4143 param_count)))
4144 break;
4145
4146 Do_ADBG_EndSubCase(c, "Generate %s", key_types[n].name);
4147 }
4148}
4149
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4150static void xtest_tee_test_4007(ADBG_Case_t *c)
4151{
4152 TEEC_Session session = { 0 };
4153 uint32_t ret_orig;
4154
4155 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4156 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4157 &ret_orig)))
4158 return;
4159
4160 xtest_test_keygen_noparams(c, &session);
4161
4162 xtest_test_keygen_dh(c, &session);
4163
4164 xtest_test_keygen_dsa(c, &session);
4165
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4166 xtest_test_keygen_ecc (c, &session);
4167
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4168 TEEC_CloseSession(&session);
4169}
4170
4171static void xtest_tee_test_4008(ADBG_Case_t *c)
4172{
4173 TEEC_Session session = { 0 };
4174 uint32_t ret_orig;
4175 TEE_OperationHandle op;
4176 TEE_ObjectHandle key_handle;
4177 TEE_ObjectHandle sv_handle;
4178 TEE_Attribute params[4];
4179 size_t param_count = 0;
4180 uint8_t out[2048];
4181 size_t out_size;
4182
4183 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4184 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4185 &ret_orig)))
4186 return;
4187
4188 Do_ADBG_BeginSubCase(c, "Derive DH key success");
4189
4190 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4191 ta_crypt_cmd_allocate_operation(c, &session, &op,
4192 TEE_ALG_DH_DERIVE_SHARED_SECRET, TEE_MODE_DERIVE,
4193 derive_key_max_keysize)))
4194 goto out;
4195
4196 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4197 ta_crypt_cmd_allocate_transient_object(c, & session,
4198 TEE_TYPE_DH_KEYPAIR, derive_key_max_keysize,
4199 &key_handle)))
4200 goto out;
4201
4202 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIME,
4203 ARRAY(derive_key_dh_prime));
4204
4205 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
4206 ARRAY(derive_key_dh_base));
4207
4208 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4209 ARRAY(derive_key_dh_public_value));
4210
4211 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIVATE_VALUE,
4212 ARRAY(derive_key_dh_private_value));
4213
4214 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4215 ta_crypt_cmd_populate_transient_object(c, &session, key_handle,
4216 params, param_count)))
4217 goto out;
4218
4219 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4220 ta_crypt_cmd_set_operation_key(c, &session, op, key_handle)))
4221 goto out;
4222
4223 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4224 ta_crypt_cmd_free_transient_object(c, & session, key_handle)))
4225 goto out;
4226
4227 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4228 ta_crypt_cmd_allocate_transient_object(c, &session,
4229 TEE_TYPE_GENERIC_SECRET, derive_key_max_keysize,
4230 &sv_handle)))
4231 goto out;
4232
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]4233 /* reuse but reset params and param-count */
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4234 param_count = 0;
4235
4236 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4237 ARRAY(derive_key_dh_public_value_2));
4238
4239 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4240 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
4241 param_count)))
4242 goto out;
4243
4244 out_size = sizeof(out);
4245 memset(out, 0, sizeof(out));
4246 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4247 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
4248 TEE_ATTR_SECRET_VALUE, out, &out_size)))
4249 goto out;
4250
4251 if (!ADBG_EXPECT_BUFFER(c, derive_key_dh_shared_secret,
4252 sizeof(derive_key_dh_shared_secret), out,
4253 out_size))
4254 goto out;
4255
4256 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4257 ta_crypt_cmd_free_operation(c, &session, op)))
4258 goto out;
4259
4260 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4261 ta_crypt_cmd_free_transient_object(c, &session, sv_handle)))
4262 goto out;
4263out:
4264 Do_ADBG_EndSubCase(c, "Derive DH key success");
4265 TEEC_CloseSession(&session);
4266}
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]4267
4268static void xtest_tee_test_4009(ADBG_Case_t *c)
4269{
4270 TEEC_Session session = { 0 };
4271 uint32_t ret_orig;
4272 TEE_OperationHandle op;
4273 TEE_ObjectHandle key_handle;
4274 TEE_ObjectHandle sv_handle;
4275 TEE_Attribute params[4];
4276 size_t param_count = 0;
4277 uint8_t out[2048];
4278 size_t out_size;
4279 uint32_t size_bytes;
Peng Fane13ad9b2015-07-21 11:46:26 +0800[diff] [blame]4280 uint32_t i;
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]4281 struct derive_key_ecdh_t *pt;
4282
4283 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4284 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4285 &ret_orig)))
4286 return;
4287
4288 for (i = 0; i < ARRAY_SIZE(derive_key_ecdh); i++) {
4289 pt = &derive_key_ecdh[i];
4290
4291 Do_ADBG_BeginSubCase(c, "Derive ECDH key - algo = 0x%x",
4292 pt->algo);
4293 size_bytes = (pt->keysize + 7) / 8;
4294 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4295 ta_crypt_cmd_allocate_operation(c, &session, &op,
4296 pt->algo,
4297 TEE_MODE_DERIVE, pt->keysize)))
4298 goto out;
4299
4300 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4301 ta_crypt_cmd_allocate_transient_object(c, & session,
4302 TEE_TYPE_ECDH_KEYPAIR, pt->keysize,
4303 &key_handle)))
4304 goto out;
4305
4306 param_count = 0;
4307 xtest_add_attr_value(&param_count, params,
4308 TEE_ATTR_ECC_CURVE, pt->curve, 0);
4309 xtest_add_attr(&param_count, params,
4310 TEE_ATTR_ECC_PRIVATE_VALUE,
4311 pt->private, size_bytes);
4312 /*
4313 * The public value is not used. This is why we provide
4314 * another buffer
4315 */
4316 xtest_add_attr(&param_count, params,
4317 TEE_ATTR_ECC_PUBLIC_VALUE_X,
4318 pt->private, size_bytes);
4319 xtest_add_attr(&param_count, params,
4320 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
4321 pt->private, size_bytes);
4322
4323 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4324 ta_crypt_cmd_populate_transient_object(c,
4325 &session,
4326 key_handle, params, param_count)))
4327 goto out;
4328
4329 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4330 ta_crypt_cmd_set_operation_key(c, &session, op,
4331 key_handle)))
4332 goto out;
4333
4334 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4335 ta_crypt_cmd_free_transient_object(c, & session,
4336 key_handle)))
4337 goto out;
4338
4339 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4340 ta_crypt_cmd_allocate_transient_object(c, &session,
4341 TEE_TYPE_GENERIC_SECRET, size_bytes * 8,
4342 &sv_handle)))
4343 goto out;
4344
4345 /* reuse but reset params and param-count */
4346 param_count = 0;
4347
4348 xtest_add_attr(&param_count, params,
4349 TEE_ATTR_ECC_PUBLIC_VALUE_X,
4350 pt->public_x, size_bytes);
4351 xtest_add_attr(&param_count, params,
4352 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
4353 pt->public_y, size_bytes);
4354
4355 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4356 ta_crypt_cmd_derive_key(c, &session, op, sv_handle,
4357 params, param_count)))
4358 goto out;
4359
4360 out_size = sizeof(out);
4361 memset(out, 0, sizeof(out));
4362 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4363 ta_crypt_cmd_get_object_buffer_attribute(c, &session,
4364 sv_handle,
4365 TEE_ATTR_SECRET_VALUE, out, &out_size)))
4366 goto out;
4367
4368 if (!ADBG_EXPECT_BUFFER(c, pt->out, size_bytes,
4369 out, out_size))
4370 goto out;
4371
4372 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4373 ta_crypt_cmd_free_operation(c, &session, op)))
4374 goto out;
4375
4376 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4377 ta_crypt_cmd_free_transient_object(c, &session,
4378 sv_handle)))
4379 goto out;
4380
4381 Do_ADBG_EndSubCase(c, "Derive ECDH key - algo = 0x%x",
4382 pt->algo);
4383 }
4384
4385 goto noerror;
4386
4387out:
4388 Do_ADBG_EndSubCase(c, "Derive ECDH key - algo = 0x%x", pt->algo);
4389
4390noerror:
4391 TEEC_CloseSession(&session);
4392}