TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 9b7b70d9c59a018564fffd4fda698ba9b154227e / . / host / xtest / regression_8000.c
blob: 15d8447abeee83e43005d1b5e7b919223d13547e [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame^]1// SPDX-License-Identifier: GPL-2.0
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2/*
3 * Copyright (c) 2014, Linaro Limited
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4 */
5#include "xtest_test.h"
6#include "xtest_helpers.h"
7
8#include <tee_api_types.h>
9#include <tee_api_defines_extensions.h>
10#include <utee_defines.h>
11#include <string.h>
12#include <enc_fs_key_manager_test.h>
13
14#define WITH_HKDF 1
15#define WITH_CONCAT_KDF 1
16#define WITH_PBKDF2 1
17
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]18/*
19 * HKDF test data from RFC 5869
20 */
21
22/* A.1 SHA-256 */
23
24static const uint8_t hkdf_a1_ikm[] = {
25 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
26 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
27 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
28};
29
30static const uint8_t hkdf_a1_salt[] = {
31 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
32 0x08, 0x09, 0x0a, 0x0b, 0x0c
33};
34
35static const uint8_t hkdf_a1_info[] = {
36 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
37 0xf8, 0xf9
38};
39
40static const uint8_t hkdf_a1_okm[] = {
41 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
42 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
43 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
44 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
45 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
46 0x58, 0x65
47};
48
49/* A.2 SHA-256 */
50static const uint8_t hkdf_a2_ikm[] = {
51 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
52 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
53 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
54 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
55 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
56 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
57 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
58 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
59 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
60 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
61};
62
63static const uint8_t hkdf_a2_salt[] = {
64 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
65 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
66 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
67 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
68 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
69 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
70 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
71 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
72 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
73 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
74};
75
76static const uint8_t hkdf_a2_info[] = {
77 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
78 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
79 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
80 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
81 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
82 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
83 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
84 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
85 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
86 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
87};
88
89static const uint8_t hkdf_a2_okm[] = {
90 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
91 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
92 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
93 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
94 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
95 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
96 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
97 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
98 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
99 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
100 0x1d, 0x87
101};
102
103/* A.3 SHA-256 */
104#define hkdf_a3_ikm hkdf_a1_ikm
105static const uint8_t hkdf_a3_salt[] = {};
106
107static const uint8_t hkdf_a3_info[] = {};
108
109static const uint8_t hkdf_a3_okm[] = {
110 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
111 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
112 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
113 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
114 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
115 0x96, 0xc8
116};
117
118/* A.4 SHA-1 */
119static const uint8_t hkdf_a4_ikm[] = {
120 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
121 0x0b, 0x0b, 0x0b
122};
123
124static const uint8_t hkdf_a4_salt[] = {
125 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
126 0x08, 0x09, 0x0a, 0x0b, 0x0c
127};
128
129static const uint8_t hkdf_a4_info[] = {
130 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
131 0xf8, 0xf9
132};
133
134static const uint8_t hkdf_a4_okm[] = {
135 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
136 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
137 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
138 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
139 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
140 0xf8, 0x96
141};
142
143/* A.5 SHA-1 */
144#define hkdf_a5_ikm hkdf_a2_ikm
145#define hkdf_a5_salt hkdf_a2_salt
146#define hkdf_a5_info hkdf_a2_info
147static const uint8_t hkdf_a5_okm[] = {
148 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
149 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
150 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
151 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
152 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
153 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
154 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
155 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
156 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
157 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
158 0xd3, 0xb4
159};
160
161/* A.6 SHA-1 */
162#define hkdf_a6_ikm hkdf_a1_ikm
163static const uint8_t hkdf_a6_salt[] = {};
164
165static const uint8_t hkdf_a6_info[] = {};
166
167static const uint8_t hkdf_a6_okm[] = {
168 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
169 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
170 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
171 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
172 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
173 0x49, 0x18
174};
175
176/* A.7 SHA-1 */
177static const uint8_t hkdf_a7_ikm[] = {
178 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
179 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
180 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
181};
182
183static const uint8_t hkdf_a7_salt[] = {};
184
185static const uint8_t hkdf_a7_info[] = {};
186
187static const uint8_t hkdf_a7_okm[] = {
188 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
189 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
190 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
191 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
192 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
193 0xfc, 0x48
194};
195
196/*
197 * Concat KDF (NIST SP 800-56A R1)
198 *
199 * Test vector from:
200 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37
201 * appendix C
202 */
203static const uint8_t concat_kdf_1_z[] = {
204 158, 86, 217, 29, 129, 113, 53, 211,
205 114, 131, 66, 131, 191, 132, 38, 156,
206 251, 49, 110, 163, 218, 128, 106, 72,
207 246, 218, 167, 121, 140, 254, 144, 196
208};
209
210static const uint8_t concat_kdf_1_other_info[] = {
211 0, 0, 0, 7, 65, 49, 50, 56,
212 71, 67, 77, 0, 0, 0, 5, 65,
213 108, 105, 99, 101, 0, 0, 0, 3,
214 66, 111, 98, 0, 0, 0, 128
215};
216
217static const uint8_t concat_kdf_1_derived_key[] = {
218 86, 170, 141, 234, 248, 35, 109, 32,
219 92, 34, 40, 205, 113, 167, 16, 26
220};
221
222/*
223 * PKCS #5 2.0 / RFC 2898 Key Derivation Function 2 (PBKDF2)
224 * Test vectors from RFC 6070 https://www.ietf.org/rfc/rfc6070.txt
225 */
226
227/* 1 */
228static const uint8_t pbkdf2_1_password[] = {
229 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
230};
231
232static const uint8_t pbkdf2_1_salt[] = {
233 's', 'a', 'l', 't'
234};
235
236#define pbkdf2_1_iteration_count 1
237static const uint8_t pbkdf2_1_dkm[] = {
238 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
239 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
240 0x2f, 0xe0, 0x37, 0xa6
241};
242
243/* 2 */
244#define pbkdf2_2_password pbkdf2_1_password
245#define pbkdf2_2_salt pbkdf2_1_salt
246#define pbkdf2_2_iteration_count 2
247static const uint8_t pbkdf2_2_dkm[] = {
248 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
249 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
250 0xd8, 0xde, 0x89, 0x57
251};
252
253/* 3 */
254#define pbkdf2_3_password pbkdf2_1_password
255#define pbkdf2_3_salt pbkdf2_1_salt
256#define pbkdf2_3_iteration_count 4096
257static const uint8_t pbkdf2_3_dkm[] = {
258 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
259 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
260 0x65, 0xa4, 0x29, 0xc1
261};
262
263/* 4 */
264#define pbkdf2_4_password pbkdf2_1_password
265#define pbkdf2_4_salt pbkdf2_1_salt
266#define pbkdf2_4_iteration_count 16777216
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]267static const uint8_t pbkdf2_4_dkm[] = {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]268 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
269 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
270 0x26, 0x34, 0xe9, 0x84
271};
272
273/* 5 */
274static const uint8_t pbkdf2_5_password[] = {
275 'p', 'a', 's', 's', 'w', 'o', 'r', 'd',
276 'P', 'A', 'S', 'S', 'W', 'O', 'R', 'D',
277 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
278};
279
280static const uint8_t pbkdf2_5_salt[] = {
281 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
282 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
283 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
284 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
285 's', 'a', 'l', 't'
286};
287
288#define pbkdf2_5_iteration_count 4096
289static const uint8_t pbkdf2_5_dkm[] = {
290 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
291 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
292 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
293 0x38
294};
295
296/* 6 */
297static const uint8_t pbkdf2_6_password[] = {
298 'p', 'a', 's', 's', '\0', 'w', 'o', 'r',
299 'd',
300};
301
302static const uint8_t pbkdf2_6_salt[] = {
303 's', 'a', '\0', 'l', 't'
304};
305
306#define pbkdf2_6_iteration_count 4096
307static const uint8_t pbkdf2_6_dkm[] = {
308 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
309 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
310};
311
312#ifdef WITH_HKDF
313static void xtest_test_derivation_hkdf(ADBG_Case_t *c, TEEC_Session *session)
314{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]315 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]316#define TEST_HKDF_DATA(section, algo, id, oeb /* omit empty bufs */) \
317 { \
318 section, algo, \
319 hkdf_##id##_ikm, sizeof(hkdf_##id##_ikm), \
320 (oeb && !sizeof(hkdf_##id##_salt)) ? NULL : hkdf_##id##_salt, sizeof(hkdf_##id##_salt), \
321 (oeb && !sizeof(hkdf_##id##_info)) ? NULL : hkdf_##id##_info, sizeof(hkdf_##id##_info), \
322 hkdf_##id##_okm, sizeof(hkdf_##id##_okm), \
323 }
324 static struct hkdf_case {
325 const char *subcase_name;
326 uint32_t algo;
327 const uint8_t *ikm;
328 size_t ikm_len;
329 const uint8_t *salt;
330 size_t salt_len;
331 const uint8_t *info;
332 size_t info_len;
333 const uint8_t *okm;
334 size_t okm_len;
335 } hkdf_cases[] = {
336 TEST_HKDF_DATA("A.1 (SHA-256)",
337 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a1, false),
338 TEST_HKDF_DATA("A.2 (SHA-256)",
339 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a2, false),
340 TEST_HKDF_DATA("A.3 (SHA-256) [1]",
341 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, false),
342 TEST_HKDF_DATA("A.3 (SHA-256) [2]",
343 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, true),
344 TEST_HKDF_DATA("A.4 (SHA-1)",
345 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a4, false),
346 TEST_HKDF_DATA("A.5 (SHA-1)",
347 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a5, false),
348 TEST_HKDF_DATA("A.6 (SHA-1) [1]",
349 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, false),
350 TEST_HKDF_DATA("A.6 (SHA-1) [2]",
351 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, true),
352 TEST_HKDF_DATA("A.7 (SHA-1) [1]",
353 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, false),
354 TEST_HKDF_DATA("A.7 (SHA-1) [2]",
355 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, true),
356 };
357 size_t max_size = 2048;
358
359 for (n = 0; n < sizeof(hkdf_cases) / sizeof(struct hkdf_case); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]360 TEE_OperationHandle op = TEE_HANDLE_NULL;
361 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
362 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
363 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]364 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]365 uint8_t out[2048] = { };
366 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]367 const struct hkdf_case *hc = &hkdf_cases[n];
368
369 Do_ADBG_BeginSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
370
371 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
372 ta_crypt_cmd_allocate_operation(c, session, &op,
373 hc->algo, TEE_MODE_DERIVE, max_size)))
374 goto out;
375
376 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
377 ta_crypt_cmd_allocate_transient_object(c, session,
378 TEE_TYPE_HKDF_IKM, max_size, &key_handle)))
379 goto out;
380
381 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_IKM, hc->ikm,
382 hc->ikm_len);
383
384 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
385 ta_crypt_cmd_populate_transient_object(c, session,
386 key_handle, params, param_count)))
387 goto out;
388
389 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
390 ta_crypt_cmd_set_operation_key(c, session, op,
391 key_handle)))
392 goto out;
393
394 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
395 ta_crypt_cmd_free_transient_object(c, session,
396 key_handle)))
397 goto out;
398
399 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
400 ta_crypt_cmd_allocate_transient_object(c, session,
401 TEE_TYPE_GENERIC_SECRET, hc->okm_len * 8,
402 &sv_handle)))
403 goto out;
404
405 param_count = 0;
406
407 if (hc->salt)
408 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_SALT,
409 hc->salt, hc->salt_len);
410 if (hc->info)
411 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_INFO,
412 hc->info, hc->info_len);
413
414 params[param_count].attributeID = TEE_ATTR_HKDF_OKM_LENGTH;
415 params[param_count].content.value.a = hc->okm_len;
416 params[param_count].content.value.b = 0;
417 param_count++;
418
419 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
420 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
421 params, param_count)))
422 goto out;
423
424 out_size = sizeof(out);
425 memset(out, 0, sizeof(out));
426 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
427 ta_crypt_cmd_get_object_buffer_attribute(c, session,
428 sv_handle, TEE_ATTR_SECRET_VALUE, out,
429 &out_size)))
430 goto out;
431
432 if (!ADBG_EXPECT_BUFFER(c, hc->okm, hc->okm_len, out, out_size))
433 goto out;
434
435 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
436 ta_crypt_cmd_free_operation(c, session, op)))
437 goto out;
438
439 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
440 ta_crypt_cmd_free_transient_object(c, session,
441 sv_handle)))
442 goto out;
443 out:
444 Do_ADBG_EndSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
445 }
446}
447#endif /* WITH_HKDF */
448
449#ifdef WITH_CONCAT_KDF
450static void xtest_test_derivation_concat_kdf(ADBG_Case_t *c, TEEC_Session *session)
451{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]452 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]453#define TEST_CONCAT_KDF_DATA(name, algo, id, oeb /* omit empty bufs */) \
454 { \
455 name, algo, \
456 concat_kdf_##id##_z, sizeof(concat_kdf_##id##_z), \
457 (oeb && !sizeof(concat_kdf_##id##_other_info)) ? NULL \
458 : concat_kdf_##id##_other_info, \
459 sizeof(concat_kdf_##id##_other_info), \
460 concat_kdf_##id##_derived_key, sizeof(concat_kdf_##id##_derived_key), \
461 }
462 static struct concat_kdf_case {
463 const char *subcase_name;
464 uint32_t algo;
465 const uint8_t *shared_secret;
466 size_t shared_secret_len;
467 const uint8_t *other_info;
468 size_t other_info_len;
469 const uint8_t *derived_key;
470 size_t derived_key_len;
471 } concat_kdf_cases[] = {
472 TEST_CONCAT_KDF_DATA("JWA-37 C (SHA-256)",
473 TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY, 1, false),
474 };
475 size_t max_size = 2048;
476
477 for (n = 0;
478 n < sizeof(concat_kdf_cases) / sizeof(struct concat_kdf_case);
479 n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]480 TEE_OperationHandle op = TEE_HANDLE_NULL;
481 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
482 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
483 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]484 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]485 uint8_t out[2048] = { };
486 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]487 const struct concat_kdf_case *cc = &concat_kdf_cases[n];
488
489 Do_ADBG_BeginSubCase(c, "Concat KDF %s", cc->subcase_name);
490
491 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
492 ta_crypt_cmd_allocate_operation(c, session, &op,
493 cc->algo, TEE_MODE_DERIVE, max_size)))
494 goto out;
495
496 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
497 ta_crypt_cmd_allocate_transient_object(c, session,
498 TEE_TYPE_CONCAT_KDF_Z, max_size, &key_handle)))
499 goto out;
500
501 xtest_add_attr(&param_count, params, TEE_ATTR_CONCAT_KDF_Z,
502 cc->shared_secret, cc->shared_secret_len);
503
504 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
505 ta_crypt_cmd_populate_transient_object(c, session,
506 key_handle, params, param_count)))
507 goto out;
508
509 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
510 ta_crypt_cmd_set_operation_key(c, session, op,
511 key_handle)))
512 goto out;
513
514 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
515 ta_crypt_cmd_free_transient_object(c, session,
516 key_handle)))
517 goto out;
518
519 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
520 ta_crypt_cmd_allocate_transient_object(c, session,
521 TEE_TYPE_GENERIC_SECRET, cc->derived_key_len *
522 8, &sv_handle)))
523 goto out;
524
525 param_count = 0;
526
527 if (cc->other_info)
528 xtest_add_attr(&param_count, params,
529 TEE_ATTR_CONCAT_KDF_OTHER_INFO,
530 cc->other_info, cc->other_info_len);
531
532 params[param_count].attributeID = TEE_ATTR_CONCAT_KDF_DKM_LENGTH;
533 params[param_count].content.value.a = cc->derived_key_len;
534 params[param_count].content.value.b = 0;
535 param_count++;
536
537 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
538 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
539 params, param_count)))
540 goto out;
541
542 out_size = sizeof(out);
543 memset(out, 0, sizeof(out));
544 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
545 ta_crypt_cmd_get_object_buffer_attribute(c, session,
546 sv_handle, TEE_ATTR_SECRET_VALUE, out,
547 &out_size)))
548 goto out;
549
550 if (!ADBG_EXPECT_BUFFER(c, cc->derived_key, cc->derived_key_len,
551 out, out_size))
552 goto out;
553
554 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
555 ta_crypt_cmd_free_operation(c, session, op)))
556 goto out;
557
558 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
559 ta_crypt_cmd_free_transient_object(c, session,
560 sv_handle)))
561 goto out;
562out:
563 Do_ADBG_EndSubCase(c, "Concat KDF %s", cc->subcase_name);
564 }
565}
566#endif /* WITH_CONCAT_KDF */
567
568#ifdef WITH_PBKDF2
569static void xtest_test_derivation_pbkdf2(ADBG_Case_t *c, TEEC_Session *session)
570{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]571 size_t n = 0;
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]572#define TEST_PBKDF2_DATA(level, section, algo, id, oeb /* omit empty bufs */) \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]573 { \
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]574 level, section, algo, \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]575 pbkdf2_##id##_password, sizeof(pbkdf2_##id##_password), \
576 (oeb && !sizeof(pbkdf2_##id##_salt)) ? NULL : pbkdf2_##id##_salt, sizeof(pbkdf2_##id##_salt), \
577 pbkdf2_##id##_iteration_count, \
578 pbkdf2_##id##_dkm, sizeof(pbkdf2_##id##_dkm), \
579 }
580#define _TO_STR(n) #n
581#define TO_STR(n) _TO_STR(n)
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]582#define RFC6070_TEST(l, n) \
583 TEST_PBKDF2_DATA(l, "RFC 6070 " TO_STR(n) " (HMAC-SHA1)", \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]584 TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY, n, false)
585 static struct pbkdf2_case {
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]586 unsigned int level;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]587 const char *subcase_name;
588 uint32_t algo;
589 const uint8_t *password;
590 size_t password_len;
591 const uint8_t *salt;
592 size_t salt_len;
593 uint32_t iteration_count;
594 const uint8_t *dkm;
595 size_t dkm_len;
596 } pbkdf2_cases[] = {
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]597 RFC6070_TEST(0, 1), RFC6070_TEST(0, 2), RFC6070_TEST(0, 3),
598 RFC6070_TEST(15, 4), /* Lengthy! (2 min on HiKey @1.2GHz) */
599 RFC6070_TEST(0, 5), RFC6070_TEST(0, 6)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]600 };
601 size_t max_size = 2048;
602
603 for (n = 0; n < sizeof(pbkdf2_cases) / sizeof(struct pbkdf2_case); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]604 TEE_OperationHandle op = TEE_HANDLE_NULL;
605 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
606 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
607 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]608 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]609 uint8_t out[2048] = { };
610 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]611 const struct pbkdf2_case *pc = &pbkdf2_cases[n];
612
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]613 if (pc->level > level)
614 continue;
615
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]616 Do_ADBG_BeginSubCase(c, "PBKDF2 %s", pc->subcase_name);
617 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
618 ta_crypt_cmd_allocate_operation(c, session, &op,
619 pc->algo, TEE_MODE_DERIVE, max_size)))
620 goto out;
621
622 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
623 ta_crypt_cmd_allocate_transient_object(c, session,
624 TEE_TYPE_PBKDF2_PASSWORD, max_size,
625 &key_handle)))
626 goto out;
627
628 xtest_add_attr(&param_count, params, TEE_ATTR_PBKDF2_PASSWORD,
629 pc->password, pc->password_len);
630
631 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
632 ta_crypt_cmd_populate_transient_object(c, session,
633 key_handle, params, param_count)))
634 goto out;
635
636 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
637 ta_crypt_cmd_set_operation_key(c, session, op,
638 key_handle)))
639 goto out;
640
641 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
642 ta_crypt_cmd_free_transient_object(c, session,
643 key_handle)))
644 goto out;
645
646 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
647 ta_crypt_cmd_allocate_transient_object(c, session,
648 TEE_TYPE_GENERIC_SECRET, pc->dkm_len * 8,
649 &sv_handle)))
650 goto out;
651
652 param_count = 0;
653
654 if (pc->salt)
655 xtest_add_attr(&param_count, params,
656 TEE_ATTR_PBKDF2_SALT, pc->salt,
657 pc->salt_len);
658
659 params[param_count].attributeID = TEE_ATTR_PBKDF2_DKM_LENGTH;
660 params[param_count].content.value.a = pc->dkm_len;
661 params[param_count].content.value.b = 0;
662 param_count++;
663
664 params[param_count].attributeID =
665 TEE_ATTR_PBKDF2_ITERATION_COUNT;
666 params[param_count].content.value.a = pc->iteration_count;
667 params[param_count].content.value.b = 0;
668 param_count++;
669
670 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
671 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
672 params, param_count)))
673 goto out;
674
675 out_size = sizeof(out);
676 memset(out, 0, sizeof(out));
677 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
678 ta_crypt_cmd_get_object_buffer_attribute(c, session,
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]679 sv_handle, TEE_ATTR_SECRET_VALUE,
680 out, &out_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]681 goto out;
682
683 if (!ADBG_EXPECT_BUFFER(c, pc->dkm, pc->dkm_len, out, out_size))
684 goto out;
685
686 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
687 ta_crypt_cmd_free_operation(c, session, op)))
688 goto out;
689
690 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
691 ta_crypt_cmd_free_transient_object(c, session,
692 sv_handle)))
693 goto out;
694out:
695 Do_ADBG_EndSubCase(c, "PBKDF2 %s", pc->subcase_name);
696 }
697}
698#endif /* WITH_PBKDF2 */
699
700static TEEC_Result enc_fs_km_self_test(TEEC_Session *sess)
701{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]702 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
703 TEEC_Result res = TEEC_ERROR_GENERIC;
704 uint32_t org = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]705
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]706 res = TEEC_InvokeCommand(sess, CMD_SELF_TESTS, &op, &org);
707 return res;
708}
709
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame]710static void xtest_tee_test_8001(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]711{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]712 TEEC_Session session = { };
713 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]714
715 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
716 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
717 &ret_orig)))
718 return;
719
720#ifdef WITH_HKDF
721 xtest_test_derivation_hkdf(c, &session);
722#endif
723#ifdef WITH_CONCAT_KDF
724 xtest_test_derivation_concat_kdf(c, &session);
725#endif
726#ifdef WITH_PBKDF2
727 xtest_test_derivation_pbkdf2(c, &session);
728#endif
729
730 TEEC_CloseSession(&session);
731}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]732ADBG_CASE_DEFINE(regression, 8001, xtest_tee_test_8001,
733 "Test TEE Internal API key derivation extensions");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]734
735/* secure storage key manager self test */
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame]736static void xtest_tee_test_8002(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]737{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]738 TEEC_Result res = TEEC_ERROR_GENERIC;
739 TEEC_Session sess = { };
740 uint32_t orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]741
742 res = xtest_teec_open_session(&sess,
743 &enc_fs_key_manager_test_ta_uuid,
744 NULL, &orig);
745 if (res != TEEC_SUCCESS) {
746 Do_ADBG_Log("Ignore test due to TA does not exist");
747 return;
748 }
749
750 if (!ADBG_EXPECT_TEEC_SUCCESS(
751 c, enc_fs_km_self_test(&sess)))
752 goto exit;
753
754exit:
755 TEEC_CloseSession(&sess);
756}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]757ADBG_CASE_DEFINE(regression, 8002, xtest_tee_test_8002,
758 "Secure Storage Key Manager API Self Test");