TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 9d4c4fb9638fb533211037016b6da12fbbcc4bb6 / . / host / xtest / regression_4000.c
blob: 3aa15be2bad6821c365d13c7289fe6c39ba422c3 [file] [log] [blame]
Etienne Carriere9b7b70d2020-05-16 10:27:23 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2/*
3 * Copyright (c) 2014, STMicroelectronics International N.V.
Alexander Zakharov0afe00c2021-02-10 19:06:48 +0100[diff] [blame]4 * Copyright (c) 2021, SumUp Services GmbH
Olivier Massea40266a2023-07-19 10:34:03 +0200[diff] [blame]5 * Copyright 2023 NXP
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]6 */
7
8#include <stdio.h>
9#include <string.h>
10#include <inttypes.h>
11#include <malloc.h>
Igor Opaniuk7ddaa782018-05-25 15:14:05 +0300[diff] [blame]12#include <time.h>
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]13
14#include "xtest_test.h"
15#include "xtest_helpers.h"
16
17#include <tee_api_types.h>
Gabor Szekely2ad190f2018-09-14 14:05:06 +0000[diff] [blame]18#include <tee_api_defines_extensions.h>
Jens Wiklandercbd8fd12022-11-26 20:38:47 +0100[diff] [blame]19#include <tee_api_compat.h>
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]20#include <ta_crypt.h>
21#include <utee_defines.h>
22#include <util.h>
23
Jerome Forissier213ca8a2017-03-31 11:27:56 +0200[diff] [blame]24#include <regression_4000_data.h>
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]25#include <nist/186-2ecdsatestvectors.h>
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]26
27#include <assert.h>
28
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]29static TEEC_Result ta_crypt_cmd_reset_operation(ADBG_Case_t *c, TEEC_Session *s,
30 TEE_OperationHandle oph)
31{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]32 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]33 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]34 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]35
36 assert((uintptr_t)oph <= UINT32_MAX);
37 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
38 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
39 TEEC_NONE);
40 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RESET_OPERATION, &op,
41 &ret_orig);
42 if (res != TEEC_SUCCESS) {
43 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
44 ret_orig);
45 }
46 return res;
47}
48
49static TEEC_Result ta_crypt_cmd_copy_operation(ADBG_Case_t *c,
50 TEEC_Session *s,
51 TEE_OperationHandle dst_oph,
52 TEE_OperationHandle src_oph)
53{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]54 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]55 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]56 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]57
58 assert((uintptr_t)dst_oph <= UINT32_MAX);
59 op.params[0].value.a = (uint32_t)(uintptr_t)dst_oph;
60
61 assert((uintptr_t)src_oph <= UINT32_MAX);
62 op.params[0].value.b = (uint32_t)(uintptr_t)src_oph;
63 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
64 TEEC_NONE);
65
66 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_COPY_OPERATION, &op,
67 &ret_orig);
68
69 if (res != TEEC_SUCCESS) {
70 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
71 ret_orig);
72 }
73 return res;
74}
75
76static TEEC_Result ta_crypt_cmd_digest_update(ADBG_Case_t *c, TEEC_Session *s,
77 TEE_OperationHandle oph,
78 const void *chunk,
79 size_t chunk_size)
80{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]81 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]82 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]83 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]84
85 assert((uintptr_t)oph <= UINT32_MAX);
86 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
87 op.params[1].tmpref.buffer = (void *)chunk;
88 op.params[1].tmpref.size = chunk_size;
89
90 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
91 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
92 TEEC_NONE);
93
94 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_UPDATE, &op, &ret_orig);
95
96 if (res != TEEC_SUCCESS) {
97 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
98 ret_orig);
99 }
100
101 return res;
102}
103
104static TEEC_Result ta_crypt_cmd_digest_do_final(ADBG_Case_t *c, TEEC_Session *s,
105 TEE_OperationHandle oph,
106 const void *chunk,
107 size_t chunk_len, void *hash,
108 size_t *hash_len)
109{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]110 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]111 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]112 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]113
114 assert((uintptr_t)oph <= UINT32_MAX);
115 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
116
117 op.params[1].tmpref.buffer = (void *)chunk;
118 op.params[1].tmpref.size = chunk_len;
119
120 op.params[2].tmpref.buffer = (void *)hash;
121 op.params[2].tmpref.size = *hash_len;
122
123 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
124 TEEC_MEMREF_TEMP_INPUT,
125 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
126
127 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_DO_FINAL, &op,
128 &ret_orig);
129
130 if (res != TEEC_SUCCESS) {
131 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
132 ret_orig);
133 }
134
135 if (res == TEEC_SUCCESS)
136 *hash_len = op.params[2].tmpref.size;
137
138 return res;
139}
140
Jens Wiklander92aded22022-12-07 09:43:56 +0100[diff] [blame]141static TEEC_Result ta_crypt_cmd_digest_extract(ADBG_Case_t *c, TEEC_Session *s,
142 TEE_OperationHandle oph,
143 void *hash, size_t *hash_len)
144{
145 TEEC_Result res = TEEC_ERROR_GENERIC;
146 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
147 uint32_t ret_orig = 0;
148
149 assert((uintptr_t)oph <= UINT32_MAX);
150 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
151
152 op.params[1].tmpref.buffer = (void *)hash;
153 op.params[1].tmpref.size = *hash_len;
154
155 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
156 TEEC_MEMREF_TEMP_OUTPUT,
157 TEEC_NONE, TEEC_NONE);
158
159 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_EXTRACT, &op,
160 &ret_orig);
161
162 if (res != TEEC_SUCCESS) {
163 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
164 ret_orig);
165 }
166
167 if (res == TEEC_SUCCESS)
168 *hash_len = op.params[1].tmpref.size;
169
170 return res;
171}
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]172static TEE_Result ta_crypt_cmd_set_operation_key2(ADBG_Case_t *c,
173 TEEC_Session *s,
174 TEE_OperationHandle oph,
175 TEE_ObjectHandle key1,
176 TEE_ObjectHandle key2)
177{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]178 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]179 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]180 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]181
182 assert((uintptr_t)oph <= UINT32_MAX);
183 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
184
185 assert((uintptr_t)key1 <= UINT32_MAX);
186 op.params[0].value.b = (uint32_t)(uintptr_t)key1;
187
188 assert((uintptr_t)key2 <= UINT32_MAX);
189 op.params[1].value.a = (uint32_t)(uintptr_t)key2;
190 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_INPUT,
191 TEEC_NONE, TEEC_NONE);
192
193 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_SET_OPERATION_KEY2, &op,
194 &ret_orig);
195
196 if (res != TEEC_SUCCESS) {
197 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
198 ret_orig);
199 }
200
201 return res;
202}
203
204static TEEC_Result ta_crypt_cmd_mac_init(ADBG_Case_t *c, TEEC_Session *s,
205 TEE_OperationHandle oph,
206 const void *iv, size_t iv_len)
207{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]208 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]209 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]210 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]211
212 assert((uintptr_t)oph <= UINT32_MAX);
213 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
214
215 if (iv != NULL) {
216 op.params[1].tmpref.buffer = (void *)iv;
217 op.params[1].tmpref.size = iv_len;
218 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
219 TEEC_MEMREF_TEMP_INPUT,
220 TEEC_NONE, TEEC_NONE);
221 } else {
222 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
223 TEEC_NONE, TEEC_NONE);
224 }
225
226 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_INIT, &op, &ret_orig);
227
228 if (res != TEEC_SUCCESS) {
229 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
230 ret_orig);
231 }
232
233 return res;
234}
235
236static TEEC_Result ta_crypt_cmd_mac_update(ADBG_Case_t *c, TEEC_Session *s,
237 TEE_OperationHandle oph,
238 const void *chunk, size_t chunk_size)
239{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]240 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]241 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]242 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]243
244 assert((uintptr_t)oph <= UINT32_MAX);
245 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
246
247 op.params[1].tmpref.buffer = (void *)chunk;
248 op.params[1].tmpref.size = chunk_size;
249
250 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
251 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
252 TEEC_NONE);
253
254 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_UPDATE, &op, &ret_orig);
255
256 if (res != TEEC_SUCCESS) {
257 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
258 ret_orig);
259 }
260
261 return res;
262}
263
264static TEEC_Result ta_crypt_cmd_mac_final_compute(ADBG_Case_t *c,
265 TEEC_Session *s,
266 TEE_OperationHandle oph,
267 const void *chunk,
268 size_t chunk_len,
269 void *hash,
270 size_t *hash_len)
271{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]272 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]273 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]274 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]275
276 assert((uintptr_t)oph <= UINT32_MAX);
277 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
278
279 op.params[1].tmpref.buffer = (void *)chunk;
280 op.params[1].tmpref.size = chunk_len;
281
282 op.params[2].tmpref.buffer = (void *)hash;
283 op.params[2].tmpref.size = *hash_len;
284
285 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
286 TEEC_MEMREF_TEMP_INPUT,
287 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
288
289 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_FINAL_COMPUTE, &op,
290 &ret_orig);
291
292 if (res != TEEC_SUCCESS) {
293 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
294 ret_orig);
295 }
296
297 if (res == TEEC_SUCCESS)
298 *hash_len = op.params[2].tmpref.size;
299
300 return res;
301}
302
Jerome Forissier4f419512021-07-07 14:56:10 +0200[diff] [blame]303static TEEC_Result ta_crypt_cmd_mac_final_compare(ADBG_Case_t *c,
304 TEEC_Session *s,
305 TEE_OperationHandle oph,
306 const void *chunk,
307 size_t chunk_len,
308 const uint8_t *hash,
309 size_t hash_len)
310{
311 TEEC_Result res = TEEC_ERROR_GENERIC;
312 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
313 uint32_t ret_orig = 0;
314
315 assert((uintptr_t)oph <= UINT32_MAX);
316 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
317
318 op.params[1].tmpref.buffer = (void *)chunk;
319 op.params[1].tmpref.size = chunk_len;
320
321 op.params[2].tmpref.buffer = (void *)hash;
322 op.params[2].tmpref.size = hash_len;
323
324 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
325 TEEC_MEMREF_TEMP_INPUT,
326 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE);
327
328 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_FINAL_COMPARE, &op,
329 &ret_orig);
330
331 if (res != TEEC_SUCCESS) {
332 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
333 ret_orig);
334 }
335
336 return res;
337}
338
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]339static TEEC_Result ta_crypt_cmd_cipher_init(ADBG_Case_t *c, TEEC_Session *s,
340 TEE_OperationHandle oph,
341 const void *iv, size_t iv_len)
342{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]343 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]344 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]345 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]346
347 assert((uintptr_t)oph <= UINT32_MAX);
348 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
349
350 if (iv != NULL) {
351 op.params[1].tmpref.buffer = (void *)iv;
352 op.params[1].tmpref.size = iv_len;
353
354 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
355 TEEC_MEMREF_TEMP_INPUT,
356 TEEC_NONE, TEEC_NONE);
357 } else {
358 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
359 TEEC_NONE, TEEC_NONE);
360 }
361
362 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_INIT, &op, &ret_orig);
363
364 if (res != TEEC_SUCCESS) {
365 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
366 ret_orig);
367 }
368
369 return res;
370}
371
372static TEEC_Result ta_crypt_cmd_cipher_update(ADBG_Case_t *c, TEEC_Session *s,
373 TEE_OperationHandle oph,
374 const void *src, size_t src_len,
375 void *dst, size_t *dst_len)
376{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]377 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]378 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]379 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]380
381 assert((uintptr_t)oph <= UINT32_MAX);
382 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
383
384 op.params[1].tmpref.buffer = (void *)src;
385 op.params[1].tmpref.size = src_len;
386
387 op.params[2].tmpref.buffer = dst;
388 op.params[2].tmpref.size = *dst_len;
389
390 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
391 TEEC_MEMREF_TEMP_INPUT,
392 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
393
394 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_UPDATE, &op, &ret_orig);
395
396 if (res != TEEC_SUCCESS) {
397 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
398 ret_orig);
399 }
400
Jens Wiklander8281d642024-04-22 18:23:45 +0200[diff] [blame]401 *dst_len = op.params[2].tmpref.size;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]402
403 return res;
404}
405
406static TEEC_Result ta_crypt_cmd_cipher_do_final(ADBG_Case_t *c,
407 TEEC_Session *s,
408 TEE_OperationHandle oph,
409 const void *src,
410 size_t src_len,
411 void *dst,
412 size_t *dst_len)
413{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]414 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]415 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]416 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]417
418 assert((uintptr_t)oph <= UINT32_MAX);
419 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
420
421 op.params[1].tmpref.buffer = (void *)src;
422 op.params[1].tmpref.size = src_len;
423
424 op.params[2].tmpref.buffer = (void *)dst;
425 op.params[2].tmpref.size = *dst_len;
426
427 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
428 TEEC_MEMREF_TEMP_INPUT,
429 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
430
431 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_DO_FINAL, &op,
432 &ret_orig);
433
434 if (res != TEEC_SUCCESS) {
435 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
436 ret_orig);
437 }
438
Jens Wiklander8281d642024-04-22 18:23:45 +0200[diff] [blame]439 *dst_len = op.params[2].tmpref.size;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]440
441 return res;
442}
443
444static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
445 TEEC_Session *s,
446 void *buf,
447 size_t blen)
448{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]449 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]450 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]451 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]452
453 op.params[0].tmpref.buffer = buf;
454 op.params[0].tmpref.size = blen;
455
456 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
457 TEEC_NONE, TEEC_NONE);
458
Joakim Bech81f97e32020-05-27 12:14:23 +0200[diff] [blame]459 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RANDOM_NUMBER_GENERATE, &op,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]460 &ret_orig);
461
462 if (res != TEEC_SUCCESS) {
463 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
464 ret_orig);
465 }
466
467 (void)ADBG_EXPECT_COMPARE_UNSIGNED(c, blen, ==,
468 op.params[0].tmpref.size);
469 return res;
470}
471
472static TEEC_Result ta_crypt_cmd_ae_init(ADBG_Case_t *c, TEEC_Session *s,
473 TEE_OperationHandle oph,
474 const void *nonce, size_t nonce_len,
475 size_t tag_len, size_t aad_len,
476 size_t payload_len)
477{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]478 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]479 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]480 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]481
482 assert((uintptr_t)oph <= UINT32_MAX);
483 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
484 op.params[0].value.b = tag_len;
485
486 op.params[1].tmpref.buffer = (void *)nonce;
487 op.params[1].tmpref.size = nonce_len;
488
489 op.params[2].value.a = aad_len;
490 op.params[2].value.b = payload_len;
491
492 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
493 TEEC_MEMREF_TEMP_INPUT,
Jens Wiklander74a42302015-07-07 01:08:41 +0200[diff] [blame]494 TEEC_VALUE_INPUT, TEEC_NONE);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]495
496 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_INIT, &op, &ret_orig);
497
498 if (res != TEEC_SUCCESS) {
499 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
500 ret_orig);
501 }
502 return res;
503}
504
505static TEEC_Result ta_crypt_cmd_ae_update_aad(ADBG_Case_t *c, TEEC_Session *s,
506 TEE_OperationHandle oph,
507 const void *aad, size_t aad_len)
508{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]509 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]510 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]511 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]512
513 assert((uintptr_t)oph <= UINT32_MAX);
514 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
515
516 op.params[1].tmpref.buffer = (void *)aad;
517 op.params[1].tmpref.size = aad_len;
518
519 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
520 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
521 TEEC_NONE);
522
523 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE_AAD, &op, &ret_orig);
524
525 if (res != TEEC_SUCCESS) {
526 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
527 ret_orig);
528 }
529
530 return res;
531}
532
533static TEEC_Result ta_crypt_cmd_ae_update(ADBG_Case_t *c,
534 TEEC_Session *s,
535 TEE_OperationHandle oph,
536 const void *src,
537 size_t src_len,
538 void *dst,
539 size_t *dst_len)
540{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]541 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]542 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]543 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]544
545 assert((uintptr_t)oph <= UINT32_MAX);
546 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
547
548 op.params[1].tmpref.buffer = (void *)src;
549 op.params[1].tmpref.size = src_len;
550
551 op.params[2].tmpref.buffer = (void *)dst;
552 op.params[2].tmpref.size = *dst_len;
553
554 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
555 TEEC_MEMREF_TEMP_INPUT,
556 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
557
558 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE, &op, &ret_orig);
559
560 if (res != TEEC_SUCCESS) {
561 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
562 ret_orig);
563 }
564
Jens Wiklander8281d642024-04-22 18:23:45 +0200[diff] [blame]565 *dst_len = op.params[2].tmpref.size;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]566
567 return res;
568}
569
570static TEEC_Result ta_crypt_cmd_ae_encrypt_final(ADBG_Case_t *c,
571 TEEC_Session *s,
572 TEE_OperationHandle oph,
573 const void *src,
574 size_t src_len, void *dst,
575 size_t *dst_len, void *tag,
576 size_t *tag_len)
577{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]578 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]579 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]580 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]581
582 assert((uintptr_t)oph <= UINT32_MAX);
583 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
584
585 op.params[1].tmpref.buffer = (void *)src;
586 op.params[1].tmpref.size = src_len;
587
588 op.params[2].tmpref.buffer = (void *)dst;
589 op.params[2].tmpref.size = *dst_len;
590
591 op.params[3].tmpref.buffer = (void *)tag;
592 op.params[3].tmpref.size = *tag_len;
593
594 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
595 TEEC_MEMREF_TEMP_INPUT,
596 TEEC_MEMREF_TEMP_OUTPUT,
597 TEEC_MEMREF_TEMP_OUTPUT);
598
599 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_ENCRYPT_FINAL, &op,
600 &ret_orig);
601
602 if (res != TEEC_SUCCESS) {
603 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
604 ret_orig);
605 }
606
Jens Wiklander8281d642024-04-22 18:23:45 +0200[diff] [blame]607 *dst_len = op.params[2].tmpref.size;
608 *tag_len = op.params[3].tmpref.size;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]609
610 return res;
611}
612
613static TEEC_Result ta_crypt_cmd_ae_decrypt_final(ADBG_Case_t *c,
614 TEEC_Session *s,
615 TEE_OperationHandle oph,
616 const void *src, size_t src_len,
617 void *dst, size_t *dst_len,
618 const void *tag, size_t tag_len)
619{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]620 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]621 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]622 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]623
624 assert((uintptr_t)oph <= UINT32_MAX);
625 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
626
627 op.params[1].tmpref.buffer = (void *)src;
628 op.params[1].tmpref.size = src_len;
629
630 op.params[2].tmpref.buffer = dst;
631 op.params[2].tmpref.size = *dst_len;
632
633 op.params[3].tmpref.buffer = (void *)tag;
634 op.params[3].tmpref.size = tag_len;
635
636 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
637 TEEC_MEMREF_TEMP_INPUT,
638 TEEC_MEMREF_TEMP_OUTPUT,
639 TEEC_MEMREF_TEMP_INPUT);
640
641 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_DECRYPT_FINAL, &op,
642 &ret_orig);
643
644 if (res != TEEC_SUCCESS) {
645 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
646 ret_orig);
647 }
648
Jens Wiklander8281d642024-04-22 18:23:45 +0200[diff] [blame]649 *dst_len = op.params[2].tmpref.size;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]650
651 return res;
652}
653
654static TEEC_Result ta_crypt_cmd_asymmetric_operate(ADBG_Case_t *c,
655 TEEC_Session *s,
656 TEE_OperationHandle oph,
657 uint32_t cmd,
658 const TEE_Attribute *params,
659 uint32_t paramCount,
660 const void *src,
661 size_t src_len,
662 void *dst,
663 size_t *dst_len)
664{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]665 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]666 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]667 uint32_t ret_orig = 0;
668 uint8_t *buf = NULL;
669 size_t blen = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]670
671 res = pack_attrs(params, paramCount, &buf, &blen);
672 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
673 return res;
674
675 assert((uintptr_t)oph <= UINT32_MAX);
676 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
677
678 op.params[1].tmpref.buffer = buf;
679 op.params[1].tmpref.size = blen;
680
681 op.params[2].tmpref.buffer = (void *)src;
682 op.params[2].tmpref.size = src_len;
683
684 op.params[3].tmpref.buffer = dst;
685 op.params[3].tmpref.size = *dst_len;
686
687 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
688 TEEC_MEMREF_TEMP_INPUT,
689 TEEC_MEMREF_TEMP_INPUT,
690 TEEC_MEMREF_TEMP_OUTPUT);
691
692 res = TEEC_InvokeCommand(s, cmd, &op, &ret_orig);
693
694 if (res != TEEC_SUCCESS) {
695 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
696 ret_orig);
697 }
698
699 if (res == TEEC_SUCCESS)
700 *dst_len = op.params[3].tmpref.size;
701
702 free(buf);
703 return res;
704}
705
706static TEEC_Result ta_crypt_cmd_asymmetric_encrypt(ADBG_Case_t *c,
707 TEEC_Session *s,
708 TEE_OperationHandle oph,
709 const TEE_Attribute *params,
710 uint32_t paramCount,
711 const void *src,
712 size_t src_len,
713 void *dst,
714 size_t *dst_len)
715{
716 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
717 TA_CRYPT_CMD_ASYMMETRIC_ENCRYPT,
718 params, paramCount,
719 src, src_len, dst, dst_len);
720}
721
722static TEEC_Result ta_crypt_cmd_asymmetric_decrypt(ADBG_Case_t *c,
723 TEEC_Session *s,
724 TEE_OperationHandle oph,
725 const TEE_Attribute *params,
726 uint32_t paramCount,
727 const void *src,
728 size_t src_len,
729 void *dst,
730 size_t *dst_len)
731{
732 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
733 TA_CRYPT_CMD_ASYMMETRIC_DECRYPT,
734 params, paramCount,
735 src, src_len, dst, dst_len);
736}
737
738static TEEC_Result ta_crypt_cmd_asymmetric_sign(ADBG_Case_t *c,
739 TEEC_Session *s,
740 TEE_OperationHandle oph,
741 const TEE_Attribute *params,
742 uint32_t paramCount,
743 const void *digest,
744 size_t digest_len,
745 void *signature,
746 size_t *signature_len)
747{
748 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
749 TA_CRYPT_CMD_ASYMMETRIC_SIGN_DIGEST, params, paramCount,
750 digest, digest_len, signature, signature_len);
751}
752
753static TEEC_Result ta_crypt_cmd_asymmetric_verify(ADBG_Case_t *c,
754 TEEC_Session *s,
755 TEE_OperationHandle oph,
756 const TEE_Attribute *params,
757 uint32_t paramCount,
758 const void *digest,
759 size_t digest_len,
760 const void *signature,
761 size_t signature_len)
762{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]763 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]764 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]765 uint32_t ret_orig = 0;
766 uint8_t *buf = NULL;
767 size_t blen = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]768
769 res = pack_attrs(params, paramCount, &buf, &blen);
770 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
771 return res;
772
773 assert((uintptr_t)oph <= UINT32_MAX);
774 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
775
776 op.params[1].tmpref.buffer = buf;
777 op.params[1].tmpref.size = blen;
778
779 op.params[2].tmpref.buffer = (void *)digest;
780 op.params[2].tmpref.size = digest_len;
781
782 op.params[3].tmpref.buffer = (void *)signature;
783 op.params[3].tmpref.size = signature_len;
784
785 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
786 TEEC_MEMREF_TEMP_INPUT,
787 TEEC_MEMREF_TEMP_INPUT,
788 TEEC_MEMREF_TEMP_INPUT);
789
790 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_ASYMMETRIC_VERIFY_DIGEST,
791 &op, &ret_orig);
792
793 if (res != TEEC_SUCCESS) {
794 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
795 ret_orig);
796 }
797
798 free(buf);
799 return res;
800}
801
802static TEEC_Result ta_crypt_cmd_get_object_value_attribute(ADBG_Case_t *c,
803 TEEC_Session *s,
804 TEE_ObjectHandle o,
805 uint32_t attr_id,
806 uint32_t *valuea,
807 uint32_t *valueb)
808{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]809 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]810 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]811 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]812
813 assert((uintptr_t)o <= UINT32_MAX);
814 op.params[0].value.a = (uint32_t)(uintptr_t)o;
815 op.params[0].value.b = attr_id;
816 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_OUTPUT,
817 TEEC_NONE, TEEC_NONE);
818
819 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GET_OBJECT_VALUE_ATTRIBUTE,
820 &op, &ret_orig);
821
822 if (res != TEEC_SUCCESS) {
823 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
824 ret_orig);
825 }
826
827 if (res == TEEC_SUCCESS) {
828 *valuea = op.params[1].value.a;
829 *valueb = op.params[1].value.b;
830 }
831
832 return res;
833}
834
835static TEEC_Result ta_crypt_cmd_generate_key(ADBG_Case_t *c,
836 TEEC_Session *s,
837 TEE_ObjectHandle o,
838 uint32_t key_size,
839 const TEE_Attribute *params,
840 uint32_t paramCount)
841{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]842 TEEC_Result res = TEEC_ERROR_GENERIC;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]843 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]844 uint32_t ret_orig = 0;
845 uint8_t *buf = NULL;
846 size_t blen = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]847
848 res = pack_attrs(params, paramCount, &buf, &blen);
849 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
850 return res;
851
852 assert((uintptr_t)o <= UINT32_MAX);
853 op.params[0].value.a = (uint32_t)(uintptr_t)o;
854 op.params[0].value.b = key_size;
855
856 op.params[1].tmpref.buffer = buf;
857 op.params[1].tmpref.size = blen;
858
859 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
860 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
861 TEEC_NONE);
862
863 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GENERATE_KEY, &op, &ret_orig);
864
865 if (res != TEEC_SUCCESS) {
866 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
867 ret_orig);
868 }
869
870 free(buf);
871 return res;
872}
873
874static const uint8_t hash_data_md5_in1[] = {
875 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
876};
877
878static const uint8_t hash_data_md5_out1[] = {
879 0x61, 0x12, 0x71, 0x83, 0x70, 0x8d, 0x3a, 0xc7,
880 0xf1, 0x9b, 0x66, 0x06, 0xfc, 0xae, 0x7d, 0xf6
881};
882
883static const uint8_t hash_data_sha1_in1[] = {
884 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
885};
886
887static const uint8_t hash_data_sha1_out1[] = {
888 0x4b, 0x98, 0x92, 0xb6, 0x52, 0x72, 0x14, 0xaf,
889 0xc6, 0x55, 0xb8, 0xaa, 0x52, 0xf4, 0xd2, 0x03,
890 0xc1, 0x5e, 0x7c, 0x9c
891};
892
893static const uint8_t hash_data_sha224_in1[] = {
894 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
895};
896
897static const uint8_t hash_data_sha224_out1[] = {
898 0x08, 0x21, 0x69, 0xf9, 0x77, 0x1b, 0x80, 0x15,
899 0xf3, 0x97, 0xae, 0xde, 0x5b, 0xba, 0xa2, 0x72,
900 0x2d, 0x8f, 0x5c, 0x19, 0xfe, 0xd2, 0xe2, 0x68,
901 0x92, 0x49, 0xd8, 0x44
902};
903
904static const uint8_t hash_data_sha256_in1[] = { 'a', 'b', 'c' };
905
906static const uint8_t hash_data_sha256_out1[] = {
907 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
908 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
909 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
910 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
911};
912
913static const uint8_t hash_data_sha256_in2[] = { 'e', 'f', 'g' };
914
915static const uint8_t hash_data_sha256_out2[] = {
916 0xd4, 0xff, 0xe8, 0xe9, 0xee, 0x0b, 0x48, 0xeb,
917 0xa7, 0x16, 0x70, 0x61, 0x23, 0xa7, 0x18, 0x7f,
918 0x32, 0xea, 0xe3, 0xbd, 0xcb, 0x0e, 0x77, 0x63,
919 0xe4, 0x1e, 0x53, 0x32, 0x67, 0xbd, 0x8a, 0x53
920};
921
922
923static const uint8_t hash_data_sha384_in1[] = {
924 'a', 'b', 'c', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
925};
926
927static const uint8_t hash_data_sha384_out1[] = {
928 0x4c, 0xab, 0x80, 0x9d, 0x96, 0x84, 0x01, 0x47,
929 0x67, 0x0a, 0xc1, 0x7a, 0xb6, 0xb9, 0xf7, 0x6e,
930 0x35, 0xa6, 0xb0, 0x8c, 0xf5, 0x2a, 0x3d, 0x64,
931 0x9a, 0x8c, 0x7e, 0x0c, 0x55, 0x45, 0xd3, 0x7d,
932 0x1f, 0x7f, 0x28, 0x34, 0x96, 0x14, 0x44, 0x2a,
933 0xf5, 0x98, 0xa2, 0x95, 0x24, 0x76, 0x53, 0x97
934};
935
936static const uint8_t hash_data_sha512_in1[] = {
937 'a', 'b', 'c', 'd', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
938};
939
940static const uint8_t hash_data_sha512_out1[] = {
941 0x20, 0xd8, 0x64, 0x4f, 0x54, 0xa2, 0x5f, 0x6f,
942 0x0a, 0xf9, 0xd5, 0x27, 0x7d, 0x17, 0xa8, 0x99,
943 0x4c, 0x64, 0x3f, 0xd0, 0xf3, 0x83, 0x36, 0xee,
944 0x93, 0x12, 0x55, 0xcd, 0x2e, 0x12, 0x34, 0xa0,
945 0xc2, 0xaa, 0xf9, 0xbb, 0x15, 0xc5, 0xe9, 0xfa,
946 0xf7, 0xa7, 0xda, 0xb8, 0x2f, 0x72, 0xa0, 0x47,
947 0xe3, 0x02, 0x04, 0xe8, 0xa0, 0x35, 0x0c, 0x96,
948 0x26, 0xd1, 0xcb, 0x8b, 0x47, 0x45, 0x25, 0xd0
949};
950
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]951/* SHA-3 vectors from https://www.di-mgt.com.au/sha_testvectors.html */
952#define hash_data_sha3_in1 hash_data_sha256_in1
953
954static const uint8_t hash_data_sha3_224_out1[] = {
955 0xe6, 0x42, 0x82, 0x4c, 0x3f, 0x8c, 0xf2, 0x4a,
956 0xd0, 0x92, 0x34, 0xee, 0x7d, 0x3c, 0x76, 0x6f,
957 0xc9, 0xa3, 0xa5, 0x16, 0x8d, 0x0c, 0x94, 0xad,
958 0x73, 0xb4, 0x6f, 0xdf
959};
960
961static const uint8_t hash_data_sha3_256_out1[] = {
962 0x3a, 0x98, 0x5d, 0xa7, 0x4f, 0xe2, 0x25, 0xb2,
963 0x04, 0x5c, 0x17, 0x2d, 0x6b, 0xd3, 0x90, 0xbd,
964 0x85, 0x5f, 0x08, 0x6e, 0x3e, 0x9d, 0x52, 0x5b,
965 0x46, 0xbf, 0xe2, 0x45, 0x11, 0x43, 0x15, 0x32
966};
967
968static const uint8_t hash_data_sha3_384_out1[] = {
969 0xec, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6f, 0xc9,
970 0x26, 0x45, 0x9f, 0x58, 0xe2, 0xc6, 0xad, 0x8d,
971 0xf9, 0xb4, 0x73, 0xcb, 0x0f, 0xc0, 0x8c, 0x25,
972 0x96, 0xda, 0x7c, 0xf0, 0xe4, 0x9b, 0xe4, 0xb2,
973 0x98, 0xd8, 0x8c, 0xea, 0x92, 0x7a, 0xc7, 0xf5,
974 0x39, 0xf1, 0xed, 0xf2, 0x28, 0x37, 0x6d, 0x25
975};
976
977static const uint8_t hash_data_sha3_512_out1[] = {
978 0xb7, 0x51, 0x85, 0x0b, 0x1a, 0x57, 0x16, 0x8a,
979 0x56, 0x93, 0xcd, 0x92, 0x4b, 0x6b, 0x09, 0x6e,
980 0x08, 0xf6, 0x21, 0x82, 0x74, 0x44, 0xf7, 0x0d,
981 0x88, 0x4f, 0x5d, 0x02, 0x40, 0xd2, 0x71, 0x2e,
982 0x10, 0xe1, 0x16, 0xe9, 0x19, 0x2a, 0xf3, 0xc9,
983 0x1a, 0x7e, 0xc5, 0x76, 0x47, 0xe3, 0x93, 0x40,
984 0x57, 0x34, 0x0b, 0x4c, 0xf4, 0x08, 0xd5, 0xa5,
985 0x65, 0x92, 0xf8, 0x27, 0x4e, 0xec, 0x53, 0xf0
986};
987
988/*
989 * SHAKE output generated with:
990 * https://asecuritysite.com/hash/shake?m=abc&l=54
991 */
992static const uint8_t hash_data_shake128_out1[] = {
993 0x58, 0x81, 0x09, 0x2d, 0xd8, 0x18, 0xbf, 0x5c,
994 0xf8, 0xa3, 0xdd, 0xb7, 0x93, 0xfb, 0xcb, 0xa7,
995 0x40, 0x97, 0xd5, 0xc5, 0x26, 0xa6, 0xd3, 0x5f,
996 0x97, 0xb8, 0x33, 0x51, 0x94, 0x0f, 0x2c, 0xc8,
997 0x44, 0xc5, 0x0a, 0xf3, 0x2a, 0xcd, 0x3f, 0x2c,
998 0xdd, 0x06, 0x65, 0x68, 0x70, 0x6f, 0x50, 0x9b,
999 0xc1, 0xbd, 0xde, 0x58, 0x29, 0x5d
1000};
1001
1002static const uint8_t hash_data_shake256_out1[] = {
1003 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
1004 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
1005 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
1006 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
1007 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
1008 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
1009 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1
1010};
1011
Jerome Forissier3ed850a2019-12-13 10:58:23 +0100[diff] [blame]1012/*
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1013 * More SHA-3 test cases from
1014 * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing
1015 * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip
1016 */
1017
1018/* Excerpt from SHA3_224LongMsg.rsp */
1019static const uint8_t hash_data_sha3_224_in2[] = {
1020 0x31, 0xc8, 0x2d, 0x71, 0x78, 0x5b, 0x7c, 0xa6,
1021 0xb6, 0x51, 0xcb, 0x6c, 0x8c, 0x9a, 0xd5, 0xe2,
1022 0xac, 0xeb, 0x0b, 0x06, 0x33, 0xc0, 0x88, 0xd3,
1023 0x3a, 0xa2, 0x47, 0xad, 0xa7, 0xa5, 0x94, 0xff,
1024 0x49, 0x36, 0xc0, 0x23, 0x25, 0x13, 0x19, 0x82,
1025 0x0a, 0x9b, 0x19, 0xfc, 0x6c, 0x48, 0xde, 0x8a,
1026 0x6f, 0x7a, 0xda, 0x21, 0x41, 0x76, 0xcc, 0xda,
1027 0xad, 0xae, 0xef, 0x51, 0xed, 0x43, 0x71, 0x4a,
1028 0xc0, 0xc8, 0x26, 0x9b, 0xbd, 0x49, 0x7e, 0x46,
1029 0xe7, 0x8b, 0xb5, 0xe5, 0x81, 0x96, 0x49, 0x4b,
1030 0x24, 0x71, 0xb1, 0x68, 0x0e, 0x2d, 0x4c, 0x6d,
1031 0xbd, 0x24, 0x98, 0x31, 0xbd, 0x83, 0xa4, 0xd3,
1032 0xbe, 0x06, 0xc8, 0xa2, 0xe9, 0x03, 0x93, 0x39,
1033 0x74, 0xaa, 0x05, 0xee, 0x74, 0x8b, 0xfe, 0x6e,
1034 0xf3, 0x59, 0xf7, 0xa1, 0x43, 0xed, 0xf0, 0xd4,
1035 0x91, 0x8d, 0xa9, 0x16, 0xbd, 0x6f, 0x15, 0xe2,
1036 0x6a, 0x79, 0x0c, 0xff, 0x51, 0x4b, 0x40, 0xa5,
1037 0xda, 0x7f, 0x72, 0xe1, 0xed, 0x2f, 0xe6, 0x3a,
1038 0x05, 0xb8, 0x14, 0x95, 0x87, 0xbe, 0xa0, 0x56,
1039 0x53, 0x71, 0x8c, 0xc8, 0x98, 0x0e, 0xad, 0xbf,
1040 0xec, 0xa8, 0x5b, 0x7c, 0x9c, 0x28, 0x6d, 0xd0,
1041 0x40, 0x93, 0x65, 0x85, 0x93, 0x8b, 0xe7, 0xf9,
1042 0x82, 0x19, 0x70, 0x0c, 0x83, 0xa9, 0x44, 0x3c,
1043 0x28, 0x56, 0xa8, 0x0f, 0xf4, 0x68, 0x52, 0xb2,
1044 0x6d, 0x1b, 0x1e, 0xdf, 0x72, 0xa3, 0x02, 0x03,
1045 0xcf, 0x6c, 0x44, 0xa1, 0x0f, 0xa6, 0xea, 0xf1,
1046 0x92, 0x01, 0x73, 0xce, 0xdf, 0xb5, 0xc4, 0xcf,
1047 0x3a, 0xc6, 0x65, 0xb3, 0x7a, 0x86, 0xed, 0x02,
1048 0x15, 0x5b, 0xbb, 0xf1, 0x7d, 0xc2, 0xe7, 0x86,
1049 0xaf, 0x94, 0x78, 0xfe, 0x08, 0x89, 0xd8, 0x6c,
1050 0x5b, 0xfa, 0x85, 0xa2, 0x42, 0xeb, 0x08, 0x54,
1051 0xb1, 0x48, 0x2b, 0x7b, 0xd1, 0x6f, 0x67, 0xf8,
1052 0x0b, 0xef, 0x9c, 0x7a, 0x62, 0x8f, 0x05, 0xa1,
1053 0x07, 0x93, 0x6a, 0x64, 0x27, 0x3a, 0x97, 0xb0,
1054 0x08, 0x8b, 0x0e, 0x51, 0x54, 0x51, 0xf9, 0x16,
1055 0xb5, 0x65, 0x62, 0x30, 0xa1, 0x2b, 0xa6, 0xdc,
1056 0x78
1057};
1058
1059static const uint8_t hash_data_sha3_224_out2[] = {
1060 0xaa, 0xb2, 0x3c, 0x9e, 0x7f, 0xb9, 0xd7, 0xda,
1061 0xce, 0xfd, 0xfd, 0x0b, 0x1a, 0xe8, 0x5a, 0xb1,
1062 0x37, 0x4a, 0xbf, 0xf7, 0xc4, 0xe3, 0xf7, 0x55,
1063 0x6e, 0xca, 0xe4, 0x12
1064};
1065
1066/* Excerpt from SHA3_256LongMsg.rsp */
1067static const uint8_t hash_data_sha3_256_in2[] = {
1068 0xb1, 0xca, 0xa3, 0x96, 0x77, 0x1a, 0x09, 0xa1,
1069 0xdb, 0x9b, 0xc2, 0x05, 0x43, 0xe9, 0x88, 0xe3,
1070 0x59, 0xd4, 0x7c, 0x2a, 0x61, 0x64, 0x17, 0xbb,
1071 0xca, 0x1b, 0x62, 0xcb, 0x02, 0x79, 0x6a, 0x88,
1072 0x8f, 0xc6, 0xee, 0xff, 0x5c, 0x0b, 0x5c, 0x3d,
1073 0x50, 0x62, 0xfc, 0xb4, 0x25, 0x6f, 0x6a, 0xe1,
1074 0x78, 0x2f, 0x49, 0x2c, 0x1c, 0xf0, 0x36, 0x10,
1075 0xb4, 0xa1, 0xfb, 0x7b, 0x81, 0x4c, 0x05, 0x78,
1076 0x78, 0xe1, 0x19, 0x0b, 0x98, 0x35, 0x42, 0x5c,
1077 0x7a, 0x4a, 0x0e, 0x18, 0x2a, 0xd1, 0xf9, 0x15,
1078 0x35, 0xed, 0x2a, 0x35, 0x03, 0x3a, 0x5d, 0x8c,
1079 0x67, 0x0e, 0x21, 0xc5, 0x75, 0xff, 0x43, 0xc1,
1080 0x94, 0xa5, 0x8a, 0x82, 0xd4, 0xa1, 0xa4, 0x48,
1081 0x81, 0xdd, 0x61, 0xf9, 0xf8, 0x16, 0x1f, 0xc6,
1082 0xb9, 0x98, 0x86, 0x0c, 0xbe, 0x49, 0x75, 0x78,
1083 0x0b, 0xe9, 0x3b, 0x6f, 0x87, 0x98, 0x0b, 0xad,
1084 0x0a, 0x99, 0xaa, 0x2c, 0xb7, 0x55, 0x6b, 0x47,
1085 0x8c, 0xa3, 0x5d, 0x1f, 0x37, 0x46, 0xc3, 0x3e,
1086 0x2b, 0xb7, 0xc4, 0x7a, 0xf4, 0x26, 0x64, 0x1c,
1087 0xc7, 0xbb, 0xb3, 0x42, 0x5e, 0x21, 0x44, 0x82,
1088 0x03, 0x45, 0xe1, 0xd0, 0xea, 0x5b, 0x7d, 0xa2,
1089 0xc3, 0x23, 0x6a, 0x52, 0x90, 0x6a, 0xcd, 0xc3,
1090 0xb4, 0xd3, 0x4e, 0x47, 0x4d, 0xd7, 0x14, 0xc0,
1091 0xc4, 0x0b, 0xf0, 0x06, 0xa3, 0xa1, 0xd8, 0x89,
1092 0xa6, 0x32, 0x98, 0x38, 0x14, 0xbb, 0xc4, 0xa1,
1093 0x4f, 0xe5, 0xf1, 0x59, 0xaa, 0x89, 0x24, 0x9e,
1094 0x7c, 0x73, 0x8b, 0x3b, 0x73, 0x66, 0x6b, 0xac,
1095 0x2a, 0x61, 0x5a, 0x83, 0xfd, 0x21, 0xae, 0x0a,
1096 0x1c, 0xe7, 0x35, 0x2a, 0xde, 0x7b, 0x27, 0x8b,
1097 0x58, 0x71, 0x58, 0xfd, 0x2f, 0xab, 0xb2, 0x17,
1098 0xaa, 0x1f, 0xe3, 0x1d, 0x0b, 0xda, 0x53, 0x27,
1099 0x20, 0x45, 0x59, 0x80, 0x15, 0xa8, 0xae, 0x4d,
1100 0x8c, 0xec, 0x22, 0x6f, 0xef, 0xa5, 0x8d, 0xaa,
1101 0x05, 0x50, 0x09, 0x06, 0xc4, 0xd8, 0x5e, 0x75,
1102 0x67
1103};
1104
1105static const uint8_t hash_data_sha3_256_out2[] = {
1106 0xcb, 0x56, 0x48, 0xa1, 0xd6, 0x1c, 0x6c, 0x5b,
1107 0xda, 0xcd, 0x96, 0xf8, 0x1c, 0x95, 0x91, 0xde,
1108 0xbc, 0x39, 0x50, 0xdc, 0xf6, 0x58, 0x14, 0x5b,
1109 0x8d, 0x99, 0x65, 0x70, 0xba, 0x88, 0x1a, 0x05
1110};
1111
1112/* Excerpt from SHA3_384LongMsg.rsp */
1113static const uint8_t hash_data_sha3_384_in2[] = {
1114 0x5f, 0xe3, 0x59, 0x23, 0xb4, 0xe0, 0xaf, 0x7d,
1115 0xd2, 0x49, 0x71, 0x81, 0x2a, 0x58, 0x42, 0x55,
1116 0x19, 0x85, 0x0a, 0x50, 0x6d, 0xfa, 0x9b, 0x0d,
1117 0x25, 0x47, 0x95, 0xbe, 0x78, 0x57, 0x86, 0xc3,
1118 0x19, 0xa2, 0x56, 0x7c, 0xba, 0xa5, 0xe3, 0x5b,
1119 0xcf, 0x8f, 0xe8, 0x3d, 0x94, 0x3e, 0x23, 0xfa,
1120 0x51, 0x69, 0xb7, 0x3a, 0xdc, 0x1f, 0xcf, 0x8b,
1121 0x60, 0x70, 0x84, 0xb1, 0x5e, 0x6a, 0x01, 0x3d,
1122 0xf1, 0x47, 0xe4, 0x62, 0x56, 0xe4, 0xe8, 0x03,
1123 0xab, 0x75, 0xc1, 0x10, 0xf7, 0x78, 0x48, 0x13,
1124 0x6b, 0xe7, 0xd8, 0x06, 0xe8, 0xb2, 0xf8, 0x68,
1125 0xc1, 0x6c, 0x3a, 0x90, 0xc1, 0x44, 0x63, 0x40,
1126 0x70, 0x38, 0xcb, 0x7d, 0x92, 0x85, 0x07, 0x9e,
1127 0xf1, 0x62, 0xc6, 0xa4, 0x5c, 0xed, 0xf9, 0xc9,
1128 0xf0, 0x66, 0x37, 0x5c, 0x96, 0x9b, 0x5f, 0xcb,
1129 0xcd, 0xa3, 0x7f, 0x02, 0xaa, 0xcf, 0xf4, 0xf3,
1130 0x1c, 0xde, 0xd3, 0x76, 0x75, 0x70, 0x88, 0x54,
1131 0x26, 0xbe, 0xbd, 0x9e, 0xca, 0x87, 0x7e, 0x44,
1132 0x67, 0x4e, 0x9a, 0xe2, 0xf0, 0xc2, 0x4c, 0xdd,
1133 0x0e, 0x7e, 0x1a, 0xaf, 0x1f, 0xf2, 0xfe, 0x7f,
1134 0x80, 0xa1, 0xc4, 0xf5, 0x07, 0x8e, 0xb3, 0x4c,
1135 0xd4, 0xf0, 0x6f, 0xa9, 0x4a, 0x2d, 0x1e, 0xab,
1136 0x58, 0x06, 0xca, 0x43, 0xfd, 0x0f, 0x06, 0xc6,
1137 0x0b, 0x63, 0xd5, 0x40, 0x2b, 0x95, 0xc7, 0x0c,
1138 0x21, 0xea, 0x65, 0xa1, 0x51, 0xc5, 0xcf, 0xaf,
1139 0x82, 0x62, 0xa4, 0x6b, 0xe3, 0xc7, 0x22, 0x26,
1140 0x4b
1141};
1142
1143static const uint8_t hash_data_sha3_384_out2[] = {
1144 0x30, 0x54, 0xd2, 0x49, 0xf9, 0x16, 0xa6, 0x03,
1145 0x9b, 0x2a, 0x9c, 0x3e, 0xbe, 0xc1, 0x41, 0x87,
1146 0x91, 0xa0, 0x60, 0x8a, 0x17, 0x0e, 0x6d, 0x36,
1147 0x48, 0x60, 0x35, 0xe5, 0xf9, 0x26, 0x35, 0xea,
1148 0xba, 0x98, 0x07, 0x2a, 0x85, 0x37, 0x3c, 0xb5,
1149 0x4e, 0x2a, 0xe3, 0xf9, 0x82, 0xce, 0x13, 0x2b
1150};
1151
1152/* Excerpt from SHA3_512LongMsg.rsp */
1153static const uint8_t hash_data_sha3_512_in2[] = {
1154 0x66, 0x4e, 0xf2, 0xe3, 0xa7, 0x05, 0x9d, 0xaf,
1155 0x1c, 0x58, 0xca, 0xf5, 0x20, 0x08, 0xc5, 0x22,
1156 0x7e, 0x85, 0xcd, 0xcb, 0x83, 0xb4, 0xc5, 0x94,
1157 0x57, 0xf0, 0x2c, 0x50, 0x8d, 0x4f, 0x4f, 0x69,
1158 0xf8, 0x26, 0xbd, 0x82, 0xc0, 0xcf, 0xfc, 0x5c,
1159 0xb6, 0xa9, 0x7a, 0xf6, 0xe5, 0x61, 0xc6, 0xf9,
1160 0x69, 0x70, 0x00, 0x52, 0x85, 0xe5, 0x8f, 0x21,
1161 0xef, 0x65, 0x11, 0xd2, 0x6e, 0x70, 0x98, 0x89,
1162 0xa7, 0xe5, 0x13, 0xc4, 0x34, 0xc9, 0x0a, 0x3c,
1163 0xf7, 0x44, 0x8f, 0x0c, 0xae, 0xec, 0x71, 0x14,
1164 0xc7, 0x47, 0xb2, 0xa0, 0x75, 0x8a, 0x3b, 0x45,
1165 0x03, 0xa7, 0xcf, 0x0c, 0x69, 0x87, 0x3e, 0xd3,
1166 0x1d, 0x94, 0xdb, 0xef, 0x2b, 0x7b, 0x2f, 0x16,
1167 0x88, 0x30, 0xef, 0x7d, 0xa3, 0x32, 0x2c, 0x3d,
1168 0x3e, 0x10, 0xca, 0xfb, 0x7c, 0x2c, 0x33, 0xc8,
1169 0x3b, 0xbf, 0x4c, 0x46, 0xa3, 0x1d, 0xa9, 0x0c,
1170 0xff, 0x3b, 0xfd, 0x4c, 0xcc, 0x6e, 0xd4, 0xb3,
1171 0x10, 0x75, 0x84, 0x91, 0xee, 0xba, 0x60, 0x3a,
1172 0x76
1173};
1174
1175static const uint8_t hash_data_sha3_512_out2[] = {
1176 0xe5, 0x82, 0x5f, 0xf1, 0xa3, 0xc0, 0x70, 0xd5,
1177 0xa5, 0x2f, 0xbb, 0xe7, 0x11, 0x85, 0x4a, 0x44,
1178 0x05, 0x54, 0x29, 0x5f, 0xfb, 0x7a, 0x79, 0x69,
1179 0xa1, 0x79, 0x08, 0xd1, 0x01, 0x63, 0xbf, 0xbe,
1180 0x8f, 0x1d, 0x52, 0xa6, 0x76, 0xe8, 0xa0, 0x13,
1181 0x7b, 0x56, 0xa1, 0x1c, 0xdf, 0x0f, 0xfb, 0xb4,
1182 0x56, 0xbc, 0x89, 0x9f, 0xc7, 0x27, 0xd1, 0x4b,
1183 0xd8, 0x88, 0x22, 0x32, 0x54, 0x9d, 0x91, 0x4e,
1184};
1185
1186/*
1187 * More SHAKE test cases from
1188 * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing
1189 * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/shakebytetestvectors.zip
1190 */
1191
1192/* Excerpt from SHAKE128LongMsg.rsp */
1193static const uint8_t hash_data_shake128_in2[] = {
1194 0xa6, 0xfe, 0x00, 0x06, 0x42, 0x57, 0xaa, 0x31,
1195 0x8b, 0x62, 0x1c, 0x5e, 0xb3, 0x11, 0xd3, 0x2b,
1196 0xb8, 0x00, 0x4c, 0x2f, 0xa1, 0xa9, 0x69, 0xd2,
1197 0x05, 0xd7, 0x17, 0x62, 0xcc, 0x5d, 0x2e, 0x63,
1198 0x39, 0x07, 0x99, 0x26, 0x29, 0xd1, 0xb6, 0x9d,
1199 0x95, 0x57, 0xff, 0x6d, 0x5e, 0x8d, 0xeb, 0x45,
1200 0x4a, 0xb0, 0x0f, 0x6e, 0x49, 0x7c, 0x89, 0xa4,
1201 0xfe, 0xa0, 0x9e, 0x25, 0x7a, 0x6f, 0xa2, 0x07,
1202 0x4b, 0xd8, 0x18, 0xce, 0xb5, 0x98, 0x1b, 0x3e,
1203 0x3f, 0xae, 0xfd, 0x6e, 0x72, 0x0f, 0x2d, 0x1e,
1204 0xdd, 0x9c, 0x5e, 0x4a, 0x5c, 0x51, 0xe5, 0x00,
1205 0x9a, 0xbf, 0x63, 0x6e, 0xd5, 0xbc, 0xa5, 0x3f,
1206 0xe1, 0x59, 0xc8, 0x28, 0x70, 0x14, 0xa1, 0xbd,
1207 0x90, 0x4f, 0x5c, 0x8a, 0x75, 0x01, 0x62, 0x5f,
1208 0x79, 0xac, 0x81, 0xeb, 0x61, 0x8f, 0x47, 0x8c,
1209 0xe2, 0x1c, 0xae, 0x66, 0x64, 0xac, 0xff, 0xb3,
1210 0x05, 0x72, 0xf0, 0x59, 0xe1, 0xad, 0x0f, 0xc2,
1211 0x91, 0x22, 0x64, 0xe8, 0xf1, 0xca, 0x52, 0xaf,
1212 0x26, 0xc8, 0xbf, 0x78, 0xe0, 0x9d, 0x75, 0xf3,
1213 0xdd, 0x9f, 0xc7, 0x34, 0xaf, 0xa8, 0x77, 0x0a,
1214 0xbe, 0x0b, 0xd7, 0x8c, 0x90, 0xcc, 0x2f, 0xf4,
1215 0x48, 0x10, 0x5f, 0xb1, 0x6d, 0xd2, 0xc5, 0xb7,
1216 0xed, 0xd8, 0x61, 0x1a, 0x62, 0xe5, 0x37, 0xdb,
1217 0x93, 0x31, 0xf5, 0x02, 0x3e, 0x16, 0xd6, 0xec,
1218 0x15, 0x0c, 0xc6, 0xe7, 0x06, 0xd7, 0xc7, 0xfc,
1219 0xbf, 0xff, 0x93, 0x0c, 0x72, 0x81, 0x83, 0x1f,
1220 0xd5, 0xc4, 0xaf, 0xf8, 0x6e, 0xce, 0x57, 0xed,
1221 0x0d, 0xb8, 0x82, 0xf5, 0x9a, 0x5f, 0xe4, 0x03,
1222 0x10, 0x5d, 0x05, 0x92, 0xca, 0x38, 0xa0, 0x81,
1223 0xfe, 0xd8, 0x49, 0x22, 0x87, 0x3f, 0x53, 0x8e,
1224 0xe7, 0x74, 0xf1, 0x3b, 0x8c, 0xc0, 0x9b, 0xd0,
1225 0x52, 0x1d, 0xb4, 0x37, 0x4a, 0xec, 0x69, 0xf4,
1226 0xba, 0xe6, 0xdc, 0xb6, 0x64, 0x55, 0x82, 0x2c,
1227 0x0b, 0x84, 0xc9, 0x1a, 0x34, 0x74, 0xff, 0xac,
1228 0x2a, 0xd0, 0x6f, 0x0a, 0x44, 0x23, 0xcd, 0x2c,
1229 0x6a, 0x49, 0xd4, 0xf0, 0xd6, 0x24, 0x2d, 0x6a,
1230 0x18, 0x90, 0x93, 0x7b, 0x5d, 0x98, 0x35, 0xa5,
1231 0xf0, 0xea, 0x5b, 0x1d, 0x01, 0x88, 0x4d, 0x22,
1232 0xa6, 0xc1, 0x71, 0x8e, 0x1f, 0x60, 0xb3, 0xab,
1233 0x5e, 0x23, 0x29, 0x47, 0xc7, 0x6e, 0xf7, 0x0b,
1234 0x34, 0x41, 0x71, 0x08, 0x3c, 0x68, 0x80, 0x93,
1235 0xb5, 0xf1, 0x47, 0x53, 0x77, 0xe3, 0x06, 0x98,
1236 0x63
1237};
1238
1239static const uint8_t hash_data_shake128_out2[] = {
1240 0x31, 0x09, 0xd9, 0x47, 0x2c, 0xa4, 0x36, 0xe8,
1241 0x05, 0xc6, 0xb3, 0xdb, 0x22, 0x51, 0xa9, 0xbc
1242};
1243
1244/* Excerpt from SHAKE256LongMsg.rsp */
1245static const uint8_t hash_data_shake256_in2[] = {
1246 0xdc, 0x5a, 0x10, 0x0f, 0xa1, 0x6d, 0xf1, 0x58,
1247 0x3c, 0x79, 0x72, 0x2a, 0x0d, 0x72, 0x83, 0x3d,
1248 0x3b, 0xf2, 0x2c, 0x10, 0x9b, 0x88, 0x89, 0xdb,
1249 0xd3, 0x52, 0x13, 0xc6, 0xbf, 0xce, 0x20, 0x58,
1250 0x13, 0xed, 0xae, 0x32, 0x42, 0x69, 0x5c, 0xfd,
1251 0x9f, 0x59, 0xb9, 0xa1, 0xc2, 0x03, 0xc1, 0xb7,
1252 0x2e, 0xf1, 0xa5, 0x42, 0x31, 0x47, 0xcb, 0x99,
1253 0x0b, 0x53, 0x16, 0xa8, 0x52, 0x66, 0x67, 0x58,
1254 0x94, 0xe2, 0x64, 0x4c, 0x3f, 0x95, 0x78, 0xce,
1255 0xbe, 0x45, 0x1a, 0x09, 0xe5, 0x8c, 0x53, 0x78,
1256 0x8f, 0xe7, 0x7a, 0x9e, 0x85, 0x09, 0x43, 0xf8,
1257 0xa2, 0x75, 0xf8, 0x30, 0x35, 0x4b, 0x05, 0x93,
1258 0xa7, 0x62, 0xba, 0xc5, 0x5e, 0x98, 0x4d, 0xb3,
1259 0xe0, 0x66, 0x1e, 0xca, 0x3c, 0xb8, 0x3f, 0x67,
1260 0xa6, 0xfb, 0x34, 0x8e, 0x61, 0x77, 0xf7, 0xde,
1261 0xe2, 0xdf, 0x40, 0xc4, 0x32, 0x26, 0x02, 0xf0,
1262 0x94, 0x95, 0x39, 0x05, 0x68, 0x1b, 0xe3, 0x95,
1263 0x4f, 0xe4, 0x4c, 0x4c, 0x90, 0x2c, 0x8f, 0x6b,
1264 0xba, 0x56, 0x5a, 0x78, 0x8b, 0x38, 0xf1, 0x34,
1265 0x11, 0xba, 0x76, 0xce, 0x0f, 0x9f, 0x67, 0x56,
1266 0xa2, 0xa2, 0x68, 0x74, 0x24, 0xc5, 0x43, 0x5a,
1267 0x51, 0xe6, 0x2d, 0xf7, 0xa8, 0x93, 0x4b, 0x6e,
1268 0x14, 0x1f, 0x74, 0xc6, 0xcc, 0xf5, 0x39, 0xe3,
1269 0x78, 0x2d, 0x22, 0xb5, 0x95, 0x5d, 0x3b, 0xaf,
1270 0x1a, 0xb2, 0xcf, 0x7b, 0x5c, 0x3f, 0x74, 0xec,
1271 0x2f, 0x94, 0x47, 0x34, 0x4e, 0x93, 0x79, 0x57,
1272 0xfd, 0x7f, 0x0b, 0xdf, 0xec, 0x56, 0xd5, 0xd2,
1273 0x5f, 0x61, 0xcd, 0xe1, 0x8c, 0x09, 0x86, 0xe2,
1274 0x44, 0xec, 0xf7, 0x80, 0xd6, 0x30, 0x7e, 0x31,
1275 0x31, 0x17, 0x25, 0x69, 0x48, 0xd4, 0x23, 0x0e,
1276 0xbb, 0x9e, 0xa6, 0x2b, 0xb3, 0x02, 0xcf, 0xe8,
1277 0x0d, 0x7d, 0xfe, 0xba, 0xbc, 0x4a, 0x51, 0xd7,
1278 0x68, 0x79, 0x67, 0xed, 0x5b, 0x41, 0x6a, 0x13,
1279 0x9e, 0x97, 0x4c, 0x00, 0x5f, 0xff, 0x50, 0x7a,
1280 0x96
1281};
1282
1283static const uint8_t hash_data_shake256_out2[] = {
1284 0x2b, 0xac, 0x57, 0x16, 0x80, 0x3a, 0x9c, 0xda,
1285 0x8f, 0x9e, 0x84, 0x36, 0x5a, 0xb0, 0xa6, 0x81,
1286 0x32, 0x7b, 0x5b, 0xa3, 0x4f, 0xde, 0xdf, 0xb1,
1287 0xc1, 0x2e, 0x6e, 0x80, 0x7f, 0x45, 0x28, 0x4b,
1288};
1289
1290/*
Jerome Forissier3ed850a2019-12-13 10:58:23 +0100[diff] [blame]1291 * SM3
1292 * https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
Jerome Forissier9f17e262019-12-13 14:12:41 +0100[diff] [blame]1293 * Appendix A.1
Jerome Forissier3ed850a2019-12-13 10:58:23 +0100[diff] [blame]1294 */
1295static const uint8_t hash_data_sm3_a1_in[3] = "abc";
1296
1297static const uint8_t hash_data_sm3_a1_out[] = {
1298 0x66, 0xc7, 0xf0, 0xf4, 0x62, 0xee, 0xed, 0xd9,
1299 0xd1, 0xf2, 0xd4, 0x6b, 0xdc, 0x10, 0xe4, 0xe2,
1300 0x41, 0x67, 0xc4, 0x87, 0x5c, 0xf2, 0xf7, 0xa2,
1301 0x29, 0x7d, 0xa0, 0x2b, 0x8f, 0x4b, 0xa8, 0xe0
1302};
1303
1304/*
1305 * SM3
1306 * https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
Jerome Forissier9f17e262019-12-13 14:12:41 +0100[diff] [blame]1307 * Appendix A.2
Jerome Forissier3ed850a2019-12-13 10:58:23 +0100[diff] [blame]1308 */
1309static const uint8_t hash_data_sm3_a2_in[] = {
1310 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1311 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1312 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1313 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1314 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1315 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1316 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
1317 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64
1318};
1319
1320static const uint8_t hash_data_sm3_a2_out[] = {
1321 0xde, 0xbe, 0x9f, 0xf9, 0x22, 0x75, 0xb8, 0xa1,
1322 0x38, 0x60, 0x48, 0x89, 0xc1, 0x8e, 0x5a, 0x4d,
1323 0x6f, 0xdb, 0x70, 0xe5, 0x38, 0x7e, 0x57, 0x65,
1324 0x29, 0x3d, 0xcb, 0xa3, 0x9c, 0x0c, 0x57, 0x32
1325};
1326
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1327struct xtest_hash_case {
1328 uint32_t algo;
1329 size_t in_incr;
1330 const uint8_t *in;
1331 size_t in_len;
1332 const uint8_t *out;
1333 size_t out_len;
1334};
1335
1336#define XTEST_HASH_CASE(algo, in_incr, in, out) \
1337 { (algo), (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1338
1339static const struct xtest_hash_case hash_cases[] = {
1340 XTEST_HASH_CASE(TEE_ALG_MD5, 6, hash_data_md5_in1,
1341 hash_data_md5_out1),
1342 XTEST_HASH_CASE(TEE_ALG_SHA1, 3, hash_data_sha1_in1,
1343 hash_data_sha1_out1),
1344 XTEST_HASH_CASE(TEE_ALG_SHA224, 7, hash_data_sha224_in1,
1345 hash_data_sha224_out1),
1346 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in1,
1347 hash_data_sha256_out1),
1348 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in2,
1349 hash_data_sha256_out2),
1350 XTEST_HASH_CASE(TEE_ALG_SHA384, 1, hash_data_sha384_in1,
1351 hash_data_sha384_out1),
1352 XTEST_HASH_CASE(TEE_ALG_SHA512, 1, hash_data_sha512_in1,
1353 hash_data_sha512_out1),
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1354 XTEST_HASH_CASE(TEE_ALG_SHA3_224, 1, hash_data_sha3_in1,
1355 hash_data_sha3_224_out1),
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1356 XTEST_HASH_CASE(TEE_ALG_SHA3_224, 4, hash_data_sha3_224_in2,
1357 hash_data_sha3_224_out2),
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1358 XTEST_HASH_CASE(TEE_ALG_SHA3_256, 1, hash_data_sha3_in1,
1359 hash_data_sha3_256_out1),
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1360 XTEST_HASH_CASE(TEE_ALG_SHA3_256, 4, hash_data_sha3_256_in2,
1361 hash_data_sha3_256_out2),
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1362 XTEST_HASH_CASE(TEE_ALG_SHA3_384, 1, hash_data_sha3_in1,
1363 hash_data_sha3_384_out1),
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1364 XTEST_HASH_CASE(TEE_ALG_SHA3_384, 4, hash_data_sha3_384_in2,
1365 hash_data_sha3_384_out2),
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1366 XTEST_HASH_CASE(TEE_ALG_SHA3_512, 1, hash_data_sha3_in1,
1367 hash_data_sha3_512_out1),
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1368 XTEST_HASH_CASE(TEE_ALG_SHA3_512, 4, hash_data_sha3_512_in2,
1369 hash_data_sha3_512_out2),
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1370 XTEST_HASH_CASE(TEE_ALG_SHAKE128, 1, hash_data_sha3_in1,
1371 hash_data_shake128_out1),
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1372 XTEST_HASH_CASE(TEE_ALG_SHAKE128, 4, hash_data_shake128_in2,
1373 hash_data_shake128_out2),
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1374 XTEST_HASH_CASE(TEE_ALG_SHAKE256, 1, hash_data_sha3_in1,
1375 hash_data_shake256_out1),
Matthew Shyu9d4c4fb2024-07-01 03:33:36 -0700[diff] [blame^]1376 XTEST_HASH_CASE(TEE_ALG_SHAKE256, 4, hash_data_shake256_in2,
1377 hash_data_shake256_out2),
Jerome Forissier3ed850a2019-12-13 10:58:23 +0100[diff] [blame]1378 XTEST_HASH_CASE(TEE_ALG_SM3, 2, hash_data_sm3_a1_in,
1379 hash_data_sm3_a1_out),
1380 XTEST_HASH_CASE(TEE_ALG_SM3, 19, hash_data_sm3_a2_in,
1381 hash_data_sm3_a2_out),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1382};
1383
1384static void xtest_tee_test_4001(ADBG_Case_t *c)
1385{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]1386 TEEC_Session session = { };
1387 uint32_t ret_orig = 0;
1388 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1389
1390 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1391 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1392 &ret_orig)))
1393 return;
1394
1395
1396 for (n = 0; n < ARRAY_SIZE(hash_cases); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]1397 TEE_OperationHandle op1 = TEE_HANDLE_NULL;
1398 TEE_OperationHandle op2 = TEE_HANDLE_NULL;
1399 uint8_t out[64] = { };
1400 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1401
Jerome Forissier87b00c02020-01-22 16:33:12 +0100[diff] [blame]1402 if (hash_cases[n].algo == TEE_ALG_SM3 &&
1403 !ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_SM3,
1404 TEE_CRYPTO_ELEMENT_NONE)) {
1405 Do_ADBG_Log("SM3 not supported: skip subcase");
1406 continue;
1407 }
1408
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1409 Do_ADBG_BeginSubCase(c, "Hash case %d algo 0x%x",
1410 (int)n, (unsigned int)hash_cases[n].algo);
1411
1412 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1413 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1414 hash_cases[n].algo,
1415 TEE_MODE_DIGEST, 0)))
1416 goto out;
1417
1418 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1419 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1420 hash_cases[n].algo,
1421 TEE_MODE_DIGEST, 0)))
1422 goto out;
1423
1424 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1425 ta_crypt_cmd_digest_update(c, &session, op1,
1426 hash_cases[n].in,
1427 hash_cases[n].in_incr)))
1428 goto out;
1429
1430 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1431 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1432 goto out;
1433
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1434 out_size = hash_cases[n].out_len;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1435 memset(out, 0, sizeof(out));
1436 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1437 ta_crypt_cmd_digest_do_final(c, &session, op2,
1438 hash_cases[n].in + hash_cases[n].in_incr,
1439 hash_cases[n].in_len - hash_cases[n].in_incr,
1440 out, &out_size)))
1441 goto out;
1442
1443 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1444 hash_cases[n].out_len, out, out_size);
1445
1446 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1447 ta_crypt_cmd_reset_operation(c, &session, op1)))
1448 goto out;
1449
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1450 out_size = hash_cases[n].out_len;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1451 memset(out, 0, sizeof(out));
1452 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1453 ta_crypt_cmd_digest_do_final(c, &session, op1,
1454 hash_cases[n].in,
1455 hash_cases[n].in_len, out,
1456 &out_size)))
1457 goto out;
1458
1459 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1460 hash_cases[n].out_len, out, out_size);
1461
Jerome Forissier1e05e262015-07-29 16:09:07 +0200[diff] [blame]1462 /*
1463 * Invoke TEE_DigestDoFinal() a second time to check that state
1464 * was properly reset
1465 */
Jens Wiklander72967ae2022-12-07 08:07:43 +0100[diff] [blame]1466 out_size = hash_cases[n].out_len;
Jerome Forissier1e05e262015-07-29 16:09:07 +0200[diff] [blame]1467 memset(out, 0, sizeof(out));
1468 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1469 ta_crypt_cmd_digest_do_final(c, &session, op1,
1470 hash_cases[n].in,
1471 hash_cases[n].in_len, out,
1472 &out_size)))
1473 goto out;
1474
1475 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1476 hash_cases[n].out_len, out, out_size);
1477
Jens Wiklander92aded22022-12-07 09:43:56 +0100[diff] [blame]1478 /*
1479 * Test that TEE_DigestExtract() and TEE_DigestDoFinal()
1480 * work together.
1481 */
1482
1483 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1484 ta_crypt_cmd_digest_update(c, &session, op1,
1485 hash_cases[n].in,
1486 hash_cases[n].in_len)))
1487 goto out;
1488
1489 out_size = hash_cases[n].in_incr;
1490 memset(out, 0, sizeof(out));
1491 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1492 ta_crypt_cmd_digest_extract(c, &session, op1,
1493 out, &out_size)))
1494 goto out;
1495 ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1496 hash_cases[n].in_incr, out, out_size);
1497
1498 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1499 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1500 goto out;
1501
1502 out_size = hash_cases[n].out_len - hash_cases[n].in_incr;
1503 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1504 ta_crypt_cmd_digest_do_final(c, &session, op1,
1505 NULL, 0, out, &out_size)))
1506 goto out;
1507 ADBG_EXPECT_BUFFER(c, hash_cases[n].out + hash_cases[n].in_incr,
1508 hash_cases[n].out_len -
1509 hash_cases[n].in_incr, out, out_size);
1510
1511 out_size = hash_cases[n].out_len - hash_cases[n].in_incr;
1512 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1513 ta_crypt_cmd_digest_extract(c, &session, op2,
1514 out, &out_size)))
1515 goto out;
1516 ADBG_EXPECT_BUFFER(c, hash_cases[n].out + hash_cases[n].in_incr,
1517 hash_cases[n].out_len -
1518 hash_cases[n].in_incr, out, out_size);
1519
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1520 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1521 ta_crypt_cmd_free_operation(c, &session, op1)))
1522 goto out;
1523
1524 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1525 ta_crypt_cmd_free_operation(c, &session, op2)))
1526 goto out;
1527
1528 Do_ADBG_EndSubCase(c, NULL);
1529 }
1530
1531out:
1532 TEEC_CloseSession(&session);
1533}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]1534ADBG_CASE_DEFINE(regression, 4001, xtest_tee_test_4001,
1535 "Test TEE Internal API hash operations");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1536
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1537struct xtest_mac_case {
1538 uint32_t algo;
1539 uint32_t key_type;
1540 const uint8_t *key;
1541 size_t key_len;
1542 size_t in_incr;
1543 const uint8_t *in;
1544 size_t in_len;
1545 const uint8_t *out;
1546 size_t out_len;
Jerome Forissier3dec7442019-01-30 17:50:05 +0100[diff] [blame]1547 bool multiple_incr;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1548};
1549
Jerome Forissier3dec7442019-01-30 17:50:05 +0100[diff] [blame]1550#define XTEST_MAC_CASE_1(algo, key_type, key, in_incr, in, out) \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1551 { (algo), (key_type), (key), ARRAY_SIZE(key), \
Jerome Forissier3dec7442019-01-30 17:50:05 +0100[diff] [blame]1552 (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out), false }
1553
1554#define XTEST_MAC_CASE_MULT(algo, key_type, key, in_incr, in, out) \
1555 { (algo), (key_type), (key), ARRAY_SIZE(key), \
1556 (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out), true }
1557
1558#define XTEST_MAC_CASE(algo, key_type, key, in_incr, in, out) \
1559 XTEST_MAC_CASE_1((algo), (key_type), (key), (in_incr), (in), (out)), \
1560 XTEST_MAC_CASE_MULT((algo), (key_type), (key), (in_incr), (in), (out))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1561
1562#define XTEST_MAC_CBC_CASE(algo, key_type, vect, in_incr) \
1563 XTEST_MAC_CASE((algo), (key_type), \
1564 mac_cbc_ ## vect ## _key, (in_incr), \
1565 mac_cbc_ ## vect ## _data, mac_cbc_ ## vect ## _out)
1566
1567#define XTEST_MAC_CMAC_CASE(vect, in_incr) \
1568 XTEST_MAC_CASE(TEE_ALG_AES_CMAC, TEE_TYPE_AES, \
1569 mac_cmac_ ## vect ## _key, (in_incr), \
1570 mac_cmac_ ## vect ## _data, mac_cmac_ ## vect ## _out)
1571
Alexander Zakharov0afe00c2021-02-10 19:06:48 +0100[diff] [blame]1572#define XTEST_MAC_DES3_CMAC_CASE(vect, in_incr) \
1573 XTEST_MAC_CASE(TEE_ALG_DES3_CMAC, TEE_TYPE_DES3, \
1574 mac_des3_cmac_ ## vect ## _key, (in_incr), \
1575 mac_des3_cmac_ ## vect ## _data, mac_des3_cmac_ ## vect ## _out)
1576
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1577static const struct xtest_mac_case mac_cases[] = {
1578 XTEST_MAC_CASE(TEE_ALG_HMAC_MD5, TEE_TYPE_HMAC_MD5,
1579 mac_data_md5_key1,
1580 4, mac_data_md5_in1, mac_data_md5_out1),
1581 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA1, TEE_TYPE_HMAC_SHA1,
1582 mac_data_sha1_key1,
1583 5, mac_data_sha1_in1, mac_data_sha1_out1),
1584 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA224, TEE_TYPE_HMAC_SHA224,
1585 mac_data_sha224_key1,
1586 8, mac_data_sha224_in1, mac_data_sha224_out1),
1587 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1588 mac_data_sha256_key1,
1589 1, mac_data_sha256_in1, mac_data_sha256_out1),
1590 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1591 mac_data_sha256_key2,
1592 7, mac_data_sha256_in2, mac_data_sha256_out2),
1593 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA384, TEE_TYPE_HMAC_SHA384,
1594 mac_data_sha384_key1,
1595 11, mac_data_sha384_in1, mac_data_sha384_out1),
1596 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA512, TEE_TYPE_HMAC_SHA512,
1597 mac_data_sha512_key1,
1598 13, mac_data_sha512_in1, mac_data_sha512_out1),
Jens Wiklander16de19d2022-12-09 18:00:08 +0100[diff] [blame]1599 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA3_224, TEE_TYPE_HMAC_SHA3_224,
1600 mac_data_sha3_224_key1,
1601 13, mac_data_sha3_224_in1, mac_data_sha3_224_out1),
1602 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA3_256, TEE_TYPE_HMAC_SHA3_256,
1603 mac_data_sha3_256_key1,
1604 13, mac_data_sha3_256_in1, mac_data_sha3_256_out1),
1605 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA3_384, TEE_TYPE_HMAC_SHA3_384,
1606 mac_data_sha3_384_key1,
1607 13, mac_data_sha3_384_in1, mac_data_sha3_384_out1),
1608 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA3_512, TEE_TYPE_HMAC_SHA3_512,
1609 mac_data_sha3_512_key1,
1610 13, mac_data_sha3_512_in1, mac_data_sha3_512_out1),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1611
1612 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_NOPAD, TEE_TYPE_AES, vect1, 14),
1613 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_NOPAD, TEE_TYPE_DES, vect2, 16),
1614 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_NOPAD, TEE_TYPE_DES3, vect3,
1615 17),
1616 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect4, 11),
1617 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect5, 9),
1618 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect6, 4),
1619 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect7, 3),
1620 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect8, 23),
1621 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect9,
1622 34),
Pascal Brand5c3d8092015-07-23 08:20:26 +0200[diff] [blame]1623 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect10, 4),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1624
1625 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect1_key,
1626 ARRAY_SIZE(mac_cmac_vect1_key), 0, NULL, 0, mac_cmac_vect1_out,
1627 ARRAY_SIZE(mac_cmac_vect1_out) },
1628 XTEST_MAC_CMAC_CASE(vect2, 9),
1629 XTEST_MAC_CMAC_CASE(vect3, 9),
1630 XTEST_MAC_CMAC_CASE(vect4, 9),
1631 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect5_key,
1632 ARRAY_SIZE(mac_cmac_vect5_key), 0, NULL, 0, mac_cmac_vect5_out,
1633 ARRAY_SIZE(mac_cmac_vect5_out) },
1634 XTEST_MAC_CMAC_CASE(vect6, 9),
1635 XTEST_MAC_CMAC_CASE(vect7, 9),
1636 XTEST_MAC_CMAC_CASE(vect8, 9),
1637 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect9_key,
1638 ARRAY_SIZE(mac_cmac_vect9_key), 0, NULL, 0, mac_cmac_vect9_out,
1639 ARRAY_SIZE(mac_cmac_vect9_out) },
1640 XTEST_MAC_CMAC_CASE(vect10, 9),
1641 XTEST_MAC_CMAC_CASE(vect11, 9),
1642 XTEST_MAC_CMAC_CASE(vect12, 9),
Clement Faure21b347a2021-04-29 13:06:55 +0200[diff] [blame]1643 XTEST_MAC_CMAC_CASE(vect12, 16),
Olivier Massea40266a2023-07-19 10:34:03 +0200[diff] [blame]1644 XTEST_MAC_CMAC_CASE(vect13, 1),
Jerome Forissier9f17e262019-12-13 14:12:41 +0100[diff] [blame]1645
Alexander Zakharov0afe00c2021-02-10 19:06:48 +0100[diff] [blame]1646 { TEE_ALG_DES3_CMAC, TEE_TYPE_DES3, mac_des3_cmac_vect1_key,
1647 ARRAY_SIZE(mac_des3_cmac_vect1_key), 0, NULL, 0, mac_des3_cmac_vect1_out,
1648 ARRAY_SIZE(mac_des3_cmac_vect1_out) },
1649 XTEST_MAC_DES3_CMAC_CASE(vect2, 3),
1650 XTEST_MAC_DES3_CMAC_CASE(vect3, 9),
1651 XTEST_MAC_DES3_CMAC_CASE(vect4, 9),
1652 { TEE_ALG_DES3_CMAC, TEE_TYPE_DES3, mac_des3_cmac_vect5_key,
1653 ARRAY_SIZE(mac_des3_cmac_vect5_key), 0, NULL, 0, mac_des3_cmac_vect5_out,
1654 ARRAY_SIZE(mac_des3_cmac_vect5_out) },
1655 XTEST_MAC_DES3_CMAC_CASE(vect6, 3),
1656 XTEST_MAC_DES3_CMAC_CASE(vect7, 5),
1657 XTEST_MAC_DES3_CMAC_CASE(vect8, 9),
1658
Jerome Forissier9f17e262019-12-13 14:12:41 +0100[diff] [blame]1659 XTEST_MAC_CASE(TEE_ALG_HMAC_SM3, TEE_TYPE_HMAC_SM3,
1660 mac_data_sm3_d31_key,
1661 13, mac_data_sm3_d31_in, mac_data_sm3_d31_out),
1662 XTEST_MAC_CASE(TEE_ALG_HMAC_SM3, TEE_TYPE_HMAC_SM3,
1663 mac_data_sm3_d32_key,
1664 13, mac_data_sm3_d32_in, mac_data_sm3_d32_out),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1665};
1666
1667static void xtest_tee_test_4002(ADBG_Case_t *c)
1668{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]1669 TEEC_Session session = { };
1670 TEE_OperationHandle op1 = TEE_HANDLE_NULL;
1671 TEE_OperationHandle op2 = TEE_HANDLE_NULL;
Jerome Forissier4f419512021-07-07 14:56:10 +0200[diff] [blame]1672 TEE_OperationHandle op3 = TEE_HANDLE_NULL;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]1673 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
1674 uint8_t out[64] = { };
1675 size_t out_size = 0;
1676 uint32_t ret_orig = 0;
1677 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1678
1679 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1680 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1681 &ret_orig)))
1682 return;
1683
1684 for (n = 0; n < ARRAY_SIZE(mac_cases); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]1685 TEE_Attribute key_attr = { };
1686 size_t key_size = 0;
1687 size_t offs = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1688
1689 Do_ADBG_BeginSubCase(c, "MAC case %d algo 0x%x",
1690 (int)n, (unsigned int)mac_cases[n].algo);
1691
1692 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
1693 key_attr.content.ref.buffer = (void *)mac_cases[n].key;
1694 key_attr.content.ref.length = mac_cases[n].key_len;
1695
1696 key_size = key_attr.content.ref.length * 8;
1697 if (mac_cases[n].key_type == TEE_TYPE_DES ||
1698 mac_cases[n].key_type == TEE_TYPE_DES3)
1699 /* Exclude parity in bit size of key */
1700 key_size -= key_size / 8;
1701
1702 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1703 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1704 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1705 goto out;
1706
1707 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1708 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1709 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1710 goto out;
1711
1712 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Jerome Forissier4f419512021-07-07 14:56:10 +0200[diff] [blame]1713 ta_crypt_cmd_allocate_operation(c, &session, &op3,
1714 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1715 goto out;
1716
1717 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1718 ta_crypt_cmd_allocate_transient_object(c, &session,
1719 mac_cases[n].key_type, key_size, &key_handle)))
1720 goto out;
1721
1722 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1723 ta_crypt_cmd_populate_transient_object(c, &session,
1724 key_handle, &key_attr, 1)))
1725 goto out;
1726
1727 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1728 ta_crypt_cmd_set_operation_key(c, &session, op1,
1729 key_handle)))
1730 goto out;
1731
1732 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1733 ta_crypt_cmd_free_transient_object(c, &session,
1734 key_handle)))
1735 goto out;
1736
1737 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1738 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1739 goto out;
1740
Jerome Forissier4f419512021-07-07 14:56:10 +0200[diff] [blame]1741 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1742 ta_crypt_cmd_copy_operation(c, &session, op3, op1)))
1743 goto out;
1744
Jerome Forissier3dec7442019-01-30 17:50:05 +0100[diff] [blame]1745 offs = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1746 if (mac_cases[n].in != NULL) {
Jerome Forissier3dec7442019-01-30 17:50:05 +0100[diff] [blame]1747 while (offs + mac_cases[n].in_incr <
1748 mac_cases[n].in_len) {
1749 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1750 ta_crypt_cmd_mac_update(c, &session,
1751 op1, mac_cases[n].in + offs,
1752 mac_cases[n].in_incr)))
1753 goto out;
1754 offs += mac_cases[n].in_incr;
1755 if (!mac_cases[n].multiple_incr)
1756 break;
1757 }
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1758 }
1759
1760 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1761 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1762 goto out;
1763
1764 out_size = sizeof(out);
1765 memset(out, 0, sizeof(out));
1766 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1767 ta_crypt_cmd_mac_final_compute(c, &session, op2,
Jerome Forissier3dec7442019-01-30 17:50:05 +0100[diff] [blame]1768 mac_cases[n].in + offs,
1769 mac_cases [n].in_len - offs,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1770 out, &out_size)))
1771 goto out;
1772
1773 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1774 mac_cases[n].out_len, out, out_size);
1775
1776 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1777 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1778 goto out;
1779
1780 out_size = sizeof(out);
1781 memset(out, 0, sizeof(out));
1782 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1783 ta_crypt_cmd_mac_final_compute(c, &session, op1,
1784 mac_cases[n].in, mac_cases[n].in_len, out,
1785 &out_size)))
1786 goto out;
1787
1788 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1789 mac_cases[n].out_len, out, out_size);
1790
1791 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Jerome Forissier4f419512021-07-07 14:56:10 +0200[diff] [blame]1792 ta_crypt_cmd_mac_final_compare(c, &session, op3,
1793 mac_cases[n].in, mac_cases[n].in_len,
1794 mac_cases[n].out, mac_cases[n].out_len)))
1795 goto out;
1796
1797 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1798 ta_crypt_cmd_free_operation(c, &session, op1)))
1799 goto out;
1800
1801 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1802 ta_crypt_cmd_free_operation(c, &session, op2)))
1803 goto out;
1804
Jerome Forissier4f419512021-07-07 14:56:10 +0200[diff] [blame]1805 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1806 ta_crypt_cmd_free_operation(c, &session, op3)))
1807 goto out;
1808
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1809 Do_ADBG_EndSubCase(c, NULL);
1810 }
1811out:
1812 TEEC_CloseSession(&session);
1813}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]1814ADBG_CASE_DEFINE(regression, 4002, xtest_tee_test_4002,
1815 "Test TEE Internal API MAC operations");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1816
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1817static const uint8_t ciph_data_aes_key1[] = {
1818 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1819 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1820};
1821
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]1822static const uint8_t ciph_data_aes_key2[] = {
1823 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1824 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1825};
1826
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1827static const uint8_t ciph_data_des_key1[] = {
1828 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 /* 01234567 */
1829};
1830
1831static const uint8_t ciph_data_des_key2[] = {
1832 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1833};
1834
1835
1836static const uint8_t ciph_data_des3_key1[] = {
1837 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1838 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1839 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1840};
1841
1842static const uint8_t ciph_data_des3_key2[] = {
1843 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1844 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1845 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1846};
1847
1848static const uint8_t ciph_data_des2_key1[] = {
1849 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1850 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1851};
1852
1853static const uint8_t ciph_data_in1[] = {
1854 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1855 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1856 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1857 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1858 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1859 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, /* CDEF0123 */
1860};
1861
1862static const uint8_t ciph_data_in3[] = {
1863 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1864 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1865 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1866 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1867 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1868 0x43, 0x44, 0x45, 0x46, 0x30, /* CDEF0 */
1869};
1870
Jerome Forissier45218eb2018-04-11 13:03:26 +0200[diff] [blame]1871static const uint8_t ciph_data_in4[] = {
1872 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1873 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1874 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1875 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1876 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1877 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, /* CDEF0123 */
1878 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1879 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1880};
1881
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]1882static const uint8_t ciph_data_in5[] = {
1883 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1884 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1885 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1886 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1887 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1888 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1889 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1890 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
Jerome Forissierbf9009e2018-06-05 18:44:42 +0200[diff] [blame]1891 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1892 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]1893 0x01, 0x01, 0x01
1894};
1895
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1896static const uint8_t ciph_data_128_iv1[] = {
1897 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1898 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, /* 9ABCDEF0 */
1899};
1900
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]1901static const uint8_t ciph_data_128_iv2[] = {
1902 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
1903 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
1904};
1905
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1906static const uint8_t ciph_data_64_iv1[] = {
1907 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1908};
1909
1910static const uint8_t ciph_data_in2[] = {
1911 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
1912};
1913
1914static const uint8_t ciph_data_aes_ecb_nopad_out1[] = {
1915 0xA5, 0xBE, 0x14, 0xD5, 0x01, 0x05, 0x24, 0x48, /* ......$H */
1916 0x58, 0x1A, 0x6B, 0x82, 0xD4, 0x41, 0xD2, 0xB3, /* X.k..A.. */
1917 0xBB, 0xF9, 0xAE, 0x37, 0x94, 0xAC, 0x18, 0x50, /* ...7...P */
1918 0x87, 0x09, 0xCC, 0x3F, 0x43, 0xD2, 0xC2, 0xB7, /* ...?C... */
1919 0xD7, 0x6F, 0x84, 0x07, 0xB4, 0x78, 0xCE, 0x34, /* .o...x.4 */
1920 0x48, 0xC9, 0x16, 0x86, 0x42, 0xB8, 0xFF, 0xCF, /* H...B... */
1921};
1922
1923static const uint8_t ciph_data_aes_cbc_nopad_out1[] = {
1924 0x8D, 0x9F, 0x88, 0xD8, 0xAF, 0x9F, 0xC1, 0x3B, /* .......; */
1925 0x02, 0x15, 0x43, 0x6A, 0x8C, 0x1E, 0x34, 0x5C, /* ..Cj..4\ */
1926 0x83, 0xF4, 0x85, 0x3E, 0x43, 0x0F, 0xE5, 0x5F, /* ...>C.._ */
1927 0x81, 0x4C, 0xC0, 0x28, 0x3F, 0xD9, 0x98, 0x53, /* .L.(?..S */
1928 0xB1, 0x44, 0x51, 0x38, 0x21, 0xAB, 0x10, 0xCE, /* .DQ8!... */
1929 0xC2, 0xEC, 0x65, 0x54, 0xDD, 0x5C, 0xEA, 0xDC, /* ..eT.\.. */
1930};
1931
1932static const uint8_t ciph_data_aes_ctr_out1[] = {
1933 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1934 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1935 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1936 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1937 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1938 0x72, 0x0E, 0x3C, 0xD1, 0xA1, 0x2F, 0x5D, 0x33, /* r.<../]3 */
1939};
1940
1941static const uint8_t ciph_data_aes_ctr_out2[] = {
1942 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1943 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1944 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1945 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1946 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1947 0x72, 0x0E, 0x3C, 0xD1, 0xA1, /* r.<.. */
1948};
1949
Jerome Forissier45218eb2018-04-11 13:03:26 +0200[diff] [blame]1950static const uint8_t ciph_data_aes_ctr_out4[] = {
1951 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1952 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1953 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1954 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1955 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1956 0x72, 0x0E, 0x3C, 0xD1, 0xA1, 0x2F, 0x5D, 0x33, /* r.<../]3 */
1957 0x9F, 0xD7, 0x0C, 0x92, 0xD4, 0xA5, 0x9D, 0x06, /* ........ */
1958 0x01, 0x80, 0x38, 0xCD, 0xC2, 0x71, 0x5D, 0x4A, /* ..8..q]J */
1959};
1960
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]1961static const uint8_t ciph_data_aes_ctr_out5[] = {
1962 0xbb, 0xfe, 0x07, 0x04, 0x1c, 0x8e, 0x09, 0x61,
1963 0xfb, 0xb1, 0x7c, 0xa5, 0x4d, 0x2b, 0x30, 0xf6,
1964 0x26, 0x9e, 0xff, 0x61, 0x18, 0x47, 0xc6, 0x06,
1965 0x81, 0x02, 0x84, 0xcd, 0x9c, 0x4b, 0x6d, 0x21,
1966 0xe2, 0x64, 0xa6, 0x50, 0x7f, 0x28, 0x81, 0x6f,
1967 0x29, 0xda, 0xd5, 0x56, 0x3f, 0x46, 0xac, 0xca,
1968 0x37, 0xe7, 0x77, 0x36, 0xbc, 0x76, 0x39, 0x57,
1969 0xaa, 0x67, 0x1b, 0x2a, 0xe6, 0x36, 0x57, 0x6d,
Jerome Forissierbf9009e2018-06-05 18:44:42 +0200[diff] [blame]1970 0x2a, 0xb8, 0x77, 0x41, 0xc2, 0x4e, 0x4f, 0x27,
1971 0x4c, 0x34, 0x7a, 0x01, 0x6a, 0xda, 0x75, 0x75,
1972 0x3e, 0x68, 0xb2
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]1973};
1974
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1975static const uint8_t ciph_data_aes_cbc_vect1_key[] = {
1976 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1977 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1978};
1979
1980static const uint8_t ciph_data_aes_cbc_vect1_iv[] = {
1981 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1982 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1983};
1984
1985static const uint8_t ciph_data_aes_cbc_vect1_ptx[] = {
1986 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1987 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1988 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1989 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1990 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1991 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1992 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1993 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1994 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1995 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1996 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1997 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1998 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1999 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
2000 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
2001 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
2002 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
2003 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
2004 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
2005 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
2006};
2007
2008static const uint8_t ciph_data_aes_cbc_vect1_ctx[] = {
2009 0xDD, 0x16, 0xC3, 0x47, 0x69, 0xEC, 0xF5, 0x86, /* ...Gi... */
2010 0x20, 0xB4, 0xF7, 0xE3, 0xB9, 0x36, 0xE8, 0xAC, /* ....6.. */
2011 0xC9, 0xA2, 0x11, 0x71, 0x3B, 0x10, 0x9D, 0x45, /* ...q;..E */
2012 0xCA, 0xE2, 0x49, 0xA6, 0x4E, 0x56, 0x07, 0xC5, /* ..I.NV.. */
2013 0xCE, 0xA3, 0x14, 0xB5, 0x30, 0x1B, 0x63, 0xBB, /* ....0.c. */
2014 0x2D, 0x6F, 0xE9, 0xCA, 0x0B, 0x00, 0x31, 0x3F, /* -o....1? */
2015 0xA4, 0x9A, 0x39, 0xE1, 0xC8, 0xD2, 0x24, 0x95, /* ..9...$. */
2016 0x14, 0xE9, 0xD2, 0x43, 0xE8, 0xA8, 0x1E, 0x0A, /* ...C.... */
2017 0xFE, 0x9D, 0x4F, 0xF5, 0xBB, 0x16, 0xB9, 0x54, /* ..O....T */
2018 0x78, 0x07, 0x94, 0x05, 0x8E, 0x47, 0xC3, 0xCB, /* x....G.. */
2019 0x7C, 0xEC, 0xF4, 0xF8, 0xF2, 0xA4, 0x59, 0x6E, /* |.....Yn */
2020 0xED, 0xAD, 0x7F, 0x62, 0xAF, 0x89, 0xA8, 0x5B, /* ...b...[ */
2021 0x75, 0xD4, 0x73, 0xE3, 0xBA, 0x9F, 0x9A, 0xD2, /* u.s..... */
2022 0x0F, 0xFD, 0x3C, 0xE6, 0xC6, 0xA4, 0xD6, 0x6C, /* ..<....l */
2023 0x6A, 0x09, 0xE2, 0x16, 0xB0, 0x8C, 0x69, 0x3C, /* j.....i< */
2024 0xC8, 0x1C, 0xE4, 0x3E, 0x86, 0x4D, 0xB0, 0x2B, /* ...>.M.+ */
2025 0x29, 0xA0, 0x5A, 0xA3, 0x67, 0xBA, 0xDC, 0x11, /* ).Z.g... */
2026 0x08, 0x5E, 0x69, 0xB4, 0x6F, 0xA5, 0xE2, 0xB8, /* .^i.o... */
2027 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
2028 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
2029};
2030
2031/* AES-CTS test vectors from http://tools.ietf.org/html/rfc3962
2032 * and http://tools.ietf.org/html/draft-raeburn-krb-rijndael-krb-02 */
2033static const uint8_t ciph_data_aes_cts_vect1_key[] = {
2034 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
2035 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
2036};
2037
2038static const uint8_t ciph_data_aes_cts_vect1_iv[16] = {
2039 0x00
2040};
2041
2042static const uint8_t ciph_data_aes_cts_vect1_ptx[] = {
2043 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2044 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2045 0x20
2046};
2047
2048static const uint8_t ciph_data_aes_cts_vect1_ctx[] = {
2049 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
2050 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
2051 0x97
2052};
2053
2054#define ciph_data_aes_cts_vect2_key ciph_data_aes_cts_vect1_key
2055#define ciph_data_aes_cts_vect2_iv ciph_data_aes_cts_vect1_iv
2056static const uint8_t ciph_data_aes_cts_vect2_ptx[] = {
2057 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2058 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2059 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2060 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
2061};
2062
2063static const uint8_t ciph_data_aes_cts_vect2_ctx[] = {
2064 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
2065 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
2066 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2067 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
2068};
2069
2070#define ciph_data_aes_cts_vect3_key ciph_data_aes_cts_vect1_key
2071#define ciph_data_aes_cts_vect3_iv ciph_data_aes_cts_vect1_iv
2072static const uint8_t ciph_data_aes_cts_vect3_ptx[] = {
2073 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2074 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2075 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2076 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2077};
2078
2079static const uint8_t ciph_data_aes_cts_vect3_ctx[] = {
2080 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2081 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2082 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2083 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2084};
2085
2086#define ciph_data_aes_cts_vect4_key ciph_data_aes_cts_vect1_key
2087#define ciph_data_aes_cts_vect4_iv ciph_data_aes_cts_vect1_iv
2088static const uint8_t ciph_data_aes_cts_vect4_ptx[] = {
2089 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2090 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2091 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2092 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2093 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2094 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c,
2095};
2096
2097static const uint8_t ciph_data_aes_cts_vect4_ctx[] = {
2098 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2099 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2100 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
2101 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
2102 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2103 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5,
2104};
2105
2106#define ciph_data_aes_cts_vect5_key ciph_data_aes_cts_vect1_key
2107#define ciph_data_aes_cts_vect5_iv ciph_data_aes_cts_vect1_iv
2108static const uint8_t ciph_data_aes_cts_vect5_ptx[] = {
2109 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2110 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2111 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2112 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2113 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2114 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2115};
2116
2117static const uint8_t ciph_data_aes_cts_vect5_ctx[] = {
2118 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2119 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2120 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2121 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2122 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2123 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2124};
2125
2126#define ciph_data_aes_cts_vect6_key ciph_data_aes_cts_vect1_key
2127#define ciph_data_aes_cts_vect6_iv ciph_data_aes_cts_vect1_iv
2128static const uint8_t ciph_data_aes_cts_vect6_ptx[] = {
2129 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2130 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2131 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2132 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2133 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2134 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2135 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
2136 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e,
2137};
2138
2139static const uint8_t ciph_data_aes_cts_vect6_ctx[] = {
2140 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2141 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2142 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2143 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2144 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
2145 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
2146 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2147 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2148};
2149
Jerome Forissiered00e162017-01-20 09:22:52 +0100[diff] [blame]2150/*
2151 * Test case for https://github.com/OP-TEE/optee_os/issues/1203
2152 * 80 bytes of data, processed in two steps (32 + 48).
2153 */
2154
2155#define ciph_data_aes_cts_issue1203_key ciph_data_aes_cts_vect1_key
2156
2157static const uint8_t ciph_data_aes_cts_issue1203_iv[] = {
2158 0x5b, 0x11, 0x7b, 0xf9, 0x83, 0x6a, 0x01, 0x27,
2159 0x1d, 0x2a, 0xae, 0x0a, 0xd3, 0x27, 0x35, 0x81,
2160};
2161
2162static const uint8_t ciph_data_aes_cts_issue1203_ptx[] = {
2163 0x33, 0x2a, 0xf4, 0x8c, 0x18, 0xa1, 0x30, 0x7c,
2164 0xa7, 0x52, 0x76, 0xca, 0xa6, 0x68, 0xad, 0xf6,
2165 0x1e, 0xba, 0xc9, 0x66, 0x66, 0x52, 0x1a, 0xe7,
2166 0x3e, 0xbc, 0xba, 0x60, 0x95, 0x71, 0x04, 0x5e,
2167 0xb4, 0xb7, 0x10, 0xd7, 0x93, 0x6d, 0x5f, 0x9a,
2168 0xb8, 0xbb, 0x6b, 0xb0, 0x6d, 0x47, 0x93, 0x41,
2169 0x29, 0x21, 0xf2, 0x84, 0xf5, 0xb2, 0xf2, 0x6d,
2170 0xbe, 0xe5, 0x8a, 0x2b, 0x58, 0x8d, 0x1b, 0x5e,
2171 0x41, 0x04, 0xba, 0x9e, 0x92, 0xe9, 0x52, 0xb6,
2172 0x8b, 0x1e, 0x36, 0x72, 0x91, 0xe4, 0x56, 0x66,
2173};
2174
2175/*
2176 * Ciphertext was generated by an online tool for AES CBC.
2177 * Since the input size is a multiple of the block size, and the ciphertext
2178 * format is CS3, the output is the same as plain AES CBC with the last
2179 * two blocks swapped.
2180 */
2181static const uint8_t ciph_data_aes_cts_issue1203_ctx[] = {
2182 0x6c, 0xfe, 0xef, 0x6a, 0x1c, 0x8f, 0xd3, 0xc3,
2183 0x66, 0xc4, 0xd9, 0x0e, 0xbe, 0x24, 0x17, 0x3f,
2184 0xcd, 0x19, 0xc9, 0xd2, 0x10, 0x3f, 0xcf, 0xdc,
2185 0xe9, 0x05, 0xab, 0xd5, 0x1a, 0x31, 0x41, 0x77,
2186 0x3b, 0xd7, 0x6a, 0x26, 0xae, 0x0d, 0xc9, 0x47,
2187 0x77, 0xd4, 0xa7, 0xd5, 0x73, 0x88, 0x9e, 0xde,
2188 0x72, 0x66, 0xe0, 0xe2, 0x3d, 0x62, 0x91, 0x22,
2189 0xae, 0x11, 0x01, 0x97, 0x22, 0x6a, 0x45, 0xa9,
2190 0xba, 0x56, 0xd2, 0xbc, 0x55, 0x2d, 0x99, 0x4d,
2191 0x3d, 0x22, 0x27, 0x9a, 0xac, 0x66, 0x2f, 0xf5,
2192};
2193
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2194static const uint8_t ciph_data_des_ecb_nopad_out1[] = {
2195 0x46, 0x2B, 0x91, 0xA8, 0x55, 0xE6, 0x7E, 0x75, /* F+..U.~u */
2196 0x5E, 0x53, 0xF4, 0x8F, 0x29, 0x41, 0x4E, 0xEF, /* ^S..)AN. */
2197 0x32, 0x1B, 0x58, 0x42, 0x9B, 0xB4, 0x3A, 0x1F, /* 2.XB..:. */
2198 0x9A, 0xEA, 0xA4, 0xB4, 0xCD, 0xE9, 0x87, 0x7C, /* .......| */
2199 0xC0, 0x05, 0x34, 0xED, 0x86, 0x3C, 0x2A, 0x81, /* ..4..<.. */
2200 0x5E, 0x93, 0x0E, 0x86, 0xA9, 0xBB, 0x80, 0xFF, /* ^....... */
2201};
2202
2203static const uint8_t ciph_data_des_ecb_nopad_out2[] = {
2204 0x85, 0xE8, 0x13, 0x54, 0x0F, 0x0A, 0xB4, 0x05
2205};
2206
2207static const uint8_t ciph_data_des_cbc_nopad_out1[] = {
2208 0xAD, 0xD6, 0xD6, 0x3E, 0x88, 0xD0, 0xDD, 0xD4, /* ...>.... */
2209 0x9A, 0x93, 0x95, 0xA0, 0x86, 0x22, 0x5B, 0x9E, /* ....."[. */
2210 0x84, 0x0C, 0x6F, 0x12, 0x04, 0x11, 0x6F, 0xD4, /* ..o...o. */
2211 0x12, 0x29, 0xC6, 0x78, 0x0C, 0xFB, 0x58, 0x5B, /* .).x..X[ */
2212 0x66, 0x82, 0x0E, 0x52, 0xDC, 0x25, 0x16, 0x51, /* f..R.%.Q */
2213 0x69, 0xDF, 0xFE, 0x4E, 0x11, 0x1D, 0x9D, 0x08, /* i..N.... */
2214};
2215
2216static const uint8_t ciph_data_des3_ecb_nopad_out1[] = {
2217 0xA7, 0x46, 0xEC, 0xA8, 0x6A, 0x7F, 0x4A, 0xF1, /* .F..j.J. */
2218 0x44, 0x60, 0x37, 0x3B, 0x7F, 0x76, 0xE5, 0xFF, /* D`7;.v.. */
2219 0xC1, 0xE7, 0xA5, 0x04, 0x9C, 0x29, 0x5C, 0xA5, /* .....)\. */
2220 0xDD, 0xC8, 0xEE, 0x36, 0x1F, 0x48, 0xE0, 0xA9, /* ...6.H.. */
2221 0x82, 0x2D, 0x53, 0x84, 0x49, 0x69, 0x78, 0xFA, /* .-S.Iix. */
2222 0x23, 0x69, 0x1D, 0xF7, 0x08, 0x38, 0x44, 0x05, /* #i...8D. */
2223};
2224
2225static const uint8_t ciph_data_des3_cbc_nopad_out1[] = {
2226 0x18, 0x09, 0xEB, 0x98, 0xE4, 0x58, 0x72, 0x11, /* .....Xr. */
2227 0x30, 0x58, 0xAB, 0x38, 0xB0, 0xC9, 0x2B, 0xED, /* 0X.8..+. */
2228 0xDA, 0xC5, 0xE8, 0xA9, 0xF6, 0x8A, 0xA7, 0x80, /* ........ */
2229 0xBE, 0x54, 0x1F, 0x63, 0xF6, 0xEE, 0xA2, 0x4C, /* .T.c...L */
2230 0x7C, 0xEB, 0x84, 0x7D, 0xDA, 0xCA, 0x1E, 0xB2, /* |..}.... */
2231 0xED, 0x5E, 0x96, 0xB8, 0x01, 0x4B, 0x77, 0x02, /* .^...Kw. */
2232};
2233
2234static const uint8_t ciph_data_des2_ecb_nopad_out1[] = {
2235 0xAB, 0x12, 0xB6, 0xE2, 0x4A, 0x3A, 0x26, 0x14, /* ....J:&. */
2236 0xF0, 0x7D, 0x23, 0xD0, 0x55, 0xDF, 0x5C, 0x16, /* .}#.U.\. */
2237 0x43, 0x59, 0x1E, 0x44, 0x01, 0x76, 0xD7, 0x50, /* CY.D.v.P */
2238 0x44, 0xC0, 0x15, 0xDF, 0x2E, 0x7F, 0x8B, 0xC5, /* D....... */
2239 0xFF, 0x8B, 0x87, 0xFE, 0x33, 0xD7, 0xCB, 0x2C, /* ....3.., */
2240 0xDA, 0x79, 0x6F, 0xA4, 0x05, 0x2B, 0x30, 0xCE, /* .yo..+0. */
2241};
2242
2243static const uint8_t ciph_data_des2_cbc_nopad_out1[] = {
2244 0x47, 0x2F, 0xB1, 0x83, 0xC4, 0xBB, 0x93, 0x16, /* G/...... */
2245 0x73, 0xF9, 0xAD, 0x6F, 0x00, 0xF9, 0xCB, 0x4A, /* s..o...J */
2246 0x0F, 0x4F, 0x75, 0x75, 0xFB, 0x39, 0x0B, 0xFC, /* .Ouu.9.. */
2247 0x9F, 0x48, 0x52, 0xAD, 0xA2, 0x75, 0x2C, 0xF1, /* .HR..u, . */
2248 0x7D, 0xC3, 0x8F, 0x16, 0xCF, 0xC9, 0x76, 0x29, /* }.....v) */
2249 0x1A, 0xBF, 0xB3, 0xD9, 0x10, 0x7E, 0xAA, 0x49, /* .....~.I */
2250};
2251
Jerome Forissiere73e0fb2019-12-12 17:08:03 +0100[diff] [blame]2252/* SM4 ECB */
2253
2254static const uint8_t ciph_data_sm4_key1[] = {
2255 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2256 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2257};
2258
2259static const uint8_t ciph_data_sm4_in1[] = {
2260 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2261 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2262};
2263
2264static const uint8_t ciph_data_sm4_ecb_nopad_out1[] = {
2265 0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
2266 0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
2267};
2268
2269/*
2270 * SM4 CBC
2271 * https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10#appendix-A.2.2.1
2272 */
2273static const uint8_t ciph_data_sm4_cbc_a221_key[] = {
2274 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2275 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2276};
2277
2278static const uint8_t ciph_data_sm4_cbc_a221_iv[] = {
2279 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2280 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2281};
2282
2283static const uint8_t ciph_data_sm4_cbc_a221_in[] = {
2284 0xaa, 0xaa, 0xaa, 0xaa, 0xbb, 0xbb, 0xbb, 0xbb,
2285 0xcc, 0xcc, 0xcc, 0xcc, 0xdd, 0xdd, 0xdd, 0xdd,
2286 0xee, 0xee, 0xee, 0xee, 0xff, 0xff, 0xff, 0xff,
2287 0xaa, 0xaa, 0xaa, 0xaa, 0xbb, 0xbb, 0xbb, 0xbb,
2288};
2289
2290static const uint8_t ciph_data_sm4_cbc_a221_out[] = {
2291 0x78, 0xeb, 0xb1, 0x1c, 0xc4, 0x0b, 0x0a, 0x48,
2292 0x31, 0x2a, 0xae, 0xb2, 0x04, 0x02, 0x44, 0xcb,
2293 0x4c, 0xb7, 0x01, 0x69, 0x51, 0x90, 0x92, 0x26,
2294 0x97, 0x9b, 0x0d, 0x15, 0xdc, 0x6a, 0x8f, 0x6d,
2295};
2296
2297/*
2298 * SM4 CBC
2299 * https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10#appendix-A.2.2.2
2300 */
2301static const uint8_t ciph_data_sm4_cbc_a222_key[] = {
2302 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2303 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2304};
2305
2306static const uint8_t ciph_data_sm4_cbc_a222_iv[] = {
2307 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2308 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2309};
2310
2311static const uint8_t ciph_data_sm4_cbc_a222_in[] = {
2312 0xaa, 0xaa, 0xaa, 0xaa, 0xbb, 0xbb, 0xbb, 0xbb,
2313 0xcc, 0xcc, 0xcc, 0xcc, 0xdd, 0xdd, 0xdd, 0xdd,
2314 0xee, 0xee, 0xee, 0xee, 0xff, 0xff, 0xff, 0xff,
2315 0xaa, 0xaa, 0xaa, 0xaa, 0xbb, 0xbb, 0xbb, 0xbb,
2316};
2317
2318static const uint8_t ciph_data_sm4_cbc_a222_out[] = {
2319 0x0d, 0x3a, 0x6d, 0xdc, 0x2d, 0x21, 0xc6, 0x98,
2320 0x85, 0x72, 0x15, 0x58, 0x7b, 0x7b, 0xb5, 0x9a,
2321 0x91, 0xf2, 0xc1, 0x47, 0x91, 0x1a, 0x41, 0x44,
2322 0x66, 0x5e, 0x1f, 0xa1, 0xd4, 0x0b, 0xae, 0x38,
2323};
2324
2325/*
2326 * SM4 CTR
2327 * https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10#appendix-A.2.5.1
2328 */
2329static const uint8_t ciph_data_sm4_ctr_a251_key[] = {
2330 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2331 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2332};
2333
2334static const uint8_t ciph_data_sm4_ctr_a251_iv[] = {
2335 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2336 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2337};
2338
2339static const uint8_t ciph_data_sm4_ctr_a251_in[] = {
2340 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2341 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2342 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
2343 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
2344 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee,
2345 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2346 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2347 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2348};
2349
2350static const uint8_t ciph_data_sm4_ctr_a251_out[] = {
2351 0xac, 0x32, 0x36, 0xcb, 0x97, 0x0c, 0xc2, 0x07,
2352 0x91, 0x36, 0x4c, 0x39, 0x5a, 0x13, 0x42, 0xd1,
2353 0xa3, 0xcb, 0xc1, 0x87, 0x8c, 0x6f, 0x30, 0xcd,
2354 0x07, 0x4c, 0xce, 0x38, 0x5c, 0xdd, 0x70, 0xc7,
2355 0xf2, 0x34, 0xbc, 0x0e, 0x24, 0xc1, 0x19, 0x80,
2356 0xfd, 0x12, 0x86, 0x31, 0x0c, 0xe3, 0x7b, 0x92,
2357 0x6e, 0x02, 0xfc, 0xd0, 0xfa, 0xa0, 0xba, 0xf3,
2358 0x8b, 0x29, 0x33, 0x85, 0x1d, 0x82, 0x45, 0x14,
2359};
2360
2361/*
2362 * SM4 CTR
2363 * https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10#appendix-A.2.5.2
2364 */
2365static const uint8_t ciph_data_sm4_ctr_a252_key[] = {
2366 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2367 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2368};
2369
2370static const uint8_t ciph_data_sm4_ctr_a252_iv[] = {
2371 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2372 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2373};
2374
2375static const uint8_t ciph_data_sm4_ctr_a252_in[] = {
2376 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2377 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2378 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
2379 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
2380 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee,
2381 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2382 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2383 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2384};
2385
2386static const uint8_t ciph_data_sm4_ctr_a252_out[] = {
2387 0x5d, 0xcc, 0xcd, 0x25, 0xb9, 0x5a, 0xb0, 0x74,
2388 0x17, 0xa0, 0x85, 0x12, 0xee, 0x16, 0x0e, 0x2f,
2389 0x8f, 0x66, 0x15, 0x21, 0xcb, 0xba, 0xb4, 0x4c,
2390 0xc8, 0x71, 0x38, 0x44, 0x5b, 0xc2, 0x9e, 0x5c,
2391 0x0a, 0xe0, 0x29, 0x72, 0x05, 0xd6, 0x27, 0x04,
2392 0x17, 0x3b, 0x21, 0x23, 0x9b, 0x88, 0x7f, 0x6c,
2393 0x8c, 0xb5, 0xb8, 0x00, 0x91, 0x7a, 0x24, 0x88,
2394 0x28, 0x4b, 0xde, 0x9e, 0x16, 0xea, 0x29, 0x06,
2395};
2396
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2397struct xtest_ciph_case {
2398 uint32_t algo;
2399 uint32_t mode;
2400 uint32_t key_type;
2401 const uint8_t *key1;
2402 size_t key1_len;
2403 const uint8_t *key2;
2404 size_t key2_len;
2405 const uint8_t *iv;
2406 size_t iv_len;
2407 size_t in_incr;
2408 const uint8_t *in;
2409 size_t in_len;
2410 const uint8_t *out;
2411 size_t out_len;
2412 size_t line;
2413};
2414
2415#define XTEST_CIPH_CASE_NO_IV(algo, key_type, key, in_incr, ptx, ctx) \
2416 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2417 NULL, 0, NULL, 0, \
2418 (in_incr), (ptx), ARRAY_SIZE(ptx), (ctx), ARRAY_SIZE(ctx), \
2419 __LINE__ }, \
2420 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2421 NULL, 0, NULL, 0, \
2422 (in_incr), (ctx), ARRAY_SIZE(ctx), (ptx), ARRAY_SIZE(ptx), __LINE__ }
2423
2424#define XTEST_CIPH_CASE(algo, key_type, key, iv, in_incr, ptx, ctx) \
2425 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2426 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ptx), ARRAY_SIZE(ptx), \
2427 (ctx), ARRAY_SIZE(ctx), __LINE__ }, \
2428 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2429 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ctx), ARRAY_SIZE(ctx), \
2430 (ptx), ARRAY_SIZE(ptx), __LINE__ }
2431
2432#define XTEST_CIPH_CASE_AES_XTS(vect, in_incr) \
2433 { TEE_ALG_AES_XTS, TEE_MODE_ENCRYPT, TEE_TYPE_AES, \
2434 ciph_data_aes_xts_ ## vect ## _key1, \
2435 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2436 ciph_data_aes_xts_ ## vect ## _key2, \
2437 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2438 ciph_data_aes_xts_ ## vect ## _iv, \
2439 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2440 (in_incr), \
2441 ciph_data_aes_xts_ ## vect ## _ptx, \
2442 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), \
2443 ciph_data_aes_xts_ ## vect ## _ctx, \
2444 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), __LINE__ }, \
2445 { TEE_ALG_AES_XTS, TEE_MODE_DECRYPT, TEE_TYPE_AES, \
2446 ciph_data_aes_xts_ ## vect ## _key1, \
2447 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2448 ciph_data_aes_xts_ ## vect ## _key2, \
2449 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2450 ciph_data_aes_xts_ ## vect ## _iv, \
2451 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2452 (in_incr), \
2453 ciph_data_aes_xts_ ## vect ## _ctx, \
2454 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), \
2455 ciph_data_aes_xts_ ## vect ## _ptx, \
2456 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), __LINE__ }
2457
2458#define XTEST_CIPH_CASE_AES_CBC(vect, in_incr) \
2459 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES, \
2460 ciph_data_aes_cbc_ ## vect ## _key, \
2461 ciph_data_aes_cbc_ ## vect ## _iv, \
2462 (in_incr), ciph_data_aes_cbc_ ## vect ## _ptx, \
2463 ciph_data_aes_cbc_ ## vect ## _ctx)
2464
2465#define XTEST_CIPH_CASE_AES_CTS(vect, in_incr) \
2466 XTEST_CIPH_CASE(TEE_ALG_AES_CTS, TEE_TYPE_AES, \
2467 ciph_data_aes_cts_ ## vect ## _key, \
2468 ciph_data_aes_cts_ ## vect ## _iv, \
2469 (in_incr), ciph_data_aes_cts_ ## vect ## _ptx, \
2470 ciph_data_aes_cts_ ## vect ## _ctx)
2471
2472static const struct xtest_ciph_case ciph_cases[] = {
2473 /* AES */
2474 XTEST_CIPH_CASE_NO_IV(TEE_ALG_AES_ECB_NOPAD, TEE_TYPE_AES,
2475 ciph_data_aes_key1, 11, ciph_data_in1,
2476 ciph_data_aes_ecb_nopad_out1),
2477 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES,
2478 ciph_data_aes_key1, ciph_data_128_iv1, 11,
2479 ciph_data_in1,
2480 ciph_data_aes_cbc_nopad_out1),
2481 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2482 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2483 ciph_data_in1,
2484 ciph_data_aes_ctr_out1),
2485 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2486 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2487 ciph_data_in3,
2488 ciph_data_aes_ctr_out2),
Jens Wiklander692efd12018-01-19 09:52:00 +0100[diff] [blame]2489 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2490 ciph_data_aes_key1, ciph_data_128_iv1, 16,
2491 ciph_data_in3,
2492 ciph_data_aes_ctr_out2),
Jerome Forissier45218eb2018-04-11 13:03:26 +0200[diff] [blame]2493 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2494 ciph_data_aes_key1, ciph_data_128_iv1, 16,
2495 ciph_data_in4,
2496 ciph_data_aes_ctr_out4),
Jerome Forissier0780ad42018-06-05 15:02:37 +0200[diff] [blame]2497 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2498 ciph_data_aes_key2, ciph_data_128_iv2, 11,
2499 ciph_data_in5,
2500 ciph_data_aes_ctr_out5),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2501
2502 XTEST_CIPH_CASE_AES_CBC(vect1, 11),
Jerome Forissierfc1bbc32018-06-12 10:13:04 +0200[diff] [blame]2503 XTEST_CIPH_CASE_AES_CBC(vect1, 64),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2504
2505 /* AES-CTS */
2506 XTEST_CIPH_CASE_AES_CTS(vect1, 13),
2507 XTEST_CIPH_CASE_AES_CTS(vect2, 14),
2508 XTEST_CIPH_CASE_AES_CTS(vect3, 11),
2509 XTEST_CIPH_CASE_AES_CTS(vect4, 9),
2510 XTEST_CIPH_CASE_AES_CTS(vect5, 7),
2511 XTEST_CIPH_CASE_AES_CTS(vect6, 17),
2512 XTEST_CIPH_CASE_AES_CTS(vect6, 0x20),
Jerome Forissiered00e162017-01-20 09:22:52 +0100[diff] [blame]2513 XTEST_CIPH_CASE_AES_CTS(issue1203, 32),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2514
2515 /* DES */
2516 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2517 ciph_data_des_key1, 14, ciph_data_in1,
2518 ciph_data_des_ecb_nopad_out1),
2519 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2520 ciph_data_des_key2, 3, ciph_data_in2,
2521 ciph_data_des_ecb_nopad_out2),
2522 XTEST_CIPH_CASE(TEE_ALG_DES_CBC_NOPAD, TEE_TYPE_DES,
2523 ciph_data_des_key1, ciph_data_64_iv1, 15, ciph_data_in1,
2524 ciph_data_des_cbc_nopad_out1),
2525
2526 /* DES3 */
2527 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2528 ciph_data_des3_key1, 11, ciph_data_in1,
2529 ciph_data_des3_ecb_nopad_out1),
2530 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2531 ciph_data_des3_key2, 3, ciph_data_in2,
2532 ciph_data_des_ecb_nopad_out2),
2533 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2534 ciph_data_des3_key1, ciph_data_64_iv1, 11,
2535 ciph_data_in1,
2536 ciph_data_des3_cbc_nopad_out1),
2537
2538 /* DES2 */
2539 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2540 ciph_data_des2_key1, 11, ciph_data_in1,
2541 ciph_data_des2_ecb_nopad_out1),
2542 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2543 ciph_data_des2_key1, ciph_data_64_iv1, 11,
2544 ciph_data_in1,
2545 ciph_data_des2_cbc_nopad_out1),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2546
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2547 /* AES-XTS */
2548 XTEST_CIPH_CASE_AES_XTS(vect1, 3),
2549 XTEST_CIPH_CASE_AES_XTS(vect2, 6),
2550 XTEST_CIPH_CASE_AES_XTS(vect3, 7),
2551 XTEST_CIPH_CASE_AES_XTS(vect4, 8),
2552 XTEST_CIPH_CASE_AES_XTS(vect5, 9),
2553 XTEST_CIPH_CASE_AES_XTS(vect6, 13),
2554 XTEST_CIPH_CASE_AES_XTS(vect7, 1),
2555 XTEST_CIPH_CASE_AES_XTS(vect8, 3),
2556 XTEST_CIPH_CASE_AES_XTS(vect9, 2),
2557 XTEST_CIPH_CASE_AES_XTS(vect10, 5),
2558 XTEST_CIPH_CASE_AES_XTS(vect11, 6),
2559 XTEST_CIPH_CASE_AES_XTS(vect12, 7),
2560 XTEST_CIPH_CASE_AES_XTS(vect13, 3),
2561 XTEST_CIPH_CASE_AES_XTS(vect14, 2),
2562 XTEST_CIPH_CASE_AES_XTS(vect15, 0),
2563 XTEST_CIPH_CASE_AES_XTS(vect16, 9),
2564 XTEST_CIPH_CASE_AES_XTS(vect17, 6),
2565 XTEST_CIPH_CASE_AES_XTS(vect18, 8),
2566 XTEST_CIPH_CASE_AES_XTS(vect19, 23),
Jerome Forissiere73e0fb2019-12-12 17:08:03 +0100[diff] [blame]2567
2568 /* SM4 */
2569 XTEST_CIPH_CASE_NO_IV(TEE_ALG_SM4_ECB_NOPAD, TEE_TYPE_SM4,
2570 ciph_data_sm4_key1, 11, ciph_data_sm4_in1,
2571 ciph_data_sm4_ecb_nopad_out1),
2572 XTEST_CIPH_CASE(TEE_ALG_SM4_CBC_NOPAD, TEE_TYPE_SM4,
2573 ciph_data_sm4_cbc_a221_key, ciph_data_sm4_cbc_a221_iv,
2574 11, ciph_data_sm4_cbc_a221_in,
2575 ciph_data_sm4_cbc_a221_out),
2576 XTEST_CIPH_CASE(TEE_ALG_SM4_CBC_NOPAD, TEE_TYPE_SM4,
2577 ciph_data_sm4_cbc_a222_key, ciph_data_sm4_cbc_a222_iv,
2578 11, ciph_data_sm4_cbc_a222_in,
2579 ciph_data_sm4_cbc_a222_out),
2580 XTEST_CIPH_CASE(TEE_ALG_SM4_CTR, TEE_TYPE_SM4,
2581 ciph_data_sm4_ctr_a251_key, ciph_data_sm4_ctr_a251_iv,
2582 11, ciph_data_sm4_ctr_a251_in,
2583 ciph_data_sm4_ctr_a251_out),
2584 XTEST_CIPH_CASE(TEE_ALG_SM4_CTR, TEE_TYPE_SM4,
2585 ciph_data_sm4_ctr_a252_key, ciph_data_sm4_ctr_a252_iv,
2586 11, ciph_data_sm4_ctr_a252_in,
2587 ciph_data_sm4_ctr_a252_out),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2588};
2589
Jerome Forissier23256842018-02-16 09:25:35 +0100[diff] [blame]2590static void xtest_tee_test_4003(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2591{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2592 TEEC_Session session = { };
2593 TEE_OperationHandle op = TEE_HANDLE_NULL;
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2594 TEE_OperationHandle op2 = TEE_HANDLE_NULL;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2595 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2596 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2597 uint8_t out[2048] = { };
2598 size_t out_size = 0;
2599 size_t out_offs = 0;
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2600 size_t out_offs2 = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2601 uint32_t ret_orig = 0;
2602 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2603
2604 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2605 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2606 &ret_orig)))
2607 return;
2608
2609 for (n = 0; n < ARRAY_SIZE(ciph_cases); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2610 TEE_Attribute key_attr = { };
2611 size_t key_size = 0;
2612 size_t op_key_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2613
Jerome Forissier817d99f2020-01-22 16:33:12 +0100[diff] [blame]2614 switch (ciph_cases[n].algo) {
2615 case TEE_ALG_SM4_CTR:
2616 case TEE_ALG_SM4_CBC_NOPAD:
2617 case TEE_ALG_SM4_ECB_NOPAD:
2618 if (!ta_crypt_cmd_is_algo_supported(c, &session,
2619 ciph_cases[n].algo, TEE_CRYPTO_ELEMENT_NONE)) {
2620 Do_ADBG_Log("SM4 not supported: skip subcase");
2621 continue;
2622 }
2623 break;
2624 default:
2625 break;
2626 }
2627
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2628 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2629 (int)n, (unsigned int)ciph_cases[n].algo,
2630 (int)ciph_cases[n].line);
2631
2632 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2633 key_attr.content.ref.buffer = (void *)ciph_cases[n].key1;
2634 key_attr.content.ref.length = ciph_cases[n].key1_len;
2635
2636 key_size = key_attr.content.ref.length * 8;
2637 if (ciph_cases[n].key_type == TEE_TYPE_DES ||
2638 ciph_cases[n].key_type == TEE_TYPE_DES3)
2639 /* Exclude parity in bit size of key */
2640 key_size -= key_size / 8;
2641
2642 op_key_size = key_size;
2643 if (ciph_cases[n].key2 != NULL)
2644 op_key_size *= 2;
2645
2646 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2647 ta_crypt_cmd_allocate_operation(c, &session, &op,
2648 ciph_cases[n].algo, ciph_cases[n].mode,
2649 op_key_size)))
2650 goto out;
2651
2652 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2653 ta_crypt_cmd_allocate_operation(c, &session, &op2,
2654 ciph_cases[n].algo, ciph_cases[n].mode,
2655 op_key_size)))
2656 goto out;
2657
2658 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2659 ta_crypt_cmd_allocate_transient_object(c, &session,
2660 ciph_cases[n].key_type, key_size,
2661 &key1_handle)))
2662 goto out;
2663
2664 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2665 ta_crypt_cmd_populate_transient_object(c, &session,
2666 key1_handle, &key_attr, 1)))
2667 goto out;
2668
2669 if (ciph_cases[n].key2 != NULL) {
2670 key_attr.content.ref.buffer =
2671 (void *)ciph_cases[n].key2;
2672 key_attr.content.ref.length = ciph_cases[n].key2_len;
2673
2674 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2675 ta_crypt_cmd_allocate_transient_object(c,
2676 &session, ciph_cases[n].key_type,
2677 key_attr.content.ref.length * 8,
2678 &key2_handle)))
2679 goto out;
2680
2681 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2682 ta_crypt_cmd_populate_transient_object(c,
2683 &session, key2_handle, &key_attr, 1)))
2684 goto out;
2685
2686 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2687 ta_crypt_cmd_set_operation_key2(c, &session, op,
2688 key1_handle, key2_handle)))
2689 goto out;
2690 } else {
2691 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2692 ta_crypt_cmd_set_operation_key(c, &session, op,
2693 key1_handle)))
2694 goto out;
2695 }
2696
2697 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2698 ta_crypt_cmd_free_transient_object(c, &session,
2699 key1_handle)))
2700 goto out;
2701 key1_handle = TEE_HANDLE_NULL;
2702
2703 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2704 ta_crypt_cmd_free_transient_object(c, &session,
2705 key2_handle)))
2706 goto out;
2707 key2_handle = TEE_HANDLE_NULL;
2708
2709 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2710 ta_crypt_cmd_cipher_init(c, &session, op,
2711 ciph_cases[n].iv, ciph_cases[n].iv_len)))
2712 goto out;
2713
2714 out_offs = 0;
2715 out_size = sizeof(out);
2716 memset(out, 0, sizeof(out));
2717 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2718 ta_crypt_cmd_cipher_update(c, &session, op,
2719 ciph_cases[n].in, ciph_cases[n].in_incr, out,
2720 &out_size)))
2721 goto out;
2722
Jerome Forissierd2d94b42017-06-02 16:39:34 +0200[diff] [blame]2723 if (ciph_cases[n].algo == TEE_ALG_AES_CTR)
2724 ADBG_EXPECT_COMPARE_UNSIGNED(c, out_size, ==,
2725 ciph_cases[n].in_incr);
2726
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2727 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2728 ta_crypt_cmd_copy_operation(c, &session, op2, op)))
2729 goto out;
2730
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2731 out_offs += out_size;
2732 out_size = sizeof(out) - out_offs;
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2733 out_offs2 = out_offs;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2734
2735 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2736 ta_crypt_cmd_cipher_do_final(c, &session, op,
2737 ciph_cases[n].in + ciph_cases[n].in_incr,
2738 ciph_cases[n].in_len - ciph_cases[n].in_incr,
2739 out + out_offs,
2740 &out_size)))
2741 goto out;
2742
2743 out_offs += out_size;
2744
2745 (void)ADBG_EXPECT_BUFFER(c, ciph_cases[n].out,
2746 ciph_cases[n].out_len, out, out_offs);
2747
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2748 /* test on the copied op2 */
2749 out_size = sizeof(out) - out_offs2;
2750
2751 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2752 ta_crypt_cmd_cipher_do_final(c, &session, op2,
2753 ciph_cases[n].in + ciph_cases[n].in_incr,
2754 ciph_cases[n].in_len - ciph_cases[n].in_incr,
2755 out + out_offs2,
2756 &out_size)))
2757 goto out;
2758
2759 out_offs2 += out_size;
2760
2761 ADBG_EXPECT_BUFFER(c, ciph_cases[n].out, ciph_cases[n].out_len,
2762 out, out_offs2);
2763
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2764 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2765 ta_crypt_cmd_free_operation(c, &session, op)))
2766 goto out;
2767
Jens Wiklander93ff0a52020-12-14 12:45:02 +0100[diff] [blame]2768 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2769 ta_crypt_cmd_free_operation(c, &session, op2)))
2770 goto out;
2771
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2772 Do_ADBG_EndSubCase(c, NULL);
2773 }
2774out:
2775 TEEC_CloseSession(&session);
2776}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]2777ADBG_CASE_DEFINE(regression, 4003, xtest_tee_test_4003,
2778 "Test TEE Internal API cipher operations");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2779
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2780static void xtest_tee_test_4004(ADBG_Case_t *c)
2781{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2782 TEEC_Session session = { };
2783 uint32_t ret_orig = 0;
2784 uint8_t buf1[45] = { };
2785 uint8_t buf2[45] = { };
2786 static const uint8_t zeros[45];
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2787
2788 Do_ADBG_BeginSubCase(c, "TEE get random");
2789 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2790 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2791 &ret_orig)))
2792 return;
2793
2794 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2795 ta_crypt_cmd_random_number_generate(c, &session, buf1,
2796 sizeof(buf1))))
2797 goto out;
2798
2799 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2800 0, !=, memcmp(buf1, zeros, sizeof(buf1)));
2801
2802 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2803 ta_crypt_cmd_random_number_generate(c, &session, buf2,
2804 sizeof(buf2))))
2805 goto out;
2806
2807 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2808 0, !=, memcmp(buf2, zeros, sizeof(buf2)));
2809
2810 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2811 0, !=, memcmp(buf2, buf1, sizeof(buf1)));
2812out:
2813 TEEC_CloseSession(&session);
2814 Do_ADBG_EndSubCase(c, "TEE get random");
2815}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]2816ADBG_CASE_DEFINE(regression, 4004, xtest_tee_test_4004,
2817 "Test TEE Internal API get random");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2818
2819struct xtest_ae_case {
2820 uint32_t algo;
2821 uint32_t mode;
2822 uint32_t key_type;
2823 const uint8_t *key;
2824 size_t key_len;
2825 const uint8_t *nonce;
2826 size_t nonce_len;
2827 size_t aad_incr;
2828 const uint8_t *aad;
2829 size_t aad_len;
2830 size_t in_incr;
2831 const uint8_t *ptx;
2832 size_t ptx_len;
2833 const uint8_t *ctx;
2834 size_t ctx_len;
2835 const uint8_t *tag;
2836 size_t tag_len;
2837 size_t line;
Olivier Masse9d566212024-01-30 09:18:34 +0100[diff] [blame]2838 uint32_t id;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2839};
2840
2841
2842#define ARRAY(a) a, ARRAY_SIZE(a)
2843#define NULL_ARRAY(a) NULL, 0
2844
2845#define XTEST_AE_CASE(algo, vect, aad_incr, in_incr, \
2846 aad_array, ptx_array, ctx_array) \
2847 { (algo), TEE_MODE_ENCRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2848 ARRAY(vect ## _nonce), (aad_incr), \
2849 aad_array(vect ## _aad), (in_incr), \
2850 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2851 ARRAY(vect ## _tag), \
Olivier Masse9d566212024-01-30 09:18:34 +0100[diff] [blame]2852 __LINE__, 0 }, \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2853 { (algo), TEE_MODE_DECRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2854 ARRAY(vect ## _nonce), (aad_incr), \
2855 aad_array(vect ## _aad), (in_incr), \
2856 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2857 ARRAY(vect ## _tag), \
Olivier Masse9d566212024-01-30 09:18:34 +0100[diff] [blame]2858 __LINE__, 0 }
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2859
2860#define XTEST_AE_CASE_AES_CCM(vect, aad_incr, in_incr) \
2861 XTEST_AE_CASE(TEE_ALG_AES_CCM, ae_data_aes_ccm_ ## vect, aad_incr, \
2862 in_incr, ARRAY, ARRAY, ARRAY)
2863
2864#define XTEST_AE_CASE_AES_GCM(vect, aad_incr, in_incr, \
2865 aad_array, ptx_array, ctx_array) \
2866 XTEST_AE_CASE(TEE_ALG_AES_GCM, ae_data_aes_gcm_ ## vect, aad_incr, \
2867 in_incr, aad_array, ptx_array, ctx_array)
2868
2869
2870
2871static const struct xtest_ae_case ae_cases[] = {
2872 XTEST_AE_CASE_AES_CCM(vect1, 3, 2),
2873 XTEST_AE_CASE_AES_CCM(vect2, 7, 13),
2874 XTEST_AE_CASE_AES_CCM(vect3, 5, 21),
2875
2876 XTEST_AE_CASE_AES_GCM(vect1, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2877 XTEST_AE_CASE_AES_GCM(vect2, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2878 XTEST_AE_CASE_AES_GCM(vect3, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
Jens Wiklander9fc63f52017-11-10 11:13:26 +0100[diff] [blame]2879 XTEST_AE_CASE_AES_GCM(vect3, 0, 0x1F, NULL_ARRAY, ARRAY, ARRAY),
2880 XTEST_AE_CASE_AES_GCM(vect4, 5, 0x20, ARRAY, ARRAY, ARRAY),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2881 XTEST_AE_CASE_AES_GCM(vect5, 5, 9, ARRAY, ARRAY, ARRAY),
2882 XTEST_AE_CASE_AES_GCM(vect6, 5, 9, ARRAY, ARRAY, ARRAY),
2883 XTEST_AE_CASE_AES_GCM(vect7, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2884 XTEST_AE_CASE_AES_GCM(vect8, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2885 XTEST_AE_CASE_AES_GCM(vect9, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2886 XTEST_AE_CASE_AES_GCM(vect10, 5, 9, ARRAY, ARRAY, ARRAY),
2887 XTEST_AE_CASE_AES_GCM(vect11, 5, 9, ARRAY, ARRAY, ARRAY),
2888 XTEST_AE_CASE_AES_GCM(vect12, 5, 9, ARRAY, ARRAY, ARRAY),
2889 XTEST_AE_CASE_AES_GCM(vect13, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2890 XTEST_AE_CASE_AES_GCM(vect14, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2891 XTEST_AE_CASE_AES_GCM(vect15, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2892 XTEST_AE_CASE_AES_GCM(vect16, 5, 9, ARRAY, ARRAY, ARRAY),
2893 XTEST_AE_CASE_AES_GCM(vect17, 5, 9, ARRAY, ARRAY, ARRAY),
2894 XTEST_AE_CASE_AES_GCM(vect18, 5, 9, ARRAY, ARRAY, ARRAY),
Jens Wiklanderf6efe242017-11-06 13:16:43 +0100[diff] [blame]2895#ifdef CFG_GCM_NIST_VECTORS
2896#include "gcmDecrypt128.h"
2897#include "gcmDecrypt192.h"
2898#include "gcmDecrypt256.h"
2899#include "gcmEncryptExtIV128.h"
2900#include "gcmEncryptExtIV192.h"
2901#include "gcmEncryptExtIV256.h"
2902#endif
Olivier Masse9d566212024-01-30 09:18:34 +0100[diff] [blame]2903#include "aes_gcm_counter_overflow_test_encrypt.h"
2904#include "aes_gcm_counter_overflow_test_decrypt.h"
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2905};
2906
2907static void xtest_tee_test_4005(ADBG_Case_t *c)
2908{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2909 TEEC_Session session = { };
2910 TEE_OperationHandle op = TEE_HANDLE_NULL;
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]2911 TEE_OperationHandle op2 = TEE_HANDLE_NULL;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2912 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2913 TEE_Attribute key_attr = { };
2914 uint8_t out[512] = { };
2915 size_t out_size = 0;
2916 size_t out_offs = 0;
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]2917 size_t out_offs2 = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]2918 uint32_t ret_orig = 0;
2919 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2920
2921 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2922 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2923 &ret_orig)))
2924 return;
2925
2926 for (n = 0; n < ARRAY_SIZE(ae_cases); n++) {
Olivier Masse9d566212024-01-30 09:18:34 +0100[diff] [blame]2927 if (ae_cases[n].id)
2928 Do_ADBG_BeginSubCase(c, "AE case %d algo 0x%x line %d id %d",
2929 (int)n, (unsigned int)ae_cases[n].algo,
2930 (int)ae_cases[n].line,
2931 (unsigned int)ae_cases[n].id);
2932 else
2933 Do_ADBG_BeginSubCase(c, "AE case %d algo 0x%x line %d",
2934 (int)n, (unsigned int)ae_cases[n].algo,
2935 (int)ae_cases[n].line);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2936
2937 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2938 key_attr.content.ref.buffer = (void *)ae_cases[n].key;
2939 key_attr.content.ref.length = ae_cases[n].key_len;
2940
2941 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2942 ta_crypt_cmd_allocate_operation(c, &session, &op,
2943 ae_cases[n].algo, ae_cases[n].mode,
2944 key_attr.content.ref.length * 8)))
2945 goto out;
2946
2947 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]2948 ta_crypt_cmd_allocate_operation(c, &session, &op2,
2949 ae_cases[n].algo, ae_cases[n].mode,
2950 key_attr.content.ref.length * 8)))
2951 goto out;
2952
2953 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]2954 ta_crypt_cmd_allocate_transient_object(c, &session,
2955 ae_cases[n].key_type,
2956 key_attr.content.ref.length * 8,
2957 &key_handle)))
2958 goto out;
2959
2960 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2961 ta_crypt_cmd_populate_transient_object(c, &session,
2962 key_handle, &key_attr, 1)))
2963 goto out;
2964
2965 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2966 ta_crypt_cmd_set_operation_key(c, &session, op,
2967 key_handle)))
2968 goto out;
2969
2970 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2971 ta_crypt_cmd_free_transient_object(c, &session,
2972 key_handle)))
2973 goto out;
2974 key_handle = TEE_HANDLE_NULL;
2975
2976 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2977 ta_crypt_cmd_ae_init(c, &session, op, ae_cases[n].nonce,
2978 ae_cases[n].nonce_len, ae_cases[n].tag_len,
2979 ae_cases[n].aad_len, ae_cases[n].ptx_len)))
2980 goto out;
2981
2982 if (ae_cases[n].aad != NULL) {
2983 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2984 ta_crypt_cmd_ae_update_aad(c, &session, op,
2985 ae_cases[n].aad, ae_cases[n].aad_incr)))
2986 goto out;
2987
2988 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2989 ta_crypt_cmd_ae_update_aad(c, &session, op,
2990 ae_cases[n].aad + ae_cases[n].aad_incr,
2991 ae_cases [n].aad_len -
2992 ae_cases[n].aad_incr)))
2993 goto out;
2994 }
2995
2996 out_offs = 0;
2997 out_size = sizeof(out);
2998 memset(out, 0, sizeof(out));
2999 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
3000 if (ae_cases[n].ptx != NULL) {
3001 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3002 ta_crypt_cmd_ae_update(c, &session, op,
3003 ae_cases[n].ptx,
3004 ae_cases[n].in_incr, out,
3005 &out_size)))
3006 goto out;
3007 out_offs += out_size;
Jerome Forissierc13fafa2017-06-01 15:49:07 +0200[diff] [blame]3008 if (ae_cases[n].algo == TEE_ALG_AES_GCM)
3009 ADBG_EXPECT_COMPARE_UNSIGNED(c,
3010 out_size, ==, ae_cases[n].in_incr);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3011 }
3012 } else {
3013 if (ae_cases[n].ctx != NULL) {
3014 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3015 ta_crypt_cmd_ae_update(c, &session, op,
3016 ae_cases[n].ctx,
3017 ae_cases[n].in_incr, out,
3018 &out_size)))
3019 goto out;
3020 out_offs += out_size;
Jerome Forissierc13fafa2017-06-01 15:49:07 +0200[diff] [blame]3021 if (ae_cases[n].algo == TEE_ALG_AES_GCM)
3022 ADBG_EXPECT_COMPARE_UNSIGNED(c,
3023 out_size, ==, ae_cases[n].in_incr);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3024 }
3025 }
3026
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]3027 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3028 ta_crypt_cmd_copy_operation(c, &session, op2, op)))
3029 goto out;
3030
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3031 out_size = sizeof(out) - out_offs;
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]3032 out_offs2 = out_offs;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3033 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
3034 uint8_t out_tag[64];
3035 size_t out_tag_len = MIN(sizeof(out_tag),
3036 ae_cases[n].tag_len);
3037
3038 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3039 ta_crypt_cmd_ae_encrypt_final(c, &session, op,
3040 ae_cases[n].ptx + ae_cases[n].in_incr,
3041 ae_cases[n].ptx_len -
3042 ae_cases[n].in_incr,
3043 out + out_offs,
3044 &out_size, out_tag, &out_tag_len)))
3045 goto out;
3046
3047 (void)ADBG_EXPECT_BUFFER(c,
3048 ae_cases[n].tag, ae_cases[n].tag_len, out_tag,
3049 out_tag_len);
3050
3051 out_offs += out_size;
3052
3053 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ctx,
3054 ae_cases[n].ctx_len, out, out_offs);
3055 } else {
3056 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3057 ta_crypt_cmd_ae_decrypt_final(c, &session, op,
3058 ae_cases[n].ctx + ae_cases[n].in_incr,
3059 ae_cases[n].ctx_len -
3060 ae_cases[n].in_incr,
3061 out + out_offs,
3062 &out_size, ae_cases[n].tag,
3063 ae_cases[n].tag_len)))
3064 goto out;
3065
3066 out_offs += out_size;
3067
3068 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ptx,
3069 ae_cases[n].ptx_len, out, out_offs);
3070 }
3071
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]3072 /* test on the copied op2 */
3073 out_size = sizeof(out) - out_offs2;
3074 memset(out + out_offs2, 0, out_size);
3075 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
3076 uint8_t out_tag[64] = { 0 };
3077 size_t out_tag_len = MIN(sizeof(out_tag),
3078 ae_cases[n].tag_len);
3079
3080 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3081 ta_crypt_cmd_ae_encrypt_final(c, &session, op2,
3082 ae_cases[n].ptx + ae_cases[n].in_incr,
3083 ae_cases[n].ptx_len -
3084 ae_cases[n].in_incr,
3085 out + out_offs2,
3086 &out_size, out_tag, &out_tag_len)))
3087 goto out;
3088
3089 ADBG_EXPECT_BUFFER(c, ae_cases[n].tag,
3090 ae_cases[n].tag_len, out_tag,
3091 out_tag_len);
3092
3093 out_offs2 += out_size;
3094
3095 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ctx,
3096 ae_cases[n].ctx_len, out, out_offs2);
3097 } else {
3098 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3099 ta_crypt_cmd_ae_decrypt_final(c, &session, op2,
3100 ae_cases[n].ctx + ae_cases[n].in_incr,
3101 ae_cases[n].ctx_len -
3102 ae_cases[n].in_incr,
3103 out + out_offs2,
3104 &out_size, ae_cases[n].tag,
3105 ae_cases[n].tag_len)))
3106 goto out;
3107
3108 out_offs2 += out_size;
3109
3110 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ptx,
3111 ae_cases[n].ptx_len, out, out_offs2);
3112 }
3113
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3114 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3115 ta_crypt_cmd_free_operation(c, &session, op)))
3116 goto out;
3117
Jens Wiklander7404c072020-12-15 08:06:32 +0100[diff] [blame]3118 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3119 ta_crypt_cmd_free_operation(c, &session, op2)))
3120 goto out;
3121
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3122 Do_ADBG_EndSubCase(c, NULL);
3123 }
3124out:
3125 TEEC_CloseSession(&session);
3126}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]3127ADBG_CASE_DEFINE(regression, 4005, xtest_tee_test_4005,
3128 "Test TEE Internal API Authenticated Encryption operations");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3129
3130struct xtest_ac_case {
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3131 unsigned int level;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3132 uint32_t algo;
3133 TEE_OperationMode mode;
3134
3135 union {
3136 struct {
3137 const uint8_t *modulus;
3138 size_t modulus_len;
3139
3140 const uint8_t *pub_exp;
3141 size_t pub_exp_len;
3142
3143 const uint8_t *priv_exp;
3144 size_t priv_exp_len;
3145
3146 const uint8_t *prime1; /* q */
3147 size_t prime1_len;
3148 const uint8_t *prime2; /* p */
3149 size_t prime2_len;
3150 const uint8_t *exp1; /* dp */
3151 size_t exp1_len;
3152 const uint8_t *exp2; /* dq */
3153 size_t exp2_len;
3154 const uint8_t *coeff; /* iq */
3155 size_t coeff_len;
3156
3157 int salt_len;
3158 } rsa;
3159 struct {
3160 const uint8_t *prime;
3161 size_t prime_len;
3162 const uint8_t *sub_prime;
3163 size_t sub_prime_len;
3164 const uint8_t *base;
3165 size_t base_len;
3166 const uint8_t *pub_val;
3167 size_t pub_val_len;
3168 const uint8_t *priv_val;
3169 size_t priv_val_len;
3170 } dsa;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3171 struct {
3172 const uint8_t *private;
3173 size_t private_len;
3174 const uint8_t *public_x;
3175 size_t public_x_len;
3176 const uint8_t *public_y;
3177 size_t public_y_len;
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3178 } ecc;
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]3179 struct {
3180 const uint8_t *private;
3181 size_t private_len;
3182 const uint8_t *public;
3183 size_t public_len;
3184 const uint8_t flag;
3185 const uint8_t *context;
3186 size_t context_len;
3187 } eddsa;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3188 } params;
3189
3190 const uint8_t *ptx;
3191 size_t ptx_len;
3192 const uint8_t *ctx;
3193 size_t ctx_len;
3194 size_t line;
3195};
3196
3197#define WITHOUT_SALT(x) -1
3198#define WITH_SALT(x) x
3199
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3200#define XTEST_AC_CASE(level, algo, mode, vect, union_params) \
3201 { level, (algo), (mode), .params = union_params, \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3202 ARRAY(vect ## _ptx), \
3203 ARRAY(vect ## _out), \
3204 __LINE__ }
3205
3206#define XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt) \
3207 { .rsa = { \
3208 ARRAY(vect ## _modulus), \
3209 ARRAY(vect ## _pub_exp), \
3210 ARRAY(vect ## _priv_exp), \
3211 opt_crt_array(vect ## _prime1), \
3212 opt_crt_array(vect ## _prime2), \
3213 opt_crt_array(vect ## _exp1), \
3214 opt_crt_array(vect ## _exp2), \
3215 opt_crt_array(vect ## _coeff), \
3216 opt_salt(vect ## _salt_len) \
3217 } }
3218
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3219#define XTEST_AC_RSA_CASE(level, algo, mode, vect, opt_crt_array, opt_salt) \
3220 XTEST_AC_CASE(level, algo, mode, vect, \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3221 XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt))
3222
3223#define XTEST_AC_DSA_UNION(vect) \
3224 { .dsa = { \
3225 ARRAY(vect ## _prime), \
3226 ARRAY(vect ## _sub_prime), \
3227 ARRAY(vect ## _base), \
3228 ARRAY(vect ## _pub_val), \
3229 ARRAY(vect ## _priv_val), \
3230 } }
3231
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3232#define XTEST_AC_DSA_CASE(level, algo, mode, vect) \
3233 XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_DSA_UNION(vect))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3234
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3235#define XTEST_AC_ECDSA_UNION(vect) \
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3236 { .ecc = { \
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3237 ARRAY(vect ## _private), \
3238 ARRAY(vect ## _public_x), \
3239 ARRAY(vect ## _public_y), \
3240 } }
3241
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3242#define XTEST_AC_ECC_CASE(level, algo, mode, vect) \
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3243 XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_ECDSA_UNION(vect))
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3244
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]3245#define XTEST_AC_EDDSA_UNION(vect, flag) \
3246 { .eddsa = { \
3247 ARRAY(vect ## _private), \
3248 ARRAY(vect ## _public), \
3249 flag, \
3250 } }
3251
3252#define XTEST_AC_EDDSA_CTX_UNION(vect, flag) \
3253 { .eddsa = { \
3254 ARRAY(vect ## _private), \
3255 ARRAY(vect ## _public), \
3256 flag, \
3257 ARRAY(vect ## _context), \
3258 } }
3259
3260#define XTEST_AC_EDDSA_CASE(level, algo, mode, vect, flag) \
3261 XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_EDDSA_UNION(vect, flag))
3262
3263#define XTEST_AC_EDDSA_CTX_CASE(level, algo, mode, vect, flag) \
3264 XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_EDDSA_CTX_UNION(vect, flag))
3265
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3266static const struct xtest_ac_case xtest_ac_cases[] = {
3267 /* RSA test without crt parameters */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3268 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3269 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3270 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3271 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3272 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3273 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3274 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3275 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
Jerome Forissiere576f052018-03-23 21:24:21 +0800[diff] [blame]3276 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3277 ac_rsassa_vect18, NULL_ARRAY, WITHOUT_SALT),
3278 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3279 ac_rsassa_vect18, NULL_ARRAY, WITHOUT_SALT),
Jerome Forissier0451e372018-03-27 00:10:23 +0800[diff] [blame]3280 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3281 ac_rsassa_vect19, NULL_ARRAY, WITHOUT_SALT),
3282 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3283 ac_rsassa_vect19, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3284 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3285 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3286 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3287 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3288 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3289 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3290 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3291 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3292 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3293 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3294 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3295 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3296 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3297 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3298 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3299 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3300 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3301 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3302 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3303 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3304 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3305 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
3306 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3307 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3308
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3309 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3310 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3311 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3312 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3313
Gabor Szekely2ad190f2018-09-14 14:05:06 +0000[diff] [blame]3314#ifdef CFG_CRYPTO_RSASSA_NA1
3315 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5, TEE_MODE_SIGN,
3316 ac_rsassa_vect20, NULL_ARRAY, WITHOUT_SALT),
3317 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5, TEE_MODE_VERIFY,
3318 ac_rsassa_vect20, NULL_ARRAY, WITHOUT_SALT),
3319#endif
3320
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3321 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3322 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3323 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3324 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3325
3326 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3327 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3328 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3329 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3330
3331 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3332 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3333 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3334 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
3335
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3336 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1,
3337 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3338 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3339 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3340 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3341
3342 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224,
3343 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3344 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3345 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224,
3346 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3347 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3348
3349 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256,
3350 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3351 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3352 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256,
3353 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3354 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3355
3356 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384,
3357 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3358 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3359 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384,
3360 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3361 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3362
3363 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512,
3364 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3365 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3366 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512,
3367 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3368 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
3369
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3370 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3371 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3372 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3373 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3374 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3375 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3376 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3377 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3378 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3379 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3380 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3381 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
3382
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3383 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3384 TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3385 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3386 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3387 TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3388 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3389 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3390 TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3391 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3392 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3393 TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3394 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3395 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3396 TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3397 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3398 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3399 TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3400 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]3401 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256,
3402 TEE_MODE_DECRYPT,
3403 ac_rsaes_oaep_vect3, NULL_ARRAY, WITHOUT_SALT),
3404 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256,
3405 TEE_MODE_ENCRYPT,
3406 ac_rsaes_oaep_vect3, NULL_ARRAY, WITHOUT_SALT),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3407
3408 /* RSA test with crt parameters */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3409 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3410 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3411 XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3412 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3413 XTEST_AC_RSA_CASE(1, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3414 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3415 XTEST_AC_RSA_CASE(1, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3416 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3417 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3418 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3419 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3420 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3421 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3422 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3423 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3424 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3425 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3426 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3427 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3428 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3429 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3430 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3431 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3432 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3433 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3434 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3435 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3436 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3437 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3438 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3439 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3440 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3441 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3442 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3443 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3444 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3445 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3446 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3447 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3448 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3449 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3450 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3451 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3452 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3453
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3454 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1,
3455 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3456 ac_rsassa_vect12, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3457 XTEST_AC_RSA_CASE(1,TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3458 ac_rsassa_vect12, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3459 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224,
3460 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3461 ac_rsassa_vect17, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3462 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224,
3463 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3464 ac_rsassa_vect17, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3465 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256,
3466 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3467 ac_rsassa_vect13, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3468 XTEST_AC_RSA_CASE(0, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256,
3469 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3470 ac_rsassa_vect13, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3471 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384,
3472 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3473 ac_rsassa_vect14, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3474 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384,
3475 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3476 ac_rsassa_vect14, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3477 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512,
3478 TEE_MODE_VERIFY,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3479 ac_rsassa_vect15, ARRAY, WITH_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3480 XTEST_AC_RSA_CASE(1, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512,
3481 TEE_MODE_SIGN,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3482 ac_rsassa_vect15, ARRAY, WITH_SALT),
3483
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3484 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3485 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3486 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3487 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3488 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3489 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3490 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3491 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3492 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3493 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3494 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3495 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3496
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3497 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3498 TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3499 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3500 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3501 TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3502 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3503 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3504 TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3505 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3506 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3507 TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3508 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3509 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3510 TEE_MODE_DECRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3511 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3512 XTEST_AC_RSA_CASE(1, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
3513 TEE_MODE_ENCRYPT,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3514 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]3515 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256,
3516 TEE_MODE_DECRYPT,
3517 ac_rsaes_oaep_vect3, ARRAY, WITHOUT_SALT),
3518 XTEST_AC_RSA_CASE(0, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256,
3519 TEE_MODE_ENCRYPT,
3520 ac_rsaes_oaep_vect3, ARRAY, WITHOUT_SALT),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3521
3522 /* DSA tests */
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3523 /* [mod = L=1024, N=160, SHA-1] */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3524 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect1),
3525 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect1),
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3526 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect2),
3527 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect2),
3528 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect3),
3529 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect3),
3530 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect4),
3531 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect4),
3532 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect5),
3533 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect5),
3534 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect6),
3535 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect6),
3536 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect7),
3537 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect7),
3538 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect8),
3539 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect8),
3540 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect9),
3541 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect9),
3542 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect10),
3543 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect10),
3544 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect11),
3545 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect11),
3546 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect12),
3547 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect12),
3548 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect13),
3549 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect13),
3550 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect14),
3551 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect14),
3552 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect15),
3553 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect15),
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3554 /* [mod = L=1024, N=160, SHA-224] - GP NOT SUPPORTED */
3555 /* [mod = L=1024, N=160, SHA-256] - GP NOT SUPPORTED */
3556 /* [mod = L=1024, N=160, SHA-384] - GP NOT SUPPORTED */
3557 /* [mod = L=1024, N=160, SHA-512] - GP NOT SUPPORTED */
3558 /* [mod = L=2048, N=224, SHA-1] - GP NOT SUPPORTED */
3559 /* [mod = L=2048, N=224, SHA-224] */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3560 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect91),
3561 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect91),
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3562 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect92),
3563 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect92),
3564 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect93),
3565 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect93),
3566 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect94),
3567 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect94),
3568 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect95),
3569 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect95),
3570 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect96),
3571 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect96),
3572 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect97),
3573 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect97),
3574 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect98),
3575 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect98),
3576 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect99),
3577 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect99),
3578 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect100),
3579 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect100),
3580 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect101),
3581 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect101),
3582 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect102),
3583 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect102),
3584 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect103),
3585 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect103),
3586 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect104),
3587 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect104),
3588 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect105),
3589 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect105),
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3590 /* [mod = L=2048, N=224, SHA-256] */
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3591 XTEST_AC_DSA_CASE(0, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect106),
3592 XTEST_AC_DSA_CASE(0, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect106),
3593 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect107),
3594 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect107),
3595 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect108),
3596 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect108),
3597 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect109),
3598 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect109),
3599 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect110),
3600 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect110),
3601 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect111),
3602 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect111),
3603 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect112),
3604 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect112),
3605 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect113),
3606 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect113),
3607 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect114),
3608 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect114),
3609 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect115),
3610 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect115),
3611 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect116),
3612 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect116),
3613 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect117),
3614 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect117),
3615 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect118),
3616 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect118),
3617 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect119),
3618 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect119),
3619 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect120),
3620 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect120),
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3621 /* [mod = L=2048, N=224, SHA-384] - GP NOT SUPPORTED */
3622 /* [mod = L=2048, N=224, SHA-512] - GP NOT SUPPORTED */
3623 /* [mod = L=2048, N=256, SHA-1] - GP NOT SUPPORTED */
3624 /* [mod = L=2048, N=256, SHA-224] */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3625 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect166),
3626 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect166),
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3627 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect167),
3628 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect167),
3629 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect168),
3630 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect168),
3631 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect169),
3632 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect169),
3633 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect170),
3634 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect170),
3635 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect171),
3636 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect171),
3637 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect172),
3638 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect172),
3639 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect173),
3640 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect173),
3641 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect174),
3642 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect174),
3643 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect175),
3644 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect175),
3645 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect176),
3646 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect176),
3647 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect177),
3648 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect177),
3649 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect178),
3650 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect178),
3651 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect179),
3652 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect179),
3653 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_VERIFY, ac_dsa_vect180),
3654 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA224, TEE_MODE_SIGN, ac_dsa_vect180),
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3655 /* [mod = L=2048, N=256, SHA-256] */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3656 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect181),
3657 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect181),
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3658 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect182),
3659 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect182),
3660 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect183),
3661 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect183),
3662 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect184),
3663 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect184),
3664 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect185),
3665 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect185),
3666 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect186),
3667 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect186),
3668 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect187),
3669 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect187),
3670 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect188),
3671 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect188),
3672 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect189),
3673 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect189),
3674 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect190),
3675 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect190),
3676 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect191),
3677 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect191),
3678 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect192),
3679 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect192),
3680 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect193),
3681 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect193),
3682 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect194),
3683 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect194),
3684 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect195),
3685 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect195),
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3686 /* [mod = L=2048, N=256, SHA-384] - GP NOT SUPPORTED */
3687 /* [mod = L=2048, N=256, SHA-512] - GP NOT SUPPORTED */
3688 /* [mod = L=3072, N=256, SHA-1] - GP NOT SUPPORTED */
3689 /* [mod = L=3072, N=256, SHA-224] - GP NOT SUPPORTED */
3690 /* [mod = L=3072, N=256, SHA-256] */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]3691 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect256),
3692 XTEST_AC_DSA_CASE(1, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect256),
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]3693 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect257),
3694 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect257),
3695 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect258),
3696 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect258),
3697 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect259),
3698 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect259),
3699 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect260),
3700 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect260),
3701 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect261),
3702 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect261),
3703 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect262),
3704 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect262),
3705 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect263),
3706 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect263),
3707 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect264),
3708 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect264),
3709 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect265),
3710 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect265),
3711 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect266),
3712 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect266),
3713 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect267),
3714 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect267),
3715 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect268),
3716 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect268),
3717 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect269),
3718 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect269),
3719 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_VERIFY, ac_dsa_vect270),
3720 XTEST_AC_DSA_CASE(15, TEE_ALG_DSA_SHA256, TEE_MODE_SIGN, ac_dsa_vect270),
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]3721 /* [mod = L=3072, N=256, SHA-384] - GP NOT SUPPORTED */
3722 /* [mod = L=3072, N=256, SHA-512] - GP NOT SUPPORTED */
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]3723
3724 /* ECDSA tests */
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]3725 /* [P-192] */
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3726 XTEST_AC_ECC_CASE(0, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3727 nist_186_2_ecdsa_testvector_1),
3728 XTEST_AC_ECC_CASE(0, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3729 nist_186_2_ecdsa_testvector_1),
3730 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3731 nist_186_2_ecdsa_testvector_2),
3732 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3733 nist_186_2_ecdsa_testvector_2),
3734 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3735 nist_186_2_ecdsa_testvector_3),
3736 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3737 nist_186_2_ecdsa_testvector_3),
3738 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3739 nist_186_2_ecdsa_testvector_4),
3740 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3741 nist_186_2_ecdsa_testvector_4),
3742 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3743 nist_186_2_ecdsa_testvector_5),
3744 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3745 nist_186_2_ecdsa_testvector_5),
3746 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3747 nist_186_2_ecdsa_testvector_6),
3748 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3749 nist_186_2_ecdsa_testvector_6),
3750 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3751 nist_186_2_ecdsa_testvector_7),
3752 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3753 nist_186_2_ecdsa_testvector_7),
3754 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3755 nist_186_2_ecdsa_testvector_8),
3756 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3757 nist_186_2_ecdsa_testvector_8),
3758 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3759 nist_186_2_ecdsa_testvector_9),
3760 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3761 nist_186_2_ecdsa_testvector_9),
3762 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3763 nist_186_2_ecdsa_testvector_10),
3764 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3765 nist_186_2_ecdsa_testvector_10),
3766 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3767 nist_186_2_ecdsa_testvector_11),
3768 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3769 nist_186_2_ecdsa_testvector_11),
3770 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3771 nist_186_2_ecdsa_testvector_12),
3772 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3773 nist_186_2_ecdsa_testvector_12),
3774 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3775 nist_186_2_ecdsa_testvector_13),
3776 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3777 nist_186_2_ecdsa_testvector_13),
3778 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3779 nist_186_2_ecdsa_testvector_14),
3780 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3781 nist_186_2_ecdsa_testvector_14),
3782 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_VERIFY,
3783 nist_186_2_ecdsa_testvector_15),
3784 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P192, TEE_MODE_SIGN,
3785 nist_186_2_ecdsa_testvector_15),
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]3786 /* [P-224] */
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3787 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3788 nist_186_2_ecdsa_testvector_16),
3789 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3790 nist_186_2_ecdsa_testvector_16),
3791 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3792 nist_186_2_ecdsa_testvector_17),
3793 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3794 nist_186_2_ecdsa_testvector_17),
3795 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3796 nist_186_2_ecdsa_testvector_18),
3797 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3798 nist_186_2_ecdsa_testvector_18),
3799 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3800 nist_186_2_ecdsa_testvector_19),
3801 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3802 nist_186_2_ecdsa_testvector_19),
3803 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3804 nist_186_2_ecdsa_testvector_20),
3805 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3806 nist_186_2_ecdsa_testvector_20),
3807 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3808 nist_186_2_ecdsa_testvector_21),
3809 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3810 nist_186_2_ecdsa_testvector_21),
3811 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3812 nist_186_2_ecdsa_testvector_22),
3813 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3814 nist_186_2_ecdsa_testvector_22),
3815 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3816 nist_186_2_ecdsa_testvector_23),
3817 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3818 nist_186_2_ecdsa_testvector_23),
3819 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3820 nist_186_2_ecdsa_testvector_24),
3821 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3822 nist_186_2_ecdsa_testvector_24),
3823 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3824 nist_186_2_ecdsa_testvector_25),
3825 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3826 nist_186_2_ecdsa_testvector_25),
3827 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3828 nist_186_2_ecdsa_testvector_26),
3829 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3830 nist_186_2_ecdsa_testvector_26),
3831 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3832 nist_186_2_ecdsa_testvector_27),
3833 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3834 nist_186_2_ecdsa_testvector_27),
3835 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3836 nist_186_2_ecdsa_testvector_28),
3837 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3838 nist_186_2_ecdsa_testvector_28),
3839 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3840 nist_186_2_ecdsa_testvector_29),
3841 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3842 nist_186_2_ecdsa_testvector_29),
3843 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_VERIFY,
3844 nist_186_2_ecdsa_testvector_30),
3845 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P224, TEE_MODE_SIGN,
3846 nist_186_2_ecdsa_testvector_30),
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]3847 /* [P-256] */
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3848 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3849 nist_186_2_ecdsa_testvector_31),
3850 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3851 nist_186_2_ecdsa_testvector_31),
3852 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3853 nist_186_2_ecdsa_testvector_32),
3854 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3855 nist_186_2_ecdsa_testvector_32),
3856 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3857 nist_186_2_ecdsa_testvector_33),
3858 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3859 nist_186_2_ecdsa_testvector_33),
3860 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3861 nist_186_2_ecdsa_testvector_34),
3862 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3863 nist_186_2_ecdsa_testvector_34),
3864 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3865 nist_186_2_ecdsa_testvector_35),
3866 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3867 nist_186_2_ecdsa_testvector_35),
3868 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3869 nist_186_2_ecdsa_testvector_36),
3870 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3871 nist_186_2_ecdsa_testvector_36),
3872 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3873 nist_186_2_ecdsa_testvector_37),
3874 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3875 nist_186_2_ecdsa_testvector_37),
3876 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3877 nist_186_2_ecdsa_testvector_38),
3878 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3879 nist_186_2_ecdsa_testvector_38),
3880 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3881 nist_186_2_ecdsa_testvector_39),
3882 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3883 nist_186_2_ecdsa_testvector_39),
3884 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3885 nist_186_2_ecdsa_testvector_40),
3886 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3887 nist_186_2_ecdsa_testvector_40),
3888 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3889 nist_186_2_ecdsa_testvector_41),
3890 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3891 nist_186_2_ecdsa_testvector_41),
3892 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3893 nist_186_2_ecdsa_testvector_42),
3894 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3895 nist_186_2_ecdsa_testvector_42),
3896 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3897 nist_186_2_ecdsa_testvector_43),
3898 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3899 nist_186_2_ecdsa_testvector_43),
3900 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3901 nist_186_2_ecdsa_testvector_44),
3902 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3903 nist_186_2_ecdsa_testvector_44),
3904 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_VERIFY,
3905 nist_186_2_ecdsa_testvector_45),
3906 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P256, TEE_MODE_SIGN,
3907 nist_186_2_ecdsa_testvector_45),
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]3908 /* [P-384] */
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3909 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3910 nist_186_2_ecdsa_testvector_46),
3911 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3912 nist_186_2_ecdsa_testvector_46),
3913 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3914 nist_186_2_ecdsa_testvector_47),
3915 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3916 nist_186_2_ecdsa_testvector_47),
3917 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3918 nist_186_2_ecdsa_testvector_48),
3919 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3920 nist_186_2_ecdsa_testvector_48),
3921 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3922 nist_186_2_ecdsa_testvector_49),
3923 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3924 nist_186_2_ecdsa_testvector_49),
3925 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3926 nist_186_2_ecdsa_testvector_50),
3927 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3928 nist_186_2_ecdsa_testvector_50),
3929 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3930 nist_186_2_ecdsa_testvector_51),
3931 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3932 nist_186_2_ecdsa_testvector_51),
3933 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3934 nist_186_2_ecdsa_testvector_52),
3935 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3936 nist_186_2_ecdsa_testvector_52),
3937 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3938 nist_186_2_ecdsa_testvector_53),
3939 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3940 nist_186_2_ecdsa_testvector_53),
3941 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3942 nist_186_2_ecdsa_testvector_54),
3943 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3944 nist_186_2_ecdsa_testvector_54),
3945 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3946 nist_186_2_ecdsa_testvector_55),
3947 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3948 nist_186_2_ecdsa_testvector_55),
3949 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3950 nist_186_2_ecdsa_testvector_56),
3951 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3952 nist_186_2_ecdsa_testvector_56),
3953 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3954 nist_186_2_ecdsa_testvector_57),
3955 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3956 nist_186_2_ecdsa_testvector_57),
3957 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3958 nist_186_2_ecdsa_testvector_58),
3959 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3960 nist_186_2_ecdsa_testvector_58),
3961 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3962 nist_186_2_ecdsa_testvector_59),
3963 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3964 nist_186_2_ecdsa_testvector_59),
3965 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_VERIFY,
3966 nist_186_2_ecdsa_testvector_60),
3967 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P384, TEE_MODE_SIGN,
3968 nist_186_2_ecdsa_testvector_60),
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]3969 /* [P-521] */
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]3970 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3971 nist_186_2_ecdsa_testvector_61),
3972 XTEST_AC_ECC_CASE(1, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3973 nist_186_2_ecdsa_testvector_61),
3974 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3975 nist_186_2_ecdsa_testvector_62),
3976 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3977 nist_186_2_ecdsa_testvector_62),
3978 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3979 nist_186_2_ecdsa_testvector_63),
3980 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3981 nist_186_2_ecdsa_testvector_63),
3982 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3983 nist_186_2_ecdsa_testvector_64),
3984 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3985 nist_186_2_ecdsa_testvector_64),
3986 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3987 nist_186_2_ecdsa_testvector_65),
3988 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3989 nist_186_2_ecdsa_testvector_65),
3990 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3991 nist_186_2_ecdsa_testvector_66),
3992 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3993 nist_186_2_ecdsa_testvector_66),
3994 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3995 nist_186_2_ecdsa_testvector_67),
3996 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
3997 nist_186_2_ecdsa_testvector_67),
3998 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
3999 nist_186_2_ecdsa_testvector_68),
4000 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4001 nist_186_2_ecdsa_testvector_68),
4002 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4003 nist_186_2_ecdsa_testvector_69),
4004 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4005 nist_186_2_ecdsa_testvector_69),
4006 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4007 nist_186_2_ecdsa_testvector_70),
4008 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4009 nist_186_2_ecdsa_testvector_70),
4010 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4011 nist_186_2_ecdsa_testvector_71),
4012 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4013 nist_186_2_ecdsa_testvector_71),
4014 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4015 nist_186_2_ecdsa_testvector_72),
4016 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4017 nist_186_2_ecdsa_testvector_72),
4018 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4019 nist_186_2_ecdsa_testvector_73),
4020 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4021 nist_186_2_ecdsa_testvector_73),
4022 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4023 nist_186_2_ecdsa_testvector_74),
4024 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4025 nist_186_2_ecdsa_testvector_74),
4026 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_VERIFY,
4027 nist_186_2_ecdsa_testvector_75),
4028 XTEST_AC_ECC_CASE(15, TEE_ALG_ECDSA_P521, TEE_MODE_SIGN,
4029 nist_186_2_ecdsa_testvector_75),
Cedric Chaumontc7654962015-09-09 14:56:36 +0200[diff] [blame]4030 /* [K-163] - GP NOT SUPPORTED */
4031 /* [K-233] - GP NOT SUPPORTED */
4032 /* [K-283] - GP NOT SUPPORTED */
4033 /* [K-409] - GP NOT SUPPORTED */
4034 /* [K-571] - GP NOT SUPPORTED */
4035 /* [B-163] - GP NOT SUPPORTED */
4036 /* [B-233] - GP NOT SUPPORTED */
4037 /* [B-283] - GP NOT SUPPORTED */
4038 /* [B-409] - GP NOT SUPPORTED */
4039 /* [B-571] - GP NOT SUPPORTED */
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4040
4041 XTEST_AC_ECC_CASE(0, TEE_ALG_SM2_PKE, TEE_MODE_ENCRYPT,
4042 gmt_0003_part5_c2_sm2_testvector),
4043 XTEST_AC_ECC_CASE(0, TEE_ALG_SM2_PKE, TEE_MODE_DECRYPT,
4044 gmt_0003_part5_c2_sm2_testvector),
4045 XTEST_AC_ECC_CASE(0, TEE_ALG_SM2_PKE, TEE_MODE_ENCRYPT,
4046 sm2_testvector2),
Jerome Forissier849b57e2019-12-19 16:37:14 +0100[diff] [blame]4047
4048 XTEST_AC_ECC_CASE(0, TEE_ALG_SM2_DSA_SM3, TEE_MODE_VERIFY,
4049 gmt_003_part5_a2),
4050 XTEST_AC_ECC_CASE(0, TEE_ALG_SM2_DSA_SM3, TEE_MODE_SIGN,
4051 gmt_003_part5_a2),
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4052};
4053
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]4054static const struct xtest_ac_case xtest_ac_eddsa_cases[] = {
4055
4056 XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_SIGN,
4057 ed25519_rfc_8032_7_1, 0),
4058 XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_VERIFY,
4059 ed25519_rfc_8032_7_1, 0),
4060
4061 XTEST_AC_EDDSA_CTX_CASE(0, TEE_ALG_ED25519, TEE_MODE_SIGN,
4062 ed25519ctx_rfc_8032_7_2, 0),
4063 XTEST_AC_EDDSA_CTX_CASE(0, TEE_ALG_ED25519, TEE_MODE_VERIFY,
4064 ed25519ctx_rfc_8032_7_2, 0),
4065
4066 XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_SIGN,
4067 ed25519ph_rfc_8032_7_3, 1),
4068 XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_VERIFY,
4069 ed25519ph_rfc_8032_7_3, 1),
4070};
4071
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4072static bool create_key(ADBG_Case_t *c, TEEC_Session *s,
4073 uint32_t max_key_size, uint32_t key_type,
4074 TEE_Attribute *attrs, size_t num_attrs,
4075 TEE_ObjectHandle *handle)
4076{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4077 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4078
4079 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4080 ta_crypt_cmd_allocate_transient_object(c, s, key_type,
4081 max_key_size, handle)))
4082 return false;
4083
4084 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4085 ta_crypt_cmd_populate_transient_object(c, s, *handle, attrs,
4086 num_attrs)))
4087 return false;
4088
4089 for (n = 0; n < num_attrs; n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4090 uint8_t out[512] = { };
4091 size_t out_size = sizeof(out);
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4092
4093 if (attrs[n].attributeID == TEE_ATTR_ECC_CURVE)
4094 continue;
4095
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4096 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4097 ta_crypt_cmd_get_object_buffer_attribute(c, s, *handle,
4098 attrs[n].attributeID, out, &out_size)))
4099 return false;
4100
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4101 if (out_size < attrs[n].content.ref.length) {
4102 memmove(out + (attrs[n].content.ref.length - out_size),
4103 out,
4104 attrs[n].content.ref.length);
4105 memset(out, 0, attrs[n].content.ref.length - out_size);
4106 out_size = attrs[n].content.ref.length;
4107 }
4108
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4109 if (!ADBG_EXPECT_BUFFER(c, attrs[n].content.ref.buffer,
4110 attrs[n].content.ref.length, out, out_size))
4111 return false;
4112 }
4113
4114 return true;
4115}
4116
Jerome Forissier26393882022-03-09 21:22:30 +0100[diff] [blame]4117#define XTEST_NO_CURVE 0xFFFFFFFF /* implementation-defined as per GP spec */
4118
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4119static void xtest_tee_test_4006(ADBG_Case_t *c)
4120{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4121 TEEC_Session session = { };
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4122 TEEC_Result res = TEEC_ERROR_NOT_SUPPORTED;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4123 TEE_OperationHandle op = TEE_HANDLE_NULL;
4124 TEE_ObjectHandle priv_key_handle = TEE_HANDLE_NULL;
4125 TEE_ObjectHandle pub_key_handle = TEE_HANDLE_NULL;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4126 TEE_Attribute key_attrs[8] = { };
Jens Wiklander1f06b7d2022-12-02 21:49:57 +0100[diff] [blame]4127 TEE_Attribute algo_params[2] = { };
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4128 size_t num_algo_params = 0;
4129 uint8_t out[512] = { };
4130 size_t out_size = 0;
4131 uint8_t out_enc[512] = { };
4132 size_t out_enc_size = 0;
4133 uint8_t ptx_hash[TEE_MAX_HASH_SIZE] = { };
Etienne Carriere481c6602019-01-22 13:27:26 +0100[diff] [blame]4134 size_t ptx_hash_size = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4135 size_t max_key_size = 0;
4136 size_t num_key_attrs = 0;
4137 uint32_t ret_orig = 0;
4138 size_t n = 0;
4139 uint32_t curve = 0;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4140 uint32_t pub_key_type = 0;
4141 uint32_t priv_key_type = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4142 uint32_t hash_algo = 0;
Etienne Carrierea286b572023-06-28 14:30:19 +0200[diff] [blame]4143 uint32_t sha1_algo_id = TEE_ALG_SHA1;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4144
4145 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4146 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4147 &ret_orig)))
4148 return;
4149
4150 for (n = 0; n < ARRAY_SIZE(xtest_ac_cases); n++) {
4151 const struct xtest_ac_case *tv = xtest_ac_cases + n;
4152
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]4153 if (tv->level > level)
4154 continue;
4155
Jerome Forissier4b03e282020-01-22 16:33:12 +0100[diff] [blame]4156 if ((tv->algo == TEE_ALG_SM2_PKE ||
4157 tv->algo == TEE_ALG_SM2_DSA_SM3) &&
4158 !ta_crypt_cmd_is_algo_supported(c, &session, tv->algo,
4159 TEE_ECC_CURVE_SM2)) {
4160 Do_ADBG_Log("SM2 not supported: skip subcase");
4161 continue;
4162 }
4163
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4164 Do_ADBG_BeginSubCase(c, "Asym Crypto case %d algo 0x%x line %d",
4165 (int)n, (unsigned int)tv->algo,
4166 (int)tv->line);
4167
4168 /*
4169 * When signing or verifying we're working with the hash of
4170 * the payload.
4171 */
4172 if (tv->mode == TEE_MODE_VERIFY || tv->mode == TEE_MODE_SIGN) {
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4173 if (TEE_ALG_GET_MAIN_ALG(tv->algo) == TEE_MAIN_ALGO_ECDSA)
4174 hash_algo = TEE_ALG_SHA1;
Gabor Szekely2ad190f2018-09-14 14:05:06 +0000[diff] [blame]4175#if defined(CFG_CRYPTO_RSASSA_NA1)
4176 else if (tv->algo == TEE_ALG_RSASSA_PKCS1_V1_5)
4177 hash_algo = TEE_ALG_SHA256;
4178#endif
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4179 else
4180 hash_algo = TEE_ALG_HASH_ALGO(
4181 TEE_ALG_GET_DIGEST_HASH(tv->algo));
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4182
4183 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4184 ta_crypt_cmd_allocate_operation(c, &session,
4185 &op, hash_algo, TEE_MODE_DIGEST, 0)))
4186 goto out;
4187
4188 ptx_hash_size = sizeof(ptx_hash);
4189 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4190 ta_crypt_cmd_digest_do_final(c, & session, op,
4191 tv->ptx, tv->ptx_len, ptx_hash,
4192 &ptx_hash_size)))
4193 goto out;
4194
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]4195 /*
4196 * When we use DSA algorithms, the size of the hash we
4197 * consider equals the min between the size of the
4198 * "subprime" in the key and the size of the hash
4199 */
4200 if (TEE_ALG_GET_MAIN_ALG(tv->algo) ==
4201 TEE_MAIN_ALGO_DSA) {
4202 if (tv->params.dsa.sub_prime_len <=
4203 ptx_hash_size)
4204 ptx_hash_size =
4205 tv->params.dsa.sub_prime_len;
4206 }
4207
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4208 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4209 ta_crypt_cmd_free_operation(c, &session, op)))
4210 goto out;
4211 }
4212
4213 num_algo_params = 0;
4214 num_key_attrs = 0;
4215 switch (TEE_ALG_GET_MAIN_ALG(tv->algo)) {
4216 case TEE_MAIN_ALGO_RSA:
4217 if (tv->params.rsa.salt_len > 0) {
4218 algo_params[0].attributeID =
4219 TEE_ATTR_RSA_PSS_SALT_LENGTH;
4220 algo_params[0].content.value.a =
4221 tv->params.rsa.salt_len;
4222 algo_params[0].content.value.b = 0;
4223 num_algo_params = 1;
4224 }
4225
4226 max_key_size = tv->params.rsa.modulus_len * 8;
4227
4228 xtest_add_attr(&num_key_attrs, key_attrs,
4229 TEE_ATTR_RSA_MODULUS,
4230 tv->params.rsa.modulus,
4231 tv->params.rsa.modulus_len);
4232 xtest_add_attr(&num_key_attrs, key_attrs,
4233 TEE_ATTR_RSA_PUBLIC_EXPONENT,
4234 tv->params.rsa.pub_exp,
4235 tv->params.rsa.pub_exp_len);
4236
4237 if (!ADBG_EXPECT_TRUE(c,
4238 create_key(c, &session,
4239 max_key_size,
4240 TEE_TYPE_RSA_PUBLIC_KEY,
4241 key_attrs,
4242 num_key_attrs,
4243 &pub_key_handle)))
4244 goto out;
4245
4246 xtest_add_attr(&num_key_attrs, key_attrs,
4247 TEE_ATTR_RSA_PRIVATE_EXPONENT,
4248 tv->params.rsa.priv_exp,
4249 tv->params.rsa.priv_exp_len);
4250
4251 if (tv->params.rsa.prime1_len != 0) {
4252 xtest_add_attr(&num_key_attrs, key_attrs,
4253 TEE_ATTR_RSA_PRIME1,
4254 tv->params.rsa.prime1,
4255 tv->params.rsa.prime1_len);
4256 }
4257
4258 if (tv->params.rsa.prime2_len != 0) {
4259 xtest_add_attr(&num_key_attrs, key_attrs,
4260 TEE_ATTR_RSA_PRIME2,
4261 tv->params.rsa.prime2,
4262 tv->params.rsa.prime2_len);
4263 }
4264
4265 if (tv->params.rsa.exp1_len != 0) {
4266 xtest_add_attr(&num_key_attrs, key_attrs,
4267 TEE_ATTR_RSA_EXPONENT1,
4268 tv->params.rsa.exp1,
4269 tv->params.rsa.exp1_len);
4270 }
4271
4272 if (tv->params.rsa.exp2_len != 0) {
4273 xtest_add_attr(&num_key_attrs, key_attrs,
4274 TEE_ATTR_RSA_EXPONENT2,
4275 tv->params.rsa.exp2,
4276 tv->params.rsa.exp2_len);
4277 }
4278
4279 if (tv->params.rsa.coeff_len != 0) {
4280 xtest_add_attr(&num_key_attrs, key_attrs,
4281 TEE_ATTR_RSA_COEFFICIENT,
4282 tv->params.rsa.coeff,
4283 tv->params.rsa.coeff_len);
4284 }
4285
4286 if (!ADBG_EXPECT_TRUE(c,
4287 create_key(c, &session,
4288 max_key_size,
4289 TEE_TYPE_RSA_KEYPAIR,
4290 key_attrs,
4291 num_key_attrs,
4292 &priv_key_handle)))
4293 goto out;
4294 break;
4295
4296 case TEE_MAIN_ALGO_DSA:
4297 max_key_size = tv->params.dsa.prime_len * 8;
4298
4299 xtest_add_attr(&num_key_attrs, key_attrs,
4300 TEE_ATTR_DSA_PRIME,
4301 tv->params.dsa.prime,
4302 tv->params.dsa.prime_len);
4303 xtest_add_attr(&num_key_attrs, key_attrs,
4304 TEE_ATTR_DSA_SUBPRIME,
4305 tv->params.dsa.sub_prime,
4306 tv->params.dsa.sub_prime_len);
4307 xtest_add_attr(&num_key_attrs, key_attrs,
4308 TEE_ATTR_DSA_BASE,
4309 tv->params.dsa.base,
4310 tv->params.dsa.base_len);
4311 xtest_add_attr(&num_key_attrs, key_attrs,
4312 TEE_ATTR_DSA_PUBLIC_VALUE,
4313 tv->params.dsa.pub_val,
4314 tv->params.dsa.pub_val_len);
4315
4316 if (!ADBG_EXPECT_TRUE(c,
4317 create_key(c, &session, max_key_size,
4318 TEE_TYPE_DSA_PUBLIC_KEY, key_attrs,
4319 num_key_attrs, &pub_key_handle)))
4320 goto out;
4321
4322 xtest_add_attr(&num_key_attrs, key_attrs,
4323 TEE_ATTR_DSA_PRIVATE_VALUE,
4324 tv->params.dsa.priv_val,
4325 tv->params.dsa.priv_val_len);
4326
4327 if (!ADBG_EXPECT_TRUE(c,
4328 create_key(c, &session, max_key_size,
4329 TEE_TYPE_DSA_KEYPAIR, key_attrs,
4330 num_key_attrs, &priv_key_handle)))
4331 goto out;
4332 break;
4333
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4334 case TEE_MAIN_ALGO_ECDSA:
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4335 case TEE_MAIN_ALGO_SM2_PKE:
Jerome Forissier849b57e2019-12-19 16:37:14 +0100[diff] [blame]4336 case TEE_MAIN_ALGO_SM2_DSA_SM3:
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4337 switch (tv->algo) {
4338 case TEE_ALG_ECDSA_P192:
4339 curve = TEE_ECC_CURVE_NIST_P192;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4340 pub_key_type = TEE_TYPE_ECDSA_PUBLIC_KEY;
4341 priv_key_type = TEE_TYPE_ECDSA_KEYPAIR;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4342 break;
4343 case TEE_ALG_ECDSA_P224:
4344 curve = TEE_ECC_CURVE_NIST_P224;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4345 pub_key_type = TEE_TYPE_ECDSA_PUBLIC_KEY;
4346 priv_key_type = TEE_TYPE_ECDSA_KEYPAIR;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4347 break;
4348 case TEE_ALG_ECDSA_P256:
4349 curve = TEE_ECC_CURVE_NIST_P256;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4350 pub_key_type = TEE_TYPE_ECDSA_PUBLIC_KEY;
4351 priv_key_type = TEE_TYPE_ECDSA_KEYPAIR;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4352 break;
4353 case TEE_ALG_ECDSA_P384:
4354 curve = TEE_ECC_CURVE_NIST_P384;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4355 pub_key_type = TEE_TYPE_ECDSA_PUBLIC_KEY;
4356 priv_key_type = TEE_TYPE_ECDSA_KEYPAIR;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4357 break;
4358 case TEE_ALG_ECDSA_P521:
4359 curve = TEE_ECC_CURVE_NIST_P521;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4360 pub_key_type = TEE_TYPE_ECDSA_PUBLIC_KEY;
4361 priv_key_type = TEE_TYPE_ECDSA_KEYPAIR;
4362 break;
4363 case TEE_ALG_SM2_PKE:
Jerome Forissier26393882022-03-09 21:22:30 +0100[diff] [blame]4364 curve = XTEST_NO_CURVE;
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4365 pub_key_type = TEE_TYPE_SM2_PKE_PUBLIC_KEY;
4366 priv_key_type = TEE_TYPE_SM2_PKE_KEYPAIR;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4367 break;
Jerome Forissier849b57e2019-12-19 16:37:14 +0100[diff] [blame]4368 case TEE_ALG_SM2_DSA_SM3:
Jerome Forissier26393882022-03-09 21:22:30 +0100[diff] [blame]4369 curve = XTEST_NO_CURVE;
Jerome Forissier849b57e2019-12-19 16:37:14 +0100[diff] [blame]4370 pub_key_type = TEE_TYPE_SM2_DSA_PUBLIC_KEY;
4371 priv_key_type = TEE_TYPE_SM2_DSA_KEYPAIR;
4372 break;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4373 default:
4374 curve = 0xFF;
4375 break;
4376 }
4377
4378 if (tv->algo == TEE_ALG_ECDSA_P521)
4379 max_key_size = 521;
4380 else
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]4381 max_key_size = tv->params.ecc.private_len * 8;
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4382
Jerome Forissier26393882022-03-09 21:22:30 +0100[diff] [blame]4383 if (curve != XTEST_NO_CURVE)
4384 xtest_add_attr_value(&num_key_attrs, key_attrs,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4385 TEE_ATTR_ECC_CURVE, curve, 0);
4386 xtest_add_attr(&num_key_attrs, key_attrs,
4387 TEE_ATTR_ECC_PUBLIC_VALUE_X,
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]4388 tv->params.ecc.public_x,
4389 tv->params.ecc.public_x_len);
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4390 xtest_add_attr(&num_key_attrs, key_attrs,
4391 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]4392 tv->params.ecc.public_y,
4393 tv->params.ecc.public_y_len);
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4394
4395 if (!ADBG_EXPECT_TRUE(c,
4396 create_key(c, &session, max_key_size,
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4397 pub_key_type, key_attrs,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4398 num_key_attrs, &pub_key_handle)))
4399 goto out;
4400
4401 xtest_add_attr(&num_key_attrs, key_attrs,
4402 TEE_ATTR_ECC_PRIVATE_VALUE,
Jerome Forissier3fbfd0d2019-12-17 16:44:01 +0100[diff] [blame]4403 tv->params.ecc.private,
4404 tv->params.ecc.private_len);
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4405
4406 if (!ADBG_EXPECT_TRUE(c,
4407 create_key(c, &session, max_key_size,
Jerome Forissierb6f5ac92019-12-19 16:37:14 +0100[diff] [blame]4408 priv_key_type, key_attrs,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4409 num_key_attrs, &priv_key_handle)))
4410 goto out;
4411 break;
4412
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4413 default:
4414 ADBG_EXPECT_TRUE(c, false);
4415 goto out;
4416 }
4417
4418 out_size = sizeof(out);
4419 memset(out, 0, sizeof(out));
4420 switch (tv->mode) {
4421 case TEE_MODE_ENCRYPT:
4422 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4423 ta_crypt_cmd_allocate_operation(c, &session,
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4424 &op, tv->algo, TEE_MODE_ENCRYPT,
4425 max_key_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4426 goto out;
4427
4428 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4429 ta_crypt_cmd_set_operation_key(c, &session, op,
4430 pub_key_handle)))
4431 goto out;
4432
4433 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4434 ta_crypt_cmd_free_transient_object(c, &session,
4435 pub_key_handle)))
4436 goto out;
4437 pub_key_handle = TEE_HANDLE_NULL;
4438
Jens Wiklander1f06b7d2022-12-02 21:49:57 +0100[diff] [blame]4439 num_algo_params = 0;
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4440 if (tv->algo == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1 ||
4441 tv->algo == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) {
Jens Wiklander1f06b7d2022-12-02 21:49:57 +0100[diff] [blame]4442 algo_params[0].attributeID =
4443 TEE_ATTR_RSA_OAEP_MGF_HASH;
4444 algo_params[0].content.ref.length =
Etienne Carrierea286b572023-06-28 14:30:19 +0200[diff] [blame]4445 sizeof(sha1_algo_id);
Jens Wiklander1f06b7d2022-12-02 21:49:57 +0100[diff] [blame]4446 algo_params[0].content.ref.buffer =
Etienne Carrierea286b572023-06-28 14:30:19 +0200[diff] [blame]4447 &sha1_algo_id;
Jens Wiklander1f06b7d2022-12-02 21:49:57 +0100[diff] [blame]4448 num_algo_params = 1;
4449 }
4450
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4451 out_enc_size = sizeof(out_enc);
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4452 res = ta_crypt_cmd_asymmetric_encrypt(c, &session, op,
Jens Wiklander1f06b7d2022-12-02 21:49:57 +0100[diff] [blame]4453 algo_params, num_algo_params, tv->ptx,
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4454 tv->ptx_len, out_enc, &out_enc_size);
4455
4456 if (tv->algo == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256 &&
4457 res == TEEC_ERROR_NOT_SUPPORTED) {
4458 Do_ADBG_Log("RSA-OAEP with a different MGF1 hash not supported: skip subcase");
4459 break;
4460 }
4461
4462 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4463 goto out;
4464
4465 /*
4466 * A PS which is random is added when formatting the
4467 * message internally of the algorithm so we can't
4468 * verify against precomputed values, instead we use the
4469 * decrypt operation to see that output is correct.
4470 */
4471
4472 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4473 ta_crypt_cmd_free_operation(c, &session, op)))
4474 goto out;
4475
4476 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4477 ta_crypt_cmd_allocate_operation(c, &session,
4478 &op, tv->algo, TEE_MODE_DECRYPT,
4479 max_key_size)))
4480 goto out;
4481
4482 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4483 ta_crypt_cmd_set_operation_key(c, &session, op,
4484 priv_key_handle)))
4485 goto out;
4486
4487 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4488 ta_crypt_cmd_free_transient_object(c, &session,
4489 priv_key_handle)))
4490 goto out;
4491
4492 priv_key_handle = TEE_HANDLE_NULL;
4493
4494 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4495 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4496 algo_params, num_algo_params, out_enc,
4497 out_enc_size, out, &out_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4498 goto out;
4499
4500 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
4501 out_size);
4502 break;
4503
4504 case TEE_MODE_DECRYPT:
4505 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4506 ta_crypt_cmd_allocate_operation(c, &session,
4507 &op, tv->algo, TEE_MODE_DECRYPT,
4508 max_key_size)))
4509 goto out;
4510
4511 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4512 ta_crypt_cmd_set_operation_key(c, &session, op,
4513 priv_key_handle)))
4514 goto out;
4515
4516 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4517 ta_crypt_cmd_free_transient_object(c, &session,
4518 priv_key_handle)))
4519 goto out;
4520
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4521 num_algo_params = 0;
4522 if (tv->algo == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1 ||
4523 tv->algo == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) {
4524 algo_params[0].attributeID =
4525 TEE_ATTR_RSA_OAEP_MGF_HASH;
4526 algo_params[0].content.ref.length =
4527 sizeof(sha1_algo_id);
4528 algo_params[0].content.ref.buffer =
4529 &sha1_algo_id;
4530 num_algo_params = 1;
4531 }
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4532
Sami Tolvanenf3e46d42024-04-09 21:50:41 +0000[diff] [blame]4533 priv_key_handle = TEE_HANDLE_NULL;
4534 res = ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
4535 algo_params, num_algo_params, tv->ctx,
4536 tv->ctx_len, out, &out_size);
4537
4538 if (tv->algo == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256 &&
4539 res == TEEC_ERROR_NOT_SUPPORTED) {
4540 Do_ADBG_Log("RSA-OAEP with a different MGF1 hash not supported: skip subcase");
4541 break;
4542 }
4543
4544 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4545 goto out;
4546
4547 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
4548 out_size);
4549 break;
4550
4551 case TEE_MODE_VERIFY:
4552 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4553 ta_crypt_cmd_allocate_operation(c, &session,
4554 &op, tv->algo, TEE_MODE_VERIFY,
4555 max_key_size)))
4556 goto out;
4557
4558 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4559 ta_crypt_cmd_set_operation_key(c, &session, op,
4560 pub_key_handle)))
4561 goto out;
4562
4563 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4564 ta_crypt_cmd_free_transient_object(c, &session,
4565 pub_key_handle)))
4566 goto out;
4567
4568 pub_key_handle = TEE_HANDLE_NULL;
4569
4570 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4571 ta_crypt_cmd_asymmetric_verify(c, &session, op,
4572 algo_params, num_algo_params, ptx_hash,
4573 ptx_hash_size, tv->ctx, tv->ctx_len)))
4574 goto out;
4575 break;
4576
4577 case TEE_MODE_SIGN:
4578 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4579 ta_crypt_cmd_allocate_operation(c, &session,
4580 &op, tv->algo, TEE_MODE_SIGN,
4581 max_key_size)))
4582 goto out;
4583
4584 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4585 ta_crypt_cmd_set_operation_key(c, &session, op,
4586 priv_key_handle)))
4587 goto out;
4588
4589 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4590 ta_crypt_cmd_free_transient_object(c, &session,
4591 priv_key_handle)))
4592 goto out;
4593
4594 priv_key_handle = TEE_HANDLE_NULL;
4595
4596 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4597 ta_crypt_cmd_asymmetric_sign(c, &session, op,
4598 algo_params, num_algo_params, ptx_hash,
4599 ptx_hash_size, out, &out_size)))
4600 goto out;
4601
4602 if (TEE_ALG_GET_CHAIN_MODE(tv->algo) ==
4603 TEE_CHAIN_MODE_PKCS1_PSS_MGF1 ||
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4604 tv->algo == TEE_ALG_DSA_SHA1 ||
Cedric Chaumontb2ba8782015-09-03 13:23:05 +0200[diff] [blame]4605 tv->algo == TEE_ALG_DSA_SHA224 ||
4606 tv->algo == TEE_ALG_DSA_SHA256 ||
Pascal Brand3e143ee2015-07-15 17:17:16 +0200[diff] [blame]4607 TEE_ALG_GET_MAIN_ALG(tv->algo) ==
Jerome Forissier849b57e2019-12-19 16:37:14 +0100[diff] [blame]4608 TEE_MAIN_ALGO_ECDSA ||
4609 tv->algo == TEE_ALG_SM2_DSA_SM3) {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4610 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4611 ta_crypt_cmd_free_operation(c, &session,
4612 op)))
4613 goto out;
4614 /*
4615 * The salt or K is random so we can't verify
4616 * signing against precomputed values, instead
4617 * we use the verify operation to see that
4618 * output is correct.
4619 */
4620 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4621 ta_crypt_cmd_allocate_operation(c,
4622 &session, &op, tv->algo,
4623 TEE_MODE_VERIFY, max_key_size)))
4624 goto out;
4625
4626 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4627 ta_crypt_cmd_set_operation_key(c,
4628 &session, op, pub_key_handle)))
4629 goto out;
4630
4631 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4632 ta_crypt_cmd_free_transient_object(c,
4633 &session, pub_key_handle)))
4634 goto out;
4635
4636 pub_key_handle = TEE_HANDLE_NULL;
4637
4638 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4639 ta_crypt_cmd_asymmetric_verify(c,
4640 &session, op, algo_params,
4641 num_algo_params, ptx_hash,
4642 ptx_hash_size, out, out_size)))
4643 goto out;
4644 } else {
4645 (void)ADBG_EXPECT_BUFFER(c, tv->ctx,
4646 tv->ctx_len, out,
4647 out_size);
4648 }
4649 break;
4650
4651 default:
4652 break;
4653 }
4654
4655 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4656 ta_crypt_cmd_free_operation(c, &session, op)))
4657 goto out;
4658
4659 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4660 ta_crypt_cmd_free_transient_object(c, &session,
4661 pub_key_handle)))
4662 goto out;
4663 pub_key_handle = TEE_HANDLE_NULL;
4664
4665 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4666 ta_crypt_cmd_free_transient_object(c, &session,
4667 priv_key_handle)))
4668 goto out;
4669
4670 priv_key_handle = TEE_HANDLE_NULL;
4671
4672 Do_ADBG_EndSubCase(c, NULL);
4673 }
4674out:
4675 TEEC_CloseSession(&session);
4676}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]4677ADBG_CASE_DEFINE(regression, 4006, xtest_tee_test_4006,
4678 "Test TEE Internal API Asymmetric Cipher operations");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4679
4680#define KEY_ATTR(x, y) { #x, (x), y }
4681
4682struct key_attrs {
4683 const char *name;
4684 uint32_t attr;
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]4685 /*
4686 * When keysize_check != 0: size of attribute is checked
4687 * Expected value is key_size bits except for DH in which case it is
4688 * the value of keysize_check.
4689 */
4690 uint32_t keysize_check;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4691};
4692
Clement Faure967368b2024-01-30 12:20:40 +0100[diff] [blame]4693static bool is_caam_black_key(uint8_t *buf, size_t size)
4694{
4695 /*
4696 * This value is a magic number for the a CAAM Black key. This value
4697 * must match the value defined in optee-os
4698 * core/drivers/crypto/caam/caam_key.c
4699 */
4700 const uint8_t magic_number[4] = {0xFB, 0xBF, 0xAF, 0xCA};
4701
4702 if (size < sizeof(magic_number))
4703 return false;
4704
4705 return !memcmp(buf, magic_number, sizeof(magic_number));
4706}
4707
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4708static bool test_keygen_attributes(ADBG_Case_t *c, TEEC_Session *s,
4709 TEE_ObjectHandle key, uint32_t key_size,
4710 struct key_attrs *attrs, size_t num_attrs)
4711{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4712 uint8_t out[2048] = { };
4713 size_t out_size = 0;
4714 size_t n = 0;
4715 size_t m = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4716
4717 for (m = 0; m < num_attrs; m++) {
4718 if ((attrs[m].attr & TEE_ATTR_BIT_VALUE) == 0) {
4719 out_size = sizeof(out);
4720 memset(out, 0, sizeof(out));
4721 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4722 ta_crypt_cmd_get_object_buffer_attribute(c, s,
4723 key, attrs[m].attr, out, &out_size)))
4724 return false;
4725
Clement Faure967368b2024-01-30 12:20:40 +0100[diff] [blame]4726 /*
4727 * Check for CAAM black key header. If the buffer holds
4728 * a CAAM black key, do not check the key size as the
4729 * buffer size and the key size do not match.
4730 */
4731 if (attrs[m].keysize_check &&
4732 !is_caam_black_key(out, out_size))
Jerome Forissierfe94e562020-11-17 17:22:40 +0100[diff] [blame]4733 ADBG_EXPECT_COMPARE_UNSIGNED(c, out_size, <=,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4734 key_size / 8);
4735
4736 if (out_size > 0) {
4737 /* Check that buffer isn't all zeroes */
4738 for (n = 0; n < out_size; n++)
4739 if (out[n] != 0)
4740 break;
4741 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <,
4742 out_size))
4743 return false;
4744 }
4745 } else {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4746 uint32_t a = 0;
4747 uint32_t b = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4748
4749 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4750 ta_crypt_cmd_get_object_value_attribute(c, s, key,
4751 attrs[m].attr, &a, &b)))
4752 return false;
4753 }
4754 }
4755 return true;
4756}
4757
4758static bool test_secret_value(ADBG_Case_t *c, TEEC_Session *s,
4759 TEE_ObjectHandle key, uint32_t key_size)
4760{
4761 const struct key_attrs attrs[] = {
4762 KEY_ATTR(TEE_ATTR_SECRET_VALUE, true),
4763 };
4764
4765 return test_keygen_attributes(c, s, key, key_size,
4766 (struct key_attrs *)&attrs,
4767 ARRAY_SIZE(attrs));
4768}
4769
4770
4771static bool test_rsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
4772 TEE_ObjectHandle key, uint32_t key_size)
4773{
4774 const struct key_attrs attrs[] = {
4775 KEY_ATTR(TEE_ATTR_RSA_MODULUS, true),
4776 KEY_ATTR(TEE_ATTR_RSA_PUBLIC_EXPONENT, false),
4777 KEY_ATTR(TEE_ATTR_RSA_PRIVATE_EXPONENT, false),
4778 KEY_ATTR(TEE_ATTR_RSA_PRIME1, false),
4779 KEY_ATTR(TEE_ATTR_RSA_PRIME2, false),
4780 KEY_ATTR(TEE_ATTR_RSA_EXPONENT1, false),
4781 KEY_ATTR(TEE_ATTR_RSA_EXPONENT2, false),
4782 KEY_ATTR(TEE_ATTR_RSA_COEFFICIENT, false),
4783 };
4784
4785 return test_keygen_attributes(c, s, key, key_size,
4786 (struct key_attrs *)&attrs,
4787 ARRAY_SIZE(attrs));
4788}
4789
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4790static bool test_ecc_key_pair(ADBG_Case_t *c, TEEC_Session *s,
4791 TEE_ObjectHandle key, uint32_t key_size)
4792{
4793 const struct key_attrs attrs[] = {
4794 KEY_ATTR(TEE_ATTR_ECC_PRIVATE_VALUE, false),
4795 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_X , false),
4796 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_Y , false),
4797 /* KEY_ATTR(TEE_ATTR_ECC_CURVE, false), - do not test */
4798 };
4799
4800 return test_keygen_attributes(c, s, key, key_size,
4801 (struct key_attrs *)&attrs,
4802 ARRAY_SIZE(attrs));
4803}
4804
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4805static bool test_dh_key_pair(ADBG_Case_t *c, TEEC_Session *s,
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]4806 TEE_ObjectHandle key, uint32_t check_keysize)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4807{
4808 const struct key_attrs attrs[] = {
4809 KEY_ATTR(TEE_ATTR_DH_PRIME, false),
4810 KEY_ATTR(TEE_ATTR_DH_BASE, false),
4811 KEY_ATTR(TEE_ATTR_DH_PUBLIC_VALUE, false),
4812 KEY_ATTR(TEE_ATTR_DH_PRIVATE_VALUE, check_keysize),
4813 KEY_ATTR(TEE_ATTR_DH_X_BITS, false),
4814 };
4815
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]4816 return test_keygen_attributes(c, s, key, check_keysize,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4817 (struct key_attrs *)&attrs,
4818 ARRAY_SIZE(attrs));
4819}
4820
4821static bool test_dsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
4822 TEE_ObjectHandle key, uint32_t key_size)
4823{
4824 const struct key_attrs attrs[] = {
4825 KEY_ATTR(TEE_ATTR_DSA_PRIME, true),
4826 KEY_ATTR(TEE_ATTR_DSA_SUBPRIME, false),
4827 KEY_ATTR(TEE_ATTR_DSA_BASE, false),
4828 KEY_ATTR(TEE_ATTR_DSA_PUBLIC_VALUE, false),
4829 KEY_ATTR(TEE_ATTR_DSA_PRIVATE_VALUE, false),
4830 };
4831
4832 return test_keygen_attributes(c, s, key, key_size,
4833 (struct key_attrs *)&attrs,
4834 ARRAY_SIZE(attrs));
4835}
4836
Sohaib ul Hassan00b3f2c2022-04-11 08:45:08 +0300[diff] [blame]4837static bool test_x25519_key_pair(ADBG_Case_t *c, TEEC_Session *s,
4838 TEE_ObjectHandle key, uint32_t key_size)
4839{
4840 const struct key_attrs attrs[] = {
4841 KEY_ATTR(TEE_ATTR_X25519_PRIVATE_VALUE, false),
4842 KEY_ATTR(TEE_ATTR_X25519_PUBLIC_VALUE, false),
4843 };
4844
4845 return test_keygen_attributes(c, s, key, key_size,
4846 (struct key_attrs *)&attrs,
4847 ARRAY_SIZE(attrs));
4848}
4849
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]4850static bool test_ed25519_key_pair(ADBG_Case_t *c, TEEC_Session *s,
4851 TEE_ObjectHandle key, uint32_t key_size)
4852{
4853 const struct key_attrs attrs[] = {
4854 KEY_ATTR(TEE_ATTR_ED25519_PRIVATE_VALUE, false),
4855 KEY_ATTR(TEE_ATTR_ED25519_PUBLIC_VALUE, false),
4856 };
4857
4858 return test_keygen_attributes(c, s, key, key_size,
4859 (struct key_attrs *)&attrs,
4860 ARRAY_SIZE(attrs));
4861}
4862
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4863static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
4864 uint32_t key_type, uint32_t check_keysize,
4865 uint32_t key_size,
4866 TEE_Attribute *params, size_t param_count)
4867{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4868 TEE_ObjectHandle key = TEE_HANDLE_NULL;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4869 bool ret_val = true;
4870
4871 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4872 ta_crypt_cmd_allocate_transient_object(c, s, key_type, key_size,
4873 &key)))
4874 return false;
4875
4876 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4877 ta_crypt_cmd_generate_key(c, s, key, key_size, params,
4878 param_count)))
4879 return false;
4880
4881 switch (key_type) {
4882 case TEE_TYPE_DES:
4883 case TEE_TYPE_DES3:
4884 ret_val = ADBG_EXPECT_TRUE(c,
4885 test_secret_value(c, s, key,
4886 key_size + key_size / 7));
4887 break;
4888 case TEE_TYPE_AES:
4889 case TEE_TYPE_HMAC_MD5:
4890 case TEE_TYPE_HMAC_SHA1:
4891 case TEE_TYPE_HMAC_SHA224:
4892 case TEE_TYPE_HMAC_SHA256:
4893 case TEE_TYPE_HMAC_SHA384:
4894 case TEE_TYPE_HMAC_SHA512:
4895 case TEE_TYPE_GENERIC_SECRET:
4896 ret_val = ADBG_EXPECT_TRUE(c,
4897 test_secret_value(c, s, key, key_size));
4898 break;
4899
4900 case TEE_TYPE_RSA_KEYPAIR:
4901 ret_val = ADBG_EXPECT_TRUE(c,
4902 test_rsa_key_pair(c, s, key, key_size));
4903 break;
4904
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4905 case TEE_TYPE_ECDSA_KEYPAIR:
4906 case TEE_TYPE_ECDH_KEYPAIR:
4907 ret_val = ADBG_EXPECT_TRUE(c,
4908 test_ecc_key_pair(c, s, key, key_size));
4909 break;
4910
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4911 case TEE_TYPE_DH_KEYPAIR:
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]4912 ret_val = ADBG_EXPECT_TRUE(c,
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]4913 test_dh_key_pair(c, s, key, check_keysize));
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4914 break;
4915
4916 case TEE_TYPE_DSA_KEYPAIR:
4917 ret_val = ADBG_EXPECT_TRUE(c,
4918 test_dsa_key_pair(c, s, key, key_size));
4919 break;
4920
Sohaib ul Hassan00b3f2c2022-04-11 08:45:08 +0300[diff] [blame]4921 case TEE_TYPE_X25519_KEYPAIR:
4922 ret_val = ADBG_EXPECT_TRUE(c,
4923 test_x25519_key_pair(c, s, key, key_size));
4924 break;
4925
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]4926 case TEE_TYPE_ED25519_KEYPAIR:
4927 ret_val = ADBG_EXPECT_TRUE(c,
4928 test_ed25519_key_pair(c, s, key, key_size));
4929 break;
4930
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4931 default:
4932 ret_val = false;
4933 break;
4934 }
4935
4936 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4937 ta_crypt_cmd_free_transient_object(c, s, key)))
4938 return false;
4939
4940 return ret_val;
4941}
4942
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]4943struct key_types_noparam {
4944 unsigned level;
4945 const char *name;
4946 uint32_t key_type;
4947 uint32_t quanta;
4948 uint32_t min_size;
4949 uint32_t max_size;
4950};
4951
4952static void keygen_noparams(ADBG_Case_t *c, TEEC_Session *session,
4953 const struct key_types_noparam *key_types,
4954 size_t num_key_types)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4955{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4956 size_t n = 0;
4957 uint32_t key_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4958
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]4959 for (n = 0; n < num_key_types; n++) {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4960 uint32_t min_size = key_types[n].min_size;
4961 uint32_t max_size = key_types[n].max_size;
4962 uint32_t quanta = key_types[n].quanta;
4963
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]4964 if (key_types[n].level > level)
4965 continue;
4966
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4967 Do_ADBG_BeginSubCase(c, "Generate %s key", key_types[n].name);
4968
4969 for (key_size = min_size; key_size <= max_size;
4970 key_size += quanta) {
4971 if (!ADBG_EXPECT_TRUE(c,
4972 generate_and_test_key(c, session, key_types
4973 [n].key_type, 1, key_size, NULL, 0)))
4974 break;
4975 }
4976
4977 Do_ADBG_EndSubCase(c, "Generate %s key", key_types[n].name);
4978 }
4979}
4980
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]4981static void xtest_tee_test_4007_symmetric(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4982{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]4983 TEEC_Session session = { };
4984 uint32_t ret_orig = 0;
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]4985 static const struct key_types_noparam key_types[] = {
4986 { 0, "AES", TEE_TYPE_AES, 64, 128,
4987 256 /* valid sizes 128, 192, 256 */ },
4988 { 0, "DES", TEE_TYPE_DES, 56, 56, 56 /* valid size 56 */ },
4989 { 0, "DES3", TEE_TYPE_DES3, 56, 112,
4990 168 /* valid sizes 112, 168 */ },
4991 { 0, "HMAC-MD5", TEE_TYPE_HMAC_MD5, 8, 64, 512 },
4992 { 0, "HMAC-SHA1", TEE_TYPE_HMAC_SHA1, 8, 80, 512 },
4993 { 0, "HMAC-SHA224", TEE_TYPE_HMAC_SHA224, 8, 112, 512 },
4994 { 0, "HMAC-SHA256", TEE_TYPE_HMAC_SHA256, 8, 192, 1024 },
4995 { 0, "HMAC-SHA384", TEE_TYPE_HMAC_SHA384, 8, 256, 1024 },
4996 { 0, "HMAC-SHA512", TEE_TYPE_HMAC_SHA512, 8, 256, 1024 },
4997 { 0, "Generic secret", TEE_TYPE_GENERIC_SECRET, 8, 128, 4096 },
4998 };
4999
5000 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5001 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5002 &ret_orig)))
5003 return;
5004
5005 keygen_noparams(c, &session, key_types, ARRAY_SIZE(key_types));
5006
5007 TEEC_CloseSession(&session);
5008}
5009ADBG_CASE_DEFINE(regression, 4007_symmetric, xtest_tee_test_4007_symmetric,
5010 "Test TEE Internal API Generate Symmetric key");
5011
5012static void xtest_tee_test_4007_rsa(ADBG_Case_t *c)
5013{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5014 TEEC_Session session = { };
5015 uint32_t ret_orig = 0;
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5016 static const struct key_types_noparam key_types[] = {
Jorge Ramirez-Ortizb657ea42022-02-17 10:15:25 +0100[diff] [blame]5017#ifndef CFG_CRYPTO_SE05X
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5018 { 0, "RSA-256", TEE_TYPE_RSA_KEYPAIR, 1, 256, 256 },
5019 { 1, "RSA-384", TEE_TYPE_RSA_KEYPAIR, 1, 384, 384 },
Jorge Ramirez-Ortizb657ea42022-02-17 10:15:25 +0100[diff] [blame]5020#endif
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5021 { 1, "RSA-512", TEE_TYPE_RSA_KEYPAIR, 1, 512, 512 },
Jorge Ramirez-Ortizb657ea42022-02-17 10:15:25 +0100[diff] [blame]5022#ifndef CFG_CRYPTO_SE05X
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5023 { 1, "RSA-640", TEE_TYPE_RSA_KEYPAIR, 1, 640, 640 },
5024 { 1, "RSA-768", TEE_TYPE_RSA_KEYPAIR, 1, 768, 768 },
5025 { 1, "RSA-896", TEE_TYPE_RSA_KEYPAIR, 1, 896, 896 },
Jorge Ramirez-Ortizb657ea42022-02-17 10:15:25 +0100[diff] [blame]5026#endif
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5027 { 1, "RSA-1024", TEE_TYPE_RSA_KEYPAIR, 1, 1024, 1024 },
5028 { 1, "RSA-2048", TEE_TYPE_RSA_KEYPAIR, 1, 2048, 2048 },
5029 { 1, "RSA-3072", TEE_TYPE_RSA_KEYPAIR, 1, 3072, 3072 },
5030 { 1, "RSA-4096", TEE_TYPE_RSA_KEYPAIR, 1, 4096, 4096 },
5031 };
5032
5033 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5034 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5035 &ret_orig)))
5036 return;
5037
5038 keygen_noparams(c, &session, key_types, ARRAY_SIZE(key_types));
5039
5040 TEEC_CloseSession(&session);
5041}
5042ADBG_CASE_DEFINE(regression, 4007_rsa, xtest_tee_test_4007_rsa,
5043 "Test TEE Internal API Generate RSA key");
5044
5045static void xtest_tee_test_4007_dh(ADBG_Case_t *c)
5046{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5047 TEEC_Session session = { };
5048 uint32_t ret_orig = 0;
5049 size_t n = 0;
5050 size_t param_count = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5051 /*
5052 * Note that the key size parameter is not used when creating the keys
5053 * but specifying these sizes make it possible to test the expected size
5054 * of the private value. This also means that the keysize must match the
5055 * size of p or what is specified in private_bits or the equvivalent
5056 * size of the subprime parameter.
5057 */
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5058 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5059
5060#define XTEST_DH_GK_DATA(vect) \
5061 ARRAY(vect ## _p), \
5062 ARRAY(vect ## _g), \
5063 &vect ## _private_bits, \
5064 0, 0
5065#define XTEST_DH_GK_DATA_SUBPRIME(vect) \
5066 ARRAY(vect ## _p), \
5067 ARRAY(vect ## _g), \
5068 &vect ## _private_bits, \
5069 ARRAY(vect ## _subprime)
5070 static const struct {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5071 unsigned level;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5072 uint32_t key_size;
5073 const uint8_t *p;
5074 size_t p_len;
5075 const uint8_t *g;
5076 size_t g_len;
5077 const uint32_t *private_bits;
5078 const uint8_t *subprime;
5079 size_t subprime_len;
5080 } key_types[] = {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5081 { 0, 256, XTEST_DH_GK_DATA(keygen_dh256) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5082 { 0, 320, XTEST_DH_GK_DATA(keygen_dh320) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5083 { 1, 384, XTEST_DH_GK_DATA(keygen_dh384) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5084 { 1, 448, XTEST_DH_GK_DATA(keygen_dh448) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5085 { 1, 512, XTEST_DH_GK_DATA(keygen_dh512) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5086 { 1, 576, XTEST_DH_GK_DATA(keygen_dh576) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5087 { 1, 640, XTEST_DH_GK_DATA(keygen_dh640) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5088 { 1, 704, XTEST_DH_GK_DATA(keygen_dh704) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5089 { 1, 768, XTEST_DH_GK_DATA(keygen_dh768) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5090 { 1, 832, XTEST_DH_GK_DATA(keygen_dh832) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5091 { 1, 896, XTEST_DH_GK_DATA(keygen_dh896) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5092 { 1, 960, XTEST_DH_GK_DATA(keygen_dh960) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5093 { 1, 1024, XTEST_DH_GK_DATA(keygen_dh1024) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5094 { 1, 1088, XTEST_DH_GK_DATA(keygen_dh1088) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5095 { 1, 1152, XTEST_DH_GK_DATA(keygen_dh1152) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5096 { 1, 1216, XTEST_DH_GK_DATA(keygen_dh1216) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5097 { 1, 1280, XTEST_DH_GK_DATA(keygen_dh1280) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5098 { 1, 1344, XTEST_DH_GK_DATA(keygen_dh1344) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5099 { 1, 1408, XTEST_DH_GK_DATA(keygen_dh1408) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5100 { 1, 1472, XTEST_DH_GK_DATA(keygen_dh1472) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5101 { 1, 1536, XTEST_DH_GK_DATA(keygen_dh1536) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5102 { 1, 1600, XTEST_DH_GK_DATA(keygen_dh1600) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5103 { 1, 1664, XTEST_DH_GK_DATA(keygen_dh1664) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5104 { 1, 1728, XTEST_DH_GK_DATA(keygen_dh1728) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5105 { 1, 1792, XTEST_DH_GK_DATA(keygen_dh1792) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5106 { 1, 1856, XTEST_DH_GK_DATA(keygen_dh1856) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5107 { 1, 1920, XTEST_DH_GK_DATA(keygen_dh1920) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5108 { 1, 1984, XTEST_DH_GK_DATA(keygen_dh1984) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5109 { 1, 2048, XTEST_DH_GK_DATA(keygen_dh2048) },
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5110 { 1, 2048, XTEST_DH_GK_DATA_SUBPRIME(keygen_dh2048_subprime) }
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5111 };
5112
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5113 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5114 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5115 &ret_orig)))
5116 return;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5117
5118 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5119 if (key_types[n].level > level)
5120 continue;
5121
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5122 Do_ADBG_BeginSubCase(c,
5123 "Generate DH key %d bits - Private bits = %d",
5124 key_types[n].key_size,
5125 *key_types[n].private_bits);
5126 param_count = 0;
5127
5128 xtest_add_attr(&param_count, params,
5129 TEE_ATTR_DH_PRIME,
5130 key_types[n].p, key_types[n].p_len);
5131
5132 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
5133 key_types[n].g, key_types[n].g_len);
5134
5135 if (key_types[n].private_bits != 0) {
5136 params[param_count].attributeID = TEE_ATTR_DH_X_BITS;
5137
5138 params[param_count].content.value.a =
5139 *key_types[n].private_bits;
5140
5141 params[param_count].content.value.b = 0;
5142 param_count++;
5143 }
5144
5145 if (key_types[n].subprime != 0) {
5146 xtest_add_attr(&param_count, params,
5147 TEE_ATTR_DH_SUBPRIME,
5148 key_types[n].subprime,
5149 key_types[n].subprime_len);
5150 }
5151
5152 if (!ADBG_EXPECT_TRUE(c,
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5153 generate_and_test_key(c, &session, TEE_TYPE_DH_KEYPAIR,
Jerome Forissier4032c8c2016-05-31 13:25:08 +0200[diff] [blame]5154 *key_types[n].private_bits,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5155 key_types[n]. key_size, params, param_count)))
5156 break;
5157
5158 Do_ADBG_EndSubCase(c,
5159 "Generate DH key %d bits - Private bits = %d",
5160 key_types[n].key_size,
5161 *key_types[n].private_bits);
5162 }
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5163
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5164 TEEC_CloseSession(&session);
5165}
5166ADBG_CASE_DEFINE(regression, 4007_dh, xtest_tee_test_4007_dh,
5167 "Test TEE Internal API Generate DH key");
5168
5169static void xtest_tee_test_4007_dsa(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5170{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5171 TEEC_Session session = { };
5172 uint32_t ret_orig = 0;
5173 size_t n = 0;
5174 size_t param_count = 0;
5175 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5176
5177#define XTEST_DSA_GK_DATA(vect) \
5178 ARRAY(vect ## _p), \
5179 ARRAY(vect ## _g), \
5180 ARRAY(vect ## _q)
5181 static const struct {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5182 unsigned level;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5183 uint32_t key_size;
5184 const uint8_t *prime;
5185 size_t prime_len;
5186 const uint8_t *base;
5187 size_t base_len;
5188 const uint8_t *sub_prime;
5189 size_t sub_prime_len;
5190 } key_types[] = {
Jerome Forissiereed7e652020-04-15 15:42:38 +0200[diff] [blame]5191 { 0, 1024, XTEST_DSA_GK_DATA(keygen_dsa_test1) },
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5192 { 0, 512, XTEST_DSA_GK_DATA(keygen_dsa512) },
Jerome Forissiereed7e652020-04-15 15:42:38 +0200[diff] [blame]5193 { 0, 576, XTEST_DSA_GK_DATA(keygen_dsa576) },
5194 { 0, 640, XTEST_DSA_GK_DATA(keygen_dsa640) },
5195 { 0, 704, XTEST_DSA_GK_DATA(keygen_dsa704) },
5196 { 0, 768, XTEST_DSA_GK_DATA(keygen_dsa768) },
5197 { 0, 832, XTEST_DSA_GK_DATA(keygen_dsa832) },
5198 { 0, 896, XTEST_DSA_GK_DATA(keygen_dsa896) },
5199 { 0, 960, XTEST_DSA_GK_DATA(keygen_dsa960) },
5200 { 0, 1024, XTEST_DSA_GK_DATA(keygen_dsa1024) },
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5201 };
5202
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5203 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5204 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5205 &ret_orig)))
5206 return;
5207
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5208 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5209 if (key_types[n].level > level)
5210 continue;
5211
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5212 Do_ADBG_BeginSubCase(c, "Generate DSA key %d bits",
5213 key_types[n].key_size);
5214 param_count = 0;
5215
5216
5217 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_PRIME,
5218 key_types[n].prime, key_types[n].prime_len);
5219
5220 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_SUBPRIME,
5221 key_types[n].sub_prime,
5222 key_types[n].sub_prime_len);
5223
5224 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_BASE,
5225 key_types[n].base, key_types[n].base_len);
5226
5227 if (!ADBG_EXPECT_TRUE(c,
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5228 generate_and_test_key(c, &session, TEE_TYPE_DSA_KEYPAIR,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5229 1, key_types[n]. key_size, params,
5230 param_count)))
5231 break;
5232
5233 Do_ADBG_EndSubCase(c, "Generate DSA key %d bits",
5234 key_types[n].key_size);
5235 }
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5236
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5237 TEEC_CloseSession(&session);
5238}
5239ADBG_CASE_DEFINE(regression, 4007_dsa, xtest_tee_test_4007_dsa,
5240 "Test TEE Internal API Generate DSA key");
5241
5242static void xtest_tee_test_4007_ecc(ADBG_Case_t *c)
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5243{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5244 TEEC_Session session = { };
5245 uint32_t ret_orig = 0;
5246 size_t n = 0;
5247 size_t param_count = 0;
5248 TEE_Attribute params[4] = { };
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5249
5250 static const struct {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5251 unsigned level;
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5252 const char *name;
5253 uint32_t algo;
5254 uint32_t curve;
5255 uint32_t key_size;
5256 } key_types[] = {
5257 /* ECDSA */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5258 { 0, "ECDSA-192", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P192,
5259 192 },
5260 { 1, "ECDSA-224", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P224,
5261 224 },
5262 { 1, "ECDSA-256", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P256,
5263 256 },
5264 { 1, "ECDSA-384", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P384,
5265 384 },
5266 { 1, "ECDSA-521", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P521,
5267 521 },
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5268
5269 /* ECDH */
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5270 { 0, "ECDH-192", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P192,
5271 192 },
5272 { 1, "ECDH-224", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P224,
5273 224 },
5274 { 1, "ECDH-256", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P256,
5275 256 },
5276 { 1, "ECDH-384", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P384,
5277 384 },
5278 { 1, "ECDH-521", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P521,
5279 521 },
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5280 };
5281
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5282 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5283 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5284 &ret_orig)))
5285 return;
5286
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5287 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
Jens Wiklander6a9d15a2016-02-01 10:29:42 +0100[diff] [blame]5288 if (key_types[n].level > level)
5289 continue;
5290
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5291 Do_ADBG_BeginSubCase(c, "Generate %s", key_types[n].name);
5292 param_count = 0;
5293
5294 xtest_add_attr_value(&param_count, params, TEE_ATTR_ECC_CURVE,
5295 key_types[n].curve, 0);
5296
5297 if (!ADBG_EXPECT_TRUE(c,
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5298 generate_and_test_key(c, &session, key_types[n].algo,
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5299 0, key_types[n].key_size, params,
5300 param_count)))
5301 break;
5302
5303 Do_ADBG_EndSubCase(c, "Generate %s", key_types[n].name);
5304 }
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame]5305
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5306 TEEC_CloseSession(&session);
5307}
Jens Wiklandera8c8f872018-12-14 11:41:36 +0100[diff] [blame]5308ADBG_CASE_DEFINE(regression, 4007_ecc, xtest_tee_test_4007_ecc,
5309 "Test TEE Internal API Generate ECC key");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5310
Sohaib ul Hassan00b3f2c2022-04-11 08:45:08 +0300[diff] [blame]5311static void xtest_tee_test_4007_x25519(ADBG_Case_t *c)
5312{
5313 TEEC_Session session = { };
5314 uint32_t ret_orig = 0;
5315
5316 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5317 xtest_teec_open_session(&session, &crypt_user_ta_uuid,
5318 NULL, &ret_orig)))
5319 return;
5320
Jerome Forissier366179c2022-06-28 10:12:58 +0200[diff] [blame]5321 if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_X25519,
5322 TEE_ECC_CURVE_25519)) {
5323 Do_ADBG_Log("X25519 not supported: skip subcase");
5324 goto out;
5325 }
5326
Sohaib ul Hassan00b3f2c2022-04-11 08:45:08 +0300[diff] [blame]5327 Do_ADBG_BeginSubCase(c, "Generate X25519 key");
5328
5329 if (!ADBG_EXPECT_TRUE(c,
5330 generate_and_test_key(c, &session,
5331 TEE_TYPE_X25519_KEYPAIR, 0, 256,
5332 NULL, 0)))
5333 return;
5334
5335 Do_ADBG_EndSubCase(c, "Generate X25519 key");
Jerome Forissier366179c2022-06-28 10:12:58 +0200[diff] [blame]5336out:
Sohaib ul Hassan00b3f2c2022-04-11 08:45:08 +0300[diff] [blame]5337 TEEC_CloseSession(&session);
5338}
5339ADBG_CASE_DEFINE(regression, 4007_x25519, xtest_tee_test_4007_x25519,
5340 "Test TEE Internal API Generate X25519 key");
5341
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]5342
5343static void xtest_tee_test_4007_ed25519(ADBG_Case_t *c)
5344{
5345 TEEC_Session session = { };
5346 uint32_t ret_orig = 0;
5347
5348 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5349 xtest_teec_open_session(&session, &crypt_user_ta_uuid,
5350 NULL, &ret_orig)))
5351 return;
5352
5353 if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_ED25519,
5354 TEE_ECC_CURVE_25519)) {
5355 Do_ADBG_Log("ED25519 not supported: skip subcase");
5356 goto out;
5357 }
5358
5359 Do_ADBG_BeginSubCase(c, "Generate Ed25519 key");
5360
5361 ADBG_EXPECT_TRUE(c, generate_and_test_key(c, &session,
5362 TEE_TYPE_ED25519_KEYPAIR,
5363 0, 256, NULL, 0));
5364
5365 Do_ADBG_EndSubCase(c, "Generate Ed25519 key");
5366out:
5367 TEEC_CloseSession(&session);
5368}
5369ADBG_CASE_DEFINE(regression, 4007_ed25519, xtest_tee_test_4007_ed25519,
5370 "Test TEE Internal API Generate ed25519 key");
5371
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5372static void xtest_tee_test_4008(ADBG_Case_t *c)
5373{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5374 TEEC_Session session = { };
5375 uint32_t ret_orig = 0;
5376 TEE_OperationHandle op = TEE_HANDLE_NULL;
5377 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
5378 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
5379 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5380 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5381 uint8_t out[2048] = { };
5382 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5383
5384 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5385 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5386 &ret_orig)))
5387 return;
5388
5389 Do_ADBG_BeginSubCase(c, "Derive DH key success");
5390
5391 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5392 ta_crypt_cmd_allocate_operation(c, &session, &op,
5393 TEE_ALG_DH_DERIVE_SHARED_SECRET, TEE_MODE_DERIVE,
5394 derive_key_max_keysize)))
5395 goto out;
5396
5397 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5398 ta_crypt_cmd_allocate_transient_object(c, & session,
5399 TEE_TYPE_DH_KEYPAIR, derive_key_max_keysize,
5400 &key_handle)))
5401 goto out;
5402
5403 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIME,
5404 ARRAY(derive_key_dh_prime));
5405
5406 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
5407 ARRAY(derive_key_dh_base));
5408
5409 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
5410 ARRAY(derive_key_dh_public_value));
5411
5412 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIVATE_VALUE,
5413 ARRAY(derive_key_dh_private_value));
5414
5415 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5416 ta_crypt_cmd_populate_transient_object(c, &session, key_handle,
5417 params, param_count)))
5418 goto out;
5419
5420 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5421 ta_crypt_cmd_set_operation_key(c, &session, op, key_handle)))
5422 goto out;
5423
5424 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5425 ta_crypt_cmd_free_transient_object(c, & session, key_handle)))
5426 goto out;
5427
5428 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5429 ta_crypt_cmd_allocate_transient_object(c, &session,
5430 TEE_TYPE_GENERIC_SECRET, derive_key_max_keysize,
5431 &sv_handle)))
5432 goto out;
5433
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5434 /* reuse but reset params and param-count */
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]5435 param_count = 0;
5436
5437 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
5438 ARRAY(derive_key_dh_public_value_2));
5439
5440 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5441 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
5442 param_count)))
5443 goto out;
5444
5445 out_size = sizeof(out);
5446 memset(out, 0, sizeof(out));
5447 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5448 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
5449 TEE_ATTR_SECRET_VALUE, out, &out_size)))
5450 goto out;
5451
5452 if (!ADBG_EXPECT_BUFFER(c, derive_key_dh_shared_secret,
5453 sizeof(derive_key_dh_shared_secret), out,
5454 out_size))
5455 goto out;
5456
5457 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5458 ta_crypt_cmd_free_operation(c, &session, op)))
5459 goto out;
5460
5461 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5462 ta_crypt_cmd_free_transient_object(c, &session, sv_handle)))
5463 goto out;
5464out:
5465 Do_ADBG_EndSubCase(c, "Derive DH key success");
5466 TEEC_CloseSession(&session);
5467}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]5468ADBG_CASE_DEFINE(regression, 4008, xtest_tee_test_4008,
5469 "Test TEE Internal API Derive key");
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5470
5471static void xtest_tee_test_4009(ADBG_Case_t *c)
5472{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5473 TEEC_Session session = { };
5474 uint32_t ret_orig = 0;
5475 TEE_OperationHandle op = TEE_HANDLE_NULL;
5476 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
5477 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
5478 TEE_Attribute params[4] = { };
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5479 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5480 uint8_t out[2048] = { };
5481 size_t out_size = 0;
5482 uint32_t size_bytes = 0;
5483 uint32_t i = 0;
Ruchika Gupta454b0b62020-10-30 13:23:19 +0530[diff] [blame]5484 struct derive_key_ecdh_t const *pt = NULL;
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5485
5486 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5487 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5488 &ret_orig)))
5489 return;
5490
5491 for (i = 0; i < ARRAY_SIZE(derive_key_ecdh); i++) {
5492 pt = &derive_key_ecdh[i];
5493
Cedric Chaumontc3b6c282015-09-25 03:05:18 +0200[diff] [blame]5494 if (pt->level > level)
5495 continue;
5496
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5497 Do_ADBG_BeginSubCase(c, "Derive ECDH key - algo = 0x%x",
5498 pt->algo);
5499 size_bytes = (pt->keysize + 7) / 8;
5500 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5501 ta_crypt_cmd_allocate_operation(c, &session, &op,
5502 pt->algo,
5503 TEE_MODE_DERIVE, pt->keysize)))
5504 goto out;
5505
5506 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5507 ta_crypt_cmd_allocate_transient_object(c, & session,
5508 TEE_TYPE_ECDH_KEYPAIR, pt->keysize,
5509 &key_handle)))
5510 goto out;
5511
5512 param_count = 0;
5513 xtest_add_attr_value(&param_count, params,
5514 TEE_ATTR_ECC_CURVE, pt->curve, 0);
5515 xtest_add_attr(&param_count, params,
5516 TEE_ATTR_ECC_PRIVATE_VALUE,
5517 pt->private, size_bytes);
5518 /*
Cedric Auger719047c2019-09-11 12:08:14 +0200[diff] [blame]5519 * The public value is not used, but we should provide a valid
5520 * one to avoid rejection in case TEE_PopulateTransientObject()
5521 * checks for key validity.
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5522 */
5523 xtest_add_attr(&param_count, params,
Cedric Auger719047c2019-09-11 12:08:14 +0200[diff] [blame]5524 TEE_ATTR_ECC_PUBLIC_VALUE_X,
5525 pt->public_x, size_bytes);
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5526 xtest_add_attr(&param_count, params,
Cedric Auger719047c2019-09-11 12:08:14 +0200[diff] [blame]5527 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
5528 pt->public_y, size_bytes);
Pascal Brand2b92b642015-07-16 13:29:42 +0200[diff] [blame]5529
5530 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5531 ta_crypt_cmd_populate_transient_object(c,
5532 &session,
5533 key_handle, params, param_count)))
5534 goto out;
5535
5536 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5537 ta_crypt_cmd_set_operation_key(c, &session, op,
5538 key_handle)))
5539 goto out;
5540
5541 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5542 ta_crypt_cmd_free_transient_object(c, & session,
5543 key_handle)))
5544 goto out;
5545
5546 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5547 ta_crypt_cmd_allocate_transient_object(c, &session,
5548 TEE_TYPE_GENERIC_SECRET, size_bytes * 8,
5549 &sv_handle)))
5550 goto out;
5551
5552 /* reuse but reset params and param-count */
5553 param_count = 0;
5554
5555 xtest_add_attr(&param_count, params,
5556 TEE_ATTR_ECC_PUBLIC_VALUE_X,
5557 pt->public_x, size_bytes);
5558 xtest_add_attr(&param_count, params,
5559 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
5560 pt->public_y, size_bytes);
5561
5562 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5563 ta_crypt_cmd_derive_key(c, &session, op, sv_handle,
5564 params, param_count)))
5565 goto out;
5566
5567 out_size = sizeof(out);
5568 memset(out, 0, sizeof(out));
5569 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5570 ta_crypt_cmd_get_object_buffer_attribute(c, &session,
5571 sv_handle,
5572 TEE_ATTR_SECRET_VALUE, out, &out_size)))
5573 goto out;
5574
5575 if (!ADBG_EXPECT_BUFFER(c, pt->out, size_bytes,
5576 out, out_size))
5577 goto out;
5578
5579 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5580 ta_crypt_cmd_free_operation(c, &session, op)))
5581 goto out;
5582
5583 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5584 ta_crypt_cmd_free_transient_object(c, &session,
5585 sv_handle)))
5586 goto out;
5587
5588 Do_ADBG_EndSubCase(c, "Derive ECDH key - algo = 0x%x",
5589 pt->algo);
5590 }
5591
5592 goto noerror;
5593
5594out:
5595 Do_ADBG_EndSubCase(c, "Derive ECDH key - algo = 0x%x", pt->algo);
5596
5597noerror:
5598 TEEC_CloseSession(&session);
5599}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]5600ADBG_CASE_DEFINE(regression, 4009, xtest_tee_test_4009,
5601 "Test TEE Internal API Derive key ECDH");
Jens Wiklander70a0b2c2016-05-18 08:39:35 +0200[diff] [blame]5602
5603static void xtest_tee_test_4010(ADBG_Case_t *c)
5604{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5605 TEEC_Session session = { };
5606 uint32_t ret_orig = 0;
5607 TEE_ObjectHandle o = TEE_HANDLE_NULL;
Jens Wiklander70a0b2c2016-05-18 08:39:35 +0200[diff] [blame]5608 static const uint8_t large_key[1024] = { 1, 2, 3, 4, 5, 6 };
5609 static const TEE_Attribute attr = {
5610 .attributeID = TEE_ATTR_SECRET_VALUE,
5611 .content.ref.buffer = (void *)large_key,
5612 .content.ref.length = sizeof(large_key),
5613 };
5614
5615 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5616 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5617 &ret_orig)))
5618 return;
5619
5620 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5621 ta_crypt_cmd_allocate_transient_object(c, &session,
5622 TEE_TYPE_HMAC_SHA256, 1024, &o)))
5623 goto out;
5624
5625 ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_TARGET_DEAD,
5626 ta_crypt_cmd_populate_transient_object(c, &session, o,
5627 &attr, 1));
5628
5629out:
5630 TEEC_CloseSession(&session);
5631}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]5632ADBG_CASE_DEFINE(regression, 4010, xtest_tee_test_4010,
5633 "Test TEE Internal API create transient object (negative)");
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5634
5635static void xtest_tee_test_4011(ADBG_Case_t *c)
5636{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5637 TEEC_Session s = { };
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5638 size_t key_size = 512;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5639 TEE_ObjectHandle key = TEE_HANDLE_NULL;
5640 TEE_OperationHandle ops = TEE_HANDLE_NULL;
5641 TEE_OperationHandle opv = TEE_HANDLE_NULL;
5642 TEE_OperationHandle ope = TEE_HANDLE_NULL;
5643 TEE_OperationHandle opd = TEE_HANDLE_NULL;
5644 uint32_t ret_orig = 0;
5645 uint8_t in[TEE_SHA1_HASH_SIZE] = { };
5646 uint8_t out[1024] = { };
5647 uint8_t tmp[1024] = { };
5648 size_t out_size = 0;
5649 size_t tmp_size = 0;
5650 size_t n = 0;
5651 size_t m = 0;
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5652 size_t i = 0;
5653
5654 /* Setup session, initialize message to sign, create a keypair */
5655 if (!ADBG_EXPECT_TEEC_SUCCESS(c, xtest_teec_open_session(&s,
5656 &crypt_user_ta_uuid, NULL, &ret_orig)))
5657 return;
5658 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_random_number_generate(c,
5659 &s, in, sizeof(in))))
5660 goto out;
5661 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_allocate_transient_object(
5662 c, &s, TEE_TYPE_RSA_KEYPAIR, key_size, &key)))
5663 goto out;
5664 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_generate_key(c, &s,
5665 key, key_size, NULL, 0)))
5666 goto out;
5667
5668 /* Allocate operations for sign, verify, encrypt and decrypt */
5669 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_allocate_operation(c, &s,
5670 &ops, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
5671 key_size)))
5672 goto out;
5673 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_allocate_operation(c, &s,
5674 &opv, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
5675 key_size)))
5676 goto out;
5677 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_allocate_operation(c, &s,
5678 &ope, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT, key_size)))
5679 goto out;
5680 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_allocate_operation(c, &s,
5681 &opd, TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT, key_size)))
5682 goto out;
5683
5684 /* Assign the keypair to all operations */
5685 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5686 ta_crypt_cmd_set_operation_key(c, &s, ops, key)))
5687 goto out;
5688 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5689 ta_crypt_cmd_set_operation_key(c, &s, opv, key)))
5690 goto out;
5691 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5692 ta_crypt_cmd_set_operation_key(c, &s, ope, key)))
5693 goto out;
5694 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5695 ta_crypt_cmd_set_operation_key(c, &s, opd, key)))
5696 goto out;
5697
5698 /*
5699 * The core of the test case is inspired by the one in libtomcrypt:
5700 * https://github.com/libtom/libtomcrypt/blob/6ad52252688bb34f90b5e79da4830a927e87b81f/testprof/rsa_test.c#L398
5701 *
5702 * Testcase for Bleichenbacher attack
5703 *
5704 * (1) Create a valid signature
5705 * (2) Check that it can be verified
5706 * (3) Transform the package to fetch plain text (using the encrypt
5707 * operation in GP TEE Internal API)
5708 * (4) Forge the structure of PKCS#1-EMSA encoded data
5709 * (4.1) Search for start and end of the padding string
5710 * (4.2) Move the signature to the front of the padding string
5711 * (4.3) Zero the message until the end
5712 * (5) Transform the package back (using the decrypt operation in
5713 * GP TEE Internal API)
5714 * (6) The result should not be valid if the implementation is robust.
5715 */
5716
5717
5718 for (i = 0; i < 9; i++) {
5719 Do_ADBG_Log("Iteration %zu", i);
5720
5721 /* 1 */
5722 out_size = sizeof(out);
5723 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5724 ta_crypt_cmd_asymmetric_sign(c, &s, ops, NULL, 0,
5725 in, sizeof(in), out, &out_size)))
5726 goto out;
5727
5728 /* 2 */
5729 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5730 ta_crypt_cmd_asymmetric_verify(c, &s, opv, NULL, 0,
5731 in, sizeof(in), out, out_size)))
5732 goto out;
5733
5734 /* 3 */
5735 tmp_size = sizeof(tmp);
5736 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5737 ta_crypt_cmd_asymmetric_encrypt(c, &s, ope, NULL, 0,
5738 out, out_size, tmp, &tmp_size)))
5739 goto out;
5740
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5741 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp)))
5742 goto out;
5743
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5744 /* 4.1 */
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5745 for (n = 0; n < tmp_size - i; n++)
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5746 if (tmp[n] == 0xff)
5747 break;
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5748
5749 /* Shall find at least a padding start before buffer end */
5750 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1))
5751 goto out;
5752
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5753 for (m = n + 1; m < tmp_size; m++)
5754 if (tmp[m] != 0xff)
5755 break;
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5756
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5757 /* 4.2 */
5758 memmove(tmp + n + i, tmp + m, tmp_size - m);
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5759
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5760 /* 4.3 */
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5761 n = n + i + tmp_size - m;
Etienne Carriereacb81c42020-04-24 14:58:58 +0200[diff] [blame]5762
5763 /* Prevent overrun when zeroing buffer end */
5764 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <=, tmp_size))
5765 goto out;
5766
Etienne Carriere0953bf02018-12-21 15:36:25 +0100[diff] [blame]5767 memset(tmp + n, 0, tmp_size - n);
Jens Wiklanderb58916e2016-07-07 15:29:32 +0200[diff] [blame]5768
5769 /* 5 */
5770 out_size = sizeof(out);
5771 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5772 ta_crypt_cmd_asymmetric_decrypt(c, &s, opd, NULL, 0,
5773 tmp, tmp_size, out, &out_size)))
5774 goto out;
5775
5776 /* 6 */
5777 if (!ADBG_EXPECT_TEEC_RESULT(c, TEE_ERROR_SIGNATURE_INVALID,
5778 ta_crypt_cmd_asymmetric_verify(c, &s, opv, NULL, 0,
5779 in, sizeof(in), out, out_size)))
5780 goto out;
5781 }
5782
5783out:
5784 TEEC_CloseSession(&s);
5785}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]5786ADBG_CASE_DEFINE(regression, 4011, xtest_tee_test_4011,
5787 "Test TEE Internal API Bleichenbacher attack (negative)");
Igor Opaniuk7ddaa782018-05-25 15:14:05 +0300[diff] [blame]5788
Igor Opaniuk7ddaa782018-05-25 15:14:05 +0300[diff] [blame]5789static void xtest_tee_test_4012(ADBG_Case_t *c)
5790{
Jens Wiklanderc44350d2022-12-02 20:56:49 +0100[diff] [blame]5791 TEEC_Result res = TEEC_SUCCESS;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5792 TEEC_Session session = { };
5793 uint32_t ret_orig = 0;
Igor Opaniuk7ddaa782018-05-25 15:14:05 +0300[diff] [blame]5794 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
5795 /* Fortuna PRNG requires seed <= 32 bytes */
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame]5796 uint8_t pool_input[32] = { };
5797 time_t t = 0;
5798 struct tm tm_local = { };
Igor Opaniuk7ddaa782018-05-25 15:14:05 +0300[diff] [blame]5799
5800 t = time(NULL);
5801 tm_local = *localtime(&t);
5802
5803 memcpy((void *)pool_input, (void *)&tm_local,
5804 sizeof(pool_input) < sizeof(tm_local) ?
5805 sizeof(pool_input) : sizeof(tm_local));
5806
5807
5808 op.params[0].tmpref.buffer = pool_input;
5809 op.params[0].tmpref.size = sizeof(pool_input);
5810 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
5811 TEEC_NONE,
5812 TEEC_NONE,
5813 TEEC_NONE);
5814 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5815 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5816 &ret_orig)))
5817 return;
5818
Jens Wiklanderc44350d2022-12-02 20:56:49 +0100[diff] [blame]5819 res = TEEC_InvokeCommand(&session, TA_CRYPT_CMD_SEED_RNG_POOL,
5820 &op, &ret_orig);
5821 if (res == TEEC_ERROR_ITEM_NOT_FOUND &&
5822 ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, ret_orig,
5823 TEEC_ORIGIN_TRUSTED_APP))
5824 Do_ADBG_Log("System PTA not available, skipping test 4012");
5825 else
5826 ADBG_EXPECT_TEEC_SUCCESS(c, res);
5827
Igor Opaniuk7ddaa782018-05-25 15:14:05 +0300[diff] [blame]5828 TEEC_CloseSession(&session);
5829}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]5830ADBG_CASE_DEFINE(regression, 4012, xtest_tee_test_4012,
5831 "Test seeding RNG entropy");
Joakim Bech83a30ca2019-05-29 11:22:27 +0200[diff] [blame]5832
5833static void xtest_tee_test_4013(ADBG_Case_t *c)
5834{
Jens Wiklanderc44350d2022-12-02 20:56:49 +0100[diff] [blame]5835 TEEC_Result res = TEEC_SUCCESS;
Joakim Bech83a30ca2019-05-29 11:22:27 +0200[diff] [blame]5836 TEEC_Session session = { };
5837 uint32_t ret_orig = 0;
5838 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
5839 uint8_t key[32] = { };
5840 uint8_t extra_data[32] = { };
5841
5842 op.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE,
5843 TEEC_NONE,
5844 TEEC_NONE,
5845 TEEC_NONE);
5846 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5847 xtest_teec_open_session(&session, &crypt_user_ta_uuid,
5848 NULL, &ret_orig)))
5849 return;
5850
Jens Wiklanderc44350d2022-12-02 20:56:49 +0100[diff] [blame]5851 res = TEEC_InvokeCommand(&session, TA_CRYPT_CMD_DERIVE_TA_UNIQUE_KEY,
5852 &op, &ret_orig);
5853 if (res == TEEC_ERROR_ITEM_NOT_FOUND &&
5854 ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, ret_orig,
5855 TEEC_ORIGIN_TRUSTED_APP)) {
5856 Do_ADBG_Log("System PTA not available, skipping test 4013");
5857 goto out;
5858 }
5859 ADBG_EXPECT_TEEC_SUCCESS(c, res);
Joakim Bech83a30ca2019-05-29 11:22:27 +0200[diff] [blame]5860
5861 /* Negative test using non-secure memory */
5862 memset(&op, 0, sizeof(op));
5863 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
5864 TEEC_MEMREF_TEMP_OUTPUT,
5865 TEEC_NONE,
5866 TEEC_NONE);
5867
5868 op.params[0].tmpref.buffer = extra_data;
5869 op.params[0].tmpref.size = sizeof(extra_data);
5870 op.params[1].tmpref.buffer = key;
5871 op.params[1].tmpref.size = sizeof(key);
5872 (void)ADBG_EXPECT_TEEC_RESULT(c,
5873 TEEC_ERROR_SECURITY,
5874 TEEC_InvokeCommand(&session,
5875 TA_CRYPT_CMD_DERIVE_TA_UNIQUE_KEY_SHM,
5876 &op,
5877 &ret_orig));
5878
Jens Wiklanderc44350d2022-12-02 20:56:49 +0100[diff] [blame]5879out:
Joakim Bech83a30ca2019-05-29 11:22:27 +0200[diff] [blame]5880 TEEC_CloseSession(&session);
5881}
5882ADBG_CASE_DEFINE(regression, 4013, xtest_tee_test_4013,
5883 "Test generation of device unique TA keys");
Jerome Forissierf0cf5182020-01-09 17:04:18 +0100[diff] [blame]5884
5885static void xtest_tee_test_4014(ADBG_Case_t *c)
5886{
5887 TEEC_Session session = { };
5888 uint32_t ret_orig = 0;
5889 TEE_OperationHandle op = TEE_HANDLE_NULL;
5890 TEE_ObjectHandle keyA = TEE_HANDLE_NULL;
5891 TEE_ObjectHandle eph_keyA = TEE_HANDLE_NULL;
5892 TEE_ObjectHandle keyB = TEE_HANDLE_NULL;
5893 TEE_ObjectHandle eph_keyB = TEE_HANDLE_NULL;
5894 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
5895 TEE_Attribute params[9] = { };
5896 size_t param_count = 0;
5897 uint8_t out[128] = { };
5898 size_t out_size = 0;
5899 uint8_t conf_A[32] = { };
5900 uint8_t conf_B[32] = { };
5901
5902 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5903 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
5904 &ret_orig)))
5905 return;
5906
5907 if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_SM2_KEP,
5908 TEE_ECC_CURVE_SM2)) {
5909 Do_ADBG_Log("SM2 KEP not supported: skip subcase");
5910 goto out;
5911 }
5912
5913 Do_ADBG_BeginSubCase(c, "Initiator side");
5914
5915 /*
5916 * Key exchange protocol running on user A's side. A is initiator.
5917 */
5918
5919 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5920 ta_crypt_cmd_allocate_operation(c, &session, &op,
5921 TEE_ALG_SM2_KEP, TEE_MODE_DERIVE, 512)))
5922 goto out;
5923
5924 /* Allocate and initialize keypair of user A */
5925
5926 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5927 ta_crypt_cmd_allocate_transient_object(c, &session,
5928 TEE_TYPE_SM2_KEP_KEYPAIR, 256, &keyA)))
5929 goto out;
5930
5931 param_count = 0;
5932
Jerome Forissierf0cf5182020-01-09 17:04:18 +0100[diff] [blame]5933 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_X,
5934 ARRAY(gmt_003_part5_b2_public_xA));
5935
5936 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_Y,
5937 ARRAY(gmt_003_part5_b2_public_yA));
5938
5939 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PRIVATE_VALUE,
5940 ARRAY(gmt_003_part5_b2_private_A));
5941
5942 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5943 ta_crypt_cmd_populate_transient_object(c, &session, keyA,
5944 params, param_count)))
5945 goto out;
5946
5947 /*
5948 * Allocate and set ephemeral key of user A. Note: it is a regular ECC
5949 * key -- we don't use the *_EPHEMERAL_* attributes flags which are
5950 * reserved for use in TEE_DeriveKey() to pass the ephermeral key of
5951 * user B.
5952 */
5953
5954 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5955 ta_crypt_cmd_allocate_transient_object(c, &session,
5956 TEE_TYPE_SM2_KEP_KEYPAIR, 256, &eph_keyA)))
5957 goto out;
5958
5959 param_count = 0;
5960
Jerome Forissierf0cf5182020-01-09 17:04:18 +0100[diff] [blame]5961 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_X,
5962 ARRAY(gmt_003_part5_b2_eph_public_xA));
5963
5964 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_Y,
5965 ARRAY(gmt_003_part5_b2_eph_public_yA));
5966
5967 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PRIVATE_VALUE,
5968 ARRAY(gmt_003_part5_b2_eph_private_A));
5969
5970 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5971 ta_crypt_cmd_populate_transient_object(c, &session, eph_keyA,
5972 params, param_count)))
5973 goto out;
5974
5975 /* Associate user A keys with operation */
5976
5977 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5978 ta_crypt_cmd_set_operation_key2(c, &session, op, keyA,
5979 eph_keyA)))
5980 goto out;
5981
5982 /* Keys have been set, free key objects */
5983
5984 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5985 ta_crypt_cmd_free_transient_object(c, &session, keyA)))
5986 goto out;
5987
5988 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5989 ta_crypt_cmd_free_transient_object(c, &session, eph_keyA)))
5990 goto out;
5991
5992 /* Allocate output object */
5993
5994 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
5995 ta_crypt_cmd_allocate_transient_object(c, &session,
5996 TEE_TYPE_GENERIC_SECRET,
5997 sizeof(gmt_003_part5_b2_shared_secret),
5998 &sv_handle)))
5999 goto out;
6000
6001 /* Set key derivation parameters: user A role, user B information */
6002
6003 params[0].attributeID = TEE_ATTR_SM2_KEP_USER;
6004 params[0].content.value.a = 0; /* Initiator role */
6005 params[0].content.value.b = 0; /* Not used */
6006 param_count = 1;
6007
6008 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_X,
6009 ARRAY(gmt_003_part5_b2_public_xB));
6010
6011 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_Y,
6012 ARRAY(gmt_003_part5_b2_public_yB));
6013
6014 xtest_add_attr(&param_count, params,
6015 TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X,
6016 ARRAY(gmt_003_part5_b2_eph_public_xB));
6017
6018 xtest_add_attr(&param_count, params,
6019 TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y,
6020 ARRAY(gmt_003_part5_b2_eph_public_yB));
6021
6022 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_ID_INITIATOR,
6023 ARRAY(gmt_003_part5_b2_id_A));
6024
6025 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_ID_RESPONDER,
6026 ARRAY(gmt_003_part5_b2_id_B));
6027
6028 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_KEP_CONFIRMATION_IN,
6029 ARRAY(gmt_003_part5_b2_conf_B));
6030
6031 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_KEP_CONFIRMATION_OUT,
6032 ARRAY(conf_A));
6033
6034 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6035 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
6036 param_count)))
6037 goto out;
6038
6039 out_size = sizeof(out);
6040 memset(out, 0, sizeof(out));
6041 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6042 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
6043 TEE_ATTR_SECRET_VALUE, out, &out_size)))
6044 goto out;
6045
6046 /* Check derived key */
6047 if (!ADBG_EXPECT_BUFFER(c, gmt_003_part5_b2_shared_secret,
6048 sizeof(gmt_003_part5_b2_shared_secret), out,
6049 out_size))
6050 goto out;
6051
6052 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6053 ta_crypt_cmd_free_operation(c, &session, op)))
6054 goto out;
6055
6056 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6057 ta_crypt_cmd_free_transient_object(c, &session, sv_handle)))
6058 goto out;
6059
6060 Do_ADBG_EndSubCase(c, "Initiator side");
6061
6062 Do_ADBG_BeginSubCase(c, "Responder side");
6063
6064 /*
6065 * Key derivation on user B's side
6066 */
6067
6068 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6069 ta_crypt_cmd_allocate_operation(c, &session, &op,
6070 TEE_ALG_SM2_KEP, TEE_MODE_DERIVE, 512)))
6071 goto out;
6072
6073 /* Allocate and initialize keypair of user B */
6074
6075 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6076 ta_crypt_cmd_allocate_transient_object(c, &session,
6077 TEE_TYPE_SM2_KEP_KEYPAIR, 256, &keyB)))
6078 goto out;
6079
6080 param_count = 0;
6081
Jerome Forissierf0cf5182020-01-09 17:04:18 +0100[diff] [blame]6082 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_X,
6083 ARRAY(gmt_003_part5_b2_public_xB));
6084
6085 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_Y,
6086 ARRAY(gmt_003_part5_b2_public_yB));
6087
6088 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PRIVATE_VALUE,
6089 ARRAY(gmt_003_part5_b2_private_B));
6090
6091 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6092 ta_crypt_cmd_populate_transient_object(c, &session, keyB,
6093 params, param_count)))
6094 goto out;
6095
6096 /* Allocate and set ephemeral key of user B */
6097
6098 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6099 ta_crypt_cmd_allocate_transient_object(c, &session,
6100 TEE_TYPE_SM2_KEP_KEYPAIR, 256, &eph_keyB)))
6101 goto out;
6102
6103 param_count = 0;
6104
Jerome Forissierf0cf5182020-01-09 17:04:18 +0100[diff] [blame]6105 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_X,
6106 ARRAY(gmt_003_part5_b2_eph_public_xB));
6107
6108 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_Y,
6109 ARRAY(gmt_003_part5_b2_eph_public_yB));
6110
6111 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PRIVATE_VALUE,
6112 ARRAY(gmt_003_part5_b2_eph_private_B));
6113
6114 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6115 ta_crypt_cmd_populate_transient_object(c, &session, eph_keyB,
6116 params, param_count)))
6117 goto out;
6118
6119 /* Associate user B keys with operation */
6120
6121 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6122 ta_crypt_cmd_set_operation_key2(c, &session, op, keyB,
6123 eph_keyB)))
6124 goto out;
6125
6126 /* Keys have been set, free key objects */
6127
6128 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6129 ta_crypt_cmd_free_transient_object(c, &session, keyB)))
6130 goto out;
6131
6132 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6133 ta_crypt_cmd_free_transient_object(c, &session, eph_keyB)))
6134 goto out;
6135
6136 /* Allocate output object */
6137
6138 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6139 ta_crypt_cmd_allocate_transient_object(c, &session,
6140 TEE_TYPE_GENERIC_SECRET,
6141 sizeof(gmt_003_part5_b2_shared_secret),
6142 &sv_handle)))
6143 goto out;
6144
6145 /* Set key derivation parameters: user B role, user A information */
6146
6147 params[0].attributeID = TEE_ATTR_SM2_KEP_USER;
6148 params[0].content.value.a = 1; /* Responder role */
6149 params[0].content.value.b = 0; /* Not used */
6150 param_count = 1;
6151
6152 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_X,
6153 ARRAY(gmt_003_part5_b2_public_xA));
6154
6155 xtest_add_attr(&param_count, params, TEE_ATTR_ECC_PUBLIC_VALUE_Y,
6156 ARRAY(gmt_003_part5_b2_public_yA));
6157
6158 xtest_add_attr(&param_count, params,
6159 TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X,
6160 ARRAY(gmt_003_part5_b2_eph_public_xA));
6161
6162 xtest_add_attr(&param_count, params,
6163 TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y,
6164 ARRAY(gmt_003_part5_b2_eph_public_yA));
6165
6166 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_ID_INITIATOR,
6167 ARRAY(gmt_003_part5_b2_id_A));
6168
6169 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_ID_RESPONDER,
6170 ARRAY(gmt_003_part5_b2_id_B));
6171
6172 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_KEP_CONFIRMATION_IN,
6173 ARRAY(gmt_003_part5_b2_conf_A));
6174
6175 xtest_add_attr(&param_count, params, TEE_ATTR_SM2_KEP_CONFIRMATION_OUT,
6176 ARRAY(conf_B));
6177
6178 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6179 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
6180 param_count)))
6181 goto out;
6182
6183 out_size = sizeof(out);
6184 memset(out, 0, sizeof(out));
6185 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6186 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
6187 TEE_ATTR_SECRET_VALUE, out, &out_size)))
6188 goto out;
6189
6190 /* Check derived key */
6191 if (!ADBG_EXPECT_BUFFER(c, gmt_003_part5_b2_shared_secret,
6192 sizeof(gmt_003_part5_b2_shared_secret), out,
6193 out_size))
6194 goto out;
6195
6196 Do_ADBG_EndSubCase(c, "Responder side");
6197
6198out:
6199 TEEC_CloseSession(&session);
6200}
6201ADBG_CASE_DEFINE(regression, 4014, xtest_tee_test_4014,
6202 "Test SM2 KEP (key derivation)");
Sohaib ul Hassan00b3f2c2022-04-11 08:45:08 +0300[diff] [blame]6203
6204static void xtest_tee_test_4015(ADBG_Case_t *c)
6205{
6206 TEEC_Session session = { };
6207 uint32_t ret_orig = 0;
6208 TEE_OperationHandle op = TEE_HANDLE_NULL;
6209 TEE_ObjectHandle key_alice = TEE_HANDLE_NULL;
6210 TEE_ObjectHandle key_bob = TEE_HANDLE_NULL;
6211 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
6212 TEE_Attribute params[2] = { };
6213 size_t param_count = 0;
6214 uint8_t out[32] = { };
6215 size_t out_size = 0;
6216 char case_str[40] = "Alice side computes shared secret";
6217
6218 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6219 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
6220 &ret_orig)))
6221 return;
6222
6223 Do_ADBG_BeginSubCase(c, "%s", case_str);
6224
6225 if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_X25519,
6226 TEE_ECC_CURVE_25519)) {
6227 Do_ADBG_Log("X25519 not supported: skip subcase");
6228 goto out;
6229 }
6230
6231 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6232 ta_crypt_cmd_allocate_operation(c, &session, &op,
6233 TEE_ALG_X25519, TEE_MODE_DERIVE, 256)))
6234 goto out;
6235
6236 /* Allocate and initialize keypair of Alice */
6237 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6238 ta_crypt_cmd_allocate_transient_object(c, &session,
6239 TEE_TYPE_X25519_KEYPAIR, 256, &key_alice)))
6240 goto out;
6241
6242 param_count = 0;
6243
6244 xtest_add_attr(&param_count, params, TEE_ATTR_X25519_PUBLIC_VALUE,
6245 ARRAY(x25519_alice_public));
6246
6247 xtest_add_attr(&param_count, params, TEE_ATTR_X25519_PRIVATE_VALUE,
6248 ARRAY(x25519_alice_private));
6249
6250 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6251 ta_crypt_cmd_populate_transient_object(c, &session,
6252 key_alice, params, param_count)))
6253 goto out;
6254
6255 /* Associate Alices's keys with operation */
6256 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6257 ta_crypt_cmd_set_operation_key(c, &session, op,
6258 key_alice)))
6259 goto out;
6260
6261 /* Keys have been set, free key objects */
6262 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6263 ta_crypt_cmd_free_transient_object(c, &session,
6264 key_alice)))
6265 goto out;
6266
6267 /* Allocate shared secret output object */
6268 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6269 ta_crypt_cmd_allocate_transient_object(c, &session,
6270 TEE_TYPE_GENERIC_SECRET,
6271 sizeof(x25519_shared_secret), &sv_handle)))
6272 goto out;
6273
6274 /* Reset params */
6275 param_count = 0;
6276
6277 /* Set Bob's public key for Alice side */
6278 xtest_add_attr(&param_count, params, TEE_ATTR_X25519_PUBLIC_VALUE,
6279 ARRAY(x25519_bob_public));
6280
6281 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6282 ta_crypt_cmd_derive_key(c, &session, op, sv_handle,
6283 params, param_count)))
6284 goto out;
6285
6286 out_size = sizeof(out);
6287 memset(out, 0, sizeof(out));
6288 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6289 ta_crypt_cmd_get_object_buffer_attribute(c, &session,
6290 sv_handle, TEE_ATTR_SECRET_VALUE, out,
6291 &out_size)))
6292 goto out;
6293
6294 /* Check derived key */
6295 if (!ADBG_EXPECT_BUFFER(c, x25519_shared_secret,
6296 sizeof(x25519_shared_secret), out,
6297 out_size))
6298 goto out;
6299
6300 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6301 ta_crypt_cmd_free_operation(c, &session, op)))
6302 goto out;
6303
6304 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6305 ta_crypt_cmd_free_transient_object(c, &session,
6306 sv_handle)))
6307 goto out;
6308
6309 Do_ADBG_EndSubCase(c, "%s", case_str);
6310
6311 strncpy(case_str, "Bob side computes shared secret",
6312 sizeof(case_str) - 1);
6313
6314 Do_ADBG_BeginSubCase(c, "%s", case_str);
6315
6316 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6317 ta_crypt_cmd_allocate_operation(c, &session, &op,
6318 TEE_ALG_X25519, TEE_MODE_DERIVE, 256)))
6319 goto out;
6320
6321 /* Allocate and initialize keypair of Bob */
6322 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6323 ta_crypt_cmd_allocate_transient_object(c, &session,
6324 TEE_TYPE_X25519_KEYPAIR, 256, &key_bob)))
6325 goto out;
6326
6327 /* Reset params */
6328 param_count = 0;
6329
6330 xtest_add_attr(&param_count, params, TEE_ATTR_X25519_PUBLIC_VALUE,
6331 ARRAY(x25519_bob_public));
6332
6333 xtest_add_attr(&param_count, params, TEE_ATTR_X25519_PRIVATE_VALUE,
6334 ARRAY(x25519_bob_private));
6335
6336 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6337 ta_crypt_cmd_populate_transient_object(c, &session,
6338 key_bob, params, param_count)))
6339 goto out;
6340
6341 /* Associate Bob's keys with operation */
6342 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6343 ta_crypt_cmd_set_operation_key(c, &session, op,
6344 key_bob)))
6345 goto out;
6346
6347 /* Keys have been set, free key objects */
6348 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6349 ta_crypt_cmd_free_transient_object(c, &session,
6350 key_bob)))
6351 goto out;
6352
6353 /* Allocate shared secret output object */
6354 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6355 ta_crypt_cmd_allocate_transient_object(c, &session,
6356 TEE_TYPE_GENERIC_SECRET,
6357 sizeof(x25519_shared_secret), &sv_handle)))
6358 goto out;
6359
6360 /* Reset params */
6361 param_count = 0;
6362
6363 /* Set Alice's public key for Bob side */
6364 xtest_add_attr(&param_count, params, TEE_ATTR_X25519_PUBLIC_VALUE,
6365 ARRAY(x25519_alice_public));
6366
6367 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6368 ta_crypt_cmd_derive_key(c, &session, op, sv_handle,
6369 params, param_count)))
6370 goto out;
6371
6372 out_size = sizeof(out);
6373 memset(out, 0, sizeof(out));
6374 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6375 ta_crypt_cmd_get_object_buffer_attribute(c, &session,
6376 sv_handle, TEE_ATTR_SECRET_VALUE, out,
6377 &out_size)))
6378 goto out;
6379
6380 /* Check derived key */
6381 if (!ADBG_EXPECT_BUFFER(c, x25519_shared_secret,
6382 sizeof(x25519_shared_secret), out,
6383 out_size))
6384 goto out;
6385
6386 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6387 ta_crypt_cmd_free_operation(c, &session, op)))
6388 goto out;
6389
6390 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6391 ta_crypt_cmd_free_transient_object(c, &session,
6392 sv_handle)))
6393 goto out;
6394
6395out:
6396 Do_ADBG_EndSubCase(c, "%s", case_str);
6397 TEEC_CloseSession(&session);
6398}
6399ADBG_CASE_DEFINE(regression, 4015, xtest_tee_test_4015,
6400 "Test TEE Internal API Derive key X25519");
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]6401
6402static void xtest_tee_test_4016_ed25519(ADBG_Case_t *c)
6403{
6404 TEEC_Session session = { };
6405 TEE_OperationHandle op = TEE_HANDLE_NULL;
6406 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
6407 TEE_Attribute key_attrs[2] = { };
6408 size_t num_key_attrs = 0;
6409 TEE_Attribute attrs[2] = { };
6410 size_t num_attrs = 0;
6411 uint8_t out[64] = { };
6412 size_t out_size = sizeof(out);
6413 size_t n = 0;
6414 uint32_t ret_orig = 0;
6415 size_t max_key_size = 0;
6416
6417 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6418 xtest_teec_open_session(&session, &crypt_user_ta_uuid,
6419 NULL, &ret_orig)))
6420 return;
6421
6422 if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_ED25519,
6423 TEE_ECC_CURVE_25519)) {
6424 Do_ADBG_Log("ED25519 not supported: skip subcase");
6425 goto out;
6426 }
6427
6428 for (n = 0; n < ARRAY_SIZE(xtest_ac_eddsa_cases); n++) {
6429 const struct xtest_ac_case *tv = xtest_ac_eddsa_cases + n;
6430
6431 if (tv->algo != TEE_ALG_ED25519)
6432 continue;
6433
6434 num_attrs = 0;
6435 num_key_attrs = 0;
6436 max_key_size = tv->params.eddsa.private_len * 8;
6437
6438 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6439 ta_crypt_cmd_allocate_operation(c, &session, &op,
6440 TEE_ALG_ED25519, tv->mode, max_key_size)))
6441 goto out;
6442
6443 xtest_add_attr(&num_key_attrs, key_attrs,
6444 TEE_ATTR_ED25519_PUBLIC_VALUE,
6445 tv->params.eddsa.public,
6446 tv->params.eddsa.public_len);
6447
6448 if (tv->params.eddsa.flag == 1)
Jens Wiklander7596bd32022-12-02 15:43:37 +0100[diff] [blame]6449 xtest_add_attr_value(&num_attrs, attrs,
6450 TEE_ATTR_EDDSA_PREHASH, 1, 0);
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]6451
6452 if (tv->params.eddsa.context_len > 0)
6453 xtest_add_attr(&num_attrs, attrs, TEE_ATTR_EDDSA_CTX,
6454 tv->params.eddsa.context,
6455 tv->params.eddsa.context_len);
6456
6457 switch (tv->mode) {
6458 case TEE_MODE_SIGN:
6459 xtest_add_attr(&num_key_attrs, key_attrs,
6460 TEE_ATTR_ED25519_PRIVATE_VALUE,
6461 tv->params.eddsa.private,
6462 tv->params.eddsa.private_len);
6463
6464 if (!ADBG_EXPECT_TRUE(c,
6465 create_key(c, &session, max_key_size,
6466 TEE_TYPE_ED25519_KEYPAIR,
6467 key_attrs, num_key_attrs,
6468 &key_handle)))
6469 goto out;
6470
6471 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6472 ta_crypt_cmd_set_operation_key(c,
6473 &session, op, key_handle)))
6474 goto out;
6475
6476 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6477 ta_crypt_cmd_asymmetric_sign(c,
6478 &session, op,
6479 attrs, num_attrs, tv->ptx,
6480 tv->ptx_len, out, &out_size)))
6481 goto out;
6482
6483 ADBG_EXPECT_BUFFER(c, tv->ctx, tv->ctx_len, out, out_size);
6484
6485 break;
6486
6487 case TEE_MODE_VERIFY:
6488 if (!ADBG_EXPECT_TRUE(c,
6489 create_key(c, &session, max_key_size,
6490 TEE_TYPE_ED25519_PUBLIC_KEY,
6491 key_attrs, num_key_attrs,
6492 &key_handle)))
6493 goto out;
6494
6495 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6496 ta_crypt_cmd_set_operation_key(c,
6497 &session, op, key_handle)))
6498 goto out;
6499
6500 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6501 ta_crypt_cmd_asymmetric_verify(c, &session, op,
6502 attrs, num_attrs,
6503 tv->ptx,
6504 tv->ptx_len,
6505 tv->ctx,
6506 tv->ctx_len)))
6507 goto out;
6508 break;
6509
6510 default:
6511 break;
6512 }
6513
6514 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
6515 ta_crypt_cmd_free_operation(c, &session, op)))
6516 goto out;
6517 }
6518out:
6519 TEEC_CloseSession(&session);
6520}
Jens Wiklander7b70ff82022-12-02 20:59:32 +0100[diff] [blame]6521ADBG_CASE_DEFINE(regression, 4016, xtest_tee_test_4016_ed25519,
Valerii Chubarab9863c2022-08-12 07:42:29 +0000[diff] [blame]6522 "Test TEE Internal API ED25519 sign/verify");
Jens Wiklanderc7e0b132024-04-18 17:47:52 +0200[diff] [blame]6523
6524struct buf_state {
6525 bool buffer_two_blocks;
6526 bool auth_enc;
6527 bool decrypt;
6528 uint8_t *plain_text;
6529 uint8_t *ciph_text;
6530 uint8_t *tmp_text;
6531 size_t text_size;
6532 size_t block_size;
6533 uint8_t *iv;
6534 size_t iv_len;
6535 uint8_t tag[96 / 8];
6536 uint8_t tmp_tag[96 / 8];
6537 TEE_OperationHandle oph;
6538 TEEC_Session *s;
6539
6540 size_t in_count;
6541 size_t out_count;
6542 size_t buf_count;
6543};
6544
6545static bool process_bytes_4017(ADBG_Case_t *c, struct buf_state *bs,
6546 size_t count)
6547{
6548 TEE_Result res = TEEC_SUCCESS;
6549 size_t new_buf_count = 0;
6550 void *reference = NULL;
6551 void *src = NULL;
6552 size_t out = 0;
6553 size_t dlen = 0;
6554
6555 if (bs->decrypt) {
6556 src = bs->ciph_text + bs->in_count;
6557 reference = bs->plain_text + bs->out_count;
6558 } else {
6559 src = bs->plain_text + bs->in_count;
6560 reference = bs->ciph_text + bs->out_count;
6561 }
6562
6563 bs->in_count += count;
6564 if (bs->buffer_two_blocks) {
6565 if (bs->in_count > bs->block_size)
6566 new_buf_count = ((bs->in_count - 1) % bs->block_size) +
6567 bs->block_size + 1;
6568 else
6569 new_buf_count = bs->in_count;
6570 } else {
6571 new_buf_count = bs->in_count % bs->block_size;
6572 }
6573
6574 out = bs->buf_count + count - new_buf_count;
6575 bs->out_count += out;
6576 bs->buf_count = new_buf_count;
6577
6578 if (bs->auth_enc) {
6579 res = ta_crypt_cmd_ae_update(c, bs->s, bs->oph, src, count,
6580 NULL, &dlen);
6581 if (!res)
6582 return ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==, 0) &&
6583 ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==, out);
6584 if (!ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_SHORT_BUFFER, res) ||
6585 !ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==, out))
6586 return false;
6587 res = ta_crypt_cmd_ae_update(c, bs->s, bs->oph, src, count,
6588 bs->tmp_text, &dlen);
6589 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res) ||
6590 !ADBG_EXPECT_BUFFER(c, reference, out,
6591 bs->tmp_text, dlen))
6592 return false;
6593 } else {
6594 res = ta_crypt_cmd_cipher_update(c, bs->s, bs->oph, src, count,
6595 NULL, &dlen);
6596 if (!res)
6597 return ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==, out);
6598 if (!ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_SHORT_BUFFER, res) ||
6599 !ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==, out))
6600 return false;
6601 res = ta_crypt_cmd_cipher_update(c, bs->s, bs->oph, src, count,
6602 bs->tmp_text, &dlen);
6603 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res) ||
6604 !ADBG_EXPECT_BUFFER(c, reference, out,
6605 bs->tmp_text, dlen))
6606 return false;
6607 }
6608
6609 return true;
6610}
6611
6612static bool process_bytes_final_4017(ADBG_Case_t *c, struct buf_state *bs)
6613{
6614 TEEC_Result res = TEEC_SUCCESS;
6615 void *reference = NULL;
6616 size_t src_len = 0;
6617 void *src = NULL;
6618 size_t dlen = 0;
6619 size_t tlen = 0;
6620
6621 if (bs->decrypt) {
6622 src = bs->ciph_text + bs->in_count;
6623 reference = bs->plain_text + bs->out_count;
6624 } else {
6625 src = bs->plain_text + bs->in_count;
6626 reference = bs->ciph_text + bs->out_count;
6627 }
6628 src_len = bs->text_size - bs->in_count;
6629
6630 if (bs->auth_enc) {
6631 if (bs->decrypt)
6632 res = ta_crypt_cmd_ae_decrypt_final(c, bs->s, bs->oph,
6633 src, src_len,
6634 NULL, &dlen,
6635 bs->tag,
6636 sizeof(bs->tag));
6637 else
6638 res = ta_crypt_cmd_ae_encrypt_final(c, bs->s, bs->oph,
6639 src, src_len,
6640 NULL, &dlen, NULL,
6641 &tlen);
6642 if (!res && bs->decrypt)
6643 return ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==,
6644 src_len);
6645 if (!ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_SHORT_BUFFER, res) ||
6646 !ADBG_EXPECT_COMPARE_UNSIGNED(c, bs->text_size -
6647 bs->out_count, ==, dlen))
6648 return false;
6649 if (!bs->decrypt &&
6650 !ADBG_EXPECT_COMPARE_UNSIGNED(c, sizeof(bs->tag), ==, tlen))
6651 return false;
6652 if (bs->decrypt)
6653 res = ta_crypt_cmd_ae_decrypt_final(c, bs->s, bs->oph,
6654 src, src_len,
6655 bs->tmp_text, &dlen,
6656 bs->tag,
6657 sizeof(bs->tag));
6658 else
6659 res = ta_crypt_cmd_ae_encrypt_final(c, bs->s, bs->oph,
6660 src, src_len,
6661 bs->tmp_text, &dlen,
6662 bs->tmp_tag, &tlen);
6663 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res) ||
6664 !ADBG_EXPECT_BUFFER(c, reference,
6665 bs->text_size - bs->out_count,
6666 bs->tmp_text, dlen))
6667 return false;
6668 if (!bs->decrypt &&
6669 !ADBG_EXPECT_BUFFER(c, bs->tag, sizeof(bs->tag),
6670 bs->tmp_tag, tlen))
6671 return false;
6672 } else {
6673 res = ta_crypt_cmd_cipher_do_final(c, bs->s, bs->oph,
6674 src, src_len, NULL, &dlen);
6675 if (!res)
6676 return ADBG_EXPECT_COMPARE_UNSIGNED(c, dlen, ==,
6677 src_len);
6678 if (!ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_SHORT_BUFFER, res) ||
6679 !ADBG_EXPECT_COMPARE_UNSIGNED(c,
6680 bs->text_size -
6681 bs->out_count, ==, dlen))
6682 return false;
6683
6684 res = ta_crypt_cmd_cipher_do_final(c, bs->s, bs->oph,
6685 src, src_len,
6686 bs->tmp_text, &dlen);
6687 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res) ||
6688 !ADBG_EXPECT_BUFFER(c, reference,
6689 bs->text_size - bs->out_count,
6690 bs->tmp_text, dlen))
6691 return false;
6692 }
6693
6694 return true;
6695}
6696
6697static bool process_text_4017(ADBG_Case_t *c, struct buf_state *bs,
6698 size_t initial_count, size_t middle_count)
6699{
6700 TEEC_Result res = TEEC_SUCCESS;
6701 size_t n = 0;
6702
6703 bs->in_count = 0;
6704 bs->out_count = 0;
6705 bs->buf_count = 0;
6706
6707 if (bs->auth_enc)
6708 res = ta_crypt_cmd_ae_init(c, bs->s, bs->oph, bs->iv,
6709 bs->iv_len, sizeof(bs->tag), 0,
6710 bs->text_size);
6711 else
6712 res = ta_crypt_cmd_cipher_init(c, bs->s, bs->oph, bs->iv,
6713 bs->iv_len);
6714 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6715 return false;
6716
6717 if (initial_count &&
6718 !ADBG_EXPECT_TRUE(c, process_bytes_4017(c, bs, initial_count)))
6719 return false;
6720
6721 for (n = 0; n < middle_count && n + initial_count < bs->text_size; n++)
6722 if (!ADBG_EXPECT_TRUE(c, process_bytes_4017(c, bs, 1)))
6723 return false;
6724
6725 return process_bytes_final_4017(c, bs);
6726}
6727
6728static bool alloc_oph_4017(ADBG_Case_t *c, TEEC_Session *s, uint32_t algo,
6729 uint32_t mode, void *key, size_t key_size,
6730 TEE_OperationHandle *oph)
6731{
6732 TEEC_Result res = TEEC_SUCCESS;
6733 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
6734 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
6735 TEE_Attribute key_attr = {
6736 .attributeID = TEE_ATTR_SECRET_VALUE,
6737 .content.ref.buffer = key,
6738 .content.ref.length = key_size,
6739 };
6740 bool ret = false;
6741
6742 res = ta_crypt_cmd_allocate_transient_object(c, s, TEE_TYPE_AES,
6743 key_size * 8, &key_handle);
6744 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6745 goto out;
6746 res = ta_crypt_cmd_populate_transient_object(c, s, key_handle,
6747 &key_attr, 1);
6748 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6749 goto out;
6750
6751 if (algo == TEE_ALG_AES_XTS) {
6752 res = ta_crypt_cmd_allocate_transient_object(c, s, TEE_TYPE_AES,
6753 key_size * 8,
6754 &key2_handle);
6755 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6756 goto out;
6757 res = ta_crypt_cmd_populate_transient_object(c, s, key2_handle,
6758 &key_attr, 1);
6759 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6760 goto out;
6761
6762 res = ta_crypt_cmd_allocate_operation(c, s, oph, algo, mode,
6763 key_size * 8 * 2);
6764 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6765 goto out;
6766 res = ta_crypt_cmd_set_operation_key2(c, s, *oph, key_handle,
6767 key2_handle);
6768 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6769 goto out;
6770 } else {
6771 res = ta_crypt_cmd_allocate_operation(c, s, oph, algo, mode,
6772 key_size * 8);
6773 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6774 goto out;
6775 res = ta_crypt_cmd_set_operation_key(c, s, *oph, key_handle);
6776 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6777 goto out;
6778 }
6779
6780 ret = true;
6781out:
6782 if (key2_handle)
6783 ta_crypt_cmd_free_transient_object(c, s, key2_handle);
6784 if (key_handle)
6785 ta_crypt_cmd_free_transient_object(c, s, key_handle);
6786 return ret;
6787}
6788
6789static bool do_algo_4017(ADBG_Case_t *c, TEEC_Session *s, uint32_t algo,
6790 size_t extra_size)
6791{
6792 TEEC_Result res = TEEC_SUCCESS;
6793 struct buf_state bs = { .s = s, };
6794 size_t middle_count = 0;
6795 uint8_t iv[16] = { };
6796 uint8_t key[16] = { };
6797 size_t prev_n = 0;
6798 bool ret = false;
6799 size_t dlen = 0;
6800 size_t tlen = 0;
6801 size_t n = 0;
6802
6803 if (level >= 12)
6804 middle_count = 2 * TEE_AES_BLOCK_SIZE;
6805
6806 bs.block_size = 16;
6807 bs.text_size = bs.block_size * 6 + extra_size;
6808 bs.plain_text = calloc(3, bs.text_size);
6809 if (!ADBG_EXPECT_NOT_NULL(c, bs.plain_text))
6810 return false;
6811 bs.ciph_text = bs.plain_text + bs.text_size;
6812 bs.tmp_text = bs.ciph_text + bs.text_size;
6813
6814 for (n = 0; n < bs.text_size; n++)
6815 bs.plain_text[n] = n + 1;
6816 for (n = 0; n < ARRAY_SIZE(iv); n++)
6817 iv[n] = n + 1;
6818 for (n = 0; n < ARRAY_SIZE(key); n++)
6819 key[n] = n + 1;
6820
6821 if (!ADBG_EXPECT_TRUE(c, alloc_oph_4017(c, s, algo, TEE_MODE_ENCRYPT,
6822 key, sizeof(key), &bs.oph)))
6823 return false;
6824
6825 if (algo != TEE_ALG_AES_ECB_NOPAD) {
6826 bs.iv = iv;
6827 bs.iv_len = sizeof(iv);
6828 }
6829 if (algo == TEE_ALG_AES_CCM)
6830 bs.iv_len = 13;
6831 if (algo == TEE_ALG_AES_CTR || algo == TEE_ALG_AES_GCM)
6832 bs.block_size = 1;
6833 else
6834 bs.block_size = TEE_AES_BLOCK_SIZE;
6835 if (algo == TEE_ALG_AES_CTS || algo == TEE_ALG_AES_XTS)
6836 bs.buffer_two_blocks = true;
6837 if (algo == TEE_ALG_AES_CCM || algo == TEE_ALG_AES_GCM)
6838 bs.auth_enc = true;
6839
6840 if (bs.auth_enc) {
6841 res = ta_crypt_cmd_ae_init(c, bs.s, bs.oph, bs.iv, bs.iv_len,
6842 sizeof(bs.tag), 0, bs.text_size);
6843 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6844 goto out;
6845 res = ta_crypt_cmd_ae_encrypt_final(c, bs.s, bs.oph,
6846 bs.plain_text, bs.text_size,
6847 NULL, &dlen, NULL, &tlen);
6848 if (!ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_SHORT_BUFFER, res) ||
6849 !ADBG_EXPECT_COMPARE_UNSIGNED(c, bs.text_size, ==, dlen))
6850 goto out;
6851 res = ta_crypt_cmd_ae_encrypt_final(c, bs.s, bs.oph,
6852 bs.plain_text, bs.text_size,
6853 bs.ciph_text, &dlen, bs.tag,
6854 &tlen);
6855 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res) ||
6856 !ADBG_EXPECT_COMPARE_UNSIGNED(c, bs.text_size, ==, dlen))
6857 goto out;
6858 } else {
6859 res = ta_crypt_cmd_cipher_init(c, bs.s, bs.oph, bs.iv,
6860 bs.iv_len);
6861 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6862 goto out;
6863 res = ta_crypt_cmd_cipher_do_final(c, bs.s, bs.oph,
6864 bs.plain_text, bs.text_size,
6865 NULL, &dlen);
6866 if (!ADBG_EXPECT_TEEC_RESULT(c, TEEC_ERROR_SHORT_BUFFER, res) ||
6867 !ADBG_EXPECT_COMPARE_UNSIGNED(c, bs.text_size, ==, dlen))
6868 goto out;
6869 res = ta_crypt_cmd_cipher_do_final(c, bs.s, bs.oph,
6870 bs.plain_text, bs.text_size,
6871 bs.ciph_text, &dlen);
6872 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res) ||
6873 !ADBG_EXPECT_COMPARE_UNSIGNED(c, bs.text_size, ==, dlen))
6874 goto out;
6875 }
6876
6877 for (n = 0; n < bs.text_size; n++) {
6878 /*
6879 * If level < 12 test with initial count of:
6880 * 0, 1, 15 for each AES block, that is,
6881 * 0, 1, 15, 16, 17, 31, 32, 33, 47, 48, 49, 63, 64, 65,
6882 * 79, 80, 81, and 95
6883 * If level >= 12 test with initial count of each n, an
6884 * exhaustive of every possible initial count.
6885 *
6886 * If level < 12 test with middle_count of 32 else 0.
6887 * (middle_count - n) bytes are processed one by one.
6888 *
6889 * The idea is to try to match all corner cases when
6890 * buffering AES blocks. With special focus on what happens
6891 * when a complete block has been buffered.
6892 */
6893 if (level < 12 && (n % TEE_AES_BLOCK_SIZE) > 1 &&
6894 (n % TEE_AES_BLOCK_SIZE) < (TEE_AES_BLOCK_SIZE - 1))
6895 continue;
6896 ret = process_text_4017(c, &bs, n, middle_count);
6897 if (!ADBG_EXPECT_TRUE(c, ret)) {
6898 Do_ADBG_Log("Failed processing with initial_count %zu (previous %zu)",
6899 n, prev_n);
6900 goto out;
6901 }
6902 prev_n = n;
6903 }
6904
6905 ta_crypt_cmd_free_operation(c, s, bs.oph);
6906 bs.oph = TEE_HANDLE_NULL;
6907 if (!ADBG_EXPECT_TRUE(c, alloc_oph_4017(c, s, algo, TEE_MODE_DECRYPT,
6908 key, sizeof(key), &bs.oph)))
6909 goto out;
6910 bs.decrypt = true;
6911
6912 /* Only test matching decryption for levels above 13 */
6913 for (n = 0; level > 13 && n < bs.text_size; n++) {
6914 if (level < 12 && (n % TEE_AES_BLOCK_SIZE) > 1 &&
6915 (n % TEE_AES_BLOCK_SIZE) < (TEE_AES_BLOCK_SIZE - 1))
6916 continue;
6917 ret = process_text_4017(c, &bs, n, middle_count);
6918 if (!ADBG_EXPECT_TRUE(c, ret)) {
6919 Do_ADBG_Log("Failed processing with initial_count %zu (previous %zu)",
6920 n, prev_n);
6921 goto out;
6922 }
6923 prev_n = n;
6924 }
6925
6926 ret = true;
6927out:
6928 if (bs.oph)
6929 ta_crypt_cmd_free_operation(c, s, bs.oph);
6930 free(bs.plain_text);
6931 return ret;
6932}
6933
6934static void xtest_tee_test_4017(ADBG_Case_t *c)
6935{
6936 TEEC_Result res = TEEC_SUCCESS;
6937 uint32_t ret_orig = 0;
6938 TEEC_Session sess = { };
6939
6940 res = xtest_teec_open_session(&sess, &crypt_user_ta_uuid, NULL,
6941 &ret_orig);
6942 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
6943 return;
6944
6945 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_ECB_NOPAD");
6946 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_ECB_NOPAD, 0));
6947 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_ECB_NOPAD");
6948
6949 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CBC_NOPAD");
6950 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CBC_NOPAD, 0));
6951 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CBC_NOPAD");
6952
6953 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CTR");
6954 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CTR, 0));
6955 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CTR");
6956
6957 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CTR 1 extra byte");
6958 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CTR, 1));
6959 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CTR 1 extra byte");
6960
6961 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CTS");
6962 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CTS, 0));
6963 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CTS");
6964
6965 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CTS 1 extra byte");
6966 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CTS, 1));
6967 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CTS 1 extra byte");
6968
6969 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_XTS");
6970 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_XTS, 0));
6971 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_XTS");
6972
6973 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_XTS 1 extra byte");
6974 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_XTS, 1));
6975 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_XTS 1 extra byte");
6976
6977 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_GCM");
6978 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_GCM, 0));
6979 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_GCM");
6980
6981 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_GCM 1 extra byte");
6982 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_GCM, 1));
6983 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_GCM 1 extra byte");
6984
6985 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CCM");
6986 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CCM, 0));
6987 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CCM");
6988
6989 Do_ADBG_BeginSubCase(c, "TEE_ALG_AES_CCM 1 extra byte");
6990 ADBG_EXPECT_TRUE(c, do_algo_4017(c, &sess, TEE_ALG_AES_CCM, 1));
6991 Do_ADBG_EndSubCase(c, "TEE_ALG_AES_CCM 1 extra byte");
6992
6993 TEEC_CloseSession(&sess);
6994}
6995
6996ADBG_CASE_DEFINE(regression, 4017, xtest_tee_test_4017,
6997 "Test TEE Internal API Cipher block buffering");