TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / c639ac89fdc09f0370dc26674cfa57936a4cb13a / . / host / xtest / xtest_10000.c
blob: f40249008de09aafee34f04ce8976535b5db7fe5 [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame^]1/*
2 * Copyright (c) 2014, Linaro Limited
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13#include "xtest_test.h"
14#include "xtest_helpers.h"
15
16#include <tee_api_types.h>
17#include <tee_api_defines_extensions.h>
18#include <utee_defines.h>
19#include <string.h>
20#include <enc_fs_key_manager_test.h>
21
22#define WITH_HKDF 1
23#define WITH_CONCAT_KDF 1
24#define WITH_PBKDF2 1
25
26static void xtest_tee_test_10001(ADBG_Case_t *c);
27static void xtest_tee_test_10002(ADBG_Case_t *c);
28static void xtest_tee_test_10003(ADBG_Case_t *c);
29
30ADBG_CASE_DEFINE(XTEST_TEE_10001, xtest_tee_test_10001,
31 /* Title */
32 "Test TEE Internal API key derivation extensions",
33 /* Short description */
34 "Test non-standard cryptographic key derivation algorithms",
35 /* Requirement IDs */
36 "Linaro CARD-1661",
37 /* How to implement */
38 "Invoke key derivation functions with standard test vectors"
39 );
40
41ADBG_CASE_DEFINE(XTEST_TEE_10002, xtest_tee_test_10002,
42 /* Title */
43 "Secure Storage Key Manager API Self Test",
44 /* Short description */
45 "Test secure storage key manager functionality",
46 /* Requirement IDs */
47 "Linaro SWG-176",
48 /* How to implement */
49 "Invoke key manager self test function in test TA"
50 );
51
52ADBG_CASE_DEFINE(XTEST_TEE_10003, xtest_tee_test_10003,
53 /* Title */
54 "ECC Self Test",
55 /* Short description */
56 "Test ECC API",
57 /* Requirement IDs */
58 "",
59 /* How to implement */
60 "Invoke ECC self test function in test TA"
61 );
62
63/*
64 * HKDF test data from RFC 5869
65 */
66
67/* A.1 SHA-256 */
68
69static const uint8_t hkdf_a1_ikm[] = {
70 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
71 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
72 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
73};
74
75static const uint8_t hkdf_a1_salt[] = {
76 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
77 0x08, 0x09, 0x0a, 0x0b, 0x0c
78};
79
80static const uint8_t hkdf_a1_info[] = {
81 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
82 0xf8, 0xf9
83};
84
85static const uint8_t hkdf_a1_okm[] = {
86 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
87 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
88 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
89 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
90 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
91 0x58, 0x65
92};
93
94/* A.2 SHA-256 */
95static const uint8_t hkdf_a2_ikm[] = {
96 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
97 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
98 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
99 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
100 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
101 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
102 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
103 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
104 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
105 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
106};
107
108static const uint8_t hkdf_a2_salt[] = {
109 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
110 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
111 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
112 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
113 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
114 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
115 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
116 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
117 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
118 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
119};
120
121static const uint8_t hkdf_a2_info[] = {
122 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
123 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
124 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
125 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
126 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
127 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
128 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
129 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
130 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
131 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
132};
133
134static const uint8_t hkdf_a2_okm[] = {
135 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
136 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
137 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
138 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
139 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
140 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
141 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
142 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
143 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
144 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
145 0x1d, 0x87
146};
147
148/* A.3 SHA-256 */
149#define hkdf_a3_ikm hkdf_a1_ikm
150static const uint8_t hkdf_a3_salt[] = {};
151
152static const uint8_t hkdf_a3_info[] = {};
153
154static const uint8_t hkdf_a3_okm[] = {
155 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
156 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
157 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
158 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
159 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
160 0x96, 0xc8
161};
162
163/* A.4 SHA-1 */
164static const uint8_t hkdf_a4_ikm[] = {
165 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
166 0x0b, 0x0b, 0x0b
167};
168
169static const uint8_t hkdf_a4_salt[] = {
170 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
171 0x08, 0x09, 0x0a, 0x0b, 0x0c
172};
173
174static const uint8_t hkdf_a4_info[] = {
175 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
176 0xf8, 0xf9
177};
178
179static const uint8_t hkdf_a4_okm[] = {
180 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
181 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
182 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
183 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
184 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
185 0xf8, 0x96
186};
187
188/* A.5 SHA-1 */
189#define hkdf_a5_ikm hkdf_a2_ikm
190#define hkdf_a5_salt hkdf_a2_salt
191#define hkdf_a5_info hkdf_a2_info
192static const uint8_t hkdf_a5_okm[] = {
193 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
194 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
195 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
196 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
197 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
198 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
199 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
200 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
201 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
202 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
203 0xd3, 0xb4
204};
205
206/* A.6 SHA-1 */
207#define hkdf_a6_ikm hkdf_a1_ikm
208static const uint8_t hkdf_a6_salt[] = {};
209
210static const uint8_t hkdf_a6_info[] = {};
211
212static const uint8_t hkdf_a6_okm[] = {
213 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
214 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
215 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
216 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
217 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
218 0x49, 0x18
219};
220
221/* A.7 SHA-1 */
222static const uint8_t hkdf_a7_ikm[] = {
223 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
224 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
225 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
226};
227
228static const uint8_t hkdf_a7_salt[] = {};
229
230static const uint8_t hkdf_a7_info[] = {};
231
232static const uint8_t hkdf_a7_okm[] = {
233 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
234 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
235 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
236 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
237 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
238 0xfc, 0x48
239};
240
241/*
242 * Concat KDF (NIST SP 800-56A R1)
243 *
244 * Test vector from:
245 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37
246 * appendix C
247 */
248static const uint8_t concat_kdf_1_z[] = {
249 158, 86, 217, 29, 129, 113, 53, 211,
250 114, 131, 66, 131, 191, 132, 38, 156,
251 251, 49, 110, 163, 218, 128, 106, 72,
252 246, 218, 167, 121, 140, 254, 144, 196
253};
254
255static const uint8_t concat_kdf_1_other_info[] = {
256 0, 0, 0, 7, 65, 49, 50, 56,
257 71, 67, 77, 0, 0, 0, 5, 65,
258 108, 105, 99, 101, 0, 0, 0, 3,
259 66, 111, 98, 0, 0, 0, 128
260};
261
262static const uint8_t concat_kdf_1_derived_key[] = {
263 86, 170, 141, 234, 248, 35, 109, 32,
264 92, 34, 40, 205, 113, 167, 16, 26
265};
266
267/*
268 * PKCS #5 2.0 / RFC 2898 Key Derivation Function 2 (PBKDF2)
269 * Test vectors from RFC 6070 https://www.ietf.org/rfc/rfc6070.txt
270 */
271
272/* 1 */
273static const uint8_t pbkdf2_1_password[] = {
274 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
275};
276
277static const uint8_t pbkdf2_1_salt[] = {
278 's', 'a', 'l', 't'
279};
280
281#define pbkdf2_1_iteration_count 1
282static const uint8_t pbkdf2_1_dkm[] = {
283 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
284 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
285 0x2f, 0xe0, 0x37, 0xa6
286};
287
288/* 2 */
289#define pbkdf2_2_password pbkdf2_1_password
290#define pbkdf2_2_salt pbkdf2_1_salt
291#define pbkdf2_2_iteration_count 2
292static const uint8_t pbkdf2_2_dkm[] = {
293 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
294 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
295 0xd8, 0xde, 0x89, 0x57
296};
297
298/* 3 */
299#define pbkdf2_3_password pbkdf2_1_password
300#define pbkdf2_3_salt pbkdf2_1_salt
301#define pbkdf2_3_iteration_count 4096
302static const uint8_t pbkdf2_3_dkm[] = {
303 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
304 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
305 0x65, 0xa4, 0x29, 0xc1
306};
307
308/* 4 */
309#define pbkdf2_4_password pbkdf2_1_password
310#define pbkdf2_4_salt pbkdf2_1_salt
311#define pbkdf2_4_iteration_count 16777216
312static const uint8_t pbkdf2_4_dkm[] = {
313 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
314 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
315 0x26, 0x34, 0xe9, 0x84
316};
317
318/* 5 */
319static const uint8_t pbkdf2_5_password[] = {
320 'p', 'a', 's', 's', 'w', 'o', 'r', 'd',
321 'P', 'A', 'S', 'S', 'W', 'O', 'R', 'D',
322 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
323};
324
325static const uint8_t pbkdf2_5_salt[] = {
326 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
327 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
328 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
329 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
330 's', 'a', 'l', 't'
331};
332
333#define pbkdf2_5_iteration_count 4096
334static const uint8_t pbkdf2_5_dkm[] = {
335 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
336 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
337 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
338 0x38
339};
340
341/* 6 */
342static const uint8_t pbkdf2_6_password[] = {
343 'p', 'a', 's', 's', '\0', 'w', 'o', 'r',
344 'd',
345};
346
347static const uint8_t pbkdf2_6_salt[] = {
348 's', 'a', '\0', 'l', 't'
349};
350
351#define pbkdf2_6_iteration_count 4096
352static const uint8_t pbkdf2_6_dkm[] = {
353 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
354 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
355};
356
357#ifdef WITH_HKDF
358static void xtest_test_derivation_hkdf(ADBG_Case_t *c, TEEC_Session *session)
359{
360 size_t n;
361#define TEST_HKDF_DATA(section, algo, id, oeb /* omit empty bufs */) \
362 { \
363 section, algo, \
364 hkdf_##id##_ikm, sizeof(hkdf_##id##_ikm), \
365 (oeb && !sizeof(hkdf_##id##_salt)) ? NULL : hkdf_##id##_salt, sizeof(hkdf_##id##_salt), \
366 (oeb && !sizeof(hkdf_##id##_info)) ? NULL : hkdf_##id##_info, sizeof(hkdf_##id##_info), \
367 hkdf_##id##_okm, sizeof(hkdf_##id##_okm), \
368 }
369 static struct hkdf_case {
370 const char *subcase_name;
371 uint32_t algo;
372 const uint8_t *ikm;
373 size_t ikm_len;
374 const uint8_t *salt;
375 size_t salt_len;
376 const uint8_t *info;
377 size_t info_len;
378 const uint8_t *okm;
379 size_t okm_len;
380 } hkdf_cases[] = {
381 TEST_HKDF_DATA("A.1 (SHA-256)",
382 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a1, false),
383 TEST_HKDF_DATA("A.2 (SHA-256)",
384 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a2, false),
385 TEST_HKDF_DATA("A.3 (SHA-256) [1]",
386 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, false),
387 TEST_HKDF_DATA("A.3 (SHA-256) [2]",
388 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, true),
389 TEST_HKDF_DATA("A.4 (SHA-1)",
390 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a4, false),
391 TEST_HKDF_DATA("A.5 (SHA-1)",
392 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a5, false),
393 TEST_HKDF_DATA("A.6 (SHA-1) [1]",
394 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, false),
395 TEST_HKDF_DATA("A.6 (SHA-1) [2]",
396 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, true),
397 TEST_HKDF_DATA("A.7 (SHA-1) [1]",
398 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, false),
399 TEST_HKDF_DATA("A.7 (SHA-1) [2]",
400 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, true),
401 };
402 size_t max_size = 2048;
403
404 for (n = 0; n < sizeof(hkdf_cases) / sizeof(struct hkdf_case); n++) {
405 TEE_OperationHandle op;
406 TEE_ObjectHandle key_handle;
407 TEE_ObjectHandle sv_handle;
408 TEE_Attribute params[4];
409 size_t param_count = 0;
410 uint8_t out[2048];
411 size_t out_size;
412 const struct hkdf_case *hc = &hkdf_cases[n];
413
414 Do_ADBG_BeginSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
415
416 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
417 ta_crypt_cmd_allocate_operation(c, session, &op,
418 hc->algo, TEE_MODE_DERIVE, max_size)))
419 goto out;
420
421 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
422 ta_crypt_cmd_allocate_transient_object(c, session,
423 TEE_TYPE_HKDF_IKM, max_size, &key_handle)))
424 goto out;
425
426 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_IKM, hc->ikm,
427 hc->ikm_len);
428
429 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
430 ta_crypt_cmd_populate_transient_object(c, session,
431 key_handle, params, param_count)))
432 goto out;
433
434 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
435 ta_crypt_cmd_set_operation_key(c, session, op,
436 key_handle)))
437 goto out;
438
439 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
440 ta_crypt_cmd_free_transient_object(c, session,
441 key_handle)))
442 goto out;
443
444 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
445 ta_crypt_cmd_allocate_transient_object(c, session,
446 TEE_TYPE_GENERIC_SECRET, hc->okm_len * 8,
447 &sv_handle)))
448 goto out;
449
450 param_count = 0;
451
452 if (hc->salt)
453 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_SALT,
454 hc->salt, hc->salt_len);
455 if (hc->info)
456 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_INFO,
457 hc->info, hc->info_len);
458
459 params[param_count].attributeID = TEE_ATTR_HKDF_OKM_LENGTH;
460 params[param_count].content.value.a = hc->okm_len;
461 params[param_count].content.value.b = 0;
462 param_count++;
463
464 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
465 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
466 params, param_count)))
467 goto out;
468
469 out_size = sizeof(out);
470 memset(out, 0, sizeof(out));
471 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
472 ta_crypt_cmd_get_object_buffer_attribute(c, session,
473 sv_handle, TEE_ATTR_SECRET_VALUE, out,
474 &out_size)))
475 goto out;
476
477 if (!ADBG_EXPECT_BUFFER(c, hc->okm, hc->okm_len, out, out_size))
478 goto out;
479
480 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
481 ta_crypt_cmd_free_operation(c, session, op)))
482 goto out;
483
484 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
485 ta_crypt_cmd_free_transient_object(c, session,
486 sv_handle)))
487 goto out;
488 out:
489 Do_ADBG_EndSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
490 }
491}
492#endif /* WITH_HKDF */
493
494#ifdef WITH_CONCAT_KDF
495static void xtest_test_derivation_concat_kdf(ADBG_Case_t *c, TEEC_Session *session)
496{
497 size_t n;
498#define TEST_CONCAT_KDF_DATA(name, algo, id, oeb /* omit empty bufs */) \
499 { \
500 name, algo, \
501 concat_kdf_##id##_z, sizeof(concat_kdf_##id##_z), \
502 (oeb && !sizeof(concat_kdf_##id##_other_info)) ? NULL \
503 : concat_kdf_##id##_other_info, \
504 sizeof(concat_kdf_##id##_other_info), \
505 concat_kdf_##id##_derived_key, sizeof(concat_kdf_##id##_derived_key), \
506 }
507 static struct concat_kdf_case {
508 const char *subcase_name;
509 uint32_t algo;
510 const uint8_t *shared_secret;
511 size_t shared_secret_len;
512 const uint8_t *other_info;
513 size_t other_info_len;
514 const uint8_t *derived_key;
515 size_t derived_key_len;
516 } concat_kdf_cases[] = {
517 TEST_CONCAT_KDF_DATA("JWA-37 C (SHA-256)",
518 TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY, 1, false),
519 };
520 size_t max_size = 2048;
521
522 for (n = 0;
523 n < sizeof(concat_kdf_cases) / sizeof(struct concat_kdf_case);
524 n++) {
525 TEE_OperationHandle op;
526 TEE_ObjectHandle key_handle;
527 TEE_ObjectHandle sv_handle;
528 TEE_Attribute params[4];
529 size_t param_count = 0;
530 uint8_t out[2048];
531 size_t out_size;
532 const struct concat_kdf_case *cc = &concat_kdf_cases[n];
533
534 Do_ADBG_BeginSubCase(c, "Concat KDF %s", cc->subcase_name);
535
536 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
537 ta_crypt_cmd_allocate_operation(c, session, &op,
538 cc->algo, TEE_MODE_DERIVE, max_size)))
539 goto out;
540
541 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
542 ta_crypt_cmd_allocate_transient_object(c, session,
543 TEE_TYPE_CONCAT_KDF_Z, max_size, &key_handle)))
544 goto out;
545
546 xtest_add_attr(&param_count, params, TEE_ATTR_CONCAT_KDF_Z,
547 cc->shared_secret, cc->shared_secret_len);
548
549 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
550 ta_crypt_cmd_populate_transient_object(c, session,
551 key_handle, params, param_count)))
552 goto out;
553
554 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
555 ta_crypt_cmd_set_operation_key(c, session, op,
556 key_handle)))
557 goto out;
558
559 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
560 ta_crypt_cmd_free_transient_object(c, session,
561 key_handle)))
562 goto out;
563
564 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
565 ta_crypt_cmd_allocate_transient_object(c, session,
566 TEE_TYPE_GENERIC_SECRET, cc->derived_key_len *
567 8, &sv_handle)))
568 goto out;
569
570 param_count = 0;
571
572 if (cc->other_info)
573 xtest_add_attr(&param_count, params,
574 TEE_ATTR_CONCAT_KDF_OTHER_INFO,
575 cc->other_info, cc->other_info_len);
576
577 params[param_count].attributeID = TEE_ATTR_CONCAT_KDF_DKM_LENGTH;
578 params[param_count].content.value.a = cc->derived_key_len;
579 params[param_count].content.value.b = 0;
580 param_count++;
581
582 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
583 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
584 params, param_count)))
585 goto out;
586
587 out_size = sizeof(out);
588 memset(out, 0, sizeof(out));
589 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
590 ta_crypt_cmd_get_object_buffer_attribute(c, session,
591 sv_handle, TEE_ATTR_SECRET_VALUE, out,
592 &out_size)))
593 goto out;
594
595 if (!ADBG_EXPECT_BUFFER(c, cc->derived_key, cc->derived_key_len,
596 out, out_size))
597 goto out;
598
599 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
600 ta_crypt_cmd_free_operation(c, session, op)))
601 goto out;
602
603 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
604 ta_crypt_cmd_free_transient_object(c, session,
605 sv_handle)))
606 goto out;
607out:
608 Do_ADBG_EndSubCase(c, "Concat KDF %s", cc->subcase_name);
609 }
610}
611#endif /* WITH_CONCAT_KDF */
612
613#ifdef WITH_PBKDF2
614static void xtest_test_derivation_pbkdf2(ADBG_Case_t *c, TEEC_Session *session)
615{
616 size_t n;
617#define TEST_PBKDF2_DATA(section, algo, id, oeb /* omit empty bufs */) \
618 { \
619 section, algo, \
620 pbkdf2_##id##_password, sizeof(pbkdf2_##id##_password), \
621 (oeb && !sizeof(pbkdf2_##id##_salt)) ? NULL : pbkdf2_##id##_salt, sizeof(pbkdf2_##id##_salt), \
622 pbkdf2_##id##_iteration_count, \
623 pbkdf2_##id##_dkm, sizeof(pbkdf2_##id##_dkm), \
624 }
625#define _TO_STR(n) #n
626#define TO_STR(n) _TO_STR(n)
627#define RFC6070_TEST(n) \
628 TEST_PBKDF2_DATA("RFC 6070 " TO_STR(n) " (HMAC-SHA1)", \
629 TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY, n, false)
630 static struct pbkdf2_case {
631 const char *subcase_name;
632 uint32_t algo;
633 const uint8_t *password;
634 size_t password_len;
635 const uint8_t *salt;
636 size_t salt_len;
637 uint32_t iteration_count;
638 const uint8_t *dkm;
639 size_t dkm_len;
640 } pbkdf2_cases[] = {
641 RFC6070_TEST(1), RFC6070_TEST(2), RFC6070_TEST(3),
642#if 0
643 RFC6070_TEST(4), /* Lengthy! (3 min on my PC / QEMU) */
644#endif
645 RFC6070_TEST(5), RFC6070_TEST(6)
646 };
647 size_t max_size = 2048;
648
649 for (n = 0; n < sizeof(pbkdf2_cases) / sizeof(struct pbkdf2_case); n++) {
650 TEE_OperationHandle op;
651 TEE_ObjectHandle key_handle;
652 TEE_ObjectHandle sv_handle;
653 TEE_Attribute params[4];
654 size_t param_count = 0;
655 uint8_t out[2048];
656 size_t out_size;
657 const struct pbkdf2_case *pc = &pbkdf2_cases[n];
658
659 Do_ADBG_BeginSubCase(c, "PBKDF2 %s", pc->subcase_name);
660 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
661 ta_crypt_cmd_allocate_operation(c, session, &op,
662 pc->algo, TEE_MODE_DERIVE, max_size)))
663 goto out;
664
665 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
666 ta_crypt_cmd_allocate_transient_object(c, session,
667 TEE_TYPE_PBKDF2_PASSWORD, max_size,
668 &key_handle)))
669 goto out;
670
671 xtest_add_attr(&param_count, params, TEE_ATTR_PBKDF2_PASSWORD,
672 pc->password, pc->password_len);
673
674 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
675 ta_crypt_cmd_populate_transient_object(c, session,
676 key_handle, params, param_count)))
677 goto out;
678
679 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
680 ta_crypt_cmd_set_operation_key(c, session, op,
681 key_handle)))
682 goto out;
683
684 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
685 ta_crypt_cmd_free_transient_object(c, session,
686 key_handle)))
687 goto out;
688
689 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
690 ta_crypt_cmd_allocate_transient_object(c, session,
691 TEE_TYPE_GENERIC_SECRET, pc->dkm_len * 8,
692 &sv_handle)))
693 goto out;
694
695 param_count = 0;
696
697 if (pc->salt)
698 xtest_add_attr(&param_count, params,
699 TEE_ATTR_PBKDF2_SALT, pc->salt,
700 pc->salt_len);
701
702 params[param_count].attributeID = TEE_ATTR_PBKDF2_DKM_LENGTH;
703 params[param_count].content.value.a = pc->dkm_len;
704 params[param_count].content.value.b = 0;
705 param_count++;
706
707 params[param_count].attributeID =
708 TEE_ATTR_PBKDF2_ITERATION_COUNT;
709 params[param_count].content.value.a = pc->iteration_count;
710 params[param_count].content.value.b = 0;
711 param_count++;
712
713 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
714 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
715 params, param_count)))
716 goto out;
717
718 out_size = sizeof(out);
719 memset(out, 0, sizeof(out));
720 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
721 ta_crypt_cmd_get_object_buffer_attribute(c, session,
722 sv_handle, TEE_ATTR_SECRET_VALUE, out, &out_size)))
723 goto out;
724
725 if (!ADBG_EXPECT_BUFFER(c, pc->dkm, pc->dkm_len, out, out_size))
726 goto out;
727
728 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
729 ta_crypt_cmd_free_operation(c, session, op)))
730 goto out;
731
732 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
733 ta_crypt_cmd_free_transient_object(c, session,
734 sv_handle)))
735 goto out;
736out:
737 Do_ADBG_EndSubCase(c, "PBKDF2 %s", pc->subcase_name);
738 }
739}
740#endif /* WITH_PBKDF2 */
741
742static TEEC_Result enc_fs_km_self_test(TEEC_Session *sess)
743{
744 TEEC_Operation op;
745 TEEC_Result res;
746 uint32_t org;
747
748 memset(&op, 0, sizeof(op));
749 res = TEEC_InvokeCommand(sess, CMD_SELF_TESTS, &op, &org);
750 return res;
751}
752
753#define CMD_ECC_GEN_KEY_SELF_TESTS 0
754static TEEC_Result ecc_self_test(TEEC_Session *sess, uint32_t algo)
755{
756 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
757 TEEC_Result res;
758 uint32_t ret_orig;
759
760 op.params[0].value.a = algo;
761 op.params[0].value.b = 0;
762 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
763 TEEC_NONE, TEEC_NONE);
764 res = TEEC_InvokeCommand(sess, CMD_ECC_GEN_KEY_SELF_TESTS,
765 &op, &ret_orig);
766 return res;
767}
768
769static void xtest_tee_test_10001(ADBG_Case_t *c)
770{
771 TEEC_Session session = { 0 };
772 uint32_t ret_orig;
773
774 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
775 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
776 &ret_orig)))
777 return;
778
779#ifdef WITH_HKDF
780 xtest_test_derivation_hkdf(c, &session);
781#endif
782#ifdef WITH_CONCAT_KDF
783 xtest_test_derivation_concat_kdf(c, &session);
784#endif
785#ifdef WITH_PBKDF2
786 xtest_test_derivation_pbkdf2(c, &session);
787#endif
788
789 TEEC_CloseSession(&session);
790}
791
792/* secure storage key manager self test */
793static void xtest_tee_test_10002(ADBG_Case_t *c)
794{
795 TEEC_Result res;
796 TEEC_Session sess;
797 uint32_t orig;
798
799 res = xtest_teec_open_session(&sess,
800 &enc_fs_key_manager_test_ta_uuid,
801 NULL, &orig);
802 if (res != TEEC_SUCCESS) {
803 Do_ADBG_Log("Ignore test due to TA does not exist");
804 return;
805 }
806
807 if (!ADBG_EXPECT_TEEC_SUCCESS(
808 c, enc_fs_km_self_test(&sess)))
809 goto exit;
810
811exit:
812 TEEC_CloseSession(&sess);
813}
814
815/* ECC self test */
816static void xtest_tee_test_10003(ADBG_Case_t *c)
817{
818 TEEC_Result res;
819 TEEC_Session sess;
820 uint32_t orig;
821 uint32_t algo;
822
823 res = xtest_teec_open_session(&sess, &ecc_test_ta_uuid, NULL, &orig);
824 if (res != TEEC_SUCCESS) {
825 Do_ADBG_Log("Ignore test due to TA does not exist");
826 return;
827 }
828
829 for (algo = TEE_ECC_CURVE_NIST_P192;
830 algo <= TEE_ECC_CURVE_NIST_P521;
831 algo++) {
832 Do_ADBG_BeginSubCase(c, "ECC Generate Key algo=0x%x", algo);
833 ADBG_EXPECT_TEEC_SUCCESS(c, ecc_self_test(&sess, algo));
834 Do_ADBG_EndSubCase(c, "ECC Generate Key algo=0x%x", algo);
835 }
836
837 algo = TEE_ECC_CURVE_NIST_P521+1;
838 Do_ADBG_BeginSubCase(c, "ECC Generate Key algo=0x%x", algo);
839 ADBG_EXPECT(c, TEE_ERROR_NOT_SUPPORTED, ecc_self_test(&sess, algo));
840 Do_ADBG_EndSubCase(c, "ECC Generate Key algo=0x%x", algo);
841
842 TEEC_CloseSession(&sess);
843}