TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / cd0186b3bf0698affa09245f855dce3254858322 / . / host / xtest / regression_8000.c
blob: d92bbd9a7e47c00a8df63f4224685a3d10ad8a29 [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, Linaro Limited
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13#include "xtest_test.h"
14#include "xtest_helpers.h"
15
16#include <tee_api_types.h>
17#include <tee_api_defines_extensions.h>
18#include <utee_defines.h>
19#include <string.h>
20#include <enc_fs_key_manager_test.h>
21
22#define WITH_HKDF 1
23#define WITH_CONCAT_KDF 1
24#define WITH_PBKDF2 1
25
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame^]26static void xtest_tee_test_8001(ADBG_Case_t *c);
27static void xtest_tee_test_8002(ADBG_Case_t *c);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]28
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame^]29ADBG_CASE_DEFINE(regression, 8001, xtest_tee_test_8001,
Jens Wiklander25a57fe2016-12-26 21:46:24 +0100[diff] [blame]30 "Test TEE Internal API key derivation extensions");
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame^]31ADBG_CASE_DEFINE(regression, 8002, xtest_tee_test_8002,
Jens Wiklander25a57fe2016-12-26 21:46:24 +0100[diff] [blame]32 "Secure Storage Key Manager API Self Test");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]33
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]34/*
35 * HKDF test data from RFC 5869
36 */
37
38/* A.1 SHA-256 */
39
40static const uint8_t hkdf_a1_ikm[] = {
41 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
42 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
43 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
44};
45
46static const uint8_t hkdf_a1_salt[] = {
47 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
48 0x08, 0x09, 0x0a, 0x0b, 0x0c
49};
50
51static const uint8_t hkdf_a1_info[] = {
52 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
53 0xf8, 0xf9
54};
55
56static const uint8_t hkdf_a1_okm[] = {
57 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
58 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
59 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
60 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
61 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
62 0x58, 0x65
63};
64
65/* A.2 SHA-256 */
66static const uint8_t hkdf_a2_ikm[] = {
67 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
68 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
69 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
70 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
71 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
72 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
73 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
74 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
75 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
76 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
77};
78
79static const uint8_t hkdf_a2_salt[] = {
80 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
81 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
82 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
83 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
84 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
85 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
86 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
87 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
88 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
89 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
90};
91
92static const uint8_t hkdf_a2_info[] = {
93 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
94 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
95 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
96 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
97 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
98 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
99 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
100 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
101 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
102 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
103};
104
105static const uint8_t hkdf_a2_okm[] = {
106 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
107 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
108 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
109 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
110 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
111 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
112 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
113 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
114 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
115 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
116 0x1d, 0x87
117};
118
119/* A.3 SHA-256 */
120#define hkdf_a3_ikm hkdf_a1_ikm
121static const uint8_t hkdf_a3_salt[] = {};
122
123static const uint8_t hkdf_a3_info[] = {};
124
125static const uint8_t hkdf_a3_okm[] = {
126 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
127 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
128 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
129 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
130 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
131 0x96, 0xc8
132};
133
134/* A.4 SHA-1 */
135static const uint8_t hkdf_a4_ikm[] = {
136 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
137 0x0b, 0x0b, 0x0b
138};
139
140static const uint8_t hkdf_a4_salt[] = {
141 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
142 0x08, 0x09, 0x0a, 0x0b, 0x0c
143};
144
145static const uint8_t hkdf_a4_info[] = {
146 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
147 0xf8, 0xf9
148};
149
150static const uint8_t hkdf_a4_okm[] = {
151 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
152 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
153 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
154 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
155 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
156 0xf8, 0x96
157};
158
159/* A.5 SHA-1 */
160#define hkdf_a5_ikm hkdf_a2_ikm
161#define hkdf_a5_salt hkdf_a2_salt
162#define hkdf_a5_info hkdf_a2_info
163static const uint8_t hkdf_a5_okm[] = {
164 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
165 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
166 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
167 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
168 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
169 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
170 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
171 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
172 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
173 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
174 0xd3, 0xb4
175};
176
177/* A.6 SHA-1 */
178#define hkdf_a6_ikm hkdf_a1_ikm
179static const uint8_t hkdf_a6_salt[] = {};
180
181static const uint8_t hkdf_a6_info[] = {};
182
183static const uint8_t hkdf_a6_okm[] = {
184 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
185 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
186 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
187 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
188 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
189 0x49, 0x18
190};
191
192/* A.7 SHA-1 */
193static const uint8_t hkdf_a7_ikm[] = {
194 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
195 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
196 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
197};
198
199static const uint8_t hkdf_a7_salt[] = {};
200
201static const uint8_t hkdf_a7_info[] = {};
202
203static const uint8_t hkdf_a7_okm[] = {
204 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
205 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
206 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
207 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
208 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
209 0xfc, 0x48
210};
211
212/*
213 * Concat KDF (NIST SP 800-56A R1)
214 *
215 * Test vector from:
216 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37
217 * appendix C
218 */
219static const uint8_t concat_kdf_1_z[] = {
220 158, 86, 217, 29, 129, 113, 53, 211,
221 114, 131, 66, 131, 191, 132, 38, 156,
222 251, 49, 110, 163, 218, 128, 106, 72,
223 246, 218, 167, 121, 140, 254, 144, 196
224};
225
226static const uint8_t concat_kdf_1_other_info[] = {
227 0, 0, 0, 7, 65, 49, 50, 56,
228 71, 67, 77, 0, 0, 0, 5, 65,
229 108, 105, 99, 101, 0, 0, 0, 3,
230 66, 111, 98, 0, 0, 0, 128
231};
232
233static const uint8_t concat_kdf_1_derived_key[] = {
234 86, 170, 141, 234, 248, 35, 109, 32,
235 92, 34, 40, 205, 113, 167, 16, 26
236};
237
238/*
239 * PKCS #5 2.0 / RFC 2898 Key Derivation Function 2 (PBKDF2)
240 * Test vectors from RFC 6070 https://www.ietf.org/rfc/rfc6070.txt
241 */
242
243/* 1 */
244static const uint8_t pbkdf2_1_password[] = {
245 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
246};
247
248static const uint8_t pbkdf2_1_salt[] = {
249 's', 'a', 'l', 't'
250};
251
252#define pbkdf2_1_iteration_count 1
253static const uint8_t pbkdf2_1_dkm[] = {
254 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
255 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
256 0x2f, 0xe0, 0x37, 0xa6
257};
258
259/* 2 */
260#define pbkdf2_2_password pbkdf2_1_password
261#define pbkdf2_2_salt pbkdf2_1_salt
262#define pbkdf2_2_iteration_count 2
263static const uint8_t pbkdf2_2_dkm[] = {
264 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
265 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
266 0xd8, 0xde, 0x89, 0x57
267};
268
269/* 3 */
270#define pbkdf2_3_password pbkdf2_1_password
271#define pbkdf2_3_salt pbkdf2_1_salt
272#define pbkdf2_3_iteration_count 4096
273static const uint8_t pbkdf2_3_dkm[] = {
274 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
275 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
276 0x65, 0xa4, 0x29, 0xc1
277};
278
279/* 4 */
280#define pbkdf2_4_password pbkdf2_1_password
281#define pbkdf2_4_salt pbkdf2_1_salt
282#define pbkdf2_4_iteration_count 16777216
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]283static const uint8_t pbkdf2_4_dkm[] = {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]284 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
285 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
286 0x26, 0x34, 0xe9, 0x84
287};
288
289/* 5 */
290static const uint8_t pbkdf2_5_password[] = {
291 'p', 'a', 's', 's', 'w', 'o', 'r', 'd',
292 'P', 'A', 'S', 'S', 'W', 'O', 'R', 'D',
293 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
294};
295
296static const uint8_t pbkdf2_5_salt[] = {
297 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
298 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
299 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
300 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
301 's', 'a', 'l', 't'
302};
303
304#define pbkdf2_5_iteration_count 4096
305static const uint8_t pbkdf2_5_dkm[] = {
306 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
307 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
308 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
309 0x38
310};
311
312/* 6 */
313static const uint8_t pbkdf2_6_password[] = {
314 'p', 'a', 's', 's', '\0', 'w', 'o', 'r',
315 'd',
316};
317
318static const uint8_t pbkdf2_6_salt[] = {
319 's', 'a', '\0', 'l', 't'
320};
321
322#define pbkdf2_6_iteration_count 4096
323static const uint8_t pbkdf2_6_dkm[] = {
324 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
325 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
326};
327
328#ifdef WITH_HKDF
329static void xtest_test_derivation_hkdf(ADBG_Case_t *c, TEEC_Session *session)
330{
331 size_t n;
332#define TEST_HKDF_DATA(section, algo, id, oeb /* omit empty bufs */) \
333 { \
334 section, algo, \
335 hkdf_##id##_ikm, sizeof(hkdf_##id##_ikm), \
336 (oeb && !sizeof(hkdf_##id##_salt)) ? NULL : hkdf_##id##_salt, sizeof(hkdf_##id##_salt), \
337 (oeb && !sizeof(hkdf_##id##_info)) ? NULL : hkdf_##id##_info, sizeof(hkdf_##id##_info), \
338 hkdf_##id##_okm, sizeof(hkdf_##id##_okm), \
339 }
340 static struct hkdf_case {
341 const char *subcase_name;
342 uint32_t algo;
343 const uint8_t *ikm;
344 size_t ikm_len;
345 const uint8_t *salt;
346 size_t salt_len;
347 const uint8_t *info;
348 size_t info_len;
349 const uint8_t *okm;
350 size_t okm_len;
351 } hkdf_cases[] = {
352 TEST_HKDF_DATA("A.1 (SHA-256)",
353 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a1, false),
354 TEST_HKDF_DATA("A.2 (SHA-256)",
355 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a2, false),
356 TEST_HKDF_DATA("A.3 (SHA-256) [1]",
357 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, false),
358 TEST_HKDF_DATA("A.3 (SHA-256) [2]",
359 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, true),
360 TEST_HKDF_DATA("A.4 (SHA-1)",
361 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a4, false),
362 TEST_HKDF_DATA("A.5 (SHA-1)",
363 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a5, false),
364 TEST_HKDF_DATA("A.6 (SHA-1) [1]",
365 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, false),
366 TEST_HKDF_DATA("A.6 (SHA-1) [2]",
367 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, true),
368 TEST_HKDF_DATA("A.7 (SHA-1) [1]",
369 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, false),
370 TEST_HKDF_DATA("A.7 (SHA-1) [2]",
371 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, true),
372 };
373 size_t max_size = 2048;
374
375 for (n = 0; n < sizeof(hkdf_cases) / sizeof(struct hkdf_case); n++) {
376 TEE_OperationHandle op;
377 TEE_ObjectHandle key_handle;
378 TEE_ObjectHandle sv_handle;
379 TEE_Attribute params[4];
380 size_t param_count = 0;
381 uint8_t out[2048];
382 size_t out_size;
383 const struct hkdf_case *hc = &hkdf_cases[n];
384
385 Do_ADBG_BeginSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
386
387 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
388 ta_crypt_cmd_allocate_operation(c, session, &op,
389 hc->algo, TEE_MODE_DERIVE, max_size)))
390 goto out;
391
392 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
393 ta_crypt_cmd_allocate_transient_object(c, session,
394 TEE_TYPE_HKDF_IKM, max_size, &key_handle)))
395 goto out;
396
397 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_IKM, hc->ikm,
398 hc->ikm_len);
399
400 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
401 ta_crypt_cmd_populate_transient_object(c, session,
402 key_handle, params, param_count)))
403 goto out;
404
405 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
406 ta_crypt_cmd_set_operation_key(c, session, op,
407 key_handle)))
408 goto out;
409
410 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
411 ta_crypt_cmd_free_transient_object(c, session,
412 key_handle)))
413 goto out;
414
415 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
416 ta_crypt_cmd_allocate_transient_object(c, session,
417 TEE_TYPE_GENERIC_SECRET, hc->okm_len * 8,
418 &sv_handle)))
419 goto out;
420
421 param_count = 0;
422
423 if (hc->salt)
424 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_SALT,
425 hc->salt, hc->salt_len);
426 if (hc->info)
427 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_INFO,
428 hc->info, hc->info_len);
429
430 params[param_count].attributeID = TEE_ATTR_HKDF_OKM_LENGTH;
431 params[param_count].content.value.a = hc->okm_len;
432 params[param_count].content.value.b = 0;
433 param_count++;
434
435 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
436 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
437 params, param_count)))
438 goto out;
439
440 out_size = sizeof(out);
441 memset(out, 0, sizeof(out));
442 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
443 ta_crypt_cmd_get_object_buffer_attribute(c, session,
444 sv_handle, TEE_ATTR_SECRET_VALUE, out,
445 &out_size)))
446 goto out;
447
448 if (!ADBG_EXPECT_BUFFER(c, hc->okm, hc->okm_len, out, out_size))
449 goto out;
450
451 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
452 ta_crypt_cmd_free_operation(c, session, op)))
453 goto out;
454
455 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
456 ta_crypt_cmd_free_transient_object(c, session,
457 sv_handle)))
458 goto out;
459 out:
460 Do_ADBG_EndSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
461 }
462}
463#endif /* WITH_HKDF */
464
465#ifdef WITH_CONCAT_KDF
466static void xtest_test_derivation_concat_kdf(ADBG_Case_t *c, TEEC_Session *session)
467{
468 size_t n;
469#define TEST_CONCAT_KDF_DATA(name, algo, id, oeb /* omit empty bufs */) \
470 { \
471 name, algo, \
472 concat_kdf_##id##_z, sizeof(concat_kdf_##id##_z), \
473 (oeb && !sizeof(concat_kdf_##id##_other_info)) ? NULL \
474 : concat_kdf_##id##_other_info, \
475 sizeof(concat_kdf_##id##_other_info), \
476 concat_kdf_##id##_derived_key, sizeof(concat_kdf_##id##_derived_key), \
477 }
478 static struct concat_kdf_case {
479 const char *subcase_name;
480 uint32_t algo;
481 const uint8_t *shared_secret;
482 size_t shared_secret_len;
483 const uint8_t *other_info;
484 size_t other_info_len;
485 const uint8_t *derived_key;
486 size_t derived_key_len;
487 } concat_kdf_cases[] = {
488 TEST_CONCAT_KDF_DATA("JWA-37 C (SHA-256)",
489 TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY, 1, false),
490 };
491 size_t max_size = 2048;
492
493 for (n = 0;
494 n < sizeof(concat_kdf_cases) / sizeof(struct concat_kdf_case);
495 n++) {
496 TEE_OperationHandle op;
497 TEE_ObjectHandle key_handle;
498 TEE_ObjectHandle sv_handle;
499 TEE_Attribute params[4];
500 size_t param_count = 0;
501 uint8_t out[2048];
502 size_t out_size;
503 const struct concat_kdf_case *cc = &concat_kdf_cases[n];
504
505 Do_ADBG_BeginSubCase(c, "Concat KDF %s", cc->subcase_name);
506
507 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
508 ta_crypt_cmd_allocate_operation(c, session, &op,
509 cc->algo, TEE_MODE_DERIVE, max_size)))
510 goto out;
511
512 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
513 ta_crypt_cmd_allocate_transient_object(c, session,
514 TEE_TYPE_CONCAT_KDF_Z, max_size, &key_handle)))
515 goto out;
516
517 xtest_add_attr(&param_count, params, TEE_ATTR_CONCAT_KDF_Z,
518 cc->shared_secret, cc->shared_secret_len);
519
520 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
521 ta_crypt_cmd_populate_transient_object(c, session,
522 key_handle, params, param_count)))
523 goto out;
524
525 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
526 ta_crypt_cmd_set_operation_key(c, session, op,
527 key_handle)))
528 goto out;
529
530 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
531 ta_crypt_cmd_free_transient_object(c, session,
532 key_handle)))
533 goto out;
534
535 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
536 ta_crypt_cmd_allocate_transient_object(c, session,
537 TEE_TYPE_GENERIC_SECRET, cc->derived_key_len *
538 8, &sv_handle)))
539 goto out;
540
541 param_count = 0;
542
543 if (cc->other_info)
544 xtest_add_attr(&param_count, params,
545 TEE_ATTR_CONCAT_KDF_OTHER_INFO,
546 cc->other_info, cc->other_info_len);
547
548 params[param_count].attributeID = TEE_ATTR_CONCAT_KDF_DKM_LENGTH;
549 params[param_count].content.value.a = cc->derived_key_len;
550 params[param_count].content.value.b = 0;
551 param_count++;
552
553 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
554 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
555 params, param_count)))
556 goto out;
557
558 out_size = sizeof(out);
559 memset(out, 0, sizeof(out));
560 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
561 ta_crypt_cmd_get_object_buffer_attribute(c, session,
562 sv_handle, TEE_ATTR_SECRET_VALUE, out,
563 &out_size)))
564 goto out;
565
566 if (!ADBG_EXPECT_BUFFER(c, cc->derived_key, cc->derived_key_len,
567 out, out_size))
568 goto out;
569
570 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
571 ta_crypt_cmd_free_operation(c, session, op)))
572 goto out;
573
574 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
575 ta_crypt_cmd_free_transient_object(c, session,
576 sv_handle)))
577 goto out;
578out:
579 Do_ADBG_EndSubCase(c, "Concat KDF %s", cc->subcase_name);
580 }
581}
582#endif /* WITH_CONCAT_KDF */
583
584#ifdef WITH_PBKDF2
585static void xtest_test_derivation_pbkdf2(ADBG_Case_t *c, TEEC_Session *session)
586{
587 size_t n;
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]588#define TEST_PBKDF2_DATA(level, section, algo, id, oeb /* omit empty bufs */) \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]589 { \
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]590 level, section, algo, \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]591 pbkdf2_##id##_password, sizeof(pbkdf2_##id##_password), \
592 (oeb && !sizeof(pbkdf2_##id##_salt)) ? NULL : pbkdf2_##id##_salt, sizeof(pbkdf2_##id##_salt), \
593 pbkdf2_##id##_iteration_count, \
594 pbkdf2_##id##_dkm, sizeof(pbkdf2_##id##_dkm), \
595 }
596#define _TO_STR(n) #n
597#define TO_STR(n) _TO_STR(n)
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]598#define RFC6070_TEST(l, n) \
599 TEST_PBKDF2_DATA(l, "RFC 6070 " TO_STR(n) " (HMAC-SHA1)", \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]600 TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY, n, false)
601 static struct pbkdf2_case {
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]602 unsigned int level;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]603 const char *subcase_name;
604 uint32_t algo;
605 const uint8_t *password;
606 size_t password_len;
607 const uint8_t *salt;
608 size_t salt_len;
609 uint32_t iteration_count;
610 const uint8_t *dkm;
611 size_t dkm_len;
612 } pbkdf2_cases[] = {
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]613 RFC6070_TEST(0, 1), RFC6070_TEST(0, 2), RFC6070_TEST(0, 3),
614 RFC6070_TEST(15, 4), /* Lengthy! (2 min on HiKey @1.2GHz) */
615 RFC6070_TEST(0, 5), RFC6070_TEST(0, 6)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]616 };
617 size_t max_size = 2048;
618
619 for (n = 0; n < sizeof(pbkdf2_cases) / sizeof(struct pbkdf2_case); n++) {
620 TEE_OperationHandle op;
621 TEE_ObjectHandle key_handle;
622 TEE_ObjectHandle sv_handle;
623 TEE_Attribute params[4];
624 size_t param_count = 0;
625 uint8_t out[2048];
626 size_t out_size;
627 const struct pbkdf2_case *pc = &pbkdf2_cases[n];
628
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]629 if (pc->level > level)
630 continue;
631
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]632 Do_ADBG_BeginSubCase(c, "PBKDF2 %s", pc->subcase_name);
633 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
634 ta_crypt_cmd_allocate_operation(c, session, &op,
635 pc->algo, TEE_MODE_DERIVE, max_size)))
636 goto out;
637
638 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
639 ta_crypt_cmd_allocate_transient_object(c, session,
640 TEE_TYPE_PBKDF2_PASSWORD, max_size,
641 &key_handle)))
642 goto out;
643
644 xtest_add_attr(&param_count, params, TEE_ATTR_PBKDF2_PASSWORD,
645 pc->password, pc->password_len);
646
647 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
648 ta_crypt_cmd_populate_transient_object(c, session,
649 key_handle, params, param_count)))
650 goto out;
651
652 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
653 ta_crypt_cmd_set_operation_key(c, session, op,
654 key_handle)))
655 goto out;
656
657 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
658 ta_crypt_cmd_free_transient_object(c, session,
659 key_handle)))
660 goto out;
661
662 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
663 ta_crypt_cmd_allocate_transient_object(c, session,
664 TEE_TYPE_GENERIC_SECRET, pc->dkm_len * 8,
665 &sv_handle)))
666 goto out;
667
668 param_count = 0;
669
670 if (pc->salt)
671 xtest_add_attr(&param_count, params,
672 TEE_ATTR_PBKDF2_SALT, pc->salt,
673 pc->salt_len);
674
675 params[param_count].attributeID = TEE_ATTR_PBKDF2_DKM_LENGTH;
676 params[param_count].content.value.a = pc->dkm_len;
677 params[param_count].content.value.b = 0;
678 param_count++;
679
680 params[param_count].attributeID =
681 TEE_ATTR_PBKDF2_ITERATION_COUNT;
682 params[param_count].content.value.a = pc->iteration_count;
683 params[param_count].content.value.b = 0;
684 param_count++;
685
686 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
687 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
688 params, param_count)))
689 goto out;
690
691 out_size = sizeof(out);
692 memset(out, 0, sizeof(out));
693 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
694 ta_crypt_cmd_get_object_buffer_attribute(c, session,
695 sv_handle, TEE_ATTR_SECRET_VALUE, out, &out_size)))
696 goto out;
697
698 if (!ADBG_EXPECT_BUFFER(c, pc->dkm, pc->dkm_len, out, out_size))
699 goto out;
700
701 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
702 ta_crypt_cmd_free_operation(c, session, op)))
703 goto out;
704
705 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
706 ta_crypt_cmd_free_transient_object(c, session,
707 sv_handle)))
708 goto out;
709out:
710 Do_ADBG_EndSubCase(c, "PBKDF2 %s", pc->subcase_name);
711 }
712}
713#endif /* WITH_PBKDF2 */
714
715static TEEC_Result enc_fs_km_self_test(TEEC_Session *sess)
716{
717 TEEC_Operation op;
718 TEEC_Result res;
719 uint32_t org;
720
721 memset(&op, 0, sizeof(op));
722 res = TEEC_InvokeCommand(sess, CMD_SELF_TESTS, &op, &org);
723 return res;
724}
725
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame^]726static void xtest_tee_test_8001(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]727{
728 TEEC_Session session = { 0 };
729 uint32_t ret_orig;
730
731 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
732 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
733 &ret_orig)))
734 return;
735
736#ifdef WITH_HKDF
737 xtest_test_derivation_hkdf(c, &session);
738#endif
739#ifdef WITH_CONCAT_KDF
740 xtest_test_derivation_concat_kdf(c, &session);
741#endif
742#ifdef WITH_PBKDF2
743 xtest_test_derivation_pbkdf2(c, &session);
744#endif
745
746 TEEC_CloseSession(&session);
747}
748
749/* secure storage key manager self test */
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame^]750static void xtest_tee_test_8002(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]751{
752 TEEC_Result res;
753 TEEC_Session sess;
754 uint32_t orig;
755
756 res = xtest_teec_open_session(&sess,
757 &enc_fs_key_manager_test_ta_uuid,
758 NULL, &orig);
759 if (res != TEEC_SUCCESS) {
760 Do_ADBG_Log("Ignore test due to TA does not exist");
761 return;
762 }
763
764 if (!ADBG_EXPECT_TEEC_SUCCESS(
765 c, enc_fs_km_self_test(&sess)))
766 goto exit;
767
768exit:
769 TEEC_CloseSession(&sess);
770}