TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / e4ec9e4aca080e361fa48d713d3b1cf05f85ad20 / . / host / xtest / regression_8000.c
blob: cd620228a4a4118d10bb8acceef8af07cee6acd8 [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, Linaro Limited
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13#include "xtest_test.h"
14#include "xtest_helpers.h"
15
16#include <tee_api_types.h>
17#include <tee_api_defines_extensions.h>
18#include <utee_defines.h>
19#include <string.h>
20#include <enc_fs_key_manager_test.h>
21
22#define WITH_HKDF 1
23#define WITH_CONCAT_KDF 1
24#define WITH_PBKDF2 1
25
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]26/*
27 * HKDF test data from RFC 5869
28 */
29
30/* A.1 SHA-256 */
31
32static const uint8_t hkdf_a1_ikm[] = {
33 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
34 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
35 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
36};
37
38static const uint8_t hkdf_a1_salt[] = {
39 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
40 0x08, 0x09, 0x0a, 0x0b, 0x0c
41};
42
43static const uint8_t hkdf_a1_info[] = {
44 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
45 0xf8, 0xf9
46};
47
48static const uint8_t hkdf_a1_okm[] = {
49 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
50 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
51 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
52 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
53 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
54 0x58, 0x65
55};
56
57/* A.2 SHA-256 */
58static const uint8_t hkdf_a2_ikm[] = {
59 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
60 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
61 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
62 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
63 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
64 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
65 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
66 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
67 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
68 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
69};
70
71static const uint8_t hkdf_a2_salt[] = {
72 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
73 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
74 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
75 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
76 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
77 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
78 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
79 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
80 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
81 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
82};
83
84static const uint8_t hkdf_a2_info[] = {
85 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
86 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
87 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
88 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
89 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
90 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
91 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
92 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
93 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
94 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
95};
96
97static const uint8_t hkdf_a2_okm[] = {
98 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
99 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
100 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
101 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
102 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
103 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
104 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
105 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
106 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
107 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
108 0x1d, 0x87
109};
110
111/* A.3 SHA-256 */
112#define hkdf_a3_ikm hkdf_a1_ikm
113static const uint8_t hkdf_a3_salt[] = {};
114
115static const uint8_t hkdf_a3_info[] = {};
116
117static const uint8_t hkdf_a3_okm[] = {
118 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
119 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
120 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
121 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
122 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
123 0x96, 0xc8
124};
125
126/* A.4 SHA-1 */
127static const uint8_t hkdf_a4_ikm[] = {
128 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
129 0x0b, 0x0b, 0x0b
130};
131
132static const uint8_t hkdf_a4_salt[] = {
133 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
134 0x08, 0x09, 0x0a, 0x0b, 0x0c
135};
136
137static const uint8_t hkdf_a4_info[] = {
138 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
139 0xf8, 0xf9
140};
141
142static const uint8_t hkdf_a4_okm[] = {
143 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
144 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
145 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
146 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
147 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
148 0xf8, 0x96
149};
150
151/* A.5 SHA-1 */
152#define hkdf_a5_ikm hkdf_a2_ikm
153#define hkdf_a5_salt hkdf_a2_salt
154#define hkdf_a5_info hkdf_a2_info
155static const uint8_t hkdf_a5_okm[] = {
156 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
157 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
158 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
159 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
160 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
161 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
162 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
163 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
164 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
165 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
166 0xd3, 0xb4
167};
168
169/* A.6 SHA-1 */
170#define hkdf_a6_ikm hkdf_a1_ikm
171static const uint8_t hkdf_a6_salt[] = {};
172
173static const uint8_t hkdf_a6_info[] = {};
174
175static const uint8_t hkdf_a6_okm[] = {
176 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
177 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
178 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
179 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
180 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
181 0x49, 0x18
182};
183
184/* A.7 SHA-1 */
185static const uint8_t hkdf_a7_ikm[] = {
186 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
187 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
188 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
189};
190
191static const uint8_t hkdf_a7_salt[] = {};
192
193static const uint8_t hkdf_a7_info[] = {};
194
195static const uint8_t hkdf_a7_okm[] = {
196 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
197 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
198 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
199 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
200 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
201 0xfc, 0x48
202};
203
204/*
205 * Concat KDF (NIST SP 800-56A R1)
206 *
207 * Test vector from:
208 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37
209 * appendix C
210 */
211static const uint8_t concat_kdf_1_z[] = {
212 158, 86, 217, 29, 129, 113, 53, 211,
213 114, 131, 66, 131, 191, 132, 38, 156,
214 251, 49, 110, 163, 218, 128, 106, 72,
215 246, 218, 167, 121, 140, 254, 144, 196
216};
217
218static const uint8_t concat_kdf_1_other_info[] = {
219 0, 0, 0, 7, 65, 49, 50, 56,
220 71, 67, 77, 0, 0, 0, 5, 65,
221 108, 105, 99, 101, 0, 0, 0, 3,
222 66, 111, 98, 0, 0, 0, 128
223};
224
225static const uint8_t concat_kdf_1_derived_key[] = {
226 86, 170, 141, 234, 248, 35, 109, 32,
227 92, 34, 40, 205, 113, 167, 16, 26
228};
229
230/*
231 * PKCS #5 2.0 / RFC 2898 Key Derivation Function 2 (PBKDF2)
232 * Test vectors from RFC 6070 https://www.ietf.org/rfc/rfc6070.txt
233 */
234
235/* 1 */
236static const uint8_t pbkdf2_1_password[] = {
237 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
238};
239
240static const uint8_t pbkdf2_1_salt[] = {
241 's', 'a', 'l', 't'
242};
243
244#define pbkdf2_1_iteration_count 1
245static const uint8_t pbkdf2_1_dkm[] = {
246 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
247 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
248 0x2f, 0xe0, 0x37, 0xa6
249};
250
251/* 2 */
252#define pbkdf2_2_password pbkdf2_1_password
253#define pbkdf2_2_salt pbkdf2_1_salt
254#define pbkdf2_2_iteration_count 2
255static const uint8_t pbkdf2_2_dkm[] = {
256 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
257 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
258 0xd8, 0xde, 0x89, 0x57
259};
260
261/* 3 */
262#define pbkdf2_3_password pbkdf2_1_password
263#define pbkdf2_3_salt pbkdf2_1_salt
264#define pbkdf2_3_iteration_count 4096
265static const uint8_t pbkdf2_3_dkm[] = {
266 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
267 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
268 0x65, 0xa4, 0x29, 0xc1
269};
270
271/* 4 */
272#define pbkdf2_4_password pbkdf2_1_password
273#define pbkdf2_4_salt pbkdf2_1_salt
274#define pbkdf2_4_iteration_count 16777216
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]275static const uint8_t pbkdf2_4_dkm[] = {
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]276 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
277 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
278 0x26, 0x34, 0xe9, 0x84
279};
280
281/* 5 */
282static const uint8_t pbkdf2_5_password[] = {
283 'p', 'a', 's', 's', 'w', 'o', 'r', 'd',
284 'P', 'A', 'S', 'S', 'W', 'O', 'R', 'D',
285 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
286};
287
288static const uint8_t pbkdf2_5_salt[] = {
289 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
290 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
291 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
292 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
293 's', 'a', 'l', 't'
294};
295
296#define pbkdf2_5_iteration_count 4096
297static const uint8_t pbkdf2_5_dkm[] = {
298 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
299 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
300 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
301 0x38
302};
303
304/* 6 */
305static const uint8_t pbkdf2_6_password[] = {
306 'p', 'a', 's', 's', '\0', 'w', 'o', 'r',
307 'd',
308};
309
310static const uint8_t pbkdf2_6_salt[] = {
311 's', 'a', '\0', 'l', 't'
312};
313
314#define pbkdf2_6_iteration_count 4096
315static const uint8_t pbkdf2_6_dkm[] = {
316 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
317 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
318};
319
320#ifdef WITH_HKDF
321static void xtest_test_derivation_hkdf(ADBG_Case_t *c, TEEC_Session *session)
322{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]323 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]324#define TEST_HKDF_DATA(section, algo, id, oeb /* omit empty bufs */) \
325 { \
326 section, algo, \
327 hkdf_##id##_ikm, sizeof(hkdf_##id##_ikm), \
328 (oeb && !sizeof(hkdf_##id##_salt)) ? NULL : hkdf_##id##_salt, sizeof(hkdf_##id##_salt), \
329 (oeb && !sizeof(hkdf_##id##_info)) ? NULL : hkdf_##id##_info, sizeof(hkdf_##id##_info), \
330 hkdf_##id##_okm, sizeof(hkdf_##id##_okm), \
331 }
332 static struct hkdf_case {
333 const char *subcase_name;
334 uint32_t algo;
335 const uint8_t *ikm;
336 size_t ikm_len;
337 const uint8_t *salt;
338 size_t salt_len;
339 const uint8_t *info;
340 size_t info_len;
341 const uint8_t *okm;
342 size_t okm_len;
343 } hkdf_cases[] = {
344 TEST_HKDF_DATA("A.1 (SHA-256)",
345 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a1, false),
346 TEST_HKDF_DATA("A.2 (SHA-256)",
347 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a2, false),
348 TEST_HKDF_DATA("A.3 (SHA-256) [1]",
349 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, false),
350 TEST_HKDF_DATA("A.3 (SHA-256) [2]",
351 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, true),
352 TEST_HKDF_DATA("A.4 (SHA-1)",
353 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a4, false),
354 TEST_HKDF_DATA("A.5 (SHA-1)",
355 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a5, false),
356 TEST_HKDF_DATA("A.6 (SHA-1) [1]",
357 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, false),
358 TEST_HKDF_DATA("A.6 (SHA-1) [2]",
359 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, true),
360 TEST_HKDF_DATA("A.7 (SHA-1) [1]",
361 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, false),
362 TEST_HKDF_DATA("A.7 (SHA-1) [2]",
363 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, true),
364 };
365 size_t max_size = 2048;
366
367 for (n = 0; n < sizeof(hkdf_cases) / sizeof(struct hkdf_case); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]368 TEE_OperationHandle op = TEE_HANDLE_NULL;
369 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
370 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
371 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]372 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]373 uint8_t out[2048] = { };
374 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]375 const struct hkdf_case *hc = &hkdf_cases[n];
376
377 Do_ADBG_BeginSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
378
379 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
380 ta_crypt_cmd_allocate_operation(c, session, &op,
381 hc->algo, TEE_MODE_DERIVE, max_size)))
382 goto out;
383
384 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
385 ta_crypt_cmd_allocate_transient_object(c, session,
386 TEE_TYPE_HKDF_IKM, max_size, &key_handle)))
387 goto out;
388
389 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_IKM, hc->ikm,
390 hc->ikm_len);
391
392 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
393 ta_crypt_cmd_populate_transient_object(c, session,
394 key_handle, params, param_count)))
395 goto out;
396
397 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
398 ta_crypt_cmd_set_operation_key(c, session, op,
399 key_handle)))
400 goto out;
401
402 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
403 ta_crypt_cmd_free_transient_object(c, session,
404 key_handle)))
405 goto out;
406
407 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
408 ta_crypt_cmd_allocate_transient_object(c, session,
409 TEE_TYPE_GENERIC_SECRET, hc->okm_len * 8,
410 &sv_handle)))
411 goto out;
412
413 param_count = 0;
414
415 if (hc->salt)
416 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_SALT,
417 hc->salt, hc->salt_len);
418 if (hc->info)
419 xtest_add_attr(&param_count, params, TEE_ATTR_HKDF_INFO,
420 hc->info, hc->info_len);
421
422 params[param_count].attributeID = TEE_ATTR_HKDF_OKM_LENGTH;
423 params[param_count].content.value.a = hc->okm_len;
424 params[param_count].content.value.b = 0;
425 param_count++;
426
427 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
428 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
429 params, param_count)))
430 goto out;
431
432 out_size = sizeof(out);
433 memset(out, 0, sizeof(out));
434 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
435 ta_crypt_cmd_get_object_buffer_attribute(c, session,
436 sv_handle, TEE_ATTR_SECRET_VALUE, out,
437 &out_size)))
438 goto out;
439
440 if (!ADBG_EXPECT_BUFFER(c, hc->okm, hc->okm_len, out, out_size))
441 goto out;
442
443 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
444 ta_crypt_cmd_free_operation(c, session, op)))
445 goto out;
446
447 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
448 ta_crypt_cmd_free_transient_object(c, session,
449 sv_handle)))
450 goto out;
451 out:
452 Do_ADBG_EndSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
453 }
454}
455#endif /* WITH_HKDF */
456
457#ifdef WITH_CONCAT_KDF
458static void xtest_test_derivation_concat_kdf(ADBG_Case_t *c, TEEC_Session *session)
459{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]460 size_t n = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]461#define TEST_CONCAT_KDF_DATA(name, algo, id, oeb /* omit empty bufs */) \
462 { \
463 name, algo, \
464 concat_kdf_##id##_z, sizeof(concat_kdf_##id##_z), \
465 (oeb && !sizeof(concat_kdf_##id##_other_info)) ? NULL \
466 : concat_kdf_##id##_other_info, \
467 sizeof(concat_kdf_##id##_other_info), \
468 concat_kdf_##id##_derived_key, sizeof(concat_kdf_##id##_derived_key), \
469 }
470 static struct concat_kdf_case {
471 const char *subcase_name;
472 uint32_t algo;
473 const uint8_t *shared_secret;
474 size_t shared_secret_len;
475 const uint8_t *other_info;
476 size_t other_info_len;
477 const uint8_t *derived_key;
478 size_t derived_key_len;
479 } concat_kdf_cases[] = {
480 TEST_CONCAT_KDF_DATA("JWA-37 C (SHA-256)",
481 TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY, 1, false),
482 };
483 size_t max_size = 2048;
484
485 for (n = 0;
486 n < sizeof(concat_kdf_cases) / sizeof(struct concat_kdf_case);
487 n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]488 TEE_OperationHandle op = TEE_HANDLE_NULL;
489 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
490 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
491 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]492 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]493 uint8_t out[2048] = { };
494 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]495 const struct concat_kdf_case *cc = &concat_kdf_cases[n];
496
497 Do_ADBG_BeginSubCase(c, "Concat KDF %s", cc->subcase_name);
498
499 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
500 ta_crypt_cmd_allocate_operation(c, session, &op,
501 cc->algo, TEE_MODE_DERIVE, max_size)))
502 goto out;
503
504 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
505 ta_crypt_cmd_allocate_transient_object(c, session,
506 TEE_TYPE_CONCAT_KDF_Z, max_size, &key_handle)))
507 goto out;
508
509 xtest_add_attr(&param_count, params, TEE_ATTR_CONCAT_KDF_Z,
510 cc->shared_secret, cc->shared_secret_len);
511
512 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
513 ta_crypt_cmd_populate_transient_object(c, session,
514 key_handle, params, param_count)))
515 goto out;
516
517 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
518 ta_crypt_cmd_set_operation_key(c, session, op,
519 key_handle)))
520 goto out;
521
522 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
523 ta_crypt_cmd_free_transient_object(c, session,
524 key_handle)))
525 goto out;
526
527 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
528 ta_crypt_cmd_allocate_transient_object(c, session,
529 TEE_TYPE_GENERIC_SECRET, cc->derived_key_len *
530 8, &sv_handle)))
531 goto out;
532
533 param_count = 0;
534
535 if (cc->other_info)
536 xtest_add_attr(&param_count, params,
537 TEE_ATTR_CONCAT_KDF_OTHER_INFO,
538 cc->other_info, cc->other_info_len);
539
540 params[param_count].attributeID = TEE_ATTR_CONCAT_KDF_DKM_LENGTH;
541 params[param_count].content.value.a = cc->derived_key_len;
542 params[param_count].content.value.b = 0;
543 param_count++;
544
545 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
546 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
547 params, param_count)))
548 goto out;
549
550 out_size = sizeof(out);
551 memset(out, 0, sizeof(out));
552 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
553 ta_crypt_cmd_get_object_buffer_attribute(c, session,
554 sv_handle, TEE_ATTR_SECRET_VALUE, out,
555 &out_size)))
556 goto out;
557
558 if (!ADBG_EXPECT_BUFFER(c, cc->derived_key, cc->derived_key_len,
559 out, out_size))
560 goto out;
561
562 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
563 ta_crypt_cmd_free_operation(c, session, op)))
564 goto out;
565
566 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
567 ta_crypt_cmd_free_transient_object(c, session,
568 sv_handle)))
569 goto out;
570out:
571 Do_ADBG_EndSubCase(c, "Concat KDF %s", cc->subcase_name);
572 }
573}
574#endif /* WITH_CONCAT_KDF */
575
576#ifdef WITH_PBKDF2
577static void xtest_test_derivation_pbkdf2(ADBG_Case_t *c, TEEC_Session *session)
578{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]579 size_t n = 0;
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]580#define TEST_PBKDF2_DATA(level, section, algo, id, oeb /* omit empty bufs */) \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]581 { \
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]582 level, section, algo, \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]583 pbkdf2_##id##_password, sizeof(pbkdf2_##id##_password), \
584 (oeb && !sizeof(pbkdf2_##id##_salt)) ? NULL : pbkdf2_##id##_salt, sizeof(pbkdf2_##id##_salt), \
585 pbkdf2_##id##_iteration_count, \
586 pbkdf2_##id##_dkm, sizeof(pbkdf2_##id##_dkm), \
587 }
588#define _TO_STR(n) #n
589#define TO_STR(n) _TO_STR(n)
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]590#define RFC6070_TEST(l, n) \
591 TEST_PBKDF2_DATA(l, "RFC 6070 " TO_STR(n) " (HMAC-SHA1)", \
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]592 TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY, n, false)
593 static struct pbkdf2_case {
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]594 unsigned int level;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]595 const char *subcase_name;
596 uint32_t algo;
597 const uint8_t *password;
598 size_t password_len;
599 const uint8_t *salt;
600 size_t salt_len;
601 uint32_t iteration_count;
602 const uint8_t *dkm;
603 size_t dkm_len;
604 } pbkdf2_cases[] = {
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]605 RFC6070_TEST(0, 1), RFC6070_TEST(0, 2), RFC6070_TEST(0, 3),
606 RFC6070_TEST(15, 4), /* Lengthy! (2 min on HiKey @1.2GHz) */
607 RFC6070_TEST(0, 5), RFC6070_TEST(0, 6)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]608 };
609 size_t max_size = 2048;
610
611 for (n = 0; n < sizeof(pbkdf2_cases) / sizeof(struct pbkdf2_case); n++) {
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]612 TEE_OperationHandle op = TEE_HANDLE_NULL;
613 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
614 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
615 TEE_Attribute params[4] = { };
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]616 size_t param_count = 0;
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]617 uint8_t out[2048] = { };
618 size_t out_size = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]619 const struct pbkdf2_case *pc = &pbkdf2_cases[n];
620
Jerome Forissierba271a62017-02-06 13:18:55 +0100[diff] [blame]621 if (pc->level > level)
622 continue;
623
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]624 Do_ADBG_BeginSubCase(c, "PBKDF2 %s", pc->subcase_name);
625 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
626 ta_crypt_cmd_allocate_operation(c, session, &op,
627 pc->algo, TEE_MODE_DERIVE, max_size)))
628 goto out;
629
630 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
631 ta_crypt_cmd_allocate_transient_object(c, session,
632 TEE_TYPE_PBKDF2_PASSWORD, max_size,
633 &key_handle)))
634 goto out;
635
636 xtest_add_attr(&param_count, params, TEE_ATTR_PBKDF2_PASSWORD,
637 pc->password, pc->password_len);
638
639 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
640 ta_crypt_cmd_populate_transient_object(c, session,
641 key_handle, params, param_count)))
642 goto out;
643
644 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
645 ta_crypt_cmd_set_operation_key(c, session, op,
646 key_handle)))
647 goto out;
648
649 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
650 ta_crypt_cmd_free_transient_object(c, session,
651 key_handle)))
652 goto out;
653
654 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
655 ta_crypt_cmd_allocate_transient_object(c, session,
656 TEE_TYPE_GENERIC_SECRET, pc->dkm_len * 8,
657 &sv_handle)))
658 goto out;
659
660 param_count = 0;
661
662 if (pc->salt)
663 xtest_add_attr(&param_count, params,
664 TEE_ATTR_PBKDF2_SALT, pc->salt,
665 pc->salt_len);
666
667 params[param_count].attributeID = TEE_ATTR_PBKDF2_DKM_LENGTH;
668 params[param_count].content.value.a = pc->dkm_len;
669 params[param_count].content.value.b = 0;
670 param_count++;
671
672 params[param_count].attributeID =
673 TEE_ATTR_PBKDF2_ITERATION_COUNT;
674 params[param_count].content.value.a = pc->iteration_count;
675 params[param_count].content.value.b = 0;
676 param_count++;
677
678 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
679 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
680 params, param_count)))
681 goto out;
682
683 out_size = sizeof(out);
684 memset(out, 0, sizeof(out));
685 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
686 ta_crypt_cmd_get_object_buffer_attribute(c, session,
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]687 sv_handle, TEE_ATTR_SECRET_VALUE,
688 out, &out_size)))
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]689 goto out;
690
691 if (!ADBG_EXPECT_BUFFER(c, pc->dkm, pc->dkm_len, out, out_size))
692 goto out;
693
694 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
695 ta_crypt_cmd_free_operation(c, session, op)))
696 goto out;
697
698 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
699 ta_crypt_cmd_free_transient_object(c, session,
700 sv_handle)))
701 goto out;
702out:
703 Do_ADBG_EndSubCase(c, "PBKDF2 %s", pc->subcase_name);
704 }
705}
706#endif /* WITH_PBKDF2 */
707
708static TEEC_Result enc_fs_km_self_test(TEEC_Session *sess)
709{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]710 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
711 TEEC_Result res = TEEC_ERROR_GENERIC;
712 uint32_t org = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]713
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]714 res = TEEC_InvokeCommand(sess, CMD_SELF_TESTS, &op, &org);
715 return res;
716}
717
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame]718static void xtest_tee_test_8001(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]719{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]720 TEEC_Session session = { };
721 uint32_t ret_orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]722
723 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
724 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
725 &ret_orig)))
726 return;
727
728#ifdef WITH_HKDF
729 xtest_test_derivation_hkdf(c, &session);
730#endif
731#ifdef WITH_CONCAT_KDF
732 xtest_test_derivation_concat_kdf(c, &session);
733#endif
734#ifdef WITH_PBKDF2
735 xtest_test_derivation_pbkdf2(c, &session);
736#endif
737
738 TEEC_CloseSession(&session);
739}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]740ADBG_CASE_DEFINE(regression, 8001, xtest_tee_test_8001,
741 "Test TEE Internal API key derivation extensions");
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]742
743/* secure storage key manager self test */
Jens Wiklandercd0186b2017-04-05 11:34:22 +0200[diff] [blame]744static void xtest_tee_test_8002(ADBG_Case_t *c)
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]745{
Etienne Carrieree4ec9e42019-03-28 13:30:21 +0100[diff] [blame^]746 TEEC_Result res = TEEC_ERROR_GENERIC;
747 TEEC_Session sess = { };
748 uint32_t orig = 0;
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]749
750 res = xtest_teec_open_session(&sess,
751 &enc_fs_key_manager_test_ta_uuid,
752 NULL, &orig);
753 if (res != TEEC_SUCCESS) {
754 Do_ADBG_Log("Ignore test due to TA does not exist");
755 return;
756 }
757
758 if (!ADBG_EXPECT_TEEC_SUCCESS(
759 c, enc_fs_km_self_test(&sess)))
760 goto exit;
761
762exit:
763 TEEC_CloseSession(&sess);
764}
Jens Wiklander14f48872018-06-29 15:30:13 +0200[diff] [blame]765ADBG_CASE_DEFINE(regression, 8002, xtest_tee_test_8002,
766 "Secure Storage Key Manager API Self Test");