TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / e61133ff26979bae46c7b608b338e9fcfaf652a8 / . / host / xtest / xtest_4000.c
blob: d2ac225f0ee582b4ab807de39218bf9d6b6080f6 [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, STMicroelectronics International N.V.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License Version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 */
13
14#include <stdio.h>
15#include <string.h>
16#include <inttypes.h>
17#include <malloc.h>
18
19#include "xtest_test.h"
20#include "xtest_helpers.h"
21
22#include <tee_api_types.h>
23#include <ta_crypt.h>
24#include <utee_defines.h>
25#include <util.h>
26
27#include <xtest_4000_data.h>
28
29#include <assert.h>
30
31static void xtest_tee_test_4001(ADBG_Case_t *Case_p);
32static void xtest_tee_test_4002(ADBG_Case_t *Case_p);
33static void xtest_tee_test_4003_no_xts(ADBG_Case_t *Case_p);
34static void xtest_tee_test_4003_xts(ADBG_Case_t *Case_p);
35static void xtest_tee_test_4004(ADBG_Case_t *Case_p);
36static void xtest_tee_test_4005(ADBG_Case_t *Case_p);
37static void xtest_tee_test_4006(ADBG_Case_t *Case_p);
38static void xtest_tee_test_4007(ADBG_Case_t *Case_p);
39static void xtest_tee_test_4008(ADBG_Case_t *Case_p);
40
41ADBG_CASE_DEFINE(XTEST_TEE_4001, xtest_tee_test_4001,
42 /* Title */
43 "Test TEE Internal API hash operations",
44 /* Short description */
45 "Short description ...",
46 /* Requirement IDs */
47 "TEE-??",
48 /* How to implement */
49 "Description of how to implement ..."
50 );
51
52ADBG_CASE_DEFINE(XTEST_TEE_4002, xtest_tee_test_4002,
53 /* Title */
54 "Test TEE Internal API MAC operations",
55 /* Short description */
56 "Short description ...",
57 /* Requirement IDs */
58 "TEE-??",
59 /* How to implement */
60 "Description of how to implement ..."
61 );
62
63ADBG_CASE_DEFINE(XTEST_TEE_4003_NO_XTS, xtest_tee_test_4003_no_xts,
64 /* Title */
65 "Test TEE Internal API cipher operations without AES XTS",
66 /* Short description */
67 "Short description ...",
68 /* Requirement IDs */
69 "TEE-??",
70 /* How to implement */
71 "Description of how to implement ..."
72 );
73
74ADBG_CASE_DEFINE(XTEST_TEE_4003_XTS, xtest_tee_test_4003_xts,
75 /* Title */
76 "Test TEE Internal API cipher operations for AES XTS",
77 /* Short description */
78 "Short description ...",
79 /* Requirement IDs */
80 "TEE-??",
81 /* How to implement */
82 "Description of how to implement ..."
83 );
84
85ADBG_CASE_DEFINE(XTEST_TEE_4004, xtest_tee_test_4004,
86 /* Title */
87 "Test TEE Internal API get random",
88 /* Short description */
89 "Short description ...",
90 /* Requirement IDs */
91 "TEE-??",
92 /* How to implement */
93 "Description of how to implement ..."
94 );
95
96ADBG_CASE_DEFINE(XTEST_TEE_4005, xtest_tee_test_4005,
97 /* Title */
98 "Test TEE Internal API Authenticated Encryption operations",
99 /* Short description */
100 "Short description ...",
101 /* Requirement IDs */
102 "TEE-??",
103 /* How to implement */
104 "Description of how to implement ..."
105 );
106
107ADBG_CASE_DEFINE(XTEST_TEE_4006, xtest_tee_test_4006,
108 /* Title */
109 "Test TEE Internal API Asymmetric Cipher operations",
110 /* Short description */
111 "Short description ...",
112 /* Requirement IDs */
113 "TEE-??",
114 /* How to implement */
115 "Description of how to implement ..."
116 );
117
118ADBG_CASE_DEFINE(XTEST_TEE_4007, xtest_tee_test_4007,
119 /* Title */
120 "Test TEE Internal API Generate key",
121 /* Short description */
122 "Short description ...",
123 /* Requirement IDs */
124 "TEE-??",
125 /* How to implement */
126 "Description of how to implement ..."
127 );
128
129ADBG_CASE_DEFINE(XTEST_TEE_4008, xtest_tee_test_4008,
130 /* Title */
131 "Test TEE Internal API Derive key",
132 /* Short description */
133 "Short description ...",
134 /* Requirement IDs */
135 "TEE-??",
136 /* How to implement */
137 "Description of how to implement ..."
138 );
139
140static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
141 TEEC_Session *s,
142 void *buf, size_t blen);
143
144static TEEC_Result ta_crypt_cmd_reset_operation(ADBG_Case_t *c, TEEC_Session *s,
145 TEE_OperationHandle oph)
146{
147 TEEC_Result res;
148 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
149 uint32_t ret_orig;
150
151 assert((uintptr_t)oph <= UINT32_MAX);
152 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
153 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
154 TEEC_NONE);
155 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RESET_OPERATION, &op,
156 &ret_orig);
157 if (res != TEEC_SUCCESS) {
158 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
159 ret_orig);
160 }
161 return res;
162}
163
164static TEEC_Result ta_crypt_cmd_copy_operation(ADBG_Case_t *c,
165 TEEC_Session *s,
166 TEE_OperationHandle dst_oph,
167 TEE_OperationHandle src_oph)
168{
169 TEEC_Result res;
170 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
171 uint32_t ret_orig;
172
173 assert((uintptr_t)dst_oph <= UINT32_MAX);
174 op.params[0].value.a = (uint32_t)(uintptr_t)dst_oph;
175
176 assert((uintptr_t)src_oph <= UINT32_MAX);
177 op.params[0].value.b = (uint32_t)(uintptr_t)src_oph;
178 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE, TEEC_NONE,
179 TEEC_NONE);
180
181 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_COPY_OPERATION, &op,
182 &ret_orig);
183
184 if (res != TEEC_SUCCESS) {
185 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
186 ret_orig);
187 }
188 return res;
189}
190
191static TEEC_Result ta_crypt_cmd_digest_update(ADBG_Case_t *c, TEEC_Session *s,
192 TEE_OperationHandle oph,
193 const void *chunk,
194 size_t chunk_size)
195{
196 TEEC_Result res;
197 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
198 uint32_t ret_orig;
199
200 assert((uintptr_t)oph <= UINT32_MAX);
201 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
202 op.params[1].tmpref.buffer = (void *)chunk;
203 op.params[1].tmpref.size = chunk_size;
204
205 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
206 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
207 TEEC_NONE);
208
209 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_UPDATE, &op, &ret_orig);
210
211 if (res != TEEC_SUCCESS) {
212 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
213 ret_orig);
214 }
215
216 return res;
217}
218
219static TEEC_Result ta_crypt_cmd_digest_do_final(ADBG_Case_t *c, TEEC_Session *s,
220 TEE_OperationHandle oph,
221 const void *chunk,
222 size_t chunk_len, void *hash,
223 size_t *hash_len)
224{
225 TEEC_Result res;
226 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
227 uint32_t ret_orig;
228
229 assert((uintptr_t)oph <= UINT32_MAX);
230 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
231
232 op.params[1].tmpref.buffer = (void *)chunk;
233 op.params[1].tmpref.size = chunk_len;
234
235 op.params[2].tmpref.buffer = (void *)hash;
236 op.params[2].tmpref.size = *hash_len;
237
238 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
239 TEEC_MEMREF_TEMP_INPUT,
240 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
241
242 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_DIGEST_DO_FINAL, &op,
243 &ret_orig);
244
245 if (res != TEEC_SUCCESS) {
246 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
247 ret_orig);
248 }
249
250 if (res == TEEC_SUCCESS)
251 *hash_len = op.params[2].tmpref.size;
252
253 return res;
254}
255
256static TEE_Result ta_crypt_cmd_set_operation_key2(ADBG_Case_t *c,
257 TEEC_Session *s,
258 TEE_OperationHandle oph,
259 TEE_ObjectHandle key1,
260 TEE_ObjectHandle key2)
261{
262 TEEC_Result res;
263 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
264 uint32_t ret_orig;
265
266 assert((uintptr_t)oph <= UINT32_MAX);
267 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
268
269 assert((uintptr_t)key1 <= UINT32_MAX);
270 op.params[0].value.b = (uint32_t)(uintptr_t)key1;
271
272 assert((uintptr_t)key2 <= UINT32_MAX);
273 op.params[1].value.a = (uint32_t)(uintptr_t)key2;
274 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_INPUT,
275 TEEC_NONE, TEEC_NONE);
276
277 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_SET_OPERATION_KEY2, &op,
278 &ret_orig);
279
280 if (res != TEEC_SUCCESS) {
281 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
282 ret_orig);
283 }
284
285 return res;
286}
287
288static TEEC_Result ta_crypt_cmd_mac_init(ADBG_Case_t *c, TEEC_Session *s,
289 TEE_OperationHandle oph,
290 const void *iv, size_t iv_len)
291{
292 TEEC_Result res;
293 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
294 uint32_t ret_orig;
295
296 assert((uintptr_t)oph <= UINT32_MAX);
297 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
298
299 if (iv != NULL) {
300 op.params[1].tmpref.buffer = (void *)iv;
301 op.params[1].tmpref.size = iv_len;
302 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
303 TEEC_MEMREF_TEMP_INPUT,
304 TEEC_NONE, TEEC_NONE);
305 } else {
306 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
307 TEEC_NONE, TEEC_NONE);
308 }
309
310 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_INIT, &op, &ret_orig);
311
312 if (res != TEEC_SUCCESS) {
313 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
314 ret_orig);
315 }
316
317 return res;
318}
319
320static TEEC_Result ta_crypt_cmd_mac_update(ADBG_Case_t *c, TEEC_Session *s,
321 TEE_OperationHandle oph,
322 const void *chunk, size_t chunk_size)
323{
324 TEEC_Result res;
325 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
326 uint32_t ret_orig;
327
328 assert((uintptr_t)oph <= UINT32_MAX);
329 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
330
331 op.params[1].tmpref.buffer = (void *)chunk;
332 op.params[1].tmpref.size = chunk_size;
333
334 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
335 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
336 TEEC_NONE);
337
338 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_UPDATE, &op, &ret_orig);
339
340 if (res != TEEC_SUCCESS) {
341 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
342 ret_orig);
343 }
344
345 return res;
346}
347
348static TEEC_Result ta_crypt_cmd_mac_final_compute(ADBG_Case_t *c,
349 TEEC_Session *s,
350 TEE_OperationHandle oph,
351 const void *chunk,
352 size_t chunk_len,
353 void *hash,
354 size_t *hash_len)
355{
356 TEEC_Result res;
357 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
358 uint32_t ret_orig;
359
360 assert((uintptr_t)oph <= UINT32_MAX);
361 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
362
363 op.params[1].tmpref.buffer = (void *)chunk;
364 op.params[1].tmpref.size = chunk_len;
365
366 op.params[2].tmpref.buffer = (void *)hash;
367 op.params[2].tmpref.size = *hash_len;
368
369 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
370 TEEC_MEMREF_TEMP_INPUT,
371 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
372
373 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_MAC_FINAL_COMPUTE, &op,
374 &ret_orig);
375
376 if (res != TEEC_SUCCESS) {
377 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
378 ret_orig);
379 }
380
381 if (res == TEEC_SUCCESS)
382 *hash_len = op.params[2].tmpref.size;
383
384 return res;
385}
386
387static TEEC_Result ta_crypt_cmd_cipher_init(ADBG_Case_t *c, TEEC_Session *s,
388 TEE_OperationHandle oph,
389 const void *iv, size_t iv_len)
390{
391 TEEC_Result res;
392 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
393 uint32_t ret_orig;
394
395 assert((uintptr_t)oph <= UINT32_MAX);
396 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
397
398 if (iv != NULL) {
399 op.params[1].tmpref.buffer = (void *)iv;
400 op.params[1].tmpref.size = iv_len;
401
402 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
403 TEEC_MEMREF_TEMP_INPUT,
404 TEEC_NONE, TEEC_NONE);
405 } else {
406 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
407 TEEC_NONE, TEEC_NONE);
408 }
409
410 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_INIT, &op, &ret_orig);
411
412 if (res != TEEC_SUCCESS) {
413 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
414 ret_orig);
415 }
416
417 return res;
418}
419
420static TEEC_Result ta_crypt_cmd_cipher_update(ADBG_Case_t *c, TEEC_Session *s,
421 TEE_OperationHandle oph,
422 const void *src, size_t src_len,
423 void *dst, size_t *dst_len)
424{
425 TEEC_Result res;
426 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
427 uint32_t ret_orig;
428
429 assert((uintptr_t)oph <= UINT32_MAX);
430 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
431
432 op.params[1].tmpref.buffer = (void *)src;
433 op.params[1].tmpref.size = src_len;
434
435 op.params[2].tmpref.buffer = dst;
436 op.params[2].tmpref.size = *dst_len;
437
438 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
439 TEEC_MEMREF_TEMP_INPUT,
440 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
441
442 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_UPDATE, &op, &ret_orig);
443
444 if (res != TEEC_SUCCESS) {
445 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
446 ret_orig);
447 }
448
449 if (res == TEEC_SUCCESS)
450 *dst_len = op.params[2].tmpref.size;
451
452 return res;
453}
454
455static TEEC_Result ta_crypt_cmd_cipher_do_final(ADBG_Case_t *c,
456 TEEC_Session *s,
457 TEE_OperationHandle oph,
458 const void *src,
459 size_t src_len,
460 void *dst,
461 size_t *dst_len)
462{
463 TEEC_Result res;
464 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
465 uint32_t ret_orig;
466
467 assert((uintptr_t)oph <= UINT32_MAX);
468 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
469
470 op.params[1].tmpref.buffer = (void *)src;
471 op.params[1].tmpref.size = src_len;
472
473 op.params[2].tmpref.buffer = (void *)dst;
474 op.params[2].tmpref.size = *dst_len;
475
476 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
477 TEEC_MEMREF_TEMP_INPUT,
478 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
479
480 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_CIPHER_DO_FINAL, &op,
481 &ret_orig);
482
483 if (res != TEEC_SUCCESS) {
484 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
485 ret_orig);
486 }
487
488 if (res == TEEC_SUCCESS)
489 *dst_len = op.params[2].tmpref.size;
490
491 return res;
492}
493
494static TEEC_Result ta_crypt_cmd_random_number_generate(ADBG_Case_t *c,
495 TEEC_Session *s,
496 void *buf,
497 size_t blen)
498{
499 TEEC_Result res;
500 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
501 uint32_t ret_orig;
502
503 op.params[0].tmpref.buffer = buf;
504 op.params[0].tmpref.size = blen;
505
506 op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
507 TEEC_NONE, TEEC_NONE);
508
509 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_RANDOM_NUMBER_GENEREATE, &op,
510 &ret_orig);
511
512 if (res != TEEC_SUCCESS) {
513 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
514 ret_orig);
515 }
516
517 (void)ADBG_EXPECT_COMPARE_UNSIGNED(c, blen, ==,
518 op.params[0].tmpref.size);
519 return res;
520}
521
522static TEEC_Result ta_crypt_cmd_ae_init(ADBG_Case_t *c, TEEC_Session *s,
523 TEE_OperationHandle oph,
524 const void *nonce, size_t nonce_len,
525 size_t tag_len, size_t aad_len,
526 size_t payload_len)
527{
528 TEEC_Result res;
529 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
530 uint32_t ret_orig;
531
532 assert((uintptr_t)oph <= UINT32_MAX);
533 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
534 op.params[0].value.b = tag_len;
535
536 op.params[1].tmpref.buffer = (void *)nonce;
537 op.params[1].tmpref.size = nonce_len;
538
539 op.params[2].value.a = aad_len;
540 op.params[2].value.b = payload_len;
541
542 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
543 TEEC_MEMREF_TEMP_INPUT,
Jens Wiklander74a42302015-07-07 01:08:41 +0200[diff] [blame]544 TEEC_VALUE_INPUT, TEEC_NONE);
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]545
546 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_INIT, &op, &ret_orig);
547
548 if (res != TEEC_SUCCESS) {
549 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
550 ret_orig);
551 }
552 return res;
553}
554
555static TEEC_Result ta_crypt_cmd_ae_update_aad(ADBG_Case_t *c, TEEC_Session *s,
556 TEE_OperationHandle oph,
557 const void *aad, size_t aad_len)
558{
559 TEEC_Result res;
560 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
561 uint32_t ret_orig;
562
563 assert((uintptr_t)oph <= UINT32_MAX);
564 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
565
566 op.params[1].tmpref.buffer = (void *)aad;
567 op.params[1].tmpref.size = aad_len;
568
569 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
570 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
571 TEEC_NONE);
572
573 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE_AAD, &op, &ret_orig);
574
575 if (res != TEEC_SUCCESS) {
576 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
577 ret_orig);
578 }
579
580 return res;
581}
582
583static TEEC_Result ta_crypt_cmd_ae_update(ADBG_Case_t *c,
584 TEEC_Session *s,
585 TEE_OperationHandle oph,
586 const void *src,
587 size_t src_len,
588 void *dst,
589 size_t *dst_len)
590{
591 TEEC_Result res;
592 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
593 uint32_t ret_orig;
594
595 assert((uintptr_t)oph <= UINT32_MAX);
596 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
597
598 op.params[1].tmpref.buffer = (void *)src;
599 op.params[1].tmpref.size = src_len;
600
601 op.params[2].tmpref.buffer = (void *)dst;
602 op.params[2].tmpref.size = *dst_len;
603
604 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
605 TEEC_MEMREF_TEMP_INPUT,
606 TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE);
607
608 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_UPDATE, &op, &ret_orig);
609
610 if (res != TEEC_SUCCESS) {
611 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
612 ret_orig);
613 }
614
615 if (res == TEEC_SUCCESS)
616 *dst_len = op.params[2].tmpref.size;
617
618 return res;
619}
620
621static TEEC_Result ta_crypt_cmd_ae_encrypt_final(ADBG_Case_t *c,
622 TEEC_Session *s,
623 TEE_OperationHandle oph,
624 const void *src,
625 size_t src_len, void *dst,
626 size_t *dst_len, void *tag,
627 size_t *tag_len)
628{
629 TEEC_Result res;
630 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
631 uint32_t ret_orig;
632
633 assert((uintptr_t)oph <= UINT32_MAX);
634 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
635
636 op.params[1].tmpref.buffer = (void *)src;
637 op.params[1].tmpref.size = src_len;
638
639 op.params[2].tmpref.buffer = (void *)dst;
640 op.params[2].tmpref.size = *dst_len;
641
642 op.params[3].tmpref.buffer = (void *)tag;
643 op.params[3].tmpref.size = *tag_len;
644
645 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
646 TEEC_MEMREF_TEMP_INPUT,
647 TEEC_MEMREF_TEMP_OUTPUT,
648 TEEC_MEMREF_TEMP_OUTPUT);
649
650 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_ENCRYPT_FINAL, &op,
651 &ret_orig);
652
653 if (res != TEEC_SUCCESS) {
654 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
655 ret_orig);
656 }
657
658 if (res == TEEC_SUCCESS) {
659 *dst_len = op.params[2].tmpref.size;
660 *tag_len = op.params[3].tmpref.size;
661 }
662
663 return res;
664}
665
666static TEEC_Result ta_crypt_cmd_ae_decrypt_final(ADBG_Case_t *c,
667 TEEC_Session *s,
668 TEE_OperationHandle oph,
669 const void *src, size_t src_len,
670 void *dst, size_t *dst_len,
671 const void *tag, size_t tag_len)
672{
673 TEEC_Result res;
674 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
675 uint32_t ret_orig;
676
677 assert((uintptr_t)oph <= UINT32_MAX);
678 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
679
680 op.params[1].tmpref.buffer = (void *)src;
681 op.params[1].tmpref.size = src_len;
682
683 op.params[2].tmpref.buffer = dst;
684 op.params[2].tmpref.size = *dst_len;
685
686 op.params[3].tmpref.buffer = (void *)tag;
687 op.params[3].tmpref.size = tag_len;
688
689 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
690 TEEC_MEMREF_TEMP_INPUT,
691 TEEC_MEMREF_TEMP_OUTPUT,
692 TEEC_MEMREF_TEMP_INPUT);
693
694 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_AE_DECRYPT_FINAL, &op,
695 &ret_orig);
696
697 if (res != TEEC_SUCCESS) {
698 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
699 ret_orig);
700 }
701
702 if (res == TEEC_SUCCESS)
703 *dst_len = op.params[2].tmpref.size;
704
705 return res;
706}
707
708static TEEC_Result ta_crypt_cmd_asymmetric_operate(ADBG_Case_t *c,
709 TEEC_Session *s,
710 TEE_OperationHandle oph,
711 uint32_t cmd,
712 const TEE_Attribute *params,
713 uint32_t paramCount,
714 const void *src,
715 size_t src_len,
716 void *dst,
717 size_t *dst_len)
718{
719 TEEC_Result res;
720 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
721 uint32_t ret_orig;
722 uint8_t *buf;
723 size_t blen;
724
725 res = pack_attrs(params, paramCount, &buf, &blen);
726 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
727 return res;
728
729 assert((uintptr_t)oph <= UINT32_MAX);
730 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
731
732 op.params[1].tmpref.buffer = buf;
733 op.params[1].tmpref.size = blen;
734
735 op.params[2].tmpref.buffer = (void *)src;
736 op.params[2].tmpref.size = src_len;
737
738 op.params[3].tmpref.buffer = dst;
739 op.params[3].tmpref.size = *dst_len;
740
741 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
742 TEEC_MEMREF_TEMP_INPUT,
743 TEEC_MEMREF_TEMP_INPUT,
744 TEEC_MEMREF_TEMP_OUTPUT);
745
746 res = TEEC_InvokeCommand(s, cmd, &op, &ret_orig);
747
748 if (res != TEEC_SUCCESS) {
749 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
750 ret_orig);
751 }
752
753 if (res == TEEC_SUCCESS)
754 *dst_len = op.params[3].tmpref.size;
755
756 free(buf);
757 return res;
758}
759
760static TEEC_Result ta_crypt_cmd_asymmetric_encrypt(ADBG_Case_t *c,
761 TEEC_Session *s,
762 TEE_OperationHandle oph,
763 const TEE_Attribute *params,
764 uint32_t paramCount,
765 const void *src,
766 size_t src_len,
767 void *dst,
768 size_t *dst_len)
769{
770 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
771 TA_CRYPT_CMD_ASYMMETRIC_ENCRYPT,
772 params, paramCount,
773 src, src_len, dst, dst_len);
774}
775
776static TEEC_Result ta_crypt_cmd_asymmetric_decrypt(ADBG_Case_t *c,
777 TEEC_Session *s,
778 TEE_OperationHandle oph,
779 const TEE_Attribute *params,
780 uint32_t paramCount,
781 const void *src,
782 size_t src_len,
783 void *dst,
784 size_t *dst_len)
785{
786 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
787 TA_CRYPT_CMD_ASYMMETRIC_DECRYPT,
788 params, paramCount,
789 src, src_len, dst, dst_len);
790}
791
792static TEEC_Result ta_crypt_cmd_asymmetric_sign(ADBG_Case_t *c,
793 TEEC_Session *s,
794 TEE_OperationHandle oph,
795 const TEE_Attribute *params,
796 uint32_t paramCount,
797 const void *digest,
798 size_t digest_len,
799 void *signature,
800 size_t *signature_len)
801{
802 return ta_crypt_cmd_asymmetric_operate(c, s, oph,
803 TA_CRYPT_CMD_ASYMMETRIC_SIGN_DIGEST, params, paramCount,
804 digest, digest_len, signature, signature_len);
805}
806
807static TEEC_Result ta_crypt_cmd_asymmetric_verify(ADBG_Case_t *c,
808 TEEC_Session *s,
809 TEE_OperationHandle oph,
810 const TEE_Attribute *params,
811 uint32_t paramCount,
812 const void *digest,
813 size_t digest_len,
814 const void *signature,
815 size_t signature_len)
816{
817 TEEC_Result res;
818 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
819 uint32_t ret_orig;
820 uint8_t *buf;
821 size_t blen;
822
823 res = pack_attrs(params, paramCount, &buf, &blen);
824 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
825 return res;
826
827 assert((uintptr_t)oph <= UINT32_MAX);
828 op.params[0].value.a = (uint32_t)(uintptr_t)oph;
829
830 op.params[1].tmpref.buffer = buf;
831 op.params[1].tmpref.size = blen;
832
833 op.params[2].tmpref.buffer = (void *)digest;
834 op.params[2].tmpref.size = digest_len;
835
836 op.params[3].tmpref.buffer = (void *)signature;
837 op.params[3].tmpref.size = signature_len;
838
839 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
840 TEEC_MEMREF_TEMP_INPUT,
841 TEEC_MEMREF_TEMP_INPUT,
842 TEEC_MEMREF_TEMP_INPUT);
843
844 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_ASYMMETRIC_VERIFY_DIGEST,
845 &op, &ret_orig);
846
847 if (res != TEEC_SUCCESS) {
848 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
849 ret_orig);
850 }
851
852 free(buf);
853 return res;
854}
855
856static TEEC_Result ta_crypt_cmd_get_object_value_attribute(ADBG_Case_t *c,
857 TEEC_Session *s,
858 TEE_ObjectHandle o,
859 uint32_t attr_id,
860 uint32_t *valuea,
861 uint32_t *valueb)
862{
863 TEEC_Result res;
864 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
865 uint32_t ret_orig;
866
867 assert((uintptr_t)o <= UINT32_MAX);
868 op.params[0].value.a = (uint32_t)(uintptr_t)o;
869 op.params[0].value.b = attr_id;
870 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_VALUE_OUTPUT,
871 TEEC_NONE, TEEC_NONE);
872
873 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GET_OBJECT_VALUE_ATTRIBUTE,
874 &op, &ret_orig);
875
876 if (res != TEEC_SUCCESS) {
877 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
878 ret_orig);
879 }
880
881 if (res == TEEC_SUCCESS) {
882 *valuea = op.params[1].value.a;
883 *valueb = op.params[1].value.b;
884 }
885
886 return res;
887}
888
889static TEEC_Result ta_crypt_cmd_generate_key(ADBG_Case_t *c,
890 TEEC_Session *s,
891 TEE_ObjectHandle o,
892 uint32_t key_size,
893 const TEE_Attribute *params,
894 uint32_t paramCount)
895{
896 TEEC_Result res;
897 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
898 uint32_t ret_orig;
899 uint8_t *buf;
900 size_t blen;
901
902 res = pack_attrs(params, paramCount, &buf, &blen);
903 if (!ADBG_EXPECT_TEEC_SUCCESS(c, res))
904 return res;
905
906 assert((uintptr_t)o <= UINT32_MAX);
907 op.params[0].value.a = (uint32_t)(uintptr_t)o;
908 op.params[0].value.b = key_size;
909
910 op.params[1].tmpref.buffer = buf;
911 op.params[1].tmpref.size = blen;
912
913 op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
914 TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,
915 TEEC_NONE);
916
917 res = TEEC_InvokeCommand(s, TA_CRYPT_CMD_GENERATE_KEY, &op, &ret_orig);
918
919 if (res != TEEC_SUCCESS) {
920 (void)ADBG_EXPECT_TEEC_ERROR_ORIGIN(c, TEEC_ORIGIN_TRUSTED_APP,
921 ret_orig);
922 }
923
924 free(buf);
925 return res;
926}
927
928static const uint8_t hash_data_md5_in1[] = {
929 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
930};
931
932static const uint8_t hash_data_md5_out1[] = {
933 0x61, 0x12, 0x71, 0x83, 0x70, 0x8d, 0x3a, 0xc7,
934 0xf1, 0x9b, 0x66, 0x06, 0xfc, 0xae, 0x7d, 0xf6
935};
936
937static const uint8_t hash_data_sha1_in1[] = {
938 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
939};
940
941static const uint8_t hash_data_sha1_out1[] = {
942 0x4b, 0x98, 0x92, 0xb6, 0x52, 0x72, 0x14, 0xaf,
943 0xc6, 0x55, 0xb8, 0xaa, 0x52, 0xf4, 0xd2, 0x03,
944 0xc1, 0x5e, 0x7c, 0x9c
945};
946
947static const uint8_t hash_data_sha224_in1[] = {
948 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
949};
950
951static const uint8_t hash_data_sha224_out1[] = {
952 0x08, 0x21, 0x69, 0xf9, 0x77, 0x1b, 0x80, 0x15,
953 0xf3, 0x97, 0xae, 0xde, 0x5b, 0xba, 0xa2, 0x72,
954 0x2d, 0x8f, 0x5c, 0x19, 0xfe, 0xd2, 0xe2, 0x68,
955 0x92, 0x49, 0xd8, 0x44
956};
957
958static const uint8_t hash_data_sha256_in1[] = { 'a', 'b', 'c' };
959
960static const uint8_t hash_data_sha256_out1[] = {
961 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
962 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
963 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
964 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
965};
966
967static const uint8_t hash_data_sha256_in2[] = { 'e', 'f', 'g' };
968
969static const uint8_t hash_data_sha256_out2[] = {
970 0xd4, 0xff, 0xe8, 0xe9, 0xee, 0x0b, 0x48, 0xeb,
971 0xa7, 0x16, 0x70, 0x61, 0x23, 0xa7, 0x18, 0x7f,
972 0x32, 0xea, 0xe3, 0xbd, 0xcb, 0x0e, 0x77, 0x63,
973 0xe4, 0x1e, 0x53, 0x32, 0x67, 0xbd, 0x8a, 0x53
974};
975
976
977static const uint8_t hash_data_sha384_in1[] = {
978 'a', 'b', 'c', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
979};
980
981static const uint8_t hash_data_sha384_out1[] = {
982 0x4c, 0xab, 0x80, 0x9d, 0x96, 0x84, 0x01, 0x47,
983 0x67, 0x0a, 0xc1, 0x7a, 0xb6, 0xb9, 0xf7, 0x6e,
984 0x35, 0xa6, 0xb0, 0x8c, 0xf5, 0x2a, 0x3d, 0x64,
985 0x9a, 0x8c, 0x7e, 0x0c, 0x55, 0x45, 0xd3, 0x7d,
986 0x1f, 0x7f, 0x28, 0x34, 0x96, 0x14, 0x44, 0x2a,
987 0xf5, 0x98, 0xa2, 0x95, 0x24, 0x76, 0x53, 0x97
988};
989
990static const uint8_t hash_data_sha512_in1[] = {
991 'a', 'b', 'c', 'd', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm'
992};
993
994static const uint8_t hash_data_sha512_out1[] = {
995 0x20, 0xd8, 0x64, 0x4f, 0x54, 0xa2, 0x5f, 0x6f,
996 0x0a, 0xf9, 0xd5, 0x27, 0x7d, 0x17, 0xa8, 0x99,
997 0x4c, 0x64, 0x3f, 0xd0, 0xf3, 0x83, 0x36, 0xee,
998 0x93, 0x12, 0x55, 0xcd, 0x2e, 0x12, 0x34, 0xa0,
999 0xc2, 0xaa, 0xf9, 0xbb, 0x15, 0xc5, 0xe9, 0xfa,
1000 0xf7, 0xa7, 0xda, 0xb8, 0x2f, 0x72, 0xa0, 0x47,
1001 0xe3, 0x02, 0x04, 0xe8, 0xa0, 0x35, 0x0c, 0x96,
1002 0x26, 0xd1, 0xcb, 0x8b, 0x47, 0x45, 0x25, 0xd0
1003};
1004
1005struct xtest_hash_case {
1006 uint32_t algo;
1007 size_t in_incr;
1008 const uint8_t *in;
1009 size_t in_len;
1010 const uint8_t *out;
1011 size_t out_len;
1012};
1013
1014#define XTEST_HASH_CASE(algo, in_incr, in, out) \
1015 { (algo), (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1016
1017static const struct xtest_hash_case hash_cases[] = {
1018 XTEST_HASH_CASE(TEE_ALG_MD5, 6, hash_data_md5_in1,
1019 hash_data_md5_out1),
1020 XTEST_HASH_CASE(TEE_ALG_SHA1, 3, hash_data_sha1_in1,
1021 hash_data_sha1_out1),
1022 XTEST_HASH_CASE(TEE_ALG_SHA224, 7, hash_data_sha224_in1,
1023 hash_data_sha224_out1),
1024 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in1,
1025 hash_data_sha256_out1),
1026 XTEST_HASH_CASE(TEE_ALG_SHA256, 1, hash_data_sha256_in2,
1027 hash_data_sha256_out2),
1028 XTEST_HASH_CASE(TEE_ALG_SHA384, 1, hash_data_sha384_in1,
1029 hash_data_sha384_out1),
1030 XTEST_HASH_CASE(TEE_ALG_SHA512, 1, hash_data_sha512_in1,
1031 hash_data_sha512_out1),
1032};
1033
1034static void xtest_tee_test_4001(ADBG_Case_t *c)
1035{
1036 TEEC_Session session = { 0 };
1037 uint32_t ret_orig;
1038 size_t n;
1039
1040 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1041 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1042 &ret_orig)))
1043 return;
1044
1045
1046 for (n = 0; n < ARRAY_SIZE(hash_cases); n++) {
1047 TEE_OperationHandle op1;
1048 TEE_OperationHandle op2;
1049 uint8_t out[64];
1050 size_t out_size;
1051
1052 Do_ADBG_BeginSubCase(c, "Hash case %d algo 0x%x",
1053 (int)n, (unsigned int)hash_cases[n].algo);
1054
1055 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1056 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1057 hash_cases[n].algo,
1058 TEE_MODE_DIGEST, 0)))
1059 goto out;
1060
1061 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1062 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1063 hash_cases[n].algo,
1064 TEE_MODE_DIGEST, 0)))
1065 goto out;
1066
1067 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1068 ta_crypt_cmd_digest_update(c, &session, op1,
1069 hash_cases[n].in,
1070 hash_cases[n].in_incr)))
1071 goto out;
1072
1073 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1074 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1075 goto out;
1076
1077 out_size = sizeof(out);
1078 memset(out, 0, sizeof(out));
1079 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1080 ta_crypt_cmd_digest_do_final(c, &session, op2,
1081 hash_cases[n].in + hash_cases[n].in_incr,
1082 hash_cases[n].in_len - hash_cases[n].in_incr,
1083 out, &out_size)))
1084 goto out;
1085
1086 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1087 hash_cases[n].out_len, out, out_size);
1088
1089 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1090 ta_crypt_cmd_reset_operation(c, &session, op1)))
1091 goto out;
1092
1093 out_size = sizeof(out);
1094 memset(out, 0, sizeof(out));
1095 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1096 ta_crypt_cmd_digest_do_final(c, &session, op1,
1097 hash_cases[n].in,
1098 hash_cases[n].in_len, out,
1099 &out_size)))
1100 goto out;
1101
1102 (void)ADBG_EXPECT_BUFFER(c, hash_cases[n].out,
1103 hash_cases[n].out_len, out, out_size);
1104
1105 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1106 ta_crypt_cmd_free_operation(c, &session, op1)))
1107 goto out;
1108
1109 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1110 ta_crypt_cmd_free_operation(c, &session, op2)))
1111 goto out;
1112
1113 Do_ADBG_EndSubCase(c, NULL);
1114 }
1115
1116out:
1117 TEEC_CloseSession(&session);
1118}
1119
1120static const uint8_t mac_data_md5_key1[10] = {
1121 0x6B, 0x65, 0x79, /* key */
1122};
1123
1124static const uint8_t mac_data_md5_in1[] = {
1125 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1126 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1127 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1128 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1129 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1130 0x64, 0x6F, 0x67, /* dog */
1131};
1132
1133static const uint8_t mac_data_md5_out1[] = {
1134 0x80, 0x07, 0x07, 0x13, 0x46, 0x3e, 0x77, 0x49,
1135 0xb9, 0x0c, 0x2d, 0xc2, 0x49, 0x11, 0xe2, 0x75
1136};
1137
1138
1139/* generated with scripts/digest_hmac.pl */
1140static const uint8_t mac_data_sha1_key1[10] = {
1141 0x6B, 0x65, 0x79, /* key */
1142};
1143
1144static const uint8_t mac_data_sha1_in1[] = {
1145 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1146 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1147 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1148 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1149 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1150 0x64, 0x6F, 0x67, /* dog */
1151};
1152
1153static const uint8_t mac_data_sha1_out1[] = {
1154 0xDE, 0x7C, 0x9B, 0x85, 0xB8, 0xB7, 0x8A, 0xA6, /* .|...... */
1155 0xBC, 0x8A, 0x7A, 0x36, 0xF7, 0x0A, 0x90, 0x70, /* ..z6...p */
1156 0x1C, 0x9D, 0xB4, 0xD9, /* .... */
1157};
1158
1159static const uint8_t mac_data_sha224_key1[24] = {
1160 0x6B, 0x65, 0x79, /* key */
1161};
1162
1163static const uint8_t mac_data_sha224_in1[] = {
1164 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1165 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1166 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1167 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1168 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1169 0x64, 0x6F, 0x67, /* dog */
1170};
1171
1172static const uint8_t mac_data_sha224_out1[] = {
1173 0x88, 0xFF, 0x8B, 0x54, 0x67, 0x5D, 0x39, 0xB8, /* ...Tg]9. */
1174 0xF7, 0x23, 0x22, 0xE6, 0x5F, 0xF9, 0x45, 0xC5, /* .#"._.E. */
1175 0x2D, 0x96, 0x37, 0x99, 0x88, 0xAD, 0xA2, 0x56, /* -.7....V */
1176 0x39, 0x74, 0x7E, 0x69, /* 9t~i */
1177};
1178
1179
1180static const uint8_t mac_data_sha256_key1[24] = {
1181 'Q', 'W', 'E', 'R', 'T', 'Y'
1182};
1183
1184static const uint8_t mac_data_sha256_in1[] = { 'a', 'b', 'c' };
1185
1186static const uint8_t mac_data_sha256_out1[] = {
1187 0xee, 0x2e, 0x5d, 0x9b, 0x51, 0xe2, 0x9c, 0x1d,
1188 0x49, 0xe9, 0xae, 0x6f, 0x0a, 0xcc, 0x15, 0x18,
1189 0xde, 0x1e, 0xa3, 0x88, 0x8e, 0xee, 0x48, 0xbb,
1190 0x82, 0x77, 0xe9, 0x09, 0x74, 0x4b, 0xa2, 0xf2
1191};
1192
1193/* generated with scripts/digest_hmac.pl */
1194static const uint8_t mac_data_sha256_key2[24] = {
1195 0x6B, 0x65, 0x79, /* key */
1196};
1197
1198static const uint8_t mac_data_sha256_in2[] = {
1199 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1200 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1201 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1202 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1203 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1204 0x64, 0x6F, 0x67, /* dog */
1205};
1206
1207static const uint8_t mac_data_sha256_out2[] = {
1208 0xF7, 0xBC, 0x83, 0xF4, 0x30, 0x53, 0x84, 0x24, /* ....0S.$ */
1209 0xB1, 0x32, 0x98, 0xE6, 0xAA, 0x6F, 0xB1, 0x43, /* .2...o.C */
1210 0xEF, 0x4D, 0x59, 0xA1, 0x49, 0x46, 0x17, 0x59, /* .MY.IF.Y */
1211 0x97, 0x47, 0x9D, 0xBC, 0x2D, 0x1A, 0x3C, 0xD8, /* .G..-.<. */
1212};
1213
1214static const uint8_t mac_data_sha384_key1[32] = {
1215 0x6B, 0x65, 0x79, /* key */
1216};
1217
1218static const uint8_t mac_data_sha384_in1[] = {
1219 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1220 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1221 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1222 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1223 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1224 0x64, 0x6F, 0x67, /* dog */
1225};
1226
1227static const uint8_t mac_data_sha384_out1[] = {
1228 0xD7, 0xF4, 0x72, 0x7E, 0x2C, 0x0B, 0x39, 0xAE, /* ..r~, .9. */
1229 0x0F, 0x1E, 0x40, 0xCC, 0x96, 0xF6, 0x02, 0x42, /* ..@....B */
1230 0xD5, 0xB7, 0x80, 0x18, 0x41, 0xCE, 0xA6, 0xFC, /* ....A... */
1231 0x59, 0x2C, 0x5D, 0x3E, 0x1A, 0xE5, 0x07, 0x00, /* Y, ]>.... */
1232 0x58, 0x2A, 0x96, 0xCF, 0x35, 0xE1, 0xE5, 0x54, /* X...5..T */
1233 0x99, 0x5F, 0xE4, 0xE0, 0x33, 0x81, 0xC2, 0x37, /* ._..3..7 */
1234};
1235
1236static const uint8_t mac_data_sha512_key1[32] = {
1237 0x6B, 0x65, 0x79, /* key */
1238};
1239
1240static const uint8_t mac_data_sha512_in1[] = {
1241 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, /* The quic */
1242 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20, /* k brown */
1243 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70, /* fox jump */
1244 0x73, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x20, 0x74, /* s over t */
1245 0x68, 0x65, 0x20, 0x6C, 0x61, 0x7A, 0x79, 0x20, /* he lazy */
1246 0x64, 0x6F, 0x67, /* dog */
1247};
1248
1249static const uint8_t mac_data_sha512_out1[] = {
1250 0xB4, 0x2A, 0xF0, 0x90, 0x57, 0xBA, 0xC1, 0xE2, /* ....W... */
1251 0xD4, 0x17, 0x08, 0xE4, 0x8A, 0x90, 0x2E, 0x09, /* ........ */
1252 0xB5, 0xFF, 0x7F, 0x12, 0xAB, 0x42, 0x8A, 0x4F, /* .....B.O */
1253 0xE8, 0x66, 0x53, 0xC7, 0x3D, 0xD2, 0x48, 0xFB, /* .fS.=.H. */
1254 0x82, 0xF9, 0x48, 0xA5, 0x49, 0xF7, 0xB7, 0x91, /* ..H.I... */
1255 0xA5, 0xB4, 0x19, 0x15, 0xEE, 0x4D, 0x1E, 0xC3, /* .....M.. */
1256 0x93, 0x53, 0x57, 0xE4, 0xE2, 0x31, 0x72, 0x50, /* .SW..1rP */
1257 0xD0, 0x37, 0x2A, 0xFA, 0x2E, 0xBE, 0xEB, 0x3A, /* .7.....: */
1258};
1259
1260
1261/* AES-CBC-MAC */
1262static const uint8_t mac_cbc_vect1_key[] = {
1263 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1264 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1265};
1266
1267static const uint8_t mac_cbc_vect1_data[] = {
1268 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1269 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1270 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1271 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1272 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1273 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1274 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1275 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1276 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1277 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1278 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1279 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1280 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1281 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1282 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1283 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1284 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1285 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1286 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1287 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1288};
1289
1290static const uint8_t mac_cbc_vect1_out[] = {
1291 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1292 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1293};
1294
1295/* DES-CBC-MAC */
1296static const uint8_t mac_cbc_vect2_key[] = {
1297 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1298};
1299
1300#define mac_cbc_vect2_data mac_cbc_vect1_data
1301static const uint8_t mac_cbc_vect2_out[] = {
1302 0xE9, 0x41, 0x46, 0x30, 0x69, 0x32, 0xBD, 0xD6, /* .AF0i2.. */
1303};
1304
1305/* DES3-CBC-MAC */
1306static const uint8_t mac_cbc_vect3_key[] = {
1307 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1308 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1309 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1310};
1311
1312#define mac_cbc_vect3_data mac_cbc_vect2_data
1313static const uint8_t mac_cbc_vect3_out[] = {
1314 0x1C, 0x17, 0xB7, 0xB5, 0x9F, 0x54, 0x9C, 0x63, /* .....T.c */
1315};
1316
1317/* AES-CBC-MAC PKCS#5 pad*/
1318static const uint8_t mac_cbc_vect4_key[] = {
1319 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1320 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1321 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1322 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1323};
1324
1325#define mac_cbc_vect4_data mac_cbc_vect1_data
1326static const uint8_t mac_cbc_vect4_out[] = {
1327 0x0B, 0x46, 0xC7, 0xA2, 0xE1, 0x5A, 0xE2, 0x23, /* .F...Z.# */
1328 0x83, 0x34, 0x1C, 0x86, 0x53, 0xF8, 0x51, 0x24, /* .4..S.Q$ */
1329};
1330
1331/* DES-CBC-MAC PKCS#5 pad*/
1332static const uint8_t mac_cbc_vect5_key[] = {
1333 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1334};
1335
1336#define mac_cbc_vect5_data mac_cbc_vect1_data
1337static const uint8_t mac_cbc_vect5_out[] = {
1338 0x30, 0x81, 0x4F, 0x42, 0x03, 0x7E, 0xD8, 0xA9, /* 0.OB.~.. */
1339};
1340
1341/* DES3-CBC-MAC PKCS#5 pad*/
1342static const uint8_t mac_cbc_vect6_key[] = {
1343 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1344 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1345 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1346};
1347
1348#define mac_cbc_vect6_data mac_cbc_vect1_data
1349static const uint8_t mac_cbc_vect6_out[] = {
1350 0x6E, 0x37, 0x6E, 0x14, 0x5E, 0x21, 0xDD, 0xF8, /* n7n.^!.. */
1351};
1352
1353/* AES-CBC-MAC PKCS#5 pad*/
1354#define mac_cbc_vect7_key mac_cbc_vect4_key
1355static const uint8_t mac_cbc_vect7_data[] = {
1356 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1357 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1358 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1359 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1360 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1361 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1362 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1363 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1364 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1365 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1366 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1367 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1368 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1369 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1370 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1371 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1372 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1373 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1374 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1375 0x74, 0x69, 0x6F, 0x6E, 0x2E, /* tion. */
1376};
1377
1378static const uint8_t mac_cbc_vect7_out[] = {
1379 0xFD, 0x89, 0x35, 0xB3, 0x93, 0x7F, 0xBB, 0xA2, /* ..5..... */
1380 0xFB, 0x65, 0x60, 0xC4, 0x0A, 0x62, 0xA0, 0xF9, /* .e`..b.. */
1381};
1382
1383/* DES-CBC-MAC PKCS#5 pad*/
1384#define mac_cbc_vect8_key mac_cbc_vect5_key
1385#define mac_cbc_vect8_data mac_cbc_vect7_data
1386static const uint8_t mac_cbc_vect8_out[] = {
1387 0x02, 0x2A, 0xA8, 0x2E, 0x47, 0xC6, 0xBB, 0x7C, /* ....G..| */
1388};
1389
1390/* DES3-CBC-MAC PKCS#5 pad*/
1391#define mac_cbc_vect9_key mac_cbc_vect6_key
1392#define mac_cbc_vect9_data mac_cbc_vect7_data
1393static const uint8_t mac_cbc_vect9_out[] = {
1394 0xD4, 0xF7, 0x3E, 0x27, 0x78, 0x0E, 0x1C, 0x79, /* ..>'x..y */
1395};
1396
1397/*
1398 * AES-CMAC
1399 * Test vectors from
1400 * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
1401 */
1402
1403/* AES-128 */
1404static const uint8_t mac_cmac_vect1_key[] = {
1405 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1406 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
1407};
1408
1409static const uint8_t mac_cmac_vect1_out[] = {
1410 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
1411 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
1412};
1413
1414#define mac_cmac_vect2_key mac_cmac_vect1_key
1415static const uint8_t mac_cmac_vect2_data[] = {
1416 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1417 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1418};
1419
1420static const uint8_t mac_cmac_vect2_out[] = {
1421 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
1422 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
1423};
1424
1425#define mac_cmac_vect3_key mac_cmac_vect1_key
1426static const uint8_t mac_cmac_vect3_data[] = {
1427 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1428 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1429 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1430 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1431 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1432};
1433
1434static const uint8_t mac_cmac_vect3_out[] = {
1435 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
1436 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
1437};
1438
1439#define mac_cmac_vect4_key mac_cmac_vect1_key
1440static const uint8_t mac_cmac_vect4_data[] = {
1441 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1442 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1443 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1444 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1445 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1446 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1447 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1448 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1449};
1450
1451static const uint8_t mac_cmac_vect4_out[] = {
1452 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
1453 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
1454};
1455
1456/* AES-192 */
1457static const uint8_t mac_cmac_vect5_key[] = {
1458 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
1459 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
1460 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
1461};
1462
1463static const uint8_t mac_cmac_vect5_out[] = {
1464 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
1465 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
1466};
1467
1468
1469#define mac_cmac_vect6_key mac_cmac_vect5_key
1470static const uint8_t mac_cmac_vect6_data[] = {
1471 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1472 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1473};
1474
1475static const uint8_t mac_cmac_vect6_out[] = {
1476 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
1477 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
1478};
1479
1480#define mac_cmac_vect7_key mac_cmac_vect5_key
1481static const uint8_t mac_cmac_vect7_data[] = {
1482 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1483 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1484 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1485 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1486 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1487};
1488
1489static const uint8_t mac_cmac_vect7_out[] = {
1490 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
1491 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
1492};
1493
1494#define mac_cmac_vect8_key mac_cmac_vect5_key
1495static const uint8_t mac_cmac_vect8_data[] = {
1496 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1497 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1498 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1499 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1500 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1501 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1502 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1503 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1504};
1505
1506static const uint8_t mac_cmac_vect8_out[] = {
1507 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
1508 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
1509};
1510
1511/* AES-256 */
1512static const uint8_t mac_cmac_vect9_key[] = {
1513 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
1514 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
1515 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
1516 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
1517};
1518
1519static const uint8_t mac_cmac_vect9_out[] = {
1520 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
1521 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
1522};
1523
1524#define mac_cmac_vect10_key mac_cmac_vect9_key
1525static const uint8_t mac_cmac_vect10_data[] = {
1526 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1527 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
1528};
1529
1530static const uint8_t mac_cmac_vect10_out[] = {
1531 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
1532 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
1533};
1534
1535#define mac_cmac_vect11_key mac_cmac_vect9_key
1536static const uint8_t mac_cmac_vect11_data[] = {
1537 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1538 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1539 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1540 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1541 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
1542};
1543
1544static const uint8_t mac_cmac_vect11_out[] = {
1545 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
1546 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
1547};
1548
1549#define mac_cmac_vect12_key mac_cmac_vect9_key
1550static const uint8_t mac_cmac_vect12_data[] = {
1551 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1552 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1553 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1554 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1555 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1556 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1557 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1558 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1559};
1560
1561static const uint8_t mac_cmac_vect12_out[] = {
1562 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
1563 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
1564};
1565
1566struct xtest_mac_case {
1567 uint32_t algo;
1568 uint32_t key_type;
1569 const uint8_t *key;
1570 size_t key_len;
1571 size_t in_incr;
1572 const uint8_t *in;
1573 size_t in_len;
1574 const uint8_t *out;
1575 size_t out_len;
1576};
1577
1578#define XTEST_MAC_CASE(algo, key_type, key, in_incr, in, out) \
1579 { (algo), (key_type), (key), ARRAY_SIZE(key), \
1580 (in_incr), (in), ARRAY_SIZE(in), (out), ARRAY_SIZE(out) }
1581
1582#define XTEST_MAC_CBC_CASE(algo, key_type, vect, in_incr) \
1583 XTEST_MAC_CASE((algo), (key_type), \
1584 mac_cbc_ ## vect ## _key, (in_incr), \
1585 mac_cbc_ ## vect ## _data, mac_cbc_ ## vect ## _out)
1586
1587#define XTEST_MAC_CMAC_CASE(vect, in_incr) \
1588 XTEST_MAC_CASE(TEE_ALG_AES_CMAC, TEE_TYPE_AES, \
1589 mac_cmac_ ## vect ## _key, (in_incr), \
1590 mac_cmac_ ## vect ## _data, mac_cmac_ ## vect ## _out)
1591
1592static const struct xtest_mac_case mac_cases[] = {
1593 XTEST_MAC_CASE(TEE_ALG_HMAC_MD5, TEE_TYPE_HMAC_MD5,
1594 mac_data_md5_key1,
1595 4, mac_data_md5_in1, mac_data_md5_out1),
1596 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA1, TEE_TYPE_HMAC_SHA1,
1597 mac_data_sha1_key1,
1598 5, mac_data_sha1_in1, mac_data_sha1_out1),
1599 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA224, TEE_TYPE_HMAC_SHA224,
1600 mac_data_sha224_key1,
1601 8, mac_data_sha224_in1, mac_data_sha224_out1),
1602 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1603 mac_data_sha256_key1,
1604 1, mac_data_sha256_in1, mac_data_sha256_out1),
1605 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA256, TEE_TYPE_HMAC_SHA256,
1606 mac_data_sha256_key2,
1607 7, mac_data_sha256_in2, mac_data_sha256_out2),
1608 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA384, TEE_TYPE_HMAC_SHA384,
1609 mac_data_sha384_key1,
1610 11, mac_data_sha384_in1, mac_data_sha384_out1),
1611 XTEST_MAC_CASE(TEE_ALG_HMAC_SHA512, TEE_TYPE_HMAC_SHA512,
1612 mac_data_sha512_key1,
1613 13, mac_data_sha512_in1, mac_data_sha512_out1),
1614
1615 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_NOPAD, TEE_TYPE_AES, vect1, 14),
1616 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_NOPAD, TEE_TYPE_DES, vect2, 16),
1617 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_NOPAD, TEE_TYPE_DES3, vect3,
1618 17),
1619 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect4, 11),
1620 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect5, 9),
1621 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect6, 4),
1622 XTEST_MAC_CBC_CASE(TEE_ALG_AES_CBC_MAC_PKCS5, TEE_TYPE_AES, vect7, 3),
1623 XTEST_MAC_CBC_CASE(TEE_ALG_DES_CBC_MAC_PKCS5, TEE_TYPE_DES, vect8, 23),
1624 XTEST_MAC_CBC_CASE(TEE_ALG_DES3_CBC_MAC_PKCS5, TEE_TYPE_DES3, vect9,
1625 34),
1626
1627 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect1_key,
1628 ARRAY_SIZE(mac_cmac_vect1_key), 0, NULL, 0, mac_cmac_vect1_out,
1629 ARRAY_SIZE(mac_cmac_vect1_out) },
1630 XTEST_MAC_CMAC_CASE(vect2, 9),
1631 XTEST_MAC_CMAC_CASE(vect3, 9),
1632 XTEST_MAC_CMAC_CASE(vect4, 9),
1633 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect5_key,
1634 ARRAY_SIZE(mac_cmac_vect5_key), 0, NULL, 0, mac_cmac_vect5_out,
1635 ARRAY_SIZE(mac_cmac_vect5_out) },
1636 XTEST_MAC_CMAC_CASE(vect6, 9),
1637 XTEST_MAC_CMAC_CASE(vect7, 9),
1638 XTEST_MAC_CMAC_CASE(vect8, 9),
1639 { TEE_ALG_AES_CMAC, TEE_TYPE_AES, mac_cmac_vect9_key,
1640 ARRAY_SIZE(mac_cmac_vect9_key), 0, NULL, 0, mac_cmac_vect9_out,
1641 ARRAY_SIZE(mac_cmac_vect9_out) },
1642 XTEST_MAC_CMAC_CASE(vect10, 9),
1643 XTEST_MAC_CMAC_CASE(vect11, 9),
1644 XTEST_MAC_CMAC_CASE(vect12, 9),
1645};
1646
1647static void xtest_tee_test_4002(ADBG_Case_t *c)
1648{
1649 TEEC_Session session = { 0 };
1650 TEE_OperationHandle op1;
1651 TEE_OperationHandle op2;
1652 TEE_ObjectHandle key_handle;
1653 uint8_t out[64];
1654 size_t out_size;
1655 uint32_t ret_orig;
1656 size_t n;
1657
1658 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1659 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
1660 &ret_orig)))
1661 return;
1662
1663 for (n = 0; n < ARRAY_SIZE(mac_cases); n++) {
1664 TEE_Attribute key_attr;
1665 size_t key_size;
1666
1667 Do_ADBG_BeginSubCase(c, "MAC case %d algo 0x%x",
1668 (int)n, (unsigned int)mac_cases[n].algo);
1669
1670 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
1671 key_attr.content.ref.buffer = (void *)mac_cases[n].key;
1672 key_attr.content.ref.length = mac_cases[n].key_len;
1673
1674 key_size = key_attr.content.ref.length * 8;
1675 if (mac_cases[n].key_type == TEE_TYPE_DES ||
1676 mac_cases[n].key_type == TEE_TYPE_DES3)
1677 /* Exclude parity in bit size of key */
1678 key_size -= key_size / 8;
1679
1680 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1681 ta_crypt_cmd_allocate_operation(c, &session, &op1,
1682 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1683 goto out;
1684
1685 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1686 ta_crypt_cmd_allocate_operation(c, &session, &op2,
1687 mac_cases[n].algo, TEE_MODE_MAC, key_size)))
1688 goto out;
1689
1690 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1691 ta_crypt_cmd_allocate_transient_object(c, &session,
1692 mac_cases[n].key_type, key_size, &key_handle)))
1693 goto out;
1694
1695 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1696 ta_crypt_cmd_populate_transient_object(c, &session,
1697 key_handle, &key_attr, 1)))
1698 goto out;
1699
1700 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1701 ta_crypt_cmd_set_operation_key(c, &session, op1,
1702 key_handle)))
1703 goto out;
1704
1705 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1706 ta_crypt_cmd_free_transient_object(c, &session,
1707 key_handle)))
1708 goto out;
1709
1710 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1711 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1712 goto out;
1713
1714 if (mac_cases[n].in != NULL) {
1715 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1716 ta_crypt_cmd_mac_update(c, &session, op1,
1717 mac_cases[n].in, mac_cases[n].in_incr)))
1718 goto out;
1719 }
1720
1721 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1722 ta_crypt_cmd_copy_operation(c, &session, op2, op1)))
1723 goto out;
1724
1725 out_size = sizeof(out);
1726 memset(out, 0, sizeof(out));
1727 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1728 ta_crypt_cmd_mac_final_compute(c, &session, op2,
1729 mac_cases[n].in + mac_cases[n].in_incr,
1730 mac_cases [n].in_len - mac_cases[n].in_incr,
1731 out, &out_size)))
1732 goto out;
1733
1734 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1735 mac_cases[n].out_len, out, out_size);
1736
1737 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1738 ta_crypt_cmd_mac_init(c, &session, op1, NULL, 0)))
1739 goto out;
1740
1741 out_size = sizeof(out);
1742 memset(out, 0, sizeof(out));
1743 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1744 ta_crypt_cmd_mac_final_compute(c, &session, op1,
1745 mac_cases[n].in, mac_cases[n].in_len, out,
1746 &out_size)))
1747 goto out;
1748
1749 (void)ADBG_EXPECT_BUFFER(c, mac_cases[n].out,
1750 mac_cases[n].out_len, out, out_size);
1751
1752 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1753 ta_crypt_cmd_free_operation(c, &session, op1)))
1754 goto out;
1755
1756 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
1757 ta_crypt_cmd_free_operation(c, &session, op2)))
1758 goto out;
1759
1760 Do_ADBG_EndSubCase(c, NULL);
1761 }
1762out:
1763 TEEC_CloseSession(&session);
1764}
1765
1766/* generated with scripts/crypt_aes_cbc_nopad.pl */
1767static const uint8_t ciph_data_aes_key1[] = {
1768 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1769 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1770};
1771
1772static const uint8_t ciph_data_des_key1[] = {
1773 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 /* 01234567 */
1774};
1775
1776static const uint8_t ciph_data_des_key2[] = {
1777 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1778};
1779
1780
1781static const uint8_t ciph_data_des3_key1[] = {
1782 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1783 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1784 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1785};
1786
1787static const uint8_t ciph_data_des3_key2[] = {
1788 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1789 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1,
1790 0x13, 0x34, 0x57, 0x79, 0x9B, 0xBC, 0xDF, 0xF1
1791};
1792
1793static const uint8_t ciph_data_des2_key1[] = {
1794 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1795 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1796};
1797
1798static const uint8_t ciph_data_in1[] = {
1799 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1800 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1801 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1802 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1803 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1804 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, /* CDEF0123 */
1805};
1806
1807static const uint8_t ciph_data_in3[] = {
1808 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, /* 23456789 */
1809 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, /* ABCDEF01 */
1810 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, /* 3456789A */
1811 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, /* BCDEF012 */
1812 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, /* 456789AB */
1813 0x43, 0x44, 0x45, 0x46, 0x30, /* CDEF0 */
1814};
1815
1816static const uint8_t ciph_data_128_iv1[] = {
1817 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1818 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, /* 9ABCDEF0 */
1819};
1820
1821static const uint8_t ciph_data_64_iv1[] = {
1822 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, /* 12345678 */
1823};
1824
1825static const uint8_t ciph_data_in2[] = {
1826 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
1827};
1828
1829static const uint8_t ciph_data_aes_ecb_nopad_out1[] = {
1830 0xA5, 0xBE, 0x14, 0xD5, 0x01, 0x05, 0x24, 0x48, /* ......$H */
1831 0x58, 0x1A, 0x6B, 0x82, 0xD4, 0x41, 0xD2, 0xB3, /* X.k..A.. */
1832 0xBB, 0xF9, 0xAE, 0x37, 0x94, 0xAC, 0x18, 0x50, /* ...7...P */
1833 0x87, 0x09, 0xCC, 0x3F, 0x43, 0xD2, 0xC2, 0xB7, /* ...?C... */
1834 0xD7, 0x6F, 0x84, 0x07, 0xB4, 0x78, 0xCE, 0x34, /* .o...x.4 */
1835 0x48, 0xC9, 0x16, 0x86, 0x42, 0xB8, 0xFF, 0xCF, /* H...B... */
1836};
1837
1838static const uint8_t ciph_data_aes_cbc_nopad_out1[] = {
1839 0x8D, 0x9F, 0x88, 0xD8, 0xAF, 0x9F, 0xC1, 0x3B, /* .......; */
1840 0x02, 0x15, 0x43, 0x6A, 0x8C, 0x1E, 0x34, 0x5C, /* ..Cj..4\ */
1841 0x83, 0xF4, 0x85, 0x3E, 0x43, 0x0F, 0xE5, 0x5F, /* ...>C.._ */
1842 0x81, 0x4C, 0xC0, 0x28, 0x3F, 0xD9, 0x98, 0x53, /* .L.(?..S */
1843 0xB1, 0x44, 0x51, 0x38, 0x21, 0xAB, 0x10, 0xCE, /* .DQ8!... */
1844 0xC2, 0xEC, 0x65, 0x54, 0xDD, 0x5C, 0xEA, 0xDC, /* ..eT.\.. */
1845};
1846
1847static const uint8_t ciph_data_aes_ctr_out1[] = {
1848 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1849 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1850 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1851 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1852 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1853 0x72, 0x0E, 0x3C, 0xD1, 0xA1, 0x2F, 0x5D, 0x33, /* r.<../]3 */
1854};
1855
1856static const uint8_t ciph_data_aes_ctr_out2[] = {
1857 0xD2, 0xDD, 0x11, 0xA8, 0xF7, 0xB0, 0xAE, 0x55, /* .......U */
1858 0xBE, 0x61, 0x7A, 0xE6, 0xA1, 0x6C, 0x79, 0xF4, /* .az..ly. */
1859 0x62, 0x51, 0x7B, 0xE9, 0x7C, 0xA0, 0x31, 0x0C, /* bQ{.|.1. */
1860 0x24, 0x15, 0x70, 0x7F, 0x47, 0x37, 0x69, 0xE0, /* $.p.G7i. */
1861 0x24, 0xC3, 0x29, 0xCD, 0xF2, 0x26, 0x69, 0xFF, /* $.)..&i. */
1862 0x72, 0x0E, 0x3C, 0xD1, 0xA1, /* r.<.. */
1863};
1864
1865static const uint8_t ciph_data_aes_cbc_vect1_key[] = {
1866 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* 01234567 */
1867 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 89ABCDEF */
1868};
1869
1870static const uint8_t ciph_data_aes_cbc_vect1_iv[] = {
1871 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1872 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* ........ */
1873};
1874
1875static const uint8_t ciph_data_aes_cbc_vect1_ptx[] = {
1876 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x62, /* Cipher b */
1877 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x63, 0x68, 0x61, /* lock cha */
1878 0x69, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x28, 0x43, /* ining (C */
1879 0x42, 0x43, 0x29, 0x20, 0x69, 0x73, 0x20, 0x61, /* BC) is a */
1880 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x20, /* common */
1881 0x63, 0x68, 0x61, 0x69, 0x6E, 0x69, 0x6E, 0x67, /* chaining */
1882 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x20, 0x69, 0x6E, /* mode in */
1883 0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x74, /* which t */
1884 0x68, 0x65, 0x20, 0x70, 0x72, 0x65, 0x76, 0x69, /* he previ */
1885 0x6F, 0x75, 0x73, 0x20, 0x62, 0x6C, 0x6F, 0x63, /* ous bloc */
1886 0x6B, 0x27, 0x73, 0x20, 0x63, 0x69, 0x70, 0x68, /* k's ciph */
1887 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x20, 0x69, /* ertext i */
1888 0x73, 0x20, 0x78, 0x6F, 0x72, 0x65, 0x64, 0x20, /* s xored */
1889 0x77, 0x69, 0x74, 0x68, 0x20, 0x74, 0x68, 0x65, /* with the */
1890 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, /* current */
1891 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x27, 0x73, /* block's */
1892 0x20, 0x70, 0x6C, 0x61, 0x69, 0x6E, 0x74, 0x65, /* plainte */
1893 0x78, 0x74, 0x20, 0x62, 0x65, 0x66, 0x6F, 0x72, /* xt befor */
1894 0x65, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, /* e encryp */
1895 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x2E, 0x2E, 0x2E, /* tion.... */
1896};
1897
1898static const uint8_t ciph_data_aes_cbc_vect1_ctx[] = {
1899 0xDD, 0x16, 0xC3, 0x47, 0x69, 0xEC, 0xF5, 0x86, /* ...Gi... */
1900 0x20, 0xB4, 0xF7, 0xE3, 0xB9, 0x36, 0xE8, 0xAC, /* ....6.. */
1901 0xC9, 0xA2, 0x11, 0x71, 0x3B, 0x10, 0x9D, 0x45, /* ...q;..E */
1902 0xCA, 0xE2, 0x49, 0xA6, 0x4E, 0x56, 0x07, 0xC5, /* ..I.NV.. */
1903 0xCE, 0xA3, 0x14, 0xB5, 0x30, 0x1B, 0x63, 0xBB, /* ....0.c. */
1904 0x2D, 0x6F, 0xE9, 0xCA, 0x0B, 0x00, 0x31, 0x3F, /* -o....1? */
1905 0xA4, 0x9A, 0x39, 0xE1, 0xC8, 0xD2, 0x24, 0x95, /* ..9...$. */
1906 0x14, 0xE9, 0xD2, 0x43, 0xE8, 0xA8, 0x1E, 0x0A, /* ...C.... */
1907 0xFE, 0x9D, 0x4F, 0xF5, 0xBB, 0x16, 0xB9, 0x54, /* ..O....T */
1908 0x78, 0x07, 0x94, 0x05, 0x8E, 0x47, 0xC3, 0xCB, /* x....G.. */
1909 0x7C, 0xEC, 0xF4, 0xF8, 0xF2, 0xA4, 0x59, 0x6E, /* |.....Yn */
1910 0xED, 0xAD, 0x7F, 0x62, 0xAF, 0x89, 0xA8, 0x5B, /* ...b...[ */
1911 0x75, 0xD4, 0x73, 0xE3, 0xBA, 0x9F, 0x9A, 0xD2, /* u.s..... */
1912 0x0F, 0xFD, 0x3C, 0xE6, 0xC6, 0xA4, 0xD6, 0x6C, /* ..<....l */
1913 0x6A, 0x09, 0xE2, 0x16, 0xB0, 0x8C, 0x69, 0x3C, /* j.....i< */
1914 0xC8, 0x1C, 0xE4, 0x3E, 0x86, 0x4D, 0xB0, 0x2B, /* ...>.M.+ */
1915 0x29, 0xA0, 0x5A, 0xA3, 0x67, 0xBA, 0xDC, 0x11, /* ).Z.g... */
1916 0x08, 0x5E, 0x69, 0xB4, 0x6F, 0xA5, 0xE2, 0xB8, /* .^i.o... */
1917 0xC9, 0x6E, 0x83, 0x7E, 0x35, 0xC8, 0xA7, 0xA0, /* .n.~5... */
1918 0x33, 0xA3, 0xB1, 0x4B, 0x5A, 0x92, 0x51, 0x2E, /* 3..KZ.Q. */
1919};
1920
1921/* AES-CTS test vectors from http://tools.ietf.org/html/rfc3962
1922 * and http://tools.ietf.org/html/draft-raeburn-krb-rijndael-krb-02 */
1923static const uint8_t ciph_data_aes_cts_vect1_key[] = {
1924 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
1925 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
1926};
1927
1928static const uint8_t ciph_data_aes_cts_vect1_iv[16] = {
1929 0x00
1930};
1931
1932static const uint8_t ciph_data_aes_cts_vect1_ptx[] = {
1933 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1934 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1935 0x20
1936};
1937
1938static const uint8_t ciph_data_aes_cts_vect1_ctx[] = {
1939 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
1940 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
1941 0x97
1942};
1943
1944#define ciph_data_aes_cts_vect2_key ciph_data_aes_cts_vect1_key
1945#define ciph_data_aes_cts_vect2_iv ciph_data_aes_cts_vect1_iv
1946static const uint8_t ciph_data_aes_cts_vect2_ptx[] = {
1947 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1948 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1949 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1950 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
1951};
1952
1953static const uint8_t ciph_data_aes_cts_vect2_ctx[] = {
1954 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
1955 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
1956 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1957 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
1958};
1959
1960#define ciph_data_aes_cts_vect3_key ciph_data_aes_cts_vect1_key
1961#define ciph_data_aes_cts_vect3_iv ciph_data_aes_cts_vect1_iv
1962static const uint8_t ciph_data_aes_cts_vect3_ptx[] = {
1963 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1964 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1965 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1966 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1967};
1968
1969static const uint8_t ciph_data_aes_cts_vect3_ctx[] = {
1970 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
1971 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
1972 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1973 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
1974};
1975
1976#define ciph_data_aes_cts_vect4_key ciph_data_aes_cts_vect1_key
1977#define ciph_data_aes_cts_vect4_iv ciph_data_aes_cts_vect1_iv
1978static const uint8_t ciph_data_aes_cts_vect4_ptx[] = {
1979 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
1980 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
1981 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
1982 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
1983 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
1984 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c,
1985};
1986
1987static const uint8_t ciph_data_aes_cts_vect4_ctx[] = {
1988 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
1989 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
1990 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
1991 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
1992 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
1993 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5,
1994};
1995
1996#define ciph_data_aes_cts_vect5_key ciph_data_aes_cts_vect1_key
1997#define ciph_data_aes_cts_vect5_iv ciph_data_aes_cts_vect1_iv
1998static const uint8_t ciph_data_aes_cts_vect5_ptx[] = {
1999 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2000 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2001 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2002 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2003 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2004 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2005};
2006
2007static const uint8_t ciph_data_aes_cts_vect5_ctx[] = {
2008 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2009 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2010 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2011 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2012 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2013 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2014};
2015
2016#define ciph_data_aes_cts_vect6_key ciph_data_aes_cts_vect1_key
2017#define ciph_data_aes_cts_vect6_iv ciph_data_aes_cts_vect1_iv
2018static const uint8_t ciph_data_aes_cts_vect6_ptx[] = {
2019 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
2020 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
2021 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
2022 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
2023 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
2024 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
2025 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
2026 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e,
2027};
2028
2029static const uint8_t ciph_data_aes_cts_vect6_ctx[] = {
2030 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
2031 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
2032 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
2033 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
2034 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
2035 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
2036 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
2037 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
2038};
2039
2040static const uint8_t ciph_data_des_ecb_nopad_out1[] = {
2041 0x46, 0x2B, 0x91, 0xA8, 0x55, 0xE6, 0x7E, 0x75, /* F+..U.~u */
2042 0x5E, 0x53, 0xF4, 0x8F, 0x29, 0x41, 0x4E, 0xEF, /* ^S..)AN. */
2043 0x32, 0x1B, 0x58, 0x42, 0x9B, 0xB4, 0x3A, 0x1F, /* 2.XB..:. */
2044 0x9A, 0xEA, 0xA4, 0xB4, 0xCD, 0xE9, 0x87, 0x7C, /* .......| */
2045 0xC0, 0x05, 0x34, 0xED, 0x86, 0x3C, 0x2A, 0x81, /* ..4..<.. */
2046 0x5E, 0x93, 0x0E, 0x86, 0xA9, 0xBB, 0x80, 0xFF, /* ^....... */
2047};
2048
2049static const uint8_t ciph_data_des_ecb_nopad_out2[] = {
2050 0x85, 0xE8, 0x13, 0x54, 0x0F, 0x0A, 0xB4, 0x05
2051};
2052
2053static const uint8_t ciph_data_des_cbc_nopad_out1[] = {
2054 0xAD, 0xD6, 0xD6, 0x3E, 0x88, 0xD0, 0xDD, 0xD4, /* ...>.... */
2055 0x9A, 0x93, 0x95, 0xA0, 0x86, 0x22, 0x5B, 0x9E, /* ....."[. */
2056 0x84, 0x0C, 0x6F, 0x12, 0x04, 0x11, 0x6F, 0xD4, /* ..o...o. */
2057 0x12, 0x29, 0xC6, 0x78, 0x0C, 0xFB, 0x58, 0x5B, /* .).x..X[ */
2058 0x66, 0x82, 0x0E, 0x52, 0xDC, 0x25, 0x16, 0x51, /* f..R.%.Q */
2059 0x69, 0xDF, 0xFE, 0x4E, 0x11, 0x1D, 0x9D, 0x08, /* i..N.... */
2060};
2061
2062static const uint8_t ciph_data_des3_ecb_nopad_out1[] = {
2063 0xA7, 0x46, 0xEC, 0xA8, 0x6A, 0x7F, 0x4A, 0xF1, /* .F..j.J. */
2064 0x44, 0x60, 0x37, 0x3B, 0x7F, 0x76, 0xE5, 0xFF, /* D`7;.v.. */
2065 0xC1, 0xE7, 0xA5, 0x04, 0x9C, 0x29, 0x5C, 0xA5, /* .....)\. */
2066 0xDD, 0xC8, 0xEE, 0x36, 0x1F, 0x48, 0xE0, 0xA9, /* ...6.H.. */
2067 0x82, 0x2D, 0x53, 0x84, 0x49, 0x69, 0x78, 0xFA, /* .-S.Iix. */
2068 0x23, 0x69, 0x1D, 0xF7, 0x08, 0x38, 0x44, 0x05, /* #i...8D. */
2069};
2070
2071static const uint8_t ciph_data_des3_cbc_nopad_out1[] = {
2072 0x18, 0x09, 0xEB, 0x98, 0xE4, 0x58, 0x72, 0x11, /* .....Xr. */
2073 0x30, 0x58, 0xAB, 0x38, 0xB0, 0xC9, 0x2B, 0xED, /* 0X.8..+. */
2074 0xDA, 0xC5, 0xE8, 0xA9, 0xF6, 0x8A, 0xA7, 0x80, /* ........ */
2075 0xBE, 0x54, 0x1F, 0x63, 0xF6, 0xEE, 0xA2, 0x4C, /* .T.c...L */
2076 0x7C, 0xEB, 0x84, 0x7D, 0xDA, 0xCA, 0x1E, 0xB2, /* |..}.... */
2077 0xED, 0x5E, 0x96, 0xB8, 0x01, 0x4B, 0x77, 0x02, /* .^...Kw. */
2078};
2079
2080static const uint8_t ciph_data_des2_ecb_nopad_out1[] = {
2081 0xAB, 0x12, 0xB6, 0xE2, 0x4A, 0x3A, 0x26, 0x14, /* ....J:&. */
2082 0xF0, 0x7D, 0x23, 0xD0, 0x55, 0xDF, 0x5C, 0x16, /* .}#.U.\. */
2083 0x43, 0x59, 0x1E, 0x44, 0x01, 0x76, 0xD7, 0x50, /* CY.D.v.P */
2084 0x44, 0xC0, 0x15, 0xDF, 0x2E, 0x7F, 0x8B, 0xC5, /* D....... */
2085 0xFF, 0x8B, 0x87, 0xFE, 0x33, 0xD7, 0xCB, 0x2C, /* ....3.., */
2086 0xDA, 0x79, 0x6F, 0xA4, 0x05, 0x2B, 0x30, 0xCE, /* .yo..+0. */
2087};
2088
2089static const uint8_t ciph_data_des2_cbc_nopad_out1[] = {
2090 0x47, 0x2F, 0xB1, 0x83, 0xC4, 0xBB, 0x93, 0x16, /* G/...... */
2091 0x73, 0xF9, 0xAD, 0x6F, 0x00, 0xF9, 0xCB, 0x4A, /* s..o...J */
2092 0x0F, 0x4F, 0x75, 0x75, 0xFB, 0x39, 0x0B, 0xFC, /* .Ouu.9.. */
2093 0x9F, 0x48, 0x52, 0xAD, 0xA2, 0x75, 0x2C, 0xF1, /* .HR..u, . */
2094 0x7D, 0xC3, 0x8F, 0x16, 0xCF, 0xC9, 0x76, 0x29, /* }.....v) */
2095 0x1A, 0xBF, 0xB3, 0xD9, 0x10, 0x7E, 0xAA, 0x49, /* .....~.I */
2096};
2097
2098struct xtest_ciph_case {
2099 uint32_t algo;
2100 uint32_t mode;
2101 uint32_t key_type;
2102 const uint8_t *key1;
2103 size_t key1_len;
2104 const uint8_t *key2;
2105 size_t key2_len;
2106 const uint8_t *iv;
2107 size_t iv_len;
2108 size_t in_incr;
2109 const uint8_t *in;
2110 size_t in_len;
2111 const uint8_t *out;
2112 size_t out_len;
2113 size_t line;
2114};
2115
2116#define XTEST_CIPH_CASE_NO_IV(algo, key_type, key, in_incr, ptx, ctx) \
2117 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2118 NULL, 0, NULL, 0, \
2119 (in_incr), (ptx), ARRAY_SIZE(ptx), (ctx), ARRAY_SIZE(ctx), \
2120 __LINE__ }, \
2121 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2122 NULL, 0, NULL, 0, \
2123 (in_incr), (ctx), ARRAY_SIZE(ctx), (ptx), ARRAY_SIZE(ptx), __LINE__ }
2124
2125#define XTEST_CIPH_CASE(algo, key_type, key, iv, in_incr, ptx, ctx) \
2126 { (algo), TEE_MODE_ENCRYPT, (key_type), (key), ARRAY_SIZE(key), \
2127 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ptx), ARRAY_SIZE(ptx), \
2128 (ctx), ARRAY_SIZE(ctx), __LINE__ }, \
2129 { (algo), TEE_MODE_DECRYPT, (key_type), (key), ARRAY_SIZE(key), \
2130 NULL, 0, iv, ARRAY_SIZE(iv), (in_incr), (ctx), ARRAY_SIZE(ctx), \
2131 (ptx), ARRAY_SIZE(ptx), __LINE__ }
2132
2133#define XTEST_CIPH_CASE_AES_XTS(vect, in_incr) \
2134 { TEE_ALG_AES_XTS, TEE_MODE_ENCRYPT, TEE_TYPE_AES, \
2135 ciph_data_aes_xts_ ## vect ## _key1, \
2136 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2137 ciph_data_aes_xts_ ## vect ## _key2, \
2138 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2139 ciph_data_aes_xts_ ## vect ## _iv, \
2140 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2141 (in_incr), \
2142 ciph_data_aes_xts_ ## vect ## _ptx, \
2143 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), \
2144 ciph_data_aes_xts_ ## vect ## _ctx, \
2145 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), __LINE__ }, \
2146 { TEE_ALG_AES_XTS, TEE_MODE_DECRYPT, TEE_TYPE_AES, \
2147 ciph_data_aes_xts_ ## vect ## _key1, \
2148 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key1), \
2149 ciph_data_aes_xts_ ## vect ## _key2, \
2150 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _key2), \
2151 ciph_data_aes_xts_ ## vect ## _iv, \
2152 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _iv), \
2153 (in_incr), \
2154 ciph_data_aes_xts_ ## vect ## _ctx, \
2155 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ctx), \
2156 ciph_data_aes_xts_ ## vect ## _ptx, \
2157 ARRAY_SIZE(ciph_data_aes_xts_ ## vect ## _ptx), __LINE__ }
2158
2159#define XTEST_CIPH_CASE_AES_CBC(vect, in_incr) \
2160 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES, \
2161 ciph_data_aes_cbc_ ## vect ## _key, \
2162 ciph_data_aes_cbc_ ## vect ## _iv, \
2163 (in_incr), ciph_data_aes_cbc_ ## vect ## _ptx, \
2164 ciph_data_aes_cbc_ ## vect ## _ctx)
2165
2166#define XTEST_CIPH_CASE_AES_CTS(vect, in_incr) \
2167 XTEST_CIPH_CASE(TEE_ALG_AES_CTS, TEE_TYPE_AES, \
2168 ciph_data_aes_cts_ ## vect ## _key, \
2169 ciph_data_aes_cts_ ## vect ## _iv, \
2170 (in_incr), ciph_data_aes_cts_ ## vect ## _ptx, \
2171 ciph_data_aes_cts_ ## vect ## _ctx)
2172
2173static const struct xtest_ciph_case ciph_cases[] = {
2174 /* AES */
2175 XTEST_CIPH_CASE_NO_IV(TEE_ALG_AES_ECB_NOPAD, TEE_TYPE_AES,
2176 ciph_data_aes_key1, 11, ciph_data_in1,
2177 ciph_data_aes_ecb_nopad_out1),
2178 XTEST_CIPH_CASE(TEE_ALG_AES_CBC_NOPAD, TEE_TYPE_AES,
2179 ciph_data_aes_key1, ciph_data_128_iv1, 11,
2180 ciph_data_in1,
2181 ciph_data_aes_cbc_nopad_out1),
2182 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2183 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2184 ciph_data_in1,
2185 ciph_data_aes_ctr_out1),
2186 XTEST_CIPH_CASE(TEE_ALG_AES_CTR, TEE_TYPE_AES,
2187 ciph_data_aes_key1, ciph_data_128_iv1, 13,
2188 ciph_data_in3,
2189 ciph_data_aes_ctr_out2),
2190
2191 XTEST_CIPH_CASE_AES_CBC(vect1, 11),
2192
2193 /* AES-CTS */
2194 XTEST_CIPH_CASE_AES_CTS(vect1, 13),
2195 XTEST_CIPH_CASE_AES_CTS(vect2, 14),
2196 XTEST_CIPH_CASE_AES_CTS(vect3, 11),
2197 XTEST_CIPH_CASE_AES_CTS(vect4, 9),
2198 XTEST_CIPH_CASE_AES_CTS(vect5, 7),
2199 XTEST_CIPH_CASE_AES_CTS(vect6, 17),
2200 XTEST_CIPH_CASE_AES_CTS(vect6, 0x20),
2201
2202 /* DES */
2203 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2204 ciph_data_des_key1, 14, ciph_data_in1,
2205 ciph_data_des_ecb_nopad_out1),
2206 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES_ECB_NOPAD, TEE_TYPE_DES,
2207 ciph_data_des_key2, 3, ciph_data_in2,
2208 ciph_data_des_ecb_nopad_out2),
2209 XTEST_CIPH_CASE(TEE_ALG_DES_CBC_NOPAD, TEE_TYPE_DES,
2210 ciph_data_des_key1, ciph_data_64_iv1, 15, ciph_data_in1,
2211 ciph_data_des_cbc_nopad_out1),
2212
2213 /* DES3 */
2214 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2215 ciph_data_des3_key1, 11, ciph_data_in1,
2216 ciph_data_des3_ecb_nopad_out1),
2217 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2218 ciph_data_des3_key2, 3, ciph_data_in2,
2219 ciph_data_des_ecb_nopad_out2),
2220 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2221 ciph_data_des3_key1, ciph_data_64_iv1, 11,
2222 ciph_data_in1,
2223 ciph_data_des3_cbc_nopad_out1),
2224
2225 /* DES2 */
2226 XTEST_CIPH_CASE_NO_IV(TEE_ALG_DES3_ECB_NOPAD, TEE_TYPE_DES3,
2227 ciph_data_des2_key1, 11, ciph_data_in1,
2228 ciph_data_des2_ecb_nopad_out1),
2229 XTEST_CIPH_CASE(TEE_ALG_DES3_CBC_NOPAD, TEE_TYPE_DES3,
2230 ciph_data_des2_key1, ciph_data_64_iv1, 11,
2231 ciph_data_in1,
2232 ciph_data_des2_cbc_nopad_out1),
2233};
2234
2235static const struct xtest_ciph_case ciph_cases_xts[] = {
2236 /* AES-XTS */
2237 XTEST_CIPH_CASE_AES_XTS(vect1, 3),
2238 XTEST_CIPH_CASE_AES_XTS(vect2, 6),
2239 XTEST_CIPH_CASE_AES_XTS(vect3, 7),
2240 XTEST_CIPH_CASE_AES_XTS(vect4, 8),
2241 XTEST_CIPH_CASE_AES_XTS(vect5, 9),
2242 XTEST_CIPH_CASE_AES_XTS(vect6, 13),
2243 XTEST_CIPH_CASE_AES_XTS(vect7, 1),
2244 XTEST_CIPH_CASE_AES_XTS(vect8, 3),
2245 XTEST_CIPH_CASE_AES_XTS(vect9, 2),
2246 XTEST_CIPH_CASE_AES_XTS(vect10, 5),
2247 XTEST_CIPH_CASE_AES_XTS(vect11, 6),
2248 XTEST_CIPH_CASE_AES_XTS(vect12, 7),
2249 XTEST_CIPH_CASE_AES_XTS(vect13, 3),
2250 XTEST_CIPH_CASE_AES_XTS(vect14, 2),
2251 XTEST_CIPH_CASE_AES_XTS(vect15, 0),
2252 XTEST_CIPH_CASE_AES_XTS(vect16, 9),
2253 XTEST_CIPH_CASE_AES_XTS(vect17, 6),
2254 XTEST_CIPH_CASE_AES_XTS(vect18, 8),
2255 XTEST_CIPH_CASE_AES_XTS(vect19, 23),
2256};
2257
2258static void xtest_tee_test_4003_no_xts(ADBG_Case_t *c)
2259{
2260 TEEC_Session session = { 0 };
2261 TEE_OperationHandle op;
2262 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2263 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2264 uint8_t out[2048];
2265 size_t out_size;
2266 size_t out_offs;
2267 uint32_t ret_orig;
2268 size_t n;
2269
2270 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2271 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2272 &ret_orig)))
2273 return;
2274
2275 for (n = 0; n < ARRAY_SIZE(ciph_cases); n++) {
2276 TEE_Attribute key_attr;
2277 size_t key_size;
2278 size_t op_key_size;
2279
2280
2281 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2282 (int)n, (unsigned int)ciph_cases[n].algo,
2283 (int)ciph_cases[n].line);
2284
2285 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2286 key_attr.content.ref.buffer = (void *)ciph_cases[n].key1;
2287 key_attr.content.ref.length = ciph_cases[n].key1_len;
2288
2289 key_size = key_attr.content.ref.length * 8;
2290 if (ciph_cases[n].key_type == TEE_TYPE_DES ||
2291 ciph_cases[n].key_type == TEE_TYPE_DES3)
2292 /* Exclude parity in bit size of key */
2293 key_size -= key_size / 8;
2294
2295 op_key_size = key_size;
2296 if (ciph_cases[n].key2 != NULL)
2297 op_key_size *= 2;
2298
2299 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2300 ta_crypt_cmd_allocate_operation(c, &session, &op,
2301 ciph_cases[n].algo, ciph_cases[n].mode,
2302 op_key_size)))
2303 goto out;
2304
2305 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2306 ta_crypt_cmd_allocate_transient_object(c, &session,
2307 ciph_cases[n].key_type, key_size,
2308 &key1_handle)))
2309 goto out;
2310
2311 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2312 ta_crypt_cmd_populate_transient_object(c, &session,
2313 key1_handle, &key_attr, 1)))
2314 goto out;
2315
2316 if (ciph_cases[n].key2 != NULL) {
2317 key_attr.content.ref.buffer =
2318 (void *)ciph_cases[n].key2;
2319 key_attr.content.ref.length = ciph_cases[n].key2_len;
2320
2321 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2322 ta_crypt_cmd_allocate_transient_object(c,
2323 &session, ciph_cases[n].key_type,
2324 key_attr.content.ref.length * 8,
2325 &key2_handle)))
2326 goto out;
2327
2328 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2329 ta_crypt_cmd_populate_transient_object(c,
2330 &session, key2_handle, &key_attr, 1)))
2331 goto out;
2332
2333 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2334 ta_crypt_cmd_set_operation_key2(c, &session, op,
2335 key1_handle, key2_handle)))
2336 goto out;
2337 } else {
2338 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2339 ta_crypt_cmd_set_operation_key(c, &session, op,
2340 key1_handle)))
2341 goto out;
2342 }
2343
2344 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2345 ta_crypt_cmd_free_transient_object(c, &session,
2346 key1_handle)))
2347 goto out;
2348 key1_handle = TEE_HANDLE_NULL;
2349
2350 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2351 ta_crypt_cmd_free_transient_object(c, &session,
2352 key2_handle)))
2353 goto out;
2354 key2_handle = TEE_HANDLE_NULL;
2355
2356 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2357 ta_crypt_cmd_cipher_init(c, &session, op,
2358 ciph_cases[n].iv, ciph_cases[n].iv_len)))
2359 goto out;
2360
2361 out_offs = 0;
2362 out_size = sizeof(out);
2363 memset(out, 0, sizeof(out));
2364 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2365 ta_crypt_cmd_cipher_update(c, &session, op,
2366 ciph_cases[n].in, ciph_cases[n].in_incr, out,
2367 &out_size)))
2368 goto out;
2369
2370 out_offs += out_size;
2371 out_size = sizeof(out) - out_offs;
2372
2373 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2374 ta_crypt_cmd_cipher_do_final(c, &session, op,
2375 ciph_cases[n].in + ciph_cases[n].in_incr,
2376 ciph_cases[n].in_len - ciph_cases[n].in_incr,
2377 out + out_offs,
2378 &out_size)))
2379 goto out;
2380
2381 out_offs += out_size;
2382
2383 (void)ADBG_EXPECT_BUFFER(c, ciph_cases[n].out,
2384 ciph_cases[n].out_len, out, out_offs);
2385
2386 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2387 ta_crypt_cmd_free_operation(c, &session, op)))
2388 goto out;
2389
2390 Do_ADBG_EndSubCase(c, NULL);
2391 }
2392out:
2393 TEEC_CloseSession(&session);
2394}
2395
2396/*
2397 * This is a split of the original xtest 4003 as eary version of the ST TEE.
2398 *
2399 * Core did not support xts.
2400 */
2401static void xtest_tee_test_4003_xts(ADBG_Case_t *c)
2402{
2403 TEEC_Session session = { 0 };
2404 TEE_OperationHandle op;
2405 TEE_ObjectHandle key1_handle = TEE_HANDLE_NULL;
2406 TEE_ObjectHandle key2_handle = TEE_HANDLE_NULL;
2407 uint8_t out[2048];
2408 size_t out_size;
2409 size_t out_offs;
2410 uint32_t ret_orig;
2411 size_t n;
2412
2413 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2414 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2415 &ret_orig)))
2416 return;
2417
2418 for (n = 0; n < ARRAY_SIZE(ciph_cases_xts); n++) {
2419 TEE_Attribute key_attr;
2420 size_t key_size;
2421 size_t op_key_size;
2422
2423 Do_ADBG_BeginSubCase(c, "Cipher case %d algo 0x%x line %d",
2424 (int)n,
2425 (unsigned int)ciph_cases_xts[n].algo,
2426 (int)ciph_cases_xts[n].line);
2427
2428 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2429 key_attr.content.ref.buffer = (void *)ciph_cases_xts[n].key1;
2430 key_attr.content.ref.length = ciph_cases_xts[n].key1_len;
2431
2432 key_size = key_attr.content.ref.length * 8;
2433 if (ciph_cases_xts[n].key_type == TEE_TYPE_DES ||
2434 ciph_cases_xts[n].key_type == TEE_TYPE_DES3)
2435 /* Exclude parity in bit size of key */
2436 key_size -= key_size / 8;
2437
2438 op_key_size = key_size;
2439 if (ciph_cases_xts[n].key2 != NULL)
2440 op_key_size *= 2;
2441
2442 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2443 ta_crypt_cmd_allocate_operation(c, &session, &op,
2444 ciph_cases_xts[n].algo, ciph_cases_xts[n].mode,
2445 op_key_size)))
2446 goto out;
2447
2448 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2449 ta_crypt_cmd_allocate_transient_object(c, &session,
2450 ciph_cases_xts[n].key_type, key_size,
2451 &key1_handle)))
2452 goto out;
2453
2454 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2455 ta_crypt_cmd_populate_transient_object(c, &session,
2456 key1_handle, &key_attr, 1)))
2457 goto out;
2458
2459 if (ciph_cases_xts[n].key2 != NULL) {
2460 key_attr.content.ref.buffer =
2461 (void *)ciph_cases_xts[n].key2;
2462
2463 key_attr.content.ref.length =
2464 ciph_cases_xts[n].key2_len;
2465
2466 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2467 ta_crypt_cmd_allocate_transient_object(c,
2468 &session, ciph_cases_xts[n].key_type,
2469 key_attr.content.ref.length * 8,
2470 &key2_handle)))
2471 goto out;
2472
2473 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2474 ta_crypt_cmd_populate_transient_object(c,
2475 &session, key2_handle, &key_attr, 1)))
2476 goto out;
2477
2478 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2479 ta_crypt_cmd_set_operation_key2(c, &session, op,
2480 key1_handle, key2_handle)))
2481 goto out;
2482 } else {
2483 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2484 ta_crypt_cmd_set_operation_key(c, &session, op,
2485 key1_handle)))
2486 goto out;
2487 }
2488
2489 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2490 ta_crypt_cmd_free_transient_object(c, &session,
2491 key1_handle)))
2492 goto out;
2493
2494 key1_handle = TEE_HANDLE_NULL;
2495
2496 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2497 ta_crypt_cmd_free_transient_object(c, &session,
2498 key2_handle)))
2499 goto out;
2500
2501 key2_handle = TEE_HANDLE_NULL;
2502
2503 if (!ADBG_EXPECT_TEEC_SUCCESS(c, ta_crypt_cmd_cipher_init(c,
2504 &
2505 session,
2506 op,
2507 ciph_cases_xts
2508 [n].iv, ciph_cases_xts[n].iv_len)))
2509 goto out;
2510
2511 out_offs = 0;
2512 out_size = sizeof(out);
2513 memset(out, 0, sizeof(out));
2514 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2515 ta_crypt_cmd_cipher_update(c, &session, op,
2516 ciph_cases_xts[n].in, ciph_cases_xts[n].in_incr,
2517 out, &out_size)))
2518 goto out;
2519
2520 out_offs += out_size;
2521 out_size = sizeof(out) - out_offs;
2522
2523 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2524 ta_crypt_cmd_cipher_do_final(c, &session, op,
2525 ciph_cases_xts[n].in +
2526 ciph_cases_xts[n].in_incr,
2527 ciph_cases_xts[n].in_len -
2528 ciph_cases_xts[n].in_incr,
2529 out + out_offs,
2530 &out_size)))
2531 goto out;
2532 out_offs += out_size;
2533
2534 (void)ADBG_EXPECT_BUFFER(c, ciph_cases_xts[n].out,
2535 ciph_cases_xts[n].out_len, out,
2536 out_offs);
2537
2538 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2539 ta_crypt_cmd_free_operation(c, &session, op)))
2540 goto out;
2541
2542 Do_ADBG_EndSubCase(c, NULL);
2543 }
2544out:
2545 TEEC_CloseSession(&session);
2546}
2547
2548static void xtest_tee_test_4004(ADBG_Case_t *c)
2549{
2550 TEEC_Session session = { 0 };
2551 uint32_t ret_orig;
2552 uint8_t buf1[45] = { 0 };
2553 uint8_t buf2[45] = { 0 };
2554 static const uint8_t zeros[45] = { 0 };
2555
2556 Do_ADBG_BeginSubCase(c, "TEE get random");
2557 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2558 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2559 &ret_orig)))
2560 return;
2561
2562 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2563 ta_crypt_cmd_random_number_generate(c, &session, buf1,
2564 sizeof(buf1))))
2565 goto out;
2566
2567 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2568 0, !=, memcmp(buf1, zeros, sizeof(buf1)));
2569
2570 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2571 ta_crypt_cmd_random_number_generate(c, &session, buf2,
2572 sizeof(buf2))))
2573 goto out;
2574
2575 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2576 0, !=, memcmp(buf2, zeros, sizeof(buf2)));
2577
2578 (void)ADBG_EXPECT_COMPARE_SIGNED(c,
2579 0, !=, memcmp(buf2, buf1, sizeof(buf1)));
2580out:
2581 TEEC_CloseSession(&session);
2582 Do_ADBG_EndSubCase(c, "TEE get random");
2583}
2584
2585
2586struct xtest_ae_case {
2587 uint32_t algo;
2588 uint32_t mode;
2589 uint32_t key_type;
2590 const uint8_t *key;
2591 size_t key_len;
2592 const uint8_t *nonce;
2593 size_t nonce_len;
2594 size_t aad_incr;
2595 const uint8_t *aad;
2596 size_t aad_len;
2597 size_t in_incr;
2598 const uint8_t *ptx;
2599 size_t ptx_len;
2600 const uint8_t *ctx;
2601 size_t ctx_len;
2602 const uint8_t *tag;
2603 size_t tag_len;
2604 size_t line;
2605};
2606
2607
2608#define ARRAY(a) a, ARRAY_SIZE(a)
2609#define NULL_ARRAY(a) NULL, 0
2610
2611#define XTEST_AE_CASE(algo, vect, aad_incr, in_incr, \
2612 aad_array, ptx_array, ctx_array) \
2613 { (algo), TEE_MODE_ENCRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2614 ARRAY(vect ## _nonce), (aad_incr), \
2615 aad_array(vect ## _aad), (in_incr), \
2616 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2617 ARRAY(vect ## _tag), \
2618 __LINE__ }, \
2619 { (algo), TEE_MODE_DECRYPT, TEE_TYPE_AES, ARRAY(vect ## _key), \
2620 ARRAY(vect ## _nonce), (aad_incr), \
2621 aad_array(vect ## _aad), (in_incr), \
2622 ptx_array(vect ## _ptx), ctx_array(vect ## _ctx), \
2623 ARRAY(vect ## _tag), \
2624 __LINE__ }
2625
2626#define XTEST_AE_CASE_AES_CCM(vect, aad_incr, in_incr) \
2627 XTEST_AE_CASE(TEE_ALG_AES_CCM, ae_data_aes_ccm_ ## vect, aad_incr, \
2628 in_incr, ARRAY, ARRAY, ARRAY)
2629
2630#define XTEST_AE_CASE_AES_GCM(vect, aad_incr, in_incr, \
2631 aad_array, ptx_array, ctx_array) \
2632 XTEST_AE_CASE(TEE_ALG_AES_GCM, ae_data_aes_gcm_ ## vect, aad_incr, \
2633 in_incr, aad_array, ptx_array, ctx_array)
2634
2635
2636
2637static const struct xtest_ae_case ae_cases[] = {
2638 XTEST_AE_CASE_AES_CCM(vect1, 3, 2),
2639 XTEST_AE_CASE_AES_CCM(vect2, 7, 13),
2640 XTEST_AE_CASE_AES_CCM(vect3, 5, 21),
2641
2642 XTEST_AE_CASE_AES_GCM(vect1, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2643 XTEST_AE_CASE_AES_GCM(vect2, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2644 XTEST_AE_CASE_AES_GCM(vect3, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2645 XTEST_AE_CASE_AES_GCM(vect3, 0, 0x20, NULL_ARRAY, ARRAY, ARRAY),
2646 XTEST_AE_CASE_AES_GCM(vect4, 5, 9, ARRAY, ARRAY, ARRAY),
2647 XTEST_AE_CASE_AES_GCM(vect5, 5, 9, ARRAY, ARRAY, ARRAY),
2648 XTEST_AE_CASE_AES_GCM(vect6, 5, 9, ARRAY, ARRAY, ARRAY),
2649 XTEST_AE_CASE_AES_GCM(vect7, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2650 XTEST_AE_CASE_AES_GCM(vect8, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2651 XTEST_AE_CASE_AES_GCM(vect9, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2652 XTEST_AE_CASE_AES_GCM(vect10, 5, 9, ARRAY, ARRAY, ARRAY),
2653 XTEST_AE_CASE_AES_GCM(vect11, 5, 9, ARRAY, ARRAY, ARRAY),
2654 XTEST_AE_CASE_AES_GCM(vect12, 5, 9, ARRAY, ARRAY, ARRAY),
2655 XTEST_AE_CASE_AES_GCM(vect13, 0, 0, NULL_ARRAY, NULL_ARRAY, NULL_ARRAY),
2656 XTEST_AE_CASE_AES_GCM(vect14, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2657 XTEST_AE_CASE_AES_GCM(vect15, 0, 9, NULL_ARRAY, ARRAY, ARRAY),
2658 XTEST_AE_CASE_AES_GCM(vect16, 5, 9, ARRAY, ARRAY, ARRAY),
2659 XTEST_AE_CASE_AES_GCM(vect17, 5, 9, ARRAY, ARRAY, ARRAY),
2660 XTEST_AE_CASE_AES_GCM(vect18, 5, 9, ARRAY, ARRAY, ARRAY),
2661};
2662
2663static void xtest_tee_test_4005(ADBG_Case_t *c)
2664{
2665 TEEC_Session session = { 0 };
2666 TEE_OperationHandle op;
2667 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
2668 TEE_Attribute key_attr;
2669 uint8_t out[512];
2670 size_t out_size;
2671 size_t out_offs;
2672 uint32_t ret_orig;
2673 size_t n;
2674
2675 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2676 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
2677 &ret_orig)))
2678 return;
2679
2680 for (n = 0; n < ARRAY_SIZE(ae_cases); n++) {
2681 Do_ADBG_BeginSubCase(c, "AE case %d algo 0x%x line %d",
2682 (int)n, (unsigned int)ae_cases[n].algo,
2683 (int)ae_cases[n].line);
2684
2685 key_attr.attributeID = TEE_ATTR_SECRET_VALUE;
2686 key_attr.content.ref.buffer = (void *)ae_cases[n].key;
2687 key_attr.content.ref.length = ae_cases[n].key_len;
2688
2689 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2690 ta_crypt_cmd_allocate_operation(c, &session, &op,
2691 ae_cases[n].algo, ae_cases[n].mode,
2692 key_attr.content.ref.length * 8)))
2693 goto out;
2694
2695 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2696 ta_crypt_cmd_allocate_transient_object(c, &session,
2697 ae_cases[n].key_type,
2698 key_attr.content.ref.length * 8,
2699 &key_handle)))
2700 goto out;
2701
2702 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2703 ta_crypt_cmd_populate_transient_object(c, &session,
2704 key_handle, &key_attr, 1)))
2705 goto out;
2706
2707 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2708 ta_crypt_cmd_set_operation_key(c, &session, op,
2709 key_handle)))
2710 goto out;
2711
2712 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2713 ta_crypt_cmd_free_transient_object(c, &session,
2714 key_handle)))
2715 goto out;
2716 key_handle = TEE_HANDLE_NULL;
2717
2718 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2719 ta_crypt_cmd_ae_init(c, &session, op, ae_cases[n].nonce,
2720 ae_cases[n].nonce_len, ae_cases[n].tag_len,
2721 ae_cases[n].aad_len, ae_cases[n].ptx_len)))
2722 goto out;
2723
2724 if (ae_cases[n].aad != NULL) {
2725 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2726 ta_crypt_cmd_ae_update_aad(c, &session, op,
2727 ae_cases[n].aad, ae_cases[n].aad_incr)))
2728 goto out;
2729
2730 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2731 ta_crypt_cmd_ae_update_aad(c, &session, op,
2732 ae_cases[n].aad + ae_cases[n].aad_incr,
2733 ae_cases [n].aad_len -
2734 ae_cases[n].aad_incr)))
2735 goto out;
2736 }
2737
2738 out_offs = 0;
2739 out_size = sizeof(out);
2740 memset(out, 0, sizeof(out));
2741 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2742 if (ae_cases[n].ptx != NULL) {
2743 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2744 ta_crypt_cmd_ae_update(c, &session, op,
2745 ae_cases[n].ptx,
2746 ae_cases[n].in_incr, out,
2747 &out_size)))
2748 goto out;
2749 out_offs += out_size;
2750 }
2751 } else {
2752 if (ae_cases[n].ctx != NULL) {
2753 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2754 ta_crypt_cmd_ae_update(c, &session, op,
2755 ae_cases[n].ctx,
2756 ae_cases[n].in_incr, out,
2757 &out_size)))
2758 goto out;
2759 out_offs += out_size;
2760 }
2761 }
2762
2763 out_size = sizeof(out) - out_offs;
2764 if (ae_cases[n].mode == TEE_MODE_ENCRYPT) {
2765 uint8_t out_tag[64];
2766 size_t out_tag_len = MIN(sizeof(out_tag),
2767 ae_cases[n].tag_len);
2768
2769 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2770 ta_crypt_cmd_ae_encrypt_final(c, &session, op,
2771 ae_cases[n].ptx + ae_cases[n].in_incr,
2772 ae_cases[n].ptx_len -
2773 ae_cases[n].in_incr,
2774 out + out_offs,
2775 &out_size, out_tag, &out_tag_len)))
2776 goto out;
2777
2778 (void)ADBG_EXPECT_BUFFER(c,
2779 ae_cases[n].tag, ae_cases[n].tag_len, out_tag,
2780 out_tag_len);
2781
2782 out_offs += out_size;
2783
2784 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ctx,
2785 ae_cases[n].ctx_len, out, out_offs);
2786 } else {
2787 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2788 ta_crypt_cmd_ae_decrypt_final(c, &session, op,
2789 ae_cases[n].ctx + ae_cases[n].in_incr,
2790 ae_cases[n].ctx_len -
2791 ae_cases[n].in_incr,
2792 out + out_offs,
2793 &out_size, ae_cases[n].tag,
2794 ae_cases[n].tag_len)))
2795 goto out;
2796
2797 out_offs += out_size;
2798
2799 (void)ADBG_EXPECT_BUFFER(c, ae_cases[n].ptx,
2800 ae_cases[n].ptx_len, out, out_offs);
2801 }
2802
2803 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
2804 ta_crypt_cmd_free_operation(c, &session, op)))
2805 goto out;
2806
2807 Do_ADBG_EndSubCase(c, NULL);
2808 }
2809out:
2810 TEEC_CloseSession(&session);
2811}
2812
2813struct xtest_ac_case {
2814 uint32_t algo;
2815 TEE_OperationMode mode;
2816
2817 union {
2818 struct {
2819 const uint8_t *modulus;
2820 size_t modulus_len;
2821
2822 const uint8_t *pub_exp;
2823 size_t pub_exp_len;
2824
2825 const uint8_t *priv_exp;
2826 size_t priv_exp_len;
2827
2828 const uint8_t *prime1; /* q */
2829 size_t prime1_len;
2830 const uint8_t *prime2; /* p */
2831 size_t prime2_len;
2832 const uint8_t *exp1; /* dp */
2833 size_t exp1_len;
2834 const uint8_t *exp2; /* dq */
2835 size_t exp2_len;
2836 const uint8_t *coeff; /* iq */
2837 size_t coeff_len;
2838
2839 int salt_len;
2840 } rsa;
2841 struct {
2842 const uint8_t *prime;
2843 size_t prime_len;
2844 const uint8_t *sub_prime;
2845 size_t sub_prime_len;
2846 const uint8_t *base;
2847 size_t base_len;
2848 const uint8_t *pub_val;
2849 size_t pub_val_len;
2850 const uint8_t *priv_val;
2851 size_t priv_val_len;
2852 } dsa;
2853 } params;
2854
2855 const uint8_t *ptx;
2856 size_t ptx_len;
2857 const uint8_t *ctx;
2858 size_t ctx_len;
2859 size_t line;
2860};
2861
2862#define WITHOUT_SALT(x) -1
2863#define WITH_SALT(x) x
2864
2865#define XTEST_AC_CASE(algo, mode, vect, union_params) \
2866 { (algo), (mode), .params = union_params, \
2867 ARRAY(vect ## _ptx), \
2868 ARRAY(vect ## _out), \
2869 __LINE__ }
2870
2871#define XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt) \
2872 { .rsa = { \
2873 ARRAY(vect ## _modulus), \
2874 ARRAY(vect ## _pub_exp), \
2875 ARRAY(vect ## _priv_exp), \
2876 opt_crt_array(vect ## _prime1), \
2877 opt_crt_array(vect ## _prime2), \
2878 opt_crt_array(vect ## _exp1), \
2879 opt_crt_array(vect ## _exp2), \
2880 opt_crt_array(vect ## _coeff), \
2881 opt_salt(vect ## _salt_len) \
2882 } }
2883
2884#define XTEST_AC_RSA_CASE(algo, mode, vect, opt_crt_array, opt_salt) \
2885 XTEST_AC_CASE(algo, mode, vect, \
2886 XTEST_AC_RSA_UNION(vect, opt_crt_array, opt_salt))
2887
2888#define XTEST_AC_DSA_UNION(vect) \
2889 { .dsa = { \
2890 ARRAY(vect ## _prime), \
2891 ARRAY(vect ## _sub_prime), \
2892 ARRAY(vect ## _base), \
2893 ARRAY(vect ## _pub_val), \
2894 ARRAY(vect ## _priv_val), \
2895 } }
2896
2897#define XTEST_AC_DSA_CASE(algo, mode, vect) \
2898 XTEST_AC_CASE(algo, mode, vect, XTEST_AC_DSA_UNION(vect))
2899
2900static const struct xtest_ac_case xtest_ac_cases[] = {
2901 /* RSA test without crt parameters */
2902 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2903 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2904 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2905 ac_rsassa_vect1, NULL_ARRAY, WITHOUT_SALT),
2906 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
2907 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2908 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
2909 ac_rsassa_vect2, NULL_ARRAY, WITHOUT_SALT),
2910 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2911 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2912 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2913 ac_rsassa_vect3, NULL_ARRAY, WITHOUT_SALT),
2914 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2915 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2916 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2917 ac_rsassa_vect4, NULL_ARRAY, WITHOUT_SALT),
2918 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2919 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2920 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2921 ac_rsassa_vect5, NULL_ARRAY, WITHOUT_SALT),
2922 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2923 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2924 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2925 ac_rsassa_vect6, NULL_ARRAY, WITHOUT_SALT),
2926
2927 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2928 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2929 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2930 ac_rsassa_vect7, NULL_ARRAY, WITHOUT_SALT),
2931
2932 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
2933 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2934 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
2935 ac_rsassa_vect8, NULL_ARRAY, WITHOUT_SALT),
2936 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_SIGN,
2937 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2938 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, TEE_MODE_VERIFY,
2939 ac_rsassa_vect16, NULL_ARRAY, WITHOUT_SALT),
2940 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
2941 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2942 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
2943 ac_rsassa_vect9, NULL_ARRAY, WITHOUT_SALT),
2944 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
2945 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2946 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
2947 ac_rsassa_vect10, NULL_ARRAY, WITHOUT_SALT),
2948 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
2949 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2950 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
2951 ac_rsassa_vect11, NULL_ARRAY, WITHOUT_SALT),
2952
2953 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
2954 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
2955 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
2956 ac_rsassa_vect12, NULL_ARRAY, WITH_SALT),
2957 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
2958 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
2959 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
2960 ac_rsassa_vect17, NULL_ARRAY, WITH_SALT),
2961 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
2962 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
2963 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
2964 ac_rsassa_vect13, NULL_ARRAY, WITH_SALT),
2965 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
2966 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
2967 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
2968 ac_rsassa_vect14, NULL_ARRAY, WITH_SALT),
2969 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
2970 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
2971 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
2972 ac_rsassa_vect15, NULL_ARRAY, WITH_SALT),
2973
2974 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
2975 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
2976 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
2977 ac_rsaes_pkcs1_v1_5_vect1, NULL_ARRAY, WITHOUT_SALT),
2978 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
2979 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
2980 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
2981 ac_rsaes_pkcs1_v1_5_vect2, NULL_ARRAY, WITHOUT_SALT),
2982 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
2983 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
2984 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
2985 ac_rsaes_pkcs1_v1_5_vect15, NULL_ARRAY, WITHOUT_SALT),
2986
2987 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
2988 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
2989 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
2990 ac_rsaes_oaep_vect1, NULL_ARRAY, WITHOUT_SALT),
2991 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
2992 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
2993 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
2994 ac_rsaes_oaep_vect2, NULL_ARRAY, WITHOUT_SALT),
2995 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
2996 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
2997 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
2998 ac_rsaes_oaep_vect10, NULL_ARRAY, WITHOUT_SALT),
2999
3000 /* RSA test with crt parameters */
3001 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3002 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3003 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3004 ac_rsassa_vect1, ARRAY, WITHOUT_SALT),
3005 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
3006 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3007 XTEST_AC_RSA_CASE(TEE_ALG_RSA_NOPAD, TEE_MODE_DECRYPT,
3008 ac_rsassa_vect2, ARRAY, WITHOUT_SALT),
3009 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3010 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3011 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3012 ac_rsassa_vect3, ARRAY, WITHOUT_SALT),
3013 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3014 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3015 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3016 ac_rsassa_vect4, ARRAY, WITHOUT_SALT),
3017 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3018 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3019 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3020 ac_rsassa_vect5, ARRAY, WITHOUT_SALT),
3021 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3022 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3023 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3024 ac_rsassa_vect6, ARRAY, WITHOUT_SALT),
3025 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3026 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3027 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3028 ac_rsassa_vect7, ARRAY, WITHOUT_SALT),
3029 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_SIGN,
3030 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3031 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, TEE_MODE_VERIFY,
3032 ac_rsassa_vect8, ARRAY, WITHOUT_SALT),
3033 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_SIGN,
3034 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3035 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, TEE_MODE_VERIFY,
3036 ac_rsassa_vect9, ARRAY, WITHOUT_SALT),
3037 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_SIGN,
3038 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3039 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, TEE_MODE_VERIFY,
3040 ac_rsassa_vect10, ARRAY, WITHOUT_SALT),
3041 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_SIGN,
3042 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3043 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, TEE_MODE_VERIFY,
3044 ac_rsassa_vect11, ARRAY, WITHOUT_SALT),
3045
3046 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_VERIFY,
3047 ac_rsassa_vect12, ARRAY, WITH_SALT),
3048 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_MODE_SIGN,
3049 ac_rsassa_vect12, ARRAY, WITH_SALT),
3050 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_VERIFY,
3051 ac_rsassa_vect17, ARRAY, WITH_SALT),
3052 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_MODE_SIGN,
3053 ac_rsassa_vect17, ARRAY, WITH_SALT),
3054 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_VERIFY,
3055 ac_rsassa_vect13, ARRAY, WITH_SALT),
3056 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_MODE_SIGN,
3057 ac_rsassa_vect13, ARRAY, WITH_SALT),
3058 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_VERIFY,
3059 ac_rsassa_vect14, ARRAY, WITH_SALT),
3060 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_MODE_SIGN,
3061 ac_rsassa_vect14, ARRAY, WITH_SALT),
3062 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_VERIFY,
3063 ac_rsassa_vect15, ARRAY, WITH_SALT),
3064 XTEST_AC_RSA_CASE(TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_MODE_SIGN,
3065 ac_rsassa_vect15, ARRAY, WITH_SALT),
3066
3067 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3068 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3069 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3070 ac_rsaes_pkcs1_v1_5_vect1, ARRAY, WITHOUT_SALT),
3071 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3072 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3073 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3074 ac_rsaes_pkcs1_v1_5_vect2, ARRAY, WITHOUT_SALT),
3075 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_DECRYPT,
3076 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3077 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_V1_5, TEE_MODE_ENCRYPT,
3078 ac_rsaes_pkcs1_v1_5_vect15, ARRAY, WITHOUT_SALT),
3079
3080 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3081 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3082 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3083 ac_rsaes_oaep_vect1, ARRAY, WITHOUT_SALT),
3084 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3085 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3086 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3087 ac_rsaes_oaep_vect2, ARRAY, WITHOUT_SALT),
3088 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_DECRYPT,
3089 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3090 XTEST_AC_RSA_CASE(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1, TEE_MODE_ENCRYPT,
3091 ac_rsaes_oaep_vect10, ARRAY, WITHOUT_SALT),
3092
3093 /* DSA tests */
3094 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect1),
3095 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect1),
3096 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_VERIFY, ac_dsa_vect2),
3097 XTEST_AC_DSA_CASE(TEE_ALG_DSA_SHA1, TEE_MODE_SIGN, ac_dsa_vect2),
3098};
3099
3100static bool create_key(ADBG_Case_t *c, TEEC_Session *s,
3101 uint32_t max_key_size, uint32_t key_type,
3102 TEE_Attribute *attrs, size_t num_attrs,
3103 TEE_ObjectHandle *handle)
3104{
3105 size_t n;
3106
3107 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3108 ta_crypt_cmd_allocate_transient_object(c, s, key_type,
3109 max_key_size, handle)))
3110 return false;
3111
3112 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3113 ta_crypt_cmd_populate_transient_object(c, s, *handle, attrs,
3114 num_attrs)))
3115 return false;
3116
3117 for (n = 0; n < num_attrs; n++) {
3118 uint8_t out[256];
3119 size_t out_size;
3120
3121 out_size = sizeof(out);
3122 memset(out, 0, sizeof(out));
3123 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3124 ta_crypt_cmd_get_object_buffer_attribute(c, s, *handle,
3125 attrs[n].attributeID, out, &out_size)))
3126 return false;
3127
3128 if (!ADBG_EXPECT_BUFFER(c, attrs[n].content.ref.buffer,
3129 attrs[n].content.ref.length, out, out_size))
3130 return false;
3131 }
3132
3133 return true;
3134}
3135
3136static void xtest_tee_test_4006(ADBG_Case_t *c)
3137{
3138 TEEC_Session session = { 0 };
3139 TEE_OperationHandle op = TEE_HANDLE_NULL;
3140 TEE_ObjectHandle priv_key_handle = TEE_HANDLE_NULL;
3141 TEE_ObjectHandle pub_key_handle = TEE_HANDLE_NULL;
3142 TEE_Attribute key_attrs[8];
3143 TEE_Attribute algo_params[1];
3144 size_t num_algo_params;
3145 uint8_t out[512];
3146 size_t out_size;
3147 uint8_t out_enc[512];
3148 size_t out_enc_size;
3149 uint8_t ptx_hash[TEE_MAX_HASH_SIZE];
3150 size_t ptx_hash_size;
3151 size_t max_key_size;
3152 size_t num_key_attrs;
3153 uint32_t ret_orig;
3154 size_t n;
3155
3156 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3157 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
3158 &ret_orig)))
3159 return;
3160
3161 for (n = 0; n < ARRAY_SIZE(xtest_ac_cases); n++) {
3162 const struct xtest_ac_case *tv = xtest_ac_cases + n;
3163
3164 Do_ADBG_BeginSubCase(c, "Asym Crypto case %d algo 0x%x line %d",
3165 (int)n, (unsigned int)tv->algo,
3166 (int)tv->line);
3167
3168 /*
3169 * When signing or verifying we're working with the hash of
3170 * the payload.
3171 */
3172 if (tv->mode == TEE_MODE_VERIFY || tv->mode == TEE_MODE_SIGN) {
3173 uint32_t hash_algo = TEE_ALG_HASH_ALGO(
3174 TEE_ALG_GET_DIGEST_HASH(
3175 tv->algo));
3176
3177 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3178 ta_crypt_cmd_allocate_operation(c, &session,
3179 &op, hash_algo, TEE_MODE_DIGEST, 0)))
3180 goto out;
3181
3182 ptx_hash_size = sizeof(ptx_hash);
3183 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3184 ta_crypt_cmd_digest_do_final(c, & session, op,
3185 tv->ptx, tv->ptx_len, ptx_hash,
3186 &ptx_hash_size)))
3187 goto out;
3188
3189 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3190 ta_crypt_cmd_free_operation(c, &session, op)))
3191 goto out;
3192 }
3193
3194 num_algo_params = 0;
3195 num_key_attrs = 0;
3196 switch (TEE_ALG_GET_MAIN_ALG(tv->algo)) {
3197 case TEE_MAIN_ALGO_RSA:
3198 if (tv->params.rsa.salt_len > 0) {
3199 algo_params[0].attributeID =
3200 TEE_ATTR_RSA_PSS_SALT_LENGTH;
3201 algo_params[0].content.value.a =
3202 tv->params.rsa.salt_len;
3203 algo_params[0].content.value.b = 0;
3204 num_algo_params = 1;
3205 }
3206
3207 max_key_size = tv->params.rsa.modulus_len * 8;
3208
3209 xtest_add_attr(&num_key_attrs, key_attrs,
3210 TEE_ATTR_RSA_MODULUS,
3211 tv->params.rsa.modulus,
3212 tv->params.rsa.modulus_len);
3213 xtest_add_attr(&num_key_attrs, key_attrs,
3214 TEE_ATTR_RSA_PUBLIC_EXPONENT,
3215 tv->params.rsa.pub_exp,
3216 tv->params.rsa.pub_exp_len);
3217
3218 if (!ADBG_EXPECT_TRUE(c,
3219 create_key(c, &session,
3220 max_key_size,
3221 TEE_TYPE_RSA_PUBLIC_KEY,
3222 key_attrs,
3223 num_key_attrs,
3224 &pub_key_handle)))
3225 goto out;
3226
3227 xtest_add_attr(&num_key_attrs, key_attrs,
3228 TEE_ATTR_RSA_PRIVATE_EXPONENT,
3229 tv->params.rsa.priv_exp,
3230 tv->params.rsa.priv_exp_len);
3231
3232 if (tv->params.rsa.prime1_len != 0) {
3233 xtest_add_attr(&num_key_attrs, key_attrs,
3234 TEE_ATTR_RSA_PRIME1,
3235 tv->params.rsa.prime1,
3236 tv->params.rsa.prime1_len);
3237 }
3238
3239 if (tv->params.rsa.prime2_len != 0) {
3240 xtest_add_attr(&num_key_attrs, key_attrs,
3241 TEE_ATTR_RSA_PRIME2,
3242 tv->params.rsa.prime2,
3243 tv->params.rsa.prime2_len);
3244 }
3245
3246 if (tv->params.rsa.exp1_len != 0) {
3247 xtest_add_attr(&num_key_attrs, key_attrs,
3248 TEE_ATTR_RSA_EXPONENT1,
3249 tv->params.rsa.exp1,
3250 tv->params.rsa.exp1_len);
3251 }
3252
3253 if (tv->params.rsa.exp2_len != 0) {
3254 xtest_add_attr(&num_key_attrs, key_attrs,
3255 TEE_ATTR_RSA_EXPONENT2,
3256 tv->params.rsa.exp2,
3257 tv->params.rsa.exp2_len);
3258 }
3259
3260 if (tv->params.rsa.coeff_len != 0) {
3261 xtest_add_attr(&num_key_attrs, key_attrs,
3262 TEE_ATTR_RSA_COEFFICIENT,
3263 tv->params.rsa.coeff,
3264 tv->params.rsa.coeff_len);
3265 }
3266
3267 if (!ADBG_EXPECT_TRUE(c,
3268 create_key(c, &session,
3269 max_key_size,
3270 TEE_TYPE_RSA_KEYPAIR,
3271 key_attrs,
3272 num_key_attrs,
3273 &priv_key_handle)))
3274 goto out;
3275 break;
3276
3277 case TEE_MAIN_ALGO_DSA:
3278 max_key_size = tv->params.dsa.prime_len * 8;
3279
3280 xtest_add_attr(&num_key_attrs, key_attrs,
3281 TEE_ATTR_DSA_PRIME,
3282 tv->params.dsa.prime,
3283 tv->params.dsa.prime_len);
3284 xtest_add_attr(&num_key_attrs, key_attrs,
3285 TEE_ATTR_DSA_SUBPRIME,
3286 tv->params.dsa.sub_prime,
3287 tv->params.dsa.sub_prime_len);
3288 xtest_add_attr(&num_key_attrs, key_attrs,
3289 TEE_ATTR_DSA_BASE,
3290 tv->params.dsa.base,
3291 tv->params.dsa.base_len);
3292 xtest_add_attr(&num_key_attrs, key_attrs,
3293 TEE_ATTR_DSA_PUBLIC_VALUE,
3294 tv->params.dsa.pub_val,
3295 tv->params.dsa.pub_val_len);
3296
3297 if (!ADBG_EXPECT_TRUE(c,
3298 create_key(c, &session, max_key_size,
3299 TEE_TYPE_DSA_PUBLIC_KEY, key_attrs,
3300 num_key_attrs, &pub_key_handle)))
3301 goto out;
3302
3303 xtest_add_attr(&num_key_attrs, key_attrs,
3304 TEE_ATTR_DSA_PRIVATE_VALUE,
3305 tv->params.dsa.priv_val,
3306 tv->params.dsa.priv_val_len);
3307
3308 if (!ADBG_EXPECT_TRUE(c,
3309 create_key(c, &session, max_key_size,
3310 TEE_TYPE_DSA_KEYPAIR, key_attrs,
3311 num_key_attrs, &priv_key_handle)))
3312 goto out;
3313 break;
3314
3315 default:
3316 ADBG_EXPECT_TRUE(c, false);
3317 goto out;
3318 }
3319
3320 out_size = sizeof(out);
3321 memset(out, 0, sizeof(out));
3322 switch (tv->mode) {
3323 case TEE_MODE_ENCRYPT:
3324 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3325 ta_crypt_cmd_allocate_operation(c, &session,
3326 &op, tv->algo, TEE_MODE_ENCRYPT, max_key_size)))
3327 goto out;
3328
3329 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3330 ta_crypt_cmd_set_operation_key(c, &session, op,
3331 pub_key_handle)))
3332 goto out;
3333
3334 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3335 ta_crypt_cmd_free_transient_object(c, &session,
3336 pub_key_handle)))
3337 goto out;
3338 pub_key_handle = TEE_HANDLE_NULL;
3339
3340 out_enc_size = sizeof(out_enc);
3341 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3342 ta_crypt_cmd_asymmetric_encrypt(c, &session, op,
3343 NULL, 0, tv->ptx, tv->ptx_len, out_enc,
3344 &out_enc_size)))
3345 goto out;
3346
3347 /*
3348 * A PS which is random is added when formatting the
3349 * message internally of the algorithm so we can't
3350 * verify against precomputed values, instead we use the
3351 * decrypt operation to see that output is correct.
3352 */
3353
3354 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3355 ta_crypt_cmd_free_operation(c, &session, op)))
3356 goto out;
3357
3358 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3359 ta_crypt_cmd_allocate_operation(c, &session,
3360 &op, tv->algo, TEE_MODE_DECRYPT,
3361 max_key_size)))
3362 goto out;
3363
3364 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3365 ta_crypt_cmd_set_operation_key(c, &session, op,
3366 priv_key_handle)))
3367 goto out;
3368
3369 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3370 ta_crypt_cmd_free_transient_object(c, &session,
3371 priv_key_handle)))
3372 goto out;
3373
3374 priv_key_handle = TEE_HANDLE_NULL;
3375
3376 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3377 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3378 NULL, 0, out_enc, out_enc_size, out,
3379 &out_size)))
3380 goto out;
3381
3382 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3383 out_size);
3384 break;
3385
3386 case TEE_MODE_DECRYPT:
3387 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3388 ta_crypt_cmd_allocate_operation(c, &session,
3389 &op, tv->algo, TEE_MODE_DECRYPT,
3390 max_key_size)))
3391 goto out;
3392
3393 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3394 ta_crypt_cmd_set_operation_key(c, &session, op,
3395 priv_key_handle)))
3396 goto out;
3397
3398 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3399 ta_crypt_cmd_free_transient_object(c, &session,
3400 priv_key_handle)))
3401 goto out;
3402
3403 priv_key_handle = TEE_HANDLE_NULL;
3404
3405 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3406 ta_crypt_cmd_asymmetric_decrypt(c, &session, op,
3407 NULL, 0, tv->ctx, tv->ctx_len, out,
3408 &out_size)))
3409 goto out;
3410
3411 (void)ADBG_EXPECT_BUFFER(c, tv->ptx, tv->ptx_len, out,
3412 out_size);
3413 break;
3414
3415 case TEE_MODE_VERIFY:
3416 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3417 ta_crypt_cmd_allocate_operation(c, &session,
3418 &op, tv->algo, TEE_MODE_VERIFY,
3419 max_key_size)))
3420 goto out;
3421
3422 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3423 ta_crypt_cmd_set_operation_key(c, &session, op,
3424 pub_key_handle)))
3425 goto out;
3426
3427 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3428 ta_crypt_cmd_free_transient_object(c, &session,
3429 pub_key_handle)))
3430 goto out;
3431
3432 pub_key_handle = TEE_HANDLE_NULL;
3433
3434 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3435 ta_crypt_cmd_asymmetric_verify(c, &session, op,
3436 algo_params, num_algo_params, ptx_hash,
3437 ptx_hash_size, tv->ctx, tv->ctx_len)))
3438 goto out;
3439 break;
3440
3441 case TEE_MODE_SIGN:
3442 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3443 ta_crypt_cmd_allocate_operation(c, &session,
3444 &op, tv->algo, TEE_MODE_SIGN,
3445 max_key_size)))
3446 goto out;
3447
3448 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3449 ta_crypt_cmd_set_operation_key(c, &session, op,
3450 priv_key_handle)))
3451 goto out;
3452
3453 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3454 ta_crypt_cmd_free_transient_object(c, &session,
3455 priv_key_handle)))
3456 goto out;
3457
3458 priv_key_handle = TEE_HANDLE_NULL;
3459
3460 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3461 ta_crypt_cmd_asymmetric_sign(c, &session, op,
3462 algo_params, num_algo_params, ptx_hash,
3463 ptx_hash_size, out, &out_size)))
3464 goto out;
3465
3466 if (TEE_ALG_GET_CHAIN_MODE(tv->algo) ==
3467 TEE_CHAIN_MODE_PKCS1_PSS_MGF1 ||
3468 tv->algo == TEE_ALG_DSA_SHA1) {
3469 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3470 ta_crypt_cmd_free_operation(c, &session,
3471 op)))
3472 goto out;
3473 /*
3474 * The salt or K is random so we can't verify
3475 * signing against precomputed values, instead
3476 * we use the verify operation to see that
3477 * output is correct.
3478 */
3479 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3480 ta_crypt_cmd_allocate_operation(c,
3481 &session, &op, tv->algo,
3482 TEE_MODE_VERIFY, max_key_size)))
3483 goto out;
3484
3485 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3486 ta_crypt_cmd_set_operation_key(c,
3487 &session, op, pub_key_handle)))
3488 goto out;
3489
3490 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3491 ta_crypt_cmd_free_transient_object(c,
3492 &session, pub_key_handle)))
3493 goto out;
3494
3495 pub_key_handle = TEE_HANDLE_NULL;
3496
3497 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3498 ta_crypt_cmd_asymmetric_verify(c,
3499 &session, op, algo_params,
3500 num_algo_params, ptx_hash,
3501 ptx_hash_size, out, out_size)))
3502 goto out;
3503 } else {
3504 (void)ADBG_EXPECT_BUFFER(c, tv->ctx,
3505 tv->ctx_len, out,
3506 out_size);
3507 }
3508 break;
3509
3510 default:
3511 break;
3512 }
3513
3514 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3515 ta_crypt_cmd_free_operation(c, &session, op)))
3516 goto out;
3517
3518 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3519 ta_crypt_cmd_free_transient_object(c, &session,
3520 pub_key_handle)))
3521 goto out;
3522 pub_key_handle = TEE_HANDLE_NULL;
3523
3524 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3525 ta_crypt_cmd_free_transient_object(c, &session,
3526 priv_key_handle)))
3527 goto out;
3528
3529 priv_key_handle = TEE_HANDLE_NULL;
3530
3531 Do_ADBG_EndSubCase(c, NULL);
3532 }
3533out:
3534 TEEC_CloseSession(&session);
3535}
3536
3537#define KEY_ATTR(x, y) { #x, (x), y }
3538
3539struct key_attrs {
3540 const char *name;
3541 uint32_t attr;
3542 bool keysize_check;
3543};
3544
3545static bool test_keygen_attributes(ADBG_Case_t *c, TEEC_Session *s,
3546 TEE_ObjectHandle key, uint32_t key_size,
3547 struct key_attrs *attrs, size_t num_attrs)
3548{
3549 uint8_t out[2048];
3550 size_t out_size;
3551 size_t n;
3552 size_t m;
3553
3554 for (m = 0; m < num_attrs; m++) {
3555 if ((attrs[m].attr & TEE_ATTR_BIT_VALUE) == 0) {
3556 out_size = sizeof(out);
3557 memset(out, 0, sizeof(out));
3558 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3559 ta_crypt_cmd_get_object_buffer_attribute(c, s,
3560 key, attrs[m].attr, out, &out_size)))
3561 return false;
3562
3563 if (attrs[m].keysize_check)
3564 ADBG_EXPECT_COMPARE_UNSIGNED(c, out_size, ==,
3565 key_size / 8);
3566
3567 if (out_size > 0) {
3568 /* Check that buffer isn't all zeroes */
3569 for (n = 0; n < out_size; n++)
3570 if (out[n] != 0)
3571 break;
3572 if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <,
3573 out_size))
3574 return false;
3575 }
3576 } else {
3577 uint32_t a;
3578 uint32_t b;
3579
3580 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3581 ta_crypt_cmd_get_object_value_attribute(c, s, key,
3582 attrs[m].attr, &a, &b)))
3583 return false;
3584 }
3585 }
3586 return true;
3587}
3588
3589static bool test_secret_value(ADBG_Case_t *c, TEEC_Session *s,
3590 TEE_ObjectHandle key, uint32_t key_size)
3591{
3592 const struct key_attrs attrs[] = {
3593 KEY_ATTR(TEE_ATTR_SECRET_VALUE, true),
3594 };
3595
3596 return test_keygen_attributes(c, s, key, key_size,
3597 (struct key_attrs *)&attrs,
3598 ARRAY_SIZE(attrs));
3599}
3600
3601
3602static bool test_rsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3603 TEE_ObjectHandle key, uint32_t key_size)
3604{
3605 const struct key_attrs attrs[] = {
3606 KEY_ATTR(TEE_ATTR_RSA_MODULUS, true),
3607 KEY_ATTR(TEE_ATTR_RSA_PUBLIC_EXPONENT, false),
3608 KEY_ATTR(TEE_ATTR_RSA_PRIVATE_EXPONENT, false),
3609 KEY_ATTR(TEE_ATTR_RSA_PRIME1, false),
3610 KEY_ATTR(TEE_ATTR_RSA_PRIME2, false),
3611 KEY_ATTR(TEE_ATTR_RSA_EXPONENT1, false),
3612 KEY_ATTR(TEE_ATTR_RSA_EXPONENT2, false),
3613 KEY_ATTR(TEE_ATTR_RSA_COEFFICIENT, false),
3614 };
3615
3616 return test_keygen_attributes(c, s, key, key_size,
3617 (struct key_attrs *)&attrs,
3618 ARRAY_SIZE(attrs));
3619}
3620
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame^]3621static bool test_ecc_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3622 TEE_ObjectHandle key, uint32_t key_size)
3623{
3624 const struct key_attrs attrs[] = {
3625 KEY_ATTR(TEE_ATTR_ECC_PRIVATE_VALUE, false),
3626 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_X , false),
3627 KEY_ATTR(TEE_ATTR_ECC_PUBLIC_VALUE_Y , false),
3628 /* KEY_ATTR(TEE_ATTR_ECC_CURVE, false), - do not test */
3629 };
3630
3631 return test_keygen_attributes(c, s, key, key_size,
3632 (struct key_attrs *)&attrs,
3633 ARRAY_SIZE(attrs));
3634}
3635
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3636static bool test_dh_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3637 uint32_t check_keysize,
3638 TEE_ObjectHandle key, uint32_t key_size)
3639{
3640 const struct key_attrs attrs[] = {
3641 KEY_ATTR(TEE_ATTR_DH_PRIME, false),
3642 KEY_ATTR(TEE_ATTR_DH_BASE, false),
3643 KEY_ATTR(TEE_ATTR_DH_PUBLIC_VALUE, false),
3644 KEY_ATTR(TEE_ATTR_DH_PRIVATE_VALUE, check_keysize),
3645 KEY_ATTR(TEE_ATTR_DH_X_BITS, false),
3646 };
3647
3648 return test_keygen_attributes(c, s, key, key_size,
3649 (struct key_attrs *)&attrs,
3650 ARRAY_SIZE(attrs));
3651}
3652
3653static bool test_dsa_key_pair(ADBG_Case_t *c, TEEC_Session *s,
3654 TEE_ObjectHandle key, uint32_t key_size)
3655{
3656 const struct key_attrs attrs[] = {
3657 KEY_ATTR(TEE_ATTR_DSA_PRIME, true),
3658 KEY_ATTR(TEE_ATTR_DSA_SUBPRIME, false),
3659 KEY_ATTR(TEE_ATTR_DSA_BASE, false),
3660 KEY_ATTR(TEE_ATTR_DSA_PUBLIC_VALUE, false),
3661 KEY_ATTR(TEE_ATTR_DSA_PRIVATE_VALUE, false),
3662 };
3663
3664 return test_keygen_attributes(c, s, key, key_size,
3665 (struct key_attrs *)&attrs,
3666 ARRAY_SIZE(attrs));
3667}
3668
3669static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
3670 uint32_t key_type, uint32_t check_keysize,
3671 uint32_t key_size,
3672 TEE_Attribute *params, size_t param_count)
3673{
3674 TEE_ObjectHandle key;
3675 bool ret_val = true;
3676
3677 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3678 ta_crypt_cmd_allocate_transient_object(c, s, key_type, key_size,
3679 &key)))
3680 return false;
3681
3682 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3683 ta_crypt_cmd_generate_key(c, s, key, key_size, params,
3684 param_count)))
3685 return false;
3686
3687 switch (key_type) {
3688 case TEE_TYPE_DES:
3689 case TEE_TYPE_DES3:
3690 ret_val = ADBG_EXPECT_TRUE(c,
3691 test_secret_value(c, s, key,
3692 key_size + key_size / 7));
3693 break;
3694 case TEE_TYPE_AES:
3695 case TEE_TYPE_HMAC_MD5:
3696 case TEE_TYPE_HMAC_SHA1:
3697 case TEE_TYPE_HMAC_SHA224:
3698 case TEE_TYPE_HMAC_SHA256:
3699 case TEE_TYPE_HMAC_SHA384:
3700 case TEE_TYPE_HMAC_SHA512:
3701 case TEE_TYPE_GENERIC_SECRET:
3702 ret_val = ADBG_EXPECT_TRUE(c,
3703 test_secret_value(c, s, key, key_size));
3704 break;
3705
3706 case TEE_TYPE_RSA_KEYPAIR:
3707 ret_val = ADBG_EXPECT_TRUE(c,
3708 test_rsa_key_pair(c, s, key, key_size));
3709 break;
3710
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame^]3711 case TEE_TYPE_ECDSA_KEYPAIR:
3712 case TEE_TYPE_ECDH_KEYPAIR:
3713 ret_val = ADBG_EXPECT_TRUE(c,
3714 test_ecc_key_pair(c, s, key, key_size));
3715 break;
3716
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3717 case TEE_TYPE_DH_KEYPAIR:
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame^]3718 ret_val = ADBG_EXPECT_TRUE(c,
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]3719 test_dh_key_pair(c, s, check_keysize, key,
3720 key_size));
3721 break;
3722
3723 case TEE_TYPE_DSA_KEYPAIR:
3724 ret_val = ADBG_EXPECT_TRUE(c,
3725 test_dsa_key_pair(c, s, key, key_size));
3726 break;
3727
3728 default:
3729 ret_val = false;
3730 break;
3731 }
3732
3733 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
3734 ta_crypt_cmd_free_transient_object(c, s, key)))
3735 return false;
3736
3737 return ret_val;
3738}
3739
3740static void xtest_test_keygen_noparams(ADBG_Case_t *c, TEEC_Session *session)
3741{
3742 size_t n;
3743 uint32_t key_size;
3744 static const struct {
3745 const char *name;
3746 uint32_t key_type;
3747 uint32_t quanta;
3748 uint32_t min_size;
3749 uint32_t max_size;
3750 } key_types[] = {
3751 { "AES", TEE_TYPE_AES, 64, 128,
3752 256 /* valid sizes 128, 192, 256 */ },
3753 { "DES", TEE_TYPE_DES, 56, 56, 56 /* valid size 56 */ },
3754 { "DES3", TEE_TYPE_DES3, 56, 112,
3755 168 /* valid sizes 112, 168 */ },
3756 { "HMAC-MD5", TEE_TYPE_HMAC_MD5, 8, 64, 512 },
3757 { "HMAC-SHA1", TEE_TYPE_HMAC_SHA1, 8, 80, 512 },
3758 { "HMAC-SHA224", TEE_TYPE_HMAC_SHA224, 8, 112, 512 },
3759 { "HMAC-SHA256", TEE_TYPE_HMAC_SHA256, 8, 192, 1024 },
3760 { "HMAC-SHA384", TEE_TYPE_HMAC_SHA384, 8, 256, 1024 },
3761 { "HMAC-SHA512", TEE_TYPE_HMAC_SHA512, 8, 256, 1024 },
3762 { "Generic secret", TEE_TYPE_GENERIC_SECRET, 8, 128, 4096 },
3763 { "RSA-2048", TEE_TYPE_RSA_KEYPAIR, 1, 2048, 2048 },
3764
3765 /* New tests added to check non-regression of issue #5398 */
3766 { "RSA-256", TEE_TYPE_RSA_KEYPAIR, 1, 256, 256 },
3767 { "RSA-384", TEE_TYPE_RSA_KEYPAIR, 1, 384, 384 },
3768 { "RSA-512", TEE_TYPE_RSA_KEYPAIR, 1, 512, 512 },
3769 { "RSA-640", TEE_TYPE_RSA_KEYPAIR, 1, 640, 640 },
3770 { "RSA-768", TEE_TYPE_RSA_KEYPAIR, 1, 768, 768 },
3771 { "RSA-896", TEE_TYPE_RSA_KEYPAIR, 1, 896, 896 },
3772 { "RSA-1024", TEE_TYPE_RSA_KEYPAIR, 1, 1024, 1024 },
3773 };
3774
3775 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3776 uint32_t min_size = key_types[n].min_size;
3777 uint32_t max_size = key_types[n].max_size;
3778 uint32_t quanta = key_types[n].quanta;
3779
3780 Do_ADBG_BeginSubCase(c, "Generate %s key", key_types[n].name);
3781
3782 for (key_size = min_size; key_size <= max_size;
3783 key_size += quanta) {
3784 if (!ADBG_EXPECT_TRUE(c,
3785 generate_and_test_key(c, session, key_types
3786 [n].key_type, 1, key_size, NULL, 0)))
3787 break;
3788 }
3789
3790 Do_ADBG_EndSubCase(c, "Generate %s key", key_types[n].name);
3791 }
3792}
3793
3794static void xtest_test_keygen_dh(ADBG_Case_t *c, TEEC_Session *session)
3795{
3796 size_t n;
3797 size_t param_count;
3798 /*
3799 * Note that the key size parameter is not used when creating the keys
3800 * but specifying these sizes make it possible to test the expected size
3801 * of the private value. This also means that the keysize must match the
3802 * size of p or what is specified in private_bits or the equvivalent
3803 * size of the subprime parameter.
3804 */
3805 TEE_Attribute params[4];
3806
3807#define XTEST_DH_GK_DATA(vect) \
3808 ARRAY(vect ## _p), \
3809 ARRAY(vect ## _g), \
3810 &vect ## _private_bits, \
3811 0, 0
3812#define XTEST_DH_GK_DATA_SUBPRIME(vect) \
3813 ARRAY(vect ## _p), \
3814 ARRAY(vect ## _g), \
3815 &vect ## _private_bits, \
3816 ARRAY(vect ## _subprime)
3817 static const struct {
3818 uint32_t key_size;
3819 const uint8_t *p;
3820 size_t p_len;
3821 const uint8_t *g;
3822 size_t g_len;
3823 const uint32_t *private_bits;
3824 const uint8_t *subprime;
3825 size_t subprime_len;
3826 } key_types[] = {
3827 { 256, XTEST_DH_GK_DATA(keygen_dh256) },
3828 { 256, XTEST_DH_GK_DATA(keygen_dh320) },
3829 { 384, XTEST_DH_GK_DATA(keygen_dh384) },
3830 { 256, XTEST_DH_GK_DATA(keygen_dh448) },
3831 { 512, XTEST_DH_GK_DATA(keygen_dh512) },
3832 { 288, XTEST_DH_GK_DATA(keygen_dh576) },
3833 { 640, XTEST_DH_GK_DATA(keygen_dh640) },
3834 { 352, XTEST_DH_GK_DATA(keygen_dh704) },
3835 { 768, XTEST_DH_GK_DATA(keygen_dh768) },
3836 { 416, XTEST_DH_GK_DATA(keygen_dh832) },
3837 { 896, XTEST_DH_GK_DATA(keygen_dh896) },
3838 { 480, XTEST_DH_GK_DATA(keygen_dh960) },
3839 { 1024, XTEST_DH_GK_DATA(keygen_dh1024) },
3840 { 544, XTEST_DH_GK_DATA(keygen_dh1088) },
3841 { 1152, XTEST_DH_GK_DATA(keygen_dh1152) },
3842 { 608, XTEST_DH_GK_DATA(keygen_dh1216) },
3843 { 1280, XTEST_DH_GK_DATA(keygen_dh1280) },
3844 { 672, XTEST_DH_GK_DATA(keygen_dh1344) },
3845 { 1408, XTEST_DH_GK_DATA(keygen_dh1408) },
3846 { 736, XTEST_DH_GK_DATA(keygen_dh1472) },
3847 { 1536, XTEST_DH_GK_DATA(keygen_dh1536) },
3848 { 800, XTEST_DH_GK_DATA(keygen_dh1600) },
3849 { 1664, XTEST_DH_GK_DATA(keygen_dh1664) },
3850 { 864, XTEST_DH_GK_DATA(keygen_dh1728) },
3851 { 1792, XTEST_DH_GK_DATA(keygen_dh1792) },
3852 { 928, XTEST_DH_GK_DATA(keygen_dh1856) },
3853 { 1920, XTEST_DH_GK_DATA(keygen_dh1920) },
3854 { 992, XTEST_DH_GK_DATA(keygen_dh1984) },
3855 { 2048, XTEST_DH_GK_DATA(keygen_dh2048) },
3856 { 256, XTEST_DH_GK_DATA_SUBPRIME(keygen_dh2048_subprime) }
3857 };
3858
3859
3860 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3861 Do_ADBG_BeginSubCase(c,
3862 "Generate DH key %d bits - Private bits = %d",
3863 key_types[n].key_size,
3864 *key_types[n].private_bits);
3865 param_count = 0;
3866
3867 xtest_add_attr(&param_count, params,
3868 TEE_ATTR_DH_PRIME,
3869 key_types[n].p, key_types[n].p_len);
3870
3871 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
3872 key_types[n].g, key_types[n].g_len);
3873
3874 if (key_types[n].private_bits != 0) {
3875 params[param_count].attributeID = TEE_ATTR_DH_X_BITS;
3876
3877 params[param_count].content.value.a =
3878 *key_types[n].private_bits;
3879
3880 params[param_count].content.value.b = 0;
3881 param_count++;
3882 }
3883
3884 if (key_types[n].subprime != 0) {
3885 xtest_add_attr(&param_count, params,
3886 TEE_ATTR_DH_SUBPRIME,
3887 key_types[n].subprime,
3888 key_types[n].subprime_len);
3889 }
3890
3891 if (!ADBG_EXPECT_TRUE(c,
3892 generate_and_test_key(c, session, TEE_TYPE_DH_KEYPAIR,
3893 ((*key_types[n].private_bits) != 0),
3894 key_types[n]. key_size, params, param_count)))
3895 break;
3896
3897 Do_ADBG_EndSubCase(c,
3898 "Generate DH key %d bits - Private bits = %d",
3899 key_types[n].key_size,
3900 *key_types[n].private_bits);
3901 }
3902}
3903
3904static void xtest_test_keygen_dsa(ADBG_Case_t *c, TEEC_Session *session)
3905{
3906 size_t n;
3907 size_t param_count;
3908 TEE_Attribute params[4];
3909
3910#define XTEST_DSA_GK_DATA(vect) \
3911 ARRAY(vect ## _p), \
3912 ARRAY(vect ## _g), \
3913 ARRAY(vect ## _q)
3914 static const struct {
3915 uint32_t key_size;
3916 const uint8_t *prime;
3917 size_t prime_len;
3918 const uint8_t *base;
3919 size_t base_len;
3920 const uint8_t *sub_prime;
3921 size_t sub_prime_len;
3922 } key_types[] = {
3923 { 1024, XTEST_DSA_GK_DATA(keygen_dsa_test1) },
3924 { 512, XTEST_DSA_GK_DATA(keygen_dsa512) },
3925 { 576, XTEST_DSA_GK_DATA(keygen_dsa576) },
3926 { 640, XTEST_DSA_GK_DATA(keygen_dsa640) },
3927 { 704, XTEST_DSA_GK_DATA(keygen_dsa704) },
3928 { 768, XTEST_DSA_GK_DATA(keygen_dsa768) },
3929 { 832, XTEST_DSA_GK_DATA(keygen_dsa832) },
3930 { 896, XTEST_DSA_GK_DATA(keygen_dsa896) },
3931 { 960, XTEST_DSA_GK_DATA(keygen_dsa960) },
3932 { 1024, XTEST_DSA_GK_DATA(keygen_dsa1024) },
3933 };
3934
3935 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3936 Do_ADBG_BeginSubCase(c, "Generate DSA key %d bits",
3937 key_types[n].key_size);
3938 param_count = 0;
3939
3940
3941 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_PRIME,
3942 key_types[n].prime, key_types[n].prime_len);
3943
3944 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_SUBPRIME,
3945 key_types[n].sub_prime,
3946 key_types[n].sub_prime_len);
3947
3948 xtest_add_attr(&param_count, params, TEE_ATTR_DSA_BASE,
3949 key_types[n].base, key_types[n].base_len);
3950
3951 if (!ADBG_EXPECT_TRUE(c,
3952 generate_and_test_key(c, session, TEE_TYPE_DSA_KEYPAIR,
3953 1, key_types[n]. key_size, params,
3954 param_count)))
3955 break;
3956
3957 Do_ADBG_EndSubCase(c, "Generate DSA key %d bits",
3958 key_types[n].key_size);
3959 }
3960}
3961
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame^]3962static void xtest_test_keygen_ecc(ADBG_Case_t *c, TEEC_Session *session)
3963{
3964 size_t n;
3965 size_t param_count;
3966 TEE_Attribute params[4];
3967
3968 static const struct {
3969 const char *name;
3970 uint32_t algo;
3971 uint32_t curve;
3972 uint32_t key_size;
3973 } key_types[] = {
3974 /* ECDSA */
3975 { "ECDSA-192", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
3976 { "ECDSA-224", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
3977 { "ECDSA-256", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
3978 { "ECDSA-384", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
3979 { "ECDSA-521", TEE_TYPE_ECDSA_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
3980
3981 /* ECDH */
3982 { "ECDH-192", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P192, 192 },
3983 { "ECDH-224", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P224, 224 },
3984 { "ECDH-256", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P256, 256 },
3985 { "ECDH-384", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P384, 384 },
3986 { "ECDH-521", TEE_TYPE_ECDH_KEYPAIR, TEE_ECC_CURVE_NIST_P521, 521 },
3987 };
3988
3989 for (n = 0; n < ARRAY_SIZE(key_types); n++) {
3990 Do_ADBG_BeginSubCase(c, "Generate %s", key_types[n].name);
3991 param_count = 0;
3992
3993 xtest_add_attr_value(&param_count, params, TEE_ATTR_ECC_CURVE,
3994 key_types[n].curve, 0);
3995
3996 if (!ADBG_EXPECT_TRUE(c,
3997 generate_and_test_key(c, session, key_types[n].algo,
3998 0, key_types[n].key_size, params,
3999 param_count)))
4000 break;
4001
4002 Do_ADBG_EndSubCase(c, "Generate %s", key_types[n].name);
4003 }
4004}
4005
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4006static void xtest_tee_test_4007(ADBG_Case_t *c)
4007{
4008 TEEC_Session session = { 0 };
4009 uint32_t ret_orig;
4010
4011 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4012 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4013 &ret_orig)))
4014 return;
4015
4016 xtest_test_keygen_noparams(c, &session);
4017
4018 xtest_test_keygen_dh(c, &session);
4019
4020 xtest_test_keygen_dsa(c, &session);
4021
Pascal Brande61133f2015-07-08 15:38:37 +0200[diff] [blame^]4022 xtest_test_keygen_ecc (c, &session);
4023
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]4024 TEEC_CloseSession(&session);
4025}
4026
4027static void xtest_tee_test_4008(ADBG_Case_t *c)
4028{
4029 TEEC_Session session = { 0 };
4030 uint32_t ret_orig;
4031 TEE_OperationHandle op;
4032 TEE_ObjectHandle key_handle;
4033 TEE_ObjectHandle sv_handle;
4034 TEE_Attribute params[4];
4035 size_t param_count = 0;
4036 uint8_t out[2048];
4037 size_t out_size;
4038
4039 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4040 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
4041 &ret_orig)))
4042 return;
4043
4044 Do_ADBG_BeginSubCase(c, "Derive DH key success");
4045
4046 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4047 ta_crypt_cmd_allocate_operation(c, &session, &op,
4048 TEE_ALG_DH_DERIVE_SHARED_SECRET, TEE_MODE_DERIVE,
4049 derive_key_max_keysize)))
4050 goto out;
4051
4052 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4053 ta_crypt_cmd_allocate_transient_object(c, & session,
4054 TEE_TYPE_DH_KEYPAIR, derive_key_max_keysize,
4055 &key_handle)))
4056 goto out;
4057
4058 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIME,
4059 ARRAY(derive_key_dh_prime));
4060
4061 xtest_add_attr(&param_count, params, TEE_ATTR_DH_BASE,
4062 ARRAY(derive_key_dh_base));
4063
4064 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4065 ARRAY(derive_key_dh_public_value));
4066
4067 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PRIVATE_VALUE,
4068 ARRAY(derive_key_dh_private_value));
4069
4070 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4071 ta_crypt_cmd_populate_transient_object(c, &session, key_handle,
4072 params, param_count)))
4073 goto out;
4074
4075 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4076 ta_crypt_cmd_set_operation_key(c, &session, op, key_handle)))
4077 goto out;
4078
4079 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4080 ta_crypt_cmd_free_transient_object(c, & session, key_handle)))
4081 goto out;
4082
4083 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4084 ta_crypt_cmd_allocate_transient_object(c, &session,
4085 TEE_TYPE_GENERIC_SECRET, derive_key_max_keysize,
4086 &sv_handle)))
4087 goto out;
4088
4089 /* resuse but reset params and param-count */
4090 param_count = 0;
4091
4092 xtest_add_attr(&param_count, params, TEE_ATTR_DH_PUBLIC_VALUE,
4093 ARRAY(derive_key_dh_public_value_2));
4094
4095 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4096 ta_crypt_cmd_derive_key(c, &session, op, sv_handle, params,
4097 param_count)))
4098 goto out;
4099
4100 out_size = sizeof(out);
4101 memset(out, 0, sizeof(out));
4102 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4103 ta_crypt_cmd_get_object_buffer_attribute(c, &session, sv_handle,
4104 TEE_ATTR_SECRET_VALUE, out, &out_size)))
4105 goto out;
4106
4107 if (!ADBG_EXPECT_BUFFER(c, derive_key_dh_shared_secret,
4108 sizeof(derive_key_dh_shared_secret), out,
4109 out_size))
4110 goto out;
4111
4112 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4113 ta_crypt_cmd_free_operation(c, &session, op)))
4114 goto out;
4115
4116 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
4117 ta_crypt_cmd_free_transient_object(c, &session, sv_handle)))
4118 goto out;
4119out:
4120 Do_ADBG_EndSubCase(c, "Derive DH key success");
4121 TEEC_CloseSession(&session);
4122}