DPE: Update tests following the spec changes
As per spec updates in v1.0 r9:
* Rename DeriveChild to DeriveContext.
* Rename its input argument allow_child_to_derive to
allow_new_context_to_derive.
* Add new input and output arguments
Further, separate DeriveContext core functionality test removed since
already covered by CertifyKey command.
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: I397c61fd30cfe9119768d78c597f4682a8155df7
diff --git a/partitions/dice_protection_environment/test/dpe_certify_key_test.c b/partitions/dice_protection_environment/test/dpe_certify_key_test.c
index d62539b..5fe8479 100644
--- a/partitions/dice_protection_environment/test/dpe_certify_key_test.c
+++ b/partitions/dice_protection_environment/test/dpe_certify_key_test.c
@@ -10,76 +10,89 @@
#include "dpe_test.h"
#include "dpe_test_data.h"
-extern struct dpe_derive_child_test_data_t
- derive_child_test_dataset_2[DERIVE_CHILD_TEST_DATA2_SIZE];
-extern struct dpe_derive_child_test_data_t
- derive_child_test_dataset_3;
-extern int last_retained_child_handle;
+extern struct dpe_derive_context_test_data_t
+ derive_context_test_dataset_1[DERIVE_CONTEXT_TEST_DATA1_SIZE];
+extern struct dpe_derive_context_test_data_t
+ derive_context_test_dataset_2;
+extern int retained_rot_ctx_handle;
static void call_certify_key_with_test_data(
struct test_result_t *ret,
- struct dpe_derive_child_test_data_t *test_data,
+ struct dpe_derive_context_test_data_t *test_data,
int test_count)
{
dpe_error_t dpe_err;
- int in_handle, out_child_handle, out_parent_handle, new_context_handle;
+ int in_handle, out_ctx_handle, out_parent_handle, new_context_handle;
DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
- int saved_handles[MAX_NUM_OF_COMPONENTS];
- int saved_handles_cnt, i;
+ int saved_handles_cnt, i, j;
uint8_t certificate_chain_buf[3072];
size_t certificate_chain_actual_size;
uint8_t derived_public_key_buf[DPE_ATTEST_PUB_KEY_SIZE];
size_t derived_public_key_actual_size;
+ int saved_handles[MAX_NUM_OF_COMPONENTS] = {0};
saved_handles_cnt = 0;
- in_handle = last_retained_child_handle;
+ in_handle = retained_rot_ctx_handle;
for (i = 0; i < test_count; i++, test_data++) {
- dpe_err = dpe_derive_child(in_handle,
- test_data->inputs.retain_parent_context,
- test_data->inputs.allow_child_to_derive,
- test_data->inputs.create_certificate,
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
+ dpe_err = dpe_derive_context(in_handle, /* input_ctx_handle */
+ test_data->inputs.retain_parent_context, /* retain_parent_context */
+ test_data->inputs.allow_new_context_to_derive, /* allow_new_context_to_derive */
+ test_data->inputs.create_certificate, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild core functionality test failed");
+ TEST_FAIL("DPE DeriveContext core functionality test failed");
return;
}
- if ((GET_IDX(out_child_handle) == GET_IDX(out_parent_handle)) &&
- (out_child_handle != INVALID_HANDLE)) {
- TEST_FAIL("DPE DeriveChild core test failed,"
- "Child & parent handle cannot share same component");
+ if ((GET_IDX(out_ctx_handle) == GET_IDX(out_parent_handle)) &&
+ (out_ctx_handle != INVALID_HANDLE)) {
+ TEST_FAIL("DPE DeriveContext core test failed,"
+ "Derived & parent handle cannot share same component");
return;
}
- if ((GET_IDX(out_child_handle) != test_data->outputs.expected_child_handle_idx) ||
- (GET_IDX(out_parent_handle) != test_data->outputs.expected_parent_handle_idx)) {
- TEST_FAIL("DPE DeriveChild core test failed, actual output not as expected");
- return;
+ if (i == 0) {
+ /* Save RoT context handle for subsequent tests */
+ retained_rot_ctx_handle = out_parent_handle;
}
if (test_data->inputs.retain_parent_context) {
- saved_handles[saved_handles_cnt++] = out_parent_handle;
+ for (j = 0; j < saved_handles_cnt; j++) {
+ if(GET_IDX(out_parent_handle) == GET_IDX(saved_handles[j])) {
+ saved_handles[j] = out_parent_handle;
+ }
+ }
}
- if (test_data->inputs.allow_child_to_derive) {
- saved_handles[saved_handles_cnt++] = out_child_handle;
+ if (test_data->inputs.allow_new_context_to_derive) {
+ saved_handles[saved_handles_cnt++] = out_ctx_handle;
}
/* Update the input handle for next iteration */
- if (test_data->inputs.in_handle_comp_idx == GET_IDX(out_child_handle)) {
- in_handle = out_child_handle;
- } else {
+ if (test_data->inputs.use_parent_handle) {
in_handle = out_parent_handle;
+ } else {
+ in_handle = out_ctx_handle;
}
}
- /* Use the last child handle for CertifyKey call */
- in_handle = out_child_handle;
+ /* Use the last derived context handle for CertifyKey call */
+ in_handle = out_ctx_handle;
dpe_err = dpe_certify_key(in_handle, /* input_ctx_handle */
true, /* retain_context/ */
@@ -113,6 +126,15 @@
//TODO: Verify the output certificate chain
+ /* Destroy the saved contexts for the subsequent test */
+ for (i = 0; i < saved_handles_cnt; i++) {
+ dpe_err = dpe_destroy_context(saved_handles[i], false);
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DestroyContext call failed");
+ return;
+ }
+ }
+
ret->val = TEST_PASSED;
}
@@ -120,19 +142,19 @@
{
call_certify_key_with_test_data(
ret,
- &derive_child_test_dataset_2[0],
- sizeof(derive_child_test_dataset_2)/sizeof(derive_child_test_dataset_2[0]));
+ &derive_context_test_dataset_1[0],
+ sizeof(derive_context_test_dataset_1)/sizeof(derive_context_test_dataset_1[0]));
call_certify_key_with_test_data(
ret,
- &derive_child_test_dataset_3,
- DERIVE_CHILD_TEST_DATA3_SIZE);
+ &derive_context_test_dataset_2,
+ DERIVE_CONTEXT_TEST_DATA2_SIZE);
}
void certify_key_api_test(struct test_result_t *ret)
{
dpe_error_t dpe_err;
- int out_child_handle;
+ int out_ctx_handle;
const uint8_t label[] = { 0x1A, 0xBE, 0x1 };
uint8_t certificate_chain_buf[2000];
size_t certificate_chain_actual_size;
@@ -142,19 +164,29 @@
DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
int out_parent_handle;
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- true, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* input_ctx_handle */
+ true, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ true, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild call failed");
+ TEST_FAIL("DPE DeriveContext call failed");
return;
}
- dpe_err = dpe_certify_key(out_child_handle, /* input_ctx_handle */
+ dpe_err = dpe_certify_key(out_ctx_handle, /* input_ctx_handle */
true, /* retain_context */
NULL, /* public_key */
0, /* public_key_size */
@@ -167,14 +199,19 @@
sizeof(derived_public_key_buf), /* derived_public_key_buf_size */
&derived_public_key_actual_size, /* derived_public_key_buf_actual_size */
&new_context_handle); /* new_context_handle */
-
if (dpe_err != DPE_NO_ERROR) {
TEST_FAIL("DPE CertifyKey call failed");
return;
}
+ dpe_err = dpe_destroy_context(new_context_handle, false);
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DestroyContext call failed");
+ return;
+ }
+
/* Save the last handle for the subsequent test */
- last_retained_child_handle = new_context_handle;
+ retained_rot_ctx_handle = out_parent_handle;
ret->val = TEST_PASSED;
}
@@ -182,7 +219,7 @@
void certify_key_retain_context_test(struct test_result_t *ret)
{
dpe_error_t dpe_err;
- int out_child_handle;
+ int out_ctx_handle;
const uint8_t label[] = { 0x1A, 0xBE, 0x1 };
uint8_t certificate_chain_buf[2000];
size_t certificate_chain_actual_size;
@@ -192,19 +229,32 @@
DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
int out_parent_handle;
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- true, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* context_handle */
+ true, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ true, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild call failed");
+ TEST_FAIL("DPE DeriveContext call failed");
return;
}
- dpe_err = dpe_certify_key(out_child_handle, /* input_ctx_handle */
+ /* Save the last handle for the subsequent test */
+ retained_rot_ctx_handle = out_parent_handle;
+
+ dpe_err = dpe_certify_key(out_ctx_handle, /* input_ctx_handle */
false, /* retain_context */
NULL, /* public_key */
0, /* public_key_size */
@@ -217,7 +267,6 @@
sizeof(derived_public_key_buf), /* derived_public_key_buf_size */
&derived_public_key_actual_size, /* derived_public_key_buf_actual_size */
&new_context_handle); /* new_context_handle */
-
if (dpe_err != DPE_NO_ERROR) {
TEST_FAIL("DPE CertifyKey call failed");
return;
diff --git a/partitions/dice_protection_environment/test/dpe_derive_child_test.c b/partitions/dice_protection_environment/test/dpe_derive_child_test.c
deleted file mode 100644
index 5f9e1c4..0000000
--- a/partitions/dice_protection_environment/test/dpe_derive_child_test.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include <string.h>
-#include "dice_protection_environment.h"
-#include "dpe_test.h"
-#include "dpe_test_data.h"
-
-extern struct dpe_derive_child_test_data_t derive_child_test_dataset_1[DERIVE_CHILD_TEST_DATA1_SIZE];
-extern int last_retained_child_handle;
-
-void derive_child_api_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle;
- int out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
-
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
- if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild call failed");
- return;
- }
-
- TEST_LOG("out_child_handle = %d\r\n", out_child_handle);
- TEST_LOG("out_parent_handle = %d\r\n", out_parent_handle);
-
- /* Save the last handle for the subsequent test */
- last_retained_child_handle = out_child_handle;
-
- ret->val = TEST_PASSED;
-}
-
-void derive_rot_layer_context(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
- int out_parent_handle;
-
- dpe_err = dpe_derive_child(ROT_CTX_HANDLE,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- true, /* create_certificate */
- &dice_inputs,
- &last_retained_child_handle,
- &out_parent_handle);
- if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild RoT context init failed");
- return;
- }
-
- ret->val = TEST_PASSED;
-}
-
-static void call_derive_child_with_test_data(
- struct test_result_t *ret,
- struct dpe_derive_child_test_data_t *test_data,
- int test_count)
-{
- dpe_error_t dpe_err;
- int i, in_handle, out_child_handle, out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
- int test_out_handles[MAX_NUM_OF_COMPONENTS] = {0};
-
- for (i = 0; i < test_count; i++) {
- test_data = &derive_child_test_dataset_1[i];
-
- in_handle = (i == 0) ? last_retained_child_handle :
- test_out_handles[test_data->inputs.in_handle_comp_idx];
-
- dpe_err = dpe_derive_child(in_handle,
- test_data->inputs.retain_parent_context,
- test_data->inputs.allow_child_to_derive,
- test_data->inputs.create_certificate,
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild core functionality test failed");
- return;
- }
-
- if ((GET_IDX(out_child_handle) == GET_IDX(out_parent_handle)) &&
- (out_child_handle != INVALID_HANDLE)) {
- TEST_FAIL("DPE DeriveChild core test failed,"
- "Child & parent handle cannot share same component");
- return;
- }
-
- if ((GET_IDX(out_child_handle) != test_data->outputs.expected_child_handle_idx) ||
- (GET_IDX(out_parent_handle) != test_data->outputs.expected_parent_handle_idx)) {
- TEST_FAIL("DPE DeriveChild core test failed, actual output not as expected");
- return;
- }
-
- if (test_data->inputs.retain_parent_context) {
- test_out_handles[GET_IDX(out_parent_handle)] = out_parent_handle;
- }
-
- if (test_data->inputs.allow_child_to_derive) {
- test_out_handles[GET_IDX(out_child_handle)] = out_child_handle;
- }
- }
-
- /* Save the last handle for the subsequent test */
- last_retained_child_handle = out_child_handle;
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_core_functionality_test(struct test_result_t *ret)
-{
- int test_count;
- struct dpe_derive_child_test_data_t *test_data;
-
- test_data = &derive_child_test_dataset_1[0];
- test_count = sizeof(derive_child_test_dataset_1)/sizeof(derive_child_test_dataset_1[0]);
-
- call_derive_child_with_test_data(ret, test_data, test_count);
-}
-
-void derive_child_single_use_handle_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle;
- int out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
-
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
- if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild call failed");
- return;
- }
-
- /* Use the same handle again */
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
- if (dpe_err != DPE_INVALID_ARGUMENT) {
- TEST_FAIL("DPE DeriveChild test: Same handle used again should return invalid argument");
- return;
- }
-
- /* Save the last handle for the subsequent test */
- last_retained_child_handle = out_child_handle;
-
- ret->val = TEST_PASSED;
-}
-void derive_child_incorrect_handle_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle, out_parent_handle, invalid_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
-
- /* Use a different handle index */
- invalid_handle = last_retained_child_handle;
- invalid_handle = SET_IDX(invalid_handle, (GET_IDX(last_retained_child_handle) + 1));
-
- dpe_err = dpe_derive_child(invalid_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_INVALID_ARGUMENT) {
- TEST_FAIL("DPE DeriveChild test: Invalid handle index should return invalid argument");
- return;
- }
-
- /* Use a different handle nonce */
- invalid_handle = last_retained_child_handle;
- invalid_handle = SET_NONCE(invalid_handle, (GET_NONCE(last_retained_child_handle) + 1));
-
- dpe_err = dpe_derive_child(invalid_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_INVALID_ARGUMENT) {
- TEST_FAIL("DPE DeriveChild test: Invalid handle nonce should return invalid argument");
- return;
- }
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_invalid_hash_size_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle, out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
-
- /* Use a invalid size of measurement descriptor */
- dice_inputs.code_descriptor_size = DICE_CODE_DESCRIPTOR_MAX_SIZE + 1;
-
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_INVALID_ARGUMENT) {
- TEST_FAIL("DPE DeriveChild test: Invalid measurement descriptor size should return invalid argument");
- return;
- }
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_invalid_signer_id_size_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle, out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
-
- /* Use a invalid size of signer id descriptor */
- dice_inputs.authority_descriptor_size = DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE + 1;
-
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_INVALID_ARGUMENT) {
- TEST_FAIL("DPE DeriveChild test: Invalid signer id descriptor size should return invalid argument");
- return;
- }
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_invalid_config_desc_size_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle, out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
-
- /* Use a invalid size of config descriptor */
- dice_inputs.config_descriptor_size = DICE_CONFIG_DESCRIPTOR_MAX_SIZE + 1;
-
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- true, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_INVALID_ARGUMENT) {
- TEST_FAIL("DPE DeriveChild test: Invalid config descriptor size should return invalid argument");
- return;
- }
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_missing_dice_input_arg_test(struct test_result_t *ret)
-{
- //TODO: TO BE IMPLEMENTED
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_invalid_cbor_encoded_input_test(struct test_result_t *ret)
-{
- //TODO: TO BE IMPLEMENTED
-
- ret->val = TEST_PASSED;
-}
-
-void derive_child_with_parent_leaf_component_test(struct test_result_t *ret)
-{
- dpe_error_t dpe_err;
- int out_child_handle, out_parent_handle;
- DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
- out_child_handle = INVALID_HANDLE;
-
- /* Call to derive_child for adding component setting it as a leaf */
- dpe_err = dpe_derive_child(last_retained_child_handle,
- false, /* retain_parent_context */
- false, /* allow_child_to_derive */
- false, /* create_certificate */
- &dice_inputs,
- &out_child_handle,
- &out_parent_handle);
-
- if (dpe_err != DPE_NO_ERROR) {
- TEST_FAIL("DPE DeriveChild test: Leaf component derivation failed");
- return;
- }
-
- if (out_child_handle != INVALID_HANDLE) {
- TEST_FAIL("DPE DeriveChild test: Should only return invalid handle for a leaf component");
- }
-
- /* Note: since we have used the handle with retain_parent_context
- * as false, we have created a context which cannot be destroyed
- */
- ret->val = TEST_PASSED;
-}
diff --git a/partitions/dice_protection_environment/test/dpe_derive_context_test.c b/partitions/dice_protection_environment/test/dpe_derive_context_test.c
new file mode 100644
index 0000000..f25bfd7
--- /dev/null
+++ b/partitions/dice_protection_environment/test/dpe_derive_context_test.c
@@ -0,0 +1,414 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <string.h>
+#include "dice_protection_environment.h"
+#include "dpe_test.h"
+#include "dpe_test_data.h"
+
+extern int retained_rot_ctx_handle;
+
+void derive_context_api_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle;
+ int out_parent_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* input_ctx_handle */
+ true, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DeriveContext call failed");
+ return;
+ }
+
+ TEST_LOG("out_ctx_handle = %d\r\n", out_ctx_handle);
+ TEST_LOG("out_parent_handle = %d\r\n", out_parent_handle);
+
+ dpe_err = dpe_destroy_context(out_ctx_handle, false);
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DestroyContext call failed");
+ return;
+ }
+
+ /* Save the last handle for the subsequent test */
+ retained_rot_ctx_handle = out_parent_handle;
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_rot_layer_context(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+ int out_parent_handle;
+
+ dpe_err = dpe_derive_context(ROT_CTX_HANDLE, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ true, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &retained_rot_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DeriveContext RoT context init failed");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_single_use_handle_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle, in_handle;
+ int out_parent_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+
+ in_handle = retained_rot_ctx_handle;
+ dpe_err = dpe_derive_context(in_handle, /* input_ctx_handle */
+ true, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DeriveContext call failed");
+ return;
+ }
+
+ /* Save the last handle for the subsequent test */
+ retained_rot_ctx_handle = out_parent_handle;
+
+ /* Use the previously used handle again */
+ dpe_err = dpe_derive_context(in_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_INVALID_ARGUMENT) {
+ TEST_FAIL("DPE DeriveContext test: Same handle used again should return invalid argument");
+ return;
+ }
+
+ dpe_err = dpe_destroy_context(out_ctx_handle, false);
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DestroyContext call failed");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
+void derive_context_incorrect_handle_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle, out_parent_handle, invalid_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+
+ /* Use a different handle index */
+ invalid_handle = retained_rot_ctx_handle;
+ invalid_handle = SET_IDX(invalid_handle, (GET_IDX(retained_rot_ctx_handle) + 1));
+
+ dpe_err = dpe_derive_context(invalid_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_INVALID_ARGUMENT) {
+ TEST_FAIL("DPE DeriveContext test: Invalid handle index should return invalid argument");
+ return;
+ }
+
+ /* Use a different handle nonce */
+ invalid_handle = retained_rot_ctx_handle;
+ invalid_handle = SET_NONCE(invalid_handle, (GET_NONCE(retained_rot_ctx_handle) + 1));
+
+ dpe_err = dpe_derive_context(invalid_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_INVALID_ARGUMENT) {
+ TEST_FAIL("DPE DeriveContext test: Invalid handle nonce should return invalid argument");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_invalid_hash_size_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle, out_parent_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+
+ /* Use a invalid size of measurement descriptor */
+ dice_inputs.code_descriptor_size = DICE_CODE_DESCRIPTOR_MAX_SIZE + 1;
+
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_INVALID_ARGUMENT) {
+ TEST_FAIL("DPE DeriveContext test: Invalid measurement descriptor size should return invalid argument");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_invalid_signer_id_size_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle, out_parent_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+
+ /* Use a invalid size of signer id descriptor */
+ dice_inputs.authority_descriptor_size = DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE + 1;
+
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_INVALID_ARGUMENT) {
+ TEST_FAIL("DPE DeriveContext test: Invalid signer id descriptor size should return invalid argument");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_invalid_config_desc_size_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle, out_parent_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+
+ /* Use a invalid size of config descriptor */
+ dice_inputs.config_descriptor_size = DICE_CONFIG_DESCRIPTOR_MAX_SIZE + 1;
+
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ true, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_INVALID_ARGUMENT) {
+ TEST_FAIL("DPE DeriveContext test: Invalid config descriptor size should return invalid argument");
+ return;
+ }
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_missing_dice_input_arg_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_invalid_cbor_encoded_input_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_smaller_cert_buffer_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_smaller_cdi_buffer_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+void derive_context_prevent_cdi_export_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+void derive_context_invalid_input_param_combination_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+void derive_context_missing_req_input_param_combination_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+void derive_context_check_export_cdi_test(struct test_result_t *ret)
+{
+ //TODO: TO BE IMPLEMENTED
+
+ ret->val = TEST_PASSED;
+}
+
+void derive_context_with_parent_leaf_component_test(struct test_result_t *ret)
+{
+ dpe_error_t dpe_err;
+ int out_ctx_handle, out_parent_handle;
+ DiceInputValues dice_inputs = DEFAULT_DICE_INPUT;
+ out_ctx_handle = INVALID_HANDLE;
+
+ /* Call to derive_context for adding component setting it as a leaf */
+ dpe_err = dpe_derive_context(retained_rot_ctx_handle, /* input_ctx_handle */
+ false, /* retain_parent_context */
+ false, /* allow_new_context_to_derive */
+ false, /* create_certificate */
+ &dice_inputs, /* dice_inputs */
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &out_ctx_handle, /* new_context_handle */
+ &out_parent_handle, /* new_parent_context_handle */
+ NULL, /* new_certificate_buf */
+ 0, /* new_certificate_buf_size */
+ NULL, /* new_certificate_actual_size */
+ NULL, /* exported_cdi_buf */
+ 0, /* exported_cdi_buf_size */
+ NULL); /* exported_cdi_actual_size */
+
+ if (dpe_err != DPE_NO_ERROR) {
+ TEST_FAIL("DPE DeriveContext test: Leaf component derivation failed");
+ return;
+ }
+
+ if (out_ctx_handle != INVALID_HANDLE) {
+ TEST_FAIL("DPE DeriveContext test: Should only return invalid handle for a leaf component");
+ }
+
+ /* Note: since we have used the handle with allow_new_context_to_derive
+ * as false, we have created a context which cannot be destroyed
+ */
+ ret->val = TEST_PASSED;
+}
diff --git a/partitions/dice_protection_environment/test/dpe_test.h b/partitions/dice_protection_environment/test/dpe_test.h
index 55d6c4a..5bcd24f 100644
--- a/partitions/dice_protection_environment/test/dpe_test.h
+++ b/partitions/dice_protection_environment/test/dpe_test.h
@@ -19,6 +19,8 @@
#define INVALID_HANDLE 0xFFFFFFFF
#define ROT_CTX_HANDLE 0
#define DPE_ATTEST_PUB_KEY_SIZE PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(521)
+/* Below encoded CDI size accomodate both Attest and Seal CDI */
+#define DICE_MAX_ENCODED_CDI_SIZE ((2 * DICE_CDI_SIZE) + 16)
/* Most significant 16 bits represent nonce & remaining 16 bits represent component index */
#define GET_IDX(handle) (handle & 0xffff)
@@ -34,11 +36,11 @@
void derive_rot_layer_context(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild API.
+ * \brief Test the DPE DeriveContext API.
*
* \param[out] ret Test result
*/
-void derive_child_api_test(struct test_result_t *ret);
+void derive_context_api_test(struct test_result_t *ret);
/**
* \brief Test the DPE CertifyKey API.
@@ -48,67 +50,105 @@
void certify_key_api_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with invalid handle.
+ * \brief Test the DPE DeriveContext with invalid handle.
*
* \param[out] ret Test result
*/
-void derive_child_incorrect_handle_test(struct test_result_t *ret);
+void derive_context_incorrect_handle_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with invalid measurement descriptor size.
+ * \brief Test the DPE DeriveContext with invalid measurement descriptor size.
*
* \param[out] ret Test result
*/
-void derive_child_invalid_hash_size_test(struct test_result_t *ret);
+void derive_context_invalid_hash_size_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with invalid signer id descriptor size.
+ * \brief Test the DPE DeriveContext with invalid signer id descriptor size.
*
* \param[out] ret Test result
*/
-void derive_child_invalid_signer_id_size_test(struct test_result_t *ret);
+void derive_context_invalid_signer_id_size_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with invalid config descriptor size.
+ * \brief Test the DPE DeriveContext with invalid config descriptor size.
*
* \param[out] ret Test result
*/
-void derive_child_invalid_config_desc_size_test(struct test_result_t *ret);
+void derive_context_invalid_config_desc_size_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with missing required arguments.
+ * \brief Test the DPE DeriveContext with missing required arguments.
*
* \param[out] ret Test result
*/
-void derive_child_missing_dice_input_arg_test(struct test_result_t *ret);
+void derive_context_missing_dice_input_arg_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with invalid cbor encoded input.
+ * \brief Test the DPE DeriveContext with invalid cbor encoded input.
*
* \param[out] ret Test result
*/
-void derive_child_invalid_cbor_encoded_input_test(struct test_result_t *ret);
+void derive_context_invalid_cbor_encoded_input_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild with same handle again.
+ * \brief Test the DPE DeriveContext with smaller certificate buffer size.
*
* \param[out] ret Test result
*/
-void derive_child_single_use_handle_test(struct test_result_t *ret);
+void derive_context_smaller_cert_buffer_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild for leaf component.
+ * \brief Test the DPE DeriveContext with smaller CDI buffer size.
*
* \param[out] ret Test result
*/
-void derive_child_with_parent_leaf_component_test(struct test_result_t *ret);
+void derive_context_smaller_cdi_buffer_test(struct test_result_t *ret);
/**
- * \brief Test the DPE DeriveChild functionality.
+ * \brief Test the DPE DeriveContext to check functionality of
+ * allow_new_context_to_export argument.
*
* \param[out] ret Test result
*/
-void derive_child_core_functionality_test(struct test_result_t *ret);
+void derive_context_prevent_cdi_export_test(struct test_result_t *ret);
+
+/**
+ * \brief Test the DPE DeriveContext with invalid input combination of
+ * various input arguments.
+ *
+ * \param[out] ret Test result
+ */
+void derive_context_invalid_input_param_combination_test(struct test_result_t *ret);
+
+/**
+ * \brief Test the DPE DeriveContext with missing some inputs required in
+ * combination.
+ *
+ * \param[out] ret Test result
+ */
+void derive_context_missing_req_input_param_combination_test(struct test_result_t *ret);
+
+/**
+ * \brief Test the DPE DeriveContext to check for export CDI.
+ *
+ * \param[out] ret Test result
+ */
+void derive_context_check_export_cdi_test(struct test_result_t *ret);
+
+/**
+ * \brief Test the DPE DeriveContext with same handle again.
+ *
+ * \param[out] ret Test result
+ */
+void derive_context_single_use_handle_test(struct test_result_t *ret);
+
+/**
+ * \brief Test the DPE DeriveContext for leaf component.
+ *
+ * \param[out] ret Test result
+ */
+void derive_context_with_parent_leaf_component_test(struct test_result_t *ret);
/**
* \brief Test the DPE CertifyKey functionality.
diff --git a/partitions/dice_protection_environment/test/dpe_test_data.c b/partitions/dice_protection_environment/test/dpe_test_data.c
index 4f49ee7..1b7941d 100644
--- a/partitions/dice_protection_environment/test/dpe_test_data.c
+++ b/partitions/dice_protection_environment/test/dpe_test_data.c
@@ -8,275 +8,47 @@
#include "dice_protection_environment.h"
#include "dpe_test_data.h"
-#define INVALID_COMPONENT_IDX 0xFFFF
+int retained_rot_ctx_handle;
-int last_retained_child_handle;
-
-const struct dpe_derive_child_test_data_t derive_child_test_dataset_1[DERIVE_CHILD_TEST_DATA1_SIZE] = {
+/* Below dataset is used for CertifyKey command test */
+const struct dpe_derive_context_test_data_t
+ derive_context_test_dataset_1[DERIVE_CONTEXT_TEST_DATA1_SIZE] = {
{
{
/* Derive RSS_BL2, Caller/Parent RSS BL1_2 */
- .in_handle_comp_idx = 1,
- .retain_parent_context = false,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 5,
- .expected_parent_handle_idx = INVALID_COMPONENT_IDX,
- }
- },
- {
- {
- /* Derive SCP_BL1 (1st child of RSS BL2) */
- .in_handle_comp_idx = 5,
+ .use_parent_handle = false,
.retain_parent_context = true,
- .allow_child_to_derive = false,
+ .allow_new_context_to_derive = true,
.create_certificate = false,
},
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 6,
- }
},
{
{
- /* Derive AP_BL1, (2nd child of RSS BL2) */
- .in_handle_comp_idx = 6,
+ /* Derive SCP_BL1 (1st derived context of RSS BL2) */
+ .use_parent_handle = true,
.retain_parent_context = true,
- .allow_child_to_derive = true,
+ .allow_new_context_to_derive = false,
.create_certificate = false,
},
- {
- .expected_child_handle_idx = 7,
- .expected_parent_handle_idx = 8,
- }
},
{
{
- /* Derive RSS_S, (3rd child of RSS BL2) */
- .in_handle_comp_idx = 8,
+ /* Derive AP_BL1, (2nd and final derived context of RSS BL2) */
+ .use_parent_handle = true,
.retain_parent_context = true,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 9,
- }
- },
- {
- {
- /* Derive RSS_NS, (4th child of RSS BL2) */
- .in_handle_comp_idx = 9,
- .retain_parent_context = false,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = INVALID_COMPONENT_IDX,
- }
- },
- {
- {
- /* Derive FW_CONFIG, (1st child of AP_BL1) */
- .in_handle_comp_idx = 7,
- .retain_parent_context = true,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 10,
- }
- },
- {
- {
- /* Derive TB_FW_CONFIG, (2nd child of AP_BL1) */
- .in_handle_comp_idx = 10,
- .retain_parent_context = true,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 11,
- }
- },
- {
- {
- /* Derive AP_BL2, (3rd child of AP_BL1) */
- .in_handle_comp_idx = 11,
- .retain_parent_context = false,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 12,
- .expected_parent_handle_idx = INVALID_COMPONENT_IDX,
- }
- },
- {
- {
- /* Derive AP_BL31, (1st child of AP_BL2) */
- .in_handle_comp_idx = 12,
- .retain_parent_context = true,
- .allow_child_to_derive = false,
+ .allow_new_context_to_derive = true,
.create_certificate = true, /* Finalise Platform layer */
},
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 13,
- }
- },
- {
- {
- /* Derive AP_SPM, (2nd child of AP_BL2) */
- .in_handle_comp_idx = 13,
- .retain_parent_context = true,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 14,
- }
- },
- {
- {
- /* Derive AP_SPx, (3rd child of AP_BL2) */
- .in_handle_comp_idx = 14,
- .retain_parent_context = true,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 15,
- }
- },
- {
- {
- /* Derive AP_NS_BL, (4th child of AP_BL2) */
- .in_handle_comp_idx = 15,
- .retain_parent_context = false,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 16,
- .expected_parent_handle_idx = INVALID_COMPONENT_IDX,
- }
- },
- {
- {
- /* Derive AP_HOST_OS, (1st child of AP_NS_BL) */
- .in_handle_comp_idx = 16,
- .retain_parent_context = true,
- .allow_child_to_derive = false,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = INVALID_COMPONENT_IDX,
- .expected_parent_handle_idx = 17,
- }
- },
- {
- {
- /* Derive AP_PVM_FW, (2nd child of AP_NS_BL) */
- .in_handle_comp_idx = 17,
- .retain_parent_context = false,
- .allow_child_to_derive = true,
- .create_certificate = true, /* Finalise Secure World & Hypervisor layer */
- },
- {
- .expected_child_handle_idx = 18,
- .expected_parent_handle_idx = INVALID_COMPONENT_IDX,
- }
- },
- {
- {
- /* Derive AP_GUEST_KERNEL_1, (1st child of AP_PVM_FW) */
- .in_handle_comp_idx = 18,
- .retain_parent_context = true,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 19,
- .expected_parent_handle_idx = 20,
- }
- },
- {
- {
- /* Derive AP_GUEST_KERNEL_2, (2nd child of AP_PVM_FW) */
- .in_handle_comp_idx = 20,
- .retain_parent_context = true,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 21,
- .expected_parent_handle_idx = 22,
- }
},
};
/* Below dataset is used for CertifyKey command test */
-const struct dpe_derive_child_test_data_t derive_child_test_dataset_2[DERIVE_CHILD_TEST_DATA2_SIZE] = {
- {
- {
- /* Derive RSS_BL2, Caller/Parent RSS BL1_2 */
- .in_handle_comp_idx = 1,
- .retain_parent_context = true,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 2,
- .expected_parent_handle_idx = 3,
- }
- },
- {
- {
- /* Derive SCP_BL1 (1st child of RSS BL2) */
- .in_handle_comp_idx = 2,
- .retain_parent_context = true,
- .allow_child_to_derive = true,
- .create_certificate = false,
- },
- {
- .expected_child_handle_idx = 4,
- .expected_parent_handle_idx = 5,
- }
- },
- {
- {
- /* Derive AP_BL1, (2nd and final child of RSS BL2) */
- .in_handle_comp_idx = 5,
- .retain_parent_context = true,
- .allow_child_to_derive = true,
- .create_certificate = true, /* Finalise Platform layer */
- },
- {
- .expected_child_handle_idx = 6,
- .expected_parent_handle_idx = 7,
- }
- },
-};
-
-/* Below dataset is used for CertifyKey command test */
-const struct dpe_derive_child_test_data_t derive_child_test_dataset_3 = {
+const struct dpe_derive_context_test_data_t derive_context_test_dataset_2 = {
{
/* Derive RSS_BL2, Caller/Parent RSS BL1_2 */
- .in_handle_comp_idx = 1,
+ .use_parent_handle = false,
.retain_parent_context = true,
- .allow_child_to_derive = true,
+ .allow_new_context_to_derive = true,
.create_certificate = false,
},
- {
- .expected_child_handle_idx = 2,
- .expected_parent_handle_idx = 3,
- }
};
diff --git a/partitions/dice_protection_environment/test/dpe_test_data.h b/partitions/dice_protection_environment/test/dpe_test_data.h
index 2dfe594..834f7f1 100644
--- a/partitions/dice_protection_environment/test/dpe_test_data.h
+++ b/partitions/dice_protection_environment/test/dpe_test_data.h
@@ -5,18 +5,18 @@
*
*/
-#ifndef __DPE_DERIVE_CHILD_TEST_DATA_H__
-#define __DPE_DERIVE_CHILD_TEST_DATA_H__
+#ifndef __DPE_DERIVE_CONTEXT_TEST_DATA_H__
+#define __DPE_DERIVE_CONTEXT_TEST_DATA_H__
#ifdef __cplusplus
extern "C" {
#endif
#define MAX_NUM_OF_COMPONENTS 30
+#define INVALID_COMPONENT_IDX 0xFFFF
-#define DERIVE_CHILD_TEST_DATA1_SIZE 16
-#define DERIVE_CHILD_TEST_DATA2_SIZE 3
-#define DERIVE_CHILD_TEST_DATA3_SIZE 1
+#define DERIVE_CONTEXT_TEST_DATA1_SIZE 3
+#define DERIVE_CONTEXT_TEST_DATA2_SIZE 1
#define DEFAULT_DICE_INPUT { \
{ 0xC0, 0xDE }, \
@@ -33,25 +33,20 @@
{ 0x81, 0xDE }, \
}
-struct dpe_derive_child_test_input_data_t {
- uint16_t in_handle_comp_idx;
+struct dpe_derive_context_test_input_data_t {
+ /* If below flag is true, use previous parent handle or use derived context handle */
+ bool use_parent_handle;
bool retain_parent_context;
- bool allow_child_to_derive;
+ bool allow_new_context_to_derive;
bool create_certificate;
};
-struct dpe_derive_child_test_output_data_t {
- uint16_t expected_child_handle_idx;
- uint16_t expected_parent_handle_idx;
-};
-
-struct dpe_derive_child_test_data_t {
- struct dpe_derive_child_test_input_data_t inputs;
- struct dpe_derive_child_test_output_data_t outputs;
+struct dpe_derive_context_test_data_t {
+ struct dpe_derive_context_test_input_data_t inputs;
};
#ifdef __cplusplus
}
#endif
-#endif /* __DPE_DERIVE_CHILD_TEST_DATA_H__ */
+#endif /* __DPE_DERIVE_CONTEXT_TEST_DATA_H__ */
diff --git a/partitions/dice_protection_environment/test/non_secure/dpe_ns_interface_testsuite.c b/partitions/dice_protection_environment/test/non_secure/dpe_ns_interface_testsuite.c
index d489316..3e89ad8 100644
--- a/partitions/dice_protection_environment/test/non_secure/dpe_ns_interface_testsuite.c
+++ b/partitions/dice_protection_environment/test/non_secure/dpe_ns_interface_testsuite.c
@@ -10,8 +10,8 @@
static struct test_t dpe_ns_tests[] = {
{&derive_rot_layer_context, "DPE_NS_TEST_INIT",
"DPE derive RoT context"},
- {&derive_child_api_test, "DPE_NS_TEST_1001",
- "DPE DeriveChild API"},
+ {&derive_context_api_test, "DPE_NS_TEST_1001",
+ "DPE DeriveContext API"},
{&certify_key_api_test, "DPE_NS_TEST_1002",
"DPE CertifyKey API"},
};
diff --git a/partitions/dice_protection_environment/test/secure/CMakeLists.txt b/partitions/dice_protection_environment/test/secure/CMakeLists.txt
index 710ec82..cfb8648 100644
--- a/partitions/dice_protection_environment/test/secure/CMakeLists.txt
+++ b/partitions/dice_protection_environment/test/secure/CMakeLists.txt
@@ -9,7 +9,7 @@
target_sources(tfm_test_suite_extra_s
PRIVATE
- ../dpe_derive_child_test.c
+ ../dpe_derive_context_test.c
../dpe_certify_key_test.c
../dpe_test_data.c
dpe_s_interface_testsuite.c
diff --git a/partitions/dice_protection_environment/test/secure/dpe_s_interface_testsuite.c b/partitions/dice_protection_environment/test/secure/dpe_s_interface_testsuite.c
index 076fa45..da51534 100644
--- a/partitions/dice_protection_environment/test/secure/dpe_s_interface_testsuite.c
+++ b/partitions/dice_protection_environment/test/secure/dpe_s_interface_testsuite.c
@@ -10,46 +10,54 @@
static struct test_t dpe_s_tests[] = {
{&derive_rot_layer_context, "DPE_S_TEST_INIT",
"DPE derive RoT context"},
- {&derive_child_api_test, "DPE_S_TEST_1001",
- "DPE DeriveChild API"},
+ {&derive_context_api_test, "DPE_S_TEST_1001",
+ "DPE DeriveContext API"},
{&certify_key_api_test, "DPE_S_TEST_1002",
"DPE CertifyKey API"},
- {&derive_child_incorrect_handle_test, "DPE_S_TEST_1003",
- "DPE DeriveChild - invalid handle"},
- {&derive_child_invalid_hash_size_test, "DPE_S_TEST_1004",
- "DPE DeriveChild - invalid measurement descriptor size"},
- {&derive_child_invalid_signer_id_size_test, "DPE_S_TEST_1005",
- "DPE DeriveChild - invalid signer id descriptor size"},
- {&derive_child_invalid_config_desc_size_test, "DPE_S_TEST_1006",
- "DPE DeriveChild - invalid config descriptor size"},
- {&derive_child_missing_dice_input_arg_test, "DPE_S_TEST_1007",
- "DPE DeriveChild - missing required dice input arguments"},
- {&derive_child_invalid_cbor_encoded_input_test, "DPE_S_TEST_1008",
- "DPE DeriveChild - invalid cbor encoded input"},
- {&derive_child_single_use_handle_test, "DPE_S_TEST_1009",
- "DPE DeriveChild - same handle"},
- {&derive_child_core_functionality_test, "DPE_S_TEST_1010",
- "DPE DeriveChild functionality"},
- //TODO: Below test will be enabled when contexts can be destroyed
-/* {&certify_key_core_functionality_test, "DPE_S_TEST_1011",
+ {&derive_context_incorrect_handle_test, "DPE_S_TEST_1003",
+ "DPE DeriveContext - invalid handle"},
+ {&derive_context_invalid_hash_size_test, "DPE_S_TEST_1004",
+ "DPE DeriveContext - invalid measurement descriptor size"},
+ {&derive_context_invalid_signer_id_size_test, "DPE_S_TEST_1005",
+ "DPE DeriveContext - invalid signer id descriptor size"},
+ {&derive_context_invalid_config_desc_size_test, "DPE_S_TEST_1006",
+ "DPE DeriveContext - invalid config descriptor size"},
+ {&derive_context_missing_dice_input_arg_test, "DPE_S_TEST_1007",
+ "DPE DeriveContext - missing required dice input arguments"},
+ {&derive_context_invalid_cbor_encoded_input_test, "DPE_S_TEST_1008",
+ "DPE DeriveContext - invalid cbor encoded input"},
+ {&derive_context_smaller_cert_buffer_test, "DPE_S_TEST_1009",
+ "DPE DeriveContext - invalid certificate buffer size"},
+ {&derive_context_smaller_cdi_buffer_test, "DPE_S_TEST_1010",
+ "DPE DeriveContext - invalid CDI buffer size"},
+ {&derive_context_prevent_cdi_export_test, "DPE_S_TEST_1011",
+ "DPE DeriveContext - check function of allow_new_context_to_export arg"},
+ {&derive_context_invalid_input_param_combination_test, "DPE_S_TEST_1012",
+ "DPE DeriveContext - invalid input combination of various input args"},
+ {&derive_context_missing_req_input_param_combination_test, "DPE_S_TEST_1013",
+ "DPE DeriveContext - missing required input arguments in combination"},
+ {&derive_context_check_export_cdi_test, "DPE_S_TEST_1014",
+ "DPE DeriveContext - check function of export_cdi arg"},
+ {&derive_context_single_use_handle_test, "DPE_S_TEST_1015",
+ "DPE DeriveContext - same handle"},
+ {&certify_key_core_functionality_test, "DPE_S_TEST_1016",
"DPE CertifyKey functionality"},
- {&certify_key_retain_context_test, "DPE_S_TEST_1012",
+ {&certify_key_retain_context_test, "DPE_S_TEST_1017",
"DPE CertifyKey - retain context"},
- */
- {&certify_key_incorrect_handle_test, "DPE_S_TEST_1013",
+ {&certify_key_incorrect_handle_test, "DPE_S_TEST_1018",
"DPE CertifyKey - invalid handle"},
- {&certify_key_supplied_pub_key_test, "DPE_S_TEST_1014",
+ {&certify_key_supplied_pub_key_test, "DPE_S_TEST_1019",
"DPE CertifyKey - supplied public key"},
- {&certify_key_supplied_label_test, "DPE_S_TEST_1015",
+ {&certify_key_supplied_label_test, "DPE_S_TEST_1020",
"DPE CertifyKey - supplied label"},
- {&certify_key_smaller_cert_buffer_test, "DPE_S_TEST_1016",
+ {&certify_key_smaller_cert_buffer_test, "DPE_S_TEST_1021",
"DPE CertifyKey - invalid certificate chain buffer size"},
- {&certify_key_smaller_derived_pub_key_buffer_test, "DPE_S_TEST_1017",
+ {&certify_key_smaller_derived_pub_key_buffer_test, "DPE_S_TEST_1022",
"DPE CertifyKey - invalid public key buffer size"},
- {&certify_key_invalid_cbor_encoded_input_test, "DPE_S_TEST_1018",
+ {&certify_key_invalid_cbor_encoded_input_test, "DPE_S_TEST_1023",
"DPE CertifyKey - invalid cbor encoded input"},
- {&derive_child_with_parent_leaf_component_test, "DPE_S_TEST_1019",
- "DPE DeriveChild - Leaf component"},
+ {&derive_context_with_parent_leaf_component_test, "DPE_S_TEST_1024",
+ "DPE DeriveContext - Leaf component"},
};
void register_testsuite_extra_s_interface(struct test_suite_t *p_test_suite)