1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2014, Linaro Limited
4 */
5 #include "xtest_test.h"
6 #include "xtest_helpers.h"
7
8 #include <tee_api_types.h>
9 #include <tee_api_defines_extensions.h>
10 #include <utee_defines.h>
11 #include <string.h>
12 #include <enc_fs_key_manager_test.h>
13
14 #define WITH_HKDF 1
15 #define WITH_CONCAT_KDF 1
16 #define WITH_PBKDF2 1
17
18 /*
19 * HKDF test data from RFC 5869
20 */
21
22 /* A.1 SHA-256 */
23
24 static const uint8_t hkdf_a1_ikm[] = {
25 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
26 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
27 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
28 };
29
30 static const uint8_t hkdf_a1_salt[] = {
31 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
32 0x08, 0x09, 0x0a, 0x0b, 0x0c
33 };
34
35 static const uint8_t hkdf_a1_info[] = {
36 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
37 0xf8, 0xf9
38 };
39
40 static const uint8_t hkdf_a1_okm[] = {
41 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
42 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
43 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
44 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
45 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
46 0x58, 0x65
47 };
48
49 /* A.2 SHA-256 */
50 static const uint8_t hkdf_a2_ikm[] = {
51 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
52 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
53 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
54 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
55 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
56 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
57 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
58 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
59 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
60 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
61 };
62
63 static const uint8_t hkdf_a2_salt[] = {
64 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
65 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
66 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
67 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
68 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
69 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
70 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
71 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
72 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
73 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
74 };
75
76 static const uint8_t hkdf_a2_info[] = {
77 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
78 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
79 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
80 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
81 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
82 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
83 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
84 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
85 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
86 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
87 };
88
89 static const uint8_t hkdf_a2_okm[] = {
90 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
91 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
92 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
93 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
94 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
95 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
96 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
97 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
98 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
99 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
100 0x1d, 0x87
101 };
102
103 /* A.3 SHA-256 */
104 #define hkdf_a3_ikm hkdf_a1_ikm
105 static const uint8_t hkdf_a3_salt[] = {};
106
107 static const uint8_t hkdf_a3_info[] = {};
108
109 static const uint8_t hkdf_a3_okm[] = {
110 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
111 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
112 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
113 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
114 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
115 0x96, 0xc8
116 };
117
118 /* A.4 SHA-1 */
119 static const uint8_t hkdf_a4_ikm[] = {
120 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
121 0x0b, 0x0b, 0x0b
122 };
123
124 static const uint8_t hkdf_a4_salt[] = {
125 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
126 0x08, 0x09, 0x0a, 0x0b, 0x0c
127 };
128
129 static const uint8_t hkdf_a4_info[] = {
130 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
131 0xf8, 0xf9
132 };
133
134 static const uint8_t hkdf_a4_okm[] = {
135 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
136 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
137 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
138 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
139 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
140 0xf8, 0x96
141 };
142
143 /* A.5 SHA-1 */
144 #define hkdf_a5_ikm hkdf_a2_ikm
145 #define hkdf_a5_salt hkdf_a2_salt
146 #define hkdf_a5_info hkdf_a2_info
147 static const uint8_t hkdf_a5_okm[] = {
148 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
149 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
150 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
151 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
152 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
153 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
154 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
155 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
156 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
157 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
158 0xd3, 0xb4
159 };
160
161 /* A.6 SHA-1 */
162 #define hkdf_a6_ikm hkdf_a1_ikm
163 static const uint8_t hkdf_a6_salt[] = {};
164
165 static const uint8_t hkdf_a6_info[] = {};
166
167 static const uint8_t hkdf_a6_okm[] = {
168 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
169 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
170 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
171 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
172 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
173 0x49, 0x18
174 };
175
176 /* A.7 SHA-1 */
177 static const uint8_t hkdf_a7_ikm[] = {
178 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
179 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
180 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
181 };
182
183 static const uint8_t hkdf_a7_salt[] = {};
184
185 static const uint8_t hkdf_a7_info[] = {};
186
187 static const uint8_t hkdf_a7_okm[] = {
188 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
189 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
190 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
191 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
192 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
193 0xfc, 0x48
194 };
195
196 /*
197 * Concat KDF (NIST SP 800-56A R1)
198 *
199 * Test vector from:
200 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37
201 * appendix C
202 */
203 static const uint8_t concat_kdf_1_z[] = {
204 158, 86, 217, 29, 129, 113, 53, 211,
205 114, 131, 66, 131, 191, 132, 38, 156,
206 251, 49, 110, 163, 218, 128, 106, 72,
207 246, 218, 167, 121, 140, 254, 144, 196
208 };
209
210 static const uint8_t concat_kdf_1_other_info[] = {
211 0, 0, 0, 7, 65, 49, 50, 56,
212 71, 67, 77, 0, 0, 0, 5, 65,
213 108, 105, 99, 101, 0, 0, 0, 3,
214 66, 111, 98, 0, 0, 0, 128
215 };
216
217 static const uint8_t concat_kdf_1_derived_key[] = {
218 86, 170, 141, 234, 248, 35, 109, 32,
219 92, 34, 40, 205, 113, 167, 16, 26
220 };
221
222 /*
223 * PKCS #5 2.0 / RFC 2898 Key Derivation Function 2 (PBKDF2)
224 * Test vectors from RFC 6070 https://www.ietf.org/rfc/rfc6070.txt
225 */
226
227 /* 1 */
228 static const uint8_t pbkdf2_1_password[] = {
229 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
230 };
231
232 static const uint8_t pbkdf2_1_salt[] = {
233 's', 'a', 'l', 't'
234 };
235
236 #define pbkdf2_1_iteration_count 1
237 static const uint8_t pbkdf2_1_dkm[] = {
238 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
239 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
240 0x2f, 0xe0, 0x37, 0xa6
241 };
242
243 /* 2 */
244 #define pbkdf2_2_password pbkdf2_1_password
245 #define pbkdf2_2_salt pbkdf2_1_salt
246 #define pbkdf2_2_iteration_count 2
247 static const uint8_t pbkdf2_2_dkm[] = {
248 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
249 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
250 0xd8, 0xde, 0x89, 0x57
251 };
252
253 /* 3 */
254 #define pbkdf2_3_password pbkdf2_1_password
255 #define pbkdf2_3_salt pbkdf2_1_salt
256 #define pbkdf2_3_iteration_count 4096
257 static const uint8_t pbkdf2_3_dkm[] = {
258 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
259 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
260 0x65, 0xa4, 0x29, 0xc1
261 };
262
263 /* 4 */
264 #define pbkdf2_4_password pbkdf2_1_password
265 #define pbkdf2_4_salt pbkdf2_1_salt
266 #define pbkdf2_4_iteration_count 16777216
267 static const uint8_t pbkdf2_4_dkm[] = {
268 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
269 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
270 0x26, 0x34, 0xe9, 0x84
271 };
272
273 /* 5 */
274 static const uint8_t pbkdf2_5_password[] = {
275 'p', 'a', 's', 's', 'w', 'o', 'r', 'd',
276 'P', 'A', 'S', 'S', 'W', 'O', 'R', 'D',
277 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
278 };
279
280 static const uint8_t pbkdf2_5_salt[] = {
281 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
282 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
283 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
284 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
285 's', 'a', 'l', 't'
286 };
287
288 #define pbkdf2_5_iteration_count 4096
289 static const uint8_t pbkdf2_5_dkm[] = {
290 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
291 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
292 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
293 0x38
294 };
295
296 /* 6 */
297 static const uint8_t pbkdf2_6_password[] = {
298 'p', 'a', 's', 's', '\0', 'w', 'o', 'r',
299 'd',
300 };
301
302 static const uint8_t pbkdf2_6_salt[] = {
303 's', 'a', '\0', 'l', 't'
304 };
305
306 #define pbkdf2_6_iteration_count 4096
307 static const uint8_t pbkdf2_6_dkm[] = {
308 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
309 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
310 };
311
312 #ifdef WITH_HKDF
xtest_test_derivation_hkdf(ADBG_Case_t * c,TEEC_Session * session)313 static void xtest_test_derivation_hkdf(ADBG_Case_t *c, TEEC_Session *session)
314 {
315 size_t n = 0;
316 #define TEST_HKDF_DATA(section, algo, id, oeb /* omit empty bufs */) \
317 { \
318 section, algo, \
319 hkdf_##id##_ikm, sizeof(hkdf_##id##_ikm), \
320 (oeb && !sizeof(hkdf_##id##_salt)) ? NULL : hkdf_##id##_salt, sizeof(hkdf_##id##_salt), \
321 (oeb && !sizeof(hkdf_##id##_info)) ? NULL : hkdf_##id##_info, sizeof(hkdf_##id##_info), \
322 hkdf_##id##_okm, sizeof(hkdf_##id##_okm), \
323 }
324 static struct hkdf_case {
325 const char *subcase_name;
326 uint32_t algo;
327 const uint8_t *ikm;
328 size_t ikm_len;
329 const uint8_t *salt;
330 size_t salt_len;
331 const uint8_t *info;
332 size_t info_len;
333 const uint8_t *okm;
334 size_t okm_len;
335 } hkdf_cases[] = {
336 TEST_HKDF_DATA("A.1 (SHA-256)",
337 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a1, false),
338 TEST_HKDF_DATA("A.2 (SHA-256)",
339 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a2, false),
340 TEST_HKDF_DATA("A.3 (SHA-256) [1]",
341 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, false),
342 TEST_HKDF_DATA("A.3 (SHA-256) [2]",
343 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, true),
344 TEST_HKDF_DATA("A.4 (SHA-1)",
345 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a4, false),
346 TEST_HKDF_DATA("A.5 (SHA-1)",
347 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a5, false),
348 TEST_HKDF_DATA("A.6 (SHA-1) [1]",
349 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, false),
350 TEST_HKDF_DATA("A.6 (SHA-1) [2]",
351 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, true),
352 TEST_HKDF_DATA("A.7 (SHA-1) [1]",
353 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, false),
354 TEST_HKDF_DATA("A.7 (SHA-1) [2]",
355 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, true),
356 };
357 size_t max_size = 2048;
358
359 for (n = 0; n < sizeof(hkdf_cases) / sizeof(struct hkdf_case); n++) {
360 TEE_OperationHandle op = TEE_HANDLE_NULL;
361 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
362 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
363 TEE_Attribute params[4] = { };
364 size_t param_count = 0;
365 uint8_t out[2048] = { };
366 size_t out_size = 0;
367 const struct hkdf_case *hc = &hkdf_cases[n];
368
369 Do_ADBG_BeginSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
370
371 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
372 ta_crypt_cmd_allocate_operation(c, session, &op,
373 hc->algo, TEE_MODE_DERIVE, max_size)))
374 goto out;
375
376 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
377 ta_crypt_cmd_allocate_transient_object(c, session,
378 TEE_TYPE_HKDF_IKM, max_size, &key_handle)))
379 goto out;
380
381 xtest_add_attr(¶m_count, params, TEE_ATTR_HKDF_IKM, hc->ikm,
382 hc->ikm_len);
383
384 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
385 ta_crypt_cmd_populate_transient_object(c, session,
386 key_handle, params, param_count)))
387 goto out;
388
389 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
390 ta_crypt_cmd_set_operation_key(c, session, op,
391 key_handle)))
392 goto out;
393
394 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
395 ta_crypt_cmd_free_transient_object(c, session,
396 key_handle)))
397 goto out;
398
399 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
400 ta_crypt_cmd_allocate_transient_object(c, session,
401 TEE_TYPE_GENERIC_SECRET, hc->okm_len * 8,
402 &sv_handle)))
403 goto out;
404
405 param_count = 0;
406
407 if (hc->salt)
408 xtest_add_attr(¶m_count, params, TEE_ATTR_HKDF_SALT,
409 hc->salt, hc->salt_len);
410 if (hc->info)
411 xtest_add_attr(¶m_count, params, TEE_ATTR_HKDF_INFO,
412 hc->info, hc->info_len);
413
414 params[param_count].attributeID = TEE_ATTR_HKDF_OKM_LENGTH;
415 params[param_count].content.value.a = hc->okm_len;
416 params[param_count].content.value.b = 0;
417 param_count++;
418
419 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
420 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
421 params, param_count)))
422 goto out;
423
424 out_size = sizeof(out);
425 memset(out, 0, sizeof(out));
426 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
427 ta_crypt_cmd_get_object_buffer_attribute(c, session,
428 sv_handle, TEE_ATTR_SECRET_VALUE, out,
429 &out_size)))
430 goto out;
431
432 if (!ADBG_EXPECT_BUFFER(c, hc->okm, hc->okm_len, out, out_size))
433 goto out;
434
435 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
436 ta_crypt_cmd_free_operation(c, session, op)))
437 goto out;
438
439 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
440 ta_crypt_cmd_free_transient_object(c, session,
441 sv_handle)))
442 goto out;
443 out:
444 Do_ADBG_EndSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
445 }
446 }
447 #endif /* WITH_HKDF */
448
449 #ifdef WITH_CONCAT_KDF
xtest_test_derivation_concat_kdf(ADBG_Case_t * c,TEEC_Session * session)450 static void xtest_test_derivation_concat_kdf(ADBG_Case_t *c, TEEC_Session *session)
451 {
452 size_t n = 0;
453 #define TEST_CONCAT_KDF_DATA(name, algo, id, oeb /* omit empty bufs */) \
454 { \
455 name, algo, \
456 concat_kdf_##id##_z, sizeof(concat_kdf_##id##_z), \
457 (oeb && !sizeof(concat_kdf_##id##_other_info)) ? NULL \
458 : concat_kdf_##id##_other_info, \
459 sizeof(concat_kdf_##id##_other_info), \
460 concat_kdf_##id##_derived_key, sizeof(concat_kdf_##id##_derived_key), \
461 }
462 static struct concat_kdf_case {
463 const char *subcase_name;
464 uint32_t algo;
465 const uint8_t *shared_secret;
466 size_t shared_secret_len;
467 const uint8_t *other_info;
468 size_t other_info_len;
469 const uint8_t *derived_key;
470 size_t derived_key_len;
471 } concat_kdf_cases[] = {
472 TEST_CONCAT_KDF_DATA("JWA-37 C (SHA-256)",
473 TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY, 1, false),
474 };
475 size_t max_size = 2048;
476
477 for (n = 0;
478 n < sizeof(concat_kdf_cases) / sizeof(struct concat_kdf_case);
479 n++) {
480 TEE_OperationHandle op = TEE_HANDLE_NULL;
481 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
482 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
483 TEE_Attribute params[4] = { };
484 size_t param_count = 0;
485 uint8_t out[2048] = { };
486 size_t out_size = 0;
487 const struct concat_kdf_case *cc = &concat_kdf_cases[n];
488
489 Do_ADBG_BeginSubCase(c, "Concat KDF %s", cc->subcase_name);
490
491 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
492 ta_crypt_cmd_allocate_operation(c, session, &op,
493 cc->algo, TEE_MODE_DERIVE, max_size)))
494 goto out;
495
496 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
497 ta_crypt_cmd_allocate_transient_object(c, session,
498 TEE_TYPE_CONCAT_KDF_Z, max_size, &key_handle)))
499 goto out;
500
501 xtest_add_attr(¶m_count, params, TEE_ATTR_CONCAT_KDF_Z,
502 cc->shared_secret, cc->shared_secret_len);
503
504 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
505 ta_crypt_cmd_populate_transient_object(c, session,
506 key_handle, params, param_count)))
507 goto out;
508
509 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
510 ta_crypt_cmd_set_operation_key(c, session, op,
511 key_handle)))
512 goto out;
513
514 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
515 ta_crypt_cmd_free_transient_object(c, session,
516 key_handle)))
517 goto out;
518
519 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
520 ta_crypt_cmd_allocate_transient_object(c, session,
521 TEE_TYPE_GENERIC_SECRET, cc->derived_key_len *
522 8, &sv_handle)))
523 goto out;
524
525 param_count = 0;
526
527 if (cc->other_info)
528 xtest_add_attr(¶m_count, params,
529 TEE_ATTR_CONCAT_KDF_OTHER_INFO,
530 cc->other_info, cc->other_info_len);
531
532 params[param_count].attributeID = TEE_ATTR_CONCAT_KDF_DKM_LENGTH;
533 params[param_count].content.value.a = cc->derived_key_len;
534 params[param_count].content.value.b = 0;
535 param_count++;
536
537 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
538 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
539 params, param_count)))
540 goto out;
541
542 out_size = sizeof(out);
543 memset(out, 0, sizeof(out));
544 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
545 ta_crypt_cmd_get_object_buffer_attribute(c, session,
546 sv_handle, TEE_ATTR_SECRET_VALUE, out,
547 &out_size)))
548 goto out;
549
550 if (!ADBG_EXPECT_BUFFER(c, cc->derived_key, cc->derived_key_len,
551 out, out_size))
552 goto out;
553
554 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
555 ta_crypt_cmd_free_operation(c, session, op)))
556 goto out;
557
558 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
559 ta_crypt_cmd_free_transient_object(c, session,
560 sv_handle)))
561 goto out;
562 out:
563 Do_ADBG_EndSubCase(c, "Concat KDF %s", cc->subcase_name);
564 }
565 }
566 #endif /* WITH_CONCAT_KDF */
567
568 #ifdef WITH_PBKDF2
xtest_test_derivation_pbkdf2(ADBG_Case_t * c,TEEC_Session * session)569 static void xtest_test_derivation_pbkdf2(ADBG_Case_t *c, TEEC_Session *session)
570 {
571 size_t n = 0;
572 #define TEST_PBKDF2_DATA(level, section, algo, id, oeb /* omit empty bufs */) \
573 { \
574 level, section, algo, \
575 pbkdf2_##id##_password, sizeof(pbkdf2_##id##_password), \
576 (oeb && !sizeof(pbkdf2_##id##_salt)) ? NULL : pbkdf2_##id##_salt, sizeof(pbkdf2_##id##_salt), \
577 pbkdf2_##id##_iteration_count, \
578 pbkdf2_##id##_dkm, sizeof(pbkdf2_##id##_dkm), \
579 }
580 #define _TO_STR(n) #n
581 #define TO_STR(n) _TO_STR(n)
582 #define RFC6070_TEST(l, n) \
583 TEST_PBKDF2_DATA(l, "RFC 6070 " TO_STR(n) " (HMAC-SHA1)", \
584 TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY, n, false)
585 static struct pbkdf2_case {
586 unsigned int level;
587 const char *subcase_name;
588 uint32_t algo;
589 const uint8_t *password;
590 size_t password_len;
591 const uint8_t *salt;
592 size_t salt_len;
593 uint32_t iteration_count;
594 const uint8_t *dkm;
595 size_t dkm_len;
596 } pbkdf2_cases[] = {
597 RFC6070_TEST(0, 1), RFC6070_TEST(0, 2), RFC6070_TEST(0, 3),
598 RFC6070_TEST(15, 4), /* Lengthy! (2 min on HiKey @1.2GHz) */
599 RFC6070_TEST(0, 5), RFC6070_TEST(0, 6)
600 };
601 size_t max_size = 2048;
602
603 for (n = 0; n < sizeof(pbkdf2_cases) / sizeof(struct pbkdf2_case); n++) {
604 TEE_OperationHandle op = TEE_HANDLE_NULL;
605 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
606 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
607 TEE_Attribute params[4] = { };
608 size_t param_count = 0;
609 uint8_t out[2048] = { };
610 size_t out_size = 0;
611 const struct pbkdf2_case *pc = &pbkdf2_cases[n];
612
613 if (pc->level > level)
614 continue;
615
616 Do_ADBG_BeginSubCase(c, "PBKDF2 %s", pc->subcase_name);
617 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
618 ta_crypt_cmd_allocate_operation(c, session, &op,
619 pc->algo, TEE_MODE_DERIVE, max_size)))
620 goto out;
621
622 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
623 ta_crypt_cmd_allocate_transient_object(c, session,
624 TEE_TYPE_PBKDF2_PASSWORD, max_size,
625 &key_handle)))
626 goto out;
627
628 xtest_add_attr(¶m_count, params, TEE_ATTR_PBKDF2_PASSWORD,
629 pc->password, pc->password_len);
630
631 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
632 ta_crypt_cmd_populate_transient_object(c, session,
633 key_handle, params, param_count)))
634 goto out;
635
636 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
637 ta_crypt_cmd_set_operation_key(c, session, op,
638 key_handle)))
639 goto out;
640
641 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
642 ta_crypt_cmd_free_transient_object(c, session,
643 key_handle)))
644 goto out;
645
646 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
647 ta_crypt_cmd_allocate_transient_object(c, session,
648 TEE_TYPE_GENERIC_SECRET, pc->dkm_len * 8,
649 &sv_handle)))
650 goto out;
651
652 param_count = 0;
653
654 if (pc->salt)
655 xtest_add_attr(¶m_count, params,
656 TEE_ATTR_PBKDF2_SALT, pc->salt,
657 pc->salt_len);
658
659 params[param_count].attributeID = TEE_ATTR_PBKDF2_DKM_LENGTH;
660 params[param_count].content.value.a = pc->dkm_len;
661 params[param_count].content.value.b = 0;
662 param_count++;
663
664 params[param_count].attributeID =
665 TEE_ATTR_PBKDF2_ITERATION_COUNT;
666 params[param_count].content.value.a = pc->iteration_count;
667 params[param_count].content.value.b = 0;
668 param_count++;
669
670 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
671 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
672 params, param_count)))
673 goto out;
674
675 out_size = sizeof(out);
676 memset(out, 0, sizeof(out));
677 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
678 ta_crypt_cmd_get_object_buffer_attribute(c, session,
679 sv_handle, TEE_ATTR_SECRET_VALUE,
680 out, &out_size)))
681 goto out;
682
683 if (!ADBG_EXPECT_BUFFER(c, pc->dkm, pc->dkm_len, out, out_size))
684 goto out;
685
686 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
687 ta_crypt_cmd_free_operation(c, session, op)))
688 goto out;
689
690 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
691 ta_crypt_cmd_free_transient_object(c, session,
692 sv_handle)))
693 goto out;
694 out:
695 Do_ADBG_EndSubCase(c, "PBKDF2 %s", pc->subcase_name);
696 }
697 }
698 #endif /* WITH_PBKDF2 */
699
enc_fs_km_self_test(TEEC_Session * sess)700 static TEEC_Result enc_fs_km_self_test(TEEC_Session *sess)
701 {
702 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
703 TEEC_Result res = TEEC_ERROR_GENERIC;
704 uint32_t org = 0;
705
706 res = TEEC_InvokeCommand(sess, CMD_SELF_TESTS, &op, &org);
707 return res;
708 }
709
xtest_tee_test_8001(ADBG_Case_t * c)710 static void xtest_tee_test_8001(ADBG_Case_t *c)
711 {
712 TEEC_Session session = { };
713 uint32_t ret_orig = 0;
714
715 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
716 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
717 &ret_orig)))
718 return;
719
720 #ifdef WITH_HKDF
721 xtest_test_derivation_hkdf(c, &session);
722 #endif
723 #ifdef WITH_CONCAT_KDF
724 xtest_test_derivation_concat_kdf(c, &session);
725 #endif
726 #ifdef WITH_PBKDF2
727 xtest_test_derivation_pbkdf2(c, &session);
728 #endif
729
730 TEEC_CloseSession(&session);
731 }
732 ADBG_CASE_DEFINE(regression, 8001, xtest_tee_test_8001,
733 "Test TEE Internal API key derivation extensions");
734
735 /* secure storage key manager self test */
xtest_tee_test_8002(ADBG_Case_t * c)736 static void xtest_tee_test_8002(ADBG_Case_t *c)
737 {
738 TEEC_Result res = TEEC_ERROR_GENERIC;
739 TEEC_Session sess = { };
740 uint32_t orig = 0;
741
742 res = xtest_teec_open_session(&sess,
743 &enc_fs_key_manager_test_ta_uuid,
744 NULL, &orig);
745 if (res != TEEC_SUCCESS) {
746 Do_ADBG_Log("Ignore test due to TA does not exist");
747 return;
748 }
749
750 if (!ADBG_EXPECT_TEEC_SUCCESS(
751 c, enc_fs_km_self_test(&sess)))
752 goto exit;
753
754 exit:
755 TEEC_CloseSession(&sess);
756 }
757 ADBG_CASE_DEFINE(regression, 8002, xtest_tee_test_8002,
758 "Secure Storage Key Manager API Self Test");
759