1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2014, Linaro Limited
4 */
5 #include "xtest_test.h"
6 #include "xtest_helpers.h"
7
8 #include <tee_api_defines.h>
9 #include <tee_api_defines_extensions.h>
10 #include <tee_api_types.h>
11 #include <tee_api_compat.h>
12 #include <utee_defines.h>
13 #include <string.h>
14 #include <enc_fs_key_manager_test.h>
15
16 #define WITH_HKDF 1
17 #define WITH_CONCAT_KDF 1
18 #define WITH_PBKDF2 1
19
20 /*
21 * HKDF test data from RFC 5869
22 */
23
24 /* A.1 SHA-256 */
25
26 static const uint8_t hkdf_a1_ikm[] = {
27 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
28 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
29 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
30 };
31
32 static const uint8_t hkdf_a1_salt[] = {
33 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
34 0x08, 0x09, 0x0a, 0x0b, 0x0c
35 };
36
37 static const uint8_t hkdf_a1_info[] = {
38 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
39 0xf8, 0xf9
40 };
41
42 static const uint8_t hkdf_a1_okm[] = {
43 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
44 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
45 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
46 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
47 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
48 0x58, 0x65
49 };
50
51 /* A.2 SHA-256 */
52 static const uint8_t hkdf_a2_ikm[] = {
53 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
54 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
55 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
56 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
57 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
58 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
59 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
60 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
61 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
62 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
63 };
64
65 static const uint8_t hkdf_a2_salt[] = {
66 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
67 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
68 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
69 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
70 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
71 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
72 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
73 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
74 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
75 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
76 };
77
78 static const uint8_t hkdf_a2_info[] = {
79 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
80 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
81 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
82 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
83 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
84 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
85 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
86 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
87 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
88 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
89 };
90
91 static const uint8_t hkdf_a2_okm[] = {
92 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
93 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
94 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
95 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
96 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
97 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
98 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
99 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
100 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
101 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
102 0x1d, 0x87
103 };
104
105 /* A.3 SHA-256 */
106 #define hkdf_a3_ikm hkdf_a1_ikm
107 static const uint8_t hkdf_a3_salt[] = {};
108
109 static const uint8_t hkdf_a3_info[] = {};
110
111 static const uint8_t hkdf_a3_okm[] = {
112 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
113 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
114 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
115 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
116 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
117 0x96, 0xc8
118 };
119
120 /* A.4 SHA-1 */
121 static const uint8_t hkdf_a4_ikm[] = {
122 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
123 0x0b, 0x0b, 0x0b
124 };
125
126 static const uint8_t hkdf_a4_salt[] = {
127 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
128 0x08, 0x09, 0x0a, 0x0b, 0x0c
129 };
130
131 static const uint8_t hkdf_a4_info[] = {
132 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
133 0xf8, 0xf9
134 };
135
136 static const uint8_t hkdf_a4_okm[] = {
137 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
138 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
139 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
140 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
141 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
142 0xf8, 0x96
143 };
144
145 /* A.5 SHA-1 */
146 #define hkdf_a5_ikm hkdf_a2_ikm
147 #define hkdf_a5_salt hkdf_a2_salt
148 #define hkdf_a5_info hkdf_a2_info
149 static const uint8_t hkdf_a5_okm[] = {
150 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
151 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
152 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
153 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
154 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
155 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
156 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
157 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
158 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
159 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
160 0xd3, 0xb4
161 };
162
163 /* A.6 SHA-1 */
164 #define hkdf_a6_ikm hkdf_a1_ikm
165 static const uint8_t hkdf_a6_salt[] = {};
166
167 static const uint8_t hkdf_a6_info[] = {};
168
169 static const uint8_t hkdf_a6_okm[] = {
170 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
171 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
172 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
173 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
174 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
175 0x49, 0x18
176 };
177
178 /* A.7 SHA-1 */
179 static const uint8_t hkdf_a7_ikm[] = {
180 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
181 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
182 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
183 };
184
185 static const uint8_t hkdf_a7_salt[] = {};
186
187 static const uint8_t hkdf_a7_info[] = {};
188
189 static const uint8_t hkdf_a7_okm[] = {
190 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
191 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
192 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
193 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
194 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
195 0xfc, 0x48
196 };
197
198 /*
199 * Concat KDF (NIST SP 800-56A R1)
200 *
201 * Test vector from:
202 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37
203 * appendix C
204 */
205 static const uint8_t concat_kdf_1_z[] = {
206 158, 86, 217, 29, 129, 113, 53, 211,
207 114, 131, 66, 131, 191, 132, 38, 156,
208 251, 49, 110, 163, 218, 128, 106, 72,
209 246, 218, 167, 121, 140, 254, 144, 196
210 };
211
212 static const uint8_t concat_kdf_1_other_info[] = {
213 0, 0, 0, 7, 65, 49, 50, 56,
214 71, 67, 77, 0, 0, 0, 5, 65,
215 108, 105, 99, 101, 0, 0, 0, 3,
216 66, 111, 98, 0, 0, 0, 128
217 };
218
219 static const uint8_t concat_kdf_1_derived_key[] = {
220 86, 170, 141, 234, 248, 35, 109, 32,
221 92, 34, 40, 205, 113, 167, 16, 26
222 };
223
224 /*
225 * PKCS #5 2.0 / RFC 2898 Key Derivation Function 2 (PBKDF2)
226 * Test vectors from RFC 6070 https://www.ietf.org/rfc/rfc6070.txt
227 */
228
229 /* 1 */
230 static const uint8_t pbkdf2_1_password[] = {
231 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
232 };
233
234 static const uint8_t pbkdf2_1_salt[] = {
235 's', 'a', 'l', 't'
236 };
237
238 #define pbkdf2_1_iteration_count 1
239 static const uint8_t pbkdf2_1_dkm[] = {
240 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
241 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
242 0x2f, 0xe0, 0x37, 0xa6
243 };
244
245 /* 2 */
246 #define pbkdf2_2_password pbkdf2_1_password
247 #define pbkdf2_2_salt pbkdf2_1_salt
248 #define pbkdf2_2_iteration_count 2
249 static const uint8_t pbkdf2_2_dkm[] = {
250 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
251 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
252 0xd8, 0xde, 0x89, 0x57
253 };
254
255 /* 3 */
256 #define pbkdf2_3_password pbkdf2_1_password
257 #define pbkdf2_3_salt pbkdf2_1_salt
258 #define pbkdf2_3_iteration_count 4096
259 static const uint8_t pbkdf2_3_dkm[] = {
260 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
261 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
262 0x65, 0xa4, 0x29, 0xc1
263 };
264
265 /* 4 */
266 #define pbkdf2_4_password pbkdf2_1_password
267 #define pbkdf2_4_salt pbkdf2_1_salt
268 #define pbkdf2_4_iteration_count 16777216
269 static const uint8_t pbkdf2_4_dkm[] = {
270 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
271 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
272 0x26, 0x34, 0xe9, 0x84
273 };
274
275 /* 5 */
276 static const uint8_t pbkdf2_5_password[] = {
277 'p', 'a', 's', 's', 'w', 'o', 'r', 'd',
278 'P', 'A', 'S', 'S', 'W', 'O', 'R', 'D',
279 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
280 };
281
282 static const uint8_t pbkdf2_5_salt[] = {
283 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
284 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
285 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
286 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
287 's', 'a', 'l', 't'
288 };
289
290 #define pbkdf2_5_iteration_count 4096
291 static const uint8_t pbkdf2_5_dkm[] = {
292 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
293 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
294 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
295 0x38
296 };
297
298 /* 6 */
299 static const uint8_t pbkdf2_6_password[] = {
300 'p', 'a', 's', 's', '\0', 'w', 'o', 'r',
301 'd',
302 };
303
304 static const uint8_t pbkdf2_6_salt[] = {
305 's', 'a', '\0', 'l', 't'
306 };
307
308 #define pbkdf2_6_iteration_count 4096
309 static const uint8_t pbkdf2_6_dkm[] = {
310 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
311 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
312 };
313
314 #ifdef WITH_HKDF
xtest_test_derivation_hkdf(ADBG_Case_t * c,TEEC_Session * session)315 static void xtest_test_derivation_hkdf(ADBG_Case_t *c, TEEC_Session *session)
316 {
317 size_t n = 0;
318 #define TEST_HKDF_DATA(section, algo, id, oeb /* omit empty bufs */) \
319 { \
320 section, algo, \
321 hkdf_##id##_ikm, sizeof(hkdf_##id##_ikm), \
322 (oeb && !sizeof(hkdf_##id##_salt)) ? NULL : hkdf_##id##_salt, sizeof(hkdf_##id##_salt), \
323 (oeb && !sizeof(hkdf_##id##_info)) ? NULL : hkdf_##id##_info, sizeof(hkdf_##id##_info), \
324 hkdf_##id##_okm, sizeof(hkdf_##id##_okm), \
325 }
326 static struct hkdf_case {
327 const char *subcase_name;
328 uint32_t algo;
329 const uint8_t *ikm;
330 size_t ikm_len;
331 const uint8_t *salt;
332 size_t salt_len;
333 const uint8_t *info;
334 size_t info_len;
335 const uint8_t *okm;
336 size_t okm_len;
337 } hkdf_cases[] = {
338 TEST_HKDF_DATA("A.1 (SHA-256)",
339 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a1, false),
340 TEST_HKDF_DATA("A.2 (SHA-256)",
341 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a2, false),
342 TEST_HKDF_DATA("A.3 (SHA-256) [1]",
343 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, false),
344 TEST_HKDF_DATA("A.3 (SHA-256) [2]",
345 TEE_ALG_HKDF_SHA256_DERIVE_KEY, a3, true),
346 TEST_HKDF_DATA("A.4 (SHA-1)",
347 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a4, false),
348 TEST_HKDF_DATA("A.5 (SHA-1)",
349 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a5, false),
350 TEST_HKDF_DATA("A.6 (SHA-1) [1]",
351 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, false),
352 TEST_HKDF_DATA("A.6 (SHA-1) [2]",
353 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a6, true),
354 TEST_HKDF_DATA("A.7 (SHA-1) [1]",
355 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, false),
356 TEST_HKDF_DATA("A.7 (SHA-1) [2]",
357 TEE_ALG_HKDF_SHA1_DERIVE_KEY, a7, true),
358 };
359 size_t max_size = 2048;
360
361 for (n = 0; n < sizeof(hkdf_cases) / sizeof(struct hkdf_case); n++) {
362 TEE_OperationHandle op = TEE_HANDLE_NULL;
363 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
364 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
365 TEE_Attribute params[4] = { };
366 size_t param_count = 0;
367 uint8_t out[2048] = { };
368 size_t out_size = 0;
369 const struct hkdf_case *hc = &hkdf_cases[n];
370
371 Do_ADBG_BeginSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
372
373 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
374 ta_crypt_cmd_allocate_operation(c, session, &op,
375 hc->algo, TEE_MODE_DERIVE, max_size)))
376 goto out;
377
378 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
379 ta_crypt_cmd_allocate_transient_object(c, session,
380 TEE_TYPE_HKDF_IKM, max_size, &key_handle)))
381 goto out;
382
383 xtest_add_attr(¶m_count, params, TEE_ATTR_HKDF_IKM, hc->ikm,
384 hc->ikm_len);
385
386 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
387 ta_crypt_cmd_populate_transient_object(c, session,
388 key_handle, params, param_count)))
389 goto out;
390
391 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
392 ta_crypt_cmd_set_operation_key(c, session, op,
393 key_handle)))
394 goto out;
395
396 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
397 ta_crypt_cmd_free_transient_object(c, session,
398 key_handle)))
399 goto out;
400
401 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
402 ta_crypt_cmd_allocate_transient_object(c, session,
403 TEE_TYPE_GENERIC_SECRET, hc->okm_len * 8,
404 &sv_handle)))
405 goto out;
406
407 param_count = 0;
408
409 if (hc->salt)
410 xtest_add_attr(¶m_count, params, TEE_ATTR_HKDF_SALT,
411 hc->salt, hc->salt_len);
412 if (hc->info)
413 xtest_add_attr(¶m_count, params, TEE_ATTR_HKDF_INFO,
414 hc->info, hc->info_len);
415
416 params[param_count].attributeID = TEE_ATTR_HKDF_OKM_LENGTH;
417 params[param_count].content.value.a = hc->okm_len;
418 params[param_count].content.value.b = 0;
419 param_count++;
420
421 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
422 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
423 params, param_count)))
424 goto out;
425
426 out_size = sizeof(out);
427 memset(out, 0, sizeof(out));
428 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
429 ta_crypt_cmd_get_object_buffer_attribute(c, session,
430 sv_handle, TEE_ATTR_SECRET_VALUE, out,
431 &out_size)))
432 goto out;
433
434 if (!ADBG_EXPECT_BUFFER(c, hc->okm, hc->okm_len, out, out_size))
435 goto out;
436
437 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
438 ta_crypt_cmd_free_operation(c, session, op)))
439 goto out;
440
441 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
442 ta_crypt_cmd_free_transient_object(c, session,
443 sv_handle)))
444 goto out;
445 out:
446 Do_ADBG_EndSubCase(c, "HKDF RFC 5869 %s", hc->subcase_name);
447 }
448 }
449 #endif /* WITH_HKDF */
450
451 #ifdef WITH_CONCAT_KDF
xtest_test_derivation_concat_kdf(ADBG_Case_t * c,TEEC_Session * session)452 static void xtest_test_derivation_concat_kdf(ADBG_Case_t *c, TEEC_Session *session)
453 {
454 size_t n = 0;
455 #define TEST_CONCAT_KDF_DATA(name, algo, id, oeb /* omit empty bufs */) \
456 { \
457 name, algo, \
458 concat_kdf_##id##_z, sizeof(concat_kdf_##id##_z), \
459 (oeb && !sizeof(concat_kdf_##id##_other_info)) ? NULL \
460 : concat_kdf_##id##_other_info, \
461 sizeof(concat_kdf_##id##_other_info), \
462 concat_kdf_##id##_derived_key, sizeof(concat_kdf_##id##_derived_key), \
463 }
464 static struct concat_kdf_case {
465 const char *subcase_name;
466 uint32_t algo;
467 const uint8_t *shared_secret;
468 size_t shared_secret_len;
469 const uint8_t *other_info;
470 size_t other_info_len;
471 const uint8_t *derived_key;
472 size_t derived_key_len;
473 } concat_kdf_cases[] = {
474 TEST_CONCAT_KDF_DATA("JWA-37 C (SHA-256)",
475 TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY, 1, false),
476 };
477 size_t max_size = 2048;
478
479 for (n = 0;
480 n < sizeof(concat_kdf_cases) / sizeof(struct concat_kdf_case);
481 n++) {
482 TEE_OperationHandle op = TEE_HANDLE_NULL;
483 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
484 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
485 TEE_Attribute params[4] = { };
486 size_t param_count = 0;
487 uint8_t out[2048] = { };
488 size_t out_size = 0;
489 const struct concat_kdf_case *cc = &concat_kdf_cases[n];
490
491 Do_ADBG_BeginSubCase(c, "Concat KDF %s", cc->subcase_name);
492
493 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
494 ta_crypt_cmd_allocate_operation(c, session, &op,
495 cc->algo, TEE_MODE_DERIVE, max_size)))
496 goto out;
497
498 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
499 ta_crypt_cmd_allocate_transient_object(c, session,
500 TEE_TYPE_CONCAT_KDF_Z, max_size, &key_handle)))
501 goto out;
502
503 xtest_add_attr(¶m_count, params, TEE_ATTR_CONCAT_KDF_Z,
504 cc->shared_secret, cc->shared_secret_len);
505
506 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
507 ta_crypt_cmd_populate_transient_object(c, session,
508 key_handle, params, param_count)))
509 goto out;
510
511 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
512 ta_crypt_cmd_set_operation_key(c, session, op,
513 key_handle)))
514 goto out;
515
516 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
517 ta_crypt_cmd_free_transient_object(c, session,
518 key_handle)))
519 goto out;
520
521 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
522 ta_crypt_cmd_allocate_transient_object(c, session,
523 TEE_TYPE_GENERIC_SECRET, cc->derived_key_len *
524 8, &sv_handle)))
525 goto out;
526
527 param_count = 0;
528
529 if (cc->other_info)
530 xtest_add_attr(¶m_count, params,
531 TEE_ATTR_CONCAT_KDF_OTHER_INFO,
532 cc->other_info, cc->other_info_len);
533
534 params[param_count].attributeID = TEE_ATTR_CONCAT_KDF_DKM_LENGTH;
535 params[param_count].content.value.a = cc->derived_key_len;
536 params[param_count].content.value.b = 0;
537 param_count++;
538
539 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
540 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
541 params, param_count)))
542 goto out;
543
544 out_size = sizeof(out);
545 memset(out, 0, sizeof(out));
546 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
547 ta_crypt_cmd_get_object_buffer_attribute(c, session,
548 sv_handle, TEE_ATTR_SECRET_VALUE, out,
549 &out_size)))
550 goto out;
551
552 if (!ADBG_EXPECT_BUFFER(c, cc->derived_key, cc->derived_key_len,
553 out, out_size))
554 goto out;
555
556 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
557 ta_crypt_cmd_free_operation(c, session, op)))
558 goto out;
559
560 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
561 ta_crypt_cmd_free_transient_object(c, session,
562 sv_handle)))
563 goto out;
564 out:
565 Do_ADBG_EndSubCase(c, "Concat KDF %s", cc->subcase_name);
566 }
567 }
568 #endif /* WITH_CONCAT_KDF */
569
570 #ifdef WITH_PBKDF2
xtest_test_derivation_pbkdf2(ADBG_Case_t * c,TEEC_Session * session)571 static void xtest_test_derivation_pbkdf2(ADBG_Case_t *c, TEEC_Session *session)
572 {
573 size_t n = 0;
574 #define TEST_PBKDF2_DATA(level, section, algo, id, oeb /* omit empty bufs */) \
575 { \
576 level, section, algo, \
577 pbkdf2_##id##_password, sizeof(pbkdf2_##id##_password), \
578 (oeb && !sizeof(pbkdf2_##id##_salt)) ? NULL : pbkdf2_##id##_salt, sizeof(pbkdf2_##id##_salt), \
579 pbkdf2_##id##_iteration_count, \
580 pbkdf2_##id##_dkm, sizeof(pbkdf2_##id##_dkm), \
581 }
582 #define _TO_STR(n) #n
583 #define TO_STR(n) _TO_STR(n)
584 #define RFC6070_TEST(l, n) \
585 TEST_PBKDF2_DATA(l, "RFC 6070 " TO_STR(n) " (HMAC-SHA1)", \
586 TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY, n, false)
587 static struct pbkdf2_case {
588 unsigned int level;
589 const char *subcase_name;
590 uint32_t algo;
591 const uint8_t *password;
592 size_t password_len;
593 const uint8_t *salt;
594 size_t salt_len;
595 uint32_t iteration_count;
596 const uint8_t *dkm;
597 size_t dkm_len;
598 } pbkdf2_cases[] = {
599 RFC6070_TEST(0, 1), RFC6070_TEST(0, 2), RFC6070_TEST(0, 3),
600 RFC6070_TEST(15, 4), /* Lengthy! (2 min on HiKey @1.2GHz) */
601 RFC6070_TEST(0, 5), RFC6070_TEST(0, 6)
602 };
603 size_t max_size = 2048;
604
605 for (n = 0; n < sizeof(pbkdf2_cases) / sizeof(struct pbkdf2_case); n++) {
606 TEE_OperationHandle op = TEE_HANDLE_NULL;
607 TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
608 TEE_ObjectHandle sv_handle = TEE_HANDLE_NULL;
609 TEE_Attribute params[4] = { };
610 size_t param_count = 0;
611 uint8_t out[2048] = { };
612 size_t out_size = 0;
613 const struct pbkdf2_case *pc = &pbkdf2_cases[n];
614
615 if (pc->level > level)
616 continue;
617
618 Do_ADBG_BeginSubCase(c, "PBKDF2 %s", pc->subcase_name);
619 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
620 ta_crypt_cmd_allocate_operation(c, session, &op,
621 pc->algo, TEE_MODE_DERIVE, max_size)))
622 goto out;
623
624 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
625 ta_crypt_cmd_allocate_transient_object(c, session,
626 TEE_TYPE_PBKDF2_PASSWORD, max_size,
627 &key_handle)))
628 goto out;
629
630 xtest_add_attr(¶m_count, params, TEE_ATTR_PBKDF2_PASSWORD,
631 pc->password, pc->password_len);
632
633 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
634 ta_crypt_cmd_populate_transient_object(c, session,
635 key_handle, params, param_count)))
636 goto out;
637
638 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
639 ta_crypt_cmd_set_operation_key(c, session, op,
640 key_handle)))
641 goto out;
642
643 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
644 ta_crypt_cmd_free_transient_object(c, session,
645 key_handle)))
646 goto out;
647
648 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
649 ta_crypt_cmd_allocate_transient_object(c, session,
650 TEE_TYPE_GENERIC_SECRET, pc->dkm_len * 8,
651 &sv_handle)))
652 goto out;
653
654 param_count = 0;
655
656 if (pc->salt)
657 xtest_add_attr(¶m_count, params,
658 TEE_ATTR_PBKDF2_SALT, pc->salt,
659 pc->salt_len);
660
661 params[param_count].attributeID = TEE_ATTR_PBKDF2_DKM_LENGTH;
662 params[param_count].content.value.a = pc->dkm_len;
663 params[param_count].content.value.b = 0;
664 param_count++;
665
666 params[param_count].attributeID =
667 TEE_ATTR_PBKDF2_ITERATION_COUNT;
668 params[param_count].content.value.a = pc->iteration_count;
669 params[param_count].content.value.b = 0;
670 param_count++;
671
672 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
673 ta_crypt_cmd_derive_key(c, session, op, sv_handle,
674 params, param_count)))
675 goto out;
676
677 out_size = sizeof(out);
678 memset(out, 0, sizeof(out));
679 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
680 ta_crypt_cmd_get_object_buffer_attribute(c, session,
681 sv_handle, TEE_ATTR_SECRET_VALUE,
682 out, &out_size)))
683 goto out;
684
685 if (!ADBG_EXPECT_BUFFER(c, pc->dkm, pc->dkm_len, out, out_size))
686 goto out;
687
688 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
689 ta_crypt_cmd_free_operation(c, session, op)))
690 goto out;
691
692 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
693 ta_crypt_cmd_free_transient_object(c, session,
694 sv_handle)))
695 goto out;
696 out:
697 Do_ADBG_EndSubCase(c, "PBKDF2 %s", pc->subcase_name);
698 }
699 }
700 #endif /* WITH_PBKDF2 */
701
enc_fs_km_self_test(TEEC_Session * sess)702 static TEEC_Result enc_fs_km_self_test(TEEC_Session *sess)
703 {
704 TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
705 TEEC_Result res = TEEC_ERROR_GENERIC;
706 uint32_t org = 0;
707
708 res = TEEC_InvokeCommand(sess, CMD_SELF_TESTS, &op, &org);
709 return res;
710 }
711
xtest_tee_test_8001(ADBG_Case_t * c)712 static void xtest_tee_test_8001(ADBG_Case_t *c)
713 {
714 TEEC_Session session = { };
715 uint32_t ret_orig = 0;
716
717 if (!ADBG_EXPECT_TEEC_SUCCESS(c,
718 xtest_teec_open_session(&session, &crypt_user_ta_uuid, NULL,
719 &ret_orig)))
720 return;
721
722 #ifdef WITH_HKDF
723 xtest_test_derivation_hkdf(c, &session);
724 #endif
725 #ifdef WITH_CONCAT_KDF
726 xtest_test_derivation_concat_kdf(c, &session);
727 #endif
728 #ifdef WITH_PBKDF2
729 xtest_test_derivation_pbkdf2(c, &session);
730 #endif
731
732 TEEC_CloseSession(&session);
733 }
734 ADBG_CASE_DEFINE(regression, 8001, xtest_tee_test_8001,
735 "Test TEE Internal API key derivation extensions");
736
737 /* secure storage key manager self test */
xtest_tee_test_8002(ADBG_Case_t * c)738 static void xtest_tee_test_8002(ADBG_Case_t *c)
739 {
740 TEEC_Result res = TEEC_ERROR_GENERIC;
741 TEEC_Session sess = { };
742 uint32_t orig = 0;
743
744 res = xtest_teec_open_session(&sess,
745 &enc_fs_key_manager_test_ta_uuid,
746 NULL, &orig);
747 if (res != TEEC_SUCCESS) {
748 Do_ADBG_Log("Ignore test due to TA does not exist");
749 return;
750 }
751
752 if (!ADBG_EXPECT_TEEC_SUCCESS(
753 c, enc_fs_km_self_test(&sess)))
754 goto exit;
755
756 exit:
757 TEEC_CloseSession(&sess);
758 }
759 ADBG_CASE_DEFINE(regression, 8002, xtest_tee_test_8002,
760 "Secure Storage Key Manager API Self Test");
761