projects / GitHub / LineageOS / android_hardware_samsung_slsi_exynos7580.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
import exynos 7570 bsp
[GitHub/LineageOS/android_hardware_samsung_slsi_exynos7580.git] / libkeymaster / ver1 / test / test_km_ec.cpp
CommitLineData
cd9434cc
T		 1/*
2 * Copyright (c) 2015 TRUSTONIC LIMITED
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32#define __STDC_FORMAT_MACROS
33#include <inttypes.h>
34
35#include <hardware/keymaster1.h>
36
37#include "test_km_ec.h"
38#include "test_km_util.h"
39
40#include <assert.h>
41
42#undef LOG_ANDROID
43#undef LOG_TAG
44#define LOG_TAG "TlcTeeKeyMasterTest"
45#include "log.h"
46
47static keymaster_error_t test_km_ec_sign_verify(
48 keymaster1_device_t *device,
49 keymaster_key_blob_t *key_blob,
50 uint32_t keylen,
51 keymaster_digest_t digest)
52{
53 keymaster_error_t res = KM_ERROR_OK;
54 keymaster_key_param_t key_param[2];
55 keymaster_key_param_set_t paramset = {key_param, 0};
56 keymaster_operation_handle_t handle;
57 uint8_t message[1000];
58 keymaster_blob_t messageblob = {0, 0};
59 keymaster_blob_t sig_output = {0, 0};
60 size_t message_consumed = 0;
61
62 /* populate message */
63 memset(message, 25, sizeof(message));
64
65 key_param[0].tag = KM_TAG_ALGORITHM;
66 key_param[0].enumerated = KM_ALGORITHM_EC;
67 key_param[1].tag = KM_TAG_DIGEST;
68 key_param[1].enumerated = digest;
69 paramset.length = 2;
70 CHECK_RESULT_OK(device->begin(device,
71 KM_PURPOSE_SIGN,
72 key_blob,
73 &paramset,
74 NULL, // no out_params
75 &handle));
76
77 messageblob.data = &message[0];
78 messageblob.data_length = 630;
79 CHECK_RESULT_OK(device->update(device,
80 handle,
81 NULL, // no params
82 &messageblob, // first part of message
83 &message_consumed,
84 NULL, // no out_params
85 NULL));
86 CHECK_TRUE(message_consumed == 630);
87
88 messageblob.data = &message[630];
89 messageblob.data_length = 370;
90 CHECK_RESULT_OK(device->update(device,
91 handle,
92 NULL, // no params
93 &messageblob, // last part of message
94 &message_consumed,
95 NULL, // no out_params
96 NULL));
97 CHECK_TRUE(message_consumed == 370);
98
99 CHECK_RESULT_OK(device->finish(device,
100 handle,
101 NULL, // no params
102 NULL, // no signature
103 NULL, // no out_params
104 &sig_output));
105 CHECK_TRUE(sig_output.data_length <= 2*keylen + 9);
106
107 CHECK_RESULT_OK(device->begin(device,
108 KM_PURPOSE_VERIFY,
109 key_blob,
110 &paramset, // same as for KM_PURPOSE_SIGN
111 NULL, // no out_params
112 &handle));
113
114 messageblob.data = &message[0];
115 messageblob.data_length = 480;
116 CHECK_RESULT_OK(device->update(device,
117 handle,
118 NULL, // no params
119 &messageblob, // first part of message
120 &message_consumed,
121 NULL, // no out_params
122 NULL));
123 CHECK_TRUE(message_consumed == 480);
124
125 messageblob.data = &message[480];
126 messageblob.data_length = 520;
127 CHECK_RESULT_OK(device->update(device,
128 handle,
129 NULL, // no params
130 &messageblob, // last part of message
131 &message_consumed,
132 NULL, // no out_params
133 NULL));
134 CHECK_TRUE(message_consumed == 520);
135
136 CHECK_RESULT_OK(device->finish(device,
137 handle,
138 NULL, // no params
139 &sig_output,
140 NULL, // no out_params
141 NULL));
142
143end:
144 km_free_blob(&sig_output);
145
146 return res;
147}
148
149static keymaster_error_t test_km_ec_sign_verify_empty_message(
150 keymaster1_device_t *device,
151 keymaster_key_blob_t *key_blob,
152 uint32_t keylen,
153 keymaster_digest_t digest)
154{
155 keymaster_error_t res = KM_ERROR_OK;
156 keymaster_key_param_t key_param[2];
157 keymaster_key_param_set_t paramset = {key_param, 0};
158 keymaster_operation_handle_t handle;
159 uint8_t message;
160 keymaster_blob_t messageblob = {0, 0};
161 keymaster_blob_t sig_output = {0, 0};
162 size_t message_consumed = 0;
163
164 key_param[0].tag = KM_TAG_ALGORITHM;
165 key_param[0].enumerated = KM_ALGORITHM_EC;
166 key_param[1].tag = KM_TAG_DIGEST;
167 key_param[1].enumerated = digest;
168 paramset.length = 2;
169 CHECK_RESULT_OK(device->begin(device,
170 KM_PURPOSE_SIGN, key_blob, &paramset, NULL, &handle));
171
172 messageblob.data = &message;
173 messageblob.data_length = 0;
174 CHECK_RESULT_OK(device->update(device,
175 handle, NULL, &messageblob, &message_consumed, NULL, NULL));
176 CHECK_TRUE(message_consumed == 0);
177
178 CHECK_RESULT_OK(device->finish(device,
179 handle, NULL, NULL, NULL, &sig_output));
180 CHECK_TRUE(sig_output.data_length <= 2*keylen + 9);
181
182 CHECK_RESULT_OK(device->begin(device,
183 KM_PURPOSE_VERIFY, key_blob, &paramset, NULL, &handle));
184
185 messageblob.data = &message;
186 messageblob.data_length = 0;
187 CHECK_RESULT_OK(device->update(device,
188 handle, NULL, &messageblob, &message_consumed, NULL, NULL));
189 CHECK_TRUE(message_consumed == 0);
190
191 CHECK_RESULT_OK(device->finish(device,
192 handle, NULL, &sig_output, NULL, NULL));
193
194end:
195 km_free_blob(&sig_output);
196
197 return res;
198}
199
200keymaster_error_t test_km_ec_import_export(
201 keymaster1_device_t *device)
202{
203 keymaster_error_t res = KM_ERROR_OK;
204 keymaster_key_param_t key_param[6];
205 keymaster_key_param_set_t key_paramset = {key_param, 6};
206 keymaster_key_blob_t key_blob = {NULL, 0};
207
208 /* Test vector from Android M PDK: system/keymaster/ec_privkey_pk8.der */
209 const uint8_t key[] = {
210 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
211 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
212 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
213 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa,
214 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32,
215 0x99, 0x98, 0x64, 0x81, 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42,
216 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, 0xc2, 0x54, 0x61, 0x68,
217 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e,
218 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa,
219 0x1b, 0x51, 0xf1, 0x4e, 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4,
220 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76, 0xd1, 0x1f, 0xd4, 0x49,
221 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe};
222
223 const keymaster_blob_t key_data = {key, sizeof(key)};
224
225 keymaster_blob_t export_data = {NULL, 0};
226
227 key_param[0].tag = KM_TAG_ALGORITHM;
228 key_param[0].enumerated = KM_ALGORITHM_EC;
229 key_param[1].tag = KM_TAG_KEY_SIZE;
230 key_param[1].integer = 256;
231 key_param[2].tag = KM_TAG_NO_AUTH_REQUIRED;
232 key_param[2].boolean = true;
233 key_param[3].tag = KM_TAG_PURPOSE;
234 key_param[3].enumerated = KM_PURPOSE_SIGN;
235 key_param[4].tag = KM_TAG_PURPOSE;
236 key_param[4].enumerated = KM_PURPOSE_VERIFY;
237 key_param[5].tag = KM_TAG_DIGEST;
238 key_param[5].enumerated = KM_DIGEST_SHA1;
239 CHECK_RESULT_OK(device->import_key(device,
240 &key_paramset, KM_KEY_FORMAT_PKCS8, &key_data, &key_blob, NULL));
241
242 CHECK_RESULT_OK(test_km_ec_sign_verify(
243 device, &key_blob, 32, KM_DIGEST_SHA1));
244
245 CHECK_RESULT_OK(device->export_key(device,
246 KM_KEY_FORMAT_X509, &key_blob, NULL, NULL, &export_data));
247
248end:
249 km_free_blob(&export_data);
250 km_free_key_blob(&key_blob);
251
252 return res;
253}
254
255keymaster_error_t test_km_ec_p521_interop(
256 keymaster1_device_t *device)
257{
258 keymaster_error_t res = KM_ERROR_OK;
259 keymaster_key_param_t key_param[6];
260 keymaster_key_param_set_t key_paramset = {key_param, 6};
261 keymaster_key_param_t op_param[2];
262 keymaster_key_param_set_t op_paramset = {op_param, 2};
263 keymaster_key_blob_t key_blob = {0, 0};
264 keymaster_operation_handle_t handle;
265 const char *message = "This is a test";
266 keymaster_blob_t messageblob = {(const uint8_t*)message, strlen(message)};
267 size_t message_consumed = 0;
268 keymaster_blob_t sig = {0, 0};
269
270 /* Test vector from Android M CTS: ec_key6_secp521r1_pkcs8.der */
271 const uint8_t key[] = {
272 0x30, 0x81, 0xED, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86,
273 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23,
274 0x04, 0x81, 0xD5, 0x30, 0x81, 0xD2, 0x02, 0x01, 0x01, 0x04, 0x41, 0x11,
275 0x45, 0x8C, 0x58, 0x6D, 0xB5, 0xDA, 0xA9, 0x2A, 0xFA, 0xB0, 0x3F, 0x4F,
276 0xE4, 0x6A, 0xA9, 0xD9, 0xC3, 0xCE, 0x9A, 0x9B, 0x7A, 0x00, 0x6A, 0x83,
277 0x84, 0xBE, 0xC4, 0xC7, 0x8E, 0x8E, 0x9D, 0x18, 0xD7, 0xD0, 0x8B, 0x5B,
278 0xCF, 0xA0, 0xE5, 0x3C, 0x75, 0xB0, 0x64, 0xAD, 0x51, 0xC4, 0x49, 0xBA,
279 0xE0, 0x25, 0x8D, 0x54, 0xB9, 0x4B, 0x1E, 0x88, 0x5D, 0xED, 0x08, 0xED,
280 0x4F, 0xB2, 0x5C, 0xE9, 0xA1, 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04,
281 0x01, 0x49, 0xEC, 0x11, 0xC6, 0xDF, 0x0F, 0xA1, 0x22, 0xC6, 0xA9, 0xAF,
282 0xD9, 0x75, 0x4A, 0x4F, 0xA9, 0x51, 0x3A, 0x62, 0x7C, 0xA3, 0x29, 0xE3,
283 0x49, 0x53, 0x5A, 0x56, 0x29, 0x87, 0x5A, 0x8A, 0xDF, 0xBE, 0x27, 0xDC,
284 0xB9, 0x32, 0xC0, 0x51, 0x98, 0x63, 0x77, 0x10, 0x8D, 0x05, 0x4C, 0x28,
285 0xC6, 0xF3, 0x9B, 0x6F, 0x2C, 0x9A, 0xF8, 0x18, 0x02, 0xF9, 0xF3, 0x26,
286 0xB8, 0x42, 0xFF, 0x2E, 0x5F, 0x3C, 0x00, 0xAB, 0x76, 0x35, 0xCF, 0xB3,
287 0x61, 0x57, 0xFC, 0x08, 0x82, 0xD5, 0x74, 0xA1, 0x0D, 0x83, 0x9C, 0x1A,
288 0x0C, 0x04, 0x9D, 0xC5, 0xE0, 0xD7, 0x75, 0xE2, 0xEE, 0x50, 0x67, 0x1A,
289 0x20, 0x84, 0x31, 0xBB, 0x45, 0xE7, 0x8E, 0x70, 0xBE, 0xFE, 0x93, 0x0D,
290 0xB3, 0x48, 0x18, 0xEE, 0x4D, 0x5C, 0x26, 0x25, 0x9F, 0x5C, 0x6B, 0x8E,
291 0x28, 0xA6, 0x52, 0x95, 0x0F, 0x9F, 0x88, 0xD7, 0xB4, 0xB2, 0xC9, 0xD9};
292
293 /* Signature generated by Bouncy Castle in CTS run */
294 const uint8_t bc_sig[138] = {
295 0x30, 0x81, 0x87, 0x02, 0x42, 0x01, 0x90, 0xef, 0xd1, 0x43, 0x8c, 0xf7,
296 0xd2, 0x73, 0x19, 0x46, 0x09, 0xce, 0x74, 0x82, 0x10, 0x08, 0x3c, 0xb9,
297 0x65, 0x1e, 0x04, 0xde, 0x34, 0x9d, 0x8f, 0x66, 0x2b, 0xf7, 0x2e, 0x62,
298 0x10, 0xf4, 0x9c, 0xf7, 0xf5, 0x71, 0x9e, 0x6a, 0x5a, 0xeb, 0xce, 0xb7,
299 0x28, 0xd8, 0xd5, 0xd1, 0x1e, 0x7f, 0x8b, 0x85, 0x29, 0xd7, 0x04, 0x88,
300 0x2a, 0xf1, 0x99, 0x50, 0x71, 0x78, 0xd0, 0x14, 0xa9, 0x93, 0x68, 0x02,
301 0x41, 0x5c, 0xc9, 0x15, 0xcc, 0xd2, 0x12, 0xf3, 0xdb, 0x42, 0x8a, 0x07,
302 0x51, 0x85, 0x8b, 0xb9, 0x98, 0xc9, 0x27, 0xc1, 0x77, 0xb0, 0x7b, 0xdb,
303 0xae, 0x5f, 0x5c, 0x42, 0xe8, 0x5e, 0x4b, 0x89, 0xed, 0x93, 0xba, 0x73,
304 0x04, 0x98, 0x6a, 0xc7, 0x38, 0xb6, 0x9c, 0x6b, 0xa9, 0x13, 0x04, 0xc3,
305 0x33, 0xaf, 0xcb, 0x85, 0x8d, 0xfa, 0x4a, 0x33, 0x8a, 0x09, 0xfc, 0xdb,
306 0x5d, 0x3f, 0xcf, 0x49, 0x3a, 0x12};
307
308 const keymaster_blob_t key_data = {key, sizeof(key)};
309 const keymaster_blob_t bc_sig_blob = {bc_sig, sizeof(bc_sig)};
310
311 key_param[0].tag = KM_TAG_ALGORITHM;
312 key_param[0].enumerated = KM_ALGORITHM_EC;
313 key_param[1].tag = KM_TAG_KEY_SIZE;
314 key_param[1].integer = 521;
315 key_param[2].tag = KM_TAG_NO_AUTH_REQUIRED;
316 key_param[2].boolean = true;
317 key_param[3].tag = KM_TAG_PURPOSE;
318 key_param[3].enumerated = KM_PURPOSE_SIGN;
319 key_param[4].tag = KM_TAG_PURPOSE;
320 key_param[4].enumerated = KM_PURPOSE_VERIFY;
321 key_param[5].tag = KM_TAG_DIGEST;
322 key_param[5].enumerated = KM_DIGEST_NONE;
323 CHECK_RESULT_OK(device->import_key(device,
324 &key_paramset, KM_KEY_FORMAT_PKCS8, &key_data, &key_blob, NULL));
325
326 op_param[0].tag = KM_TAG_ALGORITHM;
327 op_param[0].enumerated = KM_ALGORITHM_EC;
328 op_param[1].tag = KM_TAG_DIGEST;
329 op_param[1].enumerated = KM_DIGEST_NONE;
330
331 /* 1. Generate a signature ourselves. */
332
333 CHECK_RESULT_OK(device->begin(device,
334 KM_PURPOSE_SIGN, &key_blob, &op_paramset, NULL, &handle));
335
336 CHECK_RESULT_OK(device->update(device,
337 handle, NULL, &messageblob, &message_consumed, NULL, NULL));
338 CHECK_TRUE(message_consumed == messageblob.data_length);
339
340 CHECK_RESULT_OK(device->finish(device,
341 handle, NULL, NULL, NULL, &sig));
342
343 /* 2. Verify BC's signature. */
344
345 CHECK_RESULT_OK(device->begin(device,
346 KM_PURPOSE_VERIFY, &key_blob, &op_paramset, NULL, &handle));
347
348 CHECK_RESULT_OK(device->update(device,
349 handle, NULL, &messageblob, &message_consumed, NULL, NULL));
350 CHECK_TRUE(message_consumed == messageblob.data_length);
351
352 CHECK_RESULT_OK(device->finish(device,
353 handle, NULL, &bc_sig_blob, NULL, NULL));
354
355end:
356 km_free_key_blob(&key_blob);
357 km_free_blob(&sig);
358
359 return res;
360}
361
362keymaster_error_t test_km_ec(
363 keymaster1_device_t *device,
364 uint32_t keysize)
365{
366 keymaster_error_t res = KM_ERROR_OK;
367 keymaster_key_param_t key_param[8];
368 keymaster_key_param_set_t paramset = {key_param, 0};
369 keymaster_key_blob_t key_blob = {0, 0};
370 uint32_t keylen = BYTES_PER_BITS(keysize);
371
372 LOG_I("Generate %d-bit key...", keysize);
373 key_param[0].tag = KM_TAG_ALGORITHM;
374 key_param[0].enumerated = KM_ALGORITHM_EC;
375 key_param[1].tag = KM_TAG_KEY_SIZE;
376 key_param[1].integer = keysize;
377 key_param[2].tag = KM_TAG_NO_AUTH_REQUIRED;
378 key_param[2].boolean = true;
379 key_param[3].tag = KM_TAG_PURPOSE;
380 key_param[3].enumerated = KM_PURPOSE_SIGN;
381 key_param[4].tag = KM_TAG_PURPOSE;
382 key_param[4].enumerated = KM_PURPOSE_VERIFY;
383 key_param[5].tag = KM_TAG_DIGEST;
384 key_param[5].enumerated = KM_DIGEST_SHA1;
385 key_param[6].tag = KM_TAG_DIGEST;
386 key_param[6].enumerated = KM_DIGEST_SHA_2_512;
387 key_param[7].tag = KM_TAG_DIGEST;
388 key_param[7].enumerated = KM_DIGEST_NONE;
389 paramset.length = 8;
390 CHECK_RESULT_OK(device->generate_key(device,
391 &paramset, &key_blob, NULL));
392
393 LOG_I("ECDSA sign/verify with SHA1 hash...");
394 CHECK_RESULT_OK(test_km_ec_sign_verify(
395 device, &key_blob, keylen, KM_DIGEST_SHA1) );
396
397 LOG_I("ECDSA sign/verify with SHA512 hash...");
398 CHECK_RESULT_OK(test_km_ec_sign_verify(
399 device, &key_blob, keylen, KM_DIGEST_SHA_2_512) );
400
401 LOG_I("ECDSA sign/verify with SHA1 hash, empty message...");
402 CHECK_RESULT_OK(test_km_ec_sign_verify_empty_message(
403 device, &key_blob, keylen, KM_DIGEST_SHA1) );
404
405 LOG_I("ECDSA sign/verify with no digest, empty message...");
406 CHECK_RESULT_OK(test_km_ec_sign_verify_empty_message(
407 device, &key_blob, keylen, KM_DIGEST_NONE) );
408
409end:
410 km_free_key_blob(&key_blob);
411
412 return res;
413}