diff --git a/apps/examples/security_test/seclink/sl_crypto_table.h b/apps/examples/security_test/seclink/sl_crypto_table.h index aa074199a8..c43d0744ed 100644 --- a/apps/examples/security_test/seclink/sl_crypto_table.h +++ b/apps/examples/security_test/seclink/sl_crypto_table.h @@ -20,3 +20,4 @@ SL_CRYPTO_TEST_POOL("aes_ecb", SL_CRYPTO_TYPE_AES_ECB, sl_handle_crypto_aes_ecb) SL_CRYPTO_TEST_POOL("aes_cbc", SL_CRYPTO_TYPE_AES_CBC, sl_handle_crypto_aes_cbc) SL_CRYPTO_TEST_POOL("aes_cfb128", SL_CRYPTO_TYPE_AES_CFB128, sl_handle_crypto_aes_cfb128) SL_CRYPTO_TEST_POOL("aes_ctr", SL_CRYPTO_TYPE_AES_CTR, sl_handle_crypto_aes_ctr) +SL_CRYPTO_TEST_POOL("gcm_aes", SL_CRYPTO_TYPE_GCM_AES, sl_handle_crypto_gcm_aes) diff --git a/apps/examples/security_test/seclink/sl_crypto_test.c b/apps/examples/security_test/seclink/sl_crypto_test.c index 03472c45ed..ee19e22a09 100644 --- a/apps/examples/security_test/seclink/sl_crypto_test.c +++ b/apps/examples/security_test/seclink/sl_crypto_test.c @@ -209,6 +209,44 @@ START_TEST_F(aes_ctr) } END_TEST_F +START_TEST_F(gcm_aes) +{ + hal_data aes_key = HAL_DATA_INITIALIZER; + hal_data enc = HAL_DATA_INITIALIZER; + hal_data dec = HAL_DATA_INITIALIZER; + HAL_INIT_GCM_PARAM(param); + unsigned char aad[16] = {0,}; + unsigned char tag[16] = {0,}; + aes_key.data = g_key_128; + aes_key.data_len = 16; + param.cipher = HAL_GCM_AES; + param.iv = (unsigned char *)g_iv; + param.iv_len = 16; + param.aad = aad; + param.aad_len = 16; + param.tag = tag; + param.tag_len = 16; + + enc.data = g_plaintext; + enc.data_len = 64; + dec.data = g_ciphertext; + dec.data_len = 64; + + ST_EXPECT_EQ(SECLINK_OK, sl_set_key(g_hnd, HAL_KEY_AES_128, ST_AES_ENC_KEY_IDX, &aes_key, NULL)); + ST_EXPECT_EQ(SECLINK_OK, sl_gcm_encrypt(g_hnd, &dec, ¶m, ST_AES_ENC_KEY_IDX, &enc)); + sl_test_print_buffer(enc.data, enc.data_len, "GCM-AES plaintext"); + sl_test_print_buffer(dec.data, dec.data_len, "GCM-AES ciphertext"); + sl_test_print_buffer((char *)g_iv, 16, "IV"); + sl_test_print_buffer((char *)aad, 16, "AAD"); + sl_test_print_buffer((char *)param.tag, 16, "TAG"); + + ST_EXPECT_EQ(SECLINK_OK, sl_gcm_decrypt(g_hnd, &dec, ¶m, ST_AES_ENC_KEY_IDX, &enc)); + sl_test_print_buffer(enc.data, enc.data_len, "GCM-AES plaintext (decrypted text)"); + + ST_EXPECT_EQ(SECLINK_OK, sl_remove_key(g_hnd, HAL_KEY_AES_128, ST_AES_ENC_KEY_IDX)); +} +END_TEST_F + void sl_handle_crypto_aes_ecb(sl_options *opt) { ST_SET_SMOKE1(sl_crypto, opt->count, 0, "aes test", aes_ecb); @@ -229,6 +267,11 @@ void sl_handle_crypto_aes_ctr(sl_options *opt) ST_SET_SMOKE1(sl_crypto, opt->count, 0, "aes test", aes_ctr); } +void sl_handle_crypto_gcm_aes(sl_options *opt) +{ + ST_SET_SMOKE1(sl_crypto, opt->count, 0, "gcm test", gcm_aes); +} + void sl_handle_crypto(sl_options *opt) { ST_TC_SET_GLOBAL(sl_crypto, sl_crypto_global); diff --git a/apps/examples/testcase/ta_tc/security/utc/utc_crypto.c b/apps/examples/testcase/ta_tc/security/utc/utc_crypto.c index fb842e9587..d882a4ffa4 100644 --- a/apps/examples/testcase/ta_tc/security/utc/utc_crypto.c +++ b/apps/examples/testcase/ta_tc/security/utc/utc_crypto.c @@ -54,6 +54,16 @@ static security_aes_mode g_aes_mode_table[] = { AES_CTR, }; +static security_key_type g_aes_key_type_table[] = { + KEY_AES_128, + KEY_AES_192, + KEY_AES_256, +}; + +static security_gcm_mode g_gcm_mode_table[] = { + GCM_AES, +}; + static security_handle g_hnd = NULL; /** @@ -757,6 +767,499 @@ static void utc_crypto_rsa_decryption_output_n(void) TC_SUCCESS_RESULT(); } +/** + * @testcase utc_crypto_gcm_encryption_p + * @brief encrypt GCM with AES + * @scenario encrypt GCM with AES + * @apicovered crypto_gcm_encryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_encryption_p(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char plain_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0, }; + + security_data plain = { plain_text, sizeof(plain_text) }; + security_data enc = { NULL, 0 }; + + for (int gcm_mode = 0; gcm_mode < sizeof(g_gcm_mode_table) / sizeof(g_gcm_mode_table); gcm_mode++) { + /* Generate AES key for GCM encryption / decryption */ + for (int i = 0; i < sizeof(g_aes_key_type_table) / sizeof(g_aes_key_type_table); i++) { + security_error res = keymgr_generate_key(g_hnd, g_aes_key_type_table[i], UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_p : keymgr_generate_key", res, SECURITY_OK); + + /* Check whether hang occurs during repeated encrypt function */ + for (int iter = 0; iter < ITER_COUNT; iter++) { + security_gcm_mode cipher = g_aes_mode_table[gcm_mode]; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_encryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, &plain, &enc); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_p", res, SECURITY_OK); + TC_SUCCESS_RESULT(); + } + + res = keymgr_remove_key(g_hnd, g_aes_key_type_table[i], UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_p : keymgr_remove_key", res, SECURITY_OK); + } + } +} + +/** + * @testcase utc_crypto_gcm_encryption_hnd_n + * @brief encrypt GCM with AES + * @scenario encrypt GCM with AES (without handler) + * @apicovered crypto_gcm_encryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_encryption_hnd_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char plain_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0, }; + + security_data plain = { plain_text, sizeof(plain_text) }; + security_data enc = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_hnd_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_encryption(NULL, ¶m, UTC_CRYPTO_USER_KEY_NAME, &plain, &enc); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_hnd_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_hnd_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_encryption_param_n + * @brief encrypt GCM with AES + * @scenario encrypt GCM with AES (without param) + * @apicovered crypto_gcm_encryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_encryption_param_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char plain_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0, }; + + security_data plain = { plain_text, sizeof(plain_text) }; + security_data enc = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_param_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_param param = { GCM_UNKNOWN, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_encryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, &plain, &enc); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_param_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_param_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_encryption_key_n + * @brief encrypt GCM with AES + * @scenario encrypt GCM with AES (without key) + * @apicovered crypto_gcm_encryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_encryption_key_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char plain_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0, }; + + security_data plain = { plain_text, sizeof(plain_text) }; + security_data enc = { NULL, 0 }; + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + security_error res = crypto_gcm_encryption(g_hnd, ¶m, NULL, &plain, &enc); + + TC_ASSERT_EQ("utc_crypto_gcm_encryption_key_n", res, SECURITY_INVALID_KEY_INDEX); + TC_SUCCESS_RESULT(); +} + +/** + * @testcase utc_crypto_gcm_encryption_input_n + * @brief encrypt GCM with AES + * @scenario encrypt GCM with AES (without input) + * @apicovered crypto_gcm_encryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_encryption_input_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char plain_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0, }; + + security_data plain = { plain_text, sizeof(plain_text) }; + security_data enc = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_input_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_encryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, NULL, &enc); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_input_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_input_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_encryption_output_n + * @brief encrypt GCM with AES + * @scenario encrypt GCM with AES (without output) + * @apicovered crypto_gcm_encryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_encryption_output_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char plain_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0, }; + + security_data plain = { plain_text, sizeof(plain_text) }; + security_data enc = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_output_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_encryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, &plain, NULL); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_output_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_encryption_output_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_decryption_p + * @brief decrypt GCM with AES + * @scenario decrypt GCM with AES + * @apicovered crypto_gcm_decryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_decryption_p(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char enc_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + security_data enc = { enc_text, sizeof(enc_text) }; + security_data dec = { NULL, 0 }; + + for (int gcm_mode = 0; gcm_mode < sizeof(g_gcm_mode_table) / sizeof(g_gcm_mode_table); gcm_mode++) { + /* Set AES key for GCM encryption / decryption */ + for (int i = 0; i < sizeof(g_aes_key_type_table) / sizeof(g_aes_key_type_table); i++) { + security_error res = keymgr_generate_key(g_hnd, g_aes_key_type_table[i], UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_p : keymgr_generate_key", res, SECURITY_OK); + + /* Check whether hang occurs during repeated encrypt function */ + for (int iter = 0; iter < ITER_COUNT; iter++) { + security_gcm_mode cipher = g_aes_mode_table[gcm_mode]; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_decryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, &enc, &dec); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_p", res, SECURITY_OK); + TC_SUCCESS_RESULT(); + } + + res = keymgr_remove_key(g_hnd, g_aes_key_type_table[i], UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_p : keymgr_remove_key", res, SECURITY_OK); + } + } +} + +/** + * @testcase utc_crypto_gcm_decryption_hnd_n + * @brief decrypt GCM with AES + * @scenario decrypt GCM with AES (without handler) + * @apicovered crypto_gcm_decryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_decryption_hnd_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char enc_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + security_data enc = { enc_text, sizeof(enc_text) }; + security_data dec = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_hnd_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_decryption(NULL, ¶m, UTC_CRYPTO_USER_KEY_NAME, &enc, &dec); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_hnd_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_hnd_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_decryption_param_n + * @brief decrypt GCM with AES + * @scenario decrypt GCM with AES (without param) + * @apicovered crypto_gcm_decryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_decryption_param_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char enc_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + security_data enc = { enc_text, sizeof(enc_text) }; + security_data dec = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_param_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_param param = { GCM_UNKNOWN, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_decryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, &enc, &dec); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_param_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_param_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_decryption_key_n + * @brief decrypt GCM with AES + * @scenario decrypt GCM with AES (without key) + * @apicovered crypto_gcm_decryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_decryption_key_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char enc_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + security_data enc = { enc_text, sizeof(enc_text) }; + security_data dec = { NULL, 0 }; + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + security_error res = crypto_gcm_decryption(g_hnd, ¶m, NULL, &enc, &dec); + + TC_ASSERT_EQ("utc_crypto_gcm_decryption_key_n", res, SECURITY_INVALID_KEY_INDEX); + TC_SUCCESS_RESULT(); +} + +/** + * @testcase utc_crypto_gcm_decryption_input_n + * @brief decrypt GCM with AES + * @scenario decrypt GCM with AES (without input) + * @apicovered crypto_gcm_decryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_decryption_input_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char enc_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + security_data enc = { enc_text, sizeof(enc_text) }; + security_data dec = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_input_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_decryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, NULL, &dec); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_input_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_input_n : keymgr_remove_key", res, SECURITY_OK); +} + +/** + * @testcase utc_crypto_gcm_decryption_output_n + * @brief decrypt GCM with AES + * @scenario decrypt GCM with AES (without output) + * @apicovered crypto_gcm_decryption + * @precondition key should be set by keymgr_set_key() or keymgr_generate_key with AES type. Only AES key type is supported on GCM mode. + * @postcondition none + */ +static void utc_crypto_gcm_decryption_output_n(void) +{ + /* Recommanded IV length : 12 bytes */ + unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b }; + + unsigned char enc_text[] = { 0x4d, 0x79, 0x20, 0x42, 0x79, 0x74, 0x65, 0x20, + 0x50, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x00, 0x00 }; + + unsigned char aad[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + unsigned char tag[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + + security_data enc = { enc_text, sizeof(enc_text) }; + security_data dec = { NULL, 0 }; + + /* Generate AES key for GCM encryption / decryption */ + security_error res = keymgr_generate_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_output_n : keymgr_generate_key", res, SECURITY_OK); + + security_gcm_mode cipher = GCM_AES; + security_gcm_param param = { cipher, iv, sizeof(iv), aad, sizeof(aad), tag, sizeof(tag) }; + + res = crypto_gcm_decryption(g_hnd, ¶m, UTC_CRYPTO_USER_KEY_NAME, &enc, NULL); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_output_n", res, SECURITY_INVALID_INPUT_PARAMS); + TC_SUCCESS_RESULT(); + + /* Remove AES key for GCM encryption / decryption */ + res = keymgr_remove_key(g_hnd, KEY_AES_128, UTC_CRYPTO_USER_KEY_NAME); + TC_ASSERT_EQ("utc_crypto_gcm_decryption_output_n : keymgr_remove_key", res, SECURITY_OK); +} void utc_crypto_main(void) { @@ -780,7 +1283,7 @@ void utc_crypto_main(void) utc_crypto_aes_decryption_key_n(); utc_crypto_aes_decryption_input_n(); utc_crypto_aes_decryption_output_n(); - /* RSA */ + // /* RSA */ utc_crypto_rsa_encryption_p(); utc_crypto_rsa_encryption_hnd_n(); utc_crypto_rsa_encryption_param_n(); @@ -795,6 +1298,19 @@ void utc_crypto_main(void) utc_crypto_rsa_decryption_param3_n(); utc_crypto_rsa_decryption_input_n(); utc_crypto_rsa_decryption_output_n(); + /* GCM */ + utc_crypto_gcm_encryption_p(); + utc_crypto_gcm_encryption_hnd_n(); + utc_crypto_gcm_encryption_param_n(); + utc_crypto_gcm_encryption_key_n(); + utc_crypto_gcm_encryption_input_n(); + utc_crypto_gcm_encryption_output_n(); + utc_crypto_gcm_decryption_p(); + utc_crypto_gcm_decryption_hnd_n(); + utc_crypto_gcm_decryption_param_n(); + utc_crypto_gcm_decryption_key_n(); + utc_crypto_gcm_decryption_input_n(); + utc_crypto_gcm_decryption_output_n(); res = security_deinit(g_hnd); if (res != SECURITY_OK) { diff --git a/apps/examples/testcase/ta_tc/security/utc/utc_security.h b/apps/examples/testcase/ta_tc/security/utc/utc_security.h index 689c3b75db..82f2579025 100644 --- a/apps/examples/testcase/ta_tc/security/utc/utc_security.h +++ b/apps/examples/testcase/ta_tc/security/utc/utc_security.h @@ -5,6 +5,7 @@ #define UTC_CRYPTO_KEY_NAME "ss/01" #define UTC_CERT_NAME "ss/02" +#define UTC_CRYPTO_USER_KEY_NAME "ss/32" /* Debugging */ #define US_ERROR \