Add ED25519 test cases

Valerii Chubar · sa-kib · commit d05d143739e5 · 2022-10-07T10:36:37.000Z
Add test cases to generate ED25519 key, sign/verify for
ED25519, ED25519ctx and ED25519ph.
The test vectors originate from RFC 8032 sections 7.1, 7.2, 7.3

Signed-off-by: Valerii Chubar &lt;valerii_chubar@epam.com&gt;
Signed-off-by: Sergiy Kibrik &lt;Sergiy_Kibrik@epam.com&gt;
Acked-by: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Acked-by: Etienne Carriere &lt;etienne.carriere@linaro.org&gt;
diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
@@ -2722,6 +2722,15 @@ struct xtest_ac_case {
 			const uint8_t *public_y;
 			size_t public_y_len;
 		} ecc;
+		struct {
+			const uint8_t *private;
+			size_t private_len;
+			const uint8_t *public;
+			size_t public_len;
+			const uint8_t flag;
+			const uint8_t *context;
+			size_t context_len;
+		} eddsa;
 	} params;
 
 	const uint8_t *ptx;
@@ -2779,6 +2788,27 @@ struct xtest_ac_case {
 #define XTEST_AC_ECC_CASE(level, algo, mode, vect) \
 	XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_ECDSA_UNION(vect))
 
+#define XTEST_AC_EDDSA_UNION(vect, flag) \
+	{ .eddsa = { \
+		  ARRAY(vect ## _private), \
+		  ARRAY(vect ## _public), \
+		  flag, \
+	  } }
+
+#define XTEST_AC_EDDSA_CTX_UNION(vect, flag) \
+	{ .eddsa = { \
+		  ARRAY(vect ## _private), \
+		  ARRAY(vect ## _public), \
+		  flag, \
+		  ARRAY(vect ## _context), \
+	  } }
+
+#define XTEST_AC_EDDSA_CASE(level, algo, mode, vect, flag) \
+	XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_EDDSA_UNION(vect, flag))
+
+#define XTEST_AC_EDDSA_CTX_CASE(level, algo, mode, vect, flag) \
+	XTEST_AC_CASE(level, algo, mode, vect, XTEST_AC_EDDSA_CTX_UNION(vect, flag))
+
 static const struct xtest_ac_case xtest_ac_cases[] = {
 	/* RSA test without crt parameters */
 	XTEST_AC_RSA_CASE(0, TEE_ALG_RSA_NOPAD, TEE_MODE_ENCRYPT,
@@ -3555,6 +3585,24 @@ static const struct xtest_ac_case xtest_ac_cases[] = {
 			  gmt_003_part5_a2),
 };
 
+static const struct xtest_ac_case xtest_ac_eddsa_cases[] = {
+
+	XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_SIGN,
+			    ed25519_rfc_8032_7_1, 0),
+	XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_VERIFY,
+			    ed25519_rfc_8032_7_1, 0),
+
+	XTEST_AC_EDDSA_CTX_CASE(0, TEE_ALG_ED25519, TEE_MODE_SIGN,
+				ed25519ctx_rfc_8032_7_2, 0),
+	XTEST_AC_EDDSA_CTX_CASE(0, TEE_ALG_ED25519, TEE_MODE_VERIFY,
+				ed25519ctx_rfc_8032_7_2, 0),
+
+	XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_SIGN,
+			    ed25519ph_rfc_8032_7_3, 1),
+	XTEST_AC_EDDSA_CASE(0, TEE_ALG_ED25519, TEE_MODE_VERIFY,
+			    ed25519ph_rfc_8032_7_3, 1),
+};
+
 static bool create_key(ADBG_Case_t *c, TEEC_Session *s,
 		       uint32_t max_key_size, uint32_t key_type,
 		       TEE_Attribute *attrs, size_t num_attrs,
@@ -4273,6 +4321,19 @@ static bool test_x25519_key_pair(ADBG_Case_t *c, TEEC_Session *s,
 				      ARRAY_SIZE(attrs));
 }
 
+static bool test_ed25519_key_pair(ADBG_Case_t *c, TEEC_Session *s,
+				  TEE_ObjectHandle key, uint32_t key_size)
+{
+	const struct key_attrs attrs[] = {
+		KEY_ATTR(TEE_ATTR_ED25519_PRIVATE_VALUE, false),
+		KEY_ATTR(TEE_ATTR_ED25519_PUBLIC_VALUE, false),
+	};
+
+	return test_keygen_attributes(c, s, key, key_size,
+				      (struct key_attrs *)&attrs,
+				      ARRAY_SIZE(attrs));
+}
+
 static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
 				  uint32_t key_type, uint32_t check_keysize,
 				  uint32_t key_size,
@@ -4336,6 +4397,11 @@ static bool generate_and_test_key(ADBG_Case_t *c, TEEC_Session *s,
 				test_x25519_key_pair(c, s, key, key_size));
 		break;
 
+	case TEE_TYPE_ED25519_KEYPAIR:
+		ret_val = ADBG_EXPECT_TRUE(c,
+				test_ed25519_key_pair(c, s, key, key_size));
+		break;
+
 	default:
 		ret_val = false;
 		break;
@@ -4747,6 +4813,36 @@ static void xtest_tee_test_4007_x25519(ADBG_Case_t *c)
 ADBG_CASE_DEFINE(regression, 4007_x25519, xtest_tee_test_4007_x25519,
 		"Test TEE Internal API Generate X25519 key");
 
+
+static void xtest_tee_test_4007_ed25519(ADBG_Case_t *c)
+{
+	TEEC_Session session = { };
+	uint32_t ret_orig = 0;
+
+	if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+			xtest_teec_open_session(&session, &crypt_user_ta_uuid,
+						NULL, &ret_orig)))
+		return;
+
+	if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_ED25519,
+					    TEE_ECC_CURVE_25519)) {
+		Do_ADBG_Log("ED25519 not supported: skip subcase");
+		goto out;
+	}
+
+	Do_ADBG_BeginSubCase(c, "Generate Ed25519 key");
+
+	ADBG_EXPECT_TRUE(c, generate_and_test_key(c, &session,
+						  TEE_TYPE_ED25519_KEYPAIR,
+						  0, 256, NULL, 0));
+
+	Do_ADBG_EndSubCase(c, "Generate Ed25519 key");
+out:
+	TEEC_CloseSession(&session);
+}
+ADBG_CASE_DEFINE(regression, 4007_ed25519, xtest_tee_test_4007_ed25519,
+		"Test TEE Internal API Generate ed25519 key");
+
 static void xtest_tee_test_4008(ADBG_Case_t *c)
 {
 	TEEC_Session session = { };
@@ -5766,4 +5862,127 @@ static void xtest_tee_test_4015(ADBG_Case_t *c)
 }
 ADBG_CASE_DEFINE(regression, 4015, xtest_tee_test_4015,
 		"Test TEE Internal API Derive key X25519");
+
+static void xtest_tee_test_4016_ed25519(ADBG_Case_t *c)
+{
+	TEEC_Session session = { };
+	TEE_OperationHandle op = TEE_HANDLE_NULL;
+	TEE_ObjectHandle key_handle = TEE_HANDLE_NULL;
+	TEE_Attribute key_attrs[2] = { };
+	size_t num_key_attrs = 0;
+	TEE_Attribute attrs[2] = { };
+	size_t num_attrs = 0;
+	uint8_t out[64] = { };
+	size_t out_size = sizeof(out);
+	size_t n = 0;
+	uint32_t ret_orig = 0;
+	size_t max_key_size = 0;
+
+	if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+			xtest_teec_open_session(&session, &crypt_user_ta_uuid,
+						NULL, &ret_orig)))
+		return;
+
+	if (!ta_crypt_cmd_is_algo_supported(c, &session, TEE_ALG_ED25519,
+					    TEE_ECC_CURVE_25519)) {
+		Do_ADBG_Log("ED25519 not supported: skip subcase");
+		goto out;
+	}
+
+	for (n = 0; n < ARRAY_SIZE(xtest_ac_eddsa_cases); n++) {
+		const struct xtest_ac_case *tv = xtest_ac_eddsa_cases + n;
+
+		if (tv->algo != TEE_ALG_ED25519)
+			continue;
+
+		num_attrs = 0;
+		num_key_attrs = 0;
+		max_key_size = tv->params.eddsa.private_len * 8;
+
+		if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+				ta_crypt_cmd_allocate_operation(c, &session, &op,
+					TEE_ALG_ED25519, tv->mode, max_key_size)))
+			goto out;
+
+		xtest_add_attr(&num_key_attrs, key_attrs,
+			       TEE_ATTR_ED25519_PUBLIC_VALUE,
+			       tv->params.eddsa.public,
+			       tv->params.eddsa.public_len);
+
+		if (tv->params.eddsa.flag == 1)
+			xtest_add_attr(&num_attrs, attrs,
+				       TEE_ATTR_EDDSA_PREHASH, NULL, 0);
+
+		if (tv->params.eddsa.context_len > 0)
+			xtest_add_attr(&num_attrs, attrs, TEE_ATTR_EDDSA_CTX,
+				       tv->params.eddsa.context,
+				       tv->params.eddsa.context_len);
+
+		switch (tv->mode) {
+		case TEE_MODE_SIGN:
+			xtest_add_attr(&num_key_attrs, key_attrs,
+				       TEE_ATTR_ED25519_PRIVATE_VALUE,
+				       tv->params.eddsa.private,
+				       tv->params.eddsa.private_len);
+
+			if (!ADBG_EXPECT_TRUE(c,
+					create_key(c, &session, max_key_size,
+						   TEE_TYPE_ED25519_KEYPAIR,
+						   key_attrs, num_key_attrs,
+						   &key_handle)))
+				goto out;
+
+			if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+					ta_crypt_cmd_set_operation_key(c,
+						 &session, op, key_handle)))
+				goto out;
+
+			if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+					ta_crypt_cmd_asymmetric_sign(c,
+						&session, op,
+						attrs, num_attrs, tv->ptx,
+						tv->ptx_len, out, &out_size)))
+				goto out;
+
+			ADBG_EXPECT_BUFFER(c, tv->ctx, tv->ctx_len, out, out_size);
+
+			break;
+
+		case TEE_MODE_VERIFY:
+			if (!ADBG_EXPECT_TRUE(c,
+					create_key(c, &session, max_key_size,
+						   TEE_TYPE_ED25519_PUBLIC_KEY,
+						   key_attrs, num_key_attrs,
+						   &key_handle)))
+				goto out;
+
+			if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+					ta_crypt_cmd_set_operation_key(c,
+						   &session, op, key_handle)))
+				goto out;
+
+			if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+				ta_crypt_cmd_asymmetric_verify(c, &session, op,
+							       attrs, num_attrs,
+							       tv->ptx,
+							       tv->ptx_len,
+							       tv->ctx,
+							       tv->ctx_len)))
+				goto out;
+			break;
+
+		default:
+			break;
+		}
+
+		if (!ADBG_EXPECT_TEEC_SUCCESS(c,
+				ta_crypt_cmd_free_operation(c, &session, op)))
+			goto out;
+	}
+out:
+	TEEC_CloseSession(&session);
+}
+ADBG_CASE_DEFINE(regression, 4016_ed25519, xtest_tee_test_4016_ed25519,
+		 "Test TEE Internal API ED25519 sign/verify");
+
 #endif /*CFG_SYSTEM_PTA*/
diff --git a/host/xtest/regression_4000_data.h b/host/xtest/regression_4000_data.h
@@ -8650,4 +8650,96 @@ static const uint8_t x25519_shared_secret[] = {
 	0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42
 };
 
+/* Ed25519 test vectors (RFC 8032 - 7.1) */
+static const uint8_t ed25519_rfc_8032_7_1_private[] = {
+	0x83, 0x3f, 0xe6, 0x24,  0x9, 0x23, 0x7b, 0x9d,
+	0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
+	0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
+	0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42
+};
+static const uint8_t ed25519_rfc_8032_7_1_public[] = {
+	0xec, 0x17, 0x2b, 0x93, 0xad, 0x5e, 0x56, 0x3b,
+	0xf4, 0x93, 0x2c, 0x70, 0xe1, 0x24, 0x50, 0x34,
+	0xc3, 0x54, 0x67, 0xef, 0x2e, 0xfd, 0x4d, 0x64,
+	0xeb, 0xf8, 0x19, 0x68, 0x34, 0x67, 0xe2, 0xbf
+};
+static const uint8_t ed25519_rfc_8032_7_1_ptx[] = {
+	0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
+	0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
+	0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
+	0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
+	0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
+	0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+	0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8,  0xe,
+	0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
+};
+static const uint8_t ed25519_rfc_8032_7_1_out[] = {
+	0xdc, 0x2a, 0x44, 0x59, 0xe7, 0x36, 0x96, 0x33,
+	0xa5, 0x2b, 0x1b, 0xf2, 0x77, 0x83, 0x9a, 0x0,
+	0x20, 0x10, 0x09, 0xa3, 0xef, 0xbf, 0x3e, 0xcb,
+	0x69, 0xbe, 0xa2, 0x18, 0x6c, 0x26, 0xb5, 0x89,
+	0x09, 0x35, 0x1f, 0xc9, 0xac, 0x90, 0xb3, 0xec,
+	0xfd, 0xfb, 0xc7, 0xc6, 0x64, 0x31, 0xe0, 0x30,
+	0x3d, 0xca, 0x17, 0x9c, 0x13, 0x8a, 0xc1, 0x7a,
+	0xd9, 0xbe, 0xf1, 0x17, 0x73, 0x31, 0xa7, 0x4
+};
+
+/* Ed25519 test vectors (RFC 8032 - 7.2) */
+static const uint8_t ed25519ctx_rfc_8032_7_2_private[] = {
+	0x03, 0x05, 0x33, 0x4e, 0x38, 0x1a, 0xf7, 0x8f,
+	0x14, 0x1c, 0xb6, 0x66, 0xf6, 0x19, 0x9f, 0x57,
+	0xbc, 0x34, 0x95, 0x33, 0x5a, 0x25, 0x6a, 0x95,
+	0xbd, 0x2a, 0x55, 0xbf, 0x54, 0x66, 0x63, 0xf6
+};
+static const uint8_t ed25519ctx_rfc_8032_7_2_public[] = {
+	0xdf, 0xc9, 0x42, 0x5e, 0x4f, 0x96, 0x8f, 0x7f,
+	0x0c, 0x29, 0xf0, 0x25, 0x9c, 0xf5, 0xf9, 0xae,
+	0xd6, 0x85, 0x1c, 0x2b, 0xb4, 0xad, 0x8b, 0xfb,
+	0x86, 0x0c, 0xfe, 0xe0, 0xab, 0x24, 0x82, 0x92
+};
+static const uint8_t ed25519ctx_rfc_8032_7_2_ptx[] = {
+	0xf7, 0x26, 0x93, 0x6d, 0x19, 0xc8, 0x00, 0x49,
+	0x4e, 0x3f, 0xda, 0xff, 0x20, 0xb2, 0x76, 0xa8
+};
+static const uint8_t ed25519ctx_rfc_8032_7_2_out[] = {
+	0x55, 0xa4, 0xcc, 0x2f, 0x70, 0xa5, 0x4e, 0x4,
+	0x28, 0x8c, 0x5f, 0x4c, 0xd1, 0xe4, 0x5a, 0x7b,
+	0xb5, 0x20, 0xb3, 0x62, 0x92, 0x91, 0x18, 0x76,
+	0xca, 0xda, 0x73, 0x23, 0x19, 0x8d, 0xd8, 0x7a,
+	0x8b, 0x36, 0x95, 0x0b, 0x95, 0x13, 0x00, 0x22,
+	0x90, 0x7a, 0x7f, 0xb7, 0xc4, 0xe9, 0xb2, 0xd5,
+	0xf6, 0xcc, 0xa6, 0x85, 0xa5, 0x87, 0xb4, 0xb2,
+	0x1f, 0x4b, 0x88, 0x8e, 0x4e, 0x7e, 0xdb, 0xd
+};
+static const uint8_t ed25519ctx_rfc_8032_7_2_context[] = {
+	0x66, 0x6f, 0x6f
+};
+
+/* Ed25519 test vectors (RFC 8032 - 7.3) */
+static const uint8_t ed25519ph_rfc_8032_7_3_private[] = {
+	0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
+	0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
+	0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
+	0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42
+};
+static const uint8_t ed25519ph_rfc_8032_7_3_public[] = {
+	0xec, 0x17, 0x2b, 0x93, 0xad, 0x5e, 0x56, 0x3b,
+	0xf4, 0x93, 0x2c, 0x70, 0xe1, 0x24, 0x50, 0x34,
+	0xc3, 0x54, 0x67, 0xef, 0x2e, 0xfd, 0x4d, 0x64,
+	0xeb, 0xf8, 0x19, 0x68, 0x34, 0x67, 0xe2, 0xbf
+};
+static const uint8_t ed25519ph_rfc_8032_7_3_ptx[] = {
+	0x61, 0x62, 0x63
+};
+static const uint8_t ed25519ph_rfc_8032_7_3_out[] = {
+	0x98, 0xa7, 0x02, 0x22, 0xf0, 0xb8, 0x12, 0x1a,
+	0xa9, 0xd3, 0x0f, 0x81, 0x3d, 0x68, 0x3f, 0x80,
+	0x9e, 0x46, 0x2b, 0x46, 0x9c, 0x7f, 0xf8, 0x76,
+	0x39, 0x49, 0x9b, 0xb9, 0x4e, 0x6d, 0xae, 0x41,
+	0x31, 0xf8, 0x50, 0x42, 0x46, 0x3c, 0x2a, 0x35,
+	0x5a, 0x20, 0x03, 0xd0, 0x62, 0xad, 0xf5, 0xaa,
+	0xa1, 0x0b, 0x8c, 0x61, 0xe6, 0x36, 0x06, 0x2a,
+	0xaa, 0xd1, 0x1c, 0x2a, 0x26, 0x08, 0x34, 0x06
+};
+
 #endif /*XTEST_4000_DATA_H*/
