/src/ibmswtpm2/src/AlgorithmTests.c
Line | Count | Source (jump to first uncovered line) |
1 | | /********************************************************************************/ |
2 | | /* */ |
3 | | /* Code to perform the various self-test functions. */ |
4 | | /* Written by Ken Goldman */ |
5 | | /* IBM Thomas J. Watson Research Center */ |
6 | | /* $Id: AlgorithmTests.c 1311 2018-08-23 21:39:29Z kgoldman $ */ |
7 | | /* */ |
8 | | /* Licenses and Notices */ |
9 | | /* */ |
10 | | /* 1. Copyright Licenses: */ |
11 | | /* */ |
12 | | /* - Trusted Computing Group (TCG) grants to the user of the source code in */ |
13 | | /* this specification (the "Source Code") a worldwide, irrevocable, */ |
14 | | /* nonexclusive, royalty free, copyright license to reproduce, create */ |
15 | | /* derivative works, distribute, display and perform the Source Code and */ |
16 | | /* derivative works thereof, and to grant others the rights granted herein. */ |
17 | | /* */ |
18 | | /* - The TCG grants to the user of the other parts of the specification */ |
19 | | /* (other than the Source Code) the rights to reproduce, distribute, */ |
20 | | /* display, and perform the specification solely for the purpose of */ |
21 | | /* developing products based on such documents. */ |
22 | | /* */ |
23 | | /* 2. Source Code Distribution Conditions: */ |
24 | | /* */ |
25 | | /* - Redistributions of Source Code must retain the above copyright licenses, */ |
26 | | /* this list of conditions and the following disclaimers. */ |
27 | | /* */ |
28 | | /* - Redistributions in binary form must reproduce the above copyright */ |
29 | | /* licenses, this list of conditions and the following disclaimers in the */ |
30 | | /* documentation and/or other materials provided with the distribution. */ |
31 | | /* */ |
32 | | /* 3. Disclaimers: */ |
33 | | /* */ |
34 | | /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ |
35 | | /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ |
36 | | /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ |
37 | | /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ |
38 | | /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ |
39 | | /* information on specification licensing rights available through TCG */ |
40 | | /* membership agreements. */ |
41 | | /* */ |
42 | | /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ |
43 | | /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ |
44 | | /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ |
45 | | /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ |
46 | | /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ |
47 | | /* */ |
48 | | /* - Without limitation, TCG and its members and licensors disclaim all */ |
49 | | /* liability, including liability for infringement of any proprietary */ |
50 | | /* rights, relating to use of information in this specification and to the */ |
51 | | /* implementation of this specification, and TCG disclaims all liability for */ |
52 | | /* cost of procurement of substitute goods or services, lost profits, loss */ |
53 | | /* of use, loss of data or any incidental, consequential, direct, indirect, */ |
54 | | /* or special damages, whether under contract, tort, warranty or otherwise, */ |
55 | | /* arising in any way out of use or reliance upon this specification or any */ |
56 | | /* information herein. */ |
57 | | /* */ |
58 | | /* (c) Copyright IBM Corp. and others, 2016 - 2018 */ |
59 | | /* */ |
60 | | /********************************************************************************/ |
61 | | |
62 | | /* 10.2.1 AlgorithmTests.c */ |
63 | | /* 10.2.1.1 Introduction */ |
64 | | /* This file contains the code to perform the various self-test functions. */ |
65 | | /* 10.2.1.2 Includes and Defines */ |
66 | | #include "Tpm.h" |
67 | | #define SELF_TEST_DATA |
68 | | #if SELF_TEST |
69 | | /* These includes pull in the data structures. They contain data definitions for the various |
70 | | tests. */ |
71 | | #include "SelfTest.h" |
72 | | #include "SymmetricTest.h" |
73 | | #include "RsaTestData.h" |
74 | | #include "EccTestData.h" |
75 | | #include "HashTestData.h" |
76 | | #include "KdfTestData.h" |
77 | | #define TEST_DEFAULT_TEST_HASH(vector) \ |
78 | 0 | if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ |
79 | 0 | TestHash(DEFAULT_TEST_HASH, vector); |
80 | | /* Make sure that the algorithm has been tested */ |
81 | 1.19k | #define CLEAR_BOTH(alg) { CLEAR_BIT(alg, *toTest); \ |
82 | 1.19k | if(toTest != &g_toTest) \ |
83 | 1.19k | CLEAR_BIT(alg, g_toTest); } |
84 | 1.08k | #define SET_BOTH(alg) { SET_BIT(alg, *toTest); \ |
85 | 1.08k | if(toTest != &g_toTest) \ |
86 | 1.08k | SET_BIT(alg, g_toTest); } |
87 | 0 | #define TEST_BOTH(alg) ((toTest != &g_toTest) \ |
88 | 0 | ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ |
89 | 0 | : TEST_BIT(alg, *toTest)) |
90 | | /* Can only cancel if doing a list. */ |
91 | | #define CHECK_CANCELED \ |
92 | 0 | if(_plat__IsCanceled() && toTest != &g_toTest) \ |
93 | 0 | return TPM_RC_CANCELED; |
94 | | /* 10.2.1.3 Hash Tests */ |
95 | | /* 10.2.1.3.1 Description */ |
96 | | /* The hash test does a known-value HMAC using the specified hash algorithm. */ |
97 | | /* 10.2.1.3.2 TestHash() */ |
98 | | /* The hash test function. */ |
99 | | static TPM_RC |
100 | | TestHash( |
101 | | TPM_ALG_ID hashAlg, |
102 | | ALGORITHM_VECTOR *toTest |
103 | | ) |
104 | 112 | { |
105 | 112 | TPM2B_DIGEST computed; // value computed |
106 | 112 | HMAC_STATE state; |
107 | 112 | UINT16 digestSize; |
108 | 112 | const TPM2B *testDigest = NULL; |
109 | | // TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE); |
110 | 112 | pAssert(hashAlg != ALG_NULL_VALUE); |
111 | 112 | switch(hashAlg) |
112 | 112 | { |
113 | 0 | #if ALG_SHA1 |
114 | 28 | case ALG_SHA1_VALUE: |
115 | 28 | testDigest = &c_SHA1_digest.b; |
116 | 28 | break; |
117 | 0 | #endif |
118 | 0 | #if ALG_SHA256 |
119 | 28 | case ALG_SHA256_VALUE: |
120 | 28 | testDigest = &c_SHA256_digest.b; |
121 | 28 | break; |
122 | 0 | #endif |
123 | 0 | #if ALG_SHA384 |
124 | 28 | case ALG_SHA384_VALUE: |
125 | 28 | testDigest = &c_SHA384_digest.b; |
126 | 28 | break; |
127 | 0 | #endif |
128 | 0 | #if ALG_SHA512 |
129 | 28 | case ALG_SHA512_VALUE: |
130 | 28 | testDigest = &c_SHA512_digest.b; |
131 | 28 | break; |
132 | 0 | #endif |
133 | | #if ALG_SM3_256 |
134 | | case ALG_SM3_256_VALUE: |
135 | | testDigest = &c_SM3_256_digest.b; |
136 | | break; |
137 | | #endif |
138 | 0 | default: |
139 | 0 | FAIL(FATAL_ERROR_INTERNAL); |
140 | 112 | } |
141 | | // Clear the to-test bits |
142 | 112 | CLEAR_BOTH(hashAlg); |
143 | | // Set the HMAC key to twice the digest size |
144 | 112 | digestSize = CryptHashGetDigestSize(hashAlg); |
145 | 112 | CryptHmacStart(&state, hashAlg, digestSize * 2, |
146 | 112 | (BYTE *)c_hashTestKey.t.buffer); |
147 | 112 | CryptDigestUpdate(&state.hashState, 2 * CryptHashGetBlockSize(hashAlg), |
148 | 112 | (BYTE *)c_hashTestData.t.buffer); |
149 | 112 | computed.t.size = digestSize; |
150 | 112 | CryptHmacEnd(&state, digestSize, computed.t.buffer); |
151 | 112 | if((testDigest->size != computed.t.size) |
152 | 112 | || (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) { |
153 | 0 | SELF_TEST_FAILURE; |
154 | 0 | } |
155 | 112 | return TPM_RC_SUCCESS; |
156 | 112 | } |
157 | | /* 10.2.1.4 Symmetric Test Functions */ |
158 | | /* 10.2.1.4.1 MakeIv() */ |
159 | | /* Internal function to make the appropriate IV depending on the mode. */ |
160 | | static UINT32 |
161 | | MakeIv( |
162 | | TPM_ALG_ID mode, // IN: symmetric mode |
163 | | UINT32 size, // IN: block size of the algorithm |
164 | | BYTE *iv // OUT: IV to fill in |
165 | | ) |
166 | 0 | { |
167 | 0 | BYTE i; |
168 | 0 | if(mode == ALG_ECB_VALUE) |
169 | 0 | return 0; |
170 | 0 | if(mode == ALG_CTR_VALUE) |
171 | 0 | { |
172 | | // The test uses an IV that has 0xff in the last byte |
173 | 0 | for(i = 1; i <= size; i++) |
174 | 0 | *iv++ = 0xff - (BYTE)(size - i); |
175 | 0 | } |
176 | 0 | else |
177 | 0 | { |
178 | 0 | for(i = 0; i < size; i++) |
179 | 0 | *iv++ = i; |
180 | 0 | } |
181 | 0 | return size; |
182 | 0 | } |
183 | | /* 10.2.1.4.2 TestSymmetricAlgorithm() */ |
184 | | /* Function to test a specific algorithm, key size, and mode. */ |
185 | | static void |
186 | | TestSymmetricAlgorithm( |
187 | | const SYMMETRIC_TEST_VECTOR *test, // |
188 | | TPM_ALG_ID mode // |
189 | | ) |
190 | 0 | { |
191 | 0 | BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; |
192 | 0 | BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; |
193 | 0 | TPM2B_IV iv; |
194 | | // |
195 | | // Get the appropriate IV |
196 | 0 | iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer); |
197 | | // Encrypt known data |
198 | 0 | CryptSymmetricEncrypt(encrypted, test->alg, test->keyBits, test->key, &iv, |
199 | 0 | mode, test->dataInOutSize, test->dataIn); |
200 | | // Check that it matches the expected value |
201 | 0 | if(!MemoryEqual(encrypted, test->dataOut[mode - ALG_CTR_VALUE], |
202 | 0 | test->dataInOutSize)) { |
203 | 0 | SELF_TEST_FAILURE; |
204 | 0 | } |
205 | | // Reinitialize the iv for decryption |
206 | 0 | MakeIv(mode, test->ivSize, iv.t.buffer); |
207 | 0 | CryptSymmetricDecrypt(decrypted, test->alg, test->keyBits, test->key, &iv, |
208 | 0 | mode, test->dataInOutSize, |
209 | 0 | test->dataOut[mode - ALG_CTR_VALUE]); |
210 | | // Make sure that it matches what we started with |
211 | 0 | if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) { |
212 | 0 | SELF_TEST_FAILURE; |
213 | 0 | } |
214 | 0 | } |
215 | | /* 10.2.1.4.3 AllSymsAreDone() */ |
216 | | /* Checks if both symmetric algorithms have been tested. This is put here so that addition of a |
217 | | symmetric algorithm will be relatively easy to handle */ |
218 | | static BOOL |
219 | | AllSymsAreDone( |
220 | | ALGORITHM_VECTOR *toTest |
221 | | ) |
222 | 0 | { |
223 | 0 | return (!TEST_BOTH(ALG_AES_VALUE) && !TEST_BOTH(ALG_SM4_VALUE)); |
224 | 0 | } |
225 | | /* 10.2.1.4.4 AllModesAreDone() */ |
226 | | /* Checks if all the modes have been tested */ |
227 | | static BOOL |
228 | | AllModesAreDone( |
229 | | ALGORITHM_VECTOR *toTest |
230 | | ) |
231 | 0 | { |
232 | 0 | TPM_ALG_ID alg; |
233 | 0 | for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) |
234 | 0 | if(TEST_BOTH(alg)) |
235 | 0 | return FALSE; |
236 | 0 | return TRUE; |
237 | 0 | } |
238 | | /* 10.2.1.4.5 TestSymmetric() */ |
239 | | /* If alg is a symmetric block cipher, then all of the modes that are selected are tested. If alg is |
240 | | a mode, then all algorithms of that mode are tested. */ |
241 | | static TPM_RC |
242 | | TestSymmetric( |
243 | | TPM_ALG_ID alg, |
244 | | ALGORITHM_VECTOR *toTest |
245 | | ) |
246 | 0 | { |
247 | 0 | SYM_INDEX index; |
248 | 0 | TPM_ALG_ID mode; |
249 | | // |
250 | 0 | if(!TEST_BIT(alg, *toTest)) |
251 | 0 | return TPM_RC_SUCCESS; |
252 | 0 | if(alg == ALG_AES_VALUE || alg == ALG_SM4_VALUE || alg == ALG_CAMELLIA_VALUE) |
253 | 0 | { |
254 | | // Will test the algorithm for all modes and key sizes |
255 | 0 | CLEAR_BOTH(alg); |
256 | | // A test this algorithm for all modes |
257 | 0 | for(index = 0; index < NUM_SYMS; index++) |
258 | 0 | { |
259 | 0 | if(c_symTestValues[index].alg == alg) |
260 | 0 | { |
261 | 0 | for(mode = TPM_SYM_MODE_FIRST; |
262 | 0 | mode <= TPM_SYM_MODE_LAST; |
263 | 0 | mode++) |
264 | 0 | { |
265 | 0 | if(TEST_BIT(mode, *toTest)) |
266 | 0 | TestSymmetricAlgorithm(&c_symTestValues[index], mode); |
267 | 0 | } |
268 | 0 | } |
269 | 0 | } |
270 | | // if all the symmetric tests are done |
271 | 0 | if(AllSymsAreDone(toTest)) |
272 | 0 | { |
273 | | // all symmetric algorithms tested so no modes should be set |
274 | 0 | for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) |
275 | 0 | CLEAR_BOTH(alg); |
276 | 0 | } |
277 | 0 | } |
278 | 0 | else if(TPM_SYM_MODE_FIRST <= alg && alg <= TPM_SYM_MODE_LAST) |
279 | 0 | { |
280 | | // Test this mode for all key sizes and algorithms |
281 | 0 | for(index = 0; index < NUM_SYMS; index++) |
282 | 0 | { |
283 | | // The mode testing only comes into play when doing self tests |
284 | | // by command. When doing self tests by command, the block ciphers are |
285 | | // tested first. That means that all of their modes would have been |
286 | | // tested for all key sizes. If there is no block cipher left to |
287 | | // test, then clear this mode bit. |
288 | 0 | if(!TEST_BIT(ALG_AES_VALUE, *toTest) |
289 | 0 | && !TEST_BIT(ALG_SM4_VALUE, *toTest)) |
290 | 0 | { |
291 | 0 | CLEAR_BOTH(alg); |
292 | 0 | } |
293 | 0 | else |
294 | 0 | { |
295 | 0 | for(index = 0; index < NUM_SYMS; index++) |
296 | 0 | { |
297 | 0 | if(TEST_BIT(c_symTestValues[index].alg, *toTest)) |
298 | 0 | TestSymmetricAlgorithm(&c_symTestValues[index], alg); |
299 | 0 | } |
300 | | // have tested this mode for all algorithms |
301 | 0 | CLEAR_BOTH(alg); |
302 | 0 | } |
303 | 0 | } |
304 | 0 | if(AllModesAreDone(toTest)) |
305 | 0 | { |
306 | 0 | CLEAR_BOTH(ALG_AES_VALUE); |
307 | 0 | CLEAR_BOTH(ALG_SM4_VALUE); |
308 | 0 | } |
309 | 0 | } |
310 | 0 | else |
311 | 0 | pAssert(alg == 0 && alg != 0); |
312 | 0 | return TPM_RC_SUCCESS; |
313 | 0 | } |
314 | | /* 10.2.1.5 RSA Tests */ |
315 | | #if ALG_RSA |
316 | | /* 10.2.1.5.1 Introduction */ |
317 | | /* The tests are for public key only operations and for private key operations. Signature |
318 | | verification and encryption are public key operations. They are tested by using a KVT. For |
319 | | signature verification, this means that a known good signature is checked by |
320 | | CryptRsaValidateSignature(). If it fails, then the TPM enters failure mode. For encryption, the |
321 | | TPM encrypts known values using the selected scheme and checks that the returned value matches |
322 | | the expected value. */ |
323 | | /* For private key operations, a full scheme check is used. For a signing key, a known key is used |
324 | | to sign a known message. Then that signature is verified. since the signature may involve use of |
325 | | random values, the signature will be different each time and we can't always check that the |
326 | | signature matches a known value. The same technique is used for decryption (RSADP/RSAEP). */ |
327 | | /* When an operation uses the public key and the verification has not been tested, the TPM will do a |
328 | | KVT. */ |
329 | | /* The test for the signing algorithm is built into the call for the algorithm */ |
330 | | /* 10.2.1.5.2 RsaKeyInitialize() */ |
331 | | /* The test key is defined by a public modulus and a private prime. The TPM's RSA code computes the |
332 | | second prime and the private exponent. */ |
333 | | static void |
334 | | RsaKeyInitialize( |
335 | | OBJECT *testObject |
336 | | ) |
337 | 0 | { |
338 | 0 | MemoryCopy2B(&testObject->publicArea.unique.rsa.b, (P2B)&c_rsaPublicModulus, |
339 | 0 | sizeof(c_rsaPublicModulus)); |
340 | 0 | MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, (P2B)&c_rsaPrivatePrime, |
341 | 0 | sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); |
342 | 0 | testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8; |
343 | | // Use the default exponent |
344 | 0 | testObject->publicArea.parameters.rsaDetail.exponent = 0; |
345 | 0 | testObject->attributes.privateExp = 0; |
346 | 0 | } |
347 | | /* 10.2.1.5.3 TestRsaEncryptDecrypt() */ |
348 | | /* These test are for an public key encryption that uses a random value */ |
349 | | static TPM_RC |
350 | | TestRsaEncryptDecrypt( |
351 | | TPM_ALG_ID scheme, // IN: the scheme |
352 | | ALGORITHM_VECTOR *toTest // |
353 | | ) |
354 | 0 | { |
355 | 0 | TPM2B_PUBLIC_KEY_RSA testInput; |
356 | 0 | TPM2B_PUBLIC_KEY_RSA testOutput; |
357 | 0 | OBJECT testObject; |
358 | 0 | const TPM2B_RSA_TEST_KEY *kvtValue = NULL; |
359 | 0 | TPM_RC result = TPM_RC_SUCCESS; |
360 | 0 | const TPM2B *testLabel = NULL; |
361 | 0 | TPMT_RSA_DECRYPT rsaScheme; |
362 | | // |
363 | | // Don't need to initialize much of the test object but do need to initialize |
364 | | // the flag indicating that the private exponent has been computed. |
365 | 0 | testObject.attributes.privateExp = CLEAR; |
366 | 0 | RsaKeyInitialize(&testObject); |
367 | 0 | rsaScheme.scheme = scheme; |
368 | 0 | rsaScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; |
369 | 0 | CLEAR_BOTH(scheme); |
370 | 0 | CLEAR_BOTH(ALG_NULL_VALUE); |
371 | 0 | if(scheme == ALG_NULL_VALUE) |
372 | 0 | { |
373 | | // This is an encryption scheme using the private key without any encoding. |
374 | 0 | memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); |
375 | 0 | testInput.t.size = sizeof(c_RsaTestValue); |
376 | 0 | if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, |
377 | 0 | &testObject, &rsaScheme, NULL, NULL)) { |
378 | 0 | SELF_TEST_FAILURE; |
379 | 0 | } |
380 | 0 | if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) { |
381 | 0 | SELF_TEST_FAILURE; |
382 | 0 | } |
383 | 0 | MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); |
384 | 0 | if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, |
385 | 0 | &testObject, &rsaScheme, NULL)) { |
386 | 0 | SELF_TEST_FAILURE; |
387 | 0 | } |
388 | 0 | if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, |
389 | 0 | sizeof(c_RsaTestValue))) { |
390 | 0 | SELF_TEST_FAILURE; |
391 | 0 | } |
392 | 0 | } |
393 | 0 | else |
394 | 0 | { |
395 | | // ALG_RSAES_VALUE: |
396 | | // This is an decryption scheme using padding according to |
397 | | // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public |
398 | | // key encryption that uses random data, encrypt a value and then |
399 | | // decrypt the value and see that we get the encrypted data back. |
400 | | // The hash is not used by this encryption so it can be TMP_ALG_NULL |
401 | | // ALG_OAEP_VALUE: |
402 | | // This is also an decryption scheme and it also uses a |
403 | | // pseudo-random |
404 | | // value. However, this also uses a hash algorithm. So, we may need |
405 | | // to test that algorithm before use. |
406 | 0 | if(scheme == ALG_OAEP_VALUE) |
407 | 0 | { |
408 | 0 | TEST_DEFAULT_TEST_HASH(toTest); |
409 | 0 | kvtValue = &c_OaepKvt; |
410 | 0 | testLabel = OAEP_TEST_STRING; |
411 | 0 | } |
412 | 0 | else if(scheme == ALG_RSAES_VALUE) |
413 | 0 | { |
414 | 0 | kvtValue = &c_RsaesKvt; |
415 | 0 | testLabel = NULL; |
416 | 0 | } |
417 | 0 | else { |
418 | 0 | SELF_TEST_FAILURE; |
419 | 0 | } |
420 | | // Only use a digest-size portion of the test value |
421 | 0 | memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); |
422 | 0 | testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; |
423 | | // See if the encryption works |
424 | 0 | if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, |
425 | 0 | &testObject, &rsaScheme, testLabel, |
426 | 0 | NULL)) { |
427 | 0 | SELF_TEST_FAILURE; |
428 | 0 | } |
429 | 0 | MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); |
430 | | // see if we can decrypt this value and get the original data back |
431 | 0 | if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, |
432 | 0 | &testObject, &rsaScheme, testLabel)) { |
433 | 0 | SELF_TEST_FAILURE; |
434 | 0 | } |
435 | | // See if the results compare |
436 | 0 | if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE |
437 | 0 | || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, |
438 | 0 | DEFAULT_TEST_DIGEST_SIZE)) { |
439 | 0 | SELF_TEST_FAILURE; |
440 | 0 | } |
441 | | // Now check that the decryption works on a known value |
442 | 0 | MemoryCopy2B(&testInput.b, (P2B)kvtValue, |
443 | 0 | sizeof(testInput.t.buffer)); |
444 | 0 | if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, |
445 | 0 | &testObject, &rsaScheme, testLabel)) { |
446 | 0 | SELF_TEST_FAILURE; |
447 | 0 | } |
448 | 0 | if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE |
449 | 0 | || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, |
450 | 0 | DEFAULT_TEST_DIGEST_SIZE)) { |
451 | 0 | SELF_TEST_FAILURE; |
452 | 0 | } |
453 | 0 | } |
454 | 0 | return result; |
455 | 0 | } |
456 | | /* 10.2.1.5.4 TestRsaSignAndVerify() */ |
457 | | /* This function does the testing of the RSA sign and verification functions. This test does a |
458 | | KVT. */ |
459 | | static TPM_RC |
460 | | TestRsaSignAndVerify( |
461 | | TPM_ALG_ID scheme, |
462 | | ALGORITHM_VECTOR *toTest |
463 | | ) |
464 | 0 | { |
465 | 0 | TPM_RC result = TPM_RC_SUCCESS; |
466 | 0 | OBJECT testObject; |
467 | 0 | TPM2B_DIGEST testDigest; |
468 | 0 | TPMT_SIGNATURE testSig; |
469 | | // Do a sign and signature verification. |
470 | | // RSASSA: |
471 | | // This is a signing scheme according to PKCS#1-v2.1 8.2. It does not |
472 | | // use random data so there is a KVT for the signing operation. On |
473 | | // first use of the scheme for signing, use the TPM's RSA key to |
474 | | // sign a portion of c_RsaTestData and compare the results to c_RsassaKvt. Then |
475 | | // decrypt the data to see that it matches the starting value. This verifies |
476 | | // the signature with a KVT |
477 | | // Clear the bits indicating that the function has not been checked. This is to |
478 | | // prevent looping |
479 | 0 | CLEAR_BOTH(scheme); |
480 | 0 | CLEAR_BOTH(ALG_NULL_VALUE); |
481 | 0 | CLEAR_BOTH(ALG_RSA_VALUE); |
482 | 0 | RsaKeyInitialize(&testObject); |
483 | 0 | memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); |
484 | 0 | testDigest.t.size = DEFAULT_TEST_DIGEST_SIZE; |
485 | 0 | testSig.sigAlg = scheme; |
486 | 0 | testSig.signature.rsapss.hash = DEFAULT_TEST_HASH; |
487 | | // RSAPSS: |
488 | | // This is a signing scheme a according to PKCS#1-v2.2 8.1 it uses |
489 | | // random data in the signature so there is no KVT for the signing |
490 | | // operation. To test signing, the TPM will use the TPM's RSA key |
491 | | // to sign a portion of c_RsaTestValue and then it will verify the |
492 | | // signature. For verification, c_RsapssKvt is verified before the |
493 | | // user signature blob is verified. The worst case for testing of this |
494 | | // algorithm is two private and one public key operation. |
495 | | // The process is to sign known data. If RSASSA is being done, verify that the |
496 | | // signature matches the precomputed value. For both, use the signed value and |
497 | | // see that the verification says that it is a good signature. Then |
498 | | // if testing RSAPSS, do a verify of a known good signature. This ensures that |
499 | | // the validation function works. |
500 | 0 | if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) { |
501 | 0 | SELF_TEST_FAILURE; |
502 | 0 | } |
503 | | // For RSASSA, make sure the results is what we are looking for |
504 | 0 | if(testSig.sigAlg == ALG_RSASSA_VALUE) |
505 | 0 | { |
506 | 0 | if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE |
507 | 0 | || !MemoryEqual(c_RsassaKvt.buffer, |
508 | 0 | testSig.signature.rsassa.sig.t.buffer, |
509 | 0 | RSA_TEST_KEY_SIZE)) { |
510 | 0 | SELF_TEST_FAILURE; |
511 | 0 | } |
512 | 0 | } |
513 | | // See if the TPM will validate its own signatures |
514 | 0 | if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, |
515 | 0 | &testDigest)) { |
516 | 0 | SELF_TEST_FAILURE; |
517 | 0 | } |
518 | | // If this is RSAPSS, check the verification with known signature |
519 | | // Have to copy because CrytpRsaValidateSignature() eats the signature |
520 | 0 | if(ALG_RSAPSS_VALUE == scheme) |
521 | 0 | { |
522 | 0 | MemoryCopy2B(&testSig.signature.rsapss.sig.b, (P2B)&c_RsapssKvt, |
523 | 0 | sizeof(testSig.signature.rsapss.sig.t.buffer)); |
524 | 0 | if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, |
525 | 0 | &testDigest)) { |
526 | 0 | SELF_TEST_FAILURE; |
527 | 0 | } |
528 | 0 | } |
529 | 0 | return result; |
530 | 0 | } |
531 | | /* 10.2.1.5.5 TestRSA() */ |
532 | | /* Function uses the provided vector to indicate which tests to run. It will clear the vector after |
533 | | each test is run and also clear g_toTest */ |
534 | | static TPM_RC |
535 | | TestRsa( |
536 | | TPM_ALG_ID alg, |
537 | | ALGORITHM_VECTOR *toTest |
538 | | ) |
539 | 0 | { |
540 | 0 | TPM_RC result = TPM_RC_SUCCESS; |
541 | | // |
542 | 0 | switch(alg) |
543 | 0 | { |
544 | 0 | case ALG_NULL_VALUE: |
545 | | // This is the RSAEP/RSADP function. If we are processing a list, don't |
546 | | // need to test these now because any other test will validate |
547 | | // RSAEP/RSADP. Can tell this is list of test by checking to see if |
548 | | // 'toTest' is pointing at g_toTest. If so, this is an isolated test |
549 | | // an need to go ahead and do the test; |
550 | 0 | if((toTest == &g_toTest) |
551 | 0 | || (!TEST_BIT(ALG_RSASSA_VALUE, *toTest) |
552 | 0 | && !TEST_BIT(ALG_RSAES_VALUE, *toTest) |
553 | 0 | && !TEST_BIT(ALG_RSAPSS_VALUE, *toTest) |
554 | 0 | && !TEST_BIT(ALG_OAEP_VALUE, *toTest))) |
555 | | // Not running a list of tests or no other tests on the list |
556 | | // so run the test now |
557 | 0 | result = TestRsaEncryptDecrypt(alg, toTest); |
558 | | // if not running the test now, leave the bit on, just in case things |
559 | | // get interrupted |
560 | 0 | break; |
561 | 0 | case ALG_OAEP_VALUE: |
562 | 0 | case ALG_RSAES_VALUE: |
563 | 0 | result = TestRsaEncryptDecrypt(alg, toTest); |
564 | 0 | break; |
565 | 0 | case ALG_RSAPSS_VALUE: |
566 | 0 | case ALG_RSASSA_VALUE: |
567 | 0 | result = TestRsaSignAndVerify(alg, toTest); |
568 | 0 | break; |
569 | 0 | default: |
570 | 0 | SELF_TEST_FAILURE; |
571 | 0 | } |
572 | 0 | return result; |
573 | 0 | } |
574 | | #endif // TPM_ALG_RSA |
575 | | /* 10.2.1.6 ECC Tests */ |
576 | | #if ALG_ECC |
577 | | /* 10.2.1.6.1 LoadEccParameter() */ |
578 | | /* This function is mostly for readability and type checking */ |
579 | | static void |
580 | | LoadEccParameter( |
581 | | TPM2B_ECC_PARAMETER *to, // target |
582 | | const TPM2B_EC_TEST *from // source |
583 | | ) |
584 | 0 | { |
585 | 0 | MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer)); |
586 | 0 | } |
587 | | /* 10.2.1.6.2 LoadEccPoint() */ |
588 | | static void |
589 | | LoadEccPoint( |
590 | | TPMS_ECC_POINT *point, // target |
591 | | const TPM2B_EC_TEST *x, // source |
592 | | const TPM2B_EC_TEST *y |
593 | | ) |
594 | 0 | { |
595 | 0 | MemoryCopy2B(&point->x.b, (TPM2B *)x, sizeof(point->x.t.buffer)); |
596 | 0 | MemoryCopy2B(&point->y.b, (TPM2B *)y, sizeof(point->y.t.buffer)); |
597 | 0 | } |
598 | | /* 10.2.1.6.3 TestECDH() */ |
599 | | /* This test does a KVT on a point multiply. */ |
600 | | static TPM_RC |
601 | | TestECDH( |
602 | | TPM_ALG_ID scheme, // IN: for consistency |
603 | | ALGORITHM_VECTOR *toTest // IN/OUT: modified after test is run |
604 | | ) |
605 | 0 | { |
606 | 0 | TPMS_ECC_POINT Z; |
607 | 0 | TPMS_ECC_POINT Qe; |
608 | 0 | TPM2B_ECC_PARAMETER ds; |
609 | 0 | TPM_RC result = TPM_RC_SUCCESS; |
610 | | // |
611 | 0 | NOT_REFERENCED(scheme); |
612 | 0 | CLEAR_BOTH(ALG_ECDH_VALUE); |
613 | 0 | LoadEccParameter(&ds, &c_ecTestKey_ds); |
614 | 0 | LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY); |
615 | 0 | if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds, |
616 | 0 | NULL, NULL)) { |
617 | 0 | SELF_TEST_FAILURE; |
618 | 0 | } |
619 | 0 | if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b) |
620 | 0 | || !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) { |
621 | 0 | SELF_TEST_FAILURE; |
622 | 0 | } |
623 | 0 | return result; |
624 | 0 | } |
625 | | /* 10.2.1.6.4 TestEccSignAndVerify() */ |
626 | | static TPM_RC |
627 | | TestEccSignAndVerify( |
628 | | TPM_ALG_ID scheme, |
629 | | ALGORITHM_VECTOR *toTest |
630 | | ) |
631 | 0 | { |
632 | 0 | OBJECT testObject; |
633 | 0 | TPMT_SIGNATURE testSig; |
634 | 0 | TPMT_ECC_SCHEME eccScheme; |
635 | 0 | testSig.sigAlg = scheme; |
636 | 0 | testSig.signature.ecdsa.hash = DEFAULT_TEST_HASH; |
637 | 0 | eccScheme.scheme = scheme; |
638 | 0 | eccScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; |
639 | 0 | CLEAR_BOTH(scheme); |
640 | 0 | CLEAR_BOTH(ALG_ECDH_VALUE); |
641 | | // ECC signature verification testing uses a KVT. |
642 | 0 | switch(scheme) |
643 | 0 | { |
644 | 0 | case ALG_ECDSA_VALUE: |
645 | 0 | LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); |
646 | 0 | LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); |
647 | 0 | break; |
648 | 0 | case ALG_ECSCHNORR_VALUE: |
649 | 0 | LoadEccParameter(&testSig.signature.ecschnorr.signatureR, |
650 | 0 | &c_TestEcSchnorr_r); |
651 | 0 | LoadEccParameter(&testSig.signature.ecschnorr.signatureS, |
652 | 0 | &c_TestEcSchnorr_s); |
653 | 0 | break; |
654 | 0 | case ALG_SM2_VALUE: |
655 | | // don't have a test for SM2 |
656 | 0 | return TPM_RC_SUCCESS; |
657 | 0 | default: |
658 | 0 | SELF_TEST_FAILURE; |
659 | 0 | break; |
660 | 0 | } |
661 | 0 | TEST_DEFAULT_TEST_HASH(toTest); |
662 | | // Have to copy the key. This is because the size used in the test vectors |
663 | | // is the size of the ECC parameter for the test key while the size of a point |
664 | | // is TPM dependent |
665 | 0 | MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, &c_ecTestKey_ds.b, |
666 | 0 | sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); |
667 | 0 | LoadEccPoint(&testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, |
668 | 0 | &c_ecTestKey_QsY); |
669 | 0 | testObject.publicArea.parameters.eccDetail.curveID = c_testCurve; |
670 | 0 | if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, |
671 | 0 | (TPM2B_DIGEST *)&c_ecTestValue.b)) |
672 | 0 | { |
673 | 0 | SELF_TEST_FAILURE; |
674 | 0 | } |
675 | 0 | CHECK_CANCELED; |
676 | | // Now sign and verify some data |
677 | 0 | if(TPM_RC_SUCCESS != CryptEccSign(&testSig, &testObject, |
678 | 0 | (TPM2B_DIGEST *)&c_ecTestValue, |
679 | 0 | &eccScheme, NULL)) { |
680 | 0 | SELF_TEST_FAILURE; |
681 | 0 | } |
682 | 0 | CHECK_CANCELED; |
683 | 0 | if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, |
684 | 0 | (TPM2B_DIGEST *)&c_ecTestValue)) { |
685 | 0 | SELF_TEST_FAILURE; |
686 | 0 | } |
687 | 0 | CHECK_CANCELED; |
688 | 0 | return TPM_RC_SUCCESS; |
689 | 0 | } |
690 | | /* 10.2.1.6.5 TestKDFa() */ |
691 | | |
692 | | static TPM_RC |
693 | | TestKDFa( |
694 | | ALGORITHM_VECTOR *toTest |
695 | | ) |
696 | 0 | { |
697 | 0 | static TPM2B_KDF_TEST_KEY keyOut; |
698 | 0 | UINT32 counter = 0; |
699 | | // |
700 | 0 | CLEAR_BOTH(ALG_KDF1_SP800_108_VALUE); |
701 | 0 | keyOut.t.size = CryptKDFa(KDF_TEST_ALG, &c_kdfTestKeyIn.b, &c_kdfTestLabel.b, |
702 | 0 | &c_kdfTestContextU.b, &c_kdfTestContextV.b, |
703 | 0 | TEST_KDF_KEY_SIZE * 8, keyOut.t.buffer, |
704 | 0 | &counter, FALSE); |
705 | 0 | if ( keyOut.t.size != TEST_KDF_KEY_SIZE |
706 | 0 | || !MemoryEqual(keyOut.t.buffer, c_kdfTestKeyOut.t.buffer, |
707 | 0 | TEST_KDF_KEY_SIZE)) |
708 | 0 | SELF_TEST_FAILURE; |
709 | 0 | return TPM_RC_SUCCESS; |
710 | 0 | } |
711 | | /* 10.2.1.6.6 TestEcc() */ |
712 | | static TPM_RC |
713 | | TestEcc( |
714 | | TPM_ALG_ID alg, |
715 | | ALGORITHM_VECTOR *toTest |
716 | | ) |
717 | 0 | { |
718 | 0 | TPM_RC result = TPM_RC_SUCCESS; |
719 | 0 | NOT_REFERENCED(toTest); |
720 | 0 | switch(alg) |
721 | 0 | { |
722 | 0 | case ALG_ECC_VALUE: |
723 | 0 | case ALG_ECDH_VALUE: |
724 | | // If this is in a loop then see if another test is going to deal with |
725 | | // this. |
726 | | // If toTest is not a self-test list |
727 | 0 | if((toTest == &g_toTest) |
728 | | // or this is the only ECC test in the list |
729 | 0 | || !(TEST_BIT(ALG_ECDSA_VALUE, *toTest) |
730 | 0 | || TEST_BIT(ALG_ECSCHNORR, *toTest) |
731 | 0 | || TEST_BIT(ALG_SM2_VALUE, *toTest))) |
732 | 0 | { |
733 | 0 | result = TestECDH(alg, toTest); |
734 | 0 | } |
735 | 0 | break; |
736 | 0 | case ALG_ECDSA_VALUE: |
737 | 0 | case ALG_ECSCHNORR_VALUE: |
738 | 0 | case ALG_SM2_VALUE: |
739 | 0 | result = TestEccSignAndVerify(alg, toTest); |
740 | 0 | break; |
741 | 0 | default: |
742 | 0 | SELF_TEST_FAILURE; |
743 | 0 | break; |
744 | 0 | } |
745 | 0 | return result; |
746 | 0 | } |
747 | | #endif // TPM_ALG_ECC |
748 | | /* 10.2.1.6.4 TestAlgorithm() */ |
749 | | /* Dispatches to the correct test function for the algorithm or gets a list of testable |
750 | | algorithms. */ |
751 | | /* If toTest is not NULL, then the test decisions are based on the algorithm selections in |
752 | | toTest. Otherwise, g_toTest is used. When bits are clear in g_toTest they will also be cleared |
753 | | toTest. */ |
754 | | /* If there doesn't happen to be a test for the algorithm, its associated bit is quietly cleared. */ |
755 | | /* If alg is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits for which there is |
756 | | no test (i.e. no tests are actually run but the vector is cleared). */ |
757 | | /* NOTE: toTest will only ever have bits set for implemented algorithms but alg can be anything. */ |
758 | | /* Error Returns Meaning */ |
759 | | /* TPM_RC_SUCCESS test complete */ |
760 | | /* TPM_RC_CANCELED test was canceled */ |
761 | | LIB_EXPORT |
762 | | TPM_RC |
763 | | TestAlgorithm( |
764 | | TPM_ALG_ID alg, |
765 | | ALGORITHM_VECTOR *toTest |
766 | | ) |
767 | 473 | { |
768 | 473 | TPM_ALG_ID first = (alg == ALG_ERROR_VALUE) ? ALG_FIRST_VALUE : alg; |
769 | 473 | TPM_ALG_ID last = (alg == ALG_ERROR_VALUE) ? ALG_LAST_VALUE : alg; |
770 | 473 | BOOL doTest = (alg != ALG_ERROR_VALUE); |
771 | 473 | TPM_RC result = TPM_RC_SUCCESS; |
772 | 473 | if(toTest == NULL) |
773 | 112 | toTest = &g_toTest; |
774 | | // This is kind of strange. This function will either run a test of the selected |
775 | | // algorithm or just clear a bit if there is no test for the algorithm. So, |
776 | | // either this loop will be executed once for the selected algorithm or once for |
777 | | // each of the possible algorithms. If it is executed more than once ('alg' == |
778 | | // TPM_ALG_ERROR), then no test will be run but bits will be cleared for |
779 | | // unimplemented algorithms. This was done this way so that there is only one |
780 | | // case statement with all of the algorithms. It was easier to have one case |
781 | | // statement than to have multiple ones to manage whenever an algorithm ID is |
782 | | // added. |
783 | 25.1k | for(alg = first; (alg <= last); alg++) |
784 | 24.6k | { |
785 | | // if 'alg' was TPM_ALG_ERROR, then we will be cycling through |
786 | | // values, some of which may not be implemented. If the bit in toTest |
787 | | // happens to be set, then we could either generated an assert, or just |
788 | | // silently CLEAR it. Decided to just clear. |
789 | 24.6k | if(!TEST_BIT(alg, g_implementedAlgorithms)) |
790 | 14.4k | { |
791 | 14.4k | CLEAR_BIT(alg, *toTest); |
792 | 14.4k | continue; |
793 | 14.4k | } |
794 | | // Process whatever is left. |
795 | | // NOTE: since this switch will only be called if the algorithm is |
796 | | // implemented, it is not necessary to modify this list except to comment |
797 | | // out the algorithms for which there is no test |
798 | 10.2k | switch(alg) |
799 | 10.2k | { |
800 | | // Symmetric block ciphers |
801 | 0 | #if ALG_AES |
802 | 361 | case ALG_AES_VALUE: |
803 | 361 | #endif |
804 | | #if ALG_SM4 |
805 | | // if SM4 is implemented, its test is like other block ciphers but there |
806 | | // aren't any test vectors for it yet |
807 | | // case ALG_SM4_VALUE: |
808 | | #endif |
809 | | #if ALG_CAMELLIA |
810 | | // no test vectors for camellia |
811 | | // case ALG_CAMELLIA_VALUE: |
812 | | #endif |
813 | | // Symmetric modes |
814 | | #if !ALG_CFB |
815 | | # error CFB is required in all TPM implementations |
816 | | #endif // !TPM_ALG_CFB |
817 | 722 | case ALG_CFB_VALUE: |
818 | 722 | if(doTest) |
819 | 0 | result = TestSymmetric(alg, toTest); |
820 | 722 | break; |
821 | 0 | #if ALG_CTR |
822 | 361 | case ALG_CTR_VALUE: |
823 | 361 | #endif // TPM_ALG_CRT |
824 | 361 | #if ALG_OFB |
825 | 722 | case ALG_OFB_VALUE: |
826 | 722 | #endif // TPM_ALG_OFB |
827 | 722 | #if ALG_CBC |
828 | 1.08k | case ALG_CBC_VALUE: |
829 | 1.08k | #endif // TPM_ALG_CBC |
830 | 1.08k | #if ALG_ECB |
831 | 1.44k | case ALG_ECB_VALUE: |
832 | 1.44k | #endif |
833 | 1.44k | if(doTest) |
834 | 0 | result = TestSymmetric(alg, toTest); |
835 | 1.44k | else |
836 | | // If doing the initialization of g_toTest vector, only need |
837 | | // to test one of the modes for the symmetric algorithms. If |
838 | | // initializing for a SelfTest(FULL_TEST), allow all the modes. |
839 | 1.44k | if(toTest == &g_toTest) |
840 | 1.44k | CLEAR_BIT(alg, *toTest); |
841 | 1.44k | break; |
842 | | #if !ALG_HMAC |
843 | | # error HMAC is required in all TPM implementations |
844 | | #endif |
845 | 361 | case ALG_HMAC_VALUE: |
846 | | // Clear the bit that indicates that HMAC is required because |
847 | | // HMAC is used as the basic test for all hash algorithms. |
848 | 361 | CLEAR_BOTH(alg); |
849 | | // Testing HMAC means test the default hash |
850 | 361 | if(doTest) |
851 | 0 | TestHash(DEFAULT_TEST_HASH, toTest); |
852 | 361 | else |
853 | | // If not testing, then indicate that the hash needs to be |
854 | | // tested because this uses HMAC |
855 | 361 | SET_BOTH(DEFAULT_TEST_HASH); |
856 | 361 | break; |
857 | 0 | #if ALG_SHA1 |
858 | 389 | case ALG_SHA1_VALUE: |
859 | 389 | #endif // TPM_ALG_SHA1 |
860 | 389 | #if ALG_SHA256 |
861 | 778 | case ALG_SHA256_VALUE: |
862 | 778 | #endif // TPM_ALG_SHA256 |
863 | 778 | #if ALG_SHA384 |
864 | 1.16k | case ALG_SHA384_VALUE: |
865 | 1.16k | #endif // TPM_ALG_SHA384 |
866 | 1.16k | #if ALG_SHA512 |
867 | 1.55k | case ALG_SHA512_VALUE: |
868 | 1.55k | #endif // TPM_ALG_SHA512 |
869 | | // if SM3 is implemented its test is like any other hash, but there |
870 | | // aren't any test vectors yet. |
871 | | #if ALG_SM3_256 |
872 | | // case ALG_SM3_256_VALUE: |
873 | | #endif // TPM_ALG_SM3_256 |
874 | 1.55k | if(doTest) |
875 | 112 | result = TestHash(alg, toTest); |
876 | 1.55k | break; |
877 | | // RSA-dependent |
878 | 0 | #if ALG_RSA |
879 | 361 | case ALG_RSA_VALUE: |
880 | 361 | CLEAR_BOTH(alg); |
881 | 361 | if(doTest) |
882 | 0 | result = TestRsa(ALG_NULL_VALUE, toTest); |
883 | 361 | else |
884 | 361 | SET_BOTH(ALG_NULL_VALUE); |
885 | 361 | break; |
886 | 361 | case ALG_RSASSA_VALUE: |
887 | 722 | case ALG_RSAES_VALUE: |
888 | 1.08k | case ALG_RSAPSS_VALUE: |
889 | 1.44k | case ALG_OAEP_VALUE: |
890 | 1.44k | case ALG_NULL_VALUE: // used or RSADP |
891 | 1.44k | if(doTest) |
892 | 0 | result = TestRsa(alg, toTest); |
893 | 1.44k | break; |
894 | 0 | #endif // ALG_RSA_VALUE |
895 | 0 | #if ALG_KDF1_SP800_108 |
896 | 361 | case ALG_KDF1_SP800_108_VALUE: |
897 | 361 | if(doTest) |
898 | 0 | result = TestKDFa(toTest); |
899 | 361 | break; |
900 | 0 | #endif // ALG_KDF1_SP800_108_VALUE |
901 | 0 | #if ALG_ECC |
902 | | // ECC dependent but no tests |
903 | | // case ALG_ECDAA_VALUE: |
904 | | // case ALG_ECMQV_VALUE: |
905 | | // case ALG_KDF1_SP800_56a_VALUE: |
906 | | // case ALG_KDF2_VALUE: |
907 | | // case ALG_MGF1_VALUE: |
908 | 361 | case ALG_ECC_VALUE: |
909 | 361 | CLEAR_BOTH(alg); |
910 | 361 | if(doTest) |
911 | 0 | result = TestEcc(ALG_ECDH_VALUE, toTest); |
912 | 361 | else |
913 | 361 | SET_BOTH(ALG_ECDH_VALUE); |
914 | 361 | break; |
915 | 361 | case ALG_ECDSA_VALUE: |
916 | 722 | case ALG_ECDH_VALUE: |
917 | 1.08k | case ALG_ECSCHNORR_VALUE: |
918 | | // case ALG_SM2_VALUE: |
919 | 1.08k | if(doTest) |
920 | 0 | result = TestEcc(alg, toTest); |
921 | 1.08k | break; |
922 | 0 | #endif // ALG_ECC_VALUE |
923 | 2.52k | default: |
924 | 2.52k | CLEAR_BIT(alg, *toTest); |
925 | 2.52k | break; |
926 | 10.2k | } |
927 | 10.2k | if(result != TPM_RC_SUCCESS) |
928 | 0 | break; |
929 | 10.2k | } |
930 | 473 | return result; |
931 | 473 | } |
932 | | #endif // SELF_TESTS |