ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove reset tests. Small change to cmac claculation in get_derived_key

pull/6642/head
Yossi Levy 2018-05-22 21:35:33 +03:00
parent b95c5f79c0
commit 7401aea36a
3 changed files with 24 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
features/device_key/TESTS/device_key/functionality/main.cpp
View File

@ -38,8 +38,8 @@ using namespace utest::v1;
#define MSG_KEY_DEVICE_TEST_STEP4 "check_consistency_step4"
#define MSG_KEY_DEVICE_TEST_SUITE_ENDED "Test suite ended"
void generate_derived_key_consistency_16_byte_key_reset_test(char *key);
void generate_derived_key_consistency_32_byte_key_reset_test(char *key);
void generate_derived_key_consistency_16_byte_key_long_consistency_test(char *key);
void generate_derived_key_consistency_32_byte_key_long_consistency_test(char *key);
/*
* Injection of a dummy key when there is no TRNG
@ -58,33 +58,26 @@ int inject_dummy_rot_key()
#endif
}
void generate_derived_key_reset_test()
void generate_derived_key_long_consistency_test()
{
greentea_send_kv(MSG_KEY_DEVICE_READY, MSG_VALUE_DUMMY);
static char key[MSG_KEY_LEN + 1] = { };
static char value[MSG_VALUE_LEN + 1] = { };
memset(key, 0, MSG_KEY_LEN + 1);
memset(value, 0, MSG_VALUE_LEN + 1);
greentea_parse_kv(key, value, MSG_KEY_LEN, MSG_VALUE_LEN);
strcpy(key, MSG_KEY_DEVICE_TEST_STEP1);
generate_derived_key_consistency_16_byte_key_long_consistency_test(key);
strcpy(key, MSG_KEY_DEVICE_TEST_STEP2);
generate_derived_key_consistency_16_byte_key_long_consistency_test(key);
strcpy(key, MSG_KEY_DEVICE_TEST_STEP3);
generate_derived_key_consistency_32_byte_key_long_consistency_test(key);
strcpy(key, MSG_KEY_DEVICE_TEST_STEP4);
generate_derived_key_consistency_32_byte_key_long_consistency_test(key);
if (strcmp(key, MSG_KEY_DEVICE_TEST_STEP1) == 0 || strcmp(key, MSG_KEY_DEVICE_TEST_STEP2) == 0) {
generate_derived_key_consistency_16_byte_key_reset_test(key);
return generate_derived_key_reset_test();
}
if (strcmp(key, MSG_KEY_DEVICE_TEST_STEP3) == 0 || strcmp(key, MSG_KEY_DEVICE_TEST_STEP4) == 0) {
return generate_derived_key_consistency_32_byte_key_reset_test(key);
}
TEST_ASSERT_MESSAGE(false, key); //Indicates error!!!
}
/*
* Test the consistency of derived 16 byte key result after device reset.
*/
void generate_derived_key_consistency_16_byte_key_reset_test(char *key)
void generate_derived_key_consistency_16_byte_key_long_consistency_test(char *key)
{
unsigned char output1[DEVICE_KEY_16BYTE];
unsigned char output2[DEVICE_KEY_16BYTE];
@ -115,8 +108,6 @@ void generate_derived_key_consistency_16_byte_key_reset_test(char *key)
ret = nvstore.set(15, DEVICE_KEY_16BYTE, output1);
TEST_ASSERT_EQUAL_INT32(0, ret);
system_reset();
TEST_ASSERT_MESSAGE(false, "system_reset() did not reset the device as expected.");
} else if (strcmp(key, MSG_KEY_DEVICE_TEST_STEP2) == 0) {
//Second step: Read from NVStore at index 15 there should be a derived key there.
@ -136,7 +127,6 @@ void generate_derived_key_consistency_16_byte_key_reset_test(char *key)
ret = nvstore.reset();
TEST_ASSERT_EQUAL_INT(DEVICEKEY_SUCCESS, ret);
greentea_send_kv(MSG_KEY_DEVICE_FINISH, MSG_VALUE_DUMMY);
} else {
TEST_ASSERT_MESSAGE(false, "Unknown test step received");
}
@ -145,7 +135,7 @@ void generate_derived_key_consistency_16_byte_key_reset_test(char *key)
/*
* Test the consistency of derived 32 byte key result after device reset.
*/
void generate_derived_key_consistency_32_byte_key_reset_test(char *key)
void generate_derived_key_consistency_32_byte_key_long_consistency_test(char *key)
{
unsigned char output1[DEVICE_KEY_32BYTE];
unsigned char output2[DEVICE_KEY_32BYTE];
@ -176,8 +166,6 @@ void generate_derived_key_consistency_32_byte_key_reset_test(char *key)
ret = nvstore.set(15, DEVICE_KEY_32BYTE, output1);
TEST_ASSERT_EQUAL_INT32(0, ret);
system_reset();
TEST_ASSERT_MESSAGE(false, "system_reset() did not reset the device as expected.");
} else if (strcmp(key, MSG_KEY_DEVICE_TEST_STEP4) == 0) {
//Fourth step: Read from NVStore at index 15 there should be a derived key there.
@ -197,7 +185,6 @@ void generate_derived_key_consistency_32_byte_key_reset_test(char *key)
ret = nvstore.reset();
TEST_ASSERT_EQUAL_INT(DEVICEKEY_SUCCESS, ret);
greentea_send_kv(MSG_KEY_DEVICE_FINISH, MSG_VALUE_DUMMY);
} else {
TEST_ASSERT_MESSAGE(false, "Unknown test step received");
}
@ -461,7 +448,7 @@ utest::v1::status_t greentea_failure_handler(const Case *const source, const fai
//Currently there can be only one test that contains reset and it has to be the first test!
Case cases[] = {
Case("Device Key - derived key reset", generate_derived_key_reset_test, greentea_failure_handler),
Case("Device Key - long consistency test", generate_derived_key_long_consistency_test, greentea_failure_handler),
Case("Device Key - inject value wrong size", device_inject_root_of_trust_wrong_size_test, greentea_failure_handler),
Case("Device Key - inject value 16 byte size", device_inject_root_of_trust_16_byte_size_test, greentea_failure_handler),
Case("Device Key - inject value 32 byte size", device_inject_root_of_trust_32_byte_size_test, greentea_failure_handler),
@ -475,7 +462,7 @@ Case cases[] = {
utest::v1::status_t greentea_test_setup(const size_t number_of_cases)
{
GREENTEA_SETUP(14, "devicekey_reset");
GREENTEA_SETUP(14, "default_auto");
return greentea_test_setup_handler(number_of_cases);
}
@ -484,7 +471,6 @@ Specification specification(greentea_test_setup, cases, greentea_test_teardown_h
int main()
{
bool ret = Harness::run(specification);
greentea_send_kv(MSG_KEY_DEVICE_TEST_SUITE_ENDED, MSG_VALUE_DUMMY);
return ret;
}

150
features/device_key/TESTS/host_tests/devicekey_reset.py
View File

@ -1,150 +0,0 @@
"""
Copyright (c) 2018 ARM Limited
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
import time
from mbed_host_tests import BaseHostTest
from mbed_host_tests.host_tests_runner.host_test_default import DefaultTestSelector
DEFAULT_CYCLE_PERIOD = 1.0
MSG_VALUE_DUMMY = '0'
MSG_KEY_DEVICE_READY = 'ready'
MSG_KEY_DEVICE_FINISH = 'finish'
MSG_KEY_DEVICE_TEST_STEP1 = 'check_consistency_step1'
MSG_KEY_DEVICE_TEST_STEP2 = 'check_consistency_step2'
MSG_KEY_DEVICE_TEST_STEP3 = 'check_consistency_step3'
MSG_KEY_DEVICE_TEST_STEP4 = 'check_consistency_step4'
MSG_KEY_SYNC = '__sync'
MSG_KEY_TEST_SUITE_ENDED = 'Test suite ended'
class DeviceKeyResetTest(BaseHostTest):
"""Test for the DeviceKey driver API.
"""
def __init__(self):
super(DeviceKeyResetTest, self).__init__()
self.reset = False
self.finish = False
self.suite_ended = False
cycle_s = self.get_config_item('program_cycle_s')
self.program_cycle_s = cycle_s if cycle_s is not None else DEFAULT_CYCLE_PERIOD
self.test_steps_sequence = self.test_steps()
# Advance the coroutine to it's first yield statement.
self.test_steps_sequence.send(None)
def setup(self):
self.register_callback(MSG_KEY_DEVICE_READY, self.cb_device_ready)
self.register_callback(MSG_KEY_DEVICE_FINISH, self.cb_device_finish)
self.register_callback(MSG_KEY_TEST_SUITE_ENDED, self.cb_device_test_suit_ended)
def cb_device_ready(self, key, value, timestamp):
"""Acknowledge device rebooted correctly and feed the test execution
"""
self.reset = True
try:
if self.test_steps_sequence.send(value):
self.notify_complete(True)
except (StopIteration, RuntimeError) as exc:
self.notify_complete(False)
def cb_device_finish(self, key, value, timestamp):
"""Acknowledge device finished a test step correctly and feed the test execution
"""
self.finish = True
try:
if self.test_steps_sequence.send(value):
self.notify_complete(True)
except (StopIteration, RuntimeError) as exc:
self.notify_complete(False)
def cb_device_test_suit_ended(self, key, value, timestamp):
"""Acknowledge device finished a test step correctly and feed the test execution
"""
self.suite_ended = True
try:
if self.test_steps_sequence.send(value):
self.notify_complete(True)
except (StopIteration, RuntimeError) as exc:
self.notify_complete(False)
def test_steps(self):
"""Test step 1 (16 byte key test)
"""
wait_for_communication = yield
self.reset = False
self.send_kv(MSG_KEY_DEVICE_TEST_STEP1, MSG_VALUE_DUMMY)
time.sleep(self.program_cycle_s)
self.send_kv(MSG_KEY_SYNC, MSG_VALUE_DUMMY)
wait_for_communication = yield
if self.reset == False:
raise RuntimeError('Phase 1: Platform did not reset as expected.')
"""Test step 2 (After reset)
"""
self.finish = False
self.send_kv(MSG_KEY_DEVICE_TEST_STEP2, MSG_VALUE_DUMMY)
time.sleep(self.program_cycle_s)
wait_for_communication = yield
if self.finish == False:
raise RuntimeError('Test failed.')
"""Test Step 3 (32 byte key test)
"""
wait_for_communication = yield
self.reset = False
self.send_kv(MSG_KEY_DEVICE_TEST_STEP3, MSG_VALUE_DUMMY)
time.sleep(self.program_cycle_s)
self.send_kv(MSG_KEY_SYNC, MSG_VALUE_DUMMY)
wait_for_communication = yield
if self.reset == False:
raise RuntimeError('Phase 3: Platform did not reset as expected.')
"""Test step 4 (After reset)
"""
self.finish = False
self.send_kv(MSG_KEY_DEVICE_TEST_STEP4, MSG_VALUE_DUMMY)
time.sleep(self.program_cycle_s)
wait_for_communication = yield
if self.finish == False:
raise RuntimeError('Test failed.')
"""Test step 4 (After reset)
"""
self.suite_ended = False
time.sleep(self.program_cycle_s)
wait_for_communication = yield
if self.suite_ended == False:
raise RuntimeError('Test failed.')
# The sequence is correct -- test passed.
yield True

9
features/device_key/source/DeviceKey.cpp
View File

@ -175,14 +175,14 @@ int DeviceKey::get_derived_key(uint32_t *ikey_buff, size_t ikey_size, const unsi
const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_type(mbedtls_cipher_type);
do {
mbedtls_cipher_init(&ctx);
ret = mbedtls_cipher_setup(&ctx, cipher_info);
if (ret != 0) {
goto finish;
}
do {
ret = mbedtls_cipher_cmac_starts(&ctx, (unsigned char *)ikey_buff, ikey_size * 8);
if (ret != 0) {
goto finish;
@ -215,14 +215,15 @@ int DeviceKey::get_derived_key(uint32_t *ikey_buff, size_t ikey_size, const unsi
goto finish;
}
mbedtls_cipher_free( &ctx );
counter++;
} while (DEVICE_KEY_16BYTE * counter < ikey_type);
finish:
mbedtls_cipher_free( &ctx );
if (DEVICEKEY_SUCCESS != ret) {
mbedtls_cipher_free( &ctx );
return DEVICEKEY_ERR_CMAC_GENERIC_FAILURE;
}