1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24
25 /* Include necessary system files. */
26
27 #include "nx_secure_crypto_table_self_test.h"
28
29 #ifdef NX_SECURE_POWER_ON_SELF_TEST_MODULE_INTEGRITY_CHECK
30
31 static UCHAR secret_sha1[] = { 0x86, 0xec, 0x88, 0xbb };
32 static UCHAR label_sha1[] = { 0xc8, 0x37, 0xaf, 0x7d };
33 static UCHAR seed_sha1[] = { 0x36, 0x54, 0xf1, 0x6f };
34 static UCHAR result_sha1[] = {
35 0xab, 0xe3, 0x77, 0xa6, 0x58, 0x4c, 0x97, 0x03, 0x98, 0xe9, 0xe4, 0x62, 0xe6, 0x44, 0xe4, 0x2d,
36 0x21, 0x16, 0xdb, 0x4f, 0x0e, 0x70, 0xc9, 0x83, 0xe5, 0x31, 0x61, 0x95, 0x17, 0xcd, 0xc2, 0xd0,
37 0x7e, 0x9a, 0xdf, 0xf6, 0xe2, 0x44, 0x01, 0x05, 0xa9, 0xb0, 0x7a, 0xbe, 0xc3, 0x9a, 0x47, 0x9b,
38 0xd7, 0xd9, 0x2c, 0xba, 0xb7, 0x8e, 0x90, 0x1d, 0x4f, 0x21, 0xae, 0x4e, 0x0f, 0x60, 0xcf, 0x3b,
39 0xdf, 0xe5, 0x77, 0x79, 0xff, 0x23, 0x23, 0x2d, 0x62, 0x48, 0xc6, 0x72, 0xb3, 0xf9, 0xce, 0x4f,
40 0x46, 0x66, 0x2f, 0xc5, 0x0e, 0xbc, 0x2a, 0x34, 0xd0, 0xc5, 0x37, 0xa2, 0x2f, 0x69, 0x43, 0x74,
41 0x6d, 0x11, 0x3c, 0x1c, 0x75, 0xa5, 0x12, 0x61, 0x1a, 0xc7, 0x8f, 0x41, 0xab, 0xa8, 0x45, 0xd5,
42 0xf3, 0xb3, 0xb4, 0xbd, 0xe3, 0x7c, 0x8b, 0xbb, 0x0f, 0x0d, 0xcb, 0x57, 0xc8, 0x6c, 0x13, 0x32,
43 0x8b, 0xe1, 0xd0, 0x2e, 0x2c, 0x2d, 0xb2, 0xd5, 0x67, 0x1c, 0xb0, 0x61, 0x3d, 0x77, 0x96, 0x68,
44 0x1b, 0x47, 0xdf, 0x3a, 0x50, 0x62, 0x31, 0x4b, 0x30, 0x09, 0xe9, 0x3b, 0xdd, 0xfb, 0x34, 0x1d,
45 };
46
47 static UCHAR secret_sha256[] = { 0xbc, 0xd6, 0x2b, 0x3f };
48 static UCHAR label_sha256[] = { 0xad, 0x16, 0x21, 0xba };
49 static UCHAR seed_sha256[] = { 0x73, 0x21, 0xe1, 0x4c };
50 static UCHAR result_sha256[] = {
51 0x05, 0xab, 0x98, 0x15, 0xd8, 0x70, 0xd6, 0xdb, 0x27, 0xde, 0x5c, 0xd6, 0x8b, 0xd6, 0xbd, 0xfe,
52 0x0c, 0xee, 0xde, 0x1b, 0xd8, 0x9e, 0x80, 0x4b, 0xf4, 0x71, 0xb2, 0x5f, 0x8a, 0xb6, 0x60, 0x83,
53 0x95, 0xe3, 0x96, 0x36, 0x5d, 0xa6, 0xc0, 0x42, 0x57, 0x02, 0x57, 0x49, 0x5e, 0xff, 0x52, 0xf2,
54 0xe2, 0x96, 0x9a, 0x26, 0x71, 0x87, 0x6d, 0xb7, 0x21, 0x90, 0x4e, 0x82, 0xbb, 0xd1, 0x77, 0xbf,
55 0x8f, 0xd9, 0x89, 0x1f, 0x6d, 0xda, 0xbe, 0xb4, 0x35, 0xb3, 0x0d, 0x3e, 0xdf, 0xcb, 0x18, 0x5b,
56 };
57
58 /* Output. */
59 static UCHAR output[256];
60
61 /**************************************************************************/
62 /* */
63 /* FUNCTION RELEASE */
64 /* */
65 /* nx_secure_crypto_method_self_test_prf PORTABLE C */
66 /* 6.1 */
67 /* AUTHOR */
68 /* */
69 /* Timothy Stapko, Microsoft Corporation */
70 /* */
71 /* DESCRIPTION */
72 /* */
73 /* This function performs the Known Answer Test for PRF crypto method. */
74 /* */
75 /* INPUT */
76 /* */
77 /* method_ptr Pointer to the crypto method */
78 /* to be tested. */
79 /* */
80 /* OUTPUT */
81 /* */
82 /* status Completion status */
83 /* */
84 /* CALLS */
85 /* */
86 /* None */
87 /* */
88 /* CALLED BY */
89 /* */
90 /* Application Code */
91 /* */
92 /* RELEASE HISTORY */
93 /* */
94 /* DATE NAME DESCRIPTION */
95 /* */
96 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
97 /* 09-30-2020 Timothy Stapko Modified comment(s), */
98 /* resulting in version 6.1 */
99 /* */
100 /**************************************************************************/
_nx_secure_crypto_method_self_test_prf(NX_CRYPTO_METHOD * crypto_method_prf,VOID * metadata,UINT metadata_size)101 UINT _nx_secure_crypto_method_self_test_prf(NX_CRYPTO_METHOD *crypto_method_prf,
102 VOID *metadata, UINT metadata_size)
103 {
104 UCHAR *secret;
105 UCHAR *label;
106 UCHAR *seed;
107 UCHAR *result;
108 UINT secret_length;
109 UINT label_length;
110 UINT seed_length;
111 UINT result_length;
112 UINT status;
113 VOID *handler = NX_NULL;
114
115
116 /* Validate the crypto method */
117 if(crypto_method_prf == NX_NULL)
118 return(NX_PTR_ERROR);
119
120 /* Set the test data. */
121 switch (crypto_method_prf -> nx_crypto_algorithm)
122 {
123 case NX_CRYPTO_PRF_HMAC_SHA1:
124 secret = secret_sha1;
125 secret_length = sizeof(secret_sha1);
126 label = label_sha1;
127 label_length = sizeof(label_sha1);
128 seed = seed_sha1;
129 seed_length = sizeof(seed_sha1);
130 result = result_sha1;
131 result_length = sizeof(result_sha1);
132 break;
133 case NX_CRYPTO_PRF_HMAC_SHA2_256:
134 secret = secret_sha256;
135 secret_length = sizeof(secret_sha256);
136 label = label_sha256;
137 label_length = sizeof(label_sha256);
138 seed = seed_sha256;
139 seed_length = sizeof(seed_sha256);
140 result = result_sha256;
141 result_length = sizeof(result_sha256);
142 break;
143 default:
144 return(1);
145 }
146
147 /* Clear the output buffer. */
148 NX_SECURE_MEMSET(output, 0, sizeof(output));
149
150 /* Call the crypto initialization function. */
151 if (crypto_method_prf -> nx_crypto_init)
152 {
153 status = crypto_method_prf -> nx_crypto_init(crypto_method_prf,
154 secret,
155 secret_length,
156 &handler,
157 metadata,
158 metadata_size);
159
160 if (status != NX_CRYPTO_SUCCESS)
161 {
162 return(status);
163 }
164 }
165
166 if (crypto_method_prf -> nx_crypto_operation == NX_NULL)
167 {
168 return(NX_PTR_ERROR);
169 }
170
171 /* Call the crypto operation function. */
172 status = crypto_method_prf -> nx_crypto_operation(NX_CRYPTO_PRF,
173 handler,
174 crypto_method_prf,
175 label,
176 label_length,
177 seed,
178 seed_length,
179 NX_NULL,
180 (UCHAR *)output,
181 result_length,
182 metadata,
183 metadata_size,
184 NX_NULL, NX_NULL);
185
186 /* Check the status. */
187 if(status != NX_CRYPTO_SUCCESS)
188 {
189 return(status);
190 }
191
192 /* Validate the output. */
193 if(NX_SECURE_MEMCMP(output, result, result_length) != 0)
194 {
195 return(NX_NOT_SUCCESSFUL);
196 }
197
198 if (crypto_method_prf -> nx_crypto_cleanup)
199 {
200 status = crypto_method_prf -> nx_crypto_cleanup(metadata);
201 }
202
203 return(status);
204 }
205 #endif
206
