1 /*
2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7
8 #include <stdio.h>
9 #include <stdlib.h>
10 #include <stdint.h>
11 #include <string.h>
12
13 #include <limits.h>
14
15 /* mbedtls lib */
16 #include "mbedtls/cipher.h"
17 #include "mbedtls/timing.h"
18
19 /* CC pal */
20 #include "mbedtls_cc_util_asset_prov.h"
21 #include "mbedtls_cc_mng.h"
22 #include "cc_pal_types.h"
23
24 /* local */
25 #include "run_integration_pal_log.h"
26 #include "run_integration_test.h"
27 #include "run_integration_helper.h"
28 #include "run_integration_otp.h"
29
30 #ifdef RUNIT_PIE_ENABLED
31 /* include sbrom data file to determine whether we are running system flows */
32 #include "bsv_integration_data_def.h"
33 #endif /* RUNIT_PIE_ENABLED */
34
35 #ifndef RUNIT_ASSET_PROV_SYS_FLOW_ENABLE
36 #define RUNIT_ASSET_PROV_SYS_FLOW_ENABLE 0
37 #endif
38
39 #ifndef RUNIT_ASSET_PROV_SKIP_TEST
40 #define RUNIT_ASSET_PROV_SKIP_TEST 0
41 #endif
42
43 /************************************************************
44 *
45 * static function prototypes
46 *
47 ************************************************************/
48 static RunItError_t runIt_assetProv(void);
49
50 /************************************************************
51 *
52 * static functions
53 *
54 ************************************************************/
55 #if ! RUNIT_ASSET_PROV_SYS_FLOW_ENABLE
runIt_assetProv(void)56 static RunItError_t runIt_assetProv(void)
57 {
58 RunItError_t rc = RUNIT_ERROR__OK;
59
60 static const uint32_t ASSET_ID = 0x19952006;
61
62 static uint32_t OTP_SECURE_2_HBK128_VALUES[] = {
63
64 /* [0x00-0x07]: 256bit Device root key (HUK) */
65 0x01020408, 0x01010101, 0x01020408, 0x02020202, 0x01020408, 0x04040404, 0x01020408, 0x08080808,
66 /* [0x08-0x0B]: 128bit ICV Provosioning secret (Kpicv) */
67 0xEEEEAAAA, 0x11115555, 0x11115555, 0xEEEEAAAA,
68 /* [0x0C-0x0F]: 128bit ICV Provosioning secret (Kceicv) */
69 0x00000000, 0x00000000, 0x00000000, 0x00000000,
70 /* [0x10]: manufacturer programmed flag */
71 0x3C0040E0,
72 /* [0x11-0x14]: HBK0 */
73 0x21F7B953, 0xFE56A24D, 0x4E3EC4EF, 0xC21F3C40,
74 /* [0x15-0x18]: HBK1 */
75 0x2FF17BDA, 0xE93EB506, 0x9AA54F0B, 0x4ADE752B,
76 /* [0x19-0x1C]: 128bit OEM provisioning secret (Kcp) */
77 0x0000AAAA, 0x11115555, 0x11115555, 0x0000AAAA,
78 /* [0x1D-0x20]: 128bit OEM code encryption secret (Kce) */
79 0x00000000, 0x00000000, 0x00000000, 0x00000000,
80 /* [0x21]: OEM programmed flag */
81 0x00005838,
82 /* [0x22-0x23]: Hbk0 trusted FW min version */
83 0x00000001, 0x00000000,
84 /* [0x24-0x26]: Hbk1 trusted FW min version */
85 0x00000003, 0x00000000, 0x00000000,
86 /* [0x27]: general purpose configuration flag */
87 0x00000000,
88 /* [0x28-0x2B] - 128b DCU lock mask */
89 0x55551111, 0xAAAAEEEE, 0x55551111, 0xAAAAEEEE,
90
91 };
92
93 static const uint8_t ASSET_PKG[] = {
94 0x74, 0x65, 0x73, 0x41, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0xb8, 0x4b, 0xce, 0x45, 0x9d, 0x6b, 0x4d, 0xc2, 0xa2, 0x7d, 0xb3, 0x92,
96 0x47, 0x1a, 0x40, 0xc5, 0x43, 0x17, 0xad, 0x30, 0xeb, 0xa2, 0x76, 0xa3, 0xb8, 0x50, 0xc3, 0x6e,
97 0xbc, 0x1f, 0x8a, 0x87, 0xf7, 0x66, 0x91, 0x77, 0x8c, 0x18, 0xae, 0x25, 0x5e, 0x86, 0x6e, 0x38,
98 0x96, 0xdc, 0x85, 0x1b, 0xc1, 0x65, 0xd0, 0x14, 0x1b, 0x64, 0xf9, 0xb5, 0xa9, 0x1a, 0xbf, 0x22,
99 0x50, 0xab, 0xd9, 0xba, 0x4e, 0xad, 0x5e, 0x2f, 0x8b, 0xcb, 0x1c, 0x77, 0xde, 0xcf, 0xf1, 0x95,
100 0xc1, 0x21, 0x90, 0xf4, 0x90, 0x12, 0x0f, 0xeb, 0x05, 0x70, 0xea, 0x5b, 0x64, 0xf9, 0x9b, 0xb3,
101 0x98, 0x08, 0x3b, 0xb5, 0xf3, 0x09, 0x06, 0x12, 0x5e, 0x41, 0x31, 0x37, 0x9a, 0xcc, 0x59, 0x21,
102 0x2f, 0x24, 0x6b, 0x37, 0x0a, 0x0d, 0x68, 0x92, 0x6c, 0x6d, 0xfc, 0xdc, 0xe5, 0x72, 0xfc, 0x79,
103 0xf3, 0x98, 0x7c, 0x7f, 0x6f, 0x4d, 0xbc, 0xe8, 0x31, 0xe8, 0x03, 0x26, 0x3e, 0x51, 0x97, 0x80,
104 0x15, 0xb0, 0xad, 0x52, 0x00, 0x1d, 0x0f, 0x89, 0x9b, 0xa7, 0x7a, 0xa2, 0xa8, 0x39, 0x4c, 0x39,
105 0x76, 0xdc, 0x13, 0x79, 0x85, 0x92, 0x5c, 0xc2, 0x07, 0xce, 0xeb, 0x79, 0xbe, 0x91, 0xf8, 0x6f,
106 0xcc, 0xee, 0x61, 0x6e, 0xcc, 0xbe, 0xa0, 0x18, 0xc9, 0x58, 0x5d, 0x49, 0xf0, 0x6a, 0x18, 0x82,
107 0xf9, 0x03, 0x9f, 0x8b, 0x44, 0x74, 0xd4, 0x99, 0xb6, 0x27, 0xa9, 0x9b, 0x3a, 0x9c, 0x86, 0x21,
108 0x51, 0x55, 0xbf, 0xbe, 0x17, 0xe0, 0x91, 0x61, 0xcd, 0x28, 0x2e, 0x2c, 0x2a, 0xb7, 0xb8, 0xc4,
109 0x1e, 0x3f, 0x41, 0x42, 0x2e, 0x61, 0xda, 0x4b, 0x2f, 0x02, 0x32, 0x88, 0x57, 0xfe, 0x48, 0x82,
110 0x18, 0x62, 0x39, 0xfa, 0x56, 0xc4, 0x17, 0x72, 0x24, 0xee, 0xfe, 0xe2, 0x8a, 0x29, 0x67, 0x1a,
111 0xd7, 0x51, 0xb0, 0xc3, 0xc1, 0xa4, 0xc9, 0x07, 0xd9, 0xb5, 0x28, 0x90, 0xf0, 0xd2, 0x7a, 0x4f,
112 0x47, 0x5b, 0x08, 0x0e, 0x79, 0x5a, 0xbf, 0xf0, 0x7d, 0x6a, 0x03, 0x08, 0xd4, 0x81, 0x61, 0xae,
113 };
114
115
116 static const uint8_t EXP_ASSET_BIN[] = {
117 0x10, 0x00, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
118 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
119 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
120 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
121 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
122 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
123 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
124 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
125 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
126 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
127 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
128 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
129 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
130 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
131 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
132 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
133 };
134
135
136 uint32_t *pPkg = NULL;
137 uint32_t *pBuf = NULL;
138
139 RunItPtr pkgPtr;
140 RunItPtr bufPtr;
141
142 size_t assetLen = CC_ASSET_PROV_MAX_ASSET_PKG_SIZE;
143
144 const char* TEST_NAME = "Asset Provisioning";
145 RUNIT_SUB_TEST_START(TEST_NAME);
146
147 ALLOC32_AND_COPY(pkgPtr, pPkg, ASSET_PKG, sizeof(ASSET_PKG));
148 ALLOC32(bufPtr, pBuf, CC_ASSET_PROV_MAX_ASSET_PKG_SIZE);
149
150 RUNIT_ASSERT(runIt_burnOtp((unsigned int *)OTP_SECURE_2_HBK128_VALUES, CC_MNG_LCS_SEC_ENABLED) == RUNIT_ERROR__OK);
151
152 RUNIT_ASSERT_API(mbedtls_util_asset_pkg_unpack(ASSET_PROV_KEY_TYPE_KCP,
153 ASSET_ID,
154 pPkg,
155 sizeof(ASSET_PKG),
156 pBuf,
157 &assetLen) == CC_OK);
158
159 RUNIT_ASSERT(memcmp(pBuf, EXP_ASSET_BIN, assetLen) == 0);
160
161 bail:
162 FREE_IF_NOT_NULL(pkgPtr);
163 FREE_IF_NOT_NULL(bufPtr);
164
165 RUNIT_SUB_TEST_RESULT_W_PARAMS(TEST_NAME, "ASSET[%"PRIu32"B]", (uint32_t)256);
166 return rc;
167 }
168 #else
runIt_assetProv(void)169 static RunItError_t runIt_assetProv(void)
170 {
171 RunItError_t rc = RUNIT_ERROR__OK;
172
173 #if ! RUNIT_ASSET_PROV_SKIP_TEST
174 uint32_t lcs = 0xffffffff;
175
176 static const uint32_t ASSET_ID = RUNIT_ASSET_PROV_ASSET_ID;
177
178 static const uint8_t ASSET_PKG[] = { RUNIT_ASSET_PROV_PKG };
179
180 static const uint8_t EXP_ASSET_BIN[] = { RUNIT_ASSET_PROV_PKG_BIN };
181
182 uint32_t *pPkg = NULL;
183 uint32_t *pBuf = NULL;
184
185 RunItPtr pkgPtr;
186 RunItPtr bufPtr;
187
188 size_t assetLen;
189
190 const char* TEST_NAME = "Asset Provisioning";
191 RUNIT_SUB_TEST_START(TEST_NAME);
192
193 ALLOC32_AND_COPY(pkgPtr, pPkg, ASSET_PKG, sizeof(ASSET_PKG));
194 ALLOC32(bufPtr, pBuf, CC_ASSET_PROV_MAX_ASSET_PKG_SIZE);
195
196 RUNIT_ASSERT(runIt_getLcs(&lcs) == RUNIT_ERROR__OK);
197 RUNIT_PRINT_DBG("lcs[%"PRIu32"]\n", (uint32_t)lcs);
198
199 RUNIT_ASSERT_API(mbedtls_util_asset_pkg_unpack(ASSET_PROV_KEY_TYPE_KPICV,
200 ASSET_ID,
201 pPkg,
202 sizeof(ASSET_PKG),
203 pBuf,
204 &assetLen) == CC_OK);
205
206 RUNIT_ASSERT(memcmp(pBuf, EXP_ASSET_BIN, assetLen) == 0);
207
208 bail:
209 FREE_IF_NOT_NULL(pkgPtr);
210 FREE_IF_NOT_NULL(bufPtr);
211
212 RUNIT_SUB_TEST_RESULT_W_PARAMS(TEST_NAME, "LCS[%"PRIu32"] ASSET[%"PRIu32"B]", (uint32_t)lcs, (uint32_t)256);
213 #endif /* RUNIT_ASSET_PROV_SKIP_TEST */
214 return rc;
215 }
216
217 #endif /* RUNIT_ASSET_PROV_SYS_FLOW_ENABLE */
218 /************************************************************
219 *
220 * public functions
221 *
222 ************************************************************/
runIt_assetProvTest(void)223 RunItError_t runIt_assetProvTest(void)
224 {
225 RunItError_t rc = RUNIT_ERROR__OK;
226
227
228 #if !RUNIT_ASSET_PROV_SKIP_TEST
229 const char* TEST_NAME = "AssetProv";
230 RUNIT_TEST_START(TEST_NAME);
231
232 RUNIT_ASSERT(runIt_assetProv() == RUNIT_ERROR__OK);
233
234 bail:
235
236 RUNIT_TEST_RESULT(TEST_NAME);
237 #endif /* !RUNIT_ASSET_PROV_SKIP_TEST */
238
239 (void)runIt_assetProv;
240
241 return rc;
242 }
243
