32 #include <ekb_helper.h>
35 #include <openssl/cmac.h>
40 #include <tegra_se_internal.h>
41 #include <trusty_std.h>
66 0xba, 0xd6, 0x6e, 0xb4, 0x48, 0x49, 0x83, 0x68,
67 0x4b, 0x99, 0x2f, 0xe5, 0x4a, 0x64, 0x8b, 0xb8,
76 0xe4, 0x20, 0xf5, 0x8d, 0x1d, 0xea, 0xb5, 0x24,
77 0xc2, 0x70, 0xd8, 0xd2, 0x3e, 0xca, 0x45, 0xe8,
84 static uint8_t
ssk_rk[AES_KEY_128_SIZE] = { 0 };
90 static uint8_t
ekb_ek[AES_KEY_128_SIZE] = { 0 };
91 static uint8_t
ekb_ak[AES_KEY_128_SIZE] = { 0 };
92 static uint8_t
ssk_dk[AES_KEY_128_SIZE] = { 0 };
123 uint8_t *message = NULL, *mptr;
124 uint8_t counter[] = { 1 }, zero_byte[] = { 0 };
125 uint32_t L[] = { __builtin_bswap32(dk_len * 8) };
128 CMAC_CTX *cmac = NULL;
132 if ((key_len != AES_KEY_128_SIZE) && (key_len != AES_KEY_256_SIZE))
133 return ERR_INVALID_ARGS;
135 if ((dk_len % AES_BLOCK_SIZE) != 0)
136 return ERR_INVALID_ARGS;
138 if (!key || !context || !label || !out_dk)
139 return ERR_INVALID_ARGS;
147 msg_len = strlen(context) + strlen(label) + 2 +
sizeof(L);
148 message = malloc(msg_len);
149 if (message == NULL) {
150 TLOGE(
"%s: malloc failed.\n", __func__);
151 return ERR_NO_MEMORY;
155 cmac = CMAC_CTX_new();
157 TLOGE(
"%s: CMAC_CTX_new failed.\n", __func__);
164 memcpy(mptr , counter,
sizeof(counter));
166 memcpy(mptr, label, strlen(label));
167 mptr += strlen(label);
168 memcpy(mptr, zero_byte,
sizeof(zero_byte));
170 memcpy(mptr, context, strlen(context));
171 mptr += strlen(context);
172 memcpy(mptr, L,
sizeof(L));
175 n = dk_len / AES_BLOCK_SIZE;
177 for (i = 0; i < n; i++) {
182 if (key_len == AES_KEY_128_SIZE)
183 CMAC_Init(cmac, key, AES_KEY_128_SIZE, EVP_aes_128_cbc(), NULL);
185 CMAC_Init(cmac, key, AES_KEY_256_SIZE, EVP_aes_256_cbc(), NULL);
187 CMAC_Update(cmac, message, msg_len);
188 CMAC_Final(cmac, (out_dk + (i * AES_BLOCK_SIZE)), &cmact_len);
208 SE_AES_KEYSLOT_KEK2_128B);
209 if (rc != NO_ERROR) {
210 TLOGE(
"%s: failed to derive KEK2 root key (%d)\n", __func__, rc);
217 if (rc != NO_ERROR) {
218 TLOGE(
"%s: failed to derive SSK root key (%d)\n", __func__, rc);
232 "Derived 256-bit root key",
"256-bit key",
235 TLOGE(
"%s: failed to derive 256-bit root key (%d)\n", __func__, rc);
241 TLOGE(
"%s: failed to clear SE keyslots (%d)\n", __func__, rc);
250 key_in_ekb = ekb_get_key(key_index);
251 if (key_in_ekb == NULL) {
252 return ERR_NOT_VALID;
255 TLOGE(
"Setting EKB key %d to slot %d\n", key_index, keyslot);
256 return se_write_keyslot(key_in_ekb, AES_KEY_128_SIZE, AES_QUAD_KEYS, keyslot);
262 uint8_t test_key_256[] = {
263 0x72, 0xd1, 0x1f, 0x8b, 0x1c, 0x01, 0xe1, 0x5c,
264 0x49, 0x86, 0x07, 0x2a, 0xe5, 0x63, 0x42, 0x21,
265 0x65, 0x3f, 0x2e, 0x7f, 0x22, 0xfd, 0x05, 0x4c,
266 0x60, 0xc9, 0x76, 0xa6, 0xf4, 0x3a, 0x93, 0xfe,
268 char test_msg[] =
"SE_aes_cmac_test_string";
269 uint8_t openssl_cmac_digest[AES_BLOCK_SIZE] = { 0 };
270 uint8_t se_cmac_digest[AES_BLOCK_SIZE] = {0};
274 CMAC_CTX *cmac = NULL;
276 cmac = CMAC_CTX_new();
278 return ERR_NO_MEMORY;
279 CMAC_Init(cmac, test_key_256, AES_KEY_256_SIZE, EVP_aes_256_cbc(), NULL);
281 CMAC_Update(cmac, test_msg,
sizeof(test_msg));
282 CMAC_Final(cmac, openssl_cmac_digest, &cmac_len);
286 se_write_keyslot(test_key_256, AES_KEY_256_SIZE, AES_QUAD_KEYS_256, SE_AES_KEYSLOT_KEK256);
291 return ERR_NO_MEMORY;
300 if (memcmp(openssl_cmac_digest, se_cmac_digest, cmac_len)) {
301 TLOGE(
"%s: Tegra SE AES-CMAC verification is not match.\n", __func__);
310 uint8_t test_key_256[] = {
311 0xc0, 0x3c, 0x15, 0x4e, 0xe5, 0x6c, 0xb5, 0x69,
312 0x1b, 0x27, 0xd9, 0x2e, 0x7f, 0x34, 0xfb, 0x8a,
313 0x88, 0x6c, 0x0c, 0x40, 0xf9, 0x51, 0x66, 0xe0,
314 0x1d, 0x43, 0x5b, 0xba, 0xa3, 0x90, 0x47, 0x32,
316 const char context_str[] =
"nist sp 800-108 KDF verification";
317 const char label_str[] =
"KDF comparison";
318 uint8_t sw_derived_key[AES_KEY_256_SIZE] = { 0 };
319 uint8_t hw_derived_key[AES_KEY_256_SIZE] = { 0 };
323 context_str, label_str,
324 AES_KEY_256_SIZE, sw_derived_key);
327 se_write_keyslot(test_key_256, AES_KEY_256_SIZE, AES_QUAD_KEYS_256, SE_AES_KEYSLOT_KEK256);
331 context_str, label_str,
332 AES_KEY_256_SIZE, hw_derived_key);
335 if (memcmp(sw_derived_key, hw_derived_key, AES_KEY_256_SIZE)) {
336 TLOGE(
"%s: Tegra SE NIST 800-108 KDF verification is not match.\n", __func__);
347 TLOGE(
"%s .......\n", __func__);
360 AES_KEY_128_SIZE,
ekb_ek);
366 "ekb",
"authentication",
367 AES_KEY_128_SIZE,
ekb_ak);
380 AES_KEY_128_SIZE,
ssk_dk);
400 TLOGE(
"%s: failed (%d)\n", __func__, rc);