From 90d9b488580565f39d70cbe25d95ba811e0bb128 Mon Sep 17 00:00:00 2001 From: duyuqi Date: Wed, 11 Mar 2026 16:51:02 +0800 Subject: [PATCH 1/2] Add TA Test For SM3 HMAC & Fix Bug of Mac Function Signed-off-by: duyuqi --- src/api/tee_api_operations.rs | 42 +++++--------------- src/bin/cryp_test.rs | 73 +++++++++++++++++++++++++++++++++-- 2 files changed, 78 insertions(+), 37 deletions(-) diff --git a/src/api/tee_api_operations.rs b/src/api/tee_api_operations.rs index 5c4243a..2444636 100644 --- a/src/api/tee_api_operations.rs +++ b/src/api/tee_api_operations.rs @@ -8,8 +8,8 @@ use crate::api::tee_api_mm::{TEE_CheckMemoryAccessRights, TEE_Free, TEE_Malloc, TEE_MemFill}; use crate::api::tee_api_objects::{ - __utee_from_attr, TEE_AllocateTransientObject, TEE_CopyObjectAttributes1, - TEE_FreeTransientObject, TEE_GetObjectInfo1, TEE_ResetTransientObject, + __utee_from_attr, TEE_CopyObjectAttributes1, TEE_FreeTransientObject, TEE_GetObjectInfo1, + TEE_ResetTransientObject, }; use crate::api::tee_api_panic::TEE_Panic; use crate::syscalls::syscall_table::{ @@ -514,6 +514,8 @@ pub extern "C" fn TEE_AllocateOperation( algorithm: u32, mode: u32, max_key_size: u32, + key1: TEE_ObjectHandle, + key2: TEE_ObjectHandle, ) -> TEE_Result { use crate::tee_api_defines::*; @@ -543,16 +545,16 @@ pub extern "C" fn TEE_AllocateOperation( }; let _main_alg = (algorithm & 0x00FF0000) >> 16; - let mut handle_state = 0u32; + let mut handle_state = TEE_HANDLE_FLAG_KEY_SET; // 检查是否需要两个密钥 if algorithm == TEE_ALG_SM2_KEP { handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; } - let (block_size, buffer_two_blocks, req_key_usage, with_private_key) = match config { + let (block_size, buffer_two_blocks, req_key_usage, _) = match config { OperationConfig::Digest { block_size } => { - handle_state |= TEE_HANDLE_FLAG_KEY_SET; + handle_state = 0; (block_size, false, 0, false) } OperationConfig::Cipher { @@ -624,34 +626,8 @@ pub extern "C" fn TEE_AllocateOperation( } op_handle.buffer_two_blocks = buffer_two_blocks; - // 检查是否需要密钥(非摘要操作) - if operation_class != TEE_OPERATION_DIGEST { - let mut mks = max_key_size; - let key_type = TEE_ALG_GET_KEY_TYPE(algorithm, with_private_key); - - if handle_state & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS != 0 { - mks /= 2; - } - - let mut key1_ptr = core::ptr::null_mut(); - let res = TEE_AllocateTransientObject(key_type, mks, &mut key1_ptr); - if res != TEE_SUCCESS { - TEE_Free(operation_ptr); - return res; - } - op_handle.key1 = key1_ptr; - - if handle_state & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS != 0 { - let mut key2_ptr = core::ptr::null_mut(); - let res = TEE_AllocateTransientObject(key_type, mks, &mut key2_ptr); - if res != TEE_SUCCESS { - TEE_FreeTransientObject(op_handle.key1); - TEE_Free(operation_ptr); - return res; - } - op_handle.key2 = key2_ptr; - } - } + op_handle.key1 = key1; + op_handle.key2 = key2; // 分配加密状态 let mut state = 0u32; diff --git a/src/bin/cryp_test.rs b/src/bin/cryp_test.rs index 80d9228..2147347 100644 --- a/src/bin/cryp_test.rs +++ b/src/bin/cryp_test.rs @@ -1,7 +1,16 @@ use rust_utee::{ - api::tee_api_operations::{TEE_AllocateOperation, TEE_DigestDoFinal, TEE_DigestUpdate}, - tee_api_defines::{TEE_ALG_SM3, TEE_MODE_DIGEST, TEE_SUCCESS}, - tee_api_types::{TEE_OperationHandle, TEE_Result}, + api::{ + tee_api_objects::{TEE_AllocateTransientObject, TEE_GenerateKey}, + tee_api_operations::{ + TEE_AllocateOperation, TEE_DigestDoFinal, TEE_DigestUpdate, TEE_MACComputeFinal, + TEE_MACInit, TEE_MACUpdate, + }, + }, + tee_api_defines::{ + TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_MODE_DIGEST, TEE_MODE_MAC, TEE_SUCCESS, + TEE_TYPE_HMAC_SM3, + }, + tee_api_types::{TEE_ObjectHandle, TEE_OperationHandle, TEE_Result}, }; // #[unsafe(no_mangle)] @@ -11,12 +20,24 @@ fn main() { "{}", "TA Test: SM3 Hash ------------------------------------ Success" ); + assert_eq!(cryp_hmac_sm3_test(), TEE_SUCCESS); + println!( + "{}", + "TA Test: SM3 Hmac ------------------------------------ Success" + ); } fn cryp_hash_sm3_test() -> TEE_Result { let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); - let res = TEE_AllocateOperation(&mut operation_ptr, TEE_ALG_SM3, TEE_MODE_DIGEST, 0); + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM3, + TEE_MODE_DIGEST, + 0, + core::ptr::null_mut(), + core::ptr::null_mut(), + ); assert_eq!(res, 0); let data = b"abc"; @@ -45,3 +66,47 @@ fn cryp_hash_sm3_test() -> TEE_Result { ); TEE_SUCCESS } + +fn cryp_hmac_sm3_test() -> TEE_Result { + // alloc a transient object + let mut key1: TEE_ObjectHandle = core::ptr::null_mut(); + let res = TEE_AllocateTransientObject(TEE_TYPE_HMAC_SM3, 128, &mut key1); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // generate a sm3 hmac keypair + let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_HMAC_SM3, + TEE_MODE_MAC, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let data = b"abc"; + + TEE_MACInit(operation_ptr, core::ptr::null(), 0); + + TEE_MACUpdate(operation_ptr, data.as_ptr() as _, data.len()); + + let mac: [u8; 32] = [0; 32]; + let mut mac_len = mac.len(); + let res = TEE_MACComputeFinal( + operation_ptr, + core::ptr::null(), + 0, + mac.as_ptr() as _, + &mut mac_len, + ); + assert_eq!(res, 0); + + TEE_SUCCESS +} -- Gitee From aca0fa29029ebf3a43c833ccc39c351c01101250 Mon Sep 17 00:00:00 2001 From: duyuqi Date: Thu, 12 Mar 2026 16:24:20 +0800 Subject: [PATCH 2/2] Add TA SM4 ECB Test and Fix Bug of Cipher & Free Signed-off-by: duyuqi --- src/api/tee_api_operations.rs | 32 ++------ src/bin/cryp_test.rs | 144 +++++++++++++++++++++++++++++++++- 2 files changed, 146 insertions(+), 30 deletions(-) diff --git a/src/api/tee_api_operations.rs b/src/api/tee_api_operations.rs index 2444636..2be2578 100644 --- a/src/api/tee_api_operations.rs +++ b/src/api/tee_api_operations.rs @@ -701,19 +701,6 @@ pub extern "C" fn TEE_FreeOperation(operation: *mut TEE_OperationHandle) { TEE_Panic(res as u32); } } - - // 释放密钥对象,C语言中没有释放秘钥对象的操作。 - // if !op_handle.key1.is_null() { - // TEE_FreeTransientObject(op_handle.key1); - // } - // if !op_handle.key2.is_null() { - // TEE_FreeTransientObject(op_handle.key2); - // } - - TEE_Free(op_handle.buffer as *mut core::ffi::c_void); - - // 释放操作句柄本身 - TEE_Free(operation as *mut core::ffi::c_void); } /// 获取操作信息 @@ -2239,10 +2226,10 @@ pub extern "C" fn TEE_CipherDoFinal( res = unsafe { _utee_cipher_final( op_handle.state as u64, - op_handle.buffer as *const core::ffi::c_void, - op_handle.buffer_offs, - dst as *mut core::ffi::c_void, - &mut tmp_dlen, + src_data, + src_len, + dest_data, + dest_len as _, ) as TEE_Result }; } else { @@ -2251,8 +2238,8 @@ pub extern "C" fn TEE_CipherDoFinal( op_handle.state as u64, src_data, src_len, - dst as *mut core::ffi::c_void, - &mut tmp_dlen, + dest_data, + dest_len as _, ) as TEE_Result }; } @@ -2264,13 +2251,6 @@ pub extern "C" fn TEE_CipherDoFinal( return res; } - acc_dlen += tmp_dlen as usize; - if !dest_len.is_null() { - unsafe { - *dest_len = acc_dlen; - } - } - // 清除已初始化标志 unsafe { (*operation).info.handleState &= !TEE_HANDLE_FLAG_INITIALIZED; diff --git a/src/bin/cryp_test.rs b/src/bin/cryp_test.rs index 2147347..59761c3 100644 --- a/src/bin/cryp_test.rs +++ b/src/bin/cryp_test.rs @@ -2,13 +2,14 @@ use rust_utee::{ api::{ tee_api_objects::{TEE_AllocateTransientObject, TEE_GenerateKey}, tee_api_operations::{ - TEE_AllocateOperation, TEE_DigestDoFinal, TEE_DigestUpdate, TEE_MACComputeFinal, + TEE_AllocateOperation, TEE_CipherDoFinal, TEE_CipherInit, TEE_CipherUpdate, + TEE_DigestDoFinal, TEE_DigestUpdate, TEE_FreeOperation, TEE_MACComputeFinal, TEE_MACInit, TEE_MACUpdate, }, }, tee_api_defines::{ - TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_MODE_DIGEST, TEE_MODE_MAC, TEE_SUCCESS, - TEE_TYPE_HMAC_SM3, + TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_DECRYPT, TEE_MODE_DIGEST, + TEE_MODE_ENCRYPT, TEE_MODE_MAC, TEE_SUCCESS, TEE_TYPE_HMAC_SM3, TEE_TYPE_SM4, }, tee_api_types::{TEE_ObjectHandle, TEE_OperationHandle, TEE_Result}, }; @@ -25,6 +26,11 @@ fn main() { "{}", "TA Test: SM3 Hmac ------------------------------------ Success" ); + assert_eq!(cryp_sm4_ecb_test(), TEE_SUCCESS); + println!( + "{}", + "TA Test: SM4 ECB ------------------------------------ Success" + ); } fn cryp_hash_sm3_test() -> TEE_Result { @@ -74,7 +80,7 @@ fn cryp_hmac_sm3_test() -> TEE_Result { assert_eq!(res, TEE_SUCCESS); assert!(!key1.is_null()); - // generate a sm3 hmac keypair + // generate a sm3 hmac key let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); assert_eq!(res, TEE_SUCCESS); assert!(!key1.is_null()); @@ -110,3 +116,133 @@ fn cryp_hmac_sm3_test() -> TEE_Result { TEE_SUCCESS } + +fn cryp_sm4_ecb_test() -> TEE_Result { + // alloc a transient object + let mut key1: TEE_ObjectHandle = core::ptr::null_mut(); + let res = TEE_AllocateTransientObject(TEE_TYPE_SM4, 128, &mut key1); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // generate a sm4 key + let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // Encrypt + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_ECB_NOPAD, + TEE_MODE_ENCRYPT, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let enc_data = b"abcdefghabcdefgh1234567890987654"; + let enc_output = [0u8; 48]; + let mut total_len = 0; + let mut d_len = enc_output[total_len..].len(); + + TEE_CipherInit(operation_ptr, core::ptr::null(), 0); + + let res = TEE_CipherUpdate( + operation_ptr, + enc_data[..16].as_ptr() as _, + enc_data[..16].len(), + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 16); + + d_len = enc_output[total_len..].len(); + let res = TEE_CipherUpdate( + operation_ptr, + enc_data[16..].as_ptr() as _, + enc_data[16..].len(), + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + d_len = enc_output[total_len..].len(); + let res = TEE_CipherDoFinal( + operation_ptr, + core::ptr::null(), + 0, + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + TEE_FreeOperation(operation_ptr); + + // Decrypt + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_ECB_NOPAD, + TEE_MODE_DECRYPT, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let dec_data = &enc_output[..32]; + let dec_output = [0u8; 48]; + let mut total_len = 0; + let mut d_len = dec_output[total_len..].len(); + + TEE_CipherInit(operation_ptr, core::ptr::null(), 0); + + let res = TEE_CipherUpdate( + operation_ptr, + dec_data[..16].as_ptr() as _, + dec_data[..16].len(), + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 16); + + d_len = dec_output[total_len..].len(); + let res = TEE_CipherUpdate( + operation_ptr, + dec_data[16..].as_ptr() as _, + dec_data[16..].len(), + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + d_len = dec_output[total_len..].len(); + let res = TEE_CipherDoFinal( + operation_ptr, + core::ptr::null(), + 0, + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + let data = &dec_output[..32]; + assert_eq!(data, enc_data); + + TEE_SUCCESS +} -- Gitee