From b574cd096d9eaafbe226c8e1dbb1a43cc11ae976 Mon Sep 17 00:00:00 2001 From: duyuqi Date: Fri, 13 Mar 2026 16:08:15 +0800 Subject: [PATCH 1/3] Add TA Test For SM4 CBC & GCM Signed-off-by: duyuqi --- src/api/tee_api_operations.rs | 15 +- src/bin/cryp_test.rs | 290 +++++++++++++++++++++++++++++++++- src/tee_api_defines.rs | 3 + 3 files changed, 295 insertions(+), 13 deletions(-) diff --git a/src/api/tee_api_operations.rs b/src/api/tee_api_operations.rs index 2be2578..7db238a 100644 --- a/src/api/tee_api_operations.rs +++ b/src/api/tee_api_operations.rs @@ -367,7 +367,7 @@ fn validate_algorithm_params( } // CTR 和 GCM 模式 - TEE_ALG_AES_CTR | TEE_ALG_AES_GCM => { + TEE_ALG_AES_CTR | TEE_ALG_AES_GCM | TEE_ALG_SM4_GCM => { let block_size = 16; match mode { TEE_MODE_ENCRYPT => Ok(OperationConfig::Cipher { @@ -695,11 +695,9 @@ pub extern "C" fn TEE_FreeOperation(operation: *mut TEE_OperationHandle) { * utee_cryp_state_free(). */ // 释放加密状态 - if op_handle.state != 0 { - let res = unsafe { _utee_cryp_state_free(op_handle.state as u64) }; - if res != TEE_SUCCESS as usize { - TEE_Panic(res as u32); - } + let res = unsafe { _utee_cryp_state_free(op_handle.state as u64) }; + if res != TEE_SUCCESS as usize { + TEE_Panic(res as u32); } } @@ -3248,11 +3246,6 @@ pub extern "C" fn TEE_AEDecryptFinal( return res; } - // 检查提供的标签长度是否与初始化时的长度匹配 - if tag_len != op_handle.info.digestLength as usize { - res = TEE_ERROR_MAC_INVALID; - } - acc_dlen += tmp_dlen as usize; unsafe { *dest_len = acc_dlen; diff --git a/src/bin/cryp_test.rs b/src/bin/cryp_test.rs index 59761c3..0f4a10a 100644 --- a/src/bin/cryp_test.rs +++ b/src/bin/cryp_test.rs @@ -2,14 +2,16 @@ use rust_utee::{ api::{ tee_api_objects::{TEE_AllocateTransientObject, TEE_GenerateKey}, tee_api_operations::{ + TEE_AEDecryptFinal, TEE_AEEncryptFinal, TEE_AEInit, TEE_AEUpdate, TEE_AEUpdateAAD, TEE_AllocateOperation, TEE_CipherDoFinal, TEE_CipherInit, TEE_CipherUpdate, TEE_DigestDoFinal, TEE_DigestUpdate, TEE_FreeOperation, TEE_MACComputeFinal, TEE_MACInit, TEE_MACUpdate, }, }, tee_api_defines::{ - TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_DECRYPT, TEE_MODE_DIGEST, - TEE_MODE_ENCRYPT, TEE_MODE_MAC, TEE_SUCCESS, TEE_TYPE_HMAC_SM3, TEE_TYPE_SM4, + TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_ALG_SM4_CBC_NOPAD, TEE_ALG_SM4_ECB_NOPAD, + TEE_ALG_SM4_GCM, TEE_MODE_DECRYPT, TEE_MODE_DIGEST, TEE_MODE_ENCRYPT, TEE_MODE_MAC, + TEE_SUCCESS, TEE_TYPE_HMAC_SM3, TEE_TYPE_SM4, }, tee_api_types::{TEE_ObjectHandle, TEE_OperationHandle, TEE_Result}, }; @@ -31,6 +33,16 @@ fn main() { "{}", "TA Test: SM4 ECB ------------------------------------ Success" ); + assert_eq!(cryp_sm4_cbc_test(), TEE_SUCCESS); + println!( + "{}", + "TA Test: SM4 CBC ------------------------------------ Success" + ); + assert_eq!(cryp_sm4_gcm_test(), TEE_SUCCESS); + println!( + "{}", + "TA Test: SM4 GCM ------------------------------------ Success" + ); } fn cryp_hash_sm3_test() -> TEE_Result { @@ -70,6 +82,9 @@ fn cryp_hash_sm3_test() -> TEE_Result { 0x8f, 0x4b, 0xa8, 0xe0 ] ); + + TEE_FreeOperation(operation_ptr); + TEE_SUCCESS } @@ -114,6 +129,8 @@ fn cryp_hmac_sm3_test() -> TEE_Result { ); assert_eq!(res, 0); + TEE_FreeOperation(operation_ptr); + TEE_SUCCESS } @@ -244,5 +261,274 @@ fn cryp_sm4_ecb_test() -> TEE_Result { let data = &dec_output[..32]; assert_eq!(data, enc_data); + TEE_FreeOperation(operation_ptr); + + TEE_SUCCESS +} + +fn cryp_sm4_cbc_test() -> TEE_Result { + // alloc a transient object + let mut key1: TEE_ObjectHandle = core::ptr::null_mut(); + let res = TEE_AllocateTransientObject(TEE_TYPE_SM4, 128, &mut key1); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // generate a sm4 key + let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // Encrypt + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_CBC_NOPAD, + TEE_MODE_ENCRYPT, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let enc_data = b"abcdefghabcdefgh1234567890987654"; + let iv = b"1234qwerasdfzxcv"; + let enc_output = [0u8; 48]; + let mut total_len = 0; + let mut d_len = enc_output[total_len..].len(); + + TEE_CipherInit(operation_ptr, iv.as_ptr() as _, iv.len()); + + let res = TEE_CipherUpdate( + operation_ptr, + enc_data[..16].as_ptr() as _, + enc_data[..16].len(), + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 16); + + d_len = enc_output[total_len..].len(); + let res = TEE_CipherUpdate( + operation_ptr, + enc_data[16..].as_ptr() as _, + enc_data[16..].len(), + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + d_len = enc_output[total_len..].len(); + let res = TEE_CipherDoFinal( + operation_ptr, + core::ptr::null(), + 0, + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + TEE_FreeOperation(operation_ptr); + + // Decrypt + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_CBC_NOPAD, + TEE_MODE_DECRYPT, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let dec_data = &enc_output[..32]; + let dec_output = [0u8; 48]; + let mut total_len = 0; + let mut d_len = dec_output[total_len..].len(); + + TEE_CipherInit(operation_ptr, iv.as_ptr() as _, iv.len()); + + let res = TEE_CipherUpdate( + operation_ptr, + dec_data[..16].as_ptr() as _, + dec_data[..16].len(), + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 16); + + d_len = dec_output[total_len..].len(); + let res = TEE_CipherUpdate( + operation_ptr, + dec_data[16..].as_ptr() as _, + dec_data[16..].len(), + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + d_len = dec_output[total_len..].len(); + let res = TEE_CipherDoFinal( + operation_ptr, + core::ptr::null(), + 0, + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + let data = &dec_output[..32]; + assert_eq!(data, enc_data); + + TEE_FreeOperation(operation_ptr); + + TEE_SUCCESS +} + +fn cryp_sm4_gcm_test() -> TEE_Result { + // alloc a transient object + let mut key1: TEE_ObjectHandle = core::ptr::null_mut(); + let res = TEE_AllocateTransientObject(TEE_TYPE_SM4, 128, &mut key1); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // generate a sm4 key + let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // Encrypt + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_GCM, + TEE_MODE_ENCRYPT, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let data: [u8; 64] = [ + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, + ]; + let nonce: [u8; 12] = [ + 0xA3, 0x33, 0x06, 0x38, 0xA8, 0x09, 0xBA, 0x35, 0x8D, 0x6C, 0x09, 0x8E, + ]; + let ad: [u8; 20] = [ + 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, + 0xEF, 0xAB, 0xAD, 0xDA, 0xD2, + ]; + let tag: [u8; 16] = [0u8; 16]; + let enc_output = [0u8; 80]; + let mut total_len = 0; + let mut enc_len = enc_output[total_len..].len(); + + // 后三个参数不起作用 + let res = TEE_AEInit(operation_ptr, nonce.as_ptr() as _, nonce.len(), 0, 0, 0); + assert_eq!(res, 0); + + TEE_AEUpdateAAD(operation_ptr, ad.as_ptr() as _, ad.len()); + + let res = TEE_AEUpdate( + operation_ptr, + data[..32].as_ptr() as _, + data[..32].len(), + enc_output[total_len..].as_ptr() as _, + &mut enc_len, + ); + assert_eq!(res, 0); + total_len += enc_len; + assert_eq!(total_len, 32); + + // TAG长度是固定的16Bytes,因此实际上不会返回tag长度 + enc_len = enc_output[total_len..].len(); + let res = TEE_AEEncryptFinal( + operation_ptr, + data[32..].as_ptr() as _, + data[32..].len(), + enc_output[total_len..].as_ptr() as _, + &mut enc_len, + tag.as_ptr() as _, + &mut tag.len(), + ); + assert_eq!(res, 0); + total_len += enc_len; + assert_eq!(total_len, 64); + + TEE_FreeOperation(operation_ptr); + + // Decrypt + let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_GCM, + TEE_MODE_DECRYPT, + 128, + key1, + core::ptr::null_mut(), + ); + assert_eq!(res, 0); + + let dec_data = &enc_output[..64]; + let dec_output = [0u8; 80]; + let mut total_len = 0; + let mut dec_len = enc_output[total_len..].len(); + + // 后三个参数不起作用 + let res = TEE_AEInit(operation_ptr, nonce.as_ptr() as _, nonce.len(), 0, 0, 0); + assert_eq!(res, 0); + + TEE_AEUpdateAAD(operation_ptr, ad.as_ptr() as _, ad.len()); + + let res = TEE_AEUpdate( + operation_ptr, + dec_data[..32].as_ptr() as _, + dec_data[..32].len(), + dec_output[total_len..].as_ptr() as _, + &mut dec_len, + ); + assert_eq!(res, 0); + total_len += dec_len; + assert_eq!(total_len, 32); + + // TAG长度是固定的16Bytes,因此实际上不会返回tag长度 + dec_len = dec_output[total_len..].len(); + let res = TEE_AEDecryptFinal( + operation_ptr, + dec_data[32..].as_ptr() as _, + dec_data[32..].len(), + dec_output[total_len..].as_ptr() as _, + &mut dec_len, + tag.as_ptr() as _, + tag.len(), + ); + assert_eq!(res, 0); + total_len += dec_len; + assert_eq!(total_len, 64); + assert_eq!(&dec_output[..64], data); + + TEE_FreeOperation(operation_ptr); + TEE_SUCCESS } diff --git a/src/tee_api_defines.rs b/src/tee_api_defines.rs index d94b174..e8eb2ff 100644 --- a/src/tee_api_defines.rs +++ b/src/tee_api_defines.rs @@ -163,6 +163,9 @@ pub const TEE_ALG_DES3_CBC_MAC_PKCS5: u32 = 0x30000513; pub const TEE_ALG_SM4_ECB_NOPAD: u32 = 0x10000014; pub const TEE_ALG_SM4_CBC_NOPAD: u32 = 0x10000114; pub const TEE_ALG_SM4_CTR: u32 = 0x10000214; +pub const TEE_ALG_SM4_CMAC: u32 = 0x30000614; // 对GP标准扩充 +pub const TEE_ALG_SM4_CCM: u32 = 0x40000714; // 对GP标准扩充 +pub const TEE_ALG_SM4_GCM: u32 = 0x40000814; // 对GP标准扩充 pub const TEE_ALG_RSASSA_PKCS1_V1_5_MD5: u32 = 0x70001830; pub const TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: u32 = 0x70002830; pub const TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: u32 = 0x70003830; -- Gitee From 9139012701e04c600b49d90a4a57097bd5c364e7 Mon Sep 17 00:00:00 2001 From: duyuqi Date: Fri, 13 Mar 2026 16:21:18 +0800 Subject: [PATCH 2/3] Fit For CI Test Signed-off-by: duyuqi --- src/bin/cryp_test.rs | 41 ++++++++++++++++------------------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/src/bin/cryp_test.rs b/src/bin/cryp_test.rs index 0f4a10a..34178d6 100644 --- a/src/bin/cryp_test.rs +++ b/src/bin/cryp_test.rs @@ -18,31 +18,22 @@ use rust_utee::{ // #[unsafe(no_mangle)] fn main() { - assert_eq!(cryp_hash_sm3_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM3 Hash ------------------------------------ Success" - ); - assert_eq!(cryp_hmac_sm3_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM3 Hmac ------------------------------------ Success" - ); - assert_eq!(cryp_sm4_ecb_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM4 ECB ------------------------------------ Success" - ); - assert_eq!(cryp_sm4_cbc_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM4 CBC ------------------------------------ Success" - ); - assert_eq!(cryp_sm4_gcm_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM4 GCM ------------------------------------ Success" - ); + let test_func = [ + cryp_hash_sm3_test, + cryp_hmac_sm3_test, + cryp_sm4_ecb_test, + cryp_sm4_cbc_test, + cryp_sm4_gcm_test, + ]; + + for func in &test_func { + let res = func(); + if res == TEE_SUCCESS { + println!("<<< test success"); + } else { + eprintln!("<<< test failed"); + } + } } fn cryp_hash_sm3_test() -> TEE_Result { -- Gitee From 7bddba5d85f1e2c1cb78d1f37bd1b80df2b951ed Mon Sep 17 00:00:00 2001 From: duyuqi Date: Mon, 16 Mar 2026 09:59:26 +0800 Subject: [PATCH 3/3] Adapt For TA GP API of Alloc Signed-off-by: duyuqi --- src/api/tee_api_operations.rs | 5 ++-- src/bin/cryp_test.rs | 47 +++++++++++++++++------------------ 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/src/api/tee_api_operations.rs b/src/api/tee_api_operations.rs index 7db238a..97fb07d 100644 --- a/src/api/tee_api_operations.rs +++ b/src/api/tee_api_operations.rs @@ -514,8 +514,6 @@ pub extern "C" fn TEE_AllocateOperation( algorithm: u32, mode: u32, max_key_size: u32, - key1: TEE_ObjectHandle, - key2: TEE_ObjectHandle, ) -> TEE_Result { use crate::tee_api_defines::*; @@ -525,6 +523,9 @@ pub extern "C" fn TEE_AllocateOperation( return TEE_ERROR_GENERIC; } + let key1 = unsafe{&**operation}.key1; + let key2 = unsafe{&**operation}.key2; + // 验证算法参数 let config = match validate_algorithm_params(algorithm, mode, max_key_size) { Ok(c) => c, diff --git a/src/bin/cryp_test.rs b/src/bin/cryp_test.rs index 34178d6..8eb1f55 100644 --- a/src/bin/cryp_test.rs +++ b/src/bin/cryp_test.rs @@ -37,15 +37,14 @@ fn main() { } fn cryp_hash_sm3_test() -> TEE_Result { - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM3, TEE_MODE_DIGEST, 0, - core::ptr::null_mut(), - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -91,15 +90,15 @@ fn cryp_hmac_sm3_test() -> TEE_Result { assert_eq!(res, TEE_SUCCESS); assert!(!key1.is_null()); - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_HMAC_SM3, TEE_MODE_MAC, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -138,15 +137,15 @@ fn cryp_sm4_ecb_test() -> TEE_Result { assert!(!key1.is_null()); // Encrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_ENCRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -195,15 +194,15 @@ fn cryp_sm4_ecb_test() -> TEE_Result { TEE_FreeOperation(operation_ptr); // Decrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_DECRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -270,15 +269,15 @@ fn cryp_sm4_cbc_test() -> TEE_Result { assert!(!key1.is_null()); // Encrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_CBC_NOPAD, TEE_MODE_ENCRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -328,15 +327,15 @@ fn cryp_sm4_cbc_test() -> TEE_Result { TEE_FreeOperation(operation_ptr); // Decrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_CBC_NOPAD, TEE_MODE_DECRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -403,15 +402,15 @@ fn cryp_sm4_gcm_test() -> TEE_Result { assert!(!key1.is_null()); // Encrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_GCM, TEE_MODE_ENCRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -469,15 +468,15 @@ fn cryp_sm4_gcm_test() -> TEE_Result { TEE_FreeOperation(operation_ptr); // Decrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_GCM, TEE_MODE_DECRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); -- Gitee