本文主要是介绍tee测试及添加用例方法,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
- Xtest
opetee的测试程序xtest的源代码,主要用来测试TEE中提供的各种算法逻辑和提供的其他功能;
现有的用于测试的xtest TA(Trusted Application)共有8个,分别涵盖了内核测试、内部API测试、加密测试、创建失败测试、并发测试、安全测试等方面。
1.1. Xtest测试程序
1.1.1. regression_1000.c
1. regression_1001 Core self tests
2. regression_1002 PTA parameters
3. regression_1003 Core internal read/write mutex
4. regression_1004 Test User Crypt TA
5. regression_1005 Many sessions
6. regression_1006 Test Basic OS features
7. regression_1007 Test Panic
8. regression_1008 TEE internal client API
9. regression_1009 TEE Wait
10. regression_1010 Invalid memory access
11. regression_1011 Test TA-to-TA features with User Crypt TA
12. regression_1012 Test Single Instance Multi Session features with SIMS TA
13. regression_1013 Test concurency with concurrent TA
14. regression_1015 FS hash-tree corner cases
15. regression_1016 Test TA to TA transfers (in/out/inout memrefs on the stack)
16. regression_1017 Test coalescing memrefs
17. regression_1018 Test memref out of bounds
18. regression_1019 Test dynamically linked TA
19. regression_1020 Test lockdep algorithm
20. regression_1021 Test panic context release
21. regression_1022 Test dlopen()/dlsym()/dlclose() API
1.1.2. regression_4000.c
1. regression_4001 Test TEE Internal API hash operations
2. regression_4002 Test TEE Internal API MAC operations
3. regression_4003 Test TEE Internal API cipher operations
4. regression_4004 Test TEE Internal API get random
5. regression_4005 Test TEE Internal API Authenticated Encryption operations
6. regression_4006 Test TEE Internal API Asymmetric Cipher operations
7. regression_4007_symmetric Test TEE Internal API Generate Symmetric key
8. regression_4008 Test TEE Internal API Derive key
9. regression_4009 Test TEE Internal API Derive key ECDH
10. regression_4010 Test TEE Internal API create transient object (negative)
11. regression_4011 Test TEE Internal API Bleichenbacher attack (negative)
12. regression_4012 Test seeding RNG entropy
- regression_4013 Test generation of device unique TA keys
1.1.3. regression_4100.c
1. regression_4101 Test TEE Internal API Arithmetical API - Bigint init
2. regression_4102 Test TEE Internal API Arithmetical API - Octet string
3. regression_4103 Test TEE Internal API Arithmetical API - S32
4. regression_4104 Test TEE Internal API Arithmetical API – Compare
5. regression_4105 Test TEE Internal API Arithmetical API - Add, Sub
6. regression_4106 Test TEE Internal API Arithmetical API – Neg
7. regression_4107 Test TEE Internal API Arithmetical API – Mul
8. regression_4108 Test TEE Internal API Arithmetical API - Div
9. regression_4109 Test TEE Internal API Arithmetical API – Mod
10. regression_4110 Test TEE Internal API Arithmetical API - Mod arith
11. regression_4111 Test TEE Internal API Arithmetical API – Invmod
12. regression_4112 Test TEE Internal API Arithmetical API - Is prime
13. regression_4113 Test TEE Internal API Arithmetical API - shift right
14. regression_4114 Test TEE Internal API Arithmetical API – GCD
1.1.4. regression_5000.c
1. regression_5006 Tests for Global platform TEEC
1.1.5. regression_6000.c
1. regression_6001 Test TEE_CreatePersistentObject
2. regression_6002 Test TEE_OpenPersistentObject
3. regression_6003 Test TEE_ReadObjectData
4. regression_6004 Test TEE_WriteObjectData
5. regression_6005 Test TEE_SeekObjectData
6. regression_6006 Test TEE_CloseAndDeletePersistentObject
7. regression_6007 Test TEE_TruncateObjectData
8. regression_6008 Test TEE_RenamePersistentObject
9. regression_6009 Test TEE Internal API Persistent Object Enumeration Functions
10. regression_6010 Test Storage
11. regression_6012 Test TEE GP TTA DS init objects
12. regression_6013 Key usage in Persistent objects
13. regression_6014 Loop on Persistent objects
14. regression_6015 Storage isolation
15. regression_6016 Storage concurency
16. egression_6017 Test Persistent objects info
17. regression_6018 Large object
18. regression_6019 Storage independence
19. regression_6020 Object IDs in SHM (negative)
1.1.6. regression_7000.c
1. regression_7001 Allocate_In RELEASE_SHARED_MEMORY_WHEN_ALLOCATED
2. regression_7002 Allocate_out_of_memory INITIALIZE_CONTEXT_NAMES
3. regression_7003 ReleaseSharedMemory_null RELEASE_SHARED_MEMORY_WHEN_ALLOC[257392.248120]
4. regression_7004 Allocate_InOut RELEASE_SHARED_MEMORY_WHEN_ALLOCATED
5. regression_7005 Register_In RELEASE_SHARED_MEMORY_WHEN_REGISTERED
6. regression_7006 Register_notZeroLength_Out RELEASE_SHARED_MEMORY_WHEN_REGISTERED
7. regression_7007 Register_InOut RELEASE_SHARED_MEMORY_WHEN_REGISTERED
8. regression_7008 Register_zeroLength_Out RELEASE_SHARED_MEMORY_WHEN_REGISTERED
9. regression_7009 OpenSession_error_notExistingTA OPEN_SESSION_TARGET_TRUSTED_APP
10. regression_7010 Allocate_Out RELEASE_SHARED_MEMORY_WHEN_ALLOCATED
11. regression_7013 OpenSession_error_originTEE OPEN_SESSION_TARGET_TRUSTED_APP
12. regression_7016 CloseSession_null CLOSE_SESSION_IGNORE_SESSION_NULL
13. regression_7017 InitializeContext_NotExistingTEE INITIALIZE_CONTEXT_NAMES
14. regression_7018 FinalizeContext_null FINALIZE_CONTEXT_IGNORE_NULL
15. regression_7019 InitializeContext_concurrentContext INITIALIZE_CONTEXT_NAMES
1.1.7. regression_8000.c
1. regression_8001 Test TEE Internal API key derivation extensions
2. regression_8002 Secure Storage Key Manager API Self Test
1.1.8. regression_8100.c
1. regression_8101 TA mbedTLS self tests
2. regression_8102 TA mbedTLS test cert chain
3. regression_8103 TA mbedTLS process certificate request
1.2. 如何判断测试结果
xtest_main.c里的main函数会调用ADBG_RunSuite (ADBG_Runner_t *Runner_p,int argc,char *argv[]),这里最终会调用到
ADBG_CASE_DEFINE()。
while ((SubCase_p = ADBG_Case_NextSubCase(&Iterator)) != NULL) {if (SubCase_p->Result.NumFailedTests +SubCase_p->Result.NumFailedSubTests > 0) { //失败则打印failif (SubCase_p->Result.FirstFailedFile_p !=NULL) {Do_ADBG_Log("%s FAILED first error at %s:%d",SubCase_p->TestID_p,SubCase_p->Result.FirstFailedFile_p,SubCase_p->Result.FirstFailedRow);} else {Do_ADBG_Log("%s FAILED",SubCase_p->TestID_p); }} else if (ADBG_Case_SubCaseIsMain(Case_p, SubCase_p)) {/* A level one test case is displayedif successfull too */Do_ADBG_Log("%s OK", SubCase_p->TestID_p); //成功则打印OK}}
下面测试成功案例以regression_1000.c里的regression_1005举例:
static void xtest_tee_test_1005(ADBG_Case_t *c)
{uint32_t ret_orig = 0;
#define MAX_SESSIONS 3TEEC_Session sessions[MAX_SESSIONS];int i = 0;for (i = 0; i < MAX_SESSIONS; i++) {if (!ADBG_EXPECT_TEEC_SUCCESS(c,xtest_teec_open_session(&sessions[i], //打开多个session,失败则退出&concurrent_ta_uuid,NULL, &ret_orig)))break;}for (; --i >= 0; )TEEC_CloseSession(&sessions[i]);
}
ADBG_CASE_DEFINE(regression, 1005, xtest_tee_test_1005, "Many sessions");
打印结果OK,表示测试通过。
测试失败案例以regression_1000.c里的regression_1006举例:
static void xtest_tee_test_1006(ADBG_Case_t *c)
{TEEC_Session session = { };uint32_t ret_orig = 0;TEEC_Operation op = TEEC_OPERATION_INITIALIZER;uint8_t buf[32] = { };if (!ADBG_EXPECT_TEEC_SUCCESS(c,xtest_teec_open_session(&session, &os_test_ta_uuid, NULL,&ret_orig)))return;op.params[0].tmpref.buffer = buf;op.params[0].tmpref.size = sizeof(buf);op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, TEEC_NONE,TEEC_NONE, TEEC_NONE);(void)ADBG_EXPECT_TEEC_SUCCESS(c,TEEC_InvokeCommand(&session, TA_OS_TEST_CMD_BASIC, &op,&ret_orig));TEEC_CloseSession(&session);}ADBG_CASE_DEFINE(regression, 1006, xtest_tee_test_1006,"Test Basic OS features");打印结果:
可以看到打开session时失败了,原因是内存超出了,原因是因为Finch内存紧张。看一下xtest_tee_test_1006调用函数是xtest_teec_open_session(&session, &os_test_ta_uuid, NULL, &ret_orig))), xtest_tee_test_1006测试所用ta是os_test_ta_uuid,这个ta调用会占用内存,所以导致finch内存紧张,测试失败。
2. Tee测试步骤
1、 启动tee-supplicant服务(系统默认已启动)
2、 在/usr/lib/目录下建立/usr/lib/optee_armtz目录,将ta文件拷到/usr/lib/optee_armtz
3、 运行testsuite/bin/kernel目录下的xtest
4、 等待测试完成
- 如何手动增加ta测试用例
3.1. 源代码及相关目录准备
测试用例在optee-examples-3.5.0目录下。
第一步,为方便操作,首先复制hello_world目录为my_test,拷贝hello_word放在同级目录并改为my_test,并在当前目录下替换名字。
进入my_test目录执行以下命令将hello_world替换为my_test。
$ sed -i 's/hello_world/my_test/g' `grep hello_world -rl .`
$ sed -i 's/HELLO_WORLD/MY_TEST/g' `grep HELLO_WORLD -rl .`
第二步,修改my_test/ta目录中的Makefie并添加自有的TA部分的代码,我修改之后的目录文件如下
上述目录文件说明如下:
Makefile文件:编译TA时使用的makefile文件
my_test_ta.c文件:主要是存放TA部分代码的处理函数,CA的commond请求最终会被TA_InvokeCommandEntryPoint函数处理。
sub.mk文件:定义该TA中需要被编译的source code。
user_ta_header_defines.h文件:定义UUID等相关宏
include/my_test_ta.h文件:定义了UUID的宏以及与CA对应的commond ID宏
3.2. 修改TA目录中的代码和makefile
-
修改sub.mk文件,将该TA中所有的.c文件添加到编译文件总,修改完成之后如下图所示:
-
定义UUID值和commond ID的值
编译include/my_test_ta.h文件,定义该TA程序的UUID宏为TA_MY_TEST_UUID,并定义commond ID的宏(宏的值必须保持与CA部分的commond ID一致),UUID的值可以自己填写也可以从一下网址中生成:http://www.itu.int/ITU-T/asn1/uuid.html
/** This UUID is generated with uuidgen* the ITU-T UUID generator at http://www.itu.int/ITU-T/asn1/uuid.html*/
#define TA_MY_TEST_UUID \{ 0x11111111, 0x2450, 0x11e4, \{ 0xab, 0xe2, 0x00, 0x02, 0xa5, 0xd5, 0xc5, 0x1b} }/* The function IDs implemented in this TA */
#define TA_MY_TEST_CMD_INC_VALUE 0
#define TA_MY_TEST_CMD_DEC_VALUE 1#endif /*TA_MY_TEST_H*/3. 修改user_ta_header_defines.h文件
将my_test_ta.h文件include到该文件中以便获取UUID的定义
/* To get the TA UUID definition */
#include <my_test_ta.h>#define TA_UUID TA_MY_TEST_UUID
- 修改Makefile文件中的UUID
CFG_TEE_TA_LOG_LEVEL ?= 4
CPPFLAGS += -DCFG_TEE_TA_LOG_LEVEL=$(CFG_TEE_TA_LOG_LEVEL)# The UUID for the Trusted Application
BINARY=11111111-2450-11e4-abe2-0002a5d5c51b-include $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mkifeq ($(wildcard $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk), )
clean:@echo 'Note: $$(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk not found, cannot clean TA'@echo 'Note: TA_DEV_KIT_DIR=$(TA_DEV_KIT_DIR)'
endif
- 添加该TA需要处理的逻辑代码
添加TA的具体实现代码,也即是该TA需要实现什么功能,在本例子中将该部分的代码存放在my_test_ta.c文件中。
static TEE_Result inc_value(uint32_t param_types,TEE_Param params[4]){ //先平方再加1params[0].value.a = params[0].value.a * params[0].value.a + 1;
}
- 将my_test加到optee-examples-3.5.0下的Makefie、CMakeFiles/Makefile2、CMakeFiles/Makefile.cmake
Makefile添加代码如下:
# Target rules for targets named optee_example_my_test# Build rule for target.
optee_example_my_test: cmake_check_build_system$(MAKE) -f CMakeFiles/Makefile2 optee_example_my_test
.PHONY : optee_example_my_test# fast build rule for target.
optee_example_my_test/fast:$(MAKE) -f my_test/CMakeFiles/optee_example_my_test.dir/build.make my_test/CMakeFiles/optee_example_my_test.dir/build
.PHONY : optee_example_my_test/fas
3.3. CA的修改和编写
- CA部分的代码存放在my_test/host目录中,文件结构体如下:
/host$ tree -a
.
├── main.c
└── Makefile
- 修改Makefile,主要修改BINARY变量和OBJ变量,如果CA部分的代码不止一个.c文件,则需要将所有的.c文件编译生成的.o文件名称添加到OBJS变量中,而BINARY变量就是编译完成之后生成的Binary的名称。本例子修改后的结果如下:
Makefile部分代码如下:
OBJS = main.oBINARY = optee_example_my_test
My_test_ta.c部分代码如下:
op.params[0].value.a = 100;/** TA_MY_TEST_CMD_INC_VALUE is the actual function in the TA to be* called.*/printf("Invoking TA to increment %d\n", op.params[0].value.a);res = TEEC_InvokeCommand(&sess, TA_MY_TEST_CMD_INC_VALUE, &op,&err_origin);if (res != TEEC_SUCCESS)errx(1, "TEEC_InvokeCommand failed with code 0x%x origin 0x%x",res, err_origin);printf("TA incremented value to %d\n", op.params[0].value.a);
3.4. 测试ca和ta
可以看到/lib/optee_armtz下生成了目标ta文件。
运行测试程序:
初始值为100,ta运算将100先平方再加1,和预期结果10001正好相符。
这篇关于tee测试及添加用例方法的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
