espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/esp_tee_bbp_v6.0' into 'release/v6.0'

Browse Source 
fix(esp_tee): Add missing input validation checks for TEE service calls (v6.0)

See merge request espressif/esp-idf!47361
This commit is contained in:
Mahavir Jain
2026-04-09 11:00:28 +05:30
parent 247cafb2cf 7867f4a575
commit a7e77cda1d
10 changed files with 416 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/esp_tee/subproject/components/tee_ota_ops/esp_tee_ota_ops.c
+1 -1
View File
@@ -108,7 +108,7 @@ esp_err_t esp_tee_ota_write(uint32_t rel_offset, const void *data, size_t size)
return ESP_ERR_INVALID_STATE;
}
if (rel_offset + size > ota_handle.tee_next.pos.size) {
if (size > ota_handle.tee_next.pos.size || rel_offset > ota_handle.tee_next.pos.size - size) {
ESP_LOGE(TAG, "Out of region write not allowed!");
return ESP_FAIL;
}
components/esp_tee/subproject/main/common/multi_heap.c
+5 -2
View File
@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2024-2026 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -19,7 +19,10 @@ inline static void multi_heap_assert(bool condition, const char *format, int lin
/* Can't use libc assert() here as it calls printf() which can cause another malloc() for a newlib lock.
Also, it's useful to be able to print the memory address where corruption was detected.
*/
(void) condition;
if (!condition) {
esp_rom_printf(format, line, address);
abort();
}
}
#define MULTI_HEAP_ASSERT(CONDITION, ADDRESS) \
components/esp_tee/subproject/main/core/esp_secure_services.c
+180 -52
View File
@@ -27,6 +27,7 @@
#endif
#include "psa/initial_attestation.h"
#include "esp_crypto_periph_clk.h"
#include "nvs.h"
#include "esp_tee.h"
#include "esp_tee_memory_utils.h"
@@ -60,8 +61,10 @@ int _ss_esp_aes_crypt_cbc(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) &&
esp_tee_buf_in_ree(iv, 16) &&
esp_tee_buf_in_ree(input, length) &&
esp_tee_buf_in_ree(output, length));
if (!valid_addr) {
return -1;
@@ -79,8 +82,11 @@ int _ss_esp_aes_crypt_cfb128(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) &&
esp_tee_buf_in_ree(iv_off, sizeof(size_t)) &&
esp_tee_buf_in_ree(iv, 16) &&
esp_tee_buf_in_ree(input, length) &&
esp_tee_buf_in_ree(output, length));
if (!valid_addr) {
return -1;
@@ -97,8 +103,10 @@ int _ss_esp_aes_crypt_cfb8(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) &&
esp_tee_buf_in_ree(iv, 16) &&
esp_tee_buf_in_ree(input, length) &&
esp_tee_buf_in_ree(output, length));
if (!valid_addr) {
return -1;
@@ -116,8 +124,12 @@ int _ss_esp_aes_crypt_ctr(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) &&
esp_tee_buf_in_ree(nc_off, sizeof(size_t)) &&
esp_tee_buf_in_ree(nonce_counter, 16) &&
esp_tee_buf_in_ree(stream_block, 16) &&
esp_tee_buf_in_ree(input, length) &&
esp_tee_buf_in_ree(output, length));
if (!valid_addr) {
return -1;
@@ -132,8 +144,9 @@ int _ss_esp_aes_crypt_ecb(esp_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16])
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + 16)) && esp_tee_ptr_in_ree((void *)(output + 16))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) &&
esp_tee_buf_in_ree(input, 16) &&
esp_tee_buf_in_ree(output, 16));
if (!valid_addr) {
return -1;
@@ -150,8 +163,11 @@ int _ss_esp_aes_crypt_ofb(esp_aes_context *ctx,
const unsigned char *input,
unsigned char *output)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) &&
esp_tee_buf_in_ree(iv_off, sizeof(size_t)) &&
esp_tee_buf_in_ree(iv, 16) &&
esp_tee_buf_in_ree(input, length) &&
esp_tee_buf_in_ree(output, length));
if (!valid_addr) {
return -1;
@@ -165,10 +181,63 @@ int _ss_esp_aes_crypt_ofb(esp_aes_context *ctx,
/* ---------------------------------------------- SHA ------------------------------------------------- */
#if SOC_SHA_SUPPORTED
static size_t get_sha_digest_size(esp_sha_type sha_type)
{
switch (sha_type) {
case SHA1: return 20;
case SHA2_224: return 28;
case SHA2_256: return 32;
#if SOC_SHA_SUPPORT_SHA384
case SHA2_384: return 48;
#endif
#if SOC_SHA_SUPPORT_SHA512
case SHA2_512: return 64;
#endif
default: return 0;
}
}
static size_t get_sha_state_size(esp_sha_type sha_type)
{
switch (sha_type) {
case SHA1: return 20;
case SHA2_224:
case SHA2_256: return 32;
#if SOC_SHA_SUPPORT_SHA384
case SHA2_384: return 64;
#endif
#if SOC_SHA_SUPPORT_SHA512
case SHA2_512: return 64;
#endif
default: return 0;
}
}
static size_t get_sha_block_size(esp_sha_type sha_type)
{
switch (sha_type) {
case SHA1:
case SHA2_224:
case SHA2_256: return 64;
#if SOC_SHA_SUPPORT_SHA384
case SHA2_384: return 128;
#endif
#if SOC_SHA_SUPPORT_SHA512
case SHA2_512: return 128;
#endif
default: return 0;
}
}
void _ss_esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
(esp_tee_ptr_in_ree((void *)(input + ilen))));
size_t digest_size = get_sha_digest_size(sha_type);
if (digest_size == 0) {
return;
}
bool valid_addr = (esp_tee_buf_in_ree(input, ilen) &&
esp_tee_buf_in_ree(output, digest_size));
if (!valid_addr) {
return;
@@ -181,11 +250,9 @@ void _ss_esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen,
int _ss_esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen,
const void *buf, uint32_t buf_len, bool is_first_block)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)input) &&
esp_tee_ptr_in_ree((void *)((char *)input + ilen)));
bool valid_addr = esp_tee_buf_in_ree(input, ilen);
if (buf_len) {
valid_addr &= (esp_tee_ptr_in_ree((void *)buf) &&
esp_tee_ptr_in_ree((void *)((char *)buf + buf_len)));
valid_addr &= esp_tee_buf_in_ree(buf, buf_len);
}
if (!valid_addr) {
@@ -198,16 +265,52 @@ int _ss_esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen,
void _ss_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
{
size_t state_sz = get_sha_state_size(sha_type);
if (state_sz == 0) {
return;
}
bool valid_addr = esp_tee_buf_in_ree(digest_state, state_sz);
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
sha_hal_read_digest(sha_type, digest_state);
}
void _ss_esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state)
{
size_t state_sz = get_sha_state_size(sha_type);
if (state_sz == 0) {
return;
}
bool valid_addr = esp_tee_buf_in_ree(digest_state, state_sz);
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
sha_hal_write_digest(sha_type, digest_state);
}
void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
{
size_t block_sz = get_sha_block_size(sha_type);
if (block_sz == 0) {
return;
}
bool valid_addr = esp_tee_buf_in_ree(data_block, block_sz);
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
esp_sha_block(sha_type, data_block, is_first_block);
}
@@ -234,8 +337,8 @@ int _ss_esp_sha_512_t_init_hash(uint16_t t)
#if SOC_HMAC_SUPPORTED
esp_err_t _ss_esp_hmac_calculate(hmac_key_id_t key_id, const void *message, size_t message_len, uint8_t *hmac)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)message) && esp_tee_ptr_in_ree((void *)hmac)) &&
esp_tee_ptr_in_ree((void *)((char *)message + message_len)));
bool valid_addr = (esp_tee_buf_in_ree(message, message_len) &&
esp_tee_buf_in_ree(hmac, 32));
#if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE
valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID);
@@ -252,7 +355,7 @@ esp_err_t _ss_esp_hmac_calculate(hmac_key_id_t key_id, const void *message, size
esp_err_t _ss_esp_hmac_jtag_enable(hmac_key_id_t key_id, const uint8_t *token)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)token));
bool valid_addr = esp_tee_buf_in_ree((void *)token, 32);
#if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE
valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID);
@@ -274,14 +377,23 @@ esp_err_t _ss_esp_hmac_jtag_disable(void)
#endif
#if SOC_DIG_SIGN_SUPPORTED
static size_t get_ds_msg_sign_len(esp_digital_signature_length_t rsa_length)
{
if (rsa_length != ESP_DS_RSA_1024 && rsa_length != ESP_DS_RSA_2048 &&
rsa_length != ESP_DS_RSA_3072 && rsa_length != ESP_DS_RSA_4096) {
return 0;
}
return (size_t)(rsa_length + 1) * 4;
}
esp_err_t _ss_esp_ds_sign(const void *message,
const esp_ds_data_t *data,
hmac_key_id_t key_id,
void *signature)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)message) &&
esp_tee_ptr_in_ree((void *)data) &&
esp_tee_ptr_in_ree((void *)signature));
bool valid_addr = esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t));
size_t n = get_ds_msg_sign_len(data->rsa_length);
valid_addr = (n > 0) && esp_tee_buf_in_ree(message, n) && esp_tee_buf_in_ree(signature, n);
#if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE
valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID);
@@ -301,9 +413,10 @@ esp_err_t _ss_esp_ds_start_sign(const void *message,
hmac_key_id_t key_id,
esp_ds_context_t **esp_ds_ctx)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)message) &&
esp_tee_ptr_in_ree((void *)data) &&
esp_tee_ptr_in_ree((void *)esp_ds_ctx));
bool valid_addr = (esp_tee_buf_in_ree(esp_ds_ctx, sizeof(esp_ds_context_t *)) &&
esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t)));
size_t n = get_ds_msg_sign_len(data->rsa_length);
valid_addr = (n > 0) && esp_tee_buf_in_ree(message, n);
#if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE
valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID);
@@ -325,10 +438,8 @@ bool _ss_esp_ds_is_busy(void)
esp_err_t _ss_esp_ds_finish_sign(void *signature, esp_ds_context_t *esp_ds_ctx)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)signature) &&
esp_tee_ptr_in_ree((void *)esp_ds_ctx));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)esp_ds_ctx + sizeof(esp_ds_data_t)));
const size_t max_sign = get_ds_msg_sign_len(ESP_DS_RSA_4096);
bool valid_addr = esp_tee_buf_in_ree(signature, max_sign);
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
@@ -343,12 +454,10 @@ esp_err_t _ss_esp_ds_encrypt_params(esp_ds_data_t *data,
const esp_ds_p_data_t *p_data,
const void *key)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)data) && esp_tee_ptr_in_ree((void *)p_data)) &&
(esp_tee_ptr_in_ree((void *)iv) && esp_tee_ptr_in_ree((void *)key)));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)data + sizeof(esp_ds_data_t)));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)p_data + sizeof(esp_ds_p_data_t)));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)key + ESP_DS_DATA_KEY_SIZE));
bool valid_addr = (esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t)) &&
esp_tee_buf_in_ree(iv, ESP_DS_IV_LEN) &&
esp_tee_buf_in_ree(p_data, sizeof(esp_ds_p_data_t)) &&
esp_tee_buf_in_ree(key, ESP_DS_DATA_KEY_SIZE));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
@@ -364,12 +473,10 @@ esp_err_t _ss_esp_ds_encrypt_params_using_key_type(esp_ds_data_t *data,
const void *key,
esp_ds_key_type_t key_type)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)data) && esp_tee_ptr_in_ree((void *)p_data)) &&
(esp_tee_ptr_in_ree((void *)iv) && esp_tee_ptr_in_ree((void *)key)));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)data + sizeof(esp_ds_data_t)));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)p_data + sizeof(esp_ds_p_data_t)));
valid_addr &= esp_tee_ptr_in_ree((void *)((char *)key + ESP_DS_DATA_KEY_SIZE));
bool valid_addr = (esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t)) &&
esp_tee_buf_in_ree(iv, ESP_DS_IV_LEN) &&
esp_tee_buf_in_ree(p_data, sizeof(esp_ds_p_data_t)) &&
esp_tee_buf_in_ree(key, ESP_DS_DATA_KEY_SIZE));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
@@ -394,8 +501,11 @@ void _ss_esp_crypto_mpi_enable_periph_clk(bool enable)
#if SOC_ECC_SUPPORTED
int _ss_esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar, ecc_point_t *result, bool verify_first)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)result)) &&
esp_tee_ptr_in_ree((void *)((char *)result + sizeof(ecc_point_t)));
bool valid_addr = (esp_tee_buf_in_ree(point, sizeof(ecc_point_t)) &&
esp_tee_buf_in_ree(result, sizeof(ecc_point_t)));
if (valid_addr) {
valid_addr = esp_tee_buf_in_ree(scalar, MAX_SIZE);
}
if (!valid_addr) {
return -1;
@@ -407,6 +517,13 @@ int _ss_esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar,
int _ss_esp_ecc_point_verify(const ecc_point_t *point)
{
bool valid_addr = esp_tee_buf_in_ree(point, sizeof(ecc_point_t));
if (!valid_addr) {
return -1;
}
ESP_FAULT_ASSERT(valid_addr);
return esp_ecc_point_verify(point);
}
#endif
@@ -427,8 +544,7 @@ int _ss_esp_tee_ota_begin(void)
int _ss_esp_tee_ota_write(uint32_t rel_offset, void *data, size_t size)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)data)) &&
(esp_tee_ptr_in_ree((void *)((char *)data + size))));
bool valid_addr = esp_tee_buf_in_ree(data, size);
if (!valid_addr) {
return -1;
@@ -452,6 +568,13 @@ esp_err_t _ss_esp_tee_sec_storage_clear_key(const char *key_id)
esp_err_t _ss_esp_tee_sec_storage_gen_key(const esp_tee_sec_storage_key_cfg_t *cfg)
{
bool valid_addr = esp_tee_buf_in_ree(cfg, sizeof(esp_tee_sec_storage_key_cfg_t));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
return esp_tee_sec_storage_gen_key(cfg);
}
@@ -475,11 +598,9 @@ psa_status_t _ss_psa_initial_attest_get_token(const uint8_t *auth_challenge, siz
uint8_t *token_buf, size_t token_buf_size, size_t *token_size)
{
#if CONFIG_SECURE_TEE_ATTESTATION
bool valid_addr = (esp_tee_ptr_in_ree((void *)auth_challenge) &&
esp_tee_ptr_in_ree((void *)token_buf) &&
esp_tee_ptr_in_ree((void *)token_size));
valid_addr &= (esp_tee_ptr_in_ree((void *)((uint8_t *)auth_challenge + challenge_size)) &&
esp_tee_ptr_in_ree((void *)((uint8_t *)token_buf + token_buf_size)));
bool valid_addr = (esp_tee_buf_in_ree(auth_challenge, challenge_size) &&
esp_tee_buf_in_ree(token_buf, token_buf_size) &&
esp_tee_buf_in_ree(token_size, sizeof(size_t)));
if (!valid_addr) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -495,6 +616,13 @@ psa_status_t _ss_psa_initial_attest_get_token(const uint8_t *auth_challenge, siz
psa_status_t _ss_psa_initial_attest_get_token_size(size_t challenge_size, size_t *token_size)
{
#if CONFIG_SECURE_TEE_ATTESTATION
bool valid_addr = esp_tee_buf_in_ree(token_size, sizeof(size_t));
if (!valid_addr) {
return PSA_ERROR_INVALID_ARGUMENT;
}
ESP_FAULT_ASSERT(valid_addr);
return esp_err_to_psa_status(esp_att_get_token_size(challenge_size, token_size));
#else
return PSA_ERROR_NOT_SUPPORTED;
components/esp_tee/subproject/main/core/esp_secure_services_iram.c
+196 -81
View File
@@ -20,6 +20,7 @@
#include "esp_private/memspi_host_driver.h"
#include "esp_private/mspi_timing_tuning.h"
#include "esp_flash.h"
#include "esp_flash_chips/esp_flash_types.h"
#include "riscv/rv_utils.h"
#include "esp_tee.h"
@@ -27,6 +28,7 @@
#include "esp_tee_intr.h"
#include "esp_tee_rv_utils.h"
#include "nvs.h"
#include "esp_tee_flash.h"
#include "esp_tee_sec_storage.h"
@@ -114,11 +116,25 @@ void _ss_esprv_int_set_vectored(int rv_int_num, bool vectored)
void _ss_wdt_hal_init(wdt_hal_context_t *hal, wdt_inst_t wdt_inst, uint32_t prescaler, bool enable_intr)
{
bool valid_addr = esp_tee_buf_in_ree(hal, sizeof(wdt_hal_context_t));
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
wdt_hal_init(hal, wdt_inst, prescaler, enable_intr);
}
void _ss_wdt_hal_deinit(wdt_hal_context_t *hal)
{
bool valid_addr = esp_tee_buf_in_ree(hal, sizeof(wdt_hal_context_t));
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
wdt_hal_deinit(hal);
}
@@ -126,9 +142,9 @@ void _ss_wdt_hal_deinit(wdt_hal_context_t *hal)
esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign(const esp_tee_sec_storage_key_cfg_t *cfg, const uint8_t *hash, size_t hlen, esp_tee_sec_storage_ecdsa_sign_t *out_sign)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)hash) && esp_tee_ptr_in_ree((void *)out_sign)) &&
(esp_tee_ptr_in_ree((void *)(hash + hlen)) &&
esp_tee_ptr_in_ree((void *)((char *)out_sign + sizeof(esp_tee_sec_storage_ecdsa_sign_t)))));
bool valid_addr = (esp_tee_buf_in_ree(cfg, sizeof(esp_tee_sec_storage_key_cfg_t)) &&
esp_tee_buf_in_ree(hash, hlen) &&
esp_tee_buf_in_ree(out_sign, sizeof(esp_tee_sec_storage_ecdsa_sign_t)));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
@@ -140,8 +156,8 @@ esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign(const esp_tee_sec_storage_key_cfg_t
esp_err_t _ss_esp_tee_sec_storage_ecdsa_get_pubkey(const esp_tee_sec_storage_key_cfg_t *cfg, esp_tee_sec_storage_ecdsa_pubkey_t *out_pubkey)
{
bool valid_addr = ((esp_tee_ptr_in_ree((void *)out_pubkey)) &&
(esp_tee_ptr_in_ree((void *)((char *)out_pubkey + sizeof(esp_tee_sec_storage_ecdsa_pubkey_t)))));
bool valid_addr = (esp_tee_buf_in_ree(cfg, sizeof(esp_tee_sec_storage_key_cfg_t)) &&
esp_tee_buf_in_ree(out_pubkey, sizeof(esp_tee_sec_storage_ecdsa_pubkey_t)));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
@@ -153,18 +169,14 @@ esp_err_t _ss_esp_tee_sec_storage_ecdsa_get_pubkey(const esp_tee_sec_storage_key
esp_err_t _ss_esp_tee_sec_storage_aead_encrypt(const esp_tee_sec_storage_aead_ctx_t *ctx, uint8_t *iv, size_t iv_len, uint8_t *tag, size_t tag_len, uint8_t *output)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)ctx->input) &&
esp_tee_ptr_in_ree((void *)iv) &&
esp_tee_ptr_in_ree((void *)tag) &&
esp_tee_ptr_in_ree((void *)output));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_tee_sec_storage_aead_ctx_t)) &&
esp_tee_buf_in_ree(ctx->input, ctx->input_len) &&
esp_tee_buf_in_ree(iv, iv_len) &&
esp_tee_buf_in_ree(tag, tag_len) &&
esp_tee_buf_in_ree(output, ctx->input_len));
valid_addr &= (esp_tee_ptr_in_ree((void *)(ctx->input + ctx->input_len)) &&
esp_tee_ptr_in_ree((void *)(iv + iv_len)) &&
esp_tee_ptr_in_ree((void *)(tag + tag_len)) &&
esp_tee_ptr_in_ree((void *)(output + ctx->input_len)));
if (ctx->aad) {
valid_addr &= (esp_tee_ptr_in_ree((void *)ctx->aad) && esp_tee_ptr_in_ree((void *)(ctx->aad + ctx->aad_len)));
if (ctx->aad_len != 0) {
valid_addr = esp_tee_buf_in_ree(ctx->aad, ctx->aad_len);
}
if (!valid_addr) {
@@ -177,18 +189,14 @@ esp_err_t _ss_esp_tee_sec_storage_aead_encrypt(const esp_tee_sec_storage_aead_ct
esp_err_t _ss_esp_tee_sec_storage_aead_decrypt(const esp_tee_sec_storage_aead_ctx_t *ctx, const uint8_t *iv, size_t iv_len, const uint8_t *tag, size_t tag_len, uint8_t *output)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)ctx->input) &&
esp_tee_ptr_in_ree((void *)iv) &&
esp_tee_ptr_in_ree((void *)tag) &&
esp_tee_ptr_in_ree((void *)output));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_tee_sec_storage_aead_ctx_t)) &&
esp_tee_buf_in_ree(ctx->input, ctx->input_len) &&
esp_tee_buf_in_ree(iv, iv_len) &&
esp_tee_buf_in_ree(tag, tag_len) &&
esp_tee_buf_in_ree(output, ctx->input_len));
valid_addr &= (esp_tee_ptr_in_ree((void *)(ctx->input + ctx->input_len)) &&
esp_tee_ptr_in_ree((void *)(iv + iv_len)) &&
esp_tee_ptr_in_ree((void *)(tag + tag_len)) &&
esp_tee_ptr_in_ree((void *)(output + ctx->input_len)));
if (ctx->aad) {
valid_addr &= (esp_tee_ptr_in_ree((void *)ctx->aad) && esp_tee_ptr_in_ree((void *)(ctx->aad + ctx->aad_len)));
if (ctx->aad_len != 0) {
valid_addr = esp_tee_buf_in_ree(ctx->aad, ctx->aad_len);
}
if (!valid_addr) {
@@ -201,15 +209,11 @@ esp_err_t _ss_esp_tee_sec_storage_aead_decrypt(const esp_tee_sec_storage_aead_ct
esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign_pbkdf2(const esp_tee_sec_storage_pbkdf2_ctx_t *ctx, const uint8_t *hash, size_t hlen, esp_tee_sec_storage_ecdsa_sign_t *out_sign, esp_tee_sec_storage_ecdsa_pubkey_t *out_pubkey)
{
bool valid_addr = (esp_tee_ptr_in_ree((void *)ctx) &&
esp_tee_ptr_in_ree((void *)hash) &&
esp_tee_ptr_in_ree((void *)out_sign) &&
esp_tee_ptr_in_ree((void *)out_pubkey));
valid_addr &= (esp_tee_ptr_in_ree((void *)((char *)ctx + sizeof(esp_tee_sec_storage_pbkdf2_ctx_t))) &&
esp_tee_ptr_in_ree((void *)(hash + hlen)) &&
esp_tee_ptr_in_ree((void *)((char *)out_sign + sizeof(esp_tee_sec_storage_ecdsa_sign_t))) &&
esp_tee_ptr_in_ree((void *)((char *)out_pubkey + sizeof(esp_tee_sec_storage_ecdsa_pubkey_t))));
bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_tee_sec_storage_pbkdf2_ctx_t)) &&
esp_tee_buf_in_ree(hash, hlen) &&
esp_tee_buf_in_ree(out_sign, sizeof(esp_tee_sec_storage_ecdsa_sign_t)) &&
esp_tee_buf_in_ree(out_pubkey, sizeof(esp_tee_sec_storage_ecdsa_pubkey_t)) &&
esp_tee_buf_in_ree(ctx->salt, ctx->salt_len));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
@@ -224,13 +228,15 @@ esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign_pbkdf2(const esp_tee_sec_storage_pb
void _ss_mmu_hal_map_region(uint32_t mmu_id, mmu_target_t mem_type, uint32_t vaddr,
uint32_t paddr, uint32_t len, uint32_t *out_len)
{
bool vaddr_chk = esp_tee_flash_check_vrange_in_tee_region(vaddr, len);
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(paddr, len);
if (vaddr_chk || paddr_chk) {
bool valid_addr = (!esp_tee_flash_check_vrange_in_tee_region(vaddr, len) &&
!esp_tee_flash_check_prange_in_tee_region(paddr, len) &&
esp_tee_buf_in_ree(out_len, sizeof(uint32_t)));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x | 0x%08x", __func__, vaddr, paddr);
return;
}
ESP_FAULT_ASSERT(!vaddr_chk && !paddr_chk);
ESP_FAULT_ASSERT(valid_addr);
mmu_hal_map_region(mmu_id, mem_type, vaddr, paddr, len, out_len);
}
@@ -238,6 +244,7 @@ void _ss_mmu_hal_map_region(uint32_t mmu_id, mmu_target_t mem_type, uint32_t vad
void _ss_mmu_hal_unmap_region(uint32_t mmu_id, uint32_t vaddr, uint32_t len)
{
bool vaddr_chk = esp_tee_flash_check_vrange_in_tee_region(vaddr, len);
if (vaddr_chk) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, vaddr);
return;
@@ -249,21 +256,28 @@ void _ss_mmu_hal_unmap_region(uint32_t mmu_id, uint32_t vaddr, uint32_t len)
bool _ss_mmu_hal_vaddr_to_paddr(uint32_t mmu_id, uint32_t vaddr, uint32_t *out_paddr, mmu_target_t *out_target)
{
bool vaddr_chk = esp_tee_flash_check_vaddr_in_tee_region(vaddr);
if (vaddr_chk) {
bool valid_addr = (!esp_tee_flash_check_vaddr_in_tee_region(vaddr) &&
esp_tee_buf_in_ree(out_paddr, sizeof(uint32_t)) &&
esp_tee_buf_in_ree(out_target, sizeof(mmu_target_t)));
if (!valid_addr) {
return false;
}
ESP_FAULT_ASSERT(!vaddr_chk);
ESP_FAULT_ASSERT(valid_addr);
return mmu_hal_vaddr_to_paddr(mmu_id, vaddr, out_paddr, out_target);
}
bool _ss_mmu_hal_paddr_to_vaddr(uint32_t mmu_id, uint32_t paddr, mmu_target_t target, mmu_vaddr_t type, uint32_t *out_vaddr)
{
bool paddr_chk = esp_tee_flash_check_paddr_in_tee_region(paddr);
if (paddr_chk) {
bool valid_addr = (!esp_tee_flash_check_paddr_in_tee_region(paddr) &&
esp_tee_buf_in_ree(out_vaddr, sizeof(uint32_t)));
if (!valid_addr) {
return false;
}
ESP_FAULT_ASSERT(!paddr_chk);
ESP_FAULT_ASSERT(valid_addr);
return mmu_hal_paddr_to_vaddr(mmu_id, paddr, target, type, out_vaddr);
}
@@ -277,110 +291,192 @@ void _ss_Cache_Set_IDROM_MMU_Size(uint32_t irom_size, uint32_t drom_size)
#if CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1
/* ---------------------------------------------- SPI Flash HAL ------------------------------------------------- */
static bool is_spi_host_in_ree(spi_flash_host_inst_t *host)
{
return esp_tee_buf_in_ree(host, sizeof(spi_flash_host_inst_t));
}
static bool is_spi_trans_valid(spi_flash_host_inst_t *host, spi_flash_trans_t *trans)
{
bool valid_addr = (is_spi_host_in_ree(host) &&
esp_tee_buf_in_ree(trans, sizeof(spi_flash_trans_t)));
if (trans->mosi_len != 0) {
valid_addr &= esp_tee_buf_in_ree(trans->mosi_data, trans->mosi_len);
}
if (trans->miso_len != 0) {
valid_addr &= esp_tee_buf_in_ree(trans->miso_data, trans->miso_len);
}
return valid_addr;
}
uint32_t _ss_spi_flash_hal_check_status(spi_flash_host_inst_t *host)
{
bool valid_addr = is_spi_host_in_ree(host);
if (!valid_addr) {
return 0;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_check_status(host);
}
esp_err_t _ss_spi_flash_hal_common_command(spi_flash_host_inst_t *host, spi_flash_trans_t *trans)
{
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(trans->address, trans->mosi_len);
paddr_chk |= esp_tee_flash_check_prange_in_tee_region(trans->address, trans->miso_len);
if (paddr_chk) {
bool valid_addr = (is_spi_trans_valid(host, trans) &&
!esp_tee_flash_check_prange_in_tee_region(trans->address, trans->mosi_len) &&
!esp_tee_flash_check_prange_in_tee_region(trans->address, trans->miso_len));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, trans->address);
return ESP_FAIL;
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_common_command(host, trans);
}
esp_err_t _ss_spi_flash_hal_device_config(spi_flash_host_inst_t *host)
{
bool valid_addr = is_spi_host_in_ree(host);
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_device_config(host);
}
void _ss_spi_flash_hal_erase_block(spi_flash_host_inst_t *host, uint32_t start_address)
{
bool paddr_chk = esp_tee_flash_check_paddr_in_tee_region(start_address);
if (paddr_chk) {
bool valid_addr = (is_spi_host_in_ree(host) &&
!esp_tee_flash_check_paddr_in_tee_region(start_address));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, start_address);
return;
}
ESP_FAULT_ASSERT(!paddr_chk);
ESP_FAULT_ASSERT(valid_addr);
spi_flash_hal_erase_block(host, start_address);
}
void _ss_spi_flash_hal_erase_sector(spi_flash_host_inst_t *host, uint32_t start_address)
{
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(start_address, FLASH_SECTOR_SIZE);
if (paddr_chk) {
bool valid_addr = (is_spi_host_in_ree(host) &&
!esp_tee_flash_check_prange_in_tee_region(start_address, FLASH_SECTOR_SIZE));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, start_address);
return;
}
ESP_FAULT_ASSERT(!paddr_chk);
ESP_FAULT_ASSERT(valid_addr);
spi_flash_hal_erase_sector(host, start_address);
}
void _ss_spi_flash_hal_program_page(spi_flash_host_inst_t *host, const void *buffer, uint32_t address, uint32_t length)
{
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(address, length);
if (paddr_chk) {
bool valid_addr = (is_spi_host_in_ree(host) &&
!esp_tee_flash_check_prange_in_tee_region(address, length) &&
esp_tee_buf_in_ree(buffer, length));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, address);
return;
}
ESP_FAULT_ASSERT(valid_addr);
bool buf_addr_chk = ((esp_tee_ptr_in_ree((void *)buffer) && esp_tee_ptr_in_ree((void *)(buffer + length))));
if (!buf_addr_chk) {
return;
}
ESP_FAULT_ASSERT(!paddr_chk && buf_addr_chk);
spi_flash_hal_program_page(host, buffer, address, length);
}
esp_err_t _ss_spi_flash_hal_read(spi_flash_host_inst_t *host, void *buffer, uint32_t address, uint32_t read_len)
{
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(address, read_len);
if (paddr_chk) {
bool valid_addr = (is_spi_host_in_ree(host) &&
!esp_tee_flash_check_prange_in_tee_region(address, read_len) &&
esp_tee_buf_in_ree(buffer, read_len));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, address);
return ESP_FAIL;
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
bool buf_addr_chk = ((esp_tee_ptr_in_ree((void *)buffer) && esp_tee_ptr_in_ree((void *)(buffer + read_len))));
if (!buf_addr_chk) {
return ESP_FAIL;
}
ESP_FAULT_ASSERT(!paddr_chk && buf_addr_chk);
return spi_flash_hal_read(host, buffer, address, read_len);
}
void _ss_spi_flash_hal_resume(spi_flash_host_inst_t *host)
{
bool valid_addr = is_spi_host_in_ree(host);
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
spi_flash_hal_resume(host);
}
esp_err_t _ss_spi_flash_hal_set_write_protect(spi_flash_host_inst_t *host, bool wp)
{
bool valid_addr = is_spi_host_in_ree(host);
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_set_write_protect(host, wp);
}
esp_err_t _ss_spi_flash_hal_setup_read_suspend(spi_flash_host_inst_t *host, const spi_flash_sus_cmd_conf *sus_conf)
{
bool valid_addr = (is_spi_host_in_ree(host) &&
esp_tee_buf_in_ree(sus_conf, sizeof(spi_flash_sus_cmd_conf)));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_setup_read_suspend(host, sus_conf);
}
bool _ss_spi_flash_hal_supports_direct_read(spi_flash_host_inst_t *host, const void *p)
{
bool valid_addr = (is_spi_host_in_ree(host) && esp_tee_ptr_in_ree(p));
if (!valid_addr) {
return false;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_supports_direct_read(host, p);
}
bool _ss_spi_flash_hal_supports_direct_write(spi_flash_host_inst_t *host, const void *p)
{
bool valid_addr = (is_spi_host_in_ree(host) && esp_tee_ptr_in_ree(p));
if (!valid_addr) {
return false;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_hal_supports_direct_write(host, p);
}
void _ss_spi_flash_hal_suspend(spi_flash_host_inst_t *host)
{
bool valid_addr = is_spi_host_in_ree(host);
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
spi_flash_hal_suspend(host);
}
@@ -397,29 +493,41 @@ uint32_t _ss_bootloader_flash_execute_command_common(
uint8_t mosi_len, uint32_t mosi_data,
uint8_t miso_len)
{
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(address, mosi_len);
paddr_chk |= esp_tee_flash_check_prange_in_tee_region(address, miso_len);
if (paddr_chk) {
bool valid_addr = (!esp_tee_flash_check_prange_in_tee_region(address, mosi_len) &&
!esp_tee_flash_check_prange_in_tee_region(address, miso_len));
if (!valid_addr) {
ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, address);
return 0;
}
ESP_FAULT_ASSERT(!paddr_chk);
ESP_FAULT_ASSERT(valid_addr);
return bootloader_flash_execute_command_common(command, addr_len, address, dummy_len,
mosi_len, mosi_data, miso_len);
}
esp_err_t _ss_memspi_host_flush_cache(spi_flash_host_inst_t *host, uint32_t addr, uint32_t size)
{
bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(addr, size);
if (paddr_chk) {
return ESP_FAIL;
bool valid_addr = (is_spi_host_in_ree(host) &&
!esp_tee_flash_check_prange_in_tee_region(addr, size));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(!paddr_chk);
ESP_FAULT_ASSERT(valid_addr);
return memspi_host_flush_cache(host, addr, size);
}
esp_err_t _ss_spi_flash_chip_generic_config_host_io_mode(esp_flash_t *chip, uint32_t flags)
{
bool valid_addr = esp_tee_buf_in_ree(chip, sizeof(struct esp_flash_t));
if (!valid_addr) {
return ESP_ERR_INVALID_ARG;
}
ESP_FAULT_ASSERT(valid_addr);
return spi_flash_chip_generic_config_host_io_mode(chip, flags);
}
@@ -451,6 +559,13 @@ void _ss_mspi_timing_change_speed_mode_cache_safe(bool switch_down)
void _ss_spi_timing_get_flash_timing_param(spi_flash_hal_timing_config_t *out_timing_config)
{
bool valid_addr = esp_tee_buf_in_ree(out_timing_config, sizeof(spi_flash_hal_timing_config_t));
if (!valid_addr) {
return;
}
ESP_FAULT_ASSERT(valid_addr);
spi_timing_get_flash_timing_param(out_timing_config);
}
#endif
components/esp_tee/subproject/main/include/esp_tee_memory_utils.h
+18 -3
View File
@@ -1,10 +1,12 @@
/*
* SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2025-2026 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <stddef.h>
#include <stdint.h>
#include "esp_attr.h"
#include "soc/soc.h"
#include "soc/ext_mem_defs.h"
@@ -16,10 +18,10 @@ extern "C" {
FORCE_INLINE_ATTR bool esp_tee_ptr_in_ree(const void *p)
{
intptr_t addr = (intptr_t)p;
uintptr_t addr = (uintptr_t)p;
return (
(addr >= SOC_NS_IDRAM_START && addr < SOC_NS_IDRAM_END) ||
(addr >= (intptr_t)esp_tee_app_config.ns_drom_start &&
(addr >= (uintptr_t)esp_tee_app_config.ns_drom_start &&
addr < SOC_S_MMU_MMAP_RESV_START_VADDR)
#if SOC_RTC_MEM_SUPPORTED
|| (addr >= SOC_RTC_DATA_LOW && addr < SOC_RTC_DATA_HIGH)
@@ -27,6 +29,19 @@ FORCE_INLINE_ATTR bool esp_tee_ptr_in_ree(const void *p)
);
}
FORCE_INLINE_ATTR bool esp_tee_buf_in_ree(const void *p, size_t len)
{
uintptr_t start = (uintptr_t)p;
/* Reject zero-length and overflow */
if (len == 0 || len > (SIZE_MAX - start)) {
return false;
}
return esp_tee_ptr_in_ree(p) &&
esp_tee_ptr_in_ree((const char *)p + len - 1);
}
#ifdef __cplusplus
}
#endif
components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release
+1 -3
View File
@@ -1,8 +1,6 @@
# Reducing TEE I/DRAM sizes
# Reducing TEE IRAM size
# 29KB
CONFIG_SECURE_TEE_IRAM_SIZE=0x7400
# 20KB
CONFIG_SECURE_TEE_DRAM_SIZE=0x5000
# TEE Secure Storage: Release mode
CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE=y
components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.sb_fe
+6
View File
@@ -1,3 +1,9 @@
# Increasing TEE I/DRAM sizes
# 34KB
CONFIG_SECURE_TEE_IRAM_SIZE=0x8800
# 22KB
CONFIG_SECURE_TEE_DRAM_SIZE=0x5800
# Security features - build-only configuration
CONFIG_PARTITION_TABLE_OFFSET=0xf000
components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c
+6 -6
View File
@@ -329,13 +329,13 @@ TEST_CASE("Test TEE Secure Storage - Null Pointer and Zero Length", "[sec_storag
};
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), NULL, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, NULL, sizeof(iv), tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), NULL, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, NULL, sizeof(iv), tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data));
aead_ctx.input = NULL;
aead_ctx.input_len = sizeof(data);
@@ -344,8 +344,8 @@ TEST_CASE("Test TEE Secure Storage - Null Pointer and Zero Length", "[sec_storag
aead_ctx.input = data;
aead_ctx.input_len = 0;
TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data));
TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data));
TEST_ESP_OK(esp_tee_sec_storage_clear_key(key_id));
components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.tee_ota
-4
View File
@@ -16,7 +16,3 @@ CONFIG_SECURE_TEE_ATT_KEY_STR_ID="tee_att_keyN"
# Enabling flash protection over SPI1
CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1=y
# Increasing TEE DRAM size
# 20KB
CONFIG_SECURE_TEE_DRAM_SIZE=0x5000
components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults
+3 -2
View File
@@ -12,5 +12,6 @@ CONFIG_SECURE_TEE_TEST_MODE=y
CONFIG_PARTITION_TABLE_SINGLE_APP_TEE=y
CONFIG_PARTITION_TABLE_OFFSET=0xF000
# TEE IRAM size
CONFIG_SECURE_TEE_IRAM_SIZE=0xC400
# Increasing TEE I/DRAM size
CONFIG_SECURE_TEE_IRAM_SIZE=0x8800
CONFIG_SECURE_TEE_DRAM_SIZE=0x5800