1 /*
2 * Copyright (C) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifndef _CUT_AUTHENTICATE_
17
18 #include "hks_modify_key_test.h"
19
20 #include <hctest.h>
21 #include "iot_watchdog.h"
22 #include "hks_api.h"
23 #include "hks_param.h"
24 #include "hks_test_api_performance.h"
25 #include "hks_test_cipher.h"
26 #include "hks_test_common.h"
27 #include "hks_test_log.h"
28 #include "stdlib.h"
29
30 #include "cmsis_os2.h"
31 #include "ohos_types.h"
32
33 #define DEFAULT_AES_CIPHER_PLAIN_SIZE 1000
34 #define AES_DEFAULT_GCM_NONCE_LENGTH 12
35 #define AES_DEFAULT_AAD_LEN 4
36 static const char *g_storePath = "./hks_store/";
37 static const char *g_testName = "TestName";
38
39 #define TEST_TASK_STACK_SIZE 0x2000
40 #define WAIT_TO_TEST_DONE 4
41
42 static osPriority_t g_setPriority;
43
44 static const struct HksTestCipherParams g_testCipherParams[] = {
45 /* success: aes256-gcm-none */
46 { 0, HKS_SUCCESS, { true, DEFAULT_KEY_ALIAS_SIZE, true, DEFAULT_KEY_ALIAS_SIZE },
47 {
48 true, /* genKey params */
49 true, HKS_ALG_AES,
50 true, HKS_AES_KEY_SIZE_256,
51 true, HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT,
52 false, 0,
53 true, HKS_PADDING_NONE,
54 true, HKS_MODE_GCM,
55 false, 0
56 },
57 { false, 0 },
58 {
59 HKS_TEST_CIPHER_TYPE_AES, true, /* encrypt params */
60 true, HKS_ALG_AES,
61 true, HKS_KEY_PURPOSE_ENCRYPT,
62 false, 0,
63 true, HKS_PADDING_NONE,
64 true, HKS_MODE_GCM,
65 false, 0,
66 true, AES_DEFAULT_GCM_NONCE_LENGTH,
67 true, AES_DEFAULT_AAD_LEN
68 },
69 {
70 HKS_TEST_CIPHER_TYPE_AES, true, /* decrypt params */
71 true, HKS_ALG_AES,
72 true, HKS_KEY_PURPOSE_DECRYPT,
73 false, 0,
74 true, HKS_PADDING_NONE,
75 true, HKS_MODE_GCM,
76 false, 0,
77 true, AES_DEFAULT_GCM_NONCE_LENGTH,
78 true, AES_DEFAULT_AAD_LEN
79 },
80 { true, DEFAULT_AES_CIPHER_PLAIN_SIZE, true, DEFAULT_AES_CIPHER_PLAIN_SIZE },
81 { true, DEFAULT_AES_CIPHER_PLAIN_SIZE + 16, true, DEFAULT_AES_CIPHER_PLAIN_SIZE + 16 },
82 { true, DEFAULT_AES_CIPHER_PLAIN_SIZE, true, DEFAULT_AES_CIPHER_PLAIN_SIZE },
83 { false, 0, false, 0 }
84 },
85 };
86
87 /*
88 * @tc.register: register a test suit named "CalcMultiTest"
89 * @param: test subsystem name
90 * @param: c_example module name
91 * @param: CalcMultiTest test suit name
92 */
93 LITE_TEST_SUIT(security, securityData, HksModifyKeyTest);
94
ExecHksInitialize(void const * argument)95 static void ExecHksInitialize(void const *argument)
96 {
97 LiteTestPrint("HksInitialize Begin!\n");
98 TEST_ASSERT_TRUE(HksInitialize() == 0);
99 LiteTestPrint("HksInitialize End!\n");
100 osThreadExit();
101 }
102
103 /**
104 * @tc.setup: define a setup for test suit, format:"CalcMultiTest + SetUp"
105 * @return: true——setup success
106 */
HksModifyKeyTestSetUp()107 static BOOL HksModifyKeyTestSetUp()
108 {
109 LiteTestPrint("setup\n");
110 IoTWatchDogDisable();
111 osThreadId_t id;
112 osThreadAttr_t attr;
113 g_setPriority = osPriorityAboveNormal6;
114 attr.name = "test";
115 attr.attr_bits = 0U;
116 attr.cb_mem = NULL;
117 attr.cb_size = 0U;
118 attr.stack_mem = NULL;
119 attr.stack_size = TEST_TASK_STACK_SIZE;
120 attr.priority = g_setPriority;
121 id = osThreadNew((osThreadFunc_t)ExecHksInitialize, NULL, &attr);
122 sleep(WAIT_TO_TEST_DONE);
123 LiteTestPrint("HksModifyKeyTestSetUp End2!\n");
124 return TRUE;
125 }
126
HksTestRemoveFile()127 static void HksTestRemoveFile()
128 {
129 }
130
131 /**
132 * @tc.teardown: define a setup for test suit, format:"CalcMultiTest + TearDown"
133 * @return: true——teardown success
134 */
HksModifyKeyTestTearDown()135 static BOOL HksModifyKeyTestTearDown()
136 {
137 LiteTestPrint("tearDown\n");
138 HksTestRemoveFile();
139 IoTWatchDogEnable();
140 return TRUE;
141 }
142
143
ConstructDataToBlob(struct HksBlob ** inData,struct HksBlob ** outData,const struct HksTestBlobParams * inTextParams,const struct HksTestBlobParams * outTextParams)144 static int32_t ConstructDataToBlob(struct HksBlob **inData, struct HksBlob **outData,
145 const struct HksTestBlobParams *inTextParams, const struct HksTestBlobParams *outTextParams)
146 {
147 int32_t ret = TestConstuctBlob(inData,
148 inTextParams->blobExist,
149 inTextParams->blobSize,
150 inTextParams->blobDataExist,
151 inTextParams->blobDataSize);
152 HKS_TEST_ASSERT(ret == 0);
153
154 ret = TestConstuctBlob(outData,
155 outTextParams->blobExist,
156 outTextParams->blobSize,
157 outTextParams->blobDataExist,
158 outTextParams->blobDataSize);
159 HKS_TEST_ASSERT(ret == 0);
160 return ret;
161 }
162
Encrypt(struct CipherEncryptStructure * encryptStruct)163 static int32_t Encrypt(struct CipherEncryptStructure *encryptStruct)
164 {
165 int32_t ret;
166 struct HksParamSet *encryptParamSet = NULL;
167
168 uint32_t ivSize = encryptStruct->cipherParms->ivSize;
169 uint32_t nonceSize = encryptStruct->cipherParms->nonceSize;
170 uint32_t aadSize = encryptStruct->cipherParms->aadSize;
171 if (ivSize != 0) {
172 ret = TestConstuctBlob(encryptStruct->ivData, true, ivSize, true, ivSize);
173 HKS_TEST_ASSERT(ret == 0);
174 }
175 if (nonceSize != 0) {
176 ret = TestConstuctBlob(encryptStruct->nonceData, true, nonceSize, true, nonceSize);
177 HKS_TEST_ASSERT(ret == 0);
178 }
179 if (aadSize != 0) {
180 ret = TestConstuctBlob(encryptStruct->aadData, true, aadSize, true, aadSize);
181 HKS_TEST_ASSERT(ret == 0);
182 }
183 struct AesCipherParamSetStructure enParamStruct = {
184 &encryptParamSet,
185 encryptStruct->cipherParms->paramSetExist,
186 encryptStruct->cipherParms->setAlg, encryptStruct->cipherParms->alg,
187 encryptStruct->cipherParms->setPurpose, encryptStruct->cipherParms->purpose,
188 encryptStruct->cipherParms->setPadding, encryptStruct->cipherParms->padding,
189 encryptStruct->cipherParms->setBlockMode, encryptStruct->cipherParms->mode,
190 encryptStruct->cipherParms->setIv, *(encryptStruct->ivData),
191 encryptStruct->cipherParms->setNonce, *(encryptStruct->nonceData),
192 encryptStruct->cipherParms->setAad, *(encryptStruct->aadData),
193 encryptStruct->cipherParms->setIsKeyAlias, encryptStruct->cipherParms->isKeyAlias
194 };
195 ret = TestConstructAesCipherParamSet(&enParamStruct);
196 HKS_TEST_ASSERT(ret == 0);
197
198 ret = HksEncryptRun(encryptStruct->keyAlias, encryptParamSet, encryptStruct->plainData, encryptStruct->cipherData,
199 encryptStruct->performTimes);
200 HksFreeParamSet(&encryptParamSet);
201 return ret;
202 }
203
DecryptCipher(struct CipherDecryptStructure * decryptStruct)204 static int32_t DecryptCipher(struct CipherDecryptStructure *decryptStruct)
205 {
206 int32_t ret = TestConstuctBlob(decryptStruct->decryptedData,
207 decryptStruct->cipherParms->decryptedTextParams.blobExist,
208 decryptStruct->cipherParms->decryptedTextParams.blobSize,
209 decryptStruct->cipherParms->decryptedTextParams.blobDataExist,
210 decryptStruct->cipherParms->decryptedTextParams.blobDataSize);
211 HKS_TEST_ASSERT(ret == 0);
212
213 struct HksParamSet *decryptParamSet = NULL;
214 struct AesCipherParamSetStructure deParamStruct = {
215 &decryptParamSet,
216 decryptStruct->cipherParms->decryptParamSetParams.paramSetExist,
217 decryptStruct->cipherParms->decryptParamSetParams.setAlg,
218 decryptStruct->cipherParms->decryptParamSetParams.alg,
219 decryptStruct->cipherParms->decryptParamSetParams.setPurpose,
220 decryptStruct->cipherParms->decryptParamSetParams.purpose,
221 decryptStruct->cipherParms->decryptParamSetParams.setPadding,
222 decryptStruct->cipherParms->decryptParamSetParams.padding,
223 decryptStruct->cipherParms->decryptParamSetParams.setBlockMode,
224 decryptStruct->cipherParms->decryptParamSetParams.mode,
225 decryptStruct->cipherParms->decryptParamSetParams.setIv, decryptStruct->ivData,
226 decryptStruct->cipherParms->decryptParamSetParams.setNonce, decryptStruct->nonceData,
227 decryptStruct->cipherParms->decryptParamSetParams.setAad, decryptStruct->aadData,
228 decryptStruct->cipherParms->decryptParamSetParams.setIsKeyAlias,
229 decryptStruct->cipherParms->decryptParamSetParams.isKeyAlias
230 };
231 ret = TestConstructAesCipherParamSet(&deParamStruct);
232 HKS_TEST_ASSERT(ret == 0);
233
234 ret = HksDecryptRun(decryptStruct->keyAlias, decryptParamSet, decryptStruct->cipherData,
235 *(decryptStruct->decryptedData), decryptStruct->performTimes);
236 HksFreeParamSet(&decryptParamSet);
237 return ret;
238 }
239
GenerateKeyTwo(const struct HksBlob * keyAlias,const struct HksTestBlobParams * keyAliasParams,const struct HksTestGenKeyParamsParamSet * genKeyParamSetParams,const struct HksTestGenKeyParamsParamSetOut * genKeyParamSetParamsOut)240 int32_t GenerateKeyTwo(const struct HksBlob *keyAlias, const struct HksTestBlobParams *keyAliasParams,
241 const struct HksTestGenKeyParamsParamSet *genKeyParamSetParams,
242 const struct HksTestGenKeyParamsParamSetOut *genKeyParamSetParamsOut)
243 {
244 struct HksParamSet *paramSet = NULL;
245 struct GenerateKeyParamSetStructure paramStruct = {
246 ¶mSet,
247 genKeyParamSetParams->paramSetExist,
248 genKeyParamSetParams->setAlg, genKeyParamSetParams->alg,
249 genKeyParamSetParams->setKeySize, genKeyParamSetParams->keySize,
250 genKeyParamSetParams->setPurpose, genKeyParamSetParams->purpose,
251 genKeyParamSetParams->setDigest, genKeyParamSetParams->digest,
252 genKeyParamSetParams->setPadding, genKeyParamSetParams->padding,
253 genKeyParamSetParams->setBlockMode, genKeyParamSetParams->mode,
254 genKeyParamSetParams->setKeyStorageFlag, genKeyParamSetParams->keyStorageFlag
255 };
256 int32_t ret = TestConstructGenerateKeyParamSet(¶mStruct);
257 HKS_TEST_ASSERT(ret == 0);
258
259 struct HksParamSet *paramSetOut = NULL;
260 if (genKeyParamSetParamsOut != NULL) {
261 ret = TestConstructGenerateKeyParamSetOut(¶mSet,
262 genKeyParamSetParamsOut->paramSetExist, genKeyParamSetParamsOut->paramSetSize);
263 HKS_TEST_ASSERT(ret == 0);
264 }
265
266 ret = HksGenerateKey(keyAlias, paramSet, paramSetOut);
267 HKS_TEST_ASSERT(ret == 0);
268
269 HksFreeParamSet(¶mSet);
270 return ret;
271 }
272
BaseTestCipherProcess(const struct HksBlob * keyAlias,uint32_t index)273 int32_t BaseTestCipherProcess(const struct HksBlob *keyAlias, uint32_t index)
274 {
275 struct HksBlob *plainData = NULL;
276 struct HksBlob *cipherData = NULL;
277 int32_t ret = ConstructDataToBlob(&plainData, &cipherData,
278 &g_testCipherParams[index].plainTextParams, &g_testCipherParams[index].cipherTextParams);
279 HKS_TEST_ASSERT(ret == 0);
280 struct HksBlob *ivData = NULL;
281 struct HksBlob *nonceData = NULL;
282 struct HksBlob *aadData = NULL;
283 struct HksBlob *decryptedData = NULL;
284 /* 2. encrypt */
285 do {
286 struct CipherEncryptStructure testEncryptStruct = {
287 keyAlias, &g_testCipherParams[index].encryptParamSetParams,
288 plainData, cipherData, &ivData, &nonceData, &aadData, 1
289 };
290 ret = Encrypt(&testEncryptStruct);
291 if (ret != g_testCipherParams[index].expectResult) {
292 break;
293 }
294 /* 3. decrypt */
295 struct CipherDecryptStructure testDecryptStruct = {
296 keyAlias, &g_testCipherParams[index], cipherData,
297 &decryptedData, ivData, nonceData, aadData, 1
298 };
299 ret = DecryptCipher(&testDecryptStruct);
300 if (ret != g_testCipherParams[index].expectResult) {
301 break;
302 }
303
304 if (ret == g_testCipherParams[index].expectResult) {
305 if (plainData->size != decryptedData->size) {
306 break;
307 };
308 ret = memcmp(plainData->data, decryptedData->data, plainData->size);
309 }
310 } while (0);
311 TestFreeBlob(&plainData);
312 TestFreeBlob(&cipherData);
313 TestFreeBlob(&decryptedData);
314 TestFreeBlob(&ivData);
315 TestFreeBlob(&nonceData);
316 TestFreeBlob(&aadData);
317 return ret;
318 }
319
320 enum HksStorageType {
321 HKS_STORAGE_TYPE_KEY = 0,
322 HKS_STORAGE_TYPE_CERTCHAIN,
323 HKS_STORAGE_TYPE_ROOT_KEY,
324 };
325
326 extern int32_t HksStoreKeyBlob(const struct HksBlob *processName, const struct HksBlob *keyAlias,
327 enum HksStorageType storageType, const struct HksBlob *keyBlob);
HksStoreKeyBlob(const struct HksBlob * processName,const struct HksBlob * keyAlias,enum HksStorageType storageType,const struct HksBlob * keyBlob)328 int32_t __attribute__((weak)) HksStoreKeyBlob(const struct HksBlob *processName, const struct HksBlob *keyAlias,
329 enum HksStorageType storageType, const struct HksBlob *keyBlob)
330 {
331 (void)processName;
332 (void)keyAlias;
333 (void)storageType;
334 (void)keyBlob;
335 }
336
ExecHksModifyKeyTest001(void const * argument)337 static void ExecHksModifyKeyTest001(void const *argument)
338 {
339 LiteTestPrint("HksModifyKeyTest001 Begin!\n");
340
341 uint32_t index = 0;
342 struct HksBlob keyAlias = { strlen(g_testName), (uint8_t *)g_testName };
343 int32_t ret = GenerateKeyTwo(&keyAlias, &g_testCipherParams[index].keyAliasParams,
344 &g_testCipherParams[index].genKeyParamSetParams,
345 &g_testCipherParams[index].genKeyParamSetParamsOut);
346 TEST_ASSERT_TRUE(ret == 0);
347
348 ret = BaseTestCipherProcess(&keyAlias, 0);
349 TEST_ASSERT_TRUE(ret == 0);
350
351 struct HksBlob *plainData = NULL;
352 struct HksBlob *cipherData = NULL;
353 ret = ConstructDataToBlob(&plainData, &cipherData,
354 &g_testCipherParams[index].plainTextParams, &g_testCipherParams[index].cipherTextParams);
355 TEST_ASSERT_TRUE(ret == 0);
356 struct HksBlob *ivData = NULL;
357 struct HksBlob *nonceData = NULL;
358 struct HksBlob *aadData = NULL;
359
360 /* 2. encrypt */
361 struct CipherEncryptStructure testEncryptStruct = {
362 &keyAlias, &g_testCipherParams[index].encryptParamSetParams,
363 plainData, cipherData, &ivData, &nonceData, &aadData, 1
364 };
365 ret = Encrypt(&testEncryptStruct);
366 TEST_ASSERT_TRUE(ret == 0);
367
368 ret = GenerateKeyTwo(&keyAlias, &g_testCipherParams[index].keyAliasParams,
369 &g_testCipherParams[index].genKeyParamSetParams,
370 &g_testCipherParams[index].genKeyParamSetParamsOut);
371 TEST_ASSERT_TRUE(ret == 0);
372
373 /* 3. decrypt */
374 struct HksBlob *decryptedData = NULL;
375 struct CipherDecryptStructure testDecryptStruct = {
376 &keyAlias, &g_testCipherParams[index], cipherData,
377 &decryptedData, ivData, nonceData, aadData, 1
378 };
379 ret = DecryptCipher(&testDecryptStruct);
380
381 HKS_TEST_ASSERT(ret != g_testCipherParams[index].expectResult);
382 TestFreeBlob(&plainData);
383 TestFreeBlob(&cipherData);
384 TestFreeBlob(&decryptedData);
385 TestFreeBlob(&ivData);
386 TestFreeBlob(&nonceData);
387 TestFreeBlob(&aadData);
388 TEST_ASSERT_TRUE(ret != 0);
389
390 LiteTestPrint("HksModifyKeyTest001 End!\n");
391 osThreadExit();
392 }
393
394 /**
395 * @tc.name: HksModifyKeyTest.HksModifyKeyTest001
396 * @tc.desc: The static function will return true;
397 * @tc.type: FUNC
398 */
LITE_TEST_CASE(HksModifyKeyTest,HksModifyKeyTest001,Level1)399 LITE_TEST_CASE(HksModifyKeyTest, HksModifyKeyTest001, Level1)
400 {
401 osThreadId_t id;
402 osThreadAttr_t attr;
403 g_setPriority = osPriorityAboveNormal6;
404 attr.name = "test";
405 attr.attr_bits = 0U;
406 attr.cb_mem = NULL;
407 attr.cb_size = 0U;
408 attr.stack_mem = NULL;
409 attr.stack_size = TEST_TASK_STACK_SIZE;
410 attr.priority = g_setPriority;
411 id = osThreadNew((osThreadFunc_t)ExecHksModifyKeyTest001, NULL, &attr);
412 sleep(WAIT_TO_TEST_DONE);
413 LiteTestPrint("HksModifyKeyTest001 End2!\n");
414 }
415
416 RUN_TEST_SUITE(HksModifyKeyTest);
417 #endif /* _CUT_AUTHENTICATE_ */
418