1 /*
2 * Copyright (C) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #include "hks_modify_key_test.h"
19
20 #include "hks_api.h"
21 #include "hks_param.h"
22 #include "hks_test_api_performance.h"
23 #include "hks_test_cipher.h"
24 #include "hks_test_common.h"
25 #include "hks_test_file_operator.h"
26 #include "hks_test_log.h"
27 #include "hks_test_mem.h"
28
29 #include "securec.h"
30
31 using namespace testing::ext;
32 namespace {
33 #ifndef _CUT_AUTHENTICATE_
34
35 class HksModifyKeyTest : public testing::Test {
36 public:
37 static void SetUpTestCase(void);
38
39 static void TearDownTestCase(void);
40
41 void SetUp();
42
43 void TearDown();
44 };
45
SetUpTestCase(void)46 void HksModifyKeyTest::SetUpTestCase(void)
47 {
48 }
49
TearDownTestCase(void)50 void HksModifyKeyTest::TearDownTestCase(void)
51 {
52 }
53
SetUp()54 void HksModifyKeyTest::SetUp()
55 {
56 EXPECT_EQ(HksInitialize(), 0);
57 }
58
TearDown()59 void HksModifyKeyTest::TearDown()
60 {
61 }
62
63 const int DEFAULT_AES_CIPHER_PLAIN_SIZE = 1000;
64 const int AES_DEFAULT_GCM_NONCE_LENGTH = 12;
65 const int AES_DEFAULT_AAD_LEN = 4;
66 const char *g_storePath = "/storage/maindata/hks_client/key";
67 const char *g_testName = "TestName";
68
69 const struct HksTestCipherParams g_testCipherParams[] = {
70 /* success: aes256-gcm-none */
71 { 0, HKS_SUCCESS, { true, DEFAULT_KEY_ALIAS_SIZE, true, DEFAULT_KEY_ALIAS_SIZE },
72 {
73 true, /* genKey params */
74 true, HKS_ALG_AES,
75 true, HKS_AES_KEY_SIZE_256,
76 true, HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT,
77 false, 0,
78 true, HKS_PADDING_NONE,
79 true, HKS_MODE_GCM,
80 false, 0
81 },
82 { false, 0 },
83 {
84 HKS_TEST_CIPHER_TYPE_AES, true, /* encrypt params */
85 true, HKS_ALG_AES,
86 true, HKS_KEY_PURPOSE_ENCRYPT,
87 false, 0,
88 true, HKS_PADDING_NONE,
89 true, HKS_MODE_GCM,
90 false, 0,
91 true, AES_DEFAULT_GCM_NONCE_LENGTH,
92 true, AES_DEFAULT_AAD_LEN
93 },
94 {
95 HKS_TEST_CIPHER_TYPE_AES, true, /* decrypt params */
96 true, HKS_ALG_AES,
97 true, HKS_KEY_PURPOSE_DECRYPT,
98 false, 0,
99 true, HKS_PADDING_NONE,
100 true, HKS_MODE_GCM,
101 false, 0,
102 true, AES_DEFAULT_GCM_NONCE_LENGTH,
103 true, AES_DEFAULT_AAD_LEN
104 },
105 { true, DEFAULT_AES_CIPHER_PLAIN_SIZE, true, DEFAULT_AES_CIPHER_PLAIN_SIZE },
106 { true, DEFAULT_AES_CIPHER_PLAIN_SIZE + 16, true, DEFAULT_AES_CIPHER_PLAIN_SIZE + 16 },
107 { true, DEFAULT_AES_CIPHER_PLAIN_SIZE, true, DEFAULT_AES_CIPHER_PLAIN_SIZE },
108 { false, 0, false, 0 }
109 },
110 };
111
ConstructDataToBlob(struct HksBlob ** inData,struct HksBlob ** outData,const struct HksTestBlobParams * inTextParams,const struct HksTestBlobParams * outTextParams)112 static int32_t ConstructDataToBlob(struct HksBlob **inData, struct HksBlob **outData,
113 const struct HksTestBlobParams *inTextParams, const struct HksTestBlobParams *outTextParams)
114 {
115 int32_t ret = TestConstuctBlob(inData,
116 inTextParams->blobExist,
117 inTextParams->blobSize,
118 inTextParams->blobDataExist,
119 inTextParams->blobDataSize);
120 HKS_TEST_ASSERT(ret == 0);
121
122 ret = TestConstuctBlob(outData,
123 outTextParams->blobExist,
124 outTextParams->blobSize,
125 outTextParams->blobDataExist,
126 outTextParams->blobDataSize);
127 HKS_TEST_ASSERT(ret == 0);
128 return ret;
129 }
130
Encrypt(struct CipherEncryptStructure * encryptStruct)131 static int32_t Encrypt(struct CipherEncryptStructure *encryptStruct)
132 {
133 int32_t ret;
134 struct HksParamSet *encryptParamSet = NULL;
135
136 uint32_t ivSize = encryptStruct->cipherParms->ivSize;
137 uint32_t nonceSize = encryptStruct->cipherParms->nonceSize;
138 uint32_t aadSize = encryptStruct->cipherParms->aadSize;
139 if (ivSize != 0) {
140 ret = TestConstuctBlob(encryptStruct->ivData, true, ivSize, true, ivSize);
141 HKS_TEST_ASSERT(ret == 0);
142 }
143 if (nonceSize != 0) {
144 ret = TestConstuctBlob(encryptStruct->nonceData, true, nonceSize, true, nonceSize);
145 HKS_TEST_ASSERT(ret == 0);
146 }
147 if (aadSize != 0) {
148 ret = TestConstuctBlob(encryptStruct->aadData, true, aadSize, true, aadSize);
149 HKS_TEST_ASSERT(ret == 0);
150 }
151 struct AesCipherParamSetStructure enParamStruct = {
152 &encryptParamSet,
153 encryptStruct->cipherParms->paramSetExist,
154 encryptStruct->cipherParms->setAlg, encryptStruct->cipherParms->alg,
155 encryptStruct->cipherParms->setPurpose, encryptStruct->cipherParms->purpose,
156 encryptStruct->cipherParms->setPadding, encryptStruct->cipherParms->padding,
157 encryptStruct->cipherParms->setBlockMode, encryptStruct->cipherParms->mode,
158 encryptStruct->cipherParms->setIv, *(encryptStruct->ivData),
159 encryptStruct->cipherParms->setNonce, *(encryptStruct->nonceData),
160 encryptStruct->cipherParms->setAad, *(encryptStruct->aadData),
161 encryptStruct->cipherParms->setIsKeyAlias, encryptStruct->cipherParms->isKeyAlias
162 };
163 ret = TestConstructAesCipherParamSet(&enParamStruct);
164 HKS_TEST_ASSERT(ret == 0);
165
166 ret = HksEncryptRun(encryptStruct->keyAlias, encryptParamSet, encryptStruct->plainData, encryptStruct->cipherData,
167 encryptStruct->performTimes);
168 HksFreeParamSet(&encryptParamSet);
169 return ret;
170 }
171
DecryptCipher(struct CipherDecryptStructure * decryptStruct)172 static int32_t DecryptCipher(struct CipherDecryptStructure *decryptStruct)
173 {
174 int32_t ret = TestConstuctBlob(decryptStruct->decryptedData,
175 decryptStruct->cipherParms->decryptedTextParams.blobExist,
176 decryptStruct->cipherParms->decryptedTextParams.blobSize,
177 decryptStruct->cipherParms->decryptedTextParams.blobDataExist,
178 decryptStruct->cipherParms->decryptedTextParams.blobDataSize);
179 HKS_TEST_ASSERT(ret == 0);
180
181 struct HksParamSet *decryptParamSet = NULL;
182 struct AesCipherParamSetStructure deParamStruct = {
183 &decryptParamSet,
184 decryptStruct->cipherParms->decryptParamSetParams.paramSetExist,
185 decryptStruct->cipherParms->decryptParamSetParams.setAlg,
186 decryptStruct->cipherParms->decryptParamSetParams.alg,
187 decryptStruct->cipherParms->decryptParamSetParams.setPurpose,
188 decryptStruct->cipherParms->decryptParamSetParams.purpose,
189 decryptStruct->cipherParms->decryptParamSetParams.setPadding,
190 decryptStruct->cipherParms->decryptParamSetParams.padding,
191 decryptStruct->cipherParms->decryptParamSetParams.setBlockMode,
192 decryptStruct->cipherParms->decryptParamSetParams.mode,
193 decryptStruct->cipherParms->decryptParamSetParams.setIv, decryptStruct->ivData,
194 decryptStruct->cipherParms->decryptParamSetParams.setNonce, decryptStruct->nonceData,
195 decryptStruct->cipherParms->decryptParamSetParams.setAad, decryptStruct->aadData,
196 decryptStruct->cipherParms->decryptParamSetParams.setIsKeyAlias,
197 decryptStruct->cipherParms->decryptParamSetParams.isKeyAlias
198 };
199 ret = TestConstructAesCipherParamSet(&deParamStruct);
200 HKS_TEST_ASSERT(ret == 0);
201
202 ret = HksDecryptRun(decryptStruct->keyAlias, decryptParamSet, decryptStruct->cipherData,
203 *(decryptStruct->decryptedData), decryptStruct->performTimes);
204 HksFreeParamSet(&decryptParamSet);
205 return ret;
206 }
207
GenerateKeyTwo(struct HksBlob * keyAlias,const struct HksTestBlobParams * keyAliasParams,const struct HksTestGenKeyParamsParamSet * genKeyParamSetParams,const struct HksTestGenKeyParamsParamSetOut * genKeyParamSetParamsOut)208 int32_t GenerateKeyTwo(struct HksBlob *keyAlias, const struct HksTestBlobParams *keyAliasParams,
209 const struct HksTestGenKeyParamsParamSet *genKeyParamSetParams,
210 const struct HksTestGenKeyParamsParamSetOut *genKeyParamSetParamsOut)
211 {
212 struct HksParamSet *paramSet = NULL;
213 struct GenerateKeyParamSetStructure paramStruct = {
214 ¶mSet,
215 genKeyParamSetParams->paramSetExist,
216 genKeyParamSetParams->setAlg, genKeyParamSetParams->alg,
217 genKeyParamSetParams->setKeySize, genKeyParamSetParams->keySize,
218 genKeyParamSetParams->setPurpose, genKeyParamSetParams->purpose,
219 genKeyParamSetParams->setDigest, genKeyParamSetParams->digest,
220 genKeyParamSetParams->setPadding, genKeyParamSetParams->padding,
221 genKeyParamSetParams->setBlockMode, genKeyParamSetParams->mode,
222 genKeyParamSetParams->setKeyStorageFlag, genKeyParamSetParams->keyStorageFlag
223 };
224 int32_t ret = TestConstructGenerateKeyParamSet(¶mStruct);
225 HKS_TEST_ASSERT(ret == 0);
226
227 struct HksParamSet *paramSetOut = NULL;
228 if (genKeyParamSetParamsOut != NULL) {
229 ret = TestConstructGenerateKeyParamSetOut(¶mSet,
230 genKeyParamSetParamsOut->paramSetExist, genKeyParamSetParamsOut->paramSetSize);
231 HKS_TEST_ASSERT(ret == 0);
232 }
233
234 ret = HksGenerateKey(keyAlias, paramSet, paramSetOut);
235 HKS_TEST_ASSERT(ret == 0);
236
237 HksFreeParamSet(¶mSet);
238 return ret;
239 }
240
ModifyKey(struct HksBlob * keyAlias)241 static int32_t ModifyKey(struct HksBlob *keyAlias)
242 {
243 uint32_t sizeOne = HksTestFileSize(g_storePath, (char *)keyAlias->data);
244 uint8_t *bufOne = (uint8_t *)HksTestMalloc(sizeOne);
245 if (bufOne == NULL) {
246 return HKS_ERROR_MALLOC_FAIL;
247 }
248 uint32_t sizeRead = HksTestFileRead(g_storePath, (char *)keyAlias->data, 0, bufOne, sizeOne);
249 (void)memset_s(bufOne, sizeRead, 0, sizeRead);
250
251 int32_t ret = HksTestFileWrite(g_storePath, (char *)keyAlias->data, 0, bufOne, sizeOne);
252 HksTestFree(bufOne);
253
254 return ret;
255 }
256
257
BaseTestCipherProcess(struct HksBlob * keyAlias,uint32_t index)258 int32_t BaseTestCipherProcess(struct HksBlob *keyAlias, uint32_t index)
259 {
260 struct HksBlob *plainData = NULL;
261 struct HksBlob *cipherData = NULL;
262 int32_t ret = ConstructDataToBlob(&plainData, &cipherData,
263 &g_testCipherParams[index].plainTextParams, &g_testCipherParams[index].cipherTextParams);
264 HKS_TEST_ASSERT(ret == 0);
265 struct HksBlob *ivData = NULL;
266 struct HksBlob *nonceData = NULL;
267 struct HksBlob *aadData = NULL;
268 struct HksBlob *decryptedData = NULL;
269 /* 2. encrypt */
270 do {
271 struct CipherEncryptStructure testEncryptStruct = {
272 keyAlias, &g_testCipherParams[index].encryptParamSetParams,
273 plainData, cipherData, &ivData, &nonceData, &aadData, 1
274 };
275 ret = Encrypt(&testEncryptStruct);
276 if (ret != g_testCipherParams[index].expectResult) {
277 break;
278 }
279 /* 3. decrypt */
280 struct CipherDecryptStructure testDecryptStruct = {
281 keyAlias, &g_testCipherParams[index], cipherData,
282 &decryptedData, ivData, nonceData, aadData, 1
283 };
284 ret = DecryptCipher(&testDecryptStruct);
285 if (ret != g_testCipherParams[index].expectResult) {
286 break;
287 }
288
289 if (ret == g_testCipherParams[index].expectResult) {
290 if (plainData->size != decryptedData->size) {
291 break;
292 };
293 ret = memcmp(plainData->data, decryptedData->data, plainData->size);
294 }
295 } while (0);
296 TestFreeBlob(&plainData);
297 TestFreeBlob(&cipherData);
298 TestFreeBlob(&decryptedData);
299 TestFreeBlob(&ivData);
300 TestFreeBlob(&nonceData);
301 TestFreeBlob(&aadData);
302 return ret;
303 }
304
305 /**
306 * @tc.name: HksModifyKeyTest.HksModifyKeyTest001
307 * @tc.desc: The static function will return true;
308 * @tc.type: FUNC
309 */
310 HWTEST_F(HksModifyKeyTest, HksModifyKeyTest001, TestSize.Level1)
311 {
312 uint32_t index = 0;
313 struct HksBlob keyAlias = { strlen(g_testName), (uint8_t *)g_testName };
314 int32_t ret = GenerateKeyTwo(&keyAlias, &g_testCipherParams[index].keyAliasParams,
315 &g_testCipherParams[index].genKeyParamSetParams, &g_testCipherParams[index].genKeyParamSetParamsOut);
316 EXPECT_EQ(ret, 0);
317
318 ret = BaseTestCipherProcess(&keyAlias, 0);
319 EXPECT_EQ(ret, 0);
320
321 struct HksBlob *plainData = NULL;
322 struct HksBlob *cipherData = NULL;
323 ret = ConstructDataToBlob(&plainData, &cipherData,
324 &g_testCipherParams[index].plainTextParams, &g_testCipherParams[index].cipherTextParams);
325 EXPECT_EQ(ret, 0);
326 struct HksBlob *ivData = NULL;
327 struct HksBlob *nonceData = NULL;
328 struct HksBlob *aadData = NULL;
329
330 /* 2. encrypt */
331 struct CipherEncryptStructure testEncryptStruct = {
332 &keyAlias, &g_testCipherParams[index].encryptParamSetParams,
333 plainData, cipherData, &ivData, &nonceData, &aadData, 1
334 };
335 ret = Encrypt(&testEncryptStruct);
336 EXPECT_EQ(ret, 0);
337 ret = ModifyKey(&keyAlias);
338 EXPECT_EQ(ret, 0);
339 /* 3. decrypt */
340 struct HksBlob *decryptedData = NULL;
341 struct CipherDecryptStructure testDecryptStruct = {
342 &keyAlias, &g_testCipherParams[index], cipherData,
343 &decryptedData, ivData, nonceData, aadData, 1
344 };
345 ret = DecryptCipher(&testDecryptStruct);
346
347 HKS_TEST_ASSERT(ret != g_testCipherParams[index].expectResult);
348 TestFreeBlob(&plainData);
349 TestFreeBlob(&cipherData);
350 TestFreeBlob(&decryptedData);
351 TestFreeBlob(&ivData);
352 TestFreeBlob(&nonceData);
353 TestFreeBlob(&aadData);
354 EXPECT_NE(ret, 0);
355 }
356 #endif /* _CUT_AUTHENTICATE_ */
357 }
358