1 /*
2 * Copyright (c) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_test_aes.h"
17 #include "hks_api.h"
18 #include "hks_param.h"
19 #include "hks_test_common.h"
20 #include "hks_test_log.h"
21
22 #define TEST_PLAIN_TEST "This is a plain text! Hello world and thanks for watching AES^^"
23 #define TEST_AES_12 12
24 #define TEST_AES_16 16
25 #define TEST_AES_32 32
26 #define TEST_AES_128 128
27 #define TEST_AES_256 256
28
29 static uint8_t g_buffer[TEST_AES_256];
30 static uint32_t g_bufferSize = TEST_AES_256;
31
32 uint8_t g_nonce[TEST_AES_12] = "hahahahahah";
33 uint8_t g_aad[TEST_AES_16] = "bababababababab";
34 uint8_t g_iv[TEST_AES_16] = "aabaabaabaabaab";
35
ConstructParamSetEncryptDecryptAesPre(uint32_t mode,uint32_t padding,bool isEncrypt,struct HksParamSet ** paramSet)36 static int32_t ConstructParamSetEncryptDecryptAesPre(uint32_t mode, uint32_t padding, bool isEncrypt,
37 struct HksParamSet **paramSet)
38 {
39 int32_t ret = HksInitParamSet(paramSet);
40 if (ret != 0) {
41 HKS_TEST_LOG_E("HksAddParamInit failed!\n");
42 return ret;
43 }
44
45 do {
46 struct HksParam algParam = {0};
47 algParam.tag = HKS_TAG_ALGORITHM;
48 algParam.uint32Param = HKS_ALG_AES;
49 ret = HksAddParams(*paramSet, (const struct HksParam *)&algParam, 1);
50 if (ret != 0) {
51 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
52 break;
53 }
54
55 struct HksParam modeParam = {0};
56 modeParam.tag = HKS_TAG_BLOCK_MODE;
57 modeParam.uint32Param = mode;
58 ret = HksAddParams(*paramSet, (const struct HksParam *)&modeParam, 1);
59 if (ret != 0) {
60 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
61 break;
62 }
63
64 struct HksParam padParam = {0};
65 padParam.tag = HKS_TAG_PADDING;
66 padParam.uint32Param = padding;
67 ret = HksAddParams(*paramSet, (const struct HksParam *)&padParam, 1);
68 if (ret != 0) {
69 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
70 break;
71 }
72
73 struct HksParam purposeParam = {0};
74 purposeParam.tag = HKS_TAG_PURPOSE;
75 if (isEncrypt) {
76 purposeParam.uint32Param = HKS_KEY_PURPOSE_ENCRYPT;
77 } else {
78 purposeParam.uint32Param = HKS_KEY_PURPOSE_DECRYPT;
79 }
80 ret = HksAddParams(*paramSet, (const struct HksParam *)&purposeParam, 1);
81 if (ret != 0) {
82 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
83 break;
84 }
85 } while (0);
86 return ret;
87 }
88
ConstructParamSetEncryptDecryptAesPost(uint32_t mode,struct HksParamSet ** paramSet)89 static int32_t ConstructParamSetEncryptDecryptAesPost(uint32_t mode, struct HksParamSet **paramSet)
90 {
91 int32_t ret;
92 do {
93 struct HksParam aadParam = {0};
94 aadParam.tag = HKS_TAG_ASSOCIATED_DATA;
95 aadParam.blob.data = g_aad;
96 aadParam.blob.size = sizeof(g_aad);
97 ret = HksAddParams(*paramSet, (const struct HksParam *)&aadParam, 1);
98 if (ret != 0) {
99 HKS_TEST_LOG_E("HksAddParam aadParam failed!\n");
100 break;
101 }
102
103 if (mode == HKS_MODE_CBC) {
104 struct HksParam ivParam = {0};
105 ivParam.tag = HKS_TAG_IV;
106 ivParam.blob.data = g_iv;
107 ivParam.blob.size = sizeof(g_iv);
108 ret = HksAddParams(*paramSet, (const struct HksParam *)&ivParam, 1);
109 if (ret != 0) {
110 HKS_TEST_LOG_E("HksAddParam ivParam failed!\n");
111 break;
112 }
113 } else {
114 struct HksParam nonceParam = {0};
115 nonceParam.tag = HKS_TAG_NONCE;
116 nonceParam.blob.data = g_nonce;
117 nonceParam.blob.size = sizeof(g_nonce);
118 ret = HksAddParams(*paramSet, (const struct HksParam *)&nonceParam, 1);
119 if (ret != 0) {
120 HKS_TEST_LOG_E("HksAddParam nonceParam failed!\n");
121 break;
122 }
123 }
124
125 ret = HksBuildParamSet(paramSet);
126 if (ret != 0) {
127 HKS_TEST_LOG_E("HksAddParamFinal failed!\n");
128 break;
129 }
130 } while (0);
131
132 return ret;
133 }
134
ConstructParamSetEncryptDecryptAes(uint32_t mode,uint32_t padding,bool isEncrypt,struct HksParamSet ** paramSet)135 static int32_t ConstructParamSetEncryptDecryptAes(uint32_t mode, uint32_t padding, bool isEncrypt,
136 struct HksParamSet **paramSet)
137 {
138 int32_t ret = ConstructParamSetEncryptDecryptAesPre(mode, padding, isEncrypt, paramSet);
139 HKS_TEST_ASSERT(ret == 0);
140 ret = ConstructParamSetEncryptDecryptAesPost(mode, paramSet);
141 HKS_TEST_ASSERT(ret == 0);
142 return ret;
143 }
144
145 #define TEST_KEY_AUTH_ID "This is a test auth id for generate ed25519 key, keyauthIdvalid!"
GenerateBaseKey(const struct HksBlob * alias)146 void GenerateBaseKey(const struct HksBlob *alias)
147 {
148 HKS_TEST_LOG_I("Test_Aes_gen_by_derive BASEKEY!\n");
149 struct HksParamSet *paramSet = NULL;
150 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
151
152 struct HksBlob authId = { strlen(TEST_KEY_AUTH_ID), (uint8_t *)TEST_KEY_AUTH_ID };
153
154 struct HksParam tmpParams[] = {
155 { .tag = HKS_TAG_ALGORITHM,
156 .uint32Param = HKS_ALG_ED25519 },
157 { .tag = HKS_TAG_KEY_SIZE,
158 .uint32Param = TEST_AES_256 },
159 { .tag = HKS_TAG_PURPOSE,
160 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
161 { .tag = HKS_TAG_DIGEST,
162 .uint32Param = HKS_DIGEST_SHA512 },
163 { .tag = HKS_TAG_PADDING,
164 .uint32Param = HKS_PADDING_NONE },
165 { .tag = HKS_TAG_KEY_AUTH_ID,
166 .blob = authId },
167 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
168 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE }, /* no use */
169 };
170
171 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
172 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
173 HKS_TEST_ASSERT(HksGenerateKey(alias, paramSet, NULL) == 0);
174
175 HksFreeParamSet(¶mSet);
176 }
177
178 #define TEST_AES_KEY_BASE_NAME_1 "test_aes_key_by_derive_base_name_ed25519_1"
179 #define TEST_AES_KEY_BASE_NAME_2 "test_aes_key_by_derive_base_name_ed25519_2"
180 #define TEST_AES_KEY_BASE_NAME_1_PUBKEY "test_aes_key_by_derive_base_name_ed25519_1_pubkey"
181 #define TEST_AES_KEY_BASE_NAME_2_PUBKEY "test_aes_key_by_derive_base_name_ed25519_2_pubkey"
182
183 #define TEST_AES_KEY_AGREE_NAME1 "test_aes_key_by_agree_name_keyAlias1"
184 #define TEST_AES_KEY_AGREE_NAME2 "test_aes_key_by_agree_name_keyAlias2"
185
PlainPubKey(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)186 static void PlainPubKey(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
187 struct HksParamSet *paramSet)
188 {
189 struct HksParam tmpParams[] = {
190 { .tag = HKS_TAG_ALGORITHM,
191 .uint32Param = HKS_ALG_AES },
192 { .tag = HKS_TAG_KEY_SIZE,
193 .uint32Param = TEST_AES_256 },
194 { .tag = HKS_TAG_PURPOSE,
195 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT },
196 { .tag = HKS_TAG_BLOCK_MODE,
197 .uint32Param = HKS_MODE_GCM },
198 { .tag = HKS_TAG_PADDING,
199 .uint32Param = HKS_PADDING_NONE },
200 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
201 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE },
202 { .tag = HKS_TAG_AGREE_PRIVATE_KEY_ALIAS,
203 .blob = *baseKey },
204 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
205 .blob = *peerPubKey },
206 { .tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
207 .boolParam = false },
208 { .tag = HKS_TAG_AGREE_ALG,
209 .uint32Param = HKS_ALG_ED25519 },
210 };
211
212 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
213 }
214
SetKeyAliasTrue(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)215 static void SetKeyAliasTrue(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
216 struct HksParamSet *paramSet)
217 {
218 struct HksParam tmpParams[] = {
219 { .tag = HKS_TAG_ALGORITHM,
220 .uint32Param = HKS_ALG_AES },
221 { .tag = HKS_TAG_KEY_SIZE,
222 .uint32Param = TEST_AES_256 },
223 { .tag = HKS_TAG_PURPOSE,
224 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT },
225 { .tag = HKS_TAG_BLOCK_MODE,
226 .uint32Param = HKS_MODE_GCM },
227 { .tag = HKS_TAG_PADDING,
228 .uint32Param = HKS_PADDING_NONE },
229 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
230 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE },
231 { .tag = HKS_TAG_AGREE_PRIVATE_KEY_ALIAS,
232 .blob = *baseKey },
233 { .tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
234 .boolParam = true },
235 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
236 .blob = *peerPubKey },
237 { .tag = HKS_TAG_AGREE_ALG,
238 .uint32Param = HKS_ALG_ED25519 },
239 };
240
241 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
242 }
243
SetKeyAliasWrong(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)244 static void SetKeyAliasWrong(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
245 struct HksParamSet *paramSet)
246 {
247 struct HksParam tmpParams[] = {
248 { .tag = HKS_TAG_ALGORITHM,
249 .uint32Param = HKS_ALG_AES },
250 { .tag = HKS_TAG_KEY_SIZE,
251 .uint32Param = TEST_AES_256 },
252 { .tag = HKS_TAG_PURPOSE,
253 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT },
254 { .tag = HKS_TAG_BLOCK_MODE,
255 .uint32Param = HKS_MODE_GCM },
256 { .tag = HKS_TAG_PADDING,
257 .uint32Param = HKS_PADDING_NONE },
258 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
259 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE },
260 { .tag = HKS_TAG_AGREE_PRIVATE_KEY_ALIAS,
261 .blob = *baseKey },
262 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
263 .blob = *peerPubKey },
264 { .tag = HKS_TAG_AGREE_ALG,
265 .uint32Param = HKS_ALG_ED25519 },
266 };
267
268 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
269 }
270
GenerateAesAgreeKey(const struct HksBlob * alias,const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,bool isPlainPubKey,bool isSetKeyAliasTrue)271 static void GenerateAesAgreeKey(const struct HksBlob *alias, const struct HksBlob *baseKey,
272 const struct HksBlob *peerPubKey, bool isPlainPubKey, bool isSetKeyAliasTrue)
273 {
274 HKS_TEST_LOG_I("Test_Aes_gen_by_agree key!\n");
275 struct HksParamSet *paramSet = NULL;
276 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
277
278 if (isPlainPubKey) {
279 PlainPubKey(baseKey, peerPubKey, paramSet);
280 } else {
281 if (isSetKeyAliasTrue) {
282 SetKeyAliasTrue(baseKey, peerPubKey, paramSet);
283 } else {
284 SetKeyAliasWrong(baseKey, peerPubKey, paramSet);
285 }
286 }
287 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
288 HKS_TEST_ASSERT(HksGenerateKey(alias, paramSet, NULL) == 0);
289 HKS_TEST_LOG_I("End Test_Aes_gen_by_agree key!\n");
290
291 HksFreeParamSet(¶mSet);
292 }
293
ExportPubKey(const struct HksBlob * alias,struct HksBlob * pubKey)294 static void ExportPubKey(const struct HksBlob *alias, struct HksBlob *pubKey)
295 {
296 HKS_TEST_ASSERT(HksExportPublicKey(alias, NULL, pubKey) == 0);
297 }
298
ImportPubKey(const struct HksBlob * alias,const struct HksBlob * pubKey)299 static void ImportPubKey(const struct HksBlob *alias, const struct HksBlob *pubKey)
300 {
301 HKS_TEST_LOG_I("Test_Import pubKey!\n");
302 struct HksParamSet *paramSet = NULL;
303 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
304
305 struct HksBlob authId = { strlen(TEST_KEY_AUTH_ID), (uint8_t *)TEST_KEY_AUTH_ID };
306
307 struct HksParam tmpParams[] = {
308 { .tag = HKS_TAG_ALGORITHM,
309 .uint32Param = HKS_ALG_ED25519 },
310 { .tag = HKS_TAG_KEY_SIZE,
311 .uint32Param = TEST_AES_256 },
312 { .tag = HKS_TAG_PURPOSE,
313 .uint32Param = HKS_KEY_PURPOSE_VERIFY },
314 { .tag = HKS_TAG_DIGEST,
315 .uint32Param = HKS_DIGEST_SHA512 },
316 { .tag = HKS_TAG_PADDING,
317 .uint32Param = HKS_PADDING_NONE },
318 { .tag = HKS_TAG_KEY_AUTH_ID,
319 .blob = authId },
320 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
321 .uint32Param = HKS_KEY_GENERATE_TYPE_DEFAULT }, /* no use */
322 };
323
324 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
325 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
326 HKS_TEST_ASSERT(HksImportKey(alias, paramSet, pubKey) == 0);
327
328 HksFreeParamSet(¶mSet);
329 }
330
331 #define TEST_AES_KEY_BASE_NAME "test_aes_key_by_derive_base_name_ed25519"
332 #define TEST_AES_KEY_DERIVE_NAME1 "test_aes_key_by_derive_name_keyAlias1"
333 #define TEST_AES_KEY_DERIVE_NAME2 "test_aes_key_by_derive_name_keyAlias2"
TestAes256ByAgree()334 int32_t TestAes256ByAgree()
335 {
336 HKS_TEST_LOG_I("enter");
337 /* generate ed25519 key */
338 struct HksBlob baseKeyAlias1 = { strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
339 GenerateBaseKey(&baseKeyAlias1);
340
341 struct HksBlob baseKeyAlias2 = { strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
342 GenerateBaseKey(&baseKeyAlias2);
343
344 uint8_t pubKey1[TEST_AES_128] = {0};
345 uint8_t pubKey2[TEST_AES_128] = {0};
346 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
347 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
348 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
349 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
350
351 struct HksBlob pubKeyAlias1 = {
352 strlen(TEST_AES_KEY_BASE_NAME_1_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_1_PUBKEY
353 };
354 struct HksBlob pubKeyAlias2 = {
355 strlen(TEST_AES_KEY_BASE_NAME_2_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_2_PUBKEY
356 };
357 ImportPubKey(&pubKeyAlias1, &pubKeyBlob1);
358 ImportPubKey(&pubKeyAlias2, &pubKeyBlob2);
359
360 /* generate aes key 1 */
361 struct HksBlob aesKeyAlias1 = { strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
362 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyAlias2, false, false);
363
364 /* generate aes key 2 */
365 struct HksBlob aesKeyAlias2 = { strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
366 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyAlias1, false, false);
367
368 /* encrypt by aes key 1 */
369 struct HksParamSet *paramSet = NULL;
370 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSet);
371 HKS_TEST_ASSERT(ret == 0);
372 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
373 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
374 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
375 HKS_TEST_ASSERT(HksEncrypt(&aesKeyAlias1, paramSet, &plainText1, &cipherText1) == 0);
376 g_bufferSize = cipherText1.size;
377
378 HksFreeParamSet(¶mSet);
379
380 /* decrypt by aes key 2 */
381 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSet);
382 HKS_TEST_ASSERT(ret == 0);
383 struct HksBlob cipherText = { g_bufferSize, g_buffer };
384 uint8_t tmp[TEST_AES_256] = {0};
385 struct HksBlob plainText = { TEST_AES_256, tmp };
386 ret = HksDecrypt(&aesKeyAlias2, paramSet, &cipherText, &plainText);
387 HKS_TEST_ASSERT(ret == 0);
388 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
389 HksFreeParamSet(¶mSet);
390
391 HksDeleteKey(&baseKeyAlias1, NULL);
392 HksDeleteKey(&baseKeyAlias2, NULL);
393 HksDeleteKey(&pubKeyAlias1, NULL);
394 HksDeleteKey(&pubKeyAlias2, NULL);
395 HksDeleteKey(&aesKeyAlias1, NULL);
396 HksDeleteKey(&aesKeyAlias2, NULL);
397 HKS_TEST_LOG_I("end");
398 return ret;
399 }
400
TestAes256ByAgree1()401 int32_t TestAes256ByAgree1()
402 {
403 HKS_TEST_LOG_I("enter");
404
405 /* generate ed25519 key */
406 struct HksBlob baseKeyAlias1 = { strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
407 GenerateBaseKey(&baseKeyAlias1);
408
409 struct HksBlob baseKeyAlias2 = { strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
410 GenerateBaseKey(&baseKeyAlias2);
411
412 uint8_t pubKey1[TEST_AES_128] = {0};
413 uint8_t pubKey2[TEST_AES_128] = {0};
414 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
415 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
416 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
417 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
418
419 struct HksBlob pubKeyAlias1 = {
420 strlen(TEST_AES_KEY_BASE_NAME_1_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_1_PUBKEY
421 };
422 struct HksBlob pubKeyAlias2 = {
423 strlen(TEST_AES_KEY_BASE_NAME_2_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_2_PUBKEY
424 };
425 ImportPubKey(&pubKeyAlias1, &pubKeyBlob1);
426 ImportPubKey(&pubKeyAlias2, &pubKeyBlob2);
427
428 /* generate aes key 1 */
429 struct HksBlob aesKeyAlias1 = { strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
430 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyAlias2, false, true);
431
432 /* generate aes key 2 */
433 struct HksBlob aesKeyAlias2 = { strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
434 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyAlias1, false, true);
435
436 /* encrypt by aes key 1 */
437 struct HksParamSet *paramSet = NULL;
438 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSet);
439 HKS_TEST_ASSERT(ret == 0);
440 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
441 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
442 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
443 HKS_TEST_ASSERT(HksEncrypt(&aesKeyAlias1, paramSet, &plainText1, &cipherText1) == 0);
444 g_bufferSize = cipherText1.size;
445
446 HksFreeParamSet(¶mSet);
447
448 /* decrypt by aes key 2 */
449 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSet);
450 HKS_TEST_ASSERT(ret == 0);
451 struct HksBlob cipherText = { g_bufferSize, g_buffer };
452 uint8_t tmp[TEST_AES_256] = {0};
453 struct HksBlob plainText = { TEST_AES_256, tmp };
454 ret = HksDecrypt(&aesKeyAlias2, paramSet, &cipherText, &plainText);
455 HKS_TEST_ASSERT(ret == 0);
456 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
457 HksFreeParamSet(¶mSet);
458
459 HksDeleteKey(&baseKeyAlias1, NULL);
460 HksDeleteKey(&baseKeyAlias2, NULL);
461 HksDeleteKey(&pubKeyAlias1, NULL);
462 HksDeleteKey(&pubKeyAlias2, NULL);
463 HksDeleteKey(&aesKeyAlias1, NULL);
464 HksDeleteKey(&aesKeyAlias2, NULL);
465 HKS_TEST_LOG_I("end");
466 return ret;
467 }
468
TestAes256ByAgree2()469 int32_t TestAes256ByAgree2()
470 {
471 HKS_TEST_LOG_I("enter");
472 /* generate ed25519 key */
473 struct HksBlob baseKeyAlias1 = { strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
474 GenerateBaseKey(&baseKeyAlias1);
475
476 struct HksBlob baseKeyAlias2 = { strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
477 GenerateBaseKey(&baseKeyAlias2);
478
479 uint8_t pubKey1[TEST_AES_128] = {0};
480 uint8_t pubKey2[TEST_AES_128] = {0};
481 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
482 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
483 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
484 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
485
486 /* generate aes key 1 */
487 struct HksBlob aesKeyAlias1 = { strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
488 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyBlob2, true, false);
489
490 /* generate aes key 2 */
491 struct HksBlob aesKeyAlias2 = { strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
492 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyBlob1, true, false);
493
494 /* encrypt by aes key 1 */
495 struct HksParamSet *paramSet = NULL;
496 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSet);
497 HKS_TEST_ASSERT(ret == 0);
498 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
499 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
500 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
501 HKS_TEST_ASSERT(HksEncrypt(&aesKeyAlias1, paramSet, &plainText1, &cipherText1) == 0);
502 g_bufferSize = cipherText1.size;
503
504 HksFreeParamSet(¶mSet);
505
506 /* decrypt by aes key 2 */
507 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSet);
508 HKS_TEST_ASSERT(ret == 0);
509 struct HksBlob cipherText = { g_bufferSize, g_buffer };
510 uint8_t tmp[TEST_AES_256] = {0};
511 struct HksBlob plainText = { TEST_AES_256, tmp };
512 ret = HksDecrypt(&aesKeyAlias2, paramSet, &cipherText, &plainText);
513 HKS_TEST_ASSERT(ret == 0);
514 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
515 HksFreeParamSet(¶mSet);
516
517 HksDeleteKey(&baseKeyAlias1, NULL);
518 HksDeleteKey(&baseKeyAlias2, NULL);
519 HksDeleteKey(&aesKeyAlias1, NULL);
520 HksDeleteKey(&aesKeyAlias2, NULL);
521 HKS_TEST_LOG_I("end");
522 return ret;
523 }
524
TestAes256ByLocal()525 int32_t TestAes256ByLocal()
526 {
527 HKS_TEST_LOG_I("enter");
528
529 /* generate aes key 1 */
530 char testKey[TEST_AES_32];
531 struct HksBlob keyBlob;
532
533 for (int i = 0; i < TEST_AES_32; ++i) {
534 testKey[i] = i + TEST_AES_32;
535 }
536
537 keyBlob.data = (uint8_t *)(testKey);
538 keyBlob.size = sizeof(testKey);
539
540 /* encrypt by aes key 1 */
541 struct HksParamSet *paramSet = NULL;
542 struct HksParam algParam = {
543 .tag = HKS_TAG_IS_KEY_ALIAS,
544 .uint32Param = 0
545 };
546
547 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSet);
548 HKS_TEST_ASSERT(ret == 0);
549
550 ret = HksAddParams(paramSet, (const struct HksParam *)&algParam, 1);
551 if (ret != 0) {
552 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
553 HksFreeParamSet(¶mSet);
554 return ret;
555 }
556
557 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
558 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
559 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
560 HKS_TEST_ASSERT(HksEncrypt(&keyBlob, paramSet, &plainText1, &cipherText1) == 0);
561 g_bufferSize = cipherText1.size;
562
563 HksFreeParamSet(¶mSet);
564
565 /* decrypt by aes key 2 */
566 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSet);
567 HKS_TEST_ASSERT(ret == 0);
568 algParam.tag = HKS_TAG_IS_KEY_ALIAS;
569 algParam.uint32Param = 0;
570 ret = HksAddParams(paramSet, (const struct HksParam *)&algParam, 1);
571 if (ret != 0) {
572 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
573 HksFreeParamSet(¶mSet);
574 return ret;
575 }
576
577 struct HksBlob cipherText = { g_bufferSize, g_buffer };
578 uint8_t tmp[TEST_AES_256] = {0};
579 struct HksBlob plainText = { TEST_AES_256, tmp };
580 ret = HksDecrypt(&keyBlob, paramSet, &cipherText, &plainText);
581 HKS_TEST_ASSERT(ret == 0);
582 HKS_TEST_ASSERT(memcmp(plainText.data, plainText1.data, plainText.size) == 0);
583 HksFreeParamSet(¶mSet);
584
585 HKS_TEST_LOG_I("end");
586 return ret;
587 }
588
589