1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #ifdef L2_STANDARD
19 #include "file_ex.h"
20 #endif
21 #include "hks_import_wrapped_test_common.h"
22 #include "hks_three_stage_test_common.h"
23 #include "hks_access_control_test_common.h"
24 #include "hks_mem.h"
25 #include "hks_test_log.h"
26 #include "hks_type.h"
27 #include "hks_api.h"
28 #include "hks_access_control_secure_sign_test.h"
29 #include "hks_test_adapt_for_de.h"
30
31 using namespace testing::ext;
32 using namespace Unittest::HksAccessControlPartTest;
33 namespace Unittest::AccessControlSecureSignTest {
34 class HksAccessControlSecureSignTest : public testing::Test {
35 public:
36 static void SetUpTestCase(void);
37
38 static void TearDownTestCase(void);
39
40 void SetUp();
41
42 void TearDown();
43 };
44
SetUpTestCase(void)45 void HksAccessControlSecureSignTest::SetUpTestCase(void)
46 {
47 }
48
TearDownTestCase(void)49 void HksAccessControlSecureSignTest::TearDownTestCase(void)
50 {
51 }
52
SetUp()53 void HksAccessControlSecureSignTest::SetUp()
54 {
55 EXPECT_EQ(HksInitialize(), 0);
56 }
57
TearDown()58 void HksAccessControlSecureSignTest::TearDown()
59 {
60 std::system("find /data/service/el1/public/huks_service -user root -delete");
61 }
62
63 static const std::string g_inData = "Hks_SM4_Cipher_Test_000000000000000000000000000000000000000000000000000000000000"
64 "00000000000000000000000000000000000000000000000000000000000000000000000000000000"
65 "0000000000000000000000000000000000000000000000000000000000000000000000000_string";
66
67 static const std::string g_inDataLess64 = "Hks_SM4_Cipher_Test_000000000000000000000000000000000000";
68
69 static const uint32_t g_authHeadSize = 24;
70
71 static const uint32_t g_secureUid = 1;
72
73 static const uint32_t g_enrolledIdPin = 1;
74
75 static const uint32_t g_enrolledIdFinger = 2;
76
77 static const uint32_t g_credentialId = 0;
78
79 static const uint32_t g_time = 0;
80
81 static struct HksBlob g_genKeyAlias = {
82 .size = strlen("TestGenKeyForSignWithInfo"),
83 .data = (uint8_t *)"TestGenKeyForSignWithInfo"
84 };
85
86 static struct HksBlob g_importKeyAlias = {
87 .size = strlen("TestImportKeyForSignWithInfo"),
88 .data = (uint8_t *)"TestImportKeyForSignWithInfo"
89 };
90
91 static struct HksBlob g_importKeyNoAuthAlias = {
92 .size = strlen("TestImportKeyNoSignWithInfo"),
93 .data = (uint8_t *)"TestImportKeyNoSignWithInfo"
94 };
95
96 static const uint32_t g_outDataSize = 2048;
97
98 static uint8_t g_outBuffer[g_outDataSize] = {0};
99
100 static struct HksBlob g_outDataBlob = {
101 .size = g_outDataSize,
102 .data = g_outBuffer
103 };
104
105 static struct HksBlob g_inDataBlob = { g_inData.length(), (uint8_t *)g_inData.c_str() };
106
107 static struct HksBlob g_inDataBlobTwoStage = { g_inDataLess64.length(), (uint8_t *)g_inDataLess64.c_str() };
108
109 struct HksTestSecureSignGenParams {
110 struct HksBlob *keyAlias;
111 struct HksParam *inputParams;
112 uint32_t inputParamSize;
113 int32_t expectResult;
114 };
115
116 struct HksTestSecureSignImportParams {
117 struct HksBlob *keyAlias;
118 struct HksParam *inputParams;
119 struct HksBlob importKey;
120 uint32_t inputParamSize;
121 int32_t expectResult;
122 };
123
124 struct HksTestSecureSignVerifyUpdateFinishParams {
125 struct HksBlob *keyAlias;
126 struct HksBlob *keyAliasNoAuth;
127 struct HksParam *updateParams;
128 struct HksBlob *outBuffer;
129 struct HksBlob *signature;
130 struct HksBlob *inData;
131 uint32_t inputParamSize;
132 int32_t expectResult;
133 bool isThreeStageUse;
134 };
135
136 static struct HksParam g_genRsaWithSignAuthParams[] = {
137 {
138 .tag = HKS_TAG_ALGORITHM,
139 .uint32Param = HKS_ALG_RSA
140 }, {
141 .tag = HKS_TAG_PURPOSE,
142 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
143 }, {
144 .tag = HKS_TAG_KEY_SIZE,
145 .uint32Param = HKS_RSA_KEY_SIZE_4096
146 }, {
147 .tag = HKS_TAG_PADDING,
148 .uint32Param = HKS_PADDING_PSS
149 }, {
150 .tag = HKS_TAG_DIGEST,
151 .uint32Param = HKS_DIGEST_SHA512
152 }, {
153 .tag = HKS_TAG_USER_AUTH_TYPE,
154 .uint32Param = HKS_USER_AUTH_TYPE_PIN
155 }, {
156 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
157 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
158 }, {
159 .tag = HKS_TAG_CHALLENGE_TYPE,
160 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
161 }, {
162 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
163 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
164 }
165 };
166
167 static struct HksParam g_genEd25519WithSignAuthParams[] = {
168 {
169 .tag = HKS_TAG_ALGORITHM,
170 .uint32Param = HKS_ALG_ED25519
171 }, {
172 .tag = HKS_TAG_PURPOSE,
173 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
174 }, {
175 .tag = HKS_TAG_KEY_SIZE,
176 .uint32Param = HKS_CURVE25519_KEY_SIZE_256
177 }, {
178 .tag = HKS_TAG_DIGEST,
179 .uint32Param = HKS_DIGEST_SHA1
180 }, {
181 .tag = HKS_TAG_USER_AUTH_TYPE,
182 .uint32Param = HKS_USER_AUTH_TYPE_FACE
183 }, {
184 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
185 .uint32Param = HKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL
186 }, {
187 .tag = HKS_TAG_CHALLENGE_TYPE,
188 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
189 }, {
190 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
191 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
192 }
193 };
194
195 #ifdef _USE_OPENSSL_
196 // mbedtls engine don't support DSA alg
197 static struct HksParam g_genDsaWithSignAuthParams[] = {
198 {
199 .tag = HKS_TAG_ALGORITHM,
200 .uint32Param = HKS_ALG_DSA
201 }, {
202 .tag = HKS_TAG_PURPOSE,
203 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
204 }, {
205 .tag = HKS_TAG_KEY_SIZE,
206 .uint32Param = 1024
207 }, {
208 .tag = HKS_TAG_DIGEST,
209 .uint32Param = HKS_DIGEST_SHA1
210 }, {
211 .tag = HKS_TAG_USER_AUTH_TYPE,
212 .uint32Param = HKS_USER_AUTH_TYPE_PIN
213 }, {
214 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
215 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
216 }, {
217 .tag = HKS_TAG_CHALLENGE_TYPE,
218 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
219 }, {
220 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
221 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
222 }
223 };
224 #endif
225
226 static struct HksTestSecureSignGenParams g_testRsaGenParams = {
227 .keyAlias = &g_genKeyAlias,
228 .inputParams = g_genRsaWithSignAuthParams,
229 .inputParamSize = HKS_ARRAY_SIZE(g_genRsaWithSignAuthParams),
230 .expectResult = HKS_SUCCESS
231 };
232
233 static struct HksTestSecureSignGenParams g_testEd25519GenParams = {
234 .keyAlias = &g_genKeyAlias,
235 .inputParams = g_genEd25519WithSignAuthParams,
236 .inputParamSize = HKS_ARRAY_SIZE(g_genEd25519WithSignAuthParams),
237 .expectResult = HKS_SUCCESS
238 };
239
240 #ifdef _USE_OPENSSL_
241 static struct HksTestSecureSignGenParams g_testDsaGenParams = {
242 .keyAlias = &g_genKeyAlias,
243 .inputParams = g_genDsaWithSignAuthParams,
244 .inputParamSize = HKS_ARRAY_SIZE(g_genDsaWithSignAuthParams),
245 .expectResult = HKS_SUCCESS
246 };
247 #endif
248
249 static struct HksParam g_importDsaKeyParams[] = {
250 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_DSA },
251 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
252 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
253 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
254 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
255 {
256 .tag = HKS_TAG_USER_AUTH_TYPE,
257 .uint32Param = HKS_USER_AUTH_TYPE_PIN
258 }, {
259 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
260 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
261 }, {
262 .tag = HKS_TAG_CHALLENGE_TYPE,
263 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
264 }, {
265 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
266 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
267 }
268 };
269
270
271 static struct HksParam g_importDsaKeyParamsNoAuthInfo[] = {
272 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_DSA },
273 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
274 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
275 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
276 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
277 };
278
279 static struct HksParam g_importRsaKeyParams[] = {
280 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
281 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
282 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
283 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
284 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
285 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
286 {
287 .tag = HKS_TAG_USER_AUTH_TYPE,
288 .uint32Param = HKS_USER_AUTH_TYPE_PIN
289 }, {
290 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
291 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
292 }, {
293 .tag = HKS_TAG_CHALLENGE_TYPE,
294 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
295 }, {
296 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
297 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
298 }
299 };
300
301 static struct HksParam g_importRsaKeyParamsWithBioAndClearPassword[] = {
302 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
303 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
304 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
305 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
306 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
307 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
308 {
309 .tag = HKS_TAG_USER_AUTH_TYPE,
310 .uint32Param = HKS_USER_AUTH_TYPE_FINGERPRINT
311 }, {
312 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
313 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
314 }, {
315 .tag = HKS_TAG_CHALLENGE_TYPE,
316 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
317 }, {
318 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
319 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
320 }
321 };
322
323 static struct HksParam g_importRsaKeyParamsNoAuth[] = {
324 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
325 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
326 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
327 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
328 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
329 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
330 };
331
332 static struct HksParam g_importKeyEd25519Params[] = {
333 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
334 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
335 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
336 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
337 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
338 {
339 .tag = HKS_TAG_USER_AUTH_TYPE,
340 .uint32Param = HKS_USER_AUTH_TYPE_PIN
341 }, {
342 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
343 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
344 }, {
345 .tag = HKS_TAG_CHALLENGE_TYPE,
346 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
347 }, {
348 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
349 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
350 }
351 };
352
353 static struct HksParam g_importKeyEd25519ParamsNoAuth[] = {
354 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
355 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
356 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
357 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
358 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
359 };
360
361 static struct HksParam g_signParamsTestRsa[] = {
362 {
363 .tag = HKS_TAG_ALGORITHM,
364 .uint32Param = HKS_ALG_RSA
365 }, {
366 .tag = HKS_TAG_PURPOSE,
367 .uint32Param = HKS_KEY_PURPOSE_SIGN
368 }, {
369 .tag = HKS_TAG_KEY_SIZE,
370 .uint32Param = HKS_RSA_KEY_SIZE_2048
371 }, {
372 .tag = HKS_TAG_PADDING,
373 .uint32Param = HKS_PADDING_PSS
374 }, {
375 .tag = HKS_TAG_DIGEST,
376 .uint32Param = HKS_DIGEST_SHA256
377 }
378 };
379
380 static struct HksParam g_verifyParamsTestRsa[] = {
381 {
382 .tag = HKS_TAG_ALGORITHM,
383 .uint32Param = HKS_ALG_RSA
384 }, {
385 .tag = HKS_TAG_PURPOSE,
386 .uint32Param = HKS_KEY_PURPOSE_VERIFY
387 }, {
388 .tag = HKS_TAG_KEY_SIZE,
389 .uint32Param = HKS_RSA_KEY_SIZE_2048
390 }, {
391 .tag = HKS_TAG_PADDING,
392 .uint32Param = HKS_PADDING_PSS
393 }, {
394 .tag = HKS_TAG_DIGEST,
395 .uint32Param = HKS_DIGEST_SHA256
396 }
397 };
398
399 static struct HksParam g_signParamsTestDsa[] = {
400 {
401 .tag = HKS_TAG_ALGORITHM,
402 .uint32Param = HKS_ALG_DSA
403 }, {
404 .tag = HKS_TAG_PURPOSE,
405 .uint32Param = HKS_KEY_PURPOSE_SIGN
406 }, {
407 .tag = HKS_TAG_DIGEST,
408 .uint32Param = HKS_DIGEST_SHA256
409 }
410 };
411
412 static struct HksParam g_verifyParamsTestDsa[] = {
413 {
414 .tag = HKS_TAG_ALGORITHM,
415 .uint32Param = HKS_ALG_DSA
416 }, {
417 .tag = HKS_TAG_PURPOSE,
418 .uint32Param = HKS_KEY_PURPOSE_VERIFY
419 }, {
420 .tag = HKS_TAG_DIGEST,
421 .uint32Param = HKS_DIGEST_SHA256
422 }
423 };
424
425 static struct HksParam g_signParamsTestEd25519[] = {
426 {
427 .tag = HKS_TAG_ALGORITHM,
428 .uint32Param = HKS_ALG_ED25519
429 }, {
430 .tag = HKS_TAG_PURPOSE,
431 .uint32Param = HKS_KEY_PURPOSE_SIGN
432 }, {
433 .tag = HKS_TAG_KEY_SIZE,
434 .uint32Param = HKS_CURVE25519_KEY_SIZE_256
435 }, {
436 .tag = HKS_TAG_DIGEST,
437 .uint32Param = HKS_DIGEST_SHA256
438 }
439 };
440
441 static struct HksParam g_verifyParamsTestEd25519[] = {
442 {
443 .tag = HKS_TAG_ALGORITHM,
444 .uint32Param = HKS_ALG_ED25519
445 }, {
446 .tag = HKS_TAG_PURPOSE,
447 .uint32Param = HKS_KEY_PURPOSE_VERIFY
448 }, {
449 .tag = HKS_TAG_KEY_SIZE,
450 .uint32Param = HKS_CURVE25519_KEY_SIZE_256
451 }, {
452 .tag = HKS_TAG_DIGEST,
453 .uint32Param = HKS_DIGEST_SHA256
454 }
455 };
456
457 static const uint8_t g_eData[] = { 0x01, 0x00, 0x01 };
458
459
460 static const uint8_t g_ed25519PriData[] = {
461 0x61, 0xd3, 0xe7, 0x53, 0x6d, 0x79, 0x5d, 0x71, 0xc2, 0x2a, 0x51, 0x2d, 0x5e, 0xcb, 0x67, 0x3d,
462 0xdd, 0xde, 0xf0, 0xac, 0xdb, 0xba, 0x24, 0xfd, 0xf8, 0x3a, 0x7b, 0x32, 0x6e, 0x05, 0xe6, 0x37,
463 };
464
465 static const uint8_t g_ed25519PubData[] = {
466 0xab, 0xc7, 0x0f, 0x99, 0x4f, 0x6a, 0x08, 0xd0, 0x9c, 0x5d, 0x10, 0x60, 0xf8, 0x93, 0xd2, 0x8e,
467 0xe0, 0x63, 0x0e, 0x70, 0xbf, 0xad, 0x30, 0x41, 0x43, 0x09, 0x27, 0x2d, 0xb3, 0x30, 0x95, 0xa7,
468 };
469
CheckSignWithInfoTag(const struct HksBlob * alias,const struct HksParamSet * paramSet)470 static int32_t CheckSignWithInfoTag(const struct HksBlob *alias, const struct HksParamSet *paramSet)
471 {
472 struct HksParamSet *keyParamSet = NULL;
473 int32_t ret = GenParamSetAuthTest(&keyParamSet, paramSet);
474 EXPECT_EQ(ret, HKS_SUCCESS) << "GenParamSetAuthTest failed.";
475
476 ret = HksGetKeyParamSetForDe(alias, paramSet, keyParamSet);
477 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetKeyParamSet failed.";
478
479 struct HksParam *secureParam = nullptr;
480 ret = HksGetParam(keyParamSet, HKS_TAG_KEY_AUTH_ACCESS_TYPE, &secureParam);
481 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam auth access failed.";
482
483 struct HksParam *userParam = nullptr;
484 ret = HksGetParam(keyParamSet, HKS_TAG_USER_AUTH_TYPE, &userParam);
485 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam user auth failed.";
486
487 struct HksParam *secSignType = nullptr;
488 ret = HksGetParam(keyParamSet, HKS_TAG_KEY_SECURE_SIGN_TYPE, &secSignType);
489 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam secure sign type failed.";
490 EXPECT_EQ(secSignType->uint32Param, HKS_SECURE_SIGN_WITH_AUTHINFO) << "HksGetParam secure sign type failed.";
491
492 HksFreeParamSet(&keyParamSet);
493 return ret;
494 }
495
BuildImportKeyParamsForRsa(struct HksTestSecureSignImportParams * importParams,bool isAuth,bool isClearPasswordInvalid)496 static int32_t BuildImportKeyParamsForRsa(struct HksTestSecureSignImportParams *importParams, bool isAuth,
497 bool isClearPasswordInvalid)
498 {
499 if (isClearPasswordInvalid) {
500 importParams->inputParams = g_importRsaKeyParamsWithBioAndClearPassword;
501 importParams->inputParamSize = sizeof(g_importRsaKeyParamsWithBioAndClearPassword) /
502 sizeof(g_importRsaKeyParamsWithBioAndClearPassword[0]);
503 } else {
504 importParams->inputParams = isAuth ? g_importRsaKeyParams : g_importRsaKeyParamsNoAuth;
505 importParams->inputParamSize = isAuth ? sizeof(g_importRsaKeyParams)/sizeof(g_importRsaKeyParams[0]) :
506 sizeof(g_importRsaKeyParamsNoAuth)/sizeof(g_importRsaKeyParamsNoAuth[0]);
507 }
508
509 importParams->expectResult = HKS_SUCCESS;
510 uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
511 if (keyBuffer == nullptr) {
512 return HKS_ERROR_MALLOC_FAIL;
513 }
514 importParams->importKey.data = keyBuffer;
515 importParams->importKey.size = MAX_KEY_SIZE;
516 struct HksBlob nDataBlob = { sizeof(g_nData2048), (uint8_t *)g_nData2048 };
517 struct HksBlob dData2048 = { sizeof(g_dData2048), (uint8_t *)g_dData2048 };
518 struct HksBlob eData = { sizeof(g_eData), (uint8_t *)g_eData };
519 int32_t ret = Unittest::HksAccessControlPartTest::ConstructRsaKeyPair(&nDataBlob, &dData2048, &eData,
520 HKS_RSA_KEY_SIZE_2048, &importParams->importKey);
521 if (ret != HKS_SUCCESS) {
522 HKS_FREE(keyBuffer);
523 }
524 return ret;
525 }
526
BuildImportKeyParamsForDSA(struct HksTestSecureSignImportParams * importParams,bool isAuth)527 static int32_t BuildImportKeyParamsForDSA(struct HksTestSecureSignImportParams *importParams, bool isAuth)
528 {
529 importParams->inputParams = isAuth ? g_importDsaKeyParams : g_importDsaKeyParamsNoAuthInfo;
530 importParams->inputParamSize = isAuth ? sizeof(g_importDsaKeyParams)/sizeof(g_importDsaKeyParams[0]) :
531 sizeof(g_importDsaKeyParamsNoAuthInfo)/sizeof(g_importDsaKeyParamsNoAuthInfo[0]);
532 importParams->expectResult = HKS_SUCCESS;
533 uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
534 if (keyBuffer == nullptr) {
535 return HKS_ERROR_MALLOC_FAIL;
536 }
537 importParams->importKey.data = keyBuffer;
538 importParams->importKey.size = MAX_KEY_SIZE;
539 struct HksBlob xData = { sizeof(g_xData), (uint8_t *)g_xData };
540 struct HksBlob yData = { sizeof(g_yData), (uint8_t *)g_yData };
541 struct HksBlob pData = { sizeof(g_pData), (uint8_t *)g_pData };
542 struct HksBlob qData = { sizeof(g_qData), (uint8_t *)g_qData };
543 struct HksBlob gData = { sizeof(g_gData), (uint8_t *)g_gData };
544 struct TestDsaKeyParams dsaKeyParams = {
545 .xData = &xData,
546 .yData = &yData,
547 .pData = &pData,
548 .qData = &qData,
549 .gData = &gData
550 };
551 int32_t ret = Unittest::HksAccessControlPartTest::ConstructDsaKeyPair(HKS_RSA_KEY_SIZE_2048, &dsaKeyParams,
552 &importParams->importKey);
553 if (ret != HKS_SUCCESS) {
554 HKS_FREE(keyBuffer);
555 }
556 return HKS_SUCCESS;
557 }
558
BuildImportKeyTestParams(struct HksTestSecureSignImportParams * importParams,uint32_t alg,bool isAuth,bool isClearPasswordInvalid)559 static int32_t BuildImportKeyTestParams(struct HksTestSecureSignImportParams *importParams, uint32_t alg,
560 bool isAuth, bool isClearPasswordInvalid)
561 {
562 importParams->keyAlias = isAuth ? &g_importKeyAlias : &g_importKeyNoAuthAlias;
563 int32_t ret;
564 switch (alg) {
565 case HKS_ALG_RSA: {
566 ret = BuildImportKeyParamsForRsa(importParams, isAuth, isClearPasswordInvalid);
567 return ret;
568 }
569 case HKS_ALG_DSA: {
570 ret = BuildImportKeyParamsForDSA(importParams, isAuth);
571 return ret;
572 }
573 break;
574 case HKS_ALG_ED25519: {
575 importParams->inputParams = isAuth ? g_importKeyEd25519Params : g_importKeyEd25519ParamsNoAuth;
576 importParams->inputParamSize = isAuth ? sizeof(g_importKeyEd25519Params)/sizeof(g_importKeyEd25519Params[0])
577 : sizeof(g_importKeyEd25519ParamsNoAuth) / sizeof(g_importKeyEd25519ParamsNoAuth[0]);
578 importParams->expectResult = HKS_SUCCESS;
579 uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
580 if (keyBuffer == nullptr) {
581 return HKS_ERROR_MALLOC_FAIL;
582 }
583 importParams->importKey.data = keyBuffer;
584 importParams->importKey.size = MAX_KEY_SIZE;
585 struct HksBlob ed25519PubData = { sizeof(g_ed25519PubData), (uint8_t *)g_ed25519PubData };
586 struct HksBlob ed25519PriData = { sizeof(g_ed25519PriData), (uint8_t *)g_ed25519PriData };
587 ret = ConstructEd25519KeyPair(HKS_CURVE25519_KEY_SIZE_256, HKS_ALG_ED25519, &ed25519PubData,
588 &ed25519PriData, &importParams->importKey);
589 if (ret != HKS_SUCCESS) {
590 HKS_FREE(keyBuffer);
591 }
592 return ret;
593 }
594 break;
595 default:
596 break;
597 }
598 return HKS_FAILURE;
599 }
600
BuildUpdateFinishParams(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,uint32_t alg,bool isThreeStage)601 static int32_t BuildUpdateFinishParams(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
602 uint32_t alg, bool isThreeStage)
603 {
604 updateFinishParams->keyAlias = &g_importKeyAlias;
605 updateFinishParams->keyAliasNoAuth = &g_importKeyNoAuthAlias;
606 updateFinishParams->isThreeStageUse = isThreeStage;
607 g_outDataBlob.data = g_outBuffer;
608 g_outDataBlob.size = sizeof(g_outBuffer);
609 updateFinishParams->outBuffer = &g_outDataBlob;
610 updateFinishParams->inData = isThreeStage ? &g_inDataBlob : &g_inDataBlobTwoStage;
611 switch (alg) {
612 case HKS_ALG_RSA: {
613 updateFinishParams->updateParams = g_signParamsTestRsa;
614 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestRsa);
615 updateFinishParams->expectResult = HKS_SUCCESS;
616 return HKS_SUCCESS;
617 }
618 case HKS_ALG_ED25519: {
619 updateFinishParams->updateParams = g_signParamsTestEd25519;
620 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestEd25519);
621 updateFinishParams->expectResult = HKS_SUCCESS;
622 return HKS_SUCCESS;
623 }
624 case HKS_ALG_DSA: {
625 updateFinishParams->updateParams = g_signParamsTestDsa;
626 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestDsa);
627 updateFinishParams->expectResult = HKS_SUCCESS;
628 return HKS_SUCCESS;
629 }
630 default:
631 break;
632 }
633 return HKS_FAILURE;
634 }
635
BuildUpdateFinishVerifyParams(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,uint32_t alg,bool isThreeStage,struct HksBlob * inData,struct HksBlob * signature)636 static int32_t BuildUpdateFinishVerifyParams(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
637 uint32_t alg, bool isThreeStage, struct HksBlob *inData, struct HksBlob *signature)
638 {
639 updateFinishParams->keyAlias = &g_importKeyAlias;
640 updateFinishParams->keyAliasNoAuth = &g_importKeyNoAuthAlias;
641 updateFinishParams->isThreeStageUse = isThreeStage;
642 g_outDataBlob.data = g_outBuffer;
643 g_outDataBlob.size = sizeof(g_outBuffer);
644 updateFinishParams->outBuffer = &g_outDataBlob;
645 updateFinishParams->inData = inData;
646 updateFinishParams->signature = signature;
647 switch (alg) {
648 case HKS_ALG_RSA: {
649 updateFinishParams->updateParams = g_verifyParamsTestRsa;
650 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestRsa);
651 updateFinishParams->expectResult = HKS_SUCCESS;
652 return HKS_SUCCESS;
653 }
654 case HKS_ALG_ED25519: {
655 updateFinishParams->updateParams = g_verifyParamsTestEd25519;
656 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestEd25519);
657 updateFinishParams->expectResult = HKS_SUCCESS;
658 return HKS_SUCCESS;
659 }
660 case HKS_ALG_DSA: {
661 updateFinishParams->updateParams = g_verifyParamsTestDsa;
662 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestDsa);
663 updateFinishParams->expectResult = HKS_SUCCESS;
664 return HKS_SUCCESS;
665 }
666 default:
667 break;
668 }
669 return HKS_FAILURE;
670 }
671
TestGenerateKeyWithSecureSignTag(struct HksTestSecureSignGenParams * params)672 static void TestGenerateKeyWithSecureSignTag(struct HksTestSecureSignGenParams *params)
673 {
674 struct HksParamSet *genParamSet = NULL;
675 int32_t ret = InitParamSet(&genParamSet, params->inputParams, params->inputParamSize);
676 EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
677
678 /**
679 * @tc.steps:step1. Generate a key with user_auth_type and sign_with_info tag
680 */
681 ret = HksGenerateKeyForDe(params->keyAlias, genParamSet, nullptr);
682 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGenerateKey rsa key failed.";
683
684 /**
685 * @tc.steps:step2. Get key paramSet check if related key tag exist
686 */
687 ret = CheckSignWithInfoTag(params->keyAlias, genParamSet);
688 EXPECT_EQ(ret, HKS_SUCCESS) << "CheckSignWithInfoTag rsa key failed.";
689
690 /**
691 * @tc.steps:step3. Delete key and free paramSet
692 */
693 HksDeleteKeyForDe(params->keyAlias, nullptr);
694 HksFreeParamSet(&genParamSet);
695 }
696
TestImportKeyWithSecureSignTag(struct HksTestSecureSignImportParams * params,bool ifCheckTag)697 int32_t TestImportKeyWithSecureSignTag(struct HksTestSecureSignImportParams *params, bool ifCheckTag)
698 {
699 struct HksParamSet *importParams = nullptr;
700 int32_t ret = InitParamSet(&importParams, params->inputParams, params->inputParamSize);
701 EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
702
703 /**
704 * @tc.steps:step1. Import a key with user_auth_type and sign_with_info tag
705 */
706 ret = HksImportKeyForDe(params->keyAlias, importParams, ¶ms->importKey);
707 EXPECT_EQ(ret, HKS_SUCCESS) << "HksImportKey key failed.";
708
709 if (ifCheckTag) {
710 /**
711 * @tc.steps:step2. Get key paramSet check if related key tag exist
712 */
713 ret = CheckSignWithInfoTag(params->keyAlias, importParams);
714 EXPECT_EQ(ret, HKS_SUCCESS) << "CheckSignWithInfoTag rsa key failed.";
715 }
716
717 /**
718 * @tc.steps:step3. Free paramSet
719 */
720 HksFreeParamSet(&importParams);
721 return ret;
722 }
723
HksTestUpdateFinishSignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,struct HksTestGenAuthTokenParams * genAuthTokenParams)724 int32_t HksTestUpdateFinishSignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
725 struct HksTestGenAuthTokenParams *genAuthTokenParams)
726 {
727 uint8_t tmpHandle[sizeof(uint64_t)] = {0};
728 struct HksBlob handle = { sizeof(uint64_t), tmpHandle };
729 uint8_t tmpChallenge[TOKEN_SIZE] = {0};
730 struct HksBlob challenge = { sizeof(tmpChallenge), tmpChallenge };
731
732 struct HksParamSet *paramSet = nullptr;
733 int32_t ret = InitParamSet(¶mSet, updateFinishParams->updateParams, updateFinishParams->inputParamSize);
734 EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
735 if (ret != HKS_SUCCESS) {
736 return HKS_FAILURE;
737 }
738
739 ret = HksInitForDe(updateFinishParams->keyAlias, paramSet, &handle, &challenge);
740 EXPECT_EQ(ret, HKS_SUCCESS) << "Init failed.";
741 if (ret != HKS_SUCCESS) {
742 HksFreeParamSet(¶mSet);
743 return HKS_FAILURE;
744 }
745
746 genAuthTokenParams->authChallenge = &challenge;
747
748 struct HksParamSet *newParamSet = nullptr;
749 ret = HksBuildAuthTokenSecure(paramSet, genAuthTokenParams, &newParamSet);
750 EXPECT_EQ(ret, HKS_SUCCESS) << "HksBuildAuthTokenSecure failed.";
751 if (ret != HKS_SUCCESS) {
752 HksFreeParamSet(¶mSet);
753 return HKS_FAILURE;
754 }
755
756 struct HksParam *tmpParam = NULL;
757 ret = HksGetParam(newParamSet, HKS_TAG_PURPOSE, &tmpParam);
758 if (ret != HKS_SUCCESS) {
759 HksFreeParamSet(¶mSet);
760 HksFreeParamSet(&newParamSet);
761 HKS_LOG_E("get tag purpose failed.");
762 return HKS_FAILURE;
763 }
764
765 if (updateFinishParams->isThreeStageUse) {
766 ret = TestUpdateFinish(&handle, newParamSet, tmpParam->uint32Param, updateFinishParams->inData,
767 updateFinishParams->outBuffer);
768 } else {
769 ret = HksFinishForDe(&handle, newParamSet, updateFinishParams->inData, updateFinishParams->outBuffer);
770 }
771 EXPECT_EQ(ret, HKS_SUCCESS) << "TestUpdateFinish failed.";
772 if (ret != HKS_SUCCESS) {
773 HksFreeParamSet(¶mSet);
774 HksFreeParamSet(&newParamSet);
775 return HKS_FAILURE;
776 }
777
778 HksFreeParamSet(¶mSet);
779 HksFreeParamSet(&newParamSet);
780 return ret;
781 }
782
VerifyUpdateFinish(struct HksBlob * handle,struct HksParamSet * newParamSet,struct HksParam * purposeParam,struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,bool isSign)783 int32_t VerifyUpdateFinish(struct HksBlob *handle, struct HksParamSet *newParamSet, struct HksParam *purposeParam,
784 struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams, bool isSign)
785 {
786 int32_t ret;
787 if (isSign) {
788 if (updateFinishParams->isThreeStageUse) {
789 ret = TestUpdateFinish(handle, newParamSet, purposeParam->uint32Param, updateFinishParams->inData,
790 updateFinishParams->outBuffer);
791 } else {
792 ret = HksFinishForDe(handle, newParamSet, updateFinishParams->inData, updateFinishParams->outBuffer);
793 }
794 } else {
795 if (updateFinishParams->isThreeStageUse) {
796 ret = TestUpdateFinish(handle, newParamSet, purposeParam->uint32Param, updateFinishParams->inData,
797 updateFinishParams->signature);
798 } else {
799 ret = HksFinishForDe(handle, newParamSet, updateFinishParams->inData, updateFinishParams->signature);
800 }
801 }
802 return ret;
803 }
804
HksTestUpdateFinishVerifySignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,struct HksTestGenAuthTokenParams * genAuthTokenParams,bool isSign)805 int32_t HksTestUpdateFinishVerifySignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
806 struct HksTestGenAuthTokenParams *genAuthTokenParams, bool isSign)
807 {
808 uint8_t tmpHandle[sizeof(uint64_t)] = {0};
809 struct HksBlob handle = { sizeof(uint64_t), tmpHandle };
810 uint8_t tmpChallenge[TOKEN_SIZE] = {0};
811 struct HksBlob challenge = { sizeof(tmpChallenge), tmpChallenge };
812
813 struct HksParamSet *paramSet = nullptr;
814 int32_t ret = InitParamSet(¶mSet, updateFinishParams->updateParams, updateFinishParams->inputParamSize);
815 if (ret != HKS_SUCCESS) {
816 return HKS_FAILURE;
817 }
818
819 ret = HksInitForDe(updateFinishParams->keyAlias, paramSet, &handle, &challenge);
820 if (ret != HKS_SUCCESS) {
821 HksFreeParamSet(¶mSet);
822 return HKS_FAILURE;
823 }
824
825 genAuthTokenParams->authChallenge = &challenge;
826
827 struct HksParamSet *newParamSet = nullptr;
828 ret = HksBuildAuthTokenSecure(paramSet, genAuthTokenParams, &newParamSet);
829 if (ret != HKS_SUCCESS) {
830 HksFreeParamSet(¶mSet);
831 return HKS_FAILURE;
832 }
833
834 struct HksParam *purposeParam = NULL;
835 ret = HksGetParam(newParamSet, HKS_TAG_PURPOSE, &purposeParam);
836 if (ret != HKS_SUCCESS) {
837 HksFreeParamSet(¶mSet);
838 HksFreeParamSet(&newParamSet);
839 HKS_LOG_E("get tag purpose failed.");
840 return HKS_FAILURE;
841 }
842
843 ret = VerifyUpdateFinish(&handle, newParamSet, purposeParam, updateFinishParams, isSign);
844
845 EXPECT_EQ(ret, HKS_SUCCESS) << "TestUpdateFinish failed.";
846
847 if (ret != HKS_SUCCESS) {
848 HksFreeParamSet(¶mSet);
849 HksFreeParamSet(&newParamSet);
850 return HKS_FAILURE;
851 }
852
853 return ret;
854 }
855
856 static const uint32_t g_fingerPrintInUserIam = 4;
857 static const uint32_t g_pinInUserIam = 1;
858
BuildAuthTokenParams(struct HksTestGenAuthTokenParams * authTokenParams,bool isClearPasswordInvalid)859 static void BuildAuthTokenParams(struct HksTestGenAuthTokenParams *authTokenParams, bool isClearPasswordInvalid)
860 {
861 if (isClearPasswordInvalid) {
862 authTokenParams->secureUid = g_secureUid;
863 authTokenParams->enrolledId = g_enrolledIdFinger;
864 authTokenParams->credentialId = g_credentialId;
865 authTokenParams->time = g_time;
866 authTokenParams->authType = g_fingerPrintInUserIam;
867 return;
868 }
869 authTokenParams->secureUid = g_secureUid;
870 authTokenParams->enrolledId = g_enrolledIdPin;
871 authTokenParams->credentialId = g_credentialId;
872 authTokenParams->time = g_time;
873 authTokenParams->authType = g_pinInUserIam;
874 }
875
BuildSigAndIndataBlob(struct HksBlob * sigBlob,struct HksBlob * inDataBlob,struct HksTestSecureSignVerifyUpdateFinishParams * secureSignUpdateFinish)876 static int32_t BuildSigAndIndataBlob(struct HksBlob *sigBlob, struct HksBlob *inDataBlob,
877 struct HksTestSecureSignVerifyUpdateFinishParams *secureSignUpdateFinish)
878 {
879 int32_t ret = memcpy_s(sigBlob->data, sigBlob->size,
880 secureSignUpdateFinish->outBuffer->data + g_authHeadSize,
881 secureSignUpdateFinish->outBuffer->size - g_authHeadSize);
882 if (ret != EOK) {
883 return ret;
884 }
885 ret = memcpy_s(inDataBlob->data, inDataBlob->size,
886 secureSignUpdateFinish->outBuffer->data, g_authHeadSize);
887 if (ret != EOK) {
888 return ret;
889 }
890 ret = memcpy_s(inDataBlob->data + g_authHeadSize, inDataBlob->size - g_authHeadSize,
891 secureSignUpdateFinish->inData->data, secureSignUpdateFinish->inData->size);
892 return ret;
893 }
894
TestImportKeyWithSignTagAndTestUseKeyCommonCase(uint32_t alg,bool isThreeStage,bool isClearPasswordInvalid)895 static void TestImportKeyWithSignTagAndTestUseKeyCommonCase(uint32_t alg, bool isThreeStage,
896 bool isClearPasswordInvalid)
897 {
898 /**
899 * @tc.steps:step1. import a key with user_auth_type and sign_with_info tag
900 */
901 struct HksTestSecureSignImportParams importParams;
902 (void)memset_s((uint8_t *)&importParams, sizeof(struct HksTestSecureSignImportParams), 0,
903 sizeof(struct HksTestSecureSignImportParams));
904 int32_t ret = BuildImportKeyTestParams(&importParams, alg, true, isClearPasswordInvalid);
905 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildImportKeyTestParams failed.";
906 if (ret != HKS_SUCCESS) {
907 return;
908 }
909
910 ret = TestImportKeyWithSecureSignTag(&importParams, true);
911 EXPECT_EQ(ret, HKS_SUCCESS) << "TestImportKeyWithSecureSignTag failed.";
912 if (ret != HKS_SUCCESS) {
913 return;
914 }
915
916 /**
917 * @tc.steps:step2. Import a key without user_auth_type and sign_with_info tag
918 */
919 struct HksTestSecureSignImportParams importParamsWithoutSignAuth;
920 (void)memset_s((uint8_t *)&importParamsWithoutSignAuth, sizeof(struct HksTestSecureSignImportParams), 0,
921 sizeof(struct HksTestSecureSignImportParams));
922 ret = BuildImportKeyTestParams(&importParamsWithoutSignAuth, alg, false, isClearPasswordInvalid);
923 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildImportKeyTestParams without sign auth failed.";
924 if (ret != HKS_SUCCESS) {
925 return;
926 }
927
928 /**
929 * @tc.steps:step3. use the key to sign:init update finish. check the sign data whether equals the expected data
930 */
931 ret = TestImportKeyWithSecureSignTag(&importParamsWithoutSignAuth, false);
932 EXPECT_EQ(ret, HKS_SUCCESS) << "TestImportKeyWithSecureSignTag2 failed.";
933 struct HksTestSecureSignVerifyUpdateFinishParams secureSignUpdateFinish;
934 ret = BuildUpdateFinishParams(&secureSignUpdateFinish, alg, isThreeStage);
935 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildUpdateFinishParams failed.";
936
937 struct HksTestGenAuthTokenParams genAuthTokenParams = { 0 };
938 BuildAuthTokenParams(&genAuthTokenParams, isClearPasswordInvalid);
939
940 ret = HksTestUpdateFinishVerifySignAuthInfo(&secureSignUpdateFinish, &genAuthTokenParams, true);
941 EXPECT_EQ(ret, secureSignUpdateFinish.expectResult) << "HksTestUpdateFinishSignAuthInfo failed.";
942
943 uint8_t sigature[secureSignUpdateFinish.outBuffer->size - g_authHeadSize];
944 struct HksBlob sigBlob = {secureSignUpdateFinish.outBuffer->size - g_authHeadSize, sigature};
945 uint8_t inData[secureSignUpdateFinish.inData->size + g_authHeadSize];
946 struct HksBlob inDataBlob = {secureSignUpdateFinish.inData->size + g_authHeadSize, inData};
947 ret = BuildSigAndIndataBlob(&sigBlob, &inDataBlob, &secureSignUpdateFinish);
948 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildSigAndIndataBlob failed.";
949
950 struct HksTestSecureSignVerifyUpdateFinishParams secureSignUpdateFinishVerify;
951 ret = BuildUpdateFinishVerifyParams(&secureSignUpdateFinishVerify, alg, true, &inDataBlob, &sigBlob);
952 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildUpdateFinishVerifyParams failed.";
953 ret = HksTestUpdateFinishVerifySignAuthInfo(&secureSignUpdateFinishVerify, &genAuthTokenParams, false);
954
955 HKS_FREE_BLOB(importParams.importKey);
956 HKS_FREE_BLOB(importParamsWithoutSignAuth.importKey);
957 HksDeleteKeyForDe(secureSignUpdateFinish.keyAlias, nullptr);
958 HksDeleteKeyForDe(secureSignUpdateFinish.keyAliasNoAuth, nullptr);
959 }
960
961 /**
962 * @tc.name: HksAccessControlSecureSignTest001
963 * @tc.desc: normal case to test generate a rsa key with sign_with_info tag and check paramSet
964 * has the tag
965 * @tc.type: FUNC
966 * @tc.require: issueI5NY0M
967 */
968 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest001, TestSize.Level0)
969 {
970 HKS_LOG_E("enter HksAccessControlSecureSignTest001");
971 TestGenerateKeyWithSecureSignTag(&g_testRsaGenParams);
972 }
973
974 /**
975 * @tc.name: HksAccessControlSecureSignTest002
976 * @tc.desc: normal case to test generate a ed25519 key with sign_with_info tag and check paramSet
977 * has the tag
978 * @tc.type: FUNC
979 * @tc.require: issueI5NY0M
980 */
981 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest002, TestSize.Level0)
982 {
983 HKS_LOG_E("enter HksAccessControlSecureSignTest002");
984 TestGenerateKeyWithSecureSignTag(&g_testEd25519GenParams);
985 }
986
987 /**
988 * @tc.name: HksAccessControlSecureSignTest003
989 * @tc.desc: normal case to test generate a dsa key with sign_with_info tag and check paramSet
990 * has the tag
991 * @tc.type: FUNC
992 * @tc.require: issueI5NY0M
993 */
994 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest003, TestSize.Level0)
995 {
996 #ifdef _USE_OPENSSL_
997 HKS_LOG_E("enter HksAccessControlSecureSignTest003");
998 TestGenerateKeyWithSecureSignTag(&g_testDsaGenParams);
999 #endif
1000 }
1001
1002 /**
1003 * @tc.name: HksAccessControlSecureSignTest004
1004 * @tc.desc: normal case to test import a rsa key with user auth type and use the key
1005 * to sign data, check the signature whether equals the expected
1006 * @tc.type: FUNC
1007 * @tc.require: issueI5NY0M
1008 */
1009 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest004, TestSize.Level0)
1010 {
1011 HKS_LOG_E("enter HksAccessControlSecureSignTest004");
1012 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, true, false);
1013 }
1014
1015 /**
1016 * @tc.name: HksAccessControlSecureSignTest005
1017 * @tc.desc: normal case to test import a dsa key with user auth type and use the key
1018 * to sign data, check the signature whether equals the expected
1019 * @tc.type: FUNC
1020 * @tc.require: issueI5NY0M
1021 */
1022 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest005, TestSize.Level0)
1023 {
1024 #ifdef _USE_OPENSSL_
1025 HKS_LOG_E("enter HksAccessControlSecureSignTest005");
1026 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_DSA, true, false);
1027 #endif
1028 }
1029
1030 /**
1031 * @tc.name: HksAccessControlSecureSignTest006
1032 * @tc.desc: normal case to test import a rsa key with user auth type and use the key:init&finish
1033 * to sign data, check the signature whether equals the expected
1034 * @tc.type: FUNC
1035 * @tc.require: issueI5NY0M
1036 */
1037 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest006, TestSize.Level0)
1038 {
1039 HKS_LOG_E("enter HksAccessControlSecureSignTest006");
1040 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, false, false);
1041 }
1042
1043 /**
1044 * @tc.name: HksAccessControlSecureSignTest007
1045 * @tc.desc: normal case to test import a rsa key with auth type as fingerprint and access type as invalid clear
1046 * password, check the signature whether equals the expected
1047 * @tc.type: FUNC
1048 * @tc.require: issueI5NY0M
1049 */
1050 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest007, TestSize.Level0)
1051 {
1052 HKS_LOG_E("enter HksAccessControlSecureSignTest007");
1053 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, true, true);
1054 }
1055 }
1056