1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 /* BEGIN_HEADER */
17 #include <stdint.h>
18 #include "privpass_token.h"
19 #include "auth_privpass_token.h"
20 #include "auth_errno.h"
21 #include "auth_params.h"
22 #include "crypt_util_rand.h"
23 #include "crypt_eal_rand.h"
24 #include "crypt_eal_pkey.h"
25 #include "crypt_eal_codecs.h"
26 #include "crypt_errno.h"
27 #include "crypt_params_key.h"
28 #include "eal_md_local.h"
29 #include "securec.h"
30
31 /* END_HEADER */
32
33 #define MAX_LEN 512
34
35 /**
36 * @test SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_TC001
37 * @spec Private Pass Token Serialization
38 * @title Test serialization and deserialization of Private Pass Token objects
39 */
40 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_TC001(int type,Hex * buffer)41 void SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_TC001(int type, Hex *buffer)
42 {
43 TestRandInit();
44 uint8_t output[MAX_LEN];
45 uint32_t outputLen = 0;
46 HITLS_AUTH_PrivPassToken *challenge = NULL;
47 HITLS_AUTH_PrivPassCtx *ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
48 ASSERT_NE(ctx, NULL);
49 // Test deserialization
50 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, type, buffer->x, buffer->len, &challenge), HITLS_AUTH_SUCCESS);
51 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, challenge, NULL, &outputLen), HITLS_AUTH_SUCCESS);
52 outputLen--;
53 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, challenge, output, &outputLen),
54 HITLS_AUTH_PRIVPASS_BUFFER_NOT_ENOUGH);
55 outputLen++;
56 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, challenge, output, &outputLen), HITLS_AUTH_SUCCESS);
57 // Test serialization
58 ASSERT_COMPARE("compare token", output, outputLen, buffer->x, buffer->len);
59 EXIT:
60 HITLS_AUTH_PrivPassFreeToken(challenge);
61 HITLS_AUTH_PrivPassFreeCtx(ctx);
62 TestRandDeInit();
63 }
64 /* END_CASE */
65
66 /**
67 * @test SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_TC002
68 * @spec Private Pass Token challenge serialization
69 * @title Test serialization of Private Pass Token challenge
70 */
71 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_TC002(Hex * tokenType,Hex * issuerName,Hex * redemption,Hex * originInfo)72 void SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_TC002(Hex *tokenType, Hex *issuerName, Hex *redemption, Hex *originInfo)
73 {
74 HITLS_AUTH_PrivPassCtx *ctx = NULL;
75 HITLS_AUTH_PrivPassToken *tokenChallenge1 = NULL;
76 HITLS_AUTH_PrivPassToken *tokenChallenge2 = NULL;
77 HITLS_AUTH_PrivPassToken *tokenChallenge3 = NULL;
78 HITLS_AUTH_PrivPassToken *tokenChallenge4 = NULL;
79 HITLS_AUTH_PrivPassToken *tokenChallenge3_1 = NULL;
80 HITLS_AUTH_PrivPassToken *tokenChallenge4_1 = NULL;
81 uint8_t output1[MAX_LEN >> 1];
82 uint32_t outputLen1 = MAX_LEN >> 1;
83 uint8_t output2[MAX_LEN >> 1];
84 uint32_t outputLen2 = MAX_LEN >> 1;
85 uint8_t output3[MAX_LEN >> 1];
86 uint32_t outputLen3 = MAX_LEN >> 1;
87 uint8_t output4[MAX_LEN >> 1];
88 uint32_t outputLen4 = MAX_LEN >> 1;
89 uint16_t tokenTypeValue = tokenType->x[0] << 8 | tokenType->x[1];
90 BSL_Param param1[5] = {
91 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
92 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
93 issuerName->len},
94 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
95 redemption->len},
96 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x, originInfo->len,
97 originInfo->len},
98 BSL_PARAM_END};
99 BSL_Param param2[5] = {
100 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
101 issuerName->len},
102 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
103 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x, originInfo->len,
104 originInfo->len},
105 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
106 redemption->len},
107 BSL_PARAM_END};
108 BSL_Param param3[5] = {
109 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
110 issuerName->len},
111 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x, originInfo->len,
112 originInfo->len},
113 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, 0, 0, 0},
114 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2}, BSL_PARAM_END};
115 BSL_Param param4[4] = {
116 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
117 issuerName->len},
118 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
119 redemption->len},
120 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2}, BSL_PARAM_END};
121
122 TestRandInit();
123 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
124 ASSERT_NE(ctx, NULL);
125 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param1, &tokenChallenge1), HITLS_AUTH_SUCCESS);
126 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenChallenge1, output1, &outputLen1), HITLS_AUTH_SUCCESS);
127 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param2, &tokenChallenge2), HITLS_AUTH_SUCCESS);
128 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenChallenge2, output2, &outputLen2), HITLS_AUTH_SUCCESS);
129 ASSERT_COMPARE("compare token", output1, outputLen1, output2, outputLen2);
130
131 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param3, &tokenChallenge3), HITLS_AUTH_SUCCESS);
132 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenChallenge3, output3, &outputLen3), HITLS_AUTH_SUCCESS);
133 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE, output3, outputLen3,
134 &tokenChallenge3_1), HITLS_AUTH_SUCCESS);
135
136 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param4, &tokenChallenge4), HITLS_AUTH_SUCCESS);
137 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenChallenge4, output4, &outputLen4), HITLS_AUTH_SUCCESS);
138 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE, output4, outputLen4,
139 &tokenChallenge4_1), HITLS_AUTH_SUCCESS);
140 EXIT:
141 CRYPT_EAL_RandDeinit();
142 HITLS_AUTH_PrivPassFreeToken(tokenChallenge1);
143 HITLS_AUTH_PrivPassFreeToken(tokenChallenge2);
144 HITLS_AUTH_PrivPassFreeToken(tokenChallenge3);
145 HITLS_AUTH_PrivPassFreeToken(tokenChallenge4);
146 HITLS_AUTH_PrivPassFreeToken(tokenChallenge3_1);
147 HITLS_AUTH_PrivPassFreeToken(tokenChallenge4_1);
148 HITLS_AUTH_PrivPassFreeCtx(ctx);
149 TestRandDeInit();
150 }
151 /* END_CASE */
152
153 /**
154 * @test SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC001
155 * @spec Private Pass Token Serialization Invalid Parameters
156 * @title Test serialization and deserialization with invalid parameters
157 */
158 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC001()159 void SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC001()
160 {
161 uint8_t output[MAX_LEN];
162 uint32_t outputLen = MAX_LEN;
163 HITLS_AUTH_PrivPassToken *token = NULL;
164 uint8_t dummyData[8] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
165 HITLS_AUTH_PrivPassCtx *ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
166 ASSERT_NE(ctx, NULL);
167
168 // Test NULL parameters
169 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE,
170 NULL, sizeof(dummyData), &token), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
171 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE,
172 dummyData, 0, &token), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
173 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE,
174 dummyData, sizeof(dummyData), NULL), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
175
176 // Test invalid token type
177 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, 999, dummyData,
178 sizeof(dummyData), &token), HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
179 // Test serialization with NULL parameters
180 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, NULL, output, &outputLen), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
181 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, token, NULL, &outputLen), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
182 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, token, output, NULL), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
183 EXIT:
184 HITLS_AUTH_PrivPassFreeToken(token);
185 HITLS_AUTH_PrivPassFreeCtx(ctx);
186 }
187 /* END_CASE */
188
189 /**
190 * @test SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC002
191 * @spec Private Pass Token Invalid Serialization
192 * @title Test deserialization with invalid token data
193 */
194 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC002(int type,Hex * buffer)195 void SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC002(int type, Hex *buffer)
196 {
197 HITLS_AUTH_PrivPassToken *token = NULL;
198 HITLS_AUTH_PrivPassCtx *ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
199 ASSERT_NE(ctx, NULL);
200 ASSERT_NE(HITLS_AUTH_PrivPassDeserialization(ctx, type, buffer->x, buffer->len, &token), HITLS_AUTH_SUCCESS);
201 EXIT:
202 HITLS_AUTH_PrivPassFreeToken(token);
203 HITLS_AUTH_PrivPassFreeCtx(ctx);
204 CRYPT_EAL_RandDeinit();
205 }
206 /* END_CASE */
207
208 /**
209 * @test SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC003
210 * @spec Private Pass Token Invalid Serialization
211 * @title Test serialization with invalid data
212 */
213 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC003(int type,Hex * buffer)214 void SDV_AUTH_PRIVPASS_TOKEN_SERIALIZATION_INVALID_TC003(int type, Hex *buffer)
215 {
216 HITLS_AUTH_PrivPassToken *token = NULL;
217 HITLS_AUTH_PrivPassToken *token2 = NULL;
218 uint8_t output[MAX_LEN];
219 uint32_t outputLen = MAX_LEN;
220 HITLS_AUTH_PrivPassCtx *ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
221 ASSERT_NE(ctx, NULL);
222 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, type, buffer->x, buffer->len, &token), HITLS_AUTH_SUCCESS);
223 if (type == HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE) {
224 token->st.tokenChallenge->tokenType = 0x0001; // support prv type
225 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, token, output, &outputLen), HITLS_AUTH_SUCCESS);
226 }
227 if (type == HITLS_AUTH_PRIVPASS_TOKEN_REQUEST) {
228 token->st.tokenRequest->tokenType = 0x0001; // not support prv type
229 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, token, output, &outputLen),
230 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_REQUEST);
231 }
232 if (type == HITLS_AUTH_PRIVPASS_TOKEN_RESPONSE) {
233 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, type, buffer->x, buffer->len - 1, &token2),
234 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
235 token->st.tokenResponse->type = 0; // not support prv type
236 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, token, output, &outputLen),
237 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_RESPONSE);
238 token->st.tokenResponse->type = 1;
239 }
240 if (type == HITLS_AUTH_PRIVPASS_TOKEN_INSTANCE) {
241 token->st.token->tokenType = 0; // not support prv type
242 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, token, output, &outputLen),
243 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_INSTANCE);
244 }
245 EXIT:
246 HITLS_AUTH_PrivPassFreeToken(token);
247 HITLS_AUTH_PrivPassFreeCtx(ctx);
248 CRYPT_EAL_RandDeinit();
249 }
250 /* END_CASE */
251
252 /**
253 * @test SDV_AUTH_PRIVPASS_TOKEN_GEN_PROCESS_TC001
254 * @spec Private Pass Token Generation Process
255 * @title Test complete token generation process including challenge, request, response and verification
256 */
257 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_GEN_PROCESS_TC001(Hex * pki,Hex * ski,Hex * tokenType,Hex * issuerName,Hex * redemption,Hex * originInfo)258 void SDV_AUTH_PRIVPASS_TOKEN_GEN_PROCESS_TC001(Hex *pki, Hex *ski, Hex *tokenType, Hex *issuerName,
259 Hex *redemption, Hex *originInfo)
260 {
261 HITLS_AUTH_PrivPassCtx *client = NULL;
262 HITLS_AUTH_PrivPassCtx *issuer = NULL;
263 HITLS_AUTH_PrivPassCtx *server = NULL;
264 HITLS_AUTH_PrivPassToken *tokenChallenge = NULL;
265 HITLS_AUTH_PrivPassToken *tokenChallenge2 = NULL;
266 HITLS_AUTH_PrivPassToken *tokenRequest = NULL;
267 HITLS_AUTH_PrivPassToken *tokenResponse = NULL;
268 HITLS_AUTH_PrivPassToken *finalToken = NULL;
269 uint8_t output[MAX_LEN];
270 uint32_t outputLen = MAX_LEN;
271 uint16_t tokenTypeValue = tokenType->x[0] << 8 | tokenType->x[1];
272 BSL_Param param[5] = {
273 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
274 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
275 issuerName->len},
276 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
277 redemption->len},
278 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x, originInfo->len,
279 originInfo->len},
280 BSL_PARAM_END};
281
282 TestRandInit();
283 // Create context
284 client = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
285 ASSERT_NE(client, NULL);
286 issuer = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
287 ASSERT_NE(issuer, NULL);
288 server = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
289 ASSERT_NE(server, NULL);
290 // Set keys
291 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(client, pki->x, pki->len), HITLS_AUTH_SUCCESS);
292 // issuer needs pub and prv key
293 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(issuer, NULL, ski->x, ski->len), HITLS_AUTH_SUCCESS);
294 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(issuer, pki->x, pki->len), HITLS_AUTH_SUCCESS);
295 // server
296 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(server, pki->x, pki->len), HITLS_AUTH_SUCCESS);
297 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(server, param, &tokenChallenge), HITLS_AUTH_SUCCESS);
298 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(server, tokenChallenge, output, &outputLen), HITLS_AUTH_SUCCESS);
299 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(client, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE, output,
300 outputLen, &tokenChallenge2), HITLS_AUTH_SUCCESS);
301
302 // Generate token request
303 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(client, tokenChallenge, &tokenRequest), HITLS_AUTH_SUCCESS);
304 // Generate token response
305 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(issuer, tokenRequest, &tokenResponse), HITLS_AUTH_SUCCESS);
306 // Generate final token
307 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(client, tokenChallenge, tokenResponse, &finalToken), HITLS_AUTH_SUCCESS);
308 // Verify token
309 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(server, tokenChallenge, finalToken), HITLS_AUTH_SUCCESS);
310 EXIT:
311 CRYPT_EAL_RandDeinit();
312 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
313 HITLS_AUTH_PrivPassFreeToken(tokenChallenge2);
314 HITLS_AUTH_PrivPassFreeToken(tokenRequest);
315 HITLS_AUTH_PrivPassFreeToken(tokenResponse);
316 HITLS_AUTH_PrivPassFreeToken(finalToken);
317 HITLS_AUTH_PrivPassFreeCtx(client);
318 HITLS_AUTH_PrivPassFreeCtx(issuer);
319 HITLS_AUTH_PrivPassFreeCtx(server);
320 TestRandDeInit();
321 }
322 /* END_CASE */
323
324 /**
325 * @test SDV_AUTH_PRIVPASS_TOKEN_GEN_TOKEN_CHALLENGE_TC001
326 * @spec Private Pass Token gen invalid token challenge
327 * @title Test gen invalid token challenge
328 */
329 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_GEN_TOKEN_CHALLENGE_TC001(Hex * tokenType,Hex * issuerName,Hex * redemption,Hex * originInfo)330 void SDV_AUTH_PRIVPASS_TOKEN_GEN_TOKEN_CHALLENGE_TC001(Hex *tokenType, Hex *issuerName, Hex *redemption,
331 Hex *originInfo)
332 {
333 HITLS_AUTH_PrivPassCtx *ctx = NULL;
334 HITLS_AUTH_PrivPassToken *tokenChallenge = NULL;
335 uint16_t invaliedTokenType = 3;
336 uint16_t tokenTypeValue = tokenType->x[0] << 8 | tokenType->x[1];
337 BSL_Param param1[5] = {
338 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
339 issuerName->len},
340 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &invaliedTokenType, 2, 2},
341 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x, originInfo->len,
342 originInfo->len},
343 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
344 redemption->len},
345 BSL_PARAM_END};
346 BSL_Param param2[4] = {
347 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
348 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x, originInfo->len,
349 originInfo->len},
350 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
351 redemption->len},
352 BSL_PARAM_END};
353 BSL_Param param3[4] = {
354 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
355 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x,
356 PRIVPASS_MAX_ISSUER_NAME_LEN + 1, PRIVPASS_MAX_ISSUER_NAME_LEN + 1},
357 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
358 redemption->len},
359 BSL_PARAM_END};
360 BSL_Param param4[5] = {
361 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
362 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
363 issuerName->len},
364 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x, redemption->len,
365 redemption->len},
366 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfo->x,
367 PRIVPASS_MAX_ISSUER_NAME_LEN + 1, PRIVPASS_MAX_ORIGIN_INFO_LEN + 1},
368 BSL_PARAM_END};
369 BSL_Param param5[4] = {
370 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenTypeValue, 2, 2},
371 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerName->x, issuerName->len,
372 issuerName->len},
373 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemption->x,
374 PRIVPASS_MAX_ISSUER_NAME_LEN + 1, PRIVPASS_REDEMPTION_LEN + 1},
375 BSL_PARAM_END};
376
377 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
378 ASSERT_NE(ctx, NULL);
379 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param1, &tokenChallenge),
380 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
381 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param2, &tokenChallenge),
382 HITLS_AUTH_PRIVPASS_NO_TOKEN_CHALLENGE_ISSUERNAME);
383 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param3, &tokenChallenge),
384 HITLS_AUTH_PRIVPASS_INVALID_ISSUER_NAME);
385 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param4, &tokenChallenge),
386 HITLS_AUTH_PRIVPASS_INVALID_ORIGIN_INFO);
387 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param5, &tokenChallenge),
388 HITLS_AUTH_PRIVPASS_INVALID_REDEMPTION);
389 EXIT:
390 CRYPT_EAL_RandDeinit();
391 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
392 HITLS_AUTH_PrivPassFreeCtx(ctx);
393 }
394 /* END_CASE */
395
396 static uint8_t *g_nonceBuf;
397 static uint32_t g_nonceLen;
398 static uint8_t *g_saltBuf;
399 static uint32_t g_saltLen;
400 static uint8_t *g_blindBuf;
401 static uint32_t g_blindLen;
402 static int32_t ref = 0;
403
STUB_ReplaceRandom(uint8_t * r,uint32_t randLen)404 static int32_t STUB_ReplaceRandom(uint8_t *r, uint32_t randLen)
405 {
406 if (ref == 0) {
407 for (uint32_t i = 0; i < randLen; i++) {
408 r[i] = g_nonceBuf[i];
409 }
410 ref++;
411 } else if (ref == 1) {
412 for (uint32_t i = 0; i < randLen; i++) {
413 r[i] = g_saltBuf[i];
414 }
415 ref++;
416 } else if (ref == 2) {
417 for (uint32_t i = 0; i < randLen; i++) {
418 r[i] = g_blindBuf[i];
419 }
420 }
421 return 0;
422 }
423
STUB_ReplaceRandomWEx(void * libCtx,uint8_t * r,uint32_t randLen)424 static int32_t STUB_ReplaceRandomWEx(void *libCtx, uint8_t *r, uint32_t randLen)
425 {
426 (void) libCtx;
427 return STUB_ReplaceRandom(r, randLen);
428 }
429
430 /**
431 * @test SDV_AUTH_PRIVPASS_TOKEN_VECTOR_TEST_TC001
432 * @spec Private Pass Token Vector Testing
433 * @title Test token generation process with predefined test vectors
434 */
435 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_VECTOR_TEST_TC001(Hex * ski,Hex * pki,Hex * challenge,Hex * nonce,Hex * blind,Hex * salt,Hex * request,Hex * response,Hex * token)436 void SDV_AUTH_PRIVPASS_TOKEN_VECTOR_TEST_TC001(Hex *ski, Hex *pki, Hex *challenge, Hex *nonce, Hex *blind, Hex *salt,
437 Hex *request, Hex *response, Hex *token)
438 {
439 ref = 0;
440 TestRandInit();
441 uint8_t tokenChallengeBuffer[MAX_LEN];
442 uint32_t tokenChallengeBufferLen = MAX_LEN;
443 uint8_t tokenRequestBuffer[MAX_LEN];
444 uint32_t tokenRequestBufferLen = MAX_LEN;
445 uint8_t tokenResponseBuffer[MAX_LEN];
446 uint32_t tokenResponseBufferLen = MAX_LEN;
447 uint8_t finalTokenBuffer[MAX_LEN];
448 uint32_t finalTokenBufferLen = MAX_LEN;
449 uint8_t nonceBuff[MAX_LEN];
450 uint32_t nonceLen = MAX_LEN;
451 HITLS_AUTH_PrivPassCtx *ctx = NULL;
452 HITLS_AUTH_PrivPassToken *tokenChallenge = NULL;
453 HITLS_AUTH_PrivPassToken *tokenRequest = NULL;
454 HITLS_AUTH_PrivPassToken *tokenResponse = NULL;
455 HITLS_AUTH_PrivPassToken *finalToken = NULL;
456 g_nonceBuf = (uint8_t *)nonce->x;
457 g_saltBuf = (uint8_t *)salt->x;
458 g_nonceLen = nonce->len;
459 g_saltLen = salt->len;
460 g_blindBuf = (uint8_t *)blind->x;
461 g_blindLen = blind->len;
462 BSL_Param param[2] = {
463 {AUTH_PARAM_PRIVPASS_TOKEN_NONCE, BSL_PARAM_TYPE_OCTETS_PTR, nonceBuff, nonceLen, 0}, BSL_PARAM_END};
464
465 CRYPT_RandRegist(STUB_ReplaceRandom);
466 CRYPT_RandRegistEx(STUB_ReplaceRandomWEx);
467 // Create context
468 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
469 ctx->method.random = STUB_ReplaceRandom;
470 ASSERT_NE(ctx, NULL);
471 // Set keys
472 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pki->x, pki->len), HITLS_AUTH_SUCCESS);
473 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, ski->x, ski->len), HITLS_AUTH_SUCCESS);
474
475 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE, challenge->x, challenge->len,
476 &tokenChallenge), HITLS_AUTH_SUCCESS);
477 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenChallenge, tokenChallengeBuffer, &tokenChallengeBufferLen),
478 HITLS_AUTH_SUCCESS);
479 ASSERT_COMPARE("compare tokenchallenge", tokenChallengeBuffer, tokenChallengeBufferLen,
480 challenge->x, challenge->len);
481 // Generate token request
482 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, tokenChallenge, &tokenRequest), HITLS_AUTH_SUCCESS);
483 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenRequest, tokenRequestBuffer, &tokenRequestBufferLen),
484 HITLS_AUTH_SUCCESS);
485 ASSERT_COMPARE("compare tokenrequest", tokenRequestBuffer, tokenRequestBufferLen, request->x, request->len);
486 // Generate token response
487 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, tokenRequest, &tokenResponse), HITLS_AUTH_SUCCESS);
488 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenResponse, tokenResponseBuffer, &tokenResponseBufferLen),
489 HITLS_AUTH_SUCCESS);
490 ASSERT_COMPARE("compare tokenresponse", tokenResponseBuffer, tokenResponseBufferLen, response->x, response->len);
491 // Generate final token
492 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenChallenge, tokenResponse, &finalToken), HITLS_AUTH_SUCCESS);
493 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, finalToken, finalTokenBuffer, &finalTokenBufferLen),
494 HITLS_AUTH_SUCCESS);
495 ASSERT_COMPARE("compare finaltoken", finalTokenBuffer, finalTokenBufferLen, token->x, token->len);
496 // Verify token
497 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(ctx, tokenChallenge, finalToken), HITLS_AUTH_SUCCESS);
498 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(finalToken, HITLS_AUTH_PRIVPASS_GET_TOKEN_NONCE, param, 0),
499 HITLS_AUTH_SUCCESS);
500 ASSERT_COMPARE("compare nonce", param->value, param->useLen, nonce->x, nonce->len);
501
502 EXIT:
503 TestRandDeInit();
504 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
505 HITLS_AUTH_PrivPassFreeToken(tokenRequest);
506 HITLS_AUTH_PrivPassFreeToken(tokenResponse);
507 HITLS_AUTH_PrivPassFreeToken(finalToken);
508 HITLS_AUTH_PrivPassFreeCtx(ctx);
509 }
510 /* END_CASE */
511
512 /**
513 * @test SDV_AUTH_PRIVPASS_TOKEN_CHALLENGE_OBTAIN_TC001
514 * @spec Private Pass Token Challenge Parameters
515 * @title Test obtaining and validating token challenge parameters
516 */
517 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_CHALLENGE_OBTAIN_TC001(Hex * challenge)518 void SDV_AUTH_PRIVPASS_TOKEN_CHALLENGE_OBTAIN_TC001(Hex *challenge)
519 {
520 uint8_t tokenChallengeBuffer[MAX_LEN];
521 uint32_t tokenChallengeBufferLen = MAX_LEN;
522 uint16_t tokenType;
523 uint8_t issuerNameBuffer[MAX_LEN];
524 uint32_t issuerNameBufferLen = MAX_LEN;
525 uint8_t redemptionBuffer[MAX_LEN];
526 uint32_t redemptionBufferLen = MAX_LEN;
527 uint8_t originInfoBuffer[MAX_LEN];
528 uint32_t originInfoBufferLen = MAX_LEN;
529 HITLS_AUTH_PrivPassToken *tokenChallenge1 = NULL;
530 HITLS_AUTH_PrivPassToken *tokenChallenge2 = NULL;
531 HITLS_AUTH_PrivPassCtx *ctx = NULL;
532 BSL_Param param1[5] = {
533 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenType, 2, 0},
534 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerNameBuffer,
535 issuerNameBufferLen, 0},
536 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemptionBuffer,
537 redemptionBufferLen, 0},
538 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfoBuffer,
539 originInfoBufferLen, 0},
540 BSL_PARAM_END};
541 BSL_Param param2[5] = {
542 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_TYPE, BSL_PARAM_TYPE_UINT16, &tokenType, 2, 0},
543 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ISSUERNAME, BSL_PARAM_TYPE_OCTETS_PTR, issuerNameBuffer, 0, 0},
544 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REDEMPTION, BSL_PARAM_TYPE_OCTETS_PTR, redemptionBuffer, 0, 0},
545 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_ORIGININFO, BSL_PARAM_TYPE_OCTETS_PTR, originInfoBuffer, 0, 0},
546 BSL_PARAM_END};
547 // Create context
548 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
549 ASSERT_NE(ctx, NULL);
550
551 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE, challenge->x, challenge->len,
552 &tokenChallenge1), HITLS_AUTH_SUCCESS);
553 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge1, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGE_TYPE, param1, 0),
554 HITLS_AUTH_SUCCESS);
555 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge1, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGE_REDEMPTION,
556 param1, 0),
557 HITLS_AUTH_SUCCESS);
558 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge1, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGE_ORIGININFO,
559 param1, 0),
560 HITLS_AUTH_SUCCESS);
561 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge1, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGE_ISSUERNAME,
562 param1, 0),
563 HITLS_AUTH_SUCCESS);
564 param2[0].valueLen = param1[0].useLen;
565 param2[1].valueLen = param1[1].useLen;
566 param2[2].valueLen = param1[2].useLen;
567 param2[3].valueLen = param1[3].useLen;
568 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenChallenge(ctx, param2, &tokenChallenge2), HITLS_AUTH_SUCCESS);
569 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenChallenge2, tokenChallengeBuffer,
570 &tokenChallengeBufferLen), HITLS_AUTH_SUCCESS);
571
572 ASSERT_COMPARE("compare token challenge", tokenChallengeBuffer, tokenChallengeBufferLen, challenge->x,
573 challenge->len);
574 EXIT:
575 CRYPT_EAL_RandDeinit();
576 HITLS_AUTH_PrivPassFreeToken(tokenChallenge1);
577 HITLS_AUTH_PrivPassFreeToken(tokenChallenge2);
578 HITLS_AUTH_PrivPassFreeCtx(ctx);
579 }
580 /* END_CASE */
581
NewPkeyCtxTmp(void * libCtx,int algId)582 void *NewPkeyCtxTmp(void *libCtx, int algId)
583 {
584 (void)libCtx;
585 (void)algId;
586 return NULL;
587 }
588
589 /**
590 * @test SDV_AUTH_PRIVPASS_TEST_SET_CRYPTO_CB_TC001
591 * @brief Test setting and validating crypto callback functionality
592 */
593 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TEST_SET_CRYPTO_CB_TC001(Hex * ski,Hex * pki)594 void SDV_AUTH_PRIVPASS_TEST_SET_CRYPTO_CB_TC001(Hex *ski, Hex *pki)
595 {
596 TestRandInit();
597 HITLS_AUTH_PrivPassCtx *ctx = NULL;
598 HITLS_AUTH_PrivPassToken *tokenChallenge = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE);
599 HITLS_AUTH_PrivPassToken *tokenRequest = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_REQUEST);
600 HITLS_AUTH_PrivPassToken *tokenResponse = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_RESPONSE);
601 HITLS_AUTH_PrivPassToken *finalToken = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_INSTANCE);
602 HITLS_AUTH_PrivPassToken *tokenRequest1 = NULL;
603 HITLS_AUTH_PrivPassToken *tokenResponse1 = NULL;
604 HITLS_AUTH_PrivPassToken *finalToken1 = NULL;
605 CRYPT_EAL_PkeyCtx *pkeyCtx = NULL;
606 ASSERT_NE(tokenChallenge, NULL);
607 ASSERT_NE(tokenRequest, NULL);
608 ASSERT_NE(tokenResponse, NULL);
609 ASSERT_NE(finalToken, NULL);
610 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
611 ASSERT_NE(ctx, NULL);
612 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pki->x, pki->len), 0);
613 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, ski->x, ski->len), 0);
614 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, tokenChallenge, &tokenRequest1),
615 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
616 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, tokenRequest, &tokenResponse1),
617 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
618 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenChallenge, tokenResponse, &finalToken1),
619 HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
620 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(ctx, tokenChallenge, finalToken), HITLS_AUTH_PRIVPASS_INVALID_TOKEN_TYPE);
621
622 pkeyCtx = ctx->method.newPkeyCtx(NULL, NULL, HITLS_AUTH_PRIVPASS_CRYPTO_RSA);
623 ASSERT_NE(pkeyCtx, NULL);
624 ASSERT_EQ(CRYPT_EAL_PkeyGetId(pkeyCtx), CRYPT_PKEY_RSA);
625 ctx->method.freePkeyCtx(pkeyCtx);
626 pkeyCtx = NULL;
627 ASSERT_EQ(HITLS_AUTH_PrivPassSetCryptCb(ctx, HITLS_AUTH_PRIVPASS_NEW_PKEY_CTX_CB - 1, NewPkeyCtxTmp),
628 HITLS_AUTH_PRIVPASS_INVALID_CRYPTO_CALLBACK_TYPE);
629 ASSERT_EQ(HITLS_AUTH_PrivPassSetCryptCb(ctx, HITLS_AUTH_PRIVPASS_NEW_PKEY_CTX_CB, NewPkeyCtxTmp),
630 HITLS_AUTH_SUCCESS);
631 pkeyCtx = ctx->method.newPkeyCtx(NULL, NULL, HITLS_AUTH_PRIVPASS_CRYPTO_RSA);
632 ASSERT_EQ(pkeyCtx, NULL);
633 EXIT:
634 HITLS_AUTH_PrivPassFreeCtx(ctx);
635 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
636 HITLS_AUTH_PrivPassFreeToken(tokenRequest);
637 HITLS_AUTH_PrivPassFreeToken(tokenResponse);
638 HITLS_AUTH_PrivPassFreeToken(finalToken);
639 TestRandDeInit();
640 }
641 /* END_CASE */
642
643 /**
644 * @test SDV_AUTH_PRIVPASS_SET_KEY_TC001
645 * @brief Test case for setting public and private keys in PrivPass context
646 */
647 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_SET_KEY_TC001(Hex * ski,Hex * pki)648 void SDV_AUTH_PRIVPASS_SET_KEY_TC001(Hex *ski, Hex *pki)
649 {
650 HITLS_AUTH_PrivPassCtx *ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
651 ASSERT_NE(ctx, NULL);
652 // Test NULL pointer parameters
653 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(NULL, pki->x, pki->len), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
654 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, NULL, pki->len), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
655 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(NULL, NULL, ski->x, ski->len), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
656 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, NULL, ski->len), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
657 // Test zero length
658 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pki->x, 0), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
659 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, ski->x, 0), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
660 // Test duplicate key setting
661 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pki->x, pki->len), HITLS_AUTH_SUCCESS);
662 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pki->x, pki->len), HITLS_AUTH_SUCCESS);
663 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, ski->x, ski->len), HITLS_AUTH_SUCCESS);
664 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, ski->x, ski->len), HITLS_AUTH_SUCCESS);
665 ctx->method.checkKeyPair = NULL;
666 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, ski->x, ski->len), HITLS_AUTH_PRIVPASS_NO_KEYPAIR_CHECK_CALLBACK);
667
668 EXIT:
669 HITLS_AUTH_PrivPassFreeCtx(ctx);
670 }
671 /* END_CASE */
672
673 /**
674 * @test SDV_AUTH_PRIVPASS_SET_KEY_TC002
675 * @brief Test case for validating that mismatched public/private key pairs are rejected
676 */
677 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_SET_KEY_TC002()678 void SDV_AUTH_PRIVPASS_SET_KEY_TC002()
679 {
680 TestRandInit();
681 uint8_t e[] = {1, 0, 1};
682 BSL_Buffer pubBuffer = {0};
683 BSL_Buffer prvBuffer = {0};
684 CRYPT_EAL_PkeyPara para = {0};
685 HITLS_AUTH_PrivPassCtx *ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
686 CRYPT_EAL_PkeyCtx *pkey1 = CRYPT_EAL_PkeyNewCtx(CRYPT_PKEY_RSA);
687 CRYPT_EAL_PkeyCtx *pkey2 = CRYPT_EAL_PkeyNewCtx(CRYPT_PKEY_RSA);
688 CRYPT_MD_AlgId mdId = CRYPT_MD_SHA384;
689 uint32_t saltLen = 0;
690 BSL_Param pssParam[4] = {
691 {CRYPT_PARAM_RSA_MD_ID, BSL_PARAM_TYPE_INT32, &mdId, sizeof(mdId), 0},
692 {CRYPT_PARAM_RSA_MGF1_ID, BSL_PARAM_TYPE_INT32, &mdId, sizeof(mdId), 0},
693 {CRYPT_PARAM_RSA_SALTLEN, BSL_PARAM_TYPE_INT32, &saltLen, sizeof(saltLen), 0}, BSL_PARAM_END};
694 ASSERT_NE(ctx, NULL);
695 ASSERT_NE(pkey1, NULL);
696 ASSERT_NE(pkey2, NULL);
697 para.id = CRYPT_PKEY_RSA;
698 para.para.rsaPara.e = e;
699 para.para.rsaPara.eLen = 3;
700 para.para.rsaPara.bits = 2048;
701 ASSERT_EQ(CRYPT_EAL_PkeySetPara(pkey1, ¶), CRYPT_SUCCESS);
702 ASSERT_EQ(CRYPT_EAL_PkeySetPara(pkey2, ¶), CRYPT_SUCCESS);
703 ASSERT_EQ(CRYPT_EAL_PkeyGen(pkey1), CRYPT_SUCCESS);
704 ASSERT_EQ(CRYPT_EAL_PkeyGen(pkey2), CRYPT_SUCCESS);
705 ASSERT_TRUE(CRYPT_EAL_PkeyCtrl(pkey1, CRYPT_CTRL_SET_RSA_EMSA_PSS, &pssParam, 0) == CRYPT_SUCCESS);
706 ASSERT_TRUE(CRYPT_EAL_PkeyCtrl(pkey2, CRYPT_CTRL_SET_RSA_EMSA_PSS, &pssParam, 0) == CRYPT_SUCCESS);
707 ASSERT_EQ(CRYPT_EAL_EncodeBuffKey(pkey1, NULL, BSL_FORMAT_ASN1, CRYPT_PUBKEY_SUBKEY, &pubBuffer), CRYPT_SUCCESS);
708 ASSERT_EQ(CRYPT_EAL_EncodeBuffKey(pkey2, NULL, BSL_FORMAT_PEM, CRYPT_PRIKEY_PKCS8_UNENCRYPT, &prvBuffer),
709 CRYPT_SUCCESS);
710 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pubBuffer.data, pubBuffer.dataLen), HITLS_AUTH_SUCCESS);
711 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, prvBuffer.data, prvBuffer.dataLen),
712 HITLS_AUTH_PRIVPASS_CHECK_KEYPAIR_FAILED);
713 HITLS_AUTH_PrivPassFreeCtx(ctx);
714 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
715 ASSERT_NE(ctx, NULL);
716 ASSERT_EQ(HITLS_AUTH_PrivPassSetPrvkey(ctx, NULL, prvBuffer.data, prvBuffer.dataLen),
717 HITLS_AUTH_SUCCESS);
718 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pubBuffer.data, pubBuffer.dataLen),
719 HITLS_AUTH_PRIVPASS_CHECK_KEYPAIR_FAILED);
720 EXIT:
721 BSL_SAL_Free(pubBuffer.data);
722 BSL_SAL_Free(prvBuffer.data);
723 HITLS_AUTH_PrivPassFreeCtx(ctx);
724 CRYPT_EAL_PkeyFreeCtx(pkey1);
725 CRYPT_EAL_PkeyFreeCtx(pkey2);
726 TestRandDeInit();
727 }
728 /* END_CASE */
729
730 /**
731 * @test SDV_AUTH_PRIVPASS_TOKEN_GEN_INVALID_TC001
732 * @spec Private Pass Token Generation Invalid Cases
733 * @title Test token generation process with invalid parameters and states
734 */
735 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_INVALID_INTERACTION_TC001()736 void SDV_AUTH_PRIVPASS_TOKEN_INVALID_INTERACTION_TC001()
737 {
738 HITLS_AUTH_PrivPassCtx *ctx = NULL;
739 HITLS_AUTH_PrivPassToken *tokenChallenge = NULL;
740 HITLS_AUTH_PrivPassToken *tokenRequest = NULL;
741 HITLS_AUTH_PrivPassToken *tokenResponse = NULL;
742 HITLS_AUTH_PrivPassToken *finalToken = NULL;
743
744 TestRandInit();
745 // Test with NULL context
746 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(NULL, tokenChallenge, &tokenRequest), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
747 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(NULL, tokenRequest, &tokenResponse),
748 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
749 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(NULL, tokenChallenge, tokenResponse, &finalToken),
750 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
751 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(NULL, tokenChallenge, finalToken), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
752 // Create context but don't set keys
753 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
754 ASSERT_NE(ctx, NULL);
755 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, tokenChallenge, &tokenRequest), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
756 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, tokenRequest, &tokenResponse),
757 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
758 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenChallenge, tokenResponse, &finalToken),
759 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
760 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(ctx, tokenChallenge, finalToken), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
761 // Test with NULL tokens
762 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, NULL, &tokenRequest), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
763 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, NULL, &tokenResponse), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
764 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, NULL, tokenResponse, &finalToken), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
765 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(ctx, NULL, finalToken), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
766 EXIT:
767 TestRandDeInit();
768 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
769 HITLS_AUTH_PrivPassFreeToken(tokenRequest);
770 HITLS_AUTH_PrivPassFreeToken(tokenResponse);
771 HITLS_AUTH_PrivPassFreeToken(finalToken);
772 HITLS_AUTH_PrivPassFreeCtx(ctx);
773 }
774 /* END_CASE */
775
776 /**
777 * @test SDV_AUTH_PRIVPASS_TOKEN_GEN_INVALID_TC001
778 * @brief Test case to verify error handling for invalid PrivPass token interactions
779 */
780 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_INVALID_INTERACTION_TC002(Hex * challenge,Hex * request,Hex * response,Hex * token)781 void SDV_AUTH_PRIVPASS_TOKEN_INVALID_INTERACTION_TC002(Hex *challenge, Hex *request, Hex *response, Hex *token)
782 {
783 TestRandInit();
784 HITLS_AUTH_PrivPassCtx *ctx = NULL;
785 HITLS_AUTH_PrivPassToken *tokenChallenge = NULL;
786 HITLS_AUTH_PrivPassToken *tokenRequest = NULL;
787 HITLS_AUTH_PrivPassToken *tokenResponse = NULL;
788 HITLS_AUTH_PrivPassToken *finalToken = NULL;
789 HITLS_AUTH_PrivPassToken *tokenRequest1 = NULL;
790 HITLS_AUTH_PrivPassToken *tokenResponse1 = NULL;
791 HITLS_AUTH_PrivPassToken *finalToken1 = NULL;
792 // Create a new PrivPass context
793 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
794 ASSERT_NE(ctx, NULL);
795 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE, challenge->x, challenge->len,
796 &tokenChallenge), HITLS_AUTH_SUCCESS);
797 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_REQUEST, request->x, request->len,
798 &tokenRequest), HITLS_AUTH_SUCCESS);
799 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_RESPONSE, response->x, response->len,
800 &tokenResponse), HITLS_AUTH_SUCCESS);
801 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_INSTANCE, token->x, token->len,
802 &finalToken), HITLS_AUTH_SUCCESS);
803
804 // The entered token object does not match the expected value
805 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, finalToken, &tokenRequest), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
806 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, finalToken, &tokenResponse), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
807 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenResponse, tokenResponse, &finalToken),
808 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
809 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenChallenge, tokenChallenge, &finalToken),
810 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
811 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(ctx, tokenResponse, finalToken), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
812 // When the output != NULL
813 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, tokenChallenge, &tokenRequest), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
814 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, tokenRequest, &tokenResponse),
815 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
816 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenChallenge, tokenResponse, &finalToken),
817 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
818 // There is no key info
819 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenReq(ctx, tokenChallenge, &tokenRequest1), HITLS_AUTH_PRIVPASS_NO_PUBKEY_INFO);
820 ASSERT_EQ(HITLS_AUTH_PrivPassGenTokenResponse(ctx, tokenRequest, &tokenResponse1),
821 HITLS_AUTH_PRIVPASS_NO_PRVKEY_INFO);
822 ASSERT_EQ(HITLS_AUTH_PrivPassGenToken(ctx, tokenChallenge, tokenResponse, &finalToken1),
823 HITLS_AUTH_PRIVPASS_NO_PUBKEY_INFO);
824 ASSERT_EQ(HITLS_AUTH_PrivPassVerifyToken(ctx, tokenChallenge, finalToken), HITLS_AUTH_PRIVPASS_NO_PUBKEY_INFO);
825 EXIT:
826 TestRandDeInit();
827 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
828 HITLS_AUTH_PrivPassFreeToken(tokenRequest);
829 HITLS_AUTH_PrivPassFreeToken(tokenResponse);
830 HITLS_AUTH_PrivPassFreeToken(finalToken);
831 HITLS_AUTH_PrivPassFreeCtx(ctx);
832 }
833 /* END_CASE */
834
835 /**
836 * @test SDV_AUTH_PRIVPASS_TOKEN_CHALLENGEREQUEST_OBTAIN_TC001
837 * @spec Private Pass Token challenge Request Parameters
838 * @title Test obtaining and validating token challenge request parameters obtain
839 */
840 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_CHALLENGEREQUEST_OBTAIN_TC001(Hex * challRequest)841 void SDV_AUTH_PRIVPASS_TOKEN_CHALLENGEREQUEST_OBTAIN_TC001(Hex *challRequest)
842 {
843 uint8_t challengeRequestBuffer[MAX_LEN];
844 HITLS_AUTH_PrivPassToken *challengeRequest = NULL;
845 HITLS_AUTH_PrivPassCtx *ctx = NULL;
846 BSL_Param param[3] = {
847 {AUTH_PARAM_PRIVPASS_TOKEN, BSL_PARAM_TYPE_OCTETS_PTR, challengeRequestBuffer,
848 MAX_LEN, MAX_LEN},
849 {AUTH_PARAM_PRIVPASS_TOKENCHALLENGE_REQUEST, BSL_PARAM_TYPE_OCTETS_PTR, challengeRequestBuffer,
850 MAX_LEN, MAX_LEN},
851 BSL_PARAM_END};
852 // Create context
853 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
854 ASSERT_NE(ctx, NULL);
855
856 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE_REQUEST, challRequest->x,
857 challRequest->len, &challengeRequest), HITLS_AUTH_SUCCESS);
858 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(challengeRequest, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGEREQUEST_INFO,
859 param, 0), HITLS_AUTH_SUCCESS);
860
861 ASSERT_COMPARE("compare token challenge request", challengeRequestBuffer, param[1].useLen, challRequest->x,
862 challRequest->len);
863 EXIT:
864 HITLS_AUTH_PrivPassFreeToken(challengeRequest);
865 HITLS_AUTH_PrivPassFreeCtx(ctx);
866 }
867 /* END_CASE */
868
869 /**
870 * @test SDV_AUTH_PRIVPASS_TOKEN_REQUEST_OBTAIN_TC001
871 * @spec Private Pass Token challenge Request Parameters
872 * @title Test obtaining and validating token challenge request parameters obtain
873 */
874 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_REQUEST_OBTAIN_TC001(Hex * request)875 void SDV_AUTH_PRIVPASS_TOKEN_REQUEST_OBTAIN_TC001(Hex *request)
876 {
877 uint8_t tokenRequestBuffer[MAX_LEN];
878 uint32_t tokenRequestBufferLen = MAX_LEN;
879 uint16_t tokenType;
880 uint8_t truncatedTokenKeyId;
881 uint8_t blindedMsgBuffer[MAX_LEN];
882 uint32_t blindedMsgBufferLen = MAX_LEN;
883 HITLS_AUTH_PrivPassToken *tokenRequest1 = NULL;
884 HITLS_AUTH_PrivPassToken *tokenRequest2 = NULL;
885 HITLS_AUTH_PrivPassCtx *ctx = NULL;
886 PrivPass_TokenRequest *tmpRequest = NULL;
887 BSL_Param param[4] = {
888 {AUTH_PARAM_PRIVPASS_TOKENREQUEST_BLINDEDMSG, BSL_PARAM_TYPE_OCTETS_PTR, blindedMsgBuffer, blindedMsgBufferLen, 0},
889 {AUTH_PARAM_PRIVPASS_TOKENREQUEST_TRUNCATEDTOKENKEYID, BSL_PARAM_TYPE_UINT8, &truncatedTokenKeyId, 1, 0},
890 {AUTH_PARAM_PRIVPASS_TOKENREQUEST_TYPE, BSL_PARAM_TYPE_UINT16, &tokenType, 2, 0},
891 BSL_PARAM_END
892 };
893
894 // Create context
895 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
896 ASSERT_TRUE(ctx != NULL);
897
898 // Deserialize the request
899 ASSERT_TRUE(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_REQUEST, request->x, request->len,
900 &tokenRequest1) == HITLS_AUTH_SUCCESS);
901
902 // Extract parameters
903 ASSERT_TRUE(HITLS_AUTH_PrivPassTokenCtrl(tokenRequest1, HITLS_AUTH_PRIVPASS_GET_TOKENREQUEST_TYPE, param, 0)
904 == HITLS_AUTH_SUCCESS);
905 ASSERT_TRUE(HITLS_AUTH_PrivPassTokenCtrl(tokenRequest1, HITLS_AUTH_PRIVPASS_GET_TOKENREQUEST_TRUNCATEDTOKENKEYID,
906 param, 0) == HITLS_AUTH_SUCCESS);
907 ASSERT_TRUE(HITLS_AUTH_PrivPassTokenCtrl(tokenRequest1, HITLS_AUTH_PRIVPASS_GET_TOKENREQUEST_BLINDEDMSG, param,
908 0) == HITLS_AUTH_SUCCESS);
909
910 // Create new token request
911 tokenRequest2 = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_REQUEST);
912 tmpRequest = tokenRequest2->st.tokenRequest;
913 tmpRequest->tokenType = tokenType;
914 tmpRequest->truncatedTokenKeyId = truncatedTokenKeyId;
915 tmpRequest->blindedMsg.data = blindedMsgBuffer;
916 tmpRequest->blindedMsg.dataLen = param[0].useLen;
917 // Serialize and compare
918 ASSERT_TRUE(HITLS_AUTH_PrivPassSerialization(ctx, tokenRequest2, tokenRequestBuffer, &tokenRequestBufferLen)
919 == HITLS_AUTH_SUCCESS);
920 ASSERT_TRUE(memcmp(tokenRequestBuffer, request->x, request->len) == 0);
921 ASSERT_COMPARE("compare token request", tokenRequestBuffer, tokenRequestBufferLen, request->x, request->len);
922 EXIT:
923 tmpRequest->blindedMsg.data = NULL;
924 HITLS_AUTH_PrivPassFreeToken(tokenRequest1);
925 HITLS_AUTH_PrivPassFreeToken(tokenRequest2);
926 HITLS_AUTH_PrivPassFreeCtx(ctx);
927 }
928 /* END_CASE */
929
930 /**
931 * @test SDV_AUTH_PRIVPASS_TOKEN_INSTANCE_OBTAIN_TC001
932 * @spec Private Pass Token Instance Parameters
933 * @title Test obtaining and validating token instance parameters
934 */
935 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_INSTANCE_OBTAIN_TC001(Hex * token)936 void SDV_AUTH_PRIVPASS_TOKEN_INSTANCE_OBTAIN_TC001(Hex *token)
937 {
938 uint8_t tokenInstanceBuffer[MAX_LEN];
939 uint32_t tokenInstanceBufferLen = MAX_LEN;
940 uint16_t tokenType;
941 uint8_t nonceBuffer[MAX_LEN];
942 uint32_t nonceBufferLen = MAX_LEN;
943 uint8_t challengeDigestBuffer[MAX_LEN];
944 uint32_t challengeDigestBufferLen = MAX_LEN;
945 uint8_t tokenKeyIdBuffer[MAX_LEN];
946 uint32_t tokenKeyIdBufferLen = MAX_LEN;
947 uint8_t authenticatorBuffer[MAX_LEN];
948 uint32_t authenticatorBufferLen = MAX_LEN;
949 HITLS_AUTH_PrivPassToken *tokenInstance1 = NULL;
950 HITLS_AUTH_PrivPassToken *tokenInstance2 = NULL;
951 HITLS_AUTH_PrivPassCtx *ctx = NULL;
952 PrivPass_TokenInstance *tmpToken = NULL;
953 BSL_Param param[6] = {
954 {AUTH_PARAM_PRIVPASS_TOKEN_NONCE, BSL_PARAM_TYPE_OCTETS_PTR, nonceBuffer, nonceBufferLen, 0},
955 {AUTH_PARAM_PRIVPASS_TOKEN_AUTHENTICATOR, BSL_PARAM_TYPE_OCTETS_PTR, authenticatorBuffer,
956 authenticatorBufferLen, 0},
957 {AUTH_PARAM_PRIVPASS_TOKEN_TYPE, BSL_PARAM_TYPE_UINT16, &tokenType, 2, 0},
958 {AUTH_PARAM_PRIVPASS_TOKEN_CHALLENGEDIGEST, BSL_PARAM_TYPE_OCTETS_PTR, challengeDigestBuffer,
959 challengeDigestBufferLen, 0},
960 {AUTH_PARAM_PRIVPASS_TOKEN_TOKENKEYID, BSL_PARAM_TYPE_OCTETS_PTR, tokenKeyIdBuffer, tokenKeyIdBufferLen, 0},
961 BSL_PARAM_END
962 };
963
964 // Create context
965 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
966 ASSERT_NE(ctx, NULL);
967
968 // Deserialize the token instance
969 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_INSTANCE, token->x, token->len,
970 &tokenInstance1), HITLS_AUTH_SUCCESS);
971
972 // Extract parameters
973 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenInstance1, HITLS_AUTH_PRIVPASS_GET_TOKEN_TYPE, param, 0),
974 HITLS_AUTH_SUCCESS);
975 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenInstance1, HITLS_AUTH_PRIVPASS_GET_TOKEN_NONCE, param, 0),
976 HITLS_AUTH_SUCCESS);
977 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenInstance1, HITLS_AUTH_PRIVPASS_GET_TOKEN_CHALLENGEDIGEST, param, 0),
978 HITLS_AUTH_SUCCESS);
979 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenInstance1, HITLS_AUTH_PRIVPASS_GET_TOKEN_TOKENKEYID, param, 0),
980 HITLS_AUTH_SUCCESS);
981 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenInstance1, HITLS_AUTH_PRIVPASS_GET_TOKEN_AUTHENTICATOR, param, 0),
982 HITLS_AUTH_SUCCESS);
983
984 // Create new token instance
985 tokenInstance2 = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_INSTANCE);
986 tmpToken = tokenInstance2->st.token;
987 tmpToken->tokenType = tokenType;
988 (void)memcpy_s(tmpToken->nonce, param[0].useLen, nonceBuffer, param[0].useLen);
989 (void)memcpy_s(tmpToken->challengeDigest, param[3].useLen, challengeDigestBuffer, param[3].useLen);
990 (void)memcpy_s(tmpToken->tokenKeyId, param[4].useLen, tokenKeyIdBuffer, param[4].useLen);
991 tmpToken->authenticator.data = authenticatorBuffer;
992 tmpToken->authenticator.dataLen = param[1].useLen;
993 // Serialize and compare
994 ASSERT_EQ(HITLS_AUTH_PrivPassSerialization(ctx, tokenInstance2, tokenInstanceBuffer, &tokenInstanceBufferLen),
995 HITLS_AUTH_SUCCESS);
996 ASSERT_COMPARE("compare token instance", tokenInstanceBuffer, tokenInstanceBufferLen, token->x, token->len);
997 EXIT:
998 tmpToken->authenticator.data = NULL;
999 HITLS_AUTH_PrivPassFreeToken(tokenInstance1);
1000 HITLS_AUTH_PrivPassFreeToken(tokenInstance2);
1001 HITLS_AUTH_PrivPassFreeCtx(ctx);
1002 }
1003 /* END_CASE */
1004
1005 /**
1006 * @test SDV_AUTH_PRIVPASS_TOKEN_RESPONSE_OBTAIN_TC001
1007 * @spec Private Pass Token Response Parameters
1008 * @title Test obtaining and validating token response parameters obtain
1009 */
1010 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_RESPONSE_OBTAIN_TC001(Hex * response)1011 void SDV_AUTH_PRIVPASS_TOKEN_RESPONSE_OBTAIN_TC001(Hex *response)
1012 {
1013 uint8_t responseBuffer[MAX_LEN];
1014 uint32_t responseBufferLen = MAX_LEN;
1015 HITLS_AUTH_PrivPassToken *responseToken = NULL;
1016 HITLS_AUTH_PrivPassCtx *ctx = NULL;
1017 BSL_Param param[3] = {
1018 {AUTH_PARAM_PRIVPASS_TOKEN, BSL_PARAM_TYPE_OCTETS_PTR, responseBuffer, responseBufferLen, 0},
1019 {AUTH_PARAM_PRIVPASS_TOKENRESPONSE_INFO, BSL_PARAM_TYPE_OCTETS_PTR, responseBuffer, responseBufferLen, 0},
1020 BSL_PARAM_END};
1021 // Create context
1022 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
1023 ASSERT_TRUE(ctx != NULL);
1024
1025 ASSERT_EQ(HITLS_AUTH_PrivPassDeserialization(ctx, HITLS_AUTH_PRIVPASS_TOKEN_RESPONSE, response->x,
1026 response->len, &responseToken), HITLS_AUTH_SUCCESS);
1027 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(responseToken, HITLS_AUTH_PRIVPASS_GET_TOKENRESPONSE_INFO, param, 0),
1028 HITLS_AUTH_SUCCESS);
1029
1030 ASSERT_COMPARE("compare token response", responseBuffer, param[1].useLen, response->x,
1031 response->len);
1032 EXIT:
1033 HITLS_AUTH_PrivPassFreeToken(responseToken);
1034 HITLS_AUTH_PrivPassFreeCtx(ctx);
1035 }
1036 /* END_CASE */
1037
1038 /**
1039 * @test SDV_AUTH_PRIVPASS_TOKEN_CTRL_INVALIED_TEST_TC001
1040 * @spec Private Pass Token Ctrl Invalid Test
1041 * @title Test obtaining and validating token ctrl invalid test
1042 */
1043 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_TOKEN_CTRL_INVALIED_TEST_TC001()1044 void SDV_AUTH_PRIVPASS_TOKEN_CTRL_INVALIED_TEST_TC001()
1045 {
1046 uint8_t buffer[MAX_LEN];
1047 uint32_t bufferLen = MAX_LEN;
1048 BSL_Param param[4] = {
1049 {AUTH_PARAM_PRIVPASS_TOKENREQUEST_BLINDEDMSG, BSL_PARAM_TYPE_OCTETS_PTR, buffer, bufferLen, 0},
1050 {AUTH_PARAM_PRIVPASS_TOKENRESPONSE_INFO, BSL_PARAM_TYPE_OCTETS_PTR, buffer, bufferLen, 0},
1051 {AUTH_PARAM_PRIVPASS_TOKEN_AUTHENTICATOR, BSL_PARAM_TYPE_OCTETS_PTR, buffer, bufferLen, 0},
1052 BSL_PARAM_END};
1053 HITLS_AUTH_PrivPassToken *tokenChallReq = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE_REQUEST);
1054 HITLS_AUTH_PrivPassToken *tokenChallenge = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_CHALLENGE);
1055 HITLS_AUTH_PrivPassToken *tokenRequest = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_REQUEST);
1056 HITLS_AUTH_PrivPassToken *tokenResponse = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_RESPONSE);
1057 HITLS_AUTH_PrivPassToken *tokenInstance = HITLS_AUTH_PrivPassNewToken(HITLS_AUTH_PRIVPASS_TOKEN_INSTANCE);
1058 ASSERT_TRUE(tokenChallReq != NULL);
1059 ASSERT_TRUE(tokenChallenge != NULL);
1060 ASSERT_TRUE(tokenRequest != NULL);
1061 ASSERT_TRUE(tokenResponse != NULL);
1062 ASSERT_TRUE(tokenInstance != NULL);
1063
1064 // for test invailed token challenge request
1065 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(NULL, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGEREQUEST_INFO, param, 0),
1066 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1067 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallReq, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGEREQUEST_INFO, NULL, 0),
1068 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1069 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallReq, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGEREQUEST_INFO, param, 0),
1070 HITLS_AUTH_PRIVPASS_NO_TOKEN_CHALLENGE_REQUEST);
1071 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGEREQUEST_INFO, param,
1072 0), HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1073
1074 // for test invailed token challenge
1075 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGE_TYPE, NULL, 0),
1076 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1077 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenChallenge, HITLS_AUTH_PRIVPASS_GET_TOKENCHALLENGE_ISSUERNAME, param, 0),
1078 HITLS_AUTH_PRIVPASS_NO_ISSUERNAME);
1079
1080 // for test invailed token request
1081 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenRequest, HITLS_AUTH_PRIVPASS_GET_TOKENREQUEST_TYPE, NULL, 0),
1082 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1083 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenRequest, HITLS_AUTH_PRIVPASS_GET_TOKENREQUEST_BLINDEDMSG, param, 0),
1084 HITLS_AUTH_PRIVPASS_NO_BLINDEDMSG);
1085
1086 // for test invailed token response
1087 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(NULL, HITLS_AUTH_PRIVPASS_GET_TOKENRESPONSE_INFO, param, 0),
1088 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1089 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenResponse, HITLS_AUTH_PRIVPASS_GET_TOKENRESPONSE_INFO, param, 0),
1090 HITLS_AUTH_PRIVPASS_NO_RESPONSE_INFO);
1091
1092 // for test invailed token
1093 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(NULL, HITLS_AUTH_PRIVPASS_GET_TOKEN_TYPE, param, 0),
1094 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1095 ASSERT_EQ(HITLS_AUTH_PrivPassTokenCtrl(tokenInstance, HITLS_AUTH_PRIVPASS_GET_TOKEN_AUTHENTICATOR, param, 0),
1096 HITLS_AUTH_PRIVPASS_NO_AUTHENTICATOR);
1097
1098 EXIT:
1099 HITLS_AUTH_PrivPassFreeToken(tokenChallReq);
1100 HITLS_AUTH_PrivPassFreeToken(tokenChallenge);
1101 HITLS_AUTH_PrivPassFreeToken(tokenRequest);
1102 HITLS_AUTH_PrivPassFreeToken(tokenResponse);
1103 HITLS_AUTH_PrivPassFreeToken(tokenInstance);
1104 }
1105 /* END_CASE */
1106
1107 /**
1108 * @test SDV_AUTH_PRIVPASS_CTX_DATA_OBTAIN_TC001
1109 * @spec Private Pass ctx data obtain
1110 * @title Test obtaining and validating ctx data obtain
1111 */
1112 /* BEGIN_CASE */
SDV_AUTH_PRIVPASS_CTX_DATA_OBTAIN_TC001(Hex * pki,Hex * nonce)1113 void SDV_AUTH_PRIVPASS_CTX_DATA_OBTAIN_TC001(Hex *pki, Hex *nonce)
1114 {
1115 uint8_t nonceBuffer[MAX_LEN];
1116 uint32_t nonceBufferLen = MAX_LEN;
1117 uint8_t truncatedTokenKeyId;
1118 uint8_t tokenKeyIdBuffer[MAX_LEN];
1119 uint32_t tokenKeyIdBufferLen = MAX_LEN;
1120 uint8_t hashBuffer[PRIVPASS_TOKEN_SHA256_SIZE];
1121 uint32_t hashBufferLen = PRIVPASS_TOKEN_SHA256_SIZE;
1122 HITLS_AUTH_PrivPassCtx *ctx = NULL;
1123 BSL_Param param[4] = {
1124 {AUTH_PARAM_PRIVPASS_CTX_NONCE, BSL_PARAM_TYPE_OCTETS_PTR, nonceBuffer, nonceBufferLen, 0},
1125 {AUTH_PARAM_PRIVPASS_CTX_TOKENKEYID, BSL_PARAM_TYPE_OCTETS_PTR, tokenKeyIdBuffer, tokenKeyIdBufferLen, 0},
1126 {AUTH_PARAM_PRIVPASS_CTX_TRUNCATEDTOKENKEYID, BSL_PARAM_TYPE_UINT8, &truncatedTokenKeyId, 1, 0},
1127 BSL_PARAM_END
1128 };
1129 ctx = HITLS_AUTH_PrivPassNewCtx(HITLS_AUTH_PRIVPASS_PUB_VERIFY_TOKENS);
1130 ASSERT_NE(ctx, NULL);
1131
1132 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(NULL, HITLS_AUTH_PRIVPASS_GET_CTX_TOKENKEYID, param, 0),
1133 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1134 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(ctx, HITLS_AUTH_PRIVPASS_GET_CTX_TOKENKEYID, NULL, 0),
1135 HITLS_AUTH_PRIVPASS_INVALID_INPUT);
1136 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(ctx, HITLS_AUTH_PRIVPASS_GET_CTX_TOKENKEYID, param, 0),
1137 HITLS_AUTH_PRIVPASS_NO_PUBKEY_INFO);
1138 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(ctx, HITLS_AUTH_PRIVPASS_GET_CTX_TRUNCATEDTOKENKEYID, param, 0),
1139 HITLS_AUTH_PRIVPASS_NO_PUBKEY_INFO);
1140
1141 ASSERT_EQ(HITLS_AUTH_PrivPassSetPubkey(ctx, pki->x, pki->len), HITLS_AUTH_SUCCESS);
1142 (void)memcpy_s(ctx->nonce, nonce->len, nonce->x, nonce->len);
1143 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(ctx, HITLS_AUTH_PRIVPASS_GET_CTX_NONCE, param, 0), HITLS_AUTH_SUCCESS);
1144 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(ctx, HITLS_AUTH_PRIVPASS_GET_CTX_TOKENKEYID, param, 0), HITLS_AUTH_SUCCESS);
1145 ASSERT_EQ(HITLS_AUTH_PrivPassCtxCtrl(ctx, HITLS_AUTH_PRIVPASS_GET_CTX_TRUNCATEDTOKENKEYID, param, 0),
1146 HITLS_AUTH_SUCCESS);
1147 ASSERT_COMPARE("compare ctx nonce", nonceBuffer, param[0].useLen, nonce->x, nonce->len);
1148 ASSERT_EQ(EAL_Md(CRYPT_MD_SHA256, pki->x, pki->len, hashBuffer, &hashBufferLen), HITLS_AUTH_SUCCESS);
1149 ASSERT_COMPARE("compare token key id", hashBuffer, hashBufferLen, tokenKeyIdBuffer, param[1].useLen);
1150 ASSERT_EQ(truncatedTokenKeyId, hashBuffer[PRIVPASS_TOKEN_SHA256_SIZE - 1]);
1151
1152 EXIT:
1153 HITLS_AUTH_PrivPassFreeCtx(ctx);
1154 }
1155 /* END_CASE */