1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_test_aes_c.h"
17
18 #define HKS_AES_256 \
19 { .tag = HKS_TAG_ALGORITHM, \
20 .uint32Param = HKS_ALG_AES }, \
21 { .tag = HKS_TAG_KEY_SIZE, \
22 .uint32Param = TEST_AES_256 }, \
23 { .tag = HKS_TAG_PURPOSE, \
24 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, \
25 { .tag = HKS_TAG_BLOCK_MODE, \
26 .uint32Param = HKS_MODE_GCM }, \
27 { .tag = HKS_TAG_PADDING, \
28 .uint32Param = HKS_PADDING_NONE }, \
29 { .tag = HKS_TAG_KEY_GENERATE_TYPE, \
30 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE }, \
31 { .tag = HKS_TAG_AGREE_PRIVATE_KEY_ALIAS, \
32 .blob = *baseKey },
33
ConstructParamSetEncryptDecryptAesPre(uint32_t mode,uint32_t padding,bool isEncrypt,struct HksParamSet ** paramSet)34 int32_t ConstructParamSetEncryptDecryptAesPre(uint32_t mode, uint32_t padding, bool isEncrypt,
35 struct HksParamSet **paramSet)
36 {
37 int32_t ret = HksInitParamSet(paramSet);
38 if (ret != 0) {
39 HKS_TEST_LOG_E("HksAddParamInit failed!\n");
40 return ret;
41 }
42
43 do {
44 struct HksParam algParam = {0};
45 algParam.tag = HKS_TAG_ALGORITHM;
46 algParam.uint32Param = HKS_ALG_AES;
47 ret = HksAddParams(*paramSet, (const struct HksParam *)&algParam, 1);
48 if (ret != 0) {
49 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
50 break;
51 }
52
53 struct HksParam modeParam = {0};
54 modeParam.tag = HKS_TAG_BLOCK_MODE;
55 modeParam.uint32Param = mode;
56 ret = HksAddParams(*paramSet, (const struct HksParam *)&modeParam, 1);
57 if (ret != 0) {
58 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
59 break;
60 }
61
62 struct HksParam padParam = {0};
63 padParam.tag = HKS_TAG_PADDING;
64 padParam.uint32Param = padding;
65 ret = HksAddParams(*paramSet, (const struct HksParam *)&padParam, 1);
66 if (ret != 0) {
67 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
68 break;
69 }
70
71 struct HksParam purposeParam = {0};
72 purposeParam.tag = HKS_TAG_PURPOSE;
73 if (isEncrypt) {
74 purposeParam.uint32Param = HKS_KEY_PURPOSE_ENCRYPT;
75 } else {
76 purposeParam.uint32Param = HKS_KEY_PURPOSE_DECRYPT;
77 }
78 ret = HksAddParams(*paramSet, (const struct HksParam *)&purposeParam, 1);
79 if (ret != 0) {
80 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
81 break;
82 }
83 } while (0);
84 return ret;
85 }
86
ConstructParamSetEncryptDecryptAesPost(uint32_t mode,struct HksParamSet ** paramSet)87 int32_t ConstructParamSetEncryptDecryptAesPost(uint32_t mode, struct HksParamSet **paramSet)
88 {
89 int32_t ret;
90 do {
91 struct HksParam aadParam = {0};
92 aadParam.tag = HKS_TAG_ASSOCIATED_DATA;
93 aadParam.blob.data = g_aad;
94 aadParam.blob.size = sizeof(g_aad);
95 ret = HksAddParams(*paramSet, (const struct HksParam *)&aadParam, 1);
96 if (ret != 0) {
97 HKS_TEST_LOG_E("HksAddParam aadParam failed!\n");
98 break;
99 }
100
101 if (mode == HKS_MODE_CBC) {
102 struct HksParam ivParam = {0};
103 ivParam.tag = HKS_TAG_IV;
104 ivParam.blob.data = g_iv;
105 ivParam.blob.size = sizeof(g_iv);
106 ret = HksAddParams(*paramSet, (const struct HksParam *)&ivParam, 1);
107 if (ret != 0) {
108 HKS_TEST_LOG_E("HksAddParam ivParam failed!\n");
109 break;
110 }
111 } else {
112 struct HksParam nonceParam = {0};
113 nonceParam.tag = HKS_TAG_NONCE;
114 nonceParam.blob.data = g_nonce;
115 nonceParam.blob.size = sizeof(g_nonce);
116 ret = HksAddParams(*paramSet, (const struct HksParam *)&nonceParam, 1);
117 if (ret != 0) {
118 HKS_TEST_LOG_E("HksAddParam nonceParam failed!\n");
119 break;
120 }
121 }
122
123 ret = HksBuildParamSet(paramSet);
124 if (ret != 0) {
125 HKS_TEST_LOG_E("HksAddParamFinal failed!\n");
126 break;
127 }
128 } while (0);
129
130 return ret;
131 }
132
ConstructParamSetEncryptDecryptAes(uint32_t mode,uint32_t padding,bool isEncrypt,struct HksParamSet ** paramSet)133 int32_t ConstructParamSetEncryptDecryptAes(uint32_t mode, uint32_t padding, bool isEncrypt,
134 struct HksParamSet **paramSet)
135 {
136 int32_t ret = ConstructParamSetEncryptDecryptAesPre(mode, padding, isEncrypt, paramSet);
137 HKS_TEST_ASSERT(ret == 0);
138 ret = ConstructParamSetEncryptDecryptAesPost(mode, paramSet);
139 HKS_TEST_ASSERT(ret == 0);
140 return ret;
141 }
142
143 #define TEST_KEY_AUTH_ID "This is a test auth id for generate ed25519 key, keyauthIdvalid!"
GenerateBaseKey(const struct HksBlob * alias)144 void GenerateBaseKey(const struct HksBlob *alias)
145 {
146 HKS_TEST_LOG_I("Test_Aes_gen_by_derive BASEKEY!\n");
147 struct HksParamSet *paramSet = NULL;
148 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
149
150 struct HksBlob authId = { strlen(TEST_KEY_AUTH_ID), (uint8_t *)TEST_KEY_AUTH_ID };
151
152 struct HksParam tmpParams[] = {
153 { .tag = HKS_TAG_ALGORITHM,
154 .uint32Param = HKS_ALG_ED25519 },
155 { .tag = HKS_TAG_KEY_SIZE,
156 .uint32Param = TEST_AES_256 },
157 { .tag = HKS_TAG_PURPOSE,
158 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
159 { .tag = HKS_TAG_DIGEST,
160 .uint32Param = HKS_DIGEST_SHA512 },
161 { .tag = HKS_TAG_PADDING,
162 .uint32Param = HKS_PADDING_NONE },
163 { .tag = HKS_TAG_KEY_AUTH_ID,
164 .blob = authId },
165 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
166 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE }, /* no use */
167 };
168
169 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
170 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
171 HKS_TEST_ASSERT(HksGenerateKey(alias, paramSet, NULL) == 0);
172
173 HksFreeParamSet(¶mSet);
174 }
175
176 #define TEST_AES_KEY_BASE_NAME_1 "test_aes_key_by_derive_base_name_ed25519_1"
177 #define TEST_AES_KEY_BASE_NAME_2 "test_aes_key_by_derive_base_name_ed25519_2"
178 #define TEST_AES_KEY_BASE_NAME_1_PUBKEY "test_aes_key_by_derive_base_name_ed25519_1_pubkey"
179 #define TEST_AES_KEY_BASE_NAME_2_PUBKEY "test_aes_key_by_derive_base_name_ed25519_2_pubkey"
180
181 #define TEST_AES_KEY_AGREE_NAME1 "test_aes_key_by_agree_name_keyAlias1"
182 #define TEST_AES_KEY_AGREE_NAME2 "test_aes_key_by_agree_name_keyAlias2"
183
PlainPubKey(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)184 void PlainPubKey(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
185 struct HksParamSet *paramSet)
186 {
187 struct HksParam tmpParams[] = {
188 HKS_AES_256
189 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
190 .blob = *peerPubKey },
191 { .tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
192 .boolParam = false },
193 { .tag = HKS_TAG_AGREE_ALG,
194 .uint32Param = HKS_ALG_ED25519 },
195 };
196
197 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
198 }
199
SetKeyAliasTrue(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)200 void SetKeyAliasTrue(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
201 struct HksParamSet *paramSet)
202 {
203 struct HksParam tmpParams[] = {
204 HKS_AES_256
205 { .tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
206 .boolParam = true },
207 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
208 .blob = *peerPubKey },
209 { .tag = HKS_TAG_AGREE_ALG,
210 .uint32Param = HKS_ALG_ED25519 },
211 };
212
213 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
214 }
215
SetKeyAliasWrong(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)216 void SetKeyAliasWrong(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
217 struct HksParamSet *paramSet)
218 {
219 struct HksParam tmpParams[] = {
220 HKS_AES_256
221 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
222 .blob = *peerPubKey },
223 { .tag = HKS_TAG_AGREE_ALG,
224 .uint32Param = HKS_ALG_ED25519 },
225 };
226
227 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
228 }
229
GenerateAesAgreeKey(const struct HksBlob * alias,const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,bool isPlainPubKey,bool isSetKeyAliasTrue)230 void GenerateAesAgreeKey(const struct HksBlob *alias, const struct HksBlob *baseKey,
231 const struct HksBlob *peerPubKey, bool isPlainPubKey, bool isSetKeyAliasTrue)
232 {
233 HKS_TEST_LOG_I("Test_Aes_gen_by_agree key!\n");
234 struct HksParamSet *paramSet = NULL;
235 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
236
237 if (isPlainPubKey) {
238 PlainPubKey(baseKey, peerPubKey, paramSet);
239 } else {
240 if (isSetKeyAliasTrue) {
241 SetKeyAliasTrue(baseKey, peerPubKey, paramSet);
242 } else {
243 SetKeyAliasWrong(baseKey, peerPubKey, paramSet);
244 }
245 }
246 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
247 HKS_TEST_ASSERT(HksGenerateKey(alias, paramSet, NULL) == 0);
248
249 HksFreeParamSet(¶mSet);
250 }
251
ExportPubKey(const struct HksBlob * alias,struct HksBlob * pubKey)252 void ExportPubKey(const struct HksBlob *alias, struct HksBlob *pubKey)
253 {
254 HKS_TEST_ASSERT(HksExportPublicKey(alias, NULL, pubKey) == 0);
255 }
256
ImportPubKey(const struct HksBlob * alias,const struct HksBlob * pubKey)257 void ImportPubKey(const struct HksBlob *alias, const struct HksBlob *pubKey)
258 {
259 HKS_TEST_LOG_I("Test_Import pubKey!\n");
260 struct HksParamSet *paramSet = NULL;
261 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
262
263 struct HksBlob authId = { strlen(TEST_KEY_AUTH_ID), (uint8_t *)TEST_KEY_AUTH_ID };
264
265 struct HksParam tmpParams[] = {
266 { .tag = HKS_TAG_ALGORITHM,
267 .uint32Param = HKS_ALG_ED25519 },
268 { .tag = HKS_TAG_KEY_SIZE,
269 .uint32Param = TEST_AES_256 },
270 { .tag = HKS_TAG_PURPOSE,
271 .uint32Param = HKS_KEY_PURPOSE_VERIFY },
272 { .tag = HKS_TAG_DIGEST,
273 .uint32Param = HKS_DIGEST_SHA512 },
274 { .tag = HKS_TAG_PADDING,
275 .uint32Param = HKS_PADDING_NONE },
276 { .tag = HKS_TAG_KEY_AUTH_ID,
277 .blob = authId },
278 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
279 .uint32Param = HKS_KEY_GENERATE_TYPE_DEFAULT }, /* no use */
280 };
281
282 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
283 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
284 HKS_TEST_ASSERT(HksImportKey(alias, paramSet, pubKey) == 0);
285
286 HksFreeParamSet(¶mSet);
287 }
288
289 #define TEST_AES_KEY_BASE_NAME "test_aes_key_by_derive_base_name_ed25519"
290 #define TEST_AES_KEY_DERIVE_NAME1 "test_aes_key_by_derive_name_keyAlias1"
291 #define TEST_AES_KEY_DERIVE_NAME2 "test_aes_key_by_derive_name_keyAlias2"
TestAes256ByAgree()292 int32_t TestAes256ByAgree()
293 {
294 /* generate ed25519 key */
295 struct HksBlob baseKeyAlias1 = { strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
296 GenerateBaseKey(&baseKeyAlias1);
297
298 struct HksBlob baseKeyAlias2 = { strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
299 GenerateBaseKey(&baseKeyAlias2);
300
301 uint8_t pubKey1[TEST_AES_128] = {0};
302 uint8_t pubKey2[TEST_AES_128] = {0};
303 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
304 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
305 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
306 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
307
308 struct HksBlob pubKeyAlias2 = {
309 strlen(TEST_AES_KEY_BASE_NAME_2_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_2_PUBKEY
310 };
311 struct HksBlob pubKeyAlias1 = {
312 strlen(TEST_AES_KEY_BASE_NAME_1_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_1_PUBKEY
313 };
314 ImportPubKey(&pubKeyAlias1, &pubKeyBlob1);
315 ImportPubKey(&pubKeyAlias2, &pubKeyBlob2);
316
317 /* generate aes key 1 */
318 struct HksBlob aesKeyAlias1 = { strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
319 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyAlias2, false, false);
320
321 /* generate aes key 2 */
322 struct HksBlob aesKeyAlias2 = { strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
323 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyAlias1, false, false);
324
325 /* encrypt by aes key 1 */
326 struct HksParamSet *paramSetTest = NULL;
327 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSetTest);
328 HKS_TEST_ASSERT(ret == 0);
329 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
330 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
331 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
332 HKS_TEST_ASSERT(HksEncrypt(&aesKeyAlias1, paramSetTest, &plainText1, &cipherText1) == 0);
333 g_bufferSize = cipherText1.size;
334
335 HksFreeParamSet(¶mSetTest);
336
337 /* decrypt by aes key 2 */
338 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSetTest);
339 HKS_TEST_ASSERT(ret == 0);
340 struct HksBlob cipherText = { g_bufferSize, g_buffer };
341 uint8_t tmp[TEST_AES_256] = {0};
342 struct HksBlob plainText = { TEST_AES_256, tmp };
343 ret = HksDecrypt(&aesKeyAlias2, paramSetTest, &cipherText, &plainText);
344 HKS_TEST_ASSERT(ret == 0);
345 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
346 HksFreeParamSet(¶mSetTest);
347
348 HksDeleteKey(&baseKeyAlias1, NULL);
349 HksDeleteKey(&baseKeyAlias2, NULL);
350 HksDeleteKey(&pubKeyAlias1, NULL);
351 HksDeleteKey(&pubKeyAlias2, NULL);
352 HksDeleteKey(&aesKeyAlias1, NULL);
353 HksDeleteKey(&aesKeyAlias2, NULL);
354 HKS_TEST_LOG_I("end");
355 return ret;
356 }
357
TestAes256ByAgree1()358 int32_t TestAes256ByAgree1()
359 {
360 /* generate ed25519 key */
361 struct HksBlob baseKeyAlias1 = { strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
362 GenerateBaseKey(&baseKeyAlias1);
363
364 struct HksBlob baseKeyAlias2 = { strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
365 GenerateBaseKey(&baseKeyAlias2);
366
367 uint8_t pubKey1[TEST_AES_128] = {0};
368 uint8_t pubKey2[TEST_AES_128] = {0};
369 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
370 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
371 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
372 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
373
374 struct HksBlob pubKeyAlias1 = {
375 strlen(TEST_AES_KEY_BASE_NAME_1_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_1_PUBKEY
376 };
377 struct HksBlob pubKeyAlias2 = {
378 strlen(TEST_AES_KEY_BASE_NAME_2_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_2_PUBKEY
379 };
380 ImportPubKey(&pubKeyAlias1, &pubKeyBlob1);
381 ImportPubKey(&pubKeyAlias2, &pubKeyBlob2);
382
383 /* generate aes key 1 */
384 struct HksBlob aesKeyAlias1 = { strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
385 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyAlias2, false, true);
386
387 /* generate aes key 2 */
388 struct HksBlob aesKeyAlias2 = { strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
389 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyAlias1, false, true);
390
391 /* encrypt by aes key 1 */
392 struct HksParamSet *paramSetTest01 = NULL;
393 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSetTest01);
394 HKS_TEST_ASSERT(ret == 0);
395 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
396 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
397 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
398 HKS_TEST_ASSERT(HksEncrypt(&aesKeyAlias1, paramSetTest01, &plainText1, &cipherText1) == 0);
399 g_bufferSize = cipherText1.size;
400
401 HksFreeParamSet(¶mSetTest01);
402
403 /* decrypt by aes key 2 */
404 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSetTest01);
405 HKS_TEST_ASSERT(ret == 0);
406 struct HksBlob cipherText = { g_bufferSize, g_buffer };
407 uint8_t tmp[TEST_AES_256] = {0};
408 struct HksBlob plainText = { TEST_AES_256, tmp };
409 ret = HksDecrypt(&aesKeyAlias2, paramSetTest01, &cipherText, &plainText);
410 HKS_TEST_ASSERT(ret == 0);
411 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
412 HksFreeParamSet(¶mSetTest01);
413
414 HksDeleteKey(&baseKeyAlias1, NULL);
415 HksDeleteKey(&baseKeyAlias2, NULL);
416 HksDeleteKey(&pubKeyAlias1, NULL);
417 HksDeleteKey(&pubKeyAlias2, NULL);
418 HksDeleteKey(&aesKeyAlias1, NULL);
419 HksDeleteKey(&aesKeyAlias2, NULL);
420 HKS_TEST_LOG_I("end");
421 return ret;
422 }
423
TestAes256ByAgree2()424 int32_t TestAes256ByAgree2()
425 {
426 HKS_TEST_LOG_I("enter");
427 /* generate ed25519 key */
428 struct HksBlob baseKeyAlias1 = { strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
429 GenerateBaseKey(&baseKeyAlias1);
430
431 struct HksBlob baseKeyAlias2 = { strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
432 GenerateBaseKey(&baseKeyAlias2);
433
434 uint8_t pubKey1[TEST_AES_128] = {0};
435 uint8_t pubKey2[TEST_AES_128] = {0};
436 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
437 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
438 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
439 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
440
441 /* generate aes key 1 */
442 struct HksBlob aesKeyAlias1 = { strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
443 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyBlob2, true, false);
444
445 /* generate aes key 2 */
446 struct HksBlob aesKeyAlias2 = { strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
447 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyBlob1, true, false);
448
449 /* encrypt by aes key 1 */
450 struct HksParamSet *paramSet = NULL;
451 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSet);
452 HKS_TEST_ASSERT(ret == 0);
453 struct HksBlob plainText1 = { strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
454 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
455 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
456 HKS_TEST_ASSERT(HksEncrypt(&aesKeyAlias1, paramSet, &plainText1, &cipherText1) == 0);
457 g_bufferSize = cipherText1.size;
458
459 HksFreeParamSet(¶mSet);
460
461 /* decrypt by aes key 2 */
462 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSet);
463 HKS_TEST_ASSERT(ret == 0);
464 struct HksBlob cipherText = { g_bufferSize, g_buffer };
465 uint8_t tmp[TEST_AES_256] = {0};
466 struct HksBlob plainText = { TEST_AES_256, tmp };
467 ret = HksDecrypt(&aesKeyAlias2, paramSet, &cipherText, &plainText);
468 HKS_TEST_ASSERT(ret == 0);
469 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
470 HksFreeParamSet(¶mSet);
471
472 HksDeleteKey(&baseKeyAlias1, NULL);
473 HksDeleteKey(&baseKeyAlias2, NULL);
474 HksDeleteKey(&aesKeyAlias1, NULL);
475 HksDeleteKey(&aesKeyAlias2, NULL);
476 HKS_TEST_LOG_I("end");
477 return ret;
478 }
479