1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #ifdef L2_STANDARD
19 #include "file_ex.h"
20 #endif
21 #include "hks_import_wrapped_test_common.h"
22 #include "hks_three_stage_test_common.h"
23 #include "hks_access_control_test_common.h"
24 #include "hks_mem.h"
25 #include "hks_test_log.h"
26 #include "hks_type.h"
27 #include "hks_api.h"
28 #include "hks_access_control_secure_sign_test.h"
29 #include "hks_test_adapt_for_de.h"
30
31 using namespace testing::ext;
32 using namespace Unittest::HksAccessControlPartTest;
33 namespace Unittest::AccessControlSecureSignTest {
34 class HksAccessControlSecureSignTest : public testing::Test {
35 public:
36 static void SetUpTestCase(void);
37
38 static void TearDownTestCase(void);
39
40 void SetUp();
41
42 void TearDown();
43 };
44
SetUpTestCase(void)45 void HksAccessControlSecureSignTest::SetUpTestCase(void)
46 {
47 }
48
TearDownTestCase(void)49 void HksAccessControlSecureSignTest::TearDownTestCase(void)
50 {
51 }
52
SetUp()53 void HksAccessControlSecureSignTest::SetUp()
54 {
55 EXPECT_EQ(HksInitialize(), 0);
56 }
57
TearDown()58 void HksAccessControlSecureSignTest::TearDown()
59 {
60 }
61
62 static const std::string g_inData = "Hks_SM4_Cipher_Test_000000000000000000000000000000000000000000000000000000000000"
63 "00000000000000000000000000000000000000000000000000000000000000000000000000000000"
64 "0000000000000000000000000000000000000000000000000000000000000000000000000_string";
65
66 static const std::string g_inDataLess64 = "Hks_SM4_Cipher_Test_000000000000000000000000000000000000";
67
68 static const uint32_t g_authHeadSize = 24;
69
70 static const uint32_t g_secureUid = 1;
71
72 static const uint32_t g_enrolledIdPin = 1;
73
74 static const uint32_t g_enrolledIdFinger = 2;
75
76 static const uint32_t g_credentialId = 0;
77
78 static const uint32_t g_time = 0;
79
80 static struct HksBlob g_genKeyAlias = {
81 .size = strlen("TestGenKeyForSignWithInfo"),
82 .data = (uint8_t *)"TestGenKeyForSignWithInfo"
83 };
84
85 static struct HksBlob g_importKeyAlias = {
86 .size = strlen("TestImportKeyForSignWithInfo"),
87 .data = (uint8_t *)"TestImportKeyForSignWithInfo"
88 };
89
90 static struct HksBlob g_importKeyNoAuthAlias = {
91 .size = strlen("TestImportKeyNoSignWithInfo"),
92 .data = (uint8_t *)"TestImportKeyNoSignWithInfo"
93 };
94
95 static const uint32_t g_outDataSize = 2048;
96
97 static uint8_t g_outBuffer[g_outDataSize] = {0};
98
99 static struct HksBlob g_outDataBlob = {
100 .size = g_outDataSize,
101 .data = g_outBuffer
102 };
103
104 static struct HksBlob g_inDataBlob = { g_inData.length(), (uint8_t *)g_inData.c_str() };
105
106 static struct HksBlob g_inDataBlobTwoStage = { g_inDataLess64.length(), (uint8_t *)g_inDataLess64.c_str() };
107
108 struct HksTestSecureSignGenParams {
109 struct HksBlob *keyAlias;
110 struct HksParam *inputParams;
111 uint32_t inputParamSize;
112 int32_t expectResult;
113 };
114
115 struct HksTestSecureSignImportParams {
116 struct HksBlob *keyAlias;
117 struct HksParam *inputParams;
118 struct HksBlob importKey;
119 uint32_t inputParamSize;
120 int32_t expectResult;
121 };
122
123 struct HksTestSecureSignVerifyUpdateFinishParams {
124 struct HksBlob *keyAlias;
125 struct HksBlob *keyAliasNoAuth;
126 struct HksParam *updateParams;
127 struct HksBlob *outBuffer;
128 struct HksBlob *signature;
129 struct HksBlob *inData;
130 uint32_t inputParamSize;
131 int32_t expectResult;
132 bool isThreeStageUse;
133 };
134
135 static struct HksParam g_genRsaWithSignAuthParams[] = {
136 {
137 .tag = HKS_TAG_ALGORITHM,
138 .uint32Param = HKS_ALG_RSA
139 }, {
140 .tag = HKS_TAG_PURPOSE,
141 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
142 }, {
143 .tag = HKS_TAG_KEY_SIZE,
144 .uint32Param = HKS_RSA_KEY_SIZE_4096
145 }, {
146 .tag = HKS_TAG_PADDING,
147 .uint32Param = HKS_PADDING_PSS
148 }, {
149 .tag = HKS_TAG_DIGEST,
150 .uint32Param = HKS_DIGEST_SHA512
151 }, {
152 .tag = HKS_TAG_USER_AUTH_TYPE,
153 .uint32Param = HKS_USER_AUTH_TYPE_PIN
154 }, {
155 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
156 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
157 }, {
158 .tag = HKS_TAG_CHALLENGE_TYPE,
159 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
160 }, {
161 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
162 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
163 }
164 };
165
166 static struct HksParam g_genEd25519WithSignAuthParams[] = {
167 {
168 .tag = HKS_TAG_ALGORITHM,
169 .uint32Param = HKS_ALG_ED25519
170 }, {
171 .tag = HKS_TAG_PURPOSE,
172 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
173 }, {
174 .tag = HKS_TAG_KEY_SIZE,
175 .uint32Param = HKS_CURVE25519_KEY_SIZE_256
176 }, {
177 .tag = HKS_TAG_DIGEST,
178 .uint32Param = HKS_DIGEST_SHA1
179 }, {
180 .tag = HKS_TAG_USER_AUTH_TYPE,
181 .uint32Param = HKS_USER_AUTH_TYPE_FACE
182 }, {
183 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
184 .uint32Param = HKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL
185 }, {
186 .tag = HKS_TAG_CHALLENGE_TYPE,
187 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
188 }, {
189 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
190 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
191 }
192 };
193
194 #ifdef _USE_OPENSSL_
195 // mbedtls engine don't support DSA alg
196 static struct HksParam g_genDsaWithSignAuthParams[] = {
197 {
198 .tag = HKS_TAG_ALGORITHM,
199 .uint32Param = HKS_ALG_DSA
200 }, {
201 .tag = HKS_TAG_PURPOSE,
202 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
203 }, {
204 .tag = HKS_TAG_KEY_SIZE,
205 .uint32Param = 1024
206 }, {
207 .tag = HKS_TAG_DIGEST,
208 .uint32Param = HKS_DIGEST_SHA1
209 }, {
210 .tag = HKS_TAG_USER_AUTH_TYPE,
211 .uint32Param = HKS_USER_AUTH_TYPE_PIN
212 }, {
213 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
214 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
215 }, {
216 .tag = HKS_TAG_CHALLENGE_TYPE,
217 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
218 }, {
219 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
220 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
221 }
222 };
223 #endif
224
225 static struct HksTestSecureSignGenParams g_testRsaGenParams = {
226 .keyAlias = &g_genKeyAlias,
227 .inputParams = g_genRsaWithSignAuthParams,
228 .inputParamSize = HKS_ARRAY_SIZE(g_genRsaWithSignAuthParams),
229 .expectResult = HKS_SUCCESS
230 };
231
232 static struct HksTestSecureSignGenParams g_testEd25519GenParams = {
233 .keyAlias = &g_genKeyAlias,
234 .inputParams = g_genEd25519WithSignAuthParams,
235 .inputParamSize = HKS_ARRAY_SIZE(g_genEd25519WithSignAuthParams),
236 .expectResult = HKS_SUCCESS
237 };
238
239 #ifdef _USE_OPENSSL_
240 static struct HksTestSecureSignGenParams g_testDsaGenParams = {
241 .keyAlias = &g_genKeyAlias,
242 .inputParams = g_genDsaWithSignAuthParams,
243 .inputParamSize = HKS_ARRAY_SIZE(g_genDsaWithSignAuthParams),
244 .expectResult = HKS_SUCCESS
245 };
246 #endif
247
248 static struct HksParam g_importDsaKeyParams[] = {
249 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_DSA },
250 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
251 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
252 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
253 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
254 {
255 .tag = HKS_TAG_USER_AUTH_TYPE,
256 .uint32Param = HKS_USER_AUTH_TYPE_PIN
257 }, {
258 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
259 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
260 }, {
261 .tag = HKS_TAG_CHALLENGE_TYPE,
262 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
263 }, {
264 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
265 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
266 }
267 };
268
269
270 static struct HksParam g_importDsaKeyParamsNoAuthInfo[] = {
271 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_DSA },
272 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
273 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
274 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
275 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
276 };
277
278 static struct HksParam g_importRsaKeyParams[] = {
279 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
280 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
281 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
282 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
283 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
284 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
285 {
286 .tag = HKS_TAG_USER_AUTH_TYPE,
287 .uint32Param = HKS_USER_AUTH_TYPE_PIN
288 }, {
289 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
290 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
291 }, {
292 .tag = HKS_TAG_CHALLENGE_TYPE,
293 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
294 }, {
295 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
296 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
297 }
298 };
299
300 static struct HksParam g_importRsaKeyParamsWithBioAndClearPassword[] = {
301 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
302 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
303 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
304 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
305 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
306 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
307 {
308 .tag = HKS_TAG_USER_AUTH_TYPE,
309 .uint32Param = HKS_USER_AUTH_TYPE_FINGERPRINT
310 }, {
311 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
312 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
313 }, {
314 .tag = HKS_TAG_CHALLENGE_TYPE,
315 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
316 }, {
317 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
318 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
319 }
320 };
321
322 static struct HksParam g_importRsaKeyParamsNoAuth[] = {
323 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
324 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
325 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
326 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
327 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
328 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
329 };
330
331 static struct HksParam g_importKeyEd25519Params[] = {
332 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
333 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
334 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
335 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
336 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
337 {
338 .tag = HKS_TAG_USER_AUTH_TYPE,
339 .uint32Param = HKS_USER_AUTH_TYPE_PIN
340 }, {
341 .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
342 .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
343 }, {
344 .tag = HKS_TAG_CHALLENGE_TYPE,
345 .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
346 }, {
347 .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
348 .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
349 }
350 };
351
352 static struct HksParam g_importKeyEd25519ParamsNoAuth[] = {
353 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
354 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
355 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
356 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
357 { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
358 };
359
360 static struct HksParam g_signParamsTestRsa[] = {
361 {
362 .tag = HKS_TAG_ALGORITHM,
363 .uint32Param = HKS_ALG_RSA
364 }, {
365 .tag = HKS_TAG_PURPOSE,
366 .uint32Param = HKS_KEY_PURPOSE_SIGN
367 }, {
368 .tag = HKS_TAG_KEY_SIZE,
369 .uint32Param = HKS_RSA_KEY_SIZE_2048
370 }, {
371 .tag = HKS_TAG_PADDING,
372 .uint32Param = HKS_PADDING_PSS
373 }, {
374 .tag = HKS_TAG_DIGEST,
375 .uint32Param = HKS_DIGEST_SHA256
376 }
377 };
378
379 static struct HksParam g_verifyParamsTestRsa[] = {
380 {
381 .tag = HKS_TAG_ALGORITHM,
382 .uint32Param = HKS_ALG_RSA
383 }, {
384 .tag = HKS_TAG_PURPOSE,
385 .uint32Param = HKS_KEY_PURPOSE_VERIFY
386 }, {
387 .tag = HKS_TAG_KEY_SIZE,
388 .uint32Param = HKS_RSA_KEY_SIZE_2048
389 }, {
390 .tag = HKS_TAG_PADDING,
391 .uint32Param = HKS_PADDING_PSS
392 }, {
393 .tag = HKS_TAG_DIGEST,
394 .uint32Param = HKS_DIGEST_SHA256
395 }
396 };
397
398 static struct HksParam g_signParamsTestDsa[] = {
399 {
400 .tag = HKS_TAG_ALGORITHM,
401 .uint32Param = HKS_ALG_DSA
402 }, {
403 .tag = HKS_TAG_PURPOSE,
404 .uint32Param = HKS_KEY_PURPOSE_SIGN
405 }, {
406 .tag = HKS_TAG_DIGEST,
407 .uint32Param = HKS_DIGEST_SHA256
408 }
409 };
410
411 static struct HksParam g_verifyParamsTestDsa[] = {
412 {
413 .tag = HKS_TAG_ALGORITHM,
414 .uint32Param = HKS_ALG_DSA
415 }, {
416 .tag = HKS_TAG_PURPOSE,
417 .uint32Param = HKS_KEY_PURPOSE_VERIFY
418 }, {
419 .tag = HKS_TAG_DIGEST,
420 .uint32Param = HKS_DIGEST_SHA256
421 }
422 };
423
424 static struct HksParam g_signParamsTestEd25519[] = {
425 {
426 .tag = HKS_TAG_ALGORITHM,
427 .uint32Param = HKS_ALG_ED25519
428 }, {
429 .tag = HKS_TAG_PURPOSE,
430 .uint32Param = HKS_KEY_PURPOSE_SIGN
431 }, {
432 .tag = HKS_TAG_KEY_SIZE,
433 .uint32Param = HKS_CURVE25519_KEY_SIZE_256
434 }, {
435 .tag = HKS_TAG_DIGEST,
436 .uint32Param = HKS_DIGEST_SHA256
437 }
438 };
439
440 static struct HksParam g_verifyParamsTestEd25519[] = {
441 {
442 .tag = HKS_TAG_ALGORITHM,
443 .uint32Param = HKS_ALG_ED25519
444 }, {
445 .tag = HKS_TAG_PURPOSE,
446 .uint32Param = HKS_KEY_PURPOSE_VERIFY
447 }, {
448 .tag = HKS_TAG_KEY_SIZE,
449 .uint32Param = HKS_CURVE25519_KEY_SIZE_256
450 }, {
451 .tag = HKS_TAG_DIGEST,
452 .uint32Param = HKS_DIGEST_SHA256
453 }
454 };
455
456 static const uint8_t g_eData[] = { 0x01, 0x00, 0x01 };
457
458
459 static const uint8_t g_ed25519PriData[] = {
460 0x61, 0xd3, 0xe7, 0x53, 0x6d, 0x79, 0x5d, 0x71, 0xc2, 0x2a, 0x51, 0x2d, 0x5e, 0xcb, 0x67, 0x3d,
461 0xdd, 0xde, 0xf0, 0xac, 0xdb, 0xba, 0x24, 0xfd, 0xf8, 0x3a, 0x7b, 0x32, 0x6e, 0x05, 0xe6, 0x37,
462 };
463
464 static const uint8_t g_ed25519PubData[] = {
465 0xab, 0xc7, 0x0f, 0x99, 0x4f, 0x6a, 0x08, 0xd0, 0x9c, 0x5d, 0x10, 0x60, 0xf8, 0x93, 0xd2, 0x8e,
466 0xe0, 0x63, 0x0e, 0x70, 0xbf, 0xad, 0x30, 0x41, 0x43, 0x09, 0x27, 0x2d, 0xb3, 0x30, 0x95, 0xa7,
467 };
468
CheckSignWithInfoTag(const struct HksBlob * alias,const struct HksParamSet * paramSet)469 static int32_t CheckSignWithInfoTag(const struct HksBlob *alias, const struct HksParamSet *paramSet)
470 {
471 struct HksParamSet *keyParamSet = NULL;
472 int32_t ret = GenParamSetAuthTest(&keyParamSet, paramSet);
473 EXPECT_EQ(ret, HKS_SUCCESS) << "GenParamSetAuthTest failed.";
474
475 ret = HksGetKeyParamSetForDe(alias, paramSet, keyParamSet);
476 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetKeyParamSet failed.";
477
478 struct HksParam *secureParam = nullptr;
479 ret = HksGetParam(keyParamSet, HKS_TAG_KEY_AUTH_ACCESS_TYPE, &secureParam);
480 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam auth access failed.";
481
482 struct HksParam *userParam = nullptr;
483 ret = HksGetParam(keyParamSet, HKS_TAG_USER_AUTH_TYPE, &userParam);
484 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam user auth failed.";
485
486 struct HksParam *secSignType = nullptr;
487 ret = HksGetParam(keyParamSet, HKS_TAG_KEY_SECURE_SIGN_TYPE, &secSignType);
488 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam secure sign type failed.";
489 EXPECT_EQ(secSignType->uint32Param, HKS_SECURE_SIGN_WITH_AUTHINFO) << "HksGetParam secure sign type failed.";
490
491 HksFreeParamSet(&keyParamSet);
492 return ret;
493 }
494
BuildImportKeyParamsForRsa(struct HksTestSecureSignImportParams * importParams,bool isAuth,bool isClearPasswordInvalid)495 static int32_t BuildImportKeyParamsForRsa(struct HksTestSecureSignImportParams *importParams, bool isAuth,
496 bool isClearPasswordInvalid)
497 {
498 if (isClearPasswordInvalid) {
499 importParams->inputParams = g_importRsaKeyParamsWithBioAndClearPassword;
500 importParams->inputParamSize = sizeof(g_importRsaKeyParamsWithBioAndClearPassword) /
501 sizeof(g_importRsaKeyParamsWithBioAndClearPassword[0]);
502 } else {
503 importParams->inputParams = isAuth ? g_importRsaKeyParams : g_importRsaKeyParamsNoAuth;
504 importParams->inputParamSize = isAuth ? sizeof(g_importRsaKeyParams)/sizeof(g_importRsaKeyParams[0]) :
505 sizeof(g_importRsaKeyParamsNoAuth)/sizeof(g_importRsaKeyParamsNoAuth[0]);
506 }
507
508 importParams->expectResult = HKS_SUCCESS;
509 uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
510 if (keyBuffer == nullptr) {
511 return HKS_ERROR_MALLOC_FAIL;
512 }
513 importParams->importKey.data = keyBuffer;
514 importParams->importKey.size = MAX_KEY_SIZE;
515 struct HksBlob nDataBlob = { sizeof(g_nData2048), (uint8_t *)g_nData2048 };
516 struct HksBlob dData2048 = { sizeof(g_dData2048), (uint8_t *)g_dData2048 };
517 struct HksBlob eData = { sizeof(g_eData), (uint8_t *)g_eData };
518 int32_t ret = Unittest::HksAccessControlPartTest::ConstructRsaKeyPair(&nDataBlob, &dData2048, &eData,
519 HKS_RSA_KEY_SIZE_2048, &importParams->importKey);
520 if (ret != HKS_SUCCESS) {
521 HKS_FREE(keyBuffer);
522 }
523 return ret;
524 }
525
BuildImportKeyParamsForDSA(struct HksTestSecureSignImportParams * importParams,bool isAuth)526 static int32_t BuildImportKeyParamsForDSA(struct HksTestSecureSignImportParams *importParams, bool isAuth)
527 {
528 importParams->inputParams = isAuth ? g_importDsaKeyParams : g_importDsaKeyParamsNoAuthInfo;
529 importParams->inputParamSize = isAuth ? sizeof(g_importDsaKeyParams)/sizeof(g_importDsaKeyParams[0]) :
530 sizeof(g_importDsaKeyParamsNoAuthInfo)/sizeof(g_importDsaKeyParamsNoAuthInfo[0]);
531 importParams->expectResult = HKS_SUCCESS;
532 uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
533 if (keyBuffer == nullptr) {
534 return HKS_ERROR_MALLOC_FAIL;
535 }
536 importParams->importKey.data = keyBuffer;
537 importParams->importKey.size = MAX_KEY_SIZE;
538 struct HksBlob xData = { sizeof(g_xData), (uint8_t *)g_xData };
539 struct HksBlob yData = { sizeof(g_yData), (uint8_t *)g_yData };
540 struct HksBlob pData = { sizeof(g_pData), (uint8_t *)g_pData };
541 struct HksBlob qData = { sizeof(g_qData), (uint8_t *)g_qData };
542 struct HksBlob gData = { sizeof(g_gData), (uint8_t *)g_gData };
543 struct TestDsaKeyParams dsaKeyParams = {
544 .xData = &xData,
545 .yData = &yData,
546 .pData = &pData,
547 .qData = &qData,
548 .gData = &gData
549 };
550 int32_t ret = Unittest::HksAccessControlPartTest::ConstructDsaKeyPair(HKS_RSA_KEY_SIZE_2048, &dsaKeyParams,
551 &importParams->importKey);
552 if (ret != HKS_SUCCESS) {
553 HKS_FREE(keyBuffer);
554 }
555 return HKS_SUCCESS;
556 }
557
BuildImportKeyTestParams(struct HksTestSecureSignImportParams * importParams,uint32_t alg,bool isAuth,bool isClearPasswordInvalid)558 static int32_t BuildImportKeyTestParams(struct HksTestSecureSignImportParams *importParams, uint32_t alg,
559 bool isAuth, bool isClearPasswordInvalid)
560 {
561 importParams->keyAlias = isAuth ? &g_importKeyAlias : &g_importKeyNoAuthAlias;
562 int32_t ret;
563 switch (alg) {
564 case HKS_ALG_RSA: {
565 ret = BuildImportKeyParamsForRsa(importParams, isAuth, isClearPasswordInvalid);
566 return ret;
567 }
568 case HKS_ALG_DSA: {
569 ret = BuildImportKeyParamsForDSA(importParams, isAuth);
570 return ret;
571 }
572 break;
573 case HKS_ALG_ED25519: {
574 importParams->inputParams = isAuth ? g_importKeyEd25519Params : g_importKeyEd25519ParamsNoAuth;
575 importParams->inputParamSize = isAuth ? sizeof(g_importKeyEd25519Params)/sizeof(g_importKeyEd25519Params[0])
576 : sizeof(g_importKeyEd25519ParamsNoAuth) / sizeof(g_importKeyEd25519ParamsNoAuth[0]);
577 importParams->expectResult = HKS_SUCCESS;
578 uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
579 if (keyBuffer == nullptr) {
580 return HKS_ERROR_MALLOC_FAIL;
581 }
582 importParams->importKey.data = keyBuffer;
583 importParams->importKey.size = MAX_KEY_SIZE;
584 struct HksBlob ed25519PubData = { sizeof(g_ed25519PubData), (uint8_t *)g_ed25519PubData };
585 struct HksBlob ed25519PriData = { sizeof(g_ed25519PriData), (uint8_t *)g_ed25519PriData };
586 ret = ConstructEd25519KeyPair(HKS_CURVE25519_KEY_SIZE_256, HKS_ALG_ED25519, &ed25519PubData,
587 &ed25519PriData, &importParams->importKey);
588 if (ret != HKS_SUCCESS) {
589 HKS_FREE(keyBuffer);
590 }
591 return ret;
592 }
593 break;
594 default:
595 break;
596 }
597 return HKS_FAILURE;
598 }
599
BuildUpdateFinishParams(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,uint32_t alg,bool isThreeStage)600 static int32_t BuildUpdateFinishParams(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
601 uint32_t alg, bool isThreeStage)
602 {
603 updateFinishParams->keyAlias = &g_importKeyAlias;
604 updateFinishParams->keyAliasNoAuth = &g_importKeyNoAuthAlias;
605 updateFinishParams->isThreeStageUse = isThreeStage;
606 g_outDataBlob.data = g_outBuffer;
607 g_outDataBlob.size = sizeof(g_outBuffer);
608 updateFinishParams->outBuffer = &g_outDataBlob;
609 updateFinishParams->inData = isThreeStage ? &g_inDataBlob : &g_inDataBlobTwoStage;
610 switch (alg) {
611 case HKS_ALG_RSA: {
612 updateFinishParams->updateParams = g_signParamsTestRsa;
613 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestRsa);
614 updateFinishParams->expectResult = HKS_SUCCESS;
615 return HKS_SUCCESS;
616 }
617 case HKS_ALG_ED25519: {
618 updateFinishParams->updateParams = g_signParamsTestEd25519;
619 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestEd25519);
620 updateFinishParams->expectResult = HKS_SUCCESS;
621 return HKS_SUCCESS;
622 }
623 case HKS_ALG_DSA: {
624 updateFinishParams->updateParams = g_signParamsTestDsa;
625 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestDsa);
626 updateFinishParams->expectResult = HKS_SUCCESS;
627 return HKS_SUCCESS;
628 }
629 default:
630 break;
631 }
632 return HKS_FAILURE;
633 }
634
BuildUpdateFinishVerifyParams(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,uint32_t alg,bool isThreeStage,struct HksBlob * inData,struct HksBlob * signature)635 static int32_t BuildUpdateFinishVerifyParams(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
636 uint32_t alg, bool isThreeStage, struct HksBlob *inData, struct HksBlob *signature)
637 {
638 updateFinishParams->keyAlias = &g_importKeyAlias;
639 updateFinishParams->keyAliasNoAuth = &g_importKeyNoAuthAlias;
640 updateFinishParams->isThreeStageUse = isThreeStage;
641 g_outDataBlob.data = g_outBuffer;
642 g_outDataBlob.size = sizeof(g_outBuffer);
643 updateFinishParams->outBuffer = &g_outDataBlob;
644 updateFinishParams->inData = inData;
645 updateFinishParams->signature = signature;
646 switch (alg) {
647 case HKS_ALG_RSA: {
648 updateFinishParams->updateParams = g_verifyParamsTestRsa;
649 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestRsa);
650 updateFinishParams->expectResult = HKS_SUCCESS;
651 return HKS_SUCCESS;
652 }
653 case HKS_ALG_ED25519: {
654 updateFinishParams->updateParams = g_verifyParamsTestEd25519;
655 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestEd25519);
656 updateFinishParams->expectResult = HKS_SUCCESS;
657 return HKS_SUCCESS;
658 }
659 case HKS_ALG_DSA: {
660 updateFinishParams->updateParams = g_verifyParamsTestDsa;
661 updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestDsa);
662 updateFinishParams->expectResult = HKS_SUCCESS;
663 return HKS_SUCCESS;
664 }
665 default:
666 break;
667 }
668 return HKS_FAILURE;
669 }
670
TestGenerateKeyWithSecureSignTag(struct HksTestSecureSignGenParams * params)671 static void TestGenerateKeyWithSecureSignTag(struct HksTestSecureSignGenParams *params)
672 {
673 struct HksParamSet *genParamSet = NULL;
674 int32_t ret = InitParamSet(&genParamSet, params->inputParams, params->inputParamSize);
675 EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
676
677 /**
678 * @tc.steps:step1. Generate a key with user_auth_type and sign_with_info tag
679 */
680 ret = HksGenerateKeyForDe(params->keyAlias, genParamSet, nullptr);
681 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGenerateKey rsa key failed.";
682
683 /**
684 * @tc.steps:step2. Get key paramSet check if related key tag exist
685 */
686 ret = CheckSignWithInfoTag(params->keyAlias, genParamSet);
687 EXPECT_EQ(ret, HKS_SUCCESS) << "CheckSignWithInfoTag rsa key failed.";
688
689 /**
690 * @tc.steps:step3. Delete key and free paramSet
691 */
692 HksDeleteKeyForDe(params->keyAlias, nullptr);
693 HksFreeParamSet(&genParamSet);
694 }
695
TestImportKeyWithSecureSignTag(struct HksTestSecureSignImportParams * params,bool ifCheckTag)696 int32_t TestImportKeyWithSecureSignTag(struct HksTestSecureSignImportParams *params, bool ifCheckTag)
697 {
698 struct HksParamSet *importParams = nullptr;
699 int32_t ret = InitParamSet(&importParams, params->inputParams, params->inputParamSize);
700 EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
701
702 /**
703 * @tc.steps:step1. Import a key with user_auth_type and sign_with_info tag
704 */
705 ret = HksImportKeyForDe(params->keyAlias, importParams, ¶ms->importKey);
706 EXPECT_EQ(ret, HKS_SUCCESS) << "HksImportKey key failed.";
707
708 if (ifCheckTag) {
709 /**
710 * @tc.steps:step2. Get key paramSet check if related key tag exist
711 */
712 ret = CheckSignWithInfoTag(params->keyAlias, importParams);
713 EXPECT_EQ(ret, HKS_SUCCESS) << "CheckSignWithInfoTag rsa key failed.";
714 }
715
716 /**
717 * @tc.steps:step3. Free paramSet
718 */
719 HksFreeParamSet(&importParams);
720 return ret;
721 }
722
HksTestUpdateFinishSignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,struct HksTestGenAuthTokenParams * genAuthTokenParams)723 int32_t HksTestUpdateFinishSignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
724 struct HksTestGenAuthTokenParams *genAuthTokenParams)
725 {
726 uint8_t tmpHandle[sizeof(uint64_t)] = {0};
727 struct HksBlob handle = { sizeof(uint64_t), tmpHandle };
728 uint8_t tmpChallenge[TOKEN_SIZE] = {0};
729 struct HksBlob challenge = { sizeof(tmpChallenge), tmpChallenge };
730
731 struct HksParamSet *paramSet = nullptr;
732 int32_t ret = InitParamSet(¶mSet, updateFinishParams->updateParams, updateFinishParams->inputParamSize);
733 EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
734 if (ret != HKS_SUCCESS) {
735 return HKS_FAILURE;
736 }
737
738 ret = HksInitForDe(updateFinishParams->keyAlias, paramSet, &handle, &challenge);
739 EXPECT_EQ(ret, HKS_SUCCESS) << "Init failed.";
740 if (ret != HKS_SUCCESS) {
741 HksFreeParamSet(¶mSet);
742 return HKS_FAILURE;
743 }
744
745 genAuthTokenParams->authChallenge = &challenge;
746
747 struct HksParamSet *newParamSet = nullptr;
748 ret = HksBuildAuthTokenSecure(paramSet, genAuthTokenParams, &newParamSet);
749 EXPECT_EQ(ret, HKS_SUCCESS) << "HksBuildAuthTokenSecure failed.";
750 if (ret != HKS_SUCCESS) {
751 HksFreeParamSet(¶mSet);
752 return HKS_FAILURE;
753 }
754
755 struct HksParam *tmpParam = NULL;
756 ret = HksGetParam(newParamSet, HKS_TAG_PURPOSE, &tmpParam);
757 if (ret != HKS_SUCCESS) {
758 HksFreeParamSet(¶mSet);
759 HksFreeParamSet(&newParamSet);
760 HKS_LOG_E("get tag purpose failed.");
761 return HKS_FAILURE;
762 }
763
764 if (updateFinishParams->isThreeStageUse) {
765 ret = TestUpdateFinish(&handle, newParamSet, tmpParam->uint32Param, updateFinishParams->inData,
766 updateFinishParams->outBuffer);
767 } else {
768 ret = HksFinishForDe(&handle, newParamSet, updateFinishParams->inData, updateFinishParams->outBuffer);
769 }
770 EXPECT_EQ(ret, HKS_SUCCESS) << "TestUpdateFinish failed.";
771 if (ret != HKS_SUCCESS) {
772 HksFreeParamSet(¶mSet);
773 HksFreeParamSet(&newParamSet);
774 return HKS_FAILURE;
775 }
776
777 HksFreeParamSet(¶mSet);
778 HksFreeParamSet(&newParamSet);
779 return ret;
780 }
781
VerifyUpdateFinish(struct HksBlob * handle,struct HksParamSet * newParamSet,struct HksParam * purposeParam,struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,bool isSign)782 int32_t VerifyUpdateFinish(struct HksBlob *handle, struct HksParamSet *newParamSet, struct HksParam *purposeParam,
783 struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams, bool isSign)
784 {
785 int32_t ret;
786 if (isSign) {
787 if (updateFinishParams->isThreeStageUse) {
788 ret = TestUpdateFinish(handle, newParamSet, purposeParam->uint32Param, updateFinishParams->inData,
789 updateFinishParams->outBuffer);
790 } else {
791 ret = HksFinishForDe(handle, newParamSet, updateFinishParams->inData, updateFinishParams->outBuffer);
792 }
793 } else {
794 if (updateFinishParams->isThreeStageUse) {
795 ret = TestUpdateFinish(handle, newParamSet, purposeParam->uint32Param, updateFinishParams->inData,
796 updateFinishParams->signature);
797 } else {
798 ret = HksFinishForDe(handle, newParamSet, updateFinishParams->inData, updateFinishParams->signature);
799 }
800 }
801 return ret;
802 }
803
HksTestUpdateFinishVerifySignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,struct HksTestGenAuthTokenParams * genAuthTokenParams,bool isSign)804 int32_t HksTestUpdateFinishVerifySignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
805 struct HksTestGenAuthTokenParams *genAuthTokenParams, bool isSign)
806 {
807 uint8_t tmpHandle[sizeof(uint64_t)] = {0};
808 struct HksBlob handle = { sizeof(uint64_t), tmpHandle };
809 uint8_t tmpChallenge[TOKEN_SIZE] = {0};
810 struct HksBlob challenge = { sizeof(tmpChallenge), tmpChallenge };
811
812 struct HksParamSet *paramSet = nullptr;
813 int32_t ret = InitParamSet(¶mSet, updateFinishParams->updateParams, updateFinishParams->inputParamSize);
814 if (ret != HKS_SUCCESS) {
815 return HKS_FAILURE;
816 }
817
818 ret = HksInitForDe(updateFinishParams->keyAlias, paramSet, &handle, &challenge);
819 if (ret != HKS_SUCCESS) {
820 HksFreeParamSet(¶mSet);
821 return HKS_FAILURE;
822 }
823
824 genAuthTokenParams->authChallenge = &challenge;
825
826 struct HksParamSet *newParamSet = nullptr;
827 ret = HksBuildAuthTokenSecure(paramSet, genAuthTokenParams, &newParamSet);
828 if (ret != HKS_SUCCESS) {
829 HksFreeParamSet(¶mSet);
830 return HKS_FAILURE;
831 }
832
833 struct HksParam *purposeParam = NULL;
834 ret = HksGetParam(newParamSet, HKS_TAG_PURPOSE, &purposeParam);
835 if (ret != HKS_SUCCESS) {
836 HksFreeParamSet(¶mSet);
837 HksFreeParamSet(&newParamSet);
838 HKS_LOG_E("get tag purpose failed.");
839 return HKS_FAILURE;
840 }
841
842 ret = VerifyUpdateFinish(&handle, newParamSet, purposeParam, updateFinishParams, isSign);
843
844 EXPECT_EQ(ret, HKS_SUCCESS) << "TestUpdateFinish failed.";
845
846 if (ret != HKS_SUCCESS) {
847 HksFreeParamSet(¶mSet);
848 HksFreeParamSet(&newParamSet);
849 return HKS_FAILURE;
850 }
851
852 return ret;
853 }
854
855 static const uint32_t g_fingerPrintInUserIam = 4;
856 static const uint32_t g_pinInUserIam = 1;
857
BuildAuthTokenParams(struct HksTestGenAuthTokenParams * authTokenParams,bool isClearPasswordInvalid)858 static void BuildAuthTokenParams(struct HksTestGenAuthTokenParams *authTokenParams, bool isClearPasswordInvalid)
859 {
860 if (isClearPasswordInvalid) {
861 authTokenParams->secureUid = g_secureUid;
862 authTokenParams->enrolledId = g_enrolledIdFinger;
863 authTokenParams->credentialId = g_credentialId;
864 authTokenParams->time = g_time;
865 authTokenParams->authType = g_fingerPrintInUserIam;
866 return;
867 }
868 authTokenParams->secureUid = g_secureUid;
869 authTokenParams->enrolledId = g_enrolledIdPin;
870 authTokenParams->credentialId = g_credentialId;
871 authTokenParams->time = g_time;
872 authTokenParams->authType = g_pinInUserIam;
873 }
874
BuildSigAndIndataBlob(struct HksBlob * sigBlob,struct HksBlob * inDataBlob,struct HksTestSecureSignVerifyUpdateFinishParams * secureSignUpdateFinish)875 static int32_t BuildSigAndIndataBlob(struct HksBlob *sigBlob, struct HksBlob *inDataBlob,
876 struct HksTestSecureSignVerifyUpdateFinishParams *secureSignUpdateFinish)
877 {
878 int32_t ret = memcpy_s(sigBlob->data, sigBlob->size,
879 secureSignUpdateFinish->outBuffer->data + g_authHeadSize,
880 secureSignUpdateFinish->outBuffer->size - g_authHeadSize);
881 if (ret != EOK) {
882 return ret;
883 }
884 ret = memcpy_s(inDataBlob->data, inDataBlob->size,
885 secureSignUpdateFinish->outBuffer->data, g_authHeadSize);
886 if (ret != EOK) {
887 return ret;
888 }
889 ret = memcpy_s(inDataBlob->data + g_authHeadSize, inDataBlob->size - g_authHeadSize,
890 secureSignUpdateFinish->inData->data, secureSignUpdateFinish->inData->size);
891 return ret;
892 }
893
TestImportKeyWithSignTagAndTestUseKeyCommonCase(uint32_t alg,bool isThreeStage,bool isClearPasswordInvalid)894 static void TestImportKeyWithSignTagAndTestUseKeyCommonCase(uint32_t alg, bool isThreeStage,
895 bool isClearPasswordInvalid)
896 {
897 /**
898 * @tc.steps:step1. import a key with user_auth_type and sign_with_info tag
899 */
900 struct HksTestSecureSignImportParams importParams;
901 (void)memset_s((uint8_t *)&importParams, sizeof(struct HksTestSecureSignImportParams), 0,
902 sizeof(struct HksTestSecureSignImportParams));
903 int32_t ret = BuildImportKeyTestParams(&importParams, alg, true, isClearPasswordInvalid);
904 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildImportKeyTestParams failed.";
905 if (ret != HKS_SUCCESS) {
906 return;
907 }
908
909 ret = TestImportKeyWithSecureSignTag(&importParams, true);
910 EXPECT_EQ(ret, HKS_SUCCESS) << "TestImportKeyWithSecureSignTag failed.";
911 if (ret != HKS_SUCCESS) {
912 return;
913 }
914
915 /**
916 * @tc.steps:step2. Import a key without user_auth_type and sign_with_info tag
917 */
918 struct HksTestSecureSignImportParams importParamsWithoutSignAuth;
919 (void)memset_s((uint8_t *)&importParamsWithoutSignAuth, sizeof(struct HksTestSecureSignImportParams), 0,
920 sizeof(struct HksTestSecureSignImportParams));
921 ret = BuildImportKeyTestParams(&importParamsWithoutSignAuth, alg, false, isClearPasswordInvalid);
922 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildImportKeyTestParams without sign auth failed.";
923 if (ret != HKS_SUCCESS) {
924 return;
925 }
926
927 /**
928 * @tc.steps:step3. use the key to sign:init update finish. check the sign data whether equals the expected data
929 */
930 ret = TestImportKeyWithSecureSignTag(&importParamsWithoutSignAuth, false);
931 EXPECT_EQ(ret, HKS_SUCCESS) << "TestImportKeyWithSecureSignTag2 failed.";
932 struct HksTestSecureSignVerifyUpdateFinishParams secureSignUpdateFinish;
933 ret = BuildUpdateFinishParams(&secureSignUpdateFinish, alg, isThreeStage);
934 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildUpdateFinishParams failed.";
935
936 struct HksTestGenAuthTokenParams genAuthTokenParams = { 0 };
937 BuildAuthTokenParams(&genAuthTokenParams, isClearPasswordInvalid);
938
939 ret = HksTestUpdateFinishVerifySignAuthInfo(&secureSignUpdateFinish, &genAuthTokenParams, true);
940 EXPECT_EQ(ret, secureSignUpdateFinish.expectResult) << "HksTestUpdateFinishSignAuthInfo failed.";
941
942 uint8_t sigature[secureSignUpdateFinish.outBuffer->size - g_authHeadSize];
943 struct HksBlob sigBlob = {secureSignUpdateFinish.outBuffer->size - g_authHeadSize, sigature};
944 uint8_t inData[secureSignUpdateFinish.inData->size + g_authHeadSize];
945 struct HksBlob inDataBlob = {secureSignUpdateFinish.inData->size + g_authHeadSize, inData};
946 ret = BuildSigAndIndataBlob(&sigBlob, &inDataBlob, &secureSignUpdateFinish);
947 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildSigAndIndataBlob failed.";
948
949 struct HksTestSecureSignVerifyUpdateFinishParams secureSignUpdateFinishVerify;
950 ret = BuildUpdateFinishVerifyParams(&secureSignUpdateFinishVerify, alg, true, &inDataBlob, &sigBlob);
951 EXPECT_EQ(ret, HKS_SUCCESS) << "BuildUpdateFinishVerifyParams failed.";
952 ret = HksTestUpdateFinishVerifySignAuthInfo(&secureSignUpdateFinishVerify, &genAuthTokenParams, false);
953
954 HKS_FREE_BLOB(importParams.importKey);
955 HKS_FREE_BLOB(importParamsWithoutSignAuth.importKey);
956 HksDeleteKeyForDe(secureSignUpdateFinish.keyAlias, nullptr);
957 HksDeleteKeyForDe(secureSignUpdateFinish.keyAliasNoAuth, nullptr);
958 }
959
960 /**
961 * @tc.name: HksAccessControlSecureSignTest001
962 * @tc.desc: normal case to test generate a rsa key with sign_with_info tag and check paramSet
963 * has the tag
964 * @tc.type: FUNC
965 * @tc.require: issueI5NY0M
966 */
967 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest001, TestSize.Level0)
968 {
969 HKS_LOG_E("enter HksAccessControlSecureSignTest001");
970 TestGenerateKeyWithSecureSignTag(&g_testRsaGenParams);
971 }
972
973 /**
974 * @tc.name: HksAccessControlSecureSignTest002
975 * @tc.desc: normal case to test generate a ed25519 key with sign_with_info tag and check paramSet
976 * has the tag
977 * @tc.type: FUNC
978 * @tc.require: issueI5NY0M
979 */
980 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest002, TestSize.Level0)
981 {
982 HKS_LOG_E("enter HksAccessControlSecureSignTest002");
983 TestGenerateKeyWithSecureSignTag(&g_testEd25519GenParams);
984 }
985
986 /**
987 * @tc.name: HksAccessControlSecureSignTest003
988 * @tc.desc: normal case to test generate a dsa key with sign_with_info tag and check paramSet
989 * has the tag
990 * @tc.type: FUNC
991 * @tc.require: issueI5NY0M
992 */
993 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest003, TestSize.Level0)
994 {
995 #ifdef _USE_OPENSSL_
996 HKS_LOG_E("enter HksAccessControlSecureSignTest003");
997 TestGenerateKeyWithSecureSignTag(&g_testDsaGenParams);
998 #endif
999 }
1000
1001 /**
1002 * @tc.name: HksAccessControlSecureSignTest004
1003 * @tc.desc: normal case to test import a rsa key with user auth type and use the key
1004 * to sign data, check the signature whether equals the expected
1005 * @tc.type: FUNC
1006 * @tc.require: issueI5NY0M
1007 */
1008 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest004, TestSize.Level0)
1009 {
1010 HKS_LOG_E("enter HksAccessControlSecureSignTest004");
1011 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, true, false);
1012 }
1013
1014 /**
1015 * @tc.name: HksAccessControlSecureSignTest005
1016 * @tc.desc: normal case to test import a dsa key with user auth type and use the key
1017 * to sign data, check the signature whether equals the expected
1018 * @tc.type: FUNC
1019 * @tc.require: issueI5NY0M
1020 */
1021 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest005, TestSize.Level0)
1022 {
1023 #ifdef _USE_OPENSSL_
1024 HKS_LOG_E("enter HksAccessControlSecureSignTest005");
1025 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_DSA, true, false);
1026 #endif
1027 }
1028
1029 /**
1030 * @tc.name: HksAccessControlSecureSignTest006
1031 * @tc.desc: normal case to test import a rsa key with user auth type and use the key:init&finish
1032 * to sign data, check the signature whether equals the expected
1033 * @tc.type: FUNC
1034 * @tc.require: issueI5NY0M
1035 */
1036 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest006, TestSize.Level0)
1037 {
1038 HKS_LOG_E("enter HksAccessControlSecureSignTest006");
1039 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, false, false);
1040 }
1041
1042 /**
1043 * @tc.name: HksAccessControlSecureSignTest007
1044 * @tc.desc: normal case to test import a rsa key with auth type as fingerprint and access type as invalid clear
1045 * password, check the signature whether equals the expected
1046 * @tc.type: FUNC
1047 * @tc.require: issueI5NY0M
1048 */
1049 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest007, TestSize.Level0)
1050 {
1051 HKS_LOG_E("enter HksAccessControlSecureSignTest007");
1052 TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, true, true);
1053 }
1054 }
1055