1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <gtest/gtest.h>
17 
18 #ifdef L2_STANDARD
19 #include "file_ex.h"
20 #endif
21 #include "hks_import_wrapped_test_common.h"
22 #include "hks_three_stage_test_common.h"
23 #include "hks_access_control_test_common.h"
24 #include "hks_mem.h"
25 #include "hks_test_log.h"
26 #include "hks_type.h"
27 #include "hks_api.h"
28 #include "hks_access_control_secure_sign_test.h"
29 #include "hks_test_adapt_for_de.h"
30 
31 using namespace testing::ext;
32 using namespace Unittest::HksAccessControlPartTest;
33 namespace Unittest::AccessControlSecureSignTest {
34 class HksAccessControlSecureSignTest : public testing::Test {
35 public:
36     static void SetUpTestCase(void);
37 
38     static void TearDownTestCase(void);
39 
40     void SetUp();
41 
42     void TearDown();
43 };
44 
SetUpTestCase(void)45 void HksAccessControlSecureSignTest::SetUpTestCase(void)
46 {
47 }
48 
TearDownTestCase(void)49 void HksAccessControlSecureSignTest::TearDownTestCase(void)
50 {
51 }
52 
SetUp()53 void HksAccessControlSecureSignTest::SetUp()
54 {
55     EXPECT_EQ(HksInitialize(), 0);
56 }
57 
TearDown()58 void HksAccessControlSecureSignTest::TearDown()
59 {
60 }
61 
62 static const std::string g_inData = "Hks_SM4_Cipher_Test_000000000000000000000000000000000000000000000000000000000000"
63     "00000000000000000000000000000000000000000000000000000000000000000000000000000000"
64     "0000000000000000000000000000000000000000000000000000000000000000000000000_string";
65 
66 static const std::string g_inDataLess64 = "Hks_SM4_Cipher_Test_000000000000000000000000000000000000";
67 
68 static const uint32_t g_authHeadSize = 24;
69 
70 static const uint32_t g_secureUid = 1;
71 
72 static const uint32_t g_enrolledIdPin = 1;
73 
74 static const uint32_t g_enrolledIdFinger = 2;
75 
76 static const uint32_t g_credentialId = 0;
77 
78 static const uint32_t g_time = 0;
79 
80 static struct HksBlob g_genKeyAlias = {
81     .size = strlen("TestGenKeyForSignWithInfo"),
82     .data = (uint8_t *)"TestGenKeyForSignWithInfo"
83 };
84 
85 static struct HksBlob g_importKeyAlias = {
86     .size = strlen("TestImportKeyForSignWithInfo"),
87     .data = (uint8_t *)"TestImportKeyForSignWithInfo"
88 };
89 
90 static struct HksBlob g_importKeyNoAuthAlias = {
91     .size = strlen("TestImportKeyNoSignWithInfo"),
92     .data = (uint8_t *)"TestImportKeyNoSignWithInfo"
93 };
94 
95 static const uint32_t g_outDataSize = 2048;
96 
97 static uint8_t g_outBuffer[g_outDataSize] = {0};
98 
99 static struct HksBlob g_outDataBlob = {
100     .size = g_outDataSize,
101     .data = g_outBuffer
102 };
103 
104 static struct HksBlob g_inDataBlob = { g_inData.length(), (uint8_t *)g_inData.c_str() };
105 
106 static struct HksBlob g_inDataBlobTwoStage = { g_inDataLess64.length(), (uint8_t *)g_inDataLess64.c_str() };
107 
108 struct HksTestSecureSignGenParams {
109     struct HksBlob *keyAlias;
110     struct HksParam *inputParams;
111     uint32_t inputParamSize;
112     int32_t expectResult;
113 };
114 
115 struct HksTestSecureSignImportParams {
116     struct HksBlob *keyAlias;
117     struct HksParam *inputParams;
118     struct HksBlob importKey;
119     uint32_t inputParamSize;
120     int32_t expectResult;
121 };
122 
123 struct HksTestSecureSignVerifyUpdateFinishParams {
124     struct HksBlob *keyAlias;
125     struct HksBlob *keyAliasNoAuth;
126     struct HksParam *updateParams;
127     struct HksBlob *outBuffer;
128     struct HksBlob *signature;
129     struct HksBlob *inData;
130     uint32_t inputParamSize;
131     int32_t expectResult;
132     bool isThreeStageUse;
133 };
134 
135 static struct HksParam g_genRsaWithSignAuthParams[] = {
136 {
137     .tag = HKS_TAG_ALGORITHM,
138     .uint32Param = HKS_ALG_RSA
139 }, {
140     .tag = HKS_TAG_PURPOSE,
141     .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
142 }, {
143     .tag = HKS_TAG_KEY_SIZE,
144     .uint32Param = HKS_RSA_KEY_SIZE_4096
145 }, {
146     .tag = HKS_TAG_PADDING,
147     .uint32Param = HKS_PADDING_PSS
148 }, {
149     .tag = HKS_TAG_DIGEST,
150     .uint32Param = HKS_DIGEST_SHA512
151 }, {
152     .tag = HKS_TAG_USER_AUTH_TYPE,
153     .uint32Param = HKS_USER_AUTH_TYPE_PIN
154 }, {
155     .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
156     .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
157 }, {
158     .tag = HKS_TAG_CHALLENGE_TYPE,
159     .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
160 }, {
161     .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
162     .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
163 }
164 };
165 
166 static struct HksParam g_genEd25519WithSignAuthParams[] = {
167 {
168     .tag = HKS_TAG_ALGORITHM,
169     .uint32Param = HKS_ALG_ED25519
170 }, {
171     .tag = HKS_TAG_PURPOSE,
172     .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
173 }, {
174     .tag = HKS_TAG_KEY_SIZE,
175     .uint32Param = HKS_CURVE25519_KEY_SIZE_256
176 }, {
177     .tag = HKS_TAG_DIGEST,
178     .uint32Param = HKS_DIGEST_SHA1
179 }, {
180     .tag = HKS_TAG_USER_AUTH_TYPE,
181     .uint32Param = HKS_USER_AUTH_TYPE_FACE
182 }, {
183     .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
184     .uint32Param = HKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL
185 }, {
186     .tag = HKS_TAG_CHALLENGE_TYPE,
187     .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
188 }, {
189     .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
190     .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
191 }
192 };
193 
194 #ifdef _USE_OPENSSL_
195 // mbedtls engine don't support DSA alg
196 static struct HksParam g_genDsaWithSignAuthParams[] = {
197 {
198     .tag = HKS_TAG_ALGORITHM,
199     .uint32Param = HKS_ALG_DSA
200 }, {
201     .tag = HKS_TAG_PURPOSE,
202     .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
203 }, {
204     .tag = HKS_TAG_KEY_SIZE,
205     .uint32Param = 1024
206 }, {
207     .tag = HKS_TAG_DIGEST,
208     .uint32Param = HKS_DIGEST_SHA1
209 }, {
210     .tag = HKS_TAG_USER_AUTH_TYPE,
211     .uint32Param = HKS_USER_AUTH_TYPE_PIN
212 }, {
213     .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
214     .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
215 }, {
216     .tag = HKS_TAG_CHALLENGE_TYPE,
217     .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
218 }, {
219     .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
220     .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
221 }
222 };
223 #endif
224 
225 static struct HksTestSecureSignGenParams g_testRsaGenParams = {
226     .keyAlias = &g_genKeyAlias,
227     .inputParams = g_genRsaWithSignAuthParams,
228     .inputParamSize = HKS_ARRAY_SIZE(g_genRsaWithSignAuthParams),
229     .expectResult = HKS_SUCCESS
230 };
231 
232 static struct HksTestSecureSignGenParams g_testEd25519GenParams = {
233     .keyAlias = &g_genKeyAlias,
234     .inputParams = g_genEd25519WithSignAuthParams,
235     .inputParamSize = HKS_ARRAY_SIZE(g_genEd25519WithSignAuthParams),
236     .expectResult = HKS_SUCCESS
237 };
238 
239 #ifdef _USE_OPENSSL_
240 static struct HksTestSecureSignGenParams g_testDsaGenParams = {
241     .keyAlias = &g_genKeyAlias,
242     .inputParams = g_genDsaWithSignAuthParams,
243     .inputParamSize = HKS_ARRAY_SIZE(g_genDsaWithSignAuthParams),
244     .expectResult = HKS_SUCCESS
245 };
246 #endif
247 
248 static struct HksParam g_importDsaKeyParams[] = {
249     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_DSA },
250     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
251     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
252     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
253     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
254     {
255         .tag = HKS_TAG_USER_AUTH_TYPE,
256         .uint32Param = HKS_USER_AUTH_TYPE_PIN
257     }, {
258         .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
259         .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
260     }, {
261         .tag = HKS_TAG_CHALLENGE_TYPE,
262         .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
263     }, {
264         .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
265         .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
266     }
267 };
268 
269 
270 static struct HksParam g_importDsaKeyParamsNoAuthInfo[] = {
271     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_DSA },
272     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
273     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
274     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
275     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
276 };
277 
278 static struct HksParam g_importRsaKeyParams[] = {
279     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
280     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
281     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
282     { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
283     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
284     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
285     {
286         .tag = HKS_TAG_USER_AUTH_TYPE,
287         .uint32Param = HKS_USER_AUTH_TYPE_PIN
288     }, {
289         .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
290         .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
291     }, {
292         .tag = HKS_TAG_CHALLENGE_TYPE,
293         .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
294     }, {
295         .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
296         .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
297     }
298 };
299 
300 static struct HksParam g_importRsaKeyParamsWithBioAndClearPassword[] = {
301     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
302     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
303     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
304     { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
305     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
306     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
307     {
308         .tag = HKS_TAG_USER_AUTH_TYPE,
309         .uint32Param = HKS_USER_AUTH_TYPE_FINGERPRINT
310     }, {
311         .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
312         .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
313     }, {
314         .tag = HKS_TAG_CHALLENGE_TYPE,
315         .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
316     }, {
317         .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
318         .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
319     }
320 };
321 
322 static struct HksParam g_importRsaKeyParamsNoAuth[] = {
323     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
324     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
325     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
326     { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
327     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
328     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
329 };
330 
331 static struct HksParam g_importKeyEd25519Params[] = {
332     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
333     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
334     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
335     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
336     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR },
337     {
338         .tag = HKS_TAG_USER_AUTH_TYPE,
339         .uint32Param = HKS_USER_AUTH_TYPE_PIN
340     }, {
341         .tag = HKS_TAG_KEY_AUTH_ACCESS_TYPE,
342         .uint32Param = HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
343     }, {
344         .tag = HKS_TAG_CHALLENGE_TYPE,
345         .uint32Param = HKS_CHALLENGE_TYPE_NORMAL
346     }, {
347         .tag = HKS_TAG_KEY_SECURE_SIGN_TYPE,
348         .uint32Param = HKS_SECURE_SIGN_WITH_AUTHINFO
349     }
350 };
351 
352 static struct HksParam g_importKeyEd25519ParamsNoAuth[] = {
353     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
354     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
355     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
356     { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
357     { .tag = HKS_TAG_IMPORT_KEY_TYPE, .uint32Param = HKS_KEY_TYPE_KEY_PAIR }
358 };
359 
360 static struct HksParam g_signParamsTestRsa[] = {
361     {
362         .tag = HKS_TAG_ALGORITHM,
363         .uint32Param = HKS_ALG_RSA
364     }, {
365         .tag = HKS_TAG_PURPOSE,
366         .uint32Param = HKS_KEY_PURPOSE_SIGN
367     }, {
368         .tag = HKS_TAG_KEY_SIZE,
369         .uint32Param = HKS_RSA_KEY_SIZE_2048
370     }, {
371         .tag = HKS_TAG_PADDING,
372         .uint32Param = HKS_PADDING_PSS
373     }, {
374         .tag = HKS_TAG_DIGEST,
375         .uint32Param = HKS_DIGEST_SHA256
376     }
377 };
378 
379 static struct HksParam g_verifyParamsTestRsa[] = {
380     {
381         .tag = HKS_TAG_ALGORITHM,
382         .uint32Param = HKS_ALG_RSA
383     }, {
384         .tag = HKS_TAG_PURPOSE,
385         .uint32Param = HKS_KEY_PURPOSE_VERIFY
386     }, {
387         .tag = HKS_TAG_KEY_SIZE,
388         .uint32Param = HKS_RSA_KEY_SIZE_2048
389     }, {
390         .tag = HKS_TAG_PADDING,
391         .uint32Param = HKS_PADDING_PSS
392     }, {
393         .tag = HKS_TAG_DIGEST,
394         .uint32Param = HKS_DIGEST_SHA256
395     }
396 };
397 
398 static struct HksParam g_signParamsTestDsa[] = {
399     {
400         .tag = HKS_TAG_ALGORITHM,
401         .uint32Param = HKS_ALG_DSA
402     }, {
403         .tag = HKS_TAG_PURPOSE,
404         .uint32Param = HKS_KEY_PURPOSE_SIGN
405     }, {
406         .tag = HKS_TAG_DIGEST,
407         .uint32Param = HKS_DIGEST_SHA256
408     }
409 };
410 
411 static struct HksParam g_verifyParamsTestDsa[] = {
412     {
413         .tag = HKS_TAG_ALGORITHM,
414         .uint32Param = HKS_ALG_DSA
415     }, {
416         .tag = HKS_TAG_PURPOSE,
417         .uint32Param = HKS_KEY_PURPOSE_VERIFY
418     }, {
419         .tag = HKS_TAG_DIGEST,
420         .uint32Param = HKS_DIGEST_SHA256
421     }
422 };
423 
424 static struct HksParam g_signParamsTestEd25519[] = {
425     {
426         .tag = HKS_TAG_ALGORITHM,
427         .uint32Param = HKS_ALG_ED25519
428     }, {
429         .tag = HKS_TAG_PURPOSE,
430         .uint32Param = HKS_KEY_PURPOSE_SIGN
431     }, {
432         .tag = HKS_TAG_KEY_SIZE,
433         .uint32Param = HKS_CURVE25519_KEY_SIZE_256
434     }, {
435         .tag = HKS_TAG_DIGEST,
436         .uint32Param = HKS_DIGEST_SHA256
437     }
438 };
439 
440 static struct HksParam g_verifyParamsTestEd25519[] = {
441     {
442         .tag = HKS_TAG_ALGORITHM,
443         .uint32Param = HKS_ALG_ED25519
444     }, {
445         .tag = HKS_TAG_PURPOSE,
446         .uint32Param = HKS_KEY_PURPOSE_VERIFY
447     }, {
448         .tag = HKS_TAG_KEY_SIZE,
449         .uint32Param = HKS_CURVE25519_KEY_SIZE_256
450     }, {
451         .tag = HKS_TAG_DIGEST,
452         .uint32Param = HKS_DIGEST_SHA256
453     }
454 };
455 
456 static const uint8_t g_eData[] = { 0x01, 0x00, 0x01 };
457 
458 
459 static const uint8_t g_ed25519PriData[] = {
460     0x61, 0xd3, 0xe7, 0x53, 0x6d, 0x79, 0x5d, 0x71, 0xc2, 0x2a, 0x51, 0x2d, 0x5e, 0xcb, 0x67, 0x3d,
461     0xdd, 0xde, 0xf0, 0xac, 0xdb, 0xba, 0x24, 0xfd, 0xf8, 0x3a, 0x7b, 0x32, 0x6e, 0x05, 0xe6, 0x37,
462 };
463 
464 static const uint8_t g_ed25519PubData[] = {
465     0xab, 0xc7, 0x0f, 0x99, 0x4f, 0x6a, 0x08, 0xd0, 0x9c, 0x5d, 0x10, 0x60, 0xf8, 0x93, 0xd2, 0x8e,
466     0xe0, 0x63, 0x0e, 0x70, 0xbf, 0xad, 0x30, 0x41, 0x43, 0x09, 0x27, 0x2d, 0xb3, 0x30, 0x95, 0xa7,
467 };
468 
CheckSignWithInfoTag(const struct HksBlob * alias,const struct HksParamSet * paramSet)469 static int32_t CheckSignWithInfoTag(const struct HksBlob *alias, const struct HksParamSet *paramSet)
470 {
471     struct HksParamSet *keyParamSet = NULL;
472     int32_t ret = GenParamSetAuthTest(&keyParamSet, paramSet);
473     EXPECT_EQ(ret, HKS_SUCCESS) << "GenParamSetAuthTest failed.";
474 
475     ret = HksGetKeyParamSetForDe(alias, paramSet, keyParamSet);
476     EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetKeyParamSet failed.";
477 
478     struct HksParam *secureParam = nullptr;
479     ret = HksGetParam(keyParamSet, HKS_TAG_KEY_AUTH_ACCESS_TYPE, &secureParam);
480     EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam auth access failed.";
481 
482     struct HksParam *userParam = nullptr;
483     ret = HksGetParam(keyParamSet, HKS_TAG_USER_AUTH_TYPE, &userParam);
484     EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam user auth failed.";
485 
486     struct HksParam *secSignType = nullptr;
487     ret = HksGetParam(keyParamSet, HKS_TAG_KEY_SECURE_SIGN_TYPE, &secSignType);
488     EXPECT_EQ(ret, HKS_SUCCESS) << "HksGetParam secure sign type failed.";
489     EXPECT_EQ(secSignType->uint32Param, HKS_SECURE_SIGN_WITH_AUTHINFO) << "HksGetParam secure sign type failed.";
490 
491     HksFreeParamSet(&keyParamSet);
492     return ret;
493 }
494 
BuildImportKeyParamsForRsa(struct HksTestSecureSignImportParams * importParams,bool isAuth,bool isClearPasswordInvalid)495 static int32_t BuildImportKeyParamsForRsa(struct HksTestSecureSignImportParams *importParams, bool isAuth,
496     bool isClearPasswordInvalid)
497 {
498     if (isClearPasswordInvalid) {
499         importParams->inputParams = g_importRsaKeyParamsWithBioAndClearPassword;
500         importParams->inputParamSize = sizeof(g_importRsaKeyParamsWithBioAndClearPassword) /
501             sizeof(g_importRsaKeyParamsWithBioAndClearPassword[0]);
502     } else {
503         importParams->inputParams = isAuth ? g_importRsaKeyParams : g_importRsaKeyParamsNoAuth;
504         importParams->inputParamSize = isAuth ? sizeof(g_importRsaKeyParams)/sizeof(g_importRsaKeyParams[0]) :
505             sizeof(g_importRsaKeyParamsNoAuth)/sizeof(g_importRsaKeyParamsNoAuth[0]);
506     }
507 
508     importParams->expectResult = HKS_SUCCESS;
509     uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
510     if (keyBuffer == nullptr) {
511         return HKS_ERROR_MALLOC_FAIL;
512     }
513     importParams->importKey.data = keyBuffer;
514     importParams->importKey.size = MAX_KEY_SIZE;
515     struct HksBlob nDataBlob = { sizeof(g_nData2048), (uint8_t *)g_nData2048 };
516     struct HksBlob dData2048 = { sizeof(g_dData2048), (uint8_t *)g_dData2048 };
517     struct HksBlob eData = { sizeof(g_eData), (uint8_t *)g_eData };
518     int32_t ret = Unittest::HksAccessControlPartTest::ConstructRsaKeyPair(&nDataBlob, &dData2048, &eData,
519         HKS_RSA_KEY_SIZE_2048, &importParams->importKey);
520     if (ret != HKS_SUCCESS) {
521         HKS_FREE(keyBuffer);
522     }
523     return ret;
524 }
525 
BuildImportKeyParamsForDSA(struct HksTestSecureSignImportParams * importParams,bool isAuth)526 static int32_t BuildImportKeyParamsForDSA(struct HksTestSecureSignImportParams *importParams, bool isAuth)
527 {
528     importParams->inputParams = isAuth ? g_importDsaKeyParams : g_importDsaKeyParamsNoAuthInfo;
529     importParams->inputParamSize = isAuth ? sizeof(g_importDsaKeyParams)/sizeof(g_importDsaKeyParams[0]) :
530         sizeof(g_importDsaKeyParamsNoAuthInfo)/sizeof(g_importDsaKeyParamsNoAuthInfo[0]);
531     importParams->expectResult = HKS_SUCCESS;
532     uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
533     if (keyBuffer == nullptr) {
534         return HKS_ERROR_MALLOC_FAIL;
535     }
536     importParams->importKey.data = keyBuffer;
537     importParams->importKey.size = MAX_KEY_SIZE;
538     struct HksBlob xData = { sizeof(g_xData), (uint8_t *)g_xData };
539     struct HksBlob yData = { sizeof(g_yData), (uint8_t *)g_yData };
540     struct HksBlob pData = { sizeof(g_pData), (uint8_t *)g_pData };
541     struct HksBlob qData = { sizeof(g_qData), (uint8_t *)g_qData };
542     struct HksBlob gData = { sizeof(g_gData), (uint8_t *)g_gData };
543     struct TestDsaKeyParams dsaKeyParams = {
544         .xData = &xData,
545         .yData = &yData,
546         .pData = &pData,
547         .qData = &qData,
548         .gData = &gData
549     };
550     int32_t ret = Unittest::HksAccessControlPartTest::ConstructDsaKeyPair(HKS_RSA_KEY_SIZE_2048, &dsaKeyParams,
551         &importParams->importKey);
552     if (ret != HKS_SUCCESS) {
553         HKS_FREE(keyBuffer);
554     }
555     return HKS_SUCCESS;
556 }
557 
BuildImportKeyTestParams(struct HksTestSecureSignImportParams * importParams,uint32_t alg,bool isAuth,bool isClearPasswordInvalid)558 static int32_t BuildImportKeyTestParams(struct HksTestSecureSignImportParams *importParams, uint32_t alg,
559     bool isAuth, bool isClearPasswordInvalid)
560 {
561     importParams->keyAlias = isAuth ? &g_importKeyAlias : &g_importKeyNoAuthAlias;
562     int32_t ret;
563     switch (alg) {
564         case HKS_ALG_RSA: {
565             ret = BuildImportKeyParamsForRsa(importParams, isAuth, isClearPasswordInvalid);
566             return ret;
567         }
568         case HKS_ALG_DSA: {
569             ret = BuildImportKeyParamsForDSA(importParams, isAuth);
570             return ret;
571         }
572             break;
573         case HKS_ALG_ED25519: {
574             importParams->inputParams = isAuth ? g_importKeyEd25519Params : g_importKeyEd25519ParamsNoAuth;
575             importParams->inputParamSize = isAuth ? sizeof(g_importKeyEd25519Params)/sizeof(g_importKeyEd25519Params[0])
576                 : sizeof(g_importKeyEd25519ParamsNoAuth) / sizeof(g_importKeyEd25519ParamsNoAuth[0]);
577             importParams->expectResult = HKS_SUCCESS;
578             uint8_t *keyBuffer = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
579             if (keyBuffer == nullptr) {
580                 return HKS_ERROR_MALLOC_FAIL;
581             }
582             importParams->importKey.data = keyBuffer;
583             importParams->importKey.size = MAX_KEY_SIZE;
584             struct HksBlob ed25519PubData = { sizeof(g_ed25519PubData), (uint8_t *)g_ed25519PubData };
585             struct HksBlob ed25519PriData = { sizeof(g_ed25519PriData), (uint8_t *)g_ed25519PriData };
586             ret = ConstructEd25519KeyPair(HKS_CURVE25519_KEY_SIZE_256, HKS_ALG_ED25519, &ed25519PubData,
587                 &ed25519PriData, &importParams->importKey);
588             if (ret != HKS_SUCCESS) {
589                 HKS_FREE(keyBuffer);
590             }
591             return ret;
592         }
593             break;
594         default:
595                 break;
596     }
597     return HKS_FAILURE;
598 }
599 
BuildUpdateFinishParams(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,uint32_t alg,bool isThreeStage)600 static int32_t BuildUpdateFinishParams(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
601     uint32_t alg, bool isThreeStage)
602 {
603     updateFinishParams->keyAlias = &g_importKeyAlias;
604     updateFinishParams->keyAliasNoAuth = &g_importKeyNoAuthAlias;
605     updateFinishParams->isThreeStageUse = isThreeStage;
606     g_outDataBlob.data = g_outBuffer;
607     g_outDataBlob.size = sizeof(g_outBuffer);
608     updateFinishParams->outBuffer = &g_outDataBlob;
609     updateFinishParams->inData = isThreeStage ? &g_inDataBlob : &g_inDataBlobTwoStage;
610     switch (alg) {
611         case HKS_ALG_RSA: {
612             updateFinishParams->updateParams = g_signParamsTestRsa;
613             updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestRsa);
614             updateFinishParams->expectResult = HKS_SUCCESS;
615             return HKS_SUCCESS;
616         }
617         case HKS_ALG_ED25519: {
618             updateFinishParams->updateParams = g_signParamsTestEd25519;
619             updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestEd25519);
620             updateFinishParams->expectResult = HKS_SUCCESS;
621             return HKS_SUCCESS;
622         }
623         case HKS_ALG_DSA: {
624             updateFinishParams->updateParams = g_signParamsTestDsa;
625             updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_signParamsTestDsa);
626             updateFinishParams->expectResult = HKS_SUCCESS;
627             return HKS_SUCCESS;
628         }
629         default:
630             break;
631     }
632     return HKS_FAILURE;
633 }
634 
BuildUpdateFinishVerifyParams(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,uint32_t alg,bool isThreeStage,struct HksBlob * inData,struct HksBlob * signature)635 static int32_t BuildUpdateFinishVerifyParams(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
636     uint32_t alg, bool isThreeStage, struct HksBlob *inData, struct HksBlob *signature)
637 {
638     updateFinishParams->keyAlias = &g_importKeyAlias;
639     updateFinishParams->keyAliasNoAuth = &g_importKeyNoAuthAlias;
640     updateFinishParams->isThreeStageUse = isThreeStage;
641     g_outDataBlob.data = g_outBuffer;
642     g_outDataBlob.size = sizeof(g_outBuffer);
643     updateFinishParams->outBuffer = &g_outDataBlob;
644     updateFinishParams->inData = inData;
645     updateFinishParams->signature = signature;
646     switch (alg) {
647         case HKS_ALG_RSA: {
648             updateFinishParams->updateParams = g_verifyParamsTestRsa;
649             updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestRsa);
650             updateFinishParams->expectResult = HKS_SUCCESS;
651             return HKS_SUCCESS;
652         }
653         case HKS_ALG_ED25519: {
654             updateFinishParams->updateParams = g_verifyParamsTestEd25519;
655             updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestEd25519);
656             updateFinishParams->expectResult = HKS_SUCCESS;
657             return HKS_SUCCESS;
658         }
659         case HKS_ALG_DSA: {
660             updateFinishParams->updateParams = g_verifyParamsTestDsa;
661             updateFinishParams->inputParamSize = HKS_ARRAY_SIZE(g_verifyParamsTestDsa);
662             updateFinishParams->expectResult = HKS_SUCCESS;
663             return HKS_SUCCESS;
664         }
665         default:
666             break;
667     }
668     return HKS_FAILURE;
669 }
670 
TestGenerateKeyWithSecureSignTag(struct HksTestSecureSignGenParams * params)671 static void TestGenerateKeyWithSecureSignTag(struct HksTestSecureSignGenParams *params)
672 {
673     struct HksParamSet *genParamSet = NULL;
674     int32_t ret = InitParamSet(&genParamSet, params->inputParams, params->inputParamSize);
675     EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
676 
677     /**
678      * @tc.steps:step1. Generate a key with user_auth_type and sign_with_info tag
679      */
680     ret = HksGenerateKeyForDe(params->keyAlias, genParamSet, nullptr);
681     EXPECT_EQ(ret, HKS_SUCCESS) << "HksGenerateKey rsa key failed.";
682 
683     /**
684      * @tc.steps:step2. Get key paramSet check if related key tag exist
685      */
686     ret = CheckSignWithInfoTag(params->keyAlias, genParamSet);
687     EXPECT_EQ(ret, HKS_SUCCESS) << "CheckSignWithInfoTag rsa key failed.";
688 
689     /**
690      * @tc.steps:step3. Delete key and free paramSet
691      */
692     HksDeleteKeyForDe(params->keyAlias, nullptr);
693     HksFreeParamSet(&genParamSet);
694 }
695 
TestImportKeyWithSecureSignTag(struct HksTestSecureSignImportParams * params,bool ifCheckTag)696 int32_t TestImportKeyWithSecureSignTag(struct HksTestSecureSignImportParams *params, bool ifCheckTag)
697 {
698     struct HksParamSet *importParams = nullptr;
699     int32_t ret = InitParamSet(&importParams, params->inputParams, params->inputParamSize);
700     EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
701 
702     /**
703      * @tc.steps:step1. Import a key with user_auth_type and sign_with_info tag
704      */
705     ret = HksImportKeyForDe(params->keyAlias, importParams, &params->importKey);
706     EXPECT_EQ(ret, HKS_SUCCESS) << "HksImportKey key failed.";
707 
708     if (ifCheckTag) {
709         /**
710          * @tc.steps:step2. Get key paramSet check if related key tag exist
711          */
712         ret = CheckSignWithInfoTag(params->keyAlias, importParams);
713         EXPECT_EQ(ret, HKS_SUCCESS) << "CheckSignWithInfoTag rsa key failed.";
714     }
715 
716     /**
717      * @tc.steps:step3. Free paramSet
718      */
719     HksFreeParamSet(&importParams);
720     return ret;
721 }
722 
HksTestUpdateFinishSignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,struct HksTestGenAuthTokenParams * genAuthTokenParams)723 int32_t HksTestUpdateFinishSignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
724     struct HksTestGenAuthTokenParams *genAuthTokenParams)
725 {
726     uint8_t tmpHandle[sizeof(uint64_t)] = {0};
727     struct HksBlob handle = { sizeof(uint64_t), tmpHandle };
728     uint8_t tmpChallenge[TOKEN_SIZE] = {0};
729     struct HksBlob challenge = { sizeof(tmpChallenge), tmpChallenge };
730 
731     struct HksParamSet *paramSet = nullptr;
732     int32_t ret = InitParamSet(&paramSet, updateFinishParams->updateParams, updateFinishParams->inputParamSize);
733     EXPECT_EQ(ret, HKS_SUCCESS) << "InitParamSet failed.";
734     if (ret != HKS_SUCCESS) {
735         return HKS_FAILURE;
736     }
737 
738     ret = HksInitForDe(updateFinishParams->keyAlias, paramSet, &handle, &challenge);
739     EXPECT_EQ(ret, HKS_SUCCESS) << "Init failed.";
740     if (ret != HKS_SUCCESS) {
741         HksFreeParamSet(&paramSet);
742         return HKS_FAILURE;
743     }
744 
745     genAuthTokenParams->authChallenge = &challenge;
746 
747     struct HksParamSet *newParamSet = nullptr;
748     ret = HksBuildAuthTokenSecure(paramSet, genAuthTokenParams, &newParamSet);
749     EXPECT_EQ(ret, HKS_SUCCESS) << "HksBuildAuthTokenSecure failed.";
750     if (ret != HKS_SUCCESS) {
751         HksFreeParamSet(&paramSet);
752         return HKS_FAILURE;
753     }
754 
755     struct HksParam *tmpParam = NULL;
756     ret = HksGetParam(newParamSet, HKS_TAG_PURPOSE, &tmpParam);
757     if (ret != HKS_SUCCESS) {
758         HksFreeParamSet(&paramSet);
759         HksFreeParamSet(&newParamSet);
760         HKS_LOG_E("get tag purpose failed.");
761         return HKS_FAILURE;
762     }
763 
764     if (updateFinishParams->isThreeStageUse) {
765         ret = TestUpdateFinish(&handle, newParamSet, tmpParam->uint32Param, updateFinishParams->inData,
766             updateFinishParams->outBuffer);
767     } else {
768         ret = HksFinishForDe(&handle, newParamSet, updateFinishParams->inData, updateFinishParams->outBuffer);
769     }
770     EXPECT_EQ(ret, HKS_SUCCESS) << "TestUpdateFinish failed.";
771     if (ret != HKS_SUCCESS) {
772         HksFreeParamSet(&paramSet);
773         HksFreeParamSet(&newParamSet);
774         return HKS_FAILURE;
775     }
776 
777     HksFreeParamSet(&paramSet);
778     HksFreeParamSet(&newParamSet);
779     return ret;
780 }
781 
VerifyUpdateFinish(struct HksBlob * handle,struct HksParamSet * newParamSet,struct HksParam * purposeParam,struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,bool isSign)782 int32_t VerifyUpdateFinish(struct HksBlob *handle, struct HksParamSet *newParamSet, struct HksParam *purposeParam,
783     struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams, bool isSign)
784 {
785     int32_t ret;
786     if (isSign) {
787         if (updateFinishParams->isThreeStageUse) {
788             ret = TestUpdateFinish(handle, newParamSet, purposeParam->uint32Param, updateFinishParams->inData,
789                 updateFinishParams->outBuffer);
790         } else {
791             ret = HksFinishForDe(handle, newParamSet, updateFinishParams->inData, updateFinishParams->outBuffer);
792         }
793     } else {
794         if (updateFinishParams->isThreeStageUse) {
795             ret = TestUpdateFinish(handle, newParamSet, purposeParam->uint32Param, updateFinishParams->inData,
796                 updateFinishParams->signature);
797         } else {
798             ret = HksFinishForDe(handle, newParamSet, updateFinishParams->inData, updateFinishParams->signature);
799         }
800     }
801     return ret;
802 }
803 
HksTestUpdateFinishVerifySignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams * updateFinishParams,struct HksTestGenAuthTokenParams * genAuthTokenParams,bool isSign)804 int32_t HksTestUpdateFinishVerifySignAuthInfo(struct HksTestSecureSignVerifyUpdateFinishParams *updateFinishParams,
805     struct HksTestGenAuthTokenParams *genAuthTokenParams, bool isSign)
806 {
807     uint8_t tmpHandle[sizeof(uint64_t)] = {0};
808     struct HksBlob handle = { sizeof(uint64_t), tmpHandle };
809     uint8_t tmpChallenge[TOKEN_SIZE] = {0};
810     struct HksBlob challenge = { sizeof(tmpChallenge), tmpChallenge };
811 
812     struct HksParamSet *paramSet = nullptr;
813     int32_t ret = InitParamSet(&paramSet, updateFinishParams->updateParams, updateFinishParams->inputParamSize);
814     if (ret != HKS_SUCCESS) {
815         return HKS_FAILURE;
816     }
817 
818     ret = HksInitForDe(updateFinishParams->keyAlias, paramSet, &handle, &challenge);
819     if (ret != HKS_SUCCESS) {
820         HksFreeParamSet(&paramSet);
821         return HKS_FAILURE;
822     }
823 
824     genAuthTokenParams->authChallenge = &challenge;
825 
826     struct HksParamSet *newParamSet = nullptr;
827     ret = HksBuildAuthTokenSecure(paramSet, genAuthTokenParams, &newParamSet);
828     if (ret != HKS_SUCCESS) {
829         HksFreeParamSet(&paramSet);
830         return HKS_FAILURE;
831     }
832 
833     struct HksParam *purposeParam = NULL;
834     ret = HksGetParam(newParamSet, HKS_TAG_PURPOSE, &purposeParam);
835     if (ret != HKS_SUCCESS) {
836         HksFreeParamSet(&paramSet);
837         HksFreeParamSet(&newParamSet);
838         HKS_LOG_E("get tag purpose failed.");
839         return HKS_FAILURE;
840     }
841 
842     ret = VerifyUpdateFinish(&handle, newParamSet, purposeParam, updateFinishParams, isSign);
843 
844     EXPECT_EQ(ret, HKS_SUCCESS) << "TestUpdateFinish failed.";
845 
846     if (ret != HKS_SUCCESS) {
847         HksFreeParamSet(&paramSet);
848         HksFreeParamSet(&newParamSet);
849         return HKS_FAILURE;
850     }
851 
852     return ret;
853 }
854 
855 static const uint32_t g_fingerPrintInUserIam = 4;
856 static const uint32_t g_pinInUserIam = 1;
857 
BuildAuthTokenParams(struct HksTestGenAuthTokenParams * authTokenParams,bool isClearPasswordInvalid)858 static void BuildAuthTokenParams(struct HksTestGenAuthTokenParams *authTokenParams, bool isClearPasswordInvalid)
859 {
860     if (isClearPasswordInvalid) {
861         authTokenParams->secureUid = g_secureUid;
862         authTokenParams->enrolledId = g_enrolledIdFinger;
863         authTokenParams->credentialId = g_credentialId;
864         authTokenParams->time = g_time;
865         authTokenParams->authType = g_fingerPrintInUserIam;
866         return;
867     }
868     authTokenParams->secureUid = g_secureUid;
869     authTokenParams->enrolledId = g_enrolledIdPin;
870     authTokenParams->credentialId = g_credentialId;
871     authTokenParams->time = g_time;
872     authTokenParams->authType = g_pinInUserIam;
873 }
874 
BuildSigAndIndataBlob(struct HksBlob * sigBlob,struct HksBlob * inDataBlob,struct HksTestSecureSignVerifyUpdateFinishParams * secureSignUpdateFinish)875 static int32_t BuildSigAndIndataBlob(struct HksBlob *sigBlob, struct HksBlob *inDataBlob,
876     struct HksTestSecureSignVerifyUpdateFinishParams *secureSignUpdateFinish)
877 {
878     int32_t ret = memcpy_s(sigBlob->data, sigBlob->size,
879         secureSignUpdateFinish->outBuffer->data + g_authHeadSize,
880         secureSignUpdateFinish->outBuffer->size - g_authHeadSize);
881     if (ret != EOK) {
882         return ret;
883     }
884     ret = memcpy_s(inDataBlob->data, inDataBlob->size,
885         secureSignUpdateFinish->outBuffer->data, g_authHeadSize);
886     if (ret != EOK) {
887         return ret;
888     }
889     ret = memcpy_s(inDataBlob->data + g_authHeadSize, inDataBlob->size - g_authHeadSize,
890         secureSignUpdateFinish->inData->data, secureSignUpdateFinish->inData->size);
891     return ret;
892 }
893 
TestImportKeyWithSignTagAndTestUseKeyCommonCase(uint32_t alg,bool isThreeStage,bool isClearPasswordInvalid)894 static void TestImportKeyWithSignTagAndTestUseKeyCommonCase(uint32_t alg, bool isThreeStage,
895     bool isClearPasswordInvalid)
896 {
897     /**
898      * @tc.steps:step1. import a key with user_auth_type and sign_with_info tag
899      */
900     struct HksTestSecureSignImportParams importParams;
901     (void)memset_s((uint8_t *)&importParams, sizeof(struct HksTestSecureSignImportParams), 0,
902         sizeof(struct HksTestSecureSignImportParams));
903     int32_t ret = BuildImportKeyTestParams(&importParams, alg, true, isClearPasswordInvalid);
904     EXPECT_EQ(ret, HKS_SUCCESS) << "BuildImportKeyTestParams failed.";
905     if (ret != HKS_SUCCESS) {
906         return;
907     }
908 
909     ret = TestImportKeyWithSecureSignTag(&importParams, true);
910     EXPECT_EQ(ret, HKS_SUCCESS) << "TestImportKeyWithSecureSignTag failed.";
911     if (ret != HKS_SUCCESS) {
912         return;
913     }
914 
915     /**
916      * @tc.steps:step2. Import a key without user_auth_type and sign_with_info tag
917      */
918     struct HksTestSecureSignImportParams importParamsWithoutSignAuth;
919     (void)memset_s((uint8_t *)&importParamsWithoutSignAuth, sizeof(struct HksTestSecureSignImportParams), 0,
920         sizeof(struct HksTestSecureSignImportParams));
921     ret = BuildImportKeyTestParams(&importParamsWithoutSignAuth, alg, false, isClearPasswordInvalid);
922     EXPECT_EQ(ret, HKS_SUCCESS) << "BuildImportKeyTestParams without sign auth failed.";
923     if (ret != HKS_SUCCESS) {
924         return;
925     }
926 
927     /**
928      * @tc.steps:step3. use the key to sign:init update finish. check the sign data whether equals the expected data
929      */
930     ret = TestImportKeyWithSecureSignTag(&importParamsWithoutSignAuth, false);
931     EXPECT_EQ(ret, HKS_SUCCESS) << "TestImportKeyWithSecureSignTag2 failed.";
932     struct HksTestSecureSignVerifyUpdateFinishParams secureSignUpdateFinish;
933     ret = BuildUpdateFinishParams(&secureSignUpdateFinish, alg, isThreeStage);
934     EXPECT_EQ(ret, HKS_SUCCESS) << "BuildUpdateFinishParams failed.";
935 
936     struct HksTestGenAuthTokenParams genAuthTokenParams = { 0 };
937     BuildAuthTokenParams(&genAuthTokenParams, isClearPasswordInvalid);
938 
939     ret = HksTestUpdateFinishVerifySignAuthInfo(&secureSignUpdateFinish, &genAuthTokenParams, true);
940     EXPECT_EQ(ret, secureSignUpdateFinish.expectResult) << "HksTestUpdateFinishSignAuthInfo failed.";
941 
942     uint8_t sigature[secureSignUpdateFinish.outBuffer->size - g_authHeadSize];
943     struct HksBlob sigBlob = {secureSignUpdateFinish.outBuffer->size - g_authHeadSize, sigature};
944     uint8_t inData[secureSignUpdateFinish.inData->size + g_authHeadSize];
945     struct HksBlob inDataBlob = {secureSignUpdateFinish.inData->size + g_authHeadSize, inData};
946     ret = BuildSigAndIndataBlob(&sigBlob, &inDataBlob, &secureSignUpdateFinish);
947     EXPECT_EQ(ret, HKS_SUCCESS) << "BuildSigAndIndataBlob failed.";
948 
949     struct HksTestSecureSignVerifyUpdateFinishParams secureSignUpdateFinishVerify;
950     ret = BuildUpdateFinishVerifyParams(&secureSignUpdateFinishVerify, alg, true, &inDataBlob, &sigBlob);
951     EXPECT_EQ(ret, HKS_SUCCESS) << "BuildUpdateFinishVerifyParams failed.";
952     ret = HksTestUpdateFinishVerifySignAuthInfo(&secureSignUpdateFinishVerify, &genAuthTokenParams, false);
953 
954     HKS_FREE_BLOB(importParams.importKey);
955     HKS_FREE_BLOB(importParamsWithoutSignAuth.importKey);
956     HksDeleteKeyForDe(secureSignUpdateFinish.keyAlias, nullptr);
957     HksDeleteKeyForDe(secureSignUpdateFinish.keyAliasNoAuth, nullptr);
958 }
959 
960 /**
961  * @tc.name: HksAccessControlSecureSignTest001
962  * @tc.desc: normal case to test generate a rsa key with sign_with_info tag and check paramSet
963  *           has the tag
964  * @tc.type: FUNC
965  * @tc.require: issueI5NY0M
966  */
967 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest001, TestSize.Level0)
968 {
969     HKS_LOG_E("enter HksAccessControlSecureSignTest001");
970     TestGenerateKeyWithSecureSignTag(&g_testRsaGenParams);
971 }
972 
973 /**
974  * @tc.name: HksAccessControlSecureSignTest002
975  * @tc.desc: normal case to test generate a ed25519 key with sign_with_info tag and check paramSet
976  *           has the tag
977  * @tc.type: FUNC
978  * @tc.require: issueI5NY0M
979  */
980 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest002, TestSize.Level0)
981 {
982     HKS_LOG_E("enter HksAccessControlSecureSignTest002");
983     TestGenerateKeyWithSecureSignTag(&g_testEd25519GenParams);
984 }
985 
986 /**
987  * @tc.name: HksAccessControlSecureSignTest003
988  * @tc.desc: normal case to test generate a dsa key with sign_with_info tag and check paramSet
989  *           has the tag
990  * @tc.type: FUNC
991  * @tc.require: issueI5NY0M
992  */
993 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest003, TestSize.Level0)
994 {
995 #ifdef _USE_OPENSSL_
996     HKS_LOG_E("enter HksAccessControlSecureSignTest003");
997     TestGenerateKeyWithSecureSignTag(&g_testDsaGenParams);
998 #endif
999 }
1000 
1001 /**
1002  * @tc.name: HksAccessControlSecureSignTest004
1003  * @tc.desc: normal case to test import a rsa key with user auth type and use the key
1004  *           to sign data, check the signature whether equals the expected
1005  * @tc.type: FUNC
1006  * @tc.require: issueI5NY0M
1007  */
1008 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest004, TestSize.Level0)
1009 {
1010     HKS_LOG_E("enter HksAccessControlSecureSignTest004");
1011     TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, true, false);
1012 }
1013 
1014 /**
1015  * @tc.name: HksAccessControlSecureSignTest005
1016  * @tc.desc: normal case to test import a dsa key with user auth type and use the key
1017  *           to sign data, check the signature whether equals the expected
1018  * @tc.type: FUNC
1019  * @tc.require: issueI5NY0M
1020  */
1021 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest005, TestSize.Level0)
1022 {
1023 #ifdef _USE_OPENSSL_
1024     HKS_LOG_E("enter HksAccessControlSecureSignTest005");
1025     TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_DSA, true, false);
1026 #endif
1027 }
1028 
1029 /**
1030  * @tc.name: HksAccessControlSecureSignTest006
1031  * @tc.desc: normal case to test import a rsa key with user auth type and use the key:init&finish
1032  *           to sign data, check the signature whether equals the expected
1033  * @tc.type: FUNC
1034  * @tc.require: issueI5NY0M
1035  */
1036 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest006, TestSize.Level0)
1037 {
1038     HKS_LOG_E("enter HksAccessControlSecureSignTest006");
1039     TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, false, false);
1040 }
1041 
1042 /**
1043  * @tc.name: HksAccessControlSecureSignTest007
1044  * @tc.desc: normal case to test import a rsa key with auth type as fingerprint and access type as invalid clear
1045  *           password, check the signature whether equals the expected
1046  * @tc.type: FUNC
1047  * @tc.require: issueI5NY0M
1048  */
1049 HWTEST_F(HksAccessControlSecureSignTest, HksAccessControlSecureSignTest007, TestSize.Level0)
1050 {
1051     HKS_LOG_E("enter HksAccessControlSecureSignTest007");
1052     TestImportKeyWithSignTagAndTestUseKeyCommonCase(HKS_ALG_RSA, true, true);
1053 }
1054 }
1055