1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef HKS_ACCESS_CONTROL_TEST_COMMON_H
17 #define HKS_ACCESS_CONTROL_TEST_COMMON_H
18 
19 #include "hks_three_stage_test_common.h"
20 
21 #include <vector>
22 #include <string>
23 
24 #define SHA256_SIGN_LEN 32
25 #define SHA256_KEY_LEN 32
26 #define AUTH_TOKEN_LEN sizeof(struct HksUserAuthToken)
27 #define AUTH_TOKEN_CIPHERTEXT_LEN sizeof(struct HksCiphertextData)
28 #define AUTH_TOKEN_DATA_LEN (AUTH_TOKEN_LEN - SHA256_SIGN_LEN)
29 #define TOKEN_CHALLENGE_LEN 32
30 #define TOKEN_CHALLENGE_LEN_PER_POS 8
31 #define HKS_DEFAULT_USER_AT_MAC_KEY "huks_default_user_auth_token_mac"
32 #define HKS_DEFAULT_USER_AT_CIPHER_KEY "huks_default_user_auth_cipherkey"
33 #define HKS_AE_AAD_LEN 12
34 #define HKS_AES_COMMON_SIZE 1024U
35 
36 enum {
37     // see `enum TokenType` in `drivers/peripheral/user_auth/hdi_service/common/inc/defines.h`
38     TOKEN_TYPE_LOCAL_AUTH = 0,
39     TOKEN_TYPE_LOCAL_RESIGN = 1,
40     TOKEN_TYPE_COAUTH = 2,
41 };
42 
43 // see `HksUserAuthToken`, `HksPlaintextData`, `HksCiphertextData` in
44 // `base/security/huks/interfaces/inner_api/huks_standard/main/include/hks_type.h`
45 struct IDMParams {
46     uint64_t secureUid;
47     uint64_t enrolledId;
48     uint64_t time;
49     uint32_t authType;
50     uint32_t authMode;
51     uint32_t tokenType = TOKEN_TYPE_LOCAL_AUTH;
52 };
53 
54 namespace Unittest::HksAccessControlPartTest {
55 static const std::string g_inData = "Hks_Authtoken_Test_00000000000000000000000000000000000000000000000000000000000"
56     "000000000000000000000000000000000000000000000000000000000000000000000000000000000"
57     "00000000000000000000000000000000000000000000000000000000000000000000000000_string";
58 
59 static const std::string g_inData_32  = "RSA_32_ttttttttttttttttttttttttt";
60 
61 static const uint32_t IV_SIZE = 16;
62 
63 static const uint32_t AAD_SIZE = 16;
64 
65 static const uint32_t AEAD_SIZE = 16;
66 
67 const uint32_t KEY_PARAMSET_SIZE = 1024;
68 
69 const uint32_t HMAC_COMMON_SIZE = 256;
70 
71 const uint32_t DATA_COMMON_SIZE = 1024;
72 
73 const uint32_t RSA_COMMON_SIZE = 1024;
74 
75 const uint32_t ECDH_COMMON_SIZE = 1024;
76 
77 const uint32_t DERIVE_KEY_SIZE_32 = 32;
78 
79 const uint32_t DERIVE_ITERATION = 1000;
80 
81 const uint32_t DERIVE_COMMON_SIZE = 2048;
82 
83 const uint32_t DSA_COMMON_SIZE = 1024;
84 
85 static uint8_t IV[IV_SIZE] = {0};
86 
87 static uint8_t AAD_FOR_AES_GCM[AAD_SIZE] = {0};
88 
89 static uint8_t AEAD_FOR_AES_GCM[AEAD_SIZE] = {0};
90 
91 static uint8_t g_saltdata[16] = {0};
92 
93 struct TestAccessCaseParams {
94     std::vector<HksParam> genParams;
95     std::vector<HksParam> initParams;
96     HksErrorCode initResult = HksErrorCode::HKS_SUCCESS;
97 };
98 
99 struct TestDsaKeyParams {
100     struct HksBlob *xData;
101     struct HksBlob *yData;
102     struct HksBlob *pData;
103     struct HksBlob *qData;
104     struct HksBlob *gData;
105 };
106 
107 struct HksTestGenAuthTokenParams {
108     struct HksBlob *authChallenge;
109     uint64_t secureUid;
110     uint64_t enrolledId;
111     uint64_t credentialId;
112     uint64_t time;
113     uint32_t authType;
114 };
115 
116 int32_t AddAuthtokenUpdateFinish(struct HksBlob *handle, struct HksParamSet *initParamSet, uint32_t posNum);
117 
118 int32_t CheckAccessCipherTest(const TestAccessCaseParams &testCaseParams,
119     const IDMParams &testIDMParams);
120 
121 int32_t CheckAccessHmacTest(const TestAccessCaseParams &testCaseParams,
122     const IDMParams &testIDMParams);
123 
124 int32_t CheckAccessAgreeTest(const TestAccessCaseParams &testCaseParams, struct HksParamSet *finishParamSet,
125     const IDMParams &testIDMParams);
126 
127 int32_t CheckAccessDeriveTest(const TestAccessCaseParams &testCaseParams, struct HksParamSet *finishParamSet,
128     const IDMParams &testIDMParams);
129 
130 int32_t AuthTokenImportKey(const struct HksBlob *keyAlias, const struct HksParam *params, uint32_t paramCount);
131 
132 int32_t AuthTokenEncrypt(const IDMParams &testIDMParams, struct HksBlob *authChallenge, HksUserAuthToken *authTokenHal);
133 
134 int32_t AuthTokenSign(const IDMParams &testIDMParams,  HksUserAuthToken *authTokenHal,
135     std::vector<uint8_t>& token);
136 
137 int32_t AuthTokenMac(const struct HksBlob *keyAlias, const struct HksBlob *inData, HksUserAuthToken *authTokenHal);
138 
139 int32_t HksBuildAuthtoken(struct HksParamSet **initParamSet, struct HksBlob *authChallenge,
140     const IDMParams &testIDMParams);
141 
142 int32_t HksBuildAuthTokenSecure(struct HksParamSet *paramSet,
143     struct HksTestGenAuthTokenParams *genAuthTokenParams, struct HksParamSet **outParamSet);
144 
145 int32_t ConstructRsaKeyPair(const struct HksBlob *nDataBlob, const struct HksBlob *dDataBlob,
146     const struct HksBlob *eDataBlob, uint32_t keySize, struct HksBlob *outKey);
147 
148 int32_t ConstructEd25519KeyPair(uint32_t keySize, uint32_t alg, struct HksBlob *ed25519PubData,
149     struct HksBlob *ed25519PrivData, struct HksBlob *outKey);
150 
151 int32_t ConstructDsaKeyPair(uint32_t keySize, const struct TestDsaKeyParams *params, struct HksBlob *outKey);
152 
153 int32_t GenParamSetAuthTest(struct HksParamSet **paramOutSet, const struct HksParamSet *genParamSet);
154 }
155 #endif // HKS_THREE_STAGE_TEST_COMMON_H