1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth_test.h"
17
18 #include <gtest/gtest.h>
19
20 #include "securec.h"
21
22 #include "attribute.h"
23 #include "common_impl.h"
24 #include "defines.h"
25 #include "pin_auth.h"
26 #include "pin_auth_hdi.h"
27
28 #include "adaptor_log.h"
29
30 namespace OHOS {
31 namespace UserIam {
32 namespace PinAuth {
33 using namespace testing;
34 using namespace testing::ext;
35 namespace {
36 constexpr uint32_t CONST_SALT_LEN = 32U;
37 constexpr uint32_t CONST_PIN_DATA_LEN = 64U;
38 constexpr uint64_t INVALID_TEMPLATE_ID = 0xFFFFFFFFFFFFFFFF;
39 uint64_t g_antiTemplateId = 0;
40 }
41
SetUpTestCase()42 void PinAuthTest::SetUpTestCase()
43 {
44 }
45
TearDownTestCase()46 void PinAuthTest::TearDownTestCase()
47 {
48 }
49
SetUp()50 void PinAuthTest::SetUp()
51 {
52 }
53
TearDown()54 void PinAuthTest::TearDown()
55 {
56 }
57
58 /**
59 * @tc.name: EnrollPin test
60 * @tc.desc: verify EnrollPin
61 * @tc.type: FUNC
62 * @tc.require: #I64XCB
63 */
64 HWTEST_F(PinAuthTest, EnrollPin_test, TestSize.Level1)
65 {
66 std::vector<uint8_t> resultTlv;
67 std::vector<uint8_t> salt(30, 1);
68 std::vector<uint8_t> pinData(CONST_PIN_DATA_LEN, 1);
69 PinAuth *pinAuth = new (std::nothrow) PinAuth();
70 EXPECT_NE(pinAuth, nullptr);
71 int32_t result = pinAuth->EnrollPin(0, 10010, salt, pinData, resultTlv);
72 EXPECT_EQ(result, INVALID_PARAMETERS);
73
74 std::vector<uint8_t> salt1(CONST_SALT_LEN, 1);
75 result = pinAuth->EnrollPin(0, 10010, salt1, std::vector<uint8_t>{}, resultTlv);
76 EXPECT_EQ(result, INVALID_PARAMETERS);
77 delete pinAuth;
78 }
79
80 /**
81 * @tc.name: AllInOneAuth test
82 * @tc.desc: verify AllInOneAuth
83 * @tc.type: FUNC
84 * @tc.require: #I64XCB
85 */
86 HWTEST_F(PinAuthTest, AllInOneAuth_test, TestSize.Level1)
87 {
88 std::vector<uint8_t> salt;
89 PinAuth *pinAuth = new (std::nothrow) PinAuth();
90 EXPECT_NE(pinAuth, nullptr);
91 std::vector<uint8_t> extraInfo;
92 PinAlgoParam pinAlgoParam = {};
93 int32_t result = pinAuth->AllInOneAuth(0, INVALID_TEMPLATE_ID, extraInfo, pinAlgoParam);
94 EXPECT_EQ(result, INVALID_PARAMETERS);
95
96 std::vector<uint64_t> templateIdList;
97 std::vector<uint8_t> fwkPubKey(32);
98 result = pinAuth->SetAllInOneFwkParam(templateIdList, fwkPubKey);
99 EXPECT_EQ(result, SUCCESS);
100
101 delete pinAuth;
102 }
103
104 /**
105 * @tc.name: AuthPin test
106 * @tc.desc: verify AuthPin
107 * @tc.type: FUNC
108 * @tc.require: #I64XCB
109 */
110 HWTEST_F(PinAuthTest, AuthPin_test, TestSize.Level1)
111 {
112 std::vector<uint8_t> resultTlv;
113 std::vector<uint8_t> pinData(CONST_PIN_DATA_LEN, 1);
114 PinAuth *pinAuth = new (std::nothrow) PinAuth();
115 EXPECT_NE(pinAuth, nullptr);
116 int32_t result = pinAuth->AuthPin(0, 1, std::vector<uint8_t>{}, resultTlv);
117 EXPECT_EQ(result, INVALID_PARAMETERS);
118
119 result = pinAuth->AuthPin(0, INVALID_TEMPLATE_ID, pinData, resultTlv);
120 EXPECT_EQ(result, INVALID_PARAMETERS);
121 delete pinAuth;
122 }
123
124 /**
125 * @tc.name: QueryPinInfo test
126 * @tc.desc: verify QueryPinInfo
127 * @tc.type: FUNC
128 * @tc.require: #I64XCB
129 */
130 HWTEST_F(PinAuthTest, QueryPinInfo_test, TestSize.Level1)
131 {
132 PinAuth *pinAuth = new (std::nothrow) PinAuth();
133 EXPECT_NE(pinAuth, nullptr);
134 PinCredentialInfo pinCredentialInfo = {};
135 int32_t result = pinAuth->QueryPinInfo(0, pinCredentialInfo);
136 EXPECT_EQ(result, GENERAL_ERROR);
137
138 result = pinAuth->QueryPinInfo(INVALID_TEMPLATE_ID, pinCredentialInfo);
139 EXPECT_EQ(result, INVALID_PARAMETERS);
140 delete pinAuth;
141 }
142
143 /**
144 * @tc.name: DeleteTemplate test
145 * @tc.desc: verify DeleteTemplate
146 * @tc.type: FUNC
147 * @tc.require: #I64XCB
148 */
149 HWTEST_F(PinAuthTest, DeleteTemplate_test, TestSize.Level1)
150 {
151 PinAuth *pinAuth = new (std::nothrow) PinAuth();
152 EXPECT_NE(pinAuth, nullptr);
153 int32_t result = pinAuth->DeleteTemplate(0);
154 EXPECT_EQ(result, GENERAL_ERROR);
155
156 result = pinAuth->DeleteTemplate(INVALID_TEMPLATE_ID);
157 EXPECT_EQ(result, GENERAL_ERROR);
158 delete pinAuth;
159 }
160
161 /**
162 * @tc.name: GetExecutorInfo test
163 * @tc.desc: verify GetExecutorInfo
164 * @tc.type: FUNC
165 * @tc.require: #I64XCB
166 */
167 HWTEST_F(PinAuthTest, GetExecutorInfo_test, TestSize.Level1)
168 {
169 PinAuth *pinAuth = new (std::nothrow) PinAuth();
170 EXPECT_NE(pinAuth, nullptr);
171 std::vector<uint8_t> pubKey;
172 uint32_t esl = 0;
173 uint32_t acl = 0;
174 int32_t result = pinAuth->GetExecutorInfo(HDI::PinAuth::HdiExecutorRole::SCHEDULER, pubKey, esl, acl);
175 EXPECT_EQ(result, GENERAL_ERROR);
176 delete pinAuth;
177 }
178
179 /**
180 * @tc.name: SetAllInOneFwkParam test
181 * @tc.desc: verify SetAllInOneFwkParam
182 * @tc.type: FUNC
183 * @tc.require: #I64XCB
184 */
185 HWTEST_F(PinAuthTest, SetAllInOneFwkParam_test, TestSize.Level1)
186 {
187 PinAuth *pinAuth = new (std::nothrow) PinAuth();
188 EXPECT_NE(pinAuth, nullptr);
189 std::vector<uint64_t> templateIdList = {};
190 std::vector<uint8_t> fwkPubKey = {};
191
192 int32_t result = pinAuth->SetAllInOneFwkParam(templateIdList, fwkPubKey);
193 EXPECT_EQ(result, INVALID_PARAMETERS);
194
195 fwkPubKey.resize(32);
196 result = pinAuth->SetAllInOneFwkParam(templateIdList, fwkPubKey);
197 EXPECT_EQ(result, SUCCESS);
198 delete pinAuth;
199 }
200
GetTemplateIdFromTlv(std::vector<uint8_t> resultTlv,uint64_t & templateId)201 static bool GetTemplateIdFromTlv(std::vector<uint8_t> resultTlv, uint64_t &templateId)
202 {
203 bool ret = false;
204 Uint8Array uint8array = {
205 .data = resultTlv.data(),
206 .len = resultTlv.size(),
207 };
208 Attribute *attrbute = CreateAttributeFromSerializedMsg(uint8array);
209 if (attrbute == NULL) {
210 return false;
211 }
212 ResultCode result = GetAttributeUint8Array(attrbute, ATTR_ROOT, &uint8array);
213 if (result != RESULT_SUCCESS) {
214 goto EXIT;
215 }
216 FreeAttribute(&attrbute);
217 attrbute = CreateAttributeFromSerializedMsg(uint8array);
218 if (attrbute == NULL) {
219 goto EXIT;
220 }
221 result = GetAttributeUint8Array(attrbute, ATTR_DATA, &uint8array);
222 if (result != RESULT_SUCCESS) {
223 goto EXIT;
224 }
225 FreeAttribute(&attrbute);
226 attrbute = CreateAttributeFromSerializedMsg(uint8array);
227 if (attrbute == NULL) {
228 goto EXIT;
229 }
230 result = GetAttributeUint64(attrbute, ATTR_TEMPLATE_ID, &templateId);
231 if (result != RESULT_SUCCESS) {
232 goto EXIT;
233 };
234 ret = true;
235
236 EXIT:
237 FreeAttribute(&attrbute);
238 return ret;
239 }
240
241 /**
242 * @tc.name: Pin_Auth_Succ test
243 * @tc.desc: verify enroll auth query and get...
244 * @tc.type: FUNC
245 * @tc.require: #I64XCB
246 */
247 HWTEST_F(PinAuthTest, Pin_Auth_Succ_test, TestSize.Level1)
248 {
249 PinAuth *pinAuth = new (std::nothrow) PinAuth();
250 EXPECT_NE(pinAuth, nullptr);
251 pinAuth->Init();
252
253 KeyPair *keyPair = GenerateEd25519KeyPair();
254 ASSERT_NE(keyPair, nullptr);
255
256 std::vector<uint64_t> templateIdList;
257 std::vector<uint8_t> frameworkPublicKey(keyPair->pubKey->buf, keyPair->pubKey->buf + keyPair->pubKey->contentSize);
258 int32_t result = pinAuth->SetAllInOneFwkParam(templateIdList, frameworkPublicKey);
259 EXPECT_EQ(result, SUCCESS);
260
261 std::vector<uint8_t> resultTlv;
262 std::vector<uint8_t> salt(CONST_SALT_LEN, 1);
263 std::vector<uint8_t> pinData(CONST_PIN_DATA_LEN, 1);
264 result = pinAuth->EnrollPin(0, 10010, salt, pinData, resultTlv);
265 EXPECT_EQ(result, SUCCESS);
266 uint64_t templateId = 0;
267 bool ret = GetTemplateIdFromTlv(resultTlv, templateId);
268 ASSERT_EQ(ret, true);
269
270 result = pinAuth->AuthPin(0, templateId, pinData, resultTlv);
271 EXPECT_EQ(result, SUCCESS);
272
273 uint8_t challenge[32] = {0};
274 Buffer *fwkExtraInfo = GetAuthFwkExtraInfo(0, keyPair, challenge, 32);
275 ASSERT_NE(fwkExtraInfo, nullptr);
276
277 std::vector<uint8_t> authExtraInfo(fwkExtraInfo->buf, fwkExtraInfo->buf + fwkExtraInfo->contentSize);
278 PinAlgoParam pinAlgoParam;
279 result = pinAuth->AllInOneAuth(0, templateId, authExtraInfo, pinAlgoParam);
280 EXPECT_EQ(pinAlgoParam.algoVersion, 0);
281 EXPECT_EQ(result, SUCCESS);
282
283 PinCredentialInfo pinCredentialInfo = {};
284 result = pinAuth->QueryPinInfo(templateId, pinCredentialInfo);
285 EXPECT_EQ(result, SUCCESS);
286 EXPECT_EQ(pinCredentialInfo.subType, 10010);
287 EXPECT_EQ(pinCredentialInfo.remainTimes, 5);
288 EXPECT_EQ(pinCredentialInfo.freezingTime, 0);
289
290 std::vector<uint8_t> pubKey;
291 uint32_t esl = 0;
292 uint32_t acl = 0;
293 result = pinAuth->GetExecutorInfo(HDI::PinAuth::HdiExecutorRole::ALL_IN_ONE, pubKey, esl, acl);
294 EXPECT_EQ(result, SUCCESS);
295 EXPECT_EQ(esl, 2);
296
297 result = pinAuth->DeleteTemplate(templateId);
298 EXPECT_EQ(result, SUCCESS);
299
300 pinAuth->Close();
301 delete pinAuth;
302 DestroyBuffer(fwkExtraInfo);
303 }
304
305 /**
306 * @tc.name: Pin_Auth_AntiBruteInfo1_test test
307 * @tc.desc: The first authentication failed
308 * @tc.type: FUNC
309 * @tc.require: #I64XCB
310 */
311 HWTEST_F(PinAuthTest, Pin_Auth_AntiBruteInfo1_test, TestSize.Level1)
312 {
313 PinAuth *pinAuth = new (std::nothrow) PinAuth();
314 EXPECT_NE(pinAuth, nullptr);
315 pinAuth->Init();
316 std::vector<uint8_t> resultTlv;
317 std::vector<uint8_t> salt(CONST_SALT_LEN, 1);
318 std::vector<uint8_t> pinData(CONST_PIN_DATA_LEN, 1);
319 int32_t result = pinAuth->EnrollPin(0, 10010, salt, pinData, resultTlv);
320 EXPECT_EQ(result, SUCCESS);
321 bool ret = GetTemplateIdFromTlv(resultTlv, g_antiTemplateId);
322 ASSERT_EQ(ret, true);
323
324 /* The first auth failed */
325 std::vector<uint8_t> pinErrorData(CONST_PIN_DATA_LEN, 2);
326 result = pinAuth->AuthPin(0, g_antiTemplateId, pinErrorData, resultTlv);
327 EXPECT_EQ(result, FAIL);
328
329 PinCredentialInfo pinCredentialInfo = {};
330 result = pinAuth->QueryPinInfo(g_antiTemplateId, pinCredentialInfo);
331 EXPECT_EQ(result, SUCCESS);
332 EXPECT_EQ(pinCredentialInfo.subType, 10010);
333 EXPECT_EQ(pinCredentialInfo.remainTimes, 4);
334 EXPECT_EQ(pinCredentialInfo.freezingTime, 0);
335
336 delete pinAuth;
337 }
338
339 /**
340 * @tc.name: Pin_Auth_AntiBruteInfo2_test test
341 * @tc.desc: Two consecutive authentication failed
342 * @tc.type: FUNC
343 * @tc.require: #I64XCB
344 */
345 HWTEST_F(PinAuthTest, Pin_Auth_AntiBruteInfo2_test, TestSize.Level1)
346 {
347 PinAuth *pinAuth = new (std::nothrow) PinAuth();
348 EXPECT_NE(pinAuth, nullptr);
349
350 /* The second auth failed */
351 std::vector<uint8_t> resultTlv;
352 std::vector<uint8_t> pinErrorData(CONST_PIN_DATA_LEN, 2);
353 int32_t result = pinAuth->AuthPin(0, g_antiTemplateId, pinErrorData, resultTlv);
354 EXPECT_EQ(result, FAIL);
355
356 PinCredentialInfo pinCredentialInfo = {};
357 result = pinAuth->QueryPinInfo(g_antiTemplateId, pinCredentialInfo);
358 EXPECT_EQ(result, SUCCESS);
359 EXPECT_EQ(pinCredentialInfo.subType, 10010);
360 EXPECT_EQ(pinCredentialInfo.remainTimes, 3);
361 EXPECT_EQ(pinCredentialInfo.freezingTime, 0);
362
363 delete pinAuth;
364 }
365
366 /**
367 * @tc.name: Pin_Auth_AntiBruteInfo3_test test
368 * @tc.desc: Three consecutive authentication failed
369 * @tc.type: FUNC
370 * @tc.require: #I64XCB
371 */
372 HWTEST_F(PinAuthTest, Pin_Auth_AntiBruteInfo3_test, TestSize.Level1)
373 {
374 PinAuth *pinAuth = new (std::nothrow) PinAuth();
375 EXPECT_NE(pinAuth, nullptr);
376
377 /* The third auth failed */
378 std::vector<uint8_t> resultTlv;
379 std::vector<uint8_t> pinErrorData(CONST_PIN_DATA_LEN, 2);
380 int32_t result = pinAuth->AuthPin(0, g_antiTemplateId, pinErrorData, resultTlv);
381 EXPECT_EQ(result, FAIL);
382
383 PinCredentialInfo pinCredentialInfo = {};
384 result = pinAuth->QueryPinInfo(g_antiTemplateId, pinCredentialInfo);
385 EXPECT_EQ(result, SUCCESS);
386 EXPECT_EQ(pinCredentialInfo.subType, 10010);
387 EXPECT_EQ(pinCredentialInfo.remainTimes, 2);
388 EXPECT_EQ(pinCredentialInfo.freezingTime, 0);
389
390 delete pinAuth;
391 }
392
393 /**
394 * @tc.name: Pin_Auth_AntiBruteInfo4_test test
395 * @tc.desc: Four consecutive authentication failed
396 * @tc.type: FUNC
397 * @tc.require: #I64XCB
398 */
399 HWTEST_F(PinAuthTest, Pin_Auth_AntiBruteInfo4_test, TestSize.Level1)
400 {
401 PinAuth *pinAuth = new (std::nothrow) PinAuth();
402 EXPECT_NE(pinAuth, nullptr);
403
404 /* The fourth auth failed */
405 std::vector<uint8_t> resultTlv;
406 std::vector<uint8_t> pinErrorData(CONST_PIN_DATA_LEN, 2);
407 int32_t result = pinAuth->AuthPin(0, g_antiTemplateId, pinErrorData, resultTlv);
408 EXPECT_EQ(result, FAIL);
409
410 PinCredentialInfo pinCredentialInfo = {};
411 result = pinAuth->QueryPinInfo(g_antiTemplateId, pinCredentialInfo);
412 EXPECT_EQ(result, SUCCESS);
413 EXPECT_EQ(pinCredentialInfo.subType, 10010);
414 EXPECT_EQ(pinCredentialInfo.remainTimes, 1);
415 EXPECT_EQ(pinCredentialInfo.freezingTime, 0);
416
417 delete pinAuth;
418 }
419
420 /**
421 * @tc.name: Pin_Auth_AntiBruteInfo5_test test
422 * @tc.desc: Five consecutive authentication failed
423 * @tc.type: FUNC
424 * @tc.require: #I64XCB
425 */
426 HWTEST_F(PinAuthTest, Pin_Auth_AntiBruteInfo5_test, TestSize.Level1)
427 {
428 PinAuth *pinAuth = new (std::nothrow) PinAuth();
429 EXPECT_NE(pinAuth, nullptr);
430
431 /* The fifth auth failed */
432 std::vector<uint8_t> resultTlv;
433 std::vector<uint8_t> pinErrorData(CONST_PIN_DATA_LEN, 2);
434 int32_t result = pinAuth->AuthPin(0, g_antiTemplateId, pinErrorData, resultTlv);
435 EXPECT_EQ(result, FAIL);
436
437 PinCredentialInfo pinCredentialInfo = {};
438 result = pinAuth->QueryPinInfo(g_antiTemplateId, pinCredentialInfo);
439 EXPECT_EQ(result, SUCCESS);
440 EXPECT_EQ(pinCredentialInfo.subType, 10010);
441 EXPECT_EQ(pinCredentialInfo.remainTimes, 0);
442 EXPECT_LE(pinCredentialInfo.freezingTime, 60000);
443 EXPECT_GE(pinCredentialInfo.freezingTime, 58000);
444
445 pinAuth->Close();
446 delete pinAuth;
447 }
448
449 } // namespace PinAuth
450 } // namespace UserIam
451 } // namespace OHOS
452