1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_test_adapt_for_de.h"
17 #include "hks_test_aes_c.h"
18
19 #define HKS_AES_256 \
20 { .tag = HKS_TAG_ALGORITHM, \
21 .uint32Param = HKS_ALG_AES }, \
22 { .tag = HKS_TAG_KEY_SIZE, \
23 .uint32Param = TEST_AES_256 }, \
24 { .tag = HKS_TAG_PURPOSE, \
25 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, \
26 { .tag = HKS_TAG_BLOCK_MODE, \
27 .uint32Param = HKS_MODE_GCM }, \
28 { .tag = HKS_TAG_PADDING, \
29 .uint32Param = HKS_PADDING_NONE }, \
30 { .tag = HKS_TAG_KEY_GENERATE_TYPE, \
31 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE }, \
32 { .tag = HKS_TAG_AGREE_PRIVATE_KEY_ALIAS, \
33 .blob = *baseKey },
34
ConstructParamSetEncryptDecryptAesPre(uint32_t mode,uint32_t padding,bool isEncrypt,struct HksParamSet ** paramSet)35 int32_t ConstructParamSetEncryptDecryptAesPre(uint32_t mode, uint32_t padding, bool isEncrypt,
36 struct HksParamSet **paramSet)
37 {
38 int32_t ret = HksInitParamSet(paramSet);
39 if (ret != 0) {
40 HKS_TEST_LOG_E("HksAddParamInit failed!\n");
41 return ret;
42 }
43
44 do {
45 struct HksParam algParam = {0};
46 algParam.tag = HKS_TAG_ALGORITHM;
47 algParam.uint32Param = HKS_ALG_AES;
48 ret = HksAddParams(*paramSet, (const struct HksParam *)&algParam, 1);
49 if (ret != 0) {
50 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
51 break;
52 }
53
54 struct HksParam modeParam = {0};
55 modeParam.tag = HKS_TAG_BLOCK_MODE;
56 modeParam.uint32Param = mode;
57 ret = HksAddParams(*paramSet, (const struct HksParam *)&modeParam, 1);
58 if (ret != 0) {
59 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
60 break;
61 }
62
63 struct HksParam padParam = {0};
64 padParam.tag = HKS_TAG_PADDING;
65 padParam.uint32Param = padding;
66 ret = HksAddParams(*paramSet, (const struct HksParam *)&padParam, 1);
67 if (ret != 0) {
68 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
69 break;
70 }
71
72 struct HksParam purposeParam = {0};
73 purposeParam.tag = HKS_TAG_PURPOSE;
74 if (isEncrypt) {
75 purposeParam.uint32Param = HKS_KEY_PURPOSE_ENCRYPT;
76 } else {
77 purposeParam.uint32Param = HKS_KEY_PURPOSE_DECRYPT;
78 }
79 ret = HksAddParams(*paramSet, (const struct HksParam *)&purposeParam, 1);
80 if (ret != 0) {
81 HKS_TEST_LOG_E("HksAddParam algParam failed!\n");
82 break;
83 }
84 } while (0);
85 return ret;
86 }
87
ConstructParamSetEncryptDecryptAesPost(uint32_t mode,struct HksParamSet ** paramSet)88 int32_t ConstructParamSetEncryptDecryptAesPost(uint32_t mode, struct HksParamSet **paramSet)
89 {
90 int32_t ret;
91 do {
92 struct HksParam aadParam = {0};
93 aadParam.tag = HKS_TAG_ASSOCIATED_DATA;
94 aadParam.blob.data = g_aad;
95 aadParam.blob.size = sizeof(g_aad);
96 ret = HksAddParams(*paramSet, (const struct HksParam *)&aadParam, 1);
97 if (ret != 0) {
98 HKS_TEST_LOG_E("HksAddParam aadParam failed!\n");
99 break;
100 }
101
102 if (mode == HKS_MODE_CBC) {
103 struct HksParam ivParam = {0};
104 ivParam.tag = HKS_TAG_IV;
105 ivParam.blob.data = g_iv;
106 ivParam.blob.size = sizeof(g_iv);
107 ret = HksAddParams(*paramSet, (const struct HksParam *)&ivParam, 1);
108 if (ret != 0) {
109 HKS_TEST_LOG_E("HksAddParam ivParam failed!\n");
110 break;
111 }
112 } else {
113 struct HksParam nonceParam = {0};
114 nonceParam.tag = HKS_TAG_NONCE;
115 nonceParam.blob.data = g_nonce;
116 nonceParam.blob.size = sizeof(g_nonce);
117 ret = HksAddParams(*paramSet, (const struct HksParam *)&nonceParam, 1);
118 if (ret != 0) {
119 HKS_TEST_LOG_E("HksAddParam nonceParam failed!\n");
120 break;
121 }
122 }
123
124 ret = HksBuildParamSet(paramSet);
125 if (ret != 0) {
126 HKS_TEST_LOG_E("HksAddParamFinal failed!\n");
127 break;
128 }
129 } while (0);
130
131 return ret;
132 }
133
ConstructParamSetEncryptDecryptAes(uint32_t mode,uint32_t padding,bool isEncrypt,struct HksParamSet ** paramSet)134 int32_t ConstructParamSetEncryptDecryptAes(uint32_t mode, uint32_t padding, bool isEncrypt,
135 struct HksParamSet **paramSet)
136 {
137 int32_t ret = ConstructParamSetEncryptDecryptAesPre(mode, padding, isEncrypt, paramSet);
138 HKS_TEST_ASSERT(ret == 0);
139 ret = ConstructParamSetEncryptDecryptAesPost(mode, paramSet);
140 HKS_TEST_ASSERT(ret == 0);
141 return ret;
142 }
143
144 #define TEST_KEY_AUTH_ID "This is a test auth id for generate ed25519 key, keyauthIdvalid!"
GenerateBaseKey(const struct HksBlob * alias)145 void GenerateBaseKey(const struct HksBlob *alias)
146 {
147 HKS_TEST_LOG_I("Test_Aes_gen_by_derive BASEKEY!\n");
148 struct HksParamSet *paramSet = NULL;
149 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
150
151 struct HksBlob authId = { (uint32_t)strlen(TEST_KEY_AUTH_ID), (uint8_t *)TEST_KEY_AUTH_ID };
152
153 struct HksParam tmpParams[] = {
154 { .tag = HKS_TAG_ALGORITHM,
155 .uint32Param = HKS_ALG_ED25519 },
156 { .tag = HKS_TAG_KEY_SIZE,
157 .uint32Param = TEST_AES_256 },
158 { .tag = HKS_TAG_PURPOSE,
159 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
160 { .tag = HKS_TAG_DIGEST,
161 .uint32Param = HKS_DIGEST_SHA512 },
162 { .tag = HKS_TAG_PADDING,
163 .uint32Param = HKS_PADDING_NONE },
164 { .tag = HKS_TAG_KEY_AUTH_ID,
165 .blob = authId },
166 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
167 .uint32Param = HKS_KEY_GENERATE_TYPE_AGREE }, /* no use */
168 };
169
170 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
171 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
172
173 HKS_TEST_ASSERT(HksGenerateKeyForDe(alias, paramSet, NULL) == 0);
174 HksFreeParamSet(¶mSet);
175 }
176
177 #define TEST_AES_KEY_BASE_NAME_1 "test_aes_key_by_derive_base_name_ed25519_1"
178 #define TEST_AES_KEY_BASE_NAME_2 "test_aes_key_by_derive_base_name_ed25519_2"
179 #define TEST_AES_KEY_BASE_NAME_1_PUBKEY "test_aes_key_by_derive_base_name_ed25519_1_pubkey"
180 #define TEST_AES_KEY_BASE_NAME_2_PUBKEY "test_aes_key_by_derive_base_name_ed25519_2_pubkey"
181
182 #define TEST_AES_KEY_AGREE_NAME1 "test_aes_key_by_agree_name_keyAlias1"
183 #define TEST_AES_KEY_AGREE_NAME2 "test_aes_key_by_agree_name_keyAlias2"
184
PlainPubKey(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)185 void PlainPubKey(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
186 struct HksParamSet *paramSet)
187 {
188 struct HksParam tmpParams[] = {
189 HKS_AES_256
190 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
191 .blob = *peerPubKey },
192 { .tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
193 .boolParam = false },
194 { .tag = HKS_TAG_AGREE_ALG,
195 .uint32Param = HKS_ALG_ED25519 },
196 };
197
198 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
199 }
200
SetKeyAliasTrue(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)201 void SetKeyAliasTrue(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
202 struct HksParamSet *paramSet)
203 {
204 struct HksParam tmpParams[] = {
205 HKS_AES_256
206 { .tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
207 .boolParam = true },
208 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
209 .blob = *peerPubKey },
210 { .tag = HKS_TAG_AGREE_ALG,
211 .uint32Param = HKS_ALG_ED25519 },
212 };
213
214 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
215 }
216
SetKeyAliasWrong(const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,struct HksParamSet * paramSet)217 void SetKeyAliasWrong(const struct HksBlob *baseKey, const struct HksBlob *peerPubKey,
218 struct HksParamSet *paramSet)
219 {
220 struct HksParam tmpParams[] = {
221 HKS_AES_256
222 { .tag = HKS_TAG_AGREE_PUBLIC_KEY,
223 .blob = *peerPubKey },
224 { .tag = HKS_TAG_AGREE_ALG,
225 .uint32Param = HKS_ALG_ED25519 },
226 };
227
228 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
229 }
230
GenerateAesAgreeKey(const struct HksBlob * alias,const struct HksBlob * baseKey,const struct HksBlob * peerPubKey,bool isPlainPubKey,bool isSetKeyAliasTrue)231 void GenerateAesAgreeKey(const struct HksBlob *alias, const struct HksBlob *baseKey,
232 const struct HksBlob *peerPubKey, bool isPlainPubKey, bool isSetKeyAliasTrue)
233 {
234 HKS_TEST_LOG_I("Test_Aes_gen_by_agree key!\n");
235 struct HksParamSet *paramSet = NULL;
236 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
237
238 if (isPlainPubKey) {
239 PlainPubKey(baseKey, peerPubKey, paramSet);
240 } else {
241 if (isSetKeyAliasTrue) {
242 SetKeyAliasTrue(baseKey, peerPubKey, paramSet);
243 } else {
244 SetKeyAliasWrong(baseKey, peerPubKey, paramSet);
245 }
246 }
247 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
248 HKS_TEST_ASSERT(HksGenerateKeyForDe(alias, paramSet, NULL) == 0);
249
250 HksFreeParamSet(¶mSet);
251 }
252
ExportPubKey(const struct HksBlob * alias,struct HksBlob * pubKey)253 void ExportPubKey(const struct HksBlob *alias, struct HksBlob *pubKey)
254 {
255 HKS_TEST_ASSERT(HksExportPublicKeyForDe(alias, NULL, pubKey) == 0);
256 }
257
ImportPubKey(const struct HksBlob * alias,const struct HksBlob * pubKey)258 void ImportPubKey(const struct HksBlob *alias, const struct HksBlob *pubKey)
259 {
260 HKS_TEST_LOG_I("Test_Import pubKey!\n");
261 struct HksParamSet *paramSet = NULL;
262 HKS_TEST_ASSERT(HksInitParamSet(¶mSet) == 0);
263
264 struct HksBlob authId = { (uint32_t)strlen(TEST_KEY_AUTH_ID), (uint8_t *)TEST_KEY_AUTH_ID };
265
266 struct HksParam tmpParams[] = {
267 { .tag = HKS_TAG_ALGORITHM,
268 .uint32Param = HKS_ALG_ED25519 },
269 { .tag = HKS_TAG_KEY_SIZE,
270 .uint32Param = TEST_AES_256 },
271 { .tag = HKS_TAG_PURPOSE,
272 .uint32Param = HKS_KEY_PURPOSE_VERIFY },
273 { .tag = HKS_TAG_DIGEST,
274 .uint32Param = HKS_DIGEST_SHA512 },
275 { .tag = HKS_TAG_PADDING,
276 .uint32Param = HKS_PADDING_NONE },
277 { .tag = HKS_TAG_KEY_AUTH_ID,
278 .blob = authId },
279 { .tag = HKS_TAG_KEY_GENERATE_TYPE,
280 .uint32Param = HKS_KEY_GENERATE_TYPE_DEFAULT }, /* no use */
281 };
282
283 HKS_TEST_ASSERT(HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) == 0);
284 HKS_TEST_ASSERT(HksBuildParamSet(¶mSet) == 0);
285 HKS_TEST_ASSERT(HksImportKeyForDe(alias, paramSet, pubKey) == 0);
286
287 HksFreeParamSet(¶mSet);
288 }
289
290 #define TEST_AES_KEY_BASE_NAME "test_aes_key_by_derive_base_name_ed25519"
291 #define TEST_AES_KEY_DERIVE_NAME1 "test_aes_key_by_derive_name_keyAlias1"
292 #define TEST_AES_KEY_DERIVE_NAME2 "test_aes_key_by_derive_name_keyAlias2"
TestAes256ByAgree()293 int32_t TestAes256ByAgree()
294 {
295 /* generate ed25519 key */
296 struct HksBlob baseKeyAlias1 = { (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
297 GenerateBaseKey(&baseKeyAlias1);
298
299 struct HksBlob baseKeyAlias2 = { (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
300 GenerateBaseKey(&baseKeyAlias2);
301
302 uint8_t pubKey1[TEST_AES_128] = {0};
303 uint8_t pubKey2[TEST_AES_128] = {0};
304 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
305 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
306 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
307 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
308
309 struct HksBlob pubKeyAlias2 = {
310 (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_2_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_2_PUBKEY
311 };
312 struct HksBlob pubKeyAlias1 = {
313 (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_1_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_1_PUBKEY
314 };
315 ImportPubKey(&pubKeyAlias1, &pubKeyBlob1);
316 ImportPubKey(&pubKeyAlias2, &pubKeyBlob2);
317
318 /* generate aes key 1 */
319 struct HksBlob aesKeyAlias1 = { (uint32_t)strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
320 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyAlias2, false, false);
321
322 /* generate aes key 2 */
323 struct HksBlob aesKeyAlias2 = { (uint32_t)strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
324 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyAlias1, false, false);
325
326 /* encrypt by aes key 1 */
327 struct HksParamSet *paramSetTest = NULL;
328 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSetTest);
329 HKS_TEST_ASSERT(ret == 0);
330 struct HksBlob plainText1 = { (uint32_t)strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
331 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
332 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
333 HKS_TEST_ASSERT(HksEncryptForDe(&aesKeyAlias1, paramSetTest, &plainText1, &cipherText1) == 0);
334 g_bufferSize = cipherText1.size;
335
336 HksFreeParamSet(¶mSetTest);
337
338 /* decrypt by aes key 2 */
339 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSetTest);
340 HKS_TEST_ASSERT(ret == 0);
341 struct HksBlob cipherText = { g_bufferSize, g_buffer };
342 uint8_t tmp[TEST_AES_256] = {0};
343 struct HksBlob plainText = { TEST_AES_256, tmp };
344 ret = HksDecryptForDe(&aesKeyAlias2, paramSetTest, &cipherText, &plainText);
345 HKS_TEST_ASSERT(ret == 0);
346 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
347 HksFreeParamSet(¶mSetTest);
348
349 HksDeleteKeyForDe(&baseKeyAlias1, NULL);
350 HksDeleteKeyForDe(&baseKeyAlias2, NULL);
351 HksDeleteKeyForDe(&pubKeyAlias1, NULL);
352 HksDeleteKeyForDe(&pubKeyAlias2, NULL);
353 HksDeleteKeyForDe(&aesKeyAlias1, NULL);
354 HksDeleteKeyForDe(&aesKeyAlias2, NULL);
355 HKS_TEST_LOG_I("end");
356 return ret;
357 }
358
TestAes256ByAgree1()359 int32_t TestAes256ByAgree1()
360 {
361 /* generate ed25519 key */
362 struct HksBlob baseKeyAlias1 = { (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
363 GenerateBaseKey(&baseKeyAlias1);
364
365 struct HksBlob baseKeyAlias2 = { (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
366 GenerateBaseKey(&baseKeyAlias2);
367
368 uint8_t pubKey1[TEST_AES_128] = {0};
369 uint8_t pubKey2[TEST_AES_128] = {0};
370 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
371 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
372 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
373 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
374
375 struct HksBlob pubKeyAlias1 = {
376 (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_1_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_1_PUBKEY
377 };
378 struct HksBlob pubKeyAlias2 = {
379 (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_2_PUBKEY), (uint8_t *)TEST_AES_KEY_BASE_NAME_2_PUBKEY
380 };
381 ImportPubKey(&pubKeyAlias1, &pubKeyBlob1);
382 ImportPubKey(&pubKeyAlias2, &pubKeyBlob2);
383
384 /* generate aes key 1 */
385 struct HksBlob aesKeyAlias1 = { (uint32_t)strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
386 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyAlias2, false, true);
387
388 /* generate aes key 2 */
389 struct HksBlob aesKeyAlias2 = { (uint32_t)strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
390 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyAlias1, false, true);
391
392 /* encrypt by aes key 1 */
393 struct HksParamSet *paramSetTest01 = NULL;
394 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSetTest01);
395 HKS_TEST_ASSERT(ret == 0);
396 struct HksBlob plainText1 = { (uint32_t)strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
397 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
398 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
399 HKS_TEST_ASSERT(HksEncryptForDe(&aesKeyAlias1, paramSetTest01, &plainText1, &cipherText1) == 0);
400 g_bufferSize = cipherText1.size;
401
402 HksFreeParamSet(¶mSetTest01);
403
404 /* decrypt by aes key 2 */
405 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSetTest01);
406 HKS_TEST_ASSERT(ret == 0);
407 struct HksBlob cipherText = { g_bufferSize, g_buffer };
408 uint8_t tmp[TEST_AES_256] = {0};
409 struct HksBlob plainText = { TEST_AES_256, tmp };
410 ret = HksDecryptForDe(&aesKeyAlias2, paramSetTest01, &cipherText, &plainText);
411 HKS_TEST_ASSERT(ret == 0);
412 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
413 HksFreeParamSet(¶mSetTest01);
414
415 HksDeleteKeyForDe(&baseKeyAlias1, NULL);
416 HksDeleteKeyForDe(&baseKeyAlias2, NULL);
417 HksDeleteKeyForDe(&pubKeyAlias1, NULL);
418 HksDeleteKeyForDe(&pubKeyAlias2, NULL);
419 HksDeleteKeyForDe(&aesKeyAlias1, NULL);
420 HksDeleteKeyForDe(&aesKeyAlias2, NULL);
421 HKS_TEST_LOG_I("end");
422 return ret;
423 }
424
TestAes256ByAgree2()425 int32_t TestAes256ByAgree2()
426 {
427 HKS_TEST_LOG_I("enter");
428 /* generate ed25519 key */
429 struct HksBlob baseKeyAlias1 = { (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_1), (uint8_t *)TEST_AES_KEY_BASE_NAME_1 };
430 GenerateBaseKey(&baseKeyAlias1);
431
432 struct HksBlob baseKeyAlias2 = { (uint32_t)strlen(TEST_AES_KEY_BASE_NAME_2), (uint8_t *)TEST_AES_KEY_BASE_NAME_2 };
433 GenerateBaseKey(&baseKeyAlias2);
434
435 uint8_t pubKey1[TEST_AES_128] = {0};
436 uint8_t pubKey2[TEST_AES_128] = {0};
437 struct HksBlob pubKeyBlob1 = { TEST_AES_128, pubKey1 };
438 struct HksBlob pubKeyBlob2 = { TEST_AES_128, pubKey2 };
439 ExportPubKey(&baseKeyAlias1, &pubKeyBlob1);
440 ExportPubKey(&baseKeyAlias2, &pubKeyBlob2);
441
442 /* generate aes key 1 */
443 struct HksBlob aesKeyAlias1 = { (uint32_t)strlen(TEST_AES_KEY_AGREE_NAME1), (uint8_t *)TEST_AES_KEY_AGREE_NAME1 };
444 GenerateAesAgreeKey(&aesKeyAlias1, &baseKeyAlias1, &pubKeyBlob2, true, false);
445
446 /* generate aes key 2 */
447 struct HksBlob aesKeyAlias2 = { (uint32_t)strlen(TEST_AES_KEY_DERIVE_NAME2), (uint8_t *)TEST_AES_KEY_DERIVE_NAME2 };
448 GenerateAesAgreeKey(&aesKeyAlias2, &baseKeyAlias2, &pubKeyBlob1, true, false);
449
450 /* encrypt by aes key 1 */
451 struct HksParamSet *paramSet = NULL;
452 int32_t ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, true, ¶mSet);
453 HKS_TEST_ASSERT(ret == 0);
454 struct HksBlob plainText1 = { (uint32_t)strlen(TEST_PLAIN_TEST) + 1, (uint8_t*)TEST_PLAIN_TEST };
455 struct HksBlob cipherText1 = { TEST_AES_256, g_buffer };
456 (void)memset_s(cipherText1.data, cipherText1.size, 0, cipherText1.size);
457 HKS_TEST_ASSERT(HksEncryptForDe(&aesKeyAlias1, paramSet, &plainText1, &cipherText1) == 0);
458 g_bufferSize = cipherText1.size;
459
460 HksFreeParamSet(¶mSet);
461
462 /* decrypt by aes key 2 */
463 ret = ConstructParamSetEncryptDecryptAes(HKS_MODE_GCM, HKS_PADDING_NONE, false, ¶mSet);
464 HKS_TEST_ASSERT(ret == 0);
465 struct HksBlob cipherText = { g_bufferSize, g_buffer };
466 uint8_t tmp[TEST_AES_256] = {0};
467 struct HksBlob plainText = { TEST_AES_256, tmp };
468 ret = HksDecryptForDe(&aesKeyAlias2, paramSet, &cipherText, &plainText);
469 HKS_TEST_ASSERT(ret == 0);
470 HKS_TEST_LOG_I("ConstructParamSetEncryptDecryptAes plainText: %s", plainText.data);
471 HksFreeParamSet(¶mSet);
472
473 HksDeleteKeyForDe(&baseKeyAlias1, NULL);
474 HksDeleteKeyForDe(&baseKeyAlias2, NULL);
475 HksDeleteKeyForDe(&aesKeyAlias1, NULL);
476 HksDeleteKeyForDe(&aesKeyAlias2, NULL);
477 HKS_TEST_LOG_I("end");
478 return ret;
479 }
480