1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_client_service_test.h"
17
18 #include <gtest/gtest.h>
19 #include <cstring>
20
21 #include "file_ex.h"
22 #include "hks_api.h"
23 #include "hks_attest_key_test_common.h"
24 #include "hks_client_service.h"
25 #include "hks_log.h"
26 #include "hks_mem.h"
27 #include "hks_param.h"
28 #include "hks_session_manager.h"
29 #include "hks_type_inner.h"
30
31 #include "hks_test_modify_old_key.h"
32
33 #include "base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp"
34 #include "base/security/huks/services/huks_standard/huks_service/main/core/src/hks_client_service.c"
35
36 using namespace testing::ext;
37 using namespace Unittest::AttestKey;
38 namespace Unittest::HksClientServiceTest {
39 class HksClientServiceTest : public testing::Test {
40 public:
41 static void SetUpTestCase(void);
42
43 static void TearDownTestCase(void);
44
45 void SetUp();
46
47 void TearDown();
48 };
49
SetUpTestCase(void)50 void HksClientServiceTest::SetUpTestCase(void)
51 {
52 }
53
TearDownTestCase(void)54 void HksClientServiceTest::TearDownTestCase(void)
55 {
56 }
57
SetUp()58 void HksClientServiceTest::SetUp()
59 {
60 HksServiceInitialize();
61 }
62
TearDown()63 void HksClientServiceTest::TearDown()
64 {
65 }
66
GenerateParamSet(struct HksParamSet ** paramSet,const struct HksParam tmpParams[],uint32_t paramCount)67 static int32_t GenerateParamSet(struct HksParamSet **paramSet, const struct HksParam tmpParams[], uint32_t paramCount)
68 {
69 int32_t ret = HksInitParamSet(paramSet);
70 if (ret != HKS_SUCCESS) {
71 HKS_LOG_E("HksInitParamSet failed");
72 return ret;
73 }
74
75 if (tmpParams != NULL) {
76 ret = HksAddParams(*paramSet, tmpParams, paramCount);
77 if (ret != HKS_SUCCESS) {
78 HKS_LOG_E("HksAddParams failed");
79 HksFreeParamSet(paramSet);
80 return ret;
81 }
82 }
83
84 ret = HksBuildParamSet(paramSet);
85 if (ret != HKS_SUCCESS) {
86 HKS_LOG_E("HksBuildParamSet failed");
87 HksFreeParamSet(paramSet);
88 return ret;
89 }
90 return ret;
91 }
92
ConstructNewParamSet(const struct HksParamSet * paramSet,struct HksParamSet ** newParamSet)93 static int32_t ConstructNewParamSet(const struct HksParamSet *paramSet, struct HksParamSet **newParamSet)
94 {
95 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
96 if (ret != HKS_SUCCESS) {
97 HKS_LOG_E("check paramSet fail");
98 return ret;
99 }
100 ret = HksInitParamSet(newParamSet);
101 if (ret != HKS_SUCCESS) {
102 HKS_LOG_E("init paramSet fail");
103 return ret;
104 }
105 do {
106 ret = HksAddParams(*newParamSet, paramSet->params, paramSet->paramsCnt);
107 if (ret != HKS_SUCCESS) {
108 HKS_LOG_E("copy params fail");
109 break;
110 }
111 struct HksParam storageLevel = {
112 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
113 .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE
114 };
115 ret = HksAddParams(*newParamSet, &storageLevel, 1);
116 if (ret != HKS_SUCCESS) {
117 HKS_LOG_E("add param attestMode fail");
118 break;
119 }
120 ret = HksBuildParamSet(newParamSet);
121 if (ret != HKS_SUCCESS) {
122 HKS_LOG_E("build paramSet fail");
123 break;
124 }
125 return HKS_SUCCESS;
126 } while (false);
127 HksFreeParamSet(newParamSet);
128 return ret;
129 }
130
HksServiceGenerateKeyForDe(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * keyOut)131 static int32_t HksServiceGenerateKeyForDe(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
132 const struct HksParamSet *paramSet, struct HksBlob *keyOut)
133 {
134 int32_t ret;
135 struct HksParamSet *newParamSet = NULL;
136 if (paramSet != NULL) {
137 ret = ConstructNewParamSet(paramSet, &newParamSet);
138 } else {
139 struct HksParam tmpParams[] = {
140 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
141 };
142 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
143 }
144 if (ret != HKS_SUCCESS) {
145 HKS_LOG_E("construct new paramSet fail");
146 return ret;
147 }
148 ret = HksServiceGenerateKey(processInfo, keyAlias, newParamSet, keyOut);
149 HksFreeParamSet(&newParamSet);
150 return ret;
151 }
152
HksServiceDeleteKeyForDe(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)153 static int32_t HksServiceDeleteKeyForDe(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
154 const struct HksParamSet *paramSet)
155 {
156 int32_t ret;
157 struct HksParamSet *newParamSet = NULL;
158 if (paramSet != NULL) {
159 ret = ConstructNewParamSet(paramSet, &newParamSet);
160 } else {
161 struct HksParam tmpParams[] = {
162 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
163 };
164 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
165 }
166 if (ret != HKS_SUCCESS) {
167 HKS_LOG_E("construct new paramSet fail");
168 return ret;
169 }
170 ret = HksServiceDeleteKey(processInfo, keyAlias, newParamSet);
171 HksFreeParamSet(&newParamSet);
172 return ret;
173 }
174
HksServiceKeyExistForDe(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)175 static int32_t HksServiceKeyExistForDe(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
176 const struct HksParamSet *paramSet)
177 {
178 int32_t ret;
179 struct HksParamSet *newParamSet = NULL;
180 if (paramSet != NULL) {
181 ret = ConstructNewParamSet(paramSet, &newParamSet);
182 } else {
183 struct HksParam tmpParams[] = {
184 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
185 };
186 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
187 }
188 if (ret != HKS_SUCCESS) {
189 HKS_LOG_E("construct new paramSet fail");
190 return ret;
191 }
192 ret = HksServiceKeyExist(processInfo, keyAlias, newParamSet);
193 HksFreeParamSet(&newParamSet);
194 return ret;
195 }
196
HksServiceAttestKeyForDe(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * certChain,const uint8_t * remoteObject)197 static int32_t HksServiceAttestKeyForDe(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
198 const struct HksParamSet *paramSet, struct HksBlob *certChain, const uint8_t *remoteObject)
199 {
200 int32_t ret;
201 struct HksParamSet *newParamSet = NULL;
202 if (paramSet != NULL) {
203 ret = ConstructNewParamSet(paramSet, &newParamSet);
204 } else {
205 struct HksParam tmpParams[] = {
206 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
207 };
208 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
209 }
210 if (ret != HKS_SUCCESS) {
211 HKS_LOG_E("construct new paramSet fail");
212 return ret;
213 }
214 ret = HksServiceAttestKey(processInfo, keyAlias, newParamSet, certChain, remoteObject);
215 HksFreeParamSet(&newParamSet);
216 return ret;
217 }
218
HksServiceGetKeyParamSetForDe(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksParamSet * paramSetOut)219 static int32_t HksServiceGetKeyParamSetForDe(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
220 const struct HksParamSet *paramSet, struct HksParamSet *paramSetOut)
221 {
222 int32_t ret;
223 struct HksParamSet *newParamSet = NULL;
224 if (paramSet != NULL) {
225 ret = ConstructNewParamSet(paramSet, &newParamSet);
226 } else {
227 struct HksParam tmpParams[] = {
228 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
229 };
230 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
231 }
232 if (ret != HKS_SUCCESS) {
233 HKS_LOG_E("construct new paramSet fail");
234 return ret;
235 }
236 ret = HksServiceGetKeyParamSet(processInfo, keyAlias, newParamSet, paramSetOut);
237 HksFreeParamSet(&newParamSet);
238 return ret;
239 }
240
HksServiceInitForDe(const struct HksProcessInfo * processInfo,const struct HksBlob * key,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)241 static int32_t HksServiceInitForDe(const struct HksProcessInfo *processInfo, const struct HksBlob *key,
242 const struct HksParamSet *paramSet, struct HksBlob *handle, struct HksBlob *token)
243 {
244 int32_t ret;
245 struct HksParamSet *newParamSet = NULL;
246 if (paramSet != NULL) {
247 ret = ConstructNewParamSet(paramSet, &newParamSet);
248 } else {
249 struct HksParam tmpParams[] = {
250 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
251 };
252 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
253 }
254 if (ret != HKS_SUCCESS) {
255 HKS_LOG_E("construct new paramSet fail");
256 return ret;
257 }
258 ret = HksServiceInit(processInfo, key, newParamSet, handle, token);
259 HksFreeParamSet(&newParamSet);
260 return ret;
261 }
262
HksServiceUpdateForDe(const struct HksBlob * handle,const struct HksProcessInfo * processInfo,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)263 static int32_t HksServiceUpdateForDe(const struct HksBlob *handle, const struct HksProcessInfo *processInfo,
264 const struct HksParamSet *paramSet, const struct HksBlob *inData, struct HksBlob *outData)
265 {
266 int32_t ret;
267 struct HksParamSet *newParamSet = NULL;
268 if (paramSet != NULL) {
269 ret = ConstructNewParamSet(paramSet, &newParamSet);
270 } else {
271 struct HksParam tmpParams[] = {
272 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE },
273 };
274 ret = GenerateParamSet(&newParamSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
275 }
276 if (ret != HKS_SUCCESS) {
277 HKS_LOG_E("construct new paramSet fail");
278 return ret;
279 }
280 ret = HksServiceUpdate(handle, processInfo, newParamSet, inData, outData);
281 HksFreeParamSet(&newParamSet);
282 return ret;
283 }
284
TestGenerateKeyWithProcessInfo(const struct HksBlob * keyAlias,const struct HksProcessInfo * processInfo)285 static int32_t TestGenerateKeyWithProcessInfo(const struct HksBlob *keyAlias, const struct HksProcessInfo *processInfo)
286 {
287 struct HksParam tmpParams[] = {
288 { .tag = HKS_TAG_KEY_STORAGE_FLAG, .uint32Param = HKS_STORAGE_PERSISTENT },
289 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA },
290 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048 },
291 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
292 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS },
293 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_VERIFY },
294 { .tag = HKS_TAG_KEY_GENERATE_TYPE, .uint32Param = HKS_KEY_GENERATE_TYPE_DEFAULT },
295 { .tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_ECB },
296 };
297 struct HksParamSet *paramSet = nullptr;
298 int32_t ret = HksInitParamSet(¶mSet);
299 if (ret != HKS_SUCCESS) {
300 HKS_LOG_E("HksServiceDeleteProcessInfo HksInitParamSet failed");
301 return ret;
302 }
303
304 ret = HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
305 if (ret != HKS_SUCCESS) {
306 HKS_LOG_E("HksServiceDeleteProcessInfo HksAddParams failed");
307 HksFreeParamSet(¶mSet);
308 return ret;
309 }
310
311 ret = HksBuildParamSet(¶mSet);
312 if (ret != HKS_SUCCESS) {
313 HKS_LOG_E("HksServiceDeleteProcessInfo HksBuildParamSet failed");
314 HksFreeParamSet(¶mSet);
315 return ret;
316 }
317
318 ret = HksServiceGenerateKeyForDe(processInfo, keyAlias, paramSet, nullptr);
319 if (ret != HKS_SUCCESS) {
320 HKS_LOG_E("HksServiceDeleteProcessInfo HksGenerateKey failed");
321 }
322 HksFreeParamSet(¶mSet);
323 return ret;
324 }
325
326 static const char *g_processNameString = "hks_client";
327 static const struct HksBlob g_processName = { strlen(g_processNameString), (uint8_t *)g_processNameString };
328 static uint32_t g_userIdInt = 1;
329 static const struct HksBlob g_userId = { sizeof(g_userIdInt), (uint8_t *)(&g_userIdInt)};
330
331 /**
332 * @tc.name: HksClientServiceTest.HksClientServiceTest001
333 * @tc.desc: tdd HksServiceDeleteProcessInfo, expect HKS_ERROR_INVALID_ARGUMENT
334 * @tc.type: FUNC
335 */
336 HWTEST_F(HksClientServiceTest, HksClientServiceTest001, TestSize.Level0)
337 {
338 HKS_LOG_I("enter HksClientServiceTest001");
339 const char *alias = "HksClientServiceTest001";
340 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
341 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
342 int32_t ret = TestGenerateKeyWithProcessInfo(&keyAlias, &processInfo);
343 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest001 TestGenerateKey failed, ret = " << ret;
344 ret = HksServiceKeyExistForDe(&processInfo, &keyAlias, nullptr);
345 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest001 HksServiceDeleteProcessInfo failed, ret = " << ret;
346 uint64_t handle = 111;
347 struct HksBlob operationHandle = { .size = sizeof(uint64_t), .data = (uint8_t *)&handle };
348 CreateOperation(&processInfo, NULL, &operationHandle, true);
349 HksServiceDeleteProcessInfo(&processInfo);
350 ret = HksServiceKeyExistForDe(&processInfo, &keyAlias, nullptr);
351 EXPECT_NE(ret, HKS_SUCCESS) << "HksClientServiceTest001 HksServiceDeleteProcessInfo failed, ret = " << ret;
352 }
353
354 /**
355 * @tc.name: HksClientServiceTest.HksClientServiceTest009
356 * @tc.desc: tdd HksServiceDeleteProcessInfo, expect HKS_ERROR_INVALID_ARGUMENT
357 * @tc.type: FUNC
358 */
359 HWTEST_F(HksClientServiceTest, HksClientServiceTest009, TestSize.Level0)
360 {
361 HKS_LOG_I("enter HksClientServiceTest009");
362 const char *alias = "HksClientServiceTest009";
363 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
364 struct HksBlob userRootId = { strlen("0"), reinterpret_cast<uint8_t *>(HksMalloc(strlen("0")))};
365 (void)memcpy_s(userRootId.data, userRootId.size, "0", strlen("0"));
366 struct HksProcessInfo processInfo = { userRootId, g_processName, 0, 0, 0 };
367 int32_t ret = TestGenerateKeyWithProcessInfo(&keyAlias, &processInfo);
368 ASSERT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest009 TestGenerateKey failed, ret = " << ret;
369 ret = HksServiceKeyExistForDe(&processInfo, &keyAlias, nullptr);
370 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest009 HksServiceDeleteProcessInfo failed, ret = " << ret;
371 uint64_t handle = 111;
372 struct HksBlob operationHandle = { .size = sizeof(uint64_t), .data = (uint8_t *)&handle };
373 CreateOperation(&processInfo, NULL, &operationHandle, true);
374 HksServiceDeleteProcessInfo(&processInfo);
375 ret = HksServiceKeyExistForDe(&processInfo, &keyAlias, nullptr);
376 EXPECT_NE(ret, HKS_SUCCESS) << "HksClientServiceTest009 HksServiceDeleteProcessInfo failed, ret = " << ret;
377 }
378
379 static const uint32_t HUKS_UID = 3510;
380
381 /**
382 * @tc.name: HksClientServiceTest.HksClientServiceTest002
383 * @tc.desc: tdd HksServiceDeleteProcessInfo, expect HKS_ERROR_INVALID_ARGUMENT
384 * @tc.type: FUNC
385 */
386 HWTEST_F(HksClientServiceTest, HksClientServiceTest002, TestSize.Level0)
387 {
388 HKS_LOG_I("enter HksClientServiceTest002");
389 const char *alias = "HksClientServiceTest002";
390 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
391 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
392 int32_t ret = TestGenerateKeyWithProcessInfo(&keyAlias, &processInfo);
393 ASSERT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest002 TestGenerateKey failed, ret = " << ret;
394 ret = HksServiceKeyExistForDe(&processInfo, &keyAlias, nullptr);
395 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest002 HksServiceDeleteProcessInfo failed, ret = " << ret;
396
397 struct HksBlob processName2 = { 0, nullptr };
398 struct HksProcessInfo processInfo2 = { g_userId, processName2, g_userIdInt, 0, 0 };
399 HksServiceDeleteProcessInfo(&processInfo2);
400 ret = HksServiceKeyExistForDe(&processInfo, &keyAlias, nullptr);
401 EXPECT_NE(ret, HKS_SUCCESS) << "HksClientServiceTest002 HksServiceDeleteProcessInfo failed, ret = " << ret;
402 HksChangeOldKeyOwner(HKS_CONFIG_KEY_STORE_PATH "/maindata", HUKS_UID);
403 }
404
405 static const uint32_t g_defaultCertSize = 10240;
406
FreeCertChainBlob(struct HksBlob * certChain)407 static void FreeCertChainBlob(struct HksBlob *certChain)
408 {
409 HKS_FREE(certChain->data);
410 certChain->size = 0;
411 HKS_FREE(certChain);
412 }
413
ConstructCertChainBlob(struct HksBlob ** outCertChain)414 static int32_t ConstructCertChainBlob(struct HksBlob **outCertChain)
415 {
416 struct HksBlob *certChain = (struct HksBlob *)HksMalloc(sizeof(struct HksBlob) * HKS_CERT_COUNT);
417 if (certChain == nullptr) {
418 return HKS_ERROR_MALLOC_FAIL;
419 }
420 certChain->data = (uint8_t *)HksMalloc(g_defaultCertSize);
421 if (certChain->data == nullptr) {
422 FreeCertChainBlob(certChain);
423 return HKS_ERROR_MALLOC_FAIL;
424 }
425 certChain->size = g_defaultCertSize;
426
427 *outCertChain = certChain;
428 return HKS_SUCCESS;
429 }
430
431 static struct HksBlob g_secInfo = { sizeof(SEC_INFO_DATA), (uint8_t *)SEC_INFO_DATA };
432 static struct HksBlob g_challenge = { sizeof(CHALLENGE_DATA), (uint8_t *)CHALLENGE_DATA };
433 static struct HksBlob g_version = { sizeof(VERSION_DATA), (uint8_t *)VERSION_DATA };
434 static struct HksBlob g_udid = { sizeof(UDID_DATA), (uint8_t *)UDID_DATA };
435 static struct HksBlob g_sn = { sizeof(SN_DATA), (uint8_t *)SN_DATA };
436 static struct HksBlob g_dId = { sizeof(DEVICE_ID), (uint8_t *)DEVICE_ID };
437
438 static struct HksBlob g_brandBlob = { sizeof(ATTEST_BRAND), (uint8_t *)ATTEST_BRAND };
439
440 /**
441 * @tc.name: HksClientServiceTest.HksClientServiceTest003
442 * @tc.desc: tdd HksServiceAttestKey, expect HKS_SUCCESS
443 * @tc.type: FUNC
444 */
445 HWTEST_F(HksClientServiceTest, HksClientServiceTest003, TestSize.Level0)
446 {
447 HKS_LOG_I("enter HksClientServiceTest003");
448 const char *alias = "HksClientServiceTest003_alias";
449 const char *product = "product";
450 const char *imei = "imei";
451 const char *meid = "meid";
452 const char *manufacturer = "manufacturer";
453 const char *model = "model";
454 const char *socid = "socid";
455 const struct HksBlob keyAliasBlob = { strlen(alias), (uint8_t *)alias };
456 const struct HksBlob productBlob = { strlen(product), (uint8_t *)product };
457 const struct HksBlob imeiBlob = { strlen(imei), (uint8_t *)imei };
458 const struct HksBlob meidBlob = { strlen(meid), (uint8_t *)meid };
459 const struct HksBlob manufacturerBlob = { strlen(manufacturer), (uint8_t *)manufacturer };
460 const struct HksBlob modelBlob = { strlen(model), (uint8_t *)model };
461 const struct HksBlob socidBlob = { strlen(socid), (uint8_t *)socid };
462 const struct HksParam commonParams[] = {
463 { .tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = g_secInfo },
464 { .tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
465 { .tag = HKS_TAG_ATTESTATION_ID_VERSION_INFO, .blob = g_version },
466 { .tag = HKS_TAG_ATTESTATION_ID_ALIAS, .blob = keyAliasBlob },
467 { .tag = HKS_TAG_ATTESTATION_ID_BRAND, .blob = g_brandBlob },
468 { .tag = HKS_TAG_ATTESTATION_ID_PRODUCT, .blob = productBlob },
469 { .tag = HKS_TAG_ATTESTATION_ID_IMEI, .blob = imeiBlob },
470 { .tag = HKS_TAG_ATTESTATION_ID_MEID, .blob = meidBlob },
471 { .tag = HKS_TAG_ATTESTATION_ID_MANUFACTURER, .blob = manufacturerBlob },
472 { .tag = HKS_TAG_ATTESTATION_ID_MODEL, .blob = modelBlob },
473 { .tag = HKS_TAG_ATTESTATION_ID_SOCID, .blob = socidBlob },
474 };
475 uint32_t userIdInt = 0;
476 struct HksBlob userId = { sizeof(userIdInt), (uint8_t *)(&userIdInt)};
477 const char *processNameString = "hks_client";
478 struct HksBlob processName = { strlen(processNameString), (uint8_t *)processNameString };
479 struct HksProcessInfo processInfo = { userId, processName, userIdInt, 0, 0 };
480 int32_t ret = TestGenerateKeyWithProcessInfo(&keyAliasBlob, &processInfo);
481 ASSERT_EQ(ret, HKS_SUCCESS) << "TestGenerateKey failed, ret = " << ret;
482 struct HksParamSet *paramSet = nullptr;
483 GenerateParamSet(¶mSet, commonParams, sizeof(commonParams) / sizeof(commonParams[0]));
484 struct HksBlob *certChain = nullptr;
485 ret = ConstructCertChainBlob(&certChain);
486 ASSERT_TRUE(ret == HKS_SUCCESS) << "ConstructCertChainBlob failed, ret = " << ret;
487 ret = HksServiceAttestKeyForDe(&processInfo, &keyAliasBlob, paramSet, certChain, nullptr);
488 if (ret != HKS_SUCCESS) {
489 HKS_LOG_I("HksServiceAttestKey failed!");
490 }
491 FreeCertChainBlob(certChain);
492 HksFreeParamSet(¶mSet);
493 ret = HksServiceDeleteKeyForDe(&processInfo, &keyAliasBlob, nullptr);
494 ASSERT_TRUE(ret == HKS_SUCCESS);
495 }
496
497 static const struct HksParam g_generateX25519Params[] = {
498 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_X25519 },
499 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_AGREE },
500 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
501 };
502
GenerateX25519(const struct HksBlob * keyAlias,const struct HksProcessInfo * processInfo)503 static int32_t GenerateX25519(const struct HksBlob *keyAlias, const struct HksProcessInfo *processInfo)
504 {
505 struct HksParamSet *paramSet = nullptr;
506 int32_t ret = GenerateParamSet(¶mSet, g_generateX25519Params, sizeof(g_generateX25519Params) /
507 sizeof(g_generateX25519Params[0]));
508 EXPECT_EQ(ret, HKS_SUCCESS) << "GenerateParamSet failed, ret = " << ret;
509
510 ret = HksServiceGenerateKeyForDe(processInfo, keyAlias, paramSet, nullptr);
511 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGenerateKey failed, ret = " << ret;
512 return ret;
513 }
514
515 /**
516 * @tc.name: HksClientServiceTest.HksClientServiceTest004
517 * @tc.desc: tdd HksServiceAttestKey with x25519, expect HKS_SUCCESS
518 * @tc.type: FUNC
519 */
520 HWTEST_F(HksClientServiceTest, HksClientServiceTest004, TestSize.Level0)
521 {
522 HKS_LOG_I("enter HksClientServiceTest004");
523 const char *alias = "HksClientServiceTest004_alias";
524 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
525 const struct HksParam attestParams[] = {
526 { .tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = g_secInfo },
527 { .tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
528 { .tag = HKS_TAG_ATTESTATION_ID_VERSION_INFO, .blob = g_version },
529 { .tag = HKS_TAG_ATTESTATION_ID_ALIAS, .blob = keyAlias },
530 { .tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = g_udid },
531 { .tag = HKS_TAG_ATTESTATION_ID_SERIAL, .blob = g_sn },
532 { .tag = HKS_TAG_ATTESTATION_ID_DEVICE, .blob = g_dId },
533 };
534 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
535 int32_t ret = GenerateX25519(&keyAlias, &processInfo);
536 EXPECT_EQ(ret, HKS_SUCCESS) << "GenerateX25519 failed, ret = " << ret;
537 struct HksParamSet *paramSet = nullptr;
538 GenerateParamSet(¶mSet, attestParams, sizeof(attestParams) / sizeof(attestParams[0]));
539 struct HksBlob *certChain = nullptr;
540 ret = ConstructCertChainBlob(&certChain);
541 ASSERT_TRUE(ret == HKS_SUCCESS) << "ConstructCertChainBlob failed, ret = " << ret;
542 ret = HksServiceAttestKeyForDe(&processInfo, &keyAlias, paramSet, certChain, nullptr);
543 if (ret != HKS_SUCCESS) {
544 HKS_LOG_I("HksServiceAttestKey failed!");
545 }
546 FreeCertChainBlob(certChain);
547
548 HksFreeParamSet(¶mSet);
549
550 ret = HksServiceDeleteKeyForDe(&processInfo, &keyAlias, nullptr);
551 ASSERT_TRUE(ret == HKS_SUCCESS);
552 }
553
554 static const struct HksParam g_generateECCParams[] = {
555 { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ECC },
556 { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_ECC_KEY_SIZE_256 },
557 { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
558 { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA384 },
559 { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE },
560 };
561
GenerateECC(const struct HksBlob * keyAlias,const struct HksProcessInfo * processInfo)562 static int32_t GenerateECC(const struct HksBlob *keyAlias, const struct HksProcessInfo *processInfo)
563 {
564 struct HksParamSet *paramSet = nullptr;
565 int32_t ret = GenerateParamSet(¶mSet, g_generateECCParams, sizeof(g_generateECCParams) /
566 sizeof(g_generateECCParams[0]));
567 EXPECT_EQ(ret, HKS_SUCCESS) << "GenerateParamSet failed, ret = " << ret;
568
569 ret = HksServiceGenerateKeyForDe(processInfo, keyAlias, paramSet, nullptr);
570 EXPECT_EQ(ret, HKS_SUCCESS) << "HksGenerateKey failed, ret = " << ret;
571 return ret;
572 }
573
574 /**
575 * @tc.name: HksClientServiceTest.HksClientServiceTest005
576 * @tc.desc: tdd HksServiceAttestKey with ecc, expect HKS_SUCCESS
577 * @tc.type: FUNC
578 */
579 HWTEST_F(HksClientServiceTest, HksClientServiceTest005, TestSize.Level0)
580 {
581 HKS_LOG_I("enter HksClientServiceTest005");
582 const char *alias = "HksClientServiceTest005_alias";
583 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
584 const struct HksParam attestParams[] = {
585 { .tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = g_secInfo },
586 { .tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
587 { .tag = HKS_TAG_ATTESTATION_ID_DEVICE, .blob = g_dId },
588 { .tag = HKS_TAG_ATTESTATION_ID_VERSION_INFO, .blob = g_version },
589 { .tag = HKS_TAG_ATTESTATION_ID_ALIAS, .blob = keyAlias },
590 { .tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = g_udid },
591 { .tag = HKS_TAG_ATTESTATION_ID_SERIAL, .blob = g_sn },
592 };
593 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
594 int32_t ret = GenerateECC(&keyAlias, &processInfo);
595 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest005 GenerateECC failed, ret = " << ret;
596 struct HksParamSet *paramSet = nullptr;
597 ret = GenerateParamSet(¶mSet, attestParams, sizeof(attestParams) / sizeof(attestParams[0]));
598 EXPECT_EQ(ret, HKS_SUCCESS);
599 struct HksBlob *certChain = nullptr;
600 ret = ConstructCertChainBlob(&certChain);
601 ASSERT_TRUE(ret == HKS_SUCCESS) << "HksClientServiceTest005 ConstructCertChainBlob failed, ret = " << ret;
602 ret = HksServiceAttestKeyForDe(&processInfo, &keyAlias, paramSet, certChain, nullptr);
603 if (ret != HKS_SUCCESS) {
604 HKS_LOG_I("HksServiceAttestKey failed!");
605 }
606 FreeCertChainBlob(certChain);
607
608 HksFreeParamSet(¶mSet);
609
610 ret = HksServiceDeleteKeyForDe(&processInfo, &keyAlias, nullptr);
611 ASSERT_TRUE(ret == HKS_SUCCESS);
612 }
613
614 /**
615 * @tc.name: HksClientServiceTest.HksClientServiceTest006
616 * @tc.desc: tdd HksServiceGetKeyParamSet with ecc, expect HKS_ERROR_BAD_STATE
617 * @tc.type: FUNC
618 */
619 HWTEST_F(HksClientServiceTest, HksClientServiceTest006, TestSize.Level0)
620 {
621 HKS_LOG_I("enter HksClientServiceTest006");
622 const char *alias = "HksClientServiceTest006_alias";
623 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
624
625 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
626 int32_t ret = GenerateECC(&keyAlias, &processInfo);
627 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest006 GenerateECC failed, ret = " << ret;
628
629 struct HksParamSet *paramSet = nullptr;
630 ret = GenerateParamSet(¶mSet, nullptr, 0);
631 ASSERT_TRUE(ret == HKS_SUCCESS);
632
633 struct HksProcessInfo processInfo2 = { g_userId, g_processName, g_userIdInt, 0, 1 };
634
635 ret = HksServiceGetKeyParamSetForDe(&processInfo2, &keyAlias, nullptr, paramSet);
636 ASSERT_TRUE(ret == HKS_ERROR_BAD_STATE);
637
638 HksFreeParamSet(¶mSet);
639 (void)HksServiceDeleteKeyForDe(&processInfo, &keyAlias, nullptr);
640 }
641
642 static uint32_t g_paramSetDefaultSize = 4096;
643
644 /**
645 * @tc.name: HksClientServiceTest.HksClientServiceTest007
646 * @tc.desc: tdd HksServiceGetKeyParamSet with ecc, expect HKS_SUCCESS and no accessTokenId in paramSet
647 * @tc.type: FUNC
648 */
649 HWTEST_F(HksClientServiceTest, HksClientServiceTest007, TestSize.Level0)
650 {
651 HKS_LOG_I("enter HksClientServiceTest007");
652 const char *alias = "HksClientServiceTest007_alias";
653 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
654
655 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
656 int32_t ret = GenerateECC(&keyAlias, &processInfo);
657 EXPECT_EQ(ret, HKS_SUCCESS) << "HksClientServiceTest007 GenerateECC failed, ret = " << ret;
658
659 struct HksParamSet *paramSet = (struct HksParamSet *)HksMalloc(g_paramSetDefaultSize);
660
661 ASSERT_TRUE(paramSet != nullptr);
662
663 paramSet->paramSetSize = g_paramSetDefaultSize;
664
665 ret = HksServiceGetKeyParamSetForDe(&processInfo, &keyAlias, nullptr, paramSet);
666 ASSERT_TRUE(ret == HKS_SUCCESS);
667
668 struct HksParam *accessTokenId = nullptr;
669 ret = HksGetParam(paramSet, HKS_TAG_ACCESS_TOKEN_ID, &accessTokenId);
670 ASSERT_TRUE(ret == HKS_ERROR_PARAM_NOT_EXIST);
671
672 HksFreeParamSet(¶mSet);
673 (void)HksServiceDeleteKeyForDe(&processInfo, &keyAlias, nullptr);
674 }
675
676 static struct HksParam g_aesGenParams[] = {
677 {
678 .tag = HKS_TAG_KEY_SIZE,
679 .uint32Param = HKS_AES_KEY_SIZE_256
680 }, {
681 .tag = HKS_TAG_ALGORITHM,
682 .uint32Param = HKS_ALG_AES
683 }, {
684 .tag = HKS_TAG_BLOCK_MODE,
685 .uint32Param = HKS_MODE_CBC
686 }, {
687 .tag = HKS_TAG_PURPOSE,
688 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT
689 }, {
690 .tag = HKS_TAG_PADDING,
691 .uint32Param = HKS_PADDING_NONE
692 }
693 };
694
695 static const uint32_t g_ivSize = 16;
696 static uint8_t g_iv[g_ivSize] = { 0 };
697
698 static struct HksParam g_aesEncryptParams[] = {
699 {
700 .tag = HKS_TAG_IV,
701 .blob = {
702 .size = g_ivSize,
703 .data = (uint8_t *)g_iv
704 }
705 }, {
706 .tag = HKS_TAG_PADDING,
707 .uint32Param = HKS_PADDING_NONE
708 }, {
709 .tag = HKS_TAG_ALGORITHM,
710 .uint32Param = HKS_ALG_AES
711 }, {
712 .tag = HKS_TAG_PURPOSE,
713 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT
714 }, {
715 .tag = HKS_TAG_KEY_SIZE,
716 .uint32Param = HKS_AES_KEY_SIZE_256
717 }, {
718 .tag = HKS_TAG_BLOCK_MODE,
719 .uint32Param = HKS_MODE_CBC
720 }, {
721 .tag = HKS_TAG_DIGEST,
722 .uint32Param = HKS_DIGEST_NONE
723 },
724 };
725
726 /**
727 * @tc.name: HksClientServiceTest.HksClientServiceTest008
728 * @tc.desc: tdd three stage with access token id, expect HKS_ERROR_BAD_STATE
729 * @tc.type: FUNC
730 */
731 HWTEST_F(HksClientServiceTest, HksClientServiceTest008, TestSize.Level0)
732 {
733 HKS_LOG_I("enter HksClientServiceTest008");
734 const char *alias = "alias";
735 const struct HksBlob keyAlias = { strlen(alias), (uint8_t *)alias };
736
737 struct HksProcessInfo processInfo = { g_userId, g_processName, g_userIdInt, 0, 0 };
738 struct HksParamSet *genParamSet = nullptr;
739 int32_t ret = GenerateParamSet(&genParamSet, g_aesGenParams, sizeof(g_aesGenParams) / sizeof(g_aesGenParams[0]));
740 ASSERT_TRUE(ret == HKS_SUCCESS);
741 ret = HksServiceGenerateKeyForDe(&processInfo, &keyAlias, genParamSet, nullptr);
742 ASSERT_TRUE(ret == HKS_SUCCESS);
743
744 struct HksParamSet *encParamSet = nullptr;
745 ret = GenerateParamSet(&encParamSet, g_aesEncryptParams,
746 sizeof(g_aesEncryptParams) / sizeof(g_aesEncryptParams[0]));
747 ASSERT_TRUE(ret == HKS_SUCCESS);
748
749 struct HksBlob handle = { .size = sizeof(uint64_t), .data = (uint8_t *)HksMalloc(sizeof(uint64_t)) };
750 struct HksBlob token = { 0 };
751
752 ret = HksServiceInitForDe(&processInfo, &keyAlias, encParamSet, &handle, &token);
753 ASSERT_TRUE(ret == HKS_SUCCESS);
754
755 struct HksProcessInfo processInfo2 = { g_userId, g_processName, g_userIdInt, 0, 1 };
756
757 struct HksBlob inDataBlob = { 0 };
758 struct HksBlob outDataBlob = { 0 };
759
760 ret = HksServiceUpdateForDe(&handle, &processInfo2, encParamSet, &inDataBlob, &outDataBlob);
761 ASSERT_TRUE(ret == HKS_ERROR_BAD_STATE);
762
763 (void)HksServiceAbort(&handle, &processInfo, encParamSet);
764
765 HKS_FREE_BLOB(handle);
766 HksFreeParamSet(&genParamSet);
767 HksFreeParamSet(&encParamSet);
768 (void)HksServiceDeleteKeyForDe(&processInfo, &keyAlias, nullptr);
769 }
770
771 #ifdef HKS_ENABLE_UPGRADE_KEY
772 /**
773 * @tc.name: HksClientServiceTest.HksClientServiceTest013
774 * @tc.desc: tdd CheckAndUpgradeKeyIfNeed, expect HKS_ERROR_INVALID_ARGUMENT
775 * @tc.type: FUNC
776 */
777 HWTEST_F(HksClientServiceTest, HksClientServiceTest013, TestSize.Level0)
778 {
779 HKS_LOG_I("enter HksClientServiceTest013");
780 struct HksBlob key = { .size = 0, .data = nullptr };
781 int32_t ret = CheckAndUpgradeKeyIfNeed(nullptr, nullptr, nullptr, &key);
782 ASSERT_EQ(ret, HKS_ERROR_CORRUPT_FILE);
783 }
784
785 /**
786 * @tc.name: HksClientServiceTest.HksClientServiceTest010
787 * @tc.desc: tdd CheckAndUpgradeKeyIfNeed, expect HKS_ERROR_BAD_STATE
788 * @tc.type: FUNC
789 */
790 HWTEST_F(HksClientServiceTest, HksClientServiceTest010, TestSize.Level0)
791 {
792 HKS_LOG_I("enter HksClientServiceTest010");
793 struct HksBlob key = { .size = 0, .data = nullptr };
794 struct HksParamSet *paramSet = nullptr;
795 int32_t ret = HksInitParamSet(¶mSet);
796 ASSERT_EQ(ret, HKS_SUCCESS);
797 struct HksParam keyVersionParam = { .tag = HKS_TAG_KEY_VERSION, .uint32Param = 0 };
798 ret = HksAddParams(paramSet, &keyVersionParam, 1);
799 ASSERT_EQ(ret, HKS_SUCCESS);
800 ret = HksBuildParamSet(¶mSet);
801 ASSERT_EQ(ret, HKS_SUCCESS);
802 key.data = (uint8_t *)HksMalloc(paramSet->paramSetSize);
803 (void)memcpy_s(key.data, paramSet->paramSetSize, paramSet, paramSet->paramSetSize);
804 ret = CheckAndUpgradeKeyIfNeed(nullptr, nullptr, nullptr, &key);
805 ASSERT_EQ(ret, HKS_ERROR_BAD_STATE);
806 HKS_FREE(key.data);
807 HksFreeParamSet(¶mSet);
808 }
809
810 /**
811 * @tc.name: HksClientServiceTest.HksClientServiceTest011
812 * @tc.desc: tdd CheckAndUpgradeKeyIfNeed, expect HKS_SHKS_ERROR_BAD_STATEUCCESS
813 * @tc.type: FUNC
814 */
815 HWTEST_F(HksClientServiceTest, HksClientServiceTest011, TestSize.Level0)
816 {
817 HKS_LOG_I("enter HksClientServiceTest011");
818 struct HksBlob key = { .size = 0, .data = nullptr };
819 struct HksParamSet *paramSet = nullptr;
820 int32_t ret = HksInitParamSet(¶mSet);
821 ASSERT_EQ(ret, HKS_SUCCESS);
822 uint32_t tooBigVersion = 999;
823 struct HksParam keyVersionParam = { .tag = HKS_TAG_KEY_VERSION, .uint32Param = tooBigVersion };
824 ret = HksAddParams(paramSet, &keyVersionParam, 1);
825 ASSERT_EQ(ret, HKS_SUCCESS);
826 ret = HksBuildParamSet(¶mSet);
827 ASSERT_EQ(ret, HKS_SUCCESS);
828 key.data = (uint8_t *)HksMalloc(paramSet->paramSetSize);
829 (void)memcpy_s(key.data, paramSet->paramSetSize, paramSet, paramSet->paramSetSize);
830
831 ret = CheckAndUpgradeKeyIfNeed(nullptr, nullptr, nullptr, &key);
832 ASSERT_EQ(ret, HKS_ERROR_BAD_STATE);
833 HKS_FREE(key.data);
834 HksFreeParamSet(¶mSet);
835 }
836
837 /**
838 * @tc.name: HksClientServiceTest.HksClientServiceTest012
839 * @tc.desc: tdd CheckAndUpgradeKeyIfNeed, expect HKS_ERROR_INVALID_ARGUMENT
840 * @tc.type: FUNC
841 */
842 HWTEST_F(HksClientServiceTest, HksClientServiceTest012, TestSize.Level0)
843 {
844 HKS_LOG_I("enter HksClientServiceTest012");
845 struct HksBlob key = { .size = 0, .data = nullptr };
846 struct HksParamSet *paramSet = nullptr;
847 int32_t ret = HksInitParamSet(¶mSet);
848 ASSERT_EQ(ret, HKS_SUCCESS);
849 uint32_t version = 1;
850 struct HksParam keyVersionParam = { .tag = HKS_TAG_KEY_VERSION, .uint32Param = version };
851 ret = HksAddParams(paramSet, &keyVersionParam, 1);
852 ASSERT_EQ(ret, HKS_SUCCESS);
853 ret = HksBuildParamSet(¶mSet);
854 ASSERT_EQ(ret, HKS_SUCCESS);
855 key.data = (uint8_t *)HksMalloc(paramSet->paramSetSize);
856 (void)memcpy_s(key.data, paramSet->paramSetSize, paramSet, paramSet->paramSetSize);
857 ret = CheckAndUpgradeKeyIfNeed(nullptr, nullptr, nullptr, &key);
858 ASSERT_EQ(ret, HKS_ERROR_INVALID_ARGUMENT);
859 HKS_FREE(key.data);
860 HksFreeParamSet(¶mSet);
861 }
862 #endif /** HKS_ENABLE_UPGRADE_KEY*/
863 }
864