support attestation for x25519 and ed25519

Signed-off-by: y30053096 <yangjinhuan@huawei.com> Change-Id: Ic4e5e9c85104f01367259fb5488e33a0f5632e86
2024-11-23 06:41:12 +00:00 · 2024-11-15 11:56:55 +08:00 · 2024-11-15 11:56:55 +08:00 · dc13bd62e5
commit dc13bd62e5
parent 5bbc98561f
3 changed files with 239 additions and 4 deletions
--- a/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest.c
+++ b/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest.c
@ -1316,7 +1316,8 @@ static void FreeAttestSpec(struct HksAttestSpec **attestSpec)
 static int32_t CheckAttestUsageSpec(const struct HksUsageSpec *usageSpec)
 {
    if ((usageSpec->algType != HKS_ALG_RSA) && (usageSpec->algType != HKS_ALG_ECC) &&
-        (usageSpec->algType != HKS_ALG_X25519) && (usageSpec->algType != HKS_ALG_SM2)) {
+        (usageSpec->algType != HKS_ALG_X25519) && (usageSpec->algType != HKS_ALG_SM2) &&
+        (usageSpec->algType != HKS_ALG_ED25519)) {
            HKS_LOG_E("invalid alg %" LOG_PUBLIC "u\n", usageSpec->algType);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
--- a/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest_utils.c
+++ b/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest_utils.c
@ -49,6 +49,9 @@ DECLARE_OID(g_rsaEn);
 static uint8_t g_x25519Tag[] = { 0x06, 0x03, 0x2B, 0x65, 0x6E };
 DECLARE_OID(g_x25519);

+static uint8_t g_ed25519Tag[] = { 0x06, 0x03, 0x2B, 0x65, 0x70 };
+DECLARE_OID(g_ed25519);
+
 #define ENCODED_SEC_LEVEL_SIZE 3
 static uint32_t EncodeSecurityLevel(uint8_t *out, uint32_t level)
 {
@ -195,7 +198,8 @@ static int32_t GetRsaPublicKey(struct HksBlob *key, const struct HksPubKeyInfo *
    return DcmAsn1WriteFinal(key, &seqDataBlob);
 }

-static int32_t GetX25519PublicKey(struct HksBlob *key, const struct HksPubKeyInfo *info)
+static int32_t GetCurve25519PublicKey(struct HksBlob *key, const struct HksPubKeyInfo *info,
+    struct HksAsn1Blob *curve25519Oid)
 {
    struct HksBlob tmp = *key;
    tmp.data += ASN_1_MAX_HEADER_LEN;
@ -205,8 +209,7 @@ static int32_t GetX25519PublicKey(struct HksBlob *key, const struct HksPubKeyInf
        return HKS_ERROR_INSUFFICIENT_MEMORY;
    }

-    struct HksAsn1Blob x25519Oid = { ASN_1_TAG_TYPE_SEQ, g_x25519Oid.size, g_x25519Oid.data };
-    int32_t ret = DcmAsn1InsertValue(&tmp, NULL, &x25519Oid);
+    int32_t ret = DcmAsn1InsertValue(&tmp, NULL, curve25519Oid);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "insert oid value fail\n")

    uint8_t *publicKey = (uint8_t *)(info + 1);
@ -220,6 +223,25 @@ static int32_t GetX25519PublicKey(struct HksBlob *key, const struct HksPubKeyInf
    return DcmAsn1WriteFinal(key, &seqDataBlob);
 }

+static int32_t GetX25519PublicKey(struct HksBlob *key, const struct HksPubKeyInfo *info)
+{
+    struct HksAsn1Blob x25519Oid = { ASN_1_TAG_TYPE_SEQ, g_x25519Oid.size, g_x25519Oid.data };
+    int32_t ret = GetCurve25519PublicKey(key, info, &x25519Oid);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_E("get x25519 public key fail");
+    }
+    return ret;
+}
+static int32_t GetEd25519PublicKey(struct HksBlob *key, const struct HksPubKeyInfo *info)
+{
+    struct HksAsn1Blob ed25519Oid = { ASN_1_TAG_TYPE_SEQ, g_ed25519Oid.size, g_ed25519Oid.data };
+    int32_t ret = GetCurve25519PublicKey(key, info, &ed25519Oid);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_E("get ed25519 public key fail");
+    }
+    return ret;
+}
+
 static int32_t GetSm2PublicKey(struct HksBlob *key, const struct HksPubKeyInfo *info)
 {
    if (info->keySize != HKS_SM2_KEY_SIZE_256) {
@ -242,6 +264,8 @@ int32_t DcmGetPublicKey(struct HksBlob *key, const struct HksPubKeyInfo *info, c
        return GetEcPublicKey(key, info);
    } else if (info->keyAlg == HKS_ALG_X25519) {
        return GetX25519PublicKey(key, info);
+    } else if (info->keyAlg == HKS_ALG_ED25519) {
+        return GetEd25519PublicKey(key, info);
    } else if (info->keyAlg == HKS_ALG_SM2) {
        return GetSm2PublicKey(key, info);
    } else {
--- a/test/unittest/huks_standard_test/three_stage_test/src/hks_attest_key_nonids_test.cpp
+++ b/test/unittest/huks_standard_test/three_stage_test/src/hks_attest_key_nonids_test.cpp
@ -485,4 +485,214 @@ HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest013, TestSize.Level0)
    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
    ASSERT_EQ(ret, HKS_SUCCESS);
 }
+
+/**
+ * @tc.name: HksAttestKeyNonIdsTest.HksAttestKeyNonIdsTest014
+ * @tc.desc: attest with x25519.
+ * @tc.type: FUNC
+ * @tc.require: issueI5NY0L
+ */
+HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest014, TestSize.Level0)
+{
+    struct HksParamSet *paramSet = nullptr;
+    HksCertChain *certChain = nullptr;
+    HKS_LOG_I("enter HksAttestKeyNonIdsTest014");
+    const struct HksParam tmpParams[] = {
+        { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_X25519 },
+        { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
+        { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_AGREE },
+    };
+    int32_t ret = TestGenerateKeyCommon(&g_keyAlias, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    GenerateParamSet(&paramSet, g_commonParams, sizeof(g_commonParams) / sizeof(g_commonParams[0]));
+    const struct HksTestCertChain certParam = { true, true, true, g_size };
+    (void)ConstructDataToCertChain(&certChain, &certParam);
+    ret = HksAttestKeyForDe(&g_keyAlias, paramSet, certChain);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_I("HksAttestKey fail, ret is %" LOG_PUBLIC "d!", ret);
+    }
+    ASSERT_EQ(ret, HKS_ERROR_NO_PERMISSION);
+
+    FreeCertChain(&certChain, certChain->certsCount);
+    HksFreeParamSet(&paramSet);
+    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+}
+
+/**
+ * @tc.name: HksAttestKeyNonIdsTest.HksAttestKeyNonIdsTest015
+ * @tc.desc: attest with x25519.
+ * @tc.type: FUNC
+ * @tc.require: issueI5NY0L
+ */
+HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest015, TestSize.Level0)
+{
+    struct HksParamSet *paramSet = nullptr;
+    HksCertChain *certChain = nullptr;
+    HKS_LOG_I("enter HksAttestKeyNonIdsTest015");
+    const struct HksParam tmpParams[] = {
+        { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_X25519 },
+        { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
+        { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_AGREE },
+    };
+    int32_t ret = TestGenerateKeyCommon(&g_keyAlias, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    GenerateParamSet(&paramSet, g_commonParams, sizeof(g_commonParams) / sizeof(g_commonParams[0]));
+    const struct HksTestCertChain certParam = { true, true, true, g_size };
+    (void)ConstructDataToCertChain(&certChain, &certParam);
+    ret = HksAnonAttestKeyForDe(&g_keyAlias, paramSet, certChain);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_I("HksAnonAttestKey fail, ret is %" LOG_PUBLIC "d!", ret);
+    }
+    ASSERT_EQ(ret, HKS_SUCCESS);
+
+    FreeCertChain(&certChain, certChain->certsCount);
+    HksFreeParamSet(&paramSet);
+    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+}
+
+/**
+ * @tc.name: HksAttestKeyNonIdsTest.HksAttestKeyNonIdsTest016
+ * @tc.desc: attest with x25519.
+ * @tc.type: FUNC
+ */
+HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest016, TestSize.Level0)
+{
+    struct HksParamSet *paramSet = nullptr;
+    HksCertChain *certChain = nullptr;
+    HKS_LOG_I("enter HksAttestKeyNonIdsTest016");
+    const struct HksParam tmpParams[] = {
+        { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_X25519 },
+        { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
+        { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_AGREE },
+    };
+    int32_t ret = TestGenerateKeyCommon(&g_keyAlias, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    ret = GenerateParamSet(&paramSet, g_commonParams, sizeof(g_commonParams) / sizeof(g_commonParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    const struct HksTestCertChain certParam = { true, true, true, g_size };
+    ret = ConstructDataToCertChain(&certChain, &certParam);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    const struct OH_Huks_Blob oh_g_keyAlias = { sizeof(ALIAS), (uint8_t *)ALIAS };
+    struct HksParamSet *newParamSet = nullptr;
+    ret = ConstructNewParamSet(paramSet, &newParamSet);
+    ret = OH_Huks_AnonAttestKeyItem(&oh_g_keyAlias, (struct OH_Huks_ParamSet *) newParamSet,
+        (struct OH_Huks_CertChain *) certChain).errorCode;
+    HKS_LOG_I("OH_Huks_AnonAttestKeyItem, ret is %" LOG_PUBLIC "d!", ret);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    for (uint32_t i = 0; i < certChain->certsCount; i++) {
+        printf("Get certChain[%d]:\n %s \n", i, certChain->certs[i].data);
+    }
+    FreeCertChain(&certChain, certChain->certsCount);
+    HksFreeParamSet(&newParamSet);
+    HksFreeParamSet(&paramSet);
+    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+}
+
+/**
+ * @tc.name: HksAttestKeyNonIdsTest.HksAttestKeyNonIdsTest017
+ * @tc.desc: attest with ed25519.
+ * @tc.type: FUNC
+ * @tc.require: issueI5NY0L
+ */
+HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest017, TestSize.Level0)
+{
+    struct HksParamSet *paramSet = nullptr;
+    HksCertChain *certChain = nullptr;
+    HKS_LOG_I("enter HksAttestKeyNonIdsTest017");
+    const struct HksParam tmpParams[] = {
+        { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
+        { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
+        { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_VERIFY },
+    };
+    int32_t ret = TestGenerateKeyCommon(&g_keyAlias, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    GenerateParamSet(&paramSet, g_commonParams, sizeof(g_commonParams) / sizeof(g_commonParams[0]));
+    const struct HksTestCertChain certParam = { true, true, true, g_size };
+    (void)ConstructDataToCertChain(&certChain, &certParam);
+    ret = HksAttestKeyForDe(&g_keyAlias, paramSet, certChain);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_I("HksAttestKey fail, ret is %" LOG_PUBLIC "d!", ret);
+    }
+    ASSERT_EQ(ret, HKS_ERROR_NO_PERMISSION);
+
+    FreeCertChain(&certChain, certChain->certsCount);
+    HksFreeParamSet(&paramSet);
+    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+}
+
+/**
+ * @tc.name: HksAttestKeyNonIdsTest.HksAttestKeyNonIdsTest018
+ * @tc.desc: attest with ed25519.
+ * @tc.type: FUNC
+ * @tc.require: issueI5NY0L
+ */
+HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest018, TestSize.Level0)
+{
+    struct HksParamSet *paramSet = nullptr;
+    HksCertChain *certChain = nullptr;
+    HKS_LOG_I("enter HksAttestKeyNonIdsTest018");
+    const struct HksParam tmpParams[] = {
+        { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
+        { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
+        { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_VERIFY },
+    };
+    int32_t ret = TestGenerateKeyCommon(&g_keyAlias, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    GenerateParamSet(&paramSet, g_commonParams, sizeof(g_commonParams) / sizeof(g_commonParams[0]));
+    const struct HksTestCertChain certParam = { true, true, true, g_size };
+    (void)ConstructDataToCertChain(&certChain, &certParam);
+    ret = HksAnonAttestKeyForDe(&g_keyAlias, paramSet, certChain);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_I("HksAnonAttestKey fail, ret is %" LOG_PUBLIC "d!", ret);
+    }
+    ASSERT_EQ(ret, HKS_SUCCESS);
+
+    FreeCertChain(&certChain, certChain->certsCount);
+    HksFreeParamSet(&paramSet);
+    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+}
+
+/**
+ * @tc.name: HksAttestKeyNonIdsTest.HksAttestKeyNonIdsTest019
+ * @tc.desc: attest with ed25519.
+ * @tc.type: FUNC
+ */
+HWTEST_F(HksAttestKeyNonIdsTest, HksAttestKeyNonIdsTest019, TestSize.Level0)
+{
+    struct HksParamSet *paramSet = nullptr;
+    HksCertChain *certChain = nullptr;
+    HKS_LOG_I("enter HksAttestKeyNonIdsTest019");
+    const struct HksParam tmpParams[] = {
+        { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ED25519 },
+        { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_CURVE25519_KEY_SIZE_256 },
+        { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_VERIFY },
+    };
+    int32_t ret = TestGenerateKeyCommon(&g_keyAlias, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    ret = GenerateParamSet(&paramSet, g_commonParams, sizeof(g_commonParams) / sizeof(g_commonParams[0]));
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    const struct HksTestCertChain certParam = { true, true, true, g_size };
+    ret = ConstructDataToCertChain(&certChain, &certParam);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    const struct OH_Huks_Blob oh_g_keyAlias = { sizeof(ALIAS), (uint8_t *)ALIAS };
+    struct HksParamSet *newParamSet = nullptr;
+    ret = ConstructNewParamSet(paramSet, &newParamSet);
+    ret = OH_Huks_AnonAttestKeyItem(&oh_g_keyAlias, (struct OH_Huks_ParamSet *) newParamSet,
+        (struct OH_Huks_CertChain *) certChain).errorCode;
+    HKS_LOG_I("OH_Huks_AnonAttestKeyItem, ret is %" LOG_PUBLIC "d!", ret);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+    for (uint32_t i = 0; i < certChain->certsCount; i++) {
+        printf("Get certChain[%d]:\n %s \n", i, certChain->certs[i].data);
+    }
+    FreeCertChain(&certChain, certChain->certsCount);
+    HksFreeParamSet(&newParamSet);
+    HksFreeParamSet(&paramSet);
+    ret = HksDeleteKeyForDe(&g_keyAlias, NULL);
+    ASSERT_EQ(ret, HKS_SUCCESS);
+}
 }