Move keymaster test fixture to utils, so we can reuse it.
Change-Id: I7e080326a97712bc1b6810e7231ecf78b7d4e28f
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index aaf7425..931a9e1 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -14,13 +14,10 @@
* limitations under the License.
*/
-#include <algorithm>
#include <fstream>
#include <string>
#include <vector>
-#include <gtest/gtest.h>
-
#include <openssl/engine.h>
#include <keymaster/google_keymaster_utils.h>
@@ -60,378 +57,14 @@
namespace keymaster {
namespace test {
-inline string make_string(const uint8_t* data, size_t length) {
- return string(reinterpret_cast<const char*>(data), length);
-}
-
-template <size_t N> string make_string(const uint8_t(&a)[N]) {
- return make_string(a, N);
-}
-
-static string make_string(const uint8_t(&)[0]) {
- return string();
-}
-
StdoutLogger logger;
-const uint64_t OP_HANDLE_SENTINEL = 0xFFFFFFFFFFFFFFFF;
-class KeymasterTest : public testing::Test {
+class KeymasterTest : public Keymaster1Test {
protected:
- KeymasterTest() : op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
- blob_.key_material = NULL;
- RAND_seed("foobar", 6);
- blob_.key_material = 0;
+ KeymasterTest() {
+ SoftKeymasterDevice* device = new SoftKeymasterDevice;
+ init(device->keymaster_device());
}
-
- ~KeymasterTest() {
- FreeCharacteristics();
- FreeKeyBlob();
- }
-
- keymaster1_device_t* device() {
- return reinterpret_cast<keymaster1_device_t*>(device_.hw_device());
- }
-
- keymaster_error_t GenerateKey(const AuthorizationSetBuilder& builder) {
- AuthorizationSet params(builder.build());
- params.push_back(UserAuthParams());
- params.push_back(ClientParams());
-
- FreeKeyBlob();
- FreeCharacteristics();
- return device()->generate_key(device(), params.data(), params.size(), &blob_,
- &characteristics_);
- }
-
- keymaster_error_t ImportKey(const AuthorizationSetBuilder& builder,
- keymaster_key_format_t format, const string& key_material) {
- AuthorizationSet params(builder.build());
- params.push_back(UserAuthParams());
- params.push_back(ClientParams());
-
- FreeKeyBlob();
- FreeCharacteristics();
- return device()->import_key(device(), params.data(), params.size(), format,
- reinterpret_cast<const uint8_t*>(key_material.c_str()),
- key_material.length(), &blob_, &characteristics_);
- }
-
- AuthorizationSet UserAuthParams() {
- AuthorizationSet set;
- set.push_back(TAG_USER_ID, 7);
- set.push_back(TAG_USER_AUTH_ID, 8);
- set.push_back(TAG_AUTH_TIMEOUT, 300);
- return set;
- }
-
- AuthorizationSet ClientParams() {
- AuthorizationSet set;
- set.push_back(TAG_APPLICATION_ID, "app_id", 6);
- return set;
- }
-
- keymaster_error_t BeginOperation(keymaster_purpose_t purpose) {
- keymaster_key_param_t* out_params = NULL;
- size_t out_params_count = 0;
- keymaster_error_t error =
- device()->begin(device(), purpose, &blob_, client_params_, array_length(client_params_),
- &out_params, &out_params_count, &op_handle_);
- EXPECT_EQ(0, out_params_count);
- EXPECT_TRUE(out_params == NULL);
- return error;
- }
-
- keymaster_error_t BeginOperation(keymaster_purpose_t purpose, const AuthorizationSet& input_set,
- AuthorizationSet* output_set = NULL) {
- AuthorizationSet additional_params(client_params_, array_length(client_params_));
- additional_params.push_back(input_set);
-
- keymaster_key_param_t* out_params;
- size_t out_params_count;
- keymaster_error_t error =
- device()->begin(device(), purpose, &blob_, additional_params.data(),
- additional_params.size(), &out_params, &out_params_count, &op_handle_);
- if (output_set) {
- output_set->Reinitialize(out_params, out_params_count);
- } else {
- EXPECT_EQ(0, out_params_count);
- EXPECT_TRUE(out_params == NULL);
- }
- keymaster_free_param_values(out_params, out_params_count);
- free(out_params);
- return error;
- }
-
- keymaster_error_t UpdateOperation(const string& message, string* output,
- size_t* input_consumed) {
- uint8_t* out_tmp = NULL;
- size_t out_length;
- EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
- keymaster_error_t error =
- device()->update(device(), op_handle_, NULL /* params */, 0 /* params_count */,
- reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
- input_consumed, &out_tmp, &out_length);
- if (out_tmp)
- output->append(reinterpret_cast<char*>(out_tmp), out_length);
- free(out_tmp);
- return error;
- }
-
- keymaster_error_t UpdateOperation(const AuthorizationSet& additional_params,
- const string& message, string* output,
- size_t* input_consumed) {
- uint8_t* out_tmp = NULL;
- size_t out_length;
- EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
- keymaster_error_t error = device()->update(
- device(), op_handle_, additional_params.data(), additional_params.size(),
- reinterpret_cast<const uint8_t*>(message.c_str()), message.length(), input_consumed,
- &out_tmp, &out_length);
- if (out_tmp)
- output->append(reinterpret_cast<char*>(out_tmp), out_length);
- free(out_tmp);
- return error;
- }
-
- keymaster_error_t FinishOperation(string* output) { return FinishOperation("", output); }
-
- keymaster_error_t FinishOperation(const string& signature, string* output) {
- AuthorizationSet additional_params;
- return FinishOperation(additional_params, signature, output);
- }
-
- keymaster_error_t FinishOperation(const AuthorizationSet& additional_params,
- const string& signature, string* output) {
- uint8_t* out_tmp = NULL;
- size_t out_length;
- keymaster_error_t error = device()->finish(
- device(), op_handle_, additional_params.data(), additional_params.size(),
- reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(), &out_tmp,
- &out_length);
- if (out_tmp)
- output->append(reinterpret_cast<char*>(out_tmp), out_length);
- free(out_tmp);
- return error;
- }
-
- template <typename T>
- bool ResponseContains(const vector<T>& expected, const T* values, size_t len) {
- return expected.size() == len &&
- std::is_permutation(values, values + len, expected.begin());
- }
-
- template <typename T> bool ResponseContains(T expected, const T* values, size_t len) {
- return (len == 1 && *values == expected);
- }
-
- keymaster_error_t AbortOperation() { return device()->abort(device(), op_handle_); }
-
- string ProcessMessage(keymaster_purpose_t purpose, const string& message) {
- AuthorizationSet input_params;
- EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
-
- string result;
- size_t input_consumed;
- EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
- return result;
- }
-
- string ProcessMessage(keymaster_purpose_t purpose, const string& message,
- const AuthorizationSet& begin_params,
- const AuthorizationSet& update_params,
- AuthorizationSet* output_params = NULL) {
- EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
-
- string result;
- size_t input_consumed;
- EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
- return result;
- }
-
- string ProcessMessage(keymaster_purpose_t purpose, const string& message,
- const string& signature) {
- AuthorizationSet input_params;
- EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
-
- string result;
- size_t input_consumed;
- EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
- return result;
- }
-
- void SignMessage(const string& message, string* signature) {
- SCOPED_TRACE("SignMessage");
- *signature = ProcessMessage(KM_PURPOSE_SIGN, message);
- EXPECT_GT(signature->size(), 0);
- }
-
- void VerifyMessage(const string& message, const string& signature) {
- SCOPED_TRACE("VerifyMessage");
- ProcessMessage(KM_PURPOSE_VERIFY, message, signature);
- }
-
- string EncryptMessage(const string& message, string* generated_nonce = NULL) {
- AuthorizationSet update_params;
- return EncryptMessage(update_params, message, generated_nonce);
- }
-
- string EncryptMessage(const AuthorizationSet& update_params, const string& message,
- string* generated_nonce = NULL) {
- SCOPED_TRACE("EncryptMessage");
- AuthorizationSet begin_params, output_params;
- string ciphertext = ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params,
- &output_params);
- if (generated_nonce) {
- keymaster_blob_t nonce_blob;
- EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
- *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
- } else {
- EXPECT_EQ(-1, output_params.find(TAG_NONCE));
- }
- return ciphertext;
- }
-
- string EncryptMessageWithParams(const string& message, const AuthorizationSet& begin_params,
- const AuthorizationSet& update_params,
- AuthorizationSet* output_params) {
- SCOPED_TRACE("EncryptMessageWithParams");
- return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params,
- output_params);
- }
-
- string DecryptMessage(const string& ciphertext) {
- SCOPED_TRACE("DecryptMessage");
- return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext);
- }
-
- string DecryptMessage(const string& ciphertext, const string& nonce) {
- SCOPED_TRACE("DecryptMessage");
- AuthorizationSet update_params;
- return DecryptMessage(update_params, ciphertext, nonce);
- }
-
- string DecryptMessage(const AuthorizationSet& update_params, const string& ciphertext,
- const string& nonce) {
- SCOPED_TRACE("DecryptMessage");
- AuthorizationSet begin_params;
- begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
- return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
- }
-
- keymaster_error_t GetCharacteristics() {
- FreeCharacteristics();
- return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
- &characteristics_);
- }
-
- keymaster_error_t ExportKey(keymaster_key_format_t format, string* export_data) {
- uint8_t* export_data_tmp;
- size_t export_data_length;
-
- keymaster_error_t error =
- device()->export_key(device(), format, &blob_, &client_id_, NULL /* app_data */,
- &export_data_tmp, &export_data_length);
-
- if (error != KM_ERROR_OK)
- return error;
-
- *export_data = string(reinterpret_cast<char*>(export_data_tmp), export_data_length);
- free(export_data_tmp);
- return error;
- }
-
- keymaster_error_t GetVersion(uint8_t* major, uint8_t* minor, uint8_t* subminor) {
- GetVersionRequest request;
- GetVersionResponse response;
- device_.GetVersion(request, &response);
- if (response.error != KM_ERROR_OK)
- return response.error;
- *major = response.major_ver;
- *minor = response.minor_ver;
- *subminor = response.subminor_ver;
- return response.error;
- }
-
- keymaster_error_t Rescope(const AuthorizationSet& new_params,
- keymaster_key_blob_t* rescoped_blob,
- keymaster_key_characteristics_t** rescoped_characteristics) {
- return device()->rescope(device(), new_params.data(), new_params.size(), &blob_,
- &client_id_, NULL /* app data */, rescoped_blob,
- rescoped_characteristics);
- }
-
- void CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
- string expected_mac) {
- ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8, digest,
- expected_mac.size()),
- KM_KEY_FORMAT_RAW, key));
- string signature;
- SignMessage(message, &signature);
- EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << digest;
- }
-
- void CheckAesOcbTestVector(const string& key, const string& nonce,
- const string& associated_data, const string& message,
- const string& expected_ciphertext) {
- ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
- .AesEncryptionKey(key.size() * 8)
- .OcbMode(4096 /* chunk length */, 16 /* tag length */)
- .Authorization(TAG_CALLER_NONCE),
- KM_KEY_FORMAT_RAW, key));
-
- AuthorizationSet begin_params, update_params, output_params;
- begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
- update_params.push_back(TAG_ASSOCIATED_DATA, associated_data.data(),
- associated_data.size());
- string ciphertext =
- EncryptMessageWithParams(message, begin_params, update_params, &output_params);
- EXPECT_EQ(expected_ciphertext, ciphertext);
- }
-
- AuthorizationSet hw_enforced() {
- EXPECT_TRUE(characteristics_ != NULL);
- return AuthorizationSet(characteristics_->hw_enforced);
- }
-
- AuthorizationSet sw_enforced() {
- EXPECT_TRUE(characteristics_ != NULL);
- return AuthorizationSet(characteristics_->sw_enforced);
- }
-
- void FreeCharacteristics() {
- keymaster_free_characteristics(characteristics_);
- free(characteristics_);
- characteristics_ = NULL;
- }
-
- void FreeKeyBlob() {
- free(const_cast<uint8_t*>(blob_.key_material));
- blob_.key_material = NULL;
- }
-
- void corrupt_key_blob() {
- assert(blob_.key_material);
- uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
- ++tmp[blob_.key_material_size / 2];
- }
-
- private:
- SoftKeymasterDevice device_;
- keymaster_blob_t client_id_ = {.data = reinterpret_cast<const uint8_t*>("app_id"),
- .data_length = 6};
- keymaster_key_param_t client_params_[1] = {
- Authorization(TAG_APPLICATION_ID, client_id_.data, client_id_.data_length)};
-
- uint64_t op_handle_;
-
- keymaster_key_blob_t blob_;
- keymaster_key_characteristics_t* characteristics_;
};
typedef KeymasterTest CheckSupported;
@@ -1561,15 +1194,6 @@
VerifyMessage(message, signature);
}
-typedef KeymasterTest VersionTest;
-TEST_F(VersionTest, GetVersion) {
- uint8_t major, minor, subminor;
- ASSERT_EQ(KM_ERROR_OK, GetVersion(&major, &minor, &subminor));
- EXPECT_EQ(1, major);
- EXPECT_EQ(0, minor);
- EXPECT_EQ(0, subminor);
-}
-
typedef KeymasterTest EncryptionOperationsTest;
TEST_F(EncryptionOperationsTest, RsaOaepSuccess) {
ASSERT_EQ(KM_ERROR_OK,