Refactor unit tests to reduce code duplication.
Change-Id: I988d82d24df505f17a8cf53d68ac41e43c1a5b5c
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index c6fddcf..55e9b0e 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -75,6 +75,17 @@
KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
~KeymasterTest() {}
+ template <typename T> void ExpectEmptyResponse(const SupportedResponse<T>& response) {
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(0U, response.results_length);
+ }
+
+ template <typename T> void ExpectResponseContains(T val, const SupportedResponse<T>& response) {
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(1U, response.results_length);
+ EXPECT_EQ(val, response.results[0]);
+ }
+
GoogleSoftKeymaster device;
};
@@ -98,16 +109,13 @@
SupportedResponse<keymaster_block_mode_t> response;
device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(0U, response.results_length);
+ ExpectEmptyResponse(response);
device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(0U, response.results_length);
+ ExpectEmptyResponse(response);
device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(0U, response.results_length);
+ ExpectEmptyResponse(response);
device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
@@ -119,19 +127,13 @@
SupportedResponse<keymaster_padding_t> response;
device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_PAD_NONE, response.results[0]);
+ ExpectResponseContains(KM_PAD_NONE, response);
device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_PAD_NONE, response.results[0]);
+ ExpectResponseContains(KM_PAD_NONE, response);
device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_PAD_NONE, response.results[0]);
+ ExpectResponseContains(KM_PAD_NONE, response);
device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
@@ -143,19 +145,13 @@
SupportedResponse<keymaster_digest_t> response;
device.SupportedDigests(KM_ALGORITHM_RSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
+ ExpectResponseContains(KM_DIGEST_NONE, response);
device.SupportedDigests(KM_ALGORITHM_DSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
+ ExpectResponseContains(KM_DIGEST_NONE, response);
device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
+ ExpectResponseContains(KM_DIGEST_NONE, response);
device.SupportedDigests(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
@@ -167,19 +163,13 @@
SupportedResponse<keymaster_key_format_t> response;
device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
+ ExpectResponseContains(KM_KEY_FORMAT_PKCS8, response);
device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
+ ExpectResponseContains(KM_KEY_FORMAT_PKCS8, response);
device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
+ ExpectResponseContains(KM_KEY_FORMAT_PKCS8, response);
device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
@@ -191,459 +181,208 @@
SupportedResponse<keymaster_key_format_t> response;
device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
+ ExpectResponseContains(KM_KEY_FORMAT_X509, response);
device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
+ ExpectResponseContains(KM_KEY_FORMAT_X509, response);
device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
- EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(1U, response.results_length);
- EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
+ ExpectResponseContains(KM_KEY_FORMAT_X509, response);
device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
}
-typedef KeymasterTest NewKeyGeneration;
+keymaster_key_param_t key_generation_base_params[] = {
+ Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
+ Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ Authorization(TAG_USER_ID, 7),
+ Authorization(TAG_USER_AUTH_ID, 8),
+ Authorization(TAG_APPLICATION_ID, "app_id", 6),
+ Authorization(TAG_APPLICATION_DATA, "app_data", 8),
+ Authorization(TAG_AUTH_TIMEOUT, 300),
+};
+
+class NewKeyGeneration : public KeymasterTest {
+ protected:
+ NewKeyGeneration() {
+ req_.key_description.Reinitialize(key_generation_base_params,
+ array_length(key_generation_base_params));
+ }
+
+ void CheckBaseParams(const GenerateKeyResponse& rsp) {
+ ASSERT_EQ(KM_ERROR_OK, rsp.error);
+ EXPECT_EQ(0U, rsp.enforced.size());
+ EXPECT_EQ(12U, rsp.enforced.SerializedSize());
+ EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
+
+ // Verify that App ID, App data and ROT are NOT included.
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
+
+ // Just for giggles, check that some unexpected tags/values are NOT present.
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
+
+ // Now check that unspecified, defaulted tags are correct.
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
+ EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
+ }
+
+ GenerateKeyRequest req_;
+ GenerateKeyResponse rsp_;
+};
+
TEST_F(NewKeyGeneration, Rsa) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
- Authorization(TAG_KEY_SIZE, 256),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
+ req_.key_description.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
-
- // Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 256));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_RSA_PUBLIC_EXPONENT, 3));
}
TEST_F(NewKeyGeneration, RsaDefaultSize) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
// Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 2048));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 2048));
}
TEST_F(NewKeyGeneration, Dsa) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
- Authorization(TAG_KEY_SIZE, 256),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
-
- // Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 256));
// Generator should have created DSA params.
keymaster_blob_t g, p, q;
- EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
- EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
- EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
+ EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
+ EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_P, &p));
+ EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_Q, &q));
EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
EXPECT_EQ(64U, p.data_length);
EXPECT_EQ(20U, q.data_length);
}
TEST_F(NewKeyGeneration, DsaDefaultSize) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
// Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 2048));
-
- // Generator should have created DSA params.
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 2048));
keymaster_blob_t g, p, q;
- EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
- EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
- EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
+ EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
+ EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_P, &p));
+ EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_Q, &q));
EXPECT_TRUE(g.data_length >= 255 && g.data_length <= 256);
EXPECT_EQ(256U, p.data_length);
EXPECT_EQ(32U, q.data_length);
}
TEST_F(NewKeyGeneration, Dsa_ParamsSpecified) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
- Authorization(TAG_KEY_SIZE, 256),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- Authorization(TAG_DSA_GENERATOR, dsa_g, array_size(dsa_g)),
- Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)),
- Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
+ req_.key_description.push_back(Authorization(TAG_DSA_GENERATOR, dsa_g, array_size(dsa_g)));
+ req_.key_description.push_back(Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)));
+ req_.key_description.push_back(Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
-
- // Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 256));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_DSA_GENERATOR,
+ std::string(reinterpret_cast<const char*>(dsa_g), array_size(dsa_g))));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_DSA_P,
+ std::string(reinterpret_cast<const char*>(dsa_p), array_size(dsa_p))));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_DSA_Q,
+ std::string(reinterpret_cast<const char*>(dsa_q), array_size(dsa_q))));
}
TEST_F(NewKeyGeneration, Dsa_SomeParamsSpecified) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
- Authorization(TAG_KEY_SIZE, 256),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)),
- Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
+ req_.key_description.push_back(Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)));
+ req_.key_description.push_back(Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
- ASSERT_EQ(KM_ERROR_INVALID_DSA_PARAMS, rsp.error);
+ ASSERT_EQ(KM_ERROR_INVALID_DSA_PARAMS, rsp_.error);
}
TEST_F(NewKeyGeneration, Ecdsa) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
- Authorization(TAG_KEY_SIZE, 192),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 192));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 192));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
-
- // Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 192));
}
TEST_F(NewKeyGeneration, EcdsaDefaultSize) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ device.GenerateKey(req_, &rsp_);
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_OK, rsp.error);
- EXPECT_EQ(0U, rsp.enforced.size());
- EXPECT_EQ(12U, rsp.enforced.SerializedSize());
- EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+ CheckBaseParams(rsp_);
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
-
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
-
- // Verify that App ID, App data and ROT are NOT included.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
-
- // Just for giggles, check that some unexpected tags/values are NOT present.
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
- EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
// Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
- EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
- EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 224));
+ EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 224));
}
TEST_F(NewKeyGeneration, EcdsaInvalidSize) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- Authorization(TAG_KEY_SIZE, 190),
- };
- GenerateKeyRequest req;
- req.key_description.Reinitialize(params, array_length(params));
- GenerateKeyResponse rsp;
-
- device.GenerateKey(req, &rsp);
-
- ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, rsp.error);
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 190));
+ device.GenerateKey(req_, &rsp_);
+ ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, rsp_.error);
}
TEST_F(NewKeyGeneration, EcdsaAllValidSizes) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
- Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_ID, 8),
- Authorization(TAG_APPLICATION_ID, "app_id", 6),
- Authorization(TAG_APPLICATION_DATA, "app_data", 8),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
-
size_t valid_sizes[] = {192, 224, 256, 384, 521};
-
- GenerateKeyRequest req;
for (size_t size : valid_sizes) {
- req.key_description.Reinitialize(params, array_length(params));
- req.key_description.push_back(Authorization(TAG_KEY_SIZE, size));
- GenerateKeyResponse rsp;
- device.GenerateKey(req, &rsp);
- EXPECT_EQ(KM_ERROR_OK, rsp.error) << "Failed to generate size: " << size;
+ req_.key_description.Reinitialize(key_generation_base_params,
+ array_length(key_generation_base_params));
+ req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ req_.key_description.push_back(Authorization(TAG_KEY_SIZE, size));
+ device.GenerateKey(req_, &rsp_);
+ EXPECT_EQ(KM_ERROR_OK, rsp_.error) << "Failed to generate size: " << size;
}
}