Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 2c242009007a38b5c8003137fb8ba5a1fdb73b70 / . / authorization_set_test.cpp
blob: a8efecc5651b3782e725ece6805d89a785d19ddd [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]19#include <keymaster/authorization_set.h>
20#include <keymaster/google_keymaster_utils.h>
21
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]22#include "google_keymaster_test_utils.h"
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]23
24int main(int argc, char** argv) {
25 ::testing::InitGoogleTest(&argc, argv);
26 int result = RUN_ALL_TESTS();
27 return result;
28}
29
30namespace keymaster {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]31
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]32namespace test {
33
34TEST(Construction, ListProvided) {
35 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]36 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
37 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
38 Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "my_app", 6),
39 Authorization(TAG_KEY_SIZE, 256), Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]40 };
41 AuthorizationSet set(params, array_length(params));
42 EXPECT_EQ(8U, set.size());
43}
44
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]45TEST(Construction, Copy) {
46 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]47 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
48 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
49 Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "my_app", 6),
50 Authorization(TAG_KEY_SIZE, 256), Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]51 };
52 AuthorizationSet set(params, array_length(params));
53 AuthorizationSet set2(set);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]54 EXPECT_EQ(set, set2);
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]55}
56
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]57TEST(Lookup, NonRepeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]58 AuthorizationSet set(AuthorizationSetBuilder()
59 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
60 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
61 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
62 .Authorization(TAG_USER_ID, 7)
63 .Authorization(TAG_USER_AUTH_ID, 8)
64 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
65 .Authorization(TAG_KEY_SIZE, 256)
66 .Authorization(TAG_AUTH_TIMEOUT, 300));
67
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]68 EXPECT_EQ(8U, set.size());
69
70 int pos = set.find(TAG_ALGORITHM);
71 ASSERT_NE(-1, pos);
72 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
73 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
74
75 pos = set.find(TAG_MAC_LENGTH);
76 EXPECT_EQ(-1, pos);
77
78 uint32_t int_val = 0;
79 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
80 EXPECT_EQ(7U, int_val);
81
82 keymaster_blob_t blob_val;
83 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
84 EXPECT_EQ(6U, blob_val.data_length);
85 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
86}
87
88TEST(Lookup, Repeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]89 AuthorizationSet set(AuthorizationSetBuilder()
90 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
91 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
92 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
93 .Authorization(TAG_USER_ID, 7)
94 .Authorization(TAG_USER_AUTH_ID, 8)
95 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
96 .Authorization(TAG_KEY_SIZE, 256)
97 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]98 EXPECT_EQ(8U, set.size());
99
100 int pos = set.find(TAG_PURPOSE);
101 ASSERT_FALSE(pos == -1);
102 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
103 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
104
105 pos = set.find(TAG_PURPOSE, pos);
106 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
107 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
108
109 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
110}
111
112TEST(Lookup, Indexed) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]113 AuthorizationSet set(AuthorizationSetBuilder()
114 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
115 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
116 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
117 .Authorization(TAG_USER_ID, 7)
118 .Authorization(TAG_USER_AUTH_ID, 8)
119 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
120 .Authorization(TAG_KEY_SIZE, 256)
121 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]122 EXPECT_EQ(8U, set.size());
123
124 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
125 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
126
127 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
128 // running under valgrind).
129 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
130}
131
132TEST(Serialization, RoundTrip) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]133 AuthorizationSet set(AuthorizationSetBuilder()
134 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
135 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
136 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
137 .Authorization(TAG_USER_ID, 7)
138 .Authorization(TAG_USER_AUTH_ID, 8)
139 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
140 .Authorization(TAG_KEY_SIZE, 256)
141 .Authorization(TAG_AUTH_TIMEOUT, 300)
142 .Authorization(TAG_ALL_USERS)
143 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
144 .Authorization(TAG_ACTIVE_DATETIME, 10));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]145
146 size_t size = set.SerializedSize();
147 EXPECT_TRUE(size > 0);
148
149 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]150 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]151 AuthorizationSet deserialized(buf.get(), size);
152
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]153 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]154 EXPECT_EQ(set, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]155
156 int pos = deserialized.find(TAG_APPLICATION_ID);
157 ASSERT_NE(-1, pos);
158 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
159 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
160 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
161}
162
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]163TEST(Deserialization, Deserialize) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]164 AuthorizationSet set(AuthorizationSetBuilder()
165 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
166 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
167 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
168 .Authorization(TAG_USER_ID, 7)
169 .Authorization(TAG_USER_AUTH_ID, 8)
170 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
171 .Authorization(TAG_KEY_SIZE, 256)
172 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]173
174 size_t size = set.SerializedSize();
175 EXPECT_TRUE(size > 0);
176
177 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]178 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]179 AuthorizationSet deserialized;
180 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]181 EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]182 EXPECT_EQ(p, buf.get() + size);
183
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]184 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]185
186 EXPECT_EQ(set.size(), deserialized.size());
187 for (size_t i = 0; i < set.size(); ++i) {
188 EXPECT_EQ(set[i].tag, deserialized[i].tag);
189 }
190
191 int pos = deserialized.find(TAG_APPLICATION_ID);
192 ASSERT_NE(-1, pos);
193 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
194 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
195 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
196}
197
198TEST(Deserialization, TooShortBuffer) {
199 uint8_t buf[] = {0, 0, 0};
200 AuthorizationSet deserialized(buf, array_length(buf));
201 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
202
203 const uint8_t* p = buf;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]204 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]205 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
206}
207
208TEST(Deserialization, InvalidLengthField) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]209 AuthorizationSet set(AuthorizationSetBuilder()
210 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
211 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
212 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
213 .Authorization(TAG_USER_ID, 7)
214 .Authorization(TAG_USER_AUTH_ID, 8)
215 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
216 .Authorization(TAG_KEY_SIZE, 256)
217 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]218
219 size_t size = set.SerializedSize();
220 EXPECT_TRUE(size > 0);
221
222 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]223 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]224 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
225
226 AuthorizationSet deserialized(buf.get(), size);
227 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
228
229 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]230 EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]231 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
232}
233
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]234static uint32_t read_uint32(const uint8_t* buf) {
235 uint32_t val;
236 memcpy(&val, buf, sizeof(val));
237 return val;
238}
239
240static void add_to_uint32(uint8_t* buf, int delta) {
241 uint32_t val;
242 memcpy(&val, buf, sizeof(val));
243 val += delta;
244 memcpy(buf, &val, sizeof(val));
245}
246
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]247TEST(Deserialization, MalformedIndirectData) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]248 AuthorizationSet set(AuthorizationSetBuilder()
249 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
250 .Authorization(TAG_APPLICATION_DATA, "foo", 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]251 size_t size = set.SerializedSize();
252
253 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]254 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]255
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]256 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
257 // this particular set, which means it's brittle. But it's important to test that we handle
258 // broken serialized data and I can't think of a better way to write this.
259 //
260 // The contents of buf are:
261 //
262 // Bytes: Content:
263 // 0-3 Length of string data, which is 9.
264 // 4-9 "my_app"
265 // 10-12 "foo"
266 // 13-16 Number of elements, which is 2.
267 // 17-20 Length of elements, which is 24.
268 // 21-24 First tag, TAG_APPLICATION_ID
269 // 25-28 Length of string "my_app", 6
270 // 29-32 Offset of string "my_app", 0
271 // 33-36 Second tag, TAG_APPLICATION_DATA
272 // 37-40 Length of string "foo", 3
273 // 41-44 Offset of string "foo", 6
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]274
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]275 // Check that stuff is where we think.
276 EXPECT_EQ('m', buf[4]);
277 EXPECT_EQ('f', buf[10]);
278 // Length of "my_app"
279 EXPECT_EQ(6U, read_uint32(buf.get() + 25));
280 // Offset of "my_app"
281 EXPECT_EQ(0U, read_uint32(buf.get() + 29));
282 // Length of "foo"
283 EXPECT_EQ(3U, read_uint32(buf.get() + 37));
284 // Offset of "foo"
285 EXPECT_EQ(6U, read_uint32(buf.get() + 41));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]286
287 // Check that deserialization works.
288 AuthorizationSet deserialized1(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]289 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]290
291 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]292 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
293 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]294
295 //
296 // Now mess them up in various ways:
297 //
298
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]299 // Move "foo" offset so offset + length goes off the end
300 add_to_uint32(buf.get() + 41, 1);
301 AuthorizationSet deserialized2(buf.get(), size);
302 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
303 add_to_uint32(buf.get() + 41, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]304
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]305 // Shorten the "my_app" length to make a gap between the blobs.
306 add_to_uint32(buf.get() + 25, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]307 AuthorizationSet deserialized3(buf.get(), size);
308 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]309 add_to_uint32(buf.get() + 25, 1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]310
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]311 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
312 // total length the same. We don't detect this but should.
313 // TODO(swillden): Detect overlaps and holes that leave total size correct.
314 add_to_uint32(buf.get() + 25, 1);
315 add_to_uint32(buf.get() + 37, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]316 AuthorizationSet deserialized4(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]317 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]318}
319
320TEST(Growable, SuccessfulRoundTrip) {
321 keymaster_key_param_t elems_buf[20];
322 uint8_t data_buf[200];
323
324 AuthorizationSet growable;
325 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
326 EXPECT_EQ(1U, growable.size());
327
328 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
329 EXPECT_EQ(2U, growable.size());
330
331 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
332 EXPECT_EQ(3U, growable.size());
333
334 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
335 EXPECT_EQ(4U, growable.size());
336
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]337 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
338 EXPECT_EQ(5U, growable.size());
339
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]340 size_t serialize_size = growable.SerializedSize();
341 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]342 EXPECT_EQ(serialized.get() + serialize_size,
343 growable.Serialize(serialized.get(), serialized.get() + serialize_size));
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]344
345 AuthorizationSet deserialized(serialized.get(), serialize_size);
346 EXPECT_EQ(growable, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]347}
348
349TEST(Growable, InsufficientElemBuf) {
350 keymaster_key_param_t elems_buf[1];
351 uint8_t data_buf[200];
352
353 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]354 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]355
356 // First insertion fits.
357 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
358 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]359 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]360
361 // Second does too.
362 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
363 EXPECT_EQ(2U, growable.size());
364}
365
366TEST(Growable, InsufficientIndirectBuf) {
367 keymaster_key_param_t elems_buf[3];
368 uint8_t data_buf[10];
369
370 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]371 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]372
373 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
374 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]375 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]376
377 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
378 EXPECT_EQ(2U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]379 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]380
381 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
382 EXPECT_EQ(3U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]383 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]384
385 // Can still add another entry without indirect data. Now it's full.
386 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
387 EXPECT_EQ(4U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]388 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]389}
390
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]391TEST(Growable, PushBackSets) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]392 AuthorizationSetBuilder builder;
393 builder.Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
394 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
395 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
396 .Authorization(TAG_USER_ID, 7)
397 .Authorization(TAG_USER_AUTH_ID, 8)
398 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
399 .Authorization(TAG_KEY_SIZE, 256)
400 .Authorization(TAG_AUTH_TIMEOUT, 300);
401
402 AuthorizationSet set1(builder.build());
403 AuthorizationSet set2(builder.build());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]404
405 AuthorizationSet combined;
406 EXPECT_TRUE(combined.push_back(set1));
407 EXPECT_TRUE(combined.push_back(set2));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]408 EXPECT_EQ(set1.size() + set2.size(), combined.size());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]409 EXPECT_EQ(12U, combined.indirect_size());
410}
411
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]412TEST(GetValue, GetInt) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]413 AuthorizationSet set(AuthorizationSetBuilder()
414 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
415 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
416 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
417 .Authorization(TAG_USER_ID, 7)
418 .Authorization(TAG_USER_AUTH_ID, 8)
419 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
420 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]421
422 uint32_t val;
423 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
424 EXPECT_EQ(7U, val);
425
426 // Find one that isn't there
427 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
428}
429
430TEST(GetValue, GetIntRep) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]431 AuthorizationSet set(AuthorizationSetBuilder()
432 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
433 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
434 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
435 .Authorization(TAG_USER_ID, 7)
436 .Authorization(TAG_USER_AUTH_ID, 8)
437 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
438 .Authorization(TAG_KEY_SIZE, 256)
439 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]440
441 uint32_t val;
442 EXPECT_TRUE(set.GetTagValue(TAG_USER_AUTH_ID, 0, &val));
443 EXPECT_EQ(8U, val);
444
445 // Find one that isn't there
446 EXPECT_FALSE(set.GetTagValue(TAG_USER_AUTH_ID, 1, &val));
447}
448
449TEST(GetValue, GetLong) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]450 AuthorizationSet set1(AuthorizationSetBuilder()
451 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
452 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
453 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
454 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]455
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]456 AuthorizationSet set2(AuthorizationSetBuilder()
457 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
458 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
459 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]460
461 uint64_t val;
462 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
463 EXPECT_EQ(3U, val);
464
465 // Find one that isn't there
466 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
467}
468
469TEST(GetValue, GetEnum) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]470 AuthorizationSet set(AuthorizationSetBuilder()
471 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
472 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
473 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
474 .Authorization(TAG_USER_ID, 7)
475 .Authorization(TAG_USER_AUTH_ID, 8)
476 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
477 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]478
479 keymaster_algorithm_t val;
480 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
481 EXPECT_EQ(KM_ALGORITHM_RSA, val);
482
483 // Find one that isn't there
484 keymaster_padding_t val2;
485 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
486}
487
488TEST(GetValue, GetEnumRep) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]489 AuthorizationSet set(AuthorizationSetBuilder()
490 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
491 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
492 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
493 .Authorization(TAG_USER_ID, 7)
494 .Authorization(TAG_USER_AUTH_ID, 8)
495 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
496 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]497
498 keymaster_purpose_t val;
499 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
500 EXPECT_EQ(KM_PURPOSE_SIGN, val);
501 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
502 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
503
504 // Find one that isn't there
505 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
506}
507
508TEST(GetValue, GetDate) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]509 AuthorizationSet set(AuthorizationSetBuilder()
510 .Authorization(TAG_ACTIVE_DATETIME, 10)
511 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
512 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
513 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
514 .Authorization(TAG_USER_ID, 7)
515 .Authorization(TAG_USER_AUTH_ID, 8)
516 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
517 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]518
519 uint64_t val;
520 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
521 EXPECT_EQ(10U, val);
522
523 // Find one that isn't there
524 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
525}
526
527TEST(GetValue, GetBlob) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]528 AuthorizationSet set(AuthorizationSetBuilder()
529 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
530 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
531 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
532 .Authorization(TAG_USER_ID, 7)
533 .Authorization(TAG_USER_AUTH_ID, 8)
534 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
535 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]536
537 keymaster_blob_t val;
538 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
539 EXPECT_EQ(6U, val.data_length);
540 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
541
542 // Find one that isn't there
543 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
544}
545
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame^]546TEST(Deduplication, NoDuplicates) {
547 AuthorizationSet set(AuthorizationSetBuilder()
548 .Authorization(TAG_ACTIVE_DATETIME, 10)
549 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
550 .Authorization(TAG_USER_ID, 7)
551 .Authorization(TAG_USER_AUTH_ID, 8));
552 AuthorizationSet copy(set);
553
554 EXPECT_EQ(copy, set);
555 set.Deduplicate();
556 EXPECT_EQ(copy.size(), set.size());
557
558 // Sets no longer compare equal, because of ordering (ugh, maybe it should be
559 // AuthorizationList, not AuthorizationSet).
560 EXPECT_NE(copy, set);
561}
562
563TEST(Deduplication, NoDuplicatesHasInvalid) {
564 AuthorizationSet set(AuthorizationSetBuilder()
565 .Authorization(TAG_ACTIVE_DATETIME, 10)
566 .Authorization(TAG_INVALID)
567 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
568 .Authorization(TAG_USER_ID, 7)
569 .Authorization(TAG_USER_AUTH_ID, 8));
570 AuthorizationSet copy(set);
571
572 EXPECT_EQ(copy, set);
573 set.Deduplicate();
574
575 // Deduplicate should have removed the invalid.
576 EXPECT_EQ(copy.size() - 1, set.size());
577 EXPECT_NE(copy, set);
578}
579
580TEST(Deduplication, DuplicateEnum) {
581 AuthorizationSet set(AuthorizationSetBuilder()
582 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
583 .Authorization(TAG_ACTIVE_DATETIME, 10)
584 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
585 .Authorization(TAG_USER_ID, 7)
586 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
587 .Authorization(TAG_USER_AUTH_ID, 8));
588 AuthorizationSet copy(set);
589
590 EXPECT_EQ(copy, set);
591 set.Deduplicate();
592 EXPECT_EQ(copy.size() - 2, set.size());
593 EXPECT_NE(copy, set);
594}
595
596TEST(Deduplication, DuplicateBlob) {
597 AuthorizationSet set(AuthorizationSetBuilder()
598 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
599 .Authorization(TAG_ACTIVE_DATETIME, 10)
600 .Authorization(TAG_APPLICATION_DATA, "data", 4)
601 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
602 .Authorization(TAG_USER_ID, 7)
603 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
604 .Authorization(TAG_APPLICATION_DATA, "data", 4)
605 .Authorization(TAG_APPLICATION_DATA, "foo", 3)
606 .Authorization(TAG_USER_AUTH_ID, 8));
607 AuthorizationSet copy(set);
608
609 EXPECT_EQ(copy, set);
610 set.Deduplicate();
611 EXPECT_EQ(copy.size() - 3, set.size());
612 EXPECT_NE(copy, set);
613
614 // The real test here is that valgrind reports no leak.
615}
616
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]617} // namespace test
618} // namespace keymaster