Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 5ada7b6c525d2bfd5b556a698ccb11db23e052bb / . / authorization_set_test.cpp
blob: b273f65667a87a6f8963211545e6f57dbdc1b9d0 [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame^]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
19#include "authorization_set.h"
20#include "google_keymaster_utils.h"
21
22int main(int argc, char** argv) {
23 ::testing::InitGoogleTest(&argc, argv);
24 int result = RUN_ALL_TESTS();
25 return result;
26}
27
28namespace keymaster {
29namespace test {
30
31TEST(Construction, ListProvided) {
32 keymaster_key_param_t params[] = {
33 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
34 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
35 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
36 Authorization(TAG_USER_ID, 7),
37 Authorization(TAG_USER_AUTH_ID, 8),
38 Authorization(TAG_APPLICATION_ID, "my_app", 6),
39 Authorization(TAG_KEY_SIZE, 256),
40 Authorization(TAG_AUTH_TIMEOUT, 300),
41 };
42 AuthorizationSet set(params, array_length(params));
43 EXPECT_EQ(8U, set.size());
44}
45
46TEST(Lookup, NonRepeated) {
47 keymaster_key_param_t params[] = {
48 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
49 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
50 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
51 Authorization(TAG_USER_ID, 7),
52 Authorization(TAG_USER_AUTH_ID, 8),
53 Authorization(TAG_APPLICATION_ID, "my_app", 6),
54 Authorization(TAG_KEY_SIZE, 256),
55 Authorization(TAG_AUTH_TIMEOUT, 300),
56 };
57 AuthorizationSet set(params, array_length(params));
58 EXPECT_EQ(8U, set.size());
59
60 int pos = set.find(TAG_ALGORITHM);
61 ASSERT_NE(-1, pos);
62 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
63 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
64
65 pos = set.find(TAG_MAC_LENGTH);
66 EXPECT_EQ(-1, pos);
67
68 uint32_t int_val = 0;
69 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
70 EXPECT_EQ(7U, int_val);
71
72 keymaster_blob_t blob_val;
73 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
74 EXPECT_EQ(6U, blob_val.data_length);
75 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
76}
77
78TEST(Lookup, Repeated) {
79 keymaster_key_param_t params[] = {
80 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
81 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
82 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
83 Authorization(TAG_USER_ID, 7),
84 Authorization(TAG_USER_AUTH_ID, 8),
85 Authorization(TAG_APPLICATION_ID, "my_app", 6),
86 Authorization(TAG_KEY_SIZE, 256),
87 Authorization(TAG_AUTH_TIMEOUT, 300),
88 };
89 AuthorizationSet set(params, array_length(params));
90 EXPECT_EQ(8U, set.size());
91
92 int pos = set.find(TAG_PURPOSE);
93 ASSERT_FALSE(pos == -1);
94 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
95 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
96
97 pos = set.find(TAG_PURPOSE, pos);
98 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
99 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
100
101 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
102}
103
104TEST(Lookup, Indexed) {
105 keymaster_key_param_t params[] = {
106 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
107 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
108 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
109 Authorization(TAG_USER_ID, 7),
110 Authorization(TAG_USER_AUTH_ID, 8),
111 Authorization(TAG_APPLICATION_ID, "my_app", 6),
112 Authorization(TAG_KEY_SIZE, 256),
113 Authorization(TAG_AUTH_TIMEOUT, 300),
114 };
115 AuthorizationSet set(params, array_length(params));
116 EXPECT_EQ(8U, set.size());
117
118 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
119 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
120
121 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
122 // running under valgrind).
123 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
124}
125
126TEST(Serialization, RoundTrip) {
127 keymaster_key_param_t params[] = {
128 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
129 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
130 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
131 Authorization(TAG_USER_ID, 7),
132 Authorization(TAG_USER_AUTH_ID, 8),
133 Authorization(TAG_APPLICATION_ID, "my_app", 6),
134 Authorization(TAG_KEY_SIZE, 256),
135 Authorization(TAG_AUTH_TIMEOUT, 300),
136 };
137 AuthorizationSet set(params, array_length(params));
138
139 size_t size = set.SerializedSize();
140 EXPECT_TRUE(size > 0);
141
142 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
143 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get()));
144 AuthorizationSet deserialized(buf.get(), size);
145
146 EXPECT_EQ(AuthorizationSet::OK_FULL, deserialized.is_valid());
147
148 EXPECT_EQ(set.size(), deserialized.size());
149 for (size_t i = 0; i < set.size(); ++i) {
150 EXPECT_EQ(set[i].tag, deserialized[i].tag);
151 }
152
153 int pos = deserialized.find(TAG_APPLICATION_ID);
154 ASSERT_NE(-1, pos);
155 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
156 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
157 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
158}
159
160TEST(Deserialization, DeserializeToCopy) {
161 keymaster_key_param_t params[] = {
162 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
163 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
164 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
165 Authorization(TAG_USER_ID, 7),
166 Authorization(TAG_USER_AUTH_ID, 8),
167 Authorization(TAG_APPLICATION_ID, "my_app", 6),
168 Authorization(TAG_KEY_SIZE, 256),
169 Authorization(TAG_AUTH_TIMEOUT, 300),
170 };
171 AuthorizationSet set(params, array_length(params));
172
173 size_t size = set.SerializedSize();
174 EXPECT_TRUE(size > 0);
175
176 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
177 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get()));
178 AuthorizationSet deserialized;
179 const uint8_t* p = buf.get();
180 EXPECT_TRUE(deserialized.DeserializeToCopy(&p, p + size));
181 EXPECT_EQ(p, buf.get() + size);
182
183 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, deserialized.is_valid());
184
185 EXPECT_EQ(set.size(), deserialized.size());
186 for (size_t i = 0; i < set.size(); ++i) {
187 EXPECT_EQ(set[i].tag, deserialized[i].tag);
188 }
189
190 int pos = deserialized.find(TAG_APPLICATION_ID);
191 ASSERT_NE(-1, pos);
192 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
193 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
194 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
195}
196
197TEST(Deserialization, TooShortBuffer) {
198 uint8_t buf[] = {0, 0, 0};
199 AuthorizationSet deserialized(buf, array_length(buf));
200 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
201
202 const uint8_t* p = buf;
203 EXPECT_FALSE(deserialized.DeserializeToCopy(&p, p + array_length(buf)));
204 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
205}
206
207TEST(Deserialization, InvalidLengthField) {
208 keymaster_key_param_t params[] = {
209 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
210 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
211 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
212 Authorization(TAG_USER_ID, 7),
213 Authorization(TAG_USER_AUTH_ID, 8),
214 Authorization(TAG_APPLICATION_ID, "my_app", 6),
215 Authorization(TAG_KEY_SIZE, 256),
216 Authorization(TAG_AUTH_TIMEOUT, 300),
217 };
218 AuthorizationSet set(params, array_length(params));
219
220 size_t size = set.SerializedSize();
221 EXPECT_TRUE(size > 0);
222
223 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
224 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get()));
225 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
226
227 AuthorizationSet deserialized(buf.get(), size);
228 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
229
230 const uint8_t* p = buf.get();
231 EXPECT_FALSE(deserialized.DeserializeToCopy(&p, p + size));
232 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
233}
234
235TEST(Deserialization, MalformedIndirectData) {
236 keymaster_key_param_t params[] = {
237 Authorization(TAG_APPLICATION_ID, "my_app", 6),
238 Authorization(TAG_APPLICATION_DATA, "foo", 3),
239 };
240 AuthorizationSet set(params, array_length(params));
241 size_t size = set.SerializedSize();
242
243 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
244 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get()));
245
246 keymaster_key_param_t* ptr =
247 reinterpret_cast<keymaster_key_param_t*>(buf.get() + sizeof(uint32_t));
248
249 // Check that the offsets we expect are present.
250 EXPECT_EQ(0, ptr[0].blob.data);
251 EXPECT_EQ(6U, ptr[0].blob.data_length);
252 EXPECT_EQ(6, reinterpret_cast<ptrdiff_t>(ptr[1].blob.data));
253 EXPECT_EQ(3U, ptr[1].blob.data_length);
254 EXPECT_EQ(9U, size - sizeof(uint32_t) * 2 - sizeof(*ptr) * 2);
255
256 // Check that deserialization works.
257 AuthorizationSet deserialized1(buf.get(), size);
258 EXPECT_EQ(AuthorizationSet::OK_FULL, deserialized1.is_valid());
259
260 const uint8_t* p = buf.get();
261 EXPECT_TRUE(deserialized1.DeserializeToCopy(&p, p + size));
262 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, deserialized1.is_valid());
263
264 //
265 // Now mess them up in various ways:
266 //
267
268 // Make one point past the end.
269 (*reinterpret_cast<long*>(&(ptr[1].blob.data)))++;
270 AuthorizationSet deserialized2;
271 p = buf.get();
272 deserialized2.DeserializeInPlace(const_cast<uint8_t**>(&p), p + size);
273 EXPECT_EQ(AuthorizationSet::BOUNDS_CHECKING_FAILURE, deserialized2.is_valid());
274
275 p = buf.get();
276 EXPECT_FALSE(deserialized2.DeserializeToCopy(&p, p + size));
277 EXPECT_EQ(AuthorizationSet::BOUNDS_CHECKING_FAILURE, deserialized2.is_valid());
278
279 (*reinterpret_cast<long*>(&(ptr[1].blob.data)))--;
280
281 // Make a gap between the blobs.
282 ptr[0].blob.data_length--;
283 AuthorizationSet deserialized3(buf.get(), size);
284 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
285
286 p = buf.get();
287 deserialized3.DeserializeToCopy(&p, p + size);
288 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
289
290 ptr[0].blob.data_length++;
291
292 // Make them overlap. We don't currently detect this. We should.
293 ptr[0].blob.data_length++;
294 (*reinterpret_cast<long*>(&(ptr[1].blob.data)))--;
295 ptr[1].blob.data_length--;
296 AuthorizationSet deserialized4(buf.get(), size);
297 EXPECT_EQ(AuthorizationSet::OK_FULL, deserialized4.is_valid());
298}
299
300TEST(InPlaceGrowable, SuccessfulRoundTrip) {
301 keymaster_key_param_t elems_buf[20];
302 uint8_t data_buf[200];
303
304 AuthorizationSet growable(elems_buf, array_length(elems_buf), data_buf, array_length(data_buf));
305 EXPECT_TRUE(growable.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA));
306 EXPECT_EQ(1U, growable.size());
307
308 EXPECT_TRUE(growable.push_back(TAG_SINGLE_USE_PER_BOOT));
309 EXPECT_EQ(2U, growable.size());
310
311 EXPECT_TRUE(growable.push_back(TAG_PURPOSE, KM_PURPOSE_SIGN));
312 EXPECT_EQ(3U, growable.size());
313
314 EXPECT_TRUE(growable.push_back(TAG_APPLICATION_ID, "data", 4));
315 EXPECT_EQ(4U, growable.size());
316
317 size_t serialize_size = growable.SerializedSize();
318 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
319 EXPECT_EQ(serialized.get() + serialize_size, growable.Serialize(serialized.get()));
320}
321
322TEST(InplaceGrowable, InsufficientElemBuf) {
323 keymaster_key_param_t elems_buf[1];
324 uint8_t data_buf[200];
325
326 AuthorizationSet growable(elems_buf, array_length(elems_buf), data_buf, array_length(data_buf));
327 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
328
329 // First insertion fits, but set is now full.
330 EXPECT_TRUE(growable.push_back(TAG_USER_ID, 10));
331 EXPECT_EQ(1U, growable.size());
332 EXPECT_EQ(AuthorizationSet::OK_FULL, growable.is_valid());
333
334 // Second does not.
335 EXPECT_FALSE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
336 EXPECT_EQ(1U, growable.size());
337}
338
339TEST(InplaceGrowable, InsufficientIndirectBuf) {
340 keymaster_key_param_t elems_buf[3];
341 uint8_t data_buf[10];
342
343 AuthorizationSet growable(elems_buf, array_length(elems_buf), data_buf, array_length(data_buf));
344 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
345
346 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
347 EXPECT_EQ(1U, growable.size());
348 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
349
350 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
351 EXPECT_EQ(2U, growable.size());
352 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
353
354 // Adding more indirect data should fail, even a single byte, though the set isn't full.
355 EXPECT_FALSE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
356 EXPECT_EQ(2U, growable.size());
357 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
358
359 // Can still add another entry without indirect data. Now it's full.
360 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
361 EXPECT_EQ(3U, growable.size());
362 EXPECT_EQ(AuthorizationSet::OK_FULL, growable.is_valid());
363}
364
365TEST(Growable, SuccessfulRoundTrip) {
366 keymaster_key_param_t elems_buf[20];
367 uint8_t data_buf[200];
368
369 AuthorizationSet growable;
370 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
371 EXPECT_EQ(1U, growable.size());
372
373 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
374 EXPECT_EQ(2U, growable.size());
375
376 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
377 EXPECT_EQ(3U, growable.size());
378
379 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
380 EXPECT_EQ(4U, growable.size());
381
382 size_t serialize_size = growable.SerializedSize();
383 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
384 EXPECT_EQ(serialized.get() + serialize_size, growable.Serialize(serialized.get()));
385}
386
387TEST(Growable, InsufficientElemBuf) {
388 keymaster_key_param_t elems_buf[1];
389 uint8_t data_buf[200];
390
391 AuthorizationSet growable;
392 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
393
394 // First insertion fits.
395 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
396 EXPECT_EQ(1U, growable.size());
397 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
398
399 // Second does too.
400 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
401 EXPECT_EQ(2U, growable.size());
402}
403
404TEST(Growable, InsufficientIndirectBuf) {
405 keymaster_key_param_t elems_buf[3];
406 uint8_t data_buf[10];
407
408 AuthorizationSet growable;
409 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
410
411 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
412 EXPECT_EQ(1U, growable.size());
413 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
414
415 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
416 EXPECT_EQ(2U, growable.size());
417 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
418
419 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
420 EXPECT_EQ(3U, growable.size());
421 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
422
423 // Can still add another entry without indirect data. Now it's full.
424 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
425 EXPECT_EQ(4U, growable.size());
426 EXPECT_EQ(AuthorizationSet::OK_GROWABLE, growable.is_valid());
427}
428
429TEST(GetValue, GetInt) {
430 keymaster_key_param_t params[] = {
431 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
432 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
433 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
434 Authorization(TAG_USER_ID, 7),
435 Authorization(TAG_USER_AUTH_ID, 8),
436 Authorization(TAG_APPLICATION_ID, "my_app", 6),
437 Authorization(TAG_AUTH_TIMEOUT, 300),
438 };
439 AuthorizationSet set(params, array_length(params));
440
441 uint32_t val;
442 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
443 EXPECT_EQ(7U, val);
444
445 // Find one that isn't there
446 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
447}
448
449TEST(GetValue, GetIntRep) {
450 keymaster_key_param_t params[] = {
451 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
452 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
453 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
454 Authorization(TAG_USER_ID, 7),
455 Authorization(TAG_USER_AUTH_ID, 8),
456 Authorization(TAG_APPLICATION_ID, "my_app", 6),
457 Authorization(TAG_AUTH_TIMEOUT, 300),
458 };
459 AuthorizationSet set(params, array_length(params));
460
461 uint32_t val;
462 EXPECT_TRUE(set.GetTagValue(TAG_USER_AUTH_ID, 0, &val));
463 EXPECT_EQ(8U, val);
464
465 // Find one that isn't there
466 EXPECT_FALSE(set.GetTagValue(TAG_USER_AUTH_ID, 1, &val));
467}
468
469TEST(GetValue, GetLong) {
470 keymaster_key_param_t params1[] = {
471 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
472 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
473 keymaster_param_long(TAG_RSA_PUBLIC_EXPONENT, 3),
474 };
475 AuthorizationSet set1(params1, array_length(params1));
476
477 keymaster_key_param_t params2[] = {
478 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
479 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
480 };
481 AuthorizationSet set2(params2, array_length(params2));
482
483 uint64_t val;
484 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
485 EXPECT_EQ(3U, val);
486
487 // Find one that isn't there
488 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
489}
490
491TEST(GetValue, GetEnum) {
492 keymaster_key_param_t params[] = {
493 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
494 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
495 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
496 Authorization(TAG_USER_ID, 7),
497 Authorization(TAG_USER_AUTH_ID, 8),
498 Authorization(TAG_APPLICATION_ID, "my_app", 6),
499 Authorization(TAG_AUTH_TIMEOUT, 300),
500 };
501 AuthorizationSet set(params, array_length(params));
502
503 keymaster_algorithm_t val;
504 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
505 EXPECT_EQ(KM_ALGORITHM_RSA, val);
506
507 // Find one that isn't there
508 keymaster_padding_t val2;
509 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
510}
511
512TEST(GetValue, GetEnumRep) {
513 keymaster_key_param_t params[] = {
514 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
515 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
516 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
517 Authorization(TAG_USER_ID, 7),
518 Authorization(TAG_USER_AUTH_ID, 8),
519 Authorization(TAG_APPLICATION_ID, "my_app", 6),
520 Authorization(TAG_AUTH_TIMEOUT, 300),
521 };
522 AuthorizationSet set(params, array_length(params));
523
524 keymaster_purpose_t val;
525 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
526 EXPECT_EQ(KM_PURPOSE_SIGN, val);
527 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
528 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
529
530 // Find one that isn't there
531 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
532}
533
534TEST(GetValue, GetDate) {
535 keymaster_key_param_t params[] = {
536 Authorization(TAG_ACTIVE_DATETIME, 10),
537 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
538 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
539 Authorization(TAG_USER_ID, 7),
540 Authorization(TAG_USER_AUTH_ID, 8),
541 Authorization(TAG_APPLICATION_ID, "my_app", 6),
542 Authorization(TAG_AUTH_TIMEOUT, 300),
543 };
544 AuthorizationSet set(params, array_length(params));
545
546 uint64_t val;
547 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
548 EXPECT_EQ(10U, val);
549
550 // Find one that isn't there
551 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
552}
553
554TEST(GetValue, GetBlob) {
555 keymaster_key_param_t params[] = {
556 Authorization(TAG_ACTIVE_DATETIME, 10),
557 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
558 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
559 Authorization(TAG_USER_ID, 7),
560 Authorization(TAG_USER_AUTH_ID, 8),
561 Authorization(TAG_APPLICATION_ID, "my_app", 6),
562 Authorization(TAG_AUTH_TIMEOUT, 300),
563 };
564 AuthorizationSet set(params, array_length(params));
565
566 keymaster_blob_t val;
567 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
568 EXPECT_EQ(6U, val.data_length);
569 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
570
571 // Find one that isn't there
572 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
573}
574
575} // namespace test
576} // namespace keymaster