Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 72a5fdde1095cc012b232987d1f02de9b0507b89 / . / authorization_set_test.cpp
blob: 590bbe4fb8a885e431278c6a44a2ecef4e2c2ea6 [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]19#include <keymaster/authorization_set.h>
20#include <keymaster/google_keymaster_utils.h>
21
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]22#include "google_keymaster_test_utils.h"
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]23
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]24namespace keymaster {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]25
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]26namespace test {
27
28TEST(Construction, ListProvided) {
29 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]30 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
31 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]32 Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD),
33 Authorization(TAG_APPLICATION_ID, "my_app", 6), Authorization(TAG_KEY_SIZE, 256),
34 Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]35 };
36 AuthorizationSet set(params, array_length(params));
37 EXPECT_EQ(8U, set.size());
38}
39
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]40TEST(Construction, Copy) {
41 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]42 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
43 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]44 Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD),
45 Authorization(TAG_APPLICATION_ID, "my_app", 6), Authorization(TAG_KEY_SIZE, 256),
46 Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]47 };
48 AuthorizationSet set(params, array_length(params));
49 AuthorizationSet set2(set);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]50 EXPECT_EQ(set, set2);
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]51}
52
Shawn Willdenb58dcde2015-03-02 12:53:13 -0700[diff] [blame]53TEST(Construction, NullProvided) {
54 keymaster_key_param_t params[] = {
55 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
56 };
57
58 AuthorizationSet set1(params, 0);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame^]59 EXPECT_EQ(0U, set1.size());
Shawn Willdenb58dcde2015-03-02 12:53:13 -0700[diff] [blame]60 EXPECT_EQ(AuthorizationSet::OK, set1.is_valid());
61
62 AuthorizationSet set2(reinterpret_cast<keymaster_key_param_t*>(NULL), array_length(params));
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame^]63 EXPECT_EQ(0U, set2.size());
Shawn Willdenb58dcde2015-03-02 12:53:13 -0700[diff] [blame]64 EXPECT_EQ(AuthorizationSet::OK, set2.is_valid());
65}
66
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]67TEST(Lookup, NonRepeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]68 AuthorizationSet set(AuthorizationSetBuilder()
69 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
70 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
71 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
72 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]73 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]74 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
75 .Authorization(TAG_KEY_SIZE, 256)
76 .Authorization(TAG_AUTH_TIMEOUT, 300));
77
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]78 EXPECT_EQ(8U, set.size());
79
80 int pos = set.find(TAG_ALGORITHM);
81 ASSERT_NE(-1, pos);
82 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
83 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
84
85 pos = set.find(TAG_MAC_LENGTH);
86 EXPECT_EQ(-1, pos);
87
88 uint32_t int_val = 0;
89 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
90 EXPECT_EQ(7U, int_val);
91
92 keymaster_blob_t blob_val;
93 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
94 EXPECT_EQ(6U, blob_val.data_length);
95 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
96}
97
98TEST(Lookup, Repeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]99 AuthorizationSet set(AuthorizationSetBuilder()
100 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
101 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
102 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
103 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]104 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]105 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
106 .Authorization(TAG_KEY_SIZE, 256)
107 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]108 EXPECT_EQ(8U, set.size());
109
110 int pos = set.find(TAG_PURPOSE);
111 ASSERT_FALSE(pos == -1);
112 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
113 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
114
115 pos = set.find(TAG_PURPOSE, pos);
116 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
117 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
118
119 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
120}
121
122TEST(Lookup, Indexed) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]123 AuthorizationSet set(AuthorizationSetBuilder()
124 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
125 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
126 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
127 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]128 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]129 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
130 .Authorization(TAG_KEY_SIZE, 256)
131 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]132 EXPECT_EQ(8U, set.size());
133
134 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
135 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
136
137 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
138 // running under valgrind).
139 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
140}
141
142TEST(Serialization, RoundTrip) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]143 AuthorizationSet set(AuthorizationSetBuilder()
144 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
145 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
146 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
147 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]148 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]149 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
150 .Authorization(TAG_KEY_SIZE, 256)
151 .Authorization(TAG_AUTH_TIMEOUT, 300)
152 .Authorization(TAG_ALL_USERS)
153 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
154 .Authorization(TAG_ACTIVE_DATETIME, 10));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]155
156 size_t size = set.SerializedSize();
157 EXPECT_TRUE(size > 0);
158
159 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]160 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]161 AuthorizationSet deserialized(buf.get(), size);
162
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]163 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]164 EXPECT_EQ(set, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]165
166 int pos = deserialized.find(TAG_APPLICATION_ID);
167 ASSERT_NE(-1, pos);
168 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
169 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
170 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
171}
172
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]173TEST(Deserialization, Deserialize) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]174 AuthorizationSet set(AuthorizationSetBuilder()
175 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
176 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
177 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
178 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]179 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]180 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
181 .Authorization(TAG_KEY_SIZE, 256)
182 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]183
184 size_t size = set.SerializedSize();
185 EXPECT_TRUE(size > 0);
186
187 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]188 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]189 AuthorizationSet deserialized;
190 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]191 EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]192 EXPECT_EQ(p, buf.get() + size);
193
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]194 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]195
196 EXPECT_EQ(set.size(), deserialized.size());
197 for (size_t i = 0; i < set.size(); ++i) {
198 EXPECT_EQ(set[i].tag, deserialized[i].tag);
199 }
200
201 int pos = deserialized.find(TAG_APPLICATION_ID);
202 ASSERT_NE(-1, pos);
203 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
204 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
205 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
206}
207
208TEST(Deserialization, TooShortBuffer) {
209 uint8_t buf[] = {0, 0, 0};
210 AuthorizationSet deserialized(buf, array_length(buf));
211 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
212
213 const uint8_t* p = buf;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]214 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]215 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
216}
217
218TEST(Deserialization, InvalidLengthField) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]219 AuthorizationSet set(AuthorizationSetBuilder()
220 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
221 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
222 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
223 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]224 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]225 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
226 .Authorization(TAG_KEY_SIZE, 256)
227 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]228
229 size_t size = set.SerializedSize();
230 EXPECT_TRUE(size > 0);
231
232 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]233 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]234 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
235
236 AuthorizationSet deserialized(buf.get(), size);
237 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
238
239 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]240 EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]241 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
242}
243
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]244static uint32_t read_uint32(const uint8_t* buf) {
245 uint32_t val;
246 memcpy(&val, buf, sizeof(val));
247 return val;
248}
249
250static void add_to_uint32(uint8_t* buf, int delta) {
251 uint32_t val;
252 memcpy(&val, buf, sizeof(val));
253 val += delta;
254 memcpy(buf, &val, sizeof(val));
255}
256
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]257TEST(Deserialization, MalformedIndirectData) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]258 AuthorizationSet set(AuthorizationSetBuilder()
259 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
260 .Authorization(TAG_APPLICATION_DATA, "foo", 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]261 size_t size = set.SerializedSize();
262
263 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]264 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]265
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]266 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
267 // this particular set, which means it's brittle. But it's important to test that we handle
268 // broken serialized data and I can't think of a better way to write this.
269 //
270 // The contents of buf are:
271 //
272 // Bytes: Content:
273 // 0-3 Length of string data, which is 9.
274 // 4-9 "my_app"
275 // 10-12 "foo"
276 // 13-16 Number of elements, which is 2.
277 // 17-20 Length of elements, which is 24.
278 // 21-24 First tag, TAG_APPLICATION_ID
279 // 25-28 Length of string "my_app", 6
280 // 29-32 Offset of string "my_app", 0
281 // 33-36 Second tag, TAG_APPLICATION_DATA
282 // 37-40 Length of string "foo", 3
283 // 41-44 Offset of string "foo", 6
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]284
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]285 // Check that stuff is where we think.
286 EXPECT_EQ('m', buf[4]);
287 EXPECT_EQ('f', buf[10]);
288 // Length of "my_app"
289 EXPECT_EQ(6U, read_uint32(buf.get() + 25));
290 // Offset of "my_app"
291 EXPECT_EQ(0U, read_uint32(buf.get() + 29));
292 // Length of "foo"
293 EXPECT_EQ(3U, read_uint32(buf.get() + 37));
294 // Offset of "foo"
295 EXPECT_EQ(6U, read_uint32(buf.get() + 41));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]296
297 // Check that deserialization works.
298 AuthorizationSet deserialized1(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]299 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]300
301 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]302 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
303 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]304
305 //
306 // Now mess them up in various ways:
307 //
308
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]309 // Move "foo" offset so offset + length goes off the end
310 add_to_uint32(buf.get() + 41, 1);
311 AuthorizationSet deserialized2(buf.get(), size);
312 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
313 add_to_uint32(buf.get() + 41, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]314
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]315 // Shorten the "my_app" length to make a gap between the blobs.
316 add_to_uint32(buf.get() + 25, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]317 AuthorizationSet deserialized3(buf.get(), size);
318 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]319 add_to_uint32(buf.get() + 25, 1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]320
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]321 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
322 // total length the same. We don't detect this but should.
323 // TODO(swillden): Detect overlaps and holes that leave total size correct.
324 add_to_uint32(buf.get() + 25, 1);
325 add_to_uint32(buf.get() + 37, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]326 AuthorizationSet deserialized4(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]327 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]328}
329
330TEST(Growable, SuccessfulRoundTrip) {
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]331 AuthorizationSet growable;
332 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
333 EXPECT_EQ(1U, growable.size());
334
335 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
336 EXPECT_EQ(2U, growable.size());
337
338 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
339 EXPECT_EQ(3U, growable.size());
340
341 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
342 EXPECT_EQ(4U, growable.size());
343
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]344 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
345 EXPECT_EQ(5U, growable.size());
346
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]347 size_t serialize_size = growable.SerializedSize();
348 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]349 EXPECT_EQ(serialized.get() + serialize_size,
350 growable.Serialize(serialized.get(), serialized.get() + serialize_size));
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]351
352 AuthorizationSet deserialized(serialized.get(), serialize_size);
353 EXPECT_EQ(growable, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]354}
355
356TEST(Growable, InsufficientElemBuf) {
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]357 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]358 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]359
360 // First insertion fits.
361 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
362 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]363 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]364
365 // Second does too.
366 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
367 EXPECT_EQ(2U, growable.size());
368}
369
370TEST(Growable, InsufficientIndirectBuf) {
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]371 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]372 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]373
374 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
375 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]376 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]377
378 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
379 EXPECT_EQ(2U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]380 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]381
382 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
383 EXPECT_EQ(3U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]384 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]385
386 // Can still add another entry without indirect data. Now it's full.
387 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
388 EXPECT_EQ(4U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]389 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]390}
391
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]392TEST(Growable, PushBackSets) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]393 AuthorizationSetBuilder builder;
394 builder.Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
395 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
396 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
397 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]398 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]399 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
400 .Authorization(TAG_KEY_SIZE, 256)
401 .Authorization(TAG_AUTH_TIMEOUT, 300);
402
403 AuthorizationSet set1(builder.build());
404 AuthorizationSet set2(builder.build());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]405
406 AuthorizationSet combined;
407 EXPECT_TRUE(combined.push_back(set1));
408 EXPECT_TRUE(combined.push_back(set2));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]409 EXPECT_EQ(set1.size() + set2.size(), combined.size());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]410 EXPECT_EQ(12U, combined.indirect_size());
411}
412
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]413TEST(GetValue, GetInt) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]414 AuthorizationSet set(AuthorizationSetBuilder()
415 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
416 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
417 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
418 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]419 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]420 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
421 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]422
423 uint32_t val;
424 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
425 EXPECT_EQ(7U, val);
426
427 // Find one that isn't there
428 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
429}
430
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]431TEST(GetValue, GetLong) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]432 AuthorizationSet set1(AuthorizationSetBuilder()
433 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
434 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
435 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
436 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]437
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]438 AuthorizationSet set2(AuthorizationSetBuilder()
439 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
440 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
441 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]442
443 uint64_t val;
444 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
445 EXPECT_EQ(3U, val);
446
447 // Find one that isn't there
448 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
449}
450
451TEST(GetValue, GetEnum) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]452 AuthorizationSet set(AuthorizationSetBuilder()
453 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
454 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
455 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
456 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]457 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]458 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
459 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]460
461 keymaster_algorithm_t val;
462 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
463 EXPECT_EQ(KM_ALGORITHM_RSA, val);
464
465 // Find one that isn't there
466 keymaster_padding_t val2;
467 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
468}
469
470TEST(GetValue, GetEnumRep) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]471 AuthorizationSet set(AuthorizationSetBuilder()
472 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
473 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
474 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
475 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]476 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]477 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
478 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]479
480 keymaster_purpose_t val;
481 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
482 EXPECT_EQ(KM_PURPOSE_SIGN, val);
483 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
484 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
485
486 // Find one that isn't there
487 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
488}
489
490TEST(GetValue, GetDate) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]491 AuthorizationSet set(AuthorizationSetBuilder()
492 .Authorization(TAG_ACTIVE_DATETIME, 10)
493 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
494 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
495 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
496 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]497 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]498 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
499 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]500
501 uint64_t val;
502 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
503 EXPECT_EQ(10U, val);
504
505 // Find one that isn't there
506 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
507}
508
509TEST(GetValue, GetBlob) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]510 AuthorizationSet set(AuthorizationSetBuilder()
511 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
512 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
513 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
514 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]515 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]516 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
517 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]518
519 keymaster_blob_t val;
520 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
521 EXPECT_EQ(6U, val.data_length);
522 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
523
524 // Find one that isn't there
525 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
526}
527
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]528TEST(Deduplication, NoDuplicates) {
529 AuthorizationSet set(AuthorizationSetBuilder()
530 .Authorization(TAG_ACTIVE_DATETIME, 10)
531 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
532 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]533 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]534 AuthorizationSet copy(set);
535
536 EXPECT_EQ(copy, set);
537 set.Deduplicate();
538 EXPECT_EQ(copy.size(), set.size());
539
540 // Sets no longer compare equal, because of ordering (ugh, maybe it should be
541 // AuthorizationList, not AuthorizationSet).
542 EXPECT_NE(copy, set);
543}
544
545TEST(Deduplication, NoDuplicatesHasInvalid) {
546 AuthorizationSet set(AuthorizationSetBuilder()
547 .Authorization(TAG_ACTIVE_DATETIME, 10)
548 .Authorization(TAG_INVALID)
549 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
550 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]551 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]552 AuthorizationSet copy(set);
553
554 EXPECT_EQ(copy, set);
555 set.Deduplicate();
556
557 // Deduplicate should have removed the invalid.
558 EXPECT_EQ(copy.size() - 1, set.size());
559 EXPECT_NE(copy, set);
560}
561
562TEST(Deduplication, DuplicateEnum) {
563 AuthorizationSet set(AuthorizationSetBuilder()
564 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
565 .Authorization(TAG_ACTIVE_DATETIME, 10)
566 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
567 .Authorization(TAG_USER_ID, 7)
568 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]569 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]570 AuthorizationSet copy(set);
571
572 EXPECT_EQ(copy, set);
573 set.Deduplicate();
574 EXPECT_EQ(copy.size() - 2, set.size());
575 EXPECT_NE(copy, set);
576}
577
578TEST(Deduplication, DuplicateBlob) {
579 AuthorizationSet set(AuthorizationSetBuilder()
580 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
581 .Authorization(TAG_ACTIVE_DATETIME, 10)
582 .Authorization(TAG_APPLICATION_DATA, "data", 4)
583 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
584 .Authorization(TAG_USER_ID, 7)
585 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
586 .Authorization(TAG_APPLICATION_DATA, "data", 4)
587 .Authorization(TAG_APPLICATION_DATA, "foo", 3)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]588 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]589 AuthorizationSet copy(set);
590
591 EXPECT_EQ(copy, set);
592 set.Deduplicate();
593 EXPECT_EQ(copy.size() - 3, set.size());
594 EXPECT_NE(copy, set);
595
596 // The real test here is that valgrind reports no leak.
597}
598
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]599} // namespace test
600} // namespace keymaster