Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 74aff357261879dfa8366528a42c59b042c7bd05 / . / authorization_set_test.cpp
blob: 61e526f1b5a68c0ff3e16d9bf3fa4e82b1f76cbf [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]19#define KEYMASTER_NAME_TAGS
20
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]21#include "authorization_set.h"
22#include "google_keymaster_utils.h"
23
24int main(int argc, char** argv) {
25 ::testing::InitGoogleTest(&argc, argv);
26 int result = RUN_ALL_TESTS();
27 return result;
28}
29
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]30static bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
31 if (a.tag != b.tag) {
32 return false;
33 }
34
35 switch (keymaster_tag_get_type(a.tag)) {
36 default:
37 return false;
38 case KM_INVALID:
39 return true;
40 case KM_INT_REP:
41 case KM_INT:
42 return a.integer == b.integer;
43 case KM_ENUM_REP:
44 case KM_ENUM:
45 return a.enumerated == b.enumerated;
46 case KM_LONG:
47 return a.long_integer == b.long_integer;
48 case KM_DATE:
49 return a.date_time == b.date_time;
50 case KM_BOOL:
51 return a.boolean == b.boolean;
52 case KM_BIGNUM:
53 case KM_BYTES:
54 if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data)
55 return false;
56 return a.blob.data_length == b.blob.data_length &&
57 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
58 }
59}
60
61static std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
62 os << "Tag: " << keymaster_tag_mask_type(param.tag);
63 switch (keymaster_tag_get_type(param.tag)) {
64 case KM_INVALID:
65 os << " Invalid";
66 break;
67 case KM_INT_REP:
68 os << " (Rep) ";
69 /* Falls through */
70 case KM_INT:
71 os << " Int: " << param.integer;
72 break;
73 case KM_ENUM_REP:
74 os << " (Rep) ";
75 /* Falls through */
76 case KM_ENUM:
77 os << " Enum: " << param.enumerated;
78 break;
79 case KM_LONG:
80 os << " Long: " << param.long_integer;
81 break;
82 case KM_DATE:
83 os << " Date: " << param.date_time;
84 break;
85 case KM_BOOL:
86 os << " Bool: " << param.boolean;
87 break;
88 case KM_BIGNUM:
89 os << " Bignum: ";
90 break;
91 case KM_BYTES:
92 os << " Bytes: ";
93 break;
94 }
95 os << std::endl;
96 return os;
97}
98
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]99namespace keymaster {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]100
101static bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
102 if (a.size() != b.size())
103 return false;
104
105 for (size_t i = 0; i < a.size(); ++i)
106 if (!(a[i] == b[i]))
107 return false;
108 return true;
109}
110
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]111namespace test {
112
113TEST(Construction, ListProvided) {
114 keymaster_key_param_t params[] = {
115 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
116 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
117 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
118 Authorization(TAG_USER_ID, 7),
119 Authorization(TAG_USER_AUTH_ID, 8),
120 Authorization(TAG_APPLICATION_ID, "my_app", 6),
121 Authorization(TAG_KEY_SIZE, 256),
122 Authorization(TAG_AUTH_TIMEOUT, 300),
123 };
124 AuthorizationSet set(params, array_length(params));
125 EXPECT_EQ(8U, set.size());
126}
127
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]128TEST(Construction, Copy) {
129 keymaster_key_param_t params[] = {
130 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
131 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
132 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
133 Authorization(TAG_USER_ID, 7),
134 Authorization(TAG_USER_AUTH_ID, 8),
135 Authorization(TAG_APPLICATION_ID, "my_app", 6),
136 Authorization(TAG_KEY_SIZE, 256),
137 Authorization(TAG_AUTH_TIMEOUT, 300),
138 };
139 AuthorizationSet set(params, array_length(params));
140 AuthorizationSet set2(set);
141 ASSERT_EQ(set.size(), set2.size());
142 for (size_t i = 0; i < set.size(); ++i)
143 EXPECT_EQ(set[i], set2[i]);
144}
145
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]146TEST(Lookup, NonRepeated) {
147 keymaster_key_param_t params[] = {
148 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
149 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
150 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
151 Authorization(TAG_USER_ID, 7),
152 Authorization(TAG_USER_AUTH_ID, 8),
153 Authorization(TAG_APPLICATION_ID, "my_app", 6),
154 Authorization(TAG_KEY_SIZE, 256),
155 Authorization(TAG_AUTH_TIMEOUT, 300),
156 };
157 AuthorizationSet set(params, array_length(params));
158 EXPECT_EQ(8U, set.size());
159
160 int pos = set.find(TAG_ALGORITHM);
161 ASSERT_NE(-1, pos);
162 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
163 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
164
165 pos = set.find(TAG_MAC_LENGTH);
166 EXPECT_EQ(-1, pos);
167
168 uint32_t int_val = 0;
169 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
170 EXPECT_EQ(7U, int_val);
171
172 keymaster_blob_t blob_val;
173 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
174 EXPECT_EQ(6U, blob_val.data_length);
175 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
176}
177
178TEST(Lookup, Repeated) {
179 keymaster_key_param_t params[] = {
180 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
181 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
182 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
183 Authorization(TAG_USER_ID, 7),
184 Authorization(TAG_USER_AUTH_ID, 8),
185 Authorization(TAG_APPLICATION_ID, "my_app", 6),
186 Authorization(TAG_KEY_SIZE, 256),
187 Authorization(TAG_AUTH_TIMEOUT, 300),
188 };
189 AuthorizationSet set(params, array_length(params));
190 EXPECT_EQ(8U, set.size());
191
192 int pos = set.find(TAG_PURPOSE);
193 ASSERT_FALSE(pos == -1);
194 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
195 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
196
197 pos = set.find(TAG_PURPOSE, pos);
198 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
199 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
200
201 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
202}
203
204TEST(Lookup, Indexed) {
205 keymaster_key_param_t params[] = {
206 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
207 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
208 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
209 Authorization(TAG_USER_ID, 7),
210 Authorization(TAG_USER_AUTH_ID, 8),
211 Authorization(TAG_APPLICATION_ID, "my_app", 6),
212 Authorization(TAG_KEY_SIZE, 256),
213 Authorization(TAG_AUTH_TIMEOUT, 300),
214 };
215 AuthorizationSet set(params, array_length(params));
216 EXPECT_EQ(8U, set.size());
217
218 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
219 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
220
221 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
222 // running under valgrind).
223 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
224}
225
226TEST(Serialization, RoundTrip) {
227 keymaster_key_param_t params[] = {
228 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
229 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
230 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
231 Authorization(TAG_USER_ID, 7),
232 Authorization(TAG_USER_AUTH_ID, 8),
233 Authorization(TAG_APPLICATION_ID, "my_app", 6),
234 Authorization(TAG_KEY_SIZE, 256),
235 Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]236 Authorization(TAG_ALL_USERS),
237 Authorization(TAG_RSA_PUBLIC_EXPONENT, 3),
238 Authorization(TAG_ACTIVE_DATETIME, 10),
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]239 };
240 AuthorizationSet set(params, array_length(params));
241
242 size_t size = set.SerializedSize();
243 EXPECT_TRUE(size > 0);
244
245 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]246 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]247 AuthorizationSet deserialized(buf.get(), size);
248
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]249 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]250
251 EXPECT_EQ(set.size(), deserialized.size());
252 for (size_t i = 0; i < set.size(); ++i) {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]253 EXPECT_EQ(set[i], deserialized[i]);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]254 }
255
256 int pos = deserialized.find(TAG_APPLICATION_ID);
257 ASSERT_NE(-1, pos);
258 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
259 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
260 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
261}
262
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]263TEST(Deserialization, Deserialize) {
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]264 keymaster_key_param_t params[] = {
265 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
266 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
267 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
268 Authorization(TAG_USER_ID, 7),
269 Authorization(TAG_USER_AUTH_ID, 8),
270 Authorization(TAG_APPLICATION_ID, "my_app", 6),
271 Authorization(TAG_KEY_SIZE, 256),
272 Authorization(TAG_AUTH_TIMEOUT, 300),
273 };
274 AuthorizationSet set(params, array_length(params));
275
276 size_t size = set.SerializedSize();
277 EXPECT_TRUE(size > 0);
278
279 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]280 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]281 AuthorizationSet deserialized;
282 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]283 EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]284 EXPECT_EQ(p, buf.get() + size);
285
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]286 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]287
288 EXPECT_EQ(set.size(), deserialized.size());
289 for (size_t i = 0; i < set.size(); ++i) {
290 EXPECT_EQ(set[i].tag, deserialized[i].tag);
291 }
292
293 int pos = deserialized.find(TAG_APPLICATION_ID);
294 ASSERT_NE(-1, pos);
295 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
296 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
297 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
298}
299
300TEST(Deserialization, TooShortBuffer) {
301 uint8_t buf[] = {0, 0, 0};
302 AuthorizationSet deserialized(buf, array_length(buf));
303 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
304
305 const uint8_t* p = buf;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]306 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]307 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
308}
309
310TEST(Deserialization, InvalidLengthField) {
311 keymaster_key_param_t params[] = {
312 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
313 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
314 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
315 Authorization(TAG_USER_ID, 7),
316 Authorization(TAG_USER_AUTH_ID, 8),
317 Authorization(TAG_APPLICATION_ID, "my_app", 6),
318 Authorization(TAG_KEY_SIZE, 256),
319 Authorization(TAG_AUTH_TIMEOUT, 300),
320 };
321 AuthorizationSet set(params, array_length(params));
322
323 size_t size = set.SerializedSize();
324 EXPECT_TRUE(size > 0);
325
326 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]327 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]328 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
329
330 AuthorizationSet deserialized(buf.get(), size);
331 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
332
333 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]334 EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]335 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
336}
337
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]338static uint32_t read_uint32(const uint8_t* buf) {
339 uint32_t val;
340 memcpy(&val, buf, sizeof(val));
341 return val;
342}
343
344static void add_to_uint32(uint8_t* buf, int delta) {
345 uint32_t val;
346 memcpy(&val, buf, sizeof(val));
347 val += delta;
348 memcpy(buf, &val, sizeof(val));
349}
350
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]351TEST(Deserialization, MalformedIndirectData) {
352 keymaster_key_param_t params[] = {
353 Authorization(TAG_APPLICATION_ID, "my_app", 6),
354 Authorization(TAG_APPLICATION_DATA, "foo", 3),
355 };
356 AuthorizationSet set(params, array_length(params));
357 size_t size = set.SerializedSize();
358
359 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]360 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]361
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]362 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
363 // this particular set, which means it's brittle. But it's important to test that we handle
364 // broken serialized data and I can't think of a better way to write this.
365 //
366 // The contents of buf are:
367 //
368 // Bytes: Content:
369 // 0-3 Length of string data, which is 9.
370 // 4-9 "my_app"
371 // 10-12 "foo"
372 // 13-16 Number of elements, which is 2.
373 // 17-20 Length of elements, which is 24.
374 // 21-24 First tag, TAG_APPLICATION_ID
375 // 25-28 Length of string "my_app", 6
376 // 29-32 Offset of string "my_app", 0
377 // 33-36 Second tag, TAG_APPLICATION_DATA
378 // 37-40 Length of string "foo", 3
379 // 41-44 Offset of string "foo", 6
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]380
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]381 // Check that stuff is where we think.
382 EXPECT_EQ('m', buf[4]);
383 EXPECT_EQ('f', buf[10]);
384 // Length of "my_app"
385 EXPECT_EQ(6U, read_uint32(buf.get() + 25));
386 // Offset of "my_app"
387 EXPECT_EQ(0U, read_uint32(buf.get() + 29));
388 // Length of "foo"
389 EXPECT_EQ(3U, read_uint32(buf.get() + 37));
390 // Offset of "foo"
391 EXPECT_EQ(6U, read_uint32(buf.get() + 41));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]392
393 // Check that deserialization works.
394 AuthorizationSet deserialized1(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]395 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]396
397 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]398 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
399 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]400
401 //
402 // Now mess them up in various ways:
403 //
404
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]405 // Move "foo" offset so offset + length goes off the end
406 add_to_uint32(buf.get() + 41, 1);
407 AuthorizationSet deserialized2(buf.get(), size);
408 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
409 add_to_uint32(buf.get() + 41, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]410
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]411 // Shorten the "my_app" length to make a gap between the blobs.
412 add_to_uint32(buf.get() + 25, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]413 AuthorizationSet deserialized3(buf.get(), size);
414 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]415 add_to_uint32(buf.get() + 25, 1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]416
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]417 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
418 // total length the same. We don't detect this but should.
419 // TODO(swillden): Detect overlaps and holes that leave total size correct.
420 add_to_uint32(buf.get() + 25, 1);
421 add_to_uint32(buf.get() + 37, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]422 AuthorizationSet deserialized4(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]423 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]424}
425
426TEST(Growable, SuccessfulRoundTrip) {
427 keymaster_key_param_t elems_buf[20];
428 uint8_t data_buf[200];
429
430 AuthorizationSet growable;
431 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
432 EXPECT_EQ(1U, growable.size());
433
434 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
435 EXPECT_EQ(2U, growable.size());
436
437 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
438 EXPECT_EQ(3U, growable.size());
439
440 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
441 EXPECT_EQ(4U, growable.size());
442
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]443 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
444 EXPECT_EQ(5U, growable.size());
445
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]446 size_t serialize_size = growable.SerializedSize();
447 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]448 EXPECT_EQ(serialized.get() + serialize_size,
449 growable.Serialize(serialized.get(), serialized.get() + serialize_size));
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]450
451 AuthorizationSet deserialized(serialized.get(), serialize_size);
452 EXPECT_EQ(growable, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]453}
454
455TEST(Growable, InsufficientElemBuf) {
456 keymaster_key_param_t elems_buf[1];
457 uint8_t data_buf[200];
458
459 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]460 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]461
462 // First insertion fits.
463 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
464 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]465 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]466
467 // Second does too.
468 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
469 EXPECT_EQ(2U, growable.size());
470}
471
472TEST(Growable, InsufficientIndirectBuf) {
473 keymaster_key_param_t elems_buf[3];
474 uint8_t data_buf[10];
475
476 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]477 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]478
479 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
480 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]481 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]482
483 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
484 EXPECT_EQ(2U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]485 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]486
487 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
488 EXPECT_EQ(3U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]489 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]490
491 // Can still add another entry without indirect data. Now it's full.
492 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
493 EXPECT_EQ(4U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]494 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]495}
496
497TEST(GetValue, GetInt) {
498 keymaster_key_param_t params[] = {
499 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
500 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
501 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
502 Authorization(TAG_USER_ID, 7),
503 Authorization(TAG_USER_AUTH_ID, 8),
504 Authorization(TAG_APPLICATION_ID, "my_app", 6),
505 Authorization(TAG_AUTH_TIMEOUT, 300),
506 };
507 AuthorizationSet set(params, array_length(params));
508
509 uint32_t val;
510 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
511 EXPECT_EQ(7U, val);
512
513 // Find one that isn't there
514 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
515}
516
517TEST(GetValue, GetIntRep) {
518 keymaster_key_param_t params[] = {
519 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
520 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
521 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
522 Authorization(TAG_USER_ID, 7),
523 Authorization(TAG_USER_AUTH_ID, 8),
524 Authorization(TAG_APPLICATION_ID, "my_app", 6),
525 Authorization(TAG_AUTH_TIMEOUT, 300),
526 };
527 AuthorizationSet set(params, array_length(params));
528
529 uint32_t val;
530 EXPECT_TRUE(set.GetTagValue(TAG_USER_AUTH_ID, 0, &val));
531 EXPECT_EQ(8U, val);
532
533 // Find one that isn't there
534 EXPECT_FALSE(set.GetTagValue(TAG_USER_AUTH_ID, 1, &val));
535}
536
537TEST(GetValue, GetLong) {
538 keymaster_key_param_t params1[] = {
539 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
540 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
541 keymaster_param_long(TAG_RSA_PUBLIC_EXPONENT, 3),
542 };
543 AuthorizationSet set1(params1, array_length(params1));
544
545 keymaster_key_param_t params2[] = {
546 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
547 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
548 };
549 AuthorizationSet set2(params2, array_length(params2));
550
551 uint64_t val;
552 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
553 EXPECT_EQ(3U, val);
554
555 // Find one that isn't there
556 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
557}
558
559TEST(GetValue, GetEnum) {
560 keymaster_key_param_t params[] = {
561 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
562 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
563 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
564 Authorization(TAG_USER_ID, 7),
565 Authorization(TAG_USER_AUTH_ID, 8),
566 Authorization(TAG_APPLICATION_ID, "my_app", 6),
567 Authorization(TAG_AUTH_TIMEOUT, 300),
568 };
569 AuthorizationSet set(params, array_length(params));
570
571 keymaster_algorithm_t val;
572 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
573 EXPECT_EQ(KM_ALGORITHM_RSA, val);
574
575 // Find one that isn't there
576 keymaster_padding_t val2;
577 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
578}
579
580TEST(GetValue, GetEnumRep) {
581 keymaster_key_param_t params[] = {
582 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
583 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
584 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
585 Authorization(TAG_USER_ID, 7),
586 Authorization(TAG_USER_AUTH_ID, 8),
587 Authorization(TAG_APPLICATION_ID, "my_app", 6),
588 Authorization(TAG_AUTH_TIMEOUT, 300),
589 };
590 AuthorizationSet set(params, array_length(params));
591
592 keymaster_purpose_t val;
593 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
594 EXPECT_EQ(KM_PURPOSE_SIGN, val);
595 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
596 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
597
598 // Find one that isn't there
599 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
600}
601
602TEST(GetValue, GetDate) {
603 keymaster_key_param_t params[] = {
604 Authorization(TAG_ACTIVE_DATETIME, 10),
605 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
606 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
607 Authorization(TAG_USER_ID, 7),
608 Authorization(TAG_USER_AUTH_ID, 8),
609 Authorization(TAG_APPLICATION_ID, "my_app", 6),
610 Authorization(TAG_AUTH_TIMEOUT, 300),
611 };
612 AuthorizationSet set(params, array_length(params));
613
614 uint64_t val;
615 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
616 EXPECT_EQ(10U, val);
617
618 // Find one that isn't there
619 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
620}
621
622TEST(GetValue, GetBlob) {
623 keymaster_key_param_t params[] = {
624 Authorization(TAG_ACTIVE_DATETIME, 10),
625 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
626 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
627 Authorization(TAG_USER_ID, 7),
628 Authorization(TAG_USER_AUTH_ID, 8),
629 Authorization(TAG_APPLICATION_ID, "my_app", 6),
630 Authorization(TAG_AUTH_TIMEOUT, 300),
631 };
632 AuthorizationSet set(params, array_length(params));
633
634 keymaster_blob_t val;
635 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
636 EXPECT_EQ(6U, val.data_length);
637 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
638
639 // Find one that isn't there
640 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
641}
642
643} // namespace test
644} // namespace keymaster