Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 98d9b92547a9a7553b99e3e941a4175926f95b62 / . / authorization_set_test.cpp
blob: f59e6d9f61bde20dfdd921cc11a4b8c7f9bb0ef9 [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame^]19#include <keymaster/authorization_set.h>
20#include <keymaster/google_keymaster_utils.h>
21
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]22#include "google_keymaster_test_utils.h"
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]23
24int main(int argc, char** argv) {
25 ::testing::InitGoogleTest(&argc, argv);
26 int result = RUN_ALL_TESTS();
27 return result;
28}
29
30namespace keymaster {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]31
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]32namespace test {
33
34TEST(Construction, ListProvided) {
35 keymaster_key_param_t params[] = {
36 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
37 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
38 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
39 Authorization(TAG_USER_ID, 7),
40 Authorization(TAG_USER_AUTH_ID, 8),
41 Authorization(TAG_APPLICATION_ID, "my_app", 6),
42 Authorization(TAG_KEY_SIZE, 256),
43 Authorization(TAG_AUTH_TIMEOUT, 300),
44 };
45 AuthorizationSet set(params, array_length(params));
46 EXPECT_EQ(8U, set.size());
47}
48
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]49TEST(Construction, Copy) {
50 keymaster_key_param_t params[] = {
51 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
52 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
53 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
54 Authorization(TAG_USER_ID, 7),
55 Authorization(TAG_USER_AUTH_ID, 8),
56 Authorization(TAG_APPLICATION_ID, "my_app", 6),
57 Authorization(TAG_KEY_SIZE, 256),
58 Authorization(TAG_AUTH_TIMEOUT, 300),
59 };
60 AuthorizationSet set(params, array_length(params));
61 AuthorizationSet set2(set);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]62 EXPECT_EQ(set, set2);
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]63}
64
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]65TEST(Lookup, NonRepeated) {
66 keymaster_key_param_t params[] = {
67 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
68 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
69 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
70 Authorization(TAG_USER_ID, 7),
71 Authorization(TAG_USER_AUTH_ID, 8),
72 Authorization(TAG_APPLICATION_ID, "my_app", 6),
73 Authorization(TAG_KEY_SIZE, 256),
74 Authorization(TAG_AUTH_TIMEOUT, 300),
75 };
76 AuthorizationSet set(params, array_length(params));
77 EXPECT_EQ(8U, set.size());
78
79 int pos = set.find(TAG_ALGORITHM);
80 ASSERT_NE(-1, pos);
81 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
82 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
83
84 pos = set.find(TAG_MAC_LENGTH);
85 EXPECT_EQ(-1, pos);
86
87 uint32_t int_val = 0;
88 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
89 EXPECT_EQ(7U, int_val);
90
91 keymaster_blob_t blob_val;
92 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
93 EXPECT_EQ(6U, blob_val.data_length);
94 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
95}
96
97TEST(Lookup, Repeated) {
98 keymaster_key_param_t params[] = {
99 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
100 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
101 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
102 Authorization(TAG_USER_ID, 7),
103 Authorization(TAG_USER_AUTH_ID, 8),
104 Authorization(TAG_APPLICATION_ID, "my_app", 6),
105 Authorization(TAG_KEY_SIZE, 256),
106 Authorization(TAG_AUTH_TIMEOUT, 300),
107 };
108 AuthorizationSet set(params, array_length(params));
109 EXPECT_EQ(8U, set.size());
110
111 int pos = set.find(TAG_PURPOSE);
112 ASSERT_FALSE(pos == -1);
113 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
114 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
115
116 pos = set.find(TAG_PURPOSE, pos);
117 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
118 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
119
120 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
121}
122
123TEST(Lookup, Indexed) {
124 keymaster_key_param_t params[] = {
125 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
126 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
127 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
128 Authorization(TAG_USER_ID, 7),
129 Authorization(TAG_USER_AUTH_ID, 8),
130 Authorization(TAG_APPLICATION_ID, "my_app", 6),
131 Authorization(TAG_KEY_SIZE, 256),
132 Authorization(TAG_AUTH_TIMEOUT, 300),
133 };
134 AuthorizationSet set(params, array_length(params));
135 EXPECT_EQ(8U, set.size());
136
137 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
138 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
139
140 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
141 // running under valgrind).
142 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
143}
144
145TEST(Serialization, RoundTrip) {
146 keymaster_key_param_t params[] = {
147 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
148 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
149 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
150 Authorization(TAG_USER_ID, 7),
151 Authorization(TAG_USER_AUTH_ID, 8),
152 Authorization(TAG_APPLICATION_ID, "my_app", 6),
153 Authorization(TAG_KEY_SIZE, 256),
154 Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]155 Authorization(TAG_ALL_USERS),
156 Authorization(TAG_RSA_PUBLIC_EXPONENT, 3),
157 Authorization(TAG_ACTIVE_DATETIME, 10),
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]158 };
159 AuthorizationSet set(params, array_length(params));
160
161 size_t size = set.SerializedSize();
162 EXPECT_TRUE(size > 0);
163
164 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]165 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]166 AuthorizationSet deserialized(buf.get(), size);
167
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]168 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]169 EXPECT_EQ(set, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]170
171 int pos = deserialized.find(TAG_APPLICATION_ID);
172 ASSERT_NE(-1, pos);
173 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
174 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
175 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
176}
177
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]178TEST(Deserialization, Deserialize) {
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]179 keymaster_key_param_t params[] = {
180 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
181 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
182 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
183 Authorization(TAG_USER_ID, 7),
184 Authorization(TAG_USER_AUTH_ID, 8),
185 Authorization(TAG_APPLICATION_ID, "my_app", 6),
186 Authorization(TAG_KEY_SIZE, 256),
187 Authorization(TAG_AUTH_TIMEOUT, 300),
188 };
189 AuthorizationSet set(params, array_length(params));
190
191 size_t size = set.SerializedSize();
192 EXPECT_TRUE(size > 0);
193
194 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]195 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]196 AuthorizationSet deserialized;
197 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]198 EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]199 EXPECT_EQ(p, buf.get() + size);
200
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]201 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]202
203 EXPECT_EQ(set.size(), deserialized.size());
204 for (size_t i = 0; i < set.size(); ++i) {
205 EXPECT_EQ(set[i].tag, deserialized[i].tag);
206 }
207
208 int pos = deserialized.find(TAG_APPLICATION_ID);
209 ASSERT_NE(-1, pos);
210 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
211 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
212 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
213}
214
215TEST(Deserialization, TooShortBuffer) {
216 uint8_t buf[] = {0, 0, 0};
217 AuthorizationSet deserialized(buf, array_length(buf));
218 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
219
220 const uint8_t* p = buf;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]221 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]222 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
223}
224
225TEST(Deserialization, InvalidLengthField) {
226 keymaster_key_param_t params[] = {
227 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
228 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
229 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
230 Authorization(TAG_USER_ID, 7),
231 Authorization(TAG_USER_AUTH_ID, 8),
232 Authorization(TAG_APPLICATION_ID, "my_app", 6),
233 Authorization(TAG_KEY_SIZE, 256),
234 Authorization(TAG_AUTH_TIMEOUT, 300),
235 };
236 AuthorizationSet set(params, array_length(params));
237
238 size_t size = set.SerializedSize();
239 EXPECT_TRUE(size > 0);
240
241 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]242 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]243 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
244
245 AuthorizationSet deserialized(buf.get(), size);
246 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
247
248 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]249 EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]250 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
251}
252
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]253static uint32_t read_uint32(const uint8_t* buf) {
254 uint32_t val;
255 memcpy(&val, buf, sizeof(val));
256 return val;
257}
258
259static void add_to_uint32(uint8_t* buf, int delta) {
260 uint32_t val;
261 memcpy(&val, buf, sizeof(val));
262 val += delta;
263 memcpy(buf, &val, sizeof(val));
264}
265
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]266TEST(Deserialization, MalformedIndirectData) {
267 keymaster_key_param_t params[] = {
268 Authorization(TAG_APPLICATION_ID, "my_app", 6),
269 Authorization(TAG_APPLICATION_DATA, "foo", 3),
270 };
271 AuthorizationSet set(params, array_length(params));
272 size_t size = set.SerializedSize();
273
274 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]275 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]276
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]277 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
278 // this particular set, which means it's brittle. But it's important to test that we handle
279 // broken serialized data and I can't think of a better way to write this.
280 //
281 // The contents of buf are:
282 //
283 // Bytes: Content:
284 // 0-3 Length of string data, which is 9.
285 // 4-9 "my_app"
286 // 10-12 "foo"
287 // 13-16 Number of elements, which is 2.
288 // 17-20 Length of elements, which is 24.
289 // 21-24 First tag, TAG_APPLICATION_ID
290 // 25-28 Length of string "my_app", 6
291 // 29-32 Offset of string "my_app", 0
292 // 33-36 Second tag, TAG_APPLICATION_DATA
293 // 37-40 Length of string "foo", 3
294 // 41-44 Offset of string "foo", 6
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]295
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]296 // Check that stuff is where we think.
297 EXPECT_EQ('m', buf[4]);
298 EXPECT_EQ('f', buf[10]);
299 // Length of "my_app"
300 EXPECT_EQ(6U, read_uint32(buf.get() + 25));
301 // Offset of "my_app"
302 EXPECT_EQ(0U, read_uint32(buf.get() + 29));
303 // Length of "foo"
304 EXPECT_EQ(3U, read_uint32(buf.get() + 37));
305 // Offset of "foo"
306 EXPECT_EQ(6U, read_uint32(buf.get() + 41));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]307
308 // Check that deserialization works.
309 AuthorizationSet deserialized1(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]310 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]311
312 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]313 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
314 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]315
316 //
317 // Now mess them up in various ways:
318 //
319
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]320 // Move "foo" offset so offset + length goes off the end
321 add_to_uint32(buf.get() + 41, 1);
322 AuthorizationSet deserialized2(buf.get(), size);
323 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
324 add_to_uint32(buf.get() + 41, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]325
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]326 // Shorten the "my_app" length to make a gap between the blobs.
327 add_to_uint32(buf.get() + 25, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]328 AuthorizationSet deserialized3(buf.get(), size);
329 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]330 add_to_uint32(buf.get() + 25, 1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]331
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]332 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
333 // total length the same. We don't detect this but should.
334 // TODO(swillden): Detect overlaps and holes that leave total size correct.
335 add_to_uint32(buf.get() + 25, 1);
336 add_to_uint32(buf.get() + 37, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]337 AuthorizationSet deserialized4(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]338 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]339}
340
341TEST(Growable, SuccessfulRoundTrip) {
342 keymaster_key_param_t elems_buf[20];
343 uint8_t data_buf[200];
344
345 AuthorizationSet growable;
346 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
347 EXPECT_EQ(1U, growable.size());
348
349 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
350 EXPECT_EQ(2U, growable.size());
351
352 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
353 EXPECT_EQ(3U, growable.size());
354
355 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
356 EXPECT_EQ(4U, growable.size());
357
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]358 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
359 EXPECT_EQ(5U, growable.size());
360
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]361 size_t serialize_size = growable.SerializedSize();
362 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]363 EXPECT_EQ(serialized.get() + serialize_size,
364 growable.Serialize(serialized.get(), serialized.get() + serialize_size));
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]365
366 AuthorizationSet deserialized(serialized.get(), serialize_size);
367 EXPECT_EQ(growable, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]368}
369
370TEST(Growable, InsufficientElemBuf) {
371 keymaster_key_param_t elems_buf[1];
372 uint8_t data_buf[200];
373
374 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]375 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]376
377 // First insertion fits.
378 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
379 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]380 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]381
382 // Second does too.
383 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
384 EXPECT_EQ(2U, growable.size());
385}
386
387TEST(Growable, InsufficientIndirectBuf) {
388 keymaster_key_param_t elems_buf[3];
389 uint8_t data_buf[10];
390
391 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]392 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]393
394 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
395 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]396 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]397
398 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
399 EXPECT_EQ(2U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]400 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]401
402 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
403 EXPECT_EQ(3U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]404 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]405
406 // Can still add another entry without indirect data. Now it's full.
407 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
408 EXPECT_EQ(4U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]409 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]410}
411
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]412TEST(Growable, PushBackSets) {
413 keymaster_key_param_t params[] = {
414 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
415 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
416 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
417 Authorization(TAG_USER_ID, 7),
418 Authorization(TAG_USER_AUTH_ID, 8),
419 Authorization(TAG_APPLICATION_ID, "my_app", 6),
420 Authorization(TAG_KEY_SIZE, 256),
421 Authorization(TAG_AUTH_TIMEOUT, 300),
422 };
423 AuthorizationSet set1(params, array_length(params));
424 AuthorizationSet set2(params, array_length(params));
425
426 AuthorizationSet combined;
427 EXPECT_TRUE(combined.push_back(set1));
428 EXPECT_TRUE(combined.push_back(set2));
429 EXPECT_EQ(array_length(params) * 2, combined.size());
430 EXPECT_EQ(12U, combined.indirect_size());
431}
432
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]433TEST(GetValue, GetInt) {
434 keymaster_key_param_t params[] = {
435 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
436 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
437 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
438 Authorization(TAG_USER_ID, 7),
439 Authorization(TAG_USER_AUTH_ID, 8),
440 Authorization(TAG_APPLICATION_ID, "my_app", 6),
441 Authorization(TAG_AUTH_TIMEOUT, 300),
442 };
443 AuthorizationSet set(params, array_length(params));
444
445 uint32_t val;
446 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
447 EXPECT_EQ(7U, val);
448
449 // Find one that isn't there
450 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
451}
452
453TEST(GetValue, GetIntRep) {
454 keymaster_key_param_t params[] = {
455 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
456 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
457 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
458 Authorization(TAG_USER_ID, 7),
459 Authorization(TAG_USER_AUTH_ID, 8),
460 Authorization(TAG_APPLICATION_ID, "my_app", 6),
461 Authorization(TAG_AUTH_TIMEOUT, 300),
462 };
463 AuthorizationSet set(params, array_length(params));
464
465 uint32_t val;
466 EXPECT_TRUE(set.GetTagValue(TAG_USER_AUTH_ID, 0, &val));
467 EXPECT_EQ(8U, val);
468
469 // Find one that isn't there
470 EXPECT_FALSE(set.GetTagValue(TAG_USER_AUTH_ID, 1, &val));
471}
472
473TEST(GetValue, GetLong) {
474 keymaster_key_param_t params1[] = {
475 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
476 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
477 keymaster_param_long(TAG_RSA_PUBLIC_EXPONENT, 3),
478 };
479 AuthorizationSet set1(params1, array_length(params1));
480
481 keymaster_key_param_t params2[] = {
482 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
483 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
484 };
485 AuthorizationSet set2(params2, array_length(params2));
486
487 uint64_t val;
488 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
489 EXPECT_EQ(3U, val);
490
491 // Find one that isn't there
492 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
493}
494
495TEST(GetValue, GetEnum) {
496 keymaster_key_param_t params[] = {
497 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
498 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
499 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
500 Authorization(TAG_USER_ID, 7),
501 Authorization(TAG_USER_AUTH_ID, 8),
502 Authorization(TAG_APPLICATION_ID, "my_app", 6),
503 Authorization(TAG_AUTH_TIMEOUT, 300),
504 };
505 AuthorizationSet set(params, array_length(params));
506
507 keymaster_algorithm_t val;
508 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
509 EXPECT_EQ(KM_ALGORITHM_RSA, val);
510
511 // Find one that isn't there
512 keymaster_padding_t val2;
513 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
514}
515
516TEST(GetValue, GetEnumRep) {
517 keymaster_key_param_t params[] = {
518 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
519 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
520 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
521 Authorization(TAG_USER_ID, 7),
522 Authorization(TAG_USER_AUTH_ID, 8),
523 Authorization(TAG_APPLICATION_ID, "my_app", 6),
524 Authorization(TAG_AUTH_TIMEOUT, 300),
525 };
526 AuthorizationSet set(params, array_length(params));
527
528 keymaster_purpose_t val;
529 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
530 EXPECT_EQ(KM_PURPOSE_SIGN, val);
531 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
532 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
533
534 // Find one that isn't there
535 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
536}
537
538TEST(GetValue, GetDate) {
539 keymaster_key_param_t params[] = {
540 Authorization(TAG_ACTIVE_DATETIME, 10),
541 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
542 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
543 Authorization(TAG_USER_ID, 7),
544 Authorization(TAG_USER_AUTH_ID, 8),
545 Authorization(TAG_APPLICATION_ID, "my_app", 6),
546 Authorization(TAG_AUTH_TIMEOUT, 300),
547 };
548 AuthorizationSet set(params, array_length(params));
549
550 uint64_t val;
551 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
552 EXPECT_EQ(10U, val);
553
554 // Find one that isn't there
555 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
556}
557
558TEST(GetValue, GetBlob) {
559 keymaster_key_param_t params[] = {
560 Authorization(TAG_ACTIVE_DATETIME, 10),
561 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
562 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
563 Authorization(TAG_USER_ID, 7),
564 Authorization(TAG_USER_AUTH_ID, 8),
565 Authorization(TAG_APPLICATION_ID, "my_app", 6),
566 Authorization(TAG_AUTH_TIMEOUT, 300),
567 };
568 AuthorizationSet set(params, array_length(params));
569
570 keymaster_blob_t val;
571 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
572 EXPECT_EQ(6U, val.data_length);
573 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
574
575 // Find one that isn't there
576 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
577}
578
579} // namespace test
580} // namespace keymaster