Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 134f453af13aa1f21bbdea5c2fb488e568959611 / . / authorization_set_test.cpp
blob: c869d8da82d0a2c013f430970c73b9024593186b [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]19#include <keymaster/authorization_set.h>
20#include <keymaster/google_keymaster_utils.h>
21
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]22#include "google_keymaster_test_utils.h"
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]23
24int main(int argc, char** argv) {
25 ::testing::InitGoogleTest(&argc, argv);
26 int result = RUN_ALL_TESTS();
27 return result;
28}
29
30namespace keymaster {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]31
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]32namespace test {
33
34TEST(Construction, ListProvided) {
35 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]36 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
37 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
38 Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "my_app", 6),
39 Authorization(TAG_KEY_SIZE, 256), Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]40 };
41 AuthorizationSet set(params, array_length(params));
42 EXPECT_EQ(8U, set.size());
43}
44
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]45TEST(Construction, Copy) {
46 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]47 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
48 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
49 Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "my_app", 6),
50 Authorization(TAG_KEY_SIZE, 256), Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]51 };
52 AuthorizationSet set(params, array_length(params));
53 AuthorizationSet set2(set);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]54 EXPECT_EQ(set, set2);
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]55}
56
Shawn Willdenb58dcde2015-03-02 12:53:13 -0700[diff] [blame]57TEST(Construction, NullProvided) {
58 keymaster_key_param_t params[] = {
59 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
60 };
61
62 AuthorizationSet set1(params, 0);
63 EXPECT_EQ(0, set1.size());
64 EXPECT_EQ(AuthorizationSet::OK, set1.is_valid());
65
66 AuthorizationSet set2(reinterpret_cast<keymaster_key_param_t*>(NULL), array_length(params));
67 EXPECT_EQ(0, set2.size());
68 EXPECT_EQ(AuthorizationSet::OK, set2.is_valid());
69}
70
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]71TEST(Lookup, NonRepeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]72 AuthorizationSet set(AuthorizationSetBuilder()
73 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
74 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
75 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
76 .Authorization(TAG_USER_ID, 7)
77 .Authorization(TAG_USER_AUTH_ID, 8)
78 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
79 .Authorization(TAG_KEY_SIZE, 256)
80 .Authorization(TAG_AUTH_TIMEOUT, 300));
81
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]82 EXPECT_EQ(8U, set.size());
83
84 int pos = set.find(TAG_ALGORITHM);
85 ASSERT_NE(-1, pos);
86 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
87 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
88
89 pos = set.find(TAG_MAC_LENGTH);
90 EXPECT_EQ(-1, pos);
91
92 uint32_t int_val = 0;
93 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
94 EXPECT_EQ(7U, int_val);
95
96 keymaster_blob_t blob_val;
97 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
98 EXPECT_EQ(6U, blob_val.data_length);
99 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
100}
101
102TEST(Lookup, Repeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]103 AuthorizationSet set(AuthorizationSetBuilder()
104 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
105 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
106 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
107 .Authorization(TAG_USER_ID, 7)
108 .Authorization(TAG_USER_AUTH_ID, 8)
109 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
110 .Authorization(TAG_KEY_SIZE, 256)
111 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]112 EXPECT_EQ(8U, set.size());
113
114 int pos = set.find(TAG_PURPOSE);
115 ASSERT_FALSE(pos == -1);
116 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
117 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
118
119 pos = set.find(TAG_PURPOSE, pos);
120 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
121 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
122
123 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
124}
125
126TEST(Lookup, Indexed) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]127 AuthorizationSet set(AuthorizationSetBuilder()
128 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
129 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
130 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
131 .Authorization(TAG_USER_ID, 7)
132 .Authorization(TAG_USER_AUTH_ID, 8)
133 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
134 .Authorization(TAG_KEY_SIZE, 256)
135 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]136 EXPECT_EQ(8U, set.size());
137
138 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
139 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
140
141 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
142 // running under valgrind).
143 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
144}
145
146TEST(Serialization, RoundTrip) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]147 AuthorizationSet set(AuthorizationSetBuilder()
148 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
149 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
150 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
151 .Authorization(TAG_USER_ID, 7)
152 .Authorization(TAG_USER_AUTH_ID, 8)
153 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
154 .Authorization(TAG_KEY_SIZE, 256)
155 .Authorization(TAG_AUTH_TIMEOUT, 300)
156 .Authorization(TAG_ALL_USERS)
157 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
158 .Authorization(TAG_ACTIVE_DATETIME, 10));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]159
160 size_t size = set.SerializedSize();
161 EXPECT_TRUE(size > 0);
162
163 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]164 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]165 AuthorizationSet deserialized(buf.get(), size);
166
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]167 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]168 EXPECT_EQ(set, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]169
170 int pos = deserialized.find(TAG_APPLICATION_ID);
171 ASSERT_NE(-1, pos);
172 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
173 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
174 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
175}
176
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]177TEST(Deserialization, Deserialize) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]178 AuthorizationSet set(AuthorizationSetBuilder()
179 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
180 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
181 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
182 .Authorization(TAG_USER_ID, 7)
183 .Authorization(TAG_USER_AUTH_ID, 8)
184 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
185 .Authorization(TAG_KEY_SIZE, 256)
186 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]187
188 size_t size = set.SerializedSize();
189 EXPECT_TRUE(size > 0);
190
191 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]192 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]193 AuthorizationSet deserialized;
194 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]195 EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]196 EXPECT_EQ(p, buf.get() + size);
197
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]198 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]199
200 EXPECT_EQ(set.size(), deserialized.size());
201 for (size_t i = 0; i < set.size(); ++i) {
202 EXPECT_EQ(set[i].tag, deserialized[i].tag);
203 }
204
205 int pos = deserialized.find(TAG_APPLICATION_ID);
206 ASSERT_NE(-1, pos);
207 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
208 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
209 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
210}
211
212TEST(Deserialization, TooShortBuffer) {
213 uint8_t buf[] = {0, 0, 0};
214 AuthorizationSet deserialized(buf, array_length(buf));
215 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
216
217 const uint8_t* p = buf;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]218 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]219 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
220}
221
222TEST(Deserialization, InvalidLengthField) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]223 AuthorizationSet set(AuthorizationSetBuilder()
224 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
225 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
226 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
227 .Authorization(TAG_USER_ID, 7)
228 .Authorization(TAG_USER_AUTH_ID, 8)
229 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
230 .Authorization(TAG_KEY_SIZE, 256)
231 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]232
233 size_t size = set.SerializedSize();
234 EXPECT_TRUE(size > 0);
235
236 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]237 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]238 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
239
240 AuthorizationSet deserialized(buf.get(), size);
241 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
242
243 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]244 EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]245 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
246}
247
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]248static uint32_t read_uint32(const uint8_t* buf) {
249 uint32_t val;
250 memcpy(&val, buf, sizeof(val));
251 return val;
252}
253
254static void add_to_uint32(uint8_t* buf, int delta) {
255 uint32_t val;
256 memcpy(&val, buf, sizeof(val));
257 val += delta;
258 memcpy(buf, &val, sizeof(val));
259}
260
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]261TEST(Deserialization, MalformedIndirectData) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]262 AuthorizationSet set(AuthorizationSetBuilder()
263 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
264 .Authorization(TAG_APPLICATION_DATA, "foo", 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]265 size_t size = set.SerializedSize();
266
267 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]268 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]269
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]270 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
271 // this particular set, which means it's brittle. But it's important to test that we handle
272 // broken serialized data and I can't think of a better way to write this.
273 //
274 // The contents of buf are:
275 //
276 // Bytes: Content:
277 // 0-3 Length of string data, which is 9.
278 // 4-9 "my_app"
279 // 10-12 "foo"
280 // 13-16 Number of elements, which is 2.
281 // 17-20 Length of elements, which is 24.
282 // 21-24 First tag, TAG_APPLICATION_ID
283 // 25-28 Length of string "my_app", 6
284 // 29-32 Offset of string "my_app", 0
285 // 33-36 Second tag, TAG_APPLICATION_DATA
286 // 37-40 Length of string "foo", 3
287 // 41-44 Offset of string "foo", 6
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]288
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]289 // Check that stuff is where we think.
290 EXPECT_EQ('m', buf[4]);
291 EXPECT_EQ('f', buf[10]);
292 // Length of "my_app"
293 EXPECT_EQ(6U, read_uint32(buf.get() + 25));
294 // Offset of "my_app"
295 EXPECT_EQ(0U, read_uint32(buf.get() + 29));
296 // Length of "foo"
297 EXPECT_EQ(3U, read_uint32(buf.get() + 37));
298 // Offset of "foo"
299 EXPECT_EQ(6U, read_uint32(buf.get() + 41));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]300
301 // Check that deserialization works.
302 AuthorizationSet deserialized1(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]303 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]304
305 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]306 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
307 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]308
309 //
310 // Now mess them up in various ways:
311 //
312
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]313 // Move "foo" offset so offset + length goes off the end
314 add_to_uint32(buf.get() + 41, 1);
315 AuthorizationSet deserialized2(buf.get(), size);
316 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
317 add_to_uint32(buf.get() + 41, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]318
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]319 // Shorten the "my_app" length to make a gap between the blobs.
320 add_to_uint32(buf.get() + 25, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]321 AuthorizationSet deserialized3(buf.get(), size);
322 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]323 add_to_uint32(buf.get() + 25, 1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]324
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]325 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
326 // total length the same. We don't detect this but should.
327 // TODO(swillden): Detect overlaps and holes that leave total size correct.
328 add_to_uint32(buf.get() + 25, 1);
329 add_to_uint32(buf.get() + 37, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]330 AuthorizationSet deserialized4(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]331 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]332}
333
334TEST(Growable, SuccessfulRoundTrip) {
335 keymaster_key_param_t elems_buf[20];
336 uint8_t data_buf[200];
337
338 AuthorizationSet growable;
339 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
340 EXPECT_EQ(1U, growable.size());
341
342 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
343 EXPECT_EQ(2U, growable.size());
344
345 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
346 EXPECT_EQ(3U, growable.size());
347
348 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
349 EXPECT_EQ(4U, growable.size());
350
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]351 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
352 EXPECT_EQ(5U, growable.size());
353
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]354 size_t serialize_size = growable.SerializedSize();
355 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]356 EXPECT_EQ(serialized.get() + serialize_size,
357 growable.Serialize(serialized.get(), serialized.get() + serialize_size));
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]358
359 AuthorizationSet deserialized(serialized.get(), serialize_size);
360 EXPECT_EQ(growable, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]361}
362
363TEST(Growable, InsufficientElemBuf) {
364 keymaster_key_param_t elems_buf[1];
365 uint8_t data_buf[200];
366
367 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]368 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]369
370 // First insertion fits.
371 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
372 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]373 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]374
375 // Second does too.
376 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
377 EXPECT_EQ(2U, growable.size());
378}
379
380TEST(Growable, InsufficientIndirectBuf) {
381 keymaster_key_param_t elems_buf[3];
382 uint8_t data_buf[10];
383
384 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]385 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]386
387 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
388 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]389 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]390
391 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
392 EXPECT_EQ(2U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]393 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]394
395 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
396 EXPECT_EQ(3U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]397 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]398
399 // Can still add another entry without indirect data. Now it's full.
400 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
401 EXPECT_EQ(4U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]402 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]403}
404
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]405TEST(Growable, PushBackSets) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]406 AuthorizationSetBuilder builder;
407 builder.Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
408 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
409 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
410 .Authorization(TAG_USER_ID, 7)
411 .Authorization(TAG_USER_AUTH_ID, 8)
412 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
413 .Authorization(TAG_KEY_SIZE, 256)
414 .Authorization(TAG_AUTH_TIMEOUT, 300);
415
416 AuthorizationSet set1(builder.build());
417 AuthorizationSet set2(builder.build());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]418
419 AuthorizationSet combined;
420 EXPECT_TRUE(combined.push_back(set1));
421 EXPECT_TRUE(combined.push_back(set2));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]422 EXPECT_EQ(set1.size() + set2.size(), combined.size());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]423 EXPECT_EQ(12U, combined.indirect_size());
424}
425
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]426TEST(GetValue, GetInt) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]427 AuthorizationSet set(AuthorizationSetBuilder()
428 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
429 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
430 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
431 .Authorization(TAG_USER_ID, 7)
432 .Authorization(TAG_USER_AUTH_ID, 8)
433 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
434 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]435
436 uint32_t val;
437 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
438 EXPECT_EQ(7U, val);
439
440 // Find one that isn't there
441 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
442}
443
444TEST(GetValue, GetIntRep) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]445 AuthorizationSet set(AuthorizationSetBuilder()
446 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
447 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
448 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
449 .Authorization(TAG_USER_ID, 7)
450 .Authorization(TAG_USER_AUTH_ID, 8)
451 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
452 .Authorization(TAG_KEY_SIZE, 256)
453 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]454
455 uint32_t val;
456 EXPECT_TRUE(set.GetTagValue(TAG_USER_AUTH_ID, 0, &val));
457 EXPECT_EQ(8U, val);
458
459 // Find one that isn't there
460 EXPECT_FALSE(set.GetTagValue(TAG_USER_AUTH_ID, 1, &val));
461}
462
463TEST(GetValue, GetLong) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]464 AuthorizationSet set1(AuthorizationSetBuilder()
465 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
466 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
467 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
468 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]469
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]470 AuthorizationSet set2(AuthorizationSetBuilder()
471 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
472 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
473 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]474
475 uint64_t val;
476 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
477 EXPECT_EQ(3U, val);
478
479 // Find one that isn't there
480 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
481}
482
483TEST(GetValue, GetEnum) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]484 AuthorizationSet set(AuthorizationSetBuilder()
485 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
486 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
487 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
488 .Authorization(TAG_USER_ID, 7)
489 .Authorization(TAG_USER_AUTH_ID, 8)
490 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
491 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]492
493 keymaster_algorithm_t val;
494 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
495 EXPECT_EQ(KM_ALGORITHM_RSA, val);
496
497 // Find one that isn't there
498 keymaster_padding_t val2;
499 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
500}
501
502TEST(GetValue, GetEnumRep) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]503 AuthorizationSet set(AuthorizationSetBuilder()
504 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
505 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
506 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
507 .Authorization(TAG_USER_ID, 7)
508 .Authorization(TAG_USER_AUTH_ID, 8)
509 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
510 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]511
512 keymaster_purpose_t val;
513 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
514 EXPECT_EQ(KM_PURPOSE_SIGN, val);
515 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
516 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
517
518 // Find one that isn't there
519 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
520}
521
522TEST(GetValue, GetDate) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]523 AuthorizationSet set(AuthorizationSetBuilder()
524 .Authorization(TAG_ACTIVE_DATETIME, 10)
525 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
526 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
527 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
528 .Authorization(TAG_USER_ID, 7)
529 .Authorization(TAG_USER_AUTH_ID, 8)
530 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
531 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]532
533 uint64_t val;
534 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
535 EXPECT_EQ(10U, val);
536
537 // Find one that isn't there
538 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
539}
540
541TEST(GetValue, GetBlob) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]542 AuthorizationSet set(AuthorizationSetBuilder()
543 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
544 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
545 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
546 .Authorization(TAG_USER_ID, 7)
547 .Authorization(TAG_USER_AUTH_ID, 8)
548 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
549 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]550
551 keymaster_blob_t val;
552 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
553 EXPECT_EQ(6U, val.data_length);
554 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
555
556 // Find one that isn't there
557 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
558}
559
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]560TEST(Deduplication, NoDuplicates) {
561 AuthorizationSet set(AuthorizationSetBuilder()
562 .Authorization(TAG_ACTIVE_DATETIME, 10)
563 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
564 .Authorization(TAG_USER_ID, 7)
565 .Authorization(TAG_USER_AUTH_ID, 8));
566 AuthorizationSet copy(set);
567
568 EXPECT_EQ(copy, set);
569 set.Deduplicate();
570 EXPECT_EQ(copy.size(), set.size());
571
572 // Sets no longer compare equal, because of ordering (ugh, maybe it should be
573 // AuthorizationList, not AuthorizationSet).
574 EXPECT_NE(copy, set);
575}
576
577TEST(Deduplication, NoDuplicatesHasInvalid) {
578 AuthorizationSet set(AuthorizationSetBuilder()
579 .Authorization(TAG_ACTIVE_DATETIME, 10)
580 .Authorization(TAG_INVALID)
581 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
582 .Authorization(TAG_USER_ID, 7)
583 .Authorization(TAG_USER_AUTH_ID, 8));
584 AuthorizationSet copy(set);
585
586 EXPECT_EQ(copy, set);
587 set.Deduplicate();
588
589 // Deduplicate should have removed the invalid.
590 EXPECT_EQ(copy.size() - 1, set.size());
591 EXPECT_NE(copy, set);
592}
593
594TEST(Deduplication, DuplicateEnum) {
595 AuthorizationSet set(AuthorizationSetBuilder()
596 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
597 .Authorization(TAG_ACTIVE_DATETIME, 10)
598 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
599 .Authorization(TAG_USER_ID, 7)
600 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
601 .Authorization(TAG_USER_AUTH_ID, 8));
602 AuthorizationSet copy(set);
603
604 EXPECT_EQ(copy, set);
605 set.Deduplicate();
606 EXPECT_EQ(copy.size() - 2, set.size());
607 EXPECT_NE(copy, set);
608}
609
610TEST(Deduplication, DuplicateBlob) {
611 AuthorizationSet set(AuthorizationSetBuilder()
612 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
613 .Authorization(TAG_ACTIVE_DATETIME, 10)
614 .Authorization(TAG_APPLICATION_DATA, "data", 4)
615 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
616 .Authorization(TAG_USER_ID, 7)
617 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
618 .Authorization(TAG_APPLICATION_DATA, "data", 4)
619 .Authorization(TAG_APPLICATION_DATA, "foo", 3)
620 .Authorization(TAG_USER_AUTH_ID, 8));
621 AuthorizationSet copy(set);
622
623 EXPECT_EQ(copy, set);
624 set.Deduplicate();
625 EXPECT_EQ(copy.size() - 3, set.size());
626 EXPECT_NE(copy, set);
627
628 // The real test here is that valgrind reports no leak.
629}
630
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]631} // namespace test
632} // namespace keymaster