Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / eb63b9799eadcaa6ef206f8b804d7432e0dab14a / . / authorization_set_test.cpp
blob: f632dfef69006e2756828f78a301a2bd93dcf040 [file] [log] [blame]
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
18
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]19#include <keymaster/authorization_set.h>
20#include <keymaster/google_keymaster_utils.h>
21
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]22#include "google_keymaster_test_utils.h"
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]23
24int main(int argc, char** argv) {
25 ::testing::InitGoogleTest(&argc, argv);
26 int result = RUN_ALL_TESTS();
27 return result;
28}
29
30namespace keymaster {
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]31
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]32namespace test {
33
34TEST(Construction, ListProvided) {
35 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]36 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
37 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]38 Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD),
39 Authorization(TAG_APPLICATION_ID, "my_app", 6), Authorization(TAG_KEY_SIZE, 256),
40 Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]41 };
42 AuthorizationSet set(params, array_length(params));
43 EXPECT_EQ(8U, set.size());
44}
45
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]46TEST(Construction, Copy) {
47 keymaster_key_param_t params[] = {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]48 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
49 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]50 Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD),
51 Authorization(TAG_APPLICATION_ID, "my_app", 6), Authorization(TAG_KEY_SIZE, 256),
52 Authorization(TAG_AUTH_TIMEOUT, 300),
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]53 };
54 AuthorizationSet set(params, array_length(params));
55 AuthorizationSet set2(set);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]56 EXPECT_EQ(set, set2);
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]57}
58
Shawn Willdenb58dcde2015-03-02 12:53:13 -0700[diff] [blame]59TEST(Construction, NullProvided) {
60 keymaster_key_param_t params[] = {
61 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
62 };
63
64 AuthorizationSet set1(params, 0);
65 EXPECT_EQ(0, set1.size());
66 EXPECT_EQ(AuthorizationSet::OK, set1.is_valid());
67
68 AuthorizationSet set2(reinterpret_cast<keymaster_key_param_t*>(NULL), array_length(params));
69 EXPECT_EQ(0, set2.size());
70 EXPECT_EQ(AuthorizationSet::OK, set2.is_valid());
71}
72
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]73TEST(Lookup, NonRepeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]74 AuthorizationSet set(AuthorizationSetBuilder()
75 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
76 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
77 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
78 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]79 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]80 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
81 .Authorization(TAG_KEY_SIZE, 256)
82 .Authorization(TAG_AUTH_TIMEOUT, 300));
83
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]84 EXPECT_EQ(8U, set.size());
85
86 int pos = set.find(TAG_ALGORITHM);
87 ASSERT_NE(-1, pos);
88 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
89 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
90
91 pos = set.find(TAG_MAC_LENGTH);
92 EXPECT_EQ(-1, pos);
93
94 uint32_t int_val = 0;
95 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
96 EXPECT_EQ(7U, int_val);
97
98 keymaster_blob_t blob_val;
99 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
100 EXPECT_EQ(6U, blob_val.data_length);
101 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
102}
103
104TEST(Lookup, Repeated) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]105 AuthorizationSet set(AuthorizationSetBuilder()
106 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
107 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
108 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
109 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]110 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]111 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
112 .Authorization(TAG_KEY_SIZE, 256)
113 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]114 EXPECT_EQ(8U, set.size());
115
116 int pos = set.find(TAG_PURPOSE);
117 ASSERT_FALSE(pos == -1);
118 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
119 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
120
121 pos = set.find(TAG_PURPOSE, pos);
122 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
123 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
124
125 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
126}
127
128TEST(Lookup, Indexed) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]129 AuthorizationSet set(AuthorizationSetBuilder()
130 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
131 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
132 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
133 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]134 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]135 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
136 .Authorization(TAG_KEY_SIZE, 256)
137 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]138 EXPECT_EQ(8U, set.size());
139
140 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
141 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
142
143 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
144 // running under valgrind).
145 EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
146}
147
148TEST(Serialization, RoundTrip) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]149 AuthorizationSet set(AuthorizationSetBuilder()
150 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
151 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
152 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
153 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]154 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]155 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
156 .Authorization(TAG_KEY_SIZE, 256)
157 .Authorization(TAG_AUTH_TIMEOUT, 300)
158 .Authorization(TAG_ALL_USERS)
159 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
160 .Authorization(TAG_ACTIVE_DATETIME, 10));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]161
162 size_t size = set.SerializedSize();
163 EXPECT_TRUE(size > 0);
164
165 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]166 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]167 AuthorizationSet deserialized(buf.get(), size);
168
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]169 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]170 EXPECT_EQ(set, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]171
172 int pos = deserialized.find(TAG_APPLICATION_ID);
173 ASSERT_NE(-1, pos);
174 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
175 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
176 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
177}
178
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]179TEST(Deserialization, Deserialize) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]180 AuthorizationSet set(AuthorizationSetBuilder()
181 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
182 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
183 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
184 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]185 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]186 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
187 .Authorization(TAG_KEY_SIZE, 256)
188 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]189
190 size_t size = set.SerializedSize();
191 EXPECT_TRUE(size > 0);
192
193 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]194 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]195 AuthorizationSet deserialized;
196 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]197 EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]198 EXPECT_EQ(p, buf.get() + size);
199
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]200 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]201
202 EXPECT_EQ(set.size(), deserialized.size());
203 for (size_t i = 0; i < set.size(); ++i) {
204 EXPECT_EQ(set[i].tag, deserialized[i].tag);
205 }
206
207 int pos = deserialized.find(TAG_APPLICATION_ID);
208 ASSERT_NE(-1, pos);
209 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
210 EXPECT_EQ(6U, deserialized[pos].blob.data_length);
211 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
212}
213
214TEST(Deserialization, TooShortBuffer) {
215 uint8_t buf[] = {0, 0, 0};
216 AuthorizationSet deserialized(buf, array_length(buf));
217 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
218
219 const uint8_t* p = buf;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]220 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]221 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
222}
223
224TEST(Deserialization, InvalidLengthField) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]225 AuthorizationSet set(AuthorizationSetBuilder()
226 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
227 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
228 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
229 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]230 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]231 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
232 .Authorization(TAG_KEY_SIZE, 256)
233 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]234
235 size_t size = set.SerializedSize();
236 EXPECT_TRUE(size > 0);
237
238 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]239 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]240 *reinterpret_cast<uint32_t*>(buf.get()) = 9;
241
242 AuthorizationSet deserialized(buf.get(), size);
243 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
244
245 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]246 EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]247 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
248}
249
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]250static uint32_t read_uint32(const uint8_t* buf) {
251 uint32_t val;
252 memcpy(&val, buf, sizeof(val));
253 return val;
254}
255
256static void add_to_uint32(uint8_t* buf, int delta) {
257 uint32_t val;
258 memcpy(&val, buf, sizeof(val));
259 val += delta;
260 memcpy(buf, &val, sizeof(val));
261}
262
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]263TEST(Deserialization, MalformedIndirectData) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]264 AuthorizationSet set(AuthorizationSetBuilder()
265 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
266 .Authorization(TAG_APPLICATION_DATA, "foo", 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]267 size_t size = set.SerializedSize();
268
269 UniquePtr<uint8_t[]> buf(new uint8_t[size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]270 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]271
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]272 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
273 // this particular set, which means it's brittle. But it's important to test that we handle
274 // broken serialized data and I can't think of a better way to write this.
275 //
276 // The contents of buf are:
277 //
278 // Bytes: Content:
279 // 0-3 Length of string data, which is 9.
280 // 4-9 "my_app"
281 // 10-12 "foo"
282 // 13-16 Number of elements, which is 2.
283 // 17-20 Length of elements, which is 24.
284 // 21-24 First tag, TAG_APPLICATION_ID
285 // 25-28 Length of string "my_app", 6
286 // 29-32 Offset of string "my_app", 0
287 // 33-36 Second tag, TAG_APPLICATION_DATA
288 // 37-40 Length of string "foo", 3
289 // 41-44 Offset of string "foo", 6
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]290
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]291 // Check that stuff is where we think.
292 EXPECT_EQ('m', buf[4]);
293 EXPECT_EQ('f', buf[10]);
294 // Length of "my_app"
295 EXPECT_EQ(6U, read_uint32(buf.get() + 25));
296 // Offset of "my_app"
297 EXPECT_EQ(0U, read_uint32(buf.get() + 29));
298 // Length of "foo"
299 EXPECT_EQ(3U, read_uint32(buf.get() + 37));
300 // Offset of "foo"
301 EXPECT_EQ(6U, read_uint32(buf.get() + 41));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]302
303 // Check that deserialization works.
304 AuthorizationSet deserialized1(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]305 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]306
307 const uint8_t* p = buf.get();
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]308 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
309 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]310
311 //
312 // Now mess them up in various ways:
313 //
314
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]315 // Move "foo" offset so offset + length goes off the end
316 add_to_uint32(buf.get() + 41, 1);
317 AuthorizationSet deserialized2(buf.get(), size);
318 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
319 add_to_uint32(buf.get() + 41, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]320
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]321 // Shorten the "my_app" length to make a gap between the blobs.
322 add_to_uint32(buf.get() + 25, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]323 AuthorizationSet deserialized3(buf.get(), size);
324 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]325 add_to_uint32(buf.get() + 25, 1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]326
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]327 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
328 // total length the same. We don't detect this but should.
329 // TODO(swillden): Detect overlaps and holes that leave total size correct.
330 add_to_uint32(buf.get() + 25, 1);
331 add_to_uint32(buf.get() + 37, -1);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]332 AuthorizationSet deserialized4(buf.get(), size);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]333 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]334}
335
336TEST(Growable, SuccessfulRoundTrip) {
337 keymaster_key_param_t elems_buf[20];
338 uint8_t data_buf[200];
339
340 AuthorizationSet growable;
341 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
342 EXPECT_EQ(1U, growable.size());
343
344 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
345 EXPECT_EQ(2U, growable.size());
346
347 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
348 EXPECT_EQ(3U, growable.size());
349
350 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
351 EXPECT_EQ(4U, growable.size());
352
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]353 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
354 EXPECT_EQ(5U, growable.size());
355
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]356 size_t serialize_size = growable.SerializedSize();
357 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]358 EXPECT_EQ(serialized.get() + serialize_size,
359 growable.Serialize(serialized.get(), serialized.get() + serialize_size));
Shawn Willden834e8072014-08-09 16:38:53 -0600[diff] [blame]360
361 AuthorizationSet deserialized(serialized.get(), serialize_size);
362 EXPECT_EQ(growable, deserialized);
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]363}
364
365TEST(Growable, InsufficientElemBuf) {
366 keymaster_key_param_t elems_buf[1];
367 uint8_t data_buf[200];
368
369 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]370 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]371
372 // First insertion fits.
373 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
374 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]375 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]376
377 // Second does too.
378 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
379 EXPECT_EQ(2U, growable.size());
380}
381
382TEST(Growable, InsufficientIndirectBuf) {
383 keymaster_key_param_t elems_buf[3];
384 uint8_t data_buf[10];
385
386 AuthorizationSet growable;
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]387 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]388
389 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
390 EXPECT_EQ(1U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]391 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]392
393 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
394 EXPECT_EQ(2U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]395 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]396
397 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
398 EXPECT_EQ(3U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]399 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]400
401 // Can still add another entry without indirect data. Now it's full.
402 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
403 EXPECT_EQ(4U, growable.size());
Shawn Willden58e1a542014-08-08 21:58:29 -0600[diff] [blame]404 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]405}
406
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]407TEST(Growable, PushBackSets) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]408 AuthorizationSetBuilder builder;
409 builder.Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
410 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
411 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
412 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]413 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]414 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
415 .Authorization(TAG_KEY_SIZE, 256)
416 .Authorization(TAG_AUTH_TIMEOUT, 300);
417
418 AuthorizationSet set1(builder.build());
419 AuthorizationSet set2(builder.build());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]420
421 AuthorizationSet combined;
422 EXPECT_TRUE(combined.push_back(set1));
423 EXPECT_TRUE(combined.push_back(set2));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]424 EXPECT_EQ(set1.size() + set2.size(), combined.size());
Shawn Willden37012132014-08-19 08:15:57 -0600[diff] [blame]425 EXPECT_EQ(12U, combined.indirect_size());
426}
427
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]428TEST(GetValue, GetInt) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]429 AuthorizationSet set(AuthorizationSetBuilder()
430 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
431 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
432 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
433 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]434 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]435 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
436 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]437
438 uint32_t val;
439 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
440 EXPECT_EQ(7U, val);
441
442 // Find one that isn't there
443 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
444}
445
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]446TEST(GetValue, GetLong) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]447 AuthorizationSet set1(AuthorizationSetBuilder()
448 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
449 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
450 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
451 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]452
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]453 AuthorizationSet set2(AuthorizationSetBuilder()
454 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
455 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
456 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]457
458 uint64_t val;
459 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
460 EXPECT_EQ(3U, val);
461
462 // Find one that isn't there
463 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
464}
465
466TEST(GetValue, GetEnum) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]467 AuthorizationSet set(AuthorizationSetBuilder()
468 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
469 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
470 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
471 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]472 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]473 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
474 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]475
476 keymaster_algorithm_t val;
477 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
478 EXPECT_EQ(KM_ALGORITHM_RSA, val);
479
480 // Find one that isn't there
481 keymaster_padding_t val2;
482 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
483}
484
485TEST(GetValue, GetEnumRep) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]486 AuthorizationSet set(AuthorizationSetBuilder()
487 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
488 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
489 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
490 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]491 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]492 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
493 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]494
495 keymaster_purpose_t val;
496 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
497 EXPECT_EQ(KM_PURPOSE_SIGN, val);
498 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
499 EXPECT_EQ(KM_PURPOSE_VERIFY, val);
500
501 // Find one that isn't there
502 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
503}
504
505TEST(GetValue, GetDate) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]506 AuthorizationSet set(AuthorizationSetBuilder()
507 .Authorization(TAG_ACTIVE_DATETIME, 10)
508 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
509 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
510 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
511 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]512 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]513 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
514 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]515
516 uint64_t val;
517 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
518 EXPECT_EQ(10U, val);
519
520 // Find one that isn't there
521 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
522}
523
524TEST(GetValue, GetBlob) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]525 AuthorizationSet set(AuthorizationSetBuilder()
526 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
527 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
528 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
529 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]530 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]531 .Authorization(TAG_APPLICATION_ID, "my_app", 6)
532 .Authorization(TAG_AUTH_TIMEOUT, 300));
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]533
534 keymaster_blob_t val;
535 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
536 EXPECT_EQ(6U, val.data_length);
537 EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
538
539 // Find one that isn't there
540 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
541}
542
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]543TEST(Deduplication, NoDuplicates) {
544 AuthorizationSet set(AuthorizationSetBuilder()
545 .Authorization(TAG_ACTIVE_DATETIME, 10)
546 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
547 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]548 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]549 AuthorizationSet copy(set);
550
551 EXPECT_EQ(copy, set);
552 set.Deduplicate();
553 EXPECT_EQ(copy.size(), set.size());
554
555 // Sets no longer compare equal, because of ordering (ugh, maybe it should be
556 // AuthorizationList, not AuthorizationSet).
557 EXPECT_NE(copy, set);
558}
559
560TEST(Deduplication, NoDuplicatesHasInvalid) {
561 AuthorizationSet set(AuthorizationSetBuilder()
562 .Authorization(TAG_ACTIVE_DATETIME, 10)
563 .Authorization(TAG_INVALID)
564 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
565 .Authorization(TAG_USER_ID, 7)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]566 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]567 AuthorizationSet copy(set);
568
569 EXPECT_EQ(copy, set);
570 set.Deduplicate();
571
572 // Deduplicate should have removed the invalid.
573 EXPECT_EQ(copy.size() - 1, set.size());
574 EXPECT_NE(copy, set);
575}
576
577TEST(Deduplication, DuplicateEnum) {
578 AuthorizationSet set(AuthorizationSetBuilder()
579 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
580 .Authorization(TAG_ACTIVE_DATETIME, 10)
581 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
582 .Authorization(TAG_USER_ID, 7)
583 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]584 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]585 AuthorizationSet copy(set);
586
587 EXPECT_EQ(copy, set);
588 set.Deduplicate();
589 EXPECT_EQ(copy.size() - 2, set.size());
590 EXPECT_NE(copy, set);
591}
592
593TEST(Deduplication, DuplicateBlob) {
594 AuthorizationSet set(AuthorizationSetBuilder()
595 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
596 .Authorization(TAG_ACTIVE_DATETIME, 10)
597 .Authorization(TAG_APPLICATION_DATA, "data", 4)
598 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
599 .Authorization(TAG_USER_ID, 7)
600 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
601 .Authorization(TAG_APPLICATION_DATA, "data", 4)
602 .Authorization(TAG_APPLICATION_DATA, "foo", 3)
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame^]603 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]604 AuthorizationSet copy(set);
605
606 EXPECT_EQ(copy, set);
607 set.Deduplicate();
608 EXPECT_EQ(copy.size() - 3, set.size());
609 EXPECT_NE(copy, set);
610
611 // The real test here is that valgrind reports no leak.
612}
613
Shawn Willden5ada7b62014-07-29 09:44:17 -0600[diff] [blame]614} // namespace test
615} // namespace keymaster