summaryrefslogtreecommitdiff
Diffstat
-rwxr-xr-x4.0/AmlogicKeymaster4Device.cpp571
-rwxr-xr-x4.0/android.hardware.keymaster@4.0-service.amlogic.rc4
-rwxr-xr-x4.0/service.cpp43
-rwxr-xr-x[-rw-r--r--]8efb1e1c-37e5-4326-a5d68c33726c7d57.ta11646
-rwxr-xr-xAmlogicKeymaster.cpp352
-rwxr-xr-x[-rw-r--r--]Android.mk125
-rw-r--r--aml_keymaster_device.cpp1021
-rw-r--r--aml_keymaster_device.h194
-rw-r--r--aml_keymaster_ipc.cpp128
-rw-r--r--aml_keymaster_ipc.h33
-rwxr-xr-xinclude/amlogic_keymaster/AmlogicKeymaster.h86
-rwxr-xr-xinclude/amlogic_keymaster/AmlogicKeymaster4Device.h105
-rwxr-xr-xinclude/amlogic_keymaster/amlogic_keymaster_messages.h222
-rwxr-xr-xinclude/amlogic_keymaster/ipc/amlogic_keymaster_ipc.h52
-rwxr-xr-x[-rw-r--r--]include/amlogic_keymaster/ipc/keymaster_ipc.h (renamed from keymaster_ipc.h)17
-rwxr-xr-xipc/amlogic_keymaster_ipc.cpp325
-rw-r--r--module.cpp61
-rw-r--r--unit_test/android_keymaster_messages_test.cpp732
-rw-r--r--unit_test/android_keymaster_test.cpp3976
-rw-r--r--unit_test/android_keymaster_test_utils.cpp902
-rw-r--r--unit_test/android_keymaster_test_utils.h470
-rw-r--r--unit_test/android_keymaster_utils.h306
-rw-r--r--unit_test/attestation_record.cpp690
-rw-r--r--unit_test/attestation_record.h62
-rw-r--r--unit_test/attestation_record_test.cpp145
-rw-r--r--unit_test/authorization_set_test.cpp745
-rw-r--r--unit_test/ecies_kem_test.cpp73
-rw-r--r--unit_test/gtest_main.cpp34
-rw-r--r--unit_test/hkdf_test.cpp78
-rw-r--r--unit_test/hmac_test.cpp84
-rw-r--r--unit_test/kdf1_test.cpp60
-rw-r--r--unit_test/kdf2_test.cpp86
-rw-r--r--unit_test/kdf_test.cpp46
-rw-r--r--unit_test/key_blob_test.cpp362
-rw-r--r--unit_test/keymaster0_engine.h103
-rw-r--r--unit_test/keymaster1_engine.h123
-rw-r--r--unit_test/keymaster_configuration_test.cpp68
-rw-r--r--unit_test/keymaster_enforcement_test.cpp872
-rw-r--r--unit_test/keymaster_tags.cpp173
-rw-r--r--unit_test/nist_curve_key_exchange_test.cpp219
-rw-r--r--unit_test/openssl_utils.h100
-rw-r--r--unit_test/sw_rsa_attest_root.key.pem15
42 files changed, 6493 insertions, 19016 deletions
diff --git a/unit_test/authorization_set_test.cpp b/unit_test/authorization_set_test.cpp
deleted file mode 100644
index f3f4412..0000000
--- a/unit_test/authorization_set_test.cpp
+++ b/dev/null
@@ -1,745 +0,0 @@
-/*
- * Copyright (C) 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <gtest/gtest.h>
-
-#include <keymaster/authorization_set.h>
-#include <keymaster/android_keymaster_utils.h>
-
-#include "android_keymaster_test_utils.h"
-
-namespace keymaster {
-
-namespace test {
-
-TEST(Construction, ListProvided) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD),
- Authorization(TAG_APPLICATION_ID, "my_app", 6), Authorization(TAG_KEY_SIZE, 256),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- AuthorizationSet set(params, array_length(params));
- EXPECT_EQ(8U, set.size());
-}
-
-TEST(Construction, Copy) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_USER_ID, 7),
- Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD),
- Authorization(TAG_APPLICATION_ID, "my_app", 6), Authorization(TAG_KEY_SIZE, 256),
- Authorization(TAG_AUTH_TIMEOUT, 300),
- };
- AuthorizationSet set(params, array_length(params));
- AuthorizationSet set2(set);
- EXPECT_EQ(set, set2);
-}
-
-TEST(Construction, NullProvided) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- };
-
- AuthorizationSet set1(params, 0);
- EXPECT_EQ(0U, set1.size());
- EXPECT_EQ(AuthorizationSet::OK, set1.is_valid());
-
- AuthorizationSet set2(reinterpret_cast<keymaster_key_param_t*>(NULL), array_length(params));
- EXPECT_EQ(0U, set2.size());
- EXPECT_EQ(AuthorizationSet::OK, set2.is_valid());
-}
-
-TEST(Lookup, NonRepeated) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- EXPECT_EQ(8U, set.size());
-
- int pos = set.find(TAG_ALGORITHM);
- ASSERT_NE(-1, pos);
- EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag);
- EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated);
-
- pos = set.find(TAG_MAC_LENGTH);
- EXPECT_EQ(-1, pos);
-
- uint32_t int_val = 0;
- EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val));
- EXPECT_EQ(7U, int_val);
-
- keymaster_blob_t blob_val;
- EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val));
- EXPECT_EQ(6U, blob_val.data_length);
- EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6));
-}
-
-TEST(Lookup, Repeated) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_SECURE_ID, 47727)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
- EXPECT_EQ(9U, set.size());
-
- int pos = set.find(TAG_PURPOSE);
- ASSERT_FALSE(pos == -1);
- EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
- EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated);
-
- pos = set.find(TAG_PURPOSE, pos);
- EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag);
- EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated);
-
- EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos));
-
- pos = set.find(TAG_USER_SECURE_ID, pos);
- EXPECT_EQ(KM_TAG_USER_SECURE_ID, set[pos].tag);
- EXPECT_EQ(47727U, set[pos].long_integer);
-}
-
-TEST(Lookup, Indexed) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
- EXPECT_EQ(8U, set.size());
-
- EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag);
- EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated);
-
- // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by
- // running under valgrind).
- EXPECT_EQ(KM_TAG_INVALID, set[10].tag);
-}
-
-TEST(Serialization, RoundTrip) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_USER_SECURE_ID, 47727)
- .Authorization(TAG_AUTH_TIMEOUT, 300)
- .Authorization(TAG_ALL_USERS)
- .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
- .Authorization(TAG_ACTIVE_DATETIME, 10));
-
- size_t size = set.SerializedSize();
- EXPECT_TRUE(size > 0);
-
- UniquePtr<uint8_t[]> buf(new uint8_t[size]);
- EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
- AuthorizationSet deserialized(buf.get(), size);
-
- EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
- EXPECT_EQ(set, deserialized);
-
- int pos = deserialized.find(TAG_APPLICATION_ID);
- ASSERT_NE(-1, pos);
- EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
- EXPECT_EQ(6U, deserialized[pos].blob.data_length);
- EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
-}
-
-TEST(Deserialization, Deserialize) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- size_t size = set.SerializedSize();
- EXPECT_TRUE(size > 0);
-
- UniquePtr<uint8_t[]> buf(new uint8_t[size]);
- EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
- AuthorizationSet deserialized;
- const uint8_t* p = buf.get();
- EXPECT_TRUE(deserialized.Deserialize(&p, p + size));
- EXPECT_EQ(p, buf.get() + size);
-
- EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid());
-
- EXPECT_EQ(set.size(), deserialized.size());
- for (size_t i = 0; i < set.size(); ++i) {
- EXPECT_EQ(set[i].tag, deserialized[i].tag);
- }
-
- int pos = deserialized.find(TAG_APPLICATION_ID);
- ASSERT_NE(-1, pos);
- EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag);
- EXPECT_EQ(6U, deserialized[pos].blob.data_length);
- EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6));
-}
-
-TEST(Deserialization, TooShortBuffer) {
- uint8_t buf[] = {0, 0, 0};
- AuthorizationSet deserialized(buf, array_length(buf));
- EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
-
- const uint8_t* p = buf;
- EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf)));
- EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
-}
-
-TEST(Deserialization, InvalidLengthField) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- size_t size = set.SerializedSize();
- EXPECT_TRUE(size > 0);
-
- UniquePtr<uint8_t[]> buf(new uint8_t[size]);
- EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
- *reinterpret_cast<uint32_t*>(buf.get()) = 9;
-
- AuthorizationSet deserialized(buf.get(), size);
- EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
-
- const uint8_t* p = buf.get();
- EXPECT_FALSE(deserialized.Deserialize(&p, p + size));
- EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid());
-}
-
-static uint32_t read_uint32(const uint8_t* buf) {
- uint32_t val;
- memcpy(&val, buf, sizeof(val));
- return val;
-}
-
-static void add_to_uint32(uint8_t* buf, int delta) {
- uint32_t val;
- memcpy(&val, buf, sizeof(val));
- val += delta;
- memcpy(buf, &val, sizeof(val));
-}
-
-TEST(Deserialization, MalformedIndirectData) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_APPLICATION_DATA, "foo", 3));
- size_t size = set.SerializedSize();
-
- UniquePtr<uint8_t[]> buf(new uint8_t[size]);
- EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size));
-
- // This sucks. This test, as written, requires intimate knowledge of the serialized layout of
- // this particular set, which means it's brittle. But it's important to test that we handle
- // broken serialized data and I can't think of a better way to write this.
- //
- // The contents of buf are:
- //
- // Bytes: Content:
- // 0-3 Length of string data, which is 9.
- // 4-9 "my_app"
- // 10-12 "foo"
- // 13-16 Number of elements, which is 2.
- // 17-20 Length of elements, which is 24.
- // 21-24 First tag, TAG_APPLICATION_ID
- // 25-28 Length of string "my_app", 6
- // 29-32 Offset of string "my_app", 0
- // 33-36 Second tag, TAG_APPLICATION_DATA
- // 37-40 Length of string "foo", 3
- // 41-44 Offset of string "foo", 6
-
- // Check that stuff is where we think.
- EXPECT_EQ('m', buf[4]);
- EXPECT_EQ('f', buf[10]);
- // Length of "my_app"
- EXPECT_EQ(6U, read_uint32(buf.get() + 25));
- // Offset of "my_app"
- EXPECT_EQ(0U, read_uint32(buf.get() + 29));
- // Length of "foo"
- EXPECT_EQ(3U, read_uint32(buf.get() + 37));
- // Offset of "foo"
- EXPECT_EQ(6U, read_uint32(buf.get() + 41));
-
- // Check that deserialization works.
- AuthorizationSet deserialized1(buf.get(), size);
- EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
-
- const uint8_t* p = buf.get();
- EXPECT_TRUE(deserialized1.Deserialize(&p, p + size));
- EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid());
-
- //
- // Now mess them up in various ways:
- //
-
- // Move "foo" offset so offset + length goes off the end
- add_to_uint32(buf.get() + 41, 1);
- AuthorizationSet deserialized2(buf.get(), size);
- EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid());
- add_to_uint32(buf.get() + 41, -1);
-
- // Shorten the "my_app" length to make a gap between the blobs.
- add_to_uint32(buf.get() + 25, -1);
- AuthorizationSet deserialized3(buf.get(), size);
- EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid());
- add_to_uint32(buf.get() + 25, 1);
-
- // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the
- // total length the same. We don't detect this but should.
- // TODO(swillden): Detect overlaps and holes that leave total size correct.
- add_to_uint32(buf.get() + 25, 1);
- add_to_uint32(buf.get() + 37, -1);
- AuthorizationSet deserialized4(buf.get(), size);
- EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid());
-}
-
-TEST(Growable, SuccessfulRoundTrip) {
- AuthorizationSet growable;
- EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
- EXPECT_EQ(1U, growable.size());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)));
- EXPECT_EQ(2U, growable.size());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
- EXPECT_EQ(3U, growable.size());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4)));
- EXPECT_EQ(4U, growable.size());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14)));
- EXPECT_EQ(5U, growable.size());
-
- size_t serialize_size = growable.SerializedSize();
- UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]);
- EXPECT_EQ(serialized.get() + serialize_size,
- growable.Serialize(serialized.get(), serialized.get() + serialize_size));
-
- AuthorizationSet deserialized(serialized.get(), serialize_size);
- EXPECT_EQ(growable, deserialized);
-}
-
-TEST(Growable, InsufficientElemBuf) {
- AuthorizationSet growable;
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-
- // First insertion fits.
- EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
- EXPECT_EQ(1U, growable.size());
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-
- // Second does too.
- EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)));
- EXPECT_EQ(2U, growable.size());
-}
-
-TEST(Growable, InsufficientIndirectBuf) {
- AuthorizationSet growable;
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)));
- EXPECT_EQ(1U, growable.size());
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10)));
- EXPECT_EQ(2U, growable.size());
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-
- EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1)));
- EXPECT_EQ(3U, growable.size());
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-
- // Can still add another entry without indirect data. Now it's full.
- EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)));
- EXPECT_EQ(4U, growable.size());
- EXPECT_EQ(AuthorizationSet::OK, growable.is_valid());
-}
-
-TEST(Growable, PushBackSets) {
- AuthorizationSetBuilder builder;
- builder.Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_KEY_SIZE, 256)
- .Authorization(TAG_AUTH_TIMEOUT, 300);
-
- AuthorizationSet set1(builder.build());
- AuthorizationSet set2(builder.build());
-
- AuthorizationSet combined;
- EXPECT_TRUE(combined.push_back(set1));
- EXPECT_TRUE(combined.push_back(set2));
- EXPECT_EQ(set1.size() + set2.size(), combined.size());
- EXPECT_EQ(12U, combined.indirect_size());
-}
-
-TEST(GetValue, GetInt) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- uint32_t val;
- EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val));
- EXPECT_EQ(7U, val);
-
- // Find one that isn't there
- EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val));
-}
-
-TEST(GetValue, GetLong) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
-
- AuthorizationSet set2(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
-
- uint64_t val;
- EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
- EXPECT_EQ(3U, val);
-
- // Find one that isn't there
- EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val));
-}
-
-TEST(GetValue, GetLongRep) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, 8338)
- .Authorization(TAG_USER_SECURE_ID, 4334)
- .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
-
- AuthorizationSet set2(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
-
- uint64_t val;
- EXPECT_TRUE(set1.GetTagValue(TAG_USER_SECURE_ID, 0, &val));
- EXPECT_EQ(8338U, val);
- EXPECT_TRUE(set1.GetTagValue(TAG_USER_SECURE_ID, 1, &val));
- EXPECT_EQ(4334U, val);
-
- // Find one that isn't there
- EXPECT_FALSE(set2.GetTagValue(TAG_USER_SECURE_ID, &val));
-}
-
-TEST(GetValue, GetEnum) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- keymaster_algorithm_t val;
- EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val));
- EXPECT_EQ(KM_ALGORITHM_RSA, val);
-
- // Find one that isn't there
- keymaster_padding_t val2;
- EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2));
-}
-
-TEST(GetValue, GetEnumRep) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- keymaster_purpose_t val;
- EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val));
- EXPECT_EQ(KM_PURPOSE_SIGN, val);
- EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val));
- EXPECT_EQ(KM_PURPOSE_VERIFY, val);
-
- // Find one that isn't there
- EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val));
-}
-
-TEST(GetValue, GetDate) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- uint64_t val;
- EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val));
- EXPECT_EQ(10U, val);
-
- // Find one that isn't there
- EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val));
-}
-
-TEST(GetValue, GetBlob) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_APPLICATION_ID, "my_app", 6)
- .Authorization(TAG_AUTH_TIMEOUT, 300));
-
- keymaster_blob_t val;
- EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val));
- EXPECT_EQ(6U, val.data_length);
- EXPECT_EQ(0, memcmp(val.data, "my_app", 6));
-
- // Find one that isn't there
- EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val));
-}
-
-TEST(Deduplication, NoDuplicates) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
- AuthorizationSet copy(set);
-
- EXPECT_EQ(copy, set);
- set.Deduplicate();
- EXPECT_EQ(copy.size(), set.size());
-
- // Sets no longer compare equal, because of ordering (ugh, maybe it should be
- // AuthorizationList, not AuthorizationSet).
- EXPECT_NE(copy, set);
-}
-
-TEST(Deduplication, NoDuplicatesHasInvalid) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_INVALID)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
- AuthorizationSet copy(set);
-
- EXPECT_EQ(copy, set);
- set.Deduplicate();
-
- // Deduplicate should have removed the invalid.
- EXPECT_EQ(copy.size() - 1, set.size());
- EXPECT_NE(copy, set);
-}
-
-TEST(Deduplication, DuplicateEnum) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
- AuthorizationSet copy(set);
-
- EXPECT_EQ(copy, set);
- set.Deduplicate();
- EXPECT_EQ(copy.size() - 2, set.size());
- EXPECT_NE(copy, set);
-}
-
-TEST(Deduplication, DuplicateBlob) {
- AuthorizationSet set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_APPLICATION_DATA, "data", 4)
- .Authorization(TAG_APPLICATION_DATA, "foo", 3)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
- AuthorizationSet copy(set);
-
- EXPECT_EQ(copy, set);
- set.Deduplicate();
- EXPECT_EQ(copy.size() - 3, set.size());
- EXPECT_NE(copy, set);
-
- // The real test here is that valgrind reports no leak.
-}
-
-TEST(Union, Disjoint) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet set2(AuthorizationSetBuilder()
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_APPLICATION_DATA, "foo", 3)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
-
- AuthorizationSet expected(AuthorizationSetBuilder()
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4)
- .Authorization(TAG_APPLICATION_DATA, "foo", 3));
-
- set1.Union(set2);
- EXPECT_EQ(expected, set1);
-}
-
-TEST(Union, Overlap) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet set2(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet expected(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- set1.Union(set2);
- EXPECT_EQ(expected, set1);
-}
-
-TEST(Union, Empty) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet set2;
-
- AuthorizationSet expected(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- set1.Union(set2);
- EXPECT_EQ(expected, set1);
-}
-
-TEST(Difference, Disjoint) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_APPLICATION_DATA, "data", 4)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10));
-
- AuthorizationSet set2(AuthorizationSetBuilder()
- .Authorization(TAG_USER_ID, 7)
- .Authorization(TAG_APPLICATION_DATA, "foo", 3)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
-
- // Elements are the same as set1, but happen to be in a different order
- AuthorizationSet expected(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- set1.Difference(set2);
- EXPECT_EQ(expected, set1);
-}
-
-TEST(Difference, Overlap) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet set2(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet empty;
- set1.Difference(set2);
- EXPECT_EQ(empty, set1);
- EXPECT_EQ(0U, set1.size());
-}
-
-TEST(Difference, NullSet) {
- AuthorizationSet set1(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- AuthorizationSet set2;
-
- AuthorizationSet expected(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_ACTIVE_DATETIME, 10)
- .Authorization(TAG_APPLICATION_DATA, "data", 4));
-
- set1.Difference(set2);
- EXPECT_EQ(expected, set1);
-}
-
-} // namespace test
-} // namespace keymaster
generated by cgit at 2024-05-19 08:08:16 (GMT)