1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <gtest/gtest.h> 18 19 #include <keymaster/authorization_set.h> 20 #include <keymaster/google_keymaster_utils.h> 21 22 #include "google_keymaster_test_utils.h" 23 24 int main(int argc, char** argv) { 25 ::testing::InitGoogleTest(&argc, argv); 26 int result = RUN_ALL_TESTS(); 27 return result; 28 } 29 30 namespace keymaster { 31 32 namespace test { 33 34 TEST(Construction, ListProvided) { 35 keymaster_key_param_t params[] = { 36 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 37 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 38 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 39 Authorization(TAG_USER_ID, 7), 40 Authorization(TAG_USER_AUTH_ID, 8), 41 Authorization(TAG_APPLICATION_ID, "my_app", 6), 42 Authorization(TAG_KEY_SIZE, 256), 43 Authorization(TAG_AUTH_TIMEOUT, 300), 44 }; 45 AuthorizationSet set(params, array_length(params)); 46 EXPECT_EQ(8U, set.size()); 47 } 48 49 TEST(Construction, Copy) { 50 keymaster_key_param_t params[] = { 51 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 52 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 53 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 54 Authorization(TAG_USER_ID, 7), 55 Authorization(TAG_USER_AUTH_ID, 8), 56 Authorization(TAG_APPLICATION_ID, "my_app", 6), 57 Authorization(TAG_KEY_SIZE, 256), 58 Authorization(TAG_AUTH_TIMEOUT, 300), 59 }; 60 AuthorizationSet set(params, array_length(params)); 61 AuthorizationSet set2(set); 62 EXPECT_EQ(set, set2); 63 } 64 65 TEST(Lookup, NonRepeated) { 66 keymaster_key_param_t params[] = { 67 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 68 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 69 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 70 Authorization(TAG_USER_ID, 7), 71 Authorization(TAG_USER_AUTH_ID, 8), 72 Authorization(TAG_APPLICATION_ID, "my_app", 6), 73 Authorization(TAG_KEY_SIZE, 256), 74 Authorization(TAG_AUTH_TIMEOUT, 300), 75 }; 76 AuthorizationSet set(params, array_length(params)); 77 EXPECT_EQ(8U, set.size()); 78 79 int pos = set.find(TAG_ALGORITHM); 80 ASSERT_NE(-1, pos); 81 EXPECT_EQ(KM_TAG_ALGORITHM, set[pos].tag); 82 EXPECT_EQ(KM_ALGORITHM_RSA, set[pos].enumerated); 83 84 pos = set.find(TAG_MAC_LENGTH); 85 EXPECT_EQ(-1, pos); 86 87 uint32_t int_val = 0; 88 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &int_val)); 89 EXPECT_EQ(7U, int_val); 90 91 keymaster_blob_t blob_val; 92 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &blob_val)); 93 EXPECT_EQ(6U, blob_val.data_length); 94 EXPECT_EQ(0, memcmp(blob_val.data, "my_app", 6)); 95 } 96 97 TEST(Lookup, Repeated) { 98 keymaster_key_param_t params[] = { 99 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 100 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 101 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 102 Authorization(TAG_USER_ID, 7), 103 Authorization(TAG_USER_AUTH_ID, 8), 104 Authorization(TAG_APPLICATION_ID, "my_app", 6), 105 Authorization(TAG_KEY_SIZE, 256), 106 Authorization(TAG_AUTH_TIMEOUT, 300), 107 }; 108 AuthorizationSet set(params, array_length(params)); 109 EXPECT_EQ(8U, set.size()); 110 111 int pos = set.find(TAG_PURPOSE); 112 ASSERT_FALSE(pos == -1); 113 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag); 114 EXPECT_EQ(KM_PURPOSE_SIGN, set[pos].enumerated); 115 116 pos = set.find(TAG_PURPOSE, pos); 117 EXPECT_EQ(KM_TAG_PURPOSE, set[pos].tag); 118 EXPECT_EQ(KM_PURPOSE_VERIFY, set[pos].enumerated); 119 120 EXPECT_EQ(-1, set.find(TAG_PURPOSE, pos)); 121 } 122 123 TEST(Lookup, Indexed) { 124 keymaster_key_param_t params[] = { 125 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 126 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 127 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 128 Authorization(TAG_USER_ID, 7), 129 Authorization(TAG_USER_AUTH_ID, 8), 130 Authorization(TAG_APPLICATION_ID, "my_app", 6), 131 Authorization(TAG_KEY_SIZE, 256), 132 Authorization(TAG_AUTH_TIMEOUT, 300), 133 }; 134 AuthorizationSet set(params, array_length(params)); 135 EXPECT_EQ(8U, set.size()); 136 137 EXPECT_EQ(KM_TAG_PURPOSE, set[0].tag); 138 EXPECT_EQ(KM_PURPOSE_SIGN, set[0].enumerated); 139 140 // Lookup beyond end doesn't work, just returns zeros, but doens't blow up either (verify by 141 // running under valgrind). 142 EXPECT_EQ(KM_TAG_INVALID, set[10].tag); 143 } 144 145 TEST(Serialization, RoundTrip) { 146 keymaster_key_param_t params[] = { 147 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 148 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 149 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 150 Authorization(TAG_USER_ID, 7), 151 Authorization(TAG_USER_AUTH_ID, 8), 152 Authorization(TAG_APPLICATION_ID, "my_app", 6), 153 Authorization(TAG_KEY_SIZE, 256), 154 Authorization(TAG_AUTH_TIMEOUT, 300), 155 Authorization(TAG_ALL_USERS), 156 Authorization(TAG_RSA_PUBLIC_EXPONENT, 3), 157 Authorization(TAG_ACTIVE_DATETIME, 10), 158 }; 159 AuthorizationSet set(params, array_length(params)); 160 161 size_t size = set.SerializedSize(); 162 EXPECT_TRUE(size > 0); 163 164 UniquePtr<uint8_t[]> buf(new uint8_t[size]); 165 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size)); 166 AuthorizationSet deserialized(buf.get(), size); 167 168 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid()); 169 EXPECT_EQ(set, deserialized); 170 171 int pos = deserialized.find(TAG_APPLICATION_ID); 172 ASSERT_NE(-1, pos); 173 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag); 174 EXPECT_EQ(6U, deserialized[pos].blob.data_length); 175 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6)); 176 } 177 178 TEST(Deserialization, Deserialize) { 179 keymaster_key_param_t params[] = { 180 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 181 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 182 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 183 Authorization(TAG_USER_ID, 7), 184 Authorization(TAG_USER_AUTH_ID, 8), 185 Authorization(TAG_APPLICATION_ID, "my_app", 6), 186 Authorization(TAG_KEY_SIZE, 256), 187 Authorization(TAG_AUTH_TIMEOUT, 300), 188 }; 189 AuthorizationSet set(params, array_length(params)); 190 191 size_t size = set.SerializedSize(); 192 EXPECT_TRUE(size > 0); 193 194 UniquePtr<uint8_t[]> buf(new uint8_t[size]); 195 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size)); 196 AuthorizationSet deserialized; 197 const uint8_t* p = buf.get(); 198 EXPECT_TRUE(deserialized.Deserialize(&p, p + size)); 199 EXPECT_EQ(p, buf.get() + size); 200 201 EXPECT_EQ(AuthorizationSet::OK, deserialized.is_valid()); 202 203 EXPECT_EQ(set.size(), deserialized.size()); 204 for (size_t i = 0; i < set.size(); ++i) { 205 EXPECT_EQ(set[i].tag, deserialized[i].tag); 206 } 207 208 int pos = deserialized.find(TAG_APPLICATION_ID); 209 ASSERT_NE(-1, pos); 210 EXPECT_EQ(KM_TAG_APPLICATION_ID, deserialized[pos].tag); 211 EXPECT_EQ(6U, deserialized[pos].blob.data_length); 212 EXPECT_EQ(0, memcmp(deserialized[pos].blob.data, "my_app", 6)); 213 } 214 215 TEST(Deserialization, TooShortBuffer) { 216 uint8_t buf[] = {0, 0, 0}; 217 AuthorizationSet deserialized(buf, array_length(buf)); 218 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid()); 219 220 const uint8_t* p = buf; 221 EXPECT_FALSE(deserialized.Deserialize(&p, p + array_length(buf))); 222 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid()); 223 } 224 225 TEST(Deserialization, InvalidLengthField) { 226 keymaster_key_param_t params[] = { 227 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 228 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 229 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 230 Authorization(TAG_USER_ID, 7), 231 Authorization(TAG_USER_AUTH_ID, 8), 232 Authorization(TAG_APPLICATION_ID, "my_app", 6), 233 Authorization(TAG_KEY_SIZE, 256), 234 Authorization(TAG_AUTH_TIMEOUT, 300), 235 }; 236 AuthorizationSet set(params, array_length(params)); 237 238 size_t size = set.SerializedSize(); 239 EXPECT_TRUE(size > 0); 240 241 UniquePtr<uint8_t[]> buf(new uint8_t[size]); 242 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size)); 243 *reinterpret_cast<uint32_t*>(buf.get()) = 9; 244 245 AuthorizationSet deserialized(buf.get(), size); 246 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid()); 247 248 const uint8_t* p = buf.get(); 249 EXPECT_FALSE(deserialized.Deserialize(&p, p + size)); 250 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized.is_valid()); 251 } 252 253 static uint32_t read_uint32(const uint8_t* buf) { 254 uint32_t val; 255 memcpy(&val, buf, sizeof(val)); 256 return val; 257 } 258 259 static void add_to_uint32(uint8_t* buf, int delta) { 260 uint32_t val; 261 memcpy(&val, buf, sizeof(val)); 262 val += delta; 263 memcpy(buf, &val, sizeof(val)); 264 } 265 266 TEST(Deserialization, MalformedIndirectData) { 267 keymaster_key_param_t params[] = { 268 Authorization(TAG_APPLICATION_ID, "my_app", 6), 269 Authorization(TAG_APPLICATION_DATA, "foo", 3), 270 }; 271 AuthorizationSet set(params, array_length(params)); 272 size_t size = set.SerializedSize(); 273 274 UniquePtr<uint8_t[]> buf(new uint8_t[size]); 275 EXPECT_EQ(buf.get() + size, set.Serialize(buf.get(), buf.get() + size)); 276 277 // This sucks. This test, as written, requires intimate knowledge of the serialized layout of 278 // this particular set, which means it's brittle. But it's important to test that we handle 279 // broken serialized data and I can't think of a better way to write this. 280 // 281 // The contents of buf are: 282 // 283 // Bytes: Content: 284 // 0-3 Length of string data, which is 9. 285 // 4-9 "my_app" 286 // 10-12 "foo" 287 // 13-16 Number of elements, which is 2. 288 // 17-20 Length of elements, which is 24. 289 // 21-24 First tag, TAG_APPLICATION_ID 290 // 25-28 Length of string "my_app", 6 291 // 29-32 Offset of string "my_app", 0 292 // 33-36 Second tag, TAG_APPLICATION_DATA 293 // 37-40 Length of string "foo", 3 294 // 41-44 Offset of string "foo", 6 295 296 // Check that stuff is where we think. 297 EXPECT_EQ('m', buf[4]); 298 EXPECT_EQ('f', buf[10]); 299 // Length of "my_app" 300 EXPECT_EQ(6U, read_uint32(buf.get() + 25)); 301 // Offset of "my_app" 302 EXPECT_EQ(0U, read_uint32(buf.get() + 29)); 303 // Length of "foo" 304 EXPECT_EQ(3U, read_uint32(buf.get() + 37)); 305 // Offset of "foo" 306 EXPECT_EQ(6U, read_uint32(buf.get() + 41)); 307 308 // Check that deserialization works. 309 AuthorizationSet deserialized1(buf.get(), size); 310 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid()); 311 312 const uint8_t* p = buf.get(); 313 EXPECT_TRUE(deserialized1.Deserialize(&p, p + size)); 314 EXPECT_EQ(AuthorizationSet::OK, deserialized1.is_valid()); 315 316 // 317 // Now mess them up in various ways: 318 // 319 320 // Move "foo" offset so offset + length goes off the end 321 add_to_uint32(buf.get() + 41, 1); 322 AuthorizationSet deserialized2(buf.get(), size); 323 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized2.is_valid()); 324 add_to_uint32(buf.get() + 41, -1); 325 326 // Shorten the "my_app" length to make a gap between the blobs. 327 add_to_uint32(buf.get() + 25, -1); 328 AuthorizationSet deserialized3(buf.get(), size); 329 EXPECT_EQ(AuthorizationSet::MALFORMED_DATA, deserialized3.is_valid()); 330 add_to_uint32(buf.get() + 25, 1); 331 332 // Extend the "my_app" length to make them overlap, and decrease the "foo" length to keep the 333 // total length the same. We don't detect this but should. 334 // TODO(swillden): Detect overlaps and holes that leave total size correct. 335 add_to_uint32(buf.get() + 25, 1); 336 add_to_uint32(buf.get() + 37, -1); 337 AuthorizationSet deserialized4(buf.get(), size); 338 EXPECT_EQ(AuthorizationSet::OK, deserialized4.is_valid()); 339 } 340 341 TEST(Growable, SuccessfulRoundTrip) { 342 keymaster_key_param_t elems_buf[20]; 343 uint8_t data_buf[200]; 344 345 AuthorizationSet growable; 346 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA))); 347 EXPECT_EQ(1U, growable.size()); 348 349 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY))); 350 EXPECT_EQ(2U, growable.size()); 351 352 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN))); 353 EXPECT_EQ(3U, growable.size()); 354 355 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "data", 4))); 356 EXPECT_EQ(4U, growable.size()); 357 358 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "some more data", 14))); 359 EXPECT_EQ(5U, growable.size()); 360 361 size_t serialize_size = growable.SerializedSize(); 362 UniquePtr<uint8_t[]> serialized(new uint8_t[serialize_size]); 363 EXPECT_EQ(serialized.get() + serialize_size, 364 growable.Serialize(serialized.get(), serialized.get() + serialize_size)); 365 366 AuthorizationSet deserialized(serialized.get(), serialize_size); 367 EXPECT_EQ(growable, deserialized); 368 } 369 370 TEST(Growable, InsufficientElemBuf) { 371 keymaster_key_param_t elems_buf[1]; 372 uint8_t data_buf[200]; 373 374 AuthorizationSet growable; 375 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 376 377 // First insertion fits. 378 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA))); 379 EXPECT_EQ(1U, growable.size()); 380 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 381 382 // Second does too. 383 EXPECT_TRUE(growable.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3))); 384 EXPECT_EQ(2U, growable.size()); 385 } 386 387 TEST(Growable, InsufficientIndirectBuf) { 388 keymaster_key_param_t elems_buf[3]; 389 uint8_t data_buf[10]; 390 391 AuthorizationSet growable; 392 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 393 394 EXPECT_TRUE(growable.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA))); 395 EXPECT_EQ(1U, growable.size()); 396 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 397 398 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_ID, "1234567890", 10))); 399 EXPECT_EQ(2U, growable.size()); 400 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 401 402 EXPECT_TRUE(growable.push_back(Authorization(TAG_APPLICATION_DATA, "1", 1))); 403 EXPECT_EQ(3U, growable.size()); 404 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 405 406 // Can still add another entry without indirect data. Now it's full. 407 EXPECT_TRUE(growable.push_back(Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN))); 408 EXPECT_EQ(4U, growable.size()); 409 EXPECT_EQ(AuthorizationSet::OK, growable.is_valid()); 410 } 411 412 TEST(Growable, PushBackSets) { 413 keymaster_key_param_t params[] = { 414 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 415 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 416 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 417 Authorization(TAG_USER_ID, 7), 418 Authorization(TAG_USER_AUTH_ID, 8), 419 Authorization(TAG_APPLICATION_ID, "my_app", 6), 420 Authorization(TAG_KEY_SIZE, 256), 421 Authorization(TAG_AUTH_TIMEOUT, 300), 422 }; 423 AuthorizationSet set1(params, array_length(params)); 424 AuthorizationSet set2(params, array_length(params)); 425 426 AuthorizationSet combined; 427 EXPECT_TRUE(combined.push_back(set1)); 428 EXPECT_TRUE(combined.push_back(set2)); 429 EXPECT_EQ(array_length(params) * 2, combined.size()); 430 EXPECT_EQ(12U, combined.indirect_size()); 431 } 432 433 TEST(GetValue, GetInt) { 434 keymaster_key_param_t params[] = { 435 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 436 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 437 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 438 Authorization(TAG_USER_ID, 7), 439 Authorization(TAG_USER_AUTH_ID, 8), 440 Authorization(TAG_APPLICATION_ID, "my_app", 6), 441 Authorization(TAG_AUTH_TIMEOUT, 300), 442 }; 443 AuthorizationSet set(params, array_length(params)); 444 445 uint32_t val; 446 EXPECT_TRUE(set.GetTagValue(TAG_USER_ID, &val)); 447 EXPECT_EQ(7U, val); 448 449 // Find one that isn't there 450 EXPECT_FALSE(set.GetTagValue(TAG_KEY_SIZE, &val)); 451 } 452 453 TEST(GetValue, GetIntRep) { 454 keymaster_key_param_t params[] = { 455 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 456 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 457 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 458 Authorization(TAG_USER_ID, 7), 459 Authorization(TAG_USER_AUTH_ID, 8), 460 Authorization(TAG_APPLICATION_ID, "my_app", 6), 461 Authorization(TAG_AUTH_TIMEOUT, 300), 462 }; 463 AuthorizationSet set(params, array_length(params)); 464 465 uint32_t val; 466 EXPECT_TRUE(set.GetTagValue(TAG_USER_AUTH_ID, 0, &val)); 467 EXPECT_EQ(8U, val); 468 469 // Find one that isn't there 470 EXPECT_FALSE(set.GetTagValue(TAG_USER_AUTH_ID, 1, &val)); 471 } 472 473 TEST(GetValue, GetLong) { 474 keymaster_key_param_t params1[] = { 475 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 476 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 477 keymaster_param_long(TAG_RSA_PUBLIC_EXPONENT, 3), 478 }; 479 AuthorizationSet set1(params1, array_length(params1)); 480 481 keymaster_key_param_t params2[] = { 482 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 483 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 484 }; 485 AuthorizationSet set2(params2, array_length(params2)); 486 487 uint64_t val; 488 EXPECT_TRUE(set1.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val)); 489 EXPECT_EQ(3U, val); 490 491 // Find one that isn't there 492 EXPECT_FALSE(set2.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &val)); 493 } 494 495 TEST(GetValue, GetEnum) { 496 keymaster_key_param_t params[] = { 497 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 498 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 499 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 500 Authorization(TAG_USER_ID, 7), 501 Authorization(TAG_USER_AUTH_ID, 8), 502 Authorization(TAG_APPLICATION_ID, "my_app", 6), 503 Authorization(TAG_AUTH_TIMEOUT, 300), 504 }; 505 AuthorizationSet set(params, array_length(params)); 506 507 keymaster_algorithm_t val; 508 EXPECT_TRUE(set.GetTagValue(TAG_ALGORITHM, &val)); 509 EXPECT_EQ(KM_ALGORITHM_RSA, val); 510 511 // Find one that isn't there 512 keymaster_padding_t val2; 513 EXPECT_FALSE(set.GetTagValue(TAG_PADDING, &val2)); 514 } 515 516 TEST(GetValue, GetEnumRep) { 517 keymaster_key_param_t params[] = { 518 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), 519 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 520 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 521 Authorization(TAG_USER_ID, 7), 522 Authorization(TAG_USER_AUTH_ID, 8), 523 Authorization(TAG_APPLICATION_ID, "my_app", 6), 524 Authorization(TAG_AUTH_TIMEOUT, 300), 525 }; 526 AuthorizationSet set(params, array_length(params)); 527 528 keymaster_purpose_t val; 529 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 0, &val)); 530 EXPECT_EQ(KM_PURPOSE_SIGN, val); 531 EXPECT_TRUE(set.GetTagValue(TAG_PURPOSE, 1, &val)); 532 EXPECT_EQ(KM_PURPOSE_VERIFY, val); 533 534 // Find one that isn't there 535 EXPECT_FALSE(set.GetTagValue(TAG_PURPOSE, 2, &val)); 536 } 537 538 TEST(GetValue, GetDate) { 539 keymaster_key_param_t params[] = { 540 Authorization(TAG_ACTIVE_DATETIME, 10), 541 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 542 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 543 Authorization(TAG_USER_ID, 7), 544 Authorization(TAG_USER_AUTH_ID, 8), 545 Authorization(TAG_APPLICATION_ID, "my_app", 6), 546 Authorization(TAG_AUTH_TIMEOUT, 300), 547 }; 548 AuthorizationSet set(params, array_length(params)); 549 550 uint64_t val; 551 EXPECT_TRUE(set.GetTagValue(TAG_ACTIVE_DATETIME, &val)); 552 EXPECT_EQ(10U, val); 553 554 // Find one that isn't there 555 EXPECT_FALSE(set.GetTagValue(TAG_USAGE_EXPIRE_DATETIME, &val)); 556 } 557 558 TEST(GetValue, GetBlob) { 559 keymaster_key_param_t params[] = { 560 Authorization(TAG_ACTIVE_DATETIME, 10), 561 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY), 562 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), 563 Authorization(TAG_USER_ID, 7), 564 Authorization(TAG_USER_AUTH_ID, 8), 565 Authorization(TAG_APPLICATION_ID, "my_app", 6), 566 Authorization(TAG_AUTH_TIMEOUT, 300), 567 }; 568 AuthorizationSet set(params, array_length(params)); 569 570 keymaster_blob_t val; 571 EXPECT_TRUE(set.GetTagValue(TAG_APPLICATION_ID, &val)); 572 EXPECT_EQ(6U, val.data_length); 573 EXPECT_EQ(0, memcmp(val.data, "my_app", 6)); 574 575 // Find one that isn't there 576 EXPECT_FALSE(set.GetTagValue(TAG_APPLICATION_DATA, &val)); 577 } 578 579 } // namespace test 580 } // namespace keymaster 581
