1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 use super::*;
16 use crate::expect_err;
17 use crate::tag::legacy::{consume_u32, consume_u64, consume_u8, consume_vec};
18 use alloc::vec;
19
20 #[test]
test_consume_u8()21 fn test_consume_u8() {
22 let buffer = [1, 2];
23 let mut data = &buffer[..];
24 assert_eq!(1u8, consume_u8(&mut data).unwrap());
25 assert_eq!(2u8, consume_u8(&mut data).unwrap());
26 let result = consume_u8(&mut data);
27 expect_err!(result, "failed to find 1 byte");
28 }
29
30 #[test]
test_consume_u32()31 fn test_consume_u32() {
32 let buffer = [
33 0x01, 0x02, 0x03, 0x04, //
34 0x04, 0x03, 0x02, 0x01, //
35 0x11, 0x12, 0x13,
36 ];
37 let mut data = &buffer[..];
38 assert_eq!(0x04030201u32, consume_u32(&mut data).unwrap());
39 assert_eq!(0x01020304u32, consume_u32(&mut data).unwrap());
40 let result = consume_u32(&mut data);
41 expect_err!(result, "failed to find 4 bytes");
42 }
43
44 #[test]
test_consume_u64()45 fn test_consume_u64() {
46 let buffer = [
47 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, //
48 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, //
49 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
50 ];
51 let mut data = &buffer[..];
52 assert_eq!(0x0807060504030201u64, consume_u64(&mut data).unwrap());
53 assert_eq!(0x0102030405060708u64, consume_u64(&mut data).unwrap());
54 let result = consume_u64(&mut data);
55 expect_err!(result, "failed to find 8 bytes");
56 }
57
58 #[test]
test_consume_vec()59 fn test_consume_vec() {
60 let buffer = [
61 0x01, 0x00, 0x00, 0x00, 0xaa, //
62 0x00, 0x00, 0x00, 0x00, //
63 0x01, 0x00, 0x00, 0x00, 0xbb, //
64 0x07, 0x00, 0x00, 0x00, 0xbb, // not enough data
65 ];
66 let mut data = &buffer[..];
67 assert_eq!(vec![0xaa], consume_vec(&mut data).unwrap());
68 assert_eq!(Vec::<u8>::new(), consume_vec(&mut data).unwrap());
69 assert_eq!(vec![0xbb], consume_vec(&mut data).unwrap());
70 let result = consume_vec(&mut data);
71 expect_err!(result, "failed to find 7 bytes");
72
73 let buffer = [
74 0x01, 0x00, 0x00, //
75 ];
76 let mut data = &buffer[..];
77 let result = consume_vec(&mut data);
78 expect_err!(result, "failed to find 4 bytes");
79 }
80
81 #[test]
test_serialize_encrypted_keyblob()82 fn test_serialize_encrypted_keyblob() {
83 let tests = vec![
84 (
85 concat!(
86 "00", // format
87 "01000000",
88 "aa", // nonce
89 "02000000",
90 "bbbb", // ciphertext
91 "01000000",
92 "cc", // tag
93 concat!(
94 "00000000", // no blob data
95 "00000000", // no params
96 "00000000", // zero size of params
97 ),
98 concat!(
99 "00000000", // no blob data
100 "00000000", // no params
101 "00000000", // zero size of params
102 ),
103 ),
104 EncryptedKeyBlob {
105 format: AuthEncryptedBlobFormat::AesOcb,
106 nonce: vec![0xaa],
107 ciphertext: vec![0xbb, 0xbb],
108 tag: vec![0xcc],
109 kdf_version: None,
110 addl_info: None,
111 hw_enforced: vec![],
112 sw_enforced: vec![],
113 key_slot: None,
114 },
115 ),
116 (
117 concat!(
118 "01", // format
119 "01000000",
120 "aa", // nonce
121 "02000000",
122 "bbbb", // ciphertext
123 "01000000",
124 "cc", // tag
125 concat!(
126 "00000000", // no blob data
127 "00000000", // no params
128 "00000000", // zero size of params
129 ),
130 concat!(
131 "00000000", // no blob data
132 "00000000", // no params
133 "00000000", // zero size of params
134 ),
135 "06000000",
136 ),
137 EncryptedKeyBlob {
138 format: AuthEncryptedBlobFormat::AesGcmWithSwEnforced,
139 nonce: vec![0xaa],
140 ciphertext: vec![0xbb, 0xbb],
141 tag: vec![0xcc],
142 kdf_version: None,
143 addl_info: None,
144 hw_enforced: vec![],
145 sw_enforced: vec![],
146 key_slot: Some(6),
147 },
148 ),
149 (
150 concat!(
151 "03", // format
152 "01000000",
153 "aa", // nonce
154 "02000000",
155 "bbbb", // ciphertext
156 "01000000",
157 "cc", // tag
158 "01010101", // kdf_version
159 "04040404", // addl_info
160 concat!(
161 "00000000", // no blob data
162 "00000000", // no params
163 "00000000", // zero size of params
164 ),
165 concat!(
166 "00000000", // no blob data
167 "00000000", // no params
168 "00000000", // zero size of params
169 ),
170 "06000000",
171 ),
172 EncryptedKeyBlob {
173 format: AuthEncryptedBlobFormat::AesGcmWithSwEnforcedVersioned,
174 nonce: vec![0xaa],
175 ciphertext: vec![0xbb, 0xbb],
176 tag: vec![0xcc],
177 kdf_version: Some(0x01010101),
178 addl_info: Some(0x04040404),
179 hw_enforced: vec![],
180 sw_enforced: vec![],
181 key_slot: Some(6),
182 },
183 ),
184 ];
185 for (hex_data, want) in tests {
186 let data = hex::decode(hex_data).unwrap();
187 let got = EncryptedKeyBlob::deserialize(&data).unwrap();
188 assert_eq!(got, want);
189 let new_data = got.serialize().unwrap();
190 assert_eq!(new_data, data);
191 }
192 }
193
194 #[test]
test_deserialize_encrypted_keyblob_fail()195 fn test_deserialize_encrypted_keyblob_fail() {
196 let tests = vec![
197 (
198 concat!(
199 "09", // format (invalid)
200 "01000000",
201 "aa", // nonce
202 "02000000",
203 "bbbb", // ciphertext
204 "01000000",
205 "cc", // tag
206 concat!(
207 "00000000", // no blob data
208 "00000000", // no params
209 "00000000", // zero size of params
210 ),
211 concat!(
212 "00000000", // no blob data
213 "00000000", // no params
214 "00000000", // zero size of params
215 ),
216 ),
217 "unexpected blob format 9",
218 ),
219 (
220 concat!(
221 "02", // format
222 "01000000",
223 "aa", // nonce
224 "02000000",
225 "bbbb", // ciphertext
226 "01000000",
227 "cc", // tag
228 concat!(
229 "00000000", // no blob data
230 "00000000", // no params
231 "00000000", // zero size of params
232 ),
233 concat!(
234 "00000000", // no blob data
235 "00000000", // no params
236 "00000000", // zero size of params
237 ),
238 "060000",
239 ),
240 "unexpected remaining length 3",
241 ),
242 ];
243 for (hex_data, msg) in tests {
244 let data = hex::decode(hex_data).unwrap();
245 let result = EncryptedKeyBlob::deserialize(&data);
246 expect_err!(result, msg);
247 }
248 }
249
250 #[test]
test_deserialize_encrypted_keyblob_truncated()251 fn test_deserialize_encrypted_keyblob_truncated() {
252 let data = hex::decode(concat!(
253 "00", // format
254 "01000000",
255 "aa", // nonce
256 "02000000",
257 "bbbb", // ciphertext
258 "01000000",
259 "cc", // tag
260 concat!(
261 "00000000", // no blob data
262 "00000000", // no params
263 "00000000", // zero size of params
264 ),
265 concat!(
266 "00000000", // no blob data
267 "00000000", // no params
268 "00000000", // zero size of params
269 ),
270 ))
271 .unwrap();
272 assert!(EncryptedKeyBlob::deserialize(&data).is_ok());
273 for len in 0..data.len() - 1 {
274 // Any truncation of this data is invalid.
275 assert!(
276 EncryptedKeyBlob::deserialize(&data[..len]).is_err(),
277 "deserialize of data[..{}] subset (len={}) unexpectedly succeeded",
278 len,
279 data.len()
280 );
281 }
282 }
283