1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Tests
16
17 use crate::{error_rsp, invalid_cbor_rsp_data, keys::SecureKeyWrapper, split_rsp};
18 use alloc::{vec, vec::Vec};
19 use der::{Decode, Encode};
20 use kmr_common::Error;
21 use kmr_wire::{
22 keymint::{
23 ErrorCode, KeyFormat, KeyParam, KeyPurpose, NEXT_MESSAGE_SIGNAL_FALSE,
24 NEXT_MESSAGE_SIGNAL_TRUE,
25 },
26 AsCborValue,
27 };
28
29 #[test]
test_invalid_data()30 fn test_invalid_data() {
31 // Cross-check that the hand-encoded invalid CBOR data matches an auto-encoded equivalent.
32 let rsp = error_rsp(ErrorCode::UnknownError as i32);
33 let rsp_data = rsp.into_vec().unwrap();
34 assert_eq!(rsp_data, invalid_cbor_rsp_data());
35 }
36
37 #[test]
test_secure_key_wrapper()38 fn test_secure_key_wrapper() {
39 let encoded_str = concat!(
40 "30820179", // SEQUENCE length 0x179 (SecureKeyWrapper) {
41 "020100", // INTEGER length 1 value 0x00 (version)
42 "04820100", // OCTET STRING length 0x100 (encryptedTransportKey)
43 "aad93ed5924f283b4bb5526fbe7a1412",
44 "f9d9749ec30db9062b29e574a8546f33",
45 "c88732452f5b8e6a391ee76c39ed1712",
46 "c61d8df6213dec1cffbc17a8c6d04c7b",
47 "30893d8daa9b2015213e219468215532",
48 "07f8f9931c4caba23ed3bee28b36947e",
49 "47f10e0a5c3dc51c988a628daad3e5e1",
50 "f4005e79c2d5a96c284b4b8d7e4948f3",
51 "31e5b85dd5a236f85579f3ea1d1b8484",
52 "87470bdb0ab4f81a12bee42c99fe0df4",
53 "bee3759453e69ad1d68a809ce06b949f",
54 "7694a990429b2fe81e066ff43e56a216",
55 "02db70757922a4bcc23ab89f1e35da77",
56 "586775f423e519c2ea394caf48a28d0c",
57 "8020f1dcf6b3a68ec246f615ae96dae9",
58 "a079b1f6eb959033c1af5c125fd94168",
59 "040c", // OCTET STRING length 0x0c (initializationVector)
60 "6d9721d08589581ab49204a3",
61 "302e", // SEQUENCE length 0x2e (KeyDescription) {
62 "020103", // INTEGER length 1 value 0x03 (keyFormat = RAW)
63 "3029", // SEQUENCE length 0x29 (AuthorizationList) {
64 "a108", // [1] context-specific constructed tag=1 length 0x08 { (purpose)
65 "3106", // SET length 0x06
66 "020100", // INTEGER length 1 value 0x00 (Encrypt)
67 "020101", // INTEGER length 1 value 0x01 (Decrypt)
68 // } end SET
69 // } end [1]
70 "a203", // [2] context-specific constructed tag=2 length 0x02 { (algorithm)
71 "020120", // INTEGER length 1 value 0x20 (AES)
72 // } end [2]
73 "a304", // [3] context-specific constructed tag=3 length 0x04 { (keySize)
74 "02020100", // INTEGER length 2 value 0x100
75 // } end [3]
76 "a405", // [4] context-specific constructed tag=4 length 0x05 { (blockMode
77 "3103", // SET length 0x03 {
78 "020101", // INTEGER length 1 value 0x01 (ECB)
79 // } end SET
80 // } end [4]
81 "a605", // [6] context-specific constructed tag=6 length 0x05 { (padding)
82 "3103", // SET length 0x03 {
83 "020140", // INTEGER length 1 value 0x40 (PKCS7)
84 // } end SET
85 // } end [5]
86 "bf837702", // [503] context-specific constructed tag=503=0x1F7 length 0x02 {
87 // (noAuthRequired)
88 "0500", // NULL
89 // } end [503]
90 // } end SEQUENCE (AuthorizationList)
91 // } end SEQUENCE (KeyDescription)
92 "0420", // OCTET STRING length 0x20 (encryptedKey)
93 "a61c6e247e25b3e6e69aa78eb03c2d4a",
94 "c20d1f99a9a024a76f35c8e2cab9b68d",
95 "0410", // OCTET STRING length 0x10 (tag)
96 "2560c70109ae67c030f00b98b512a670",
97 // } SEQUENCE (SecureKeyWrapper)
98 );
99 let encoded_bytes = hex::decode(encoded_str).unwrap();
100 let secure_key_wrapper = SecureKeyWrapper::from_der(&encoded_bytes).unwrap();
101 assert_eq!(secure_key_wrapper.version, 0);
102 let key_format: KeyFormat = secure_key_wrapper.key_description.key_format.try_into().unwrap();
103 assert_eq!(KeyFormat::Raw, key_format);
104 let authz = secure_key_wrapper.key_description.key_params.auths;
105 let purpose_values: Vec<KeyPurpose> = authz
106 .iter()
107 .filter_map(|param| if let KeyParam::Purpose(v) = param { Some(*v) } else { None })
108 .collect();
109 assert_eq!(purpose_values.len(), 2);
110 assert!(purpose_values.contains(&KeyPurpose::Encrypt));
111 assert!(purpose_values.contains(&KeyPurpose::Decrypt));
112 }
113
114 #[test]
test_key_description_encode_decode()115 fn test_key_description_encode_decode() {
116 let encoded_secure_key_wrapper = concat!(
117 "30820179", // SEQUENCE length 0x179 (SecureKeyWrapper) {
118 "020100", // INTEGER length 1 value 0x00 (version)
119 "04820100", // OCTET STRING length 0x100 (encryptedTransportKey)
120 "aad93ed5924f283b4bb5526fbe7a1412",
121 "f9d9749ec30db9062b29e574a8546f33",
122 "c88732452f5b8e6a391ee76c39ed1712",
123 "c61d8df6213dec1cffbc17a8c6d04c7b",
124 "30893d8daa9b2015213e219468215532",
125 "07f8f9931c4caba23ed3bee28b36947e",
126 "47f10e0a5c3dc51c988a628daad3e5e1",
127 "f4005e79c2d5a96c284b4b8d7e4948f3",
128 "31e5b85dd5a236f85579f3ea1d1b8484",
129 "87470bdb0ab4f81a12bee42c99fe0df4",
130 "bee3759453e69ad1d68a809ce06b949f",
131 "7694a990429b2fe81e066ff43e56a216",
132 "02db70757922a4bcc23ab89f1e35da77",
133 "586775f423e519c2ea394caf48a28d0c",
134 "8020f1dcf6b3a68ec246f615ae96dae9",
135 "a079b1f6eb959033c1af5c125fd94168",
136 "040c", // OCTET STRING length 0x0c (initializationVector)
137 "6d9721d08589581ab49204a3",
138 "302e", // SEQUENCE length 0x2e (KeyDescription) {
139 "020103", // INTEGER length 1 value 0x03 (keyFormat = RAW)
140 "3029", // SEQUENCE length 0x29 (AuthorizationList) {
141 "a108", // [1] context-specific constructed tag=1 length 0x08 { (purpose)
142 "3106", // SET length 0x06
143 "020100", // INTEGER length 1 value 0x00 (Encrypt)
144 "020101", // INTEGER length 1 value 0x01 (Decrypt)
145 // } end SET
146 // } end [1]
147 "a203", // [2] context-specific constructed tag=2 length 0x02 { (algorithm)
148 "020120", // INTEGER length 1 value 0x20 (AES)
149 // } end [2]
150 "a304", // [3] context-specific constructed tag=3 length 0x04 { (keySize)
151 "02020100", // INTEGER length 2 value 0x100
152 // } end [3]
153 "a405", // [4] context-specific constructed tag=4 length 0x05 { (blockMode
154 "3103", // SET length 0x03 {
155 "020101", // INTEGER length 1 value 0x01 (ECB)
156 // } end SET
157 // } end [4]
158 "a605", // [6] context-specific constructed tag=6 length 0x05 { (padding)
159 "3103", // SET length 0x03 {
160 "020140", // INTEGER length 1 value 0x40 (PKCS7)
161 // } end SET
162 // } end [5]
163 "bf837702", // [503] context-specific constructed tag=503=0x1F7 length 0x02 {
164 // (noAuthRequired)
165 "0500", // NULL
166 // } end [503]
167 // } end SEQUENCE (AuthorizationList)
168 // } end SEQUENCE (KeyDescription)
169 "0420", // OCTET STRING length 0x20 (encryptedKey)
170 "a61c6e247e25b3e6e69aa78eb03c2d4a",
171 "c20d1f99a9a024a76f35c8e2cab9b68d",
172 "0410", // OCTET STRING length 0x10 (tag)
173 "2560c70109ae67c030f00b98b512a670",
174 // } SEQUENCE (SecureKeyWrapper)
175 );
176 let encoded_key_description_want = concat!(
177 "302e", // SEQUENCE length 0x2e (KeyDescription) {
178 "020103", // INTEGER length 1 value 0x03 (keyFormat = RAW)
179 "3029", // SEQUENCE length 0x29 (AuthorizationList) {
180 "a108", // [1] context-specific constructed tag=1 length 0x08 { (purpose)
181 "3106", // SET length 0x06
182 "020100", // INTEGER length 1 value 0x00 (Encrypt)
183 "020101", // INTEGER length 1 value 0x01 (Decrypt)
184 // } end SET
185 // } end [1]
186 "a203", // [2] context-specific constructed tag=2 length 0x02 { (algorithm)
187 "020120", // INTEGER length 1 value 0x20 (AES)
188 // } end [2]
189 "a304", // [3] context-specific constructed tag=3 length 0x04 { (keySize)
190 "02020100", // INTEGER length 2 value 0x100
191 // } end [3]
192 "a405", // [4] context-specific constructed tag=4 length 0x05 { (blockMode
193 "3103", // SET length 0x03 {
194 "020101", // INTEGER length 1 value 0x01 (ECB)
195 // } end SET
196 // } end [4]
197 "a605", // [6] context-specific constructed tag=6 length 0x05 { (padding)
198 "3103", // SET length 0x03 {
199 "020140", // INTEGER length 1 value 0x40 (PKCS7)
200 // } end SET
201 // } end [5]
202 "bf837702", // [503] context-specific constructed tag=503=0x1F7 length 0x02 {
203 // (noAuthRequired)
204 "0500", // NULL
205 // } end [503]
206 // } end SEQUENCE (AuthorizationList)
207 // } end SEQUENCE (KeyDescription)
208 );
209 let encoded_bytes = hex::decode(encoded_secure_key_wrapper).unwrap();
210 let secure_key_wrapper = SecureKeyWrapper::from_der(&encoded_bytes).unwrap();
211 let key_description = secure_key_wrapper.key_description;
212 let encoded_key_description_got = key_description.to_der().unwrap();
213 assert_eq!(hex::encode(encoded_key_description_got), encoded_key_description_want);
214 }
215
216 #[test]
test_split_rsp_invalid_input()217 fn test_split_rsp_invalid_input() {
218 // Check for invalid inputs
219 let rsp = vec![];
220 let result = split_rsp(&rsp, 5);
221 assert!(result.is_err());
222 assert!(matches!(result, Err(Error::Hal(ErrorCode::InvalidArgument, _))));
223
224 let rsp = vec![0x82, 0x21, 0x80];
225 let result = split_rsp(&rsp, 1);
226 assert!(matches!(result, Err(Error::Hal(ErrorCode::InvalidArgument, _))));
227 }
228
229 #[test]
test_split_rsp_smaller_input()230 fn test_split_rsp_smaller_input() {
231 // Test for rsp_data size < max_size
232 let rsp = vec![0x82, 0x13, 0x82, 0x80, 0x80];
233 let result = split_rsp(&rsp, 20).expect("result should not be error");
234 assert_eq!(result.len(), 1);
235 let inner_msg = result.first().expect("single message is expected").as_slice();
236 assert_eq!(inner_msg.len(), 6);
237 let marker = inner_msg[0];
238 assert_eq!(marker, NEXT_MESSAGE_SIGNAL_FALSE);
239 let msg = &inner_msg[1..];
240 assert_eq!(msg, rsp);
241 }
242
243 #[test]
test_split_rsp_allowed_size_input()244 fn test_split_rsp_allowed_size_input() {
245 // Test for rsp_data size = allowed message length
246 let rsp = vec![0x82, 0x13, 0x82, 0x80, 0x80];
247 let result = split_rsp(&rsp, 6).expect("result should not be error");
248 assert_eq!(result.len(), 1);
249 let inner_msg = result.first().expect("single message is expected").as_slice();
250 assert_eq!(inner_msg.len(), 6);
251 let marker = inner_msg[0];
252 assert_eq!(marker, NEXT_MESSAGE_SIGNAL_FALSE);
253 let msg = &inner_msg[1..];
254 assert_eq!(msg, rsp);
255 }
256
257 #[test]
test_split_rsp_max_size_input()258 fn test_split_rsp_max_size_input() {
259 // Test for rsp_data size = max_size
260 let rsp = vec![0x82, 0x13, 0x82, 0x80, 0x80, 0x82];
261 let result = split_rsp(&rsp, 6).expect("result should not be error");
262 assert_eq!(result.len(), 2);
263
264 let inner_msg1 = result.first().expect("a message is expected at index 0").as_slice();
265 assert_eq!(inner_msg1.len(), 6);
266 let marker1 = inner_msg1[0];
267 assert_eq!(marker1, NEXT_MESSAGE_SIGNAL_TRUE);
268 assert_eq!(&inner_msg1[1..], &rsp[..5]);
269
270 let inner_msg2 = result.get(1).expect("a message is expected at index 1").as_slice();
271 assert_eq!(inner_msg2.len(), 2);
272 let marker2 = inner_msg2[0];
273 assert_eq!(marker2, NEXT_MESSAGE_SIGNAL_FALSE);
274 assert_eq!(&inner_msg2[1..], &rsp[5..]);
275 }
276
277 #[test]
test_split_rsp_larger_input_perfect_split()278 fn test_split_rsp_larger_input_perfect_split() {
279 // Test for rsp_data size > max_size and it is a perfect split
280 let rsp1 = vec![0x82, 0x13, 0x82, 0x80, 0x80];
281 let rsp2 = vec![0x82, 0x14, 0x82, 0x80, 0x80];
282 let rsp3 = vec![0x82, 0x15, 0x82, 0x80, 0x80];
283 let mut rsp = vec![];
284 rsp.extend_from_slice(&rsp1);
285 rsp.extend_from_slice(&rsp2);
286 rsp.extend_from_slice(&rsp3);
287 let result = split_rsp(&rsp, 6).expect("result should not be error");
288 assert_eq!(result.len(), 3);
289
290 let inner_msg1 = result.first().expect("a message is expected at index 0").as_slice();
291 assert_eq!(inner_msg1.len(), 6);
292 let marker1 = inner_msg1[0];
293 assert_eq!(marker1, NEXT_MESSAGE_SIGNAL_TRUE);
294 let msg1 = &inner_msg1[1..];
295 assert_eq!(msg1, rsp1);
296
297 let inner_msg2 = result.get(1).expect("a message is expected at index 1").as_slice();
298 assert_eq!(inner_msg2.len(), 6);
299 let marker2 = inner_msg2[0];
300 assert_eq!(marker2, NEXT_MESSAGE_SIGNAL_TRUE);
301 let msg2 = &inner_msg2[1..];
302 assert_eq!(msg2, rsp2);
303
304 let inner_msg3 = result.get(2).expect("a message is expected at index 2").as_slice();
305 assert_eq!(inner_msg3.len(), 6);
306 let marker3 = inner_msg3[0];
307 assert_eq!(marker3, NEXT_MESSAGE_SIGNAL_FALSE);
308 let msg3 = &inner_msg3[1..];
309 assert_eq!(msg3, rsp3);
310 }
311
312 #[test]
test_split_rsp_larger_input_imperfect_split()313 fn test_split_rsp_larger_input_imperfect_split() {
314 // Test for rsp_data size > max_size and it is not a perfect split
315 let rsp1 = vec![0x82, 0x00, 0x81, 0x82, 0x13];
316 let rsp2 = vec![0x81, 0x83, 0x41, 0x01, 0x80];
317 let rsp3 = vec![0x80];
318 let mut rsp = vec![];
319 rsp.extend_from_slice(&rsp1);
320 rsp.extend_from_slice(&rsp2);
321 rsp.extend_from_slice(&rsp3);
322 let result = split_rsp(&rsp, 6).expect("result should not be error");
323 assert_eq!(result.len(), 3);
324
325 let inner_msg1 = result.first().expect("a message is expected at index 0").as_slice();
326 assert_eq!(inner_msg1.len(), 6);
327 let marker1 = inner_msg1[0];
328 assert_eq!(marker1, NEXT_MESSAGE_SIGNAL_TRUE);
329 let msg1 = &inner_msg1[1..];
330 assert_eq!(msg1, rsp1);
331
332 let inner_msg2 = result.get(1).expect("a message is expected at index 1").as_slice();
333 assert_eq!(inner_msg2.len(), 6);
334 let marker2 = inner_msg2[0];
335 assert_eq!(marker2, NEXT_MESSAGE_SIGNAL_TRUE);
336 let msg2 = &inner_msg2[1..];
337 assert_eq!(msg2, rsp2);
338
339 let inner_msg3 = result.get(2).expect("a message is expected at index 2").as_slice();
340 assert_eq!(inner_msg3.len(), 2);
341 let marker3 = inner_msg3[0];
342 assert_eq!(marker3, NEXT_MESSAGE_SIGNAL_FALSE);
343 let msg3 = &inner_msg3[1..];
344 assert_eq!(msg3, rsp3);
345 }
346