diff options
author | Andres Morales <anmorales@google.com> | 2015-02-26 14:11:04 -0800 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-03-06 10:51:01 -0800 |
commit | ac80818fd9e477d142dd8ed2f3902ba3757855c9 (patch) | |
tree | 1cb50fb3efefe487ec312f1e62456cccf4babd01 /tests | |
parent | 6c9fe69766c5a8f0a7d5bd91ac465c625e64b474 (diff) | |
download | gatekeeper-ac80818fd9e477d142dd8ed2f3902ba3757855c9.tar.gz |
implement Keyguard base class
Base class for all hardware KG implementations.
Platform-specific subclasses need only provide keys
and a signature routine.
Change-Id: I354b136a7ee1c5352ac611d8b9093fd5f2ff47ac
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Android.mk | 6 | ||||
-rw-r--r-- | tests/keyguard_messages_test.cpp | 16 | ||||
-rw-r--r-- | tests/keyguard_test.cpp | 128 |
3 files changed, 143 insertions, 7 deletions
diff --git a/tests/Android.mk b/tests/Android.mk index 60fc50f..7b2f1f3 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -20,6 +20,8 @@ include $(CLEAR_VARS) LOCAL_MODULE := keyguard-unit-tests LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk LOCAL_CFLAGS += -g -Wall -Werror -std=gnu++11 -Wno-missing-field-initializers -LOCAL_SHARED_LIBRARIES += libkeyguard_messages -LOCAL_SRC_FILES := keyguard_messages_test.cpp +LOCAL_SHARED_LIBRARIES += libkeyguard +LOCAL_SRC_FILES := \ + keyguard_messages_test.cpp \ + keyguard_test.cpp include $(BUILD_NATIVE_TEST) diff --git a/tests/keyguard_messages_test.cpp b/tests/keyguard_messages_test.cpp index 77fbb99..dc579f7 100644 --- a/tests/keyguard_messages_test.cpp +++ b/tests/keyguard_messages_test.cpp @@ -30,6 +30,8 @@ using ::keyguard::VerifyResponse; using std::cout; using std::endl; +static const uint32_t USER_ID = 3857; + static SizedBuffer *make_buffer(size_t size) { SizedBuffer *result = new SizedBuffer; result->length = size; @@ -49,7 +51,7 @@ TEST(RoundTripTest, EnrollRequest) { SizedBuffer *provided_password = make_buffer(password_size); const SizedBuffer *deserialized_password; // create request, serialize, deserialize, and validate - EnrollRequest req(provided_password); + EnrollRequest req(USER_ID, provided_password); uint8_t *serialized_req = req.Serialize(); EnrollRequest deserialized_req; deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize()); @@ -59,6 +61,7 @@ TEST(RoundTripTest, EnrollRequest) { deserialized_req.GetError()); deserialized_password = deserialized_req.GetProvidedPassword(); + ASSERT_EQ(USER_ID, deserialized_req.GetUserId()); ASSERT_EQ((uint32_t) password_size, deserialized_password->length); ASSERT_EQ(0, memcmp(req.GetProvidedPassword()->buffer.get(), deserialized_password->buffer.get(), password_size)); } @@ -68,7 +71,7 @@ TEST(RoundTripTest, EnrollResponse) { SizedBuffer *enrolled_password = make_buffer(password_size); const SizedBuffer *deserialized_password; // create request, serialize, deserialize, and validate - EnrollResponse req(enrolled_password); + EnrollResponse req(USER_ID, enrolled_password); uint8_t *serialized_req = req.Serialize(); EnrollResponse deserialized_req; deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize()); @@ -78,17 +81,18 @@ TEST(RoundTripTest, EnrollResponse) { deserialized_req.GetError()); deserialized_password = deserialized_req.GetEnrolledPasswordHandle(); + ASSERT_EQ(USER_ID, deserialized_req.GetUserId()); ASSERT_EQ((uint32_t) password_size, deserialized_password->length); ASSERT_EQ(0, memcmp(req.GetEnrolledPasswordHandle()->buffer.get(), deserialized_password->buffer.get(), password_size)); } TEST(RoundTripTest, VerifyRequest) { - const size_t password_size = 1; + const size_t password_size = 512; SizedBuffer *provided_password = make_buffer(password_size), *password_handle = make_buffer(password_size); const SizedBuffer *deserialized_password; // create request, serialize, deserialize, and validate - VerifyRequest req(password_handle, provided_password); + VerifyRequest req(USER_ID, password_handle, provided_password); uint8_t *serialized_req = req.Serialize(); VerifyRequest deserialized_req; deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize()); @@ -96,6 +100,7 @@ TEST(RoundTripTest, VerifyRequest) { ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK, deserialized_req.GetError()); + ASSERT_EQ(USER_ID, deserialized_req.GetUserId()); deserialized_password = deserialized_req.GetProvidedPassword(); ASSERT_EQ((uint32_t) password_size, deserialized_password->length); ASSERT_EQ(0, memcmp(req.GetProvidedPassword()->buffer.get(), deserialized_password->buffer.get(), password_size)); @@ -110,7 +115,7 @@ TEST(RoundTripTest, VerifyResponse) { SizedBuffer *verification_token = make_buffer(password_size); const SizedBuffer *deserialized_password; // create request, serialize, deserialize, and validate - VerifyResponse req(verification_token); + VerifyResponse req(USER_ID, verification_token); uint8_t *serialized_req = req.Serialize(); VerifyResponse deserialized_req; deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize()); @@ -119,6 +124,7 @@ TEST(RoundTripTest, VerifyResponse) { ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK, deserialized_req.GetError()); + ASSERT_EQ(USER_ID, deserialized_req.GetUserId()); deserialized_password = deserialized_req.GetVerificationToken(); ASSERT_EQ((uint32_t) password_size, deserialized_password->length); ASSERT_EQ(0, memcmp(req.GetVerificationToken()->buffer.get(), deserialized_password->buffer.get(), password_size)); diff --git a/tests/keyguard_test.cpp b/tests/keyguard_test.cpp new file mode 100644 index 0000000..8b733df --- /dev/null +++ b/tests/keyguard_test.cpp @@ -0,0 +1,128 @@ +/* + * Copyright 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <gtest/gtest.h> + +#include <keyguard/google_keyguard.h> + +using ::keyguard::SizedBuffer; +using ::testing::Test; +using ::keyguard::EnrollRequest; +using ::keyguard::EnrollResponse; +using ::keyguard::VerifyRequest; +using ::keyguard::VerifyResponse; +using ::keyguard::GoogleKeyguard; +using ::keyguard::AuthToken; + +class FakeKeyguard : public GoogleKeyguard { +public: + FakeKeyguard() { + password_key_ = std::unique_ptr<uint8_t[]>(new uint8_t[16] { + 2, 34, 23, 43, 52, 25, 234, 22, 65, 24, 90, + 48, 5, 52, 62, 12 }); + } + +private: + std::unique_ptr<uint8_t[]> GetAuthTokenKey() const { + return std::unique_ptr<uint8_t[]>(new uint8_t[16] { + 2, 34, 23, 43, 52, 25, 234, 22, 65, 24, 90, + 48, 5, 52, 62, 12 }); + } + + std::unique_ptr<uint8_t> ComputeSignature(const uint8_t key[], + const uint8_t *message, const size_t length, size_t *signature_length) const { + const size_t signature_size = 16; + uint8_t *signature = new uint8_t[signature_size]; + memset(signature, 0, signature_size); + size_t len = length >= signature_size ? signature_size : length; + memcpy(signature, message, len); + if (signature_length != NULL) *signature_length = len; + return std::unique_ptr<uint8_t>(signature); + } +}; + +TEST(KeyguardTest, EnrollSuccess) { + FakeKeyguard keyguard; + SizedBuffer password; + EnrollResponse response; + + password.buffer = std::unique_ptr<uint8_t>(new uint8_t[16]); + password.length = 16; + memset(password.buffer.get(), 0, 16); + EnrollRequest request(0, &password); + + keyguard.Enroll(request, &response); + + ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.GetError()); + ASSERT_EQ((size_t) 16, response.GetEnrolledPasswordHandle()->length); +} + +TEST(KeyguardTest, EnrollBogusData) { + FakeKeyguard keyguard; + SizedBuffer password; + EnrollResponse response; + + EnrollRequest request(0, &password); + + keyguard.Enroll(request, &response); + + ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_INVALID, response.GetError()); +} + +TEST(KeyguardTest, VerifySuccess) { + FakeKeyguard keyguard; + SizedBuffer provided_password; + SizedBuffer password_handle; + + provided_password.buffer = std::unique_ptr<uint8_t>(new uint8_t[16]); + provided_password.length = 16; + memset(provided_password.buffer.get(), 0, 16); + + password_handle.buffer = std::unique_ptr<uint8_t>(new uint8_t[16]); + password_handle.length = 16; + memset(password_handle.buffer.get(), 0, 16); + + VerifyRequest request(0, &password_handle, &provided_password); + VerifyResponse response; + + keyguard.Verify(request, &response); + + ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.GetError()); + + AuthToken *auth_token = + reinterpret_cast<AuthToken *>(response.GetVerificationToken()->buffer.get()); + + ASSERT_EQ((uint8_t) 1, auth_token->auth_token_tag); + ASSERT_EQ((uint8_t) 2, auth_token->user_id_tag); + ASSERT_EQ((uint8_t) 3, auth_token->authenticator_id_tag); + ASSERT_EQ((uint8_t) 4, auth_token->timestamp_tag); + + ASSERT_EQ((uint32_t)0, auth_token->user_id); + ASSERT_EQ((uint32_t)0, auth_token->authenticator_id); +} + +TEST(KeyguardTest, VerifyBogusData) { + FakeKeyguard keyguard; + SizedBuffer provided_password; + SizedBuffer password_handle; + VerifyResponse response; + + VerifyRequest request(0, &provided_password, &password_handle); + + keyguard.Verify(request, &response); + + ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_INVALID, response.GetError()); +} |