implement Keyguard base class

Base class for all hardware KG implementations.
Platform-specific subclasses need only provide keys
and a signature routine.

Change-Id: I354b136a7ee1c5352ac611d8b9093fd5f2ff47ac

3 files changed, 143 insertions, 7 deletions

diff --git a/tests/Android.mk b/tests/Android.mk
index 60fc50f..7b2f1f3 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -20,6 +20,8 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := keyguard-unit-tests
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
 LOCAL_CFLAGS += -g -Wall -Werror -std=gnu++11 -Wno-missing-field-initializers
-LOCAL_SHARED_LIBRARIES += libkeyguard_messages
-LOCAL_SRC_FILES := keyguard_messages_test.cpp
+LOCAL_SHARED_LIBRARIES += libkeyguard
+LOCAL_SRC_FILES := \
+	keyguard_messages_test.cpp \
+	keyguard_test.cpp
 include $(BUILD_NATIVE_TEST)
diff --git a/tests/keyguard_messages_test.cpp b/tests/keyguard_messages_test.cpp
index 77fbb99..dc579f7 100644
--- a/tests/keyguard_messages_test.cpp
+++ b/tests/keyguard_messages_test.cpp
@@ -30,6 +30,8 @@ using ::keyguard::VerifyResponse;
 using std::cout;
 using std::endl;
 
+static const uint32_t USER_ID = 3857;
+
 static SizedBuffer *make_buffer(size_t size) {
     SizedBuffer *result = new SizedBuffer;
     result->length = size;
@@ -49,7 +51,7 @@ TEST(RoundTripTest, EnrollRequest) {
     SizedBuffer *provided_password = make_buffer(password_size);
     const SizedBuffer *deserialized_password;
     // create request, serialize, deserialize, and validate
-    EnrollRequest req(provided_password);
+    EnrollRequest req(USER_ID, provided_password);
     uint8_t *serialized_req = req.Serialize();
     EnrollRequest deserialized_req;
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
@@ -59,6 +61,7 @@ TEST(RoundTripTest, EnrollRequest) {
             deserialized_req.GetError());
 
     deserialized_password = deserialized_req.GetProvidedPassword();
+    ASSERT_EQ(USER_ID, deserialized_req.GetUserId());
     ASSERT_EQ((uint32_t) password_size, deserialized_password->length);
     ASSERT_EQ(0, memcmp(req.GetProvidedPassword()->buffer.get(), deserialized_password->buffer.get(), password_size));
 }
@@ -68,7 +71,7 @@ TEST(RoundTripTest, EnrollResponse) {
     SizedBuffer *enrolled_password = make_buffer(password_size);
     const SizedBuffer *deserialized_password;
     // create request, serialize, deserialize, and validate
-    EnrollResponse req(enrolled_password);
+    EnrollResponse req(USER_ID, enrolled_password);
     uint8_t *serialized_req = req.Serialize();
     EnrollResponse deserialized_req;
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
@@ -78,17 +81,18 @@ TEST(RoundTripTest, EnrollResponse) {
             deserialized_req.GetError());
 
     deserialized_password = deserialized_req.GetEnrolledPasswordHandle();
+    ASSERT_EQ(USER_ID, deserialized_req.GetUserId());
     ASSERT_EQ((uint32_t) password_size, deserialized_password->length);
     ASSERT_EQ(0, memcmp(req.GetEnrolledPasswordHandle()->buffer.get(), deserialized_password->buffer.get(), password_size));
 }
 
 TEST(RoundTripTest, VerifyRequest) {
-    const size_t password_size = 1;
+    const size_t password_size = 512;
     SizedBuffer *provided_password = make_buffer(password_size),
           *password_handle = make_buffer(password_size);
     const SizedBuffer *deserialized_password;
     // create request, serialize, deserialize, and validate
-    VerifyRequest req(password_handle, provided_password);
+    VerifyRequest req(USER_ID, password_handle, provided_password);
     uint8_t *serialized_req = req.Serialize();
     VerifyRequest deserialized_req;
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
@@ -96,6 +100,7 @@ TEST(RoundTripTest, VerifyRequest) {
     ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
             deserialized_req.GetError());
 
+    ASSERT_EQ(USER_ID, deserialized_req.GetUserId());
     deserialized_password = deserialized_req.GetProvidedPassword();
     ASSERT_EQ((uint32_t) password_size, deserialized_password->length);
     ASSERT_EQ(0, memcmp(req.GetProvidedPassword()->buffer.get(), deserialized_password->buffer.get(), password_size));
@@ -110,7 +115,7 @@ TEST(RoundTripTest, VerifyResponse) {
     SizedBuffer *verification_token = make_buffer(password_size);
     const SizedBuffer *deserialized_password;
     // create request, serialize, deserialize, and validate
-    VerifyResponse req(verification_token);
+    VerifyResponse req(USER_ID, verification_token);
     uint8_t *serialized_req = req.Serialize();
     VerifyResponse deserialized_req;
     deserialized_req.Deserialize(serialized_req, serialized_req + req.GetSerializedSize());
@@ -119,6 +124,7 @@ TEST(RoundTripTest, VerifyResponse) {
     ASSERT_EQ(keyguard::keyguard_error_t::KG_ERROR_OK,
             deserialized_req.GetError());
 
+    ASSERT_EQ(USER_ID, deserialized_req.GetUserId());
     deserialized_password = deserialized_req.GetVerificationToken();
     ASSERT_EQ((uint32_t) password_size, deserialized_password->length);
     ASSERT_EQ(0, memcmp(req.GetVerificationToken()->buffer.get(), deserialized_password->buffer.get(), password_size));
diff --git a/tests/keyguard_test.cpp b/tests/keyguard_test.cpp
new file mode 100644
index 0000000..8b733df
--- /dev/null
+++ b/tests/keyguard_test.cpp
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+
+#include <keyguard/google_keyguard.h>
+
+using ::keyguard::SizedBuffer;
+using ::testing::Test;
+using ::keyguard::EnrollRequest;
+using ::keyguard::EnrollResponse;
+using ::keyguard::VerifyRequest;
+using ::keyguard::VerifyResponse;
+using ::keyguard::GoogleKeyguard;
+using ::keyguard::AuthToken;
+
+class FakeKeyguard : public GoogleKeyguard {
+public:
+    FakeKeyguard() {
+        password_key_ = std::unique_ptr<uint8_t[]>(new uint8_t[16] {
+                2, 34, 23, 43, 52, 25, 234, 22, 65, 24, 90,
+                48, 5, 52, 62, 12 });
+    }
+
+private:
+    std::unique_ptr<uint8_t[]> GetAuthTokenKey() const {
+        return std::unique_ptr<uint8_t[]>(new uint8_t[16] {
+                2, 34, 23, 43, 52, 25, 234, 22, 65, 24, 90,
+                48, 5, 52, 62, 12 });
+    }
+
+    std::unique_ptr<uint8_t> ComputeSignature(const uint8_t key[],
+            const uint8_t *message, const size_t length, size_t *signature_length) const {
+        const size_t signature_size = 16;
+        uint8_t *signature = new uint8_t[signature_size];
+        memset(signature, 0, signature_size);
+        size_t len = length >= signature_size ? signature_size : length;
+        memcpy(signature, message, len);
+        if (signature_length != NULL) *signature_length = len;
+        return std::unique_ptr<uint8_t>(signature);
+    }
+};
+
+TEST(KeyguardTest, EnrollSuccess) {
+    FakeKeyguard keyguard;
+    SizedBuffer password;
+    EnrollResponse response;
+
+    password.buffer = std::unique_ptr<uint8_t>(new uint8_t[16]);
+    password.length = 16;
+    memset(password.buffer.get(), 0, 16);
+    EnrollRequest request(0, &password);
+
+    keyguard.Enroll(request, &response);
+
+    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.GetError());
+    ASSERT_EQ((size_t) 16, response.GetEnrolledPasswordHandle()->length);
+}
+
+TEST(KeyguardTest, EnrollBogusData) {
+    FakeKeyguard keyguard;
+    SizedBuffer password;
+    EnrollResponse response;
+
+    EnrollRequest request(0, &password);
+
+    keyguard.Enroll(request, &response);
+
+    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_INVALID, response.GetError());
+}
+
+TEST(KeyguardTest, VerifySuccess) {
+    FakeKeyguard keyguard;
+    SizedBuffer provided_password;
+    SizedBuffer password_handle;
+
+    provided_password.buffer = std::unique_ptr<uint8_t>(new uint8_t[16]);
+    provided_password.length = 16;
+    memset(provided_password.buffer.get(), 0, 16);
+
+    password_handle.buffer = std::unique_ptr<uint8_t>(new uint8_t[16]);
+    password_handle.length = 16;
+    memset(password_handle.buffer.get(), 0, 16);
+
+    VerifyRequest request(0, &password_handle, &provided_password);
+    VerifyResponse response;
+
+    keyguard.Verify(request, &response);
+
+    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_OK, response.GetError());
+
+    AuthToken *auth_token =
+        reinterpret_cast<AuthToken *>(response.GetVerificationToken()->buffer.get());
+
+    ASSERT_EQ((uint8_t) 1, auth_token->auth_token_tag);
+    ASSERT_EQ((uint8_t) 2, auth_token->user_id_tag);
+    ASSERT_EQ((uint8_t) 3, auth_token->authenticator_id_tag);
+    ASSERT_EQ((uint8_t) 4, auth_token->timestamp_tag);
+
+    ASSERT_EQ((uint32_t)0, auth_token->user_id);
+    ASSERT_EQ((uint32_t)0, auth_token->authenticator_id);
+}
+
+TEST(KeyguardTest, VerifyBogusData) {
+    FakeKeyguard keyguard;
+    SizedBuffer provided_password;
+    SizedBuffer password_handle;
+    VerifyResponse response;
+
+    VerifyRequest request(0, &provided_password, &password_handle);
+
+    keyguard.Verify(request, &response);
+
+    ASSERT_EQ(::keyguard::keyguard_error_t::KG_ERROR_INVALID, response.GetError());
+}