Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 703bcc185a60ae4084175da41b8be009fbd36160 / . / keystore2 / src / database / tests.rs
blob: 4ada69421bed3adc075b7550c9e86bf232ba15e3 [file] [log] [blame]
// Copyright 2020, The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//! Database tests.
use super::*;
use crate::key_parameter::{
Algorithm, BlockMode, Digest, EcCurve, HardwareAuthenticatorType, KeyOrigin, KeyParameter,
KeyParameterValue, KeyPurpose, PaddingMode, SecurityLevel,
};
use crate::key_perm_set;
use crate::permission::{KeyPerm, KeyPermSet};
use crate::super_key::{SuperKeyManager, USER_AFTER_FIRST_UNLOCK_SUPER_KEY, SuperEncryptionAlgorithm, SuperKeyType};
use keystore2_test_utils::TempDir;
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
HardwareAuthToken::HardwareAuthToken,
HardwareAuthenticatorType::HardwareAuthenticatorType as kmhw_authenticator_type,
};
use android_hardware_security_secureclock::aidl::android::hardware::security::secureclock::{
Timestamp::Timestamp,
};
use std::cell::RefCell;
use std::collections::BTreeMap;
use std::fmt::Write;
use std::sync::atomic::{AtomicU8, Ordering};
use std::sync::Arc;
use std::thread;
use std::time::{Duration, SystemTime};
use crate::utils::AesGcm;
#[cfg(disabled)]
use std::time::Instant;
pub fn new_test_db() -> Result<KeystoreDB> {
new_test_db_at("file::memory:")
}
fn new_test_db_at(path: &str) -> Result<KeystoreDB> {
let conn = KeystoreDB::make_connection(path)?;
let mut db = KeystoreDB { conn, gc: None, perboot: Arc::new(perboot::PerbootDB::new()) };
db.with_transaction(Immediate("TX_new_test_db"), |tx| {
KeystoreDB::init_tables(tx).context("Failed to initialize tables.").no_gc()
})?;
Ok(db)
}
fn rebind_alias(
db: &mut KeystoreDB,
newid: &KeyIdGuard,
alias: &str,
domain: Domain,
namespace: i64,
) -> Result<bool> {
db.with_transaction(Immediate("TX_rebind_alias"), |tx| {
KeystoreDB::rebind_alias(tx, newid, alias, &domain, &namespace, KeyType::Client).no_gc()
})
.context(ks_err!())
}
#[test]
fn datetime() -> Result<()> {
let conn = Connection::open_in_memory()?;
conn.execute("CREATE TABLE test (ts DATETIME);", [])?;
let now = SystemTime::now();
let duration = Duration::from_secs(1000);
let then = now.checked_sub(duration).unwrap();
let soon = now.checked_add(duration).unwrap();
conn.execute(
"INSERT INTO test (ts) VALUES (?), (?), (?);",
params![DateTime::try_from(now)?, DateTime::try_from(then)?, DateTime::try_from(soon)?],
)?;
let mut stmt = conn.prepare("SELECT ts FROM test ORDER BY ts ASC;")?;
let mut rows = stmt.query([])?;
assert_eq!(DateTime::try_from(then)?, rows.next()?.unwrap().get(0)?);
assert_eq!(DateTime::try_from(now)?, rows.next()?.unwrap().get(0)?);
assert_eq!(DateTime::try_from(soon)?, rows.next()?.unwrap().get(0)?);
assert!(rows.next()?.is_none());
assert!(DateTime::try_from(then)? < DateTime::try_from(now)?);
assert!(DateTime::try_from(then)? < DateTime::try_from(soon)?);
assert!(DateTime::try_from(now)? < DateTime::try_from(soon)?);
Ok(())
}
// Ensure that we're using the "injected" random function, not the real one.
#[test]
fn test_mocked_random() {
let rand1 = random();
let rand2 = random();
let rand3 = random();
if rand1 == rand2 {
assert_eq!(rand2 + 1, rand3);
} else {
assert_eq!(rand1 + 1, rand2);
assert_eq!(rand2, rand3);
}
}
// Test that we have the correct tables.
#[test]
fn test_tables() -> Result<()> {
let db = new_test_db()?;
let tables = db
.conn
.prepare("SELECT name from persistent.sqlite_master WHERE type='table' ORDER BY name;")?
.query_map(params![], |row| row.get(0))?
.collect::<rusqlite::Result<Vec<String>>>()?;
assert_eq!(tables.len(), 6);
assert_eq!(tables[0], "blobentry");
assert_eq!(tables[1], "blobmetadata");
assert_eq!(tables[2], "grant");
assert_eq!(tables[3], "keyentry");
assert_eq!(tables[4], "keymetadata");
assert_eq!(tables[5], "keyparameter");
Ok(())
}
#[test]
fn test_auth_token_table_invariant() -> Result<()> {
let mut db = new_test_db()?;
let auth_token1 = HardwareAuthToken {
challenge: i64::MAX,
userId: 200,
authenticatorId: 200,
authenticatorType: kmhw_authenticator_type(kmhw_authenticator_type::PASSWORD.0),
timestamp: Timestamp { milliSeconds: 500 },
mac: String::from("mac").into_bytes(),
};
db.insert_auth_token(&auth_token1);
let auth_tokens_returned = get_auth_tokens(&db);
assert_eq!(auth_tokens_returned.len(), 1);
// insert another auth token with the same values for the columns in the UNIQUE constraint
// of the auth token table and different value for timestamp
let auth_token2 = HardwareAuthToken {
challenge: i64::MAX,
userId: 200,
authenticatorId: 200,
authenticatorType: kmhw_authenticator_type(kmhw_authenticator_type::PASSWORD.0),
timestamp: Timestamp { milliSeconds: 600 },
mac: String::from("mac").into_bytes(),
};
db.insert_auth_token(&auth_token2);
let mut auth_tokens_returned = get_auth_tokens(&db);
assert_eq!(auth_tokens_returned.len(), 1);
if let Some(auth_token) = auth_tokens_returned.pop() {
assert_eq!(auth_token.auth_token.timestamp.milliSeconds, 600);
}
// insert another auth token with the different values for the columns in the UNIQUE
// constraint of the auth token table
let auth_token3 = HardwareAuthToken {
challenge: i64::MAX,
userId: 201,
authenticatorId: 200,
authenticatorType: kmhw_authenticator_type(kmhw_authenticator_type::PASSWORD.0),
timestamp: Timestamp { milliSeconds: 600 },
mac: String::from("mac").into_bytes(),
};
db.insert_auth_token(&auth_token3);
let auth_tokens_returned = get_auth_tokens(&db);
assert_eq!(auth_tokens_returned.len(), 2);
Ok(())
}
// utility function for test_auth_token_table_invariant()
fn get_auth_tokens(db: &KeystoreDB) -> Vec<AuthTokenEntry> {
db.perboot.get_all_auth_token_entries()
}
fn create_key_entry(
db: &mut KeystoreDB,
domain: &Domain,
namespace: &i64,
key_type: KeyType,
km_uuid: &Uuid,
) -> Result<KeyIdGuard> {
db.with_transaction(Immediate("TX_create_key_entry"), |tx| {
KeystoreDB::create_key_entry_internal(tx, domain, namespace, key_type, km_uuid).no_gc()
})
}
#[test]
fn test_persistence_for_files() -> Result<()> {
let temp_dir = TempDir::new("persistent_db_test")?;
let mut db = KeystoreDB::new(temp_dir.path(), None)?;
create_key_entry(&mut db, &Domain::APP, &100, KeyType::Client, &KEYSTORE_UUID)?;
let entries = get_keyentry(&db)?;
assert_eq!(entries.len(), 1);
let db = KeystoreDB::new(temp_dir.path(), None)?;
let entries_new = get_keyentry(&db)?;
assert_eq!(entries, entries_new);
Ok(())
}
#[test]
fn test_create_key_entry() -> Result<()> {
fn extractor(ke: &KeyEntryRow) -> (Domain, i64, Option<&str>, Uuid) {
(ke.domain.unwrap(), ke.namespace.unwrap(), ke.alias.as_deref(), ke.km_uuid.unwrap())
}
let mut db = new_test_db()?;
create_key_entry(&mut db, &Domain::APP, &100, KeyType::Client, &KEYSTORE_UUID)?;
create_key_entry(&mut db, &Domain::SELINUX, &101, KeyType::Client, &KEYSTORE_UUID)?;
let entries = get_keyentry(&db)?;
assert_eq!(entries.len(), 2);
assert_eq!(extractor(&entries[0]), (Domain::APP, 100, None, KEYSTORE_UUID));
assert_eq!(extractor(&entries[1]), (Domain::SELINUX, 101, None, KEYSTORE_UUID));
// Test that we must pass in a valid Domain.
check_result_is_error_containing_string(
create_key_entry(&mut db, &Domain::GRANT, &102, KeyType::Client, &KEYSTORE_UUID),
&format!("Domain {:?} must be either App or SELinux.", Domain::GRANT),
);
check_result_is_error_containing_string(
create_key_entry(&mut db, &Domain::BLOB, &103, KeyType::Client, &KEYSTORE_UUID),
&format!("Domain {:?} must be either App or SELinux.", Domain::BLOB),
);
check_result_is_error_containing_string(
create_key_entry(&mut db, &Domain::KEY_ID, &104, KeyType::Client, &KEYSTORE_UUID),
&format!("Domain {:?} must be either App or SELinux.", Domain::KEY_ID),
);
Ok(())
}
#[test]
fn test_rebind_alias() -> Result<()> {
fn extractor(ke: &KeyEntryRow) -> (Option<Domain>, Option<i64>, Option<&str>, Option<Uuid>) {
(ke.domain, ke.namespace, ke.alias.as_deref(), ke.km_uuid)
}
let mut db = new_test_db()?;
create_key_entry(&mut db, &Domain::APP, &42, KeyType::Client, &KEYSTORE_UUID)?;
create_key_entry(&mut db, &Domain::APP, &42, KeyType::Client, &KEYSTORE_UUID)?;
let entries = get_keyentry(&db)?;
assert_eq!(entries.len(), 2);
assert_eq!(extractor(&entries[0]), (Some(Domain::APP), Some(42), None, Some(KEYSTORE_UUID)));
assert_eq!(extractor(&entries[1]), (Some(Domain::APP), Some(42), None, Some(KEYSTORE_UUID)));
// Test that the first call to rebind_alias sets the alias.
rebind_alias(&mut db, &KEY_ID_LOCK.get(entries[0].id), "foo", Domain::APP, 42)?;
let entries = get_keyentry(&db)?;
assert_eq!(entries.len(), 2);
assert_eq!(
extractor(&entries[0]),
(Some(Domain::APP), Some(42), Some("foo"), Some(KEYSTORE_UUID))
);
assert_eq!(extractor(&entries[1]), (Some(Domain::APP), Some(42), None, Some(KEYSTORE_UUID)));
// Test that the second call to rebind_alias also empties the old one.
rebind_alias(&mut db, &KEY_ID_LOCK.get(entries[1].id), "foo", Domain::APP, 42)?;
let entries = get_keyentry(&db)?;
assert_eq!(entries.len(), 2);
assert_eq!(extractor(&entries[0]), (None, None, None, Some(KEYSTORE_UUID)));
assert_eq!(
extractor(&entries[1]),
(Some(Domain::APP), Some(42), Some("foo"), Some(KEYSTORE_UUID))
);
// Test that we must pass in a valid Domain.
check_result_is_error_containing_string(
rebind_alias(&mut db, &KEY_ID_LOCK.get(0), "foo", Domain::GRANT, 42),
&format!("Domain {:?} must be either App or SELinux.", Domain::GRANT),
);
check_result_is_error_containing_string(
rebind_alias(&mut db, &KEY_ID_LOCK.get(0), "foo", Domain::BLOB, 42),
&format!("Domain {:?} must be either App or SELinux.", Domain::BLOB),
);
check_result_is_error_containing_string(
rebind_alias(&mut db, &KEY_ID_LOCK.get(0), "foo", Domain::KEY_ID, 42),
&format!("Domain {:?} must be either App or SELinux.", Domain::KEY_ID),
);
// Test that we correctly handle setting an alias for something that does not exist.
check_result_is_error_containing_string(
rebind_alias(&mut db, &KEY_ID_LOCK.get(0), "foo", Domain::SELINUX, 42),
"Expected to update a single entry but instead updated 0",
);
// Test that we correctly abort the transaction in this case.
let entries = get_keyentry(&db)?;
assert_eq!(entries.len(), 2);
assert_eq!(extractor(&entries[0]), (None, None, None, Some(KEYSTORE_UUID)));
assert_eq!(
extractor(&entries[1]),
(Some(Domain::APP), Some(42), Some("foo"), Some(KEYSTORE_UUID))
);
Ok(())
}
#[test]
fn test_grant_ungrant() -> Result<()> {
const CALLER_UID: u32 = 15;
const GRANTEE_UID: u32 = 12;
const SELINUX_NAMESPACE: i64 = 7;
let mut db = new_test_db()?;
db.conn.execute(
"INSERT INTO persistent.keyentry (id, key_type, domain, namespace, alias, state, km_uuid)
VALUES (1, 0, 0, 15, 'key', 1, ?), (2, 0, 2, 7, 'yek', 1, ?);",
params![KEYSTORE_UUID, KEYSTORE_UUID],
)?;
let app_key = KeyDescriptor {
domain: super::Domain::APP,
nspace: 0,
alias: Some("key".to_string()),
blob: None,
};
const PVEC1: KeyPermSet = key_perm_set![KeyPerm::Use, KeyPerm::GetInfo];
const PVEC2: KeyPermSet = key_perm_set![KeyPerm::Use];
// Reset totally predictable random number generator in case we
// are not the first test running on this thread.
reset_random();
let next_random = 0i64;
let app_granted_key = db
.grant(&app_key, CALLER_UID, GRANTEE_UID, PVEC1, |k, a| {
assert_eq!(*a, PVEC1);
assert_eq!(
*k,
KeyDescriptor {
domain: super::Domain::APP,
// namespace must be set to the caller_uid.
nspace: CALLER_UID as i64,
alias: Some("key".to_string()),
blob: None,
}
);
Ok(())
})
.unwrap();
assert_eq!(
app_granted_key,
KeyDescriptor {
domain: super::Domain::GRANT,
// The grantid is next_random due to the mock random number generator.
nspace: next_random,
alias: None,
blob: None,
}
);
let selinux_key = KeyDescriptor {
domain: super::Domain::SELINUX,
nspace: SELINUX_NAMESPACE,
alias: Some("yek".to_string()),
blob: None,
};
let selinux_granted_key = db
.grant(&selinux_key, CALLER_UID, 12, PVEC1, |k, a| {
assert_eq!(*a, PVEC1);
assert_eq!(
*k,
KeyDescriptor {
domain: super::Domain::SELINUX,
// namespace must be the supplied SELinux
// namespace.
nspace: SELINUX_NAMESPACE,
alias: Some("yek".to_string()),
blob: None,
}
);
Ok(())
})
.unwrap();
assert_eq!(
selinux_granted_key,
KeyDescriptor {
domain: super::Domain::GRANT,
// The grantid is next_random + 1 due to the mock random number generator.
nspace: next_random + 1,
alias: None,
blob: None,
}
);
// This should update the existing grant with PVEC2.
let selinux_granted_key = db
.grant(&selinux_key, CALLER_UID, 12, PVEC2, |k, a| {
assert_eq!(*a, PVEC2);
assert_eq!(
*k,
KeyDescriptor {
domain: super::Domain::SELINUX,
// namespace must be the supplied SELinux
// namespace.
nspace: SELINUX_NAMESPACE,
alias: Some("yek".to_string()),
blob: None,
}
);
Ok(())
})
.unwrap();
assert_eq!(
selinux_granted_key,
KeyDescriptor {
domain: super::Domain::GRANT,
// Same grant id as before. The entry was only updated.
nspace: next_random + 1,
alias: None,
blob: None,
}
);
{
// Limiting scope of stmt, because it borrows db.
let mut stmt = db
.conn
.prepare("SELECT id, grantee, keyentryid, access_vector FROM persistent.grant;")?;
let mut rows = stmt.query_map::<(i64, u32, i64, KeyPermSet), _, _>([], |row| {
Ok((row.get(0)?, row.get(1)?, row.get(2)?, KeyPermSet::from(row.get::<_, i32>(3)?)))
})?;
let r = rows.next().unwrap().unwrap();
assert_eq!(r, (next_random, GRANTEE_UID, 1, PVEC1));
let r = rows.next().unwrap().unwrap();
assert_eq!(r, (next_random + 1, GRANTEE_UID, 2, PVEC2));
assert!(rows.next().is_none());
}
debug_dump_keyentry_table(&mut db)?;
println!("app_key {:?}", app_key);
println!("selinux_key {:?}", selinux_key);
db.ungrant(&app_key, CALLER_UID, GRANTEE_UID, |_| Ok(()))?;
db.ungrant(&selinux_key, CALLER_UID, GRANTEE_UID, |_| Ok(()))?;
Ok(())
}
static TEST_KEY_BLOB: &[u8] = b"my test blob";
static TEST_CERT_BLOB: &[u8] = b"my test cert";
static TEST_CERT_CHAIN_BLOB: &[u8] = b"my test cert_chain";
#[test]
fn test_set_blob() -> Result<()> {
let key_id = KEY_ID_LOCK.get(3000);
let mut db = new_test_db()?;
let mut blob_metadata = BlobMetaData::new();
blob_metadata.add(BlobMetaEntry::KmUuid(KEYSTORE_UUID));
db.set_blob(&key_id, SubComponentType::KEY_BLOB, Some(TEST_KEY_BLOB), Some(&blob_metadata))?;
db.set_blob(&key_id, SubComponentType::CERT, Some(TEST_CERT_BLOB), None)?;
db.set_blob(&key_id, SubComponentType::CERT_CHAIN, Some(TEST_CERT_CHAIN_BLOB), None)?;
drop(key_id);
let mut stmt = db.conn.prepare(
"SELECT subcomponent_type, keyentryid, blob, id FROM persistent.blobentry
ORDER BY subcomponent_type ASC;",
)?;
let mut rows = stmt.query_map::<((SubComponentType, i64, Vec<u8>), i64), _, _>([], |row| {
Ok(((row.get(0)?, row.get(1)?, row.get(2)?), row.get(3)?))
})?;
let (r, id) = rows.next().unwrap().unwrap();
assert_eq!(r, (SubComponentType::KEY_BLOB, 3000, TEST_KEY_BLOB.to_vec()));
let (r, _) = rows.next().unwrap().unwrap();
assert_eq!(r, (SubComponentType::CERT, 3000, TEST_CERT_BLOB.to_vec()));
let (r, _) = rows.next().unwrap().unwrap();
assert_eq!(r, (SubComponentType::CERT_CHAIN, 3000, TEST_CERT_CHAIN_BLOB.to_vec()));
drop(rows);
drop(stmt);
assert_eq!(
db.with_transaction(Immediate("TX_test"), |tx| {
BlobMetaData::load_from_db(id, tx).no_gc()
})
.expect("Should find blob metadata."),
blob_metadata
);
Ok(())
}
static TEST_ALIAS: &str = "my super duper key";
#[test]
fn test_insert_and_load_full_keyentry_domain_app() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::APP, 1, TEST_ALIAS, None)
.context("test_insert_and_load_full_keyentry_domain_app")?
.0;
let (_key_guard, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
1,
|_k, _av| Ok(()),
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
db.unbind_key(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
1,
|_, _| Ok(()),
)
.unwrap();
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::NONE,
1,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
#[test]
fn test_insert_and_load_certificate_entry_domain_app() -> Result<()> {
let mut db = new_test_db()?;
db.store_new_certificate(
&KeyDescriptor {
domain: Domain::APP,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
TEST_CERT_BLOB,
&KEYSTORE_UUID,
)
.expect("Trying to insert cert.");
let (_key_guard, mut key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::PUBLIC,
1,
|_k, _av| Ok(()),
)
.expect("Trying to read certificate entry.");
assert!(key_entry.pure_cert());
assert!(key_entry.cert().is_none());
assert_eq!(key_entry.take_cert_chain(), Some(TEST_CERT_BLOB.to_vec()));
db.unbind_key(
&KeyDescriptor {
domain: Domain::APP,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
1,
|_, _| Ok(()),
)
.unwrap();
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::NONE,
1,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
#[test]
fn test_insert_and_load_full_keyentry_domain_selinux() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::SELINUX, 1, TEST_ALIAS, None)
.context("test_insert_and_load_full_keyentry_domain_selinux")?
.0;
let (_key_guard, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::SELINUX,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
1,
|_k, _av| Ok(()),
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
db.unbind_key(
&KeyDescriptor {
domain: Domain::SELINUX,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
1,
|_, _| Ok(()),
)
.unwrap();
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&KeyDescriptor {
domain: Domain::SELINUX,
nspace: 1,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::NONE,
1,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
#[test]
fn test_insert_and_load_full_keyentry_domain_key_id() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::SELINUX, 1, TEST_ALIAS, None)
.context("test_insert_and_load_full_keyentry_domain_key_id")?
.0;
let (_, key_entry) = db
.load_key_entry(
&KeyDescriptor { domain: Domain::KEY_ID, nspace: key_id, alias: None, blob: None },
KeyType::Client,
KeyEntryLoadBits::BOTH,
1,
|_k, _av| Ok(()),
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
db.unbind_key(
&KeyDescriptor { domain: Domain::KEY_ID, nspace: key_id, alias: None, blob: None },
KeyType::Client,
1,
|_, _| Ok(()),
)
.unwrap();
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&KeyDescriptor { domain: Domain::KEY_ID, nspace: key_id, alias: None, blob: None },
KeyType::Client,
KeyEntryLoadBits::NONE,
1,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
#[test]
fn test_check_and_update_key_usage_count_with_limited_use_key() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::SELINUX, 1, TEST_ALIAS, Some(123))
.context("test_check_and_update_key_usage_count_with_limited_use_key")?
.0;
// Update the usage count of the limited use key.
db.check_and_update_key_usage_count(key_id)?;
let (_key_guard, key_entry) = db.load_key_entry(
&KeyDescriptor { domain: Domain::KEY_ID, nspace: key_id, alias: None, blob: None },
KeyType::Client,
KeyEntryLoadBits::BOTH,
1,
|_k, _av| Ok(()),
)?;
// The usage count is decremented now.
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, Some(122)));
Ok(())
}
#[test]
fn test_check_and_update_key_usage_count_with_exhausted_limited_use_key() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::SELINUX, 1, TEST_ALIAS, Some(1))
.context("test_check_and_update_key_usage_count_with_exhausted_limited_use_key")?
.0;
// Update the usage count of the limited use key.
db.check_and_update_key_usage_count(key_id).expect(concat!(
"In test_check_and_update_key_usage_count_with_exhausted_limited_use_key: ",
"This should succeed."
));
// Try to update the exhausted limited use key.
let e = db.check_and_update_key_usage_count(key_id).expect_err(concat!(
"In test_check_and_update_key_usage_count_with_exhausted_limited_use_key: ",
"This should fail."
));
assert_eq!(
&KsError::Km(ErrorCode::INVALID_KEY_BLOB),
e.root_cause().downcast_ref::<KsError>().unwrap()
);
Ok(())
}
#[test]
fn test_insert_and_load_full_keyentry_from_grant() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::APP, 1, TEST_ALIAS, None)
.context("test_insert_and_load_full_keyentry_from_grant")?
.0;
let granted_key = db
.grant(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
1,
2,
key_perm_set![KeyPerm::Use],
|_k, _av| Ok(()),
)
.unwrap();
debug_dump_grant_table(&mut db)?;
let (_key_guard, key_entry) = db
.load_key_entry(&granted_key, KeyType::Client, KeyEntryLoadBits::BOTH, 2, |k, av| {
assert_eq!(Domain::GRANT, k.domain);
assert!(av.unwrap().includes(KeyPerm::Use));
Ok(())
})
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
db.unbind_key(&granted_key, KeyType::Client, 2, |_, _| Ok(())).unwrap();
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(&granted_key, KeyType::Client, KeyEntryLoadBits::NONE, 2, |_k, _av| Ok(
()
),)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
// This test attempts to load a key by key id while the caller is not the owner
// but a grant exists for the given key and the caller.
#[test]
fn test_insert_and_load_full_keyentry_from_grant_by_key_id() -> Result<()> {
let mut db = new_test_db()?;
const OWNER_UID: u32 = 1u32;
const GRANTEE_UID: u32 = 2u32;
const SOMEONE_ELSE_UID: u32 = 3u32;
let key_id = make_test_key_entry(&mut db, Domain::APP, OWNER_UID as i64, TEST_ALIAS, None)
.context("test_insert_and_load_full_keyentry_from_grant_by_key_id")?
.0;
db.grant(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
OWNER_UID,
GRANTEE_UID,
key_perm_set![KeyPerm::Use],
|_k, _av| Ok(()),
)
.unwrap();
debug_dump_grant_table(&mut db)?;
let id_descriptor =
KeyDescriptor { domain: Domain::KEY_ID, nspace: key_id, ..Default::default() };
let (_, key_entry) = db
.load_key_entry(
&id_descriptor,
KeyType::Client,
KeyEntryLoadBits::BOTH,
GRANTEE_UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(OWNER_UID as i64, k.nspace);
assert!(av.unwrap().includes(KeyPerm::Use));
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
let (_, key_entry) = db
.load_key_entry(
&id_descriptor,
KeyType::Client,
KeyEntryLoadBits::BOTH,
SOMEONE_ELSE_UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(OWNER_UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
db.unbind_key(&id_descriptor, KeyType::Client, OWNER_UID, |_, _| Ok(())).unwrap();
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&id_descriptor,
KeyType::Client,
KeyEntryLoadBits::NONE,
GRANTEE_UID,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
// Creates a key migrates it to a different location and then tries to access it by the old
// and new location.
#[test]
fn test_migrate_key_app_to_app() -> Result<()> {
let mut db = new_test_db()?;
const SOURCE_UID: u32 = 1u32;
const DESTINATION_UID: u32 = 2u32;
static SOURCE_ALIAS: &str = "SOURCE_ALIAS";
static DESTINATION_ALIAS: &str = "DESTINATION_ALIAS";
let key_id_guard =
make_test_key_entry(&mut db, Domain::APP, SOURCE_UID as i64, SOURCE_ALIAS, None)
.context("test_insert_and_load_full_keyentry_from_grant_by_key_id")?;
let source_descriptor: KeyDescriptor = KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(SOURCE_ALIAS.to_string()),
blob: None,
};
let destination_descriptor: KeyDescriptor = KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(DESTINATION_ALIAS.to_string()),
blob: None,
};
let key_id = key_id_guard.id();
db.migrate_key_namespace(key_id_guard, &destination_descriptor, DESTINATION_UID, |_k| Ok(()))
.unwrap();
let (_, key_entry) = db
.load_key_entry(
&destination_descriptor,
KeyType::Client,
KeyEntryLoadBits::BOTH,
DESTINATION_UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(DESTINATION_UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&source_descriptor,
KeyType::Client,
KeyEntryLoadBits::NONE,
SOURCE_UID,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
// Creates a key migrates it to a different location and then tries to access it by the old
// and new location.
#[test]
fn test_migrate_key_app_to_selinux() -> Result<()> {
let mut db = new_test_db()?;
const SOURCE_UID: u32 = 1u32;
const DESTINATION_UID: u32 = 2u32;
const DESTINATION_NAMESPACE: i64 = 1000i64;
static SOURCE_ALIAS: &str = "SOURCE_ALIAS";
static DESTINATION_ALIAS: &str = "DESTINATION_ALIAS";
let key_id_guard =
make_test_key_entry(&mut db, Domain::APP, SOURCE_UID as i64, SOURCE_ALIAS, None)
.context("test_insert_and_load_full_keyentry_from_grant_by_key_id")?;
let source_descriptor: KeyDescriptor = KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(SOURCE_ALIAS.to_string()),
blob: None,
};
let destination_descriptor: KeyDescriptor = KeyDescriptor {
domain: Domain::SELINUX,
nspace: DESTINATION_NAMESPACE,
alias: Some(DESTINATION_ALIAS.to_string()),
blob: None,
};
let key_id = key_id_guard.id();
db.migrate_key_namespace(key_id_guard, &destination_descriptor, DESTINATION_UID, |_k| Ok(()))
.unwrap();
let (_, key_entry) = db
.load_key_entry(
&destination_descriptor,
KeyType::Client,
KeyEntryLoadBits::BOTH,
DESTINATION_UID,
|k, av| {
assert_eq!(Domain::SELINUX, k.domain);
assert_eq!(DESTINATION_NAMESPACE, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&source_descriptor,
KeyType::Client,
KeyEntryLoadBits::NONE,
SOURCE_UID,
|_k, _av| Ok(()),
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
// Creates two keys and tries to migrate the first to the location of the second which
// is expected to fail.
#[test]
fn test_migrate_key_destination_occupied() -> Result<()> {
let mut db = new_test_db()?;
const SOURCE_UID: u32 = 1u32;
const DESTINATION_UID: u32 = 2u32;
static SOURCE_ALIAS: &str = "SOURCE_ALIAS";
static DESTINATION_ALIAS: &str = "DESTINATION_ALIAS";
let key_id_guard =
make_test_key_entry(&mut db, Domain::APP, SOURCE_UID as i64, SOURCE_ALIAS, None)
.context("test_insert_and_load_full_keyentry_from_grant_by_key_id")?;
make_test_key_entry(&mut db, Domain::APP, DESTINATION_UID as i64, DESTINATION_ALIAS, None)
.context("test_insert_and_load_full_keyentry_from_grant_by_key_id")?;
let destination_descriptor: KeyDescriptor = KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(DESTINATION_ALIAS.to_string()),
blob: None,
};
assert_eq!(
Some(&KsError::Rc(ResponseCode::INVALID_ARGUMENT)),
db.migrate_key_namespace(key_id_guard, &destination_descriptor, DESTINATION_UID, |_k| Ok(
()
))
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
Ok(())
}
#[test]
fn test_upgrade_0_to_1() {
const ALIAS1: &str = "test_upgrade_0_to_1_1";
const ALIAS2: &str = "test_upgrade_0_to_1_2";
const ALIAS3: &str = "test_upgrade_0_to_1_3";
const UID: u32 = 33;
let temp_dir = Arc::new(TempDir::new("test_upgrade_0_to_1").unwrap());
let mut db = KeystoreDB::new(temp_dir.path(), None).unwrap();
let key_id_untouched1 =
make_test_key_entry(&mut db, Domain::APP, UID as i64, ALIAS1, None).unwrap().id();
let key_id_untouched2 =
make_bootlevel_key_entry(&mut db, Domain::APP, UID as i64, ALIAS2, false).unwrap().id();
let key_id_deleted =
make_bootlevel_key_entry(&mut db, Domain::APP, UID as i64, ALIAS3, true).unwrap().id();
let (_, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(ALIAS1.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id_untouched1, None));
let (_, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(ALIAS2.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_bootlevel_test_key_entry_test_vector(key_id_untouched2, false));
let (_, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(ALIAS3.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_bootlevel_test_key_entry_test_vector(key_id_deleted, true));
db.with_transaction(Immediate("TX_test"), |tx| KeystoreDB::from_0_to_1(tx).no_gc()).unwrap();
let (_, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(ALIAS1.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id_untouched1, None));
let (_, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(ALIAS2.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap();
assert_eq!(key_entry, make_bootlevel_test_key_entry_test_vector(key_id_untouched2, false));
assert_eq!(
Some(&KsError::Rc(ResponseCode::KEY_NOT_FOUND)),
db.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(ALIAS3.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
UID,
|k, av| {
assert_eq!(Domain::APP, k.domain);
assert_eq!(UID as i64, k.nspace);
assert!(av.is_none());
Ok(())
},
)
.unwrap_err()
.root_cause()
.downcast_ref::<KsError>()
);
}
static KEY_LOCK_TEST_ALIAS: &str = "my super duper locked key";
#[test]
fn test_insert_and_load_full_keyentry_domain_app_concurrently() -> Result<()> {
let handle = {
let temp_dir = Arc::new(TempDir::new("id_lock_test")?);
let temp_dir_clone = temp_dir.clone();
let mut db = KeystoreDB::new(temp_dir.path(), None)?;
let key_id = make_test_key_entry(&mut db, Domain::APP, 33, KEY_LOCK_TEST_ALIAS, None)
.context("test_insert_and_load_full_keyentry_domain_app")?
.0;
let (_key_guard, key_entry) = db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(KEY_LOCK_TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
33,
|_k, _av| Ok(()),
)
.unwrap();
assert_eq!(key_entry, make_test_key_entry_test_vector(key_id, None));
let state = Arc::new(AtomicU8::new(1));
let state2 = state.clone();
// Spawning a second thread that attempts to acquire the key id lock
// for the same key as the primary thread. The primary thread then
// waits, thereby forcing the secondary thread into the second stage
// of acquiring the lock (see KEY ID LOCK 2/2 above).
// The test succeeds if the secondary thread observes the transition
// of `state` from 1 to 2, despite having a whole second to overtake
// the primary thread.
let handle = thread::spawn(move || {
let temp_dir = temp_dir_clone;
let mut db = KeystoreDB::new(temp_dir.path(), None).unwrap();
assert!(db
.load_key_entry(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(KEY_LOCK_TEST_ALIAS.to_string()),
blob: None,
},
KeyType::Client,
KeyEntryLoadBits::BOTH,
33,
|_k, _av| Ok(()),
)
.is_ok());
// We should only see a 2 here because we can only return
// from load_key_entry when the `_key_guard` expires,
// which happens at the end of the scope.
assert_eq!(2, state2.load(Ordering::Relaxed));
});
thread::sleep(std::time::Duration::from_millis(1000));
assert_eq!(Ok(1), state.compare_exchange(1, 2, Ordering::Relaxed, Ordering::Relaxed));
// Return the handle from this scope so we can join with the
// secondary thread after the key id lock has expired.
handle
// This is where the `_key_guard` goes out of scope,
// which is the reason for concurrent load_key_entry on the same key
// to unblock.
};
// Join with the secondary thread and unwrap, to propagate failing asserts to the
// main test thread. We will not see failing asserts in secondary threads otherwise.
handle.join().unwrap();
Ok(())
}
#[test]
fn test_database_busy_error_code() {
let temp_dir =
TempDir::new("test_database_busy_error_code_").expect("Failed to create temp dir.");
let mut db1 = KeystoreDB::new(temp_dir.path(), None).expect("Failed to open database1.");
let mut db2 = KeystoreDB::new(temp_dir.path(), None).expect("Failed to open database2.");
let _tx1 = db1
.conn
.transaction_with_behavior(rusqlite::TransactionBehavior::Immediate)
.expect("Failed to create first transaction.");
let error = db2
.conn
.transaction_with_behavior(rusqlite::TransactionBehavior::Immediate)
.context("Transaction begin failed.")
.expect_err("This should fail.");
let root_cause = error.root_cause();
if let Some(rusqlite::ffi::Error { code: rusqlite::ErrorCode::DatabaseBusy, .. }) =
root_cause.downcast_ref::<rusqlite::ffi::Error>()
{
return;
}
panic!(
"Unexpected error {:?} \n{:?} \n{:?}",
error,
root_cause,
root_cause.downcast_ref::<rusqlite::ffi::Error>()
)
}
#[cfg(disabled)]
#[test]
fn test_large_number_of_concurrent_db_manipulations() -> Result<()> {
let temp_dir = Arc::new(
TempDir::new("test_large_number_of_concurrent_db_manipulations_")
.expect("Failed to create temp dir."),
);
let test_begin = Instant::now();
const KEY_COUNT: u32 = 500u32;
let mut db =
new_test_db_with_gc(temp_dir.path(), |_, _| Ok(())).expect("Failed to open database.");
const OPEN_DB_COUNT: u32 = 50u32;
let mut actual_key_count = KEY_COUNT;
// First insert KEY_COUNT keys.
for count in 0..KEY_COUNT {
if Instant::now().duration_since(test_begin) >= Duration::from_secs(15) {
actual_key_count = count;
break;
}
let alias = format!("test_alias_{}", count);
make_test_key_entry(&mut db, Domain::APP, 1, &alias, None)
.expect("Failed to make key entry.");
}
// Insert more keys from a different thread and into a different namespace.
let temp_dir1 = temp_dir.clone();
let handle1 = thread::spawn(move || {
let mut db =
new_test_db_with_gc(temp_dir1.path(), |_, _| Ok(())).expect("Failed to open database.");
for count in 0..actual_key_count {
if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {
return;
}
let alias = format!("test_alias_{}", count);
make_test_key_entry(&mut db, Domain::APP, 2, &alias, None)
.expect("Failed to make key entry.");
}
// then unbind them again.
for count in 0..actual_key_count {
if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {
return;
}
let key = KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(format!("test_alias_{}", count)),
blob: None,
};
db.unbind_key(&key, KeyType::Client, 2, |_, _| Ok(())).expect("Unbind Failed.");
}
});
// And start unbinding the first set of keys.
let temp_dir2 = temp_dir.clone();
let handle2 = thread::spawn(move || {
let mut db =
new_test_db_with_gc(temp_dir2.path(), |_, _| Ok(())).expect("Failed to open database.");
for count in 0..actual_key_count {
if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {
return;
}
let key = KeyDescriptor {
domain: Domain::APP,
nspace: -1,
alias: Some(format!("test_alias_{}", count)),
blob: None,
};
db.unbind_key(&key, KeyType::Client, 1, |_, _| Ok(())).expect("Unbind Failed.");
}
});
// While a lot of inserting and deleting is going on we have to open database connections
// successfully and use them.
// This clone is not redundant, because temp_dir needs to be kept alive until db goes
// out of scope.
#[allow(clippy::redundant_clone)]
let temp_dir4 = temp_dir.clone();
let handle4 = thread::spawn(move || {
for count in 0..OPEN_DB_COUNT {
if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {
return;
}
let mut db = new_test_db_with_gc(temp_dir4.path(), |_, _| Ok(()))
.expect("Failed to open database.");
let alias = format!("test_alias_{}", count);
make_test_key_entry(&mut db, Domain::APP, 3, &alias, None)
.expect("Failed to make key entry.");
let key =
KeyDescriptor { domain: Domain::APP, nspace: -1, alias: Some(alias), blob: None };
db.unbind_key(&key, KeyType::Client, 3, |_, _| Ok(())).expect("Unbind Failed.");
}
});
handle1.join().expect("Thread 1 panicked.");
handle2.join().expect("Thread 2 panicked.");
handle4.join().expect("Thread 4 panicked.");
Ok(())
}
#[test]
fn list() -> Result<()> {
let temp_dir = TempDir::new("list_test")?;
let mut db = KeystoreDB::new(temp_dir.path(), None)?;
static LIST_O_ENTRIES: &[(Domain, i64, &str)] = &[
(Domain::APP, 1, "test1"),
(Domain::APP, 1, "test2"),
(Domain::APP, 1, "test3"),
(Domain::APP, 1, "test4"),
(Domain::APP, 1, "test5"),
(Domain::APP, 1, "test6"),
(Domain::APP, 1, "test7"),
(Domain::APP, 2, "test1"),
(Domain::APP, 2, "test2"),
(Domain::APP, 2, "test3"),
(Domain::APP, 2, "test4"),
(Domain::APP, 2, "test5"),
(Domain::APP, 2, "test6"),
(Domain::APP, 2, "test8"),
(Domain::SELINUX, 100, "test1"),
(Domain::SELINUX, 100, "test2"),
(Domain::SELINUX, 100, "test3"),
(Domain::SELINUX, 100, "test4"),
(Domain::SELINUX, 100, "test5"),
(Domain::SELINUX, 100, "test6"),
(Domain::SELINUX, 100, "test9"),
];
let list_o_keys: Vec<(i64, i64)> = LIST_O_ENTRIES
.iter()
.map(|(domain, ns, alias)| {
let entry =
make_test_key_entry(&mut db, *domain, *ns, alias, None).unwrap_or_else(|e| {
panic!("Failed to insert {:?} {} {}. Error {:?}", domain, ns, alias, e)
});
(entry.id(), *ns)
})
.collect();
for (domain, namespace) in
&[(Domain::APP, 1i64), (Domain::APP, 2i64), (Domain::SELINUX, 100i64)]
{
let mut list_o_descriptors: Vec<KeyDescriptor> = LIST_O_ENTRIES
.iter()
.filter_map(|(domain, ns, alias)| match ns {
ns if *ns == *namespace => Some(KeyDescriptor {
domain: *domain,
nspace: *ns,
alias: Some(alias.to_string()),
blob: None,
}),
_ => None,
})
.collect();
list_o_descriptors.sort();
let mut list_result = db.list_past_alias(*domain, *namespace, KeyType::Client, None)?;
list_result.sort();
assert_eq!(list_o_descriptors, list_result);
let mut list_o_ids: Vec<i64> = list_o_descriptors
.into_iter()
.map(|d| {
let (_, entry) = db
.load_key_entry(
&d,
KeyType::Client,
KeyEntryLoadBits::NONE,
*namespace as u32,
|_, _| Ok(()),
)
.unwrap();
entry.id()
})
.collect();
list_o_ids.sort_unstable();
let mut loaded_entries: Vec<i64> = list_o_keys
.iter()
.filter_map(|(id, ns)| match ns {
ns if *ns == *namespace => Some(*id),
_ => None,
})
.collect();
loaded_entries.sort_unstable();
assert_eq!(list_o_ids, loaded_entries);
}
assert_eq!(
Vec::<KeyDescriptor>::new(),
db.list_past_alias(Domain::SELINUX, 101, KeyType::Client, None)?
);
Ok(())
}
// Helpers
// Checks that the given result is an error containing the given string.
fn check_result_is_error_containing_string<T>(result: Result<T>, target: &str) {
let error_str =
format!("{:#?}", result.err().unwrap_or_else(|| panic!("Expected the error: {}", target)));
assert!(
error_str.contains(target),
"The string \"{}\" should contain \"{}\"",
error_str,
target
);
}
#[derive(Debug, PartialEq)]
struct KeyEntryRow {
id: i64,
key_type: KeyType,
domain: Option<Domain>,
namespace: Option<i64>,
alias: Option<String>,
state: KeyLifeCycle,
km_uuid: Option<Uuid>,
}
fn get_keyentry(db: &KeystoreDB) -> Result<Vec<KeyEntryRow>> {
db.conn
.prepare("SELECT * FROM persistent.keyentry;")?
.query_map([], |row| {
Ok(KeyEntryRow {
id: row.get(0)?,
key_type: row.get(1)?,
domain: row.get::<_, Option<_>>(2)?.map(Domain),
namespace: row.get(3)?,
alias: row.get(4)?,
state: row.get(5)?,
km_uuid: row.get(6)?,
})
})?
.map(|r| r.context("Could not read keyentry row."))
.collect::<Result<Vec<_>>>()
}
fn make_test_params(max_usage_count: Option<i32>) -> Vec<KeyParameter> {
make_test_params_with_sids(max_usage_count, &[42])
}
// Note: The parameters and SecurityLevel associations are nonsensical. This
// collection is only used to check if the parameters are preserved as expected by the
// database.
fn make_test_params_with_sids(
max_usage_count: Option<i32>,
user_secure_ids: &[i64],
) -> Vec<KeyParameter> {
let mut params = vec![
KeyParameter::new(KeyParameterValue::Invalid, SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(
KeyParameterValue::KeyPurpose(KeyPurpose::SIGN),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::KeyPurpose(KeyPurpose::DECRYPT),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::Algorithm(Algorithm::RSA),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::KeySize(1024), SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(
KeyParameterValue::BlockMode(BlockMode::ECB),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::BlockMode(BlockMode::GCM),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::Digest(Digest::NONE), SecurityLevel::STRONGBOX),
KeyParameter::new(
KeyParameterValue::Digest(Digest::MD5),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::Digest(Digest::SHA_2_224),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::Digest(Digest::SHA_2_256), SecurityLevel::STRONGBOX),
KeyParameter::new(
KeyParameterValue::PaddingMode(PaddingMode::NONE),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::PaddingMode(PaddingMode::RSA_OAEP),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::PaddingMode(PaddingMode::RSA_PSS),
SecurityLevel::STRONGBOX,
),
KeyParameter::new(
KeyParameterValue::PaddingMode(PaddingMode::RSA_PKCS1_1_5_SIGN),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::CallerNonce, SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(KeyParameterValue::MinMacLength(256), SecurityLevel::STRONGBOX),
KeyParameter::new(
KeyParameterValue::EcCurve(EcCurve::P_224),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::EcCurve(EcCurve::P_256), SecurityLevel::STRONGBOX),
KeyParameter::new(
KeyParameterValue::EcCurve(EcCurve::P_384),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::EcCurve(EcCurve::P_521),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::RSAPublicExponent(3),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::IncludeUniqueID, SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(KeyParameterValue::BootLoaderOnly, SecurityLevel::STRONGBOX),
KeyParameter::new(KeyParameterValue::RollbackResistance, SecurityLevel::STRONGBOX),
KeyParameter::new(KeyParameterValue::ActiveDateTime(1234567890), SecurityLevel::STRONGBOX),
KeyParameter::new(
KeyParameterValue::OriginationExpireDateTime(1234567890),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::UsageExpireDateTime(1234567890),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::MinSecondsBetweenOps(1234567890),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::MaxUsesPerBoot(1234567890),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::UserID(1), SecurityLevel::STRONGBOX),
KeyParameter::new(KeyParameterValue::NoAuthRequired, SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(
KeyParameterValue::HardwareAuthenticatorType(HardwareAuthenticatorType::PASSWORD),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::AuthTimeout(1234567890), SecurityLevel::SOFTWARE),
KeyParameter::new(KeyParameterValue::AllowWhileOnBody, SecurityLevel::SOFTWARE),
KeyParameter::new(
KeyParameterValue::TrustedUserPresenceRequired,
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::TrustedConfirmationRequired,
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::UnlockedDeviceRequired,
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::ApplicationID(vec![1u8, 2u8, 3u8, 4u8]),
SecurityLevel::SOFTWARE,
),
KeyParameter::new(
KeyParameterValue::ApplicationData(vec![4u8, 3u8, 2u8, 1u8]),
SecurityLevel::SOFTWARE,
),
KeyParameter::new(
KeyParameterValue::CreationDateTime(12345677890),
SecurityLevel::SOFTWARE,
),
KeyParameter::new(
KeyParameterValue::KeyOrigin(KeyOrigin::GENERATED),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::RootOfTrust(vec![3u8, 2u8, 1u8, 4u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::OSVersion(1), SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(KeyParameterValue::OSPatchLevel(2), SecurityLevel::SOFTWARE),
KeyParameter::new(
KeyParameterValue::UniqueID(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::SOFTWARE,
),
KeyParameter::new(
KeyParameterValue::AttestationChallenge(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationApplicationID(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdBrand(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdDevice(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdProduct(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdSerial(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdIMEI(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdSecondIMEI(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdMEID(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdManufacturer(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::AttestationIdModel(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::VendorPatchLevel(3),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::BootPatchLevel(4), SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(
KeyParameterValue::AssociatedData(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::Nonce(vec![4u8, 3u8, 1u8, 2u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(KeyParameterValue::MacLength(256), SecurityLevel::TRUSTED_ENVIRONMENT),
KeyParameter::new(
KeyParameterValue::ResetSinceIdRotation,
SecurityLevel::TRUSTED_ENVIRONMENT,
),
KeyParameter::new(
KeyParameterValue::ConfirmationToken(vec![5u8, 5u8, 5u8, 5u8]),
SecurityLevel::TRUSTED_ENVIRONMENT,
),
];
if let Some(value) = max_usage_count {
params.push(KeyParameter::new(
KeyParameterValue::UsageCountLimit(value),
SecurityLevel::SOFTWARE,
));
}
for sid in user_secure_ids.iter() {
params.push(KeyParameter::new(
KeyParameterValue::UserSecureID(*sid),
SecurityLevel::STRONGBOX,
));
}
params
}
pub fn make_test_key_entry(
db: &mut KeystoreDB,
domain: Domain,
namespace: i64,
alias: &str,
max_usage_count: Option<i32>,
) -> Result<KeyIdGuard> {
make_test_key_entry_with_sids(db, domain, namespace, alias, max_usage_count, &[42])
}
pub fn make_test_key_entry_with_sids(
db: &mut KeystoreDB,
domain: Domain,
namespace: i64,
alias: &str,
max_usage_count: Option<i32>,
sids: &[i64],
) -> Result<KeyIdGuard> {
let key_id = create_key_entry(db, &domain, &namespace, KeyType::Client, &KEYSTORE_UUID)?;
let mut blob_metadata = BlobMetaData::new();
blob_metadata.add(BlobMetaEntry::EncryptedBy(EncryptedBy::Password));
blob_metadata.add(BlobMetaEntry::Salt(vec![1, 2, 3]));
blob_metadata.add(BlobMetaEntry::Iv(vec![2, 3, 1]));
blob_metadata.add(BlobMetaEntry::AeadTag(vec![3, 1, 2]));
blob_metadata.add(BlobMetaEntry::KmUuid(KEYSTORE_UUID));
db.set_blob(&key_id, SubComponentType::KEY_BLOB, Some(TEST_KEY_BLOB), Some(&blob_metadata))?;
db.set_blob(&key_id, SubComponentType::CERT, Some(TEST_CERT_BLOB), None)?;
db.set_blob(&key_id, SubComponentType::CERT_CHAIN, Some(TEST_CERT_CHAIN_BLOB), None)?;
let params = make_test_params_with_sids(max_usage_count, sids);
db.insert_keyparameter(&key_id, &params)?;
let mut metadata = KeyMetaData::new();
metadata.add(KeyMetaEntry::CreationDate(DateTime::from_millis_epoch(123456789)));
db.insert_key_metadata(&key_id, &metadata)?;
rebind_alias(db, &key_id, alias, domain, namespace)?;
Ok(key_id)
}
fn make_test_key_entry_test_vector(key_id: i64, max_usage_count: Option<i32>) -> KeyEntry {
let params = make_test_params(max_usage_count);
let mut blob_metadata = BlobMetaData::new();
blob_metadata.add(BlobMetaEntry::EncryptedBy(EncryptedBy::Password));
blob_metadata.add(BlobMetaEntry::Salt(vec![1, 2, 3]));
blob_metadata.add(BlobMetaEntry::Iv(vec![2, 3, 1]));
blob_metadata.add(BlobMetaEntry::AeadTag(vec![3, 1, 2]));
blob_metadata.add(BlobMetaEntry::KmUuid(KEYSTORE_UUID));
let mut metadata = KeyMetaData::new();
metadata.add(KeyMetaEntry::CreationDate(DateTime::from_millis_epoch(123456789)));
KeyEntry {
id: key_id,
key_blob_info: Some((TEST_KEY_BLOB.to_vec(), blob_metadata)),
cert: Some(TEST_CERT_BLOB.to_vec()),
cert_chain: Some(TEST_CERT_CHAIN_BLOB.to_vec()),
km_uuid: KEYSTORE_UUID,
parameters: params,
metadata,
pure_cert: false,
}
}
pub fn make_bootlevel_key_entry(
db: &mut KeystoreDB,
domain: Domain,
namespace: i64,
alias: &str,
logical_only: bool,
) -> Result<KeyIdGuard> {
let key_id = create_key_entry(db, &domain, &namespace, KeyType::Client, &KEYSTORE_UUID)?;
let mut blob_metadata = BlobMetaData::new();
if !logical_only {
blob_metadata.add(BlobMetaEntry::MaxBootLevel(3));
}
blob_metadata.add(BlobMetaEntry::KmUuid(KEYSTORE_UUID));
db.set_blob(&key_id, SubComponentType::KEY_BLOB, Some(TEST_KEY_BLOB), Some(&blob_metadata))?;
db.set_blob(&key_id, SubComponentType::CERT, Some(TEST_CERT_BLOB), None)?;
db.set_blob(&key_id, SubComponentType::CERT_CHAIN, Some(TEST_CERT_CHAIN_BLOB), None)?;
let mut params = make_test_params(None);
params.push(KeyParameter::new(KeyParameterValue::MaxBootLevel(3), SecurityLevel::KEYSTORE));
db.insert_keyparameter(&key_id, &params)?;
let mut metadata = KeyMetaData::new();
metadata.add(KeyMetaEntry::CreationDate(DateTime::from_millis_epoch(123456789)));
db.insert_key_metadata(&key_id, &metadata)?;
rebind_alias(db, &key_id, alias, domain, namespace)?;
Ok(key_id)
}
// Creates an app key that is marked as being superencrypted by the given
// super key ID and that has the given authentication and unlocked device
// parameters. This does not actually superencrypt the key blob.
fn make_superencrypted_key_entry(
db: &mut KeystoreDB,
namespace: i64,
alias: &str,
requires_authentication: bool,
requires_unlocked_device: bool,
super_key_id: i64,
) -> Result<KeyIdGuard> {
let domain = Domain::APP;
let key_id = create_key_entry(db, &domain, &namespace, KeyType::Client, &KEYSTORE_UUID)?;
let mut blob_metadata = BlobMetaData::new();
blob_metadata.add(BlobMetaEntry::KmUuid(KEYSTORE_UUID));
blob_metadata.add(BlobMetaEntry::EncryptedBy(EncryptedBy::KeyId(super_key_id)));
db.set_blob(&key_id, SubComponentType::KEY_BLOB, Some(TEST_KEY_BLOB), Some(&blob_metadata))?;
let mut params = vec![];
if requires_unlocked_device {
params.push(KeyParameter::new(
KeyParameterValue::UnlockedDeviceRequired,
SecurityLevel::TRUSTED_ENVIRONMENT,
));
}
if requires_authentication {
params.push(KeyParameter::new(
KeyParameterValue::UserSecureID(42),
SecurityLevel::TRUSTED_ENVIRONMENT,
));
}
db.insert_keyparameter(&key_id, &params)?;
let mut metadata = KeyMetaData::new();
metadata.add(KeyMetaEntry::CreationDate(DateTime::from_millis_epoch(123456789)));
db.insert_key_metadata(&key_id, &metadata)?;
rebind_alias(db, &key_id, alias, domain, namespace)?;
Ok(key_id)
}
fn make_bootlevel_test_key_entry_test_vector(key_id: i64, logical_only: bool) -> KeyEntry {
let mut params = make_test_params(None);
params.push(KeyParameter::new(KeyParameterValue::MaxBootLevel(3), SecurityLevel::KEYSTORE));
let mut blob_metadata = BlobMetaData::new();
if !logical_only {
blob_metadata.add(BlobMetaEntry::MaxBootLevel(3));
}
blob_metadata.add(BlobMetaEntry::KmUuid(KEYSTORE_UUID));
let mut metadata = KeyMetaData::new();
metadata.add(KeyMetaEntry::CreationDate(DateTime::from_millis_epoch(123456789)));
KeyEntry {
id: key_id,
key_blob_info: Some((TEST_KEY_BLOB.to_vec(), blob_metadata)),
cert: Some(TEST_CERT_BLOB.to_vec()),
cert_chain: Some(TEST_CERT_CHAIN_BLOB.to_vec()),
km_uuid: KEYSTORE_UUID,
parameters: params,
metadata,
pure_cert: false,
}
}
fn debug_dump_keyentry_table(db: &mut KeystoreDB) -> Result<()> {
let mut stmt = db.conn.prepare(
"SELECT id, key_type, domain, namespace, alias, state, km_uuid FROM persistent.keyentry;",
)?;
let rows =
stmt.query_map::<(i64, KeyType, i32, i64, String, KeyLifeCycle, Uuid), _, _>([], |row| {
Ok((
row.get(0)?,
row.get(1)?,
row.get(2)?,
row.get(3)?,
row.get(4)?,
row.get(5)?,
row.get(6)?,
))
})?;
println!("Key entry table rows:");
for r in rows {
let (id, key_type, domain, namespace, alias, state, km_uuid) = r.unwrap();
println!(
" id: {} KeyType: {:?} Domain: {} Namespace: {} Alias: {} State: {:?} KmUuid: {:?}",
id, key_type, domain, namespace, alias, state, km_uuid
);
}
Ok(())
}
fn debug_dump_grant_table(db: &mut KeystoreDB) -> Result<()> {
let mut stmt =
db.conn.prepare("SELECT id, grantee, keyentryid, access_vector FROM persistent.grant;")?;
let rows = stmt.query_map::<(i64, i64, i64, i64), _, _>([], |row| {
Ok((row.get(0)?, row.get(1)?, row.get(2)?, row.get(3)?))
})?;
println!("Grant table rows:");
for r in rows {
let (id, gt, ki, av) = r.unwrap();
println!(" id: {} grantee: {} key_id: {} access_vector: {}", id, gt, ki, av);
}
Ok(())
}
// Use a custom random number generator that repeats each number once.
// This allows us to test repeated elements.
thread_local! {
static RANDOM_COUNTER: RefCell<i64> = const { RefCell::new(0) };
}
fn reset_random() {
RANDOM_COUNTER.with(|counter| {
*counter.borrow_mut() = 0;
})
}
pub fn random() -> i64 {
RANDOM_COUNTER.with(|counter| {
let result = *counter.borrow() / 2;
*counter.borrow_mut() += 1;
result
})
}
#[test]
fn test_unbind_keys_for_user() -> Result<()> {
let mut db = new_test_db()?;
db.unbind_keys_for_user(1)?;
make_test_key_entry(&mut db, Domain::APP, 210000, TEST_ALIAS, None)?;
make_test_key_entry(&mut db, Domain::APP, 110000, TEST_ALIAS, None)?;
db.unbind_keys_for_user(2)?;
assert_eq!(1, db.list_past_alias(Domain::APP, 110000, KeyType::Client, None)?.len());
assert_eq!(0, db.list_past_alias(Domain::APP, 210000, KeyType::Client, None)?.len());
db.unbind_keys_for_user(1)?;
assert_eq!(0, db.list_past_alias(Domain::APP, 110000, KeyType::Client, None)?.len());
Ok(())
}
#[test]
fn test_unbind_keys_for_user_removes_superkeys() -> Result<()> {
let mut db = new_test_db()?;
let super_key = keystore2_crypto::generate_aes256_key()?;
let pw: keystore2_crypto::Password = (&b"xyzabc"[..]).into();
let (encrypted_super_key, metadata) = SuperKeyManager::encrypt_with_password(&super_key, &pw)?;
let key_name_enc = SuperKeyType {
alias: "test_super_key_1",
algorithm: SuperEncryptionAlgorithm::Aes256Gcm,
name: "test_super_key_1",
};
let key_name_nonenc = SuperKeyType {
alias: "test_super_key_2",
algorithm: SuperEncryptionAlgorithm::Aes256Gcm,
name: "test_super_key_2",
};
// Install two super keys.
db.store_super_key(1, &key_name_nonenc, &super_key, &BlobMetaData::new(), &KeyMetaData::new())?;
db.store_super_key(1, &key_name_enc, &encrypted_super_key, &metadata, &KeyMetaData::new())?;
// Check that both can be found in the database.
assert!(db.load_super_key(&key_name_enc, 1)?.is_some());
assert!(db.load_super_key(&key_name_nonenc, 1)?.is_some());
// Install the same keys for a different user.
db.store_super_key(2, &key_name_nonenc, &super_key, &BlobMetaData::new(), &KeyMetaData::new())?;
db.store_super_key(2, &key_name_enc, &encrypted_super_key, &metadata, &KeyMetaData::new())?;
// Check that the second pair of keys can be found in the database.
assert!(db.load_super_key(&key_name_enc, 2)?.is_some());
assert!(db.load_super_key(&key_name_nonenc, 2)?.is_some());
// Delete all keys for user 1.
db.unbind_keys_for_user(1)?;
// All of user 1's keys should be gone.
assert!(db.load_super_key(&key_name_enc, 1)?.is_none());
assert!(db.load_super_key(&key_name_nonenc, 1)?.is_none());
// User 2's keys should not have been touched.
assert!(db.load_super_key(&key_name_enc, 2)?.is_some());
assert!(db.load_super_key(&key_name_nonenc, 2)?.is_some());
Ok(())
}
fn app_key_exists(db: &mut KeystoreDB, nspace: i64, alias: &str) -> Result<bool> {
db.key_exists(Domain::APP, nspace, alias, KeyType::Client)
}
// Tests the unbind_auth_bound_keys_for_user() function.
#[test]
fn test_unbind_auth_bound_keys_for_user() -> Result<()> {
let mut db = new_test_db()?;
let user_id = 1;
let nspace: i64 = (user_id * AID_USER_OFFSET).into();
let other_user_id = 2;
let other_user_nspace: i64 = (other_user_id * AID_USER_OFFSET).into();
let super_key_type = &USER_AFTER_FIRST_UNLOCK_SUPER_KEY;
// Create a superencryption key.
let super_key = keystore2_crypto::generate_aes256_key()?;
let pw: keystore2_crypto::Password = (&b"xyzabc"[..]).into();
let (encrypted_super_key, blob_metadata) =
SuperKeyManager::encrypt_with_password(&super_key, &pw)?;
db.store_super_key(
user_id,
super_key_type,
&encrypted_super_key,
&blob_metadata,
&KeyMetaData::new(),
)?;
let super_key_id = db.load_super_key(super_key_type, user_id)?.unwrap().0 .0;
// Store 4 superencrypted app keys, one for each possible combination of
// (authentication required, unlocked device required).
make_superencrypted_key_entry(&mut db, nspace, "noauth_noud", false, false, super_key_id)?;
make_superencrypted_key_entry(&mut db, nspace, "noauth_ud", false, true, super_key_id)?;
make_superencrypted_key_entry(&mut db, nspace, "auth_noud", true, false, super_key_id)?;
make_superencrypted_key_entry(&mut db, nspace, "auth_ud", true, true, super_key_id)?;
assert!(app_key_exists(&mut db, nspace, "noauth_noud")?);
assert!(app_key_exists(&mut db, nspace, "noauth_ud")?);
assert!(app_key_exists(&mut db, nspace, "auth_noud")?);
assert!(app_key_exists(&mut db, nspace, "auth_ud")?);
// Also store a key for a different user that requires authentication.
make_superencrypted_key_entry(&mut db, other_user_nspace, "auth_ud", true, true, super_key_id)?;
db.unbind_auth_bound_keys_for_user(user_id)?;
// Verify that only the user's app keys that require authentication were
// deleted. Keys that require an unlocked device but not authentication
// should *not* have been deleted, nor should the super key have been
// deleted, nor should other users' keys have been deleted.
assert!(db.load_super_key(super_key_type, user_id)?.is_some());
assert!(app_key_exists(&mut db, nspace, "noauth_noud")?);
assert!(app_key_exists(&mut db, nspace, "noauth_ud")?);
assert!(!app_key_exists(&mut db, nspace, "auth_noud")?);
assert!(!app_key_exists(&mut db, nspace, "auth_ud")?);
assert!(app_key_exists(&mut db, other_user_nspace, "auth_ud")?);
Ok(())
}
#[test]
fn test_store_super_key() -> Result<()> {
let mut db = new_test_db()?;
let pw: keystore2_crypto::Password = (&b"xyzabc"[..]).into();
let super_key = keystore2_crypto::generate_aes256_key()?;
let secret_bytes = b"keystore2 is great.";
let (encrypted_secret, iv, tag) = keystore2_crypto::aes_gcm_encrypt(secret_bytes, &super_key)?;
let (encrypted_super_key, metadata) = SuperKeyManager::encrypt_with_password(&super_key, &pw)?;
db.store_super_key(
1,
&USER_AFTER_FIRST_UNLOCK_SUPER_KEY,
&encrypted_super_key,
&metadata,
&KeyMetaData::new(),
)?;
// Check if super key exists.
assert!(db.key_exists(
Domain::APP,
1,
USER_AFTER_FIRST_UNLOCK_SUPER_KEY.alias,
KeyType::Super
)?);
let (_, key_entry) = db.load_super_key(&USER_AFTER_FIRST_UNLOCK_SUPER_KEY, 1)?.unwrap();
let loaded_super_key = SuperKeyManager::extract_super_key_from_key_entry(
USER_AFTER_FIRST_UNLOCK_SUPER_KEY.algorithm,
key_entry,
&pw,
None,
)?;
let decrypted_secret_bytes = loaded_super_key.decrypt(&encrypted_secret, &iv, &tag)?;
assert_eq!(secret_bytes, &*decrypted_secret_bytes);
Ok(())
}
fn get_valid_statsd_storage_types() -> Vec<MetricsStorage> {
vec![
MetricsStorage::KEY_ENTRY,
MetricsStorage::KEY_ENTRY_ID_INDEX,
MetricsStorage::KEY_ENTRY_DOMAIN_NAMESPACE_INDEX,
MetricsStorage::BLOB_ENTRY,
MetricsStorage::BLOB_ENTRY_KEY_ENTRY_ID_INDEX,
MetricsStorage::KEY_PARAMETER,
MetricsStorage::KEY_PARAMETER_KEY_ENTRY_ID_INDEX,
MetricsStorage::KEY_METADATA,
MetricsStorage::KEY_METADATA_KEY_ENTRY_ID_INDEX,
MetricsStorage::GRANT,
MetricsStorage::AUTH_TOKEN,
MetricsStorage::BLOB_METADATA,
MetricsStorage::BLOB_METADATA_BLOB_ENTRY_ID_INDEX,
]
}
/// Perform a simple check to ensure that we can query all the storage types
/// that are supported by the DB. Check for reasonable values.
#[test]
fn test_query_all_valid_table_sizes() -> Result<()> {
const PAGE_SIZE: i32 = 4096;
let mut db = new_test_db()?;
for t in get_valid_statsd_storage_types() {
let stat = db.get_storage_stat(t)?;
// AuthToken can be less than a page since it's in a btree, not sqlite
// TODO(b/187474736) stop using if-let here
if let MetricsStorage::AUTH_TOKEN = t {
} else {
assert!(stat.size >= PAGE_SIZE);
}
assert!(stat.size >= stat.unused_size);
}
Ok(())
}
fn get_storage_stats_map(db: &mut KeystoreDB) -> BTreeMap<i32, StorageStats> {
get_valid_statsd_storage_types()
.into_iter()
.map(|t| (t.0, db.get_storage_stat(t).unwrap()))
.collect()
}
fn assert_storage_increased(
db: &mut KeystoreDB,
increased_storage_types: Vec<MetricsStorage>,
baseline: &mut BTreeMap<i32, StorageStats>,
) {
for storage in increased_storage_types {
// Verify the expected storage increased.
let new = db.get_storage_stat(storage).unwrap();
let old = &baseline[&storage.0];
assert!(new.size >= old.size, "{}: {} >= {}", storage.0, new.size, old.size);
assert!(
new.unused_size <= old.unused_size,
"{}: {} <= {}",
storage.0,
new.unused_size,
old.unused_size
);
// Update the baseline with the new value so that it succeeds in the
// later comparison.
baseline.insert(storage.0, new);
}
// Get an updated map of the storage and verify there were no unexpected changes.
let updated_stats = get_storage_stats_map(db);
assert_eq!(updated_stats.len(), baseline.len());
for &k in baseline.keys() {
let stringify = |map: &BTreeMap<i32, StorageStats>| -> String {
let mut s = String::new();
for &k in map.keys() {
writeln!(&mut s, " {}: {}, {}", &k, map[&k].size, map[&k].unused_size)
.expect("string concat failed");
}
s
};
assert!(
updated_stats[&k].size == baseline[&k].size
&& updated_stats[&k].unused_size == baseline[&k].unused_size,
"updated_stats:\n{}\nbaseline:\n{}",
stringify(&updated_stats),
stringify(baseline)
);
}
}
#[test]
fn test_verify_key_table_size_reporting() -> Result<()> {
let mut db = new_test_db()?;
let mut working_stats = get_storage_stats_map(&mut db);
let key_id = create_key_entry(&mut db, &Domain::APP, &42, KeyType::Client, &KEYSTORE_UUID)?;
assert_storage_increased(
&mut db,
vec![
MetricsStorage::KEY_ENTRY,
MetricsStorage::KEY_ENTRY_ID_INDEX,
MetricsStorage::KEY_ENTRY_DOMAIN_NAMESPACE_INDEX,
],
&mut working_stats,
);
let mut blob_metadata = BlobMetaData::new();
blob_metadata.add(BlobMetaEntry::EncryptedBy(EncryptedBy::Password));
db.set_blob(&key_id, SubComponentType::KEY_BLOB, Some(TEST_KEY_BLOB), None)?;
assert_storage_increased(
&mut db,
vec![
MetricsStorage::BLOB_ENTRY,
MetricsStorage::BLOB_ENTRY_KEY_ENTRY_ID_INDEX,
MetricsStorage::BLOB_METADATA,
MetricsStorage::BLOB_METADATA_BLOB_ENTRY_ID_INDEX,
],
&mut working_stats,
);
let params = make_test_params(None);
db.insert_keyparameter(&key_id, &params)?;
assert_storage_increased(
&mut db,
vec![MetricsStorage::KEY_PARAMETER, MetricsStorage::KEY_PARAMETER_KEY_ENTRY_ID_INDEX],
&mut working_stats,
);
let mut metadata = KeyMetaData::new();
metadata.add(KeyMetaEntry::CreationDate(DateTime::from_millis_epoch(123456789)));
db.insert_key_metadata(&key_id, &metadata)?;
assert_storage_increased(
&mut db,
vec![MetricsStorage::KEY_METADATA, MetricsStorage::KEY_METADATA_KEY_ENTRY_ID_INDEX],
&mut working_stats,
);
let mut sum = 0;
for stat in working_stats.values() {
sum += stat.size;
}
let total = db.get_storage_stat(MetricsStorage::DATABASE)?.size;
assert!(sum <= total, "Expected sum <= total. sum: {}, total: {}", sum, total);
Ok(())
}
#[test]
fn test_verify_auth_table_size_reporting() -> Result<()> {
let mut db = new_test_db()?;
let mut working_stats = get_storage_stats_map(&mut db);
db.insert_auth_token(&HardwareAuthToken {
challenge: 123,
userId: 456,
authenticatorId: 789,
authenticatorType: kmhw_authenticator_type::ANY,
timestamp: Timestamp { milliSeconds: 10 },
mac: b"mac".to_vec(),
});
assert_storage_increased(&mut db, vec![MetricsStorage::AUTH_TOKEN], &mut working_stats);
Ok(())
}
#[test]
fn test_verify_grant_table_size_reporting() -> Result<()> {
const OWNER: i64 = 1;
let mut db = new_test_db()?;
make_test_key_entry(&mut db, Domain::APP, OWNER, TEST_ALIAS, None)?;
let mut working_stats = get_storage_stats_map(&mut db);
db.grant(
&KeyDescriptor {
domain: Domain::APP,
nspace: 0,
alias: Some(TEST_ALIAS.to_string()),
blob: None,
},
OWNER as u32,
123,
key_perm_set![KeyPerm::Use],
|_, _| Ok(()),
)?;
assert_storage_increased(&mut db, vec![MetricsStorage::GRANT], &mut working_stats);
Ok(())
}
#[test]
fn find_auth_token_entry_returns_latest() -> Result<()> {
let mut db = new_test_db()?;
db.insert_auth_token(&HardwareAuthToken {
challenge: 123,
userId: 456,
authenticatorId: 789,
authenticatorType: kmhw_authenticator_type::ANY,
timestamp: Timestamp { milliSeconds: 10 },
mac: b"mac0".to_vec(),
});
std::thread::sleep(std::time::Duration::from_millis(1));
db.insert_auth_token(&HardwareAuthToken {
challenge: 123,
userId: 457,
authenticatorId: 789,
authenticatorType: kmhw_authenticator_type::ANY,
timestamp: Timestamp { milliSeconds: 12 },
mac: b"mac1".to_vec(),
});
std::thread::sleep(std::time::Duration::from_millis(1));
db.insert_auth_token(&HardwareAuthToken {
challenge: 123,
userId: 458,
authenticatorId: 789,
authenticatorType: kmhw_authenticator_type::ANY,
timestamp: Timestamp { milliSeconds: 3 },
mac: b"mac2".to_vec(),
});
// All three entries are in the database
assert_eq!(db.perboot.auth_tokens_len(), 3);
// It selected the most recent timestamp
assert_eq!(db.find_auth_token_entry(|_| true).unwrap().auth_token.mac, b"mac2".to_vec());
Ok(())
}
fn blob_count(db: &mut KeystoreDB, sc_type: SubComponentType) -> usize {
db.with_transaction(TransactionBehavior::Deferred, |tx| {
tx.query_row(
"SELECT COUNT(*) FROM persistent.blobentry
WHERE subcomponent_type = ?;",
params![sc_type],
|row| row.get(0),
)
.context(ks_err!("Failed to count number of {sc_type:?} blobs"))
.no_gc()
})
.unwrap()
}
fn blob_count_in_state(db: &mut KeystoreDB, sc_type: SubComponentType, state: BlobState) -> usize {
db.with_transaction(TransactionBehavior::Deferred, |tx| {
tx.query_row(
"SELECT COUNT(*) FROM persistent.blobentry
WHERE subcomponent_type = ? AND state = ?;",
params![sc_type, state],
|row| row.get(0),
)
.context(ks_err!("Failed to count number of {sc_type:?} blobs"))
.no_gc()
})
.unwrap()
}
#[test]
fn test_blobentry_gc() -> Result<()> {
let mut db = new_test_db()?;
let _key_id1 = make_test_key_entry(&mut db, Domain::APP, 1, "key1", None)?.0;
let key_guard2 = make_test_key_entry(&mut db, Domain::APP, 2, "key2", None)?;
let key_guard3 = make_test_key_entry(&mut db, Domain::APP, 3, "key3", None)?;
let key_id4 = make_test_key_entry(&mut db, Domain::APP, 4, "key4", None)?.0;
let key_id5 = make_test_key_entry(&mut db, Domain::APP, 5, "key5", None)?.0;
assert_eq!(5, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(5, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT_CHAIN));
// Replace the keyblobs for keys 2 and 3. The previous blobs will still exist.
db.set_blob(&key_guard2, SubComponentType::KEY_BLOB, Some(&[1, 2, 3]), None)?;
db.set_blob(&key_guard3, SubComponentType::KEY_BLOB, Some(&[1, 2, 3]), None)?;
assert_eq!(7, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(5, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT_CHAIN));
// Delete keys 4 and 5. The keyblobs aren't removed yet.
db.with_transaction(Immediate("TX_delete_test_keys"), |tx| {
KeystoreDB::mark_unreferenced(tx, key_id4)?;
KeystoreDB::mark_unreferenced(tx, key_id5)?;
Ok(()).no_gc()
})
.unwrap();
assert_eq!(7, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(3, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT_CHAIN));
// First garbage collection should return all 4 blobentry rows that are no longer current for
// their key.
let superseded = db.handle_next_superseded_blobs(&[], 20).unwrap();
let superseded_ids: Vec<i64> = superseded.iter().map(|v| v.blob_id).collect();
assert_eq!(4, superseded.len());
assert_eq!(7, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(3, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT_CHAIN));
// Feed the superseded blob IDs back in, to trigger removal of the old KEY_BLOB entries. As no
// new superseded KEY_BLOBs are found, the unreferenced CERT/CERT_CHAIN blobs are removed.
let superseded = db.handle_next_superseded_blobs(&superseded_ids, 20).unwrap();
let superseded_ids: Vec<i64> = superseded.iter().map(|v| v.blob_id).collect();
assert_eq!(0, superseded.len());
assert_eq!(3, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(3, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(3, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(3, blob_count(&mut db, SubComponentType::CERT_CHAIN));
// Nothing left to garbage collect.
let superseded = db.handle_next_superseded_blobs(&superseded_ids, 20).unwrap();
assert_eq!(0, superseded.len());
assert_eq!(3, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(3, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(0, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(3, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(3, blob_count(&mut db, SubComponentType::CERT_CHAIN));
Ok(())
}
#[test]
fn test_upgrade_1_to_2() -> Result<()> {
let mut db = new_test_db()?;
let _key_id1 = make_test_key_entry(&mut db, Domain::APP, 1, "key1", None)?.0;
let key_guard2 = make_test_key_entry(&mut db, Domain::APP, 2, "key2", None)?;
let key_guard3 = make_test_key_entry(&mut db, Domain::APP, 3, "key3", None)?;
let key_id4 = make_test_key_entry(&mut db, Domain::APP, 4, "key4", None)?.0;
let key_id5 = make_test_key_entry(&mut db, Domain::APP, 5, "key5", None)?.0;
// Replace the keyblobs for keys 2 and 3. The previous blobs will still exist.
db.set_blob(&key_guard2, SubComponentType::KEY_BLOB, Some(&[1, 2, 3]), None)?;
db.set_blob(&key_guard3, SubComponentType::KEY_BLOB, Some(&[1, 2, 3]), None)?;
// Delete keys 4 and 5. The keyblobs aren't removed yet.
db.with_transaction(Immediate("TX_delete_test_keys"), |tx| {
KeystoreDB::mark_unreferenced(tx, key_id4)?;
KeystoreDB::mark_unreferenced(tx, key_id5)?;
Ok(()).no_gc()
})
.unwrap();
assert_eq!(7, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT_CHAIN));
// Manually downgrade the database to the v1 schema.
db.with_transaction(Immediate("TX_downgrade_2_to_1"), |tx| {
tx.execute("DROP INDEX persistent.keyentry_state_index;", params!())?;
tx.execute("DROP INDEX persistent.blobentry_state_index;", params!())?;
tx.execute("ALTER TABLE persistent.blobentry DROP COLUMN state;", params!())?;
Ok(()).no_gc()
})?;
// Run the upgrade process.
let version = db.with_transaction(Immediate("TX_upgrade_1_to_2"), |tx| {
KeystoreDB::from_1_to_2(tx).no_gc()
})?;
assert_eq!(version, 2);
// Check blobs have acquired the right `state` values.
assert_eq!(7, blob_count(&mut db, SubComponentType::KEY_BLOB));
assert_eq!(3, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Current));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Superseded));
assert_eq!(2, blob_count_in_state(&mut db, SubComponentType::KEY_BLOB, BlobState::Orphaned));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT));
assert_eq!(5, blob_count(&mut db, SubComponentType::CERT_CHAIN));
Ok(())
}
#[test]
fn test_load_key_descriptor() -> Result<()> {
let mut db = new_test_db()?;
let key_id = make_test_key_entry(&mut db, Domain::APP, 1, TEST_ALIAS, None)?.0;
let key = db.load_key_descriptor(key_id)?.unwrap();
assert_eq!(key.domain, Domain::APP);
assert_eq!(key.nspace, 1);
assert_eq!(key.alias, Some(TEST_ALIAS.to_string()));
// No such id
assert_eq!(db.load_key_descriptor(key_id + 1)?, None);
Ok(())
}
#[test]
fn test_get_list_app_uids_for_sid() -> Result<()> {
let uid: i32 = 1;
let uid_offset: i64 = (uid as i64) * (AID_USER_OFFSET as i64);
let first_sid = 667;
let second_sid = 669;
let first_app_id: i64 = 123 + uid_offset;
let second_app_id: i64 = 456 + uid_offset;
let third_app_id: i64 = 789 + uid_offset;
let unrelated_app_id: i64 = 1011 + uid_offset;
let mut db = new_test_db()?;
make_test_key_entry_with_sids(
&mut db,
Domain::APP,
first_app_id,
TEST_ALIAS,
None,
&[first_sid],
)
.context("test_get_list_app_uids_for_sid")?;
make_test_key_entry_with_sids(
&mut db,
Domain::APP,
second_app_id,
"alias2",
None,
&[first_sid],
)
.context("test_get_list_app_uids_for_sid")?;
make_test_key_entry_with_sids(
&mut db,
Domain::APP,
second_app_id,
TEST_ALIAS,
None,
&[second_sid],
)
.context("test_get_list_app_uids_for_sid")?;
make_test_key_entry_with_sids(
&mut db,
Domain::APP,
third_app_id,
"alias3",
None,
&[second_sid],
)
.context("test_get_list_app_uids_for_sid")?;
make_test_key_entry_with_sids(&mut db, Domain::APP, unrelated_app_id, TEST_ALIAS, None, &[])
.context("test_get_list_app_uids_for_sid")?;
let mut first_sid_apps = db.get_app_uids_affected_by_sid(uid, first_sid)?;
first_sid_apps.sort();
assert_eq!(first_sid_apps, vec![first_app_id, second_app_id]);
let mut second_sid_apps = db.get_app_uids_affected_by_sid(uid, second_sid)?;
second_sid_apps.sort();
assert_eq!(second_sid_apps, vec![second_app_id, third_app_id]);
Ok(())
}
#[test]
fn test_get_list_app_uids_with_multiple_sids() -> Result<()> {
let uid: i32 = 1;
let uid_offset: i64 = (uid as i64) * (AID_USER_OFFSET as i64);
let first_sid = 667;
let second_sid = 669;
let third_sid = 772;
let first_app_id: i64 = 123 + uid_offset;
let second_app_id: i64 = 456 + uid_offset;
let mut db = new_test_db()?;
make_test_key_entry_with_sids(
&mut db,
Domain::APP,
first_app_id,
TEST_ALIAS,
None,
&[first_sid, second_sid],
)
.context("test_get_list_app_uids_for_sid")?;
make_test_key_entry_with_sids(
&mut db,
Domain::APP,
second_app_id,
"alias2",
None,
&[second_sid, third_sid],
)
.context("test_get_list_app_uids_for_sid")?;
let first_sid_apps = db.get_app_uids_affected_by_sid(uid, first_sid)?;
assert_eq!(first_sid_apps, vec![first_app_id]);
let mut second_sid_apps = db.get_app_uids_affected_by_sid(uid, second_sid)?;
second_sid_apps.sort();
assert_eq!(second_sid_apps, vec![first_app_id, second_app_id]);
let third_sid_apps = db.get_app_uids_affected_by_sid(uid, third_sid)?;
assert_eq!(third_sid_apps, vec![second_app_id]);
Ok(())
}
// Starting from `next_keyid`, add keys to the database until the count reaches
// `key_count`. (`next_keyid` is assumed to indicate how many rows already exist.)
fn db_populate_keys(db: &mut KeystoreDB, next_keyid: usize, key_count: usize) {
db.with_transaction(Immediate("test_keyentry"), |tx| {
for next_keyid in next_keyid..key_count {
tx.execute(
"INSERT into persistent.keyentry
(id, key_type, domain, namespace, alias, state, km_uuid)
VALUES(?, ?, ?, ?, ?, ?, ?);",
params![
next_keyid,
KeyType::Client,
Domain::APP.0 as u32,
10001,
&format!("alias-{next_keyid}"),
KeyLifeCycle::Live,
KEYSTORE_UUID,
],
)?;
tx.execute(
"INSERT INTO persistent.blobentry
(subcomponent_type, keyentryid, blob) VALUES (?, ?, ?);",
params![SubComponentType::KEY_BLOB, next_keyid, TEST_KEY_BLOB],
)?;
tx.execute(
"INSERT INTO persistent.blobentry
(subcomponent_type, keyentryid, blob) VALUES (?, ?, ?);",
params![SubComponentType::CERT, next_keyid, TEST_CERT_BLOB],
)?;
tx.execute(
"INSERT INTO persistent.blobentry
(subcomponent_type, keyentryid, blob) VALUES (?, ?, ?);",
params![SubComponentType::CERT_CHAIN, next_keyid, TEST_CERT_CHAIN_BLOB],
)?;
}
Ok(()).no_gc()
})
.unwrap()
}
/// Run the provided `test_fn` against the database at various increasing stages of
/// database population.
fn run_with_many_keys<F, T>(max_count: usize, test_fn: F) -> Result<()>
where
F: Fn(&mut KeystoreDB) -> T,
{
prep_and_run_with_many_keys(max_count, |_db| (), test_fn)
}
/// Run the provided `test_fn` against the database at various increasing stages of
/// database population.
fn prep_and_run_with_many_keys<F, T, P>(max_count: usize, prep_fn: P, test_fn: F) -> Result<()>
where
F: Fn(&mut KeystoreDB) -> T,
P: Fn(&mut KeystoreDB),
{
android_logger::init_once(
android_logger::Config::default()
.with_tag("keystore2_test")
.with_max_level(log::LevelFilter::Debug),
);
// Put the test database on disk for a more realistic result.
let db_root = tempfile::Builder::new().prefix("ks2db-test-").tempdir().unwrap();
let mut db_path = db_root.path().to_owned();
db_path.push("ks2-test.sqlite");
let mut db = new_test_db_at(&db_path.to_string_lossy())?;
println!("\nNumber_of_keys,time_in_s");
let mut key_count = 10;
let mut next_keyid = 0;
while key_count < max_count {
db_populate_keys(&mut db, next_keyid, key_count);
assert_eq!(db_key_count(&mut db), key_count);
// Perform any test-specific preparation
prep_fn(&mut db);
// Time execution of the test function.
let start = std::time::Instant::now();
let _result = test_fn(&mut db);
println!("{key_count}, {}", start.elapsed().as_secs_f64());
next_keyid = key_count;
key_count *= 2;
}
Ok(())
}
fn db_key_count(db: &mut KeystoreDB) -> usize {
db.with_transaction(TransactionBehavior::Deferred, |tx| {
tx.query_row(
"SELECT COUNT(*) FROM persistent.keyentry
WHERE domain = ? AND state = ? AND key_type = ?;",
params![Domain::APP.0 as u32, KeyLifeCycle::Live, KeyType::Client],
|row| row.get::<usize, usize>(0),
)
.context(ks_err!("Failed to count number of keys."))
.no_gc()
})
.unwrap()
}
#[test]
fn test_handle_superseded_with_many_keys() -> Result<()> {
run_with_many_keys(1_000_000, |db| db.handle_next_superseded_blobs(&[], 20))
}
#[test]
fn test_get_storage_stats_with_many_keys() -> Result<()> {
use android_security_metrics::aidl::android::security::metrics::Storage::Storage as MetricsStorage;
run_with_many_keys(1_000_000, |db| {
db.get_storage_stat(MetricsStorage::DATABASE).unwrap();
db.get_storage_stat(MetricsStorage::KEY_ENTRY).unwrap();
db.get_storage_stat(MetricsStorage::KEY_ENTRY_ID_INDEX).unwrap();
db.get_storage_stat(MetricsStorage::KEY_ENTRY_DOMAIN_NAMESPACE_INDEX).unwrap();
db.get_storage_stat(MetricsStorage::BLOB_ENTRY).unwrap();
db.get_storage_stat(MetricsStorage::BLOB_ENTRY_KEY_ENTRY_ID_INDEX).unwrap();
db.get_storage_stat(MetricsStorage::KEY_PARAMETER).unwrap();
db.get_storage_stat(MetricsStorage::KEY_PARAMETER_KEY_ENTRY_ID_INDEX).unwrap();
db.get_storage_stat(MetricsStorage::KEY_METADATA).unwrap();
db.get_storage_stat(MetricsStorage::KEY_METADATA_KEY_ENTRY_ID_INDEX).unwrap();
db.get_storage_stat(MetricsStorage::GRANT).unwrap();
db.get_storage_stat(MetricsStorage::AUTH_TOKEN).unwrap();
db.get_storage_stat(MetricsStorage::BLOB_METADATA).unwrap();
db.get_storage_stat(MetricsStorage::BLOB_METADATA_BLOB_ENTRY_ID_INDEX).unwrap();
})
}
#[test]
fn test_list_keys_with_many_keys() -> Result<()> {
run_with_many_keys(1_000_000, |db: &mut KeystoreDB| -> Result<()> {
// Behave equivalently to how clients list aliases.
let domain = Domain::APP;
let namespace = 10001;
let mut start_past: Option<String> = None;
let mut count = 0;
let mut batches = 0;
loop {
let keys = db
.list_past_alias(domain, namespace, KeyType::Client, start_past.as_deref())
.unwrap();
let batch_size = crate::utils::estimate_safe_amount_to_return(
domain,
namespace,
None,
&keys,
crate::utils::RESPONSE_SIZE_LIMIT,
);
let batch = &keys[..batch_size];
count += batch.len();
match batch.last() {
Some(key) => start_past.clone_from(&key.alias),
None => {
log::info!("got {count} keys in {batches} non-empty batches");
return Ok(());
}
}
batches += 1;
}
})
}
#[test]
fn test_upgrade_1_to_2_with_many_keys() -> Result<()> {
prep_and_run_with_many_keys(
1_000_000,
|db: &mut KeystoreDB| {
// Manually downgrade the database to the v1 schema.
db.with_transaction(Immediate("TX_downgrade_2_to_1"), |tx| {
tx.execute("DROP INDEX persistent.keyentry_state_index;", params!())?;
tx.execute("DROP INDEX persistent.blobentry_state_index;", params!())?;
tx.execute("ALTER TABLE persistent.blobentry DROP COLUMN state;", params!())?;
Ok(()).no_gc()
})
.unwrap();
},
|db: &mut KeystoreDB| -> Result<()> {
// Run the upgrade process.
db.with_transaction(Immediate("TX_upgrade_1_to_2"), |tx| {
KeystoreDB::from_1_to_2(tx).no_gc()
})?;
Ok(())
},
)
}