| David Drysdale | 2566fb3 | 2024-07-09 14:46:37 +0100 | [diff] [blame] | 1 | // Copyright 2020, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | //! Utility functions tests. |
| 16 | |
| 17 | use super::*; |
| 18 | use anyhow::Result; |
| 19 | |
| 20 | #[test] |
| 21 | fn check_device_attestation_permissions_test() -> Result<()> { |
| 22 | check_device_attestation_permissions().or_else(|error| { |
| 23 | match error.root_cause().downcast_ref::<Error>() { |
| 24 | // Expected: the context for this test might not be allowed to attest device IDs. |
| 25 | Some(Error::Km(ErrorCode::CANNOT_ATTEST_IDS)) => Ok(()), |
| 26 | // Other errors are unexpected |
| 27 | _ => Err(error), |
| 28 | } |
| 29 | }) |
| 30 | } |
| 31 | |
| 32 | fn create_key_descriptors_from_aliases(key_aliases: &[&str]) -> Vec<KeyDescriptor> { |
| 33 | key_aliases |
| 34 | .iter() |
| 35 | .map(|key_alias| KeyDescriptor { |
| 36 | domain: Domain::APP, |
| 37 | nspace: 0, |
| 38 | alias: Some(key_alias.to_string()), |
| 39 | blob: None, |
| 40 | }) |
| 41 | .collect::<Vec<KeyDescriptor>>() |
| 42 | } |
| 43 | |
| 44 | fn aliases_from_key_descriptors(key_descriptors: &[KeyDescriptor]) -> Vec<String> { |
| 45 | key_descriptors |
| 46 | .iter() |
| 47 | .map(|kd| if let Some(alias) = &kd.alias { String::from(alias) } else { String::from("") }) |
| 48 | .collect::<Vec<String>>() |
| 49 | } |
| 50 | |
| 51 | #[test] |
| 52 | fn test_safe_amount_to_return() -> Result<()> { |
| 53 | let key_aliases = vec!["key1", "key2", "key3"]; |
| 54 | let key_descriptors = create_key_descriptors_from_aliases(&key_aliases); |
| 55 | |
| David Drysdale | 703bcc1 | 2024-11-26 14:15:03 +0000 | [diff] [blame^] | 56 | assert_eq!(estimate_safe_amount_to_return(Domain::APP, 1017, None, &key_descriptors, 20), 1); |
| 57 | assert_eq!(estimate_safe_amount_to_return(Domain::APP, 1017, None, &key_descriptors, 50), 2); |
| 58 | assert_eq!(estimate_safe_amount_to_return(Domain::APP, 1017, None, &key_descriptors, 100), 3); |
| David Drysdale | 2566fb3 | 2024-07-09 14:46:37 +0100 | [diff] [blame] | 59 | Ok(()) |
| 60 | } |
| 61 | |
| 62 | #[test] |
| 63 | fn test_merge_and_sort_lists_without_filtering() -> Result<()> { |
| 64 | let legacy_key_aliases = vec!["key_c", "key_a", "key_b"]; |
| 65 | let legacy_key_descriptors = create_key_descriptors_from_aliases(&legacy_key_aliases); |
| 66 | let db_key_aliases = vec!["key_a", "key_d"]; |
| 67 | let db_key_descriptors = create_key_descriptors_from_aliases(&db_key_aliases); |
| 68 | let result = |
| 69 | merge_and_filter_key_entry_lists(&legacy_key_descriptors, &db_key_descriptors, None); |
| 70 | assert_eq!(aliases_from_key_descriptors(&result), vec!["key_a", "key_b", "key_c", "key_d"]); |
| 71 | Ok(()) |
| 72 | } |
| 73 | |
| 74 | #[test] |
| 75 | fn test_merge_and_sort_lists_with_filtering() -> Result<()> { |
| 76 | let legacy_key_aliases = vec!["key_f", "key_a", "key_e", "key_b"]; |
| 77 | let legacy_key_descriptors = create_key_descriptors_from_aliases(&legacy_key_aliases); |
| 78 | let db_key_aliases = vec!["key_c", "key_g"]; |
| 79 | let db_key_descriptors = create_key_descriptors_from_aliases(&db_key_aliases); |
| 80 | let result = merge_and_filter_key_entry_lists( |
| 81 | &legacy_key_descriptors, |
| 82 | &db_key_descriptors, |
| 83 | Some("key_b"), |
| 84 | ); |
| 85 | assert_eq!(aliases_from_key_descriptors(&result), vec!["key_c", "key_e", "key_f", "key_g"]); |
| 86 | Ok(()) |
| 87 | } |
| 88 | |
| 89 | #[test] |
| 90 | fn test_merge_and_sort_lists_with_filtering_and_dups() -> Result<()> { |
| 91 | let legacy_key_aliases = vec!["key_f", "key_a", "key_e", "key_b"]; |
| 92 | let legacy_key_descriptors = create_key_descriptors_from_aliases(&legacy_key_aliases); |
| 93 | let db_key_aliases = vec!["key_d", "key_e", "key_g"]; |
| 94 | let db_key_descriptors = create_key_descriptors_from_aliases(&db_key_aliases); |
| 95 | let result = merge_and_filter_key_entry_lists( |
| 96 | &legacy_key_descriptors, |
| 97 | &db_key_descriptors, |
| 98 | Some("key_c"), |
| 99 | ); |
| 100 | assert_eq!(aliases_from_key_descriptors(&result), vec!["key_d", "key_e", "key_f", "key_g"]); |
| 101 | Ok(()) |
| 102 | } |
| 103 | |
| 104 | #[test] |
| 105 | fn test_list_key_parameters_with_filter_on_security_sensitive_info() -> Result<()> { |
| 106 | let params = vec![ |
| 107 | KmKeyParameter { tag: Tag::APPLICATION_ID, value: KeyParameterValue::Integer(0) }, |
| 108 | KmKeyParameter { tag: Tag::APPLICATION_DATA, value: KeyParameterValue::Integer(0) }, |
| 109 | KmKeyParameter { |
| 110 | tag: Tag::CERTIFICATE_NOT_AFTER, |
| 111 | value: KeyParameterValue::DateTime(UNDEFINED_NOT_AFTER), |
| 112 | }, |
| 113 | KmKeyParameter { tag: Tag::CERTIFICATE_NOT_BEFORE, value: KeyParameterValue::DateTime(0) }, |
| 114 | ]; |
| 115 | let wanted = vec![ |
| 116 | KmKeyParameter { |
| 117 | tag: Tag::CERTIFICATE_NOT_AFTER, |
| 118 | value: KeyParameterValue::DateTime(UNDEFINED_NOT_AFTER), |
| 119 | }, |
| 120 | KmKeyParameter { tag: Tag::CERTIFICATE_NOT_BEFORE, value: KeyParameterValue::DateTime(0) }, |
| 121 | ]; |
| 122 | |
| 123 | assert_eq!(log_security_safe_params(¶ms), wanted); |
| 124 | Ok(()) |
| 125 | } |