1#!/bin/bash
2#
3# Copyright 2011, The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#     http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -e
18
19prefix=$0
20log_file=$prefix.log
21baseline_file=$prefix.baseline
22
23function cleanup_output() {
24    rm -f $log_file
25    rm -f $baseline_file
26}
27
28function log() {
29    echo "$@"
30    append $log_file \# "$@"
31    append $baseline_file \# "$@"
32}
33
34function expect() {
35    append $baseline_file "$@"
36}
37
38function append() {
39    declare -r file=$1
40    shift
41    echo "$@" >> $file
42}
43
44function run() {
45    # strip out carriage returns from adb
46    # strip out date/time from ls -l
47    "$@" | tr --delete '\r' | sed -E 's/[0-9]{4}-[0-9]{2}-[0-9]{2} +[0-9]{1,2}:[0-9]{2} //' >> $log_file
48}
49
50function keystore() {
51    declare -r user=$1
52    shift
53    run adb shell su $user keystore_cli "$@"
54}
55
56function list_keystore_directory() {
57    run adb shell ls -al /data/misc/keystore
58}
59
60function compare() {
61    log "comparing $baseline_file and $log_file"
62    diff $baseline_file $log_file || (log $tag FAILED && exit 1)
63}
64
65function test_basic() {
66
67    #
68    # reset
69    #
70    log "reset keystore as system user"
71    keystore system r
72    expect "1 No error"
73    list_keystore_directory
74
75    #
76    # basic tests as system/root
77    #
78    log "root does not have permission to run test"
79    keystore root t
80    expect "6 Permission denied"
81
82    log "but system user does"
83    keystore system t
84    expect "3 Uninitialized"
85    list_keystore_directory
86
87    log "password is now bar"
88    keystore system p bar
89    expect "1 No error"
90    list_keystore_directory
91    expect "-rw------- keystore keystore       84 .masterkey"
92
93    log "no error implies initialized and unlocked"
94    keystore system t
95    expect "1 No error"
96
97    log "saw with no argument"
98    keystore system s
99    expect "5 Protocol error"
100
101    log "saw nothing"
102    keystore system s ""
103    expect "1 No error"
104
105    log "add key baz"
106    keystore system i baz quux
107    expect "1 No error"
108
109    log "1000 is uid of system"
110    list_keystore_directory
111    expect "-rw------- keystore keystore       84 .masterkey"
112    expect "-rw------- keystore keystore       52 1000_baz"
113
114    log "saw baz"
115    keystore system s ""
116    expect "1 No error"
117    expect "baz"
118
119    log "get baz"
120    keystore system g baz
121    expect "1 No error"
122    expect "quux"
123
124    log "root can read system user keys (as can wifi or vpn users)"
125    keystore root g baz
126    expect "1 No error"
127    expect "quux"
128
129    #
130    # app user tests
131    #
132
133    # app_0 has uid 10000, as seen below
134    log "other uses cannot see the system keys"
135    keystore app_0 g baz
136    expect "7 Key not found"
137
138    log "app user cannot use reset, password, lock, unlock"
139    keystore app_0 r
140    expect "6 Permission denied"
141    keystore app_0 p
142    expect "6 Permission denied"
143    keystore app_0 l
144    expect "6 Permission denied"
145    keystore app_0 u
146    expect "6 Permission denied"
147
148    log "install app_0 key"
149    keystore app_0 i 0x deadbeef
150    expect 1 No error
151    list_keystore_directory
152    expect "-rw------- keystore keystore       84 .masterkey"
153    expect "-rw------- keystore keystore       52 10000_0x"
154    expect "-rw------- keystore keystore       52 1000_baz"
155
156    log "get with no argument"
157    keystore app_0 g
158    expect "5 Protocol error"
159
160    keystore app_0 g 0x
161    expect "1 No error"
162    expect "deadbeef"
163
164    keystore app_0 i fred barney
165    expect "1 No error"
166
167    keystore app_0 s ""
168    expect "1 No error"
169    expect "0x"
170    expect "fred"
171
172    log "note that saw returns the suffix of prefix matches"
173    keystore app_0 s fr # fred
174    expect "1 No error"
175    expect "ed" # fred
176
177    #
178    # lock tests
179    #
180    log "lock the store as system"
181    keystore system l
182    expect "1 No error"
183    keystore system t
184    expect "2 Locked"
185
186    log "saw works while locked"
187    keystore app_0 s ""
188    expect "1 No error"
189    expect "0x"
190    expect "fred"
191
192    log "...but cannot read keys..."
193    keystore app_0 g 0x
194    expect "2 Locked"
195
196    log "...but they can be deleted."
197    keystore app_0 e 0x
198    expect "1 No error"
199    keystore app_0 d 0x
200    expect "1 No error"
201    keystore app_0 e 0x
202    expect "7 Key not found"
203
204    #
205    # password
206    #
207    log "wrong password"
208    keystore system u foo
209    expect "13 Wrong password (4 tries left)"
210    log "right password"
211    keystore system u bar
212    expect "1 No error"
213
214    log "make the password foo"
215    keystore system p foo
216    expect "1 No error"
217
218    #
219    # final reset
220    #
221    log "reset wipes everything for all users"
222    keystore system r
223    expect "1 No error"
224    list_keystore_directory
225
226    keystore system t
227    expect "3 Uninitialized"
228
229}
230
231function test_4599735() {
232    # http://b/4599735
233    log "start regression test for b/4599735"
234    keystore system r
235    expect "1 No error"
236
237    keystore system p foo
238    expect "1 No error"
239
240    keystore system i baz quux
241    expect "1 No error"
242
243    keystore root g baz
244    expect "1 No error"
245    expect "quux"
246
247    keystore system l
248    expect "1 No error"
249
250    keystore system p foo
251    expect "1 No error"
252
253    log "after unlock, regression led to result of '8 Value corrupted'"
254    keystore root g baz
255    expect "1 No error"
256    expect "quux"
257
258    keystore system r
259    expect "1 No error"
260    log "end regression test for b/4599735"
261}
262
263function main() {
264    cleanup_output
265    log $tag START
266    test_basic
267    test_4599735
268    compare
269    log $tag PASSED
270    cleanup_output
271}
272
273main
274