1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include <gtest/gtest.h>
17 #include <hardware/gatekeeper.h>
18 #include <gatekeeper/gatekeeper.h> // For password_handle_t
19 
20 using ::testing::Test;
21 using ::gatekeeper::password_handle_t;
22 using ::gatekeeper::secure_id_t;
23 
24 class GateKeeperDeviceTest : public virtual Test {
25 public:
GateKeeperDeviceTest()26     GateKeeperDeviceTest() {}
~GateKeeperDeviceTest()27     virtual ~GateKeeperDeviceTest() {}
28 
SetUp()29     virtual void SetUp() {
30         gatekeeper_device_initialize(&device);
31     }
32 
TearDown()33     virtual void TearDown() {
34         gatekeeper_close(device);
35     }
36 
gatekeeper_device_initialize(gatekeeper_device_t ** dev)37     static void gatekeeper_device_initialize(gatekeeper_device_t **dev) {
38         int ret;
39         const hw_module_t *mod;
40         ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &mod);
41 
42         ASSERT_EQ(0, ret);
43 
44         ret = gatekeeper_open(mod, dev);
45 
46         ASSERT_EQ(0, ret);
47     }
48 
49     gatekeeper_device_t *device;
50 };
51 
TEST_F(GateKeeperDeviceTest,EnrollAndVerify)52 TEST_F(GateKeeperDeviceTest, EnrollAndVerify) {
53     uint32_t password_len = 50;
54     uint8_t password_payload[password_len];
55     uint8_t *password_handle;
56     uint32_t password_handle_length;
57     uint8_t *auth_token;
58     uint32_t auth_token_len;
59     int ret;
60 
61     ret = device->enroll(device, 0, NULL, 0, NULL, 0,  password_payload, password_len,
62             &password_handle, &password_handle_length);
63 
64     ASSERT_EQ(0, ret);
65 
66     bool should_reenroll;
67     ret = device->verify(device, 0, 0, password_handle, password_handle_length,
68             password_payload, password_len, &auth_token, &auth_token_len, &should_reenroll);
69 
70     ASSERT_EQ(0, ret);
71 }
72 
TEST_F(GateKeeperDeviceTest,EnrollAndVerifyBadPassword)73 TEST_F(GateKeeperDeviceTest, EnrollAndVerifyBadPassword) {
74     uint32_t password_len = 50;
75     uint8_t password_payload[password_len];
76     uint8_t *password_handle;
77     uint32_t password_handle_length;
78     uint8_t *auth_token = NULL;
79     uint32_t auth_token_len;
80     int ret;
81 
82     ret = device->enroll(device, 0, NULL, 0, NULL, 0,  password_payload, password_len,
83              &password_handle, &password_handle_length);
84 
85     ASSERT_EQ(0, ret);
86 
87     password_payload[0] = 4;
88 
89     bool should_reenroll;
90     ret = device->verify(device, 0, 0, password_handle, password_handle_length,
91             password_payload, password_len, &auth_token, &auth_token_len,
92             &should_reenroll);
93 
94     ASSERT_NE(0, ret);
95     ASSERT_EQ(NULL, auth_token);
96 }
97 
TEST_F(GateKeeperDeviceTest,UntrustedReEnroll)98 TEST_F(GateKeeperDeviceTest, UntrustedReEnroll) {
99     uint32_t password_len = 50;
100     uint8_t password_payload[password_len];
101     uint8_t *password_handle;
102     uint32_t password_handle_length;
103     int ret;
104 
105     ret = device->enroll(device, 0, NULL, 0, NULL, 0, password_payload, password_len,
106              &password_handle, &password_handle_length);
107 
108     ASSERT_EQ(0, ret);
109 
110     password_handle_t *handle = reinterpret_cast<password_handle_t *>(password_handle);
111     secure_id_t sid = handle->user_id;
112 
113     ret = device->enroll(device, 0, NULL, 0, NULL, 0, password_payload, password_len,
114             &password_handle, &password_handle_length);
115 
116     ASSERT_EQ(0, ret);
117     handle = reinterpret_cast<password_handle_t *>(password_handle);
118     ASSERT_NE(sid, handle->user_id);
119 }
120 
121 
TEST_F(GateKeeperDeviceTest,TrustedReEnroll)122 TEST_F(GateKeeperDeviceTest, TrustedReEnroll) {
123     uint32_t password_len = 50;
124     uint8_t password_payload[password_len];
125     uint8_t *password_handle;
126     uint32_t password_handle_length;
127     int ret;
128 
129     ret = device->enroll(device, 0, NULL, 0, NULL, 0, password_payload, password_len,
130              &password_handle, &password_handle_length);
131 
132     ASSERT_EQ(0, ret);
133 
134     password_handle_t *handle = reinterpret_cast<password_handle_t *>(password_handle);
135     secure_id_t sid = handle->user_id;
136 
137     ret = device->enroll(device, 0, password_handle, password_handle_length, password_payload,
138             password_len, password_payload, password_len, &password_handle, &password_handle_length);
139 
140     ASSERT_EQ(0, ret);
141     handle = reinterpret_cast<password_handle_t *>(password_handle);
142     ASSERT_EQ(sid, handle->user_id);
143 }
144 
145