1 //! Tests
2
3 use crate::{error_rsp, invalid_cbor_rsp_data, keys::SecureKeyWrapper, split_rsp};
4 use alloc::{vec, vec::Vec};
5 use der::{Decode, Encode};
6 use kmr_common::Error;
7 use kmr_wire::{
8 keymint::{
9 ErrorCode, KeyFormat, KeyParam, KeyPurpose, NEXT_MESSAGE_SIGNAL_FALSE,
10 NEXT_MESSAGE_SIGNAL_TRUE,
11 },
12 AsCborValue,
13 };
14
15 #[test]
test_invalid_data()16 fn test_invalid_data() {
17 // Cross-check that the hand-encoded invalid CBOR data matches an auto-encoded equivalent.
18 let rsp = error_rsp(ErrorCode::UnknownError as i32);
19 let rsp_data = rsp.into_vec().unwrap();
20 assert_eq!(rsp_data, invalid_cbor_rsp_data());
21 }
22
23 #[test]
test_secure_key_wrapper()24 fn test_secure_key_wrapper() {
25 let encoded_str = concat!(
26 "30820179", // SEQUENCE length 0x179 (SecureKeyWrapper) {
27 "020100", // INTEGER length 1 value 0x00 (version)
28 "04820100", // OCTET STRING length 0x100 (encryptedTransportKey)
29 "aad93ed5924f283b4bb5526fbe7a1412",
30 "f9d9749ec30db9062b29e574a8546f33",
31 "c88732452f5b8e6a391ee76c39ed1712",
32 "c61d8df6213dec1cffbc17a8c6d04c7b",
33 "30893d8daa9b2015213e219468215532",
34 "07f8f9931c4caba23ed3bee28b36947e",
35 "47f10e0a5c3dc51c988a628daad3e5e1",
36 "f4005e79c2d5a96c284b4b8d7e4948f3",
37 "31e5b85dd5a236f85579f3ea1d1b8484",
38 "87470bdb0ab4f81a12bee42c99fe0df4",
39 "bee3759453e69ad1d68a809ce06b949f",
40 "7694a990429b2fe81e066ff43e56a216",
41 "02db70757922a4bcc23ab89f1e35da77",
42 "586775f423e519c2ea394caf48a28d0c",
43 "8020f1dcf6b3a68ec246f615ae96dae9",
44 "a079b1f6eb959033c1af5c125fd94168",
45 "040c", // OCTET STRING length 0x0c (initializationVector)
46 "6d9721d08589581ab49204a3",
47 "302e", // SEQUENCE length 0x2e (KeyDescription) {
48 "020103", // INTEGER length 1 value 0x03 (keyFormat = RAW)
49 "3029", // SEQUENCE length 0x29 (AuthorizationList) {
50 "a108", // [1] context-specific constructed tag=1 length 0x08 { (purpose)
51 "3106", // SET length 0x06
52 "020100", // INTEGER length 1 value 0x00 (Encrypt)
53 "020101", // INTEGER length 1 value 0x01 (Decrypt)
54 // } end SET
55 // } end [1]
56 "a203", // [2] context-specific constructed tag=2 length 0x02 { (algorithm)
57 "020120", // INTEGER length 1 value 0x20 (AES)
58 // } end [2]
59 "a304", // [3] context-specific constructed tag=3 length 0x04 { (keySize)
60 "02020100", // INTEGER length 2 value 0x100
61 // } end [3]
62 "a405", // [4] context-specific constructed tag=4 length 0x05 { (blockMode
63 "3103", // SET length 0x03 {
64 "020101", // INTEGER length 1 value 0x01 (ECB)
65 // } end SET
66 // } end [4]
67 "a605", // [6] context-specific constructed tag=6 length 0x05 { (padding)
68 "3103", // SET length 0x03 {
69 "020140", // INTEGER length 1 value 0x40 (PKCS7)
70 // } end SET
71 // } end [5]
72 "bf837702", // [503] context-specific constructed tag=503=0x1F7 length 0x02 {
73 // (noAuthRequired)
74 "0500", // NULL
75 // } end [503]
76 // } end SEQUENCE (AuthorizationList)
77 // } end SEQUENCE (KeyDescription)
78 "0420", // OCTET STRING length 0x20 (encryptedKey)
79 "a61c6e247e25b3e6e69aa78eb03c2d4a",
80 "c20d1f99a9a024a76f35c8e2cab9b68d",
81 "0410", // OCTET STRING length 0x10 (tag)
82 "2560c70109ae67c030f00b98b512a670",
83 // } SEQUENCE (SecureKeyWrapper)
84 );
85 let encoded_bytes = hex::decode(encoded_str).unwrap();
86 let secure_key_wrapper = SecureKeyWrapper::from_der(&encoded_bytes).unwrap();
87 assert_eq!(secure_key_wrapper.version, 0);
88 let key_format: KeyFormat = secure_key_wrapper.key_description.key_format.try_into().unwrap();
89 assert_eq!(KeyFormat::Raw, key_format);
90 let authz = secure_key_wrapper.key_description.key_params.auths;
91 let purpose_values: Vec<KeyPurpose> = authz
92 .iter()
93 .filter_map(|param| if let KeyParam::Purpose(v) = param { Some(*v) } else { None })
94 .collect();
95 assert_eq!(purpose_values.len(), 2);
96 assert!(purpose_values.contains(&KeyPurpose::Encrypt));
97 assert!(purpose_values.contains(&KeyPurpose::Decrypt));
98 }
99
100 #[test]
test_key_description_encode_decode()101 fn test_key_description_encode_decode() {
102 let encoded_secure_key_wrapper = concat!(
103 "30820179", // SEQUENCE length 0x179 (SecureKeyWrapper) {
104 "020100", // INTEGER length 1 value 0x00 (version)
105 "04820100", // OCTET STRING length 0x100 (encryptedTransportKey)
106 "aad93ed5924f283b4bb5526fbe7a1412",
107 "f9d9749ec30db9062b29e574a8546f33",
108 "c88732452f5b8e6a391ee76c39ed1712",
109 "c61d8df6213dec1cffbc17a8c6d04c7b",
110 "30893d8daa9b2015213e219468215532",
111 "07f8f9931c4caba23ed3bee28b36947e",
112 "47f10e0a5c3dc51c988a628daad3e5e1",
113 "f4005e79c2d5a96c284b4b8d7e4948f3",
114 "31e5b85dd5a236f85579f3ea1d1b8484",
115 "87470bdb0ab4f81a12bee42c99fe0df4",
116 "bee3759453e69ad1d68a809ce06b949f",
117 "7694a990429b2fe81e066ff43e56a216",
118 "02db70757922a4bcc23ab89f1e35da77",
119 "586775f423e519c2ea394caf48a28d0c",
120 "8020f1dcf6b3a68ec246f615ae96dae9",
121 "a079b1f6eb959033c1af5c125fd94168",
122 "040c", // OCTET STRING length 0x0c (initializationVector)
123 "6d9721d08589581ab49204a3",
124 "302e", // SEQUENCE length 0x2e (KeyDescription) {
125 "020103", // INTEGER length 1 value 0x03 (keyFormat = RAW)
126 "3029", // SEQUENCE length 0x29 (AuthorizationList) {
127 "a108", // [1] context-specific constructed tag=1 length 0x08 { (purpose)
128 "3106", // SET length 0x06
129 "020100", // INTEGER length 1 value 0x00 (Encrypt)
130 "020101", // INTEGER length 1 value 0x01 (Decrypt)
131 // } end SET
132 // } end [1]
133 "a203", // [2] context-specific constructed tag=2 length 0x02 { (algorithm)
134 "020120", // INTEGER length 1 value 0x20 (AES)
135 // } end [2]
136 "a304", // [3] context-specific constructed tag=3 length 0x04 { (keySize)
137 "02020100", // INTEGER length 2 value 0x100
138 // } end [3]
139 "a405", // [4] context-specific constructed tag=4 length 0x05 { (blockMode
140 "3103", // SET length 0x03 {
141 "020101", // INTEGER length 1 value 0x01 (ECB)
142 // } end SET
143 // } end [4]
144 "a605", // [6] context-specific constructed tag=6 length 0x05 { (padding)
145 "3103", // SET length 0x03 {
146 "020140", // INTEGER length 1 value 0x40 (PKCS7)
147 // } end SET
148 // } end [5]
149 "bf837702", // [503] context-specific constructed tag=503=0x1F7 length 0x02 {
150 // (noAuthRequired)
151 "0500", // NULL
152 // } end [503]
153 // } end SEQUENCE (AuthorizationList)
154 // } end SEQUENCE (KeyDescription)
155 "0420", // OCTET STRING length 0x20 (encryptedKey)
156 "a61c6e247e25b3e6e69aa78eb03c2d4a",
157 "c20d1f99a9a024a76f35c8e2cab9b68d",
158 "0410", // OCTET STRING length 0x10 (tag)
159 "2560c70109ae67c030f00b98b512a670",
160 // } SEQUENCE (SecureKeyWrapper)
161 );
162 let encoded_key_description_want = concat!(
163 "302e", // SEQUENCE length 0x2e (KeyDescription) {
164 "020103", // INTEGER length 1 value 0x03 (keyFormat = RAW)
165 "3029", // SEQUENCE length 0x29 (AuthorizationList) {
166 "a108", // [1] context-specific constructed tag=1 length 0x08 { (purpose)
167 "3106", // SET length 0x06
168 "020100", // INTEGER length 1 value 0x00 (Encrypt)
169 "020101", // INTEGER length 1 value 0x01 (Decrypt)
170 // } end SET
171 // } end [1]
172 "a203", // [2] context-specific constructed tag=2 length 0x02 { (algorithm)
173 "020120", // INTEGER length 1 value 0x20 (AES)
174 // } end [2]
175 "a304", // [3] context-specific constructed tag=3 length 0x04 { (keySize)
176 "02020100", // INTEGER length 2 value 0x100
177 // } end [3]
178 "a405", // [4] context-specific constructed tag=4 length 0x05 { (blockMode
179 "3103", // SET length 0x03 {
180 "020101", // INTEGER length 1 value 0x01 (ECB)
181 // } end SET
182 // } end [4]
183 "a605", // [6] context-specific constructed tag=6 length 0x05 { (padding)
184 "3103", // SET length 0x03 {
185 "020140", // INTEGER length 1 value 0x40 (PKCS7)
186 // } end SET
187 // } end [5]
188 "bf837702", // [503] context-specific constructed tag=503=0x1F7 length 0x02 {
189 // (noAuthRequired)
190 "0500", // NULL
191 // } end [503]
192 // } end SEQUENCE (AuthorizationList)
193 // } end SEQUENCE (KeyDescription)
194 );
195 let encoded_bytes = hex::decode(encoded_secure_key_wrapper).unwrap();
196 let secure_key_wrapper = SecureKeyWrapper::from_der(&encoded_bytes).unwrap();
197 let key_description = secure_key_wrapper.key_description;
198 let encoded_key_description_got = key_description.to_vec().unwrap();
199 assert_eq!(hex::encode(encoded_key_description_got), encoded_key_description_want);
200 }
201
202 #[test]
test_split_rsp_invalid_input()203 fn test_split_rsp_invalid_input() {
204 // Check for invalid inputs
205 let rsp = vec![];
206 let result = split_rsp(&rsp, 5);
207 assert!(result.is_err());
208 assert!(matches!(result, Err(Error::Hal(ErrorCode::InvalidArgument, _))));
209
210 let rsp = vec![0x82, 0x21, 0x80];
211 let result = split_rsp(&rsp, 1);
212 assert!(matches!(result, Err(Error::Hal(ErrorCode::InvalidArgument, _))));
213 }
214
215 #[test]
test_split_rsp_smaller_input()216 fn test_split_rsp_smaller_input() {
217 // Test for rsp_data size < max_size
218 let rsp = vec![0x82, 0x13, 0x82, 0x80, 0x80];
219 let result = split_rsp(&rsp, 20).expect("result should not be error");
220 assert_eq!(result.len(), 1);
221 let inner_msg = result.get(0).expect("single message is expected").as_slice();
222 assert_eq!(inner_msg.len(), 6);
223 let marker = inner_msg[0];
224 assert_eq!(marker, NEXT_MESSAGE_SIGNAL_FALSE);
225 let msg = &inner_msg[1..];
226 assert_eq!(msg, rsp);
227 }
228
229 #[test]
test_split_rsp_allowed_size_input()230 fn test_split_rsp_allowed_size_input() {
231 // Test for rsp_data size = allowed message length
232 let rsp = vec![0x82, 0x13, 0x82, 0x80, 0x80];
233 let result = split_rsp(&rsp, 6).expect("result should not be error");
234 assert_eq!(result.len(), 1);
235 let inner_msg = result.get(0).expect("single message is expected").as_slice();
236 assert_eq!(inner_msg.len(), 6);
237 let marker = inner_msg[0];
238 assert_eq!(marker, NEXT_MESSAGE_SIGNAL_FALSE);
239 let msg = &inner_msg[1..];
240 assert_eq!(msg, rsp);
241 }
242
243 #[test]
test_split_rsp_max_size_input()244 fn test_split_rsp_max_size_input() {
245 // Test for rsp_data size = max_size
246 let rsp = vec![0x82, 0x13, 0x82, 0x80, 0x80, 0x82];
247 let result = split_rsp(&rsp, 6).expect("result should not be error");
248 assert_eq!(result.len(), 2);
249
250 let inner_msg1 = result.get(0).expect("a message is expected at index 0").as_slice();
251 assert_eq!(inner_msg1.len(), 6);
252 let marker1 = inner_msg1[0];
253 assert_eq!(marker1, NEXT_MESSAGE_SIGNAL_TRUE);
254 assert_eq!(&inner_msg1[1..], &rsp[..5]);
255
256 let inner_msg2 = result.get(1).expect("a message is expected at index 1").as_slice();
257 assert_eq!(inner_msg2.len(), 2);
258 let marker2 = inner_msg2[0];
259 assert_eq!(marker2, NEXT_MESSAGE_SIGNAL_FALSE);
260 assert_eq!(&inner_msg2[1..], &rsp[5..]);
261 }
262
263 #[test]
test_split_rsp_larger_input_perfect_split()264 fn test_split_rsp_larger_input_perfect_split() {
265 // Test for rsp_data size > max_size and it is a perfect split
266 let rsp1 = vec![0x82, 0x13, 0x82, 0x80, 0x80];
267 let rsp2 = vec![0x82, 0x14, 0x82, 0x80, 0x80];
268 let rsp3 = vec![0x82, 0x15, 0x82, 0x80, 0x80];
269 let mut rsp = vec![];
270 rsp.extend_from_slice(&rsp1);
271 rsp.extend_from_slice(&rsp2);
272 rsp.extend_from_slice(&rsp3);
273 let result = split_rsp(&rsp, 6).expect("result should not be error");
274 assert_eq!(result.len(), 3);
275
276 let inner_msg1 = result.get(0).expect("a message is expected at index 0").as_slice();
277 assert_eq!(inner_msg1.len(), 6);
278 let marker1 = inner_msg1[0];
279 assert_eq!(marker1, NEXT_MESSAGE_SIGNAL_TRUE);
280 let msg1 = &inner_msg1[1..];
281 assert_eq!(msg1, rsp1);
282
283 let inner_msg2 = result.get(1).expect("a message is expected at index 1").as_slice();
284 assert_eq!(inner_msg2.len(), 6);
285 let marker2 = inner_msg2[0];
286 assert_eq!(marker2, NEXT_MESSAGE_SIGNAL_TRUE);
287 let msg2 = &inner_msg2[1..];
288 assert_eq!(msg2, rsp2);
289
290 let inner_msg3 = result.get(2).expect("a message is expected at index 2").as_slice();
291 assert_eq!(inner_msg3.len(), 6);
292 let marker3 = inner_msg3[0];
293 assert_eq!(marker3, NEXT_MESSAGE_SIGNAL_FALSE);
294 let msg3 = &inner_msg3[1..];
295 assert_eq!(msg3, rsp3);
296 }
297
298 #[test]
test_split_rsp_larger_input_imperfect_split()299 fn test_split_rsp_larger_input_imperfect_split() {
300 // Test for rsp_data size > max_size and it is not a perfect split
301 let rsp1 = vec![0x82, 0x00, 0x81, 0x82, 0x13];
302 let rsp2 = vec![0x81, 0x83, 0x41, 0x01, 0x80];
303 let rsp3 = vec![0x80];
304 let mut rsp = vec![];
305 rsp.extend_from_slice(&rsp1);
306 rsp.extend_from_slice(&rsp2);
307 rsp.extend_from_slice(&rsp3);
308 let result = split_rsp(&rsp, 6).expect("result should not be error");
309 assert_eq!(result.len(), 3);
310
311 let inner_msg1 = result.get(0).expect("a message is expected at index 0").as_slice();
312 assert_eq!(inner_msg1.len(), 6);
313 let marker1 = inner_msg1[0];
314 assert_eq!(marker1, NEXT_MESSAGE_SIGNAL_TRUE);
315 let msg1 = &inner_msg1[1..];
316 assert_eq!(msg1, rsp1);
317
318 let inner_msg2 = result.get(1).expect("a message is expected at index 1").as_slice();
319 assert_eq!(inner_msg2.len(), 6);
320 let marker2 = inner_msg2[0];
321 assert_eq!(marker2, NEXT_MESSAGE_SIGNAL_TRUE);
322 let msg2 = &inner_msg2[1..];
323 assert_eq!(msg2, rsp2);
324
325 let inner_msg3 = result.get(2).expect("a message is expected at index 2").as_slice();
326 assert_eq!(inner_msg3.len(), 2);
327 let marker3 = inner_msg3[0];
328 assert_eq!(marker3, NEXT_MESSAGE_SIGNAL_FALSE);
329 let msg3 = &inner_msg3[1..];
330 assert_eq!(msg3, rsp3);
331 }
332