diff options
| author | Al Sutton <alsutton@google.com> | 2019-08-21 16:22:55 +0100 |
|---|---|---|
| committer | Al Sutton <alsutton@google.com> | 2019-09-11 08:15:40 +0000 |
| commit | 282b4069412109de36b9e7092b45852425be837c (patch) | |
| tree | 9268a0a178256f8a0f9f40ff75fcbc19d93cd5c9 /packages/BackupEncryption/test | |
| parent | 70f1945f172a9fa2550c344e29f791778edf5371 (diff) | |
Import RestoreKeyFetcher
Bug: 111386661
Test: atest BackupEncryptionRoboTests
Change-Id: I4163ebda82f588c624255f2a090e4ddab55e998f
Diffstat (limited to 'packages/BackupEncryption/test')
| -rw-r--r-- | packages/BackupEncryption/test/robolectric/Android.bp | 1 | ||||
| -rw-r--r-- | packages/BackupEncryption/test/robolectric/src/com/android/server/backup/encryption/keys/RestoreKeyFetcherTest.java | 127 |
2 files changed, 128 insertions, 0 deletions
diff --git a/packages/BackupEncryption/test/robolectric/Android.bp b/packages/BackupEncryption/test/robolectric/Android.bp index 3376ec97e02f..f84be6d4f3f4 100644 --- a/packages/BackupEncryption/test/robolectric/Android.bp +++ b/packages/BackupEncryption/test/robolectric/Android.bp @@ -23,6 +23,7 @@ android_robolectric_test { "backup-encryption-protos", "platform-test-annotations", "testng", + "truth-prebuilt", ], instrumentation_for: "BackupEncryption", } diff --git a/packages/BackupEncryption/test/robolectric/src/com/android/server/backup/encryption/keys/RestoreKeyFetcherTest.java b/packages/BackupEncryption/test/robolectric/src/com/android/server/backup/encryption/keys/RestoreKeyFetcherTest.java new file mode 100644 index 000000000000..004f8097ce39 --- /dev/null +++ b/packages/BackupEncryption/test/robolectric/src/com/android/server/backup/encryption/keys/RestoreKeyFetcherTest.java @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.keys; + +import static com.google.common.truth.Truth.assertThat; + +import static org.mockito.Mockito.when; +import static org.testng.Assert.assertThrows; + +import android.platform.test.annotations.Presubmit; + +import com.android.server.backup.encryption.protos.nano.WrappedKeyProto; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.robolectric.RobolectricTestRunner; + +import java.security.InvalidKeyException; +import java.security.KeyException; +import java.security.SecureRandom; +import java.util.Optional; + +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; + +/** Test the restore key fetcher */ +@RunWith(RobolectricTestRunner.class) +@Presubmit +public class RestoreKeyFetcherTest { + + private static final String KEY_GENERATOR_ALGORITHM = "AES"; + + private static final String TEST_SECONDARY_KEY_ALIAS = "test_2ndary_key"; + private static final byte[] TEST_SECONDARY_KEY_BYTES = new byte[256 / Byte.SIZE]; + + @Mock private RecoverableKeyStoreSecondaryKeyManager mSecondaryKeyManager; + + /** Initialise the mocks **/ + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + } + + /** Ensure the unwrap method works as expected */ + @Test + public void unwrapTertiaryKey_returnsUnwrappedKey() throws Exception { + RecoverableKeyStoreSecondaryKey secondaryKey = createSecondaryKey(); + SecretKey tertiaryKey = createTertiaryKey(); + WrappedKeyProto.WrappedKey wrappedTertiaryKey = + KeyWrapUtils.wrap(secondaryKey.getSecretKey(), tertiaryKey); + when(mSecondaryKeyManager.get(TEST_SECONDARY_KEY_ALIAS)) + .thenReturn(Optional.of(secondaryKey)); + + SecretKey actualTertiaryKey = + RestoreKeyFetcher.unwrapTertiaryKey( + () -> mSecondaryKeyManager, + TEST_SECONDARY_KEY_ALIAS, + wrappedTertiaryKey); + + assertThat(actualTertiaryKey).isEqualTo(tertiaryKey); + } + + /** Ensure that missing secondary keys are detected and an appropriate exception is thrown */ + @Test + public void unwrapTertiaryKey_missingSecondaryKey_throwsSpecificException() throws Exception { + WrappedKeyProto.WrappedKey wrappedTertiaryKey = + KeyWrapUtils.wrap(createSecondaryKey().getSecretKey(), createTertiaryKey()); + when(mSecondaryKeyManager.get(TEST_SECONDARY_KEY_ALIAS)).thenReturn(Optional.empty()); + + assertThrows( + KeyException.class, + () -> + RestoreKeyFetcher.unwrapTertiaryKey( + () -> mSecondaryKeyManager, + TEST_SECONDARY_KEY_ALIAS, + wrappedTertiaryKey)); + } + + /** Ensure that invalid secondary keys are detected and an appropriate exception is thrown */ + @Test + public void unwrapTertiaryKey_badSecondaryKey_throws() throws Exception { + RecoverableKeyStoreSecondaryKey badSecondaryKey = + new RecoverableKeyStoreSecondaryKey( + TEST_SECONDARY_KEY_ALIAS, + new SecretKeySpec(new byte[] {0, 1}, KEY_GENERATOR_ALGORITHM)); + + WrappedKeyProto.WrappedKey wrappedTertiaryKey = + KeyWrapUtils.wrap(createSecondaryKey().getSecretKey(), createTertiaryKey()); + when(mSecondaryKeyManager.get(TEST_SECONDARY_KEY_ALIAS)) + .thenReturn(Optional.of(badSecondaryKey)); + + assertThrows( + InvalidKeyException.class, + () -> + RestoreKeyFetcher.unwrapTertiaryKey( + () -> mSecondaryKeyManager, + TEST_SECONDARY_KEY_ALIAS, + wrappedTertiaryKey)); + } + + private static RecoverableKeyStoreSecondaryKey createSecondaryKey() { + return new RecoverableKeyStoreSecondaryKey( + TEST_SECONDARY_KEY_ALIAS, + new SecretKeySpec(TEST_SECONDARY_KEY_BYTES, KEY_GENERATOR_ALGORITHM)); + } + + private static SecretKey createTertiaryKey() { + return new TertiaryKeyGenerator(new SecureRandom(new byte[] {0})).generate(); + } +} |