| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929 |
- /*
- * Copyright (C) 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- #include <errno.h>
- #include <stdio.h>
- #include <time.h>
- #include <keymaster/android_keymaster.h>
- #include <keymaster/authorization_set.h>
- #include <keymaster/km_openssl/soft_keymaster_enforcement.h>
- #include "android_keymaster_test_utils.h"
- namespace keymaster {
- namespace test {
- class TestKeymasterEnforcement : public SoftKeymasterEnforcement {
- public:
- TestKeymasterEnforcement()
- : SoftKeymasterEnforcement(3, 3), current_time_(10000), report_token_valid_(true) {}
- keymaster_error_t AuthorizeOperation(const keymaster_purpose_t purpose, const km_id_t keyid,
- const AuthProxy& auth_set) {
- AuthorizationSet empty_set;
- return KeymasterEnforcement::AuthorizeOperation(
- purpose, keyid, auth_set, empty_set, 0 /* op_handle */, true /* is_begin_operation */);
- }
- using KeymasterEnforcement::AuthorizeOperation;
- uint64_t get_current_time_ms() const override { return current_time_ * 1000; }
- bool activation_date_valid(uint64_t activation_date) const override {
- // Convert java date to time_t, non-portably.
- time_t activation_time = activation_date / 1000;
- return difftime(time(NULL), activation_time) >= 0;
- }
- bool expiration_date_passed(uint64_t expiration_date) const override {
- // Convert jave date to time_t, non-portably.
- time_t expiration_time = expiration_date / 1000;
- return difftime(time(NULL), expiration_time) > 0;
- }
- bool auth_token_timed_out(const hw_auth_token_t& token, uint32_t timeout) const override {
- return current_time_ > ntoh(token.timestamp) + timeout;
- }
- bool ValidateTokenSignature(const hw_auth_token_t&) const override {
- return report_token_valid_;
- }
- void tick(unsigned seconds = 1) { current_time_ += seconds; }
- uint32_t current_time() { return current_time_; }
- void set_report_token_valid(bool report_token_valid) {
- report_token_valid_ = report_token_valid;
- }
- private:
- uint32_t current_time_;
- bool report_token_valid_;
- };
- class KeymasterBaseTest : public ::testing::Test {
- protected:
- KeymasterBaseTest() {
- past_time = 0;
- time_t t = time(NULL);
- future_tm = localtime(&t);
- future_tm->tm_year += 1;
- future_time = static_cast<uint64_t>(mktime(future_tm)) * 1000;
- sign_param = Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
- }
- virtual ~KeymasterBaseTest() {}
- TestKeymasterEnforcement kmen;
- tm past_tm;
- tm* future_tm;
- uint64_t past_time;
- uint64_t future_time;
- static const km_id_t key_id = 0xa;
- static const uid_t uid = 0xf;
- keymaster_key_param_t sign_param;
- AuthorizationSet empty;
- };
- TEST_F(KeymasterBaseTest, TestValidKeyPeriodNoTags) {
- keymaster_key_param_t params[] = {
- sign_param,
- };
- AuthorizationSet single_auth_set(params, array_length(params));
- keymaster_error_t kmer =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(single_auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer);
- }
- TEST_F(KeymasterBaseTest, TestInvalidActiveTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_NO_AUTH_REQUIRED), Authorization(TAG_ACTIVE_DATETIME, future_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- ASSERT_EQ(KM_ERROR_KEY_NOT_YET_VALID,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- // Pubkey ops allowed.
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestValidActiveTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ACTIVE_DATETIME, past_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_valid_time =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer_valid_time);
- }
- TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- ASSERT_EQ(KM_ERROR_KEY_EXPIRED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- // Pubkey ops allowed.
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTimeOnUsgae) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_invalid_origination =
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
- }
- TEST_F(KeymasterBaseTest, TestValidOriginationExpireTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, future_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_valid_origination =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer_valid_origination);
- }
- TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_invalid_origination =
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmer_invalid_origination);
- }
- TEST_F(KeymasterBaseTest, TestInvalidPubkeyUsageExpireTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_invalid_origination =
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
- // Pubkey ops allowed.
- ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
- }
- TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTimeOnOrigination) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_invalid_origination =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
- }
- TEST_F(KeymasterBaseTest, TestValidUsageExpireTime) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_USAGE_EXPIRE_DATETIME, future_time),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer_valid_usage =
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer_valid_usage);
- }
- TEST_F(KeymasterBaseTest, TestValidSingleUseAccesses) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer1 =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- keymaster_error_t kmer2 =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer1);
- ASSERT_EQ(KM_ERROR_OK, kmer2);
- }
- TEST_F(KeymasterBaseTest, TestInvalidMaxOps) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
- Authorization(TAG_MAX_USES_PER_BOOT, 4),
- };
- AuthorizationSet auth_set(params, array_length(params));
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- ASSERT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- // Pubkey ops allowed.
- ASSERT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestOverFlowMaxOpsTable) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_MAX_USES_PER_BOOT, 2),
- };
- AuthorizationSet auth_set(params, array_length(params));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 2 /* key_id */, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 3 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 4 should fail, because table is full.
- EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 1 still works, because it's already in the table and hasn't reached max.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 1 no longer works, because it's reached max.
- EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 4 should fail, because table is (still and forever) full.
- EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, AuthProxy(auth_set, empty)));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
- AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */,
- AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestInvalidTimeBetweenOps) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 10),
- };
- AuthorizationSet auth_set(params, array_length(params));
- keymaster_error_t kmer1 =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- keymaster_error_t kmer2 =
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
- keymaster_error_t kmer3 =
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
- ASSERT_EQ(KM_ERROR_OK, kmer1);
- kmen.tick(2);
- ASSERT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED, kmer2);
- // Allowed because it's a pubkey op.
- ASSERT_EQ(KM_ERROR_OK, kmer3);
- }
- TEST_F(KeymasterBaseTest, TestValidTimeBetweenOps) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 2),
- };
- AuthorizationSet auth_set(params, array_length(params));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- kmen.tick();
- EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- kmen.tick();
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestOptTimeoutTableOverflow) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
- Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4),
- Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
- };
- AuthorizationSet auth_set(params, array_length(params));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
- AuthProxy(auth_set, empty)));
- kmen.tick();
- // Key 1 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */,
- AuthProxy(auth_set, empty)));
- kmen.tick();
- // Key 1 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 2 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */,
- AuthProxy(auth_set, empty)));
- kmen.tick();
- // Key 1 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 2 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 3 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 4 fails because the table is full
- EXPECT_EQ(
- KM_ERROR_TOO_MANY_OPERATIONS,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, AuthProxy(auth_set, empty)));
- kmen.tick();
- // Key 4 succeeds because key 1 expired.
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */,
- AuthProxy(auth_set, empty)));
- // Key 1 fails because the table is full... and key 1 is no longer in it.
- EXPECT_EQ(
- KM_ERROR_TOO_MANY_OPERATIONS,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 2 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 3 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
- kmen.tick();
- // Key 1 succeeds because key 2 expired
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
- AuthProxy(auth_set, empty)));
- // Key 2 fails because the table is full... and key 2 is no longer in it.
- EXPECT_EQ(
- KM_ERROR_TOO_MANY_OPERATIONS,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 3 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
- // Key 4 fails because it's too soon
- EXPECT_EQ(
- KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, AuthProxy(auth_set, empty)));
- kmen.tick(4);
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
- AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */,
- AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */,
- AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestPubkeyOptTimeoutTableOverflow) {
- keymaster_key_param_t params[] = {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
- Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
- };
- AuthorizationSet auth_set(params, array_length(params));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
- kmen.tick();
- // Key 1 fails because it's too soon
- EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
- // Too soo, but pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
- AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestInvalidPurpose) {
- keymaster_purpose_t invalidPurpose1 = static_cast<keymaster_purpose_t>(-1);
- keymaster_purpose_t invalidPurpose2 = static_cast<keymaster_purpose_t>(4);
- AuthorizationSet auth_set(
- AuthorizationSetBuilder().Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY));
- EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
- kmen.AuthorizeOperation(invalidPurpose1, key_id, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
- kmen.AuthorizeOperation(invalidPurpose2, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestIncompatiblePurposeSymmetricKey) {
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
- kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
- kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestIncompatiblePurposeAssymmetricKey) {
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- // This one is allowed because it's a pubkey op.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(auth_set, empty)));
- EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
- kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestInvalidCallerNonce) {
- AuthorizationSet no_caller_nonce(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES));
- AuthorizationSet caller_nonce(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC)
- .Authorization(TAG_CALLER_NONCE));
- AuthorizationSet begin_params(AuthorizationSetBuilder().Authorization(TAG_NONCE, "foo", 3));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_ENCRYPT, key_id, AuthProxy(caller_nonce, empty),
- begin_params, 0 /* challenge */, true /* is_begin_operation */));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_DECRYPT, key_id, AuthProxy(caller_nonce, empty),
- begin_params, 0 /* challenge */, true /* is_begin_operation */));
- EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
- kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(no_caller_nonce, empty),
- begin_params, 0 /* challenge */,
- true /* is_begin_operation */));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_DECRYPT, key_id, AuthProxy(no_caller_nonce, empty),
- begin_params, 0 /* challenge */, true /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestBootloaderOnly) {
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_BOOTLOADER_ONLY));
- EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestInvalidTag) {
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_INVALID)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpSuccess) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpInvalidTokenSignature) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- kmen.set_report_token_valid(false);
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpWrongChallenge) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge + 1 /* doesn't match token */,
- false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpNoAuthType) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpWrongAuthType) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(
- AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_FINGERPRINT /* doesn't match token */)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpWrongSid) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(
- AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id + 1 /* doesn't match token */)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- // Pubkey op allowed.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpSuccessAlternateSid) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 10;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_USER_SECURE_ID, token.authenticator_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthPerOpMissingToken) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = 0;
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- // During begin we can skip the auth token
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, true /* is_begin_operation */));
- // Afterwards we must have authentication
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- // Pubkey ops allowed
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- auth_set.Reinitialize(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
- .build());
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestAuthAndNoAuth) {
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_USER_SECURE_ID, 1)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
- }
- TEST_F(KeymasterBaseTest, TestTimedAuthSuccess) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = hton(kmen.current_time());
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_AUTH_TIMEOUT, 1)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
- 0 /* irrelevant */, false /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestTimedAuthTimedOut) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_AUTH_TIMEOUT, 1)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
- 0 /* irrelevant */, false /* is_begin_operation */));
- kmen.tick(1);
- // token still good
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
- 0 /* irrelevant */, false /* is_begin_operation */));
- kmen.tick(1);
- // token expired, not allowed during begin.
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, 0 /* irrelevant */,
- true /* is_begin_operation */));
- // token expired, afterwards it's okay.
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
- 0 /* irrelevant */, false /* is_begin_operation */));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
- KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty), op_params,
- 0 /* irrelevant */, true /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestTimedAuthMissingToken) {
- hw_auth_token_t token;
- memset(&token, 0, sizeof(token));
- token.version = HW_AUTH_TOKEN_VERSION;
- token.challenge = 99;
- token.user_id = 9;
- token.authenticator_id = 0;
- token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
- token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
- AuthorizationSet auth_set(AuthorizationSetBuilder()
- .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
- .Authorization(TAG_USER_SECURE_ID, token.user_id)
- .Authorization(TAG_AUTH_TIMEOUT, 1)
- .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
- .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
- AuthorizationSet op_params;
- // Unlike auth-per-op, must have the auth token during begin.
- EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, true /* is_begin_operation */));
- // Later we don't check (though begin would fail, so there wouldn't be a later).
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, false /* is_begin_operation */));
- // Pubkey ops allowed.
- EXPECT_EQ(KM_ERROR_OK,
- kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
- op_params, token.challenge, true /* is_begin_operation */));
- }
- TEST_F(KeymasterBaseTest, TestCreateKeyId) {
- keymaster_key_blob_t blob = {reinterpret_cast<const uint8_t*>("foobar"), 6};
- km_id_t key_id = 0;
- EXPECT_TRUE(kmen.CreateKeyId(blob, &key_id));
- EXPECT_NE(0U, key_id);
- }
- }; /* namespace test */
- }; /* namespace keymaster */
|
