1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <stdio.h>
19 #include <time.h>
20
21 #include <keymaster/android_keymaster.h>
22 #include <keymaster/authorization_set.h>
23 #include <keymaster/km_openssl/soft_keymaster_enforcement.h>
24
25 #include "android_keymaster_test_utils.h"
26
27 namespace keymaster {
28 namespace test {
29
30 class EnforcementTestKeymasterEnforcement : public SoftKeymasterEnforcement {
31 public:
EnforcementTestKeymasterEnforcement()32 EnforcementTestKeymasterEnforcement()
33 : SoftKeymasterEnforcement(3, 3), current_time_(10000), report_token_valid_(true) {}
34
AuthorizeOperation(const keymaster_purpose_t purpose,const km_id_t keyid,const AuthProxy & auth_set)35 keymaster_error_t AuthorizeOperation(const keymaster_purpose_t purpose, const km_id_t keyid,
36 const AuthProxy& auth_set) {
37 AuthorizationSet empty_set;
38 return KeymasterEnforcement::AuthorizeOperation(
39 purpose, keyid, auth_set, empty_set, 0 /* op_handle */, true /* is_begin_operation */);
40 }
41 using KeymasterEnforcement::AuthorizeOperation;
42
get_current_time_ms() const43 uint64_t get_current_time_ms() const override { return current_time_ * 1000; }
activation_date_valid(uint64_t activation_date) const44 bool activation_date_valid(uint64_t activation_date) const override {
45 // Convert java date to time_t, non-portably.
46 time_t activation_time = activation_date / 1000;
47 return difftime(time(NULL), activation_time) >= 0;
48 }
expiration_date_passed(uint64_t expiration_date) const49 bool expiration_date_passed(uint64_t expiration_date) const override {
50 // Convert jave date to time_t, non-portably.
51 time_t expiration_time = expiration_date / 1000;
52 return difftime(time(NULL), expiration_time) > 0;
53 }
auth_token_timed_out(const hw_auth_token_t & token,uint32_t timeout) const54 bool auth_token_timed_out(const hw_auth_token_t& token, uint32_t timeout) const override {
55 return current_time_ > ntoh(token.timestamp) + timeout;
56 }
ValidateTokenSignature(const hw_auth_token_t &) const57 bool ValidateTokenSignature(const hw_auth_token_t&) const override {
58 return report_token_valid_;
59 }
60
tick(unsigned seconds=1)61 void tick(unsigned seconds = 1) { current_time_ += seconds; }
current_time()62 uint32_t current_time() { return current_time_; }
set_report_token_valid(bool report_token_valid)63 void set_report_token_valid(bool report_token_valid) {
64 report_token_valid_ = report_token_valid;
65 }
66
67 private:
68 uint32_t current_time_;
69 bool report_token_valid_;
70 };
71
72 class KeymasterBaseTest : public ::testing::Test {
73 protected:
KeymasterBaseTest()74 KeymasterBaseTest() {
75 past_time = 0;
76
77 time_t t = time(NULL);
78 future_tm = localtime(&t);
79 future_tm->tm_year += 1;
80 future_time = static_cast<uint64_t>(mktime(future_tm)) * 1000;
81 sign_param = Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
82 }
~KeymasterBaseTest()83 virtual ~KeymasterBaseTest() {}
84
85 EnforcementTestKeymasterEnforcement kmen;
86
87 tm past_tm;
88 tm* future_tm;
89 uint64_t past_time;
90 uint64_t future_time;
91 static const km_id_t key_id = 0xa;
92 static const uid_t uid = 0xf;
93 keymaster_key_param_t sign_param;
94 AuthorizationSet empty;
95 };
96
TEST_F(KeymasterBaseTest,TestValidKeyPeriodNoTags)97 TEST_F(KeymasterBaseTest, TestValidKeyPeriodNoTags) {
98 keymaster_key_param_t params[] = {
99 sign_param,
100 };
101 AuthorizationSet single_auth_set(params, array_length(params));
102
103 keymaster_error_t kmer =
104 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(single_auth_set, empty));
105 ASSERT_EQ(KM_ERROR_OK, kmer);
106 }
107
TEST_F(KeymasterBaseTest,TestInvalidActiveTime)108 TEST_F(KeymasterBaseTest, TestInvalidActiveTime) {
109 keymaster_key_param_t params[] = {
110 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
111 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
112 Authorization(TAG_NO_AUTH_REQUIRED),
113 Authorization(TAG_ACTIVE_DATETIME, future_time),
114 };
115
116 AuthorizationSet auth_set(params, array_length(params));
117
118 ASSERT_EQ(KM_ERROR_KEY_NOT_YET_VALID,
119 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
120
121 // Pubkey ops allowed.
122 ASSERT_EQ(KM_ERROR_OK,
123 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
124 }
125
TEST_F(KeymasterBaseTest,TestValidActiveTime)126 TEST_F(KeymasterBaseTest, TestValidActiveTime) {
127 keymaster_key_param_t params[] = {
128 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
129 Authorization(TAG_ACTIVE_DATETIME, past_time),
130 };
131
132 AuthorizationSet auth_set(params, array_length(params));
133
134 keymaster_error_t kmer_valid_time =
135 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
136 ASSERT_EQ(KM_ERROR_OK, kmer_valid_time);
137 }
138
TEST_F(KeymasterBaseTest,TestInvalidOriginationExpireTime)139 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTime) {
140 keymaster_key_param_t params[] = {
141 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
142 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
143 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
144 };
145
146 AuthorizationSet auth_set(params, array_length(params));
147
148 ASSERT_EQ(KM_ERROR_KEY_EXPIRED,
149 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
150
151 // Pubkey ops allowed.
152 ASSERT_EQ(KM_ERROR_OK,
153 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
154 }
155
TEST_F(KeymasterBaseTest,TestInvalidOriginationExpireTimeOnUsgae)156 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTimeOnUsgae) {
157 keymaster_key_param_t params[] = {
158 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
159 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
160 };
161
162 AuthorizationSet auth_set(params, array_length(params));
163
164 keymaster_error_t kmer_invalid_origination =
165 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
166 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
167 }
168
TEST_F(KeymasterBaseTest,TestValidOriginationExpireTime)169 TEST_F(KeymasterBaseTest, TestValidOriginationExpireTime) {
170 keymaster_key_param_t params[] = {
171 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
172 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, future_time),
173 };
174
175 AuthorizationSet auth_set(params, array_length(params));
176
177 keymaster_error_t kmer_valid_origination =
178 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
179 ASSERT_EQ(KM_ERROR_OK, kmer_valid_origination);
180 }
181
TEST_F(KeymasterBaseTest,TestInvalidUsageExpireTime)182 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTime) {
183 keymaster_key_param_t params[] = {
184 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
185 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
186 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
187 };
188
189 AuthorizationSet auth_set(params, array_length(params));
190
191 keymaster_error_t kmer_invalid_origination =
192 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
193 ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmer_invalid_origination);
194 }
195
TEST_F(KeymasterBaseTest,TestInvalidPubkeyUsageExpireTime)196 TEST_F(KeymasterBaseTest, TestInvalidPubkeyUsageExpireTime) {
197 keymaster_key_param_t params[] = {
198 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
199 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
200 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
201 };
202
203 AuthorizationSet auth_set(params, array_length(params));
204
205 keymaster_error_t kmer_invalid_origination =
206 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
207 // Pubkey ops allowed.
208 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
209 }
210
TEST_F(KeymasterBaseTest,TestInvalidUsageExpireTimeOnOrigination)211 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTimeOnOrigination) {
212 keymaster_key_param_t params[] = {
213 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
214 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
215 };
216
217 AuthorizationSet auth_set(params, array_length(params));
218
219 keymaster_error_t kmer_invalid_origination =
220 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
221 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
222 }
223
TEST_F(KeymasterBaseTest,TestValidUsageExpireTime)224 TEST_F(KeymasterBaseTest, TestValidUsageExpireTime) {
225 keymaster_key_param_t params[] = {
226 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
227 Authorization(TAG_USAGE_EXPIRE_DATETIME, future_time),
228 };
229
230 AuthorizationSet auth_set(params, array_length(params));
231
232 keymaster_error_t kmer_valid_usage =
233 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
234 ASSERT_EQ(KM_ERROR_OK, kmer_valid_usage);
235 }
236
TEST_F(KeymasterBaseTest,TestValidSingleUseAccesses)237 TEST_F(KeymasterBaseTest, TestValidSingleUseAccesses) {
238 keymaster_key_param_t params[] = {
239 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
240 };
241
242 AuthorizationSet auth_set(params, array_length(params));
243
244 keymaster_error_t kmer1 =
245 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
246 keymaster_error_t kmer2 =
247 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
248
249 ASSERT_EQ(KM_ERROR_OK, kmer1);
250 ASSERT_EQ(KM_ERROR_OK, kmer2);
251 }
252
TEST_F(KeymasterBaseTest,TestInvalidMaxOps)253 TEST_F(KeymasterBaseTest, TestInvalidMaxOps) {
254 keymaster_key_param_t params[] = {
255 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
256 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
257 Authorization(TAG_MAX_USES_PER_BOOT, 4),
258 };
259
260 AuthorizationSet auth_set(params, array_length(params));
261
262 ASSERT_EQ(KM_ERROR_OK,
263 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
264 ASSERT_EQ(KM_ERROR_OK,
265 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
266 ASSERT_EQ(KM_ERROR_OK,
267 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
268 ASSERT_EQ(KM_ERROR_OK,
269 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
270 ASSERT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
271 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
272 // Pubkey ops allowed.
273 ASSERT_EQ(KM_ERROR_OK,
274 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
275 }
276
TEST_F(KeymasterBaseTest,TestOverFlowMaxOpsTable)277 TEST_F(KeymasterBaseTest, TestOverFlowMaxOpsTable) {
278 keymaster_key_param_t params[] = {
279 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
280 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
281 Authorization(TAG_MAX_USES_PER_BOOT, 2),
282 };
283
284 AuthorizationSet auth_set(params, array_length(params));
285
286 EXPECT_EQ(KM_ERROR_OK,
287 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
288
289 EXPECT_EQ(KM_ERROR_OK,
290 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 2 /* key_id */, AuthProxy(auth_set, empty)));
291
292 EXPECT_EQ(KM_ERROR_OK,
293 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 3 /* key_id */, AuthProxy(auth_set, empty)));
294
295 // Key 4 should fail, because table is full.
296 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
297 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, AuthProxy(auth_set, empty)));
298
299 // Key 1 still works, because it's already in the table and hasn't reached max.
300 EXPECT_EQ(KM_ERROR_OK,
301 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
302
303 // Key 1 no longer works, because it's reached max.
304 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
305 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
306
307 // Key 4 should fail, because table is (still and forever) full.
308 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
309 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, AuthProxy(auth_set, empty)));
310
311 // Pubkey ops allowed.
312 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
313 AuthProxy(auth_set, empty)));
314 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */,
315 AuthProxy(auth_set, empty)));
316 }
317
TEST_F(KeymasterBaseTest,TestInvalidTimeBetweenOps)318 TEST_F(KeymasterBaseTest, TestInvalidTimeBetweenOps) {
319 keymaster_key_param_t params[] = {
320 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
321 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
322 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 10),
323 };
324
325 AuthorizationSet auth_set(params, array_length(params));
326
327 keymaster_error_t kmer1 =
328 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
329 keymaster_error_t kmer2 =
330 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
331 keymaster_error_t kmer3 =
332 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
333
334 ASSERT_EQ(KM_ERROR_OK, kmer1);
335 kmen.tick(2);
336 ASSERT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED, kmer2);
337
338 // Allowed because it's a pubkey op.
339 ASSERT_EQ(KM_ERROR_OK, kmer3);
340 }
341
TEST_F(KeymasterBaseTest,TestValidTimeBetweenOps)342 TEST_F(KeymasterBaseTest, TestValidTimeBetweenOps) {
343 keymaster_key_param_t params[] = {
344 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
345 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
346 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 2),
347 };
348
349 AuthorizationSet auth_set(params, array_length(params));
350
351 EXPECT_EQ(KM_ERROR_OK,
352 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
353 kmen.tick();
354 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
355 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
356 kmen.tick();
357 EXPECT_EQ(KM_ERROR_OK,
358 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
359 }
360
TEST_F(KeymasterBaseTest,TestOptTimeoutTableOverflow)361 TEST_F(KeymasterBaseTest, TestOptTimeoutTableOverflow) {
362 keymaster_key_param_t params[] = {
363 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
364 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4),
365 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
366 };
367
368 AuthorizationSet auth_set(params, array_length(params));
369
370 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
371 AuthProxy(auth_set, empty)));
372
373 kmen.tick();
374
375 // Key 1 fails because it's too soon
376 EXPECT_EQ(
377 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
378 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
379
380 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */,
381 AuthProxy(auth_set, empty)));
382
383 kmen.tick();
384
385 // Key 1 fails because it's too soon
386 EXPECT_EQ(
387 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
388 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
389 // Key 2 fails because it's too soon
390 EXPECT_EQ(
391 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
392 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
393
394 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */,
395 AuthProxy(auth_set, empty)));
396
397 kmen.tick();
398
399 // Key 1 fails because it's too soon
400 EXPECT_EQ(
401 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
402 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
403 // Key 2 fails because it's too soon
404 EXPECT_EQ(
405 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
406 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
407 // Key 3 fails because it's too soon
408 EXPECT_EQ(
409 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
410 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
411 // Key 4 fails because the table is full
412 EXPECT_EQ(
413 KM_ERROR_TOO_MANY_OPERATIONS,
414 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, AuthProxy(auth_set, empty)));
415
416 kmen.tick();
417
418 // Key 4 succeeds because key 1 expired.
419 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */,
420 AuthProxy(auth_set, empty)));
421
422 // Key 1 fails because the table is full... and key 1 is no longer in it.
423 EXPECT_EQ(
424 KM_ERROR_TOO_MANY_OPERATIONS,
425 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
426 // Key 2 fails because it's too soon
427 EXPECT_EQ(
428 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
429 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
430 // Key 3 fails because it's too soon
431 EXPECT_EQ(
432 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
433 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
434
435 kmen.tick();
436
437 // Key 1 succeeds because key 2 expired
438 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
439 AuthProxy(auth_set, empty)));
440 // Key 2 fails because the table is full... and key 2 is no longer in it.
441 EXPECT_EQ(
442 KM_ERROR_TOO_MANY_OPERATIONS,
443 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
444 // Key 3 fails because it's too soon
445 EXPECT_EQ(
446 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
447 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
448 // Key 4 fails because it's too soon
449 EXPECT_EQ(
450 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
451 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, AuthProxy(auth_set, empty)));
452
453 kmen.tick(4);
454
455 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
456 AuthProxy(auth_set, empty)));
457 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */,
458 AuthProxy(auth_set, empty)));
459 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */,
460 AuthProxy(auth_set, empty)));
461 }
462
TEST_F(KeymasterBaseTest,TestPubkeyOptTimeoutTableOverflow)463 TEST_F(KeymasterBaseTest, TestPubkeyOptTimeoutTableOverflow) {
464 keymaster_key_param_t params[] = {
465 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
466 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4),
467 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
468 };
469
470 AuthorizationSet auth_set(params, array_length(params));
471
472 EXPECT_EQ(KM_ERROR_OK,
473 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
474
475 kmen.tick();
476
477 // Key 1 fails because it's too soon
478 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
479 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
480 // Too soo, but pubkey ops allowed.
481 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
482 AuthProxy(auth_set, empty)));
483 }
484
TEST_F(KeymasterBaseTest,TestInvalidPurpose)485 TEST_F(KeymasterBaseTest, TestInvalidPurpose) {
486 keymaster_purpose_t invalidPurpose1 = static_cast<keymaster_purpose_t>(-1);
487 keymaster_purpose_t invalidPurpose2 = static_cast<keymaster_purpose_t>(4);
488
489 AuthorizationSet auth_set(
490 AuthorizationSetBuilder().Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY));
491
492 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
493 kmen.AuthorizeOperation(invalidPurpose1, key_id, AuthProxy(auth_set, empty)));
494 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
495 kmen.AuthorizeOperation(invalidPurpose2, key_id, AuthProxy(auth_set, empty)));
496 }
497
TEST_F(KeymasterBaseTest,TestIncompatiblePurposeSymmetricKey)498 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeSymmetricKey) {
499 AuthorizationSet auth_set(AuthorizationSetBuilder()
500 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
501 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
502 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
503
504 EXPECT_EQ(KM_ERROR_OK,
505 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
506 EXPECT_EQ(KM_ERROR_OK,
507 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
508
509 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
510 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(auth_set, empty)));
511 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
512 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, AuthProxy(auth_set, empty)));
513 }
514
TEST_F(KeymasterBaseTest,TestIncompatiblePurposeAssymmetricKey)515 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeAssymmetricKey) {
516 AuthorizationSet auth_set(AuthorizationSetBuilder()
517 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
518 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
519 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
520
521 EXPECT_EQ(KM_ERROR_OK,
522 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
523 EXPECT_EQ(KM_ERROR_OK,
524 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
525
526 // This one is allowed because it's a pubkey op.
527 EXPECT_EQ(KM_ERROR_OK,
528 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(auth_set, empty)));
529 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
530 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, AuthProxy(auth_set, empty)));
531 }
532
TEST_F(KeymasterBaseTest,TestInvalidCallerNonce)533 TEST_F(KeymasterBaseTest, TestInvalidCallerNonce) {
534 AuthorizationSet no_caller_nonce(AuthorizationSetBuilder()
535 .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
536 .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
537 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES));
538 AuthorizationSet caller_nonce(AuthorizationSetBuilder()
539 .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
540 .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
541 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC)
542 .Authorization(TAG_CALLER_NONCE));
543 AuthorizationSet begin_params(AuthorizationSetBuilder().Authorization(TAG_NONCE, "foo", 3));
544
545 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
546 KM_PURPOSE_ENCRYPT, key_id, AuthProxy(caller_nonce, empty),
547 begin_params, 0 /* challenge */, true /* is_begin_operation */));
548 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
549 KM_PURPOSE_DECRYPT, key_id, AuthProxy(caller_nonce, empty),
550 begin_params, 0 /* challenge */, true /* is_begin_operation */));
551 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
552 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(no_caller_nonce, empty),
553 begin_params, 0 /* challenge */,
554 true /* is_begin_operation */));
555 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
556 KM_PURPOSE_DECRYPT, key_id, AuthProxy(no_caller_nonce, empty),
557 begin_params, 0 /* challenge */, true /* is_begin_operation */));
558 }
559
TEST_F(KeymasterBaseTest,TestBootloaderOnly)560 TEST_F(KeymasterBaseTest, TestBootloaderOnly) {
561 AuthorizationSet auth_set(AuthorizationSetBuilder()
562 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
563 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
564 .Authorization(TAG_BOOTLOADER_ONLY));
565 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
566 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
567
568 // Pubkey ops allowed.
569 EXPECT_EQ(KM_ERROR_OK,
570 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
571 }
572
TEST_F(KeymasterBaseTest,TestInvalidTag)573 TEST_F(KeymasterBaseTest, TestInvalidTag) {
574 AuthorizationSet auth_set(AuthorizationSetBuilder()
575 .Authorization(TAG_INVALID)
576 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
577
578 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
579 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
580 }
581
TEST_F(KeymasterBaseTest,TestAuthPerOpSuccess)582 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccess) {
583 hw_auth_token_t token;
584 memset(&token, 0, sizeof(token));
585 token.version = HW_AUTH_TOKEN_VERSION;
586 token.challenge = 99;
587 token.user_id = 9;
588 token.authenticator_id = 0;
589 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
590 token.timestamp = 0;
591
592 AuthorizationSet auth_set(AuthorizationSetBuilder()
593 .Authorization(TAG_USER_SECURE_ID, token.user_id)
594 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
595 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
596
597 AuthorizationSet op_params;
598 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
599
600 EXPECT_EQ(KM_ERROR_OK,
601 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
602 op_params, token.challenge, false /* is_begin_operation */));
603 }
604
TEST_F(KeymasterBaseTest,TestAuthPerOpInvalidTokenSignature)605 TEST_F(KeymasterBaseTest, TestAuthPerOpInvalidTokenSignature) {
606 hw_auth_token_t token;
607 memset(&token, 0, sizeof(token));
608 token.version = HW_AUTH_TOKEN_VERSION;
609 token.challenge = 99;
610 token.user_id = 9;
611 token.authenticator_id = 0;
612 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
613 token.timestamp = 0;
614
615 AuthorizationSet auth_set(AuthorizationSetBuilder()
616 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
617 .Authorization(TAG_USER_SECURE_ID, token.user_id)
618 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
619 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
620
621 AuthorizationSet op_params;
622 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
623
624 kmen.set_report_token_valid(false);
625 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
626 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
627 op_params, token.challenge, false /* is_begin_operation */));
628 // Pubkey ops allowed.
629 EXPECT_EQ(KM_ERROR_OK,
630 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
631 op_params, token.challenge, false /* is_begin_operation */));
632 }
633
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongChallenge)634 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongChallenge) {
635 hw_auth_token_t token;
636 memset(&token, 0, sizeof(token));
637 token.version = HW_AUTH_TOKEN_VERSION;
638 token.challenge = 99;
639 token.user_id = 9;
640 token.authenticator_id = 0;
641 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
642 token.timestamp = 0;
643
644 AuthorizationSet auth_set(AuthorizationSetBuilder()
645 .Authorization(TAG_USER_SECURE_ID, token.user_id)
646 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
647 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
648
649 AuthorizationSet op_params;
650 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
651
652 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
653 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
654 op_params, token.challenge + 1 /* doesn't match token */,
655 false /* is_begin_operation */));
656 }
657
TEST_F(KeymasterBaseTest,TestAuthPerOpNoAuthType)658 TEST_F(KeymasterBaseTest, TestAuthPerOpNoAuthType) {
659 hw_auth_token_t token;
660 memset(&token, 0, sizeof(token));
661 token.version = HW_AUTH_TOKEN_VERSION;
662 token.challenge = 99;
663 token.user_id = 9;
664 token.authenticator_id = 0;
665 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
666 token.timestamp = 0;
667
668 AuthorizationSet auth_set(AuthorizationSetBuilder()
669 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
670 .Authorization(TAG_USER_SECURE_ID, token.user_id)
671 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
672
673 AuthorizationSet op_params;
674 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
675
676 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
677 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
678 op_params, token.challenge, false /* is_begin_operation */));
679 // Pubkey ops allowed.
680 EXPECT_EQ(KM_ERROR_OK,
681 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
682 op_params, token.challenge, false /* is_begin_operation */));
683 }
684
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongAuthType)685 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongAuthType) {
686 hw_auth_token_t token;
687 memset(&token, 0, sizeof(token));
688 token.version = HW_AUTH_TOKEN_VERSION;
689 token.challenge = 99;
690 token.user_id = 9;
691 token.authenticator_id = 0;
692 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
693 token.timestamp = 0;
694
695 AuthorizationSet auth_set(
696 AuthorizationSetBuilder()
697 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
698 .Authorization(TAG_USER_SECURE_ID, token.user_id)
699 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_FINGERPRINT /* doesn't match token */)
700 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
701
702 AuthorizationSet op_params;
703 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
704
705 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
706 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
707 op_params, token.challenge, false /* is_begin_operation */));
708 // Pubkey ops allowed.
709 EXPECT_EQ(KM_ERROR_OK,
710 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
711 op_params, token.challenge, false /* is_begin_operation */));
712 }
713
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongSid)714 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongSid) {
715 hw_auth_token_t token;
716 memset(&token, 0, sizeof(token));
717 token.version = HW_AUTH_TOKEN_VERSION;
718 token.challenge = 99;
719 token.user_id = 9;
720 token.authenticator_id = 0;
721 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
722 token.timestamp = 0;
723
724 AuthorizationSet auth_set(
725 AuthorizationSetBuilder()
726 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
727 .Authorization(TAG_USER_SECURE_ID, token.user_id + 1 /* doesn't match token */)
728 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
729 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
730
731 AuthorizationSet op_params;
732 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
733
734 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
735 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
736 op_params, token.challenge, false /* is_begin_operation */));
737 // Pubkey op allowed.
738 EXPECT_EQ(KM_ERROR_OK,
739 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
740 op_params, token.challenge, false /* is_begin_operation */));
741 }
742
TEST_F(KeymasterBaseTest,TestAuthPerOpSuccessAlternateSid)743 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccessAlternateSid) {
744 hw_auth_token_t token;
745 memset(&token, 0, sizeof(token));
746 token.version = HW_AUTH_TOKEN_VERSION;
747 token.challenge = 99;
748 token.user_id = 9;
749 token.authenticator_id = 10;
750 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
751 token.timestamp = 0;
752
753 AuthorizationSet auth_set(AuthorizationSetBuilder()
754 .Authorization(TAG_USER_SECURE_ID, token.authenticator_id)
755 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
756 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
757
758 AuthorizationSet op_params;
759 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
760
761 EXPECT_EQ(KM_ERROR_OK,
762 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
763 op_params, token.challenge, false /* is_begin_operation */));
764 }
765
TEST_F(KeymasterBaseTest,TestAuthPerOpMissingToken)766 TEST_F(KeymasterBaseTest, TestAuthPerOpMissingToken) {
767 hw_auth_token_t token;
768 memset(&token, 0, sizeof(token));
769 token.version = HW_AUTH_TOKEN_VERSION;
770 token.challenge = 99;
771 token.user_id = 9;
772 token.authenticator_id = 0;
773 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
774 token.timestamp = 0;
775
776 AuthorizationSet auth_set(AuthorizationSetBuilder()
777 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
778 .Authorization(TAG_USER_SECURE_ID, token.user_id)
779 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
780 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
781
782 AuthorizationSet op_params;
783
784 // During begin we can skip the auth token
785 EXPECT_EQ(KM_ERROR_OK,
786 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
787 op_params, token.challenge, true /* is_begin_operation */));
788 // Afterwards we must have authentication
789 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
790 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
791 op_params, token.challenge, false /* is_begin_operation */));
792 // Pubkey ops allowed
793 EXPECT_EQ(KM_ERROR_OK,
794 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
795 op_params, token.challenge, false /* is_begin_operation */));
796
797 auth_set.Reinitialize(AuthorizationSetBuilder()
798 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
799 .Authorization(TAG_USER_SECURE_ID, token.user_id)
800 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
801 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
802 .build());
803
804 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
805 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
806 op_params, token.challenge, false /* is_begin_operation */));
807 }
808
TEST_F(KeymasterBaseTest,TestAuthAndNoAuth)809 TEST_F(KeymasterBaseTest, TestAuthAndNoAuth) {
810 AuthorizationSet auth_set(AuthorizationSetBuilder()
811 .Authorization(TAG_USER_SECURE_ID, 1)
812 .Authorization(TAG_NO_AUTH_REQUIRED)
813 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
814
815 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
816 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
817 }
818
TEST_F(KeymasterBaseTest,TestTimedAuthSuccess)819 TEST_F(KeymasterBaseTest, TestTimedAuthSuccess) {
820 hw_auth_token_t token;
821 memset(&token, 0, sizeof(token));
822 token.version = HW_AUTH_TOKEN_VERSION;
823 token.challenge = 99;
824 token.user_id = 9;
825 token.authenticator_id = 0;
826 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
827 token.timestamp = hton(kmen.current_time());
828
829 AuthorizationSet auth_set(AuthorizationSetBuilder()
830 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
831 .Authorization(TAG_USER_SECURE_ID, token.user_id)
832 .Authorization(TAG_AUTH_TIMEOUT, 1)
833 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
834 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
835
836 AuthorizationSet op_params;
837 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
838
839 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
840 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
841 0 /* irrelevant */, false /* is_begin_operation */));
842 }
843
TEST_F(KeymasterBaseTest,TestTimedAuthTimedOut)844 TEST_F(KeymasterBaseTest, TestTimedAuthTimedOut) {
845 hw_auth_token_t token;
846 memset(&token, 0, sizeof(token));
847 token.version = HW_AUTH_TOKEN_VERSION;
848 token.challenge = 99;
849 token.user_id = 9;
850 token.authenticator_id = 0;
851 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
852 token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
853
854 AuthorizationSet auth_set(AuthorizationSetBuilder()
855 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
856 .Authorization(TAG_USER_SECURE_ID, token.user_id)
857 .Authorization(TAG_AUTH_TIMEOUT, 1)
858 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
859 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
860
861 AuthorizationSet op_params;
862 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
863
864 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
865 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
866 0 /* irrelevant */, false /* is_begin_operation */));
867
868 kmen.tick(1);
869
870 // token still good
871 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
872 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
873 0 /* irrelevant */, false /* is_begin_operation */));
874
875 kmen.tick(1);
876
877 // token expired, not allowed during begin.
878 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
879 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
880 op_params, 0 /* irrelevant */,
881 true /* is_begin_operation */));
882
883 // token expired, afterwards it's okay.
884 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
885 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
886 0 /* irrelevant */, false /* is_begin_operation */));
887
888 // Pubkey ops allowed.
889 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
890 KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty), op_params,
891 0 /* irrelevant */, true /* is_begin_operation */));
892 }
893
TEST_F(KeymasterBaseTest,TestTimedAuthMissingToken)894 TEST_F(KeymasterBaseTest, TestTimedAuthMissingToken) {
895 hw_auth_token_t token;
896 memset(&token, 0, sizeof(token));
897 token.version = HW_AUTH_TOKEN_VERSION;
898 token.challenge = 99;
899 token.user_id = 9;
900 token.authenticator_id = 0;
901 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
902 token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
903
904 AuthorizationSet auth_set(AuthorizationSetBuilder()
905 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
906 .Authorization(TAG_USER_SECURE_ID, token.user_id)
907 .Authorization(TAG_AUTH_TIMEOUT, 1)
908 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
909 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
910
911 AuthorizationSet op_params;
912
913 // Unlike auth-per-op, must have the auth token during begin.
914 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
915 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
916 op_params, token.challenge, true /* is_begin_operation */));
917
918 // Later we don't check (though begin would fail, so there wouldn't be a later).
919 EXPECT_EQ(KM_ERROR_OK,
920 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
921 op_params, token.challenge, false /* is_begin_operation */));
922
923 // Pubkey ops allowed.
924 EXPECT_EQ(KM_ERROR_OK,
925 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
926 op_params, token.challenge, true /* is_begin_operation */));
927 }
928
TEST_F(KeymasterBaseTest,TestCreateKeyId)929 TEST_F(KeymasterBaseTest, TestCreateKeyId) {
930 keymaster_key_blob_t blob = {reinterpret_cast<const uint8_t*>("foobar"), 6};
931
932 km_id_t key_id = 0;
933 EXPECT_TRUE(kmen.CreateKeyId(blob, &key_id));
934 EXPECT_NE(0U, key_id);
935 }
936
937 }; /* namespace test */
938 }; /* namespace keymaster */
939