1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <stdio.h>
19 #include <time.h>
20
21 #include <keymaster/android_keymaster.h>
22 #include <keymaster/authorization_set.h>
23 #include <keymaster/keymaster_enforcement.h>
24
25 #include "android_keymaster_test_utils.h"
26
27 namespace keymaster {
28 namespace test {
29
30 class TestKeymasterEnforcement : public KeymasterEnforcement {
31 public:
TestKeymasterEnforcement()32 TestKeymasterEnforcement()
33 : KeymasterEnforcement(3, 3), current_time_(10000), report_token_valid_(true) {}
34
AuthorizeOperation(const keymaster_purpose_t purpose,const km_id_t keyid,const AuthorizationSet & auth_set)35 keymaster_error_t AuthorizeOperation(const keymaster_purpose_t purpose, const km_id_t keyid,
36 const AuthorizationSet& auth_set) {
37 AuthorizationSet empty_set;
38 return KeymasterEnforcement::AuthorizeOperation(
39 purpose, keyid, auth_set, empty_set, 0 /* op_handle */, true /* is_begin_operation */);
40 }
41 using KeymasterEnforcement::AuthorizeOperation;
42
get_current_time() const43 uint32_t get_current_time() const override { return current_time_; }
activation_date_valid(uint64_t activation_date) const44 bool activation_date_valid(uint64_t activation_date) const override {
45 // Convert java date to time_t, non-portably.
46 time_t activation_time = activation_date / 1000;
47 return difftime(time(NULL), activation_time) >= 0;
48 }
expiration_date_passed(uint64_t expiration_date) const49 bool expiration_date_passed(uint64_t expiration_date) const override {
50 // Convert jave date to time_t, non-portably.
51 time_t expiration_time = expiration_date / 1000;
52 return difftime(time(NULL), expiration_time) > 0;
53 }
auth_token_timed_out(const hw_auth_token_t & token,uint32_t timeout) const54 bool auth_token_timed_out(const hw_auth_token_t& token, uint32_t timeout) const {
55 return current_time_ > ntoh(token.timestamp) + timeout;
56 }
ValidateTokenSignature(const hw_auth_token_t &) const57 bool ValidateTokenSignature(const hw_auth_token_t&) const override {
58 return report_token_valid_;
59 }
60
tick(unsigned seconds=1)61 void tick(unsigned seconds = 1) { current_time_ += seconds; }
current_time()62 uint32_t current_time() { return current_time_; }
set_report_token_valid(bool report_token_valid)63 void set_report_token_valid(bool report_token_valid) {
64 report_token_valid_ = report_token_valid;
65 }
66
67 private:
68 uint32_t current_time_;
69 bool report_token_valid_;
70 };
71
72 class KeymasterBaseTest : public ::testing::Test {
73 protected:
KeymasterBaseTest()74 KeymasterBaseTest() {
75 past_time = 0;
76
77 time_t t = time(NULL);
78 future_tm = localtime(&t);
79 future_tm->tm_year += 1;
80 future_time = static_cast<uint64_t>(mktime(future_tm)) * 1000;
81 sign_param = Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
82 }
~KeymasterBaseTest()83 virtual ~KeymasterBaseTest() {}
84
85 TestKeymasterEnforcement kmen;
86
87 tm past_tm;
88 tm* future_tm;
89 uint64_t past_time;
90 uint64_t future_time;
91 static const km_id_t key_id = 0xa;
92 static const uid_t uid = 0xf;
93 keymaster_key_param_t sign_param;
94 };
95
TEST_F(KeymasterBaseTest,TestValidKeyPeriodNoTags)96 TEST_F(KeymasterBaseTest, TestValidKeyPeriodNoTags) {
97 keymaster_key_param_t params[] = {
98 sign_param,
99 };
100 AuthorizationSet single_auth_set(params, array_length(params));
101
102 keymaster_error_t kmer = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, single_auth_set);
103 ASSERT_EQ(KM_ERROR_OK, kmer);
104 }
105
TEST_F(KeymasterBaseTest,TestInvalidActiveTime)106 TEST_F(KeymasterBaseTest, TestInvalidActiveTime) {
107 keymaster_key_param_t params[] = {
108 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
109 Authorization(TAG_NO_AUTH_REQUIRED), Authorization(TAG_ACTIVE_DATETIME, future_time),
110 };
111
112 AuthorizationSet auth_set(params, array_length(params));
113
114 ASSERT_EQ(KM_ERROR_KEY_NOT_YET_VALID,
115 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
116
117 // Pubkey ops allowed.
118 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
119 }
120
TEST_F(KeymasterBaseTest,TestValidActiveTime)121 TEST_F(KeymasterBaseTest, TestValidActiveTime) {
122 keymaster_key_param_t params[] = {
123 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ACTIVE_DATETIME, past_time),
124 };
125
126 AuthorizationSet auth_set(params, array_length(params));
127
128 keymaster_error_t kmer_valid_time = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
129 ASSERT_EQ(KM_ERROR_OK, kmer_valid_time);
130 }
131
TEST_F(KeymasterBaseTest,TestInvalidOriginationExpireTime)132 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTime) {
133 keymaster_key_param_t params[] = {
134 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
135 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
136 };
137
138 AuthorizationSet auth_set(params, array_length(params));
139
140 ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
141
142 // Pubkey ops allowed.
143 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
144 }
145
TEST_F(KeymasterBaseTest,TestInvalidOriginationExpireTimeOnUsgae)146 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTimeOnUsgae) {
147 keymaster_key_param_t params[] = {
148 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
149 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
150 };
151
152 AuthorizationSet auth_set(params, array_length(params));
153
154 keymaster_error_t kmer_invalid_origination =
155 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
156 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
157 }
158
TEST_F(KeymasterBaseTest,TestValidOriginationExpireTime)159 TEST_F(KeymasterBaseTest, TestValidOriginationExpireTime) {
160 keymaster_key_param_t params[] = {
161 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
162 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, future_time),
163 };
164
165 AuthorizationSet auth_set(params, array_length(params));
166
167 keymaster_error_t kmer_valid_origination =
168 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
169 ASSERT_EQ(KM_ERROR_OK, kmer_valid_origination);
170 }
171
TEST_F(KeymasterBaseTest,TestInvalidUsageExpireTime)172 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTime) {
173 keymaster_key_param_t params[] = {
174 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
175 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
176 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
177 };
178
179 AuthorizationSet auth_set(params, array_length(params));
180
181 keymaster_error_t kmer_invalid_origination =
182 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
183 ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmer_invalid_origination);
184 }
185
TEST_F(KeymasterBaseTest,TestInvalidPubkeyUsageExpireTime)186 TEST_F(KeymasterBaseTest, TestInvalidPubkeyUsageExpireTime) {
187 keymaster_key_param_t params[] = {
188 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
189 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
190 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
191 };
192
193 AuthorizationSet auth_set(params, array_length(params));
194
195 keymaster_error_t kmer_invalid_origination =
196 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
197 // Pubkey ops allowed.
198 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
199 }
200
TEST_F(KeymasterBaseTest,TestInvalidUsageExpireTimeOnOrigination)201 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTimeOnOrigination) {
202 keymaster_key_param_t params[] = {
203 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
204 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
205 };
206
207 AuthorizationSet auth_set(params, array_length(params));
208
209 keymaster_error_t kmer_invalid_origination =
210 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
211 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
212 }
213
TEST_F(KeymasterBaseTest,TestValidUsageExpireTime)214 TEST_F(KeymasterBaseTest, TestValidUsageExpireTime) {
215 keymaster_key_param_t params[] = {
216 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
217 Authorization(TAG_USAGE_EXPIRE_DATETIME, future_time),
218 };
219
220 AuthorizationSet auth_set(params, array_length(params));
221
222 keymaster_error_t kmer_valid_usage =
223 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
224 ASSERT_EQ(KM_ERROR_OK, kmer_valid_usage);
225 }
226
TEST_F(KeymasterBaseTest,TestValidSingleUseAccesses)227 TEST_F(KeymasterBaseTest, TestValidSingleUseAccesses) {
228 keymaster_key_param_t params[] = {
229 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
230 };
231
232 AuthorizationSet auth_set(params, array_length(params));
233
234 keymaster_error_t kmer1 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
235 keymaster_error_t kmer2 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
236
237 ASSERT_EQ(KM_ERROR_OK, kmer1);
238 ASSERT_EQ(KM_ERROR_OK, kmer2);
239 }
240
TEST_F(KeymasterBaseTest,TestInvalidMaxOps)241 TEST_F(KeymasterBaseTest, TestInvalidMaxOps) {
242 keymaster_key_param_t params[] = {
243 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
244 Authorization(TAG_MAX_USES_PER_BOOT, 4),
245 };
246
247 AuthorizationSet auth_set(params, array_length(params));
248
249 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
250 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
251 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
252 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
253 ASSERT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
254 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
255 // Pubkey ops allowed.
256 ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
257 }
258
TEST_F(KeymasterBaseTest,TestOverFlowMaxOpsTable)259 TEST_F(KeymasterBaseTest, TestOverFlowMaxOpsTable) {
260 keymaster_key_param_t params[] = {
261 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
262 Authorization(TAG_MAX_USES_PER_BOOT, 2),
263 };
264
265 AuthorizationSet auth_set(params, array_length(params));
266
267 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
268
269 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 2 /* key_id */, auth_set));
270
271 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 3 /* key_id */, auth_set));
272
273 // Key 4 should fail, because table is full.
274 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
275 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, auth_set));
276
277 // Key 1 still works, because it's already in the table and hasn't reached max.
278 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
279
280 // Key 1 no longer works, because it's reached max.
281 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
282 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
283
284 // Key 4 should fail, because table is (still and forever) full.
285 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
286 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, auth_set));
287
288 // Pubkey ops allowed.
289 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
290 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
291 }
292
TEST_F(KeymasterBaseTest,TestInvalidTimeBetweenOps)293 TEST_F(KeymasterBaseTest, TestInvalidTimeBetweenOps) {
294 keymaster_key_param_t params[] = {
295 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
296 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 10),
297 };
298
299 AuthorizationSet auth_set(params, array_length(params));
300
301 keymaster_error_t kmer1 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
302 keymaster_error_t kmer2 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
303 keymaster_error_t kmer3 = kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
304
305 ASSERT_EQ(KM_ERROR_OK, kmer1);
306 kmen.tick(2);
307 ASSERT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED, kmer2);
308
309 // Allowed because it's a pubkey op.
310 ASSERT_EQ(KM_ERROR_OK, kmer3);
311 }
312
TEST_F(KeymasterBaseTest,TestValidTimeBetweenOps)313 TEST_F(KeymasterBaseTest, TestValidTimeBetweenOps) {
314 keymaster_key_param_t params[] = {
315 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
316 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 2),
317 };
318
319 AuthorizationSet auth_set(params, array_length(params));
320
321 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
322 kmen.tick();
323 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
324 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
325 kmen.tick();
326 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
327 }
328
TEST_F(KeymasterBaseTest,TestOptTimeoutTableOverflow)329 TEST_F(KeymasterBaseTest, TestOptTimeoutTableOverflow) {
330 keymaster_key_param_t params[] = {
331 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
332 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4),
333 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
334 };
335
336 AuthorizationSet auth_set(params, array_length(params));
337
338 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
339
340 kmen.tick();
341
342 // Key 1 fails because it's too soon
343 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
344 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
345
346 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
347
348 kmen.tick();
349
350 // Key 1 fails because it's too soon
351 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
352 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
353 // Key 2 fails because it's too soon
354 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
355 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
356
357 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
358
359 kmen.tick();
360
361 // Key 1 fails because it's too soon
362 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
363 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
364 // Key 2 fails because it's too soon
365 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
366 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
367 // Key 3 fails because it's too soon
368 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
369 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
370 // Key 4 fails because the table is full
371 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
372 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
373
374 kmen.tick();
375
376 // Key 4 succeeds because key 1 expired.
377 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
378
379 // Key 1 fails because the table is full... and key 1 is no longer in it.
380 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
381 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
382 // Key 2 fails because it's too soon
383 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
384 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
385 // Key 3 fails because it's too soon
386 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
387 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
388
389 kmen.tick();
390
391 // Key 1 succeeds because key 2 expired
392 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
393 // Key 2 fails because the table is full... and key 2 is no longer in it.
394 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
395 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
396 // Key 3 fails because it's too soon
397 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
398 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
399 // Key 4 fails because it's too soon
400 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
401 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
402
403 kmen.tick(4);
404
405 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
406 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
407 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
408 }
409
TEST_F(KeymasterBaseTest,TestPubkeyOptTimeoutTableOverflow)410 TEST_F(KeymasterBaseTest, TestPubkeyOptTimeoutTableOverflow) {
411 keymaster_key_param_t params[] = {
412 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
413 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
414 };
415
416 AuthorizationSet auth_set(params, array_length(params));
417
418 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
419
420 kmen.tick();
421
422 // Key 1 fails because it's too soon
423 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
424 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
425 // Too soo, but pubkey ops allowed.
426 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
427 }
428
TEST_F(KeymasterBaseTest,TestInvalidPurpose)429 TEST_F(KeymasterBaseTest, TestInvalidPurpose) {
430 keymaster_purpose_t invalidPurpose1 = static_cast<keymaster_purpose_t>(-1);
431 keymaster_purpose_t invalidPurpose2 = static_cast<keymaster_purpose_t>(4);
432
433 AuthorizationSet auth_set(
434 AuthorizationSetBuilder().Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY));
435
436 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
437 kmen.AuthorizeOperation(invalidPurpose1, key_id, auth_set));
438 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
439 kmen.AuthorizeOperation(invalidPurpose2, key_id, auth_set));
440 }
441
TEST_F(KeymasterBaseTest,TestIncompatiblePurposeSymmetricKey)442 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeSymmetricKey) {
443 AuthorizationSet auth_set(AuthorizationSetBuilder()
444 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
445 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
446 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
447
448 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
449 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
450
451 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
452 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, auth_set));
453 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
454 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, auth_set));
455 }
456
TEST_F(KeymasterBaseTest,TestIncompatiblePurposeAssymmetricKey)457 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeAssymmetricKey) {
458 AuthorizationSet auth_set(AuthorizationSetBuilder()
459 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
460 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
461 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
462
463 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
464 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
465
466 // This one is allowed because it's a pubkey op.
467 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, auth_set));
468 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
469 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, auth_set));
470 }
471
TEST_F(KeymasterBaseTest,TestInvalidCallerNonce)472 TEST_F(KeymasterBaseTest, TestInvalidCallerNonce) {
473 AuthorizationSet no_caller_nonce(AuthorizationSetBuilder()
474 .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
475 .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
476 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES));
477 AuthorizationSet caller_nonce(AuthorizationSetBuilder()
478 .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
479 .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
480 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC)
481 .Authorization(TAG_CALLER_NONCE));
482 AuthorizationSet begin_params(AuthorizationSetBuilder().Authorization(TAG_NONCE, "foo", 3));
483
484 EXPECT_EQ(KM_ERROR_OK,
485 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, caller_nonce, begin_params,
486 0 /* challenge */, true /* is_begin_operation */));
487 EXPECT_EQ(KM_ERROR_OK,
488 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, caller_nonce, begin_params,
489 0 /* challenge */, true /* is_begin_operation */));
490 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
491 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, no_caller_nonce, begin_params,
492 0 /* challenge */, true /* is_begin_operation */));
493 EXPECT_EQ(KM_ERROR_OK,
494 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, no_caller_nonce, begin_params,
495 0 /* challenge */, true /* is_begin_operation */));
496 }
497
TEST_F(KeymasterBaseTest,TestBootloaderOnly)498 TEST_F(KeymasterBaseTest, TestBootloaderOnly) {
499 AuthorizationSet auth_set(AuthorizationSetBuilder()
500 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
501 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
502 .Authorization(TAG_BOOTLOADER_ONLY));
503 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
504 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
505
506 // Pubkey ops allowed.
507 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
508 }
509
TEST_F(KeymasterBaseTest,TestInvalidTag)510 TEST_F(KeymasterBaseTest, TestInvalidTag) {
511 AuthorizationSet auth_set(AuthorizationSetBuilder()
512 .Authorization(TAG_INVALID)
513 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
514
515 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
516 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
517 }
518
TEST_F(KeymasterBaseTest,TestAuthPerOpSuccess)519 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccess) {
520 hw_auth_token_t token;
521 memset(&token, 0, sizeof(token));
522 token.version = HW_AUTH_TOKEN_VERSION;
523 token.challenge = 99;
524 token.user_id = 9;
525 token.authenticator_id = 0;
526 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
527 token.timestamp = 0;
528
529 AuthorizationSet auth_set(AuthorizationSetBuilder()
530 .Authorization(TAG_USER_SECURE_ID, token.user_id)
531 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
532 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
533
534 AuthorizationSet op_params;
535 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
536
537 EXPECT_EQ(KM_ERROR_OK,
538 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
539 false /* is_begin_operation */));
540 }
541
TEST_F(KeymasterBaseTest,TestAuthPerOpInvalidTokenSignature)542 TEST_F(KeymasterBaseTest, TestAuthPerOpInvalidTokenSignature) {
543 hw_auth_token_t token;
544 memset(&token, 0, sizeof(token));
545 token.version = HW_AUTH_TOKEN_VERSION;
546 token.challenge = 99;
547 token.user_id = 9;
548 token.authenticator_id = 0;
549 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
550 token.timestamp = 0;
551
552 AuthorizationSet auth_set(AuthorizationSetBuilder()
553 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
554 .Authorization(TAG_USER_SECURE_ID, token.user_id)
555 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
556 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
557
558 AuthorizationSet op_params;
559 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
560
561 kmen.set_report_token_valid(false);
562 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
563 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
564 false /* is_begin_operation */));
565 // Pubkey ops allowed.
566 EXPECT_EQ(KM_ERROR_OK,
567 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
568 token.challenge, false /* is_begin_operation */));
569 }
570
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongChallenge)571 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongChallenge) {
572 hw_auth_token_t token;
573 memset(&token, 0, sizeof(token));
574 token.version = HW_AUTH_TOKEN_VERSION;
575 token.challenge = 99;
576 token.user_id = 9;
577 token.authenticator_id = 0;
578 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
579 token.timestamp = 0;
580
581 AuthorizationSet auth_set(AuthorizationSetBuilder()
582 .Authorization(TAG_USER_SECURE_ID, token.user_id)
583 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
584 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
585
586 AuthorizationSet op_params;
587 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
588
589 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
590 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
591 token.challenge + 1 /* doesn't match token */,
592 false /* is_begin_operation */));
593 }
594
TEST_F(KeymasterBaseTest,TestAuthPerOpNoAuthType)595 TEST_F(KeymasterBaseTest, TestAuthPerOpNoAuthType) {
596 hw_auth_token_t token;
597 memset(&token, 0, sizeof(token));
598 token.version = HW_AUTH_TOKEN_VERSION;
599 token.challenge = 99;
600 token.user_id = 9;
601 token.authenticator_id = 0;
602 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
603 token.timestamp = 0;
604
605 AuthorizationSet auth_set(AuthorizationSetBuilder()
606 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
607 .Authorization(TAG_USER_SECURE_ID, token.user_id)
608 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
609
610 AuthorizationSet op_params;
611 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
612
613 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
614 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
615 false /* is_begin_operation */));
616 // Pubkey ops allowed.
617 EXPECT_EQ(KM_ERROR_OK,
618 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
619 token.challenge, false /* is_begin_operation */));
620 }
621
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongAuthType)622 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongAuthType) {
623 hw_auth_token_t token;
624 memset(&token, 0, sizeof(token));
625 token.version = HW_AUTH_TOKEN_VERSION;
626 token.challenge = 99;
627 token.user_id = 9;
628 token.authenticator_id = 0;
629 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
630 token.timestamp = 0;
631
632 AuthorizationSet auth_set(
633 AuthorizationSetBuilder()
634 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
635 .Authorization(TAG_USER_SECURE_ID, token.user_id)
636 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_FINGERPRINT /* doesn't match token */)
637 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
638
639 AuthorizationSet op_params;
640 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
641
642 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
643 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
644 false /* is_begin_operation */));
645 // Pubkey ops allowed.
646 EXPECT_EQ(KM_ERROR_OK,
647 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
648 token.challenge, false /* is_begin_operation */));
649 }
650
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongSid)651 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongSid) {
652 hw_auth_token_t token;
653 memset(&token, 0, sizeof(token));
654 token.version = HW_AUTH_TOKEN_VERSION;
655 token.challenge = 99;
656 token.user_id = 9;
657 token.authenticator_id = 0;
658 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
659 token.timestamp = 0;
660
661 AuthorizationSet auth_set(
662 AuthorizationSetBuilder()
663 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
664 .Authorization(TAG_USER_SECURE_ID, token.user_id + 1 /* doesn't match token */)
665 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
666 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
667
668 AuthorizationSet op_params;
669 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
670
671 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
672 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
673 false /* is_begin_operation */));
674 // Pubkey op allowed.
675 EXPECT_EQ(KM_ERROR_OK,
676 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
677 token.challenge, false /* is_begin_operation */));
678 }
679
TEST_F(KeymasterBaseTest,TestAuthPerOpSuccessAlternateSid)680 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccessAlternateSid) {
681 hw_auth_token_t token;
682 memset(&token, 0, sizeof(token));
683 token.version = HW_AUTH_TOKEN_VERSION;
684 token.challenge = 99;
685 token.user_id = 9;
686 token.authenticator_id = 10;
687 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
688 token.timestamp = 0;
689
690 AuthorizationSet auth_set(AuthorizationSetBuilder()
691 .Authorization(TAG_USER_SECURE_ID, token.authenticator_id)
692 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
693 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
694
695 AuthorizationSet op_params;
696 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
697
698 EXPECT_EQ(KM_ERROR_OK,
699 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
700 false /* is_begin_operation */));
701 }
702
TEST_F(KeymasterBaseTest,TestAuthPerOpMissingToken)703 TEST_F(KeymasterBaseTest, TestAuthPerOpMissingToken) {
704 hw_auth_token_t token;
705 memset(&token, 0, sizeof(token));
706 token.version = HW_AUTH_TOKEN_VERSION;
707 token.challenge = 99;
708 token.user_id = 9;
709 token.authenticator_id = 0;
710 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
711 token.timestamp = 0;
712
713 AuthorizationSet auth_set(AuthorizationSetBuilder()
714 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
715 .Authorization(TAG_USER_SECURE_ID, token.user_id)
716 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
717 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
718
719 AuthorizationSet op_params;
720
721 // During begin we can skip the auth token
722 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
723 token.challenge, true /* is_begin_operation */));
724 // Afterwards we must have authentication
725 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
726 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
727 false /* is_begin_operation */));
728 // Pubkey ops allowed
729 EXPECT_EQ(KM_ERROR_OK,
730 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
731 token.challenge, false /* is_begin_operation */));
732
733 auth_set.Reinitialize(AuthorizationSetBuilder()
734 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
735 .Authorization(TAG_USER_SECURE_ID, token.user_id)
736 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
737 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
738 .build());
739
740 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
741 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
742 token.challenge, false /* is_begin_operation */));
743 }
744
TEST_F(KeymasterBaseTest,TestAuthAndNoAuth)745 TEST_F(KeymasterBaseTest, TestAuthAndNoAuth) {
746 AuthorizationSet auth_set(AuthorizationSetBuilder()
747 .Authorization(TAG_USER_SECURE_ID, 1)
748 .Authorization(TAG_NO_AUTH_REQUIRED)
749 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
750
751 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
752 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
753 }
754
TEST_F(KeymasterBaseTest,TestTimedAuthSuccess)755 TEST_F(KeymasterBaseTest, TestTimedAuthSuccess) {
756 hw_auth_token_t token;
757 memset(&token, 0, sizeof(token));
758 token.version = HW_AUTH_TOKEN_VERSION;
759 token.challenge = 99;
760 token.user_id = 9;
761 token.authenticator_id = 0;
762 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
763 token.timestamp = hton(kmen.current_time());
764
765 AuthorizationSet auth_set(AuthorizationSetBuilder()
766 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
767 .Authorization(TAG_USER_SECURE_ID, token.user_id)
768 .Authorization(TAG_AUTH_TIMEOUT, 1)
769 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
770 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
771
772 AuthorizationSet op_params;
773 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
774
775 EXPECT_EQ(KM_ERROR_OK,
776 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
777 0 /* irrelevant */, false /* is_begin_operation */));
778 }
779
TEST_F(KeymasterBaseTest,TestTimedAuthTimedOut)780 TEST_F(KeymasterBaseTest, TestTimedAuthTimedOut) {
781 hw_auth_token_t token;
782 memset(&token, 0, sizeof(token));
783 token.version = HW_AUTH_TOKEN_VERSION;
784 token.challenge = 99;
785 token.user_id = 9;
786 token.authenticator_id = 0;
787 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
788 token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
789
790 AuthorizationSet auth_set(AuthorizationSetBuilder()
791 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
792 .Authorization(TAG_USER_SECURE_ID, token.user_id)
793 .Authorization(TAG_AUTH_TIMEOUT, 1)
794 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
795 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
796
797 AuthorizationSet op_params;
798 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
799
800 EXPECT_EQ(KM_ERROR_OK,
801 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
802 0 /* irrelevant */, false /* is_begin_operation */));
803
804 kmen.tick(1);
805
806 // token still good
807 EXPECT_EQ(KM_ERROR_OK,
808 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
809 0 /* irrelevant */, false /* is_begin_operation */));
810
811 kmen.tick(1);
812
813 // token expired, not allowed during begin.
814 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
815 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
816 0 /* irrelevant */, true /* is_begin_operation */));
817
818 // token expired, afterwards it's okay.
819 EXPECT_EQ(KM_ERROR_OK,
820 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
821 0 /* irrelevant */, false /* is_begin_operation */));
822
823 // Pubkey ops allowed.
824 EXPECT_EQ(KM_ERROR_OK,
825 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
826 0 /* irrelevant */, true /* is_begin_operation */));
827 }
828
TEST_F(KeymasterBaseTest,TestTimedAuthMissingToken)829 TEST_F(KeymasterBaseTest, TestTimedAuthMissingToken) {
830 hw_auth_token_t token;
831 memset(&token, 0, sizeof(token));
832 token.version = HW_AUTH_TOKEN_VERSION;
833 token.challenge = 99;
834 token.user_id = 9;
835 token.authenticator_id = 0;
836 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
837 token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
838
839 AuthorizationSet auth_set(AuthorizationSetBuilder()
840 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
841 .Authorization(TAG_USER_SECURE_ID, token.user_id)
842 .Authorization(TAG_AUTH_TIMEOUT, 1)
843 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
844 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
845
846 AuthorizationSet op_params;
847
848 // Unlike auth-per-op, must have the auth token during begin.
849 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
850 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
851 true /* is_begin_operation */));
852
853 // Later we don't check (though begin would fail, so there wouldn't be a later).
854 EXPECT_EQ(KM_ERROR_OK,
855 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
856 false /* is_begin_operation */));
857
858 // Pubkey ops allowed.
859 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
860 token.challenge, true /* is_begin_operation */));
861 }
862
TEST_F(KeymasterBaseTest,TestCreateKeyId)863 TEST_F(KeymasterBaseTest, TestCreateKeyId) {
864 keymaster_key_blob_t blob = {reinterpret_cast<const uint8_t*>("foobar"), 6};
865
866 km_id_t key_id = 0;
867 EXPECT_TRUE(KeymasterEnforcement::CreateKeyId(blob, &key_id));
868 EXPECT_NE(0U, key_id);
869 }
870
871 }; /* namespace test */
872 }; /* namespace keymaster */
873