1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <stdio.h>
19 #include <time.h>
20
21 #include <keymaster/android_keymaster.h>
22 #include <keymaster/authorization_set.h>
23 #include <keymaster/km_openssl/soft_keymaster_enforcement.h>
24
25 #include "android_keymaster_test_utils.h"
26
27 namespace keymaster {
28 namespace test {
29
30 class TestKeymasterEnforcement : public SoftKeymasterEnforcement {
31 public:
TestKeymasterEnforcement()32 TestKeymasterEnforcement()
33 : SoftKeymasterEnforcement(3, 3), current_time_(10000), report_token_valid_(true) {}
34
AuthorizeOperation(const keymaster_purpose_t purpose,const km_id_t keyid,const AuthProxy & auth_set)35 keymaster_error_t AuthorizeOperation(const keymaster_purpose_t purpose, const km_id_t keyid,
36 const AuthProxy& auth_set) {
37 AuthorizationSet empty_set;
38 return KeymasterEnforcement::AuthorizeOperation(
39 purpose, keyid, auth_set, empty_set, 0 /* op_handle */, true /* is_begin_operation */);
40 }
41 using KeymasterEnforcement::AuthorizeOperation;
42
get_current_time_ms() const43 uint64_t get_current_time_ms() const override { return current_time_ * 1000; }
activation_date_valid(uint64_t activation_date) const44 bool activation_date_valid(uint64_t activation_date) const override {
45 // Convert java date to time_t, non-portably.
46 time_t activation_time = activation_date / 1000;
47 return difftime(time(NULL), activation_time) >= 0;
48 }
expiration_date_passed(uint64_t expiration_date) const49 bool expiration_date_passed(uint64_t expiration_date) const override {
50 // Convert jave date to time_t, non-portably.
51 time_t expiration_time = expiration_date / 1000;
52 return difftime(time(NULL), expiration_time) > 0;
53 }
auth_token_timed_out(const hw_auth_token_t & token,uint32_t timeout) const54 bool auth_token_timed_out(const hw_auth_token_t& token, uint32_t timeout) const override {
55 return current_time_ > ntoh(token.timestamp) + timeout;
56 }
ValidateTokenSignature(const hw_auth_token_t &) const57 bool ValidateTokenSignature(const hw_auth_token_t&) const override {
58 return report_token_valid_;
59 }
60
tick(unsigned seconds=1)61 void tick(unsigned seconds = 1) { current_time_ += seconds; }
current_time()62 uint32_t current_time() { return current_time_; }
set_report_token_valid(bool report_token_valid)63 void set_report_token_valid(bool report_token_valid) {
64 report_token_valid_ = report_token_valid;
65 }
66
67 private:
68 uint32_t current_time_;
69 bool report_token_valid_;
70 };
71
72 class KeymasterBaseTest : public ::testing::Test {
73 protected:
KeymasterBaseTest()74 KeymasterBaseTest() {
75 past_time = 0;
76
77 time_t t = time(NULL);
78 future_tm = localtime(&t);
79 future_tm->tm_year += 1;
80 future_time = static_cast<uint64_t>(mktime(future_tm)) * 1000;
81 sign_param = Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
82 }
~KeymasterBaseTest()83 virtual ~KeymasterBaseTest() {}
84
85 TestKeymasterEnforcement kmen;
86
87 tm past_tm;
88 tm* future_tm;
89 uint64_t past_time;
90 uint64_t future_time;
91 static const km_id_t key_id = 0xa;
92 static const uid_t uid = 0xf;
93 keymaster_key_param_t sign_param;
94 AuthorizationSet empty;
95 };
96
TEST_F(KeymasterBaseTest,TestValidKeyPeriodNoTags)97 TEST_F(KeymasterBaseTest, TestValidKeyPeriodNoTags) {
98 keymaster_key_param_t params[] = {
99 sign_param,
100 };
101 AuthorizationSet single_auth_set(params, array_length(params));
102
103 keymaster_error_t kmer =
104 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(single_auth_set, empty));
105 ASSERT_EQ(KM_ERROR_OK, kmer);
106 }
107
TEST_F(KeymasterBaseTest,TestInvalidActiveTime)108 TEST_F(KeymasterBaseTest, TestInvalidActiveTime) {
109 keymaster_key_param_t params[] = {
110 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
111 Authorization(TAG_NO_AUTH_REQUIRED), Authorization(TAG_ACTIVE_DATETIME, future_time),
112 };
113
114 AuthorizationSet auth_set(params, array_length(params));
115
116 ASSERT_EQ(KM_ERROR_KEY_NOT_YET_VALID,
117 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
118
119 // Pubkey ops allowed.
120 ASSERT_EQ(KM_ERROR_OK,
121 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
122 }
123
TEST_F(KeymasterBaseTest,TestValidActiveTime)124 TEST_F(KeymasterBaseTest, TestValidActiveTime) {
125 keymaster_key_param_t params[] = {
126 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ACTIVE_DATETIME, past_time),
127 };
128
129 AuthorizationSet auth_set(params, array_length(params));
130
131 keymaster_error_t kmer_valid_time =
132 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
133 ASSERT_EQ(KM_ERROR_OK, kmer_valid_time);
134 }
135
TEST_F(KeymasterBaseTest,TestInvalidOriginationExpireTime)136 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTime) {
137 keymaster_key_param_t params[] = {
138 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
139 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
140 };
141
142 AuthorizationSet auth_set(params, array_length(params));
143
144 ASSERT_EQ(KM_ERROR_KEY_EXPIRED,
145 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
146
147 // Pubkey ops allowed.
148 ASSERT_EQ(KM_ERROR_OK,
149 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
150 }
151
TEST_F(KeymasterBaseTest,TestInvalidOriginationExpireTimeOnUsgae)152 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTimeOnUsgae) {
153 keymaster_key_param_t params[] = {
154 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
155 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
156 };
157
158 AuthorizationSet auth_set(params, array_length(params));
159
160 keymaster_error_t kmer_invalid_origination =
161 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
162 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
163 }
164
TEST_F(KeymasterBaseTest,TestValidOriginationExpireTime)165 TEST_F(KeymasterBaseTest, TestValidOriginationExpireTime) {
166 keymaster_key_param_t params[] = {
167 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
168 Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, future_time),
169 };
170
171 AuthorizationSet auth_set(params, array_length(params));
172
173 keymaster_error_t kmer_valid_origination =
174 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
175 ASSERT_EQ(KM_ERROR_OK, kmer_valid_origination);
176 }
177
TEST_F(KeymasterBaseTest,TestInvalidUsageExpireTime)178 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTime) {
179 keymaster_key_param_t params[] = {
180 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
181 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
182 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
183 };
184
185 AuthorizationSet auth_set(params, array_length(params));
186
187 keymaster_error_t kmer_invalid_origination =
188 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
189 ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmer_invalid_origination);
190 }
191
TEST_F(KeymasterBaseTest,TestInvalidPubkeyUsageExpireTime)192 TEST_F(KeymasterBaseTest, TestInvalidPubkeyUsageExpireTime) {
193 keymaster_key_param_t params[] = {
194 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
195 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
196 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
197 };
198
199 AuthorizationSet auth_set(params, array_length(params));
200
201 keymaster_error_t kmer_invalid_origination =
202 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
203 // Pubkey ops allowed.
204 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
205 }
206
TEST_F(KeymasterBaseTest,TestInvalidUsageExpireTimeOnOrigination)207 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTimeOnOrigination) {
208 keymaster_key_param_t params[] = {
209 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
210 Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
211 };
212
213 AuthorizationSet auth_set(params, array_length(params));
214
215 keymaster_error_t kmer_invalid_origination =
216 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
217 ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
218 }
219
TEST_F(KeymasterBaseTest,TestValidUsageExpireTime)220 TEST_F(KeymasterBaseTest, TestValidUsageExpireTime) {
221 keymaster_key_param_t params[] = {
222 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
223 Authorization(TAG_USAGE_EXPIRE_DATETIME, future_time),
224 };
225
226 AuthorizationSet auth_set(params, array_length(params));
227
228 keymaster_error_t kmer_valid_usage =
229 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
230 ASSERT_EQ(KM_ERROR_OK, kmer_valid_usage);
231 }
232
TEST_F(KeymasterBaseTest,TestValidSingleUseAccesses)233 TEST_F(KeymasterBaseTest, TestValidSingleUseAccesses) {
234 keymaster_key_param_t params[] = {
235 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
236 };
237
238 AuthorizationSet auth_set(params, array_length(params));
239
240 keymaster_error_t kmer1 =
241 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
242 keymaster_error_t kmer2 =
243 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
244
245 ASSERT_EQ(KM_ERROR_OK, kmer1);
246 ASSERT_EQ(KM_ERROR_OK, kmer2);
247 }
248
TEST_F(KeymasterBaseTest,TestInvalidMaxOps)249 TEST_F(KeymasterBaseTest, TestInvalidMaxOps) {
250 keymaster_key_param_t params[] = {
251 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
252 Authorization(TAG_MAX_USES_PER_BOOT, 4),
253 };
254
255 AuthorizationSet auth_set(params, array_length(params));
256
257 ASSERT_EQ(KM_ERROR_OK,
258 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
259 ASSERT_EQ(KM_ERROR_OK,
260 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
261 ASSERT_EQ(KM_ERROR_OK,
262 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
263 ASSERT_EQ(KM_ERROR_OK,
264 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
265 ASSERT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
266 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
267 // Pubkey ops allowed.
268 ASSERT_EQ(KM_ERROR_OK,
269 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
270 }
271
TEST_F(KeymasterBaseTest,TestOverFlowMaxOpsTable)272 TEST_F(KeymasterBaseTest, TestOverFlowMaxOpsTable) {
273 keymaster_key_param_t params[] = {
274 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
275 Authorization(TAG_MAX_USES_PER_BOOT, 2),
276 };
277
278 AuthorizationSet auth_set(params, array_length(params));
279
280 EXPECT_EQ(KM_ERROR_OK,
281 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
282
283 EXPECT_EQ(KM_ERROR_OK,
284 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 2 /* key_id */, AuthProxy(auth_set, empty)));
285
286 EXPECT_EQ(KM_ERROR_OK,
287 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 3 /* key_id */, AuthProxy(auth_set, empty)));
288
289 // Key 4 should fail, because table is full.
290 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
291 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, AuthProxy(auth_set, empty)));
292
293 // Key 1 still works, because it's already in the table and hasn't reached max.
294 EXPECT_EQ(KM_ERROR_OK,
295 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
296
297 // Key 1 no longer works, because it's reached max.
298 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
299 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
300
301 // Key 4 should fail, because table is (still and forever) full.
302 EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
303 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, AuthProxy(auth_set, empty)));
304
305 // Pubkey ops allowed.
306 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
307 AuthProxy(auth_set, empty)));
308 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */,
309 AuthProxy(auth_set, empty)));
310 }
311
TEST_F(KeymasterBaseTest,TestInvalidTimeBetweenOps)312 TEST_F(KeymasterBaseTest, TestInvalidTimeBetweenOps) {
313 keymaster_key_param_t params[] = {
314 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
315 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 10),
316 };
317
318 AuthorizationSet auth_set(params, array_length(params));
319
320 keymaster_error_t kmer1 =
321 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
322 keymaster_error_t kmer2 =
323 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty));
324 keymaster_error_t kmer3 =
325 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty));
326
327 ASSERT_EQ(KM_ERROR_OK, kmer1);
328 kmen.tick(2);
329 ASSERT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED, kmer2);
330
331 // Allowed because it's a pubkey op.
332 ASSERT_EQ(KM_ERROR_OK, kmer3);
333 }
334
TEST_F(KeymasterBaseTest,TestValidTimeBetweenOps)335 TEST_F(KeymasterBaseTest, TestValidTimeBetweenOps) {
336 keymaster_key_param_t params[] = {
337 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
338 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 2),
339 };
340
341 AuthorizationSet auth_set(params, array_length(params));
342
343 EXPECT_EQ(KM_ERROR_OK,
344 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
345 kmen.tick();
346 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
347 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
348 kmen.tick();
349 EXPECT_EQ(KM_ERROR_OK,
350 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
351 }
352
TEST_F(KeymasterBaseTest,TestOptTimeoutTableOverflow)353 TEST_F(KeymasterBaseTest, TestOptTimeoutTableOverflow) {
354 keymaster_key_param_t params[] = {
355 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
356 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4),
357 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
358 };
359
360 AuthorizationSet auth_set(params, array_length(params));
361
362 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
363 AuthProxy(auth_set, empty)));
364
365 kmen.tick();
366
367 // Key 1 fails because it's too soon
368 EXPECT_EQ(
369 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
370 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
371
372 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */,
373 AuthProxy(auth_set, empty)));
374
375 kmen.tick();
376
377 // Key 1 fails because it's too soon
378 EXPECT_EQ(
379 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
380 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
381 // Key 2 fails because it's too soon
382 EXPECT_EQ(
383 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
384 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
385
386 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */,
387 AuthProxy(auth_set, empty)));
388
389 kmen.tick();
390
391 // Key 1 fails because it's too soon
392 EXPECT_EQ(
393 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
394 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
395 // Key 2 fails because it's too soon
396 EXPECT_EQ(
397 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
398 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
399 // Key 3 fails because it's too soon
400 EXPECT_EQ(
401 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
402 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
403 // Key 4 fails because the table is full
404 EXPECT_EQ(
405 KM_ERROR_TOO_MANY_OPERATIONS,
406 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, AuthProxy(auth_set, empty)));
407
408 kmen.tick();
409
410 // Key 4 succeeds because key 1 expired.
411 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */,
412 AuthProxy(auth_set, empty)));
413
414 // Key 1 fails because the table is full... and key 1 is no longer in it.
415 EXPECT_EQ(
416 KM_ERROR_TOO_MANY_OPERATIONS,
417 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, AuthProxy(auth_set, empty)));
418 // Key 2 fails because it's too soon
419 EXPECT_EQ(
420 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
421 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
422 // Key 3 fails because it's too soon
423 EXPECT_EQ(
424 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
425 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
426
427 kmen.tick();
428
429 // Key 1 succeeds because key 2 expired
430 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
431 AuthProxy(auth_set, empty)));
432 // Key 2 fails because the table is full... and key 2 is no longer in it.
433 EXPECT_EQ(
434 KM_ERROR_TOO_MANY_OPERATIONS,
435 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, AuthProxy(auth_set, empty)));
436 // Key 3 fails because it's too soon
437 EXPECT_EQ(
438 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
439 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, AuthProxy(auth_set, empty)));
440 // Key 4 fails because it's too soon
441 EXPECT_EQ(
442 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
443 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, AuthProxy(auth_set, empty)));
444
445 kmen.tick(4);
446
447 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
448 AuthProxy(auth_set, empty)));
449 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */,
450 AuthProxy(auth_set, empty)));
451 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */,
452 AuthProxy(auth_set, empty)));
453 }
454
TEST_F(KeymasterBaseTest,TestPubkeyOptTimeoutTableOverflow)455 TEST_F(KeymasterBaseTest, TestPubkeyOptTimeoutTableOverflow) {
456 keymaster_key_param_t params[] = {
457 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
458 Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
459 };
460
461 AuthorizationSet auth_set(params, array_length(params));
462
463 EXPECT_EQ(KM_ERROR_OK,
464 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
465
466 kmen.tick();
467
468 // Key 1 fails because it's too soon
469 EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
470 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, AuthProxy(auth_set, empty)));
471 // Too soo, but pubkey ops allowed.
472 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */,
473 AuthProxy(auth_set, empty)));
474 }
475
TEST_F(KeymasterBaseTest,TestInvalidPurpose)476 TEST_F(KeymasterBaseTest, TestInvalidPurpose) {
477 keymaster_purpose_t invalidPurpose1 = static_cast<keymaster_purpose_t>(-1);
478 keymaster_purpose_t invalidPurpose2 = static_cast<keymaster_purpose_t>(4);
479
480 AuthorizationSet auth_set(
481 AuthorizationSetBuilder().Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY));
482
483 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
484 kmen.AuthorizeOperation(invalidPurpose1, key_id, AuthProxy(auth_set, empty)));
485 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
486 kmen.AuthorizeOperation(invalidPurpose2, key_id, AuthProxy(auth_set, empty)));
487 }
488
TEST_F(KeymasterBaseTest,TestIncompatiblePurposeSymmetricKey)489 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeSymmetricKey) {
490 AuthorizationSet auth_set(AuthorizationSetBuilder()
491 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
492 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
493 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
494
495 EXPECT_EQ(KM_ERROR_OK,
496 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
497 EXPECT_EQ(KM_ERROR_OK,
498 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
499
500 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
501 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(auth_set, empty)));
502 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
503 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, AuthProxy(auth_set, empty)));
504 }
505
TEST_F(KeymasterBaseTest,TestIncompatiblePurposeAssymmetricKey)506 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeAssymmetricKey) {
507 AuthorizationSet auth_set(AuthorizationSetBuilder()
508 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
509 .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
510 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
511
512 EXPECT_EQ(KM_ERROR_OK,
513 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
514 EXPECT_EQ(KM_ERROR_OK,
515 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
516
517 // This one is allowed because it's a pubkey op.
518 EXPECT_EQ(KM_ERROR_OK,
519 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(auth_set, empty)));
520 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
521 kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, AuthProxy(auth_set, empty)));
522 }
523
TEST_F(KeymasterBaseTest,TestInvalidCallerNonce)524 TEST_F(KeymasterBaseTest, TestInvalidCallerNonce) {
525 AuthorizationSet no_caller_nonce(AuthorizationSetBuilder()
526 .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
527 .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
528 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES));
529 AuthorizationSet caller_nonce(AuthorizationSetBuilder()
530 .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
531 .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
532 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC)
533 .Authorization(TAG_CALLER_NONCE));
534 AuthorizationSet begin_params(AuthorizationSetBuilder().Authorization(TAG_NONCE, "foo", 3));
535
536 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
537 KM_PURPOSE_ENCRYPT, key_id, AuthProxy(caller_nonce, empty),
538 begin_params, 0 /* challenge */, true /* is_begin_operation */));
539 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
540 KM_PURPOSE_DECRYPT, key_id, AuthProxy(caller_nonce, empty),
541 begin_params, 0 /* challenge */, true /* is_begin_operation */));
542 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
543 kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, AuthProxy(no_caller_nonce, empty),
544 begin_params, 0 /* challenge */,
545 true /* is_begin_operation */));
546 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
547 KM_PURPOSE_DECRYPT, key_id, AuthProxy(no_caller_nonce, empty),
548 begin_params, 0 /* challenge */, true /* is_begin_operation */));
549 }
550
TEST_F(KeymasterBaseTest,TestBootloaderOnly)551 TEST_F(KeymasterBaseTest, TestBootloaderOnly) {
552 AuthorizationSet auth_set(AuthorizationSetBuilder()
553 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
554 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
555 .Authorization(TAG_BOOTLOADER_ONLY));
556 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
557 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
558
559 // Pubkey ops allowed.
560 EXPECT_EQ(KM_ERROR_OK,
561 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty)));
562 }
563
TEST_F(KeymasterBaseTest,TestInvalidTag)564 TEST_F(KeymasterBaseTest, TestInvalidTag) {
565 AuthorizationSet auth_set(AuthorizationSetBuilder()
566 .Authorization(TAG_INVALID)
567 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
568
569 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
570 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
571 }
572
TEST_F(KeymasterBaseTest,TestAuthPerOpSuccess)573 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccess) {
574 hw_auth_token_t token;
575 memset(&token, 0, sizeof(token));
576 token.version = HW_AUTH_TOKEN_VERSION;
577 token.challenge = 99;
578 token.user_id = 9;
579 token.authenticator_id = 0;
580 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
581 token.timestamp = 0;
582
583 AuthorizationSet auth_set(AuthorizationSetBuilder()
584 .Authorization(TAG_USER_SECURE_ID, token.user_id)
585 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
586 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
587
588 AuthorizationSet op_params;
589 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
590
591 EXPECT_EQ(KM_ERROR_OK,
592 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
593 op_params, token.challenge, false /* is_begin_operation */));
594 }
595
TEST_F(KeymasterBaseTest,TestAuthPerOpInvalidTokenSignature)596 TEST_F(KeymasterBaseTest, TestAuthPerOpInvalidTokenSignature) {
597 hw_auth_token_t token;
598 memset(&token, 0, sizeof(token));
599 token.version = HW_AUTH_TOKEN_VERSION;
600 token.challenge = 99;
601 token.user_id = 9;
602 token.authenticator_id = 0;
603 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
604 token.timestamp = 0;
605
606 AuthorizationSet auth_set(AuthorizationSetBuilder()
607 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
608 .Authorization(TAG_USER_SECURE_ID, token.user_id)
609 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
610 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
611
612 AuthorizationSet op_params;
613 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
614
615 kmen.set_report_token_valid(false);
616 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
617 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
618 op_params, token.challenge, false /* is_begin_operation */));
619 // Pubkey ops allowed.
620 EXPECT_EQ(KM_ERROR_OK,
621 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
622 op_params, token.challenge, false /* is_begin_operation */));
623 }
624
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongChallenge)625 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongChallenge) {
626 hw_auth_token_t token;
627 memset(&token, 0, sizeof(token));
628 token.version = HW_AUTH_TOKEN_VERSION;
629 token.challenge = 99;
630 token.user_id = 9;
631 token.authenticator_id = 0;
632 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
633 token.timestamp = 0;
634
635 AuthorizationSet auth_set(AuthorizationSetBuilder()
636 .Authorization(TAG_USER_SECURE_ID, token.user_id)
637 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
638 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
639
640 AuthorizationSet op_params;
641 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
642
643 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
644 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
645 op_params, token.challenge + 1 /* doesn't match token */,
646 false /* is_begin_operation */));
647 }
648
TEST_F(KeymasterBaseTest,TestAuthPerOpNoAuthType)649 TEST_F(KeymasterBaseTest, TestAuthPerOpNoAuthType) {
650 hw_auth_token_t token;
651 memset(&token, 0, sizeof(token));
652 token.version = HW_AUTH_TOKEN_VERSION;
653 token.challenge = 99;
654 token.user_id = 9;
655 token.authenticator_id = 0;
656 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
657 token.timestamp = 0;
658
659 AuthorizationSet auth_set(AuthorizationSetBuilder()
660 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
661 .Authorization(TAG_USER_SECURE_ID, token.user_id)
662 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
663
664 AuthorizationSet op_params;
665 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
666
667 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
668 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
669 op_params, token.challenge, false /* is_begin_operation */));
670 // Pubkey ops allowed.
671 EXPECT_EQ(KM_ERROR_OK,
672 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
673 op_params, token.challenge, false /* is_begin_operation */));
674 }
675
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongAuthType)676 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongAuthType) {
677 hw_auth_token_t token;
678 memset(&token, 0, sizeof(token));
679 token.version = HW_AUTH_TOKEN_VERSION;
680 token.challenge = 99;
681 token.user_id = 9;
682 token.authenticator_id = 0;
683 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
684 token.timestamp = 0;
685
686 AuthorizationSet auth_set(
687 AuthorizationSetBuilder()
688 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
689 .Authorization(TAG_USER_SECURE_ID, token.user_id)
690 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_FINGERPRINT /* doesn't match token */)
691 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
692
693 AuthorizationSet op_params;
694 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
695
696 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
697 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
698 op_params, token.challenge, false /* is_begin_operation */));
699 // Pubkey ops allowed.
700 EXPECT_EQ(KM_ERROR_OK,
701 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
702 op_params, token.challenge, false /* is_begin_operation */));
703 }
704
TEST_F(KeymasterBaseTest,TestAuthPerOpWrongSid)705 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongSid) {
706 hw_auth_token_t token;
707 memset(&token, 0, sizeof(token));
708 token.version = HW_AUTH_TOKEN_VERSION;
709 token.challenge = 99;
710 token.user_id = 9;
711 token.authenticator_id = 0;
712 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
713 token.timestamp = 0;
714
715 AuthorizationSet auth_set(
716 AuthorizationSetBuilder()
717 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
718 .Authorization(TAG_USER_SECURE_ID, token.user_id + 1 /* doesn't match token */)
719 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
720 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
721
722 AuthorizationSet op_params;
723 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
724
725 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
726 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
727 op_params, token.challenge, false /* is_begin_operation */));
728 // Pubkey op allowed.
729 EXPECT_EQ(KM_ERROR_OK,
730 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
731 op_params, token.challenge, false /* is_begin_operation */));
732 }
733
TEST_F(KeymasterBaseTest,TestAuthPerOpSuccessAlternateSid)734 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccessAlternateSid) {
735 hw_auth_token_t token;
736 memset(&token, 0, sizeof(token));
737 token.version = HW_AUTH_TOKEN_VERSION;
738 token.challenge = 99;
739 token.user_id = 9;
740 token.authenticator_id = 10;
741 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
742 token.timestamp = 0;
743
744 AuthorizationSet auth_set(AuthorizationSetBuilder()
745 .Authorization(TAG_USER_SECURE_ID, token.authenticator_id)
746 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
747 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
748
749 AuthorizationSet op_params;
750 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
751
752 EXPECT_EQ(KM_ERROR_OK,
753 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
754 op_params, token.challenge, false /* is_begin_operation */));
755 }
756
TEST_F(KeymasterBaseTest,TestAuthPerOpMissingToken)757 TEST_F(KeymasterBaseTest, TestAuthPerOpMissingToken) {
758 hw_auth_token_t token;
759 memset(&token, 0, sizeof(token));
760 token.version = HW_AUTH_TOKEN_VERSION;
761 token.challenge = 99;
762 token.user_id = 9;
763 token.authenticator_id = 0;
764 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
765 token.timestamp = 0;
766
767 AuthorizationSet auth_set(AuthorizationSetBuilder()
768 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
769 .Authorization(TAG_USER_SECURE_ID, token.user_id)
770 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
771 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
772
773 AuthorizationSet op_params;
774
775 // During begin we can skip the auth token
776 EXPECT_EQ(KM_ERROR_OK,
777 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
778 op_params, token.challenge, true /* is_begin_operation */));
779 // Afterwards we must have authentication
780 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
781 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
782 op_params, token.challenge, false /* is_begin_operation */));
783 // Pubkey ops allowed
784 EXPECT_EQ(KM_ERROR_OK,
785 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
786 op_params, token.challenge, false /* is_begin_operation */));
787
788 auth_set.Reinitialize(AuthorizationSetBuilder()
789 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
790 .Authorization(TAG_USER_SECURE_ID, token.user_id)
791 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
792 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
793 .build());
794
795 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
796 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
797 op_params, token.challenge, false /* is_begin_operation */));
798 }
799
TEST_F(KeymasterBaseTest,TestAuthAndNoAuth)800 TEST_F(KeymasterBaseTest, TestAuthAndNoAuth) {
801 AuthorizationSet auth_set(AuthorizationSetBuilder()
802 .Authorization(TAG_USER_SECURE_ID, 1)
803 .Authorization(TAG_NO_AUTH_REQUIRED)
804 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
805
806 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
807 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty)));
808 }
809
TEST_F(KeymasterBaseTest,TestTimedAuthSuccess)810 TEST_F(KeymasterBaseTest, TestTimedAuthSuccess) {
811 hw_auth_token_t token;
812 memset(&token, 0, sizeof(token));
813 token.version = HW_AUTH_TOKEN_VERSION;
814 token.challenge = 99;
815 token.user_id = 9;
816 token.authenticator_id = 0;
817 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
818 token.timestamp = hton(kmen.current_time());
819
820 AuthorizationSet auth_set(AuthorizationSetBuilder()
821 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
822 .Authorization(TAG_USER_SECURE_ID, token.user_id)
823 .Authorization(TAG_AUTH_TIMEOUT, 1)
824 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
825 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
826
827 AuthorizationSet op_params;
828 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
829
830 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
831 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
832 0 /* irrelevant */, false /* is_begin_operation */));
833 }
834
TEST_F(KeymasterBaseTest,TestTimedAuthTimedOut)835 TEST_F(KeymasterBaseTest, TestTimedAuthTimedOut) {
836 hw_auth_token_t token;
837 memset(&token, 0, sizeof(token));
838 token.version = HW_AUTH_TOKEN_VERSION;
839 token.challenge = 99;
840 token.user_id = 9;
841 token.authenticator_id = 0;
842 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
843 token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
844
845 AuthorizationSet auth_set(AuthorizationSetBuilder()
846 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
847 .Authorization(TAG_USER_SECURE_ID, token.user_id)
848 .Authorization(TAG_AUTH_TIMEOUT, 1)
849 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
850 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
851
852 AuthorizationSet op_params;
853 op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
854
855 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
856 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
857 0 /* irrelevant */, false /* is_begin_operation */));
858
859 kmen.tick(1);
860
861 // token still good
862 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
863 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
864 0 /* irrelevant */, false /* is_begin_operation */));
865
866 kmen.tick(1);
867
868 // token expired, not allowed during begin.
869 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
870 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
871 op_params, 0 /* irrelevant */,
872 true /* is_begin_operation */));
873
874 // token expired, afterwards it's okay.
875 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
876 KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty), op_params,
877 0 /* irrelevant */, false /* is_begin_operation */));
878
879 // Pubkey ops allowed.
880 EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(
881 KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty), op_params,
882 0 /* irrelevant */, true /* is_begin_operation */));
883 }
884
TEST_F(KeymasterBaseTest,TestTimedAuthMissingToken)885 TEST_F(KeymasterBaseTest, TestTimedAuthMissingToken) {
886 hw_auth_token_t token;
887 memset(&token, 0, sizeof(token));
888 token.version = HW_AUTH_TOKEN_VERSION;
889 token.challenge = 99;
890 token.user_id = 9;
891 token.authenticator_id = 0;
892 token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
893 token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
894
895 AuthorizationSet auth_set(AuthorizationSetBuilder()
896 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
897 .Authorization(TAG_USER_SECURE_ID, token.user_id)
898 .Authorization(TAG_AUTH_TIMEOUT, 1)
899 .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
900 .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
901
902 AuthorizationSet op_params;
903
904 // Unlike auth-per-op, must have the auth token during begin.
905 EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
906 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
907 op_params, token.challenge, true /* is_begin_operation */));
908
909 // Later we don't check (though begin would fail, so there wouldn't be a later).
910 EXPECT_EQ(KM_ERROR_OK,
911 kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, AuthProxy(auth_set, empty),
912 op_params, token.challenge, false /* is_begin_operation */));
913
914 // Pubkey ops allowed.
915 EXPECT_EQ(KM_ERROR_OK,
916 kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, AuthProxy(auth_set, empty),
917 op_params, token.challenge, true /* is_begin_operation */));
918 }
919
TEST_F(KeymasterBaseTest,TestCreateKeyId)920 TEST_F(KeymasterBaseTest, TestCreateKeyId) {
921 keymaster_key_blob_t blob = {reinterpret_cast<const uint8_t*>("foobar"), 6};
922
923 km_id_t key_id = 0;
924 EXPECT_TRUE(kmen.CreateKeyId(blob, &key_id));
925 EXPECT_NE(0U, key_id);
926 }
927
928 }; /* namespace test */
929 }; /* namespace keymaster */
930