1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "Keymaster4_1HidlTest.h"
18 
19 #include <keymasterV4_1/authorization_set.h>
20 
21 namespace android::hardware::keymaster::V4_1::test {
22 
23 using UnlockedDeviceRequiredTest = Keymaster4_1HidlTest;
24 
25 // This may be a problematic test.  It can't be run repeatedly without unlocking the device in
26 // between runs... and on most test devices there are no enrolled credentials so it can't be
27 // unlocked at all, meaning the only way to get the test to pass again on a properly-functioning
28 // device is to reboot it.  For that reason, this is disabled by default.  It can be used as part of
29 // a manual test process, which includes unlocking between runs, which is why it's included here.
30 // Well, that and the fact that it's the only test we can do without also making calls into the
31 // Gatekeeper HAL.  We haven't written any cross-HAL tests, and don't know what all of the
32 // implications might be, so that may or may not be a solution.
33 //
34 // TODO(swillden): Use the Gatekeeper HAL to enroll some test credentials which we can verify to get
35 // an unlock auth token.  If that works, enable the improved test.
TEST_P(UnlockedDeviceRequiredTest,DISABLED_KeysBecomeUnusable)36 TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) {
37     auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] =
38             CreateTestKeys(TAG_UNLOCKED_DEVICE_REQUIRED, ErrorCode::OK);
39 
40     EXPECT_EQ(ErrorCode::OK, UseAesKey(aesKeyData.blob));
41     EXPECT_EQ(ErrorCode::OK, UseHmacKey(hmacKeyData.blob));
42     EXPECT_EQ(ErrorCode::OK, UseRsaKey(rsaKeyData.blob));
43     EXPECT_EQ(ErrorCode::OK, UseEcdsaKey(ecdsaKeyData.blob));
44 
45     Return<ErrorCode> rc =
46             keymaster().deviceLocked(false /* passwordOnly */, {} /* verificationToken */);
47     ASSERT_TRUE(rc.isOk());
48     ASSERT_EQ(ErrorCode::OK, static_cast<ErrorCode>(rc));
49 
50     EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseAesKey(aesKeyData.blob));
51     EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseHmacKey(hmacKeyData.blob));
52     EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseRsaKey(rsaKeyData.blob));
53     EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseEcdsaKey(ecdsaKeyData.blob));
54 
55     CheckedDeleteKeyData(&aesKeyData);
56     CheckedDeleteKeyData(&hmacKeyData);
57     CheckedDeleteKeyData(&rsaKeyData);
58     CheckedDeleteKeyData(&ecdsaKeyData);
59 }
60 
61 INSTANTIATE_KEYMASTER_4_1_HIDL_TEST(UnlockedDeviceRequiredTest);
62 
63 }  // namespace android::hardware::keymaster::V4_1::test
64