Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce7ad24b authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Mark all test keys as no auth required 

Now that auth token checks are in keystore keys without any auth tags
are invalid.

Also adds a test to check that a key with auth required fails when none
is present.

Change-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2
parent 63dde9c8

keystore/tests/src/android/security/KeyStoreTest.java

+32 −0
Original line number Diff line number Diff line
@@ -712,6 +712,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);

        args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);

        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);

        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);

        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);

        args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,

                RSAKeyGenParameterSpec.F4.longValue());
@@ -735,6 +736,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);

        args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);

        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);

        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);

        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);

        args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,

                RSAKeyGenParameterSpec.F4.longValue());
@@ -769,6 +771,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);

        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);

        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);

        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);

        args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, id);

        args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,

                RSAKeyGenParameterSpec.F4.longValue());
@@ -806,6 +809,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);

        args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);

        args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);

        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);



        KeyCharacteristics outCharacteristics = new KeyCharacteristics();

        int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
@@ -838,6 +842,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);

        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, mode);

        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, size);

        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);

        return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0,

                new KeyCharacteristics());

    }
@@ -901,6 +906,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);

        args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);

        args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);

        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);



        KeyCharacteristics outCharacteristics = new KeyCharacteristics();

        int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
@@ -922,4 +928,30 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        assertEquals("Operation should be pruned", KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE,

                mKeyStore.update(first, null, new byte[] {0x01}).resultCode);

    }



    public void testAuthNeeded() throws Exception {

        String name = "test";

        KeymasterArguments args = new KeymasterArguments();

        args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);

        args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);

        args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);

        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);

        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);

        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);

        args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);

        args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);

        args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 1);



        KeyCharacteristics outCharacteristics = new KeyCharacteristics();

        int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);

        KeymasterArguments out = new KeymasterArguments();

        assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);

        OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,

                true, args, null, out);

        assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);

        IBinder token = result.token;

        result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});

        assertEquals("Update should require authorization",

                KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED, result.resultCode);

    }

}