54     bool auth_token_timed_out(const hw_auth_token_t& token, uint32_t timeout) const {
55         return current_time_ > ntoh(token.timestamp) + timeout;
520     hw_auth_token_t token;
521     memset(&token, 0, sizeof(token));
522     token.version = HW_AUTH_TOKEN_VERSION;
523     token.challenge = 99;
524     token.user_id = 9;
525     token.authenticator_id = 0;
526     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
527     token.timestamp = 0;
530                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
535     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
538               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
543     hw_auth_token_t token;
544     memset(&token, 0, sizeof(token));
545     token.version = HW_AUTH_TOKEN_VERSION;
546     token.challenge = 99;
547     token.user_id = 9;
548     token.authenticator_id = 0;
549     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
550     token.timestamp = 0;
554                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
559     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
563               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
568                                       token.challenge, false /* is_begin_operation */));
572     hw_auth_token_t token;
573     memset(&token, 0, sizeof(token));
574     token.version = HW_AUTH_TOKEN_VERSION;
575     token.challenge = 99;
576     token.user_id = 9;
577     token.authenticator_id = 0;
578     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
579     token.timestamp = 0;
582                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
587     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
591                                       token.challenge + 1 /* doesn't match token */,
596     hw_auth_token_t token;
597     memset(&token, 0, sizeof(token));
598     token.version = HW_AUTH_TOKEN_VERSION;
599     token.challenge = 99;
600     token.user_id = 9;
601     token.authenticator_id = 0;
602     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
603     token.timestamp = 0;
607                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
611     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
614               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
619                                       token.challenge, false /* is_begin_operation */));
623     hw_auth_token_t token;
624     memset(&token, 0, sizeof(token));
625     token.version = HW_AUTH_TOKEN_VERSION;
626     token.challenge = 99;
627     token.user_id = 9;
628     token.authenticator_id = 0;
629     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
630     token.timestamp = 0;
635             .Authorization(TAG_USER_SECURE_ID, token.user_id)
636             .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_FINGERPRINT /* doesn't match token */)
640     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
643               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
648                                       token.challenge, false /* is_begin_operation */));
652     hw_auth_token_t token;
653     memset(&token, 0, sizeof(token));
654     token.version = HW_AUTH_TOKEN_VERSION;
655     token.challenge = 99;
656     token.user_id = 9;
657     token.authenticator_id = 0;
658     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
659     token.timestamp = 0;
664             .Authorization(TAG_USER_SECURE_ID, token.user_id + 1 /* doesn't match token */)
669     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
672               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
677                                       token.challenge, false /* is_begin_operation */));
681     hw_auth_token_t token;
682     memset(&token, 0, sizeof(token));
683     token.version = HW_AUTH_TOKEN_VERSION;
684     token.challenge = 99;
685     token.user_id = 9;
686     token.authenticator_id = 10;
687     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
688     token.timestamp = 0;
691                                   .Authorization(TAG_USER_SECURE_ID, token.authenticator_id)
696     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
699               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
704     hw_auth_token_t token;
705     memset(&token, 0, sizeof(token));
706     token.version = HW_AUTH_TOKEN_VERSION;
707     token.challenge = 99;
708     token.user_id = 9;
709     token.authenticator_id = 0;
710     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
711     token.timestamp = 0;
715                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
721     // During begin we can skip the auth token
723                                                    token.challenge, true /* is_begin_operation */));
726               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
731                                       token.challenge, false /* is_begin_operation */));
735                               .Authorization(TAG_USER_SECURE_ID, token.user_id)
742                                       token.challenge, false /* is_begin_operation */));
756     hw_auth_token_t token;
757     memset(&token, 0, sizeof(token));
758     token.version = HW_AUTH_TOKEN_VERSION;
759     token.challenge = 99;
760     token.user_id = 9;
761     token.authenticator_id = 0;
762     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
763     token.timestamp = hton(kmen.current_time());
767                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
773     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
781     hw_auth_token_t token;
782     memset(&token, 0, sizeof(token));
783     token.version = HW_AUTH_TOKEN_VERSION;
784     token.challenge = 99;
785     token.user_id = 9;
786     token.authenticator_id = 0;
787     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
788     token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
792                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
798     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
806     // token still good
813     // token expired, not allowed during begin.
818     // token expired, afterwards it's okay.
830     hw_auth_token_t token;
831     memset(&token, 0, sizeof(token));
832     token.version = HW_AUTH_TOKEN_VERSION;
833     token.challenge = 99;
834     token.user_id = 9;
835     token.authenticator_id = 0;
836     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
837     token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
841                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
848     // Unlike auth-per-op, must have the auth token during begin.
850               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
855               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
860                                                    token.challenge, true /* is_begin_operation */));

Indexes created Thu Dec 22 05:45:36 CET 2016