tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyMint VTS: re-order auth failure arms" into stage-aosp-udc-ts-dev am: 3413388821 am: 14cd97799f

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/24771709

Change-Id: I32172771abe3b59b96a33f32a8a39111a7a5f3b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale 2023-09-19 07:53:33 +00:00 committed by Automerger Merge Worker
commit d9abb1480c
1 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
security/keymint/aidl/vts/functional/AuthTest.cpp
View file

@ -329,14 +329,14 @@ TEST_P(AuthTest, TimeoutAuthentication) {
// Wait for long enough that the hardware auth token expires. // Wait for long enough that the hardware auth token expires.
sleep(timeout_secs + 1); sleep(timeout_secs + 1);
if (!timestamp_token_required_) {
// KeyMint implementation has its own clock, and can immediately detect timeout. auto begin_result = Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat);
EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, if (begin_result == ErrorCode::OK) {
Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat)); // If begin() succeeds despite the out-of-date HAT, that must mean that the KeyMint
} else { // device doesn't have its own clock. In that case, it only detects timeout via a
// KeyMint implementation has no clock, so only detects timeout via timestamp token provided // timestamp token provided on update()/finish()
// on update()/finish(). ASSERT_TRUE(timestamp_token_required_);
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat));
secureclock::TimeStampToken time_token; secureclock::TimeStampToken time_token;
EXPECT_EQ(ErrorCode::OK, EXPECT_EQ(ErrorCode::OK,
GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token))); GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token)));
@ -344,6 +344,9 @@ TEST_P(AuthTest, TimeoutAuthentication) {
string output; string output;
EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED,
Finish(message, {} /* signature */, &output, hat, time_token)); Finish(message, {} /* signature */, &output, hat, time_token));
} else {
// The KeyMint implementation may have its own clock that can immediately detect timeout.
ASSERT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, begin_result);
} }
} }