Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 16:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "KeyMint VTS: re-order auth failure arms" into main am: 2ef3749cba

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2750968

Change-Id: I03e4e696611bee62c71fc6e50fea8136329e1510
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale
2023-09-15 11:04:31 +00:00
committed by Automerger Merge Worker
parent 60a02ab943 2ef3749cba
commit e865448a4e
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
security/keymint/aidl/vts/functional/AuthTest.cpp
View File

@@ -350,14 +350,14 @@ TEST_P(AuthTest, TimeoutAuthentication) {
// Wait for long enough that the hardware auth token expires.
sleep(timeout_secs + 1);
if (!timestamp_token_required_) {
// KeyMint implementation has its own clock, and can immediately detect timeout.
EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED,
Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat));
} else {
// KeyMint implementation has no clock, so only detects timeout via timestamp token provided
// on update()/finish().
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat));
auto begin_result = Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat);
if (begin_result == ErrorCode::OK) {
// If begin() succeeds despite the out-of-date HAT, that must mean that the KeyMint
// device doesn't have its own clock. In that case, it only detects timeout via a
// timestamp token provided on update()/finish()
ASSERT_TRUE(timestamp_token_required_);
secureclock::TimeStampToken time_token;
EXPECT_EQ(ErrorCode::OK,
GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token)));
@@ -365,6 +365,9 @@ TEST_P(AuthTest, TimeoutAuthentication) {
string output;
EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED,
Finish(message, {} /* signature */, &output, hat, time_token));
} else {
// The KeyMint implementation may have its own clock that can immediately detect timeout.
ASSERT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, begin_result);
}
}