Add Gatekeeper-based auth tests
Add tests that directly exercise Gatekeeper to get auth tokens for use
with auth-bound keys.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie668674d81ca487e8bbc18fdd9f36610bcab4c8c
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 588a1d4..3ffb6ec 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -544,12 +544,13 @@
ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
const AuthorizationSet& in_params,
- AuthorizationSet* out_params) {
+ AuthorizationSet* out_params,
+ std::optional<HardwareAuthToken> hat) {
SCOPED_TRACE("Begin");
Status result;
BeginResult out;
- result = keymint_->begin(purpose, key_blob, in_params.vector_data(), std::nullopt, &out);
+ result = keymint_->begin(purpose, key_blob, in_params.vector_data(), hat, &out);
if (result.isOk()) {
*out_params = out.params;
@@ -603,8 +604,9 @@
return GetReturnErrorCode(result);
}
-ErrorCode KeyMintAidlTestBase::Finish(const string& input, const string& signature,
- string* output) {
+ErrorCode KeyMintAidlTestBase::Finish(const string& input, const string& signature, string* output,
+ std::optional<HardwareAuthToken> hat,
+ std::optional<secureclock::TimeStampToken> time_token) {
SCOPED_TRACE("Finish");
Status result;
@@ -613,8 +615,8 @@
vector<uint8_t> oPut;
result = op_->finish(vector<uint8_t>(input.begin(), input.end()),
- vector<uint8_t>(signature.begin(), signature.end()), {} /* authToken */,
- {} /* timestampToken */, {} /* confirmationToken */, &oPut);
+ vector<uint8_t>(signature.begin(), signature.end()), hat, time_token,
+ {} /* confirmationToken */, &oPut);
if (result.isOk()) output->append(oPut.begin(), oPut.end());