Add Gatekeeper-based auth tests
Add tests that directly exercise Gatekeeper to get auth tokens for use
with auth-bound keys.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie668674d81ca487e8bbc18fdd9f36610bcab4c8c
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index fae9459..2a0a19d 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -160,7 +160,8 @@
const AuthorizationSet& in_params, AuthorizationSet* out_params,
std::shared_ptr<IKeyMintOperation>& op);
ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
- const AuthorizationSet& in_params, AuthorizationSet* out_params);
+ const AuthorizationSet& in_params, AuthorizationSet* out_params,
+ std::optional<HardwareAuthToken> hat = std::nullopt);
ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
AuthorizationSet* out_params);
ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
@@ -168,7 +169,9 @@
ErrorCode UpdateAad(const string& input);
ErrorCode Update(const string& input, string* output);
- ErrorCode Finish(const string& message, const string& signature, string* output);
+ ErrorCode Finish(const string& message, const string& signature, string* output,
+ std::optional<HardwareAuthToken> hat = std::nullopt,
+ std::optional<secureclock::TimeStampToken> time_token = std::nullopt);
ErrorCode Finish(const string& message, string* output) {
return Finish(message, {} /* signature */, output);
}