keystore: Pass verification token to credstore along with requested auth token.

This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.

Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.

Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index eac6fe6..883e020 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -13,6 +13,7 @@
         "auth_token_formatting_test.cpp",
         "blob_test.cpp",
         "confirmationui_rate_limiting_test.cpp",
+        "verification_token_seralization_test.cpp",
         "gtest_main.cpp",
     ],
     name: "keystore_unit_tests",
diff --git a/keystore/tests/verification_token_seralization_test.cpp b/keystore/tests/verification_token_seralization_test.cpp
new file mode 100644
index 0000000..276541a
--- /dev/null
+++ b/keystore/tests/verification_token_seralization_test.cpp
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+
+#include <keymasterV4_0/keymaster_utils.h>
+
+namespace keystore {
+namespace test {
+
+using android::hardware::keymaster::V4_0::SecurityLevel;
+using android::hardware::keymaster::V4_0::VerificationToken;
+using android::hardware::keymaster::V4_0::support::deserializeVerificationToken;
+using android::hardware::keymaster::V4_0::support::serializeVerificationToken;
+using std::optional;
+using std::vector;
+
+TEST(VerificationTokenSeralizationTest, SerializationTest) {
+    VerificationToken token;
+    token.challenge = 12345;
+    token.timestamp = 67890;
+    token.securityLevel = SecurityLevel::TRUSTED_ENVIRONMENT;
+    token.mac.resize(32);
+    for (size_t n = 0; n < 32; n++) {
+        token.mac[n] = n;
+    }
+    optional<vector<uint8_t>> serialized = serializeVerificationToken(token);
+    ASSERT_TRUE(serialized.has_value());
+    optional<VerificationToken> deserialized = deserializeVerificationToken(serialized.value());
+    ASSERT_TRUE(deserialized.has_value());
+    ASSERT_EQ(token.challenge, deserialized.value().challenge);
+    ASSERT_EQ(token.timestamp, deserialized.value().timestamp);
+    ASSERT_EQ(token.securityLevel, deserialized.value().securityLevel);
+    ASSERT_EQ(0u, deserialized.value().parametersVerified.size());
+    ASSERT_EQ(token.mac, deserialized.value().mac);
+}
+
+TEST(VerificationTokenSeralizationTest, SerializationTestNoMac) {
+    VerificationToken token;
+    token.challenge = 12345;
+    token.timestamp = 67890;
+    token.securityLevel = SecurityLevel::TRUSTED_ENVIRONMENT;
+    token.mac.resize(0);
+    optional<vector<uint8_t>> serialized = serializeVerificationToken(token);
+    ASSERT_TRUE(serialized.has_value());
+    optional<VerificationToken> deserialized = deserializeVerificationToken(serialized.value());
+    ASSERT_TRUE(deserialized.has_value());
+    ASSERT_EQ(token.challenge, deserialized.value().challenge);
+    ASSERT_EQ(token.timestamp, deserialized.value().timestamp);
+    ASSERT_EQ(token.securityLevel, deserialized.value().securityLevel);
+    ASSERT_EQ(0u, deserialized.value().parametersVerified.size());
+    ASSERT_EQ(token.mac, deserialized.value().mac);
+}
+
+}  // namespace test
+}  // namespace keystore