Test failure arms for auth-bound keys
Testing successful operations requires interaction with authenticators
(e.g. Gatekeeper), but it is possible to test various authentication
failure cases.
Test: keystore2_client_tests auth_bound
Test: keystore2_client_tests unlocked_device_required
Change-Id: Ie4e675ca5f19660b9f8efdc70185ba2cf9ea0c23
diff --git a/keystore2/test_utils/authorizations.rs b/keystore2/test_utils/authorizations.rs
index a96d994..d3d6fc4 100644
--- a/keystore2/test_utils/authorizations.rs
+++ b/keystore2/test_utils/authorizations.rs
@@ -18,8 +18,9 @@
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
- KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue, KeyPurpose::KeyPurpose,
- PaddingMode::PaddingMode, Tag::Tag,
+ HardwareAuthenticatorType::HardwareAuthenticatorType, KeyParameter::KeyParameter,
+ KeyParameterValue::KeyParameterValue, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
+ Tag::Tag,
};
/// Helper struct to create set of Authorizations.
@@ -369,6 +370,33 @@
});
self
}
+
+ /// Set user secure ID.
+ pub fn user_secure_id(mut self, sid: i64) -> Self {
+ self.0.push(KeyParameter {
+ tag: Tag::USER_SECURE_ID,
+ value: KeyParameterValue::LongInteger(sid),
+ });
+ self
+ }
+
+ /// Set user auth type.
+ pub fn user_auth_type(mut self, auth_type: HardwareAuthenticatorType) -> Self {
+ self.0.push(KeyParameter {
+ tag: Tag::USER_AUTH_TYPE,
+ value: KeyParameterValue::HardwareAuthenticatorType(auth_type),
+ });
+ self
+ }
+
+ /// Set auth timeout.
+ pub fn auth_timeout(mut self, timeout_secs: i32) -> Self {
+ self.0.push(KeyParameter {
+ tag: Tag::AUTH_TIMEOUT,
+ value: KeyParameterValue::Integer(timeout_secs),
+ });
+ self
+ }
}
impl Deref for AuthSetBuilder {