Test failure arms for auth-bound keys
Testing successful operations requires interaction with authenticators
(e.g. Gatekeeper), but it is possible to test various authentication
failure cases.
Test: keystore2_client_tests auth_bound
Test: keystore2_client_tests unlocked_device_required
Change-Id: Ie4e675ca5f19660b9f8efdc70185ba2cf9ea0c23
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
index e63ee60..c40e944 100644
--- a/keystore2/test_utils/key_generations.rs
+++ b/keystore2/test_utils/key_generations.rs
@@ -392,6 +392,25 @@
})
}
+/// Check for a specific KeyMint error.
+pub fn assert_km_error<T: std::fmt::Debug>(result: &BinderResult<T>, want: ErrorCode) {
+ match result {
+ Ok(_) => panic!("Expected KeyMint error {want:?}, found success"),
+ Err(s) => {
+ assert_eq!(
+ s.exception_code(),
+ ExceptionCode::SERVICE_SPECIFIC,
+ "Expected KeyMint service-specific error {want:?}, got {result:?}"
+ );
+ assert_eq!(
+ s.service_specific_error(),
+ want.0,
+ "Expected KeyMint service-specific error {want:?}, got {result:?}"
+ );
+ }
+ }
+}
+
/// Get the value of the given system property, if the given system property doesn't exist
/// then returns an empty byte vector.
pub fn get_system_prop(name: &str) -> Vec<u8> {