Implement and integrate the verification token handler.
This CL implements a background task handler which for now, runs
a thread to retrieve verification tokens. This CL also integrates
this handler with the enforcement module, in order to allow operations
to receive verification tokens.
Bug: 171503362, 171503128
Test: TBD
Change-Id: I2ed0742043095dafb3b5cb7581ca3a2a70929ecc
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index c5b5da0..079e92a 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -21,7 +21,6 @@
HardwareAuthenticatorType::HardwareAuthenticatorType, IKeyMintDevice::IKeyMintDevice,
KeyCreationResult::KeyCreationResult, KeyFormat::KeyFormat, KeyParameter::KeyParameter,
KeyParameterValue::KeyParameterValue, SecurityLevel::SecurityLevel, Tag::Tag,
- VerificationToken::VerificationToken,
};
use android_system_keystore2::aidl::android::system::keystore2::{
AuthenticatorSpec::AuthenticatorSpec, CreateOperationResponse::CreateOperationResponse,
@@ -51,7 +50,6 @@
};
use anyhow::{Context, Result};
use binder::{IBinder, Interface, ThreadState};
-use std::sync::mpsc::channel;
/// Implementation of the IKeystoreSecurityLevel Interface.
pub struct KeystoreSecurityLevel {
@@ -284,9 +282,13 @@
ENFORCEMENTS.insert_to_op_auth_map(begin_result.challenge);
}
AuthTokenHandler::VerificationRequired(auth_token) => {
- let (_sender, receiver) = channel::<(HardwareAuthToken, VerificationToken)>();
- //TODO: call the worker thread and hand over the sender, auth token and challenge
- auth_token_handler = AuthTokenHandler::Channel(receiver);
+ //request a verification token, given the auth token and the challenge
+ auth_token_handler = ENFORCEMENTS
+ .request_verification_token(
+ auth_token,
+ OperationChallenge { challenge: begin_result.challenge },
+ )
+ .context("In create_operation.")?;
}
_ => {}
}