Add compatibility wrappers for ISecureClock and ISharedSecret
Test: keystore2_km_compat_test
Change-Id: I0a5361e36298b6d240818dc83f4210f9ecb213af
diff --git a/keystore2/src/km_compat/lib.rs b/keystore2/src/km_compat/lib.rs
index 6d3aa96..aed0e7e 100644
--- a/keystore2/src/km_compat/lib.rs
+++ b/keystore2/src/km_compat/lib.rs
@@ -37,10 +37,12 @@
use android_hardware_security_keymint::binder;
use android_security_compat::aidl::android::security::compat::IKeystoreCompatService::IKeystoreCompatService;
+ static COMPAT_NAME: &str = "android.security.compat";
+
fn get_device() -> Box<dyn IKeyMintDevice> {
add_keymint_device_service();
let compat_service: Box<dyn IKeystoreCompatService> =
- binder::get_interface("android.security.compat").unwrap();
+ binder::get_interface(COMPAT_NAME).unwrap();
compat_service.getKeyMintDevice(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap()
}
@@ -55,15 +57,6 @@
}
#[test]
- fn test_verify_authorization() {
- use android_hardware_security_keymint::aidl::android::hardware::security::keymint::HardwareAuthToken::HardwareAuthToken;
- let legacy = get_device();
- let result = legacy.verifyAuthorization(0, &HardwareAuthToken::default());
- assert!(result.is_err());
- assert_eq!(result.unwrap_err().service_specific_error(), ErrorCode::UNIMPLEMENTED.0,);
- }
-
- #[test]
fn test_add_rng_entropy() {
let legacy = get_device();
let result = legacy.addRngEntropy(&[42; 16]);
@@ -306,4 +299,36 @@
assert!(result.is_ok(), "{:?}", result);
assert!(out_params.is_some());
}
+
+ #[test]
+ fn test_secure_clock() {
+ add_keymint_device_service();
+ let compat_service: Box<dyn IKeystoreCompatService> =
+ binder::get_interface(COMPAT_NAME).unwrap();
+ let secure_clock = compat_service.getSecureClock().unwrap();
+
+ let challenge = 42;
+ let result = secure_clock.generateTimeStamp(challenge);
+ assert!(result.is_ok(), "{:?}", result);
+ let result = result.unwrap();
+ assert_eq!(result.challenge, challenge);
+ assert_eq!(result.mac.len(), 32);
+ }
+
+ #[test]
+ fn test_shared_secret() {
+ add_keymint_device_service();
+ let compat_service: Box<dyn IKeystoreCompatService> =
+ binder::get_interface(COMPAT_NAME).unwrap();
+ let shared_secret =
+ compat_service.getSharedSecret(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+
+ let result = shared_secret.getSharedSecretParameters();
+ assert!(result.is_ok(), "{:?}", result);
+ let params = result.unwrap();
+
+ let result = shared_secret.computeSharedSecret(&[params]);
+ assert!(result.is_ok(), "{:?}", result);
+ assert_ne!(result.unwrap().len(), 0);
+ }
}