Loading security/keymint/aidl/vts/functional/AuthTest.cpp +11 −8 Original line number Original line Diff line number Diff line Loading @@ -350,14 +350,14 @@ TEST_P(AuthTest, TimeoutAuthentication) { // Wait for long enough that the hardware auth token expires. // Wait for long enough that the hardware auth token expires. sleep(timeout_secs + 1); sleep(timeout_secs + 1); if (!timestamp_token_required_) { // KeyMint implementation has its own clock, and can immediately detect timeout. auto begin_result = Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat); EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, if (begin_result == ErrorCode::OK) { Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat)); // If begin() succeeds despite the out-of-date HAT, that must mean that the KeyMint } else { // device doesn't have its own clock. In that case, it only detects timeout via a // KeyMint implementation has no clock, so only detects timeout via timestamp token provided // timestamp token provided on update()/finish() // on update()/finish(). ASSERT_TRUE(timestamp_token_required_); ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat)); secureclock::TimeStampToken time_token; secureclock::TimeStampToken time_token; EXPECT_EQ(ErrorCode::OK, EXPECT_EQ(ErrorCode::OK, GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token))); GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token))); Loading @@ -365,6 +365,9 @@ TEST_P(AuthTest, TimeoutAuthentication) { string output; string output; EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, Finish(message, {} /* signature */, &output, hat, time_token)); Finish(message, {} /* signature */, &output, hat, time_token)); } else { // The KeyMint implementation may have its own clock that can immediately detect timeout. ASSERT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, begin_result); } } } } Loading Loading
security/keymint/aidl/vts/functional/AuthTest.cpp +11 −8 Original line number Original line Diff line number Diff line Loading @@ -350,14 +350,14 @@ TEST_P(AuthTest, TimeoutAuthentication) { // Wait for long enough that the hardware auth token expires. // Wait for long enough that the hardware auth token expires. sleep(timeout_secs + 1); sleep(timeout_secs + 1); if (!timestamp_token_required_) { // KeyMint implementation has its own clock, and can immediately detect timeout. auto begin_result = Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat); EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, if (begin_result == ErrorCode::OK) { Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat)); // If begin() succeeds despite the out-of-date HAT, that must mean that the KeyMint } else { // device doesn't have its own clock. In that case, it only detects timeout via a // KeyMint implementation has no clock, so only detects timeout via timestamp token provided // timestamp token provided on update()/finish() // on update()/finish(). ASSERT_TRUE(timestamp_token_required_); ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params, hat)); secureclock::TimeStampToken time_token; secureclock::TimeStampToken time_token; EXPECT_EQ(ErrorCode::OK, EXPECT_EQ(ErrorCode::OK, GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token))); GetReturnErrorCode(clock_->generateTimeStamp(challenge_, &time_token))); Loading @@ -365,6 +365,9 @@ TEST_P(AuthTest, TimeoutAuthentication) { string output; string output; EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, EXPECT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, Finish(message, {} /* signature */, &output, hat, time_token)); Finish(message, {} /* signature */, &output, hat, time_token)); } else { // The KeyMint implementation may have its own clock that can immediately detect timeout. ASSERT_EQ(ErrorCode::KEY_USER_NOT_AUTHENTICATED, begin_result); } } } } Loading
