From 05d1bc27ebaa52f03099b2cfcc70d78f0c10b8d4 Mon Sep 17 00:00:00 2001
From: Christian Petrov <cpetrov@eclipsesource.com>
Date: Mon, 18 Dec 2023 19:17:42 +0000
Subject: [PATCH] Support requiring auth for keys generated outside of TEE on
 Android

This can be useful for older TEE versions that do not support certain
key types.
---
 src/tabris/Crypto.ts       |  4 ++--
 test/tabris/Crypto.test.ts | 13 +++++++++++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/tabris/Crypto.ts b/src/tabris/Crypto.ts
index dcb9733c..72cb9fef 100644
--- a/src/tabris/Crypto.ts
+++ b/src/tabris/Crypto.ts
@@ -241,8 +241,8 @@ class SubtleCrypto {
       if ('usageRequiresAuth' in options) {
         checkType(options.usageRequiresAuth, Boolean, {name: 'options.usageRequiresAuth'});
       }
-      if (options.usageRequiresAuth && !options.inTee) {
-        throw new TypeError('options.usageRequiresAuth is only supported for keys in TEE');
+      if (options.usageRequiresAuth && !options.inTee && (tabris as any).device.platform !== 'Android') {
+        throw new TypeError('options.usageRequiresAuth is only supported for keys not in TEE on Android');
       }
     }
     const inTee = options?.inTee;
diff --git a/test/tabris/Crypto.test.ts b/test/tabris/Crypto.test.ts
index 8cb8b311..cea92dbb 100644
--- a/test/tabris/Crypto.test.ts
+++ b/test/tabris/Crypto.test.ts
@@ -1124,13 +1124,22 @@ describe('Crypto', function() {
       expect(client.calls({op: 'create', type: 'tabris.CryptoKey'}).length).to.equal(0);
     });
 
-    it('rejects options.usageRequiresAuth when options.inTee is not set', async function() {
+    it('rejects options.usageRequiresAuth when options.inTee is not set and platform is not Android', async function() {
+      (tabris as any).device.platform = 'iOS';
       params[3] = {usageRequiresAuth: true};
       await expect(generateKey())
-        .rejectedWith(TypeError, 'options.usageRequiresAuth is only supported for keys in TEE');
+        .rejectedWith(TypeError, 'options.usageRequiresAuth is only supported for keys not in TEE on Android');
       expect(client.calls({op: 'create', type: 'tabris.CryptoKey'}).length).to.equal(0);
     });
 
+    it('does not reject options.usageRequiresAuth when options.inTee is not set and platform is Android',
+      async function() {
+        (tabris as any).device.platform = 'Android';
+        params[3] = {usageRequiresAuth: true};
+        await generateKey(param => param.onSuccess());
+        expect(client.calls({op: 'create', type: 'tabris.CryptoKey'}).length).to.be.greaterThan(0);
+      });
+
   });
 
   describe('subtle.sign()', function() {