From 1a637199e4fa0f8f8880471f481a312f0895fafd Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Mon, 14 Mar 2022 09:11:29 +0000
Subject: [PATCH] Key{Mint,Master} VTS: fix incremental AES tags

Change Id62fdce65131ee00c88e5849955a937f1c171748 split up the AES
incremental encryption tests into individual tests for each encryption
mode.  This meant that each generated key is only valid for a single
mode, which in turn means that for non-GCM mode keys it is not valid
to specify MIN_MAC_LENGTH.

Bug: 223934835
Test: VtsAidlKeyMintTargetTest
Change-Id: I38f34f60116bde3d23f203365d62e5b25d7b254b
---
 .../4.0/vts/functional/KeymasterHidlTest.cpp      | 15 +++++++++------
 .../aidl/vts/functional/KeyMintAidlTestBase.cpp   | 15 +++++++++------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index 5c3576e225..315a4bd08a 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -445,12 +445,15 @@ string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_
 
 void KeymasterHidlTest::CheckAesIncrementalEncryptOperation(BlockMode block_mode,
                                                             int message_size) {
-    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
-                                                 .Authorization(TAG_NO_AUTH_REQUIRED)
-                                                 .AesEncryptionKey(128)
-                                                 .BlockMode(block_mode)
-                                                 .Padding(PaddingMode::NONE)
-                                                 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
+    auto builder = AuthorizationSetBuilder()
+                           .Authorization(TAG_NO_AUTH_REQUIRED)
+                           .AesEncryptionKey(128)
+                           .BlockMode(block_mode)
+                           .Padding(PaddingMode::NONE);
+    if (block_mode == BlockMode::GCM) {
+        builder.Authorization(TAG_MIN_MAC_LENGTH, 128);
+    }
+    ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
 
     for (int increment = 1; increment <= message_size; ++increment) {
         string message(message_size, 'a');
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index c17a0b8f83..c174c02370 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -667,12 +667,15 @@ string KeyMintAidlTestBase::MacMessage(const string& message, Digest digest, siz
 
 void KeyMintAidlTestBase::CheckAesIncrementalEncryptOperation(BlockMode block_mode,
                                                               int message_size) {
-    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
-                                                 .Authorization(TAG_NO_AUTH_REQUIRED)
-                                                 .AesEncryptionKey(128)
-                                                 .BlockMode(block_mode)
-                                                 .Padding(PaddingMode::NONE)
-                                                 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
+    auto builder = AuthorizationSetBuilder()
+                           .Authorization(TAG_NO_AUTH_REQUIRED)
+                           .AesEncryptionKey(128)
+                           .BlockMode(block_mode)
+                           .Padding(PaddingMode::NONE);
+    if (block_mode == BlockMode::GCM) {
+        builder.Authorization(TAG_MIN_MAC_LENGTH, 128);
+    }
+    ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
 
     for (int increment = 1; increment <= message_size; ++increment) {
         string message(message_size, 'a');