Merge "Check for MGF1 digests in key characteristics."

2023-06-26 17:22:09 +00:00 · 2023-06-26 17:22:09 +00:00 · efb4b9397a
commit efb4b9397a
parent ed0da8c243 207322654a
2 changed files with 21 additions and 0 deletions
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@ -71,6 +71,11 @@ const uint32_t kInvalidPatchlevel = 99998877;
 // additional overhead, for the digest algorithmIdentifier required by PKCS#1.
 const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11;

+size_t count_tag_invalid_entries(const std::vector<KeyParameter>& authorizations) {
+    return std::count_if(authorizations.begin(), authorizations.end(),
+                         [](const KeyParameter& e) -> bool { return e.tag == Tag::INVALID; });
+}
+
 typedef KeyMintAidlTestBase::KeyData KeyData;
 // Predicate for testing basic characteristics validity in generation or import.
 bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
@ -84,6 +89,8 @@ bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
            return false;
        }

+        EXPECT_EQ(count_tag_invalid_entries(entry.authorizations), 0);
+
        // Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
        if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;

--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@ -5287,6 +5287,20 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFDigestSuccess) {
                                                 .Digest(Digest::SHA_2_256)
                                                 .SetDefaultValidity()));

+    std::vector<Digest> mgf1DigestsInAuths;
+    mgf1DigestsInAuths.reserve(digests.size());
+    const auto& hw_auths = SecLevelAuthorizations(key_characteristics_);
+    std::for_each(hw_auths.begin(), hw_auths.end(), [&](auto& param) {
+        if (param.tag == Tag::RSA_OAEP_MGF_DIGEST) {
+            KeyParameterValue value = param.value;
+            mgf1DigestsInAuths.push_back(param.value.template get<KeyParameterValue::digest>());
+        }
+    });
+
+    std::sort(digests.begin(), digests.end());
+    std::sort(mgf1DigestsInAuths.begin(), mgf1DigestsInAuths.end());
+    EXPECT_EQ(digests, mgf1DigestsInAuths);
+
    string message = "Hello";

    for (auto digest : digests) {