commit 207322654aa4d0fcc60ba2d19324d7cbda41dc15
author Shawn Willden <swillden@google.com> Fri Apr 21 16:36:00 2023 -0600
committer Shawn Willden <swillden@google.com> Fri Apr 21 16:51:33 2023 -0600
tree a3f9ccd872ceb0a9a4ddd969f1b18692a3425cad
parent c054e7fda981da1c8d3f35098a3d3f80569d7391

Check for MGF1 digests in key characteristics.

A bug in the Trusty HAL service caused it to replace MGF1 digest tags
with Tag::INVALID.  This tests that MGF1 tags are returned properly in
the MGF1 success test, and verifies that Tag::INVALID is never
returned by any test.

Bug: 278157584
Test: adb shell /data/nativetest/VtsAidlKeyMintTargetTest/VtsAidlKeyMintTargetTest
Change-Id: I5d391310795c99f37acf3c48310c127a7a31fac3

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 5e27bd0..60d8748 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -71,6 +71,11 @@
 // additional overhead, for the digest algorithmIdentifier required by PKCS#1.
 const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11;
 
+size_t count_tag_invalid_entries(const std::vector<KeyParameter>& authorizations) {
+    return std::count_if(authorizations.begin(), authorizations.end(),
+                         [](const KeyParameter& e) -> bool { return e.tag == Tag::INVALID; });
+}
+
 typedef KeyMintAidlTestBase::KeyData KeyData;
 // Predicate for testing basic characteristics validity in generation or import.
 bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
@@ -84,6 +89,8 @@
             return false;
         }
 
+        EXPECT_EQ(count_tag_invalid_entries(entry.authorizations), 0);
+
         // Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
         if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;