commit 207322654aa4d0fcc60ba2d19324d7cbda41dc15
author Shawn Willden <swillden@google.com> Fri Apr 21 16:36:00 2023 -0600
committer Shawn Willden <swillden@google.com> Fri Apr 21 16:51:33 2023 -0600
tree a3f9ccd872ceb0a9a4ddd969f1b18692a3425cad
parent c054e7fda981da1c8d3f35098a3d3f80569d7391

Check for MGF1 digests in key characteristics.

A bug in the Trusty HAL service caused it to replace MGF1 digest tags
with Tag::INVALID.  This tests that MGF1 tags are returned properly in
the MGF1 success test, and verifies that Tag::INVALID is never
returned by any test.

Bug: 278157584
Test: adb shell /data/nativetest/VtsAidlKeyMintTargetTest/VtsAidlKeyMintTargetTest
Change-Id: I5d391310795c99f37acf3c48310c127a7a31fac3

security/keymint/aidl/vts/functional/KeyMintTest.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index e99149b..0a70baf 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -5314,6 +5314,20 @@
                                                  .Digest(Digest::SHA_2_256)
                                                  .SetDefaultValidity()));
 
+    std::vector<Digest> mgf1DigestsInAuths;
+    mgf1DigestsInAuths.reserve(digests.size());
+    const auto& hw_auths = SecLevelAuthorizations(key_characteristics_);
+    std::for_each(hw_auths.begin(), hw_auths.end(), [&](auto& param) {
+        if (param.tag == Tag::RSA_OAEP_MGF_DIGEST) {
+            KeyParameterValue value = param.value;
+            mgf1DigestsInAuths.push_back(param.value.template get<KeyParameterValue::digest>());
+        }
+    });
+
+    std::sort(digests.begin(), digests.end());
+    std::sort(mgf1DigestsInAuths.begin(), mgf1DigestsInAuths.end());
+    EXPECT_EQ(digests, mgf1DigestsInAuths);
+
     string message = "Hello";
 
     for (auto digest : digests) {