Merge "Check for MGF1 digests in key characteristics."
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index b79700f..12b21c1 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -71,6 +71,11 @@
// additional overhead, for the digest algorithmIdentifier required by PKCS#1.
const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11;
+size_t count_tag_invalid_entries(const std::vector<KeyParameter>& authorizations) {
+ return std::count_if(authorizations.begin(), authorizations.end(),
+ [](const KeyParameter& e) -> bool { return e.tag == Tag::INVALID; });
+}
+
typedef KeyMintAidlTestBase::KeyData KeyData;
// Predicate for testing basic characteristics validity in generation or import.
bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
@@ -84,6 +89,8 @@
return false;
}
+ EXPECT_EQ(count_tag_invalid_entries(entry.authorizations), 0);
+
// Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c534a37..43dc626 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -5287,6 +5287,20 @@
.Digest(Digest::SHA_2_256)
.SetDefaultValidity()));
+ std::vector<Digest> mgf1DigestsInAuths;
+ mgf1DigestsInAuths.reserve(digests.size());
+ const auto& hw_auths = SecLevelAuthorizations(key_characteristics_);
+ std::for_each(hw_auths.begin(), hw_auths.end(), [&](auto& param) {
+ if (param.tag == Tag::RSA_OAEP_MGF_DIGEST) {
+ KeyParameterValue value = param.value;
+ mgf1DigestsInAuths.push_back(param.value.template get<KeyParameterValue::digest>());
+ }
+ });
+
+ std::sort(digests.begin(), digests.end());
+ std::sort(mgf1DigestsInAuths.begin(), mgf1DigestsInAuths.end());
+ EXPECT_EQ(digests, mgf1DigestsInAuths);
+
string message = "Hello";
for (auto digest : digests) {