Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0557be71 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Check for MGF1 digests in key characteristics." am: efb4b939 am: 44502769 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2552043



Change-Id: I4d3687dc7f60471e31df3130edd25c8a7fa47395
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents defdd85a 44502769

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+7 −0
Original line number Diff line number Diff line
@@ -71,6 +71,11 @@ const uint32_t kInvalidPatchlevel = 99998877; 
// additional overhead, for the digest algorithmIdentifier required by PKCS#1.

const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11;



size_t count_tag_invalid_entries(const std::vector<KeyParameter>& authorizations) {

    return std::count_if(authorizations.begin(), authorizations.end(),

                         [](const KeyParameter& e) -> bool { return e.tag == Tag::INVALID; });

}



typedef KeyMintAidlTestBase::KeyData KeyData;

// Predicate for testing basic characteristics validity in generation or import.

bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
@@ -84,6 +89,8 @@ bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel, 
            return false;

        }



        EXPECT_EQ(count_tag_invalid_entries(entry.authorizations), 0);



        // Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.

        if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+14 −0
Original line number Diff line number Diff line
@@ -5287,6 +5287,20 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFDigestSuccess) { 
                                                 .Digest(Digest::SHA_2_256)

                                                 .SetDefaultValidity()));



    std::vector<Digest> mgf1DigestsInAuths;

    mgf1DigestsInAuths.reserve(digests.size());

    const auto& hw_auths = SecLevelAuthorizations(key_characteristics_);

    std::for_each(hw_auths.begin(), hw_auths.end(), [&](auto& param) {

        if (param.tag == Tag::RSA_OAEP_MGF_DIGEST) {

            KeyParameterValue value = param.value;

            mgf1DigestsInAuths.push_back(param.value.template get<KeyParameterValue::digest>());

        }

    });



    std::sort(digests.begin(), digests.end());

    std::sort(mgf1DigestsInAuths.begin(), mgf1DigestsInAuths.end());

    EXPECT_EQ(digests, mgf1DigestsInAuths);



    string message = "Hello";



    for (auto digest : digests) {