From c9c8b81a1a857418394a3585c2c13096391b766d Mon Sep 17 00:00:00 2001
From: Prashant Patil <patilprashant@google.com>
Date: Thu, 15 Dec 2022 13:27:44 +0000
Subject: Keystore:Assumption for non default MGF digest.

Support for RSA-OAEP with MGF digest other than SHA1 is added from
KeyMint V1. For older versions this feature is expected to be added in
Software emulation (b/216436980). Until software emulation is
implemented for non-default MGF Digest, the test should be skipped.
Test cases which are using MGF digest other than SHA1 are
skipped by adding the assumption that the underlying Key{Master/Mint}
implementation is greater than or equal to KeyMint V1.

But there are few test vectors failing, which are already reported in
b/258005962 and b/258389371 and those are implementation
issues in KeyMaster and KeyMint of respective devices.

Bug: 262370514
Test: atest CtsKeystoreWycheproofTestCases:com.google.security.wycheproof.RsaOaepTest
Change-Id: I119651788ca1bb5d1a626db0238b4e3631cf8f79
---
 keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java       | 5 +++++
 .../java/com/google/security/wycheproof/testcases/RsaOaepTest.java  | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
index a6c186f..d174cbf 100644
--- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
+++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
@@ -15,6 +15,7 @@ package android.keystore.cts.util;
 
 import android.content.Context;
 import android.security.keystore.KeyProtection;
+import android.keystore.cts.util.TestUtils;
 import androidx.test.core.app.ApplicationProvider;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -86,6 +87,10 @@ public class KeyStoreUtil {
         }
     }
 
+    public static int getFeatureVersionKeystore() {
+        return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext());
+    }
+
     public static boolean hasStrongBox() {
         Context context = ApplicationProvider.getApplicationContext();
         return TestUtils.hasStrongBox(context);
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
index 39a3b0a..ed4987c 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
@@ -15,6 +15,7 @@ package com.google.security.wycheproof;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
 
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
@@ -196,6 +197,11 @@ public class RsaOaepTest {
     String sha = getString(group, "sha");
     String mgf = getString(group, "mgf");
     String mgfSha = getString(group, "mgfSha");
+    // mgfDigest other than SHA-1 are supported from KeyMint V1 and above.
+    if (!mgfSha.equalsIgnoreCase("SHA-1")) {
+      assumeTrue("This test is valid for KeyMint version 1 and above.",
+              KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1);
+    }
     PSource p = PSource.PSpecified.DEFAULT;
     if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) {
       // p = new PSource.PSpecified(getBytes(test, "label"));
-- 
cgit v1.2.3