From f25f780262a441e5513125585e97aee5cccc124f Mon Sep 17 00:00:00 2001
From: Hasini Gunasinghe <hasinitg@google.com>
Date: Wed, 28 Jun 2023 20:29:22 +0000
Subject: Add checks depending on whether the test is targetting strongbox or
 not

There may be devices which run Keymint in TEE but Keymaster 4.0 in
Strongbox. Any test that sets the MGF digest to use anything other than
SHA-1 should be skipped for Keymaster implementations. The devices
that have different implementations in TEE and Strongbox need the check
added in this CL.

Bug: 288159720
Test: Should be tested on a device with aforementioend configuration.
Change-Id: I4c415ed995a4a3203c9f1aa15a7cdc2cd9b465cb
Merged-In: I4c415ed995a4a3203c9f1aa15a7cdc2cd9b465cb
---
 keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java       | 6 +++++-
 .../java/com/google/security/wycheproof/testcases/RsaOaepTest.java  | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
index ea5d91b..14020e0 100644
--- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
+++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
@@ -91,7 +91,11 @@ public class KeyStoreUtil {
         }
     }
 
-    public static int getFeatureVersionKeystore() {
+    public static int getFeatureVersionKeystore(boolean isStrongBox) {
+        if (isStrongBox) {
+            return TestUtils.getFeatureVersionKeystoreStrongBox(
+            ApplicationProvider.getApplicationContext());
+        }
         return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext());
     }
 
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
index 5eb47e5..29f8905 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
@@ -192,14 +192,14 @@ public class RsaOaepTest {
   }
 
   protected static OAEPParameterSpec getOaepParameters(JsonObject group,
-    JsonObject test) throws Exception {
+    JsonObject test, boolean isStrongBox) throws Exception {
     String sha = getString(group, "sha");
     String mgf = getString(group, "mgf");
     String mgfSha = getString(group, "mgfSha");
     // mgfDigest other than SHA-1 are supported from KeyMint V1 and above.
     if (!mgfSha.equalsIgnoreCase("SHA-1")) {
       assumeTrue("This test is valid for KeyMint version 1 and above.",
-              KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1);
+          KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_1);
     }
     PSource p = PSource.PSpecified.DEFAULT;
     if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) {
@@ -305,7 +305,7 @@ public class RsaOaepTest {
         String messageHex = TestUtil.bytesToHex(getBytes(testcase, "msg"));
         OAEPParameterSpec params;
         try {
-          params = getOaepParameters(group, testcase);
+          params = getOaepParameters(group, testcase, isStrongBox);
         } catch (UnsupportedKeyParametersException e) {
           // TODO This try catch block should be removed once issue b/229183581 is fixed.
           continue;
-- 
cgit v1.2.3