Fix SignatureTest CTS failures in keymaster1_legacy_support
Under certain circumstances the heuristic which determines whether a
begin operation should be send to the wrapped KM1 device or the software
implementation fails sends a request to the wrapped device which then
fails with the wrong error code due to unsupported digests.
1. Begin operations on keys without purpose authorization with
purpose verify and a digest which is unsupported by the wrapped KM1
implementation and which is also not authorized.
2. Begin operations on keys with purpose authorization other than verify
which request purpose verify and a digest unsupported by the wrapped
KM1 implementation which is also not authorized.
In both cases the keymaster device should not fail. But because the
heuristic send the begin request to the wrapped implementation and an
unsupported digest is request the wrapped HAL diagnoses an unsupported
digest and fails.
This patch fixes the heuristic in that it sends all requests for keys
without purpose authorizations (1.) to the software implementation, and
it takes the requested digest into account (2.) rather than relying only
on the key characteristics.
Test: atest android.keystore.cts.SignatureTest
Running on a device with lagacy KM1 HAL with limited digest
support.
Bug: 77230940
Merged-In: Ia95f737ace5ec05a3b900a895a49e7f007e5e1db
Change-Id: Ia95f737ace5ec05a3b900a895a49e7f007e5e1db
(cherry picked from commit 82350f7bb3b2d07e92599926c978d914da300866)
2 files changed