Key{Mint,Master} VTS: fix incremental AES tags

Change Id62fdce65131ee00c88e5849955a937f1c171748 split up the AES
incremental encryption tests into individual tests for each encryption
mode.  This meant that each generated key is only valid for a single
mode, which in turn means that for non-GCM mode keys it is not valid
to specify MIN_MAC_LENGTH.

Bug: 223934835
Test: VtsAidlKeyMintTargetTest
Change-Id: I38f34f60116bde3d23f203365d62e5b25d7b254b

1 files changed, 9 insertions, 6 deletions

diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index 5c3576e225..315a4bd08a 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -445,12 +445,15 @@ string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_
 
 void KeymasterHidlTest::CheckAesIncrementalEncryptOperation(BlockMode block_mode,
                                                             int message_size) {
-    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
-                                                 .Authorization(TAG_NO_AUTH_REQUIRED)
-                                                 .AesEncryptionKey(128)
-                                                 .BlockMode(block_mode)
-                                                 .Padding(PaddingMode::NONE)
-                                                 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
+    auto builder = AuthorizationSetBuilder()
+                           .Authorization(TAG_NO_AUTH_REQUIRED)
+                           .AesEncryptionKey(128)
+                           .BlockMode(block_mode)
+                           .Padding(PaddingMode::NONE);
+    if (block_mode == BlockMode::GCM) {
+        builder.Authorization(TAG_MIN_MAC_LENGTH, 128);
+    }
+    ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
 
     for (int increment = 1; increment <= message_size; ++increment) {
         string message(message_size, 'a');