From aeb530a5a74acddd0badc78af47fce57db8c4644 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Tue, 5 Mar 2024 21:38:20 +0000 Subject: [PATCH] libutee: process a full buffer immediately In tee_buffer_update, libutee currently delays processing an input block until more space is needed in the buffer, which is perfectly valid behavior, but doesn't match AOSP compatibility requirements. Specifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS (EncryptionOperationsTest.*OneByteAtATime [2]) expect block cipher implementations to produce an output block as soon as a full block of input has been received. Change libutee behavior to be AOSP compatible. Link: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1] Link: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#827 [2] Signed-off-by: Sami Tolvanen Reviewed-by: Jens Wiklander --- lib/libutee/tee_api_operations.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/libutee/tee_api_operations.c b/lib/libutee/tee_api_operations.c index 752425ae962..84d076889fc 100644 --- a/lib/libutee/tee_api_operations.c +++ b/lib/libutee/tee_api_operations.c @@ -1118,6 +1118,12 @@ static TEE_Result tee_buffer_update( l = ROUNDUP(op->buffer_offs + slen - buffer_size, op->block_size); l = MIN(op->buffer_offs, l); + /* + * If we're buffering only a single block, process it + * immediately. + */ + if (!op->buffer_two_blocks) + l = op->block_size; tmp_dlen = dlen; res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); if (res != TEE_SUCCESS)