KeyMint VTS: Use a strongbox must support DIGEST for importKey

"ImportWrappedKeyTest.WrongDigest" tried to wrap a keyBlob by one digest type and unwrap it by another digest type. It's been OK for KeyMint implementations to allow unsupported parameters/characteristics at key generation time, and only police their use, at begin() time. However if an implementation wants to secure it at the key generation/importing time the first digest type must be supported by all implementation. Bug: 249276913 Test: VtsAidlKeyMintTargetTest Change-Id: I6bc000026e9e4aec0aa82078a98c75e2d7c56847
2026-02-01 16:50:18 +00:00 · 2022-10-25 20:56:47 +08:00
parent c1c823a9c1
commit 4fdcccc7c0
1 changed files with 2 additions and 2 deletions
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4946,15 +4946,15 @@ TEST_P(ImportWrappedKeyTest, WrongPaddingMode) {
 TEST_P(ImportWrappedKeyTest, WrongDigest) {
    auto wrapping_key_desc = AuthorizationSetBuilder()
                                     .RsaEncryptionKey(2048, 65537)
-                                     .Digest(Digest::SHA_2_512)
                                     .Padding(PaddingMode::RSA_OAEP)
+                                     .Digest(Digest::SHA_2_256)
                                     .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY)
                                     .SetDefaultValidity();

    ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST,
              ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key,
                               AuthorizationSetBuilder()
-                                       .Digest(Digest::SHA_2_256)
+                                       .Digest(Digest::SHA_2_512)
                                       .Padding(PaddingMode::RSA_OAEP)));
 }