From 4fdcccc7c0cd2eef11123ab776ba4696d4a1584d Mon Sep 17 00:00:00 2001 From: Tommy Chiu Date: Tue, 25 Oct 2022 20:56:47 +0800 Subject: [PATCH] KeyMint VTS: Use a strongbox must support DIGEST for importKey "ImportWrappedKeyTest.WrongDigest" tried to wrap a keyBlob by one digest type and unwrap it by another digest type. It's been OK for KeyMint implementations to allow unsupported parameters/characteristics at key generation time, and only police their use, at begin() time. However if an implementation wants to secure it at the key generation/importing time the first digest type must be supported by all implementation. Bug: 249276913 Test: VtsAidlKeyMintTargetTest Change-Id: I6bc000026e9e4aec0aa82078a98c75e2d7c56847 --- security/keymint/aidl/vts/functional/KeyMintTest.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 4f5d821684..2194529055 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -4946,15 +4946,15 @@ TEST_P(ImportWrappedKeyTest, WrongPaddingMode) { TEST_P(ImportWrappedKeyTest, WrongDigest) { auto wrapping_key_desc = AuthorizationSetBuilder() .RsaEncryptionKey(2048, 65537) - .Digest(Digest::SHA_2_512) .Padding(PaddingMode::RSA_OAEP) + .Digest(Digest::SHA_2_256) .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY) .SetDefaultValidity(); ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key, AuthorizationSetBuilder() - .Digest(Digest::SHA_2_256) + .Digest(Digest::SHA_2_512) .Padding(PaddingMode::RSA_OAEP))); }