Fix off-by-one error in PKCS#1 v1.5 encryption padding size.
Cherry-picked from internal.
Change-Id: I812639dd5111a4ca0d96e187752503038cf25525
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index e3faefa..5534a3c 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp
@@ -1379,7 +1379,7 @@
TEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) {
ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
- string message = "12345678901234567890123456789012345678901234567890123";
+ string message = "123456789012345678901234567890123456789012345678901234";
string result;
size_t input_consumed;
diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index a4a2b6d..2c3db2e 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp
@@ -483,7 +483,7 @@
return KM_ERROR_VERIFICATION_FAILED;
}
-const int OAEP_PADDING_OVERHEAD = 41;
+const int OAEP_PADDING_OVERHEAD = 42;
const int PKCS1_PADDING_OVERHEAD = 11;
keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& /* additional_params */,
@@ -501,7 +501,7 @@
switch (padding_) {
case KM_PAD_RSA_OAEP:
openssl_padding = RSA_PKCS1_OAEP_PADDING;
- if (message_size + OAEP_PADDING_OVERHEAD >= key_len) {
+ if (message_size + OAEP_PADDING_OVERHEAD > key_len) {
LOG_E("Cannot encrypt %d bytes with %d-byte key and OAEP padding",
data_.available_read(), key_len);
return KM_ERROR_INVALID_INPUT_LENGTH;
@@ -509,7 +509,7 @@
break;
case KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
openssl_padding = RSA_PKCS1_PADDING;
- if (message_size + PKCS1_PADDING_OVERHEAD >= key_len) {
+ if (message_size + PKCS1_PADDING_OVERHEAD > key_len) {
LOG_E("Cannot encrypt %d bytes with %d-byte key and PKCS1 padding",
data_.available_read(), key_len);
return KM_ERROR_INVALID_INPUT_LENGTH;
