commit b419a17dba3bfb4866c86b0930d1ecf74adc7340
author Yan, Shaopu <shaopu.yan@intel.com> Fri Aug 24 14:17:00 2018 -0700
committer android-build-merger <android-build-merger@google.com> Fri Aug 24 14:17:00 2018 -0700
tree de99236f37f65bf86a6de4c535e52d04b211c74a
parent 4d2e6e154310a8f9f5d5c155b6c1d643388f33d3
parent 8079cfe99bc067491fd82efd22953daadb17e53b

fix the wrong index issue in AuthProxy operator
am: 8079cfe99b

Change-Id: I5d5b95d6da73af075e2eee9c4d3aa5536fe563d5

android_keymaster/operation.cpp

diff --git a/android_keymaster/operation.cpp b/android_keymaster/operation.cpp
index 0edc70f..127aeb6 100644
--- a/android_keymaster/operation.cpp
+++ b/android_keymaster/operation.cpp
@@ -116,8 +116,13 @@
                                             keymaster_error_t* error) const {
     *error = KM_ERROR_UNSUPPORTED_DIGEST;
     if (!begin_params.GetTagValue(TAG_DIGEST, digest)) {
-        LOG_E("%d digests specified in begin params", begin_params.GetTagCount(TAG_DIGEST));
-        return false;
+        if (key.authorizations().Contains(TAG_DIGEST, KM_DIGEST_NONE)) {
+            *digest = KM_DIGEST_NONE;
+        } else {
+            LOG_E("%d digests specified in begin params and NONE not authorized",
+                    begin_params.GetTagCount(TAG_DIGEST));
+            return false;
+        }
     } else if (!supported(*digest)) {
         LOG_E("Digest %d not supported", *digest);
         return false;

legacy_support/rsa_keymaster1_operation.cpp

diff --git a/legacy_support/rsa_keymaster1_operation.cpp b/legacy_support/rsa_keymaster1_operation.cpp
index f8241d6..dd2c094 100644
--- a/legacy_support/rsa_keymaster1_operation.cpp
+++ b/legacy_support/rsa_keymaster1_operation.cpp
@@ -47,15 +47,20 @@
     // that layer.
     AuthorizationSet begin_params(input_params);
     int pos = begin_params.find(TAG_DIGEST);
-    if (pos == -1)
-        return KM_ERROR_UNSUPPORTED_DIGEST;
-    begin_params[pos].enumerated = KM_DIGEST_NONE;
+    if (pos == -1) {
+        // If we reach this point with no digest given. It was verified that KM_DIGEST_NONE was
+        // authorized by OperationFactory::GetAndValidateDigest. So no DIGEST given may imply
+        // KM_DIGEST_NONE.
+        begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
+    } else {
+        begin_params[pos].enumerated = KM_DIGEST_NONE;
+    }
 
     pos = begin_params.find(TAG_PADDING);
     if (pos == -1)
         return KM_ERROR_UNSUPPORTED_PADDING_MODE;
     switch (begin_params[pos].enumerated) {
-
+    case KM_PAD_NONE:
     case KM_PAD_RSA_PSS:
     case KM_PAD_RSA_OAEP:
         key_data->expected_openssl_padding = RSA_NO_PADDING;