fix the wrong index issue in AuthProxy operator
am: 8079cfe99b
Change-Id: I5d5b95d6da73af075e2eee9c4d3aa5536fe563d5
diff --git a/android_keymaster/operation.cpp b/android_keymaster/operation.cpp
index 0edc70f..127aeb6 100644
--- a/android_keymaster/operation.cpp
+++ b/android_keymaster/operation.cpp
@@ -116,8 +116,13 @@
keymaster_error_t* error) const {
*error = KM_ERROR_UNSUPPORTED_DIGEST;
if (!begin_params.GetTagValue(TAG_DIGEST, digest)) {
- LOG_E("%d digests specified in begin params", begin_params.GetTagCount(TAG_DIGEST));
- return false;
+ if (key.authorizations().Contains(TAG_DIGEST, KM_DIGEST_NONE)) {
+ *digest = KM_DIGEST_NONE;
+ } else {
+ LOG_E("%d digests specified in begin params and NONE not authorized",
+ begin_params.GetTagCount(TAG_DIGEST));
+ return false;
+ }
} else if (!supported(*digest)) {
LOG_E("Digest %d not supported", *digest);
return false;
diff --git a/legacy_support/rsa_keymaster1_operation.cpp b/legacy_support/rsa_keymaster1_operation.cpp
index f8241d6..dd2c094 100644
--- a/legacy_support/rsa_keymaster1_operation.cpp
+++ b/legacy_support/rsa_keymaster1_operation.cpp
@@ -47,15 +47,20 @@
// that layer.
AuthorizationSet begin_params(input_params);
int pos = begin_params.find(TAG_DIGEST);
- if (pos == -1)
- return KM_ERROR_UNSUPPORTED_DIGEST;
- begin_params[pos].enumerated = KM_DIGEST_NONE;
+ if (pos == -1) {
+ // If we reach this point with no digest given. It was verified that KM_DIGEST_NONE was
+ // authorized by OperationFactory::GetAndValidateDigest. So no DIGEST given may imply
+ // KM_DIGEST_NONE.
+ begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
+ } else {
+ begin_params[pos].enumerated = KM_DIGEST_NONE;
+ }
pos = begin_params.find(TAG_PADDING);
if (pos == -1)
return KM_ERROR_UNSUPPORTED_PADDING_MODE;
switch (begin_params[pos].enumerated) {
-
+ case KM_PAD_NONE:
case KM_PAD_RSA_PSS:
case KM_PAD_RSA_OAEP:
key_data->expected_openssl_padding = RSA_NO_PADDING;