Make KM_PAD_NONE and KM_DIGEST_NONE mean any padding or digest.
Cherry-picked from internal.
Bug: 21777596
Change-Id: I918aa71158eb43c066576e59dcf713d38f4308d1
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 3f95f76..219146b 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp
@@ -460,6 +460,19 @@
EXPECT_EQ(3, GetParam()->keymaster0_calls());
}
+TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
+ ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(512, 3)
+ .Digest(KM_DIGEST_NONE)
+ .Padding(KM_PAD_NONE)));
+ string message = "12345678901234567890123456789012";
+ string signature;
+ SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
+
+ if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
+ EXPECT_EQ(3, GetParam()->keymaster0_calls());
+}
+
TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(512, 3)
diff --git a/operation.cpp b/operation.cpp
index c7f0ff8..de030a0 100644
--- a/operation.cpp
+++ b/operation.cpp
@@ -59,8 +59,13 @@
} else if (!supported(*padding)) {
LOG_E("Padding mode %d not supported", *padding);
return false;
- } else if (!key.authorizations().Contains(TAG_PADDING, *padding) &&
- !key.authorizations().Contains(TAG_PADDING_OLD, *padding)) {
+ } else if (
+ // If key contains KM_PAD_NONE, all padding modes are authorized.
+ !key.authorizations().Contains(TAG_PADDING, KM_PAD_NONE) &&
+ !key.authorizations().Contains(TAG_PADDING_OLD, KM_PAD_NONE) &&
+ // Otherwise the key needs to authorize the specific mode.
+ !key.authorizations().Contains(TAG_PADDING, *padding) &&
+ !key.authorizations().Contains(TAG_PADDING_OLD, *padding)) {
LOG_E("Padding mode %d was specified, but not authorized by key", *padding);
*error = KM_ERROR_INCOMPATIBLE_PADDING_MODE;
return false;
@@ -80,8 +85,13 @@
} else if (!supported(*digest)) {
LOG_E("Digest %d not supported", *digest);
return false;
- } else if (!key.authorizations().Contains(TAG_DIGEST, *digest) &&
- !key.authorizations().Contains(TAG_DIGEST_OLD, *digest)) {
+ } else if (
+ // If key contains KM_DIGEST_NONE, all digests are authorized.
+ !key.authorizations().Contains(TAG_DIGEST, KM_DIGEST_NONE) &&
+ !key.authorizations().Contains(TAG_DIGEST_OLD, KM_DIGEST_NONE) &&
+ // Otherwise the key needs to authorize the specific digest.
+ !key.authorizations().Contains(TAG_DIGEST, *digest) &&
+ !key.authorizations().Contains(TAG_DIGEST_OLD, *digest)) {
LOG_E("Digest %d was specified, but not authorized by key", *digest);
*error = KM_ERROR_INCOMPATIBLE_DIGEST;
return false;
diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index 4b66b34..ede5b81 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp
@@ -216,6 +216,8 @@
}
if (EVP_MD_size(digest_algorithm_) + PSS_OVERHEAD + MIN_SALT_SIZE >
(size_t)EVP_PKEY_size(rsa_key_)) {
+ LOG_E("%d-byte digest cannot be used with %d-byte RSA key in PSS padding mode",
+ EVP_MD_size(digest_algorithm_), EVP_PKEY_size(rsa_key_));
*error = KM_ERROR_INCOMPATIBLE_DIGEST;
return -1;
}