Insert DEFAULT_MGF1_DIGEST SHA-1 on MGF_DIGEST tag when ImportWrappedKey (8cbd940d) · Commits · e / os / android_frameworks_base

Commit 8cbd940d authored Jun 29, 2023 by Jaeyoon Lee

Insert DEFAULT_MGF1_DIGEST SHA-1 on MGF_DIGEST tag when ImportWrappedKey

SecureKeyImport is failed because of MGF_DIGEST tag mismatch.
wrapping key has MGF_DIGEST tag when generate or import key
but importWrappedKey logic does not have MGF_DIGEST tag on WrappedKeyEntry
So MGF_DIGEST tat mismatch error occur when decrypt wrapped key using wrapping key

Insert SHA-1 value on MGF_DIGEST tag because ImportWrappedKey should have spcified format
that keymint is compulsorily checking main digest SHA-256 and MGF digest SHA-1.

And MGF_DIGEST tag will add only wrappingkey has MGF_DIGEST value
in order not to affect keys generated prior to Android14.

Bug: 277853193
Test: android.keystore.cts.ImportWrappedKeyTest#testKeyStore_ImportWrappedKey
Change-Id: Id7229a763e3041ffbe73989a2bb24306b7beb7a5
Signed-off-by: Jaeyoon Lee <joyful.lee@samsung.corp-partner.google.com>

parent a680cb9c

Hide whitespace changes

Inline Side-by-side

Please register or to comment