Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4fdcccc7 authored by Tommy Chiu's avatar Tommy Chiu
Browse files

KeyMint VTS: Use a strongbox must support DIGEST for importKey 

"ImportWrappedKeyTest.WrongDigest" tried to wrap a keyBlob by one digest
type and unwrap it by another digest type.

It's been OK for KeyMint implementations to allow unsupported
parameters/characteristics at key generation time, and only police their
use, at begin() time. However if an implementation wants to secure it at
the key generation/importing time the first digest type must be
supported by all implementation.

Bug: 249276913
Test: VtsAidlKeyMintTargetTest
Change-Id: I6bc000026e9e4aec0aa82078a98c75e2d7c56847
parent c1c823a9

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+2 −2
Original line number Diff line number Diff line
@@ -4946,15 +4946,15 @@ TEST_P(ImportWrappedKeyTest, WrongPaddingMode) { 
TEST_P(ImportWrappedKeyTest, WrongDigest) {

    auto wrapping_key_desc = AuthorizationSetBuilder()

                                     .RsaEncryptionKey(2048, 65537)

                                     .Digest(Digest::SHA_2_512)

                                     .Padding(PaddingMode::RSA_OAEP)

                                     .Digest(Digest::SHA_2_256)

                                     .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY)

                                     .SetDefaultValidity();



    ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST,

              ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key,

                               AuthorizationSetBuilder()

                                       .Digest(Digest::SHA_2_256)

                                       .Digest(Digest::SHA_2_512)

                                       .Padding(PaddingMode::RSA_OAEP)));

}