diff options
| author | Prashant Patil <patilprashant@google.com> | 2023-07-18 14:44:35 +0000 |
|---|---|---|
| committer | Cherrypicker Worker <android-build-cherrypicker-worker@google.com> | 2023-07-20 16:52:20 +0000 |
| commit | 72c483408533a87cc09aa8f055a9687a6ace1a9d (patch) | |
| tree | 14cfbd50d5a5f4c1dd97e6f9acbc883862bc51d1 | |
| parent | f25f780262a441e5513125585e97aee5cccc124f (diff) | |
| download | wycheproof-72c483408533a87cc09aa8f055a9687a6ace1a9d.tar.gz | |
Skipped non-default MGF_DIGEST for Keymint < V3
Although MGF_DIGEST is included in the KeyMint spec since V1, some
implementations (notably the C++ reference implementation) did not
correctly report its presence in key characteristics until V3.
The framework layer decides whether to add the MGF_DIGEST tag to begin()
parameters based on whether there are MGF_DIGEST values in the key
characteristics. The situation above means that this check is only
reliable for an underlying KeyMint implementation of v3 or above.
Hence tests with non-default MGF_DIGEST are skipped for Keymint < V3.
Bug: 289859292
Bug: 289749312
Bug: 287891167
Bug: 287532460
Bug: 290308127
Test: atest CtsKeystoreWycheproofTestCases:com.google.security.wycheproof.RsaOaepTest
Test: atest CtsKeystoreTestCases:android.keystore.cts.CipherTest#testKatBasicWithDifferentProviders
(cherry picked from https://android-review.googlesource.com/q/commit:5c205f68b41024804da7b5dc3a19931ebdaa2760)
Merged-In: I40fdfb14c244be83c19287289603644605e20e94
Change-Id: I40fdfb14c244be83c19287289603644605e20e94
| -rw-r--r-- | keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java | 2 | ||||
| -rw-r--r-- | keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index 14020e0..b08a3c1 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -53,6 +53,8 @@ public class KeyStoreUtil { public static final int KM_VERSION_KEYMASTER_4 = 40; public static final int KM_VERSION_KEYMASTER_4_1 = 41; public static final int KM_VERSION_KEYMINT_1 = 100; + public static final int KM_VERSION_KEYMINT_2 = 200; + public static final int KM_VERSION_KEYMINT_3 = 300; private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384", "sha-256","sha-512"); diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index 29f8905..86e7f62 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -196,10 +196,13 @@ public class RsaOaepTest { String sha = getString(group, "sha"); String mgf = getString(group, "mgf"); String mgfSha = getString(group, "mgfSha"); - // mgfDigest other than SHA-1 are supported from KeyMint V1 and above. + // mgfDigest other than SHA-1 are supported from KeyMint V1 and above but some implementations + // of keymint V1 and V2 (notably the C++ reference implementation) does not include MGF_DIGEST + // tag in key characteriestics hence issue b/287532460 introduced. So non-default MGF_DIGEST is + // tested on Keymint V3 and above. if (!mgfSha.equalsIgnoreCase("SHA-1")) { - assumeTrue("This test is valid for KeyMint version 1 and above.", - KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_1); + assumeTrue("This test is valid for KeyMint version 3 and above.", + KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_3); } PSource p = PSource.PSpecified.DEFAULT; if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) { |