From d89919bab7a444fd2fc1cb7f60b7e8eaee289ead Mon Sep 17 00:00:00 2001
From: Prashant Patil <patilprashant@google.com>
Date: Thu, 4 May 2023 12:13:01 +0000
Subject: Avoid duplicate entry of digest

While importing RSA-OAEP keys; main and mgf digest are set in same
method and in some test vectors these are same. This could cause error
in some KeyMint implementations. Hence unique digest
parameters are passed.

Bug: 277911910
Test: atest CtsKeystoreWycheproofTestCases:RsaOaepTest
(cherry picked from https://android-review.googlesource.com/q/commit:a2eebd8d7197c4d11022fb45b7f9cbd59bb2f2f5)
Merged-In: I77d69b1dc95c1c0f6fb078cddc648e9f307840bf
Change-Id: I77d69b1dc95c1c0f6fb078cddc648e9f307840bf
---
 .../security/wycheproof/testcases/RsaOaepTest.java | 23 ++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
index 0a82423..9c2cbf5 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
@@ -60,17 +60,20 @@ public class RsaOaepTest {
   private static PrivateKey saveKeyPairToKeystoreAndReturnPrivateKey(PublicKey pubKey,
         PrivateKey privKey, String digest, String mgfDigest, boolean isStrongBox)
           throws Exception {
+    KeyProtection.Builder keyProtection = new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN |
+            KeyProperties.PURPOSE_VERIFY |
+            KeyProperties.PURPOSE_ENCRYPT |
+            KeyProperties.PURPOSE_DECRYPT)
+            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1,
+                    KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
+            .setIsStrongBoxBacked(isStrongBox);
+    if (digest.equalsIgnoreCase(mgfDigest)) {
+      keyProtection.setDigests(digest);
+    } else {
+      keyProtection.setDigests(digest, mgfDigest);
+    }
     return (PrivateKey) KeyStoreUtil.saveKeysToKeystore(KEY_ALIAS_1, pubKey, privKey,
-                        new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN |
-                                KeyProperties.PURPOSE_VERIFY |
-                                KeyProperties.PURPOSE_ENCRYPT |
-                                KeyProperties.PURPOSE_DECRYPT)
-                          .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1,
-                                KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
-                          .setDigests(digest, mgfDigest)
-                          .setIsStrongBoxBacked(isStrongBox)
-                          .build())
-                      .getKey(KEY_ALIAS_1, null);
+            keyProtection.build()).getKey(KEY_ALIAS_1, null);
   }
 
   /**
-- 
cgit v1.2.3