commit bfd9ed7f5c50cdfa310cb0f21c7706e99b780738
author Shawn Willden <swillden@google.com> Thu Jun 11 10:51:12 2015 -0600
committer Shawn Willden <swillden@google.com> Thu Jun 11 11:03:58 2015 -0600
tree eb8e3cd860438224c699620f8240f0bc4ec02ba0
parent 466cca5f2dbdfcbedc4b247af8a77c6cde2baf63

Make KM_PAD_NONE and KM_DIGEST_NONE mean any padding or digest.

Bug: 21777596
Change-Id: I3574156902c8e28b42f36462a9aef3f11ce938d3

android_keymaster_test.cpp

diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 0f7beea..2b4f5db 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp
@@ -460,6 +460,19 @@
         EXPECT_EQ(3, GetParam()->keymaster0_calls());
 }
 
+TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
+    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
+                                           .RsaSigningKey(512, 3)
+                                           .Digest(KM_DIGEST_NONE)
+                                           .Padding(KM_PAD_NONE)));
+    string message = "12345678901234567890123456789012";
+    string signature;
+    SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
+
+    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
+        EXPECT_EQ(3, GetParam()->keymaster0_calls());
+}
+
 TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
                                            .RsaSigningKey(512, 3)

operation.cpp

diff --git a/operation.cpp b/operation.cpp
index c7f0ff8..de030a0 100644
--- a/operation.cpp
+++ b/operation.cpp
@@ -59,8 +59,13 @@
     } else if (!supported(*padding)) {
         LOG_E("Padding mode %d not supported", *padding);
         return false;
-    } else if (!key.authorizations().Contains(TAG_PADDING, *padding) &&
-               !key.authorizations().Contains(TAG_PADDING_OLD, *padding)) {
+    } else if (
+        // If key contains KM_PAD_NONE, all padding modes are authorized.
+        !key.authorizations().Contains(TAG_PADDING, KM_PAD_NONE) &&
+        !key.authorizations().Contains(TAG_PADDING_OLD, KM_PAD_NONE) &&
+        // Otherwise the key needs to authorize the specific mode.
+        !key.authorizations().Contains(TAG_PADDING, *padding) &&
+        !key.authorizations().Contains(TAG_PADDING_OLD, *padding)) {
         LOG_E("Padding mode %d was specified, but not authorized by key", *padding);
         *error = KM_ERROR_INCOMPATIBLE_PADDING_MODE;
         return false;
@@ -80,8 +85,13 @@
     } else if (!supported(*digest)) {
         LOG_E("Digest %d not supported", *digest);
         return false;
-    } else if (!key.authorizations().Contains(TAG_DIGEST, *digest) &&
-               !key.authorizations().Contains(TAG_DIGEST_OLD, *digest)) {
+    } else if (
+        // If key contains KM_DIGEST_NONE, all digests are authorized.
+        !key.authorizations().Contains(TAG_DIGEST, KM_DIGEST_NONE) &&
+        !key.authorizations().Contains(TAG_DIGEST_OLD, KM_DIGEST_NONE) &&
+        // Otherwise the key needs to authorize the specific digest.
+        !key.authorizations().Contains(TAG_DIGEST, *digest) &&
+        !key.authorizations().Contains(TAG_DIGEST_OLD, *digest)) {
         LOG_E("Digest %d was specified, but not authorized by key", *digest);
         *error = KM_ERROR_INCOMPATIBLE_DIGEST;
         return false;

rsa_operation.cpp

diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index fac3ae7..edbaa9e 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp
@@ -214,6 +214,8 @@
         }
         if (EVP_MD_size(digest_algorithm_) + PSS_OVERHEAD + MIN_SALT_SIZE >
             (size_t)EVP_PKEY_size(rsa_key_)) {
+            LOG_E("%d-byte digest cannot be used with %d-byte RSA key in PSS padding mode",
+                  EVP_MD_size(digest_algorithm_), EVP_PKEY_size(rsa_key_));
             *error = KM_ERROR_INCOMPATIBLE_DIGEST;
             return -1;
         }