From ab1851e9f2c40942fff243504788795aeaf89961 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Tue, 14 Dec 2021 14:32:51 +0000 Subject: Alter spec text for RSA-PSS to match reality The Key{Mint,Master} spec previously said that RSA-PSS mode should use SHA-1 for the MGF1 digest, separately from whatever Tag::DIGEST gets specified as the main digest. However, both the reference implementation and the VTS/CTS tests use BoringSSL's defaults, which is to re-use the main digest as the MGF1 digest if none is separately specified. Given that this behaviour is embedded in many implementations over several years (and given that there isn't a security implication), change the spec to match this behaviour. Also update the VTS test code to make this clear/obvious. Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest Bug: 210424594 Change-Id: I4303f28d094ef4d4b9dc931d6728b1fa040de20d Ignore-AOSP-First: target internal master first due to merge conflict --- .../aidl/android/hardware/security/keymint/IKeyMintOperation.aidl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security/keymint/aidl/android/hardware') diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl index ce83044d0e..ca8955552e 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl @@ -227,7 +227,8 @@ interface IKeyMintOperation { * o PaddingMode::RSA_PSS. For PSS-padded signature operations, the PSS salt length must match * the size of the PSS digest selected. The digest specified with Tag::DIGEST in params * on begin() must be used as the PSS digest algorithm, MGF1 must be used as the mask - * generation function and SHA1 must be used as the MGF1 digest algorithm. + * generation function and the digest specified with Tag:DIGEST in params on begin() must also + * be used as the MGF1 digest algorithm. * * -- ECDSA keys -- * -- cgit v1.2.3