Do not add the MGF Digest tag for upgraded keys
If a key does not have the MGF_DIGEST tag in its key characteristics, do not include the MGF_DIGEST tag for it (even if the algorithm string specifies it). This fixes an issue with keys that were generated on Android 13, where the MGF_DIGEST tag was not propagated from the SPI layer. Such keys will not have the MGF_DIGEST tag and so it will not be added by the SPI layer even if the algorithm string specifies it. This maintains Android 13's (incorrect) behaviour of ignoring the MGF Digest specification, but is necessary to use those keys (otherwise KeyMint will error out on begin() due to an incompatible MGF digest specification). Bug: 278157584 Test: atest CtsKeystoreWycheproofTestCases:com.google.security.wycheproof.RsaOaepTest Merged-In: I0f1fa7983f9c771bec3196c6a617eb7044ac2e79 Change-Id: I6a4c15ca04aa78c2191d47394811ba9338ee7f0b
Loading
Please register or sign in to comment