Skip to content

Commit

Permalink
Unwrapping params should have SH256 and RSA_OAEP as digest and padding
Browse files Browse the repository at this point in the history
  • Loading branch information
subrahmanyaman committed Nov 1, 2022
1 parent 96b742f commit 547ab3f
Showing 1 changed file with 9 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1362,6 +1362,15 @@ private void validateWrappingKeyBlob(){
if (!KMEnumArrayTag.contains(KMType.PURPOSE, KMType.WRAP_KEY, data[HW_PARAMETERS])) {
KMException.throwIt((KMError.INCOMPATIBLE_PURPOSE));
}

// Check that the digest and padding mode specified in unwrapping parameters are SHA2_256
// and RSA_OAEP respectively.
if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[KEY_PARAMETERS])) {
KMException.throwIt(KMError.INCOMPATIBLE_DIGEST);
}
if (!KMEnumArrayTag.contains(KMType.PADDING, KMType.RSA_OAEP, data[KEY_PARAMETERS])) {
KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE);
}
}

private short decryptTransportKey(short privExp, short modulus, short transportKey, byte[] scratchPad){
Expand Down

0 comments on commit 547ab3f

Please sign in to comment.