Merge "Insert DEFAULT_MGF1_DIGEST SHA-1 on MGF_DIGEST tag when... (0219efd6) · Commits · e / os / android_frameworks_base

keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java

+27 −0

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@ import android.security.keystore.KeyProtection;
		import android.security.keystore.SecureKeyImportUnavailableException;
		import android.security.keystore.WrappedKeyEntry;
		import android.system.keystore2.AuthenticatorSpec;
		import android.system.keystore2.Authorization;
		import android.system.keystore2.Domain;
		import android.system.keystore2.IKeystoreSecurityLevel;
		import android.system.keystore2.KeyDescriptor;
		@@ -960,6 +961,32 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		authenticatorSpecs.add(authSpec);
		}

		if (parts.length > 2) {
		@KeyProperties.EncryptionPaddingEnum int padding =
		KeyProperties.EncryptionPadding.toKeymaster(parts[2]);
		if (padding == KeymasterDefs.KM_PAD_RSA_OAEP
		&& response.metadata != null
		&& response.metadata.authorizations != null) {
		Authorization[] keyCharacteristics = response.metadata.authorizations;

		for (Authorization authorization : keyCharacteristics) {
		// Add default MGF1 digest SHA-1
		// when wrapping key has KM_TAG_RSA_OAEP_MGF_DIGEST tag
		if (authorization.keyParameter.tag
		== KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST) {
		// Default MGF1 digest is SHA-1
		// and KeyMint only supports default MGF1 digest crypto operations
		// for importWrappedKey.
		args.add(KeyStore2ParameterUtils.makeEnum(
		KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST,
		KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST)
		));
		break;
		}
		}
		}
		}

		try {
		securityLevel.importWrappedKey(
		wrappedKey, wrappingkey,