Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 05943c30 authored Jan 19, 2021 by Janis Danisevskis

Keystore 2.0 SPI: Small fix to apease CTS test.

* The Keystore SPI needs to return null if getKeyEntry is called on a
  pure certificate entry.
* Also checked the wrong purpose.

Test: Keystore CTS tests.
Change-Id: Ib668447a9ff56fc4cea550f547c6cbfea3590cb3

parent ba04ef84

keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -363,6 +363,11 @@ public class AndroidKeyStoreProvider extends Provider {
		}
		}

		if (response.iSecurityLevel == null) {
		// This seems to be a pure certificate entry, nothing to return here.
		return null;
		}

		Integer keymasterAlgorithm = null;
		// We just need one digest for the algorithm name
		int keymasterDigest = -1;

keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -490,7 +490,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		int[] keymasterEncryptionPaddings =
		KeyProperties.EncryptionPadding.allToKeymaster(
		spec.getEncryptionPaddings());
		if (((spec.getPurposes() & KeyProperties.PURPOSE_DECRYPT) != 0)
		if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0)
		&& (spec.isRandomizedEncryptionRequired())) {
		for (int keymasterPadding : keymasterEncryptionPaddings) {
		if (!KeymasterUtils