Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 19cd93f6 authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Keystore 2.0 SPI: Fix various CTS failures. 

* Add missing purpose to HMAC operations.
* Pass correct key descriptor to wrapped key import.
* Corrected error message on Import wrapped key failure due to missing
  wrapping key.
* Do not bail out on missing attestation challenge when device
  properties are requested.
* Fix AndroidKeyStoreKey.equals(). It is sufficient to compare the
  unique key ID.

Test: Keystore CTS tests.
Change-Id: Id3b93b18486e3a818ae8e91be6344294ec592e68
parent 84da5781

keystore/java/android/security/KeyStoreSecurityLevel.java

+1 −1
Original line number Diff line number Diff line
@@ -190,7 +190,7 @@ public class KeyStoreSecurityLevel { 
        keyDescriptor.blob = wrappedKey;

        keyDescriptor.domain = wrappedKeyDescriptor.domain;



        return handleExceptions(() -> mSecurityLevel.importWrappedKey(wrappedKeyDescriptor,

        return handleExceptions(() -> mSecurityLevel.importWrappedKey(keyDescriptor,

                wrappingKeyDescriptor, maskingKey,

                args.toArray(new KeyParameter[args.size()]), authenticatorSpecs));

    }

keystore/java/android/security/keystore2/AndroidKeyStoreHmacSpi.java

+3 −0
Original line number Diff line number Diff line
@@ -163,6 +163,9 @@ public abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreC 
        }



        List<KeyParameter> parameters = new ArrayList<>();

        parameters.add(KeyStore2ParameterUtils.makeEnum(

                KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_SIGN

        ));

        parameters.add(KeyStore2ParameterUtils.makeEnum(

                KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC

        ));

keystore/java/android/security/keystore2/AndroidKeyStoreKey.java

+0 −10
Original line number Diff line number Diff line
@@ -21,7 +21,6 @@ import android.security.KeyStoreSecurityLevel; 
import android.system.keystore2.Authorization;

import android.system.keystore2.Domain;

import android.system.keystore2.KeyDescriptor;

import android.util.Log;



import java.security.Key;
@@ -127,15 +126,6 @@ public class AndroidKeyStoreKey implements Key { 
            return false;

        }



        // If the key ids are equal and the class matches all the other fields cannot differ

        // unless we have a bug.

        if (!mAlgorithm.equals(other.mAlgorithm)

                || !mAuthorizations.equals(other.mAuthorizations)

                || !mDescriptor.equals(other.mDescriptor)) {

            Log.e("AndroidKeyStoreKey", "Bug: key ids are identical, but key metadata"

                    + "differs.");

            return false;

        }

        return true;

    }

}

keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java

+2 −1
Original line number Diff line number Diff line
@@ -866,7 +866,8 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { 
        try {

            response = mKeyStore.getKeyEntry(wrappingkey);

        } catch (android.security.KeyStoreException e) {

            throw new KeyStoreException("Failed to load wrapping key.", e);

            throw new KeyStoreException("Failed to import wrapped key. Keystore error code: "

                    + e.getErrorCode(), e);

        }



        KeyDescriptor wrappedKey = makeKeyDescriptor(alias);