Merge "Keystore 2.0 SPI: Add EC_CURVE tag on key generation." into sc-dev

import android.annotation.Nullable;

import android.app.ActivityThread;

import android.content.Context;

import android.hardware.security.keymint.EcCurve;

import android.hardware.security.keymint.KeyParameter;

import android.hardware.security.keymint.KeyPurpose;

import android.hardware.security.keymint.SecurityLevel;

            new HashMap<String, Integer>();

    private static final List<String> SUPPORTED_EC_NIST_CURVE_NAMES = new ArrayList<String>();

    private static final List<Integer> SUPPORTED_EC_NIST_CURVE_SIZES = new ArrayList<Integer>();

    static {

        // Aliases for NIST P-224

        SUPPORTED_EC_NIST_CURVE_NAME_TO_SIZE.put("p-224", 224);

        mOriginalKeymasterAlgorithm = keymasterAlgorithm;

    }

    private @EcCurve int keySize2EcCurve(int keySizeBits)

            throws InvalidAlgorithmParameterException {

        switch (keySizeBits) {

            case 224:

                return EcCurve.P_224;

            case 256:

                return EcCurve.P_256;

            case 384:

                return EcCurve.P_384;

            case 521:

                return EcCurve.P_521;

            default:

                throw new InvalidAlgorithmParameterException(

                        "Unsupported EC curve keysize: " + keySizeBits);

        }

    }

    @SuppressWarnings("deprecation")

    @Override

    public void initialize(int keysize, SecureRandom random) {

    private void initAlgorithmSpecificParameters() throws InvalidAlgorithmParameterException {

        AlgorithmParameterSpec algSpecificSpec = mSpec.getAlgorithmParameterSpec();

        switch (mKeymasterAlgorithm) {

            case KeymasterDefs.KM_ALGORITHM_RSA:

            {

            case KeymasterDefs.KM_ALGORITHM_RSA: {

                BigInteger publicExponent = null;

                if (algSpecificSpec instanceof RSAKeyGenParameterSpec) {

                    RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) algSpecificSpec;

                        || (publicExponent.compareTo(KeymasterArguments.UINT64_MAX_VALUE) > 0)) {

                    throw new InvalidAlgorithmParameterException(

                            "Unsupported RSA public exponent: " + publicExponent

                            + ". Maximum supported value: " + KeymasterArguments.UINT64_MAX_VALUE);

                                    + ". Maximum supported value: "

                                    + KeymasterArguments.UINT64_MAX_VALUE);

                }

                mRSAPublicExponent = publicExponent.longValue();

                break;

                    throw p;

            }

        } catch (UnrecoverableKeyException | IllegalArgumentException

                    | DeviceIdAttestationException e) {

                | DeviceIdAttestationException | InvalidAlgorithmParameterException e) {

            throw new ProviderException(

                    "Failed to construct key object from newly generated key pair.", e);

        } finally {

    }

    private Collection<KeyParameter> constructKeyGenerationArguments()

            throws DeviceIdAttestationException, IllegalArgumentException {

            throws DeviceIdAttestationException, IllegalArgumentException,

            InvalidAlgorithmParameterException {

        List<KeyParameter> params = new ArrayList<>();

        params.add(KeyStore2ParameterUtils.makeInt(KeymasterDefs.KM_TAG_KEY_SIZE, mKeySizeBits));

        params.add(KeyStore2ParameterUtils.makeEnum(

                KeymasterDefs.KM_TAG_ALGORITHM, mKeymasterAlgorithm

        ));

        if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_EC) {

            params.add(KeyStore2ParameterUtils.makeEnum(

                    Tag.EC_CURVE, keySize2EcCurve(mKeySizeBits)

            ));

        }

        ArrayUtils.forEach(mKeymasterPurposes, (purpose) -> {

            params.add(KeyStore2ParameterUtils.makeEnum(

                    KeymasterDefs.KM_TAG_PURPOSE, purpose

            return null;

        }

        switch (keymasterAlgorithm) {

            case KeymasterDefs.KM_ALGORITHM_EC:

            {

            case KeymasterDefs.KM_ALGORITHM_EC: {

                Set<Integer> availableKeymasterDigests = getAvailableKeymasterSignatureDigests(

                        spec.getDigests(),

                        AndroidKeyStoreBCWorkaroundProvider.getSupportedEcdsaSignatureDigests());

                return KeyProperties.Digest.fromKeymasterToSignatureAlgorithmDigest(

                        bestKeymasterDigest) + "WithECDSA";

            }

            case KeymasterDefs.KM_ALGORITHM_RSA:

            {

            case KeymasterDefs.KM_ALGORITHM_RSA: {

                // Check whether this key is authorized for PKCS#1 signature padding.

                // We use Bouncy Castle to generate self-signed RSA certificates. Bouncy Castle

                // only supports RSA certificates signed using PKCS#1 padding scheme. The key needs