Merge "Add unauthenticated AES ciphers backed by AndroidKeyStore."

        String keyAlgorithmString = key.getAlgorithm();

        @KeyStoreKeyConstraints.AlgorithmEnum int keyAlgorithm;

        @KeyStoreKeyConstraints.AlgorithmEnum Integer digest;

        @KeyStoreKeyConstraints.DigestEnum Integer digest;

        try {

            keyAlgorithm =

                    KeyStoreKeyConstraints.Algorithm.fromJCASecretKeyAlgorithm(keyAlgorithmString);

        if (digest != null) {

            args.addInt(KeymasterDefs.KM_TAG_DIGEST,

                    KeyStoreKeyConstraints.Digest.toKeymaster(digest));

        }

        if (keyAlgorithm == KeyStoreKeyConstraints.Algorithm.HMAC) {

            if (digest == null) {

                throw new IllegalStateException("Digest algorithm must be specified for key"

                        + " algorithm " + keyAlgorithmString);

            }

            Integer digestOutputSizeBytes =

                    KeyStoreKeyConstraints.Digest.getOutputSizeBytes(digest);

            if (digestOutputSizeBytes != null) {

                args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, digestOutputSizeBytes);

            }

        }

        if (keyAlgorithm == KeyStoreKeyConstraints.Algorithm.HMAC) {

            if (digest == null) {

                throw new IllegalStateException("Digest algorithm must be specified for key"

                        + " algorithm " + keyAlgorithmString);

            }

        }

        @KeyStoreKeyConstraints.PurposeEnum int purposes = (params.getPurposes() != null)

                ? params.getPurposes()

        // TODO: Remove this once keymaster does not require us to specify the size of imported key.

        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keyMaterial.length * 8);

        if (((purposes & KeyStoreKeyConstraints.Purpose.ENCRYPT) != 0)

                || ((purposes & KeyStoreKeyConstraints.Purpose.DECRYPT) != 0)) {

            // Permit caller-specified IV. This is needed for the Cipher abstraction.

            args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);

        }

        Credentials.deleteAllTypesForAlias(mKeyStore, entryAlias);

        String keyAliasInKeystore = Credentials.USER_SECRET_KEY + entryAlias;

        int errorCode = mKeyStore.importKey(

        put("KeyGenerator.HmacSHA256", KeyStoreKeyGeneratorSpi.HmacSHA256.class.getName());

        // javax.crypto.Mac

        put("Mac.HmacSHA256", KeyStoreHmacSpi.HmacSHA256.class.getName());

        put("Mac.HmacSHA256 SupportedKeyClasses", KeyStoreSecretKey.class.getName());

        putMacImpl("HmacSHA256", KeyStoreHmacSpi.HmacSHA256.class.getName());

        // javax.crypto.Cipher

        putSymmetricCipherImpl("AES/ECB/NoPadding",

                KeyStoreCipherSpi.AES.ECB.NoPadding.class.getName());

        putSymmetricCipherImpl("AES/ECB/PKCS7Padding",

                KeyStoreCipherSpi.AES.ECB.PKCS7Padding.class.getName());

        putSymmetricCipherImpl("AES/CBC/NoPadding",

                KeyStoreCipherSpi.AES.CBC.NoPadding.class.getName());

        putSymmetricCipherImpl("AES/CBC/PKCS7Padding",

                KeyStoreCipherSpi.AES.CBC.PKCS7Padding.class.getName());

        putSymmetricCipherImpl("AES/CTR/NoPadding",

                KeyStoreCipherSpi.AES.CTR.NoPadding.class.getName());

    }

    private void putMacImpl(String algorithm, String implClass) {

        put("Mac." + algorithm, implClass);

        put("Mac." + algorithm + " SupportedKeyClasses", KeyStoreSecretKey.class.getName());

    }

    private void putSymmetricCipherImpl(String transformation, String implClass) {

        put("Cipher." + transformation, implClass);

        put("Cipher." + transformation + " SupportedKeyClasses", KeyStoreSecretKey.class.getName());

    }

}