Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64868fce authored by Eran Messeri's avatar Eran Messeri Committed by Gerrit Code Review
Browse files

Merge "Revert "Fix Rsa-Oaep operation begin on T+GSI build"" into main

parents f761d414 eed83858

keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java

+5 −13
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package android.security.keystore2; 


import android.annotation.NonNull;

import android.annotation.Nullable;

import android.content.pm.PackageManager;

import android.hardware.security.keymint.KeyParameter;

import android.security.keymaster.KeymasterDefs;

import android.security.keystore.KeyProperties;
@@ -300,12 +299,6 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase 
            return false;

        }



        private static boolean hasKeyMintV2() {

            PackageManager pm = android.app.AppGlobals.getInitialApplication().getPackageManager();

            return pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 200)

                    && !pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 300);

        }



        @Override

        protected final void addAlgorithmSpecificParametersToBegin(

                @NonNull List<KeyParameter> parameters, Authorization[] keyCharacteristics) {
@@ -314,12 +307,11 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase 
                    KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest

            ));

            // Only add the KM_TAG_RSA_OAEP_MGF_DIGEST tag to begin() if the MGF Digest is

            // present in the key properties or KeyMint version is 200. Keys generated prior to

            // Android 14 did not have this tag (Keystore didn't add it) and hence not present in

            // imported key as well, so specifying any MGF digest tag would cause a begin()

            // operation (on an Android 14 device) to fail (with a key that was generated on

            // Android 13 or below).

            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics) || hasKeyMintV2()) {

            // present in the key properties. Keys generated prior to Android 14 did not have

            // this tag (Keystore didn't add it) so specifying any MGF digest tag would cause

            // a begin() operation (on an Android 14 device) to fail (with a key that was generated

            // on Android 13 or below).

            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics)) {

                parameters.add(KeyStore2ParameterUtils.makeEnum(

                        KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, mKeymasterMgf1Digest

                ));