Revert^3 "Keystore: Validate curve names in XDH and ED25519" (86a36f2a) · Commits · e / os / android_frameworks_base

keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java

+3 −30

Original line number	Diff line number	Diff line
		@@ -109,29 +109,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		}
		}

		// For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need
		// to distinguish between Curve 25519 and other EC algorithms, so we use a different constant
		// with a value that is outside the range of the enum used for KeyMint algorithms.
		private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200;
		private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1;

		/**
		* XDH represents Curve 25519 agreement key provider.
		* XDH represents Curve 25519 providers.
		*/
		public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
		// XDH is treated as EC.
		public XDH() {
		super(ALGORITHM_XDH);
		}
		}

		/**
		* ED25519 represents Curve 25519 signing key provider.
		*/
		public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi {
		// ED25519 is treated as EC.
		public ED25519() {
		super(ALGORITHM_ED25519);
		super(KeymasterDefs.KM_ALGORITHM_EC);
		}
		}

		@@ -257,9 +241,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato

		KeyGenParameterSpec spec;
		boolean encryptionAtRestRequired = false;
		int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
		\|\| mOriginalKeymasterAlgorithm == ALGORITHM_ED25519)
		? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm;
		int keymasterAlgorithm = mOriginalKeymasterAlgorithm;
		if (params instanceof KeyGenParameterSpec) {
		spec = (KeyGenParameterSpec) params;
		} else if (params instanceof KeyPairGeneratorSpec) {
		@@ -628,15 +610,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		if (algSpecificSpec instanceof ECGenParameterSpec) {
		ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
		mEcCurveName = ecSpec.getName();
		if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
		&& !mEcCurveName.equalsIgnoreCase("x25519")) {
		throw new InvalidAlgorithmParameterException("XDH algorithm only supports"
		+ " x25519 curve.");
		} else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519
		&& !mEcCurveName.equalsIgnoreCase("ed25519")) {
		throw new InvalidAlgorithmParameterException("Ed25519 algorithm only"
		+ " supports ed25519 curve.");
		}
		final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(
		mEcCurveName.toLowerCase(Locale.US));
		if (ecSpecKeySizeBits == null) {

keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java

+0 −3

Original line number	Diff line number	Diff line
		@@ -85,14 +85,11 @@ public class AndroidKeyStoreProvider extends Provider {
		put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
		put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA");
		put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH");
		put("KeyPairGenerator.ED25519", PACKAGE_NAME
		+ ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519");

		// java.security.KeyFactory
		putKeyFactoryImpl("EC");
		putKeyFactoryImpl("RSA");
		putKeyFactoryImpl("XDH");
		putKeyFactoryImpl("ED25519");

		// javax.crypto.KeyGenerator
		put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES");