Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8232452 authored by Alex Klyubin's avatar Alex Klyubin Committed by Android (Google) Code Review
Browse files

Merge "Fix Android Keystore key gen for keys requiring user auth." into mnc-dev

parents 9f6d39f8 f78dd677

keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java

+5 −1
Original line number Diff line number Diff line
@@ -624,7 +624,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato 
            int keySizeBits,

            KeyGenParameterSpec spec) {

        // Constraints:

        // 1. Key must be authorized for signing.

        // 1. Key must be authorized for signing without user authentication.

        // 2. Signature digest must be one of key's authorized digests.

        // 3. For RSA keys, the digest output size must not exceed modulus size minus space needed

        //    for RSA PKCS#1 signature padding (about 29 bytes: minimum 10 bytes of padding + 15--19
@@ -636,6 +636,10 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato 
            // Key not authorized for signing

            return null;

        }

        if (spec.isUserAuthenticationRequired()) {

            // Key not authorized for use without user authentication

            return null;

        }

        if (!spec.isDigestsSpecified()) {

            // Key not authorized for any digests -- can't sign

            return null;