Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eed83858 authored by Eran Messeri's avatar Eran Messeri Committed by Gerrit Code Review
Browse files

Revert "Fix Rsa-Oaep operation begin on T+GSI build" 

This reverts commit dde5ebaa.

Reason for revert: Will re-introduce http://b/278157584

Even though KeyMint v2 supports the MGF_DIGEST tag, it does not include it in the key characteristics. This would not be a problem for keys generated on an Android U device with KeyMint v2 but it will be a problem on a device that was upgraded to Android U where keys were generated before the upgrade (so the MGF_DIGEST tag was not added).
Because we have no way of knowing if the MGF_DIGEST tag was specified when the key was created on KeyMint implementations older than v3, we should not add the tag on begin().

Change-Id: I7b34799b95eb2ff054ec4d090ccbd93e6442dcfe
parent dde5ebaa

keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java

+5 −13
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package android.security.keystore2; 


import android.annotation.NonNull;

import android.annotation.Nullable;

import android.content.pm.PackageManager;

import android.hardware.security.keymint.KeyParameter;

import android.security.keymaster.KeymasterDefs;

import android.security.keystore.KeyProperties;
@@ -300,12 +299,6 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase 
            return false;

        }



        private static boolean hasKeyMintV2() {

            PackageManager pm = android.app.AppGlobals.getInitialApplication().getPackageManager();

            return pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 200)

                    && !pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 300);

        }



        @Override

        protected final void addAlgorithmSpecificParametersToBegin(

                @NonNull List<KeyParameter> parameters, Authorization[] keyCharacteristics) {
@@ -314,12 +307,11 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase 
                    KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest

            ));

            // Only add the KM_TAG_RSA_OAEP_MGF_DIGEST tag to begin() if the MGF Digest is

            // present in the key properties or KeyMint version is 200. Keys generated prior to

            // Android 14 did not have this tag (Keystore didn't add it) and hence not present in

            // imported key as well, so specifying any MGF digest tag would cause a begin()

            // operation (on an Android 14 device) to fail (with a key that was generated on

            // Android 13 or below).

            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics) || hasKeyMintV2()) {

            // present in the key properties. Keys generated prior to Android 14 did not have

            // this tag (Keystore didn't add it) so specifying any MGF digest tag would cause

            // a begin() operation (on an Android 14 device) to fail (with a key that was generated

            // on Android 13 or below).

            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics)) {

                parameters.add(KeyStore2ParameterUtils.makeEnum(

                        KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, mKeymasterMgf1Digest

                ));