summaryrefslogtreecommitdiff
path: root/keystore
diff options
context:
space:
mode:
authorAndrei Ciubotariu <aciubotariu@google.com>2023-12-01 19:28:12 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2023-12-01 19:28:12 +0000
commit58d347431a3360108f27de904eb5c5ab0ceaff0a (patch)
treed499f05ab436a69bbeba52c6c28e736deb72bc08 /keystore
parent6a04511dde93aa3923c3f61230cc127ee3878045 (diff)
parent525aadb76c456220e3e9f5c340389c691ee2bdc3 (diff)
downloadbase-58d347431a3360108f27de904eb5c5ab0ceaff0a.tar.gz
Merge "Revert "MGF1 Digest setter: Handle case of flag off"" into main am: ab71405e48 am: d7b0e0fe6c am: 525aadb76c
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2853709 Change-Id: Id240d01bd8d69c5167fac6595af0c973d42a701e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat (limited to 'keystore')
-rw-r--r--keystore/java/android/security/keystore/KeyGenParameterSpec.java6
-rw-r--r--keystore/java/android/security/keystore/KeyProtection.java6
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java17
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java21
4 files changed, 6 insertions, 44 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 4982f3732089..231fa4837441 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -618,7 +618,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
* @see #isMgf1DigestsSpecified()
*/
@NonNull
- @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)
+ @FlaggedApi("MGF1_DIGEST_SETTER")
public @KeyProperties.DigestEnum Set<String> getMgf1Digests() {
if (mMgf1Digests.isEmpty()) {
throw new IllegalStateException("Mask generation function (MGF) not specified");
@@ -633,7 +633,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
* @see #getMgf1Digests()
*/
@NonNull
- @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)
+ @FlaggedApi("MGF1_DIGEST_SETTER")
public boolean isMgf1DigestsSpecified() {
return !mMgf1Digests.isEmpty();
}
@@ -1292,7 +1292,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
* <p>See {@link KeyProperties}.{@code DIGEST} constants.
*/
@NonNull
- @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)
+ @FlaggedApi("MGF1_DIGEST_SETTER")
public Builder setMgf1Digests(@NonNull @KeyProperties.DigestEnum String... mgf1Digests) {
mMgf1Digests = Set.of(mgf1Digests);
return this;
diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java
index 7b6b2d142f95..c1e3bab5d37c 100644
--- a/keystore/java/android/security/keystore/KeyProtection.java
+++ b/keystore/java/android/security/keystore/KeyProtection.java
@@ -401,7 +401,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
* @see #isMgf1DigestsSpecified()
*/
@NonNull
- @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)
+ @FlaggedApi("MGF1_DIGEST_SETTER")
public @KeyProperties.DigestEnum Set<String> getMgf1Digests() {
if (mMgf1Digests.isEmpty()) {
throw new IllegalStateException("Mask generation function (MGF) not specified");
@@ -416,7 +416,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
* @see #getMgf1Digests()
*/
@NonNull
- @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)
+ @FlaggedApi("MGF1_DIGEST_SETTER")
public boolean isMgf1DigestsSpecified() {
return !mMgf1Digests.isEmpty();
}
@@ -799,7 +799,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
* <p>See {@link KeyProperties}.{@code DIGEST} constants.
*/
@NonNull
- @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)
+ @FlaggedApi("MGF1_DIGEST_SETTER")
public Builder setMgf1Digests(@Nullable @KeyProperties.DigestEnum String... mgf1Digests) {
mMgf1Digests = Set.of(mgf1Digests);
return this;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index 02efc2f3539d..ed4b485f3927 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -28,7 +28,6 @@ import android.hardware.security.keymint.SecurityLevel;
import android.hardware.security.keymint.Tag;
import android.os.Build;
import android.os.StrictMode;
-import android.security.Flags;
import android.security.KeyPairGeneratorSpec;
import android.security.KeyStore2;
import android.security.KeyStoreException;
@@ -854,22 +853,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, mgf1Digest
));
});
-
- /* If the MGF1 Digest setter is not set, fall back to the previous behaviour:
- * Add, as MGF1 Digest function, all the primary digests.
- * Avoid adding the default MGF1 digest as it will have been included in the
- * mKeymasterMgf1Digests field.
- */
- if (!Flags.mgf1DigestSetter()) {
- final int defaultMgf1Digest = KeyProperties.Digest.toKeymaster(
- DEFAULT_MGF1_DIGEST);
- ArrayUtils.forEach(mKeymasterDigests, (digest) -> {
- if (digest != defaultMgf1Digest) {
- params.add(KeyStore2ParameterUtils.makeEnum(
- KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, digest));
- }
- });
- }
}
});
ArrayUtils.forEach(mKeymasterSignaturePaddings, (padding) -> {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 4f65884138bd..ddbd93e458fd 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -25,7 +25,6 @@ import android.hardware.security.keymint.HardwareAuthenticatorType;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.SecurityLevel;
import android.os.StrictMode;
-import android.security.Flags;
import android.security.GateKeeper;
import android.security.KeyStore2;
import android.security.KeyStoreParameter;
@@ -538,31 +537,11 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
/* Because of default MGF1 digest is SHA-1. It has to be added in Key
* characteristics. Otherwise, crypto operations will fail with Incompatible
* MGF1 digest.
- * If the MGF1 Digest setter flag isn't set, then the condition in the
- * if clause above must be false (cannot have MGF1 digests specified if the
- * flag was off). In that case, in addition to adding the default MGF1
- * digest, we have to add all the other digests as MGF1 Digests.
- *
*/
importArgs.add(KeyStore2ParameterUtils.makeEnum(
KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST,
KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST)
));
- if (!Flags.mgf1DigestSetter()) {
- final int defaultMgf1Digest = KeyProperties.Digest.toKeymaster(
- DEFAULT_MGF1_DIGEST);
- for (String digest : spec.getDigests()) {
- int digestToAddAsMgf1Digest = KeyProperties.Digest.toKeymaster(
- digest);
- // Do not add the default MGF1 digest as it has been added above.
- if (digestToAddAsMgf1Digest != defaultMgf1Digest) {
- importArgs.add(KeyStore2ParameterUtils.makeEnum(
- KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST,
- digestToAddAsMgf1Digest
- ));
- }
- }
- }
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 17:25:18 +0000