Revert "Keystore: Validate curve names in XDH and ED25519"

Revert submission 2517535-curve_25519_validation Reason for revert: b/322323243 Reverted changes: /q/submissionid:2517535-curve_25519_validation Change-Id: I75d731672140f827c4574ef1a23851522fa53e92
author: Graciela Putri <gracielawputri@google.com> 2024-01-25 14:55:42 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2024-01-25 14:55:42 +0000
commit: 653ac0cdc7fb5e96a73eed3066f84abf432ba22c (patch)
tree: 9688cf90bdfdb4d9318c9a2f922c2c86d7271853 /keystore
parent: 2c68aa6bc7d30124fd27a1d00508722823e1768e (diff)
download: base-653ac0cdc7fb5e96a73eed3066f84abf432ba22c.tar.gz
2 files changed, 3 insertions, 33 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index 83ddfc5cf1a1..9c05a3a768a0 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -109,29 +109,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
         }
     }
 
-    // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need
-    // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant
-    // with a value that is outside the range of the enum used for KeyMint algorithms.
-    private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200;
-    private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1;
-
     /**
-     * XDH represents Curve 25519 agreement key provider.
+     * XDH represents Curve 25519 providers.
      */
     public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
         // XDH is treated as EC.
         public XDH() {
-            super(ALGORITHM_XDH);
-        }
-    }
-
-    /**
-     * ED25519 represents Curve 25519 signing key provider.
-     */
-    public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi {
-        // ED25519 is treated as EC.
-        public ED25519() {
-            super(ALGORITHM_ED25519);
+            super(KeymasterDefs.KM_ALGORITHM_EC);
         }
     }
 
@@ -257,9 +241,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
 
             KeyGenParameterSpec spec;
             boolean encryptionAtRestRequired = false;
-            int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
-                    || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519)
-                    ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm;
+            int keymasterAlgorithm = mOriginalKeymasterAlgorithm;
             if (params instanceof KeyGenParameterSpec) {
                 spec = (KeyGenParameterSpec) params;
             } else if (params instanceof KeyPairGeneratorSpec) {
@@ -628,15 +610,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
                 if (algSpecificSpec instanceof ECGenParameterSpec) {
                     ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
                     mEcCurveName = ecSpec.getName();
-                    if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
-                            && !mEcCurveName.equalsIgnoreCase("x25519")) {
-                        throw new InvalidAlgorithmParameterException("XDH algorithm only supports"
-                                + " x25519 curve.");
-                    } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519
-                            && !mEcCurveName.equalsIgnoreCase("ed25519")) {
-                        throw new InvalidAlgorithmParameterException("Ed25519 algorithm only"
-                                + " supports ed25519 curve.");
-                    }
                     final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(
                             mEcCurveName.toLowerCase(Locale.US));
                     if (ecSpecKeySizeBits == null) {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index d204f13d4d78..11278e84ceaa 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -86,14 +86,11 @@ public class AndroidKeyStoreProvider extends Provider {
         put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
         put("KeyPairGenerator.RSA", PACKAGE_NAME +  ".AndroidKeyStoreKeyPairGeneratorSpi$RSA");
         put("KeyPairGenerator.XDH", PACKAGE_NAME +  ".AndroidKeyStoreKeyPairGeneratorSpi$XDH");
-        put("KeyPairGenerator.ED25519", PACKAGE_NAME
-                +  ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519");
 
         // java.security.KeyFactory
         putKeyFactoryImpl("EC");
         putKeyFactoryImpl("RSA");
         putKeyFactoryImpl("XDH");
-        putKeyFactoryImpl("ED25519");
 
         // javax.crypto.KeyGenerator
         put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES");
author	Graciela Putri <gracielawputri@google.com>	2024-01-25 14:55:42 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2024-01-25 14:55:42 +0000
commit	653ac0cdc7fb5e96a73eed3066f84abf432ba22c (patch)
tree	9688cf90bdfdb4d9318c9a2f922c2c86d7271853 /keystore
parent	2c68aa6bc7d30124fd27a1d00508722823e1768e (diff)
download	base-653ac0cdc7fb5e96a73eed3066f84abf432ba22c.tar.gz