diff options
author | Graciela Putri <gracielawputri@google.com> | 2024-01-25 14:55:42 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2024-01-25 14:55:42 +0000 |
commit | 653ac0cdc7fb5e96a73eed3066f84abf432ba22c (patch) | |
tree | 9688cf90bdfdb4d9318c9a2f922c2c86d7271853 /keystore | |
parent | 2c68aa6bc7d30124fd27a1d00508722823e1768e (diff) | |
download | base-653ac0cdc7fb5e96a73eed3066f84abf432ba22c.tar.gz |
Revert "Keystore: Validate curve names in XDH and ED25519"
Revert submission 2517535-curve_25519_validation
Reason for revert: b/322323243
Reverted changes: /q/submissionid:2517535-curve_25519_validation
Change-Id: I75d731672140f827c4574ef1a23851522fa53e92
Diffstat (limited to 'keystore')
-rw-r--r-- | keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java | 33 | ||||
-rw-r--r-- | keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java | 3 |
2 files changed, 3 insertions, 33 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java index 83ddfc5cf1a1..9c05a3a768a0 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -109,29 +109,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato } } - // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need - // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant - // with a value that is outside the range of the enum used for KeyMint algorithms. - private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200; - private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1; - /** - * XDH represents Curve 25519 agreement key provider. + * XDH represents Curve 25519 providers. */ public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi { // XDH is treated as EC. public XDH() { - super(ALGORITHM_XDH); - } - } - - /** - * ED25519 represents Curve 25519 signing key provider. - */ - public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi { - // ED25519 is treated as EC. - public ED25519() { - super(ALGORITHM_ED25519); + super(KeymasterDefs.KM_ALGORITHM_EC); } } @@ -257,9 +241,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato KeyGenParameterSpec spec; boolean encryptionAtRestRequired = false; - int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH - || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519) - ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm; + int keymasterAlgorithm = mOriginalKeymasterAlgorithm; if (params instanceof KeyGenParameterSpec) { spec = (KeyGenParameterSpec) params; } else if (params instanceof KeyPairGeneratorSpec) { @@ -628,15 +610,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato if (algSpecificSpec instanceof ECGenParameterSpec) { ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec; mEcCurveName = ecSpec.getName(); - if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH - && !mEcCurveName.equalsIgnoreCase("x25519")) { - throw new InvalidAlgorithmParameterException("XDH algorithm only supports" - + " x25519 curve."); - } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519 - && !mEcCurveName.equalsIgnoreCase("ed25519")) { - throw new InvalidAlgorithmParameterException("Ed25519 algorithm only" - + " supports ed25519 curve."); - } final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get( mEcCurveName.toLowerCase(Locale.US)); if (ecSpecKeySizeBits == null) { diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java index d204f13d4d78..11278e84ceaa 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java @@ -86,14 +86,11 @@ public class AndroidKeyStoreProvider extends Provider { put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC"); put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA"); put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH"); - put("KeyPairGenerator.ED25519", PACKAGE_NAME - + ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519"); // java.security.KeyFactory putKeyFactoryImpl("EC"); putKeyFactoryImpl("RSA"); putKeyFactoryImpl("XDH"); - putKeyFactoryImpl("ED25519"); // javax.crypto.KeyGenerator put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES"); |