Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_frameworks_base / d05ece78af488d74a0a6bb583648cf7f98c0c1f3^! / .
commitd05ece78af488d74a0a6bb583648cf7f98c0c1f3[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Fri Mar 15 16:55:19 2024 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Tue Mar 26 23:35:49 2024 +0000
tree34a8ff4e14e2d91a770828bec7351eaf37c1c711
parent73a5d1b258faf786b743ff16ac49bd4202b0e3c9 [diff]
Revert^3 "Keystore: Validate curve names in XDH and ED25519"

This reverts commit abbaa445ea424d2cb0eae3b267fee154ab03f4fe.

Reason for revert: frameworks change should not have gone into 24Q2
(cherry picked from https://android-review.googlesource.com/q/commit:ad79ede464a1d95508e4f7e65a29459c77219814)
Bug: 329008459

Ignore-AOSP-First: reverting incorrect merge into release branch
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3b5a6bfb75f489033c5601c965a9236fb2a64903)
Merged-In: Ie9b5218a707cf3ef8cb34f5fadd68e34683a5b15
Change-Id: Ie9b5218a707cf3ef8cb34f5fadd68e34683a5b15

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index e6c652c..bf93b8c 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java

@@ -109,29 +109,13 @@
         }
     }
 
-    // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need
-    // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant
-    // with a value that is outside the range of the enum used for KeyMint algorithms.
-    private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200;
-    private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1;
-
     /**
-     * XDH represents Curve 25519 agreement key provider.
+     * XDH represents Curve 25519 providers.
      */
     public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
         // XDH is treated as EC.
         public XDH() {
-            super(ALGORITHM_XDH);
-        }
-    }
-
-    /**
-     * ED25519 represents Curve 25519 signing key provider.
-     */
-    public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi {
-        // ED25519 is treated as EC.
-        public ED25519() {
-            super(ALGORITHM_ED25519);
+            super(KeymasterDefs.KM_ALGORITHM_EC);
         }
     }
 
@@ -257,9 +241,7 @@
 
             KeyGenParameterSpec spec;
             boolean encryptionAtRestRequired = false;
-            int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
-                    || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519)
-                    ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm;
+            int keymasterAlgorithm = mOriginalKeymasterAlgorithm;
             if (params instanceof KeyGenParameterSpec) {
                 spec = (KeyGenParameterSpec) params;
             } else if (params instanceof KeyPairGeneratorSpec) {
@@ -628,15 +610,6 @@
                 if (algSpecificSpec instanceof ECGenParameterSpec) {
                     ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
                     mEcCurveName = ecSpec.getName();
-                    if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
-                            && !mEcCurveName.equalsIgnoreCase("x25519")) {
-                        throw new InvalidAlgorithmParameterException("XDH algorithm only supports"
-                                + " x25519 curve.");
-                    } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519
-                            && !mEcCurveName.equalsIgnoreCase("ed25519")) {
-                        throw new InvalidAlgorithmParameterException("Ed25519 algorithm only"
-                                + " supports ed25519 curve.");
-                    }
                     final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(
                             mEcCurveName.toLowerCase(Locale.US));
                     if (ecSpecKeySizeBits == null) {

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index 99100de..228d64a 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java

@@ -85,14 +85,11 @@
         put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
         put("KeyPairGenerator.RSA", PACKAGE_NAME +  ".AndroidKeyStoreKeyPairGeneratorSpi$RSA");
         put("KeyPairGenerator.XDH", PACKAGE_NAME +  ".AndroidKeyStoreKeyPairGeneratorSpi$XDH");
-        put("KeyPairGenerator.ED25519", PACKAGE_NAME
-                +  ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519");
 
         // java.security.KeyFactory
         putKeyFactoryImpl("EC");
         putKeyFactoryImpl("RSA");
         putKeyFactoryImpl("XDH");
-        putKeyFactoryImpl("ED25519");
 
         // javax.crypto.KeyGenerator
         put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES");