Merge "Insert DEFAULT_MGF1_DIGEST SHA-1 on MGF_DIGEST tag when ImportWrappedKey" into main am: 944f53581a am: 0219efd6b9

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2640452 Change-Id: I4199bcd6c7bfdbbeb025fd2bef0fdfcd32a8a95f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Bart Jarochowski <bpj@google.com> 2023-08-14 05:15:57 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-08-14 05:15:57 +0000
commit: 79e7a132a3d1b323d0a6b9cf2c9814f90fb0dfee (patch)
tree: a19cf29d23c9a32f8764c55d1419d8509e66aa68
parent: 8ea2d77a28374396cc21b2bb8c72e2b364563fe1 (diff)
parent: 0219efd6b9f6581e54c454d19d179a95c36d493e (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 25f5dec9de40..b4d8defd4f90 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -36,6 +36,7 @@ import android.security.keystore.KeyProtection;
 import android.security.keystore.SecureKeyImportUnavailableException;
 import android.security.keystore.WrappedKeyEntry;
 import android.system.keystore2.AuthenticatorSpec;
+import android.system.keystore2.Authorization;
 import android.system.keystore2.Domain;
 import android.system.keystore2.IKeystoreSecurityLevel;
 import android.system.keystore2.KeyDescriptor;
@@ -966,6 +967,32 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             authenticatorSpecs.add(authSpec);
         }
 
+        if (parts.length > 2) {
+            @KeyProperties.EncryptionPaddingEnum int padding =
+                    KeyProperties.EncryptionPadding.toKeymaster(parts[2]);
+            if (padding == KeymasterDefs.KM_PAD_RSA_OAEP
+                    && response.metadata != null
+                    && response.metadata.authorizations != null) {
+                Authorization[] keyCharacteristics = response.metadata.authorizations;
+
+                for (Authorization authorization : keyCharacteristics) {
+                    // Add default MGF1 digest SHA-1
+                    // when wrapping key has KM_TAG_RSA_OAEP_MGF_DIGEST tag
+                    if (authorization.keyParameter.tag
+                            == KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST) {
+                        // Default MGF1 digest is SHA-1
+                        // and KeyMint only supports default MGF1 digest crypto operations
+                        // for importWrappedKey.
+                        args.add(KeyStore2ParameterUtils.makeEnum(
+                                KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST,
+                                KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST)
+                        ));
+                        break;
+                    }
+                }
+            }
+        }
+
         try {
             securityLevel.importWrappedKey(
                     wrappedKey, wrappingkey,
author	Bart Jarochowski <bpj@google.com>	2023-08-14 05:15:57 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-08-14 05:15:57 +0000
commit	79e7a132a3d1b323d0a6b9cf2c9814f90fb0dfee (patch)
tree	a19cf29d23c9a32f8764c55d1419d8509e66aa68
parent	8ea2d77a28374396cc21b2bb8c72e2b364563fe1 (diff)
parent	0219efd6b9f6581e54c454d19d179a95c36d493e (diff)