Merge "Insert DEFAULT_MGF1_DIGEST SHA-1 on MGF_DIGEST tag when ImportWrappedKey" into main am: 944f53581a am: 0219efd6b9 am: 79e7a132a3

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2640452 Change-Id: I09cafbba4c3040e51ae523ab90394d50a15d65cc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Bart Jarochowski <bpj@google.com> 2023-08-14 05:59:49 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-08-14 05:59:49 +0000
commit: 906aa2446436050f0ee999cbf1fc9d590b738570 (patch)
tree: 1cb64d12037223de7bc350754634733af03a7bb9
parent: 655b738d18c69e4c21ac99c36268b85581a1d733 (diff)
parent: 79e7a132a3d1b323d0a6b9cf2c9814f90fb0dfee (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 25f5dec9de40..b4d8defd4f90 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -36,6 +36,7 @@ import android.security.keystore.KeyProtection;
 import android.security.keystore.SecureKeyImportUnavailableException;
 import android.security.keystore.WrappedKeyEntry;
 import android.system.keystore2.AuthenticatorSpec;
+import android.system.keystore2.Authorization;
 import android.system.keystore2.Domain;
 import android.system.keystore2.IKeystoreSecurityLevel;
 import android.system.keystore2.KeyDescriptor;
@@ -966,6 +967,32 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             authenticatorSpecs.add(authSpec);
         }
 
+        if (parts.length > 2) {
+            @KeyProperties.EncryptionPaddingEnum int padding =
+                    KeyProperties.EncryptionPadding.toKeymaster(parts[2]);
+            if (padding == KeymasterDefs.KM_PAD_RSA_OAEP
+                    && response.metadata != null
+                    && response.metadata.authorizations != null) {
+                Authorization[] keyCharacteristics = response.metadata.authorizations;
+
+                for (Authorization authorization : keyCharacteristics) {
+                    // Add default MGF1 digest SHA-1
+                    // when wrapping key has KM_TAG_RSA_OAEP_MGF_DIGEST tag
+                    if (authorization.keyParameter.tag
+                            == KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST) {
+                        // Default MGF1 digest is SHA-1
+                        // and KeyMint only supports default MGF1 digest crypto operations
+                        // for importWrappedKey.
+                        args.add(KeyStore2ParameterUtils.makeEnum(
+                                KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST,
+                                KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST)
+                        ));
+                        break;
+                    }
+                }
+            }
+        }
+
         try {
             securityLevel.importWrappedKey(
                     wrappedKey, wrappingkey,
author	Bart Jarochowski <bpj@google.com>	2023-08-14 05:59:49 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-08-14 05:59:49 +0000
commit	906aa2446436050f0ee999cbf1fc9d590b738570 (patch)
tree	1cb64d12037223de7bc350754634733af03a7bb9
parent	655b738d18c69e4c21ac99c36268b85581a1d733 (diff)
parent	79e7a132a3d1b323d0a6b9cf2c9814f90fb0dfee (diff)