Keystore 2.0: Fix diagnosing invalid key in CipherSpiBase.

Bug: 183101158 Test: atest CtsLibcoreTestCases:com.android.org.conscrypt.javax.crypto.CipherBasicsTest#testAeadEncryption Change-Id: Idc9c7dc2614a47818227a06fe76078f72c0c1f57
author: Janis Danisevskis <jdanis@google.com> 2021-03-18 10:26:48 -0700
committer: Janis Danisevskis <jdanis@google.com> 2021-03-18 12:28:45 -0700
commit: a1963a9b64791733ae99edf0fe308052c5c73ff0 (patch)
tree: d7c954dfecb063f97b589564664e98d129a7d6f0
parent: df786ca150b47170af6c30019a913def8ccbe15e (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
index 2ee952cbc5fb..d9d5300e43f9 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
@@ -123,8 +123,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             throws InvalidKeyException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 String transform = getTransform();
@@ -184,8 +185,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
@@ -213,8 +215,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
author	Janis Danisevskis <jdanis@google.com>	2021-03-18 10:26:48 -0700
committer	Janis Danisevskis <jdanis@google.com>	2021-03-18 12:28:45 -0700
commit	a1963a9b64791733ae99edf0fe308052c5c73ff0 (patch)
tree	d7c954dfecb063f97b589564664e98d129a7d6f0
parent	df786ca150b47170af6c30019a913def8ccbe15e (diff)