Merge "Keystore 2.0: Fix diagnosing invalid key in CipherSpiBase." into sc-dev

author: Janis Danisevskis <jdanis@google.com> 2021-03-18 20:19:21 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2021-03-18 20:19:21 +0000
commit: cb21ecbd7de5167ad58fa21472cc01719045560b (patch)
tree: 6b083049eb22b53ea3f16e854985fb1485d1727b
parent: 1c3fef7596b919b717815955da4d7ae08b626905 (diff)
parent: a1963a9b64791733ae99edf0fe308052c5c73ff0 (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
index 2ee952cbc5fb..d9d5300e43f9 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
@@ -123,8 +123,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             throws InvalidKeyException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 String transform = getTransform();
@@ -184,8 +185,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
@@ -213,8 +215,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
author	Janis Danisevskis <jdanis@google.com>	2021-03-18 20:19:21 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2021-03-18 20:19:21 +0000
commit	cb21ecbd7de5167ad58fa21472cc01719045560b (patch)
tree	6b083049eb22b53ea3f16e854985fb1485d1727b
parent	1c3fef7596b919b717815955da4d7ae08b626905 (diff)
parent	a1963a9b64791733ae99edf0fe308052c5c73ff0 (diff)