Merge "Fix Rsa-Oaep operation begin on T+GSI build" into main am: 51bf3fd503 am: 5f753cfcbf am: 5abd13f53d

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2650396 Change-Id: Ifd76360f0686ae7b9511b5fd068af0eea492270f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2023-07-10 21:21:09 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-07-10 21:21:09 +0000
commit: ec473dd6b8abc8931210582bb6257401c1fc83d1 (patch)
tree: 1dfc7a1a545d364e1fe99f9036e1dc96949c4f0b
parent: cb73cb1269400cfb226c3a43adb6aa541351c97b (diff)
parent: 5abd13f53dce7a72d79f84ea21141916704da3c7 (diff)
1 files changed, 13 insertions, 5 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
index 3bb2564807b6..2b1515af9d07 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
@@ -18,6 +18,7 @@ package android.security.keystore2;
 
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.content.pm.PackageManager;
 import android.hardware.security.keymint.KeyParameter;
 import android.security.keymaster.KeymasterDefs;
 import android.security.keystore.KeyProperties;
@@ -299,6 +300,12 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase
             return false;
         }
 
+        private static boolean hasKeyMintV2() {
+            PackageManager pm = android.app.AppGlobals.getInitialApplication().getPackageManager();
+            return pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 200)
+                    && !pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 300);
+        }
+
         @Override
         protected final void addAlgorithmSpecificParametersToBegin(
                 @NonNull List<KeyParameter> parameters, Authorization[] keyCharacteristics) {
@@ -307,11 +314,12 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase
                     KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest
             ));
             // Only add the KM_TAG_RSA_OAEP_MGF_DIGEST tag to begin() if the MGF Digest is
-            // present in the key properties. Keys generated prior to Android 14 did not have
-            // this tag (Keystore didn't add it) so specifying any MGF digest tag would cause
-            // a begin() operation (on an Android 14 device) to fail (with a key that was generated
-            // on Android 13 or below).
-            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics)) {
+            // present in the key properties or KeyMint version is 200. Keys generated prior to
+            // Android 14 did not have this tag (Keystore didn't add it) and hence not present in
+            // imported key as well, so specifying any MGF digest tag would cause a begin()
+            // operation (on an Android 14 device) to fail (with a key that was generated on
+            // Android 13 or below).
+            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics) || hasKeyMintV2()) {
                 parameters.add(KeyStore2ParameterUtils.makeEnum(
                         KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, mKeymasterMgf1Digest
                 ));
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2023-07-10 21:21:09 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-07-10 21:21:09 +0000
commit	ec473dd6b8abc8931210582bb6257401c1fc83d1 (patch)
tree	1dfc7a1a545d364e1fe99f9036e1dc96949c4f0b
parent	cb73cb1269400cfb226c3a43adb6aa541351c97b (diff)
parent	5abd13f53dce7a72d79f84ea21141916704da3c7 (diff)