Enforce IND-CPA requirement when generating asymmetric keys.

This enforces the randomized encryption requirement (IND-CPA), if requested, when generating asymmetric key pairs. Whether randomized encryption is used depends on the encryption padding modes authorized for the key pair. Thus, if randomized encryption is required, the KeyPairGenerator must reject attempts to generate keys authorized for encryption using non-compliant padding schemes. This is similar to the existing check in AndroidKeyStoreImpl during asymmetric key import. Bug: 22179911 Change-Id: I3d85367259c17bd44198a736ace853d0d3567d5e
author: Alex Klyubin <klyubin@google.com> 2015-06-29 14:39:29 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-06-29 14:39:29 -0700
commit: fdbc02a433e87da7bc730bd2e773e6d1c84d4e99 (patch)
tree: 9235f3a2dd06e9eeb55643a66f8badca81246724
parent: 82b3f67711246ad5beaf7702ce16e9d433406d1e (diff)
2 files changed, 17 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
index 3058bd37363c..459514da90ce 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -287,6 +287,22 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
                 mKeymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(spec.getBlockModes());
                 mKeymasterEncryptionPaddings = KeyProperties.EncryptionPadding.allToKeymaster(
                         spec.getEncryptionPaddings());
+                if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0)
+                        && (spec.isRandomizedEncryptionRequired())) {
+                    for (int keymasterPadding : mKeymasterEncryptionPaddings) {
+                        if (!KeymasterUtils
+                                .isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(
+                                        keymasterPadding)) {
+                            throw new InvalidAlgorithmParameterException(
+                                    "Randomized encryption (IND-CPA) required but may be violated"
+                                    + " by padding scheme: "
+                                    + KeyProperties.EncryptionPadding.fromKeymaster(
+                                            keymasterPadding)
+                                    + ". See " + KeyGenParameterSpec.class.getName()
+                                    + " documentation.");
+                        }
+                    }
+                }
                 mKeymasterSignaturePaddings = KeyProperties.SignaturePadding.allToKeymaster(
                         spec.getSignaturePaddings());
                 if (spec.isDigestsSpecified()) {
diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java
index 0006601a880f..3cd3f2acf647 100644
--- a/keystore/java/android/security/keystore/KeymasterUtils.java
+++ b/keystore/java/android/security/keystore/KeymasterUtils.java
@@ -74,7 +74,7 @@ public abstract class KeymasterUtils {
                 return true;
             default:
                 throw new IllegalArgumentException(
-                        "Unsupported encryption padding scheme: " + keymasterPadding);
+                        "Unsupported asymmetric encryption padding scheme: " + keymasterPadding);
         }
     }
author	Alex Klyubin <klyubin@google.com>	2015-06-29 14:39:29 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-06-29 14:39:29 -0700
commit	fdbc02a433e87da7bc730bd2e773e6d1c84d4e99 (patch)
tree	9235f3a2dd06e9eeb55643a66f8badca81246724
parent	82b3f67711246ad5beaf7702ce16e9d433406d1e (diff)