Revert^3 "Keystore: Validate curve names in XDH and ED25519"

This reverts commit abbaa445ea424d2cb0eae3b267fee154ab03f4fe. Reason for revert: frameworks change should not have gone into 24Q2 (cherry picked from https://android-review.googlesource.com/q/commit:ad79ede464a1d95508e4f7e65a29459c77219814) Bug: 329008459 Ignore-AOSP-First: reverting incorrect merge into release branch (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3b5a6bfb75f489033c5601c965a9236fb2a64903) Merged-In: Ie9b5218a707cf3ef8cb34f5fadd68e34683a5b15 Change-Id: Ie9b5218a707cf3ef8cb34f5fadd68e34683a5b15
author: David Drysdale <drysdale@google.com> 2024-03-15 16:55:19 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2024-03-26 23:35:49 +0000
commit: d05ece78af488d74a0a6bb583648cf7f98c0c1f3 (patch)
tree: 34a8ff4e14e2d91a770828bec7351eaf37c1c711 /keystore
parent: 73a5d1b258faf786b743ff16ac49bd4202b0e3c9 (diff)
2 files changed, 3 insertions, 33 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index e6c652c14c71..bf93b8c2b027 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -109,29 +109,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
         }
     }
 
-    // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need
-    // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant
-    // with a value that is outside the range of the enum used for KeyMint algorithms.
-    private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200;
-    private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1;
-
     /**
-     * XDH represents Curve 25519 agreement key provider.
+     * XDH represents Curve 25519 providers.
      */
     public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
         // XDH is treated as EC.
         public XDH() {
-            super(ALGORITHM_XDH);
-        }
-    }
-
-    /**
-     * ED25519 represents Curve 25519 signing key provider.
-     */
-    public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi {
-        // ED25519 is treated as EC.
-        public ED25519() {
-            super(ALGORITHM_ED25519);
+            super(KeymasterDefs.KM_ALGORITHM_EC);
         }
     }
 
@@ -257,9 +241,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
 
             KeyGenParameterSpec spec;
             boolean encryptionAtRestRequired = false;
-            int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
-                    || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519)
-                    ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm;
+            int keymasterAlgorithm = mOriginalKeymasterAlgorithm;
             if (params instanceof KeyGenParameterSpec) {
                 spec = (KeyGenParameterSpec) params;
             } else if (params instanceof KeyPairGeneratorSpec) {
@@ -628,15 +610,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
                 if (algSpecificSpec instanceof ECGenParameterSpec) {
                     ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
                     mEcCurveName = ecSpec.getName();
-                    if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
-                            && !mEcCurveName.equalsIgnoreCase("x25519")) {
-                        throw new InvalidAlgorithmParameterException("XDH algorithm only supports"
-                                + " x25519 curve.");
-                    } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519
-                            && !mEcCurveName.equalsIgnoreCase("ed25519")) {
-                        throw new InvalidAlgorithmParameterException("Ed25519 algorithm only"
-                                + " supports ed25519 curve.");
-                    }
                     final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(
                             mEcCurveName.toLowerCase(Locale.US));
                     if (ecSpecKeySizeBits == null) {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index 99100de12684..228d64ae3cb3 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -85,14 +85,11 @@ public class AndroidKeyStoreProvider extends Provider {
         put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
         put("KeyPairGenerator.RSA", PACKAGE_NAME +  ".AndroidKeyStoreKeyPairGeneratorSpi$RSA");
         put("KeyPairGenerator.XDH", PACKAGE_NAME +  ".AndroidKeyStoreKeyPairGeneratorSpi$XDH");
-        put("KeyPairGenerator.ED25519", PACKAGE_NAME
-                +  ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519");
 
         // java.security.KeyFactory
         putKeyFactoryImpl("EC");
         putKeyFactoryImpl("RSA");
         putKeyFactoryImpl("XDH");
-        putKeyFactoryImpl("ED25519");
 
         // javax.crypto.KeyGenerator
         put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES");
author	David Drysdale <drysdale@google.com>	2024-03-15 16:55:19 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2024-03-26 23:35:49 +0000
commit	d05ece78af488d74a0a6bb583648cf7f98c0c1f3 (patch)
tree	34a8ff4e14e2d91a770828bec7351eaf37c1c711 /keystore
parent	73a5d1b258faf786b743ff16ac49bd4202b0e3c9 (diff)