diff options
| -rw-r--r-- | keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java index 25f5dec9de40..b4d8defd4f90 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java @@ -36,6 +36,7 @@ import android.security.keystore.KeyProtection; import android.security.keystore.SecureKeyImportUnavailableException; import android.security.keystore.WrappedKeyEntry; import android.system.keystore2.AuthenticatorSpec; +import android.system.keystore2.Authorization; import android.system.keystore2.Domain; import android.system.keystore2.IKeystoreSecurityLevel; import android.system.keystore2.KeyDescriptor; @@ -966,6 +967,32 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { authenticatorSpecs.add(authSpec); } + if (parts.length > 2) { + @KeyProperties.EncryptionPaddingEnum int padding = + KeyProperties.EncryptionPadding.toKeymaster(parts[2]); + if (padding == KeymasterDefs.KM_PAD_RSA_OAEP + && response.metadata != null + && response.metadata.authorizations != null) { + Authorization[] keyCharacteristics = response.metadata.authorizations; + + for (Authorization authorization : keyCharacteristics) { + // Add default MGF1 digest SHA-1 + // when wrapping key has KM_TAG_RSA_OAEP_MGF_DIGEST tag + if (authorization.keyParameter.tag + == KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST) { + // Default MGF1 digest is SHA-1 + // and KeyMint only supports default MGF1 digest crypto operations + // for importWrappedKey. + args.add(KeyStore2ParameterUtils.makeEnum( + KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, + KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST) + )); + break; + } + } + } + } + try { securityLevel.importWrappedKey( wrappedKey, wrappingkey, |