diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-06-05 15:51:06 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-06-09 13:08:02 -0700 |
| commit | 3ceb1a04b44539c2b2c3afec6df487fe128911f2 (patch) | |
| tree | 142abcf7c31076ba1501159baaecc95a6a39c5c2 /keystore/java/android/security/keystore/KeymasterUtils.java | |
| parent | 3eb63dc35e7ac0335defe4f8e7b42f5dcc390b42 (diff) | |
| download | frameworks_base-3ceb1a04b44539c2b2c3afec6df487fe128911f2.zip frameworks_base-3ceb1a04b44539c2b2c3afec6df487fe128911f2.tar.gz frameworks_base-3ceb1a04b44539c2b2c3afec6df487fe128911f2.tar.bz2 | |
Switch Android Keystore key gen and import to new KeyStore API.
This makes Android Keystore's asymmetric key generation and import
use the new KeyStore API (similar to keymaster 1.0 API).
Because the resulting private keys will be used through
Conscrypt/keystore-engine which uses the old Keystore API, this CL
implements a temporary workaround where all generated and imported
keys are authorized for padding NONE and digest NONE, in addition to
padding schemes and digests requested by the user of the Android
Keystore API. This workaround is needed because keystore-engine uses
digest NONE and padding NONE for all its crypto operations.
Bug: 18088752
Bug: 20912868
Change-Id: Idc709039d091294265bd000160b5507f13825849
Diffstat (limited to 'keystore/java/android/security/keystore/KeymasterUtils.java')
| -rw-r--r-- | keystore/java/android/security/keystore/KeymasterUtils.java | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java index e7529e1..0639d49 100644 --- a/keystore/java/android/security/keystore/KeymasterUtils.java +++ b/keystore/java/android/security/keystore/KeymasterUtils.java @@ -50,7 +50,8 @@ public abstract class KeymasterUtils { } } - public static boolean isKeymasterBlockModeIndCpaCompatible(int keymasterBlockMode) { + public static boolean isKeymasterBlockModeIndCpaCompatibleWithSymmetricCrypto( + int keymasterBlockMode) { switch (keymasterBlockMode) { case KeymasterDefs.KM_MODE_ECB: return false; @@ -63,6 +64,20 @@ public abstract class KeymasterUtils { } } + public static boolean isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto( + int keymasterPadding) { + switch (keymasterPadding) { + case KeymasterDefs.KM_PAD_NONE: + return false; + case KeymasterDefs.KM_PAD_RSA_OAEP: + case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT: + return true; + default: + throw new IllegalArgumentException( + "Unsupported encryption padding scheme: " + keymasterPadding); + } + } + /** * Adds keymaster arguments to express the key's authorization policy supported by user * authentication. |