From 83a86c5ce4c04c6e885b08dbdf4a07a18371a3e5 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 6 May 2015 11:11:45 -0700
Subject: Always mix in additional entropy into keymaster.

This makes AndroidKeyStore Cipher and KeyGenerator implementations mix
in additional entropy into keymaster's RNG regardless of whether they
were provided with a SecureRandom instance.

In practice, they are always provided with a SecureRandom instance.
However, to be safe, when no SecureRandom instance is provided the
code now uses a platform-default SecureRandom implementation.

Bug: 18088752
Change-Id: I85bca30d7bdc82c2a342094dcbe6044e48a63dca
---
 keystore/java/android/security/KeyStoreKeyGeneratorSpi.java | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'keystore/java/android/security/KeyStoreKeyGeneratorSpi.java')

diff --git a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
index 68b5751..4f6172e 100644
--- a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
@@ -174,12 +174,9 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
             args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
         }
 
-        byte[] additionalEntropy = null;
-        SecureRandom rng = mRng;
-        if (rng != null) {
-            additionalEntropy = new byte[(keySizeBits + 7) / 8];
-            rng.nextBytes(additionalEntropy);
-        }
+        byte[] additionalEntropy =
+                KeyStoreCryptoOperationUtils.getRandomBytesToMixIntoKeystoreRng(
+                        mRng, (keySizeBits + 7) / 8);
 
         int flags = spec.getFlags();
         String keyAliasInKeystore = Credentials.USER_SECRET_KEY + spec.getKeystoreAlias();
-- 
cgit v1.1