From 2e3aaa7dc1c40c0145e8d52422f2fb65799a3a60 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 17 Jun 2015 13:58:00 -0700
Subject: Remove unnecessary PKCS#1 authorization on legacy keys.

There is no need to authorize PKCS#1 signature padding scheme when
NONE padding scheme is authorized. NONE authorizes the use of any
padding scheme.

Bug: 18088752
Change-Id: I73ccb373d577c988acde372d972092278923c4e4
---
 .../security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java        | 5 ++---
 keystore/java/android/security/keystore/AndroidKeyStoreSpi.java      | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

(limited to 'keystore')

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
index af05578..2055cdb 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -226,9 +226,8 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
                                     | KeyProperties.PURPOSE_VERIFY);
                             // Authorized to be used with any digest (including no digest).
                             specBuilder.setDigests(KeyProperties.DIGEST_NONE);
-                            specBuilder.setSignaturePaddings(
-                                    KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
-                            // Authorized to be used with any padding (including no padding).
+                            // Authorized to be used with any encryption and signature padding
+                            // scheme (including no padding).
                             specBuilder.setEncryptionPaddings(
                                     KeyProperties.ENCRYPTION_PADDING_NONE);
                             // Disable randomized encryption requirement to support encryption
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
index 3bd9d1d..5fb589e 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
@@ -258,9 +258,8 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
                             | KeyProperties.PURPOSE_VERIFY);
             // Authorized to be used with any digest (including no digest).
             specBuilder.setDigests(KeyProperties.DIGEST_NONE);
-            specBuilder.setSignaturePaddings(
-                    KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
-            // Authorized to be used with any padding (including no padding).
+            // Authorized to be used with any encryption and signature padding scheme (including no
+            // padding).
             specBuilder.setEncryptionPaddings(
                     KeyProperties.ENCRYPTION_PADDING_NONE);
             // Disable randomized encryption requirement to support encryption padding NONE
-- 
cgit v1.1