From 5c38e7918aea36ee8f516793d5641b05a8de710e Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Tue, 7 Jul 2015 15:39:10 -0700
Subject: Reject AlgorithmParameters of wrong type.

This makes Android Keystore Cipher implementations reject rather than
ignore AlgorithmParameters of wrong algorithm type. The danger in not
doing so is that a Cipher will produce output that does not actually
depend on the provided AlgorithmParameters.

Bug: 22330716
Change-Id: Ifa9de2c74f2fe4b738a3731c895059dddd075a13
---
 .../security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java | 6 ++++++
 .../keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi.java        | 6 ++++++
 2 files changed, 12 insertions(+)

(limited to 'keystore')

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
index 6411066..5459bea 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
@@ -129,6 +129,12 @@ abstract class AndroidKeyStoreAuthenticatedAESCipherSpi extends AndroidKeyStoreC
                 return;
             }
 
+            if (!"GCM".equalsIgnoreCase(params.getAlgorithm())) {
+                throw new InvalidAlgorithmParameterException(
+                        "Unsupported AlgorithmParameters algorithm: " + params.getAlgorithm()
+                        + ". Supported: GCM");
+            }
+
             GCMParameterSpec spec;
             try {
                 spec = params.getParameterSpec(GCMParameterSpec.class);
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
index 486519c..1f1d36f 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
@@ -197,6 +197,12 @@ class AndroidKeyStoreUnauthenticatedAESCipherSpi extends AndroidKeyStoreCipherSp
             return;
         }
 
+        if (!"AES".equalsIgnoreCase(params.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException(
+                    "Unsupported AlgorithmParameters algorithm: " + params.getAlgorithm()
+                    + ". Supported: AES");
+        }
+
         IvParameterSpec ivSpec;
         try {
             ivSpec = params.getParameterSpec(IvParameterSpec.class);
-- 
cgit v1.1