From fdbc02a433e87da7bc730bd2e773e6d1c84d4e99 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Mon, 29 Jun 2015 14:39:29 -0700
Subject: Enforce IND-CPA requirement when generating asymmetric keys.

This enforces the randomized encryption requirement (IND-CPA), if
requested, when generating asymmetric key pairs. Whether randomized
encryption is used depends on the encryption padding modes authorized
for the key pair. Thus, if randomized encryption is required, the
KeyPairGenerator must reject attempts to generate keys authorized for
encryption using non-compliant padding schemes.

This is similar to the existing check in AndroidKeyStoreImpl during
asymmetric key import.

Bug: 22179911
Change-Id: I3d85367259c17bd44198a736ace853d0d3567d5e
---
 .../keystore/AndroidKeyStoreKeyPairGeneratorSpi.java     | 16 ++++++++++++++++
 .../java/android/security/keystore/KeymasterUtils.java   |  2 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

(limited to 'keystore')

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
index 3058bd3..459514d 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -287,6 +287,22 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
                 mKeymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(spec.getBlockModes());
                 mKeymasterEncryptionPaddings = KeyProperties.EncryptionPadding.allToKeymaster(
                         spec.getEncryptionPaddings());
+                if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0)
+                        && (spec.isRandomizedEncryptionRequired())) {
+                    for (int keymasterPadding : mKeymasterEncryptionPaddings) {
+                        if (!KeymasterUtils
+                                .isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(
+                                        keymasterPadding)) {
+                            throw new InvalidAlgorithmParameterException(
+                                    "Randomized encryption (IND-CPA) required but may be violated"
+                                    + " by padding scheme: "
+                                    + KeyProperties.EncryptionPadding.fromKeymaster(
+                                            keymasterPadding)
+                                    + ". See " + KeyGenParameterSpec.class.getName()
+                                    + " documentation.");
+                        }
+                    }
+                }
                 mKeymasterSignaturePaddings = KeyProperties.SignaturePadding.allToKeymaster(
                         spec.getSignaturePaddings());
                 if (spec.isDigestsSpecified()) {
diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java
index 0006601..3cd3f2a 100644
--- a/keystore/java/android/security/keystore/KeymasterUtils.java
+++ b/keystore/java/android/security/keystore/KeymasterUtils.java
@@ -74,7 +74,7 @@ public abstract class KeymasterUtils {
                 return true;
             default:
                 throw new IllegalArgumentException(
-                        "Unsupported encryption padding scheme: " + keymasterPadding);
+                        "Unsupported asymmetric encryption padding scheme: " + keymasterPadding);
         }
     }
 
-- 
cgit v1.1