Merge "Fix Rsa-Oaep operation begin on T+GSI build" into main

commit: 51bf3fd50340507f4b34d222d0bda90d5d7e0bb5 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Mon Jul 10 19:30:01 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Jul 10 19:30:01 2023 +0000
tree: 99f289e0ed1a9037f5dee2fc180151d8c0b77f0a
parent: ef9965e2bc6c4ba46534192d215c58a8c9837776 [diff]
parent: dde5ebaa583af372926e75a4ac495e7c78691cc1 [diff]
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
index 3bb2564..2b1515a 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java

@@ -18,6 +18,7 @@
 
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.content.pm.PackageManager;
 import android.hardware.security.keymint.KeyParameter;
 import android.security.keymaster.KeymasterDefs;
 import android.security.keystore.KeyProperties;
@@ -299,6 +300,12 @@
             return false;
         }
 
+        private static boolean hasKeyMintV2() {
+            PackageManager pm = android.app.AppGlobals.getInitialApplication().getPackageManager();
+            return pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 200)
+                    && !pm.hasSystemFeature(PackageManager.FEATURE_HARDWARE_KEYSTORE, 300);
+        }
+
         @Override
         protected final void addAlgorithmSpecificParametersToBegin(
                 @NonNull List<KeyParameter> parameters, Authorization[] keyCharacteristics) {
@@ -307,11 +314,12 @@
                     KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest
             ));
             // Only add the KM_TAG_RSA_OAEP_MGF_DIGEST tag to begin() if the MGF Digest is
-            // present in the key properties. Keys generated prior to Android 14 did not have
-            // this tag (Keystore didn't add it) so specifying any MGF digest tag would cause
-            // a begin() operation (on an Android 14 device) to fail (with a key that was generated
-            // on Android 13 or below).
-            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics)) {
+            // present in the key properties or KeyMint version is 200. Keys generated prior to
+            // Android 14 did not have this tag (Keystore didn't add it) and hence not present in
+            // imported key as well, so specifying any MGF digest tag would cause a begin()
+            // operation (on an Android 14 device) to fail (with a key that was generated on
+            // Android 13 or below).
+            if (isMgfDigestTagPresentInKeyProperties(keyCharacteristics) || hasKeyMintV2()) {
                 parameters.add(KeyStore2ParameterUtils.makeEnum(
                         KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, mKeymasterMgf1Digest
                 ));
commit	51bf3fd50340507f4b34d222d0bda90d5d7e0bb5	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Mon Jul 10 19:30:01 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Jul 10 19:30:01 2023 +0000
tree	99f289e0ed1a9037f5dee2fc180151d8c0b77f0a
parent	ef9965e2bc6c4ba46534192d215c58a8c9837776 [diff]
parent	dde5ebaa583af372926e75a4ac495e7c78691cc1 [diff]