Merge "Revert "Keystore: Validate curve names in XDH and ED25519"" into main
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index 83ddfc5..9c05a3a 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -109,29 +109,13 @@
}
}
- // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need
- // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant
- // with a value that is outside the range of the enum used for KeyMint algorithms.
- private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200;
- private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1;
-
/**
- * XDH represents Curve 25519 agreement key provider.
+ * XDH represents Curve 25519 providers.
*/
public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
// XDH is treated as EC.
public XDH() {
- super(ALGORITHM_XDH);
- }
- }
-
- /**
- * ED25519 represents Curve 25519 signing key provider.
- */
- public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi {
- // ED25519 is treated as EC.
- public ED25519() {
- super(ALGORITHM_ED25519);
+ super(KeymasterDefs.KM_ALGORITHM_EC);
}
}
@@ -257,9 +241,7 @@
KeyGenParameterSpec spec;
boolean encryptionAtRestRequired = false;
- int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
- || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519)
- ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm;
+ int keymasterAlgorithm = mOriginalKeymasterAlgorithm;
if (params instanceof KeyGenParameterSpec) {
spec = (KeyGenParameterSpec) params;
} else if (params instanceof KeyPairGeneratorSpec) {
@@ -628,15 +610,6 @@
if (algSpecificSpec instanceof ECGenParameterSpec) {
ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
mEcCurveName = ecSpec.getName();
- if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
- && !mEcCurveName.equalsIgnoreCase("x25519")) {
- throw new InvalidAlgorithmParameterException("XDH algorithm only supports"
- + " x25519 curve.");
- } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519
- && !mEcCurveName.equalsIgnoreCase("ed25519")) {
- throw new InvalidAlgorithmParameterException("Ed25519 algorithm only"
- + " supports ed25519 curve.");
- }
final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(
mEcCurveName.toLowerCase(Locale.US));
if (ecSpecKeySizeBits == null) {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index d204f13..11278e8 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -86,14 +86,11 @@
put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA");
put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH");
- put("KeyPairGenerator.ED25519", PACKAGE_NAME
- + ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519");
// java.security.KeyFactory
putKeyFactoryImpl("EC");
putKeyFactoryImpl("RSA");
putKeyFactoryImpl("XDH");
- putKeyFactoryImpl("ED25519");
// javax.crypto.KeyGenerator
put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES");