Snap for 4683893 from 4a1da2f371de41a397a019020d402b95b0d9dd7e to pi-release
Change-Id: I0b40e14a9e675c52da5e2d62e3370f1d6c4032b5
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 1b927b8..3e8783b 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -818,6 +818,16 @@
if (!error.isOk()) {
ALOGE("Failed to generate key -> falling back to software keymaster");
securityLevel = SecurityLevel::SOFTWARE;
+
+ // No fall back for 3DES
+ for (auto& param : params.getParameters()) {
+ auto algorithm = authorizationValue(TAG_ALGORITHM, param);
+ if (algorithm.isOk() && algorithm.value() == Algorithm::TRIPLE_DES) {
+ *aidl_return = static_cast<int32_t>(ErrorCode::UNSUPPORTED_ALGORITHM);
+ return Status::ok();
+ }
+ }
+
auto fallback = mKeyStore->getFallbackDevice();
if (!fallback) {
*aidl_return = static_cast<int32_t>(error);
@@ -1031,6 +1041,16 @@
if (!error.isOk()) {
ALOGE("Failed to import key -> falling back to software keymaster");
securityLevel = SecurityLevel::SOFTWARE;
+
+ // No fall back for 3DES
+ for (auto& param : params.getParameters()) {
+ auto algorithm = authorizationValue(TAG_ALGORITHM, param);
+ if (algorithm.isOk() && algorithm.value() == Algorithm::TRIPLE_DES) {
+ *aidl_return = static_cast<int32_t>(ErrorCode::UNSUPPORTED_ALGORITHM);
+ return Status::ok();
+ }
+ }
+
auto fallback = mKeyStore->getFallbackDevice();
if (!fallback) {
*aidl_return = static_cast<int32_t>(error);