Keystore 2.0: Legacy support: Tweak to certificate generation.
The legacy wrapper would attempt to self sign certificates based on key
purpose and authorization requirements. But there are keys that meet
those but still fail due to impossible parameter combinations such as
PKCS 1.5 padding with no digest.
With this patch we perform a ephemeral key signature when the self
signing attempt fails so that the key generation can still commence
successfully.
This patch also adds some error logging and revisits some of the error
handling code in the legacy wrapper.
Test: atest android.keystore.cts.SignatureTest\
#testAndroidKeyStoreKeysHandledByAndroidKeyStoreProviderWhenSigning
Change-Id: I3be017636ae9fc61374e47f47a1e1fc5b266f6e2
3 files changed