commit 2de8b75821bd62c90dde78e2ca78bbddfaf7ab19
author Shawn Willden <swillden@google.com> Thu Jul 23 05:54:31 2015 -0600
committer Shawn Willden <swillden@google.com> Mon Jul 27 15:40:05 2015 -0600
tree 55e9a2d44cfaf6827a217cf9df7e795308093005
parent a9a17eeca2f5d9d3101a7e0bb136360697b6e2f0

Add all digests and padding modes to legacy keys

Bug: 22556114
Change-Id: I44fda03305ddd50cb4ba3c6f6b24cfd9c2af9659

keystore/keystore.cpp

diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index af2d301..bf1dec6 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -1912,7 +1912,7 @@
         }
 
         KeymasterArguments params;
-        addLegacyKeyAuthorizations(params.params);
+        addLegacyKeyAuthorizations(params.params, keyType);
 
         switch (keyType) {
             case EVP_PKEY_EC: {
@@ -1979,8 +1979,6 @@
 
     int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid,
             int32_t flags) {
-        KeymasterArguments params;
-        addLegacyKeyAuthorizations(params.params);
         const uint8_t* ptr = data;
 
         Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &ptr, length));
@@ -1992,6 +1990,8 @@
             return ::SYSTEM_ERROR;
         }
         int type = EVP_PKEY_type(pkey->type);
+        KeymasterArguments params;
+        addLegacyKeyAuthorizations(params.params, type);
         switch (type) {
             case EVP_PKEY_RSA:
                 params.params.push_back(keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA));
@@ -2990,13 +2990,25 @@
         return ::SYSTEM_ERROR;
     }
 
-    void addLegacyKeyAuthorizations(std::vector<keymaster_key_param_t>& params) {
+    void addLegacyKeyAuthorizations(std::vector<keymaster_key_param_t>& params, int keyType) {
         params.push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN));
         params.push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY));
         params.push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
         params.push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_DECRYPT));
         params.push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE));
+        if (keyType == EVP_PKEY_RSA) {
+            params.push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN));
+            params.push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT));
+            params.push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PSS));
+            params.push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_OAEP));
+        }
         params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE));
+        params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_MD5));
+        params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA1));
+        params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_224));
+        params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_256));
+        params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_384));
+        params.push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_512));
         params.push_back(keymaster_param_bool(KM_TAG_ALL_USERS));
         params.push_back(keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED));
         params.push_back(keymaster_param_date(KM_TAG_ORIGINATION_EXPIRE_DATETIME, LLONG_MAX));