Merge "Ensure key algorithm name of HMAC keys is preserved." into mnc-dev
diff --git a/keystore/java/android/security/AndroidKeyStore.java b/keystore/java/android/security/AndroidKeyStore.java
index 7ac236a..b834641 100644
--- a/keystore/java/android/security/AndroidKeyStore.java
+++ b/keystore/java/android/security/AndroidKeyStore.java
@@ -476,6 +476,21 @@
+ ". Key: " + keyAlgorithmString
+ ", parameter spec: " + Arrays.asList(params.getDigests()));
}
+ // When the key is read back from keystore we reconstruct the JCA key algorithm
+ // name from the KM_TAG_ALGORITHM and the first KM_TAG_DIGEST. Thus we need to
+ // ensure that the digest reflected in the JCA key algorithm name is the first
+ // KM_TAG_DIGEST tag.
+ if (keymasterDigests[0] != keymasterDigest) {
+ // The first digest is not the one implied by the JCA key algorithm name.
+ // Swap the implied digest with the first one.
+ for (int i = 0; i < keymasterDigests.length; i++) {
+ if (keymasterDigests[i] == keymasterDigest) {
+ keymasterDigests[i] = keymasterDigests[0];
+ keymasterDigests[0] = keymasterDigest;
+ break;
+ }
+ }
+ }
}
} else {
// No digest specified in parameters