Merge "Keystore 2.0: Fix diagnosing invalid key in CipherSpiBase."

author: Treehugger Robot <treehugger-gerrit@google.com> 2021-03-18 23:46:37 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2021-03-18 23:46:37 +0000
commit: be1b1d5550b1edfc63013117e3c8aafcddb929eb (patch)
tree: d2ca48e2b7480300fef01914836df75ffc0e0397
parent: e72a7b4f1bcb2cda2f54fe1eca4f77bacfad3f10 (diff)
parent: 0b858aef6383995348fff68f8977e07764846478 (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
index 2ee952cbc5fb..d9d5300e43f9 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
@@ -123,8 +123,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             throws InvalidKeyException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 String transform = getTransform();
@@ -184,8 +185,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
@@ -213,8 +215,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
author	Treehugger Robot <treehugger-gerrit@google.com>	2021-03-18 23:46:37 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2021-03-18 23:46:37 +0000
commit	be1b1d5550b1edfc63013117e3c8aafcddb929eb (patch)
tree	d2ca48e2b7480300fef01914836df75ffc0e0397
parent	e72a7b4f1bcb2cda2f54fe1eca4f77bacfad3f10 (diff)
parent	0b858aef6383995348fff68f8977e07764846478 (diff)