resolved conflicts for merge of b9a9d46c to master

Change-Id: Ibec45f0f8f9618dd7bd1b34561dccbdd9599cdeb
author: Alex Klyubin <klyubin@google.com> 2015-04-09 09:54:05 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-04-09 09:54:05 -0700
commit: b30cc6c3e87e56fc939051ff8d41442a988ff20c (patch)
tree: ef87faf6747a5fe2e0364e91964b8c6d72c57d48 /keystore/java/android/security/AndroidKeyStore.java
parent: d278a3f092f2526a28bc222b397f4dadf669b5b9 (diff)
parent: b9a9d46c776cbdc97d28b8ad61b215a494e19061 (diff)
1 files changed, 16 insertions, 5 deletions
diff --git a/keystore/java/android/security/AndroidKeyStore.java b/keystore/java/android/security/AndroidKeyStore.java
index ed690de12ec4..c5b6a68d41dc 100644
--- a/keystore/java/android/security/AndroidKeyStore.java
+++ b/keystore/java/android/security/AndroidKeyStore.java
@@ -512,12 +512,23 @@ public class AndroidKeyStore extends KeyStoreSpi {
             }
         }
 
-        int purposes = params.getPurposes();
+        @KeyStoreKeyConstraints.PurposeEnum int purposes = params.getPurposes();
+        @KeyStoreKeyConstraints.BlockModeEnum int blockModes = params.getBlockModes();
+        if (((purposes & KeyStoreKeyConstraints.Purpose.ENCRYPT) != 0)
+                && (params.isRandomizedEncryptionRequired())) {
+            @KeyStoreKeyConstraints.BlockModeEnum int incompatibleBlockModes =
+                    blockModes & ~KeyStoreKeyConstraints.BlockMode.IND_CPA_COMPATIBLE_MODES;
+            if (incompatibleBlockModes != 0) {
+                throw new KeyStoreException("Randomized encryption (IND-CPA) required but may be"
+                        + " violated by block mode(s): "
+                        + KeyStoreKeyConstraints.BlockMode.allToString(incompatibleBlockModes)
+                        + ". See KeyStoreParameter documentation.");
+            }
+        }
         for (int keymasterPurpose : KeyStoreKeyConstraints.Purpose.allToKeymaster(purposes)) {
             args.addInt(KeymasterDefs.KM_TAG_PURPOSE, keymasterPurpose);
         }
-        for (int keymasterBlockMode :
-            KeyStoreKeyConstraints.BlockMode.allToKeymaster(params.getBlockModes())) {
+        for (int keymasterBlockMode : KeyStoreKeyConstraints.BlockMode.allToKeymaster(blockModes)) {
             args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, keymasterBlockMode);
         }
         for (int keymasterPadding :
@@ -553,8 +564,8 @@ public class AndroidKeyStore extends KeyStoreSpi {
         args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keyMaterial.length * 8);
 
         if (((purposes & KeyStoreKeyConstraints.Purpose.ENCRYPT) != 0)
-                || ((purposes & KeyStoreKeyConstraints.Purpose.DECRYPT) != 0)) {
-            // Permit caller-specified IV. This is needed for the Cipher abstraction.
+                && (!params.isRandomizedEncryptionRequired())) {
+            // Permit caller-provided IV when encrypting with this key
             args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
         }
author	Alex Klyubin <klyubin@google.com>	2015-04-09 09:54:05 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-04-09 09:54:05 -0700
commit	b30cc6c3e87e56fc939051ff8d41442a988ff20c (patch)
tree	ef87faf6747a5fe2e0364e91964b8c6d72c57d48 /keystore/java/android/security/AndroidKeyStore.java
parent	d278a3f092f2526a28bc222b397f4dadf669b5b9 (diff)
parent	b9a9d46c776cbdc97d28b8ad61b215a494e19061 (diff)