Keystore 2.0: Fix diagnosing invalid key in CipherSpiBase.

Bug: 183101158 Test: atest CtsLibcoreTestCases:com.android.org.conscrypt.javax.crypto.CipherBasicsTest#testAeadEncryption Merged-In: Idc9c7dc2614a47818227a06fe76078f72c0c1f57 Change-Id: Idc9c7dc2614a47818227a06fe76078f72c0c1f57
author: Janis Danisevskis <jdanis@google.com> 2021-03-18 10:26:48 -0700
committer: Janis Danisevskis <jdanis@google.com> 2021-03-18 19:41:56 +0000
commit: 0b858aef6383995348fff68f8977e07764846478 (patch)
tree: 7426df6542aa3cf9eefefb3f9f3a88fda242606d /keystore
parent: 411f31c83b31db5e691276bc907c213aaa8017e9 (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
index 2ee952cbc5fb..d9d5300e43f9 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
@@ -123,8 +123,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             throws InvalidKeyException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 String transform = getTransform();
@@ -184,8 +185,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
@@ -213,8 +215,9 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
             SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
         resetAll();
 
-        if (!(key instanceof AndroidKeyStorePrivateKey
-                || key instanceof AndroidKeyStoreSecretKey)) {
+        // Public key operations get diverted to the default provider.
+        if (opmode == Cipher.ENCRYPT_MODE
+                && (key instanceof PrivateKey || key instanceof PublicKey)) {
             try {
                 mCipher = Cipher.getInstance(getTransform());
                 mCipher.init(opmode, key, params, random);
author	Janis Danisevskis <jdanis@google.com>	2021-03-18 10:26:48 -0700
committer	Janis Danisevskis <jdanis@google.com>	2021-03-18 19:41:56 +0000
commit	0b858aef6383995348fff68f8977e07764846478 (patch)
tree	7426df6542aa3cf9eefefb3f9f3a88fda242606d /keystore
parent	411f31c83b31db5e691276bc907c213aaa8017e9 (diff)