From 05943c30a196a4a6d248d75adf4fcddee7f40411 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Tue, 19 Jan 2021 13:41:47 -0800
Subject: [PATCH] Keystore 2.0 SPI: Small fix to apease CTS test.

* The Keystore SPI needs to return null if getKeyEntry is called on a
  pure certificate entry.
* Also checked the wrong purpose.

Test: Keystore CTS tests.
Change-Id: Ib668447a9ff56fc4cea550f547c6cbfea3590cb3
---
 .../android/security/keystore2/AndroidKeyStoreProvider.java  | 5 +++++
 .../java/android/security/keystore2/AndroidKeyStoreSpi.java  | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index 164bc8669525..75ac61a22cab 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -363,6 +363,11 @@ public class AndroidKeyStoreProvider extends Provider {
             }
         }
 
+        if (response.iSecurityLevel == null) {
+            // This seems to be a pure certificate entry, nothing to return here.
+            return null;
+        }
+
         Integer keymasterAlgorithm = null;
         // We just need one digest for the algorithm name
         int keymasterDigest = -1;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 5e7f6482ebed..07169cedc1d9 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -490,7 +490,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             int[] keymasterEncryptionPaddings =
                     KeyProperties.EncryptionPadding.allToKeymaster(
                             spec.getEncryptionPaddings());
-            if (((spec.getPurposes() & KeyProperties.PURPOSE_DECRYPT) != 0)
+            if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0)
                     && (spec.isRandomizedEncryptionRequired())) {
                 for (int keymasterPadding : keymasterEncryptionPaddings) {
                     if (!KeymasterUtils
-- 
GitLab