Snap for 4683893 from 4a1da2f371de41a397a019020d402b95b0d9dd7e to pi-release

Change-Id: I0b40e14a9e675c52da5e2d62e3370f1d6c4032b5

1 files changed, 20 insertions, 0 deletions

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 1b927b8..3e8783b 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -818,6 +818,16 @@ KeyStoreService::generateKey(const String16& name, const KeymasterArguments& par
     if (!error.isOk()) {
         ALOGE("Failed to generate key -> falling back to software keymaster");
         securityLevel = SecurityLevel::SOFTWARE;
+
+        // No fall back for 3DES
+        for (auto& param : params.getParameters()) {
+            auto algorithm = authorizationValue(TAG_ALGORITHM, param);
+            if (algorithm.isOk() && algorithm.value() == Algorithm::TRIPLE_DES) {
+                *aidl_return = static_cast<int32_t>(ErrorCode::UNSUPPORTED_ALGORITHM);
+                return Status::ok();
+            }
+        }
+
         auto fallback = mKeyStore->getFallbackDevice();
         if (!fallback) {
             *aidl_return = static_cast<int32_t>(error);
@@ -1031,6 +1041,16 @@ KeyStoreService::importKey(const String16& name, const KeymasterArguments& param
     if (!error.isOk()) {
         ALOGE("Failed to import key -> falling back to software keymaster");
         securityLevel = SecurityLevel::SOFTWARE;
+
+        // No fall back for 3DES
+        for (auto& param : params.getParameters()) {
+            auto algorithm = authorizationValue(TAG_ALGORITHM, param);
+            if (algorithm.isOk() && algorithm.value() == Algorithm::TRIPLE_DES) {
+                *aidl_return = static_cast<int32_t>(ErrorCode::UNSUPPORTED_ALGORITHM);
+                return Status::ok();
+            }
+        }
+
         auto fallback = mKeyStore->getFallbackDevice();
         if (!fallback) {
             *aidl_return = static_cast<int32_t>(error);