Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Keystore 2.0 SPI: Switch to aidl union KeyParameters"

Browse Source
This commit is contained in:
Treehugger Robot
2020-12-21 18:10:58 +00:00
committed by Gerrit Code Review
parent 17f8ae5f7c ef3aaa2d59
commit 220d33ce2c
7 changed files with 72 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java
View File

@@ -309,7 +309,7 @@ public abstract class AndroidKeyStore3DESCipherSpi extends AndroidKeyStoreCipher
if (parameters != null) {
for (KeyParameter p : parameters) {
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
returnedIv = p.blob;
returnedIv = p.value.getBlob();
break;
}
}

2
keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java
View File

@@ -330,7 +330,7 @@ abstract class AndroidKeyStoreAuthenticatedAESCipherSpi extends AndroidKeyStoreC
if (parameters != null) {
for (KeyParameter p : parameters) {
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
returnedIv = p.blob;
returnedIv = p.value.getBlob();
break;
}
}

4
keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
View File

@@ -366,10 +366,10 @@ public class AndroidKeyStoreProvider extends Provider {
for (Authorization a : response.metadata.authorizations) {
switch (a.keyParameter.tag) {
case KeymasterDefs.KM_TAG_ALGORITHM:
keymasterAlgorithm = a.keyParameter.integer;
keymasterAlgorithm = a.keyParameter.value.getAlgorithm();
break;
case KeymasterDefs.KM_TAG_DIGEST:
if (keymasterDigest == -1) keymasterDigest = a.keyParameter.integer;
if (keymasterDigest == -1) keymasterDigest = a.keyParameter.value.getDigest();
break;
}
}

31
keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
View File

@@ -102,7 +102,8 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
insideSecureHardware =
KeyStore2ParameterUtils.isSecureHardware(a.securityLevel);
securityLevel = a.securityLevel;
origin = KeyProperties.Origin.fromKeymaster(a.keyParameter.integer);
origin = KeyProperties.Origin.fromKeymaster(
a.keyParameter.value.getOrigin());
break;
case KeymasterDefs.KM_TAG_KEY_SIZE:
long keySizeUnsigned = KeyStore2ParameterUtils.getUnsignedInt(a);
@@ -113,45 +114,51 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
keySize = (int) keySizeUnsigned;
break;
case KeymasterDefs.KM_TAG_PURPOSE:
purposes |= KeyProperties.Purpose.fromKeymaster(a.keyParameter.integer);
purposes |= KeyProperties.Purpose.fromKeymaster(
a.keyParameter.value.getKeyPurpose());
break;
case KeymasterDefs.KM_TAG_PADDING:
int paddingMode = a.keyParameter.value.getPaddingMode();
try {
if (a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN
|| a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PSS) {
if (paddingMode == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN
|| paddingMode == KeymasterDefs.KM_PAD_RSA_PSS) {
@KeyProperties.SignaturePaddingEnum String padding =
KeyProperties.SignaturePadding.fromKeymaster(
a.keyParameter.integer);
paddingMode);
signaturePaddingsList.add(padding);
} else {
@KeyProperties.EncryptionPaddingEnum String jcaPadding =
KeyProperties.EncryptionPadding.fromKeymaster(
a.keyParameter.integer);
paddingMode);
encryptionPaddingsList.add(jcaPadding);
}
} catch (IllegalArgumentException e) {
throw new ProviderException("Unsupported padding: "
+ a.keyParameter.integer);
+ paddingMode);
}
break;
case KeymasterDefs.KM_TAG_DIGEST:
digestsList.add(KeyProperties.Digest.fromKeymaster(a.keyParameter.integer));
digestsList.add(KeyProperties.Digest.fromKeymaster(
a.keyParameter.value.getDigest()));
break;
case KeymasterDefs.KM_TAG_BLOCK_MODE:
blockModesList.add(
KeyProperties.BlockMode.fromKeymaster(a.keyParameter.integer)
KeyProperties.BlockMode.fromKeymaster(
a.keyParameter.value.getBlockMode())
);
break;
case KeymasterDefs.KM_TAG_USER_AUTH_TYPE:
int authenticatorType = a.keyParameter.value.getHardwareAuthenticatorType();
if (KeyStore2ParameterUtils.isSecureHardware(a.securityLevel)) {
keymasterHwEnforcedUserAuthenticators = a.keyParameter.integer;
keymasterHwEnforcedUserAuthenticators = authenticatorType;
} else {
keymasterSwEnforcedUserAuthenticators = a.keyParameter.integer;
keymasterSwEnforcedUserAuthenticators = authenticatorType;
}
break;
case KeymasterDefs.KM_TAG_USER_SECURE_ID:
keymasterSecureUserIds.add(
KeymasterArguments.toUint64(a.keyParameter.longInteger));
KeymasterArguments.toUint64(
a.keyParameter.value.getLongInteger()));
break;
case KeymasterDefs.KM_TAG_ACTIVE_DATETIME:
keyValidityStart = KeyStore2ParameterUtils.getDate(a);

2
keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
View File

@@ -300,7 +300,7 @@ abstract class AndroidKeyStoreUnauthenticatedAESCipherSpi extends AndroidKeyStor
if (parameters != null) {
for (KeyParameter p : parameters) {
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
returnedIv = p.blob;
returnedIv = p.value.getBlob();
break;
}
}

65
keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
View File

@@ -19,7 +19,9 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.hardware.biometrics.BiometricManager;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.KeyParameterValue;
import android.hardware.security.keymint.SecurityLevel;
import android.hardware.security.keymint.Tag;
import android.security.GateKeeper;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyProperties;
@@ -50,7 +52,7 @@ public abstract class KeyStore2ParameterUtils {
}
KeyParameter p = new KeyParameter();
p.tag = tag;
p.boolValue = true;
p.value = KeyParameterValue.boolValue(true);
return p;
}
@@ -62,14 +64,40 @@ public abstract class KeyStore2ParameterUtils {
* @hide
*/
static @NonNull KeyParameter makeEnum(int tag, int v) {
int type = KeymasterDefs.getTagType(tag);
if (type != KeymasterDefs.KM_ENUM && type != KeymasterDefs.KM_ENUM_REP) {
throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag);
KeyParameter kp = new KeyParameter();
kp.tag = tag;
switch (tag) {
case Tag.PURPOSE:
kp.value = KeyParameterValue.keyPurpose(v);
break;
case Tag.ALGORITHM:
kp.value = KeyParameterValue.algorithm(v);
break;
case Tag.BLOCK_MODE:
kp.value = KeyParameterValue.blockMode(v);
break;
case Tag.DIGEST:
kp.value = KeyParameterValue.digest(v);
break;
case Tag.EC_CURVE:
kp.value = KeyParameterValue.ecCurve(v);
break;
case Tag.ORIGIN:
kp.value = KeyParameterValue.origin(v);
break;
case Tag.PADDING:
kp.value = KeyParameterValue.paddingMode(v);
break;
case Tag.USER_AUTH_TYPE:
kp.value = KeyParameterValue.hardwareAuthenticatorType(v);
break;
case Tag.HARDWARE_TYPE:
kp.value = KeyParameterValue.securityLevel(v);
break;
default:
throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag);
}
KeyParameter p = new KeyParameter();
p.tag = tag;
p.integer = v;
return p;
return kp;
}
/**
@@ -86,7 +114,7 @@ public abstract class KeyStore2ParameterUtils {
}
KeyParameter p = new KeyParameter();
p.tag = tag;
p.integer = v;
p.value = KeyParameterValue.integer(v);
return p;
}
@@ -104,7 +132,7 @@ public abstract class KeyStore2ParameterUtils {
}
KeyParameter p = new KeyParameter();
p.tag = tag;
p.longInteger = v;
p.value = KeyParameterValue.longInteger(v);
return p;
}
@@ -121,7 +149,7 @@ public abstract class KeyStore2ParameterUtils {
}
KeyParameter p = new KeyParameter();
p.tag = tag;
p.blob = b;
p.value = KeyParameterValue.blob(b);
return p;
}
@@ -138,9 +166,10 @@ public abstract class KeyStore2ParameterUtils {
}
KeyParameter p = new KeyParameter();
p.tag = tag;
p.longInteger = date.getTime();
if (p.longInteger < 0) {
throw new IllegalArgumentException("Date tag value out of range: " + p.longInteger);
p.value = KeyParameterValue.dateTime(date.getTime());
if (p.value.getDateTime() < 0) {
throw new IllegalArgumentException("Date tag value out of range: "
+ p.value.getDateTime());
}
return p;
}
@@ -160,18 +189,18 @@ public abstract class KeyStore2ParameterUtils {
throw new IllegalArgumentException("Not an int tag: " + param.keyParameter.tag);
}
// KM_UINT is 32 bits wide so we must suppress sign extension.
return ((long) param.keyParameter.integer) & 0xffffffffL;
return ((long) param.keyParameter.value.getInteger()) & 0xffffffffL;
}
static @NonNull Date getDate(@NonNull Authorization param) {
if (KeymasterDefs.getTagType(param.keyParameter.tag) != KeymasterDefs.KM_DATE) {
throw new IllegalArgumentException("Not a date tag: " + param.keyParameter.tag);
}
if (param.keyParameter.longInteger < 0) {
if (param.keyParameter.value.getDateTime() < 0) {
throw new IllegalArgumentException("Date Value too large: "
+ param.keyParameter.longInteger);
+ param.keyParameter.value.getDateTime());
}
return new Date(param.keyParameter.longInteger);
return new Date(param.keyParameter.value.getDateTime());
}
static void forEachSetFlag(int flags, Consumer<Integer> consumer) {

2
keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
View File

@@ -57,7 +57,7 @@ abstract class KeyStoreCryptoOperationUtils {
for (Authorization p : key.getAuthorizations()) {
switch(p.keyParameter.tag) {
case KeymasterDefs.KM_TAG_USER_SECURE_ID:
keySids.add(p.keyParameter.longInteger);
keySids.add(p.keyParameter.value.getLongInteger());
break;
default:
break;