Merge "Keystore 2.0 SPI: Switch to aidl union KeyParameters" am: 220d33ce2c am: 1769b6bd16
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1532513 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Iea89c2f9bc39074abd234faf8dee943cad8f65d8
This commit is contained in:
Treehugger Robot
@@ -309,7 +309,7 @@ public abstract class AndroidKeyStore3DESCipherSpi extends AndroidKeyStoreCipher
|
|||||||
if (parameters != null) {
|
if (parameters != null) {
|
||||||
for (KeyParameter p : parameters) {
|
for (KeyParameter p : parameters) {
|
||||||
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
|
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
|
||||||
returnedIv = p.blob;
|
returnedIv = p.value.getBlob();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -330,7 +330,7 @@ abstract class AndroidKeyStoreAuthenticatedAESCipherSpi extends AndroidKeyStoreC
|
|||||||
if (parameters != null) {
|
if (parameters != null) {
|
||||||
for (KeyParameter p : parameters) {
|
for (KeyParameter p : parameters) {
|
||||||
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
|
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
|
||||||
returnedIv = p.blob;
|
returnedIv = p.value.getBlob();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -366,10 +366,10 @@ public class AndroidKeyStoreProvider extends Provider {
|
|||||||
for (Authorization a : response.metadata.authorizations) {
|
for (Authorization a : response.metadata.authorizations) {
|
||||||
switch (a.keyParameter.tag) {
|
switch (a.keyParameter.tag) {
|
||||||
case KeymasterDefs.KM_TAG_ALGORITHM:
|
case KeymasterDefs.KM_TAG_ALGORITHM:
|
||||||
keymasterAlgorithm = a.keyParameter.integer;
|
keymasterAlgorithm = a.keyParameter.value.getAlgorithm();
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_DIGEST:
|
case KeymasterDefs.KM_TAG_DIGEST:
|
||||||
if (keymasterDigest == -1) keymasterDigest = a.keyParameter.integer;
|
if (keymasterDigest == -1) keymasterDigest = a.keyParameter.value.getDigest();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -102,7 +102,8 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
|||||||
insideSecureHardware =
|
insideSecureHardware =
|
||||||
KeyStore2ParameterUtils.isSecureHardware(a.securityLevel);
|
KeyStore2ParameterUtils.isSecureHardware(a.securityLevel);
|
||||||
securityLevel = a.securityLevel;
|
securityLevel = a.securityLevel;
|
||||||
origin = KeyProperties.Origin.fromKeymaster(a.keyParameter.integer);
|
origin = KeyProperties.Origin.fromKeymaster(
|
||||||
|
a.keyParameter.value.getOrigin());
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_KEY_SIZE:
|
case KeymasterDefs.KM_TAG_KEY_SIZE:
|
||||||
long keySizeUnsigned = KeyStore2ParameterUtils.getUnsignedInt(a);
|
long keySizeUnsigned = KeyStore2ParameterUtils.getUnsignedInt(a);
|
||||||
@@ -113,45 +114,51 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
|||||||
keySize = (int) keySizeUnsigned;
|
keySize = (int) keySizeUnsigned;
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_PURPOSE:
|
case KeymasterDefs.KM_TAG_PURPOSE:
|
||||||
purposes |= KeyProperties.Purpose.fromKeymaster(a.keyParameter.integer);
|
purposes |= KeyProperties.Purpose.fromKeymaster(
|
||||||
|
a.keyParameter.value.getKeyPurpose());
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_PADDING:
|
case KeymasterDefs.KM_TAG_PADDING:
|
||||||
|
int paddingMode = a.keyParameter.value.getPaddingMode();
|
||||||
try {
|
try {
|
||||||
if (a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN
|
if (paddingMode == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN
|
||||||
|| a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PSS) {
|
|| paddingMode == KeymasterDefs.KM_PAD_RSA_PSS) {
|
||||||
@KeyProperties.SignaturePaddingEnum String padding =
|
@KeyProperties.SignaturePaddingEnum String padding =
|
||||||
KeyProperties.SignaturePadding.fromKeymaster(
|
KeyProperties.SignaturePadding.fromKeymaster(
|
||||||
a.keyParameter.integer);
|
paddingMode);
|
||||||
signaturePaddingsList.add(padding);
|
signaturePaddingsList.add(padding);
|
||||||
} else {
|
} else {
|
||||||
@KeyProperties.EncryptionPaddingEnum String jcaPadding =
|
@KeyProperties.EncryptionPaddingEnum String jcaPadding =
|
||||||
KeyProperties.EncryptionPadding.fromKeymaster(
|
KeyProperties.EncryptionPadding.fromKeymaster(
|
||||||
a.keyParameter.integer);
|
paddingMode);
|
||||||
encryptionPaddingsList.add(jcaPadding);
|
encryptionPaddingsList.add(jcaPadding);
|
||||||
}
|
}
|
||||||
} catch (IllegalArgumentException e) {
|
} catch (IllegalArgumentException e) {
|
||||||
throw new ProviderException("Unsupported padding: "
|
throw new ProviderException("Unsupported padding: "
|
||||||
+ a.keyParameter.integer);
|
+ paddingMode);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_DIGEST:
|
case KeymasterDefs.KM_TAG_DIGEST:
|
||||||
digestsList.add(KeyProperties.Digest.fromKeymaster(a.keyParameter.integer));
|
digestsList.add(KeyProperties.Digest.fromKeymaster(
|
||||||
|
a.keyParameter.value.getDigest()));
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_BLOCK_MODE:
|
case KeymasterDefs.KM_TAG_BLOCK_MODE:
|
||||||
blockModesList.add(
|
blockModesList.add(
|
||||||
KeyProperties.BlockMode.fromKeymaster(a.keyParameter.integer)
|
KeyProperties.BlockMode.fromKeymaster(
|
||||||
|
a.keyParameter.value.getBlockMode())
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_USER_AUTH_TYPE:
|
case KeymasterDefs.KM_TAG_USER_AUTH_TYPE:
|
||||||
|
int authenticatorType = a.keyParameter.value.getHardwareAuthenticatorType();
|
||||||
if (KeyStore2ParameterUtils.isSecureHardware(a.securityLevel)) {
|
if (KeyStore2ParameterUtils.isSecureHardware(a.securityLevel)) {
|
||||||
keymasterHwEnforcedUserAuthenticators = a.keyParameter.integer;
|
keymasterHwEnforcedUserAuthenticators = authenticatorType;
|
||||||
} else {
|
} else {
|
||||||
keymasterSwEnforcedUserAuthenticators = a.keyParameter.integer;
|
keymasterSwEnforcedUserAuthenticators = authenticatorType;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_USER_SECURE_ID:
|
case KeymasterDefs.KM_TAG_USER_SECURE_ID:
|
||||||
keymasterSecureUserIds.add(
|
keymasterSecureUserIds.add(
|
||||||
KeymasterArguments.toUint64(a.keyParameter.longInteger));
|
KeymasterArguments.toUint64(
|
||||||
|
a.keyParameter.value.getLongInteger()));
|
||||||
break;
|
break;
|
||||||
case KeymasterDefs.KM_TAG_ACTIVE_DATETIME:
|
case KeymasterDefs.KM_TAG_ACTIVE_DATETIME:
|
||||||
keyValidityStart = KeyStore2ParameterUtils.getDate(a);
|
keyValidityStart = KeyStore2ParameterUtils.getDate(a);
|
||||||
|
|||||||
@@ -300,7 +300,7 @@ abstract class AndroidKeyStoreUnauthenticatedAESCipherSpi extends AndroidKeyStor
|
|||||||
if (parameters != null) {
|
if (parameters != null) {
|
||||||
for (KeyParameter p : parameters) {
|
for (KeyParameter p : parameters) {
|
||||||
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
|
if (p.tag == KeymasterDefs.KM_TAG_NONCE) {
|
||||||
returnedIv = p.blob;
|
returnedIv = p.value.getBlob();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -19,7 +19,9 @@ package android.security.keystore2;
|
|||||||
import android.annotation.NonNull;
|
import android.annotation.NonNull;
|
||||||
import android.hardware.biometrics.BiometricManager;
|
import android.hardware.biometrics.BiometricManager;
|
||||||
import android.hardware.security.keymint.KeyParameter;
|
import android.hardware.security.keymint.KeyParameter;
|
||||||
|
import android.hardware.security.keymint.KeyParameterValue;
|
||||||
import android.hardware.security.keymint.SecurityLevel;
|
import android.hardware.security.keymint.SecurityLevel;
|
||||||
|
import android.hardware.security.keymint.Tag;
|
||||||
import android.security.GateKeeper;
|
import android.security.GateKeeper;
|
||||||
import android.security.keymaster.KeymasterDefs;
|
import android.security.keymaster.KeymasterDefs;
|
||||||
import android.security.keystore.KeyProperties;
|
import android.security.keystore.KeyProperties;
|
||||||
@@ -50,7 +52,7 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
}
|
}
|
||||||
KeyParameter p = new KeyParameter();
|
KeyParameter p = new KeyParameter();
|
||||||
p.tag = tag;
|
p.tag = tag;
|
||||||
p.boolValue = true;
|
p.value = KeyParameterValue.boolValue(true);
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -62,14 +64,40 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
static @NonNull KeyParameter makeEnum(int tag, int v) {
|
static @NonNull KeyParameter makeEnum(int tag, int v) {
|
||||||
int type = KeymasterDefs.getTagType(tag);
|
KeyParameter kp = new KeyParameter();
|
||||||
if (type != KeymasterDefs.KM_ENUM && type != KeymasterDefs.KM_ENUM_REP) {
|
kp.tag = tag;
|
||||||
throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag);
|
switch (tag) {
|
||||||
|
case Tag.PURPOSE:
|
||||||
|
kp.value = KeyParameterValue.keyPurpose(v);
|
||||||
|
break;
|
||||||
|
case Tag.ALGORITHM:
|
||||||
|
kp.value = KeyParameterValue.algorithm(v);
|
||||||
|
break;
|
||||||
|
case Tag.BLOCK_MODE:
|
||||||
|
kp.value = KeyParameterValue.blockMode(v);
|
||||||
|
break;
|
||||||
|
case Tag.DIGEST:
|
||||||
|
kp.value = KeyParameterValue.digest(v);
|
||||||
|
break;
|
||||||
|
case Tag.EC_CURVE:
|
||||||
|
kp.value = KeyParameterValue.ecCurve(v);
|
||||||
|
break;
|
||||||
|
case Tag.ORIGIN:
|
||||||
|
kp.value = KeyParameterValue.origin(v);
|
||||||
|
break;
|
||||||
|
case Tag.PADDING:
|
||||||
|
kp.value = KeyParameterValue.paddingMode(v);
|
||||||
|
break;
|
||||||
|
case Tag.USER_AUTH_TYPE:
|
||||||
|
kp.value = KeyParameterValue.hardwareAuthenticatorType(v);
|
||||||
|
break;
|
||||||
|
case Tag.HARDWARE_TYPE:
|
||||||
|
kp.value = KeyParameterValue.securityLevel(v);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag);
|
||||||
}
|
}
|
||||||
KeyParameter p = new KeyParameter();
|
return kp;
|
||||||
p.tag = tag;
|
|
||||||
p.integer = v;
|
|
||||||
return p;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -86,7 +114,7 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
}
|
}
|
||||||
KeyParameter p = new KeyParameter();
|
KeyParameter p = new KeyParameter();
|
||||||
p.tag = tag;
|
p.tag = tag;
|
||||||
p.integer = v;
|
p.value = KeyParameterValue.integer(v);
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -104,7 +132,7 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
}
|
}
|
||||||
KeyParameter p = new KeyParameter();
|
KeyParameter p = new KeyParameter();
|
||||||
p.tag = tag;
|
p.tag = tag;
|
||||||
p.longInteger = v;
|
p.value = KeyParameterValue.longInteger(v);
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -121,7 +149,7 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
}
|
}
|
||||||
KeyParameter p = new KeyParameter();
|
KeyParameter p = new KeyParameter();
|
||||||
p.tag = tag;
|
p.tag = tag;
|
||||||
p.blob = b;
|
p.value = KeyParameterValue.blob(b);
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -138,9 +166,10 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
}
|
}
|
||||||
KeyParameter p = new KeyParameter();
|
KeyParameter p = new KeyParameter();
|
||||||
p.tag = tag;
|
p.tag = tag;
|
||||||
p.longInteger = date.getTime();
|
p.value = KeyParameterValue.dateTime(date.getTime());
|
||||||
if (p.longInteger < 0) {
|
if (p.value.getDateTime() < 0) {
|
||||||
throw new IllegalArgumentException("Date tag value out of range: " + p.longInteger);
|
throw new IllegalArgumentException("Date tag value out of range: "
|
||||||
|
+ p.value.getDateTime());
|
||||||
}
|
}
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
@@ -160,18 +189,18 @@ public abstract class KeyStore2ParameterUtils {
|
|||||||
throw new IllegalArgumentException("Not an int tag: " + param.keyParameter.tag);
|
throw new IllegalArgumentException("Not an int tag: " + param.keyParameter.tag);
|
||||||
}
|
}
|
||||||
// KM_UINT is 32 bits wide so we must suppress sign extension.
|
// KM_UINT is 32 bits wide so we must suppress sign extension.
|
||||||
return ((long) param.keyParameter.integer) & 0xffffffffL;
|
return ((long) param.keyParameter.value.getInteger()) & 0xffffffffL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static @NonNull Date getDate(@NonNull Authorization param) {
|
static @NonNull Date getDate(@NonNull Authorization param) {
|
||||||
if (KeymasterDefs.getTagType(param.keyParameter.tag) != KeymasterDefs.KM_DATE) {
|
if (KeymasterDefs.getTagType(param.keyParameter.tag) != KeymasterDefs.KM_DATE) {
|
||||||
throw new IllegalArgumentException("Not a date tag: " + param.keyParameter.tag);
|
throw new IllegalArgumentException("Not a date tag: " + param.keyParameter.tag);
|
||||||
}
|
}
|
||||||
if (param.keyParameter.longInteger < 0) {
|
if (param.keyParameter.value.getDateTime() < 0) {
|
||||||
throw new IllegalArgumentException("Date Value too large: "
|
throw new IllegalArgumentException("Date Value too large: "
|
||||||
+ param.keyParameter.longInteger);
|
+ param.keyParameter.value.getDateTime());
|
||||||
}
|
}
|
||||||
return new Date(param.keyParameter.longInteger);
|
return new Date(param.keyParameter.value.getDateTime());
|
||||||
}
|
}
|
||||||
|
|
||||||
static void forEachSetFlag(int flags, Consumer<Integer> consumer) {
|
static void forEachSetFlag(int flags, Consumer<Integer> consumer) {
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ abstract class KeyStoreCryptoOperationUtils {
|
|||||||
for (Authorization p : key.getAuthorizations()) {
|
for (Authorization p : key.getAuthorizations()) {
|
||||||
switch(p.keyParameter.tag) {
|
switch(p.keyParameter.tag) {
|
||||||
case KeymasterDefs.KM_TAG_USER_SECURE_ID:
|
case KeymasterDefs.KM_TAG_USER_SECURE_ID:
|
||||||
keySids.add(p.keyParameter.longInteger);
|
keySids.add(p.keyParameter.value.getLongInteger());
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user