am dbd9a4b6: Merge "Allow entropy to be provided to some operations"
* commit 'dbd9a4b651aed25a50976ca0a68a979cc3f299fa': Allow entropy to be provided to some operations
This commit is contained in:
Chad Brubaker
@@ -60,8 +60,8 @@ interface IKeystoreService {
|
||||
|
||||
// Keymaster 0.4 methods
|
||||
int addRngEntropy(in byte[] data);
|
||||
int generateKey(String alias, in KeymasterArguments arguments, int uid, int flags,
|
||||
out KeyCharacteristics characteristics);
|
||||
int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid,
|
||||
int flags, out KeyCharacteristics characteristics);
|
||||
int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId,
|
||||
out KeyCharacteristics characteristics);
|
||||
int importKey(String alias, in KeymasterArguments arguments, int format,
|
||||
@@ -69,7 +69,7 @@ interface IKeystoreService {
|
||||
ExportResult exportKey(String alias, int format, in KeymasterBlob clientId,
|
||||
in KeymasterBlob appId);
|
||||
OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
|
||||
in KeymasterArguments params, out KeymasterArguments operationParams);
|
||||
in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams);
|
||||
OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
|
||||
OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature);
|
||||
int abort(IBinder handle);
|
||||
|
||||
@@ -389,19 +389,19 @@ public class KeyStore {
|
||||
}
|
||||
}
|
||||
|
||||
public int generateKey(String alias, KeymasterArguments args, int uid, int flags,
|
||||
KeyCharacteristics outCharacteristics) {
|
||||
public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int uid,
|
||||
int flags, KeyCharacteristics outCharacteristics) {
|
||||
try {
|
||||
return mBinder.generateKey(alias, args, uid, flags, outCharacteristics);
|
||||
return mBinder.generateKey(alias, args, entropy, uid, flags, outCharacteristics);
|
||||
} catch (RemoteException e) {
|
||||
Log.w(TAG, "Cannot connect to keystore", e);
|
||||
return SYSTEM_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
public int generateKey(String alias, KeymasterArguments args, int flags,
|
||||
public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int flags,
|
||||
KeyCharacteristics outCharacteristics) {
|
||||
return generateKey(alias, args, UID_SELF, flags, outCharacteristics);
|
||||
return generateKey(alias, args, entropy, UID_SELF, flags, outCharacteristics);
|
||||
}
|
||||
|
||||
public int getKeyCharacteristics(String alias, KeymasterBlob clientId, KeymasterBlob appId,
|
||||
@@ -441,9 +441,9 @@ public class KeyStore {
|
||||
}
|
||||
|
||||
public OperationResult begin(String alias, int purpose, boolean pruneable,
|
||||
KeymasterArguments args, KeymasterArguments outArgs) {
|
||||
KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) {
|
||||
try {
|
||||
return mBinder.begin(getToken(), alias, purpose, pruneable, args, outArgs);
|
||||
return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs);
|
||||
} catch (RemoteException e) {
|
||||
Log.w(TAG, "Cannot connect to keystore", e);
|
||||
return null;
|
||||
|
||||
@@ -717,7 +717,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
|
||||
RSAKeyGenParameterSpec.F4.longValue());
|
||||
|
||||
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
|
||||
int result = mKeyStore.generateKey(name, args, 0, outCharacteristics);
|
||||
int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
|
||||
assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
|
||||
return outCharacteristics;
|
||||
}
|
||||
@@ -726,6 +726,24 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
|
||||
generateRsaKey("test");
|
||||
mKeyStore.delete("test");
|
||||
}
|
||||
|
||||
public void testGenerateRsaWithEntropy() throws Exception {
|
||||
byte[] entropy = new byte[] {1,2,3,4,5};
|
||||
String name = "test";
|
||||
KeymasterArguments args = new KeymasterArguments();
|
||||
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
|
||||
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
|
||||
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
|
||||
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
|
||||
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
|
||||
args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
|
||||
RSAKeyGenParameterSpec.F4.longValue());
|
||||
|
||||
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
|
||||
int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics);
|
||||
assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result);
|
||||
}
|
||||
|
||||
public void testGenerateAndDelete() throws Exception {
|
||||
generateRsaKey("test");
|
||||
assertTrue("delete should succeed", mKeyStore.delete("test"));
|
||||
@@ -756,7 +774,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
|
||||
RSAKeyGenParameterSpec.F4.longValue());
|
||||
|
||||
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
|
||||
int result = mKeyStore.generateKey(name, args, 0, outCharacteristics);
|
||||
int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
|
||||
assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
|
||||
assertEquals("getKeyCharacteristics should fail without application ID",
|
||||
KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB,
|
||||
@@ -790,13 +808,13 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
|
||||
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
|
||||
|
||||
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
|
||||
int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics);
|
||||
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
|
||||
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
|
||||
|
||||
KeymasterArguments out = new KeymasterArguments();
|
||||
args = new KeymasterArguments();
|
||||
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
|
||||
true, args, out);
|
||||
true, args, null, out);
|
||||
IBinder token = result.token;
|
||||
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
|
||||
result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});
|
||||
@@ -826,7 +844,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
|
||||
private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) {
|
||||
KeymasterArguments out = new KeymasterArguments();
|
||||
OperationResult result = mKeyStore.begin(name, purpose,
|
||||
true, beginArgs, out);
|
||||
true, beginArgs, null, out);
|
||||
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
|
||||
IBinder token = result.token;
|
||||
result = mKeyStore.update(token, null, in);
|
||||
@@ -885,18 +903,19 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
|
||||
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
|
||||
|
||||
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
|
||||
int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics);
|
||||
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
|
||||
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
|
||||
|
||||
KeymasterArguments out = new KeymasterArguments();
|
||||
args = new KeymasterArguments();
|
||||
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
|
||||
true, args, out);
|
||||
true, args, null, out);
|
||||
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
|
||||
IBinder first = result.token;
|
||||
// Implementation detail: softkeymaster supports 16 concurrent operations
|
||||
for (int i = 0; i < 16; i++) {
|
||||
result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out);
|
||||
result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null,
|
||||
out);
|
||||
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
|
||||
}
|
||||
// At this point the first operation should be pruned.
|
||||
|
||||
Reference in New Issue
Block a user