From efc4311a3fb84cacc98f0afe669c69f9d5196bd3 Mon Sep 17 00:00:00 2001 From: Dmitry Dementyev Date: Fri, 27 Oct 2017 23:10:28 -0700 Subject: [PATCH] Get rid of manually created IKeystoreService. Java/aidl side changes necessary to generate IKeystoreService.cpp Generated C++ service currently doesn't support null parameters, so lots of parameters were updated to pass default value instead of null. Test: cts-tradefed run cts -m CtsKeystoreTestCases Bug: 68389643 Change-Id: Ifaf2ab48b2bcd7b081e4b336aa279fa8ba4fbbbf --- core/java/Android.bp | 5 ++ .../android/security/KeystoreArguments.aidl | 2 +- .../security/keymaster/ExportResult.aidl | 2 +- .../keymaster/KeyCharacteristics.aidl | 2 +- .../keymaster/KeymasterArguments.aidl | 2 +- .../security/keymaster/KeymasterBlob.aidl | 2 +- .../keymaster/KeymasterCertificateChain.aidl | 2 +- .../security/keymaster/OperationResult.aidl | 2 +- keystore/java/android/security/KeyStore.java | 49 ++++++++++++++++++- 9 files changed, 60 insertions(+), 8 deletions(-) diff --git a/core/java/Android.bp b/core/java/Android.bp index 42b0f6bad0aec..1503445a1b02c 100644 --- a/core/java/Android.bp +++ b/core/java/Android.bp @@ -2,3 +2,8 @@ filegroup { name: "IKeyAttestationApplicationIdProvider.aidl", srcs: ["android/security/keymaster/IKeyAttestationApplicationIdProvider.aidl"], } + +filegroup { + name: "IKeystoreService.aidl", + srcs: ["android/security/IKeystoreService.aidl"], +} diff --git a/core/java/android/security/KeystoreArguments.aidl b/core/java/android/security/KeystoreArguments.aidl index d636414a05e3c..dc8ed50182edd 100644 --- a/core/java/android/security/KeystoreArguments.aidl +++ b/core/java/android/security/KeystoreArguments.aidl @@ -17,4 +17,4 @@ package android.security; /* @hide */ -parcelable KeystoreArguments; +parcelable KeystoreArguments cpp_header "keystore/KeystoreArguments.h"; diff --git a/core/java/android/security/keymaster/ExportResult.aidl b/core/java/android/security/keymaster/ExportResult.aidl index 4d9b2de6632f5..17486531a3f0c 100644 --- a/core/java/android/security/keymaster/ExportResult.aidl +++ b/core/java/android/security/keymaster/ExportResult.aidl @@ -17,4 +17,4 @@ package android.security.keymaster; /* @hide */ -parcelable ExportResult; +parcelable ExportResult cpp_header "keystore/ExportResult.h"; diff --git a/core/java/android/security/keymaster/KeyCharacteristics.aidl b/core/java/android/security/keymaster/KeyCharacteristics.aidl index be739d3223ab9..32e75ad267b25 100644 --- a/core/java/android/security/keymaster/KeyCharacteristics.aidl +++ b/core/java/android/security/keymaster/KeyCharacteristics.aidl @@ -17,4 +17,4 @@ package android.security.keymaster; /* @hide */ -parcelable KeyCharacteristics; +parcelable KeyCharacteristics cpp_header "keystore/KeyCharacteristics.h"; diff --git a/core/java/android/security/keymaster/KeymasterArguments.aidl b/core/java/android/security/keymaster/KeymasterArguments.aidl index 1a73206512e9f..44d9f09547816 100644 --- a/core/java/android/security/keymaster/KeymasterArguments.aidl +++ b/core/java/android/security/keymaster/KeymasterArguments.aidl @@ -17,4 +17,4 @@ package android.security.keymaster; /* @hide */ -parcelable KeymasterArguments; +parcelable KeymasterArguments cpp_header "keystore/KeymasterArguments.h"; diff --git a/core/java/android/security/keymaster/KeymasterBlob.aidl b/core/java/android/security/keymaster/KeymasterBlob.aidl index b7cd1c900efb9..5c5db9ec314bc 100644 --- a/core/java/android/security/keymaster/KeymasterBlob.aidl +++ b/core/java/android/security/keymaster/KeymasterBlob.aidl @@ -17,4 +17,4 @@ package android.security.keymaster; /* @hide */ -parcelable KeymasterBlob; +parcelable KeymasterBlob cpp_header "keystore/KeymasterBlob.h"; diff --git a/core/java/android/security/keymaster/KeymasterCertificateChain.aidl b/core/java/android/security/keymaster/KeymasterCertificateChain.aidl index dc1876aaaebd2..ddb5cae1a254e 100644 --- a/core/java/android/security/keymaster/KeymasterCertificateChain.aidl +++ b/core/java/android/security/keymaster/KeymasterCertificateChain.aidl @@ -17,4 +17,4 @@ package android.security.keymaster; /* @hide */ -parcelable KeymasterCertificateChain; +parcelable KeymasterCertificateChain cpp_header "keystore/KeymasterCertificateChain.h"; diff --git a/core/java/android/security/keymaster/OperationResult.aidl b/core/java/android/security/keymaster/OperationResult.aidl index ed26c8dd404b7..db689d46521aa 100644 --- a/core/java/android/security/keymaster/OperationResult.aidl +++ b/core/java/android/security/keymaster/OperationResult.aidl @@ -17,4 +17,4 @@ package android.security.keymaster; /* @hide */ -parcelable OperationResult; +parcelable OperationResult cpp_header "keystore/OperationResult.h"; diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index a7469cde74e35..399dddd71a2ae 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -54,7 +54,7 @@ import java.util.Locale; public class KeyStore { private static final String TAG = "KeyStore"; - // ResponseCodes + // ResponseCodes - see system/security/keystore/include/keystore/keystore.h public static final int NO_ERROR = 1; public static final int LOCKED = 2; public static final int UNINITIALIZED = 3; @@ -168,10 +168,14 @@ public class KeyStore { public byte[] get(String key, int uid) { try { + key = key != null ? key : ""; return mBinder.get(key, uid); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; + } catch (android.os.ServiceSpecificException e) { + Log.w(TAG, "KeyStore exception", e); + return null; } } @@ -185,6 +189,9 @@ public class KeyStore { public int insert(String key, byte[] value, int uid, int flags) { try { + if (value == null) { + value = new byte[0]; + } return mBinder.insert(key, value, uid, flags); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -228,6 +235,9 @@ public class KeyStore { } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; + } catch (android.os.ServiceSpecificException e) { + Log.w(TAG, "KeyStore exception", e); + return null; } } @@ -276,6 +286,7 @@ public class KeyStore { */ public boolean unlock(int userId, String password) { try { + password = password != null ? password : ""; mError = mBinder.unlock(userId, password); return mError == NO_ERROR; } catch (RemoteException e) { @@ -330,16 +341,25 @@ public class KeyStore { } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; + } catch (android.os.ServiceSpecificException e) { + Log.w(TAG, "KeyStore exception", e); + return null; } + } public boolean verify(String key, byte[] data, byte[] signature) { try { + signature = signature != null ? signature : new byte[0]; return mBinder.verify(key, data, signature) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; + } catch (android.os.ServiceSpecificException e) { + Log.w(TAG, "KeyStore exception", e); + return false; } + } public String grant(String key, int uid) { @@ -432,6 +452,8 @@ public class KeyStore { public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int uid, int flags, KeyCharacteristics outCharacteristics) { try { + entropy = entropy != null ? entropy : new byte[0]; + args = args != null ? args : new KeymasterArguments(); return mBinder.generateKey(alias, args, entropy, uid, flags, outCharacteristics); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -447,6 +469,8 @@ public class KeyStore { public int getKeyCharacteristics(String alias, KeymasterBlob clientId, KeymasterBlob appId, int uid, KeyCharacteristics outCharacteristics) { try { + clientId = clientId != null ? clientId : new KeymasterBlob(new byte[0]); + appId = appId != null ? appId : new KeymasterBlob(new byte[0]); return mBinder.getKeyCharacteristics(alias, clientId, appId, uid, outCharacteristics); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -478,6 +502,8 @@ public class KeyStore { public ExportResult exportKey(String alias, int format, KeymasterBlob clientId, KeymasterBlob appId, int uid) { try { + clientId = clientId != null ? clientId : new KeymasterBlob(new byte[0]); + appId = appId != null ? appId : new KeymasterBlob(new byte[0]); return mBinder.exportKey(alias, format, clientId, appId, uid); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -492,6 +518,8 @@ public class KeyStore { public OperationResult begin(String alias, int purpose, boolean pruneable, KeymasterArguments args, byte[] entropy, int uid) { try { + args = args != null ? args : new KeymasterArguments(); + entropy = entropy != null ? entropy : new byte[0]; return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, uid); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -501,11 +529,15 @@ public class KeyStore { public OperationResult begin(String alias, int purpose, boolean pruneable, KeymasterArguments args, byte[] entropy) { + entropy = entropy != null ? entropy : new byte[0]; + args = args != null ? args : new KeymasterArguments(); return begin(alias, purpose, pruneable, args, entropy, UID_SELF); } public OperationResult update(IBinder token, KeymasterArguments arguments, byte[] input) { try { + arguments = arguments != null ? arguments : new KeymasterArguments(); + input = input != null ? input : new byte[0]; return mBinder.update(token, arguments, input); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -516,6 +548,9 @@ public class KeyStore { public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] signature, byte[] entropy) { try { + arguments = arguments != null ? arguments : new KeymasterArguments(); + entropy = entropy != null ? entropy : new byte[0]; + signature = signature != null ? signature : new byte[0]; return mBinder.finish(token, arguments, signature, entropy); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -632,6 +667,12 @@ public class KeyStore { public int attestKey( String alias, KeymasterArguments params, KeymasterCertificateChain outChain) { try { + if (params == null) { + params = new KeymasterArguments(); + } + if (outChain == null) { + outChain = new KeymasterCertificateChain(); + } return mBinder.attestKey(alias, params, outChain); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); @@ -641,6 +682,12 @@ public class KeyStore { public int attestDeviceIds(KeymasterArguments params, KeymasterCertificateChain outChain) { try { + if (params == null) { + params = new KeymasterArguments(); + } + if (outChain == null) { + outChain = new KeymasterCertificateChain(); + } return mBinder.attestDeviceIds(params, outChain); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e);