From d255a2136f3d3a0b618d2c6d0781245b0d88ba9b Mon Sep 17 00:00:00 2001 From: Max Bires Date: Tue, 18 Dec 2018 17:26:56 -0800 Subject: [PATCH] Adding check for HMAC/EC key size for StrongBox engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call into the backing Keymaster implementation until generate is called on it to actually create the key. If a disallowed spec for StrongBox is passed in, the backing StrongBox implementation won't be able to revoke it until engineGenerateKey() is called, which will create different behaviors between TEE backed implementations (which support a wider range of algorithm spec parameters) and StrongBox implementations from a public API perspective. This change will make sure HMAC is the same for StrongBox. This is also being done for EC keys in AndroidKeyStoreKeyPairGeneratorSpi.java Bug: 113525261 Bug: 114487149 Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186 --- .../keystore/AndroidKeyStoreKeyGeneratorSpi.java | 4 ++++ .../keystore/AndroidKeyStoreKeyPairGeneratorSpi.java | 12 ++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java index 419eb24e1cc1c..2d04d722b5c9c 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java @@ -210,6 +210,10 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { throw new InvalidAlgorithmParameterException( "HMAC key size must be at least 64 bits."); } + if (mKeySizeBits > 512 && spec.isStrongBoxBacked()) { + throw new InvalidAlgorithmParameterException( + "StrongBox HMAC key size must be smaller than 512 bits."); + } // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm // implies SHA-256 digest). Because keymaster HMAC key is authorized only for diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java index 5fc742afeaeb0..d44c894fa5730 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -303,7 +303,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato if (mKeySizeBits == -1) { mKeySizeBits = getDefaultKeySize(keymasterAlgorithm); } - checkValidKeySize(keymasterAlgorithm, mKeySizeBits); + checkValidKeySize(keymasterAlgorithm, mKeySizeBits, mSpec.isStrongBoxBacked()); if (spec.getKeystoreAlias() == null) { throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided"); @@ -724,10 +724,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato } } - private static void checkValidKeySize(int keymasterAlgorithm, int keySize) + private static void checkValidKeySize( + int keymasterAlgorithm, + int keySize, + boolean isStrongBoxBacked) throws InvalidAlgorithmParameterException { switch (keymasterAlgorithm) { case KeymasterDefs.KM_ALGORITHM_EC: + if (isStrongBoxBacked && keySize != 256) { + throw new InvalidAlgorithmParameterException( + "Unsupported StrongBox EC key size: " + + keySize + " bits. Supported: 256"); + } if (!SUPPORTED_EC_NIST_CURVE_SIZES.contains(keySize)) { throw new InvalidAlgorithmParameterException("Unsupported EC key size: " + keySize + " bits. Supported: " + SUPPORTED_EC_NIST_CURVE_SIZES);