diff options
author | Shawn Willden <swillden@google.com> | 2015-07-30 19:57:22 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-07-30 19:57:22 +0000 |
commit | 75e51ec0b14e9c5363ad86a69fd7a764290a5cfb (patch) | |
tree | b1d18feb041f43d16b00a478b99c38cf54932a7d | |
parent | 730c0f6591b1c99699e9d0ecf36d696f7d87629f (diff) | |
parent | 3ab1f04004c417397bfac8f061dc187b7b66109d (diff) | |
download | frameworks_base-75e51ec0b14e9c5363ad86a69fd7a764290a5cfb.zip frameworks_base-75e51ec0b14e9c5363ad86a69fd7a764290a5cfb.tar.gz frameworks_base-75e51ec0b14e9c5363ad86a69fd7a764290a5cfb.tar.bz2 |
Merge "Raw RSA Cipher relies on keymaster for padding and range checks." into mnc-dev
-rw-r--r-- | keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java index 94ed8b4..56cc44c 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java @@ -18,16 +18,11 @@ package android.security.keystore; import android.annotation.NonNull; import android.annotation.Nullable; -import android.os.IBinder; import android.security.KeyStore; -import android.security.KeyStoreException; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; -import libcore.util.EmptyArray; - -import java.io.ByteArrayOutputStream; import java.security.AlgorithmParameters; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; @@ -103,91 +98,6 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase protected final int getAdditionalEntropyAmountForFinish() { return 0; } - - @Override - @NonNull - protected KeyStoreCryptoOperationStreamer createMainDataStreamer( - KeyStore keyStore, IBinder operationToken) { - if (isEncrypting()) { - // KeyStore's RSA encryption without padding expects the input to be of the same - // length as the modulus. We thus have to buffer all input to pad it with leading - // zeros. - return new ZeroPaddingEncryptionStreamer( - super.createMainDataStreamer(keyStore, operationToken), - getModulusSizeBytes()); - } else { - return super.createMainDataStreamer(keyStore, operationToken); - } - } - - /** - * Streamer which buffers all plaintext input, then pads it with leading zeros to match - * modulus size, and then sends it into KeyStore to obtain ciphertext. - */ - private static class ZeroPaddingEncryptionStreamer - implements KeyStoreCryptoOperationStreamer { - - private final KeyStoreCryptoOperationStreamer mDelegate; - private final int mModulusSizeBytes; - private final ByteArrayOutputStream mInputBuffer = new ByteArrayOutputStream(); - private long mConsumedInputSizeBytes; - - private ZeroPaddingEncryptionStreamer( - KeyStoreCryptoOperationStreamer delegate, - int modulusSizeBytes) { - mDelegate = delegate; - mModulusSizeBytes = modulusSizeBytes; - } - - @Override - public byte[] update(byte[] input, int inputOffset, int inputLength) - throws KeyStoreException { - if (inputLength > 0) { - mInputBuffer.write(input, inputOffset, inputLength); - mConsumedInputSizeBytes += inputLength; - } - return EmptyArray.BYTE; - } - - @Override - public byte[] doFinal(byte[] input, int inputOffset, int inputLength, - byte[] signature, byte[] additionalEntropy) throws KeyStoreException { - if (inputLength > 0) { - mConsumedInputSizeBytes += inputLength; - mInputBuffer.write(input, inputOffset, inputLength); - } - byte[] bufferedInput = mInputBuffer.toByteArray(); - mInputBuffer.reset(); - byte[] paddedInput; - if (bufferedInput.length < mModulusSizeBytes) { - // Pad input with leading zeros - paddedInput = new byte[mModulusSizeBytes]; - System.arraycopy( - bufferedInput, 0, - paddedInput, - paddedInput.length - bufferedInput.length, - bufferedInput.length); - } else { - // RI throws BadPaddingException in this scenario. INVALID_ARGUMENT below will - // be translated into BadPaddingException. - throw new KeyStoreException(KeymasterDefs.KM_ERROR_INVALID_ARGUMENT, - "Message size (" + bufferedInput.length + " bytes) must be smaller than" - + " modulus (" + mModulusSizeBytes + " bytes)"); - } - return mDelegate.doFinal(paddedInput, 0, paddedInput.length, signature, - additionalEntropy); - } - - @Override - public long getConsumedInputSizeBytes() { - return mConsumedInputSizeBytes; - } - - @Override - public long getProducedOutputSizeBytes() { - return mDelegate.getProducedOutputSizeBytes(); - } - } } /** |