diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-06-01 12:57:06 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2015-06-01 15:16:06 -0700 |
commit | 966486e134c901ea61195b352fdd81476b3639b4 (patch) | |
tree | 5562d3bab21e3f33e4563ef85f4cc8f901e29d92 | |
parent | e1c68765cf53473e710438f90e42e0cb26dffe1b (diff) | |
download | frameworks_base-966486e134c901ea61195b352fdd81476b3639b4.zip frameworks_base-966486e134c901ea61195b352fdd81476b3639b4.tar.gz frameworks_base-966486e134c901ea61195b352fdd81476b3639b4.tar.bz2 |
Track changes to the keystore binder API
Output parameters are gone from begin, instead they will returned in the
OperationResult and begin, update, and finish may return output
parameters.
Change-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8
6 files changed, 15 insertions, 19 deletions
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl index 30ea8e7..2097d5a 100644 --- a/core/java/android/security/IKeystoreService.aidl +++ b/core/java/android/security/IKeystoreService.aidl @@ -65,7 +65,7 @@ interface IKeystoreService { ExportResult exportKey(String alias, int format, in KeymasterBlob clientId, in KeymasterBlob appId); OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable, - in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams); + in KeymasterArguments params, in byte[] entropy); OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input); OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature); int abort(IBinder handle); diff --git a/core/java/android/security/keymaster/OperationResult.java b/core/java/android/security/keymaster/OperationResult.java index 9b46ad3..911a05a 100644 --- a/core/java/android/security/keymaster/OperationResult.java +++ b/core/java/android/security/keymaster/OperationResult.java @@ -31,6 +31,7 @@ public class OperationResult implements Parcelable { public final long operationHandle; public final int inputConsumed; public final byte[] output; + public final KeymasterArguments outParams; public static final Parcelable.Creator<OperationResult> CREATOR = new Parcelable.Creator<OperationResult>() { @@ -49,6 +50,7 @@ public class OperationResult implements Parcelable { operationHandle = in.readLong(); inputConsumed = in.readInt(); output = in.createByteArray(); + outParams = KeymasterArguments.CREATOR.createFromParcel(in); } @Override @@ -63,5 +65,6 @@ public class OperationResult implements Parcelable { out.writeLong(operationHandle); out.writeInt(inputConsumed); out.writeByteArray(output); + outParams.writeToParcel(out, flags); } } diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 72eda23..37ed723 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -496,9 +496,9 @@ public class KeyStore { } public OperationResult begin(String alias, int purpose, boolean pruneable, - KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) { + KeymasterArguments args, byte[] entropy) { try { - return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs); + return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java index be935a9..3ad3c9d 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java @@ -216,8 +216,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor mEncrypting ? KeymasterDefs.KM_PURPOSE_ENCRYPT : KeymasterDefs.KM_PURPOSE_DECRYPT, true, // permit aborting this operation if keystore runs out of resources keymasterInputArgs, - additionalEntropy, - keymasterOutputArgs); + additionalEntropy); if (opResult == null) { throw new KeyStoreConnectException(); } @@ -247,7 +246,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor throw new ProviderException("Keystore returned invalid operation handle"); } - loadAlgorithmSpecificParametersFromBeginResult(keymasterOutputArgs); + loadAlgorithmSpecificParametersFromBeginResult(opResult.outParams); mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer( new KeyStoreCryptoOperationChunkedStreamer.MainDataStream( mKeyStore, opResult.token)); diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java index 6422374..f31c06d 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java @@ -163,14 +163,13 @@ public abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreC keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); keymasterArgs.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits); - KeymasterArguments keymasterOutputArgs = new KeymasterArguments(); OperationResult opResult = mKeyStore.begin( mKey.getAlias(), KeymasterDefs.KM_PURPOSE_SIGN, true, keymasterArgs, - null, // no additional entropy needed for HMAC because it's deterministic - keymasterOutputArgs); + null); // no additional entropy needed for HMAC because it's deterministic + if (opResult == null) { throw new KeyStoreConnectException(); } diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java index c68b42b..1875885 100644 --- a/keystore/tests/src/android/security/KeyStoreTest.java +++ b/keystore/tests/src/android/security/KeyStoreTest.java @@ -814,13 +814,12 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); - KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM); args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, null, out); + true, args, null); IBinder token = result.token; assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); @@ -849,9 +848,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { new KeyCharacteristics()); } private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { - KeymasterArguments out = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, purpose, - true, beginArgs, null, out); + true, beginArgs, null); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder token = result.token; result = mKeyStore.update(token, null, in); @@ -916,19 +914,17 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); - KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_CTR); args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, null, out); + true, args, null); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder first = result.token; // Implementation detail: softkeymaster supports 16 concurrent operations for (int i = 0; i < 16; i++) { - result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null, - out); + result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); } // At this point the first operation should be pruned. @@ -949,10 +945,9 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); - KeymasterArguments out = new KeymasterArguments(); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, null, out); + true, args, null); assertEquals("Begin should expect authorization", KeyStore.OP_AUTH_NEEDED, result.resultCode); IBinder token = result.token; |