diff options
| author | Chad Brubaker <cbrubaker@google.com> | 2015-03-27 14:28:35 -0700 |
|---|---|---|
| committer | Chad Brubaker <cbrubaker@google.com> | 2015-03-27 14:28:35 -0700 |
| commit | dae79e540844741fc35c648efe8bbb00fc8ab781 (patch) | |
| tree | a8d91d5261c9f7eb48cbc2fdfe2729a41e28b8b3 /keystore | |
| parent | 274a4ee3446e76a34a9cfe987e98f7bf4e53f78d (diff) | |
| download | frameworks_base-dae79e540844741fc35c648efe8bbb00fc8ab781.zip frameworks_base-dae79e540844741fc35c648efe8bbb00fc8ab781.tar.gz frameworks_base-dae79e540844741fc35c648efe8bbb00fc8ab781.tar.bz2 | |
Allow entropy to be provided to some operations
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
Diffstat (limited to 'keystore')
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 14 | ||||
| -rw-r--r-- | keystore/tests/src/android/security/KeyStoreTest.java | 35 |
2 files changed, 34 insertions, 15 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 957e3c1..f68b3f6 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -389,19 +389,19 @@ public class KeyStore { } } - public int generateKey(String alias, KeymasterArguments args, int uid, int flags, - KeyCharacteristics outCharacteristics) { + public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int uid, + int flags, KeyCharacteristics outCharacteristics) { try { - return mBinder.generateKey(alias, args, uid, flags, outCharacteristics); + return mBinder.generateKey(alias, args, entropy, uid, flags, outCharacteristics); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return SYSTEM_ERROR; } } - public int generateKey(String alias, KeymasterArguments args, int flags, + public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int flags, KeyCharacteristics outCharacteristics) { - return generateKey(alias, args, UID_SELF, flags, outCharacteristics); + return generateKey(alias, args, entropy, UID_SELF, flags, outCharacteristics); } public int getKeyCharacteristics(String alias, KeymasterBlob clientId, KeymasterBlob appId, @@ -441,9 +441,9 @@ public class KeyStore { } public OperationResult begin(String alias, int purpose, boolean pruneable, - KeymasterArguments args, KeymasterArguments outArgs) { + KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) { try { - return mBinder.begin(getToken(), alias, purpose, pruneable, args, outArgs); + return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java index f755bb0..7468fb5 100644 --- a/keystore/tests/src/android/security/KeyStoreTest.java +++ b/keystore/tests/src/android/security/KeyStoreTest.java @@ -717,7 +717,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); + int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); return outCharacteristics; } @@ -726,6 +726,24 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { generateRsaKey("test"); mKeyStore.delete("test"); } + + public void testGenerateRsaWithEntropy() throws Exception { + byte[] entropy = new byte[] {1,2,3,4,5}; + String name = "test"; + KeymasterArguments args = new KeymasterArguments(); + args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); + args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); + args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); + args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); + args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); + args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, + RSAKeyGenParameterSpec.F4.longValue()); + + KeyCharacteristics outCharacteristics = new KeyCharacteristics(); + int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics); + assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result); + } + public void testGenerateAndDelete() throws Exception { generateRsaKey("test"); assertTrue("delete should succeed", mKeyStore.delete("test")); @@ -756,7 +774,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); + int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); assertEquals("getKeyCharacteristics should fail without application ID", KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, @@ -790,13 +808,13 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); + int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, out); + true, args, null, out); IBinder token = result.token; assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); @@ -826,7 +844,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { KeymasterArguments out = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, purpose, - true, beginArgs, out); + true, beginArgs, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder token = result.token; result = mKeyStore.update(token, null, in); @@ -885,18 +903,19 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); + int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, out); + true, args, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder first = result.token; // Implementation detail: softkeymaster supports 16 concurrent operations for (int i = 0; i < 16; i++) { - result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); + result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null, + out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); } // At this point the first operation should be pruned. |