summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/security/IKeystoreService.aidl2
-rw-r--r--core/java/android/security/keymaster/OperationResult.java3
-rw-r--r--keystore/java/android/security/KeyStore.java4
-rw-r--r--keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java5
-rw-r--r--keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java5
-rw-r--r--keystore/tests/src/android/security/KeyStoreTest.java15
6 files changed, 15 insertions, 19 deletions
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index 30ea8e7..2097d5a 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -65,7 +65,7 @@ interface IKeystoreService {
ExportResult exportKey(String alias, int format, in KeymasterBlob clientId,
in KeymasterBlob appId);
OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
- in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams);
+ in KeymasterArguments params, in byte[] entropy);
OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature);
int abort(IBinder handle);
diff --git a/core/java/android/security/keymaster/OperationResult.java b/core/java/android/security/keymaster/OperationResult.java
index 9b46ad3..911a05a 100644
--- a/core/java/android/security/keymaster/OperationResult.java
+++ b/core/java/android/security/keymaster/OperationResult.java
@@ -31,6 +31,7 @@ public class OperationResult implements Parcelable {
public final long operationHandle;
public final int inputConsumed;
public final byte[] output;
+ public final KeymasterArguments outParams;
public static final Parcelable.Creator<OperationResult> CREATOR = new
Parcelable.Creator<OperationResult>() {
@@ -49,6 +50,7 @@ public class OperationResult implements Parcelable {
operationHandle = in.readLong();
inputConsumed = in.readInt();
output = in.createByteArray();
+ outParams = KeymasterArguments.CREATOR.createFromParcel(in);
}
@Override
@@ -63,5 +65,6 @@ public class OperationResult implements Parcelable {
out.writeLong(operationHandle);
out.writeInt(inputConsumed);
out.writeByteArray(output);
+ outParams.writeToParcel(out, flags);
}
}
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 72eda23..37ed723 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -496,9 +496,9 @@ public class KeyStore {
}
public OperationResult begin(String alias, int purpose, boolean pruneable,
- KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) {
+ KeymasterArguments args, byte[] entropy) {
try {
- return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs);
+ return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return null;
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java
index be935a9..3ad3c9d 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java
@@ -216,8 +216,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
mEncrypting ? KeymasterDefs.KM_PURPOSE_ENCRYPT : KeymasterDefs.KM_PURPOSE_DECRYPT,
true, // permit aborting this operation if keystore runs out of resources
keymasterInputArgs,
- additionalEntropy,
- keymasterOutputArgs);
+ additionalEntropy);
if (opResult == null) {
throw new KeyStoreConnectException();
}
@@ -247,7 +246,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
throw new ProviderException("Keystore returned invalid operation handle");
}
- loadAlgorithmSpecificParametersFromBeginResult(keymasterOutputArgs);
+ loadAlgorithmSpecificParametersFromBeginResult(opResult.outParams);
mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer(
new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
mKeyStore, opResult.token));
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java
index 6422374..f31c06d 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java
@@ -163,14 +163,13 @@ public abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreC
keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest);
keymasterArgs.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits);
- KeymasterArguments keymasterOutputArgs = new KeymasterArguments();
OperationResult opResult = mKeyStore.begin(
mKey.getAlias(),
KeymasterDefs.KM_PURPOSE_SIGN,
true,
keymasterArgs,
- null, // no additional entropy needed for HMAC because it's deterministic
- keymasterOutputArgs);
+ null); // no additional entropy needed for HMAC because it's deterministic
+
if (opResult == null) {
throw new KeyStoreConnectException();
}
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index c68b42b..1875885 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -814,13 +814,12 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
- KeymasterArguments out = new KeymasterArguments();
args = new KeymasterArguments();
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM);
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
- true, args, null, out);
+ true, args, null);
IBinder token = result.token;
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});
@@ -849,9 +848,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
new KeyCharacteristics());
}
private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) {
- KeymasterArguments out = new KeymasterArguments();
OperationResult result = mKeyStore.begin(name, purpose,
- true, beginArgs, null, out);
+ true, beginArgs, null);
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
IBinder token = result.token;
result = mKeyStore.update(token, null, in);
@@ -916,19 +914,17 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
- KeymasterArguments out = new KeymasterArguments();
args = new KeymasterArguments();
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_CTR);
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
- true, args, null, out);
+ true, args, null);
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
IBinder first = result.token;
// Implementation detail: softkeymaster supports 16 concurrent operations
for (int i = 0; i < 16; i++) {
- result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null,
- out);
+ result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null);
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
}
// At this point the first operation should be pruned.
@@ -949,10 +945,9 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
- KeymasterArguments out = new KeymasterArguments();
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
- true, args, null, out);
+ true, args, null);
assertEquals("Begin should expect authorization", KeyStore.OP_AUTH_NEEDED,
result.resultCode);
IBinder token = result.token;
generated by cgit v1.1 at 2024-06-07 20:39:15 +0000