Search in sources :

Example 71 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreSignatureSpiBase method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException {
    if (mMessageStreamer != null) {
        return;
    }
    if (mCachedException != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterInputArgs = new KeymasterArguments();
    addAlgorithmSpecificParametersToBegin(keymasterInputArgs);
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), mSigning ? KeymasterDefs.KM_PURPOSE_SIGN : KeymasterDefs.KM_PURPOSE_VERIFY, // permit aborting this operation if keystore runs out of resources
    true, keymasterInputArgs, // no additional entropy for begin -- only finish might need some
    null, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        throw e;
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    mMessageStreamer = createMainDataStreamer(mKeyStore, opResult.token);
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments) ProviderException(java.security.ProviderException) OperationResult(android.security.keymaster.OperationResult) InvalidKeyException(java.security.InvalidKeyException)

Example 72 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreKeyPairGeneratorSpi method createCertificateChain.

private Iterable<byte[]> createCertificateChain(final String privateKeyAlias, KeyPair keyPair) throws ProviderException {
    byte[] challenge = mSpec.getAttestationChallenge();
    if (challenge != null) {
        KeymasterArguments args = new KeymasterArguments();
        args.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_CHALLENGE, challenge);
        return getAttestationChain(privateKeyAlias, keyPair, args);
    }
    // Very short certificate chain in the non-attestation case.
    return Collections.singleton(generateSelfSignedCertificateBytes(keyPair));
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments)

Example 73 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreKeyPairGeneratorSpi method constructKeyGenerationArguments.

private KeymasterArguments constructKeyGenerationArguments() {
    KeymasterArguments args = new KeymasterArguments();
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, mKeySizeBits);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, mKeymasterAlgorithm);
    args.addEnums(KeymasterDefs.KM_TAG_PURPOSE, mKeymasterPurposes);
    args.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, mKeymasterBlockModes);
    args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterEncryptionPaddings);
    args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterSignaturePaddings);
    args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);
    KeymasterUtils.addUserAuthArgs(args, mSpec.isUserAuthenticationRequired(), mSpec.getUserAuthenticationValidityDurationSeconds(), mSpec.isUserAuthenticationValidWhileOnBody(), mSpec.isInvalidatedByBiometricEnrollment());
    args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart());
    args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, mSpec.getKeyValidityForOriginationEnd());
    args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, mSpec.getKeyValidityForConsumptionEnd());
    addAlgorithmSpecificParameters(args);
    if (mSpec.isUniqueIdIncluded())
        args.addBoolean(KeymasterDefs.KM_TAG_INCLUDE_UNIQUE_ID);
    if (mSpec.isUseSecureProcessor())
        args.addBoolean(KeymasterDefs.KM_TAG_USE_SECURE_PROCESSOR);
    return args;
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments)

Example 74 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by AOSPA.

the class KeyStoreTest method testAppId.

public void testAppId() throws Exception {
    String name = "test";
    byte[] id = new byte[] { 0x01, 0x02, 0x03 };
    KeymasterArguments args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
    args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
    args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
    args.addBytes(KeymasterDefs.KM_TAG_APPLICATION_ID, id);
    args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4);
    KeyCharacteristics outCharacteristics = new KeyCharacteristics();
    int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
    assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
    assertEquals("getKeyCharacteristics should fail without application ID", KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics));
    assertEquals("getKeyCharacteristics should succeed with application ID", KeyStore.NO_ERROR, mKeyStore.getKeyCharacteristics(name, new KeymasterBlob(id), null, outCharacteristics));
}
Also used : KeymasterBlob(android.security.keymaster.KeymasterBlob) KeymasterArguments(android.security.keymaster.KeymasterArguments) KeyCharacteristics(android.security.keymaster.KeyCharacteristics)

Example 75 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by AOSPA.

the class KeyStoreTest method testAuthNeeded.

public void testAuthNeeded() throws Exception {
    String name = "test";
    KeymasterArguments args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_PKCS7);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);
    args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
    args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 1);
    KeyCharacteristics outCharacteristics = new KeyCharacteristics();
    int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
    assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
    OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null);
    assertEquals("Begin should expect authorization", KeyStore.OP_AUTH_NEEDED, result.resultCode);
    IBinder token = result.token;
    result = mKeyStore.update(token, null, new byte[] { 0x01, 0x02, 0x03, 0x04 });
    assertEquals("Update should require authorization", KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED, result.resultCode);
}
Also used : IBinder(android.os.IBinder) KeymasterArguments(android.security.keymaster.KeymasterArguments) KeyCharacteristics(android.security.keymaster.KeyCharacteristics) OperationResult(android.security.keymaster.OperationResult)

Aggregations

KeymasterArguments (android.security.keymaster.KeymasterArguments)90 KeyCharacteristics (android.security.keymaster.KeyCharacteristics)50 OperationResult (android.security.keymaster.OperationResult)30 ProviderException (java.security.ProviderException)30 IBinder (android.os.IBinder)15 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)15 InvalidKeyException (java.security.InvalidKeyException)15 KeyGenParameterSpec (android.security.keystore.KeyGenParameterSpec)10 KeyProtection (android.security.keystore.KeyProtection)10 KeyStoreException (java.security.KeyStoreException)10 KeyPairGeneratorSpec (android.security.KeyPairGeneratorSpec)5 KeyStoreParameter (android.security.KeyStoreParameter)5 KeymasterBlob (android.security.keymaster.KeymasterBlob)5 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5 GeneralSecurityException (java.security.GeneralSecurityException)5 CertificateEncodingException (java.security.cert.CertificateEncodingException)5 X509Certificate (java.security.cert.X509Certificate)5 RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)5 SecretKey (javax.crypto.SecretKey)5