Search in sources :

Example 26 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by ResurrectionRemix.

the class KeyStoreTest method testAes256Ecb.

public void testAes256Ecb() throws Exception {
    byte[] key = hexToBytes("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4");
    String name = "aes";
    assertEquals(KeyStore.NO_ERROR, importAesKey(name, key, 256, KeymasterDefs.KM_MODE_ECB));
    byte[][] testVectors = new byte[][] { hexToBytes("6bc1bee22e409f96e93d7e117393172a"), hexToBytes("ae2d8a571e03ac9c9eb76fac45af8e51"), hexToBytes("30c81c46a35ce411e5fbc1191a0a52ef"), hexToBytes("f69f2445df4f9b17ad2b417be66c3710") };
    byte[][] cipherVectors = new byte[][] { hexToBytes("f3eed1bdb5d2a03c064b5a7e3db181f8"), hexToBytes("591ccb10d410ed26dc5ba74a31362870"), hexToBytes("b6ed21b99ca6f4f9f153e7b1beafed1d"), hexToBytes("23304b7a39f9f3ff067d8d8f9e24ecc7") };
    KeymasterArguments beginArgs = new KeymasterArguments();
    beginArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
    beginArgs.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
    beginArgs.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    for (int i = 0; i < testVectors.length; i++) {
        byte[] cipherText = doOperation(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, testVectors[i], beginArgs);
        MoreAsserts.assertEquals(cipherVectors[i], cipherText);
    }
    for (int i = 0; i < testVectors.length; i++) {
        byte[] plainText = doOperation(name, KeymasterDefs.KM_PURPOSE_DECRYPT, cipherVectors[i], beginArgs);
        MoreAsserts.assertEquals(testVectors[i], plainText);
    }
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments)

Example 27 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by ResurrectionRemix.

the class KeyStoreTest method generateRsaKey.

private KeyCharacteristics generateRsaKey(String name) throws Exception {
    KeymasterArguments args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
    args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4);
    KeyCharacteristics outCharacteristics = new KeyCharacteristics();
    int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
    assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
    return outCharacteristics;
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments) KeyCharacteristics(android.security.keymaster.KeyCharacteristics)

Example 28 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by ResurrectionRemix.

the class KeyStoreTest method importAesKey.

private int importAesKey(String name, byte[] key, int size, int mode) {
    KeymasterArguments args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, mode);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, size);
    args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
    return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0, new KeyCharacteristics());
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments) KeyCharacteristics(android.security.keymaster.KeyCharacteristics)

Example 29 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by ResurrectionRemix.

the class KeyStoreTest method testAppId.

public void testAppId() throws Exception {
    String name = "test";
    byte[] id = new byte[] { 0x01, 0x02, 0x03 };
    KeymasterArguments args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
    args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
    args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
    args.addBytes(KeymasterDefs.KM_TAG_APPLICATION_ID, id);
    args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4);
    KeyCharacteristics outCharacteristics = new KeyCharacteristics();
    int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
    assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
    assertEquals("getKeyCharacteristics should fail without application ID", KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics));
    assertEquals("getKeyCharacteristics should succeed with application ID", KeyStore.NO_ERROR, mKeyStore.getKeyCharacteristics(name, new KeymasterBlob(id), null, outCharacteristics));
}
Also used : KeymasterBlob(android.security.keymaster.KeymasterBlob) KeymasterArguments(android.security.keymaster.KeymasterArguments) KeyCharacteristics(android.security.keymaster.KeyCharacteristics)

Example 30 with KeymasterArguments

use of android.security.keymaster.KeymasterArguments in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreCipherSpiBase method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException, InvalidAlgorithmParameterException {
    if (mMainDataStreamer != null) {
        return;
    }
    if (mCachedException != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterInputArgs = new KeymasterArguments();
    addAlgorithmSpecificParametersToBegin(keymasterInputArgs);
    byte[] additionalEntropy = KeyStoreCryptoOperationUtils.getRandomBytesToMixIntoKeystoreRng(mRng, getAdditionalEntropyAmountForBegin());
    int purpose;
    if (mKeymasterPurposeOverride != -1) {
        purpose = mKeymasterPurposeOverride;
    } else {
        purpose = mEncrypting ? KeymasterDefs.KM_PURPOSE_ENCRYPT : KeymasterDefs.KM_PURPOSE_DECRYPT;
    }
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), purpose, // permit aborting this operation if keystore runs out of resources
    true, keymasterInputArgs, additionalEntropy, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    GeneralSecurityException e = KeyStoreCryptoOperationUtils.getExceptionForCipherInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        if (e instanceof InvalidKeyException) {
            throw (InvalidKeyException) e;
        } else if (e instanceof InvalidAlgorithmParameterException) {
            throw (InvalidAlgorithmParameterException) e;
        } else {
            throw new ProviderException("Unexpected exception type", e);
        }
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    loadAlgorithmSpecificParametersFromBeginResult(opResult.outParams);
    mMainDataStreamer = createMainDataStreamer(mKeyStore, opResult.token);
    mAdditionalAuthenticationDataStreamer = createAdditionalAuthenticationDataStreamer(mKeyStore, opResult.token);
    mAdditionalAuthenticationDataStreamerClosed = false;
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) KeymasterArguments(android.security.keymaster.KeymasterArguments) ProviderException(java.security.ProviderException) GeneralSecurityException(java.security.GeneralSecurityException) OperationResult(android.security.keymaster.OperationResult) InvalidKeyException(java.security.InvalidKeyException)

Aggregations

KeymasterArguments (android.security.keymaster.KeymasterArguments)90 KeyCharacteristics (android.security.keymaster.KeyCharacteristics)50 OperationResult (android.security.keymaster.OperationResult)30 ProviderException (java.security.ProviderException)30 IBinder (android.os.IBinder)15 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)15 InvalidKeyException (java.security.InvalidKeyException)15 KeyGenParameterSpec (android.security.keystore.KeyGenParameterSpec)10 KeyProtection (android.security.keystore.KeyProtection)10 KeyStoreException (java.security.KeyStoreException)10 KeyPairGeneratorSpec (android.security.KeyPairGeneratorSpec)5 KeyStoreParameter (android.security.KeyStoreParameter)5 KeymasterBlob (android.security.keymaster.KeymasterBlob)5 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5 GeneralSecurityException (java.security.GeneralSecurityException)5 CertificateEncodingException (java.security.cert.CertificateEncodingException)5 X509Certificate (java.security.cert.X509Certificate)5 RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)5 SecretKey (javax.crypto.SecretKey)5