Search in sources :

Example 36 with OperationResult

use of android.security.keymaster.OperationResult in project platform_frameworks_base by android.

the class AndroidKeyStoreSignatureSpiBase method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException {
    if (mMessageStreamer != null) {
        return;
    }
    if (mCachedException != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterInputArgs = new KeymasterArguments();
    addAlgorithmSpecificParametersToBegin(keymasterInputArgs);
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), mSigning ? KeymasterDefs.KM_PURPOSE_SIGN : KeymasterDefs.KM_PURPOSE_VERIFY, // permit aborting this operation if keystore runs out of resources
    true, keymasterInputArgs, // no additional entropy for begin -- only finish might need some
    null, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        throw e;
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    mMessageStreamer = createMainDataStreamer(mKeyStore, opResult.token);
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments) ProviderException(java.security.ProviderException) OperationResult(android.security.keymaster.OperationResult) InvalidKeyException(java.security.InvalidKeyException)

Example 37 with OperationResult

use of android.security.keymaster.OperationResult in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreHmacSpi method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException {
    if (mChunkedStreamer != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterArgs = new KeymasterArguments();
    keymasterArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC);
    keymasterArgs.addEnum(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest);
    keymasterArgs.addUnsignedInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits);
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), KeymasterDefs.KM_PURPOSE_SIGN, true, keymasterArgs, // no additional entropy needed for HMAC because it's deterministic
    null, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        throw e;
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(mKeyStore, mOperationToken));
}
Also used : KeymasterArguments(android.security.keymaster.KeymasterArguments) ProviderException(java.security.ProviderException) OperationResult(android.security.keymaster.OperationResult) InvalidKeyException(java.security.InvalidKeyException)

Example 38 with OperationResult

use of android.security.keymaster.OperationResult in project android_frameworks_base by DirtyUnicorns.

the class KeyStoreCryptoOperationChunkedStreamer method update.

@Override
public byte[] update(byte[] input, int inputOffset, int inputLength) throws KeyStoreException {
    if (inputLength == 0) {
        // No input provided
        return EmptyArray.BYTE;
    }
    ByteArrayOutputStream bufferedOutput = null;
    while (inputLength > 0) {
        byte[] chunk;
        int inputBytesInChunk;
        if ((mBufferedLength + inputLength) > mMaxChunkSize) {
            // Too much input for one chunk -- extract one max-sized chunk and feed it into the
            // update operation.
            inputBytesInChunk = mMaxChunkSize - mBufferedLength;
            chunk = ArrayUtils.concat(mBuffered, mBufferedOffset, mBufferedLength, input, inputOffset, inputBytesInChunk);
        } else {
            // All of available input fits into one chunk.
            if ((mBufferedLength == 0) && (inputOffset == 0) && (inputLength == input.length)) {
                // Nothing buffered and all of input array needs to be fed into the update
                // operation.
                chunk = input;
                inputBytesInChunk = input.length;
            } else {
                // Need to combine buffered data with input data into one array.
                inputBytesInChunk = inputLength;
                chunk = ArrayUtils.concat(mBuffered, mBufferedOffset, mBufferedLength, input, inputOffset, inputBytesInChunk);
            }
        }
        // Update input array references to reflect that some of its bytes are now in mBuffered.
        inputOffset += inputBytesInChunk;
        inputLength -= inputBytesInChunk;
        mConsumedInputSizeBytes += inputBytesInChunk;
        OperationResult opResult = mKeyStoreStream.update(chunk);
        if (opResult == null) {
            throw new KeyStoreConnectException();
        } else if (opResult.resultCode != KeyStore.NO_ERROR) {
            throw KeyStore.getKeyStoreException(opResult.resultCode);
        }
        if (opResult.inputConsumed == chunk.length) {
            // The whole chunk was consumed
            mBuffered = EmptyArray.BYTE;
            mBufferedOffset = 0;
            mBufferedLength = 0;
        } else if (opResult.inputConsumed <= 0) {
            // Nothing was consumed. More input needed.
            if (inputLength > 0) {
                // Shouldn't have happened.
                throw new KeyStoreException(KeymasterDefs.KM_ERROR_UNKNOWN_ERROR, "Keystore consumed nothing from max-sized chunk: " + chunk.length + " bytes");
            }
            mBuffered = chunk;
            mBufferedOffset = 0;
            mBufferedLength = chunk.length;
        } else if (opResult.inputConsumed < chunk.length) {
            // The chunk was consumed only partially -- buffer the rest of the chunk
            mBuffered = chunk;
            mBufferedOffset = opResult.inputConsumed;
            mBufferedLength = chunk.length - opResult.inputConsumed;
        } else {
            throw new KeyStoreException(KeymasterDefs.KM_ERROR_UNKNOWN_ERROR, "Keystore consumed more input than provided. Provided: " + chunk.length + ", consumed: " + opResult.inputConsumed);
        }
        if ((opResult.output != null) && (opResult.output.length > 0)) {
            if (inputLength > 0) {
                // More output might be produced in this loop -- buffer the current output
                if (bufferedOutput == null) {
                    bufferedOutput = new ByteArrayOutputStream();
                    try {
                        bufferedOutput.write(opResult.output);
                    } catch (IOException e) {
                        throw new ProviderException("Failed to buffer output", e);
                    }
                }
            } else {
                // No more output will be produced in this loop
                byte[] result;
                if (bufferedOutput == null) {
                    // No previously buffered output
                    result = opResult.output;
                } else {
                    // There was some previously buffered output
                    try {
                        bufferedOutput.write(opResult.output);
                    } catch (IOException e) {
                        throw new ProviderException("Failed to buffer output", e);
                    }
                    result = bufferedOutput.toByteArray();
                }
                mProducedOutputSizeBytes += result.length;
                return result;
            }
        }
    }
    byte[] result;
    if (bufferedOutput == null) {
        // No output produced
        result = EmptyArray.BYTE;
    } else {
        result = bufferedOutput.toByteArray();
    }
    mProducedOutputSizeBytes += result.length;
    return result;
}
Also used : ProviderException(java.security.ProviderException) OperationResult(android.security.keymaster.OperationResult) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStoreException(android.security.KeyStoreException) IOException(java.io.IOException)

Example 39 with OperationResult

use of android.security.keymaster.OperationResult in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreCipherSpiBase method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException, InvalidAlgorithmParameterException {
    if (mMainDataStreamer != null) {
        return;
    }
    if (mCachedException != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterInputArgs = new KeymasterArguments();
    addAlgorithmSpecificParametersToBegin(keymasterInputArgs);
    byte[] additionalEntropy = KeyStoreCryptoOperationUtils.getRandomBytesToMixIntoKeystoreRng(mRng, getAdditionalEntropyAmountForBegin());
    int purpose;
    if (mKeymasterPurposeOverride != -1) {
        purpose = mKeymasterPurposeOverride;
    } else {
        purpose = mEncrypting ? KeymasterDefs.KM_PURPOSE_ENCRYPT : KeymasterDefs.KM_PURPOSE_DECRYPT;
    }
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), purpose, // permit aborting this operation if keystore runs out of resources
    true, keymasterInputArgs, additionalEntropy, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    GeneralSecurityException e = KeyStoreCryptoOperationUtils.getExceptionForCipherInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        if (e instanceof InvalidKeyException) {
            throw (InvalidKeyException) e;
        } else if (e instanceof InvalidAlgorithmParameterException) {
            throw (InvalidAlgorithmParameterException) e;
        } else {
            throw new ProviderException("Unexpected exception type", e);
        }
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    loadAlgorithmSpecificParametersFromBeginResult(opResult.outParams);
    mMainDataStreamer = createMainDataStreamer(mKeyStore, opResult.token);
    mAdditionalAuthenticationDataStreamer = createAdditionalAuthenticationDataStreamer(mKeyStore, opResult.token);
    mAdditionalAuthenticationDataStreamerClosed = false;
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) KeymasterArguments(android.security.keymaster.KeymasterArguments) ProviderException(java.security.ProviderException) GeneralSecurityException(java.security.GeneralSecurityException) OperationResult(android.security.keymaster.OperationResult) InvalidKeyException(java.security.InvalidKeyException)

Example 40 with OperationResult

use of android.security.keymaster.OperationResult in project android_frameworks_base by DirtyUnicorns.

the class KeyStoreTest method testAesGcmEncryptSuccess.

public void testAesGcmEncryptSuccess() throws Exception {
    String name = "test";
    KeymasterArguments args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);
    args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM);
    args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
    KeyCharacteristics outCharacteristics = new KeyCharacteristics();
    int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
    assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
    args = new KeymasterArguments();
    args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
    args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM);
    args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
    args.addUnsignedInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 128);
    OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null);
    IBinder token = result.token;
    assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
    result = mKeyStore.update(token, null, new byte[] { 0x01, 0x02, 0x03, 0x04 });
    assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode);
    assertEquals("Finish should succeed", KeyStore.NO_ERROR, mKeyStore.finish(token, null, null).resultCode);
// TODO: Assert that an AEAD tag was returned by finish
}
Also used : IBinder(android.os.IBinder) KeymasterArguments(android.security.keymaster.KeymasterArguments) KeyCharacteristics(android.security.keymaster.KeyCharacteristics) OperationResult(android.security.keymaster.OperationResult)

Aggregations

OperationResult (android.security.keymaster.OperationResult)55 KeymasterArguments (android.security.keymaster.KeymasterArguments)30 IBinder (android.os.IBinder)25 ProviderException (java.security.ProviderException)25 KeyCharacteristics (android.security.keymaster.KeyCharacteristics)15 InvalidKeyException (java.security.InvalidKeyException)15 KeyStoreException (android.security.KeyStoreException)10 ByteArrayOutputStream (java.io.ByteArrayOutputStream)10 IOException (java.io.IOException)10 Binder (android.os.Binder)5 GeneralSecurityException (java.security.GeneralSecurityException)5 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)5