diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2020-12-21 18:10:58 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-12-21 18:10:58 +0000 |
| commit | 220d33ce2cf0542297b14a26efcee6e6fbd93a8b (patch) | |
| tree | d2e5e1217038cc61a28450703a9c3ad131fb8641 /keystore/java/android/security/keystore2 | |
| parent | 17f8ae5f7cc456088e2c6de86782157225c44cbe (diff) | |
| parent | ef3aaa2d59c4a6f0d670acf9ddc072a3830c086e (diff) | |
Merge "Keystore 2.0 SPI: Switch to aidl union KeyParameters"
Diffstat (limited to 'keystore/java/android/security/keystore2')
7 files changed, 72 insertions, 36 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java index 83ff84d372f3..56f7ea8725ee 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java @@ -309,7 +309,7 @@ public abstract class AndroidKeyStore3DESCipherSpi extends AndroidKeyStoreCipher if (parameters != null) { for (KeyParameter p : parameters) { if (p.tag == KeymasterDefs.KM_TAG_NONCE) { - returnedIv = p.blob; + returnedIv = p.value.getBlob(); break; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java index aab84e390c73..64da83778a45 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java @@ -330,7 +330,7 @@ abstract class AndroidKeyStoreAuthenticatedAESCipherSpi extends AndroidKeyStoreC if (parameters != null) { for (KeyParameter p : parameters) { if (p.tag == KeymasterDefs.KM_TAG_NONCE) { - returnedIv = p.blob; + returnedIv = p.value.getBlob(); break; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java index 176507c74d96..403da189262d 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java @@ -366,10 +366,10 @@ public class AndroidKeyStoreProvider extends Provider { for (Authorization a : response.metadata.authorizations) { switch (a.keyParameter.tag) { case KeymasterDefs.KM_TAG_ALGORITHM: - keymasterAlgorithm = a.keyParameter.integer; + keymasterAlgorithm = a.keyParameter.value.getAlgorithm(); break; case KeymasterDefs.KM_TAG_DIGEST: - if (keymasterDigest == -1) keymasterDigest = a.keyParameter.integer; + if (keymasterDigest == -1) keymasterDigest = a.keyParameter.value.getDigest(); break; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java index 9d3b9704d711..74503e1eecfa 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java @@ -102,7 +102,8 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { insideSecureHardware = KeyStore2ParameterUtils.isSecureHardware(a.securityLevel); securityLevel = a.securityLevel; - origin = KeyProperties.Origin.fromKeymaster(a.keyParameter.integer); + origin = KeyProperties.Origin.fromKeymaster( + a.keyParameter.value.getOrigin()); break; case KeymasterDefs.KM_TAG_KEY_SIZE: long keySizeUnsigned = KeyStore2ParameterUtils.getUnsignedInt(a); @@ -113,45 +114,51 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { keySize = (int) keySizeUnsigned; break; case KeymasterDefs.KM_TAG_PURPOSE: - purposes |= KeyProperties.Purpose.fromKeymaster(a.keyParameter.integer); + purposes |= KeyProperties.Purpose.fromKeymaster( + a.keyParameter.value.getKeyPurpose()); break; case KeymasterDefs.KM_TAG_PADDING: + int paddingMode = a.keyParameter.value.getPaddingMode(); try { - if (a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN - || a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PSS) { + if (paddingMode == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN + || paddingMode == KeymasterDefs.KM_PAD_RSA_PSS) { @KeyProperties.SignaturePaddingEnum String padding = KeyProperties.SignaturePadding.fromKeymaster( - a.keyParameter.integer); + paddingMode); signaturePaddingsList.add(padding); } else { @KeyProperties.EncryptionPaddingEnum String jcaPadding = KeyProperties.EncryptionPadding.fromKeymaster( - a.keyParameter.integer); + paddingMode); encryptionPaddingsList.add(jcaPadding); } } catch (IllegalArgumentException e) { throw new ProviderException("Unsupported padding: " - + a.keyParameter.integer); + + paddingMode); } break; case KeymasterDefs.KM_TAG_DIGEST: - digestsList.add(KeyProperties.Digest.fromKeymaster(a.keyParameter.integer)); + digestsList.add(KeyProperties.Digest.fromKeymaster( + a.keyParameter.value.getDigest())); break; case KeymasterDefs.KM_TAG_BLOCK_MODE: blockModesList.add( - KeyProperties.BlockMode.fromKeymaster(a.keyParameter.integer) + KeyProperties.BlockMode.fromKeymaster( + a.keyParameter.value.getBlockMode()) ); break; case KeymasterDefs.KM_TAG_USER_AUTH_TYPE: + int authenticatorType = a.keyParameter.value.getHardwareAuthenticatorType(); if (KeyStore2ParameterUtils.isSecureHardware(a.securityLevel)) { - keymasterHwEnforcedUserAuthenticators = a.keyParameter.integer; + keymasterHwEnforcedUserAuthenticators = authenticatorType; } else { - keymasterSwEnforcedUserAuthenticators = a.keyParameter.integer; + keymasterSwEnforcedUserAuthenticators = authenticatorType; } break; case KeymasterDefs.KM_TAG_USER_SECURE_ID: keymasterSecureUserIds.add( - KeymasterArguments.toUint64(a.keyParameter.longInteger)); + KeymasterArguments.toUint64( + a.keyParameter.value.getLongInteger())); break; case KeymasterDefs.KM_TAG_ACTIVE_DATETIME: keyValidityStart = KeyStore2ParameterUtils.getDate(a); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java index fd3d28976b2e..5c048a127cb3 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java @@ -300,7 +300,7 @@ abstract class AndroidKeyStoreUnauthenticatedAESCipherSpi extends AndroidKeyStor if (parameters != null) { for (KeyParameter p : parameters) { if (p.tag == KeymasterDefs.KM_TAG_NONCE) { - returnedIv = p.blob; + returnedIv = p.value.getBlob(); break; } } diff --git a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java index ae2e47503284..4c8ab8d6c713 100644 --- a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java +++ b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java @@ -19,7 +19,9 @@ package android.security.keystore2; import android.annotation.NonNull; import android.hardware.biometrics.BiometricManager; import android.hardware.security.keymint.KeyParameter; +import android.hardware.security.keymint.KeyParameterValue; import android.hardware.security.keymint.SecurityLevel; +import android.hardware.security.keymint.Tag; import android.security.GateKeeper; import android.security.keymaster.KeymasterDefs; import android.security.keystore.KeyProperties; @@ -50,7 +52,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.boolValue = true; + p.value = KeyParameterValue.boolValue(true); return p; } @@ -62,14 +64,40 @@ public abstract class KeyStore2ParameterUtils { * @hide */ static @NonNull KeyParameter makeEnum(int tag, int v) { - int type = KeymasterDefs.getTagType(tag); - if (type != KeymasterDefs.KM_ENUM && type != KeymasterDefs.KM_ENUM_REP) { - throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag); + KeyParameter kp = new KeyParameter(); + kp.tag = tag; + switch (tag) { + case Tag.PURPOSE: + kp.value = KeyParameterValue.keyPurpose(v); + break; + case Tag.ALGORITHM: + kp.value = KeyParameterValue.algorithm(v); + break; + case Tag.BLOCK_MODE: + kp.value = KeyParameterValue.blockMode(v); + break; + case Tag.DIGEST: + kp.value = KeyParameterValue.digest(v); + break; + case Tag.EC_CURVE: + kp.value = KeyParameterValue.ecCurve(v); + break; + case Tag.ORIGIN: + kp.value = KeyParameterValue.origin(v); + break; + case Tag.PADDING: + kp.value = KeyParameterValue.paddingMode(v); + break; + case Tag.USER_AUTH_TYPE: + kp.value = KeyParameterValue.hardwareAuthenticatorType(v); + break; + case Tag.HARDWARE_TYPE: + kp.value = KeyParameterValue.securityLevel(v); + break; + default: + throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag); } - KeyParameter p = new KeyParameter(); - p.tag = tag; - p.integer = v; - return p; + return kp; } /** @@ -86,7 +114,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.integer = v; + p.value = KeyParameterValue.integer(v); return p; } @@ -104,7 +132,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.longInteger = v; + p.value = KeyParameterValue.longInteger(v); return p; } @@ -121,7 +149,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.blob = b; + p.value = KeyParameterValue.blob(b); return p; } @@ -138,9 +166,10 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.longInteger = date.getTime(); - if (p.longInteger < 0) { - throw new IllegalArgumentException("Date tag value out of range: " + p.longInteger); + p.value = KeyParameterValue.dateTime(date.getTime()); + if (p.value.getDateTime() < 0) { + throw new IllegalArgumentException("Date tag value out of range: " + + p.value.getDateTime()); } return p; } @@ -160,18 +189,18 @@ public abstract class KeyStore2ParameterUtils { throw new IllegalArgumentException("Not an int tag: " + param.keyParameter.tag); } // KM_UINT is 32 bits wide so we must suppress sign extension. - return ((long) param.keyParameter.integer) & 0xffffffffL; + return ((long) param.keyParameter.value.getInteger()) & 0xffffffffL; } static @NonNull Date getDate(@NonNull Authorization param) { if (KeymasterDefs.getTagType(param.keyParameter.tag) != KeymasterDefs.KM_DATE) { throw new IllegalArgumentException("Not a date tag: " + param.keyParameter.tag); } - if (param.keyParameter.longInteger < 0) { + if (param.keyParameter.value.getDateTime() < 0) { throw new IllegalArgumentException("Date Value too large: " - + param.keyParameter.longInteger); + + param.keyParameter.value.getDateTime()); } - return new Date(param.keyParameter.longInteger); + return new Date(param.keyParameter.value.getDateTime()); } static void forEachSetFlag(int flags, Consumer<Integer> consumer) { diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java index 3b11854bf7cb..f87a3d25f90c 100644 --- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java +++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java @@ -57,7 +57,7 @@ abstract class KeyStoreCryptoOperationUtils { for (Authorization p : key.getAuthorizations()) { switch(p.keyParameter.tag) { case KeymasterDefs.KM_TAG_USER_SECURE_ID: - keySids.add(p.keyParameter.longInteger); + keySids.add(p.keyParameter.value.getLongInteger()); break; default: break; |