diff options
| author | Janis Danisevskis <jdanis@google.com> | 2020-12-17 09:33:01 -0800 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2020-12-17 20:39:45 -0700 |
| commit | ef3aaa2d59c4a6f0d670acf9ddc072a3830c086e (patch) | |
| tree | 57d7c76efc5409ecc2b58ec636616c68951fa9a1 /keystore | |
| parent | 777f0ea905ff50208bc98f8378f83fa87ab94546 (diff) | |
Keystore 2.0 SPI: Switch to aidl union KeyParameters
Test: Compiles
Change-Id: I54b0d7a97954eb45283cf48bf2372db5e7ffa61a
Diffstat (limited to 'keystore')
7 files changed, 72 insertions, 36 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java index 0775a1a99886..21ae5d2ae6b4 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java @@ -288,7 +288,7 @@ public class AndroidKeyStore3DESCipherSpi extends AndroidKeyStoreCipherSpiBase { if (parameters != null) { for (KeyParameter p : parameters) { if (p.tag == KeymasterDefs.KM_TAG_NONCE) { - returnedIv = p.blob; + returnedIv = p.value.getBlob(); break; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java index bc56f015f3bd..efb4208ed8be 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java @@ -325,7 +325,7 @@ abstract class AndroidKeyStoreAuthenticatedAESCipherSpi extends AndroidKeyStoreC if (parameters != null) { for (KeyParameter p : parameters) { if (p.tag == KeymasterDefs.KM_TAG_NONCE) { - returnedIv = p.blob; + returnedIv = p.value.getBlob(); break; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java index b2e32a3175e3..c0cd96853957 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java @@ -387,10 +387,10 @@ public class AndroidKeyStoreProvider extends Provider { for (Authorization a : response.metadata.authorizations) { switch (a.keyParameter.tag) { case KeymasterDefs.KM_TAG_ALGORITHM: - keymasterAlgorithm = a.keyParameter.integer; + keymasterAlgorithm = a.keyParameter.value.getAlgorithm(); break; case KeymasterDefs.KM_TAG_DIGEST: - if (keymasterDigest == -1) keymasterDigest = a.keyParameter.integer; + if (keymasterDigest == -1) keymasterDigest = a.keyParameter.value.getDigest(); break; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java index 9d3b9704d711..74503e1eecfa 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java @@ -102,7 +102,8 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { insideSecureHardware = KeyStore2ParameterUtils.isSecureHardware(a.securityLevel); securityLevel = a.securityLevel; - origin = KeyProperties.Origin.fromKeymaster(a.keyParameter.integer); + origin = KeyProperties.Origin.fromKeymaster( + a.keyParameter.value.getOrigin()); break; case KeymasterDefs.KM_TAG_KEY_SIZE: long keySizeUnsigned = KeyStore2ParameterUtils.getUnsignedInt(a); @@ -113,45 +114,51 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { keySize = (int) keySizeUnsigned; break; case KeymasterDefs.KM_TAG_PURPOSE: - purposes |= KeyProperties.Purpose.fromKeymaster(a.keyParameter.integer); + purposes |= KeyProperties.Purpose.fromKeymaster( + a.keyParameter.value.getKeyPurpose()); break; case KeymasterDefs.KM_TAG_PADDING: + int paddingMode = a.keyParameter.value.getPaddingMode(); try { - if (a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN - || a.keyParameter.integer == KeymasterDefs.KM_PAD_RSA_PSS) { + if (paddingMode == KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN + || paddingMode == KeymasterDefs.KM_PAD_RSA_PSS) { @KeyProperties.SignaturePaddingEnum String padding = KeyProperties.SignaturePadding.fromKeymaster( - a.keyParameter.integer); + paddingMode); signaturePaddingsList.add(padding); } else { @KeyProperties.EncryptionPaddingEnum String jcaPadding = KeyProperties.EncryptionPadding.fromKeymaster( - a.keyParameter.integer); + paddingMode); encryptionPaddingsList.add(jcaPadding); } } catch (IllegalArgumentException e) { throw new ProviderException("Unsupported padding: " - + a.keyParameter.integer); + + paddingMode); } break; case KeymasterDefs.KM_TAG_DIGEST: - digestsList.add(KeyProperties.Digest.fromKeymaster(a.keyParameter.integer)); + digestsList.add(KeyProperties.Digest.fromKeymaster( + a.keyParameter.value.getDigest())); break; case KeymasterDefs.KM_TAG_BLOCK_MODE: blockModesList.add( - KeyProperties.BlockMode.fromKeymaster(a.keyParameter.integer) + KeyProperties.BlockMode.fromKeymaster( + a.keyParameter.value.getBlockMode()) ); break; case KeymasterDefs.KM_TAG_USER_AUTH_TYPE: + int authenticatorType = a.keyParameter.value.getHardwareAuthenticatorType(); if (KeyStore2ParameterUtils.isSecureHardware(a.securityLevel)) { - keymasterHwEnforcedUserAuthenticators = a.keyParameter.integer; + keymasterHwEnforcedUserAuthenticators = authenticatorType; } else { - keymasterSwEnforcedUserAuthenticators = a.keyParameter.integer; + keymasterSwEnforcedUserAuthenticators = authenticatorType; } break; case KeymasterDefs.KM_TAG_USER_SECURE_ID: keymasterSecureUserIds.add( - KeymasterArguments.toUint64(a.keyParameter.longInteger)); + KeymasterArguments.toUint64( + a.keyParameter.value.getLongInteger())); break; case KeymasterDefs.KM_TAG_ACTIVE_DATETIME: keyValidityStart = KeyStore2ParameterUtils.getDate(a); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java index 4d4b0d8f183b..02e231ea990f 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java @@ -275,7 +275,7 @@ class AndroidKeyStoreUnauthenticatedAESCipherSpi extends AndroidKeyStoreCipherSp if (parameters != null) { for (KeyParameter p : parameters) { if (p.tag == KeymasterDefs.KM_TAG_NONCE) { - returnedIv = p.blob; + returnedIv = p.value.getBlob(); break; } } diff --git a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java index 18c786aa3093..32dfd6e7050c 100644 --- a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java +++ b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java @@ -19,7 +19,9 @@ package android.security.keystore2; import android.annotation.NonNull; import android.hardware.biometrics.BiometricManager; import android.hardware.security.keymint.KeyParameter; +import android.hardware.security.keymint.KeyParameterValue; import android.hardware.security.keymint.SecurityLevel; +import android.hardware.security.keymint.Tag; import android.security.GateKeeper; import android.security.keymaster.KeymasterDefs; import android.security.keystore.KeyProperties; @@ -50,7 +52,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.boolValue = true; + p.value = KeyParameterValue.boolValue(true); return p; } @@ -62,14 +64,40 @@ public abstract class KeyStore2ParameterUtils { * @hide */ static @NonNull KeyParameter makeEnum(int tag, int v) { - int type = KeymasterDefs.getTagType(tag); - if (type != KeymasterDefs.KM_ENUM && type != KeymasterDefs.KM_ENUM_REP) { - throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag); + KeyParameter kp = new KeyParameter(); + kp.tag = tag; + switch (tag) { + case Tag.PURPOSE: + kp.value = KeyParameterValue.keyPurpose(v); + break; + case Tag.ALGORITHM: + kp.value = KeyParameterValue.algorithm(v); + break; + case Tag.BLOCK_MODE: + kp.value = KeyParameterValue.blockMode(v); + break; + case Tag.DIGEST: + kp.value = KeyParameterValue.digest(v); + break; + case Tag.EC_CURVE: + kp.value = KeyParameterValue.ecCurve(v); + break; + case Tag.ORIGIN: + kp.value = KeyParameterValue.origin(v); + break; + case Tag.PADDING: + kp.value = KeyParameterValue.paddingMode(v); + break; + case Tag.USER_AUTH_TYPE: + kp.value = KeyParameterValue.hardwareAuthenticatorType(v); + break; + case Tag.HARDWARE_TYPE: + kp.value = KeyParameterValue.securityLevel(v); + break; + default: + throw new IllegalArgumentException("Not an enum or repeatable enum tag: " + tag); } - KeyParameter p = new KeyParameter(); - p.tag = tag; - p.integer = v; - return p; + return kp; } /** @@ -86,7 +114,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.integer = v; + p.value = KeyParameterValue.integer(v); return p; } @@ -104,7 +132,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.longInteger = v; + p.value = KeyParameterValue.longInteger(v); return p; } @@ -121,7 +149,7 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.blob = b; + p.value = KeyParameterValue.blob(b); return p; } @@ -138,9 +166,10 @@ public abstract class KeyStore2ParameterUtils { } KeyParameter p = new KeyParameter(); p.tag = tag; - p.longInteger = date.getTime(); - if (p.longInteger < 0) { - throw new IllegalArgumentException("Date tag value out of range: " + p.longInteger); + p.value = KeyParameterValue.dateTime(date.getTime()); + if (p.value.getDateTime() < 0) { + throw new IllegalArgumentException("Date tag value out of range: " + + p.value.getDateTime()); } return p; } @@ -160,18 +189,18 @@ public abstract class KeyStore2ParameterUtils { throw new IllegalArgumentException("Not an int tag: " + param.keyParameter.tag); } // KM_UINT is 32 bits wide so we must suppress sign extension. - return ((long) param.keyParameter.integer) & 0xffffffffL; + return ((long) param.keyParameter.value.getInteger()) & 0xffffffffL; } static @NonNull Date getDate(@NonNull Authorization param) { if (KeymasterDefs.getTagType(param.keyParameter.tag) != KeymasterDefs.KM_DATE) { throw new IllegalArgumentException("Not a date tag: " + param.keyParameter.tag); } - if (param.keyParameter.longInteger < 0) { + if (param.keyParameter.value.getDateTime() < 0) { throw new IllegalArgumentException("Date Value too large: " - + param.keyParameter.longInteger); + + param.keyParameter.value.getDateTime()); } - return new Date(param.keyParameter.longInteger); + return new Date(param.keyParameter.value.getDateTime()); } static void forEachSetFlag(int flags, Consumer<Integer> consumer) { diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java index 3b11854bf7cb..f87a3d25f90c 100644 --- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java +++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java @@ -57,7 +57,7 @@ abstract class KeyStoreCryptoOperationUtils { for (Authorization p : key.getAuthorizations()) { switch(p.keyParameter.tag) { case KeymasterDefs.KM_TAG_USER_SECURE_ID: - keySids.add(p.keyParameter.longInteger); + keySids.add(p.keyParameter.value.getLongInteger()); break; default: break; |