Loading keystore/java/android/security/KeyStoreCipherSpi.java +39 −10 Original line number Diff line number Diff line Loading @@ -152,29 +152,58 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry @Override protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { resetAll(); boolean success = false; try { init(opmode, key, random); initAlgorithmSpecificParameters(); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } @Override protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(opmode, key, random); initAlgorithmSpecificParameters(params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } @Override protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(opmode, key, random); initAlgorithmSpecificParameters(params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } private void init(int opmode, Key key, SecureRandom random) throws InvalidKeyException { resetAll(); if (!(key instanceof KeyStoreSecretKey)) { throw new InvalidKeyException( "Unsupported key: " + ((key != null) ? key.getClass().getName() : "null")); Loading keystore/java/android/security/KeyStoreHmacSpi.java +40 −12 Original line number Diff line number Diff line Loading @@ -69,9 +69,10 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp private final int mKeymasterDigest; private final int mMacSizeBytes; private String mKeyAliasInKeyStore; // Fields below are populated by engineInit and should be preserved after engineDoFinal. private KeyStoreSecretKey mKey; // The fields below are reset by the engineReset operation. // Fields below are reset when engineDoFinal succeeds. private KeyStoreCryptoOperationChunkedStreamer mChunkedStreamer; private IBinder mOperationToken; private Long mOperationHandle; Loading @@ -89,28 +90,49 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp @Override protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(key, params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } private void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { if (key == null) { throw new InvalidKeyException("key == null"); } else if (!(key instanceof KeyStoreSecretKey)) { throw new InvalidKeyException( "Only Android KeyStore secret keys supported. Key: " + key); } mKey = (KeyStoreSecretKey) key; if (params != null) { throw new InvalidAlgorithmParameterException( "Unsupported algorithm parameters: " + params); } mKeyAliasInKeyStore = ((KeyStoreSecretKey) key).getAlias(); if (mKeyAliasInKeyStore == null) { throw new InvalidKeyException("Key's KeyStore alias not known"); } engineReset(); ensureKeystoreOperationInitialized(); private void resetAll() { mKey = null; IBinder operationToken = mOperationToken; if (operationToken != null) { mOperationToken = null; mKeyStore.abort(operationToken); } mOperationHandle = null; mChunkedStreamer = null; } @Override protected void engineReset() { private void resetWhilePreservingInitState() { IBinder operationToken = mOperationToken; if (operationToken != null) { mOperationToken = null; Loading @@ -120,11 +142,16 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp mChunkedStreamer = null; } @Override protected void engineReset() { resetWhilePreservingInitState(); } private void ensureKeystoreOperationInitialized() { if (mChunkedStreamer != null) { return; } if (mKeyAliasInKeyStore == null) { if (mKey == null) { throw new IllegalStateException("Not initialized"); } Loading @@ -132,7 +159,8 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC); keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); OperationResult opResult = mKeyStore.begin(mKeyAliasInKeyStore, OperationResult opResult = mKeyStore.begin( mKey.getAlias(), KeymasterDefs.KM_PURPOSE_SIGN, true, keymasterArgs, Loading Loading @@ -184,7 +212,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp throw KeyStore.getCryptoOperationException(e); } engineReset(); resetWhilePreservingInitState(); return result; } Loading Loading
keystore/java/android/security/KeyStoreCipherSpi.java +39 −10 Original line number Diff line number Diff line Loading @@ -152,29 +152,58 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry @Override protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { resetAll(); boolean success = false; try { init(opmode, key, random); initAlgorithmSpecificParameters(); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } @Override protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(opmode, key, random); initAlgorithmSpecificParameters(params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } @Override protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(opmode, key, random); initAlgorithmSpecificParameters(params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } private void init(int opmode, Key key, SecureRandom random) throws InvalidKeyException { resetAll(); if (!(key instanceof KeyStoreSecretKey)) { throw new InvalidKeyException( "Unsupported key: " + ((key != null) ? key.getClass().getName() : "null")); Loading
keystore/java/android/security/KeyStoreHmacSpi.java +40 −12 Original line number Diff line number Diff line Loading @@ -69,9 +69,10 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp private final int mKeymasterDigest; private final int mMacSizeBytes; private String mKeyAliasInKeyStore; // Fields below are populated by engineInit and should be preserved after engineDoFinal. private KeyStoreSecretKey mKey; // The fields below are reset by the engineReset operation. // Fields below are reset when engineDoFinal succeeds. private KeyStoreCryptoOperationChunkedStreamer mChunkedStreamer; private IBinder mOperationToken; private Long mOperationHandle; Loading @@ -89,28 +90,49 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp @Override protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(key, params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } private void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { if (key == null) { throw new InvalidKeyException("key == null"); } else if (!(key instanceof KeyStoreSecretKey)) { throw new InvalidKeyException( "Only Android KeyStore secret keys supported. Key: " + key); } mKey = (KeyStoreSecretKey) key; if (params != null) { throw new InvalidAlgorithmParameterException( "Unsupported algorithm parameters: " + params); } mKeyAliasInKeyStore = ((KeyStoreSecretKey) key).getAlias(); if (mKeyAliasInKeyStore == null) { throw new InvalidKeyException("Key's KeyStore alias not known"); } engineReset(); ensureKeystoreOperationInitialized(); private void resetAll() { mKey = null; IBinder operationToken = mOperationToken; if (operationToken != null) { mOperationToken = null; mKeyStore.abort(operationToken); } mOperationHandle = null; mChunkedStreamer = null; } @Override protected void engineReset() { private void resetWhilePreservingInitState() { IBinder operationToken = mOperationToken; if (operationToken != null) { mOperationToken = null; Loading @@ -120,11 +142,16 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp mChunkedStreamer = null; } @Override protected void engineReset() { resetWhilePreservingInitState(); } private void ensureKeystoreOperationInitialized() { if (mChunkedStreamer != null) { return; } if (mKeyAliasInKeyStore == null) { if (mKey == null) { throw new IllegalStateException("Not initialized"); } Loading @@ -132,7 +159,8 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC); keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); OperationResult opResult = mKeyStore.begin(mKeyAliasInKeyStore, OperationResult opResult = mKeyStore.begin( mKey.getAlias(), KeymasterDefs.KM_PURPOSE_SIGN, true, keymasterArgs, Loading Loading @@ -184,7 +212,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp throw KeyStore.getCryptoOperationException(e); } engineReset(); resetWhilePreservingInitState(); return result; } Loading
