Loading core/java/android/security/IKeystoreService.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -76,5 +76,6 @@ interface IKeystoreService { int onUserAdded(int userId, int parentId); int onUserRemoved(int userId); int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain); int attestDeviceIds(in KeymasterArguments params, out KeymasterCertificateChain chain); int onDeviceOffBody(); } keystore/java/android/security/KeyStore.java +9 −0 Original line number Diff line number Diff line Loading @@ -636,6 +636,15 @@ public class KeyStore { } } public int attestDeviceIds(KeymasterArguments params, KeymasterCertificateChain outChain) { try { return mBinder.attestDeviceIds(params, outChain); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return SYSTEM_ERROR; } } /** * Notify keystore that the device went off-body. */ Loading keystore/java/android/security/keystore/AttestationUtils.java +21 −56 Original line number Diff line number Diff line Loading @@ -23,10 +23,8 @@ import android.annotation.SystemApi; import android.annotation.TestApi; import android.content.Context; import android.os.Build; import android.os.Process; import android.security.KeyStore; import android.security.KeyStoreException; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterCertificateChain; import android.security.keymaster.KeymasterDefs; Loading @@ -38,10 +36,8 @@ import java.io.ByteArrayOutputStream; import java.nio.charset.StandardCharsets; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.RSAKeyGenParameterSpec; import java.util.Collection; import java.util.Set; import java.util.concurrent.atomic.AtomicInteger; /** * Utilities for attesting the device's hardware identifiers. Loading @@ -51,8 +47,6 @@ import java.util.concurrent.atomic.AtomicInteger; @SystemApi @TestApi public abstract class AttestationUtils { private static AtomicInteger sSequenceNumber = new AtomicInteger(0); private AttestationUtils() { } Loading Loading @@ -171,34 +165,9 @@ public abstract class AttestationUtils { attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MODEL, Build.MODEL.getBytes(StandardCharsets.UTF_8)); final KeyStore keyStore = KeyStore.getInstance(); final String keyAlias = "android_internal_device_id_attestation-" + Process.myPid() + "-" + sSequenceNumber.incrementAndGet(); // Clear any leftover temporary key. if (!keyStore.delete(keyAlias)) { throw new DeviceIdAttestationException("Unable to remove temporary key"); } try { // Generate a temporary key. final KeymasterArguments generateArgs = new KeymasterArguments(); generateArgs.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_VERIFY); generateArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); generateArgs.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); generateArgs.addEnum(KeymasterDefs.KM_TAG_DIGEST, KeymasterDefs.KM_DIGEST_NONE); generateArgs.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); generateArgs.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); generateArgs.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); int errorCode = keyStore.generateKey(keyAlias, generateArgs, null, 0, new KeyCharacteristics()); if (errorCode != KeyStore.NO_ERROR) { throw new DeviceIdAttestationException("Unable to create temporary key", KeyStore.getKeyStoreException(errorCode)); } // Perform attestation. final KeymasterCertificateChain outChain = new KeymasterCertificateChain(); errorCode = keyStore.attestKey(keyAlias, attestArgs, outChain); final int errorCode = KeyStore.getInstance().attestDeviceIds(attestArgs, outChain); if (errorCode != KeyStore.NO_ERROR) { throw new DeviceIdAttestationException("Unable to perform attestation", KeyStore.getKeyStoreException(errorCode)); Loading @@ -221,9 +190,5 @@ public abstract class AttestationUtils { } catch (Exception e) { throw new DeviceIdAttestationException("Unable to construct certificate chain", e); } } finally { // Remove temporary key. keyStore.delete(keyAlias); } } } Loading
core/java/android/security/IKeystoreService.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -76,5 +76,6 @@ interface IKeystoreService { int onUserAdded(int userId, int parentId); int onUserRemoved(int userId); int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain); int attestDeviceIds(in KeymasterArguments params, out KeymasterCertificateChain chain); int onDeviceOffBody(); }
keystore/java/android/security/KeyStore.java +9 −0 Original line number Diff line number Diff line Loading @@ -636,6 +636,15 @@ public class KeyStore { } } public int attestDeviceIds(KeymasterArguments params, KeymasterCertificateChain outChain) { try { return mBinder.attestDeviceIds(params, outChain); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return SYSTEM_ERROR; } } /** * Notify keystore that the device went off-body. */ Loading
keystore/java/android/security/keystore/AttestationUtils.java +21 −56 Original line number Diff line number Diff line Loading @@ -23,10 +23,8 @@ import android.annotation.SystemApi; import android.annotation.TestApi; import android.content.Context; import android.os.Build; import android.os.Process; import android.security.KeyStore; import android.security.KeyStoreException; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterCertificateChain; import android.security.keymaster.KeymasterDefs; Loading @@ -38,10 +36,8 @@ import java.io.ByteArrayOutputStream; import java.nio.charset.StandardCharsets; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.RSAKeyGenParameterSpec; import java.util.Collection; import java.util.Set; import java.util.concurrent.atomic.AtomicInteger; /** * Utilities for attesting the device's hardware identifiers. Loading @@ -51,8 +47,6 @@ import java.util.concurrent.atomic.AtomicInteger; @SystemApi @TestApi public abstract class AttestationUtils { private static AtomicInteger sSequenceNumber = new AtomicInteger(0); private AttestationUtils() { } Loading Loading @@ -171,34 +165,9 @@ public abstract class AttestationUtils { attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MODEL, Build.MODEL.getBytes(StandardCharsets.UTF_8)); final KeyStore keyStore = KeyStore.getInstance(); final String keyAlias = "android_internal_device_id_attestation-" + Process.myPid() + "-" + sSequenceNumber.incrementAndGet(); // Clear any leftover temporary key. if (!keyStore.delete(keyAlias)) { throw new DeviceIdAttestationException("Unable to remove temporary key"); } try { // Generate a temporary key. final KeymasterArguments generateArgs = new KeymasterArguments(); generateArgs.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_VERIFY); generateArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); generateArgs.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); generateArgs.addEnum(KeymasterDefs.KM_TAG_DIGEST, KeymasterDefs.KM_DIGEST_NONE); generateArgs.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); generateArgs.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); generateArgs.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); int errorCode = keyStore.generateKey(keyAlias, generateArgs, null, 0, new KeyCharacteristics()); if (errorCode != KeyStore.NO_ERROR) { throw new DeviceIdAttestationException("Unable to create temporary key", KeyStore.getKeyStoreException(errorCode)); } // Perform attestation. final KeymasterCertificateChain outChain = new KeymasterCertificateChain(); errorCode = keyStore.attestKey(keyAlias, attestArgs, outChain); final int errorCode = KeyStore.getInstance().attestDeviceIds(attestArgs, outChain); if (errorCode != KeyStore.NO_ERROR) { throw new DeviceIdAttestationException("Unable to perform attestation", KeyStore.getKeyStoreException(errorCode)); Loading @@ -221,9 +190,5 @@ public abstract class AttestationUtils { } catch (Exception e) { throw new DeviceIdAttestationException("Unable to construct certificate chain", e); } } finally { // Remove temporary key. keyStore.delete(keyAlias); } } }
