Track changes to the keystore binder API (966486e1) · Commits · e / os / android_frameworks_base

core/java/android/security/IKeystoreService.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -65,7 +65,7 @@ interface IKeystoreService {
		ExportResult exportKey(String alias, int format, in KeymasterBlob clientId,
		in KeymasterBlob appId);
		OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
		in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams);
		in KeymasterArguments params, in byte[] entropy);
		OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
		OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature);
		int abort(IBinder handle);

+3 −0

Original line number	Diff line number	Diff line
		@@ -31,6 +31,7 @@ public class OperationResult implements Parcelable {
		public final long operationHandle;
		public final int inputConsumed;
		public final byte[] output;
		public final KeymasterArguments outParams;

		public static final Parcelable.Creator<OperationResult> CREATOR = new
		Parcelable.Creator<OperationResult>() {
		@@ -49,6 +50,7 @@ public class OperationResult implements Parcelable {
		operationHandle = in.readLong();
		inputConsumed = in.readInt();
		output = in.createByteArray();
		outParams = KeymasterArguments.CREATOR.createFromParcel(in);
		}

		@Override
		@@ -63,5 +65,6 @@ public class OperationResult implements Parcelable {
		out.writeLong(operationHandle);
		out.writeInt(inputConsumed);
		out.writeByteArray(output);
		outParams.writeToParcel(out, flags);
		}
		}

+2 −2

Original line number	Diff line number	Diff line
		@@ -496,9 +496,9 @@ public class KeyStore {
		}

		public OperationResult begin(String alias, int purpose, boolean pruneable,
		KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) {
		KeymasterArguments args, byte[] entropy) {
		try {
		return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs);
		return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy);
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return null;

+2 −3

Original line number	Diff line number	Diff line
		@@ -216,8 +216,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
		mEncrypting ? KeymasterDefs.KM_PURPOSE_ENCRYPT : KeymasterDefs.KM_PURPOSE_DECRYPT,
		true, // permit aborting this operation if keystore runs out of resources
		keymasterInputArgs,
		additionalEntropy,
		keymasterOutputArgs);
		additionalEntropy);
		if (opResult == null) {
		throw new KeyStoreConnectException();
		}
		@@ -247,7 +246,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
		throw new ProviderException("Keystore returned invalid operation handle");
		}

		loadAlgorithmSpecificParametersFromBeginResult(keymasterOutputArgs);
		loadAlgorithmSpecificParametersFromBeginResult(opResult.outParams);
		mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer(
		new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
		mKeyStore, opResult.token));

+2 −3

Original line number	Diff line number	Diff line
		@@ -163,14 +163,13 @@ public abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreC
		keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest);
		keymasterArgs.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits);

		KeymasterArguments keymasterOutputArgs = new KeymasterArguments();
		OperationResult opResult = mKeyStore.begin(
		mKey.getAlias(),
		KeymasterDefs.KM_PURPOSE_SIGN,
		true,
		keymasterArgs,
		null, // no additional entropy needed for HMAC because it's deterministic
		keymasterOutputArgs);
		null); // no additional entropy needed for HMAC because it's deterministic

		if (opResult == null) {
		throw new KeyStoreConnectException();
		}