am 1a3ab87e: am 614b39f3: Merge "Refactor Android Keystore CipherSpi base class." into mnc-dev (c95fba73) · Commits · e / os / android_frameworks_base

keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java

+5 −5

Original line number	Diff line number	Diff line
		@@ -77,17 +77,17 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider {

		// javax.crypto.Cipher
		putSymmetricCipherImpl("AES/ECB/NoPadding",
		PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$NoPadding");
		PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$ECB$NoPadding");
		putSymmetricCipherImpl("AES/ECB/PKCS7Padding",
		PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$PKCS7Padding");
		PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$ECB$PKCS7Padding");

		putSymmetricCipherImpl("AES/CBC/NoPadding",
		PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$NoPadding");
		PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CBC$NoPadding");
		putSymmetricCipherImpl("AES/CBC/PKCS7Padding",
		PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$PKCS7Padding");
		PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CBC$PKCS7Padding");

		putSymmetricCipherImpl("AES/CTR/NoPadding",
		PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CTR$NoPadding");
		PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CTR$NoPadding");
		}

		private void putMacImpl(String algorithm, String implClass) {

keystore/java/android/security/keystore/AndroidKeyStoreCipherSpi.java→keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java

+534 −0

File changed and moved.

Preview size limit exceeded, changes collapsed.

keystore/java/android/security/keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi.java

0 → 100644

+292 −0

Original line number	Diff line number	Diff line
		package android.security.keystore;

		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.security.keymaster.KeymasterArguments;
		import android.security.keymaster.KeymasterDefs;

		import java.security.AlgorithmParameters;
		import java.security.InvalidAlgorithmParameterException;
		import java.security.InvalidKeyException;
		import java.security.Key;
		import java.security.NoSuchAlgorithmException;
		import java.security.ProviderException;
		import java.security.spec.AlgorithmParameterSpec;
		import java.security.spec.InvalidParameterSpecException;
		import java.util.Arrays;

		import javax.crypto.CipherSpi;
		import javax.crypto.spec.IvParameterSpec;

		/**
		* Base class for Android Keystore unauthenticated AES {@link CipherSpi} implementations.
		*
		* @hide
		*/
		class AndroidKeyStoreUnauthenticatedAESCipherSpi extends AndroidKeyStoreCipherSpiBase {

		abstract static class ECB extends AndroidKeyStoreUnauthenticatedAESCipherSpi {
		protected ECB(int keymasterPadding) {
		super(KeymasterDefs.KM_MODE_ECB, keymasterPadding, false);
		}

		public static class NoPadding extends ECB {
		public NoPadding() {
		super(KeymasterDefs.KM_PAD_NONE);
		}
		}

		public static class PKCS7Padding extends ECB {
		public PKCS7Padding() {
		super(KeymasterDefs.KM_PAD_PKCS7);
		}
		}
		}

		abstract static class CBC extends AndroidKeyStoreUnauthenticatedAESCipherSpi {
		protected CBC(int keymasterPadding) {
		super(KeymasterDefs.KM_MODE_CBC, keymasterPadding, true);
		}

		public static class NoPadding extends CBC {
		public NoPadding() {
		super(KeymasterDefs.KM_PAD_NONE);
		}
		}

		public static class PKCS7Padding extends CBC {
		public PKCS7Padding() {
		super(KeymasterDefs.KM_PAD_PKCS7);
		}
		}
		}

		abstract static class CTR extends AndroidKeyStoreUnauthenticatedAESCipherSpi {
		protected CTR(int keymasterPadding) {
		super(KeymasterDefs.KM_MODE_CTR, keymasterPadding, true);
		}

		public static class NoPadding extends CTR {
		public NoPadding() {
		super(KeymasterDefs.KM_PAD_NONE);
		}
		}
		}

		private static final int BLOCK_SIZE_BYTES = 16;

		private final int mKeymasterBlockMode;
		private final int mKeymasterPadding;
		/** Whether this transformation requires an IV. */
		private final boolean mIvRequired;

		private byte[] mIv;

		/** Whether the current {@code #mIv} has been used by the underlying crypto operation. */
		private boolean mIvHasBeenUsed;

		AndroidKeyStoreUnauthenticatedAESCipherSpi(
		int keymasterBlockMode,
		int keymasterPadding,
		boolean ivRequired) {
		mKeymasterBlockMode = keymasterBlockMode;
		mKeymasterPadding = keymasterPadding;
		mIvRequired = ivRequired;
		}

		@Override
		protected final void resetAll() {
		mIv = null;
		mIvHasBeenUsed = false;
		super.resetAll();
		}

		@Override
		protected final void resetWhilePreservingInitState() {
		super.resetWhilePreservingInitState();
		}

		@Override
		protected final void initKey(int opmode, Key key) throws InvalidKeyException {
		if (!(key instanceof AndroidKeyStoreSecretKey)) {
		throw new InvalidKeyException(
		"Unsupported key: " + ((key != null) ? key.getClass().getName() : "null"));
		}
		if (!KeyProperties.KEY_ALGORITHM_AES.equalsIgnoreCase(key.getAlgorithm())) {
		throw new InvalidKeyException(
		"Unsupported key algorithm: " + key.getAlgorithm() + ". Only " +
		KeyProperties.KEY_ALGORITHM_AES + " supported");
		}
		setKey((AndroidKeyStoreSecretKey) key);
		}

		@Override
		protected final void initAlgorithmSpecificParameters() throws InvalidKeyException {
		if (!mIvRequired) {
		return;
		}

		// IV is used
		if (!isEncrypting()) {
		throw new InvalidKeyException("IV required when decrypting"
		+ ". Use IvParameterSpec or AlgorithmParameters to provide it.");
		}
		}

		@Override
		protected final void initAlgorithmSpecificParameters(AlgorithmParameterSpec params)
		throws InvalidAlgorithmParameterException {
		if (!mIvRequired) {
		if (params != null) {
		throw new InvalidAlgorithmParameterException("Unsupported parameters: " + params);
		}
		return;
		}

		// IV is used
		if (params == null) {
		if (!isEncrypting()) {
		// IV must be provided by the caller
		throw new InvalidAlgorithmParameterException(
		"IvParameterSpec must be provided when decrypting");
		}
		return;
		}
		if (!(params instanceof IvParameterSpec)) {
		throw new InvalidAlgorithmParameterException("Only IvParameterSpec supported");
		}
		mIv = ((IvParameterSpec) params).getIV();
		if (mIv == null) {
		throw new InvalidAlgorithmParameterException("Null IV in IvParameterSpec");
		}
		}

		@Override
		protected final void initAlgorithmSpecificParameters(AlgorithmParameters params)
		throws InvalidAlgorithmParameterException {
		if (!mIvRequired) {
		if (params != null) {
		throw new InvalidAlgorithmParameterException("Unsupported parameters: " + params);
		}
		return;
		}

		// IV is used
		if (params == null) {
		if (!isEncrypting()) {
		// IV must be provided by the caller
		throw new InvalidAlgorithmParameterException("IV required when decrypting"
		+ ". Use IvParameterSpec or AlgorithmParameters to provide it.");
		}
		return;
		}

		IvParameterSpec ivSpec;
		try {
		ivSpec = params.getParameterSpec(IvParameterSpec.class);
		} catch (InvalidParameterSpecException e) {
		if (!isEncrypting()) {
		// IV must be provided by the caller
		throw new InvalidAlgorithmParameterException("IV required when decrypting"
		+ ", but not found in parameters: " + params, e);
		}
		mIv = null;
		return;
		}
		mIv = ivSpec.getIV();
		if (mIv == null) {
		throw new InvalidAlgorithmParameterException("Null IV in AlgorithmParameters");
		}
		}

		@Override
		protected final int getAdditionalEntropyAmountForBegin() {
		if ((mIvRequired) && (mIv == null) && (isEncrypting())) {
		// IV will need to be generated
		return BLOCK_SIZE_BYTES;
		}

		return 0;
		}

		@Override
		protected final void addAlgorithmSpecificParametersToBegin(
		@NonNull KeymasterArguments keymasterArgs) {
		if ((isEncrypting()) && (mIvRequired) && (mIvHasBeenUsed)) {
		// IV is being reused for encryption: this violates security best practices.
		throw new IllegalStateException(
		"IV has already been used. Reusing IV in encryption mode violates security best"
		+ " practices.");
		}

		keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
		keymasterArgs.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, mKeymasterBlockMode);
		keymasterArgs.addInt(KeymasterDefs.KM_TAG_PADDING, mKeymasterPadding);
		if ((mIvRequired) && (mIv != null)) {
		keymasterArgs.addBlob(KeymasterDefs.KM_TAG_NONCE, mIv);
		}
		}

		@Override
		protected final void loadAlgorithmSpecificParametersFromBeginResult(
		@NonNull KeymasterArguments keymasterArgs) {
		mIvHasBeenUsed = true;

		// NOTE: Keymaster doesn't always return an IV, even if it's used.
		byte[] returnedIv = keymasterArgs.getBlob(KeymasterDefs.KM_TAG_NONCE, null);
		if ((returnedIv != null) && (returnedIv.length == 0)) {
		returnedIv = null;
		}

		if (mIvRequired) {
		if (mIv == null) {
		mIv = returnedIv;
		} else if ((returnedIv != null) && (!Arrays.equals(returnedIv, mIv))) {
		throw new ProviderException("IV in use differs from provided IV");
		}
		} else {
		if (returnedIv != null) {
		throw new ProviderException(
		"IV in use despite IV not being used by this transformation");
		}
		}
		}

		@Override
		protected final int engineGetBlockSize() {
		return BLOCK_SIZE_BYTES;
		}

		@Override
		protected final int engineGetOutputSize(int inputLen) {
		return inputLen + 3 * BLOCK_SIZE_BYTES;
		}

		@Override
		protected final byte[] engineGetIV() {
		return ArrayUtils.cloneIfNotEmpty(mIv);
		}

		@Nullable
		@Override
		protected final AlgorithmParameters engineGetParameters() {
		if (!mIvRequired) {
		return null;
		}
		if ((mIv != null) && (mIv.length > 0)) {
		try {
		AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
		params.init(new IvParameterSpec(mIv));
		return params;
		} catch (NoSuchAlgorithmException e) {
		throw new ProviderException(
		"Failed to obtain AES AlgorithmParameters", e);
		} catch (InvalidParameterSpecException e) {
		throw new ProviderException(
		"Failed to initialize AES AlgorithmParameters with an IV",
		e);
		}
		}
		return null;
		}
		}

keystore/java/android/security/keystore/ArrayUtils.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,10 @@ public abstract class ArrayUtils {
		return ((array != null) && (array.length > 0)) ? array.clone() : array;
		}

		public static byte[] cloneIfNotEmpty(byte[] array) {
		return ((array != null) && (array.length > 0)) ? array.clone() : array;
		}

		public static byte[] concat(byte[] arr1, byte[] arr2) {
		return concat(arr1, 0, (arr1 != null) ? arr1.length : 0,
		arr2, 0, (arr2 != null) ? arr2.length : 0);

keystore/java/android/security/keystore/KeyStoreCryptoOperationUtils.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,8 @@ package android.security.keystore;
		import android.security.KeyStore;
		import android.security.keymaster.KeymasterDefs;

		import libcore.util.EmptyArray;

		import java.security.GeneralSecurityException;
		import java.security.InvalidAlgorithmParameterException;
		import java.security.InvalidKeyException;
		@@ -94,6 +96,9 @@ abstract class KeyStoreCryptoOperationUtils {
		* RNG.
		*/
		static byte[] getRandomBytesToMixIntoKeystoreRng(SecureRandom rng, int sizeBytes) {
		if (sizeBytes <= 0) {
		return EmptyArray.BYTE;
		}
		if (rng == null) {
		rng = getRng();
		}