Loading core/java/android/security/IKeystoreService.aidl +3 −3 Original line number Diff line number Diff line Loading @@ -60,8 +60,8 @@ interface IKeystoreService { // Keymaster 0.4 methods int addRngEntropy(in byte[] data); int generateKey(String alias, in KeymasterArguments arguments, int uid, int flags, out KeyCharacteristics characteristics); int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid, int flags, out KeyCharacteristics characteristics); int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId, out KeyCharacteristics characteristics); int importKey(String alias, in KeymasterArguments arguments, int format, Loading @@ -69,7 +69,7 @@ interface IKeystoreService { ExportResult exportKey(String alias, int format, in KeymasterBlob clientId, in KeymasterBlob appId); OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable, in KeymasterArguments params, out KeymasterArguments operationParams); in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams); OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input); OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature); int abort(IBinder handle); Loading keystore/java/android/security/KeyStore.java +7 −7 Original line number Diff line number Diff line Loading @@ -389,19 +389,19 @@ public class KeyStore { } } public int generateKey(String alias, KeymasterArguments args, int uid, int flags, KeyCharacteristics outCharacteristics) { public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int uid, int flags, KeyCharacteristics outCharacteristics) { try { return mBinder.generateKey(alias, args, uid, flags, outCharacteristics); return mBinder.generateKey(alias, args, entropy, uid, flags, outCharacteristics); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return SYSTEM_ERROR; } } public int generateKey(String alias, KeymasterArguments args, int flags, public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int flags, KeyCharacteristics outCharacteristics) { return generateKey(alias, args, UID_SELF, flags, outCharacteristics); return generateKey(alias, args, entropy, UID_SELF, flags, outCharacteristics); } public int getKeyCharacteristics(String alias, KeymasterBlob clientId, KeymasterBlob appId, Loading Loading @@ -441,9 +441,9 @@ public class KeyStore { } public OperationResult begin(String alias, int purpose, boolean pruneable, KeymasterArguments args, KeymasterArguments outArgs) { KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) { try { return mBinder.begin(getToken(), alias, purpose, pruneable, args, outArgs); return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; Loading keystore/tests/src/android/security/KeyStoreTest.java +27 −8 Original line number Diff line number Diff line Loading @@ -717,7 +717,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); return outCharacteristics; } Loading @@ -726,6 +726,24 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { generateRsaKey("test"); mKeyStore.delete("test"); } public void testGenerateRsaWithEntropy() throws Exception { byte[] entropy = new byte[] {1,2,3,4,5}; String name = "test"; KeymasterArguments args = new KeymasterArguments(); args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics); assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result); } public void testGenerateAndDelete() throws Exception { generateRsaKey("test"); assertTrue("delete should succeed", mKeyStore.delete("test")); Loading Loading @@ -756,7 +774,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); assertEquals("getKeyCharacteristics should fail without application ID", KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, Loading Loading @@ -790,13 +808,13 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); true, args, null, out); IBinder token = result.token; assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); Loading Loading @@ -826,7 +844,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { KeymasterArguments out = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, purpose, true, beginArgs, out); true, beginArgs, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder token = result.token; result = mKeyStore.update(token, null, in); Loading Loading @@ -885,18 +903,19 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); true, args, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder first = result.token; // Implementation detail: softkeymaster supports 16 concurrent operations for (int i = 0; i < 16; i++) { result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); } // At this point the first operation should be pruned. Loading Loading
core/java/android/security/IKeystoreService.aidl +3 −3 Original line number Diff line number Diff line Loading @@ -60,8 +60,8 @@ interface IKeystoreService { // Keymaster 0.4 methods int addRngEntropy(in byte[] data); int generateKey(String alias, in KeymasterArguments arguments, int uid, int flags, out KeyCharacteristics characteristics); int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid, int flags, out KeyCharacteristics characteristics); int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId, out KeyCharacteristics characteristics); int importKey(String alias, in KeymasterArguments arguments, int format, Loading @@ -69,7 +69,7 @@ interface IKeystoreService { ExportResult exportKey(String alias, int format, in KeymasterBlob clientId, in KeymasterBlob appId); OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable, in KeymasterArguments params, out KeymasterArguments operationParams); in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams); OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input); OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature); int abort(IBinder handle); Loading
keystore/java/android/security/KeyStore.java +7 −7 Original line number Diff line number Diff line Loading @@ -389,19 +389,19 @@ public class KeyStore { } } public int generateKey(String alias, KeymasterArguments args, int uid, int flags, KeyCharacteristics outCharacteristics) { public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int uid, int flags, KeyCharacteristics outCharacteristics) { try { return mBinder.generateKey(alias, args, uid, flags, outCharacteristics); return mBinder.generateKey(alias, args, entropy, uid, flags, outCharacteristics); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return SYSTEM_ERROR; } } public int generateKey(String alias, KeymasterArguments args, int flags, public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int flags, KeyCharacteristics outCharacteristics) { return generateKey(alias, args, UID_SELF, flags, outCharacteristics); return generateKey(alias, args, entropy, UID_SELF, flags, outCharacteristics); } public int getKeyCharacteristics(String alias, KeymasterBlob clientId, KeymasterBlob appId, Loading Loading @@ -441,9 +441,9 @@ public class KeyStore { } public OperationResult begin(String alias, int purpose, boolean pruneable, KeymasterArguments args, KeymasterArguments outArgs) { KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) { try { return mBinder.begin(getToken(), alias, purpose, pruneable, args, outArgs); return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; Loading
keystore/tests/src/android/security/KeyStoreTest.java +27 −8 Original line number Diff line number Diff line Loading @@ -717,7 +717,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); return outCharacteristics; } Loading @@ -726,6 +726,24 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { generateRsaKey("test"); mKeyStore.delete("test"); } public void testGenerateRsaWithEntropy() throws Exception { byte[] entropy = new byte[] {1,2,3,4,5}; String name = "test"; KeymasterArguments args = new KeymasterArguments(); args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics); assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result); } public void testGenerateAndDelete() throws Exception { generateRsaKey("test"); assertTrue("delete should succeed", mKeyStore.delete("test")); Loading Loading @@ -756,7 +774,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { RSAKeyGenParameterSpec.F4.longValue()); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); assertEquals("getKeyCharacteristics should fail without application ID", KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, Loading Loading @@ -790,13 +808,13 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); true, args, null, out); IBinder token = result.token; assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); Loading Loading @@ -826,7 +844,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { KeymasterArguments out = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, purpose, true, beginArgs, out); true, beginArgs, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder token = result.token; result = mKeyStore.update(token, null, in); Loading Loading @@ -885,18 +903,19 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); KeyCharacteristics outCharacteristics = new KeyCharacteristics(); int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); KeymasterArguments out = new KeymasterArguments(); args = new KeymasterArguments(); OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); true, args, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); IBinder first = result.token; // Implementation detail: softkeymaster supports 16 concurrent operations for (int i = 0; i < 16; i++) { result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null, out); assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); } // At this point the first operation should be pruned. Loading
