/* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore2; import android.hardware.security.keymint.KeyParameter; import android.security.KeyStoreException; import android.security.KeyStoreOperation; import android.security.keymaster.KeymasterDefs; import android.security.keystore.KeyStoreCryptoOperation; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.ProviderException; import java.security.spec.AlgorithmParameterSpec; import java.util.ArrayList; import java.util.List; import javax.crypto.MacSpi; /** * {@link MacSpi} which provides HMAC implementations backed by Android KeyStore. * * @hide */ public abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOperation { private static final String TAG = "AndroidKeyStoreHmacSpi"; public static class HmacSHA1 extends AndroidKeyStoreHmacSpi { public HmacSHA1() { super(KeymasterDefs.KM_DIGEST_SHA1); } } public static class HmacSHA224 extends AndroidKeyStoreHmacSpi { public HmacSHA224() { super(KeymasterDefs.KM_DIGEST_SHA_2_224); } } public static class HmacSHA256 extends AndroidKeyStoreHmacSpi { public HmacSHA256() { super(KeymasterDefs.KM_DIGEST_SHA_2_256); } } public static class HmacSHA384 extends AndroidKeyStoreHmacSpi { public HmacSHA384() { super(KeymasterDefs.KM_DIGEST_SHA_2_384); } } public static class HmacSHA512 extends AndroidKeyStoreHmacSpi { public HmacSHA512() { super(KeymasterDefs.KM_DIGEST_SHA_2_512); } } private final int mKeymasterDigest; private final int mMacSizeBits; // Fields below are populated by engineInit and should be preserved after engineDoFinal. private AndroidKeyStoreSecretKey mKey; // Fields below are reset when engineDoFinal succeeds. private KeyStoreCryptoOperationChunkedStreamer mChunkedStreamer; private KeyStoreOperation mOperation; private long mOperationChallenge; protected AndroidKeyStoreHmacSpi(int keymasterDigest) { mKeymasterDigest = keymasterDigest; mMacSizeBits = KeymasterUtils.getDigestOutputSizeBits(keymasterDigest); mOperation = null; mOperationChallenge = 0; mKey = null; mChunkedStreamer = null; } @Override protected int engineGetMacLength() { return (mMacSizeBits + 7) / 8; } @Override protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { init(key, params); ensureKeystoreOperationInitialized(); success = true; } finally { if (!success) { resetAll(); } } } private void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { if (key == null) { throw new InvalidKeyException("key == null"); } else if (!(key instanceof AndroidKeyStoreSecretKey)) { throw new InvalidKeyException( "Only Android KeyStore secret keys supported. Key: " + key); } mKey = (AndroidKeyStoreSecretKey) key; if (params != null) { throw new InvalidAlgorithmParameterException( "Unsupported algorithm parameters: " + params); } } private void abortOperation() { KeyStoreCryptoOperationUtils.abortOperation(mOperation); mOperation = null; } private void resetAll() { abortOperation(); mOperationChallenge = 0; mKey = null; mChunkedStreamer = null; } private void resetWhilePreservingInitState() { abortOperation(); mOperationChallenge = 0; mChunkedStreamer = null; } @Override protected void engineReset() { resetWhilePreservingInitState(); } private void ensureKeystoreOperationInitialized() throws InvalidKeyException { if (mChunkedStreamer != null) { return; } if (mKey == null) { throw new IllegalStateException("Not initialized"); } List parameters = new ArrayList<>(); parameters.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_SIGN )); parameters.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC )); parameters.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest )); parameters.add(KeyStore2ParameterUtils.makeInt( KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits )); try { mOperation = mKey.getSecurityLevel().createOperation( mKey.getKeyIdDescriptor(), parameters ); } catch (KeyStoreException keyStoreException) { // If necessary, throw an exception due to KeyStore operation having failed. InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyException( mKey, keyStoreException); if (e != null) { throw e; } } // Now we check if we got an operation challenge. This indicates that user authorization // is required. And if we got a challenge we check if the authorization can possibly // succeed. mOperationChallenge = KeyStoreCryptoOperationUtils.getOrMakeOperationChallenge( mOperation, mKey); mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer( new KeyStoreCryptoOperationChunkedStreamer.MainDataStream( mOperation)); } @Override protected void engineUpdate(byte input) { engineUpdate(new byte[] {input}, 0, 1); } @Override protected void engineUpdate(byte[] input, int offset, int len) { try { ensureKeystoreOperationInitialized(); } catch (InvalidKeyException e) { throw new ProviderException("Failed to reinitialize MAC", e); } byte[] output; try { output = mChunkedStreamer.update(input, offset, len); } catch (KeyStoreException e) { throw new ProviderException("Keystore operation failed", e); } if ((output != null) && (output.length != 0)) { throw new ProviderException("Update operation unexpectedly produced output"); } } @Override protected byte[] engineDoFinal() { try { ensureKeystoreOperationInitialized(); } catch (InvalidKeyException e) { throw new ProviderException("Failed to reinitialize MAC", e); } byte[] result; try { result = mChunkedStreamer.doFinal( null, 0, 0, null); // no signature provided -- this invocation will generate one } catch (KeyStoreException e) { throw new ProviderException("Keystore operation failed", e); } resetWhilePreservingInitState(); return result; } @Override public void finalize() throws Throwable { try { abortOperation(); } finally { super.finalize(); } } @Override public long getOperationHandle() { return mOperationChallenge; } }