Adding check for HMAC/EC key size for StrongBox
engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call
into the backing Keymaster implementation until generate is called on it
to actually create the key. If a disallowed spec for StrongBox is passed
in, the backing StrongBox implementation won't be able to revoke it
until engineGenerateKey() is called, which will create different
behaviors between TEE backed implementations (which support a wider
range of algorithm spec parameters) and StrongBox implementations from a
public API perspective. This change will make sure HMAC is the same for
StrongBox.
This is also being done for EC keys in
AndroidKeyStoreKeyPairGeneratorSpi.java
Bug: 113525261
Bug: 114487149
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Test: atest
cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
index 419eb24..2d04d72 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
@@ -210,6 +210,10 @@
throw new InvalidAlgorithmParameterException(
"HMAC key size must be at least 64 bits.");
}
+ if (mKeySizeBits > 512 && spec.isStrongBoxBacked()) {
+ throw new InvalidAlgorithmParameterException(
+ "StrongBox HMAC key size must be smaller than 512 bits.");
+ }
// JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm
// implies SHA-256 digest). Because keymaster HMAC key is authorized only for
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
index 5fc742a..d44c894 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -303,7 +303,7 @@
if (mKeySizeBits == -1) {
mKeySizeBits = getDefaultKeySize(keymasterAlgorithm);
}
- checkValidKeySize(keymasterAlgorithm, mKeySizeBits);
+ checkValidKeySize(keymasterAlgorithm, mKeySizeBits, mSpec.isStrongBoxBacked());
if (spec.getKeystoreAlias() == null) {
throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided");
@@ -724,10 +724,18 @@
}
}
- private static void checkValidKeySize(int keymasterAlgorithm, int keySize)
+ private static void checkValidKeySize(
+ int keymasterAlgorithm,
+ int keySize,
+ boolean isStrongBoxBacked)
throws InvalidAlgorithmParameterException {
switch (keymasterAlgorithm) {
case KeymasterDefs.KM_ALGORITHM_EC:
+ if (isStrongBoxBacked && keySize != 256) {
+ throw new InvalidAlgorithmParameterException(
+ "Unsupported StrongBox EC key size: "
+ + keySize + " bits. Supported: 256");
+ }
if (!SUPPORTED_EC_NIST_CURVE_SIZES.contains(keySize)) {
throw new InvalidAlgorithmParameterException("Unsupported EC key size: "
+ keySize + " bits. Supported: " + SUPPORTED_EC_NIST_CURVE_SIZES);