Alex Klyubin | cc21bb3 | 2015-03-31 16:50:37 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2015 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 17 | package android.security; |
| 18 | |
| 19 | import android.security.keymaster.KeyCharacteristics; |
| 20 | import android.security.keymaster.KeymasterArguments; |
| 21 | import android.security.keymaster.KeymasterDefs; |
| 22 | |
| 23 | import java.security.InvalidAlgorithmParameterException; |
| 24 | import java.security.SecureRandom; |
| 25 | import java.security.spec.AlgorithmParameterSpec; |
Alex Klyubin | 5045b71 | 2015-03-31 20:19:54 -0700 | [diff] [blame] | 26 | import java.util.Date; |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 27 | |
| 28 | import javax.crypto.KeyGeneratorSpi; |
| 29 | import javax.crypto.SecretKey; |
| 30 | |
| 31 | /** |
| 32 | * {@link KeyGeneratorSpi} backed by Android KeyStore. |
| 33 | * |
| 34 | * @hide |
| 35 | */ |
| 36 | public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { |
| 37 | |
| 38 | public static class AES extends KeyStoreKeyGeneratorSpi { |
| 39 | public AES() { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 40 | super(KeymasterDefs.KM_ALGORITHM_AES, 128); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 41 | } |
| 42 | } |
| 43 | |
Alex Klyubin | 70376a7 | 2015-04-08 14:15:57 -0700 | [diff] [blame] | 44 | protected static abstract class HmacBase extends KeyStoreKeyGeneratorSpi { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 45 | protected HmacBase(int keymasterDigest) { |
| 46 | super(KeymasterDefs.KM_ALGORITHM_HMAC, |
| 47 | keymasterDigest, |
| 48 | KeymasterUtils.getDigestOutputSizeBytes(keymasterDigest) * 8); |
Alex Klyubin | 70376a7 | 2015-04-08 14:15:57 -0700 | [diff] [blame] | 49 | } |
| 50 | } |
| 51 | |
| 52 | public static class HmacSHA1 extends HmacBase { |
| 53 | public HmacSHA1() { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 54 | super(KeymasterDefs.KM_DIGEST_SHA1); |
Alex Klyubin | 70376a7 | 2015-04-08 14:15:57 -0700 | [diff] [blame] | 55 | } |
| 56 | } |
| 57 | |
| 58 | public static class HmacSHA224 extends HmacBase { |
| 59 | public HmacSHA224() { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 60 | super(KeymasterDefs.KM_DIGEST_SHA_2_224); |
Alex Klyubin | 70376a7 | 2015-04-08 14:15:57 -0700 | [diff] [blame] | 61 | } |
| 62 | } |
| 63 | |
| 64 | public static class HmacSHA256 extends HmacBase { |
| 65 | public HmacSHA256() { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 66 | super(KeymasterDefs.KM_DIGEST_SHA_2_256); |
Alex Klyubin | 70376a7 | 2015-04-08 14:15:57 -0700 | [diff] [blame] | 67 | } |
| 68 | } |
| 69 | |
| 70 | public static class HmacSHA384 extends HmacBase { |
| 71 | public HmacSHA384() { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 72 | super(KeymasterDefs.KM_DIGEST_SHA_2_384); |
Alex Klyubin | 70376a7 | 2015-04-08 14:15:57 -0700 | [diff] [blame] | 73 | } |
| 74 | } |
| 75 | |
| 76 | public static class HmacSHA512 extends HmacBase { |
| 77 | public HmacSHA512() { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 78 | super(KeymasterDefs.KM_DIGEST_SHA_2_512); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 79 | } |
| 80 | } |
| 81 | |
| 82 | private final KeyStore mKeyStore = KeyStore.getInstance(); |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 83 | private final int mKeymasterAlgorithm; |
| 84 | private final int mKeymasterDigest; |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 85 | private final int mDefaultKeySizeBits; |
| 86 | |
| 87 | private KeyGeneratorSpec mSpec; |
| 88 | private SecureRandom mRng; |
| 89 | |
| 90 | protected KeyStoreKeyGeneratorSpi( |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 91 | int keymasterAlgorithm, |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 92 | int defaultKeySizeBits) { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 93 | this(keymasterAlgorithm, -1, defaultKeySizeBits); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 94 | } |
| 95 | |
| 96 | protected KeyStoreKeyGeneratorSpi( |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 97 | int keymasterAlgorithm, |
| 98 | int keymasterDigest, |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 99 | int defaultKeySizeBits) { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 100 | mKeymasterAlgorithm = keymasterAlgorithm; |
| 101 | mKeymasterDigest = keymasterDigest; |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 102 | mDefaultKeySizeBits = defaultKeySizeBits; |
| 103 | } |
| 104 | |
| 105 | @Override |
| 106 | protected SecretKey engineGenerateKey() { |
| 107 | KeyGeneratorSpec spec = mSpec; |
| 108 | if (spec == null) { |
| 109 | throw new IllegalStateException("Not initialized"); |
| 110 | } |
| 111 | |
| 112 | if ((spec.isEncryptionRequired()) |
| 113 | && (mKeyStore.state() != KeyStore.State.UNLOCKED)) { |
| 114 | throw new IllegalStateException( |
| 115 | "Android KeyStore must be in initialized and unlocked state if encryption is" |
| 116 | + " required"); |
| 117 | } |
| 118 | |
| 119 | KeymasterArguments args = new KeymasterArguments(); |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 120 | args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, mKeymasterAlgorithm); |
| 121 | if (mKeymasterDigest != -1) { |
| 122 | args.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); |
| 123 | int digestOutputSizeBytes = |
| 124 | KeymasterUtils.getDigestOutputSizeBytes(mKeymasterDigest); |
| 125 | if (digestOutputSizeBytes != -1) { |
Alex Klyubin | 4ab8ea4 | 2015-03-27 16:53:44 -0700 | [diff] [blame] | 126 | // TODO: Remove MAC length constraint once Keymaster API no longer requires it. |
| 127 | // TODO: Switch to bits instead of bytes, once this is fixed in Keymaster |
| 128 | args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, digestOutputSizeBytes); |
| 129 | } |
| 130 | } |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 131 | if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) { |
| 132 | if (mKeymasterDigest == -1) { |
| 133 | throw new IllegalStateException("Digest algorithm must be specified for HMAC key"); |
Alex Klyubin | b406f24 | 2015-03-31 13:39:38 -0700 | [diff] [blame] | 134 | } |
| 135 | } |
Alex Klyubin | 9b3e005 | 2015-04-13 11:12:57 -0700 | [diff] [blame] | 136 | int keySizeBits = (spec.getKeySize() != -1) ? spec.getKeySize() : mDefaultKeySizeBits; |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 137 | args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keySizeBits); |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 138 | @KeyStoreKeyProperties.PurposeEnum int purposes = spec.getPurposes(); |
| 139 | int[] keymasterBlockModes = KeymasterUtils.getKeymasterBlockModesFromJcaBlockModes( |
| 140 | spec.getBlockModes()); |
| 141 | if (((purposes & KeyStoreKeyProperties.Purpose.ENCRYPT) != 0) |
Alex Klyubin | f853f64 | 2015-04-08 13:36:22 -0700 | [diff] [blame] | 142 | && (spec.isRandomizedEncryptionRequired())) { |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 143 | for (int keymasterBlockMode : keymasterBlockModes) { |
| 144 | if (!KeymasterUtils.isKeymasterBlockModeIndCpaCompatible(keymasterBlockMode)) { |
| 145 | throw new IllegalStateException( |
| 146 | "Randomized encryption (IND-CPA) required but may be violated by block" |
| 147 | + " mode: " |
| 148 | + KeymasterUtils.getJcaBlockModeFromKeymasterBlockMode( |
| 149 | keymasterBlockMode) |
| 150 | + ". See KeyGeneratorSpec documentation."); |
| 151 | } |
Alex Klyubin | f853f64 | 2015-04-08 13:36:22 -0700 | [diff] [blame] | 152 | } |
| 153 | } |
| 154 | |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 155 | for (int keymasterPurpose : |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 156 | KeyStoreKeyProperties.Purpose.allToKeymaster(purposes)) { |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 157 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, keymasterPurpose); |
| 158 | } |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 159 | args.addInts(KeymasterDefs.KM_TAG_BLOCK_MODE, keymasterBlockModes); |
| 160 | args.addInts( |
| 161 | KeymasterDefs.KM_TAG_PADDING, |
| 162 | KeymasterUtils.getKeymasterPaddingsFromJcaEncryptionPaddings( |
| 163 | spec.getEncryptionPaddings())); |
Alex Klyubin | c46e9e7 | 2015-04-06 15:36:25 -0700 | [diff] [blame] | 164 | if (spec.getUserAuthenticators() == 0) { |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 165 | args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); |
| 166 | } else { |
Alex Klyubin | c8e5574 | 2015-03-31 19:50:13 -0700 | [diff] [blame] | 167 | args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 168 | KeyStoreKeyProperties.UserAuthenticator.allToKeymaster( |
Alex Klyubin | c8e5574 | 2015-03-31 19:50:13 -0700 | [diff] [blame] | 169 | spec.getUserAuthenticators())); |
Alex Klyubin | 10a9f17 | 2015-04-16 13:41:19 -0700 | [diff] [blame] | 170 | long secureUserId = GateKeeper.getSecureUserId(); |
| 171 | if (secureUserId == 0) { |
| 172 | throw new IllegalStateException("Secure lock screen must be enabled" |
| 173 | + " to generate keys requiring user authentication"); |
| 174 | } |
| 175 | args.addLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, secureUserId); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 176 | } |
Alex Klyubin | 2ea13d4 | 2015-04-01 14:41:28 -0700 | [diff] [blame] | 177 | if (spec.isInvalidatedOnNewFingerprintEnrolled()) { |
| 178 | // TODO: Add the invalidate on fingerprint enrolled constraint once Keymaster supports |
| 179 | // that. |
| 180 | } |
Alex Klyubin | c46e9e7 | 2015-04-06 15:36:25 -0700 | [diff] [blame] | 181 | if (spec.getUserAuthenticationValidityDurationSeconds() != -1) { |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 182 | args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, |
| 183 | spec.getUserAuthenticationValidityDurationSeconds()); |
| 184 | } |
Alex Klyubin | 5045b71 | 2015-03-31 20:19:54 -0700 | [diff] [blame] | 185 | args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, |
| 186 | (spec.getKeyValidityStart() != null) |
| 187 | ? spec.getKeyValidityStart() : new Date(0)); |
| 188 | args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, |
| 189 | (spec.getKeyValidityForOriginationEnd() != null) |
| 190 | ? spec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE)); |
| 191 | args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, |
| 192 | (spec.getKeyValidityForConsumptionEnd() != null) |
| 193 | ? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE)); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 194 | |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 195 | if (((purposes & KeyStoreKeyProperties.Purpose.ENCRYPT) != 0) |
Alex Klyubin | f853f64 | 2015-04-08 13:36:22 -0700 | [diff] [blame] | 196 | && (!spec.isRandomizedEncryptionRequired())) { |
| 197 | // Permit caller-provided IV when encrypting with this key |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 198 | args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE); |
| 199 | } |
| 200 | |
| 201 | byte[] additionalEntropy = null; |
| 202 | SecureRandom rng = mRng; |
| 203 | if (rng != null) { |
| 204 | additionalEntropy = new byte[(keySizeBits + 7) / 8]; |
| 205 | rng.nextBytes(additionalEntropy); |
| 206 | } |
| 207 | |
| 208 | int flags = spec.getFlags(); |
| 209 | String keyAliasInKeystore = Credentials.USER_SECRET_KEY + spec.getKeystoreAlias(); |
| 210 | int errorCode = mKeyStore.generateKey( |
| 211 | keyAliasInKeystore, args, additionalEntropy, flags, new KeyCharacteristics()); |
| 212 | if (errorCode != KeyStore.NO_ERROR) { |
Alex Klyubin | b4834ae | 2015-04-02 15:53:46 -0700 | [diff] [blame] | 213 | throw KeyStore.getCryptoOperationException(errorCode); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 214 | } |
| 215 | String keyAlgorithmJCA = |
Alex Klyubin | 5927c9f | 2015-04-10 13:28:03 -0700 | [diff] [blame] | 216 | KeymasterUtils.getJcaSecretKeyAlgorithm(mKeymasterAlgorithm, mKeymasterDigest); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 217 | return new KeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); |
| 218 | } |
| 219 | |
| 220 | @Override |
| 221 | protected void engineInit(SecureRandom random) { |
| 222 | throw new UnsupportedOperationException("Cannot initialize without an " |
| 223 | + KeyGeneratorSpec.class.getName() + " parameter"); |
| 224 | } |
| 225 | |
| 226 | @Override |
| 227 | protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) |
| 228 | throws InvalidAlgorithmParameterException { |
| 229 | if ((params == null) || (!(params instanceof KeyGeneratorSpec))) { |
| 230 | throw new InvalidAlgorithmParameterException("Cannot initialize without an " |
| 231 | + KeyGeneratorSpec.class.getName() + " parameter"); |
| 232 | } |
| 233 | KeyGeneratorSpec spec = (KeyGeneratorSpec) params; |
| 234 | if (spec.getKeystoreAlias() == null) { |
| 235 | throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided"); |
| 236 | } |
| 237 | |
| 238 | mSpec = spec; |
| 239 | mRng = random; |
| 240 | } |
| 241 | |
| 242 | @Override |
| 243 | protected void engineInit(int keySize, SecureRandom random) { |
| 244 | throw new UnsupportedOperationException("Cannot initialize without a " |
| 245 | + KeyGeneratorSpec.class.getName() + " parameter"); |
| 246 | } |
| 247 | } |