1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.keystore;
18 
19 import android.security.KeyStore;
20 import android.security.keymaster.KeymasterDefs;
21 
22 import libcore.util.EmptyArray;
23 
24 import java.security.GeneralSecurityException;
25 import java.security.InvalidAlgorithmParameterException;
26 import java.security.InvalidKeyException;
27 import java.security.SecureRandom;
28 
29 /**
30  * Assorted utility methods for implementing crypto operations on top of KeyStore.
31  *
32  * @hide
33  */
34 abstract class KeyStoreCryptoOperationUtils {
35 
36     private static volatile SecureRandom sRng;
37 
KeyStoreCryptoOperationUtils()38     private KeyStoreCryptoOperationUtils() {}
39 
40     /**
41      * Returns the {@link InvalidKeyException} to be thrown by the {@code init} method of
42      * the crypto operation in response to {@code KeyStore.begin} operation or {@code null} if
43      * the {@code init} method should succeed.
44      */
getInvalidKeyExceptionForInit( KeyStore keyStore, AndroidKeyStoreKey key, int beginOpResultCode)45     static InvalidKeyException getInvalidKeyExceptionForInit(
46             KeyStore keyStore, AndroidKeyStoreKey key, int beginOpResultCode) {
47         if (beginOpResultCode == KeyStore.NO_ERROR) {
48             return null;
49         }
50 
51         // An error occured. However, some errors should not lead to init throwing an exception.
52         // See below.
53         InvalidKeyException e =
54                 keyStore.getInvalidKeyException(key.getAlias(), key.getUid(), beginOpResultCode);
55         switch (beginOpResultCode) {
56             case KeyStore.OP_AUTH_NEEDED:
57                 // Operation needs to be authorized by authenticating the user. Don't throw an
58                 // exception is such authentication is possible for this key
59                 // (UserNotAuthenticatedException). An example of when it's not possible is where
60                 // the key is permanently invalidated (KeyPermanentlyInvalidatedException).
61                 if (e instanceof UserNotAuthenticatedException) {
62                     return null;
63                 }
64                 break;
65         }
66         return e;
67     }
68 
69     /**
70      * Returns the exception to be thrown by the {@code Cipher.init} method of the crypto operation
71      * in response to {@code KeyStore.begin} operation or {@code null} if the {@code init} method
72      * should succeed.
73      */
getExceptionForCipherInit( KeyStore keyStore, AndroidKeyStoreKey key, int beginOpResultCode)74     public static GeneralSecurityException getExceptionForCipherInit(
75             KeyStore keyStore, AndroidKeyStoreKey key, int beginOpResultCode) {
76         if (beginOpResultCode == KeyStore.NO_ERROR) {
77             return null;
78         }
79 
80         // Cipher-specific cases
81         switch (beginOpResultCode) {
82             case KeymasterDefs.KM_ERROR_INVALID_NONCE:
83                 return new InvalidAlgorithmParameterException("Invalid IV");
84             case KeymasterDefs.KM_ERROR_CALLER_NONCE_PROHIBITED:
85                 return new InvalidAlgorithmParameterException("Caller-provided IV not permitted");
86         }
87 
88         // General cases
89         return getInvalidKeyExceptionForInit(keyStore, key, beginOpResultCode);
90     }
91 
92     /**
93      * Returns the requested number of random bytes to mix into keystore/keymaster RNG.
94      *
95      * @param rng RNG from which to obtain the random bytes or {@code null} for the platform-default
96      *        RNG.
97      */
getRandomBytesToMixIntoKeystoreRng(SecureRandom rng, int sizeBytes)98     static byte[] getRandomBytesToMixIntoKeystoreRng(SecureRandom rng, int sizeBytes) {
99         if (sizeBytes <= 0) {
100             return EmptyArray.BYTE;
101         }
102         if (rng == null) {
103             rng = getRng();
104         }
105         byte[] result = new byte[sizeBytes];
106         rng.nextBytes(result);
107         return result;
108     }
109 
getRng()110     private static SecureRandom getRng() {
111         // IMPLEMENTATION NOTE: It's OK to share a SecureRandom instance because SecureRandom is
112         // required to be thread-safe.
113         if (sRng == null) {
114             sRng = new SecureRandom();
115         }
116         return sRng;
117     }
118 }
119