Adding check for HMAC/EC key size for StrongBox

engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call into the backing Keymaster implementation until generate is called on it to actually create the key. If a disallowed spec for StrongBox is passed in, the backing StrongBox implementation won't be able to revoke it until engineGenerateKey() is called, which will create different behaviors between TEE backed implementations (which support a wider range of algorithm spec parameters) and StrongBox implementations from a public API perspective. This change will make sure HMAC is the same for StrongBox. This is also being done for EC keys in AndroidKeyStoreKeyPairGeneratorSpi.java Bug: 113525261 Bug: 114487149 Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186
2018-12-18 17:26:56 -08:00
parent ee1720cffa
commit d255a2136f
2 changed files with 14 additions and 2 deletions
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
@ -210,6 +210,10 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
                        throw new InvalidAlgorithmParameterException(
                            "HMAC key size must be at least 64 bits.");
                    }
+                    if (mKeySizeBits > 512 && spec.isStrongBoxBacked()) {
+                        throw new InvalidAlgorithmParameterException(
+                            "StrongBox HMAC key size must be smaller than 512 bits.");
+                    }

                    // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm
                    // implies SHA-256 digest). Because keymaster HMAC key is authorized only for
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@ -303,7 +303,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
            if (mKeySizeBits == -1) {
                mKeySizeBits = getDefaultKeySize(keymasterAlgorithm);
            }
-            checkValidKeySize(keymasterAlgorithm, mKeySizeBits);
+            checkValidKeySize(keymasterAlgorithm, mKeySizeBits, mSpec.isStrongBoxBacked());

            if (spec.getKeystoreAlias() == null) {
                throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided");
@ -724,10 +724,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
        }
    }

-    private static void checkValidKeySize(int keymasterAlgorithm, int keySize)
+    private static void checkValidKeySize(
+            int keymasterAlgorithm,
+            int keySize,
+            boolean isStrongBoxBacked)
            throws InvalidAlgorithmParameterException {
        switch (keymasterAlgorithm) {
            case KeymasterDefs.KM_ALGORITHM_EC:
+                if (isStrongBoxBacked && keySize != 256) {
+                    throw new InvalidAlgorithmParameterException(
+                            "Unsupported StrongBox EC key size: "
+                            + keySize + " bits. Supported: 256");
+                }
                if (!SUPPORTED_EC_NIST_CURVE_SIZES.contains(keySize)) {
                    throw new InvalidAlgorithmParameterException("Unsupported EC key size: "
                            + keySize + " bits. Supported: " + SUPPORTED_EC_NIST_CURVE_SIZES);