1cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin/* 2cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * Copyright (C) 2015 The Android Open Source Project 3cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * 4cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * Licensed under the Apache License, Version 2.0 (the "License"); 5cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * you may not use this file except in compliance with the License. 6cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * You may obtain a copy of the License at 7cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * 8cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * http://www.apache.org/licenses/LICENSE-2.0 9cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * 10cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * Unless required by applicable law or agreed to in writing, software 11cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * distributed under the License is distributed on an "AS IS" BASIS, 12cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * See the License for the specific language governing permissions and 14cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin * limitations under the License. 15cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin */ 16cc21bb3a56915842b545a577d3481047005b1764Alex Klyubin 17dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinpackage android.security.keystore; 184ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 194ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport android.os.IBinder; 20dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.KeyStore; 21dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.KeyStoreException; 224ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport android.security.keymaster.KeymasterArguments; 234ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport android.security.keymaster.KeymasterDefs; 244ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport android.security.keymaster.OperationResult; 254ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 264ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport java.security.InvalidAlgorithmParameterException; 274ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport java.security.InvalidKeyException; 284ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport java.security.Key; 29658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubinimport java.security.ProviderException; 304ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport java.security.spec.AlgorithmParameterSpec; 314ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 324ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubinimport javax.crypto.MacSpi; 334ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 344ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin/** 354ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin * {@link MacSpi} which provides HMAC implementations backed by Android KeyStore. 364ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin * 374ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin * @hide 384ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin */ 39dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinpublic abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOperation { 404ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 41dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin public static class HmacSHA1 extends AndroidKeyStoreHmacSpi { 4270376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin public HmacSHA1() { 435927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin super(KeymasterDefs.KM_DIGEST_SHA1); 4470376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 4570376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 4670376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin 47dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin public static class HmacSHA224 extends AndroidKeyStoreHmacSpi { 4870376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin public HmacSHA224() { 495927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin super(KeymasterDefs.KM_DIGEST_SHA_2_224); 5070376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 5170376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 5270376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin 53dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin public static class HmacSHA256 extends AndroidKeyStoreHmacSpi { 544ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin public HmacSHA256() { 555927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin super(KeymasterDefs.KM_DIGEST_SHA_2_256); 5670376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 5770376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 5870376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin 59dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin public static class HmacSHA384 extends AndroidKeyStoreHmacSpi { 6070376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin public HmacSHA384() { 615927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin super(KeymasterDefs.KM_DIGEST_SHA_2_384); 6270376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 6370376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin } 6470376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin 65dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin public static class HmacSHA512 extends AndroidKeyStoreHmacSpi { 6670376a77280551791dae62586a6bb0c77ed9429aAlex Klyubin public HmacSHA512() { 675927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin super(KeymasterDefs.KM_DIGEST_SHA_2_512); 684ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 694ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 704ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 714ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin private final KeyStore mKeyStore = KeyStore.getInstance(); 725927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin private final int mKeymasterDigest; 737ea50902647b32fa8fcfcd25138b1636bbf97dcdAlex Klyubin private final int mMacSizeBits; 744ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 756c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin // Fields below are populated by engineInit and should be preserved after engineDoFinal. 76dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin private AndroidKeyStoreSecretKey mKey; 774ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 786c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin // Fields below are reset when engineDoFinal succeeds. 794ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin private KeyStoreCryptoOperationChunkedStreamer mChunkedStreamer; 804ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin private IBinder mOperationToken; 819cfc428a244c8b2c7a404a430b1b3991b1950c62Alex Klyubin private long mOperationHandle; 824ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 83dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin protected AndroidKeyStoreHmacSpi(int keymasterDigest) { 845927c9f1b12f597839a664c1c6593114175cbcd8Alex Klyubin mKeymasterDigest = keymasterDigest; 857ea50902647b32fa8fcfcd25138b1636bbf97dcdAlex Klyubin mMacSizeBits = KeymasterUtils.getDigestOutputSizeBits(keymasterDigest); 864ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 874ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 884ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin @Override 894ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin protected int engineGetMacLength() { 907ea50902647b32fa8fcfcd25138b1636bbf97dcdAlex Klyubin return (mMacSizeBits + 7) / 8; 914ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 924ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 934ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin @Override 944ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, 954ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin InvalidAlgorithmParameterException { 966c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin resetAll(); 976c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin 986c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin boolean success = false; 996c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin try { 1006c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin init(key, params); 1016c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin ensureKeystoreOperationInitialized(); 1026c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin success = true; 1036c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin } finally { 1046c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin if (!success) { 1056c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin resetAll(); 1066c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin } 1076c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin } 1086c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin } 1096c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin 1106c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin private void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, 1116c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin InvalidAlgorithmParameterException { 1124ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin if (key == null) { 1134ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin throw new InvalidKeyException("key == null"); 114dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin } else if (!(key instanceof AndroidKeyStoreSecretKey)) { 1154ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin throw new InvalidKeyException( 1164ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin "Only Android KeyStore secret keys supported. Key: " + key); 1174ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 118dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin mKey = (AndroidKeyStoreSecretKey) key; 1194ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 1204ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin if (params != null) { 1214ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin throw new InvalidAlgorithmParameterException( 1224ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin "Unsupported algorithm parameters: " + params); 1234ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 1244ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 1256c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin } 1266c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin 1276c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin private void resetAll() { 1286c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin mKey = null; 1296c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin IBinder operationToken = mOperationToken; 1306c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin if (operationToken != null) { 1316c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin mKeyStore.abort(operationToken); 132a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin } 13396d7245c00be386355ec583ac980b024b223218bAlex Klyubin mOperationToken = null; 1349cfc428a244c8b2c7a404a430b1b3991b1950c62Alex Klyubin mOperationHandle = 0; 1356c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin mChunkedStreamer = null; 1364ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 1374ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 1386c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin private void resetWhilePreservingInitState() { 1394ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin IBinder operationToken = mOperationToken; 1404ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin if (operationToken != null) { 1414ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin mKeyStore.abort(operationToken); 1424ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 14396d7245c00be386355ec583ac980b024b223218bAlex Klyubin mOperationToken = null; 1449cfc428a244c8b2c7a404a430b1b3991b1950c62Alex Klyubin mOperationHandle = 0; 1454ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin mChunkedStreamer = null; 146a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin } 147a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin 1486c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin @Override 1496c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin protected void engineReset() { 1506c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin resetWhilePreservingInitState(); 1516c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin } 1526c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin 153ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin private void ensureKeystoreOperationInitialized() throws InvalidKeyException { 154a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin if (mChunkedStreamer != null) { 155a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin return; 156a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin } 1576c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin if (mKey == null) { 158a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin throw new IllegalStateException("Not initialized"); 159a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin } 1604ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 1614ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin KeymasterArguments keymasterArgs = new KeymasterArguments(); 162ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin keymasterArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC); 163ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin keymasterArgs.addEnum(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); 164ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin keymasterArgs.addUnsignedInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits); 1654ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 1666c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin OperationResult opResult = mKeyStore.begin( 1676c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin mKey.getAlias(), 1684ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin KeymasterDefs.KM_PURPOSE_SIGN, 1694ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin true, 1704ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin keymasterArgs, 1713876b1be27e3aefde9a72eb2e4f856e94fc5f946Alex Klyubin null, // no additional entropy needed for HMAC because it's deterministic 1723876b1be27e3aefde9a72eb2e4f856e94fc5f946Alex Klyubin mKey.getUid()); 173966486e134c901ea61195b352fdd81476b3639b4Chad Brubaker 1744ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin if (opResult == null) { 1754ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin throw new KeyStoreConnectException(); 1764ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 177058de02073a129301d391c22b050f2d65adadb0fAlex Klyubin 1788c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin // Store operation token and handle regardless of the error code returned by KeyStore to 1798c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin // ensure that the operation gets aborted immediately if the code below throws an exception. 180a80eee052dd729c2898829fab42a5584d6f5eaf0Alex Klyubin mOperationToken = opResult.token; 18152886ca77d4d93f6faf5d2a6836625a421e32403Alex Klyubin mOperationHandle = opResult.operationHandle; 1828c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin 1838c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin // If necessary, throw an exception due to KeyStore operation having failed. 1848c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit( 1858c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin mKeyStore, mKey, opResult.resultCode); 1868c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin if (e != null) { 1878c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin throw e; 1888c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin } 1898c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin 1908c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin if (mOperationToken == null) { 191658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Keystore returned null operation token"); 1928c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin } 1939cfc428a244c8b2c7a404a430b1b3991b1950c62Alex Klyubin if (mOperationHandle == 0) { 194658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Keystore returned invalid operation handle"); 1959cfc428a244c8b2c7a404a430b1b3991b1950c62Alex Klyubin } 1968c82b4508f0e9f07bb24f106aa817466e39d0cc9Alex Klyubin 1974ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer( 198b406f242911fa4d910a4cf915a61e39aeace1e1bAlex Klyubin new KeyStoreCryptoOperationChunkedStreamer.MainDataStream( 199b406f242911fa4d910a4cf915a61e39aeace1e1bAlex Klyubin mKeyStore, mOperationToken)); 2004ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2014ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2024ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin @Override 2034ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin protected void engineUpdate(byte input) { 2044ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin engineUpdate(new byte[] {input}, 0, 1); 2054ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2064ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2074ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin @Override 2084ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin protected void engineUpdate(byte[] input, int offset, int len) { 209ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin try { 210ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin ensureKeystoreOperationInitialized(); 211ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin } catch (InvalidKeyException e) { 212658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Failed to reinitialize MAC", e); 213ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin } 2144ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2154ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin byte[] output; 2164ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin try { 2174ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin output = mChunkedStreamer.update(input, offset, len); 218b4834ae3fa09e8013f7ab743a12def063ae999e3Alex Klyubin } catch (KeyStoreException e) { 219658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Keystore operation failed", e); 2204ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2214ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin if ((output != null) && (output.length != 0)) { 222658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Update operation unexpectedly produced output"); 2234ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2244ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2254ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2264ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin @Override 2274ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin protected byte[] engineDoFinal() { 228ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin try { 229ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin ensureKeystoreOperationInitialized(); 230ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin } catch (InvalidKeyException e) { 231658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Failed to reinitialize MAC", e); 232ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2Alex Klyubin } 2334ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2344ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin byte[] result; 2354ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin try { 236a72b55195c23fc06d1600efe8f6aac85290c7f8fAlex Klyubin result = mChunkedStreamer.doFinal( 237a72b55195c23fc06d1600efe8f6aac85290c7f8fAlex Klyubin null, 0, 0, 238d23dc502b0a1952887d4453cba98aa2e3d2f5009Alex Klyubin null, // no signature provided -- this invocation will generate one 239a72b55195c23fc06d1600efe8f6aac85290c7f8fAlex Klyubin null // no additional entropy needed -- HMAC is deterministic 240a72b55195c23fc06d1600efe8f6aac85290c7f8fAlex Klyubin ); 241b4834ae3fa09e8013f7ab743a12def063ae999e3Alex Klyubin } catch (KeyStoreException e) { 242658cd6601d260a0aad636c3ae6dcef32caf1f491Alex Klyubin throw new ProviderException("Keystore operation failed", e); 2434ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2444ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2456c4a842129db70a9d50b9c0a38cda107ddb943ddAlex Klyubin resetWhilePreservingInitState(); 2464ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin return result; 2474ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2484ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin 2494ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin @Override 2504ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin public void finalize() throws Throwable { 2514ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin try { 2524ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin IBinder operationToken = mOperationToken; 2534ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin if (operationToken != null) { 2544ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin mKeyStore.abort(operationToken); 2554ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2564ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } finally { 2574ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin super.finalize(); 2584ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 2594ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin } 26052886ca77d4d93f6faf5d2a6836625a421e32403Alex Klyubin 26152886ca77d4d93f6faf5d2a6836625a421e32403Alex Klyubin @Override 2629cfc428a244c8b2c7a404a430b1b3991b1950c62Alex Klyubin public long getOperationHandle() { 26352886ca77d4d93f6faf5d2a6836625a421e32403Alex Klyubin return mOperationHandle; 26452886ca77d4d93f6faf5d2a6836625a421e32403Alex Klyubin } 2654ab8ea4498aa25eafdbaadd238fed6eab3f6ee59Alex Klyubin} 266