Loading services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java +2 −2 Original line number Diff line number Diff line Loading @@ -375,6 +375,8 @@ public class PlatformKeyManager { throws NoSuchAlgorithmException, KeyStoreException { String encryptAlias = getEncryptAlias(userId, generationId); String decryptAlias = getDecryptAlias(userId, generationId); // SecretKey implementation doesn't provide reliable way to destroy the secret // so it may live in memory for some time. SecretKey secretKey = generateAesKey(); // Store decryption key first since it is more likely to fail. Loading @@ -398,8 +400,6 @@ public class PlatformKeyManager { .build()); setGenerationId(userId, generationId); // TODO: Use a reliable way to destroy the temporary secretKey in memory. } /** Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyGenerator.java +0 −1 Original line number Diff line number Diff line Loading @@ -29,7 +29,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; // TODO: Rename RecoverableKeyGenerator to RecoverableKeyManager as it can import a key too now /** * Generates/imports keys and stores them both in AndroidKeyStore and on disk, in wrapped form. * Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +3 −19 Original line number Diff line number Diff line Loading @@ -47,12 +47,12 @@ import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.HexDump; import com.android.internal.util.Preconditions; import com.android.server.locksettings.recoverablekeystore.certificate.CertUtils; import com.android.server.locksettings.recoverablekeystore.certificate.SigXml; import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage; import com.android.server.locksettings.recoverablekeystore.certificate.CertParsingException; import com.android.server.locksettings.recoverablekeystore.certificate.CertUtils; import com.android.server.locksettings.recoverablekeystore.certificate.CertValidationException; import com.android.server.locksettings.recoverablekeystore.certificate.CertXml; import com.android.server.locksettings.recoverablekeystore.certificate.SigXml; import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; Loading Loading @@ -298,20 +298,6 @@ public class RecoverableKeyStoreManager { initRecoveryService(rootCertificateAlias, recoveryServiceCertFile); } private PublicKey parseEcPublicKey(@NonNull byte[] bytes) throws ServiceSpecificException { try { KeyFactory kf = KeyFactory.getInstance("EC"); X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(bytes); return kf.generatePublic(pkSpec); } catch (NoSuchAlgorithmException e) { Log.wtf(TAG, "EC algorithm not available. AOSP must support this.", e); throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } catch (InvalidKeySpecException e) { throw new ServiceSpecificException( ERROR_BAD_CERTIFICATE_FORMAT, "Not a valid X509 certificate."); } } /** * Gets all data necessary to recover application keys on new device. * Loading Loading @@ -750,8 +736,6 @@ public class RecoverableKeyStoreManager { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); // TODO: Refactor RecoverableKeyGenerator to wrap the PlatformKey logic PlatformEncryptionKey encryptionKey; try { encryptionKey = mPlatformKeyManager.getEncryptKey(userId); Loading services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java +1 −2 Original line number Diff line number Diff line Loading @@ -291,7 +291,7 @@ public class RecoverableKeyStoreDb { } /** * Sets the {@code generationId} of the platform key for the account owned by {@code userId}. * Sets the {@code generationId} of the platform key for user {@code userId}. * * @return The primary key ID of the relation. */ Loading Loading @@ -630,7 +630,6 @@ public class RecoverableKeyStoreDb { * @hide */ public long setActiveRootOfTrust(int userId, int uid, @Nullable String rootAlias) { // TODO: Call getDefaultCertificateAliasIfEmpty() here too? SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, rootAlias); Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +0 −2 Original line number Diff line number Diff line Loading @@ -17,11 +17,9 @@ package com.android.server.locksettings.recoverablekeystore; import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN; import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PASSWORD; import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PATTERN; import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PIN; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN; Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java +2 −2 Original line number Diff line number Diff line Loading @@ -375,6 +375,8 @@ public class PlatformKeyManager { throws NoSuchAlgorithmException, KeyStoreException { String encryptAlias = getEncryptAlias(userId, generationId); String decryptAlias = getDecryptAlias(userId, generationId); // SecretKey implementation doesn't provide reliable way to destroy the secret // so it may live in memory for some time. SecretKey secretKey = generateAesKey(); // Store decryption key first since it is more likely to fail. Loading @@ -398,8 +400,6 @@ public class PlatformKeyManager { .build()); setGenerationId(userId, generationId); // TODO: Use a reliable way to destroy the temporary secretKey in memory. } /** Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyGenerator.java +0 −1 Original line number Diff line number Diff line Loading @@ -29,7 +29,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; // TODO: Rename RecoverableKeyGenerator to RecoverableKeyManager as it can import a key too now /** * Generates/imports keys and stores them both in AndroidKeyStore and on disk, in wrapped form. * Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +3 −19 Original line number Diff line number Diff line Loading @@ -47,12 +47,12 @@ import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.HexDump; import com.android.internal.util.Preconditions; import com.android.server.locksettings.recoverablekeystore.certificate.CertUtils; import com.android.server.locksettings.recoverablekeystore.certificate.SigXml; import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage; import com.android.server.locksettings.recoverablekeystore.certificate.CertParsingException; import com.android.server.locksettings.recoverablekeystore.certificate.CertUtils; import com.android.server.locksettings.recoverablekeystore.certificate.CertValidationException; import com.android.server.locksettings.recoverablekeystore.certificate.CertXml; import com.android.server.locksettings.recoverablekeystore.certificate.SigXml; import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; Loading Loading @@ -298,20 +298,6 @@ public class RecoverableKeyStoreManager { initRecoveryService(rootCertificateAlias, recoveryServiceCertFile); } private PublicKey parseEcPublicKey(@NonNull byte[] bytes) throws ServiceSpecificException { try { KeyFactory kf = KeyFactory.getInstance("EC"); X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(bytes); return kf.generatePublic(pkSpec); } catch (NoSuchAlgorithmException e) { Log.wtf(TAG, "EC algorithm not available. AOSP must support this.", e); throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } catch (InvalidKeySpecException e) { throw new ServiceSpecificException( ERROR_BAD_CERTIFICATE_FORMAT, "Not a valid X509 certificate."); } } /** * Gets all data necessary to recover application keys on new device. * Loading Loading @@ -750,8 +736,6 @@ public class RecoverableKeyStoreManager { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); // TODO: Refactor RecoverableKeyGenerator to wrap the PlatformKey logic PlatformEncryptionKey encryptionKey; try { encryptionKey = mPlatformKeyManager.getEncryptKey(userId); Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java +1 −2 Original line number Diff line number Diff line Loading @@ -291,7 +291,7 @@ public class RecoverableKeyStoreDb { } /** * Sets the {@code generationId} of the platform key for the account owned by {@code userId}. * Sets the {@code generationId} of the platform key for user {@code userId}. * * @return The primary key ID of the relation. */ Loading Loading @@ -630,7 +630,6 @@ public class RecoverableKeyStoreDb { * @hide */ public long setActiveRootOfTrust(int userId, int uid, @Nullable String rootAlias) { // TODO: Call getDefaultCertificateAliasIfEmpty() here too? SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, rootAlias); Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +0 −2 Original line number Diff line number Diff line Loading @@ -17,11 +17,9 @@ package com.android.server.locksettings.recoverablekeystore; import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN; import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PASSWORD; import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PATTERN; import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PIN; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN; Loading
