Merge "Add support for extending key validity while on body." into nyc-dev (0f900c02) · Commits · e / os / android_frameworks_base

api/current.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -34094,6 +34094,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyGenParameterSpec.Builder {
		@@ -34116,6 +34117,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

		@@ -34135,6 +34137,7 @@ package android.security.keystore {
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public class KeyNotYetValidException extends java.security.InvalidKeyException {
		@@ -34197,6 +34200,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyProtection.Builder {
		@@ -34212,6 +34216,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

api/system-current.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -36583,6 +36583,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyGenParameterSpec.Builder {
		@@ -36605,6 +36606,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

		@@ -36624,6 +36626,7 @@ package android.security.keystore {
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public class KeyNotYetValidException extends java.security.InvalidKeyException {
		@@ -36686,6 +36689,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyProtection.Builder {
		@@ -36701,6 +36705,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

api/test-current.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -34109,6 +34109,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyGenParameterSpec.Builder {
		@@ -34131,6 +34132,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

		@@ -34150,6 +34152,7 @@ package android.security.keystore {
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public class KeyNotYetValidException extends java.security.InvalidKeyException {
		@@ -34212,6 +34215,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyProtection.Builder {
		@@ -34227,6 +34231,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

core/java/android/security/keymaster/KeymasterDefs.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -72,6 +72,7 @@ public final class KeymasterDefs {
		public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL \| 503;
		public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM \| 504;
		public static final int KM_TAG_AUTH_TIMEOUT = KM_UINT \| 505;
		public static final int KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL \| 506;

		public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL \| 600;
		public static final int KM_TAG_APPLICATION_ID = KM_BYTES \| 601;

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+4 −2

Original line number	Diff line number	Diff line
		@@ -233,7 +233,8 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		// not set up).
		KeymasterUtils.addUserAuthArgs(new KeymasterArguments(),
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds());
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody());
		} catch (IllegalStateException \| IllegalArgumentException e) {
		throw new InvalidAlgorithmParameterException(e);
		}
		@@ -271,7 +272,8 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);
		KeymasterUtils.addUserAuthArgs(args,
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds());
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody());
		KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(
		args,
		mKeymasterAlgorithm,

Original line number	Diff line number	Diff line
		@@ -72,6 +72,7 @@ public final class KeymasterDefs {
		public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL \| 503;
		public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM \| 504;
		public static final int KM_TAG_AUTH_TIMEOUT = KM_UINT \| 505;
		public static final int KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL \| 506;

		public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL \| 600;
		public static final int KM_TAG_APPLICATION_ID = KM_BYTES \| 601;