Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 26c878fb authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Keystore SPI: Deprecate encryption flag. 

The encryption-required flag is only available in already deprecated
API KeyPairGeneratorSpec and KeyStoreParameter will be ignored from
Android S. Keys are and have been encrypted by default for a long time
and if additional binding to the LSKF is desired it can be requested
by KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean).

Test: None
Change-Id: I5bd4acb4bba276decd1930ae2e96a55f95627e10
parent 25284387

keystore/java/android/security/KeyPairGeneratorSpec.java

+16 −10
Original line number Diff line number Diff line
@@ -16,9 +16,9 @@ 


package android.security;



import android.app.KeyguardManager;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.app.KeyguardManager;

import android.content.Context;

import android.security.keystore.KeyGenParameterSpec;

import android.security.keystore.KeyProperties;
@@ -78,8 +78,6 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 


    private final Date mEndDate;



    private final int mFlags;



    /**

     * Parameter specification for the "{@code AndroidKeyPairGenerator}"

     * instance of the {@link java.security.KeyPairGenerator} API. The
@@ -144,7 +142,6 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 
        mSerialNumber = serialNumber;

        mStartDate = startDate;

        mEndDate = endDate;

        mFlags = flags;

    }



    /**
@@ -229,7 +226,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 
     * @hide

     */

    public int getFlags() {

        return mFlags;

        return 0;

    }



    /**
@@ -243,9 +240,15 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 
     * screen after boot.

     *

     * @see KeyguardManager#isDeviceSecure()

     *

     * @deprecated Encryption at rest is on by default. If extra binding to the lockscreen screen

     *             credential is desired use

     *             {@link KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean)}.

     *             This flag will be ignored from Android S.

     */

    @Deprecated

    public boolean isEncryptionRequired() {

        return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0;

        return false;

    }



    /**
@@ -292,8 +295,6 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 


        private Date mEndDate;



        private int mFlags;



        /**

         * Creates a new instance of the {@code Builder} with the given

         * {@code context}. The {@code context} passed in may be used to pop up
@@ -431,10 +432,15 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 
         * secure lock screen after boot.

         *

         * @see KeyguardManager#isDeviceSecure()

         *

         * @deprecated Data at rest encryption is enabled by default. If extra binding to the

         *             lockscreen credential is desired, use

         *             {@link KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean)}.

         *             This flag will be ignored from Android S.

         */

        @NonNull

        @Deprecated

        public Builder setEncryptionRequired() {

            mFlags |= KeyStore.FLAG_ENCRYPTED;

            return this;

        }
@@ -455,7 +461,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { 
                    mSerialNumber,

                    mStartDate,

                    mEndDate,

                    mFlags);

                    0);

        }

    }

}

keystore/java/android/security/KeyStoreParameter.java

+16 −12
Original line number Diff line number Diff line
@@ -48,18 +48,16 @@ import java.security.KeyStore.ProtectionParameter; 
 */

@Deprecated

public final class KeyStoreParameter implements ProtectionParameter {

    private final int mFlags;



    private KeyStoreParameter(

            int flags) {

        mFlags = flags;

    }



    /**

     * @hide

     */

    public int getFlags() {

        return mFlags;

        return 0;

    }



    /**
@@ -74,9 +72,16 @@ public final class KeyStoreParameter implements ProtectionParameter { 
     * screen after boot.

     *

     * @see KeyguardManager#isDeviceSecure()

     *

     * @deprecated Data at rest encryption is enabled by default. If extra binding to the

     *             lockscreen credential is desired, use

     *             {@link android.security.keystore.KeyGenParameterSpec

     *             .Builder#setUserAuthenticationRequired(boolean)}.

     *             This flag will be ignored from Android S.

     */

    @Deprecated

    public boolean isEncryptionRequired() {

        return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0;

        return false;

    }



    /**
@@ -100,7 +105,6 @@ public final class KeyStoreParameter implements ProtectionParameter { 
     */

    @Deprecated

    public final static class Builder {

        private int mFlags;



        /**

         * Creates a new instance of the {@code Builder} with the given
@@ -126,14 +130,15 @@ public final class KeyStoreParameter implements ProtectionParameter { 
         * the user unlocks the secure lock screen after boot.

         *

         * @see KeyguardManager#isDeviceSecure()

         *

         * @deprecated Data at rest encryption is enabled by default. If extra binding to the

         *             lockscreen credential is desired, use

         *             {@link android.security.keystore.KeyGenParameterSpec

         *             .Builder#setUserAuthenticationRequired(boolean)}.

         *             This flag will be ignored from Android S.

         */

        @NonNull

        public Builder setEncryptionRequired(boolean required) {

            if (required) {

                mFlags |= KeyStore.FLAG_ENCRYPTED;

            } else {

                mFlags &= ~KeyStore.FLAG_ENCRYPTED;

            }

            return this;

        }
@@ -145,8 +150,7 @@ public final class KeyStoreParameter implements ProtectionParameter { 
         */

        @NonNull

        public KeyStoreParameter build() {

            return new KeyStoreParameter(

                    mFlags);

            return new KeyStoreParameter(0 /* flags */);

        }

    }

}