Merge "biometric: Add support for KeyAgreement to AndroidX's CryptoObject." into main (2bcc7900) · Commits · e / os / android_frameworks_base

core/api/current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -17336,8 +17336,10 @@ package android.hardware.biometrics {
		ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Mac);
		ctor @Deprecated public BiometricPrompt.CryptoObject(@NonNull android.security.identity.IdentityCredential);
		ctor public BiometricPrompt.CryptoObject(@NonNull android.security.identity.PresentationSession);
		ctor @FlaggedApi("android.hardware.biometrics.add_key_agreement_crypto_object") public BiometricPrompt.CryptoObject(@NonNull javax.crypto.KeyAgreement);
		method public javax.crypto.Cipher getCipher();
		method @Deprecated @Nullable public android.security.identity.IdentityCredential getIdentityCredential();
		method @FlaggedApi("android.hardware.biometrics.add_key_agreement_crypto_object") @Nullable public javax.crypto.KeyAgreement getKeyAgreement();
		method public javax.crypto.Mac getMac();
		method @Nullable public android.security.identity.PresentationSession getPresentationSession();
		method public java.security.Signature getSignature();

core/java/android/hardware/biometrics/BiometricPrompt.java

+18 −1

Original line number	Diff line number	Diff line
		@@ -20,8 +20,10 @@ import static android.Manifest.permission.TEST_BIOMETRIC;
		import static android.Manifest.permission.USE_BIOMETRIC;
		import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;
		import static android.hardware.biometrics.BiometricManager.Authenticators;
		import static android.hardware.biometrics.Flags.FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT;

		import android.annotation.CallbackExecutor;
		import android.annotation.FlaggedApi;
		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		@@ -53,6 +55,7 @@ import java.util.List;
		import java.util.concurrent.Executor;

		import javax.crypto.Cipher;
		import javax.crypto.KeyAgreement;
		import javax.crypto.Mac;

		/**
		@@ -680,7 +683,7 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
		* A wrapper class for the cryptographic operations supported by BiometricPrompt.
		*
		* <p>Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac},
		* {@link IdentityCredential}, and {@link PresentationSession}.
		* {@link IdentityCredential}, {@link PresentationSession} and {@link KeyAgreement}.
		*
		* <p>Cryptographic operations in Android can be split into two categories: auth-per-use and
		* time-based. This is specified during key creation via the timeout parameter of the
		@@ -725,6 +728,11 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
		super(session);
		}

		@FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT)
		public CryptoObject(@NonNull KeyAgreement keyAgreement) {
		super(keyAgreement);
		}

		/**
		* Get {@link Signature} object.
		* @return {@link Signature} object or null if this doesn't contain one.
		@@ -766,6 +774,15 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
		public @Nullable PresentationSession getPresentationSession() {
		return super.getPresentationSession();
		}

		/**
		* Get {@link KeyAgreement} object.
		* @return {@link KeyAgreement} object or null if this doesn't contain one.
		*/
		@FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT)
		public @Nullable KeyAgreement getKeyAgreement() {
		return super.getKeyAgreement();
		}
		}

		/**

core/java/android/hardware/biometrics/CryptoObject.java

+18 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,9 @@

		package android.hardware.biometrics;

		import static android.hardware.biometrics.Flags.FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT;

		import android.annotation.FlaggedApi;
		import android.annotation.NonNull;
		import android.security.identity.IdentityCredential;
		import android.security.identity.PresentationSession;
		@@ -24,6 +27,7 @@ import android.security.keystore2.AndroidKeyStoreProvider;
		import java.security.Signature;

		import javax.crypto.Cipher;
		import javax.crypto.KeyAgreement;
		import javax.crypto.Mac;

		/**
		@@ -62,6 +66,11 @@ public class CryptoObject {
		mCrypto = session;
		}

		@FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT)
		public CryptoObject(@NonNull KeyAgreement keyAgreement) {
		mCrypto = keyAgreement;
		}

		/**
		* Get {@link Signature} object.
		* @return {@link Signature} object or null if this doesn't contain one.
		@@ -104,6 +113,15 @@ public class CryptoObject {
		return mCrypto instanceof PresentationSession ? (PresentationSession) mCrypto : null;
		}

		/**
		* Get {@link PresentationSession} object.
		* @return {@link PresentationSession} object or null if this doesn't contain one.
		*/
		@FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT)
		public KeyAgreement getKeyAgreement() {
		return mCrypto instanceof KeyAgreement ? (KeyAgreement) mCrypto : null;
		}

		/**
		* @hide
		* @return the opId associated with this object or 0 if none

core/java/android/hardware/fingerprint/FingerprintManager.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -24,12 +24,14 @@ import static android.Manifest.permission.USE_BIOMETRIC;
		import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;
		import static android.Manifest.permission.USE_FINGERPRINT;
		import static android.hardware.biometrics.BiometricConstants.BIOMETRIC_LOCKOUT_NONE;
		import static android.hardware.biometrics.Flags.FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT;
		import static android.hardware.fingerprint.FingerprintSensorProperties.TYPE_POWER_BUTTON;

		import static com.android.internal.util.FrameworkStatsLog.AUTH_DEPRECATED_APIUSED__DEPRECATED_API__API_FINGERPRINT_MANAGER_AUTHENTICATE;
		import static com.android.internal.util.FrameworkStatsLog.AUTH_DEPRECATED_APIUSED__DEPRECATED_API__API_FINGERPRINT_MANAGER_HAS_ENROLLED_FINGERPRINTS;
		import static com.android.internal.util.FrameworkStatsLog.AUTH_DEPRECATED_APIUSED__DEPRECATED_API__API_FINGERPRINT_MANAGER_IS_HARDWARE_DETECTED;

		import android.annotation.FlaggedApi;
		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		@@ -75,6 +77,7 @@ import java.util.List;
		import java.util.concurrent.Executor;

		import javax.crypto.Cipher;
		import javax.crypto.KeyAgreement;
		import javax.crypto.Mac;

		/**
		@@ -291,6 +294,16 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
		public PresentationSession getPresentationSession() {
		return super.getPresentationSession();
		}

		/**
		* Get {@link KeyAgreement} object.
		* @return {@link KeyAgreement} object or null if this doesn't contain one.
		* @hide
		*/
		@FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT)
		public KeyAgreement getKeyAgreement() {
		return super.getKeyAgreement();
		}
		}

		/**

keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -43,6 +43,7 @@ import java.security.interfaces.ECPublicKey;
		import java.security.interfaces.RSAPublicKey;

		import javax.crypto.Cipher;
		import javax.crypto.KeyAgreement;
		import javax.crypto.Mac;
		import javax.crypto.SecretKey;

		@@ -181,6 +182,8 @@ public class AndroidKeyStoreProvider extends Provider {
		spi = ((Mac) cryptoPrimitive).getCurrentSpi();
		} else if (cryptoPrimitive instanceof Cipher) {
		spi = ((Cipher) cryptoPrimitive).getCurrentSpi();
		} else if (cryptoPrimitive instanceof KeyAgreement) {
		spi = ((KeyAgreement) cryptoPrimitive).getCurrentSpi();
		} else {
		throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive
		+ ". Supported: Signature, Mac, Cipher");