AndroidKeyStore: support platform use of rollback-resistant keys
The keystore2 binder API supports rollback resistance when KeyMint supports it, but until now this wasn't exposed to Java code that uses AndroidKeyStore. Add support for rollback-resistant keys to KeyProtection and AndroidKeyStoreSpi.setSecretKeyEntry() so that LockSettingsService can request it for SP protector keys. This CL does *not* do any of the following: - Add any non-hidden APIs. KeyMint implementations only support a limited number of rollback-resistant keys; currently the available space is reserved for platform use only. Note that other examples of "hidden", platform-only key properties are isCriticalToDeviceEncryption() and getBoundToSpecificSecureUserId(). - Support rollback resistance with keys directly generated by Keystore. This isn't currently needed. Note that this would require changes KeyGenParameterSpec and AndroidKeyStoreKeyGeneratorSpi. - Allow querying the rollback resistance property of keys. This isn't currently needed. Note that this would require changes to KeyInfo and AndroidKeyStoreSecretKeyFactorySpi. Bug: 239632930 Test: see I05f3b7e5c139471febe5c266a39e3dc3bca4831f Change-Id: Ifcfd0b8f1bf440ef1ac80a9ac2b0e9c7f62106dd
Loading
Please register or sign in to comment