Loading api/current.txt +2 −2 Original line number Diff line number Diff line Loading @@ -28593,9 +28593,9 @@ package android.security { method public int getPurposes(); method public java.lang.String[] getSignaturePaddings(); method public int getUserAuthenticationValidityDurationSeconds(); method public boolean isTeeBacked(); method public boolean isInsideSecureHardware(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementTeeEnforced(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); } public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter { api/system-current.txt +2 −2 Original line number Diff line number Diff line Loading @@ -30607,9 +30607,9 @@ package android.security { method public int getPurposes(); method public java.lang.String[] getSignaturePaddings(); method public int getUserAuthenticationValidityDurationSeconds(); method public boolean isTeeBacked(); method public boolean isInsideSecureHardware(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementTeeEnforced(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); } public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter { keystore/java/android/security/KeyStoreKeyProperties.java +1 −1 Original line number Diff line number Diff line Loading @@ -656,7 +656,7 @@ public abstract class KeyStoreKeyProperties { public static final int IMPORTED = 1 << 1; /** * Origin of the key is unknown. This can occur only for keys backed by an old TEE * Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed * implementation which does not record origin information. */ public static final int UNKNOWN = 1 << 2; Loading keystore/java/android/security/KeyStoreKeySpec.java +16 −13 Original line number Diff line number Diff line Loading @@ -26,7 +26,7 @@ import java.util.Date; public class KeyStoreKeySpec implements KeySpec { private final String mKeystoreAlias; private final int mKeySize; private final boolean mTeeBacked; private final boolean mInsideSecureHardware; private final @KeyStoreKeyProperties.OriginEnum int mOrigin; private final Date mKeyValidityStart; private final Date mKeyValidityForOriginationEnd; Loading @@ -38,13 +38,13 @@ public class KeyStoreKeySpec implements KeySpec { private final @KeyStoreKeyProperties.BlockModeEnum String[] mBlockModes; private final boolean mUserAuthenticationRequired; private final int mUserAuthenticationValidityDurationSeconds; private final boolean mUserAuthenticationRequirementTeeEnforced; private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware; /** * @hide */ KeyStoreKeySpec(String keystoreKeyAlias, boolean teeBacked, boolean insideSecureHardware, @KeyStoreKeyProperties.OriginEnum int origin, int keySize, Date keyValidityStart, Loading @@ -57,9 +57,9 @@ public class KeyStoreKeySpec implements KeySpec { @KeyStoreKeyProperties.BlockModeEnum String[] blockModes, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, boolean userAuthenticationRequirementTeeEnforced) { boolean userAuthenticationRequirementEnforcedBySecureHardware) { mKeystoreAlias = keystoreKeyAlias; mTeeBacked = teeBacked; mInsideSecureHardware = insideSecureHardware; mOrigin = origin; mKeySize = keySize; mKeyValidityStart = keyValidityStart; Loading @@ -74,7 +74,8 @@ public class KeyStoreKeySpec implements KeySpec { mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes)); mUserAuthenticationRequired = userAuthenticationRequired; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; mUserAuthenticationRequirementTeeEnforced = userAuthenticationRequirementTeeEnforced; mUserAuthenticationRequirementEnforcedBySecureHardware = userAuthenticationRequirementEnforcedBySecureHardware; } /** Loading @@ -85,11 +86,12 @@ public class KeyStoreKeySpec implements KeySpec { } /** * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available * in plaintext only inside the TEE. * Returns {@code true} if the key resides inside secure hardware (e.g., Trusted Execution * Environment (TEE) or Secure Element (SE)). Key material of such keys is available in * plaintext only inside the secure hardware and is not exposed outside of it. */ public boolean isTeeBacked() { return mTeeBacked; public boolean isInsideSecureHardware() { return mInsideSecureHardware; } /** Loading Loading @@ -192,11 +194,12 @@ public class KeyStoreKeySpec implements KeySpec { /** * Returns {@code true} if the requirement that this key can only be used if the user has been * authenticated if enforced by the TEE. * authenticated if enforced by secure hardware (e.g., Trusted Execution Environment (TEE) or * Secure Element (SE)). * * @see #isUserAuthenticationRequired() */ public boolean isUserAuthenticationRequirementTeeEnforced() { return mUserAuthenticationRequirementTeeEnforced; public boolean isUserAuthenticationRequirementEnforcedBySecureHardware() { return mUserAuthenticationRequirementEnforcedBySecureHardware; } } keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java +6 −6 Original line number Diff line number Diff line Loading @@ -74,7 +74,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { + " Keystore error: " + errorCode); } boolean teeBacked; boolean insideSecureHardware; @KeyStoreKeyProperties.OriginEnum int origin; int keySize; @KeyStoreKeyProperties.PurposeEnum int purposes; Loading @@ -85,11 +85,11 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { int keymasterHwEnforcedUserAuthenticators; try { if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = true; insideSecureHardware = true; origin = KeyStoreKeyProperties.Origin.fromKeymaster( keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = false; insideSecureHardware = false; origin = KeyStoreKeyProperties.Origin.fromKeymaster( keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else { Loading Loading @@ -150,12 +150,12 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { !keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); int userAuthenticationValidityDurationSeconds = keyCharacteristics.getInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, -1); boolean userAuthenticationRequirementEnforcedInTee = (userAuthenticationRequired) boolean userAuthenticationRequirementEnforcedBySecureHardware = (userAuthenticationRequired) && (keymasterHwEnforcedUserAuthenticators != 0) && (keymasterSwEnforcedUserAuthenticators == 0); return new KeyStoreKeySpec(entryAlias, teeBacked, insideSecureHardware, origin, keySize, keyValidityStart, Loading @@ -168,7 +168,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { blockModes, userAuthenticationRequired, userAuthenticationValidityDurationSeconds, userAuthenticationRequirementEnforcedInTee); userAuthenticationRequirementEnforcedBySecureHardware); } @Override Loading Loading
api/current.txt +2 −2 Original line number Diff line number Diff line Loading @@ -28593,9 +28593,9 @@ package android.security { method public int getPurposes(); method public java.lang.String[] getSignaturePaddings(); method public int getUserAuthenticationValidityDurationSeconds(); method public boolean isTeeBacked(); method public boolean isInsideSecureHardware(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementTeeEnforced(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); } public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {
api/system-current.txt +2 −2 Original line number Diff line number Diff line Loading @@ -30607,9 +30607,9 @@ package android.security { method public int getPurposes(); method public java.lang.String[] getSignaturePaddings(); method public int getUserAuthenticationValidityDurationSeconds(); method public boolean isTeeBacked(); method public boolean isInsideSecureHardware(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementTeeEnforced(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); } public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {
keystore/java/android/security/KeyStoreKeyProperties.java +1 −1 Original line number Diff line number Diff line Loading @@ -656,7 +656,7 @@ public abstract class KeyStoreKeyProperties { public static final int IMPORTED = 1 << 1; /** * Origin of the key is unknown. This can occur only for keys backed by an old TEE * Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed * implementation which does not record origin information. */ public static final int UNKNOWN = 1 << 2; Loading
keystore/java/android/security/KeyStoreKeySpec.java +16 −13 Original line number Diff line number Diff line Loading @@ -26,7 +26,7 @@ import java.util.Date; public class KeyStoreKeySpec implements KeySpec { private final String mKeystoreAlias; private final int mKeySize; private final boolean mTeeBacked; private final boolean mInsideSecureHardware; private final @KeyStoreKeyProperties.OriginEnum int mOrigin; private final Date mKeyValidityStart; private final Date mKeyValidityForOriginationEnd; Loading @@ -38,13 +38,13 @@ public class KeyStoreKeySpec implements KeySpec { private final @KeyStoreKeyProperties.BlockModeEnum String[] mBlockModes; private final boolean mUserAuthenticationRequired; private final int mUserAuthenticationValidityDurationSeconds; private final boolean mUserAuthenticationRequirementTeeEnforced; private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware; /** * @hide */ KeyStoreKeySpec(String keystoreKeyAlias, boolean teeBacked, boolean insideSecureHardware, @KeyStoreKeyProperties.OriginEnum int origin, int keySize, Date keyValidityStart, Loading @@ -57,9 +57,9 @@ public class KeyStoreKeySpec implements KeySpec { @KeyStoreKeyProperties.BlockModeEnum String[] blockModes, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, boolean userAuthenticationRequirementTeeEnforced) { boolean userAuthenticationRequirementEnforcedBySecureHardware) { mKeystoreAlias = keystoreKeyAlias; mTeeBacked = teeBacked; mInsideSecureHardware = insideSecureHardware; mOrigin = origin; mKeySize = keySize; mKeyValidityStart = keyValidityStart; Loading @@ -74,7 +74,8 @@ public class KeyStoreKeySpec implements KeySpec { mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes)); mUserAuthenticationRequired = userAuthenticationRequired; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; mUserAuthenticationRequirementTeeEnforced = userAuthenticationRequirementTeeEnforced; mUserAuthenticationRequirementEnforcedBySecureHardware = userAuthenticationRequirementEnforcedBySecureHardware; } /** Loading @@ -85,11 +86,12 @@ public class KeyStoreKeySpec implements KeySpec { } /** * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available * in plaintext only inside the TEE. * Returns {@code true} if the key resides inside secure hardware (e.g., Trusted Execution * Environment (TEE) or Secure Element (SE)). Key material of such keys is available in * plaintext only inside the secure hardware and is not exposed outside of it. */ public boolean isTeeBacked() { return mTeeBacked; public boolean isInsideSecureHardware() { return mInsideSecureHardware; } /** Loading Loading @@ -192,11 +194,12 @@ public class KeyStoreKeySpec implements KeySpec { /** * Returns {@code true} if the requirement that this key can only be used if the user has been * authenticated if enforced by the TEE. * authenticated if enforced by secure hardware (e.g., Trusted Execution Environment (TEE) or * Secure Element (SE)). * * @see #isUserAuthenticationRequired() */ public boolean isUserAuthenticationRequirementTeeEnforced() { return mUserAuthenticationRequirementTeeEnforced; public boolean isUserAuthenticationRequirementEnforcedBySecureHardware() { return mUserAuthenticationRequirementEnforcedBySecureHardware; } }
keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java +6 −6 Original line number Diff line number Diff line Loading @@ -74,7 +74,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { + " Keystore error: " + errorCode); } boolean teeBacked; boolean insideSecureHardware; @KeyStoreKeyProperties.OriginEnum int origin; int keySize; @KeyStoreKeyProperties.PurposeEnum int purposes; Loading @@ -85,11 +85,11 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { int keymasterHwEnforcedUserAuthenticators; try { if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = true; insideSecureHardware = true; origin = KeyStoreKeyProperties.Origin.fromKeymaster( keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = false; insideSecureHardware = false; origin = KeyStoreKeyProperties.Origin.fromKeymaster( keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else { Loading Loading @@ -150,12 +150,12 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { !keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); int userAuthenticationValidityDurationSeconds = keyCharacteristics.getInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, -1); boolean userAuthenticationRequirementEnforcedInTee = (userAuthenticationRequired) boolean userAuthenticationRequirementEnforcedBySecureHardware = (userAuthenticationRequired) && (keymasterHwEnforcedUserAuthenticators != 0) && (keymasterSwEnforcedUserAuthenticators == 0); return new KeyStoreKeySpec(entryAlias, teeBacked, insideSecureHardware, origin, keySize, keyValidityStart, Loading @@ -168,7 +168,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { blockModes, userAuthenticationRequired, userAuthenticationValidityDurationSeconds, userAuthenticationRequirementEnforcedInTee); userAuthenticationRequirementEnforcedBySecureHardware); } @Override Loading
