Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c1830bd authored by Shawn Willden's avatar Shawn Willden
Browse files

Rename trustedUserPresenceRequired. 

The existing name is misleading, because it can be read as requiring
that a trusted user be present, rather than the intended meaning of
requiring trusted proof of user presence.  Since this is all about
TEE/SE-based keys, the "trusted" part is implied, so the simple
"userPresenceRequired" name makes more sense.

Bug: 77151288
Test: Keystore CTS tests
Change-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b
parent 78e80568

api/current.txt

+4 −4
Original line number Diff line number Diff line
@@ -38578,11 +38578,11 @@ package android.security.keystore { 
    method public boolean isInvalidatedByBiometricEnrollment();

    method public boolean isRandomizedEncryptionRequired();

    method public boolean isStrongBoxBacked();

    method public boolean isTrustedUserPresenceRequired();

    method public boolean isUnlockedDeviceRequired();

    method public boolean isUserAuthenticationRequired();

    method public boolean isUserAuthenticationValidWhileOnBody();

    method public boolean isUserConfirmationRequired();

    method public boolean isUserPresenceRequired();

  }















  public static final class KeyGenParameterSpec.Builder {









@@ -38606,12 +38606,12 @@ package android.security.keystore {













    method public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date);















    method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);















    method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);













    method public android.security.keystore.KeyGenParameterSpec.Builder setTrustedUserPresenceRequired(boolean);















    method public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean);















    method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);















    method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);















    method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);















    method public android.security.keystore.KeyGenParameterSpec.Builder setUserConfirmationRequired(boolean);













    method public android.security.keystore.KeyGenParameterSpec.Builder setUserPresenceRequired(boolean);















  }





























  public class KeyInfo implements java.security.spec.KeySpec {










@@ -38699,11 +38699,11 @@ package android.security.keystore {













    method public boolean isDigestsSpecified();















    method public boolean isInvalidatedByBiometricEnrollment();















    method public boolean isRandomizedEncryptionRequired();













    method public boolean isTrustedUserPresenceRequired();















    method public boolean isUnlockedDeviceRequired();















    method public boolean isUserAuthenticationRequired();















    method public boolean isUserAuthenticationValidWhileOnBody();















    method public boolean isUserConfirmationRequired();













    method public boolean isUserPresenceRequired();















  }





























  public static final class KeyProtection.Builder {









@@ -38719,12 +38719,12 @@ package android.security.keystore {













    method public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date);















    method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);















    method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);













    method public android.security.keystore.KeyProtection.Builder setTrustedUserPresenceRequired(boolean);















    method public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean);















    method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);















    method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);















    method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);















    method public android.security.keystore.KeyProtection.Builder setUserConfirmationRequired(boolean);













    method public android.security.keystore.KeyProtection.Builder setUserPresenceRequired(boolean);















  }





























  public class StrongBoxUnavailableException extends java.security.ProviderException {

























keystore/java/android/security/keystore/KeyGenParameterSpec.java



+10
−10




























Original line number
Diff line number
Diff line








@@ -259,7 +259,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













    private final boolean mRandomizedEncryptionRequired;















    private final boolean mUserAuthenticationRequired;















    private final int mUserAuthenticationValidityDurationSeconds;













    private final boolean mTrustedUserPresenceRequred;













    private final boolean mUserPresenceRequired;















    private final byte[] mAttestationChallenge;















    private final boolean mUniqueIdIncluded;















    private final boolean mUserAuthenticationValidWhileOnBody;










@@ -291,7 +291,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













            boolean randomizedEncryptionRequired,















            boolean userAuthenticationRequired,















            int userAuthenticationValidityDurationSeconds,













            boolean trustedUserPresenceRequired,













            boolean userPresenceRequired,















            byte[] attestationChallenge,















            boolean uniqueIdIncluded,















            boolean userAuthenticationValidWhileOnBody,










@@ -339,7 +339,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













        mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));















        mRandomizedEncryptionRequired = randomizedEncryptionRequired;















        mUserAuthenticationRequired = userAuthenticationRequired;













        mTrustedUserPresenceRequred = trustedUserPresenceRequired;













        mUserPresenceRequired = userPresenceRequired;















        mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;















        mAttestationChallenge = Utils.cloneIfNotNull(attestationChallenge);















        mUniqueIdIncluded = uniqueIdIncluded;










@@ -595,8 +595,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













     * Returns {@code true} if the key is authorized to be used only if a test of user presence has















     * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls.















     */













    public boolean isTrustedUserPresenceRequired() {













        return mTrustedUserPresenceRequred;













    public boolean isUserPresenceRequired() {













        return mUserPresenceRequired;















    }































    /**










@@ -712,7 +712,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













        private boolean mRandomizedEncryptionRequired = true;















        private boolean mUserAuthenticationRequired;















        private int mUserAuthenticationValidityDurationSeconds = -1;













        private boolean mTrustedUserPresenceRequired = false;













        private boolean mUserPresenceRequired = false;















        private byte[] mAttestationChallenge = null;















        private boolean mUniqueIdIncluded = false;















        private boolean mUserAuthenticationValidWhileOnBody;










@@ -775,7 +775,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













            mUserAuthenticationRequired = sourceSpec.isUserAuthenticationRequired();















            mUserAuthenticationValidityDurationSeconds =















                sourceSpec.getUserAuthenticationValidityDurationSeconds();













            mTrustedUserPresenceRequired = sourceSpec.isTrustedUserPresenceRequired();













            mUserPresenceRequired = sourceSpec.isUserPresenceRequired();















            mAttestationChallenge = sourceSpec.getAttestationChallenge();















            mUniqueIdIncluded = sourceSpec.isUniqueIdIncluded();















            mUserAuthenticationValidWhileOnBody = sourceSpec.isUserAuthenticationValidWhileOnBody();










@@ -1180,8 +1180,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













         * {@code Signature.initSign()} and {@code Signature.sign()} method calls.















         */















        @NonNull













        public Builder setTrustedUserPresenceRequired(boolean required) {













            mTrustedUserPresenceRequired = required;













        public Builder setUserPresenceRequired(boolean required) {













            mUserPresenceRequired = required;















            return this;















        }


























@@ -1324,7 +1324,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu













                    mRandomizedEncryptionRequired,















                    mUserAuthenticationRequired,















                    mUserAuthenticationValidityDurationSeconds,













                    mTrustedUserPresenceRequired,













                    mUserPresenceRequired,















                    mAttestationChallenge,















                    mUniqueIdIncluded,















                    mUserAuthenticationValidWhileOnBody,

































keystore/java/android/security/keystore/KeyProtection.java



+9
−9




























Original line number
Diff line number
Diff line








@@ -224,7 +224,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













    private final boolean mRandomizedEncryptionRequired;















    private final boolean mUserAuthenticationRequired;















    private final int mUserAuthenticationValidityDurationSeconds;













    private final boolean mTrustedUserPresenceRequired;













    private final boolean mUserPresenceRequred;















    private final boolean mUserAuthenticationValidWhileOnBody;















    private final boolean mInvalidatedByBiometricEnrollment;















    private final long mBoundToSecureUserId;









@@ -244,7 +244,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













            boolean randomizedEncryptionRequired,















            boolean userAuthenticationRequired,















            int userAuthenticationValidityDurationSeconds,













            boolean trustedUserPresenceRequired,













            boolean userPresenceRequred,















            boolean userAuthenticationValidWhileOnBody,















            boolean invalidatedByBiometricEnrollment,















            long boundToSecureUserId,









@@ -264,7 +264,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













        mRandomizedEncryptionRequired = randomizedEncryptionRequired;















        mUserAuthenticationRequired = userAuthenticationRequired;















        mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;













        mTrustedUserPresenceRequired = trustedUserPresenceRequired;













        mUserPresenceRequred = userPresenceRequred;















        mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody;















        mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment;















        mBoundToSecureUserId = boundToSecureUserId;










@@ -446,8 +446,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













     * Returns {@code true} if the key is authorized to be used only if a test of user presence has















     * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls.















     */













    public boolean isTrustedUserPresenceRequired() {













        return mTrustedUserPresenceRequired;













    public boolean isUserPresenceRequired() {













        return mUserPresenceRequred;















    }































    /**










@@ -532,7 +532,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













        private boolean mRandomizedEncryptionRequired = true;















        private boolean mUserAuthenticationRequired;















        private int mUserAuthenticationValidityDurationSeconds = -1;













        private boolean mTrustedUserPresenceRequired = false;













        private boolean mUserPresenceRequired = false;















        private boolean mUserAuthenticationValidWhileOnBody;















        private boolean mInvalidatedByBiometricEnrollment = true;















        private boolean mUserConfirmationRequired;










@@ -841,8 +841,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













         * {@code Signature.initSign()} and {@code Signature.sign()} method calls.















         */















        @NonNull













        public Builder setTrustedUserPresenceRequired(boolean required) {













            mTrustedUserPresenceRequired = required;













        public Builder setUserPresenceRequired(boolean required) {













            mUserPresenceRequired = required;















            return this;















        }


























@@ -958,7 +958,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {













                    mRandomizedEncryptionRequired,















                    mUserAuthenticationRequired,















                    mUserAuthenticationValidityDurationSeconds,













                    mTrustedUserPresenceRequired,













                    mUserPresenceRequired,















                    mUserAuthenticationValidWhileOnBody,















                    mInvalidatedByBiometricEnrollment,















                    mBoundToSecureUserId,

































keystore/java/android/security/keystore/KeymasterUtils.java



+1
−1




























Original line number
Diff line number
Diff line








@@ -106,7 +106,7 @@ public abstract class KeymasterUtils {













            args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_CONFIRMATION_REQUIRED);















        }





























        if (spec.isTrustedUserPresenceRequired()) {













        if (spec.isUserPresenceRequired()) {















            args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED);















        }

















































keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java



+2
−2




























Original line number
Diff line number
Diff line








@@ -101,7 +101,7 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {













        out.writeBoolean(mSpec.isUniqueIdIncluded());















        out.writeBoolean(mSpec.isUserAuthenticationValidWhileOnBody());















        out.writeBoolean(mSpec.isInvalidatedByBiometricEnrollment());













        out.writeBoolean(mSpec.isTrustedUserPresenceRequired());













        out.writeBoolean(mSpec.isUserPresenceRequired());















    }































    private static Date readDateOrNull(Parcel in) {










@@ -165,7 +165,7 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {













        builder.setUniqueIdIncluded(in.readBoolean());















        builder.setUserAuthenticationValidWhileOnBody(in.readBoolean());















        builder.setInvalidatedByBiometricEnrollment(in.readBoolean());













        builder.setTrustedUserPresenceRequired(in.readBoolean());













        builder.setUserPresenceRequired(in.readBoolean());















        mSpec = builder.build();















    }