Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5437b816 authored by Brian Young's avatar Brian Young Committed by Brian C. Young
Browse files

Refactor AddUserAuthArgs for extensibility 

Create an interface that encapsulates the common arguments to
AddUserAuthArgs, add that interface to KeyProtection and
KeyGenParameterSpec, and refactor AddUserAuthArgs to accept an
instance of that interface.

Test: CTS Module CtsKeystoreTestCases

Bug: 74017618

Merged-In: I591e34e5d08421ea1c022bbb6e955ee3c01eb435
Change-Id: I591e34e5d08421ea1c022bbb6e955ee3c01eb435
(cherry picked from commit df16c56f)
parent 6b71daa0

api/current.txt

+2 −0
Original line number Diff line number Diff line
@@ -39384,6 +39384,7 @@ package android.security.keystore { 
    method public boolean isDigestsSpecified();

    method public boolean isInvalidatedByBiometricEnrollment();

    method public boolean isRandomizedEncryptionRequired();

    method public boolean isTrustedUserPresenceRequired();

    method public boolean isUserAuthenticationRequired();

    method public boolean isUserAuthenticationValidWhileOnBody();

    method public boolean isUserConfirmationRequired();
@@ -39402,6 +39403,7 @@ package android.security.keystore { 
    method public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date);

    method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);

    method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);

    method public android.security.keystore.KeyProtection.Builder setTrustedUserPresenceRequired(boolean);

    method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);

    method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);

    method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+2 −17
Original line number Diff line number Diff line
@@ -243,13 +243,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { 
                // Check that user authentication related parameters are acceptable. This method

                // will throw an IllegalStateException if there are issues (e.g., secure lock screen

                // not set up).

                KeymasterUtils.addUserAuthArgs(new KeymasterArguments(),

                        spec.isUserAuthenticationRequired(),

                        spec.getUserAuthenticationValidityDurationSeconds(),

                        spec.isUserAuthenticationValidWhileOnBody(),

                        spec.isInvalidatedByBiometricEnrollment(),

                        GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,

                        spec.isUserConfirmationRequired());

                KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), spec);

            } catch (IllegalStateException | IllegalArgumentException e) {

                throw new InvalidAlgorithmParameterException(e);

            }
@@ -285,16 +279,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { 
        args.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, mKeymasterBlockModes);

        args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterPaddings);

        args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);

        KeymasterUtils.addUserAuthArgs(args,

                spec.isUserAuthenticationRequired(),

                spec.getUserAuthenticationValidityDurationSeconds(),

                spec.isUserAuthenticationValidWhileOnBody(),

                spec.isInvalidatedByBiometricEnrollment(),

                GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,

                spec.isUserConfirmationRequired());

        if (spec.isTrustedUserPresenceRequired()) {

            args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED);

        }

        KeymasterUtils.addUserAuthArgs(args, spec);

        KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(

                args,

                mKeymasterAlgorithm,

keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java

+2 −14
Original line number Diff line number Diff line
@@ -344,13 +344,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato 
                // Check that user authentication related parameters are acceptable. This method

                // will throw an IllegalStateException if there are issues (e.g., secure lock screen

                // not set up).

                KeymasterUtils.addUserAuthArgs(new KeymasterArguments(),

                        mSpec.isUserAuthenticationRequired(),

                        mSpec.getUserAuthenticationValidityDurationSeconds(),

                        mSpec.isUserAuthenticationValidWhileOnBody(),

                        mSpec.isInvalidatedByBiometricEnrollment(),

                        GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,

                        mSpec.isUserConfirmationRequired());

                KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), mSpec);

            } catch (IllegalArgumentException | IllegalStateException e) {

                throw new InvalidAlgorithmParameterException(e);

            }
@@ -541,13 +535,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato 
        args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterSignaturePaddings);

        args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);



        KeymasterUtils.addUserAuthArgs(args,

                mSpec.isUserAuthenticationRequired(),

                mSpec.getUserAuthenticationValidityDurationSeconds(),

                mSpec.isUserAuthenticationValidWhileOnBody(),

                mSpec.isInvalidatedByBiometricEnrollment(),

                GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,

                mSpec.isUserConfirmationRequired());

        KeymasterUtils.addUserAuthArgs(args, mSpec);

        args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart());

        args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,

                mSpec.getKeyValidityForOriginationEnd());

keystore/java/android/security/keystore/AndroidKeyStoreSpi.java

+2 −14
Original line number Diff line number Diff line
@@ -497,13 +497,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { 
                importArgs.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterEncryptionPaddings);

                importArgs.addEnums(KeymasterDefs.KM_TAG_PADDING,

                        KeyProperties.SignaturePadding.allToKeymaster(spec.getSignaturePaddings()));

                KeymasterUtils.addUserAuthArgs(importArgs,

                        spec.isUserAuthenticationRequired(),

                        spec.getUserAuthenticationValidityDurationSeconds(),

                        spec.isUserAuthenticationValidWhileOnBody(),

                        spec.isInvalidatedByBiometricEnrollment(),

                        spec.getBoundToSpecificSecureUserId(),

                        spec.isUserConfirmationRequired());

                KeymasterUtils.addUserAuthArgs(importArgs, spec);

                importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,

                        spec.getKeyValidityStart());

                importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
@@ -700,13 +694,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { 
            int[] keymasterPaddings = KeyProperties.EncryptionPadding.allToKeymaster(

                    params.getEncryptionPaddings());

            args.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterPaddings);

            KeymasterUtils.addUserAuthArgs(args,

                    params.isUserAuthenticationRequired(),

                    params.getUserAuthenticationValidityDurationSeconds(),

                    params.isUserAuthenticationValidWhileOnBody(),

                    params.isInvalidatedByBiometricEnrollment(),

                    params.getBoundToSpecificSecureUserId(),

                    params.isUserConfirmationRequired());

            KeymasterUtils.addUserAuthArgs(args, params);

            KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(

                    args,

                    keymasterAlgorithm,

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+9 −1
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import android.annotation.NonNull; 
import android.annotation.Nullable;

import android.app.KeyguardManager;

import android.hardware.fingerprint.FingerprintManager;

import android.security.GateKeeper;

import android.security.KeyStore;

import android.text.TextUtils;
@@ -232,7 +233,7 @@ import javax.security.auth.x500.X500Principal; 
 * key = (SecretKey) keyStore.getKey("key2", null);

 * }</pre>

 */

public final class KeyGenParameterSpec implements AlgorithmParameterSpec {

public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAuthArgs {



    private static final X500Principal DEFAULT_CERT_SUBJECT = new X500Principal("CN=fake");

    private static final BigInteger DEFAULT_CERT_SERIAL_NUMBER = new BigInteger("1");
@@ -668,6 +669,13 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { 
        return mIsStrongBoxBacked;

    }



    /**

     * @hide

     */

    public long getBoundToSpecificSecureUserId() {

        return GateKeeper.INVALID_SECURE_USER_ID;

    }



    /**

     * Builder of {@link KeyGenParameterSpec} instances.

     */