Merge changes from topic "limited_use_key" into sc-dev

    field public static final String FEATURE_INPUT_METHODS = "android.software.input_methods";

    field public static final String FEATURE_IPSEC_TUNNELS = "android.software.ipsec_tunnels";

    field public static final String FEATURE_IRIS = "android.hardware.biometrics.iris";

    field public static final String FEATURE_KEYSTORE_LIMITED_USE_KEY = "android.hardware.keystore.limited_use_key";

    field public static final String FEATURE_KEYSTORE_SINGLE_USE_KEY = "android.hardware.keystore.single_use_key";

    field public static final String FEATURE_LEANBACK = "android.software.leanback";

    field public static final String FEATURE_LEANBACK_ONLY = "android.software.leanback_only";

    field public static final String FEATURE_LIVE_TV = "android.software.live_tv";

    method @Nullable public java.util.Date getKeyValidityForOriginationEnd();

    method @Nullable public java.util.Date getKeyValidityStart();

    method @NonNull public String getKeystoreAlias();

    method public int getMaxUsageCount();

    method public int getPurposes();

    method @NonNull public String[] getSignaturePaddings();

    method public int getUserAuthenticationType();

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMaxUsageCount(int);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean);

    method public String getKeystoreAlias();

    method public int getOrigin();

    method public int getPurposes();

    method public int getRemainingUsageCount();

    method public int getSecurityLevel();

    method @NonNull public String[] getSignaturePaddings();

    method public int getUserAuthenticationType();

    field public static final int SECURITY_LEVEL_UNKNOWN_SECURE = -1; // 0xffffffff

    field public static final String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1";

    field public static final String SIGNATURE_PADDING_RSA_PSS = "PSS";

    field public static final int UNRESTRICTED_USAGE_COUNT = -1; // 0xffffffff

  }

  public final class KeyProtection implements java.security.KeyStore.ProtectionParameter {

    method @Nullable public java.util.Date getKeyValidityForConsumptionEnd();

    method @Nullable public java.util.Date getKeyValidityForOriginationEnd();

    method @Nullable public java.util.Date getKeyValidityStart();

    method public int getMaxUsageCount();

    method public int getPurposes();

    method @NonNull public String[] getSignaturePaddings();

    method public int getUserAuthenticationType();

    method @NonNull public android.security.keystore.KeyProtection.Builder setKeyValidityForConsumptionEnd(java.util.Date);

    method @NonNull public android.security.keystore.KeyProtection.Builder setKeyValidityForOriginationEnd(java.util.Date);

    method @NonNull public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date);

    method @NonNull public android.security.keystore.KeyProtection.Builder setMaxUsageCount(int);

    method @NonNull public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);

    method @NonNull public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);

    method @NonNull public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean);

    @SdkConstant(SdkConstantType.FEATURE)

    public static final String FEATURE_CROSS_LAYER_BLUR = "android.software.cross_layer_blur";

    /**

     * Feature for {@link #getSystemAvailableFeatures} and {@link #hasSystemFeature}: The device has

     * a Keystore implementation that can only enforce limited use key in hardware with max usage

     * count equals to 1.

     */

    @SdkConstant(SdkConstantType.FEATURE)

    public static final String FEATURE_KEYSTORE_SINGLE_USE_KEY =

            "android.hardware.keystore.single_use_key";

    /**

     * Feature for {@link #getSystemAvailableFeatures} and {@link #hasSystemFeature}: The device has

     * a Keystore implementation that can enforce limited use key in hardware with any max usage

     * count (including count equals to 1).

     */

    @SdkConstant(SdkConstantType.FEATURE)

    public static final String FEATURE_KEYSTORE_LIMITED_USE_KEY =

            "android.hardware.keystore.limited_use_key";

    /** @hide */

    public static final boolean APP_ENUMERATION_ENABLED_BY_DEFAULT = true;

    public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS =

            Tag.MIN_SECONDS_BETWEEN_OPS; // KM_UINT | 403;

    public static final int KM_TAG_MAX_USES_PER_BOOT = Tag.MAX_USES_PER_BOOT; // KM_UINT | 404;

    public static final int KM_TAG_USAGE_COUNT_LIMIT = Tag.USAGE_COUNT_LIMIT; // KM_UINT | 405;

    public static final int KM_TAG_USER_ID = Tag.USER_ID; // KM_UINT | 501;

    public static final int KM_TAG_USER_SECURE_ID = Tag.USER_SECURE_ID; // KM_ULONG_REP | 502;

                // Keystore 1.0 does not tell us the exact security level of the key

                // so we report an unknown but secure security level.

                insideSecureHardware ? KeyProperties.SECURITY_LEVEL_UNKNOWN_SECURE

                        : KeyProperties.SECURITY_LEVEL_SOFTWARE);

                        : KeyProperties.SECURITY_LEVEL_SOFTWARE,

                KeyProperties.UNRESTRICTED_USAGE_COUNT);

    }

    private static BigInteger getGateKeeperSecureUserId() throws ProviderException {

    private final boolean mUserConfirmationRequired;

    private final boolean mUnlockedDeviceRequired;

    private final boolean mCriticalToDeviceEncryption;

    private final int mMaxUsageCount;

    /*

     * ***NOTE***: All new fields MUST also be added to the following:

     * ParcelableKeyGenParameterSpec class.

            boolean isStrongBoxBacked,

            boolean userConfirmationRequired,

            boolean unlockedDeviceRequired,

            boolean criticalToDeviceEncryption) {

            boolean criticalToDeviceEncryption,

            int maxUsageCount) {

        if (TextUtils.isEmpty(keyStoreAlias)) {

            throw new IllegalArgumentException("keyStoreAlias must not be empty");

        }

        mUserConfirmationRequired = userConfirmationRequired;

        mUnlockedDeviceRequired = unlockedDeviceRequired;

        mCriticalToDeviceEncryption = criticalToDeviceEncryption;

        mMaxUsageCount = maxUsageCount;

    }

    /**

    }

    /**

     * Return whether this key is critical to the device encryption flow.

     * Returns whether this key is critical to the device encryption flow.

     *

     * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION

     * @hide

        return mCriticalToDeviceEncryption;

    }

    /**

     * Returns the maximum number of times the limited use key is allowed to be used or

     * {@link KeyProperties#UNRESTRICTED_USAGE_COUNT} if there’s no restriction on the number of

     * times the key can be used.

     *

     * @see Builder#setMaxUsageCount(int)

     */

    public int getMaxUsageCount() {

        return mMaxUsageCount;

    }

    /**

     * Builder of {@link KeyGenParameterSpec} instances.

     */

        private boolean mUserConfirmationRequired;

        private boolean mUnlockedDeviceRequired = false;

        private boolean mCriticalToDeviceEncryption = false;

        private int mMaxUsageCount = KeyProperties.UNRESTRICTED_USAGE_COUNT;

        /**

         * Creates a new instance of the {@code Builder}.

            mUserConfirmationRequired = sourceSpec.isUserConfirmationRequired();

            mUnlockedDeviceRequired = sourceSpec.isUnlockedDeviceRequired();

            mCriticalToDeviceEncryption = sourceSpec.isCriticalToDeviceEncryption();

            mMaxUsageCount = sourceSpec.getMaxUsageCount();

        }

        /**

            return this;

        }

        /**

         * Sets the maximum number of times the key is allowed to be used. After every use of the

         * key, the use counter will decrease. This authorization applies only to secret key and

         * private key operations. Public key operations are not restricted. For example, after

         * successfully encrypting and decrypting data using methods such as

         * {@link Cipher#doFinal()}, the use counter of the secret key will decrease. After

         * successfully signing data using methods such as {@link Signature#sign()}, the use

         * counter of the private key will decrease.

         *

         * When the use counter is depleted, the key will be marked for deletion by Android

         * Keystore and any subsequent attempt to use the key will throw

         * {@link KeyPermanentlyInvalidatedException}. There is no key to be loaded from the

         * Android Keystore once the exhausted key is permanently deleted, as if the key never

         * existed before.

         *

         * <p>By default, there is no restriction on the usage of key.

         *

         * <p>Some secure hardware may not support this feature at all, in which case it will

         * be enforced in software, some secure hardware may support it but only with

         * maxUsageCount = 1, and some secure hardware may support it with larger value

         * of maxUsageCount.

         *

         * <p>The PackageManger feature flags:

         * {@link android.content.pm.PackageManager#FEATURE_KEYSTORE_SINGLE_USE_KEY} and

         * {@link android.content.pm.PackageManager#FEATURE_KEYSTORE_LIMITED_USE_KEY} can be used

         * to check whether the secure hardware cannot enforce this feature, can only enforce it

         * with maxUsageCount = 1, or can enforce it with larger value of maxUsageCount.

         *

         * @param maxUsageCount maximum number of times the key is allowed to be used or

         *        {@link KeyProperties#UNRESTRICTED_USAGE_COUNT} if there is no restriction on the

         *        usage.

         */

        @NonNull

        public Builder setMaxUsageCount(int maxUsageCount) {

            if (maxUsageCount == KeyProperties.UNRESTRICTED_USAGE_COUNT || maxUsageCount > 0) {

                mMaxUsageCount = maxUsageCount;

                return this;

            }

            throw new IllegalArgumentException("maxUsageCount is not valid");

        }

        /**

         * Builds an instance of {@code KeyGenParameterSpec}.

         */

                    mIsStrongBoxBacked,

                    mUserConfirmationRequired,

                    mUnlockedDeviceRequired,

                    mCriticalToDeviceEncryption);

                    mCriticalToDeviceEncryption,

                    mMaxUsageCount);

        }

    }

}