Loading keystore/java/android/security/Credentials.java +41 −7 Original line number Diff line number Diff line Loading @@ -217,13 +217,22 @@ public class Credentials { * Returns {@code true} if there was at least one of those types. */ public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) { return deleteAllTypesForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete all types (private key, certificate, CA certificate) for a * particular {@code alias}. All three can exist for any given alias. * Returns {@code true} if there was at least one of those types. */ public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias, int uid) { /* * Make sure every type is deleted. There can be all three types, so * don't use a conditional here. */ return keystore.delete(Credentials.USER_PRIVATE_KEY + alias) | keystore.delete(Credentials.USER_SECRET_KEY + alias) | deleteCertificateTypesForAlias(keystore, alias); return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) | keystore.delete(Credentials.USER_SECRET_KEY + alias, uid) | deleteCertificateTypesForAlias(keystore, alias, uid); } /** Loading @@ -232,12 +241,21 @@ public class Credentials { * Returns {@code true} if there was at least one of those types. */ public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) { return deleteCertificateTypesForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete all types (private key, certificate, CA certificate) for a * particular {@code alias}. All three can exist for any given alias. * Returns {@code true} if there was at least one of those types. */ public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias, int uid) { /* * Make sure every certificate type is deleted. There can be two types, * so don't use a conditional here. */ return keystore.delete(Credentials.USER_CERTIFICATE + alias) | keystore.delete(Credentials.CA_CERTIFICATE + alias); return keystore.delete(Credentials.USER_CERTIFICATE + alias, uid) | keystore.delete(Credentials.CA_CERTIFICATE + alias, uid); } /** Loading @@ -245,7 +263,15 @@ public class Credentials { * Returns {@code true} if an entry was was deleted. */ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) { return keystore.delete(Credentials.USER_PRIVATE_KEY + alias); return deletePrivateKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete private key for a particular {@code alias}. * Returns {@code true} if an entry was was deleted. */ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias, int uid) { return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid); } /** Loading @@ -253,6 +279,14 @@ public class Credentials { * Returns {@code true} if an entry was was deleted. */ public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) { return keystore.delete(Credentials.USER_SECRET_KEY + alias); return deleteSecretKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete secret key for a particular {@code alias}. * Returns {@code true} if an entry was was deleted. */ public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias, int uid) { return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); } } keystore/java/android/security/KeyChain.java +1 −1 Original line number Diff line number Diff line Loading @@ -374,7 +374,7 @@ public final class KeyChain { throw new KeyChainException("keystore had a problem"); } return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore( KeyStore.getInstance(), keyId); KeyStore.getInstance(), keyId, KeyStore.UID_SELF); } catch (RemoteException e) { throw new KeyChainException(e); } catch (RuntimeException e) { Loading keystore/java/android/security/KeyStore.java +6 −4 Original line number Diff line number Diff line Loading @@ -640,7 +640,7 @@ public class KeyStore { * {@link KeyStoreException}. */ public InvalidKeyException getInvalidKeyException( String keystoreKeyAlias, KeyStoreException e) { String keystoreKeyAlias, int uid, KeyStoreException e) { switch (e.getErrorCode()) { case LOCKED: return new UserNotAuthenticatedException(); Loading @@ -658,7 +658,8 @@ public class KeyStore { // to authenticate. KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int getKeyCharacteristicsErrorCode = getKeyCharacteristics(keystoreKeyAlias, null, null, keyCharacteristics); getKeyCharacteristics(keystoreKeyAlias, null, null, uid, keyCharacteristics); if (getKeyCharacteristicsErrorCode != NO_ERROR) { return new InvalidKeyException( "Failed to obtained key characteristics", Loading Loading @@ -708,7 +709,8 @@ public class KeyStore { * Returns an {@link InvalidKeyException} corresponding to the provided keystore/keymaster error * code. */ public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int errorCode) { return getInvalidKeyException(keystoreKeyAlias, getKeyStoreException(errorCode)); public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int uid, int errorCode) { return getInvalidKeyException(keystoreKeyAlias, uid, getKeyStoreException(errorCode)); } } keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java +2 −1 Original line number Diff line number Diff line Loading @@ -249,7 +249,8 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor purpose, true, // permit aborting this operation if keystore runs out of resources keymasterInputArgs, additionalEntropy); additionalEntropy, mKey.getUid()); if (opResult == null) { throw new KeyStoreConnectException(); } Loading keystore/java/android/security/keystore/AndroidKeyStoreECDSASignatureSpi.java +2 −2 Original line number Diff line number Diff line Loading @@ -155,9 +155,9 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int errorCode = getKeyStore().getKeyCharacteristics( key.getAlias(), null, null, keyCharacteristics); key.getAlias(), null, null, key.getUid(), keyCharacteristics); if (errorCode != KeyStore.NO_ERROR) { throw getKeyStore().getInvalidKeyException(key.getAlias(), errorCode); throw getKeyStore().getInvalidKeyException(key.getAlias(), key.getUid(), errorCode); } long keySizeBits = keyCharacteristics.getUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, -1); if (keySizeBits == -1) { Loading Loading
keystore/java/android/security/Credentials.java +41 −7 Original line number Diff line number Diff line Loading @@ -217,13 +217,22 @@ public class Credentials { * Returns {@code true} if there was at least one of those types. */ public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) { return deleteAllTypesForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete all types (private key, certificate, CA certificate) for a * particular {@code alias}. All three can exist for any given alias. * Returns {@code true} if there was at least one of those types. */ public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias, int uid) { /* * Make sure every type is deleted. There can be all three types, so * don't use a conditional here. */ return keystore.delete(Credentials.USER_PRIVATE_KEY + alias) | keystore.delete(Credentials.USER_SECRET_KEY + alias) | deleteCertificateTypesForAlias(keystore, alias); return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) | keystore.delete(Credentials.USER_SECRET_KEY + alias, uid) | deleteCertificateTypesForAlias(keystore, alias, uid); } /** Loading @@ -232,12 +241,21 @@ public class Credentials { * Returns {@code true} if there was at least one of those types. */ public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) { return deleteCertificateTypesForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete all types (private key, certificate, CA certificate) for a * particular {@code alias}. All three can exist for any given alias. * Returns {@code true} if there was at least one of those types. */ public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias, int uid) { /* * Make sure every certificate type is deleted. There can be two types, * so don't use a conditional here. */ return keystore.delete(Credentials.USER_CERTIFICATE + alias) | keystore.delete(Credentials.CA_CERTIFICATE + alias); return keystore.delete(Credentials.USER_CERTIFICATE + alias, uid) | keystore.delete(Credentials.CA_CERTIFICATE + alias, uid); } /** Loading @@ -245,7 +263,15 @@ public class Credentials { * Returns {@code true} if an entry was was deleted. */ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) { return keystore.delete(Credentials.USER_PRIVATE_KEY + alias); return deletePrivateKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete private key for a particular {@code alias}. * Returns {@code true} if an entry was was deleted. */ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias, int uid) { return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid); } /** Loading @@ -253,6 +279,14 @@ public class Credentials { * Returns {@code true} if an entry was was deleted. */ public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) { return keystore.delete(Credentials.USER_SECRET_KEY + alias); return deleteSecretKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF); } /** * Delete secret key for a particular {@code alias}. * Returns {@code true} if an entry was was deleted. */ public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias, int uid) { return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); } }
keystore/java/android/security/KeyChain.java +1 −1 Original line number Diff line number Diff line Loading @@ -374,7 +374,7 @@ public final class KeyChain { throw new KeyChainException("keystore had a problem"); } return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore( KeyStore.getInstance(), keyId); KeyStore.getInstance(), keyId, KeyStore.UID_SELF); } catch (RemoteException e) { throw new KeyChainException(e); } catch (RuntimeException e) { Loading
keystore/java/android/security/KeyStore.java +6 −4 Original line number Diff line number Diff line Loading @@ -640,7 +640,7 @@ public class KeyStore { * {@link KeyStoreException}. */ public InvalidKeyException getInvalidKeyException( String keystoreKeyAlias, KeyStoreException e) { String keystoreKeyAlias, int uid, KeyStoreException e) { switch (e.getErrorCode()) { case LOCKED: return new UserNotAuthenticatedException(); Loading @@ -658,7 +658,8 @@ public class KeyStore { // to authenticate. KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int getKeyCharacteristicsErrorCode = getKeyCharacteristics(keystoreKeyAlias, null, null, keyCharacteristics); getKeyCharacteristics(keystoreKeyAlias, null, null, uid, keyCharacteristics); if (getKeyCharacteristicsErrorCode != NO_ERROR) { return new InvalidKeyException( "Failed to obtained key characteristics", Loading Loading @@ -708,7 +709,8 @@ public class KeyStore { * Returns an {@link InvalidKeyException} corresponding to the provided keystore/keymaster error * code. */ public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int errorCode) { return getInvalidKeyException(keystoreKeyAlias, getKeyStoreException(errorCode)); public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int uid, int errorCode) { return getInvalidKeyException(keystoreKeyAlias, uid, getKeyStoreException(errorCode)); } }
keystore/java/android/security/keystore/AndroidKeyStoreCipherSpiBase.java +2 −1 Original line number Diff line number Diff line Loading @@ -249,7 +249,8 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor purpose, true, // permit aborting this operation if keystore runs out of resources keymasterInputArgs, additionalEntropy); additionalEntropy, mKey.getUid()); if (opResult == null) { throw new KeyStoreConnectException(); } Loading
keystore/java/android/security/keystore/AndroidKeyStoreECDSASignatureSpi.java +2 −2 Original line number Diff line number Diff line Loading @@ -155,9 +155,9 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int errorCode = getKeyStore().getKeyCharacteristics( key.getAlias(), null, null, keyCharacteristics); key.getAlias(), null, null, key.getUid(), keyCharacteristics); if (errorCode != KeyStore.NO_ERROR) { throw getKeyStore().getInvalidKeyException(key.getAlias(), errorCode); throw getKeyStore().getInvalidKeyException(key.getAlias(), key.getUid(), errorCode); } long keySizeBits = keyCharacteristics.getUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, -1); if (keySizeBits == -1) { Loading
