Merge "Refactor AddUserAuthArgs for extensibility" (77dda375) · Commits · e / os / android_frameworks_base

api/current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -39373,6 +39373,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isInvalidatedByBiometricEnrollment();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isTrustedUserPresenceRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		method public boolean isUserConfirmationRequired();
		@@ -39391,6 +39392,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date);
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setTrustedUserPresenceRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+2 −17

Original line number	Diff line number	Diff line
		@@ -243,13 +243,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		// Check that user authentication related parameters are acceptable. This method
		// will throw an IllegalStateException if there are issues (e.g., secure lock screen
		// not set up).
		KeymasterUtils.addUserAuthArgs(new KeymasterArguments(),
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody(),
		spec.isInvalidatedByBiometricEnrollment(),
		GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,
		spec.isUserConfirmationRequired());
		KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), spec);
		} catch (IllegalStateException \| IllegalArgumentException e) {
		throw new InvalidAlgorithmParameterException(e);
		}
		@@ -285,16 +279,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		args.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, mKeymasterBlockModes);
		args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterPaddings);
		args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);
		KeymasterUtils.addUserAuthArgs(args,
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody(),
		spec.isInvalidatedByBiometricEnrollment(),
		GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,
		spec.isUserConfirmationRequired());
		if (spec.isTrustedUserPresenceRequired()) {
		args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED);
		}
		KeymasterUtils.addUserAuthArgs(args, spec);
		KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(
		args,
		mKeymasterAlgorithm,

keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java

+2 −14

Original line number	Diff line number	Diff line
		@@ -344,13 +344,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		// Check that user authentication related parameters are acceptable. This method
		// will throw an IllegalStateException if there are issues (e.g., secure lock screen
		// not set up).
		KeymasterUtils.addUserAuthArgs(new KeymasterArguments(),
		mSpec.isUserAuthenticationRequired(),
		mSpec.getUserAuthenticationValidityDurationSeconds(),
		mSpec.isUserAuthenticationValidWhileOnBody(),
		mSpec.isInvalidatedByBiometricEnrollment(),
		GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,
		mSpec.isUserConfirmationRequired());
		KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), mSpec);
		} catch (IllegalArgumentException \| IllegalStateException e) {
		throw new InvalidAlgorithmParameterException(e);
		}
		@@ -541,13 +535,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterSignaturePaddings);
		args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);

		KeymasterUtils.addUserAuthArgs(args,
		mSpec.isUserAuthenticationRequired(),
		mSpec.getUserAuthenticationValidityDurationSeconds(),
		mSpec.isUserAuthenticationValidWhileOnBody(),
		mSpec.isInvalidatedByBiometricEnrollment(),
		GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */,
		mSpec.isUserConfirmationRequired());
		KeymasterUtils.addUserAuthArgs(args, mSpec);
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		mSpec.getKeyValidityForOriginationEnd());

keystore/java/android/security/keystore/AndroidKeyStoreSpi.java

+2 −14

Original line number	Diff line number	Diff line
		@@ -497,13 +497,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		importArgs.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterEncryptionPaddings);
		importArgs.addEnums(KeymasterDefs.KM_TAG_PADDING,
		KeyProperties.SignaturePadding.allToKeymaster(spec.getSignaturePaddings()));
		KeymasterUtils.addUserAuthArgs(importArgs,
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody(),
		spec.isInvalidatedByBiometricEnrollment(),
		spec.getBoundToSpecificSecureUserId(),
		spec.isUserConfirmationRequired());
		KeymasterUtils.addUserAuthArgs(importArgs, spec);
		importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
		spec.getKeyValidityStart());
		importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		@@ -700,13 +694,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		int[] keymasterPaddings = KeyProperties.EncryptionPadding.allToKeymaster(
		params.getEncryptionPaddings());
		args.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterPaddings);
		KeymasterUtils.addUserAuthArgs(args,
		params.isUserAuthenticationRequired(),
		params.getUserAuthenticationValidityDurationSeconds(),
		params.isUserAuthenticationValidWhileOnBody(),
		params.isInvalidatedByBiometricEnrollment(),
		params.getBoundToSpecificSecureUserId(),
		params.isUserConfirmationRequired());
		KeymasterUtils.addUserAuthArgs(args, params);
		KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(
		args,
		keymasterAlgorithm,

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+9 −1

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.app.KeyguardManager;
		import android.hardware.fingerprint.FingerprintManager;
		import android.security.GateKeeper;
		import android.security.KeyStore;
		import android.text.TextUtils;

		@@ -232,7 +233,7 @@ import javax.security.auth.x500.X500Principal;
		* key = (SecretKey) keyStore.getKey("key2", null);
		* }</pre>
		*/
		public final class KeyGenParameterSpec implements AlgorithmParameterSpec {
		public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAuthArgs {

		private static final X500Principal DEFAULT_CERT_SUBJECT = new X500Principal("CN=fake");
		private static final BigInteger DEFAULT_CERT_SERIAL_NUMBER = new BigInteger("1");
		@@ -668,6 +669,13 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec {
		return mIsStrongBoxBacked;
		}

		/**
		* @hide
		*/
		public long getBoundToSpecificSecureUserId() {
		return GateKeeper.INVALID_SECURE_USER_ID;
		}

		/**
		* Builder of {@link KeyGenParameterSpec} instances.
		*/