Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 826bdb39 authored by Eran Messeri's avatar Eran Messeri Committed by Automerger Merge Worker
Browse files

Merge "Continue flag work for MGF1 Digest setter" into main am: ae4a3150 am: 320c0a6a 

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2956173



Change-Id: Ib2dcd3e9342886326f758bc12c80cc6c07a78aac
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents e84d3499 320c0a6a

core/api/current.txt

+6 −6
Original line number Diff line number Diff line
@@ -39654,7 +39654,7 @@ package android.security.keystore { 
    method @Nullable public java.util.Date getKeyValidityStart();

    method @NonNull public String getKeystoreAlias();

    method public int getMaxUsageCount();

    method @FlaggedApi("android.security.mgf1_digest_setter") @NonNull public java.util.Set<java.lang.String> getMgf1Digests();

    method @FlaggedApi("android.security.mgf1_digest_setter_v2") @NonNull public java.util.Set<java.lang.String> getMgf1Digests();

    method public int getPurposes();

    method @NonNull public String[] getSignaturePaddings();

    method public int getUserAuthenticationType();
@@ -39662,7 +39662,7 @@ package android.security.keystore { 
    method public boolean isDevicePropertiesAttestationIncluded();

    method @NonNull public boolean isDigestsSpecified();

    method public boolean isInvalidatedByBiometricEnrollment();

    method @FlaggedApi("android.security.mgf1_digest_setter") @NonNull public boolean isMgf1DigestsSpecified();

    method @FlaggedApi("android.security.mgf1_digest_setter_v2") @NonNull public boolean isMgf1DigestsSpecified();

    method public boolean isRandomizedEncryptionRequired();

    method public boolean isStrongBoxBacked();

    method public boolean isUnlockedDeviceRequired();
@@ -39694,7 +39694,7 @@ package android.security.keystore { 
    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMaxUsageCount(int);

    method @FlaggedApi("android.security.mgf1_digest_setter") @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMgf1Digests(@NonNull java.lang.String...);

    method @FlaggedApi("android.security.mgf1_digest_setter_v2") @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMgf1Digests(@NonNull java.lang.String...);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);

    method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean);
@@ -39799,14 +39799,14 @@ package android.security.keystore { 
    method @Nullable public java.util.Date getKeyValidityForOriginationEnd();

    method @Nullable public java.util.Date getKeyValidityStart();

    method public int getMaxUsageCount();

    method @FlaggedApi("android.security.mgf1_digest_setter") @NonNull public java.util.Set<java.lang.String> getMgf1Digests();

    method @FlaggedApi("android.security.mgf1_digest_setter_v2") @NonNull public java.util.Set<java.lang.String> getMgf1Digests();

    method public int getPurposes();

    method @NonNull public String[] getSignaturePaddings();

    method public int getUserAuthenticationType();

    method public int getUserAuthenticationValidityDurationSeconds();

    method public boolean isDigestsSpecified();

    method public boolean isInvalidatedByBiometricEnrollment();

    method @FlaggedApi("android.security.mgf1_digest_setter") @NonNull public boolean isMgf1DigestsSpecified();

    method @FlaggedApi("android.security.mgf1_digest_setter_v2") @NonNull public boolean isMgf1DigestsSpecified();

    method public boolean isRandomizedEncryptionRequired();

    method public boolean isUnlockedDeviceRequired();

    method public boolean isUserAuthenticationRequired();
@@ -39828,7 +39828,7 @@ package android.security.keystore { 
    method @NonNull public android.security.keystore.KeyProtection.Builder setKeyValidityForOriginationEnd(java.util.Date);

    method @NonNull public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date);

    method @NonNull public android.security.keystore.KeyProtection.Builder setMaxUsageCount(int);

    method @FlaggedApi("android.security.mgf1_digest_setter") @NonNull public android.security.keystore.KeyProtection.Builder setMgf1Digests(@Nullable java.lang.String...);

    method @FlaggedApi("android.security.mgf1_digest_setter_v2") @NonNull public android.security.keystore.KeyProtection.Builder setMgf1Digests(@Nullable java.lang.String...);

    method @NonNull public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);

    method @NonNull public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);

    method @NonNull public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean);

core/java/android/security/flags.aconfig

+2 −1
Original line number Diff line number Diff line
@@ -15,10 +15,11 @@ flag { 
}



flag {

    name: "mgf1_digest_setter"

    name: "mgf1_digest_setter_v2"

    namespace: "hardware_backed_security"

    description: "Feature flag for mgf1 digest setter in key generation and import parameters."

    bug: "308378912"

    is_fixed_read_only: true

}



flag {

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+3 −3
Original line number Diff line number Diff line
@@ -618,7 +618,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu 
     * @see #isMgf1DigestsSpecified()

     */

    @NonNull

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER_V2)

    public @KeyProperties.DigestEnum Set<String> getMgf1Digests() {

        if (mMgf1Digests.isEmpty()) {

            throw new IllegalStateException("Mask generation function (MGF) not specified");
@@ -633,7 +633,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu 
     * @see #getMgf1Digests()

     */

    @NonNull

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER_V2)

    public boolean isMgf1DigestsSpecified() {

        return !mMgf1Digests.isEmpty();

    }
@@ -1292,7 +1292,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu 
         * <p>See {@link KeyProperties}.{@code DIGEST} constants.

         */

        @NonNull

        @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)

        @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER_V2)

        public Builder setMgf1Digests(@NonNull @KeyProperties.DigestEnum String... mgf1Digests) {

            mMgf1Digests = Set.of(mgf1Digests);

            return this;

keystore/java/android/security/keystore/KeyProtection.java

+3 −3
Original line number Diff line number Diff line
@@ -401,7 +401,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { 
     * @see #isMgf1DigestsSpecified()

     */

    @NonNull

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER_V2)

    public @KeyProperties.DigestEnum Set<String> getMgf1Digests() {

        if (mMgf1Digests.isEmpty()) {

            throw new IllegalStateException("Mask generation function (MGF) not specified");
@@ -416,7 +416,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { 
     * @see #getMgf1Digests()

     */

    @NonNull

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)

    @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER_V2)

    public boolean isMgf1DigestsSpecified() {

        return !mMgf1Digests.isEmpty();

    }
@@ -799,7 +799,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { 
         * <p>See {@link KeyProperties}.{@code DIGEST} constants.

         */

        @NonNull

        @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER)

        @FlaggedApi(android.security.Flags.FLAG_MGF1_DIGEST_SETTER_V2)

        public Builder setMgf1Digests(@Nullable @KeyProperties.DigestEnum String... mgf1Digests) {

            mMgf1Digests = Set.of(mgf1Digests);

            return this;

keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java

+1 −1
Original line number Diff line number Diff line
@@ -974,7 +974,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato 


    private static boolean getMgf1DigestSetterFlag() {

        try {

            return Flags.mgf1DigestSetter();

            return Flags.mgf1DigestSetterV2();

        } catch (SecurityException e) {

            Log.w(TAG, "Cannot read MGF1 Digest setter flag value", e);

            return false;