Loading core/java/android/security/keystore/RecoveryController.java +1 −10 Original line number Original line Diff line number Diff line Loading @@ -443,16 +443,7 @@ public class RecoveryController { */ */ public byte[] generateAndStoreKey(@NonNull String alias) public byte[] generateAndStoreKey(@NonNull String alias) throws InternalRecoveryServiceException, LockScreenRequiredException { throws InternalRecoveryServiceException, LockScreenRequiredException { try { throw new UnsupportedOperationException(); return mBinder.generateAndStoreKey(alias); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_INSECURE_USER) { throw new LockScreenRequiredException(e.getMessage()); } throw wrapUnexpectedServiceSpecificException(e); } } } /** /** Loading core/java/android/security/keystore/recovery/KeyChainSnapshot.java +2 −17 Original line number Original line Diff line number Diff line Loading @@ -78,23 +78,8 @@ public final class KeyChainSnapshot implements Parcelable { private byte[] mEncryptedRecoveryKeyBlob; private byte[] mEncryptedRecoveryKeyBlob; /** /** * @hide * Use builder to create an instance of the class. * Deprecated, consider using builder. */ */ public KeyChainSnapshot( int snapshotVersion, @NonNull List<KeyChainProtectionParams> keyChainProtectionParams, @NonNull List<WrappedApplicationKey> wrappedApplicationKeys, @NonNull byte[] encryptedRecoveryKeyBlob) { mSnapshotVersion = snapshotVersion; mKeyChainProtectionParams = Preconditions.checkCollectionElementsNotNull(keyChainProtectionParams, "KeyChainProtectionParams"); mEntryRecoveryData = Preconditions.checkCollectionElementsNotNull(wrappedApplicationKeys, "wrappedApplicationKeys"); mEncryptedRecoveryKeyBlob = Preconditions.checkNotNull(encryptedRecoveryKeyBlob); } private KeyChainSnapshot() { private KeyChainSnapshot() { } } Loading @@ -108,7 +93,7 @@ public final class KeyChainSnapshot implements Parcelable { } } /** /** * Number of user secret guesses allowed during Keychain recovery. * Number of user secret guesses allowed during KeyChain recovery. */ */ public int getMaxAttempts() { public int getMaxAttempts() { return mMaxAttempts; return mMaxAttempts; Loading core/java/android/security/keystore/recovery/KeyDerivationParams.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -106,7 +106,7 @@ public final class KeyDerivationParams implements Parcelable { /** /** * @hide * @hide */ */ KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt, private KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt, int memoryDifficulty) { int memoryDifficulty) { mAlgorithm = algorithm; mAlgorithm = algorithm; mSalt = Preconditions.checkNotNull(salt); mSalt = Preconditions.checkNotNull(salt); Loading core/java/android/security/keystore/recovery/RecoveryController.java +1 −10 Original line number Original line Diff line number Diff line Loading @@ -465,16 +465,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { throws InternalRecoveryServiceException, LockScreenRequiredException { try { throw new UnsupportedOperationException("Operation is not supported, use generateKey"); return mBinder.generateAndStoreKey(alias); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_INSECURE_USER) { throw new LockScreenRequiredException(e.getMessage()); } throw wrapUnexpectedServiceSpecificException(e); } } } /** /** Loading core/java/android/security/keystore/recovery/RecoverySession.java +5 −5 Original line number Original line Diff line number Diff line Loading @@ -157,8 +157,8 @@ public class RecoverySession implements AutoCloseable { * @param vaultChallenge Data passed from server for this recovery session and used to prevent * @param vaultChallenge Data passed from server for this recovery session and used to prevent * replay attacks. * replay attacks. * @param secrets Secrets provided by user, the method only uses type and secret fields. * @param secrets Secrets provided by user, the method only uses type and secret fields. * @return The recovery claim. Claim provides a b binary blob with recovery claim. It is * @return The binary blob with recovery claim. It is encrypted with verifierPublicKey * encrypted with verifierPublicKey and contains a proof of user secrets, session symmetric * and contains a proof of user secrets possession, session symmetric * key and parameters necessary to identify the counter with the number of failed recovery * key and parameters necessary to identify the counter with the number of failed recovery * attempts. * attempts. * @throws CertificateException if the {@code verifierCertPath} is invalid. * @throws CertificateException if the {@code verifierCertPath} is invalid. Loading Loading @@ -228,7 +228,8 @@ public class RecoverySession implements AutoCloseable { * * * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob * and session. * and session key generated by {@link #start}. * @return {@code Map} from recovered keys aliases to their references. * @throws SessionExpiredException if {@code session} has since been closed. * @throws SessionExpiredException if {@code session} has since been closed. * @throws DecryptionFailedException if unable to decrypt the snapshot. * @throws DecryptionFailedException if unable to decrypt the snapshot. * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. Loading Loading @@ -288,8 +289,7 @@ public class RecoverySession implements AutoCloseable { } } /** /** * Deletes all data associated with {@code session}. Should not be invoked directly but via * Deletes all data associated with {@code session}. * {@link RecoverySession#close()}. */ */ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @Override @Override Loading Loading
core/java/android/security/keystore/RecoveryController.java +1 −10 Original line number Original line Diff line number Diff line Loading @@ -443,16 +443,7 @@ public class RecoveryController { */ */ public byte[] generateAndStoreKey(@NonNull String alias) public byte[] generateAndStoreKey(@NonNull String alias) throws InternalRecoveryServiceException, LockScreenRequiredException { throws InternalRecoveryServiceException, LockScreenRequiredException { try { throw new UnsupportedOperationException(); return mBinder.generateAndStoreKey(alias); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_INSECURE_USER) { throw new LockScreenRequiredException(e.getMessage()); } throw wrapUnexpectedServiceSpecificException(e); } } } /** /** Loading
core/java/android/security/keystore/recovery/KeyChainSnapshot.java +2 −17 Original line number Original line Diff line number Diff line Loading @@ -78,23 +78,8 @@ public final class KeyChainSnapshot implements Parcelable { private byte[] mEncryptedRecoveryKeyBlob; private byte[] mEncryptedRecoveryKeyBlob; /** /** * @hide * Use builder to create an instance of the class. * Deprecated, consider using builder. */ */ public KeyChainSnapshot( int snapshotVersion, @NonNull List<KeyChainProtectionParams> keyChainProtectionParams, @NonNull List<WrappedApplicationKey> wrappedApplicationKeys, @NonNull byte[] encryptedRecoveryKeyBlob) { mSnapshotVersion = snapshotVersion; mKeyChainProtectionParams = Preconditions.checkCollectionElementsNotNull(keyChainProtectionParams, "KeyChainProtectionParams"); mEntryRecoveryData = Preconditions.checkCollectionElementsNotNull(wrappedApplicationKeys, "wrappedApplicationKeys"); mEncryptedRecoveryKeyBlob = Preconditions.checkNotNull(encryptedRecoveryKeyBlob); } private KeyChainSnapshot() { private KeyChainSnapshot() { } } Loading @@ -108,7 +93,7 @@ public final class KeyChainSnapshot implements Parcelable { } } /** /** * Number of user secret guesses allowed during Keychain recovery. * Number of user secret guesses allowed during KeyChain recovery. */ */ public int getMaxAttempts() { public int getMaxAttempts() { return mMaxAttempts; return mMaxAttempts; Loading
core/java/android/security/keystore/recovery/KeyDerivationParams.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -106,7 +106,7 @@ public final class KeyDerivationParams implements Parcelable { /** /** * @hide * @hide */ */ KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt, private KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt, int memoryDifficulty) { int memoryDifficulty) { mAlgorithm = algorithm; mAlgorithm = algorithm; mSalt = Preconditions.checkNotNull(salt); mSalt = Preconditions.checkNotNull(salt); Loading
core/java/android/security/keystore/recovery/RecoveryController.java +1 −10 Original line number Original line Diff line number Diff line Loading @@ -465,16 +465,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { throws InternalRecoveryServiceException, LockScreenRequiredException { try { throw new UnsupportedOperationException("Operation is not supported, use generateKey"); return mBinder.generateAndStoreKey(alias); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_INSECURE_USER) { throw new LockScreenRequiredException(e.getMessage()); } throw wrapUnexpectedServiceSpecificException(e); } } } /** /** Loading
core/java/android/security/keystore/recovery/RecoverySession.java +5 −5 Original line number Original line Diff line number Diff line Loading @@ -157,8 +157,8 @@ public class RecoverySession implements AutoCloseable { * @param vaultChallenge Data passed from server for this recovery session and used to prevent * @param vaultChallenge Data passed from server for this recovery session and used to prevent * replay attacks. * replay attacks. * @param secrets Secrets provided by user, the method only uses type and secret fields. * @param secrets Secrets provided by user, the method only uses type and secret fields. * @return The recovery claim. Claim provides a b binary blob with recovery claim. It is * @return The binary blob with recovery claim. It is encrypted with verifierPublicKey * encrypted with verifierPublicKey and contains a proof of user secrets, session symmetric * and contains a proof of user secrets possession, session symmetric * key and parameters necessary to identify the counter with the number of failed recovery * key and parameters necessary to identify the counter with the number of failed recovery * attempts. * attempts. * @throws CertificateException if the {@code verifierCertPath} is invalid. * @throws CertificateException if the {@code verifierCertPath} is invalid. Loading Loading @@ -228,7 +228,8 @@ public class RecoverySession implements AutoCloseable { * * * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob * and session. * and session key generated by {@link #start}. * @return {@code Map} from recovered keys aliases to their references. * @throws SessionExpiredException if {@code session} has since been closed. * @throws SessionExpiredException if {@code session} has since been closed. * @throws DecryptionFailedException if unable to decrypt the snapshot. * @throws DecryptionFailedException if unable to decrypt the snapshot. * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. Loading Loading @@ -288,8 +289,7 @@ public class RecoverySession implements AutoCloseable { } } /** /** * Deletes all data associated with {@code session}. Should not be invoked directly but via * Deletes all data associated with {@code session}. * {@link RecoverySession#close()}. */ */ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @Override @Override Loading
