Merge "Keystore 2.0: Remove hidden API from RecoverableKeystore" am: 5de808c5e2 (8b7ca71f) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformDecryptionKey.java

+4 −4

Original line number	Diff line number	Diff line
		@@ -16,7 +16,7 @@

		package com.android.server.locksettings.recoverablekeystore;

		import android.security.keystore.AndroidKeyStoreSecretKey;
		import javax.crypto.SecretKey;

		/**
		* Used to unwrap recoverable keys before syncing them with remote storage.
		@@ -30,7 +30,7 @@ import android.security.keystore.AndroidKeyStoreSecretKey;
		public class PlatformDecryptionKey {

		private final int mGenerationId;
		private final AndroidKeyStoreSecretKey mKey;
		private final SecretKey mKey;

		/**
		* A new instance.
		@@ -40,7 +40,7 @@ public class PlatformDecryptionKey {
		*
		* @hide
		*/
		public PlatformDecryptionKey(int generationId, AndroidKeyStoreSecretKey key) {
		public PlatformDecryptionKey(int generationId, SecretKey key) {
		mGenerationId = generationId;
		mKey = key;
		}
		@@ -59,7 +59,7 @@ public class PlatformDecryptionKey {
		*
		* @hide
		*/
		public AndroidKeyStoreSecretKey getKey() {
		public SecretKey getKey() {
		return mKey;
		}
		}

+4 −4

Original line number	Diff line number	Diff line
		@@ -16,7 +16,7 @@

		package com.android.server.locksettings.recoverablekeystore;

		import android.security.keystore.AndroidKeyStoreSecretKey;
		import javax.crypto.SecretKey;

		/**
		* Private key stored in AndroidKeyStore. Used to wrap recoverable keys before writing them to disk.
		@@ -33,7 +33,7 @@ import android.security.keystore.AndroidKeyStoreSecretKey;
		public class PlatformEncryptionKey {

		private final int mGenerationId;
		private final AndroidKeyStoreSecretKey mKey;
		private final SecretKey mKey;

		/**
		* A new instance.
		@@ -41,7 +41,7 @@ public class PlatformEncryptionKey {
		* @param generationId The generation ID of the key.
		* @param key The secret key handle. Can be used to encrypt WITHOUT requiring screen unlock.
		*/
		public PlatformEncryptionKey(int generationId, AndroidKeyStoreSecretKey key) {
		public PlatformEncryptionKey(int generationId, SecretKey key) {
		mGenerationId = generationId;
		mKey = key;
		}
		@@ -56,7 +56,7 @@ public class PlatformEncryptionKey {
		/**
		* Returns the actual key, which can only be used to encrypt.
		*/
		public AndroidKeyStoreSecretKey getKey() {
		public SecretKey getKey() {
		return mKey;
		}
		}

+2 −3

Original line number	Diff line number	Diff line
		@@ -21,7 +21,6 @@ import android.content.Context;
		import android.os.RemoteException;
		import android.os.UserHandle;
		import android.security.GateKeeper;
		import android.security.keystore.AndroidKeyStoreSecretKey;
		import android.security.keystore.KeyPermanentlyInvalidatedException;
		import android.security.keystore.KeyProperties;
		import android.security.keystore.KeyProtection;
		@@ -237,7 +236,7 @@ public class PlatformKeyManager {
		if (!isKeyLoaded(userId, generationId)) {
		throw new UnrecoverableKeyException("KeyStore doesn't contain key " + alias);
		}
		AndroidKeyStoreSecretKey key = (AndroidKeyStoreSecretKey) mKeyStore.getKey(
		SecretKey key = (SecretKey) mKeyStore.getKey(
		alias, /password=/ null);
		return new PlatformEncryptionKey(generationId, key);
		}
		@@ -289,7 +288,7 @@ public class PlatformKeyManager {
		if (!isKeyLoaded(userId, generationId)) {
		throw new UnrecoverableKeyException("KeyStore doesn't contain key " + alias);
		}
		AndroidKeyStoreSecretKey key = (AndroidKeyStoreSecretKey) mKeyStore.getKey(
		SecretKey key = (SecretKey) mKeyStore.getKey(
		alias, /password=/ null);
		return new PlatformDecryptionKey(generationId, key);
		}

+3 −3

Original line number	Diff line number	Diff line
		@@ -34,7 +34,6 @@ import android.app.KeyguardManager;
		import android.content.Context;
		import android.os.RemoteException;
		import android.security.GateKeeper;
		import android.security.keystore.AndroidKeyStoreSecretKey;
		import android.security.keystore.KeyGenParameterSpec;
		import android.security.keystore.KeyProperties;
		import android.security.keystore.KeyProtection;
		@@ -61,6 +60,7 @@ import java.security.UnrecoverableKeyException;
		import java.util.List;

		import javax.crypto.KeyGenerator;
		import javax.crypto.SecretKey;

		@SmallTest
		@RunWith(AndroidJUnit4.class)
		@@ -586,7 +586,7 @@ public class PlatformKeyManagerTest {
		return (KeyProtection) mProtectionParameterCaptor.getValue();
		}

		private AndroidKeyStoreSecretKey generateAndroidKeyStoreKey() throws Exception {
		private SecretKey generateAndroidKeyStoreKey() throws Exception {
		KeyGenerator keyGenerator = KeyGenerator.getInstance(
		KEY_ALGORITHM,
		ANDROID_KEY_STORE_PROVIDER);
		@@ -595,7 +595,7 @@ public class PlatformKeyManagerTest {
		.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
		.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
		.build());
		return (AndroidKeyStoreSecretKey) keyGenerator.generateKey();
		return keyGenerator.generateKey();
		}

		class PlatformKeyManagerTestable extends PlatformKeyManager {