Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b3e005a authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Unhide the new AndroidKeyStore API. 

Bug: 18088752
Change-Id: I93f87cbb1cd04a4a2e34f3d544d678c92cf052ee
parent fbf1472d

api/current.txt

+195 −0
Original line number Diff line number Diff line
@@ -28040,6 +28040,43 @@ package android.sax { 














package android.security {



























  public class CryptoOperationException extends java.lang.RuntimeException {













    ctor public CryptoOperationException();













    ctor public CryptoOperationException(java.lang.String);













    ctor public CryptoOperationException(java.lang.String, java.lang.Throwable);













    ctor public CryptoOperationException(java.lang.Throwable);













  }

























  public class EcIesParameterSpec implements java.security.spec.AlgorithmParameterSpec {













    method public int getDemCipherKeySize();













    method public java.lang.String getDemCipherTransformation();













    method public java.lang.String getDemMacAlgorithm();













    method public int getDemMacKeySize();













    method public java.lang.String getKemKdfAlgorithm();













    method public int getKemPointFormat();













    field public static final android.security.EcIesParameterSpec DEFAULT;













  }

























  public static class EcIesParameterSpec.Builder {













    ctor public EcIesParameterSpec.Builder();













    method public android.security.EcIesParameterSpec build();













    method public android.security.EcIesParameterSpec.Builder setDemCipherKeySize(int);













    method public android.security.EcIesParameterSpec.Builder setDemCipherTransformation(java.lang.String);













    method public android.security.EcIesParameterSpec.Builder setDemMacAlgorithm(java.lang.String);













    method public android.security.EcIesParameterSpec.Builder setDemMacKeySize(int);













    method public android.security.EcIesParameterSpec.Builder setKemKdfAlgorithm(java.lang.String);













    method public android.security.EcIesParameterSpec.Builder setKemPointFormat(int);













  }

























  public static abstract class EcIesParameterSpec.PointFormat {













    field public static final int COMPRESSED = 1; // 0x1













    field public static final int UNCOMPRESSED = 0; // 0x0













    field public static final int UNSPECIFIED = -1; // 0xffffffff













  }

























  public static abstract class EcIesParameterSpec.PointFormatEnum implements java.lang.annotation.Annotation {













  }



























  public final class KeyChain {















    ctor public KeyChain();















    method public static void choosePrivateKeyAlias(android.app.Activity, android.security.KeyChainAliasCallback, java.lang.String[], java.security.Principal[], java.lang.String, int, java.lang.String);









@@ -28066,17 +28103,77 @@ package android.security {













    ctor public KeyChainException(java.lang.Throwable);















  }



























  public class KeyExpiredException extends android.security.CryptoOperationException {













    ctor public KeyExpiredException();













    ctor public KeyExpiredException(java.lang.String);













    ctor public KeyExpiredException(java.lang.String, java.lang.Throwable);













  }

























  public class KeyGeneratorSpec implements java.security.spec.AlgorithmParameterSpec {













    method public java.lang.String[] getBlockModes();













    method public android.content.Context getContext();













    method public java.lang.String[] getEncryptionPaddings();













    method public int getKeySize();













    method public java.util.Date getKeyValidityForConsumptionEnd();













    method public java.util.Date getKeyValidityForOriginationEnd();













    method public java.util.Date getKeyValidityStart();













    method public java.lang.String getKeystoreAlias();













    method public int getPurposes();













    method public int getUserAuthenticationValidityDurationSeconds();













    method public int getUserAuthenticators();













    method public boolean isEncryptionRequired();













    method public boolean isInvalidatedOnNewFingerprintEnrolled();













    method public boolean isRandomizedEncryptionRequired();













  }

























  public static class KeyGeneratorSpec.Builder {













    ctor public KeyGeneratorSpec.Builder(android.content.Context);













    method public android.security.KeyGeneratorSpec build();













    method public android.security.KeyGeneratorSpec.Builder setAlias(java.lang.String);













    method public android.security.KeyGeneratorSpec.Builder setBlockModes(java.lang.String...);













    method public android.security.KeyGeneratorSpec.Builder setEncryptionPaddings(java.lang.String...);













    method public android.security.KeyGeneratorSpec.Builder setEncryptionRequired(boolean);













    method public android.security.KeyGeneratorSpec.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);













    method public android.security.KeyGeneratorSpec.Builder setKeySize(int);













    method public android.security.KeyGeneratorSpec.Builder setKeyValidityEnd(java.util.Date);













    method public android.security.KeyGeneratorSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);













    method public android.security.KeyGeneratorSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);













    method public android.security.KeyGeneratorSpec.Builder setKeyValidityStart(java.util.Date);













    method public android.security.KeyGeneratorSpec.Builder setPurposes(int);













    method public android.security.KeyGeneratorSpec.Builder setRandomizedEncryptionRequired(boolean);













    method public android.security.KeyGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);













    method public android.security.KeyGeneratorSpec.Builder setUserAuthenticators(int);













  }

























  public class KeyNotYetValidException extends android.security.CryptoOperationException {













    ctor public KeyNotYetValidException();













    ctor public KeyNotYetValidException(java.lang.String);













    ctor public KeyNotYetValidException(java.lang.String, java.lang.Throwable);













  }



























  public final class KeyPairGeneratorSpec implements java.security.spec.AlgorithmParameterSpec {















    method public java.security.spec.AlgorithmParameterSpec getAlgorithmParameterSpec();













    method public java.lang.String[] getBlockModes();















    method public android.content.Context getContext();













    method public java.lang.String[] getDigests();













    method public java.lang.String[] getEncryptionPaddings();















    method public java.util.Date getEndDate();















    method public int getKeySize();















    method public java.lang.String getKeyType();













    method public java.util.Date getKeyValidityForConsumptionEnd();













    method public java.util.Date getKeyValidityForOriginationEnd();













    method public java.util.Date getKeyValidityStart();















    method public java.lang.String getKeystoreAlias();













    method public int getPurposes();















    method public java.math.BigInteger getSerialNumber();













    method public java.lang.String[] getSignaturePaddings();















    method public java.util.Date getStartDate();















    method public javax.security.auth.x500.X500Principal getSubjectDN();













    method public int getUserAuthenticationValidityDurationSeconds();













    method public int getUserAuthenticators();















    method public boolean isEncryptionRequired();













    method public boolean isInvalidatedOnNewFingerprintEnrolled();













    method public boolean isRandomizedEncryptionRequired();















  }





























  public static final class KeyPairGeneratorSpec.Builder {









@@ -28084,23 +28181,110 @@ package android.security {













    method public android.security.KeyPairGeneratorSpec build();















    method public android.security.KeyPairGeneratorSpec.Builder setAlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec);















    method public android.security.KeyPairGeneratorSpec.Builder setAlias(java.lang.String);













    method public android.security.KeyPairGeneratorSpec.Builder setBlockModes(java.lang.String...);













    method public android.security.KeyPairGeneratorSpec.Builder setDigests(java.lang.String...);













    method public android.security.KeyPairGeneratorSpec.Builder setEncryptionPaddings(java.lang.String...);















    method public android.security.KeyPairGeneratorSpec.Builder setEncryptionRequired();















    method public android.security.KeyPairGeneratorSpec.Builder setEndDate(java.util.Date);













    method public android.security.KeyPairGeneratorSpec.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);















    method public android.security.KeyPairGeneratorSpec.Builder setKeySize(int);















    method public android.security.KeyPairGeneratorSpec.Builder setKeyType(java.lang.String) throws java.security.NoSuchAlgorithmException;













    method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityEnd(java.util.Date);













    method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);













    method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);













    method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityStart(java.util.Date);













    method public android.security.KeyPairGeneratorSpec.Builder setPurposes(int);













    method public android.security.KeyPairGeneratorSpec.Builder setRandomizedEncryptionRequired(boolean);















    method public android.security.KeyPairGeneratorSpec.Builder setSerialNumber(java.math.BigInteger);













    method public android.security.KeyPairGeneratorSpec.Builder setSignaturePaddings(java.lang.String...);















    method public android.security.KeyPairGeneratorSpec.Builder setStartDate(java.util.Date);















    method public android.security.KeyPairGeneratorSpec.Builder setSubject(javax.security.auth.x500.X500Principal);













    method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);













    method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticators(int);













  }

























  public abstract class KeyStoreKeyProperties {













  }

























  public static abstract class KeyStoreKeyProperties.Origin {













    field public static final int GENERATED = 1; // 0x1













    field public static final int IMPORTED = 2; // 0x2













  }

























  public static abstract class KeyStoreKeyProperties.OriginEnum implements java.lang.annotation.Annotation {













  }

























  public static abstract class KeyStoreKeyProperties.Purpose {













    field public static final int DECRYPT = 2; // 0x2













    field public static final int ENCRYPT = 1; // 0x1













    field public static final int SIGN = 4; // 0x4













    field public static final int VERIFY = 8; // 0x8













  }

























  public static abstract class KeyStoreKeyProperties.PurposeEnum implements java.lang.annotation.Annotation {













  }

























  public static abstract class KeyStoreKeyProperties.UserAuthenticator {













    field public static final int FINGERPRINT_READER = 2; // 0x2













    field public static final int LOCK_SCREEN = 1; // 0x1













  }

























  public static abstract class KeyStoreKeyProperties.UserAuthenticatorEnum implements java.lang.annotation.Annotation {













  }

























  public class KeyStoreKeySpec implements java.security.spec.KeySpec {













    method public java.lang.String[] getBlockModes();













    method public java.lang.String[] getDigests();













    method public java.lang.String[] getEncryptionPaddings();













    method public int getKeySize();













    method public java.util.Date getKeyValidityForConsumptionEnd();













    method public java.util.Date getKeyValidityForOriginationEnd();













    method public java.util.Date getKeyValidityStart();













    method public java.lang.String getKeystoreAlias();













    method public int getOrigin();













    method public int getPurposes();













    method public java.lang.String[] getSignaturePaddings();













    method public int getTeeEnforcedUserAuthenticators();













    method public int getUserAuthenticationValidityDurationSeconds();













    method public int getUserAuthenticators();













    method public boolean isInvalidatedOnNewFingerprintEnrolled();













    method public boolean isTeeBacked();















  }





























  public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {













    method public java.lang.String[] getBlockModes();













    method public java.lang.String[] getDigests();













    method public java.lang.String[] getEncryptionPaddings();













    method public java.util.Date getKeyValidityForConsumptionEnd();













    method public java.util.Date getKeyValidityForOriginationEnd();













    method public java.util.Date getKeyValidityStart();













    method public int getPurposes();













    method public java.lang.String[] getSignaturePaddings();













    method public int getUserAuthenticationValidityDurationSeconds();













    method public int getUserAuthenticators();













    method public boolean isDigestsSpecified();















    method public boolean isEncryptionRequired();













    method public boolean isInvalidatedOnNewFingerprintEnrolled();













    method public boolean isRandomizedEncryptionRequired();















  }





























  public static final class KeyStoreParameter.Builder {















    ctor public KeyStoreParameter.Builder(android.content.Context);















    method public android.security.KeyStoreParameter build();













    method public android.security.KeyStoreParameter.Builder setBlockModes(java.lang.String...);













    method public android.security.KeyStoreParameter.Builder setDigests(java.lang.String...);













    method public android.security.KeyStoreParameter.Builder setEncryptionPaddings(java.lang.String...);















    method public android.security.KeyStoreParameter.Builder setEncryptionRequired(boolean);













    method public android.security.KeyStoreParameter.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);













    method public android.security.KeyStoreParameter.Builder setKeyValidityEnd(java.util.Date);













    method public android.security.KeyStoreParameter.Builder setKeyValidityForConsumptionEnd(java.util.Date);













    method public android.security.KeyStoreParameter.Builder setKeyValidityForOriginationEnd(java.util.Date);













    method public android.security.KeyStoreParameter.Builder setKeyValidityStart(java.util.Date);













    method public android.security.KeyStoreParameter.Builder setPurposes(int);













    method public android.security.KeyStoreParameter.Builder setRandomizedEncryptionRequired(boolean);













    method public android.security.KeyStoreParameter.Builder setSignaturePaddings(java.lang.String...);













    method public android.security.KeyStoreParameter.Builder setUserAuthenticationValidityDurationSeconds(int);













    method public android.security.KeyStoreParameter.Builder setUserAuthenticators(int);















  }





























  public class NetworkSecurityPolicy {









@@ -28108,6 +28292,17 @@ package android.security {













    method public boolean isCleartextTrafficPermitted();















  }



























  public class NewFingerprintEnrolledException extends android.security.CryptoOperationException {













    ctor public NewFingerprintEnrolledException();













    ctor public NewFingerprintEnrolledException(java.lang.String);













  }

























  public class UserNotAuthenticatedException extends android.security.CryptoOperationException {













    ctor public UserNotAuthenticatedException();













    ctor public UserNotAuthenticatedException(java.lang.String);













    ctor public UserNotAuthenticatedException(java.lang.String, java.lang.Throwable);













  }



























}





























package android.service.carrier {

























api/system-current.txt



+195
−0


























File changed.
Preview size limit exceeded, changes collapsed.
























docs/html/training/articles/keystore.jd



+14
−7




























Original line number
Diff line number
Diff line








@@ -26,11 +26,10 @@ page.title=Android Keystore System













  </div>















</div>





























<p>The Android Keystore system lets you store private keys













  in a container to make it more difficult to extract from the













  device. Once keys are in the keystore, they can be used for













  cryptographic operations with the private key material remaining













  non-exportable.</p>













<p>The Android Keystore system lets you store cryptographic keys in a container













  to make it more difficult to extract from the device. Once keys are in the













  keystore, they can be used for cryptographic operations with the key material













  remaining non-exportable.</p>































<p>The Keystore system is used by the {@link















  android.security.KeyChain} API as well as the Android










@@ -59,7 +58,8 @@ Android Keystore Provider</h2>





























<p>















To use this feature, you use the standard {@link java.security.KeyStore}













and {@link java.security.KeyPairGenerator} classes along with the













and {@link java.security.KeyPairGenerator} or













{@link javax.crypto.KeyGenerator} classes along with the















{@code AndroidKeyStore} provider introduced in Android 4.3 (API level 18).</p>































<p>{@code AndroidKeyStore} is registered as a {@link









@@ -67,7 +67,9 @@ and {@link java.security.KeyPairGenerator} classes along with the













  java.security.KeyStore#getInstance(String) KeyStore.getInstance(type)}















  method and as a provider for use with the {@link















  java.security.KeyPairGenerator#getInstance(String, String)













  KeyPairGenerator.getInstance(algorithm, provider)} method.</p>













  KeyPairGenerator.getInstance(algorithm, provider)} and {@link













  javax.crypto.KeyGenerator#getInstance(String, String)













  KeyGenerator.getInstance(algorithm, provider)} methods.</p>































<h3 id="GeneratingANewPrivateKey">Generating a New Private Key</h3>

























@@ -81,6 +83,11 @@ and {@link java.security.KeyPairGenerator} classes along with the





























{@sample development/samples/ApiDemos/src/com/example/android/apis/security/KeyStoreUsage.java generate}





























<h3 id="GeneratingANewSecretKey">Generating a New Secret Key</h3>



























<p>To generate the key, use a {@link javax.crypto.KeyGenerator} with













  {@link android.security.KeyGeneratorSpec}.





























<h3 id="WorkingWithKeyStoreEntries">Working with Keystore Entries</h3>































<p>Using the {@code AndroidKeyStore} provider takes place through

































keystore/java/android/security/CryptoOperationException.java



+0
−2




























Original line number
Diff line number
Diff line








@@ -25,8 +25,6 @@ package android.security;













 * permitted to throw a checked exception during operation. Because crypto operations can fail















 * for a variety of reasons after initialization, this base class provides type-safety for unchecked















 * exceptions that may be thrown in those cases.













 *













 * @hide















 */















public class CryptoOperationException extends RuntimeException {

















































keystore/java/android/security/EcIesParameterSpec.java



+4
−2




























Original line number
Diff line number
Diff line








@@ -46,8 +46,6 @@ import javax.crypto.Mac;













 * MAC algorithm specified by {@link #getDemMacAlgorithm()} (e.g., {@code HmacSHA1} for standard















 * DEM1).</li>















 * </ul>













 *













 * @hide















 */















public class EcIesParameterSpec implements AlgorithmParameterSpec {


























@@ -124,6 +122,8 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {





























    /**















     * Returns KEM EC curve name (e.g., {@code secp256r1}) or {@code null} if not specified.













     *













     * @hide















     */















    public String getKemCurveName() {















        return mKemCurveName;










@@ -200,6 +200,8 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {













         * Sets KEM EC curve name. For example, {@code P-256} or {@code secp256r1}.















         *















         * <p>NOTE: Only curves with cofactor of {@code 1} are supported.













         *













         * @hide















         */















        public Builder setKemCurveName(String name) {















            mKemCurveName = name;