Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a811787a authored by Max Bires's avatar Max Bires Committed by Kevin Chyn
Browse files

Fixing default behavior for keys requiring auth 

The default timeout and authentication type is being updated to offer a
correct default that matches the old behavior.

Bug: 148425329
Bug: 149931201
Test: CtsVerifier
Test: atest KeyguardLockedTests

Change-Id: Id20097b04ce881e7028609d2ba1c30c26ba3c8cf
parent 3a68e2d0

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+5 −3
Original line number Diff line number Diff line
@@ -764,8 +764,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu 
        private @KeyProperties.BlockModeEnum String[] mBlockModes;

        private boolean mRandomizedEncryptionRequired = true;

        private boolean mUserAuthenticationRequired;

        private int mUserAuthenticationValidityDurationSeconds = -1;

        private @KeyProperties.AuthEnum int mUserAuthenticationType;

        private int mUserAuthenticationValidityDurationSeconds = 0;

        private @KeyProperties.AuthEnum int mUserAuthenticationType =

                KeyProperties.AUTH_BIOMETRIC_STRONG;

        private boolean mUserPresenceRequired = false;

        private byte[] mAttestationChallenge = null;

        private boolean mUniqueIdIncluded = false;
@@ -1240,7 +1241,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu 
            if (seconds == -1) {

                return setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG);

            }

            return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_BIOMETRIC_STRONG);

            return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_DEVICE_CREDENTIAL

                                                            | KeyProperties.AUTH_BIOMETRIC_STRONG);

        }



        /**

keystore/java/android/security/keystore/KeyProtection.java

+5 −3
Original line number Diff line number Diff line
@@ -562,8 +562,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { 
        private @KeyProperties.BlockModeEnum String[] mBlockModes;

        private boolean mRandomizedEncryptionRequired = true;

        private boolean mUserAuthenticationRequired;

        private @KeyProperties.AuthEnum int mUserAuthenticationType;

        private int mUserAuthenticationValidityDurationSeconds = -1;

        private int mUserAuthenticationValidityDurationSeconds = 0;

        private @KeyProperties.AuthEnum int mUserAuthenticationType =

                KeyProperties.AUTH_BIOMETRIC_STRONG;

        private boolean mUserPresenceRequired = false;

        private boolean mUserAuthenticationValidWhileOnBody;

        private boolean mInvalidatedByBiometricEnrollment = true;
@@ -870,7 +871,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { 
            if (seconds == -1) {

                return setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG);

            }

            return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_BIOMETRIC_STRONG);

            return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_DEVICE_CREDENTIAL

                                                            | KeyProperties.AUTH_BIOMETRIC_STRONG);

        }



        /**

keystore/java/android/security/keystore/KeymasterUtils.java

+1 −2
Original line number Diff line number Diff line
@@ -165,8 +165,7 @@ public abstract class KeymasterUtils { 
            }

            args.addUnsignedLong(KeymasterDefs.KM_TAG_USER_SECURE_ID,

                    KeymasterArguments.toUint64(sid));

            args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE,

                    KeymasterDefs.HW_AUTH_PASSWORD | KeymasterDefs.HW_AUTH_BIOMETRIC);

            args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, spec.getUserAuthenticationType());

            args.addUnsignedInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,

                    spec.getUserAuthenticationValidityDurationSeconds());

            if (spec.isUserAuthenticationValidWhileOnBody()) {