Add support for extending key validity while on body. (adef4964) · Commits · e / os / android_frameworks_base

api/current.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -34077,6 +34077,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyGenParameterSpec.Builder {
		@@ -34099,6 +34100,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

		@@ -34118,6 +34120,7 @@ package android.security.keystore {
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public class KeyNotYetValidException extends java.security.InvalidKeyException {
		@@ -34180,6 +34183,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyProtection.Builder {
		@@ -34195,6 +34199,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

api/system-current.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -36559,6 +36559,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyGenParameterSpec.Builder {
		@@ -36581,6 +36582,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

		@@ -36600,6 +36602,7 @@ package android.security.keystore {
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public class KeyNotYetValidException extends java.security.InvalidKeyException {
		@@ -36662,6 +36665,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyProtection.Builder {
		@@ -36677,6 +36681,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

api/test-current.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -34092,6 +34092,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyGenParameterSpec.Builder {
		@@ -34114,6 +34115,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

		@@ -34133,6 +34135,7 @@ package android.security.keystore {
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public class KeyNotYetValidException extends java.security.InvalidKeyException {
		@@ -34195,6 +34198,7 @@ package android.security.keystore {
		method public boolean isDigestsSpecified();
		method public boolean isRandomizedEncryptionRequired();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationValidWhileOnBody();
		}

		public static final class KeyProtection.Builder {
		@@ -34210,6 +34214,7 @@ package android.security.keystore {
		method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
		method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
		}

core/java/android/security/keymaster/KeymasterDefs.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -72,6 +72,7 @@ public final class KeymasterDefs {
		public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL \| 503;
		public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM \| 504;
		public static final int KM_TAG_AUTH_TIMEOUT = KM_UINT \| 505;
		public static final int KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL \| 506;

		public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL \| 600;
		public static final int KM_TAG_APPLICATION_ID = KM_BYTES \| 601;

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+4 −2

Original line number	Diff line number	Diff line
		@@ -233,7 +233,8 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		// not set up).
		KeymasterUtils.addUserAuthArgs(new KeymasterArguments(),
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds());
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody());
		} catch (IllegalStateException \| IllegalArgumentException e) {
		throw new InvalidAlgorithmParameterException(e);
		}
		@@ -271,7 +272,8 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests);
		KeymasterUtils.addUserAuthArgs(args,
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds());
		spec.getUserAuthenticationValidityDurationSeconds(),
		spec.isUserAuthenticationValidWhileOnBody());
		KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(
		args,
		mKeymasterAlgorithm,

Original line number	Diff line number	Diff line
		@@ -72,6 +72,7 @@ public final class KeymasterDefs {
		public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL \| 503;
		public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM \| 504;
		public static final int KM_TAG_AUTH_TIMEOUT = KM_UINT \| 505;
		public static final int KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL \| 506;

		public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL \| 600;
		public static final int KM_TAG_APPLICATION_ID = KM_BYTES \| 601;