Loading keystore/java/android/security/AndroidKeyStore.java +3 −4 Original line number Diff line number Diff line Loading @@ -536,10 +536,9 @@ public class AndroidKeyStore extends KeyStoreSpi { if (params.getUserAuthenticators().isEmpty()) { args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); } else { // TODO: Pass-in user authenticator IDs once the Keymaster API has stabilized // for (int userAuthenticatorId : params.getUserAuthenticators()) { // args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_ID, userAuthenticatorId); // } args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeyStoreKeyConstraints.UserAuthenticator.allToKeymaster( params.getUserAuthenticators())); } if (params.getUserAuthenticationValidityDurationSeconds() != null) { args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, Loading keystore/java/android/security/KeyStoreCipherSpi.java +3 −4 Original line number Diff line number Diff line Loading @@ -224,8 +224,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw new CryptoOperationException("Failed to start keystore operation", KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode)); throw KeymasterUtils.getCryptoOperationException(opResult.resultCode); } if (opResult.token == null) { Loading @@ -252,7 +251,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry try { output = mMainDataStreamer.update(input, inputOffset, inputLen); } catch (KeymasterException e) { throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } if (output.length == 0) { Loading Loading @@ -297,7 +296,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry case KeymasterDefs.KM_ERROR_VERIFICATION_FAILED: throw new AEADBadTagException(); default: throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } } Loading keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java +3 −3 Original line number Diff line number Diff line Loading @@ -120,7 +120,7 @@ public class KeyStoreCryptoOperationChunkedStreamer { if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode); throw KeymasterUtils.getKeymasterException(opResult.resultCode); } if (opResult.inputConsumed == chunk.length) { Loading Loading @@ -203,7 +203,7 @@ public class KeyStoreCryptoOperationChunkedStreamer { if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode); throw KeymasterUtils.getKeymasterException(opResult.resultCode); } return concat(output, opResult.output); Loading @@ -227,7 +227,7 @@ public class KeyStoreCryptoOperationChunkedStreamer { if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode); throw KeymasterUtils.getKeymasterException(opResult.resultCode); } if (opResult.inputConsumed < chunk.length) { Loading keystore/java/android/security/KeyStoreHmacSpi.java +3 −4 Original line number Diff line number Diff line Loading @@ -103,8 +103,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw new CryptoOperationException("Failed to start keystore operation", KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode)); throw KeymasterUtils.getCryptoOperationException(opResult.resultCode); } mOperationToken = opResult.token; if (mOperationToken == null) { Loading @@ -131,7 +130,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp try { output = mChunkedStreamer.update(input, offset, len); } catch (KeymasterException e) { throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } if ((output != null) && (output.length != 0)) { throw new CryptoOperationException("Update operation unexpectedly produced output"); Loading @@ -148,7 +147,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp try { result = mChunkedStreamer.doFinal(null, 0, 0); } catch (KeymasterException e) { throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } engineReset(); Loading keystore/java/android/security/KeyStoreKeyConstraints.java +86 −0 Original line number Diff line number Diff line Loading @@ -23,7 +23,10 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Locale; import java.util.Set; /** * Constraints for {@code AndroidKeyStore} keys. Loading Loading @@ -520,4 +523,87 @@ public abstract class KeyStoreKeyConstraints { } } } @Retention(RetentionPolicy.SOURCE) @IntDef({UserAuthenticator.LOCK_SCREEN}) public @interface UserAuthenticatorEnum {} /** * User authenticators which can be used to restrict/protect access to keys. */ public static abstract class UserAuthenticator { private UserAuthenticator() {} /** Lock screen. */ public static final int LOCK_SCREEN = 1; /** * @hide */ public static int toKeymaster(@UserAuthenticatorEnum int userAuthenticator) { switch (userAuthenticator) { case LOCK_SCREEN: return LOCK_SCREEN; default: throw new IllegalArgumentException( "Unknown user authenticator: " + userAuthenticator); } } /** * @hide */ public static @UserAuthenticatorEnum int fromKeymaster(int userAuthenticator) { switch (userAuthenticator) { case LOCK_SCREEN: return LOCK_SCREEN; default: throw new IllegalArgumentException( "Unknown user authenticator: " + userAuthenticator); } } /** * @hide */ public static int allToKeymaster(Set<Integer> userAuthenticators) { int result = 0; for (@UserAuthenticatorEnum int userAuthenticator : userAuthenticators) { result |= toKeymaster(userAuthenticator); } return result; } /** * @hide */ public static Set<Integer> allFromKeymaster(int userAuthenticators) { int userAuthenticator = 1; Set<Integer> result = null; while (userAuthenticators != 0) { if ((userAuthenticators & 1) != 0) { if (result == null) { result = new HashSet<Integer>(); } result.add(fromKeymaster(userAuthenticator)); } userAuthenticators >>>= 1; userAuthenticator <<= 1; } return (result != null) ? result : Collections.<Integer>emptySet(); } /** * @hide */ public static String toString(@UserAuthenticatorEnum int userAuthenticator) { switch (userAuthenticator) { case LOCK_SCREEN: return "LOCK_SCREEN"; default: throw new IllegalArgumentException( "Unknown user authenticator: " + userAuthenticator); } } } } Loading
keystore/java/android/security/AndroidKeyStore.java +3 −4 Original line number Diff line number Diff line Loading @@ -536,10 +536,9 @@ public class AndroidKeyStore extends KeyStoreSpi { if (params.getUserAuthenticators().isEmpty()) { args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); } else { // TODO: Pass-in user authenticator IDs once the Keymaster API has stabilized // for (int userAuthenticatorId : params.getUserAuthenticators()) { // args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_ID, userAuthenticatorId); // } args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeyStoreKeyConstraints.UserAuthenticator.allToKeymaster( params.getUserAuthenticators())); } if (params.getUserAuthenticationValidityDurationSeconds() != null) { args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, Loading
keystore/java/android/security/KeyStoreCipherSpi.java +3 −4 Original line number Diff line number Diff line Loading @@ -224,8 +224,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw new CryptoOperationException("Failed to start keystore operation", KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode)); throw KeymasterUtils.getCryptoOperationException(opResult.resultCode); } if (opResult.token == null) { Loading @@ -252,7 +251,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry try { output = mMainDataStreamer.update(input, inputOffset, inputLen); } catch (KeymasterException e) { throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } if (output.length == 0) { Loading Loading @@ -297,7 +296,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry case KeymasterDefs.KM_ERROR_VERIFICATION_FAILED: throw new AEADBadTagException(); default: throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } } Loading
keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java +3 −3 Original line number Diff line number Diff line Loading @@ -120,7 +120,7 @@ public class KeyStoreCryptoOperationChunkedStreamer { if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode); throw KeymasterUtils.getKeymasterException(opResult.resultCode); } if (opResult.inputConsumed == chunk.length) { Loading Loading @@ -203,7 +203,7 @@ public class KeyStoreCryptoOperationChunkedStreamer { if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode); throw KeymasterUtils.getKeymasterException(opResult.resultCode); } return concat(output, opResult.output); Loading @@ -227,7 +227,7 @@ public class KeyStoreCryptoOperationChunkedStreamer { if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode); throw KeymasterUtils.getKeymasterException(opResult.resultCode); } if (opResult.inputConsumed < chunk.length) { Loading
keystore/java/android/security/KeyStoreHmacSpi.java +3 −4 Original line number Diff line number Diff line Loading @@ -103,8 +103,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp if (opResult == null) { throw new KeyStoreConnectException(); } else if (opResult.resultCode != KeyStore.NO_ERROR) { throw new CryptoOperationException("Failed to start keystore operation", KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode)); throw KeymasterUtils.getCryptoOperationException(opResult.resultCode); } mOperationToken = opResult.token; if (mOperationToken == null) { Loading @@ -131,7 +130,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp try { output = mChunkedStreamer.update(input, offset, len); } catch (KeymasterException e) { throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } if ((output != null) && (output.length != 0)) { throw new CryptoOperationException("Update operation unexpectedly produced output"); Loading @@ -148,7 +147,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp try { result = mChunkedStreamer.doFinal(null, 0, 0); } catch (KeymasterException e) { throw new CryptoOperationException("Keystore operation failed", e); throw KeymasterUtils.getCryptoOperationException(e); } engineReset(); Loading
keystore/java/android/security/KeyStoreKeyConstraints.java +86 −0 Original line number Diff line number Diff line Loading @@ -23,7 +23,10 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Locale; import java.util.Set; /** * Constraints for {@code AndroidKeyStore} keys. Loading Loading @@ -520,4 +523,87 @@ public abstract class KeyStoreKeyConstraints { } } } @Retention(RetentionPolicy.SOURCE) @IntDef({UserAuthenticator.LOCK_SCREEN}) public @interface UserAuthenticatorEnum {} /** * User authenticators which can be used to restrict/protect access to keys. */ public static abstract class UserAuthenticator { private UserAuthenticator() {} /** Lock screen. */ public static final int LOCK_SCREEN = 1; /** * @hide */ public static int toKeymaster(@UserAuthenticatorEnum int userAuthenticator) { switch (userAuthenticator) { case LOCK_SCREEN: return LOCK_SCREEN; default: throw new IllegalArgumentException( "Unknown user authenticator: " + userAuthenticator); } } /** * @hide */ public static @UserAuthenticatorEnum int fromKeymaster(int userAuthenticator) { switch (userAuthenticator) { case LOCK_SCREEN: return LOCK_SCREEN; default: throw new IllegalArgumentException( "Unknown user authenticator: " + userAuthenticator); } } /** * @hide */ public static int allToKeymaster(Set<Integer> userAuthenticators) { int result = 0; for (@UserAuthenticatorEnum int userAuthenticator : userAuthenticators) { result |= toKeymaster(userAuthenticator); } return result; } /** * @hide */ public static Set<Integer> allFromKeymaster(int userAuthenticators) { int userAuthenticator = 1; Set<Integer> result = null; while (userAuthenticators != 0) { if ((userAuthenticators & 1) != 0) { if (result == null) { result = new HashSet<Integer>(); } result.add(fromKeymaster(userAuthenticator)); } userAuthenticators >>>= 1; userAuthenticator <<= 1; } return (result != null) ? result : Collections.<Integer>emptySet(); } /** * @hide */ public static String toString(@UserAuthenticatorEnum int userAuthenticator) { switch (userAuthenticator) { case LOCK_SCREEN: return "LOCK_SCREEN"; default: throw new IllegalArgumentException( "Unknown user authenticator: " + userAuthenticator); } } } }
