Loading api/current.txt +9 −0 Original line number Diff line number Diff line Loading @@ -38103,6 +38103,7 @@ package android.security.keystore { method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isRandomizedEncryptionRequired(); method public boolean isStrongBoxBacked(); method public boolean isTrustedUserPresenceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationValidWhileOnBody(); } Loading @@ -38128,6 +38129,7 @@ package android.security.keystore { method public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date); method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...); method public android.security.keystore.KeyGenParameterSpec.Builder setTrustedUserPresenceRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int); Loading @@ -38148,6 +38150,7 @@ package android.security.keystore { method public int getUserAuthenticationValidityDurationSeconds(); method public boolean isInsideSecureHardware(); method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isTrustedUserPresenceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); method public boolean isUserAuthenticationValidWhileOnBody(); Loading Loading @@ -38248,6 +38251,12 @@ package android.security.keystore { ctor public UserNotAuthenticatedException(java.lang.String, java.lang.Throwable); } public class UserPresenceUnavailableException extends java.security.InvalidAlgorithmParameterException { ctor public UserPresenceUnavailableException(); ctor public UserPresenceUnavailableException(java.lang.String); ctor public UserPresenceUnavailableException(java.lang.String, java.lang.Throwable); } public class WrappedKeyEntry implements java.security.KeyStore.Entry { ctor public WrappedKeyEntry(byte[], java.lang.String, java.lang.String, java.security.spec.AlgorithmParameterSpec); method public java.security.spec.AlgorithmParameterSpec getAlgorithmParameterSpec(); keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +3 −0 Original line number Diff line number Diff line Loading @@ -290,6 +290,9 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { spec.isUserAuthenticationValidWhileOnBody(), spec.isInvalidatedByBiometricEnrollment(), GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */); if (spec.isTrustedUserPresenceRequired()) { args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); } KeymasterUtils.addMinMacLengthAuthorizationIfNecessary( args, mKeymasterAlgorithm, Loading keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java +4 −0 Original line number Diff line number Diff line Loading @@ -177,6 +177,9 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { && (keymasterSwEnforcedUserAuthenticators == 0); boolean userAuthenticationValidWhileOnBody = keyCharacteristics.hwEnforced.getBoolean(KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY); boolean trustedUserPresenceRequred = keyCharacteristics.hwEnforced.getBoolean( KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); boolean invalidatedByBiometricEnrollment = false; if (keymasterSwEnforcedUserAuthenticators == KeymasterDefs.HW_AUTH_FINGERPRINT Loading @@ -203,6 +206,7 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { (int) userAuthenticationValidityDurationSeconds, userAuthenticationRequirementEnforcedBySecureHardware, userAuthenticationValidWhileOnBody, trustedUserPresenceRequred, invalidatedByBiometricEnrollment); } Loading keystore/java/android/security/keystore/KeyGenParameterSpec.java +24 −0 Original line number Diff line number Diff line Loading @@ -258,6 +258,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { private final boolean mRandomizedEncryptionRequired; private final boolean mUserAuthenticationRequired; private final int mUserAuthenticationValidityDurationSeconds; private final boolean mTrustedUserPresenceRequred; private final byte[] mAttestationChallenge; private final boolean mUniqueIdIncluded; private final boolean mUserAuthenticationValidWhileOnBody; Loading Loading @@ -287,6 +288,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { boolean randomizedEncryptionRequired, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, boolean trustedUserPresenceRequired, byte[] attestationChallenge, boolean uniqueIdIncluded, boolean userAuthenticationValidWhileOnBody, Loading Loading @@ -332,6 +334,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes)); mRandomizedEncryptionRequired = randomizedEncryptionRequired; mUserAuthenticationRequired = userAuthenticationRequired; mTrustedUserPresenceRequred = trustedUserPresenceRequired; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; mAttestationChallenge = Utils.cloneIfNotNull(attestationChallenge); mUniqueIdIncluded = uniqueIdIncluded; Loading Loading @@ -561,6 +564,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { return mUserAuthenticationValidityDurationSeconds; } /** * Returns {@code true} if the key is authorized to be used only if a test of user presence has * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. */ public boolean isTrustedUserPresenceRequired() { return mTrustedUserPresenceRequred; } /** * Returns the attestation challenge value that will be placed in attestation certificate for * this key pair. Loading Loading @@ -658,6 +669,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { private boolean mRandomizedEncryptionRequired = true; private boolean mUserAuthenticationRequired; private int mUserAuthenticationValidityDurationSeconds = -1; private boolean mTrustedUserPresenceRequired = false; private byte[] mAttestationChallenge = null; private boolean mUniqueIdIncluded = false; private boolean mUserAuthenticationValidWhileOnBody; Loading Loading @@ -718,6 +730,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mUserAuthenticationRequired = sourceSpec.isUserAuthenticationRequired(); mUserAuthenticationValidityDurationSeconds = sourceSpec.getUserAuthenticationValidityDurationSeconds(); mTrustedUserPresenceRequired = sourceSpec.isTrustedUserPresenceRequired(); mAttestationChallenge = sourceSpec.getAttestationChallenge(); mUniqueIdIncluded = sourceSpec.isUniqueIdIncluded(); mUserAuthenticationValidWhileOnBody = sourceSpec.isUserAuthenticationValidWhileOnBody(); Loading Loading @@ -1094,6 +1107,16 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { return this; } /** * Sets whether a test of user presence is required to be performed between the * {@code Signature.initSign()} and {@code Signature.sign()} method calls. */ @NonNull public Builder setTrustedUserPresenceRequired(boolean required) { mTrustedUserPresenceRequired = required; return this; } /** * Sets whether an attestation certificate will be generated for this key pair, and what * challenge value will be placed in the certificate. The attestation certificate chain Loading Loading @@ -1221,6 +1244,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mRandomizedEncryptionRequired, mUserAuthenticationRequired, mUserAuthenticationValidityDurationSeconds, mTrustedUserPresenceRequired, mAttestationChallenge, mUniqueIdIncluded, mUserAuthenticationValidWhileOnBody, Loading keystore/java/android/security/keystore/KeyInfo.java +11 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,7 @@ public class KeyInfo implements KeySpec { private final int mUserAuthenticationValidityDurationSeconds; private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware; private final boolean mUserAuthenticationValidWhileOnBody; private final boolean mTrustedUserPresenceRequired; private final boolean mInvalidatedByBiometricEnrollment; /** Loading @@ -101,6 +102,7 @@ public class KeyInfo implements KeySpec { int userAuthenticationValidityDurationSeconds, boolean userAuthenticationRequirementEnforcedBySecureHardware, boolean userAuthenticationValidWhileOnBody, boolean trustedUserPresenceRequired, boolean invalidatedByBiometricEnrollment) { mKeystoreAlias = keystoreKeyAlias; mInsideSecureHardware = insideSecureHardware; Loading @@ -121,6 +123,7 @@ public class KeyInfo implements KeySpec { mUserAuthenticationRequirementEnforcedBySecureHardware = userAuthenticationRequirementEnforcedBySecureHardware; mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody; mTrustedUserPresenceRequired = trustedUserPresenceRequired; mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; } Loading Loading @@ -301,4 +304,12 @@ public class KeyInfo implements KeySpec { public boolean isInvalidatedByBiometricEnrollment() { return mInvalidatedByBiometricEnrollment; } /** * Returns {@code true} if the key can only be only be used if a test for user presence has * succeeded since Signature.initSign() has been called. */ public boolean isTrustedUserPresenceRequired() { return mTrustedUserPresenceRequired; } } Loading
api/current.txt +9 −0 Original line number Diff line number Diff line Loading @@ -38103,6 +38103,7 @@ package android.security.keystore { method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isRandomizedEncryptionRequired(); method public boolean isStrongBoxBacked(); method public boolean isTrustedUserPresenceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationValidWhileOnBody(); } Loading @@ -38128,6 +38129,7 @@ package android.security.keystore { method public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date); method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...); method public android.security.keystore.KeyGenParameterSpec.Builder setTrustedUserPresenceRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int); Loading @@ -38148,6 +38150,7 @@ package android.security.keystore { method public int getUserAuthenticationValidityDurationSeconds(); method public boolean isInsideSecureHardware(); method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isTrustedUserPresenceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); method public boolean isUserAuthenticationValidWhileOnBody(); Loading Loading @@ -38248,6 +38251,12 @@ package android.security.keystore { ctor public UserNotAuthenticatedException(java.lang.String, java.lang.Throwable); } public class UserPresenceUnavailableException extends java.security.InvalidAlgorithmParameterException { ctor public UserPresenceUnavailableException(); ctor public UserPresenceUnavailableException(java.lang.String); ctor public UserPresenceUnavailableException(java.lang.String, java.lang.Throwable); } public class WrappedKeyEntry implements java.security.KeyStore.Entry { ctor public WrappedKeyEntry(byte[], java.lang.String, java.lang.String, java.security.spec.AlgorithmParameterSpec); method public java.security.spec.AlgorithmParameterSpec getAlgorithmParameterSpec();
keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +3 −0 Original line number Diff line number Diff line Loading @@ -290,6 +290,9 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { spec.isUserAuthenticationValidWhileOnBody(), spec.isInvalidatedByBiometricEnrollment(), GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */); if (spec.isTrustedUserPresenceRequired()) { args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); } KeymasterUtils.addMinMacLengthAuthorizationIfNecessary( args, mKeymasterAlgorithm, Loading
keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java +4 −0 Original line number Diff line number Diff line Loading @@ -177,6 +177,9 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { && (keymasterSwEnforcedUserAuthenticators == 0); boolean userAuthenticationValidWhileOnBody = keyCharacteristics.hwEnforced.getBoolean(KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY); boolean trustedUserPresenceRequred = keyCharacteristics.hwEnforced.getBoolean( KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); boolean invalidatedByBiometricEnrollment = false; if (keymasterSwEnforcedUserAuthenticators == KeymasterDefs.HW_AUTH_FINGERPRINT Loading @@ -203,6 +206,7 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { (int) userAuthenticationValidityDurationSeconds, userAuthenticationRequirementEnforcedBySecureHardware, userAuthenticationValidWhileOnBody, trustedUserPresenceRequred, invalidatedByBiometricEnrollment); } Loading
keystore/java/android/security/keystore/KeyGenParameterSpec.java +24 −0 Original line number Diff line number Diff line Loading @@ -258,6 +258,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { private final boolean mRandomizedEncryptionRequired; private final boolean mUserAuthenticationRequired; private final int mUserAuthenticationValidityDurationSeconds; private final boolean mTrustedUserPresenceRequred; private final byte[] mAttestationChallenge; private final boolean mUniqueIdIncluded; private final boolean mUserAuthenticationValidWhileOnBody; Loading Loading @@ -287,6 +288,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { boolean randomizedEncryptionRequired, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, boolean trustedUserPresenceRequired, byte[] attestationChallenge, boolean uniqueIdIncluded, boolean userAuthenticationValidWhileOnBody, Loading Loading @@ -332,6 +334,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes)); mRandomizedEncryptionRequired = randomizedEncryptionRequired; mUserAuthenticationRequired = userAuthenticationRequired; mTrustedUserPresenceRequred = trustedUserPresenceRequired; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; mAttestationChallenge = Utils.cloneIfNotNull(attestationChallenge); mUniqueIdIncluded = uniqueIdIncluded; Loading Loading @@ -561,6 +564,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { return mUserAuthenticationValidityDurationSeconds; } /** * Returns {@code true} if the key is authorized to be used only if a test of user presence has * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. */ public boolean isTrustedUserPresenceRequired() { return mTrustedUserPresenceRequred; } /** * Returns the attestation challenge value that will be placed in attestation certificate for * this key pair. Loading Loading @@ -658,6 +669,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { private boolean mRandomizedEncryptionRequired = true; private boolean mUserAuthenticationRequired; private int mUserAuthenticationValidityDurationSeconds = -1; private boolean mTrustedUserPresenceRequired = false; private byte[] mAttestationChallenge = null; private boolean mUniqueIdIncluded = false; private boolean mUserAuthenticationValidWhileOnBody; Loading Loading @@ -718,6 +730,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mUserAuthenticationRequired = sourceSpec.isUserAuthenticationRequired(); mUserAuthenticationValidityDurationSeconds = sourceSpec.getUserAuthenticationValidityDurationSeconds(); mTrustedUserPresenceRequired = sourceSpec.isTrustedUserPresenceRequired(); mAttestationChallenge = sourceSpec.getAttestationChallenge(); mUniqueIdIncluded = sourceSpec.isUniqueIdIncluded(); mUserAuthenticationValidWhileOnBody = sourceSpec.isUserAuthenticationValidWhileOnBody(); Loading Loading @@ -1094,6 +1107,16 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { return this; } /** * Sets whether a test of user presence is required to be performed between the * {@code Signature.initSign()} and {@code Signature.sign()} method calls. */ @NonNull public Builder setTrustedUserPresenceRequired(boolean required) { mTrustedUserPresenceRequired = required; return this; } /** * Sets whether an attestation certificate will be generated for this key pair, and what * challenge value will be placed in the certificate. The attestation certificate chain Loading Loading @@ -1221,6 +1244,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mRandomizedEncryptionRequired, mUserAuthenticationRequired, mUserAuthenticationValidityDurationSeconds, mTrustedUserPresenceRequired, mAttestationChallenge, mUniqueIdIncluded, mUserAuthenticationValidWhileOnBody, Loading
keystore/java/android/security/keystore/KeyInfo.java +11 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,7 @@ public class KeyInfo implements KeySpec { private final int mUserAuthenticationValidityDurationSeconds; private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware; private final boolean mUserAuthenticationValidWhileOnBody; private final boolean mTrustedUserPresenceRequired; private final boolean mInvalidatedByBiometricEnrollment; /** Loading @@ -101,6 +102,7 @@ public class KeyInfo implements KeySpec { int userAuthenticationValidityDurationSeconds, boolean userAuthenticationRequirementEnforcedBySecureHardware, boolean userAuthenticationValidWhileOnBody, boolean trustedUserPresenceRequired, boolean invalidatedByBiometricEnrollment) { mKeystoreAlias = keystoreKeyAlias; mInsideSecureHardware = insideSecureHardware; Loading @@ -121,6 +123,7 @@ public class KeyInfo implements KeySpec { mUserAuthenticationRequirementEnforcedBySecureHardware = userAuthenticationRequirementEnforcedBySecureHardware; mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody; mTrustedUserPresenceRequired = trustedUserPresenceRequired; mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; } Loading Loading @@ -301,4 +304,12 @@ public class KeyInfo implements KeySpec { public boolean isInvalidatedByBiometricEnrollment() { return mInvalidatedByBiometricEnrollment; } /** * Returns {@code true} if the key can only be only be used if a test for user presence has * succeeded since Signature.initSign() has been called. */ public boolean isTrustedUserPresenceRequired() { return mTrustedUserPresenceRequired; } }
