Loading core/api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -39247,6 +39247,7 @@ package android.security.keystore { method @Deprecated public boolean isInsideSecureHardware(); method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isTrustedUserPresenceRequired(); method @FlaggedApi("android.security.keyinfo_unlocked_device_required") public boolean isUnlockedDeviceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); method public boolean isUserAuthenticationValidWhileOnBody(); core/java/android/security/flags.aconfig +7 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,13 @@ flag { is_fixed_read_only: true } flag { name: "keyinfo_unlocked_device_required" namespace: "hardware_backed_security" description: "Add the API android.security.keystore.KeyInfo#isUnlockedDeviceRequired()" bug: "296475382" } flag { name: "deprecate_fsv_sig" namespace: "hardware_backed_security" Loading keystore/java/android/security/keystore/KeyInfo.java +18 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package android.security.keystore; import android.annotation.FlaggedApi; import android.annotation.NonNull; import android.annotation.Nullable; Loading Loading @@ -81,6 +82,7 @@ public class KeyInfo implements KeySpec { private final @KeyProperties.AuthEnum int mUserAuthenticationType; private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware; private final boolean mUserAuthenticationValidWhileOnBody; private final boolean mUnlockedDeviceRequired; private final boolean mTrustedUserPresenceRequired; private final boolean mInvalidatedByBiometricEnrollment; private final boolean mUserConfirmationRequired; Loading @@ -107,6 +109,7 @@ public class KeyInfo implements KeySpec { @KeyProperties.AuthEnum int userAuthenticationType, boolean userAuthenticationRequirementEnforcedBySecureHardware, boolean userAuthenticationValidWhileOnBody, boolean unlockedDeviceRequired, boolean trustedUserPresenceRequired, boolean invalidatedByBiometricEnrollment, boolean userConfirmationRequired, Loading @@ -132,6 +135,7 @@ public class KeyInfo implements KeySpec { mUserAuthenticationRequirementEnforcedBySecureHardware = userAuthenticationRequirementEnforcedBySecureHardware; mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody; mUnlockedDeviceRequired = unlockedDeviceRequired; mTrustedUserPresenceRequired = trustedUserPresenceRequired; mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; mUserConfirmationRequired = userConfirmationRequired; Loading Loading @@ -274,6 +278,20 @@ public class KeyInfo implements KeySpec { return mUserAuthenticationRequired; } /** * Returns {@code true} if the key is authorized to be used only when the device is unlocked. * * <p>This authorization applies only to secret key and private key operations. Public key * operations are not restricted. * * @see KeyGenParameterSpec.Builder#setUnlockedDeviceRequired(boolean) * @see KeyProtection.Builder#setUnlockedDeviceRequired(boolean) */ @FlaggedApi(android.security.Flags.FLAG_KEYINFO_UNLOCKED_DEVICE_REQUIRED) public boolean isUnlockedDeviceRequired() { return mUnlockedDeviceRequired; } /** * Returns {@code true} if the key is authorized to be used only for messages confirmed by the * user. Loading keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java +5 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,7 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { long userAuthenticationValidityDurationSeconds = 0; boolean userAuthenticationRequired = true; boolean userAuthenticationValidWhileOnBody = false; boolean unlockedDeviceRequired = false; boolean trustedUserPresenceRequired = false; boolean trustedUserConfirmationRequired = false; int remainingUsageCount = KeyProperties.UNRESTRICTED_USAGE_COUNT; Loading Loading @@ -184,6 +185,9 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { + userAuthenticationValidityDurationSeconds + " seconds"); } break; case KeymasterDefs.KM_TAG_UNLOCKED_DEVICE_REQUIRED: unlockedDeviceRequired = true; break; case KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY: userAuthenticationValidWhileOnBody = KeyStore2ParameterUtils.isSecureHardware(a.securityLevel); Loading Loading @@ -257,6 +261,7 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { : keymasterSwEnforcedUserAuthenticators, userAuthenticationRequirementEnforcedBySecureHardware, userAuthenticationValidWhileOnBody, unlockedDeviceRequired, trustedUserPresenceRequired, invalidatedByBiometricEnrollment, trustedUserConfirmationRequired, Loading Loading
core/api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -39247,6 +39247,7 @@ package android.security.keystore { method @Deprecated public boolean isInsideSecureHardware(); method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isTrustedUserPresenceRequired(); method @FlaggedApi("android.security.keyinfo_unlocked_device_required") public boolean isUnlockedDeviceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware(); method public boolean isUserAuthenticationValidWhileOnBody();
core/java/android/security/flags.aconfig +7 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,13 @@ flag { is_fixed_read_only: true } flag { name: "keyinfo_unlocked_device_required" namespace: "hardware_backed_security" description: "Add the API android.security.keystore.KeyInfo#isUnlockedDeviceRequired()" bug: "296475382" } flag { name: "deprecate_fsv_sig" namespace: "hardware_backed_security" Loading
keystore/java/android/security/keystore/KeyInfo.java +18 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package android.security.keystore; import android.annotation.FlaggedApi; import android.annotation.NonNull; import android.annotation.Nullable; Loading Loading @@ -81,6 +82,7 @@ public class KeyInfo implements KeySpec { private final @KeyProperties.AuthEnum int mUserAuthenticationType; private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware; private final boolean mUserAuthenticationValidWhileOnBody; private final boolean mUnlockedDeviceRequired; private final boolean mTrustedUserPresenceRequired; private final boolean mInvalidatedByBiometricEnrollment; private final boolean mUserConfirmationRequired; Loading @@ -107,6 +109,7 @@ public class KeyInfo implements KeySpec { @KeyProperties.AuthEnum int userAuthenticationType, boolean userAuthenticationRequirementEnforcedBySecureHardware, boolean userAuthenticationValidWhileOnBody, boolean unlockedDeviceRequired, boolean trustedUserPresenceRequired, boolean invalidatedByBiometricEnrollment, boolean userConfirmationRequired, Loading @@ -132,6 +135,7 @@ public class KeyInfo implements KeySpec { mUserAuthenticationRequirementEnforcedBySecureHardware = userAuthenticationRequirementEnforcedBySecureHardware; mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody; mUnlockedDeviceRequired = unlockedDeviceRequired; mTrustedUserPresenceRequired = trustedUserPresenceRequired; mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; mUserConfirmationRequired = userConfirmationRequired; Loading Loading @@ -274,6 +278,20 @@ public class KeyInfo implements KeySpec { return mUserAuthenticationRequired; } /** * Returns {@code true} if the key is authorized to be used only when the device is unlocked. * * <p>This authorization applies only to secret key and private key operations. Public key * operations are not restricted. * * @see KeyGenParameterSpec.Builder#setUnlockedDeviceRequired(boolean) * @see KeyProtection.Builder#setUnlockedDeviceRequired(boolean) */ @FlaggedApi(android.security.Flags.FLAG_KEYINFO_UNLOCKED_DEVICE_REQUIRED) public boolean isUnlockedDeviceRequired() { return mUnlockedDeviceRequired; } /** * Returns {@code true} if the key is authorized to be used only for messages confirmed by the * user. Loading
keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java +5 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,7 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { long userAuthenticationValidityDurationSeconds = 0; boolean userAuthenticationRequired = true; boolean userAuthenticationValidWhileOnBody = false; boolean unlockedDeviceRequired = false; boolean trustedUserPresenceRequired = false; boolean trustedUserConfirmationRequired = false; int remainingUsageCount = KeyProperties.UNRESTRICTED_USAGE_COUNT; Loading Loading @@ -184,6 +185,9 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { + userAuthenticationValidityDurationSeconds + " seconds"); } break; case KeymasterDefs.KM_TAG_UNLOCKED_DEVICE_REQUIRED: unlockedDeviceRequired = true; break; case KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY: userAuthenticationValidWhileOnBody = KeyStore2ParameterUtils.isSecureHardware(a.securityLevel); Loading Loading @@ -257,6 +261,7 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { : keymasterSwEnforcedUserAuthenticators, userAuthenticationRequirementEnforcedBySecureHardware, userAuthenticationValidWhileOnBody, unlockedDeviceRequired, trustedUserPresenceRequired, invalidatedByBiometricEnrollment, trustedUserConfirmationRequired, Loading
