Loading keystore/java/android/security/KeyStoreKeyCharacteristics.java +6 −11 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ public abstract class KeyStoreKeyCharacteristics { private KeyStoreKeyCharacteristics() {} @Retention(RetentionPolicy.SOURCE) @IntDef({Origin.GENERATED_INSIDE_TEE, Origin.GENERATED_OUTSIDE_OF_TEE, Origin.IMPORTED}) @IntDef({Origin.GENERATED, Origin.IMPORTED}) public @interface OriginEnum {} /** Loading @@ -40,14 +40,11 @@ public abstract class KeyStoreKeyCharacteristics { public static abstract class Origin { private Origin() {} /** Key was generated inside a TEE. */ public static final int GENERATED_INSIDE_TEE = 1; /** Key was generated inside AndroidKeyStore. */ public static final int GENERATED = 1 << 0; /** Key was generated outside of a TEE. */ public static final int GENERATED_OUTSIDE_OF_TEE = 2; /** Key was imported. */ public static final int IMPORTED = 0; /** Key was imported into AndroidKeyStore. */ public static final int IMPORTED = 1 << 1; /** * @hide Loading @@ -55,9 +52,7 @@ public abstract class KeyStoreKeyCharacteristics { public static @OriginEnum int fromKeymaster(int origin) { switch (origin) { case KeymasterDefs.KM_ORIGIN_HARDWARE: return GENERATED_INSIDE_TEE; case KeymasterDefs.KM_ORIGIN_SOFTWARE: return GENERATED_OUTSIDE_OF_TEE; return GENERATED; case KeymasterDefs.KM_ORIGIN_IMPORTED: return IMPORTED; default: Loading keystore/java/android/security/KeyStoreKeySpec.java +11 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ import java.util.Date; public class KeyStoreKeySpec implements KeySpec { private final String mKeystoreAlias; private final int mKeySize; private final boolean mTeeBacked; private final @KeyStoreKeyCharacteristics.OriginEnum int mOrigin; private final Date mKeyValidityStart; private final Date mKeyValidityForOriginationEnd; Loading @@ -46,6 +47,7 @@ public class KeyStoreKeySpec implements KeySpec { * @hide */ KeyStoreKeySpec(String keystoreKeyAlias, boolean teeBacked, @KeyStoreKeyCharacteristics.OriginEnum int origin, int keySize, Date keyValidityStart, Loading @@ -60,6 +62,7 @@ public class KeyStoreKeySpec implements KeySpec { @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators, int userAuthenticationValidityDurationSeconds) { mKeystoreAlias = keystoreKeyAlias; mTeeBacked = teeBacked; mOrigin = origin; mKeySize = keySize; mKeyValidityStart = keyValidityStart; Loading @@ -82,6 +85,14 @@ public class KeyStoreKeySpec implements KeySpec { return mKeystoreAlias; } /** * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available * in plaintext only inside the TEE. */ public boolean isTeeBacked() { return mTeeBacked; } /** * Gets the origin of the key. */ Loading keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java +12 −4 Original line number Diff line number Diff line Loading @@ -70,7 +70,8 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { + " Keystore error: " + errorCode); } @KeyStoreKeyCharacteristics.OriginEnum Integer origin; boolean teeBacked; @KeyStoreKeyCharacteristics.OriginEnum int origin; int keySize; @KeyStoreKeyConstraints.PurposeEnum int purposes; @KeyStoreKeyConstraints.AlgorithmEnum int algorithm; Loading @@ -80,11 +81,17 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators; @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators; try { origin = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_ORIGIN); if (origin == null) { if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = true; origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster( keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = false; origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster( keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else { throw new InvalidKeySpecException("Key origin not available"); } origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster(origin); Integer keySizeInteger = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_KEY_SIZE); if (keySizeInteger == null) { Loading Loading @@ -144,6 +151,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_AUTH_TIMEOUT); return new KeyStoreKeySpec(entryAlias, teeBacked, origin, keySize, keyValidityStart, Loading Loading
keystore/java/android/security/KeyStoreKeyCharacteristics.java +6 −11 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ public abstract class KeyStoreKeyCharacteristics { private KeyStoreKeyCharacteristics() {} @Retention(RetentionPolicy.SOURCE) @IntDef({Origin.GENERATED_INSIDE_TEE, Origin.GENERATED_OUTSIDE_OF_TEE, Origin.IMPORTED}) @IntDef({Origin.GENERATED, Origin.IMPORTED}) public @interface OriginEnum {} /** Loading @@ -40,14 +40,11 @@ public abstract class KeyStoreKeyCharacteristics { public static abstract class Origin { private Origin() {} /** Key was generated inside a TEE. */ public static final int GENERATED_INSIDE_TEE = 1; /** Key was generated inside AndroidKeyStore. */ public static final int GENERATED = 1 << 0; /** Key was generated outside of a TEE. */ public static final int GENERATED_OUTSIDE_OF_TEE = 2; /** Key was imported. */ public static final int IMPORTED = 0; /** Key was imported into AndroidKeyStore. */ public static final int IMPORTED = 1 << 1; /** * @hide Loading @@ -55,9 +52,7 @@ public abstract class KeyStoreKeyCharacteristics { public static @OriginEnum int fromKeymaster(int origin) { switch (origin) { case KeymasterDefs.KM_ORIGIN_HARDWARE: return GENERATED_INSIDE_TEE; case KeymasterDefs.KM_ORIGIN_SOFTWARE: return GENERATED_OUTSIDE_OF_TEE; return GENERATED; case KeymasterDefs.KM_ORIGIN_IMPORTED: return IMPORTED; default: Loading
keystore/java/android/security/KeyStoreKeySpec.java +11 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ import java.util.Date; public class KeyStoreKeySpec implements KeySpec { private final String mKeystoreAlias; private final int mKeySize; private final boolean mTeeBacked; private final @KeyStoreKeyCharacteristics.OriginEnum int mOrigin; private final Date mKeyValidityStart; private final Date mKeyValidityForOriginationEnd; Loading @@ -46,6 +47,7 @@ public class KeyStoreKeySpec implements KeySpec { * @hide */ KeyStoreKeySpec(String keystoreKeyAlias, boolean teeBacked, @KeyStoreKeyCharacteristics.OriginEnum int origin, int keySize, Date keyValidityStart, Loading @@ -60,6 +62,7 @@ public class KeyStoreKeySpec implements KeySpec { @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators, int userAuthenticationValidityDurationSeconds) { mKeystoreAlias = keystoreKeyAlias; mTeeBacked = teeBacked; mOrigin = origin; mKeySize = keySize; mKeyValidityStart = keyValidityStart; Loading @@ -82,6 +85,14 @@ public class KeyStoreKeySpec implements KeySpec { return mKeystoreAlias; } /** * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available * in plaintext only inside the TEE. */ public boolean isTeeBacked() { return mTeeBacked; } /** * Gets the origin of the key. */ Loading
keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java +12 −4 Original line number Diff line number Diff line Loading @@ -70,7 +70,8 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { + " Keystore error: " + errorCode); } @KeyStoreKeyCharacteristics.OriginEnum Integer origin; boolean teeBacked; @KeyStoreKeyCharacteristics.OriginEnum int origin; int keySize; @KeyStoreKeyConstraints.PurposeEnum int purposes; @KeyStoreKeyConstraints.AlgorithmEnum int algorithm; Loading @@ -80,11 +81,17 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators; @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators; try { origin = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_ORIGIN); if (origin == null) { if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = true; origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster( keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) { teeBacked = false; origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster( keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1)); } else { throw new InvalidKeySpecException("Key origin not available"); } origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster(origin); Integer keySizeInteger = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_KEY_SIZE); if (keySizeInteger == null) { Loading Loading @@ -144,6 +151,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_AUTH_TIMEOUT); return new KeyStoreKeySpec(entryAlias, teeBacked, origin, keySize, keyValidityStart, Loading
