Keymaster key validity dates are optional. (d6c7799b) · Commits · e / os / android_frameworks_base

core/java/android/security/keymaster/KeymasterArguments.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -85,6 +85,12 @@ public class KeymasterArguments implements Parcelable {
		mArguments.add(new KeymasterDateArgument(tag, value));
		}

		public void addDateIfNotNull(int tag, Date value) {
		if (value != null) {
		mArguments.add(new KeymasterDateArgument(tag, value));
		}
		}

		private KeymasterArgument getArgumentByTag(int tag) {
		for (KeymasterArgument arg : mArguments) {
		if (arg.tag == tag) {

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+5 −10

Original line number	Diff line number	Diff line
		@@ -31,7 +31,6 @@ import java.security.ProviderException;
		import java.security.SecureRandom;
		import java.security.spec.AlgorithmParameterSpec;
		import java.util.Arrays;
		import java.util.Date;

		import javax.crypto.KeyGeneratorSpi;
		import javax.crypto.SecretKey;
		@@ -278,15 +277,11 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		KeymasterUtils.addUserAuthArgs(args,
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds());
		args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
		(spec.getKeyValidityStart() != null)
		? spec.getKeyValidityStart() : new Date(0));
		args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		(spec.getKeyValidityForOriginationEnd() != null)
		? spec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
		args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		(spec.getKeyValidityForConsumptionEnd() != null)
		? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		spec.getKeyValidityForOriginationEnd());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		spec.getKeyValidityForConsumptionEnd());

		if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0)
		&& (!spec.isRandomizedEncryptionRequired())) {

keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java

+5 −9

Original line number	Diff line number	Diff line
		@@ -415,15 +415,11 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		KeymasterUtils.addUserAuthArgs(args,
		mSpec.isUserAuthenticationRequired(),
		mSpec.getUserAuthenticationValidityDurationSeconds());
		args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
		(mSpec.getKeyValidityStart() != null)
		? mSpec.getKeyValidityStart() : new Date(0));
		args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		(mSpec.getKeyValidityForOriginationEnd() != null)
		? mSpec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
		args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		(mSpec.getKeyValidityForConsumptionEnd() != null)
		? mSpec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		mSpec.getKeyValidityForOriginationEnd());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		mSpec.getKeyValidityForConsumptionEnd());
		addAlgorithmSpecificParameters(args);

		byte[] additionalEntropy =

keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java

+0 −11

Original line number	Diff line number	Diff line
		@@ -147,21 +147,10 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
		}

		Date keyValidityStart = keyCharacteristics.getDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME);
		if ((keyValidityStart != null) && (keyValidityStart.getTime() <= 0)) {
		keyValidityStart = null;
		}
		Date keyValidityForOriginationEnd =
		keyCharacteristics.getDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME);
		if ((keyValidityForOriginationEnd != null)
		&& (keyValidityForOriginationEnd.getTime() == Long.MAX_VALUE)) {
		keyValidityForOriginationEnd = null;
		}
		Date keyValidityForConsumptionEnd =
		keyCharacteristics.getDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME);
		if ((keyValidityForConsumptionEnd != null)
		&& (keyValidityForConsumptionEnd.getTime() == Long.MAX_VALUE)) {
		keyValidityForConsumptionEnd = null;
		}
		boolean userAuthenticationRequired =
		!keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
		int userAuthenticationValidityDurationSeconds =

keystore/java/android/security/keystore/AndroidKeyStoreSpi.java

+11 −20

Original line number	Diff line number	Diff line
		@@ -435,17 +435,12 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		KeymasterUtils.addUserAuthArgs(importArgs,
		spec.isUserAuthenticationRequired(),
		spec.getUserAuthenticationValidityDurationSeconds());
		importArgs.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
		(spec.getKeyValidityStart() != null)
		? spec.getKeyValidityStart() : new Date(0));
		importArgs.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		(spec.getKeyValidityForOriginationEnd() != null)
		? spec.getKeyValidityForOriginationEnd()
		: new Date(Long.MAX_VALUE));
		importArgs.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		(spec.getKeyValidityForConsumptionEnd() != null)
		? spec.getKeyValidityForConsumptionEnd()
		: new Date(Long.MAX_VALUE));
		importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
		spec.getKeyValidityStart());
		importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		spec.getKeyValidityForOriginationEnd());
		importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		spec.getKeyValidityForConsumptionEnd());
		} catch (IllegalArgumentException e) {
		throw new KeyStoreException("Invalid parameter", e);
		}
		@@ -646,15 +641,11 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		KeymasterUtils.addUserAuthArgs(args,
		params.isUserAuthenticationRequired(),
		params.getUserAuthenticationValidityDurationSeconds());
		args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
		(params.getKeyValidityStart() != null)
		? params.getKeyValidityStart() : new Date(0));
		args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		(params.getKeyValidityForOriginationEnd() != null)
		? params.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
		args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		(params.getKeyValidityForConsumptionEnd() != null)
		? params.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
		params.getKeyValidityForOriginationEnd());
		args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
		params.getKeyValidityForConsumptionEnd());

		if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0)
		&& (!params.isRandomizedEncryptionRequired())) {