Replace "TEE" with "secure hardware". (eae1da77) · Commits · e / os / android_frameworks_base

api/current.txt

+2 −2

Original line number	Diff line number	Diff line
		@@ -28593,9 +28593,9 @@ package android.security {
		method public int getPurposes();
		method public java.lang.String[] getSignaturePaddings();
		method public int getUserAuthenticationValidityDurationSeconds();
		method public boolean isTeeBacked();
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementTeeEnforced();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		}

		public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {

api/system-current.txt

+2 −2

Original line number	Diff line number	Diff line
		@@ -30607,9 +30607,9 @@ package android.security {
		method public int getPurposes();
		method public java.lang.String[] getSignaturePaddings();
		method public int getUserAuthenticationValidityDurationSeconds();
		method public boolean isTeeBacked();
		method public boolean isInsideSecureHardware();
		method public boolean isUserAuthenticationRequired();
		method public boolean isUserAuthenticationRequirementTeeEnforced();
		method public boolean isUserAuthenticationRequirementEnforcedBySecureHardware();
		}

		public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {

keystore/java/android/security/KeyStoreKeyProperties.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -656,7 +656,7 @@ public abstract class KeyStoreKeyProperties {
		public static final int IMPORTED = 1 << 1;

		/**
		* Origin of the key is unknown. This can occur only for keys backed by an old TEE
		* Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed
		* implementation which does not record origin information.
		*/
		public static final int UNKNOWN = 1 << 2;

keystore/java/android/security/KeyStoreKeySpec.java

+16 −13

Original line number	Diff line number	Diff line
		@@ -26,7 +26,7 @@ import java.util.Date;
		public class KeyStoreKeySpec implements KeySpec {
		private final String mKeystoreAlias;
		private final int mKeySize;
		private final boolean mTeeBacked;
		private final boolean mInsideSecureHardware;
		private final @KeyStoreKeyProperties.OriginEnum int mOrigin;
		private final Date mKeyValidityStart;
		private final Date mKeyValidityForOriginationEnd;
		@@ -38,13 +38,13 @@ public class KeyStoreKeySpec implements KeySpec {
		private final @KeyStoreKeyProperties.BlockModeEnum String[] mBlockModes;
		private final boolean mUserAuthenticationRequired;
		private final int mUserAuthenticationValidityDurationSeconds;
		private final boolean mUserAuthenticationRequirementTeeEnforced;
		private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware;

		/**
		* @hide
		*/
		KeyStoreKeySpec(String keystoreKeyAlias,
		boolean teeBacked,
		boolean insideSecureHardware,
		@KeyStoreKeyProperties.OriginEnum int origin,
		int keySize,
		Date keyValidityStart,
		@@ -57,9 +57,9 @@ public class KeyStoreKeySpec implements KeySpec {
		@KeyStoreKeyProperties.BlockModeEnum String[] blockModes,
		boolean userAuthenticationRequired,
		int userAuthenticationValidityDurationSeconds,
		boolean userAuthenticationRequirementTeeEnforced) {
		boolean userAuthenticationRequirementEnforcedBySecureHardware) {
		mKeystoreAlias = keystoreKeyAlias;
		mTeeBacked = teeBacked;
		mInsideSecureHardware = insideSecureHardware;
		mOrigin = origin;
		mKeySize = keySize;
		mKeyValidityStart = keyValidityStart;
		@@ -74,7 +74,8 @@ public class KeyStoreKeySpec implements KeySpec {
		mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));
		mUserAuthenticationRequired = userAuthenticationRequired;
		mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
		mUserAuthenticationRequirementTeeEnforced = userAuthenticationRequirementTeeEnforced;
		mUserAuthenticationRequirementEnforcedBySecureHardware =
		userAuthenticationRequirementEnforcedBySecureHardware;
		}

		/**
		@@ -85,11 +86,12 @@ public class KeyStoreKeySpec implements KeySpec {
		}

		/**
		* Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available
		* in plaintext only inside the TEE.
		* Returns {@code true} if the key resides inside secure hardware (e.g., Trusted Execution
		* Environment (TEE) or Secure Element (SE)). Key material of such keys is available in
		* plaintext only inside the secure hardware and is not exposed outside of it.
		*/
		public boolean isTeeBacked() {
		return mTeeBacked;
		public boolean isInsideSecureHardware() {
		return mInsideSecureHardware;
		}

		/**
		@@ -192,11 +194,12 @@ public class KeyStoreKeySpec implements KeySpec {

		/**
		* Returns {@code true} if the requirement that this key can only be used if the user has been
		* authenticated if enforced by the TEE.
		* authenticated if enforced by secure hardware (e.g., Trusted Execution Environment (TEE) or
		* Secure Element (SE)).
		*
		* @see #isUserAuthenticationRequired()
		*/
		public boolean isUserAuthenticationRequirementTeeEnforced() {
		return mUserAuthenticationRequirementTeeEnforced;
		public boolean isUserAuthenticationRequirementEnforcedBySecureHardware() {
		return mUserAuthenticationRequirementEnforcedBySecureHardware;
		}
		}

keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java

+6 −6

Original line number	Diff line number	Diff line
		@@ -74,7 +74,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
		+ " Keystore error: " + errorCode);
		}

		boolean teeBacked;
		boolean insideSecureHardware;
		@KeyStoreKeyProperties.OriginEnum int origin;
		int keySize;
		@KeyStoreKeyProperties.PurposeEnum int purposes;
		@@ -85,11 +85,11 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
		int keymasterHwEnforcedUserAuthenticators;
		try {
		if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) {
		teeBacked = true;
		insideSecureHardware = true;
		origin = KeyStoreKeyProperties.Origin.fromKeymaster(
		keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1));
		} else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) {
		teeBacked = false;
		insideSecureHardware = false;
		origin = KeyStoreKeyProperties.Origin.fromKeymaster(
		keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1));
		} else {
		@@ -150,12 +150,12 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
		!keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
		int userAuthenticationValidityDurationSeconds =
		keyCharacteristics.getInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, -1);
		boolean userAuthenticationRequirementEnforcedInTee = (userAuthenticationRequired)
		boolean userAuthenticationRequirementEnforcedBySecureHardware = (userAuthenticationRequired)
		&& (keymasterHwEnforcedUserAuthenticators != 0)
		&& (keymasterSwEnforcedUserAuthenticators == 0);

		return new KeyStoreKeySpec(entryAlias,
		teeBacked,
		insideSecureHardware,
		origin,
		keySize,
		keyValidityStart,
		@@ -168,7 +168,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
		blockModes,
		userAuthenticationRequired,
		userAuthenticationValidityDurationSeconds,
		userAuthenticationRequirementEnforcedInTee);
		userAuthenticationRequirementEnforcedBySecureHardware);
		}

		@Override