Loading services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java +0 −115 Original line number Diff line number Diff line Loading @@ -69,121 +69,6 @@ class RecoverableKeyStoreDbContract { static final String COLUMN_NAME_RECOVERY_STATUS = "recovery_status"; } /** * Table holding encrypted snapshots of the recoverable key store. */ static class SnapshotsEntry implements BaseColumns { static final String TABLE_NAME = "snapshots"; /** * The version number of the snapshot. */ static final String COLUMN_NAME_VERSION = "version"; /** * The ID of the user whose keystore was snapshotted. */ static final String COLUMN_NAME_USER_ID = "user_id"; /** * The UID of the app that owns the snapshot (i.e., the recovery agent). */ static final String COLUMN_NAME_UID = "uid"; /** * The maximum number of attempts allowed to attempt to decrypt the recovery key. */ static final String COLUMN_NAME_MAX_ATTEMPTS = "max_attempts"; /** * The ID of the counter in the trusted hardware module. */ static final String COLUMN_NAME_COUNTER_ID = "counter_id"; /** * Server parameters used to help identify the device (during recovery). */ static final String SERVER_PARAMS = "server_params"; /** * The public key of the trusted hardware module. This key has been used to encrypt the * snapshot, to ensure that it can only be read by the trusted module. */ static final String TRUSTED_HARDWARE_PUBLIC_KEY = "thm_public_key"; /** * {@link java.security.cert.CertPath} signing the trusted hardware module to whose public * key this snapshot is encrypted. */ static final String CERT_PATH = "cert_path"; /** * The recovery key, encrypted with the user's lock screen and the trusted hardware module's * public key. */ static final String ENCRYPTED_RECOVERY_KEY = "encrypted_recovery_key"; } /** * Table holding encrypted keys belonging to a particular snapshot. */ static class SnapshotKeysEntry implements BaseColumns { static final String TABLE_NAME = "snapshot_keys"; /** * ID of the associated snapshot entry in {@link SnapshotsEntry}. */ static final String COLUMN_NAME_SNAPSHOT_ID = "snapshot_id"; /** * Alias of the key. */ static final String COLUMN_NAME_ALIAS = "alias"; /** * Key material, encrypted with the recovery key from the snapshot. */ static final String COLUMN_NAME_ENCRYPTED_BYTES = "encrypted_key_bytes"; } /** * A layer of protection associated with a snapshot. */ static class SnapshotProtectionParams implements BaseColumns { static final String TABLE_NAME = "snapshot_protection_params"; /** * ID of the associated snapshot entry in {@link SnapshotsEntry}. */ static final String COLUMN_NAME_SNAPSHOT_ID = "snapshot_id"; /** * Type of secret used to generate recovery key. One of * {@link android.security.keystore.recovery.KeyChainProtectionParams#TYPE_LOCKSCREEN} or */ static final String COLUMN_NAME_SECRET_TYPE = "secret_type"; /** * If a lock screen, the type of UI used. One of * {@link android.security.keystore.recovery.KeyChainProtectionParams#UI_FORMAT_PATTERN}, * {@link android.security.keystore.recovery.KeyChainProtectionParams#UI_FORMAT_PIN}, or * {@link android.security.keystore.recovery.KeyChainProtectionParams#UI_FORMAT_PASSWORD}. */ static final String COLUMN_NAME_LOCKSCREEN_UI_TYPE = "lock_screen_ui_type"; /** * The algorithm used to derive cryptographic material from the key and salt. One of * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SHA256} or * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SCRYPT}. */ static final String COLUMN_NAME_KEY_DERIVATION_ALGORITHM = "key_derivation_algorithm"; /** * The salt used along with the secret to generate cryptographic material. */ static final String COLUMN_NAME_KEY_DERIVATION_SALT = "key_derivation_salt"; } /** * Recoverable KeyStore metadata for a specific user profile. */ Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java +0 −115 Original line number Diff line number Diff line Loading @@ -69,121 +69,6 @@ class RecoverableKeyStoreDbContract { static final String COLUMN_NAME_RECOVERY_STATUS = "recovery_status"; } /** * Table holding encrypted snapshots of the recoverable key store. */ static class SnapshotsEntry implements BaseColumns { static final String TABLE_NAME = "snapshots"; /** * The version number of the snapshot. */ static final String COLUMN_NAME_VERSION = "version"; /** * The ID of the user whose keystore was snapshotted. */ static final String COLUMN_NAME_USER_ID = "user_id"; /** * The UID of the app that owns the snapshot (i.e., the recovery agent). */ static final String COLUMN_NAME_UID = "uid"; /** * The maximum number of attempts allowed to attempt to decrypt the recovery key. */ static final String COLUMN_NAME_MAX_ATTEMPTS = "max_attempts"; /** * The ID of the counter in the trusted hardware module. */ static final String COLUMN_NAME_COUNTER_ID = "counter_id"; /** * Server parameters used to help identify the device (during recovery). */ static final String SERVER_PARAMS = "server_params"; /** * The public key of the trusted hardware module. This key has been used to encrypt the * snapshot, to ensure that it can only be read by the trusted module. */ static final String TRUSTED_HARDWARE_PUBLIC_KEY = "thm_public_key"; /** * {@link java.security.cert.CertPath} signing the trusted hardware module to whose public * key this snapshot is encrypted. */ static final String CERT_PATH = "cert_path"; /** * The recovery key, encrypted with the user's lock screen and the trusted hardware module's * public key. */ static final String ENCRYPTED_RECOVERY_KEY = "encrypted_recovery_key"; } /** * Table holding encrypted keys belonging to a particular snapshot. */ static class SnapshotKeysEntry implements BaseColumns { static final String TABLE_NAME = "snapshot_keys"; /** * ID of the associated snapshot entry in {@link SnapshotsEntry}. */ static final String COLUMN_NAME_SNAPSHOT_ID = "snapshot_id"; /** * Alias of the key. */ static final String COLUMN_NAME_ALIAS = "alias"; /** * Key material, encrypted with the recovery key from the snapshot. */ static final String COLUMN_NAME_ENCRYPTED_BYTES = "encrypted_key_bytes"; } /** * A layer of protection associated with a snapshot. */ static class SnapshotProtectionParams implements BaseColumns { static final String TABLE_NAME = "snapshot_protection_params"; /** * ID of the associated snapshot entry in {@link SnapshotsEntry}. */ static final String COLUMN_NAME_SNAPSHOT_ID = "snapshot_id"; /** * Type of secret used to generate recovery key. One of * {@link android.security.keystore.recovery.KeyChainProtectionParams#TYPE_LOCKSCREEN} or */ static final String COLUMN_NAME_SECRET_TYPE = "secret_type"; /** * If a lock screen, the type of UI used. One of * {@link android.security.keystore.recovery.KeyChainProtectionParams#UI_FORMAT_PATTERN}, * {@link android.security.keystore.recovery.KeyChainProtectionParams#UI_FORMAT_PIN}, or * {@link android.security.keystore.recovery.KeyChainProtectionParams#UI_FORMAT_PASSWORD}. */ static final String COLUMN_NAME_LOCKSCREEN_UI_TYPE = "lock_screen_ui_type"; /** * The algorithm used to derive cryptographic material from the key and salt. One of * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SHA256} or * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SCRYPT}. */ static final String COLUMN_NAME_KEY_DERIVATION_ALGORITHM = "key_derivation_algorithm"; /** * The salt used along with the secret to generate cryptographic material. */ static final String COLUMN_NAME_KEY_DERIVATION_SALT = "key_derivation_salt"; } /** * Recoverable KeyStore metadata for a specific user profile. */ Loading
