summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Treehugger Robot <treehugger-gerrit@google.com> 2020-11-18 16:44:50 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-11-18 16:44:50 +0000
commit2eb526a1ae9b38aa5f15a957b421688269c98a00 (patch)
tree33278cd257ba40e1560f9ab3a7f8bb1b577431db
parent34cbddb1394a7d0d4d5f39a325ab15ba0a8dcaf7 (diff)
parent2694b808b223749160a22a1ea09deefe767266c5 (diff)
Merge changes from topic "ks2_with_keymint" am: ab1b8a7a20 am: 2694b808b2
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1475676 Change-Id: I877255fe782f7536a92ebdc3bf1fe6df9ec6dff5
Diffstat
-rw-r--r--keystore/java/android/security/KeyStoreOperation.java2
-rw-r--r--keystore/java/android/security/KeyStoreSecurityLevel.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreHmacSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java4
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java4
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreRSASignatureSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreSignatureSpiBase.java2
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java12
-rw-r--r--keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java2
-rw-r--r--keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java4
-rw-r--r--services/core/java/com/android/server/locksettings/recoverablekeystore/KeyStoreProxyImpl.java23
-rw-r--r--services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java4
17 files changed, 42 insertions, 31 deletions
diff --git a/keystore/java/android/security/KeyStoreOperation.java b/keystore/java/android/security/KeyStoreOperation.java
index 9af15a5f4a16..49a48871fd30 100644
--- a/keystore/java/android/security/KeyStoreOperation.java
+++ b/keystore/java/android/security/KeyStoreOperation.java
@@ -17,11 +17,11 @@
package android.security;
import android.annotation.NonNull;
+import android.hardware.keymint.KeyParameter;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.security.keymaster.KeymasterDefs;
import android.system.keystore2.IKeystoreOperation;
-import android.system.keystore2.KeyParameter;
import android.system.keystore2.ResponseCode;
import android.util.Log;
diff --git a/keystore/java/android/security/KeyStoreSecurityLevel.java b/keystore/java/android/security/KeyStoreSecurityLevel.java
index 9d3b62278ba0..7c3de8bee475 100644
--- a/keystore/java/android/security/KeyStoreSecurityLevel.java
+++ b/keystore/java/android/security/KeyStoreSecurityLevel.java
@@ -18,6 +18,7 @@ package android.security;
import android.annotation.NonNull;
import android.app.compat.CompatChanges;
+import android.hardware.keymint.KeyParameter;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.security.keystore.BackendBusyException;
@@ -27,7 +28,6 @@ import android.system.keystore2.CreateOperationResponse;
import android.system.keystore2.IKeystoreSecurityLevel;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyMetadata;
-import android.system.keystore2.KeyParameter;
import android.system.keystore2.ResponseCode;
import android.util.Log;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java
index 70713a47ad6d..69c7a2589d6f 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStore3DESCipherSpi.java
@@ -17,10 +17,10 @@
package android.security.keystore2;
import android.annotation.NonNull;
+import android.hardware.keymint.KeyParameter;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.ArrayUtils;
import android.security.keystore.KeyProperties;
-import android.system.keystore2.KeyParameter;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java
index dd094b7a5fd0..2b5f6c31607b 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreAuthenticatedAESCipherSpi.java
@@ -18,13 +18,13 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.hardware.keymint.KeyParameter;
import android.security.KeyStoreException;
import android.security.KeyStoreOperation;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.ArrayUtils;
import android.security.keystore.KeyProperties;
import android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.Stream;
-import android.system.keystore2.KeyParameter;
import libcore.util.EmptyArray;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
index b785ee5c6966..18d26922f1ae 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
@@ -19,11 +19,11 @@ package android.security.keystore2;
import android.annotation.CallSuper;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.hardware.keymint.KeyParameter;
import android.security.KeyStoreException;
import android.security.KeyStoreOperation;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyStoreCryptoOperation;
-import android.system.keystore2.KeyParameter;
import libcore.util.EmptyArray;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java
index 9f7f2383a416..2250c89aac41 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java
@@ -17,12 +17,12 @@
package android.security.keystore2;
import android.annotation.NonNull;
+import android.hardware.keymint.KeyParameter;
import android.security.KeyStoreException;
import android.security.KeyStoreOperation;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyProperties;
import android.system.keystore2.Authorization;
-import android.system.keystore2.KeyParameter;
import libcore.util.EmptyArray;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreHmacSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreHmacSpi.java
index 3dde2e592259..eea45c287622 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreHmacSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreHmacSpi.java
@@ -16,12 +16,12 @@
package android.security.keystore2;
+import android.hardware.keymint.KeyParameter;
import android.security.KeyStoreException;
import android.security.KeyStoreOperation;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyStoreCryptoOperation;
import android.security.keystore.KeymasterUtils;
-import android.system.keystore2.KeyParameter;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java
index ccd0a4bf92ff..479fd8a6a73a 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java
@@ -16,6 +16,8 @@
package android.security.keystore2;
+import android.hardware.keymint.KeyParameter;
+import android.hardware.keymint.SecurityLevel;
import android.security.KeyStore2;
import android.security.KeyStoreSecurityLevel;
import android.security.keymaster.KeymasterArguments;
@@ -29,8 +31,6 @@ import android.system.keystore2.Domain;
import android.system.keystore2.IKeystoreSecurityLevel;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyMetadata;
-import android.system.keystore2.KeyParameter;
-import android.system.keystore2.SecurityLevel;
import android.util.Log;
import libcore.util.EmptyArray;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index a747a0e727d8..61725e3e8c24 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -18,6 +18,8 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.hardware.keymint.KeyParameter;
+import android.hardware.keymint.SecurityLevel;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.KeyStore2;
@@ -35,9 +37,7 @@ import android.system.keystore2.Domain;
import android.system.keystore2.IKeystoreSecurityLevel;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyMetadata;
-import android.system.keystore2.KeyParameter;
import android.system.keystore2.ResponseCode;
-import android.system.keystore2.SecurityLevel;
import android.util.Log;
import libcore.util.EmptyArray;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
index a6ea9723db24..2686ddc20c1d 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java
@@ -18,11 +18,11 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.hardware.keymint.KeyParameter;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeymasterUtils;
import android.system.keystore2.Authorization;
-import android.system.keystore2.KeyParameter;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreRSASignatureSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreRSASignatureSpi.java
index 5f1b9c0586a1..444dad4cffbe 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreRSASignatureSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreRSASignatureSpi.java
@@ -17,9 +17,9 @@
package android.security.keystore2;
import android.annotation.NonNull;
+import android.hardware.keymint.KeyParameter;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyProperties;
-import android.system.keystore2.KeyParameter;
import java.security.InvalidKeyException;
import java.security.SignatureSpi;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSignatureSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSignatureSpiBase.java
index 55414b70d403..a168f8feb3db 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSignatureSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSignatureSpiBase.java
@@ -18,12 +18,12 @@ package android.security.keystore2;
import android.annotation.CallSuper;
import android.annotation.NonNull;
+import android.hardware.keymint.KeyParameter;
import android.security.KeyStoreException;
import android.security.KeyStoreOperation;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.ArrayUtils;
import android.security.keystore.KeyStoreCryptoOperation;
-import android.system.keystore2.KeyParameter;
import libcore.util.EmptyArray;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 4c26864cb02b..9790a4ae5b65 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -18,6 +18,9 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.hardware.biometrics.BiometricManager;
+import android.hardware.keymint.HardwareAuthenticatorType;
+import android.hardware.keymint.KeyParameter;
+import android.hardware.keymint.SecurityLevel;
import android.security.GateKeeper;
import android.security.KeyStore2;
import android.security.KeyStoreParameter;
@@ -36,9 +39,7 @@ import android.system.keystore2.IKeystoreSecurityLevel;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyEntryResponse;
import android.system.keystore2.KeyMetadata;
-import android.system.keystore2.KeyParameter;
import android.system.keystore2.ResponseCode;
-import android.system.keystore2.SecurityLevel;
import android.util.Log;
import java.io.ByteArrayInputStream;
@@ -871,16 +872,13 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
List<AuthenticatorSpec> authenticatorSpecs = new ArrayList<>();
AuthenticatorSpec authenticatorSpec = new AuthenticatorSpec();
- // TODO Replace with HardwareAuthenticatorType.PASSWORD when KeyMint AIDL spec has landed.
- authenticatorSpec.authenticatorType = 1; // HardwareAuthenticatorType.PASSWORD
+ authenticatorSpec.authenticatorType = HardwareAuthenticatorType.PASSWORD;
authenticatorSpec.authenticatorId = GateKeeper.getSecureUserId();
authenticatorSpecs.add(authenticatorSpec);
for (long sid : biometricSids) {
AuthenticatorSpec authSpec = new AuthenticatorSpec();
- // TODO Replace with HardwareAuthenticatorType.FINGERPRINT when KeyMint AIDL spec has
- // landed.
- authSpec.authenticatorType = 2; // HardwareAuthenticatorType.FINGERPRINT
+ authSpec.authenticatorType = HardwareAuthenticatorType.FINGERPRINT;
authSpec.authenticatorId = sid;
authenticatorSpecs.add(authSpec);
}
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
index 3d5a8f63e7f9..a2d4528b99fd 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreUnauthenticatedAESCipherSpi.java
@@ -18,10 +18,10 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.hardware.keymint.KeyParameter;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.ArrayUtils;
import android.security.keystore.KeyProperties;
-import android.system.keystore2.KeyParameter;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
diff --git a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
index ee67ed3f76d8..8fa532b6e188 100644
--- a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
+++ b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
@@ -18,13 +18,13 @@ package android.security.keystore2;
import android.annotation.NonNull;
import android.hardware.biometrics.BiometricManager;
+import android.hardware.keymint.KeyParameter;
+import android.hardware.keymint.SecurityLevel;
import android.security.GateKeeper;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyProperties;
import android.security.keystore.UserAuthArgs;
import android.system.keystore2.Authorization;
-import android.system.keystore2.KeyParameter;
-import android.system.keystore2.SecurityLevel;
import java.security.ProviderException;
import java.util.ArrayList;
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeyStoreProxyImpl.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeyStoreProxyImpl.java
index 285e722886c2..9857fb637b59 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeyStoreProxyImpl.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeyStoreProxyImpl.java
@@ -16,24 +16,39 @@
package com.android.server.locksettings.recoverablekeystore;
+import android.security.keystore2.AndroidKeyStoreProvider;
+
import java.io.IOException;
-import java.security.cert.CertificateException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
/**
* Implementation of {@link KeyStoreProxy} that delegates all method calls to the {@link KeyStore}.
*/
public class KeyStoreProxyImpl implements KeyStoreProxy {
- private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";
private final KeyStore mKeyStore;
/**
+ * TODO This function redirects keystore access to the legacy keystore during a transitional
+ * phase during which not all calling code has been adjusted to use Keystore 2.0.
+ * This can be reverted to a constant of "AndroidKeyStore" when b/171305684 is complete.
+ * The specific bug for this component is b/171305545.
+ */
+ static String androidKeystoreProviderName() {
+ if (AndroidKeyStoreProvider.isInstalled()) {
+ return "AndroidKeyStoreLegacy";
+ } else {
+ return "AndroidKeyStore";
+ }
+
+ }
+
+ /**
* A new instance, delegating to {@code keyStore}.
*/
public KeyStoreProxyImpl(KeyStore keyStore) {
@@ -69,7 +84,7 @@ public class KeyStoreProxyImpl implements KeyStoreProxy {
* @throws KeyStoreException if there was a problem getting or initializing the key store.
*/
public static KeyStore getAndLoadAndroidKeyStore() throws KeyStoreException {
- KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);
+ KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName());
try {
keyStore.load(/*param=*/ null);
} catch (CertificateException | IOException | NoSuchAlgorithmException e) {
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java
index 0761cde825b6..569b7098bb6c 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java
@@ -86,8 +86,6 @@ public class PlatformKeyManager {
private final KeyStoreProxy mKeyStore;
private final RecoverableKeyStoreDb mDatabase;
- private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";
-
/**
* A new instance operating on behalf of {@code userId}, storing its prefs in the location
* defined by {@code context}.
@@ -486,7 +484,7 @@ public class PlatformKeyManager {
* @throws KeyStoreException if there was a problem getting or initializing the key store.
*/
private static KeyStore getAndLoadAndroidKeyStore() throws KeyStoreException {
- KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);
+ KeyStore keyStore = KeyStore.getInstance(KeyStoreProxyImpl.androidKeystoreProviderName());
try {
keyStore.load(/*param=*/ null);
} catch (CertificateException | IOException | NoSuchAlgorithmException e) {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-15 22:00:04 +0000