Merge "Remove unused references to android.security.KeyStore" into main

author: Eric Biggers <ebiggers@google.com> 2024-02-28 22:47:28 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2024-02-28 22:47:28 +0000
commit: 9f6d9acba53ec490c55f447f77feeb68d423ed81 (patch)
tree: 099d86582052993fccceca2792afe251c6e4d4ed /keystore
parent: 509fa1c6d8004b2ea8148f3b6ca06d157abd5fb3 (diff)
parent: 934cd662e5bfe05289fc8c9b6348d3af5abd7b23 (diff)
8 files changed, 24 insertions, 33 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
index 62fe54f1f089..ef03d3a3b286 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
@@ -19,9 +19,9 @@ package android.security.keystore;
 import android.annotation.NonNull;
 import android.annotation.SystemApi;
 import android.compat.annotation.UnsupportedAppUsage;
-import android.security.KeyStore;
 
 import java.io.IOException;
+import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -47,13 +47,13 @@ public class AndroidKeyStoreProvider extends Provider {
     }
 
     /**
-     * Gets the {@link KeyStore} operation handle corresponding to the provided JCA crypto
+     * Gets the Android KeyStore operation handle corresponding to the provided JCA crypto
      * primitive.
      *
      * <p>The following primitives are supported: {@link Cipher} and {@link Mac}.
      *
-     * @return KeyStore operation handle or {@code 0} if the provided primitive's KeyStore operation
-     *         is not in progress.
+     * @return Android KeyStore operation handle or {@code 0} if the provided primitive's Android
+     *         KeyStore operation is not in progress.
      *
      * @throws IllegalArgumentException if the provided primitive is not supported or is not backed
      *         by AndroidKeyStore provider.
@@ -67,10 +67,10 @@ public class AndroidKeyStoreProvider extends Provider {
     }
 
     /**
-     * Returns an {@code AndroidKeyStore} {@link java.security.KeyStore}} of the specified UID.
-     * The {@code KeyStore} contains keys and certificates owned by that UID. Such cross-UID
-     * access is permitted to a few system UIDs and only to a few other UIDs (e.g., Wi-Fi, VPN)
-     * all of which are system.
+     * Returns an {@code AndroidKeyStore} {@link KeyStore} of the specified UID. The {@code
+     * KeyStore} contains keys and certificates owned by that UID. Such cross-UID access is
+     * permitted to a few system UIDs and only to a few other UIDs (e.g., Wi-Fi, VPN) all of which
+     * are system.
      *
      * <p>Note: the returned {@code KeyStore} is already initialized/loaded. Thus, there is
      * no need to invoke {@code load} on it.
@@ -84,12 +84,12 @@ public class AndroidKeyStoreProvider extends Provider {
      */
     @SystemApi
     @NonNull
-    public static java.security.KeyStore getKeyStoreForUid(int uid)
+    public static KeyStore getKeyStoreForUid(int uid)
             throws KeyStoreException, NoSuchProviderException {
-        final java.security.KeyStore.LoadStoreParameter loadParameter =
+        final KeyStore.LoadStoreParameter loadParameter =
                 new android.security.keystore2.AndroidKeyStoreLoadStoreParameter(
                         KeyProperties.legacyUidToNamespace(uid));
-        java.security.KeyStore result = java.security.KeyStore.getInstance(PROVIDER_NAME);
+        KeyStore result = KeyStore.getInstance(PROVIDER_NAME);
         try {
             result.load(loadParameter);
         } catch (NoSuchAlgorithmException | CertificateException | IOException e) {
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 244fe3033dca..7aecfd8d4a0d 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -910,7 +910,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
     /**
      * Returns whether this key is critical to the device encryption flow.
      *
-     * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION
+     * @see Builder#setCriticalToDeviceEncryption(boolean)
      * @hide
      */
     public boolean isCriticalToDeviceEncryption() {
diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java
index 2495d1a85864..31b4a5eac619 100644
--- a/keystore/java/android/security/keystore/KeyProtection.java
+++ b/keystore/java/android/security/keystore/KeyProtection.java
@@ -569,7 +569,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
     /**
      * Return whether this key is critical to the device encryption flow.
      *
-     * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION
+     * @see Builder#setCriticalToDeviceEncryption(boolean)
      * @hide
      */
     public boolean isCriticalToDeviceEncryption() {
@@ -1105,9 +1105,10 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
          * Set whether this key is critical to the device encryption flow
          *
          * This is a special flag only available to system servers to indicate the current key
-         * is part of the device encryption flow.
+         * is part of the device encryption flow. Setting this flag causes the key to not
+         * be cryptographically bound to the LSKF even if the key is otherwise authentication
+         * bound.
          *
-         * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION
          * @hide
          */
         public Builder setCriticalToDeviceEncryption(boolean critical) {
diff --git a/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java
index 2c709ae1ac5b..c42c9e4d99a6 100644
--- a/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java
+++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java
@@ -16,18 +16,16 @@
 
 package android.security.keystore;
 
-import android.security.KeyStore;
-
 /**
- * Cryptographic operation backed by {@link KeyStore}.
+ * Cryptographic operation backed by Android KeyStore.
  *
  * @hide
  */
 public interface KeyStoreCryptoOperation {
     /**
-     * Gets the KeyStore operation handle of this crypto operation.
+     * Gets the Android KeyStore operation handle of this crypto operation.
      *
-     * @return handle or {@code 0} if the KeyStore operation is not in progress.
+     * @return handle or {@code 0} if the Android KeyStore operation is not in progress.
      */
     long getOperationHandle();
 }
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java
index a8dd7f3f8b14..8eca67f090d4 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java
@@ -16,7 +16,6 @@
 
 package android.security.keystore2;
 
-import android.security.KeyStore;
 import android.security.keystore.KeyGenParameterSpec;
 import android.security.keystore.KeyInfo;
 
@@ -39,8 +38,6 @@ import java.security.spec.X509EncodedKeySpec;
  */
 public class AndroidKeyStoreKeyFactorySpi extends KeyFactorySpi {
 
-    private final KeyStore mKeyStore = KeyStore.getInstance();
-
     @Override
     protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpecClass)
             throws InvalidKeySpecException {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index d204f13d4d78..99100de12684 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -17,7 +17,6 @@
 package android.security.keystore2;
 
 import android.annotation.NonNull;
-import android.security.KeyStore;
 import android.security.KeyStore2;
 import android.security.KeyStoreSecurityLevel;
 import android.security.keymaster.KeymasterDefs;
@@ -161,13 +160,13 @@ public class AndroidKeyStoreProvider extends Provider {
     }
 
     /**
-     * Gets the {@link KeyStore} operation handle corresponding to the provided JCA crypto
+     * Gets the Android KeyStore operation handle corresponding to the provided JCA crypto
      * primitive.
      *
      * <p>The following primitives are supported: {@link Cipher}, {@link Signature} and {@link Mac}.
      *
-     * @return KeyStore operation handle or {@code 0} if the provided primitive's KeyStore operation
-     *         is not in progress.
+     * @return Android KeyStore operation handle or {@code 0} if the provided primitive's Android
+     *         KeyStore operation is not in progress.
      *
      * @throws IllegalArgumentException if the provided primitive is not supported or is not backed
      *         by AndroidKeyStore provider.
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
index 2682eb657963..22230916b084 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
@@ -18,7 +18,6 @@ package android.security.keystore2;
 
 import android.annotation.NonNull;
 import android.security.GateKeeper;
-import android.security.KeyStore;
 import android.security.keymaster.KeymasterArguments;
 import android.security.keymaster.KeymasterDefs;
 import android.security.keystore.KeyGenParameterSpec;
@@ -46,8 +45,6 @@ import javax.crypto.spec.SecretKeySpec;
  */
 public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
 
-    private final KeyStore mKeyStore = KeyStore.getInstance();
-
     @Override
     protected KeySpec engineGetKeySpec(SecretKey key,
             @SuppressWarnings("rawtypes") Class keySpecClass) throws InvalidKeySpecException {
diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java
index 07d6a69eda01..5bd98bce9f39 100644
--- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java
+++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java
@@ -16,12 +16,11 @@
 
 package android.security.keystore2;
 
-import android.security.KeyStore;
 import android.security.KeyStoreException;
 
 /**
- * Helper for streaming a crypto operation's input and output via {@link KeyStore} service's
- * {@code update} and {@code finish} operations.
+ * Helper for streaming a crypto operation's input and output via KeyStore service's {@code update}
+ * and {@code finish} operations.
  *
  * <p>The helper abstracts away to issues that need to be solved in most code that uses KeyStore's
  * update and finish operations. Firstly, KeyStore's update operation can consume only a limited
author	Eric Biggers <ebiggers@google.com>	2024-02-28 22:47:28 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2024-02-28 22:47:28 +0000
commit	9f6d9acba53ec490c55f447f77feeb68d423ed81 (patch)
tree	099d86582052993fccceca2792afe251c6e4d4ed /keystore
parent	509fa1c6d8004b2ea8148f3b6ca06d157abd5fb3 (diff)
parent	934cd662e5bfe05289fc8c9b6348d3af5abd7b23 (diff)