diff options
| author | 2022-07-23 00:28:01 +0000 | |
|---|---|---|
| committer | 2022-07-23 00:38:03 +0000 | |
| commit | 34945b1fd2d8f9201c7db1b7ff915eaea78d33ac (patch) | |
| tree | 1fafbc1080eb0fe2414d2a59556ad194c59b9188 /libs/androidfw/misc.cpp | |
| parent | cd671e384bef7cf3037663546c3861e1e2157c27 (diff) | |
AndroidKeyStore: support platform use of rollback-resistant keys
The keystore2 binder API supports rollback resistance when KeyMint
supports it, but until now this wasn't exposed to Java code that uses
AndroidKeyStore. Add support for rollback-resistant keys to
KeyProtection and AndroidKeyStoreSpi.setSecretKeyEntry() so that
LockSettingsService can request it for SP protector keys.
This CL does *not* do any of the following:
- Add any non-hidden APIs. KeyMint implementations only support a
limited number of rollback-resistant keys; currently the available
space is reserved for platform use only. Note that other examples of
"hidden", platform-only key properties are
isCriticalToDeviceEncryption() and getBoundToSpecificSecureUserId().
- Support rollback resistance with keys directly generated by Keystore.
This isn't currently needed. Note that this would require changes
KeyGenParameterSpec and AndroidKeyStoreKeyGeneratorSpi.
- Allow querying the rollback resistance property of keys. This isn't
currently needed. Note that this would require changes to KeyInfo and
AndroidKeyStoreSecretKeyFactorySpi.
Bug: 239632930
Test: see I05f3b7e5c139471febe5c266a39e3dc3bca4831f
Change-Id: Ifcfd0b8f1bf440ef1ac80a9ac2b0e9c7f62106dd
Diffstat (limited to 'libs/androidfw/misc.cpp')
0 files changed, 0 insertions, 0 deletions